community.general.rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer.
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.rax_clb_ssl.
Requirements
The below requirements are needed on the host that executes this module.
pyrax
python >= 2.6
Parameters
Parameter |
Comments |
|---|---|
Rackspace API key, overrides credentials. |
|
The URI of the authentication service. If not specified will be set to https://identity.api.rackspacecloud.com/v2.0/ |
|
The public SSL certificates as a string in PEM format. |
|
File to find the Rackspace credentials in. Ignored if api_key and username are provided. |
|
If set to “false”, temporarily disable SSL termination without discarding existing credentials. Choices:
|
|
Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration. |
|
If “true”, the load balancer will redirect HTTP traffic to HTTPS. Requires “secure_traffic_only” to be true. Incurs an implicit wait if SSL termination is also applied or removed. Choices:
|
|
Authentication mechanism to use, such as rackspace or keystone. Default: “rackspace” |
|
One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string. |
|
Name or ID of the load balancer on which to manage SSL termination. |
|
The private SSL key as a string in PEM format. |
|
Region to create an instance in. |
|
The port to listen for secure traffic. Default: 443 |
|
If “true”, the load balancer will only accept secure traffic. Choices:
|
|
If set to “present”, SSL termination will be added to this load balancer. If “absent”, SSL termination will be removed instead. Choices:
|
|
The tenant ID used for authentication. |
|
The tenant name used for authentication. |
|
Rackspace username, overrides credentials. |
|
Whether or not to require SSL validation of API endpoints. Choices:
|
|
Wait for the balancer to be in state “running” before turning. Choices:
|
|
How long before “wait” gives up, in seconds. Default: 300 |
Notes
Note
The following environment variables can be used,
RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION.RAX_CREDENTIALSandRAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticatingRAX_USERNAMEandRAX_API_KEYobviate the use of a credentials fileRAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, …)The following environment variables can be used,
RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION.RAX_CREDENTIALSandRAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticatingRAX_USERNAMEandRAX_API_KEYobviate the use of a credentials fileRAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, …)
Examples
- name: Enable SSL termination on a load balancer
community.general.rax_clb_ssl:
loadbalancer: the_loadbalancer
state: present
private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
secure_traffic_only: true
wait: true
- name: Disable SSL termination
community.general.rax_clb_ssl:
loadbalancer: "{{ registered_lb.balancer.id }}"
state: absent
wait: true
Authors
Ash Wilson (@smashwilson)