ngine_io.cloudstack.cs_vpn_customer_gateway – Manages site-to-site VPN customer gateway configurations on Apache CloudStack based clouds.

Note

This plugin is part of the ngine_io.cloudstack collection (version 2.2.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ngine_io.cloudstack.

To use it in a playbook, specify: ngine_io.cloudstack.cs_vpn_customer_gateway.

New in version 0.1.0: of ngine_io.cloudstack

Synopsis

  • Create, update and remove VPN customer gateways.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6

  • cs >= 0.9.0

Parameters

Parameter Choices/Defaults Comments
account
string
Account the VPN customer gateway is related to.
api_http_method
string
    Choices:
  • get ←
  • post
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
api_key
string / required
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
api_secret
string / required
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
api_timeout
integer
Default:
10
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
api_url
string / required
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
api_verify_ssl_cert
string
Verify CA authority cert file.
If not given, the CLOUDSTACK_VERIFY env variable is considered.
cidrs
list / elements=string
List of guest CIDRs behind the gateway.
Required if state=present.

aliases: cidr
domain
string
Domain the VPN customer gateway is related to.
dpd
boolean
    Choices:
  • no
  • yes
Enable Dead Peer Detection.
Disabled per default by the API on creation if not set.
esp_lifetime
integer
Lifetime in seconds of phase 2 VPN connection.
Defaulted to 3600 by the API on creation if not set.
esp_policy
string
ESP policy in the format e.g. aes256-sha1;modp1536.
Required if state=present.
force_encap
boolean
    Choices:
  • no
  • yes
Force encapsulation for NAT traversal.
Disabled per default by the API on creation if not set.
gateway
string
Public IP address of the gateway.
Required if state=present.
ike_lifetime
integer
Lifetime in seconds of phase 1 VPN connection.
Defaulted to 86400 by the API on creation if not set.
ike_policy
string
IKE policy in the format e.g. aes256-sha1;modp1536.
Required if state=present.
ipsec_psk
string
IPsec Preshared-Key.
Cannot contain newline or double quotes.
Required if state=present.
name
string / required
Name of the gateway.
poll_async
boolean
    Choices:
  • no
  • yes ←
Poll async jobs until job has finished.
project
string
Name of the project the VPN gateway is related to.
state
string
    Choices:
  • present ←
  • absent
State of the VPN customer gateway.

Notes

Note

  • A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.

  • This module supports check mode.

Examples

- name: Create a vpn customer gateway
  ngine_io.cloudstack.cs_vpn_customer_gateway:
    name: my vpn customer gateway
    cidrs:
    - 192.168.123.0/24
    - 192.168.124.0/24
    esp_policy: aes256-sha1;modp1536
    gateway: 10.10.1.1
    ike_policy: aes256-sha1;modp1536
    ipsec_psk: "S3cr3Tk3Y"

- name: Remove a vpn customer gateway
  ngine_io.cloudstack.cs_vpn_customer_gateway:
    name: my vpn customer gateway
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
account
string
success
Account the VPN customer gateway is related to.

Sample:
example account
cidrs
list / elements=string
success
List of CIDRs of this customer gateway.

Sample:
['10.10.10.0/24']
domain
string
success
Domain the VPN customer gateway is related to.

Sample:
example domain
dpd
boolean
success
Whether dead pear detection is enabled or not.

Sample:
True
esp_lifetime
integer
success
Lifetime in seconds of phase 2 VPN connection.

Sample:
86400
esp_policy
string
success
IKE policy of the VPN customer gateway.

Sample:
aes256-sha1;modp1536
force_encap
boolean
success
Whether encapsulation for NAT traversal is enforced or not.

Sample:
True
gateway
string
success
IP address of the VPN customer gateway.

Sample:
10.100.212.10
id
string
success
UUID of the VPN customer gateway.

Sample:
04589590-ac63-4ffc-93f5-b698b8ac38b6
ike_lifetime
integer
success
Lifetime in seconds of phase 1 VPN connection.

Sample:
86400
ike_policy
string
success
ESP policy of the VPN customer gateway.

Sample:
aes256-sha1;modp1536
name
string
success
Name of this customer gateway.

Sample:
my vpn customer gateway
project
string
success
Name of project the VPN customer gateway is related to.

Sample:
Production


Authors

  • René Moser (@resmo)