ngine_io.vultr.vultr_firewall_rule – Manages firewall rules on Vultr.

Note

This plugin is part of the ngine_io.vultr collection (version 1.1.0).

To install it use: ansible-galaxy collection install ngine_io.vultr.

To use it in a playbook, specify: ngine_io.vultr.vultr_firewall_rule.

New in version 0.1.0: of ngine_io.vultr

Synopsis

  • Create and remove firewall rules.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6

Parameters

Parameter Choices/Defaults Comments
api_account
string
Default:
"default"
Name of the ini section in the vultr.ini file.
The ENV variable VULTR_API_ACCOUNT is used as default, when defined.
api_endpoint
string
URL to API endpint (without trailing slash).
The ENV variable VULTR_API_ENDPOINT is used as default, when defined.
Fallback value is https://api.vultr.com if not specified.
api_key
string
API key of the Vultr API.
The ENV variable VULTR_API_KEY is used as default, when defined.
api_retries
integer
Amount of retries in case of the Vultr API retuns an HTTP 503 code.
The ENV variable VULTR_API_RETRIES is used as default, when defined.
Fallback value is 5 retries if not specified.
api_retry_max_delay
integer
Retry backoff delay in seconds is exponential up to this max. value, in seconds.
The ENV variable VULTR_API_RETRY_MAX_DELAY is used as default, when defined.
Fallback value is 12 seconds.
api_timeout
integer
HTTP timeout to Vultr API.
The ENV variable VULTR_API_TIMEOUT is used as default, when defined.
Fallback value is 60 seconds if not specified.
cidr
string
Network in CIDR format
The CIDR format must match with the ip_version value.
Required if state=present.
Defaulted to 0.0.0.0/0 or ::/0 depending on ip_version.
end_port
integer
End port for the firewall rule.
Only considered if protocol is tcp or udp and state=present.
group
string / required
Name of the firewall group.
ip_version
string
    Choices:
  • v4 ←
  • v6
IP address version

aliases: ip_type
protocol
string
    Choices:
  • icmp
  • tcp ←
  • udp
  • gre
Protocol of the firewall rule.
start_port
integer
Start port for the firewall rule.
Required if protocol is tcp or udp and state=present.

aliases: port
state
string
    Choices:
  • present ←
  • absent
State of the firewall rule.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Validate SSL certs of the Vultr API.

Notes

Note

Examples

- name: ensure a firewall rule is present
  ngine_io.vultr.vultr_firewall_rule:
    group: application
    protocol: tcp
    start_port: 8000
    end_port: 9000
    cidr: 17.17.17.0/24

- name: open DNS port for all ipv4 and ipv6
  ngine_io.vultr.vultr_firewall_rule:
    group: dns
    protocol: udp
    port: 53
    ip_version: "{{ item }}"
  with_items: [ v4, v6 ]

- name: allow ping
  ngine_io.vultr.vultr_firewall_rule:
    group: web
    protocol: icmp

- name: ensure a firewall rule is absent
  ngine_io.vultr.vultr_firewall_rule:
    group: application
    protocol: tcp
    start_port: 8000
    end_port: 9000
    cidr: 17.17.17.0/24
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
vultr_api
complex
success
Response from Vultr API with a few additions/modification
 
api_account
string
success
Account used in the ini file to select the key

Sample:
default
 
api_endpoint
string
success
Endpoint used for the API requests

Sample:
https://api.vultr.com
 
api_retries
integer
success
Amount of max retries for the API requests

Sample:
5
 
api_retry_max_delay
integer
success
Exponential backoff delay in seconds between retries up to this max delay value.

Sample:
12
 
api_timeout
integer
success
Timeout used for the API requests

Sample:
60
vultr_firewall_rule
complex
success
Response from Vultr API
 
action
string
success
Action of the firewall rule

Sample:
accept
 
cidr
string
success and when port range
CIDR of the firewall rule (IPv4 or IPv6)

Sample:
0.0.0.0/0
 
end_port
integer
success and when port range and protocol is tcp or udp
End port of the firewall rule

Sample:
8080
 
group
string
success
Firewall group the rule is into.

Sample:
web
 
protocol
string
success
Protocol of the firewall rule

Sample:
tcp
 
rule_number
integer
success
Rule number of the firewall rule

Sample:
2
 
start_port
integer
success and protocol is tcp or udp
Start port of the firewall rule

Sample:
80


Authors

  • René Moser (@resmo)