azure.azcollection.azure_rm_appgateway module – Manage Application Gateway instance
Note
This module is part of the azure.azcollection collection (version 1.14.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install azure.azcollection
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_appgateway
.
New in azure.azcollection 0.1.2
Synopsis
Create, update and delete instance of Application Gateway.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements-azure.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
---|---|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object’s metadata. Choices:
|
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
Authentication certificates of the application gateway resource. |
|
Certificate public data - base64 encoded pfx. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
List of backend address pool of the application gateway resource. |
|
List of backend addresses. |
|
Fully qualified domain name (FQDN). |
|
IP address. |
|
Resource that is unique within a resource group. This name can be used to access the resource. |
|
Backend http settings of the application gateway resource. |
|
Cookie name to use for the affinity cookie. |
|
List of references to application gateway authentication certificates. Applicable only when |
|
Resource ID. |
|
Cookie based affinity. Choices:
|
|
Host header to be sent to the backend servers. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Path which should be used as a prefix for all Null means no path will be prefixed. Default value is null. |
|
Whether host header should be picked from the host name of the backend server. Default value is false. |
|
The destination port on the backend. |
|
Probe resource of an application gateway. |
|
The protocol used to communicate with the backend. Choices:
|
|
Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable values are from 1 second to 86400 seconds. |
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal. |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
Frontend IP addresses of the application gateway resource. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
PrivateIPAddress of the network interface IP Configuration. |
|
PrivateIP allocation method. Choices:
|
|
Reference of the PublicIP resource. |
|
Reference of the subnet resource. |
|
Full ID of the subnet resource. Required if name and virtual_network_name are not provided. |
|
Name of the subnet. Only used if virtual_network_name is also provided. |
|
Name of the virtual network. Only used if name is also provided. |
|
List of frontend ports of the application gateway resource. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Frontend port. |
|
List of subnets used by the application gateway. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Reference of the subnet resource. A subnet from where application gateway gets its private address. |
|
Full ID of the subnet resource. Required if name and virtual_network_name are not provided. |
|
Name of the subnet. Only used if virtual_network_name is also provided. |
|
Name of the virtual network. Only used if name is also provided. |
|
Start or Stop the application gateway. When specified, no updates will occur to the gateway. Choices:
|
|
List of HTTP listeners of the application gateway resource. |
|
Frontend IP configuration resource of an application gateway. |
|
Frontend port resource of an application gateway. |
|
Host name of |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Protocol of the Choices:
|
|
Applicable only if protocol is |
|
SSL certificate resource of an application gateway. |
|
Resource location. If not set, location from the resource group will be used as default. |
|
Parent argument. |
|
Parent argument. |
|
The name of the application gateway. |
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
Probes available to the application gateway resource. |
|
Host name to send the probe to. |
|
The probing interval in seconds. This is the time interval between two consecutive probes. Acceptable values are from 1 second to 86400 seconds. |
|
Name of the probe that is unique within an Application Gateway. |
|
Relative path of probe. Valid path starts from ‘/’. Probe is sent to <Protocol>://<host>:<port><path>. |
|
Whether host header should be picked from the host name of the backend HTTP settings. Default value is false. Choices:
|
|
The protocol used for the probe. Choices:
|
|
The probe timeout in seconds. Probe marked as failed if valid response is not received with this timeout period. Acceptable values are from 1 second to 86400 seconds. |
|
The probe retry count. Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold. Acceptable values are from 1 second to 20. |
|
Security profile found in ~/.azure/credentials file. |
|
Redirect configurations of the application gateway resource. |
|
Include path in the redirected url. |
|
Include query string in the redirected url. |
|
Name of the resource that is unique within a resource group. |
|
List of URL path rules within a c(path_based_routing) rule to which the redirect is bound. |
|
Name of the URL rule. |
|
Name of URL path map. |
|
Redirection type. Choices:
|
|
List of c(basic) request routing rule names within the application gateway to which the redirect is bound. |
|
Reference to a listener to redirect the request to. |
|
List of URL path map names (c(path_based_routing) rules) within the application gateway to which the redirect is bound. |
|
List of request routing rules of the application gateway resource. |
|
Backend address pool resource of the application gateway. Not used if rule_type is |
|
Backend |
|
Http listener resource of the application gateway. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Redirect configuration resource of the application gateway. |
|
Rewrite rule set for the path map. Can be the name of the rewrite rule set or full resource ID. |
|
Rule type. Choices:
|
|
URL path map resource of the application gateway. Required if rule_type is |
|
The name of the resource group. |
|
List of rewrite configurations for the application gateway resource. |
|
Name of the rewrite rule set. |
|
List of rewrite rules. |
|
Set of actions to be done as part of the rewrite rule. |
|
List of actions to be taken on request headers. |
|
Name of the header. |
|
Value of the header. Leave the parameter unset to remove the header. |
|
List of actions to be taken on response headers. |
|
Name of the header. |
|
Value of the header. Leave the parameter unset to remove the header. |
|
Action to be taken on the URL. |
|
Value to which the URL path will be rewriten. Leave parameter unset to keep the original URL path. |
|
Value to which the URL query string will be rewriten. Leave parameter unset to keep the original URL query string. |
|
If set to true, will re-evaluate the path map provided in path-based request routing rules using modified path. Choices:
|
|
Conditions based on which the action set execution will be evaluated. |
|
Setting this value to true will force the pattern to do a case in-sensitive comparison. Choices:
|
|
Setting this value to true will force to check the negation of the condition given by the user. Choices:
|
|
The pattern, either fixed string or regular expression, that evaluates the truthfulness of the condition. |
|
The parameter for the condition. |
|
Name of the rewrite rule. |
|
Sequence of the rule that determines the order of execution within the set. |
|
Azure client secret. Use when authenticating with a Service Principal. |
|
SKU of the application gateway resource. |
|
Capacity (instance count) of an application gateway. |
|
Name of an application gateway SKU. Choices:
|
|
Tier of an application gateway. Choices:
|
|
SSL certificates of the application gateway resource. |
|
Base-64 encoded pfx certificate. Only applicable in PUT Request. |
|
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
|
Password for the pfx file specified in data. Only applicable in PUT request. |
|
SSL policy of the application gateway resource. |
|
List of SSL cipher suites to be enabled in the specified order to application gateway. Choices:
|
|
List of SSL protocols to be disabled on application gateway. Choices:
|
|
Minimum version of SSL protocol to be supported on application gateway. Choices:
|
|
Name of Ssl Choices:
|
|
Type of SSL Policy. Choices:
|
|
Assert the state of the application gateway. Use Choices:
|
|
Your Azure subscription Id. |
|
Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. Currently, Azure DNS zones and Traffic Manager services also don’t allow the use of spaces in the tag. Azure Front Door doesn’t support the use of Azure Automation and Azure CDN only support 15 tags on resources. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
List of URL path maps of the application gateway resource. |
|
Backend address pool resource of the application gateway which will be used if no path matches occur. Mutually exclusive with default_redirect_configuration. |
|
Backend http settings resource of the application gateway; used with default_backend_address_pool. |
|
Name of redirect configuration resource of the application gateway which will be used if no path matches occur. Mutually exclusive with default_backend_address_pool. |
|
Default rewrite rule set for the path map. Can be the name of the rewrite rule set or full resource ID. |
|
Name of the resource that is unique within the application gateway. This name can be used to access the resource. |
|
List of URL path rules. |
|
Backend address pool resource of the application gateway which will be used if the path is matched. Mutually exclusive with redirect_configuration. |
|
Backend http settings resource of the application gateway; used for the path’s backend_address_pool. |
|
Name of the resource that is unique within the path map. |
|
List of paths. |
|
Name of redirect configuration resource of the application gateway which will be used if the path is matched. Mutually exclusive with backend_address_pool. |
|
Rewrite rule set for the path map. Can be the name of the rewrite rule set or full resource ID. |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples
- name: Create instance of Application Gateway
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: Basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
- name: Create instance of Application Gateway by looking up virtual network and subnet
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
name: default
virtual_network_name: my-vnet
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
name: default
virtual_network_name: my-vnet
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: Basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
- name: Create instance of Application Gateway with path based rules
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: path_based_routing
http_listener: sample_http_listener
name: rule1
url_path_map: path_mappings
url_path_maps:
- name: path_mappings
default_backend_address_pool: test_backend_address_pool
default_backend_http_settings: sample_appgateway_http_settings
path_rules:
- name: path_rules
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
paths:
- "/abc"
- "/123/*"
- name: Create instance of Application Gateway with complex routing and redirect rules
azure_rm_appgateway:
resource_group: myResourceGroup
name: myComplexAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
ssl_policy:
policy_type: "predefined"
policy_name: "ssl_policy20170401_s"
ssl_certificates:
- name: ssl_cert
password: your-password
data: "{{ lookup('file', 'certfile') }}"
gateway_ip_configurations:
- subnet:
id: "{{ subnet_output.state.id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_output.state.id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- name: "inbound-http"
port: 80
- name: "inbound-https"
port: 443
backend_address_pools:
- name: test_backend_address_pool1
backend_addresses:
- ip_address: 10.0.0.1
- name: test_backend_address_pool2
backend_addresses:
- ip_address: 10.0.0.2
backend_http_settings_collection:
- name: "http-profile1"
port: 443
protocol: https
pick_host_name_from_backend_address: true
probe: "http-probe1"
cookie_based_affinity: "Disabled"
- name: "http-profile2"
port: 8080
protocol: http
pick_host_name_from_backend_address: true
probe: "http-probe2"
cookie_based_affinity: "Disabled"
http_listeners:
- name: "inbound-http"
protocol: "http"
frontend_ip_configuration: "sample_gateway_frontend_ip_config"
frontend_port: "inbound-http"
- name: "inbound-traffic1"
protocol: "https"
frontend_ip_configuration: "sample_gateway_frontend_ip_config"
frontend_port: "inbound-https"
host_name: "traffic1.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
- name: "inbound-traffic2"
protocol: "https"
frontend_ip_configuration: "sample_gateway_frontend_ip_config"
frontend_port: "inbound-https"
host_name: "traffic2.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
url_path_maps:
- name: "path_mappings"
default_redirect_configuration: "redirect-traffic1"
path_rules:
- name: "path_rules"
backend_address_pool: "test_backend_address_pool1"
backend_http_settings: "http-profile1"
paths:
- "/abc"
- "/123/*"
request_routing_rules:
- name: "app-routing1"
rule_type: "basic"
http_listener: "inbound-traffic1"
backend_address_pool: "test_backend_address_pool2"
backend_http_settings: "http-profile1"
- name: "app-routing2"
rule_type: "path_based_routing"
http_listener: "inbound-traffic2"
url_path_map: "path_mappings"
- name: "redirect-routing"
rule_type: "basic"
http_listener: "inbound-http"
redirect_configuration: "redirect-http"
probes:
- name: "http-probe1"
interval: 30
path: "/abc"
protocol: "https"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
- name: "http-probe2"
interval: 30
path: "/xyz"
protocol: "http"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
redirect_configurations:
- name: "redirect-http"
redirect_type: "permanent"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
request_routing_rules:
- "redirect-routing"
- name: "redirect-traffic1"
redirect_type: "found"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
url_path_maps:
- "path_mappings"
- name: Create v2 instance of Application Gateway with rewrite rules
azure_rm_appgateway:
resource_group: myResourceGroup
name: myV2AppGateway
sku:
name: standard_v2
tier: standard_v2
capacity: 2
ssl_policy:
policy_type: predefined
policy_name: ssl_policy20170401_s
ssl_certificates:
- name: ssl_cert
password: your-password
data: "{{ lookup('file', ssl_cert) }}"
gateway_ip_configurations:
- subnet:
id: "{{ subnet_output.state.id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- name: "public-inbound-ip"
public_ip_address: my-appgw-pip
frontend_ports:
- name: "inbound-http"
port: 80
- name: "inbound-https"
port: 443
backend_address_pools:
- name: test_backend_address_pool1
backend_addresses:
- ip_address: 10.0.0.1
- name: test_backend_address_pool2
backend_addresses:
- ip_address: 10.0.0.2
backend_http_settings_collection:
- name: "http-profile1"
port: 443
protocol: https
pick_host_name_from_backend_address: true
probe: "http-probe1"
cookie_based_affinity: "Disabled"
- name: "http-profile2"
port: 8080
protocol: http
pick_host_name_from_backend_address: true
probe: "http-probe2"
cookie_based_affinity: "Disabled"
http_listeners:
- name: "inbound-http"
protocol: "http"
frontend_ip_configuration: "public-inbound-ip"
frontend_port: "inbound-http"
- name: "inbound-traffic1"
protocol: "https"
frontend_ip_configuration: "public-inbound-ip"
frontend_port: "inbound-https"
host_name: "traffic1.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
- name: "inbound-traffic2"
protocol: "https"
frontend_ip_configuration: "public-inbound-ip"
frontend_port: "inbound-https"
host_name: "traffic2.example.com"
require_server_name_indication: true
ssl_certificate: "ssl_cert"
url_path_maps:
- name: "path_mappings"
default_redirect_configuration: "redirect-traffic1"
default_rewrite_rule_set: "configure-headers"
path_rules:
- name: "path_rules"
backend_address_pool: "test_backend_address_pool1"
backend_http_settings: "http-profile1"
paths:
- "/abc"
- "/123/*"
request_routing_rules:
- name: "app-routing1"
rule_type: "basic"
http_listener: "inbound-traffic1"
backend_address_pool: "test_backend_address_pool2"
backend_http_settings: "http-profile1"
rewrite_rule_set: "configure-headers"
- name: "app-routing2"
rule_type: "path_based_routing"
http_listener: "inbound-traffic2"
url_path_map: "path_mappings"
- name: "redirect-routing"
rule_type: "basic"
http_listener: "inbound-http"
redirect_configuration: "redirect-http"
rewrite_rule_sets:
- name: "configure-headers"
rewrite_rules:
- name: "add-security-response-header"
rule_sequence: 1
action_set:
response_header_configurations:
- header_name: "Strict-Transport-Security"
header_value: "max-age=31536000"
- name: "remove-backend-response-headers"
rule_sequence: 2
action_set:
response_header_configurations:
- header_name: "Server"
- header_name: "X-Powered-By"
- name: "set-custom-header-condition"
rule_sequence: 3
conditions:
- variable: "var_client_ip"
pattern: "1.1.1.1"
- variable: "http_req_Authorization"
pattern: "12345"
ignore_case: false
action_set:
request_header_configurations:
- header_name: "Foo"
header_value: "Bar"
probes:
- name: "http-probe1"
interval: 30
path: "/abc"
protocol: "https"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
- name: "http-probe2"
interval: 30
path: "/xyz"
protocol: "http"
pick_host_name_from_backend_http_settings: true
timeout: 30
unhealthy_threshold: 2
redirect_configurations:
- name: "redirect-http"
redirect_type: "permanent"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
request_routing_rules:
- "redirect-routing"
- name: "redirect-traffic1"
redirect_type: "found"
target_listener: "inbound-traffic1"
include_path: true
include_query_string: true
url_path_maps:
- "path_mappings"
- name: Stop an Application Gateway instance
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
gateway_state: stopped
- name: Start an Application Gateway instance
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
gateway_state: started
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Application gateway resource ID. Returned: always Sample: |
|
Location of application gateway. Returned: always Sample: |
|
Name of application gateway. Returned: always Sample: |
|
Operating state of application gateway. Returned: always Sample: |
|
Provisioning state of application gateway. Returned: always Sample: |
|
Name of resource group. Returned: always Sample: |