community.network.avi_virtualservice module – Module for setup of VirtualService Avi RESTful Object
Note
This module is part of the community.network collection (version 5.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.network
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.network.avi_virtualservice
.
Synopsis
This module is used to configure VirtualService object
more examples at https://github.com/avinetworks/devops
Requirements
The below requirements are needed on the host that executes this module.
avisdk
Parameters
Parameter |
Comments |
---|---|
This configuration only applies if the virtualservice is in legacy active standby ha mode and load distribution among active standby is enabled. This field is used to tag the virtualservice so that virtualservices with the same tag will share the same active serviceengine. Virtualservices with different tags will have different active serviceengines. If one of the serviceengine’s in the serviceenginegroup fails, all virtualservices will end up using the same active serviceengine. Redistribution of the virtualservices can be either manual or automated when the failed serviceengine recovers. Redistribution is based on the auto redistribute property of the serviceenginegroup. Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2. Default value when not specified in API or module is interpreted by Avi Controller as ACTIVE_STANDBY_SE_1. |
|
Process request even if invalid client certificate is presented. Datascript apis need to be used for processing of such requests. Field introduced in 18.2.3. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Determines analytics settings for the application. |
|
Specifies settings related to analytics. It is a reference to an object of type analyticsprofile. |
|
Avi API context that includes current session ID and CSRF Token. This allows user to perform single login and re-use the session. |
|
Avi API version of to use for Avi API and objects. Default: |
|
The name of the contract/graph associated with the virtual service. Should be in the <contract name> <graph name> format. This is applicable only for service integration mode with cisco apic controller. Field introduced in 17.2.12,18.1.2. |
|
Enable application layer specific features for the virtual service. It is a reference to an object of type applicationprofile. |
|
Auto-allocate floating/elastic ip from the cloud infrastructure. Field deprecated in 17.1.1. Choices:
|
|
Auto-allocate vip from the provided subnet. Field deprecated in 17.1.1. Choices:
|
|
Availability-zone to place the virtual service. Field deprecated in 17.1.1. |
|
(internal-use) fip allocated by avi in the cloud infrastructure. Field deprecated in 17.1.1. Choices:
|
|
(internal-use) vip allocated by avi in the cloud infrastructure. Field deprecated in 17.1.1. Choices:
|
|
Patch operation to use when using avi_api_update_method as patch. Choices:
|
|
Default method for object update is HTTP PUT. Setting to patch will override that behavior to use HTTP PATCH. Choices:
|
|
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details. |
|
Avi controller version Default: |
|
Avi controller IP or SQDN |
|
Avi controller API csrftoken to reuse existing session with session id Default: |
|
Avi controller password |
|
Avi controller port |
|
Avi controller API session id to reuse existing session with csrftoken Default: |
|
Avi controller tenant Default: |
|
Avi controller tenant UUID Default: |
|
Avi controller request timeout Default: |
|
Avi controller API token Default: |
|
Avi controller username |
|
It disables avi session information to be cached as a fact. Choices:
|
|
(internal-use)applicable for azure only. Azure availability set to which this vs is associated. Internally set by the cloud connector. Field introduced in 17.2.12, 18.1.2. |
|
(this is a beta feature). Sync key-value cache to the new ses when vs is scaled out. For ex ssl sessions are stored using vs’s key-value cache. When the vs is scaled out, the ssl session information is synced to the new se, allowing existing ssl sessions to be reused on the new se. Field introduced in 17.2.7, 18.1.1. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Http authentication configuration for protected resources. |
|
Close client connection on vs config update. Field introduced in 17.2.4. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Checksum of cloud configuration for vs. Internally set by cloud connector. |
|
It is a reference to an object of type cloud. |
|
Enum options - cloud_none, cloud_vcenter, cloud_openstack, cloud_aws, cloud_vca, cloud_apic, cloud_mesos, cloud_linuxserver, cloud_docker_ucp, cloud_rancher, cloud_oshift_k8s, cloud_azure, cloud_gcp. Default value when not specified in API or module is interpreted by Avi Controller as CLOUD_NONE. |
|
Rate limit the incoming connections to this virtual service. |
|
Profile used to match and rewrite strings in request and/or response body. |
|
IP address or hostname of the controller. The default value is the environment variable |
|
Creator name. |
|
Select the algorithm for qos fairness. This determines how multiple virtual services sharing the same service engines will prioritize traffic over a congested network. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
User defined description for the object. |
|
(internal-use) discovered networks providing reachability for client facing virtual service ip. This field is deprecated. It is a reference to an object of type network. Field deprecated in 17.1.1. |
|
(internal-use) discovered networks providing reachability for client facing virtual service ip. This field is used internally by avi, not editable by the user. Field deprecated in 17.1.1. |
|
(internal-use) discovered subnets providing reachability for client facing virtual service ip. This field is deprecated. Field deprecated in 17.1.1. |
|
Service discovery specific data including fully qualified domain name, type and time-to-live of the dns record. Note that only one of fqdn and dns_info setting is allowed. |
|
Dns policies applied on the dns traffic of the virtual service. Field introduced in 17.1.1. |
|
Force placement on all se’s in service group (mesos mode only). Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Response traffic to clients will be sent back to the source mac address of the connection, rather than statically sent to a default gateway. Default value when not specified in API or module is interpreted by Avi Controller as True. Choices:
|
|
Enable route health injection using the bgp config in the vrf context. Choices:
|
|
Enable route health injection for source nat’ted floating ip address using the bgp config in the vrf context. Choices:
|
|
Enable or disable the virtual service. Default value when not specified in API or module is interpreted by Avi Controller as True. Choices:
|
|
Error page profile to be used for this virtualservice.this profile is used to send the custom error page to the client generated by the proxy. It is a reference to an object of type errorpageprofile. Field introduced in 17.2.4. |
|
Floating ip to associate with this virtual service. Field deprecated in 17.1.1. |
|
If auto_allocate_floating_ip is true and more than one floating-ip subnets exist, then the subnet for the floating ip address allocation. This field is applicable only if the virtualservice belongs to an openstack or aws cloud. In openstack or aws cloud it is required when auto_allocate_floating_ip is selected. Field deprecated in 17.1.1. |
|
Criteria for flow distribution among ses. Enum options - LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT. Default value when not specified in API or module is interpreted by Avi Controller as LOAD_AWARE. |
|
Criteria for flow labelling. Enum options - NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL. Default value when not specified in API or module is interpreted by Avi Controller as NO_LABEL. |
|
Dns resolvable, fully qualified domain name of the virtualservice. Only one of ‘fqdn’ and ‘dns_info’ configuration is allowed. |
|
Translate the host name sent to the servers to this value. Translate the host name sent from servers back to the value used by the client. |
|
Http policies applied on the data traffic of the virtual service. |
|
Ignore pool servers network reachability constraints for virtual service placement. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Ip address of the virtual service. Field deprecated in 17.1.1. |
|
Subnet and/or network for allocating virtualservice ip by ipam provider module. Field deprecated in 17.1.1. |
|
L4 policies applied to the data traffic of the virtual service. Field introduced in 17.2.7. |
|
Limit potential dos attackers who exceed max_cps_per_client significantly to a fraction of max_cps_per_client for a while. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Maximum connections per second per client ip. Allowed values are 10-1000. Special values are 0- ‘unlimited’. Default value when not specified in API or module is interpreted by Avi Controller as 0. |
|
Microservice representing the virtual service. It is a reference to an object of type microservice. |
|
Minimum number of up pools to mark vs up. Field introduced in 18.2.1, 17.2.12. |
|
Name for the virtual service. |
|
Determines network settings such as protocol, tcp or udp, and related options for the protocol. It is a reference to an object of type networkprofile. |
|
Manually override the network on which the virtual service is placed. It is a reference to an object of type network. Field deprecated in 17.1.1. |
|
Network security policies for the virtual service. It is a reference to an object of type networksecuritypolicy. |
|
A list of nsx service groups representing the clients which can access the virtual ip of the virtual service. Field introduced in 17.1.1. |
|
Password of Avi user in Avi controller. The default value is the environment variable |
|
Optional settings that determine performance limits like max connections or bandwidth etc. |
|
The pool group is an object that contains pools. It is a reference to an object of type poolgroup. |
|
The pool is an object that contains destination servers and related attributes such as load-balancing and persistence. It is a reference to an object of type pool. |
|
(internal-use) network port assigned to the virtual service ip address. Field deprecated in 17.1.1. |
|
Remove listening port if virtualservice is down. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Rate limit the incoming requests to this virtual service. |
|
Application-specific saml config. Field introduced in 18.2.3. |
|
Disable re-distribution of flows across service engines for a virtual service. Enable if the network itself performs flow hashing with ecmp in environments such as gcp. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
The service engine group to use for this virtual service. Moving to a new se group is disruptive to existing connections for this vs. It is a reference to an object of type serviceenginegroup. |
|
Security policy applied on the traffic of the virtual service. This policy is used to perform security actions such as distributed denial of service (ddos) attack mitigation, etc. It is a reference to an object of type securitypolicy. Field introduced in 18.2.1. |
|
Determines the network settings profile for the server side of tcp proxied connections. Leave blank to use the same settings as the client to vs side of the connection. It is a reference to an object of type networkprofile. |
|
Metadata pertaining to the service provided by this virtual service. In openshift/kubernetes environments, egress pod info is stored. Any user input to this field will be overwritten by avi vantage. |
|
Select pool based on destination port. |
|
List of services defined for this virtual service. |
|
Sideband configuration to be used for this virtualservice.it can be used for sending traffic to sideband vips for external inspection etc. |
|
Nat’ted floating source ip address(es) for upstream connection to servers. |
|
Gslb pools used to manage site-persistence functionality. Each site-persistence pool contains the virtualservices in all the other sites, that is auto-generated by the gslb manager. This is a read-only field for the user. It is a reference to an object of type pool. Field introduced in 17.2.2. |
|
Select or create one or two certificates, ec and/or rsa, that will be presented to ssl/tls terminated connections. It is a reference to an object of type sslkeyandcertificate. |
|
Determines the set of ssl versions and ciphers to accept for ssl/tls terminated connections. It is a reference to an object of type sslprofile. |
|
Select ssl profile based on client ip address match. Field introduced in 18.2.3. |
|
Expected number of ssl session cache entries (may be exceeded). Allowed values are 1024-16383. Default value when not specified in API or module is interpreted by Avi Controller as 1024. |
|
Client authentication and authorization policy for the virtualservice. Field deprecated in 18.2.3. Field introduced in 18.2.1. |
|
The sso policy attached to the virtualservice. It is a reference to an object of type ssopolicy. Field introduced in 18.2.3. |
|
The state that should be applied on the entity. Choices:
|
|
List of static dns records applied to this virtual service. These are static entries and no health monitoring is performed against the ip addresses. |
|
Subnet providing reachability for client facing virtual service ip. Field deprecated in 17.1.1. |
|
It represents subnet for the virtual service ip address allocation when auto_allocate_ip is true.it is only applicable in openstack or aws cloud. This field is required if auto_allocate_ip is true. Field deprecated in 17.1.1. |
|
Name of tenant used for all Avi API calls and context of object. Default: |
|
It is a reference to an object of type tenant. |
|
UUID of tenant used for all Avi API calls and context of object. Default: |
|
Topology policies applied on the dns traffic of the virtual service based ongslb topology algorithm. Field introduced in 18.2.3. |
|
Server network or list of servers for cloning traffic. It is a reference to an object of type trafficcloneprofile. Field introduced in 17.1.1. |
|
Knob to enable the virtual service traffic on its assigned service engines. This setting is effective only when the enabled flag is set to true. Field introduced in 17.2.8. Default value when not specified in API or module is interpreted by Avi Controller as True. Choices:
|
|
Specify if this is a normal virtual service, or if it is the parent or child of an sni-enabled virtual hosted virtual service. Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD. Default value when not specified in API or module is interpreted by Avi Controller as VS_TYPE_NORMAL. |
|
Avi controller URL of the object. |
|
Use bridge ip as vip on each host in mesos deployments. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Use the virtual ip as the snat ip for health monitoring and sending traffic to the backend servers instead of the service engine interface ip. The caveat of enabling this option is that the virtualservice cannot be configued in an active-active ha mode. Dns based multi vip solution has to be used for ha & non-disruptive upgrade purposes. Field introduced in 17.1.9,17.2.3. Default value when not specified in API or module is interpreted by Avi Controller as False. Choices:
|
|
Username used for accessing Avi controller. The default value is the environment variable |
|
Uuid of the virtualservice. |
|
The exact name requested from the client’s sni-enabled tls hello domain name field. If this is a match, the parent vs will forward the connection to this child vs. |
|
Specifies the virtual service acting as virtual hosting (sni) parent. |
|
List of virtual service ips. While creating a ‘shared vs’,please use vsvip_ref to point to the shared entities. Field introduced in 17.1.1. |
|
Virtual routing context that the virtual service is bound to. This is used to provide the isolation of the set of networks the application is attached to. It is a reference to an object of type vrfcontext. |
|
Datascripts applied on the data traffic of the virtual service. |
|
Checksum of cloud configuration for vsvip. Internally set by cloud connector. Field introduced in 17.2.9, 18.1.2. |
|
Mostly used during the creation of shared vs, this field refers to entities that can be shared across virtual services. It is a reference to an object of type vsvip. Field introduced in 17.1.1. |
|
Waf policy for the virtual service. It is a reference to an object of type wafpolicy. Field introduced in 17.2.1. |
|
The quality of service weight to assign to traffic transmitted from this virtual service. A higher weight will prioritize traffic versus other virtual services sharing the same service engines. Allowed values are 1-128. Default value when not specified in API or module is interpreted by Avi Controller as 1. |
Notes
Note
For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.
Examples
- name: Create SSL Virtual Service using Pool testpool2
community.network.avi_virtualservice:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
name: newtestvs
state: present
performance_limits:
max_concurrent_connections: 1000
services:
- port: 443
enable_ssl: true
- port: 80
ssl_profile_ref: '/api/sslprofile?name=System-Standard'
application_profile_ref: '/api/applicationprofile?name=System-Secure-HTTP'
ssl_key_and_certificate_refs:
- '/api/sslkeyandcertificate?name=System-Default-Cert'
ip_address:
addr: 10.90.131.103
type: V4
pool_ref: '/api/pool?name=testpool2'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
VirtualService (api/virtualservice) object Returned: success, changed |