rax_clb_ssl - Manage SSL termination for a Rackspace Cloud Load Balancer.

New in version 2.0.

Synopsis

  • Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements (on host that executes module)

  • python >= 2.6
  • pyrax

Options

parameter required default choices comments
api_key
no
Rackspace API key, overrides credentials.
aliases: password
certificate
no
The public SSL certificates as a string in PEM format.
credentials
no
File to find the Rackspace credentials in. Ignored if api_key and username are provided.
aliases: creds_file
enabled
no True
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
env
(added in 1.5)
no
https_redirect
no
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
intermediate_certificate
no
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
loadbalancer
yes
Name or ID of the load balancer on which to manage SSL termination.
private_key
no
The private SSL key as a string in PEM format.
region
no DFW
Region to create an instance in.
secure_port
no 443
The port to listen for secure traffic.
secure_traffic_only
no
If "true", the load balancer will *only* accept secure traffic.
state
no present
  • present
  • absent
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
username
no
Rackspace username, overrides credentials.
verify_ssl
(added in 1.5)
no
Whether or not to require SSL validation of API endpoints.
wait
no
Wait for the balancer to be in state "running" before turning.
wait_timeout
no 300
How long before "wait" gives up, in seconds.

Examples

- name: Enable SSL termination on a load balancer
  rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Notes

Note

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.
  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file
  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, ...)

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/rax_clb_ssl_module.html