Documentation

vca_fw - add remove firewall rules in a gateway in a vca

New in version 2.0.

Synopsis

  • Adds or removes firewall rules from a gateway in a vca environment

Parameters

Parameter Choices/Defaults Comments
api_version Default:
5.7
The api version to be used with the vca.
fw_rules
required
Default:
no
A list of firewall rules to be added to the gateway, Please see examples on valid entries
gateway_name Default:
gateway
The name of the gateway of the vdc where the rule should be added.
host
The authentication host to be used when service type is vcd.
instance_id
The instance id in a vchs environment to be used for creating the vapp.
org
The org to login to for creating vapp. This option is required when the service_type is vdc.
password
The vca password, if not set the environment variable VCA_PASS is checked for the password.

aliases: pass, passwd
service_type
    Choices:
  • vca ←
  • vchs
  • vcd
The type of service we are authenticating against.
state
    Choices:
  • present ←
  • absent
If the object should be added or removed.
username
The vca username or email address, if not set the environment variable VCA_USER is checked for the username.

aliases: user
vdc_name
The name of the vdc where the gateway is located.
verify_certs
bool
    Choices:
  • no
  • yes ←
If the certificates of the authentication is to be verified.

Examples

#Add a set of firewall rules

- hosts: localhost
  connection: local
  tasks:
   - vca_fw:
       instance_id: 'b15ff1e5-1024-4f55-889f-ea0209726282'
       vdc_name: 'benz_ansible'
       state: 'absent'
       fw_rules:
         - description: "ben testing"
           source_ip: "Any"
           dest_ip: 192.0.2.23
         - description: "ben testing 2"
           source_ip: 192.0.2.50
           source_port: "Any"
           dest_port: "22"
           dest_ip: 192.0.2.101
           is_enable: "true"
           enable_logging: "false"
           protocol: "Tcp"
           policy: "allow"

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Peter Sprygada (@privateip)

Hint

If you notice any issues in this documentation you can edit this document to improve it.