community.general.rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer.

Note

This plugin is part of the community.general collection (version 4.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.rax_clb_ssl.

Synopsis

  • Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements

The below requirements are needed on the host that executes this module.

  • pyrax

  • python >= 2.6

Parameters

Parameter Choices/Defaults Comments
api_key
string
Rackspace API key, overrides credentials.

aliases: password
auth_endpoint
string
The URI of the authentication service.
If not specified will be set to https://identity.api.rackspacecloud.com/v2.0/
certificate
string
The public SSL certificates as a string in PEM format.
credentials
path
File to find the Rackspace credentials in. Ignored if api_key and username are provided.

aliases: creds_file
enabled
boolean
    Choices:
  • no
  • yes ←
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
env
string
https_redirect
boolean
    Choices:
  • no
  • yes
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
identity_type
string
Default:
"rackspace"
Authentication mechanism to use, such as rackspace or keystone.
intermediate_certificate
string
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
loadbalancer
string / required
Name or ID of the load balancer on which to manage SSL termination.
private_key
string
The private SSL key as a string in PEM format.
region
string
Region to create an instance in.
secure_port
integer
Default:
443
The port to listen for secure traffic.
secure_traffic_only
boolean
    Choices:
  • no ←
  • yes
If "true", the load balancer will *only* accept secure traffic.
state
string
    Choices:
  • present ←
  • absent
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
tenant_id
string
The tenant ID used for authentication.
tenant_name
string
The tenant name used for authentication.
username
string
Rackspace username, overrides credentials.
validate_certs
boolean
    Choices:
  • no
  • yes
Whether or not to require SSL validation of API endpoints.

aliases: verify_ssl
wait
boolean
    Choices:
  • no ←
  • yes
Wait for the balancer to be in state "running" before turning.
wait_timeout
integer
Default:
300
How long before "wait" gives up, in seconds.

Notes

Note

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

Examples

- name: Enable SSL termination on a load balancer
  community.general.rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  community.general.rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Authors

  • Ash Wilson (@smashwilson)