rax_clb_ssl - Manage SSL termination for a Rackspace Cloud Load Balancer.
New in version 2.0.
Synopsis
- Set up, reconfigure, or remove SSL termination for an existing load balancer.
Requirements
The below requirements are needed on the host that executes this module.
- pyrax
- python >= 2.6
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
api_key | Rackspace API key, overrides credentials. aliases: password | |
auth_endpoint (added in 1.5) | Default: "https://identity.api.rackspacecloud.com/v2.0/" | The URI of the authentication service. |
certificate | The public SSL certificates as a string in PEM format. | |
credentials | File to find the Rackspace credentials in. Ignored if api_key and username are provided. aliases: creds_file | |
enabled | Default: "yes" | If set to "false", temporarily disable SSL termination without discarding existing credentials. |
env (added in 1.5) | Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration. | |
https_redirect | If "true", the load balancer will redirect HTTP traffic to HTTPS. Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL termination is also applied or removed. | |
identity_type (added in 1.5) | Default: "rackspace" | Authentication mechanism to use, such as rackspace or keystone. |
intermediate_certificate | One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string. | |
loadbalancer required | Name or ID of the load balancer on which to manage SSL termination. | |
private_key | The private SSL key as a string in PEM format. | |
region | Default: "DFW" | Region to create an instance in. |
secure_port | Default: 443 | The port to listen for secure traffic. |
secure_traffic_only | Default: "no" | If "true", the load balancer will *only* accept secure traffic. |
state |
| If set to "present", SSL termination will be added to this load balancer. If "absent", SSL termination will be removed instead. |
tenant_id (added in 1.5) | The tenant ID used for authentication. | |
tenant_name (added in 1.5) | The tenant name used for authentication. | |
username | Rackspace username, overrides credentials. | |
verify_ssl (added in 1.5) | Whether or not to require SSL validation of API endpoints. | |
wait | Default: "no" | Wait for the balancer to be in state "running" before turning. |
wait_timeout | Default: 300 | How long before "wait" gives up, in seconds. |
Notes
Note
- The following environment variables can be used,
RAX_USERNAME
,RAX_API_KEY
,RAX_CREDS_FILE
,RAX_CREDENTIALS
,RAX_REGION
. -
RAX_CREDENTIALS
andRAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating -
RAX_USERNAME
andRAX_API_KEY
obviate the use of a credentials file -
RAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, …) - The following environment variables can be used,
RAX_USERNAME
,RAX_API_KEY
,RAX_CREDS_FILE
,RAX_CREDENTIALS
,RAX_REGION
. -
RAX_CREDENTIALS
andRAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating -
RAX_USERNAME
andRAX_API_KEY
obviate the use of a credentials file -
RAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, …)
Examples
- name: Enable SSL termination on a load balancer rax_clb_ssl: loadbalancer: the_loadbalancer state: present private_key: "{{ lookup('file', 'credentials/server.key' ) }}" certificate: "{{ lookup('file', 'credentials/server.crt' ) }}" intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}" secure_traffic_only: true wait: true - name: Disable SSL termination rax_clb_ssl: loadbalancer: "{{ registered_lb.balancer.id }}" state: absent wait: true
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Ash Wilson
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/rax_clb_ssl_module.html