community.general.rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer.
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.rax_clb_ssl
.
Synopsis
- Set up, reconfigure, or remove SSL termination for an existing load balancer.
Requirements
The below requirements are needed on the host that executes this module.
- pyrax
- python >= 2.6
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
api_key string | Rackspace API key, overrides credentials. aliases: password | |
auth_endpoint string | The URI of the authentication service. If not specified will be set to https://identity.api.rackspacecloud.com/v2.0/
| |
certificate string | The public SSL certificates as a string in PEM format. | |
credentials path | File to find the Rackspace credentials in. Ignored if api_key and username are provided. aliases: creds_file | |
enabled boolean |
| If set to "false", temporarily disable SSL termination without discarding existing credentials. |
env string | Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration. | |
https_redirect boolean |
| If "true", the load balancer will redirect HTTP traffic to HTTPS. Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL termination is also applied or removed. |
identity_type string | Default: "rackspace" | Authentication mechanism to use, such as rackspace or keystone. |
intermediate_certificate string | One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string. | |
loadbalancer string / required | Name or ID of the load balancer on which to manage SSL termination. | |
private_key string | The private SSL key as a string in PEM format. | |
region string | Region to create an instance in. | |
secure_port integer | Default: 443 | The port to listen for secure traffic. |
secure_traffic_only boolean |
| If "true", the load balancer will *only* accept secure traffic. |
state string |
| If set to "present", SSL termination will be added to this load balancer. If "absent", SSL termination will be removed instead. |
tenant_id string | The tenant ID used for authentication. | |
tenant_name string | The tenant name used for authentication. | |
username string | Rackspace username, overrides credentials. | |
validate_certs boolean |
| Whether or not to require SSL validation of API endpoints. aliases: verify_ssl |
wait boolean |
| Wait for the balancer to be in state "running" before turning. |
wait_timeout integer | Default: 300 | How long before "wait" gives up, in seconds. |
Notes
Note
- The following environment variables can be used,
RAX_USERNAME
,RAX_API_KEY
,RAX_CREDS_FILE
,RAX_CREDENTIALS
,RAX_REGION
. -
RAX_CREDENTIALS
andRAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating -
RAX_USERNAME
andRAX_API_KEY
obviate the use of a credentials file -
RAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, …) - The following environment variables can be used,
RAX_USERNAME
,RAX_API_KEY
,RAX_CREDS_FILE
,RAX_CREDENTIALS
,RAX_REGION
. -
RAX_CREDENTIALS
andRAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating -
RAX_USERNAME
andRAX_API_KEY
obviate the use of a credentials file -
RAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, …)
Examples
- name: Enable SSL termination on a load balancer community.general.rax_clb_ssl: loadbalancer: the_loadbalancer state: present private_key: "{{ lookup('file', 'credentials/server.key' ) }}" certificate: "{{ lookup('file', 'credentials/server.crt' ) }}" intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}" secure_traffic_only: true wait: true - name: Disable SSL termination community.general.rax_clb_ssl: loadbalancer: "{{ registered_lb.balancer.id }}" state: absent wait: true
Authors
- Ash Wilson (@smashwilson)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/rax_clb_ssl_module.html