avi_sslprofile - Module for setup of SSLProfile Avi RESTful Object
New in version 2.3.
Synopsis
- This module is used to configure SSLProfile object
- more examples at https://github.com/avinetworks/devops
Requirements (on host that executes module)
- avisdk
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
accepted_ciphers | no | Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4. | ||
accepted_versions | no | Set of versions accepted by the server. | ||
api_version | no | Avi API version of to use for Avi API and objects. | ||
cipher_enums | no | Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha. | ||
controller | no | IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER . | ||
description | no | User defined description for the object. | ||
dhparam | no | Dh parameters used in ssl. At this time, it is not configurable and is set to 2048 bits. | ||
enable_ssl_session_reuse | no | Enable ssl session re-use. Default value when not specified in API or module is interpreted by Avi Controller as True. | ||
name | yes | Name of the object. | ||
password | no | Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD . | ||
prefer_client_cipher_ordering | no | Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
send_close_notify | no | Send 'close notify' alert message for a clean shutdown of the ssl connection. Default value when not specified in API or module is interpreted by Avi Controller as True. | ||
ssl_rating | no | Sslrating settings for sslprofile. | ||
ssl_session_timeout | no | The amount of time before an ssl session expires. Default value when not specified in API or module is interpreted by Avi Controller as 86400. | ||
state | no | present |
| The state that should be applied on the entity. |
tags | no | List of tag. | ||
tenant | no | admin | Name of tenant used for all Avi API calls and context of object. | |
tenant_ref | no | It is a reference to an object of type tenant. | ||
tenant_uuid | no | UUID of tenant used for all Avi API calls and context of object. | ||
url | no | Avi controller URL of the object. | ||
username | no | Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME . | ||
uuid | no | Unique object identifier of the object. |
Examples
- name: Create SSL profile with list of allowed ciphers avi_sslprofile: controller: '' username: '' password: '' accepted_ciphers: > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384: AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA: AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA accepted_versions: - type: SSL_VERSION_TLS1 - type: SSL_VERSION_TLS1_1 - type: SSL_VERSION_TLS1_2 cipher_enums: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA name: PFS-BOTH-RSA-EC send_close_notify: true ssl_rating: compatibility_rating: SSL_SCORE_EXCELLENT performance_rating: SSL_SCORE_EXCELLENT security_score: '100.0' tenant_ref: Demo
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
name | description | returned | type | sample |
---|---|---|---|---|
obj | SSLProfile (api/sslprofile) object | success, changed | dict |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/avi_sslprofile_module.html