community.general.clc_firewall_policy – Create/delete/update firewall policies
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.clc_firewall_policy
.
Requirements
The below requirements are needed on the host that executes this module.
python = 2.7
requests >= 2.5.0
clc-sdk
Parameters
Parameter |
Comments |
---|---|
The list of destination addresses for traffic on the terminating firewall. This is required when state is ‘present’ |
|
CLC alias for the destination account |
|
Whether the firewall policy is enabled or disabled Choices:
Default: “yes” |
|
Id of the firewall policy. This is required to update or delete an existing firewall policy |
|
Target datacenter for the firewall policy |
|
The list of ports associated with the policy. TCP and UDP can take in single ports or port ranges. Example: |
|
The list of source addresses for traffic on the originating firewall. This is required when state is ‘present’ |
|
CLC alias for the source account |
|
Whether to create or delete the firewall policy Choices:
|
|
Whether to wait for the provisioning tasks to finish before returning. Default: “True” |
Notes
Note
To use this module, it is required to set the below environment variables which enables access to the Centurylink Cloud - CLC_V2_API_USERNAME, the account login id for the centurylink cloud - CLC_V2_API_PASSWORD, the account password for the centurylink cloud
Alternatively, the module accepts the API token and account alias. The API token can be generated using the CLC account login and password via the HTTP api call @ https://api.ctl.io/v2/authentication/login - CLC_V2_API_TOKEN, the API token generated from https://api.ctl.io/v2/authentication/login - CLC_ACCT_ALIAS, the account alias associated with the centurylink cloud
Users can set CLC_V2_API_URL to specify an endpoint for pointing to a different CLC environment.
Examples
---
- name: Create Firewall Policy
hosts: localhost
gather_facts: False
connection: local
tasks:
- name: Create / Verify an Firewall Policy at CenturyLink Cloud
clc_firewall:
source_account_alias: WFAD
location: VA1
state: present
source: 10.128.216.0/24
destination: 10.128.216.0/24
ports: Any
destination_account_alias: WFAD
- name: Delete Firewall Policy
hosts: localhost
gather_facts: False
connection: local
tasks:
- name: Delete an Firewall Policy at CenturyLink Cloud
clc_firewall:
source_account_alias: WFAD
location: VA1
state: absent
firewall_policy_id: c62105233d7a4231bd2e91b9c791e43e1
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The fire wall policy information Returned: success Sample: {“destination”: [“10.1.1.0/24”, “10.2.2.0/24”], “destinationAccount”: “wfad”, “enabled”: true, “id”: “fc36f1bfd47242e488a9c44346438c05”, “links”: [{“href”: “http://api.ctl.io/v2-experimental/firewallPolicies/wfad/uc1/fc36f1bfd47242e488a9c44346438c05”, “rel”: “self”, “verbs”: [“GET”, “PUT”, “DELETE”]}], “ports”: [“any”], “source”: [“10.1.1.0/24”, “10.2.2.0/24”], “status”: “active”} |
|
The fire wall policy id Returned: success Sample: “fc36f1bfd47242e488a9c44346438c05” |
Authors
CLC Runner (@clc-runner)