community.vmware.vca_fw module – add remove firewall rules in a gateway in a vca

Note

This module is part of the community.vmware collection (version 2.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.vmware.

To use it in a playbook, specify: community.vmware.vca_fw.

DEPRECATED

Removed in

major release after 2022-06-01

Why

Module depends upon deprecated version of Pyvcloud library.

Alternative

Use https://github.com/vmware/ansible-module-vcloud-director instead.

Synopsis

  • Adds or removes firewall rules from a gateway in a vca environment

Parameters

Parameter

Comments

api_version

string

The API version to be used with the vca.

Default: “5.7”

fw_rules

string / required

A list of firewall rules to be added to the gateway, Please see examples on valid entries

Default: “no”

gateway_name

string

The name of the gateway of the vdc where the rule should be added.

Default: “gateway”

host

string

The authentication host to be used when service type is vcd.

instance_id

string

The instance ID in a vchs environment to be used for creating the vapp.

org

string

The org to login to for creating vapp.

This option is required when the service_type is vdc.

password

aliases: pass, passwd

string

The vca password, if not set the environment variable VCA_PASS is checked for the password.

service_type

string

The type of service we are authenticating against.

Choices:

  • vca ← (default)

  • vcd

  • vchs

state

string

Whether the object should be added or removed.

Choices:

  • absent

  • present ← (default)

username

aliases: user

string

The vca username or email address, if not set the environment variable VCA_USER is checked for the username.

validate_certs

aliases: verify_certs

boolean

If the certificates of the authentication is to be verified.

Choices:

  • no

  • yes ← (default)

vdc_name

string

The name of the vdc where the gateway is located.

Examples

#Add a set of firewall rules

- hosts: localhost
  connection: local
  tasks:
   - community.vmware.vca_fw:
       instance_id: 'b15ff1e5-1024-4f55-889f-ea0209726282'
       vdc_name: 'benz_ansible'
       fw_rules:
         - description: "ben testing"
           source_ip: "Any"
           dest_ip: 192.0.2.23
         - description: "ben testing 2"
           source_ip: 192.0.2.50
           source_port: "Any"
           dest_port: "22"
           dest_ip: 192.0.2.101
           is_enable: "true"
           enable_logging: "false"
           protocol: "Tcp"
           policy: "allow"

Status

  • This module will be removed in a major release after 2022-06-01. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Peter Sprygada (@privateip)