ngine_io.vultr.vultr_firewall_rule – Manages firewall rules on Vultr.
Note
This plugin is part of the ngine_io.vultr collection (version 1.1.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ngine_io.vultr
.
To use it in a playbook, specify: ngine_io.vultr.vultr_firewall_rule
.
New in version 0.1.0: of ngine_io.vultr
Synopsis
- Create and remove firewall rules.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
api_account string | Default: "default" | Name of the ini section in the vultr.ini file.The ENV variable VULTR_API_ACCOUNT is used as default, when defined. |
api_endpoint string | URL to API endpint (without trailing slash). The ENV variable VULTR_API_ENDPOINT is used as default, when defined.Fallback value is https://api.vultr.com if not specified. | |
api_key string | API key of the Vultr API. The ENV variable VULTR_API_KEY is used as default, when defined. | |
api_retries integer | Amount of retries in case of the Vultr API retuns an HTTP 503 code. The ENV variable VULTR_API_RETRIES is used as default, when defined.Fallback value is 5 retries if not specified. | |
api_retry_max_delay integer | Retry backoff delay in seconds is exponential up to this max. value, in seconds. The ENV variable VULTR_API_RETRY_MAX_DELAY is used as default, when defined.Fallback value is 12 seconds. | |
api_timeout integer | HTTP timeout to Vultr API. The ENV variable VULTR_API_TIMEOUT is used as default, when defined.Fallback value is 60 seconds if not specified. | |
cidr string | Network in CIDR format The CIDR format must match with the ip_version value.Required if state=present .Defaulted to 0.0.0.0/0 or ::/0 depending on ip_version . | |
end_port integer | End port for the firewall rule. Only considered if protocol is tcp or udp and state=present. | |
group string / required | Name of the firewall group. | |
ip_version string |
| IP address version aliases: ip_type |
protocol string |
| Protocol of the firewall rule. |
start_port integer | Start port for the firewall rule. Required if protocol is tcp or udp and state=present.aliases: port | |
state string |
| State of the firewall rule. |
validate_certs boolean |
| Validate SSL certs of the Vultr API. |
Notes
Note
- Also see the API documentation on https://www.vultr.com/api/.
Examples
- name: ensure a firewall rule is present ngine_io.vultr.vultr_firewall_rule: group: application protocol: tcp start_port: 8000 end_port: 9000 cidr: 17.17.17.0/24 - name: open DNS port for all ipv4 and ipv6 ngine_io.vultr.vultr_firewall_rule: group: dns protocol: udp port: 53 ip_version: "{{ item }}" with_items: [ v4, v6 ] - name: allow ping ngine_io.vultr.vultr_firewall_rule: group: web protocol: icmp - name: ensure a firewall rule is absent ngine_io.vultr.vultr_firewall_rule: group: application protocol: tcp start_port: 8000 end_port: 9000 cidr: 17.17.17.0/24 state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
vultr_api complex | success | Response from Vultr API with a few additions/modification | |
api_account string | success | Account used in the ini file to select the key Sample: default | |
api_endpoint string | success | Endpoint used for the API requests Sample: https://api.vultr.com | |
api_retries integer | success | Amount of max retries for the API requests Sample: 5 | |
api_retry_max_delay integer | success | Exponential backoff delay in seconds between retries up to this max delay value. Sample: 12 | |
api_timeout integer | success | Timeout used for the API requests Sample: 60 | |
vultr_firewall_rule complex | success | Response from Vultr API | |
action string | success | Action of the firewall rule Sample: accept | |
cidr string | success and when port range | CIDR of the firewall rule (IPv4 or IPv6) Sample: 0.0.0.0/0 | |
end_port integer | success and when port range and protocol is tcp or udp | End port of the firewall rule Sample: 8080 | |
group string | success | Firewall group the rule is into. Sample: web | |
protocol string | success | Protocol of the firewall rule Sample: tcp | |
rule_number integer | success | Rule number of the firewall rule Sample: 2 | |
start_port integer | success and protocol is tcp or udp | Start port of the firewall rule Sample: 80 |
Authors
- René Moser (@resmo)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ngine_io/vultr/vultr_firewall_rule_module.html