rax_clb_ssl - Manage SSL termination for a Rackspace Cloud Load Balancer.
New in version 2.0.
Synopsis
- Set up, reconfigure, or remove SSL termination for an existing load balancer.
Requirements (on host that executes module)
- python >= 2.6
- pyrax
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| api_key | no | Rackspace API key, overrides credentials. aliases: password | ||
| certificate | no | The public SSL certificates as a string in PEM format. | ||
| credentials | no | File to find the Rackspace credentials in. Ignored if api_key and username are provided. aliases: creds_file | ||
| enabled | no | True | If set to "false", temporarily disable SSL termination without discarding existing credentials. | |
| env (added in 1.5)
| no | Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration. | ||
| https_redirect | no | If "true", the load balancer will redirect HTTP traffic to HTTPS. Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL termination is also applied or removed. | ||
| intermediate_certificate | no | One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string. | ||
| loadbalancer | yes | Name or ID of the load balancer on which to manage SSL termination. | ||
| private_key | no | The private SSL key as a string in PEM format. | ||
| region | no | DFW | Region to create an instance in. | |
| secure_port | no | 443 | The port to listen for secure traffic. | |
| secure_traffic_only | no | If "true", the load balancer will *only* accept secure traffic. | ||
| state | no | present |
| If set to "present", SSL termination will be added to this load balancer. If "absent", SSL termination will be removed instead. |
| username | no | Rackspace username, overrides credentials. | ||
| verify_ssl (added in 1.5)
| no | Whether or not to require SSL validation of API endpoints. | ||
| wait | no | Wait for the balancer to be in state "running" before turning. | ||
| wait_timeout | no | 300 | How long before "wait" gives up, in seconds. |
Examples
- name: Enable SSL termination on a load balancer
rax_clb_ssl:
loadbalancer: the_loadbalancer
state: present
private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
secure_traffic_only: true
wait: true
- name: Disable SSL termination
rax_clb_ssl:
loadbalancer: "{{ registered_lb.balancer.id }}"
state: absent
wait: true
Notes
Note
- The following environment variables can be used,
RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION. -
RAX_CREDENTIALSandRAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating -
RAX_USERNAMEandRAX_API_KEYobviate the use of a credentials file -
RAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/rax_clb_ssl_module.html