community.general.rax_clb_ssl module – Manage SSL termination for a Rackspace Cloud Load Balancer

Note

This module is part of the community.general collection (version 6.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.rax_clb_ssl.

Synopsis

  • Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements

The below requirements are needed on the host that executes this module.

  • pyrax

  • python >= 2.6

Parameters

Parameter

Comments

api_key

aliases: password

string

Rackspace API key, overrides credentials.

auth_endpoint

string

The URI of the authentication service.

If not specified will be set to https://identity.api.rackspacecloud.com/v2.0/

certificate

string

The public SSL certificates as a string in PEM format.

credentials

aliases: creds_file

path

File to find the Rackspace credentials in. Ignored if api_key and username are provided.

enabled

boolean

If set to “false”, temporarily disable SSL termination without discarding

existing credentials.

Choices:

  • false

  • true ← (default)

env

string

https_redirect

boolean

If “true”, the load balancer will redirect HTTP traffic to HTTPS.

Requires “secure_traffic_only” to be true. Incurs an implicit wait if SSL

termination is also applied or removed.

Choices:

  • false

  • true

identity_type

string

Authentication mechanism to use, such as rackspace or keystone.

Default: "rackspace"

intermediate_certificate

string

One or more intermediate certificate authorities as a string in PEM

format, concatenated into a single string.

loadbalancer

string / required

Name or ID of the load balancer on which to manage SSL termination.

private_key

string

The private SSL key as a string in PEM format.

region

string

Region to create an instance in.

secure_port

integer

The port to listen for secure traffic.

Default: 443

secure_traffic_only

boolean

If “true”, the load balancer will *only* accept secure traffic.

Choices:

  • false ← (default)

  • true

state

string

If set to “present”, SSL termination will be added to this load balancer.

If “absent”, SSL termination will be removed instead.

Choices:

  • "present" ← (default)

  • "absent"

tenant_id

string

The tenant ID used for authentication.

tenant_name

string

The tenant name used for authentication.

username

string

Rackspace username, overrides credentials.

validate_certs

aliases: verify_ssl

boolean

Whether or not to require SSL validation of API endpoints.

Choices:

  • false

  • true

wait

boolean

Wait for the balancer to be in state “running” before turning.

Choices:

  • false ← (default)

  • true

wait_timeout

integer

How long before “wait” gives up, in seconds.

Default: 300

Notes

Note

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

Examples

- name: Enable SSL termination on a load balancer
  community.general.rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  community.general.rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Authors

  • Ash Wilson (@smashwilson)