Documentation

cs_vpn_connection - Manages site-to-site VPN connections on Apache CloudStack based clouds.

New in version 2.5.

Synopsis

  • Create and remove VPN connections.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • cs >= 0.6.10

Parameters

Parameter Choices/Defaults Comments
account
Account the VPN connection is related to.
api_http_method
    Choices:
  • get
  • post
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is get if not specified.
api_key
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
api_region Default:
cloudstack
Name of the ini section in the cloustack.ini file.
If not given, the CLOUDSTACK_REGION env variable is considered.
api_secret
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
api_timeout
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is 10 seconds if not specified.
api_url
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
As the last option, the value is taken from the ini config file, also see the notes.
domain
Domain the VPN connection is related to.
force
bool
    Choices:
  • no ←
  • yes
Activate the VPN gateway if not already activated on state=present.
Also see cs_vpn_gateway.
passive
bool
    Choices:
  • no ←
  • yes
State of the VPN connection.
Only considered when state=present.
poll_async
bool
    Choices:
  • no
  • yes ←
Poll async jobs until job has finished.
project
Name of the project the VPN connection is related to.
state
    Choices:
  • present ←
  • absent
State of the VPN connection.
vpc
required
Name of the VPC the VPN connection is related to.
vpn_customer_gateway
required
Name of the VPN customer gateway.

Notes

Note

  • Ansible uses the cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. A CLOUDSTACK_CONFIG environment variable pointing to an .ini file. A cloudstack.ini file in the current working directory. A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.
  • A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
  • This module supports check mode.

Examples

- name: Create a VPN connection with activated VPN gateway
  local_action:
    module: cs_vpn_connection
    vpn_customer_gateway: my vpn connection
    vpc: my vpc

- name: Create a VPN connection and force VPN gateway activation
  local_action:
    module: cs_vpn_connection
    vpn_customer_gateway: my vpn connection
    vpc: my vpc
    force: yes

- name: Remove a vpn connection
  local_action:
    module: cs_vpn_connection
    vpn_customer_gateway: my vpn connection
    vpc: my vpc
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
account
string
success
Account the VPN connection is related to.

Sample:
example account
cidrs
list
success
List of CIDRs of the customer gateway.

Sample:
['10.10.10.0/24']
created
string
success
Date the connection was created.

Sample:
2014-12-01T14:57:57+0100
domain
string
success
Domain the VPN connection is related to.

Sample:
example domain
dpd
bool
success
Whether dead pear detection is enabled or not.

Sample:
True
esp_lifetime
int
success
Lifetime in seconds of phase 2 VPN connection.

Sample:
86400
esp_policy
string
success
IKE policy of the VPN connection.

Sample:
aes256-sha1;modp1536
force_encap
bool
success
Whether encapsulation for NAT traversal is enforced or not.

Sample:
True
gateway
string
success
IP address of the VPN customer gateway.

Sample:
10.101.214.10
id
string
success
UUID of the VPN connection.

Sample:
04589590-ac63-4ffc-93f5-b698b8ac38b6
ike_lifetime
int
success
Lifetime in seconds of phase 1 VPN connection.

Sample:
86400
ike_policy
string
success
ESP policy of the VPN connection.

Sample:
aes256-sha1;modp1536
passive
bool
success
Whether the connection is passive or not.

project
string
success
Name of project the VPN connection is related to.

Sample:
Production
public_ip
string
success
IP address of the VPN gateway.

Sample:
10.100.212.10
state
string
success
State of the VPN connection.

Sample:
Connected
vpn_gateway_id
string
success
UUID of the VPN gateway.

Sample:
04589590-ac63-93f5-4ffc-b698b8ac38b6


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • René Moser (@resmo)

Hint

If you notice any issues in this documentation you can edit this document to improve it.