community.network.avi_sslprofile module – Module for setup of SSLProfile Avi RESTful Object
Note
This module is part of the community.network collection (version 5.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.network
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.network.avi_sslprofile
.
Synopsis
This module is used to configure SSLProfile object
more examples at https://github.com/avinetworks/devops
Requirements
The below requirements are needed on the host that executes this module.
avisdk
Parameters
Parameter |
Comments |
---|---|
Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4. |
|
Set of versions accepted by the server. |
|
Avi API context that includes current session ID and CSRF Token. This allows user to perform single login and re-use the session. |
|
Avi API version of to use for Avi API and objects. Default: |
|
Patch operation to use when using avi_api_update_method as patch. Choices:
|
|
Default method for object update is HTTP PUT. Setting to patch will override that behavior to use HTTP PATCH. Choices:
|
|
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details. |
|
Avi controller version Default: |
|
Avi controller IP or SQDN |
|
Avi controller API csrftoken to reuse existing session with session id Default: |
|
Avi controller password |
|
Avi controller port |
|
Avi controller API session id to reuse existing session with csrftoken Default: |
|
Avi controller tenant Default: |
|
Avi controller tenant UUID Default: |
|
Avi controller request timeout Default: |
|
Avi controller API token Default: |
|
Avi controller username |
|
It disables avi session information to be cached as a fact. Choices:
|
|
Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha. |
|
IP address or hostname of the controller. The default value is the environment variable |
|
User defined description for the object. |
|
Dh parameters used in ssl. At this time, it is not configurable and is set to 2048 bits. |
|
Enable ssl session re-use. Default value when not specified in API or module is interpreted by Avi Controller as True. Choices:
|
|
Name of the object. |
|
Password of Avi user in Avi controller. The default value is the environment variable |
|
Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Send ‘close notify’ alert message for a clean shutdown of the ssl connection. Default value when not specified in API or module is interpreted by Avi Controller as True. Choices:
|
|
Sslrating settings for sslprofile. |
|
The amount of time in seconds before an ssl session expires. Default value when not specified in API or module is interpreted by Avi Controller as 86400. |
|
The state that should be applied on the entity. Choices:
|
|
List of tag. |
|
Name of tenant used for all Avi API calls and context of object. Default: |
|
It is a reference to an object of type tenant. |
|
UUID of tenant used for all Avi API calls and context of object. Default: |
|
Ssl profile type. Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. Field introduced in 17.2.8. Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION. |
|
Avi controller URL of the object. |
|
Username used for accessing Avi controller. The default value is the environment variable |
|
Unique object identifier of the object. |
Notes
Note
For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.
Examples
- name: Create SSL profile with list of allowed ciphers
community.network.avi_sslprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
accepted_ciphers: >
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
accepted_versions:
- type: SSL_VERSION_TLS1
- type: SSL_VERSION_TLS1_1
- type: SSL_VERSION_TLS1_2
cipher_enums:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
name: PFS-BOTH-RSA-EC
send_close_notify: true
ssl_rating:
compatibility_rating: SSL_SCORE_EXCELLENT
performance_rating: SSL_SCORE_EXCELLENT
security_score: '100.0'
tenant_ref: Demo
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
SSLProfile (api/sslprofile) object Returned: success, changed |