New in version 2.5.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| account |
Account the VPN customer gateway is related to.
|
|
| api_http_method |
|
HTTP method used to query the API endpoint.
If not given, the
CLOUDSTACK_METHOD env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is
get if not specified. |
| api_key |
API key of the CloudStack API.
If not given, the
CLOUDSTACK_KEY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
| api_region |
Default: "cloudstack"
|
Name of the ini section in the
cloustack.ini file.If not given, the
CLOUDSTACK_REGION env variable is considered. |
| api_secret |
Secret key of the CloudStack API.
If not set, the
CLOUDSTACK_SECRET env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
| api_timeout |
HTTP timeout in seconds.
If not given, the
CLOUDSTACK_TIMEOUT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is 10 seconds if not specified.
|
|
| api_url |
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the
CLOUDSTACK_ENDPOINT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
| cidrs |
List of guest CIDRs behind the gateway.
Required if
state=present.aliases: cidr |
|
| domain |
Domain the VPN customer gateway is related to.
|
|
|
dpd
bool |
|
Enable Dead Peer Detection.
Disabled per default by the API on creation if not set.
|
| esp_lifetime |
Lifetime in seconds of phase 2 VPN connection.
Defaulted to 3600 by the API on creation if not set.
|
|
| esp_policy |
ESP policy in the format e.g.
aes256-sha1;modp1536.Required if
state=present. |
|
|
force_encap
bool |
|
Force encapsulation for NAT traversal.
Disabled per default by the API on creation if not set.
|
| gateway |
Public IP address of the gateway.
Required if
state=present. |
|
| ike_lifetime |
Lifetime in seconds of phase 1 VPN connection.
Defaulted to 86400 by the API on creation if not set.
|
|
| ike_policy |
IKE policy in the format e.g.
aes256-sha1;modp1536.Required if
state=present. |
|
| ipsec_psk |
IPsec Preshared-Key.
Cannot contain newline or double quotes.
Required if
state=present. |
|
|
name
required |
Name of the gateway.
|
|
| poll_async |
Default: "yes"
|
Poll async jobs until job has finished.
|
| project |
Name of the project the VPN gateway is related to.
|
|
| state |
|
State of the VPN customer gateway.
|
Note
cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. A CLOUDSTACK_CONFIG environment variable pointing to an .ini file. A cloudstack.ini file in the current working directory. A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.- name: Create a vpn customer gateway
local_action:
module: cs_vpn_customer_gateway
name: my vpn customer gateway
cidrs:
- 192.168.123.0/24
- 192.168.124.0/24
esp_policy: aes256-sha1;modp1536
gateway: 10.10.1.1
ike_policy: aes256-sha1;modp1536
ipsec_psk: "S3cr3Tk3Y"
- name: Remove a vpn customer gateway
local_action:
module: cs_vpn_customer_gateway
name: my vpn customer gateway
state: absent
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
account
string
|
success |
Account the VPN customer gateway is related to.
Sample:
example account
|
|
cidrs
list
|
success |
List of CIDRs of this customer gateway.
Sample:
['10.10.10.0/24']
|
|
domain
string
|
success |
Domain the VPN customer gateway is related to.
Sample:
example domain
|
|
dpd
bool
|
success |
Whether dead pear detection is enabled or not.
Sample:
True
|
|
esp_lifetime
int
|
success |
Lifetime in seconds of phase 2 VPN connection.
Sample:
86400
|
|
esp_policy
string
|
success |
IKE policy of the VPN customer gateway.
Sample:
aes256-sha1;modp1536
|
|
force_encap
bool
|
success |
Whether encapsulation for NAT traversal is enforced or not.
Sample:
True
|
|
gateway
string
|
success |
IP address of the VPN customer gateway.
Sample:
10.100.212.10
|
|
id
string
|
success |
UUID of the VPN customer gateway.
Sample:
04589590-ac63-4ffc-93f5-b698b8ac38b6
|
|
ike_lifetime
int
|
success |
Lifetime in seconds of phase 1 VPN connection.
Sample:
86400
|
|
ike_policy
string
|
success |
ESP policy of the VPN customer gateway.
Sample:
aes256-sha1;modp1536
|
|
name
string
|
success |
Name of this customer gateway.
Sample:
my vpn customer gateway
|
|
project
string
|
success |
Name of project the VPN customer gateway is related to.
Sample:
Production
|
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.