Try SpotterManage Application Gateway instance
| "added in version" 2.7 of ansible.builtin"
Authors: Zim Kalinowski (@zikalino)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Create, update and delete instance of Application Gateway.
- name: Create instance of Application Gateway
azure_rm_appgateway:
resource_group: myResourceGroup
name: myAppGateway
sku:
name: standard_small
tier: standard
capacity: 2
gateway_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: app_gateway_ip_config
frontend_ip_configurations:
- subnet:
id: "{{ subnet_id }}"
name: sample_gateway_frontend_ip_config
frontend_ports:
- port: 90
name: ag_frontend_port
backend_address_pools:
- backend_addresses:
- ip_address: 10.0.0.4
name: test_backend_address_pool
backend_http_settings_collection:
- port: 80
protocol: http
cookie_based_affinity: enabled
name: sample_appgateway_http_settings
http_listeners:
- frontend_ip_configuration: sample_gateway_frontend_ip_config
frontend_port: ag_frontend_port
name: sample_http_listener
request_routing_rules:
- rule_type: Basic
backend_address_pool: test_backend_address_pool
backend_http_settings: sample_appgateway_http_settings
http_listener: sample_http_listener
name: rule1
sku:
description:
- SKU of the application gateway resource.
suboptions:
capacity:
description:
- Capacity (instance count) of an application gateway.
name:
choices:
- standard_small
- standard_medium
- standard_large
- waf_medium
- waf_large
description:
- Name of an application gateway SKU.
tier:
choices:
- standard
- waf
description:
- Tier of an application gateway.
name:
description:
- The name of the application gateway.
required: true
tags:
description:
- Dictionary of string:string pairs to assign as metadata to the object.
- Metadata tags on the object will be updated with any provided values.
- To remove tags set append_tags option to false.
type: dict
state:
choices:
- absent
- present
default: present
description:
- Assert the state of the Public IP. Use C(present) to create or update a and C(absent)
to delete.
probes:
description:
- Probes available to the application gateway resource.
suboptions:
host:
description:
- Host name to send the I(probe) to.
interval:
description:
- The probing interval in seconds.
- This is the time interval between two consecutive probes.
- Acceptable values are from 1 second to 86400 seconds.
name:
description:
- Name of the I(probe) that is unique within an Application Gateway.
path:
description:
- Relative path of I(probe).
- Valid path starts from '/'.
- Probe is sent to <Protocol>://<host>:<port><path>.
protocol:
choices:
- http
- https
description:
- The protocol used for the I(probe).
timeout:
description:
- The probe timeout in seconds.
- Probe marked as failed if valid response is not received with this timeout period.
- Acceptable values are from 1 second to 86400 seconds.
unhealthy_threshold:
description:
- The I(probe) retry count.
- Backend server is marked down after consecutive probe failure count reaches
UnhealthyThreshold.
- Acceptable values are from 1 second to 20.
version_added: '2.8'
version_added_collection: ansible.builtin
secret:
description:
- Azure client secret. Use when authenticating with a Service Principal.
type: str
tenant:
description:
- Azure tenant ID. Use when authenticating with a Service Principal.
type: str
ad_user:
description:
- Active Directory username. Use when authenticating with an Active Directory user
rather than service principal.
type: str
profile:
description:
- Security profile found in ~/.azure/credentials file.
type: str
location:
description:
- Resource location. If not set, location from the resource group will be used as
default.
password:
description:
- Active Directory user password. Use when authenticating with an Active Directory
user rather than service principal.
type: str
client_id:
description:
- Azure client ID. Use when authenticating with a Service Principal.
type: str
ssl_policy:
description:
- SSL policy of the application gateway resource.
suboptions:
cipher_suites:
choices:
- tls_ecdhe_rsa_with_aes_256_gcm_sha384
- tls_ecdhe_rsa_with_aes_128_gcm_sha256
- tls_ecdhe_rsa_with_aes_256_cbc_sha384
- tls_ecdhe_rsa_with_aes_128_cbc_sha256
- tls_ecdhe_rsa_with_aes_256_cbc_sha
- tls_ecdhe_rsa_with_aes_128_cbc_sha
- tls_dhe_rsa_with_aes_256_gcm_sha384
- tls_dhe_rsa_with_aes_128_gcm_sha256
- tls_dhe_rsa_with_aes_256_cbc_sha
- tls_dhe_rsa_with_aes_128_cbc_sha
- tls_rsa_with_aes_256_gcm_sha384
- tls_rsa_with_aes_128_gcm_sha256
- tls_rsa_with_aes_256_cbc_sha256
- tls_rsa_with_aes_128_cbc_sha256
- tls_rsa_with_aes_256_cbc_sha
- tls_rsa_with_aes_128_cbc_sha
- tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
- tls_ecdhe_ecdsa_with_aes_128_gcm_sha256
- tls_ecdhe_ecdsa_with_aes_256_cbc_sha384
- tls_ecdhe_ecdsa_with_aes_128_cbc_sha256
- tls_ecdhe_ecdsa_with_aes_256_cbc_sha
- tls_ecdhe_ecdsa_with_aes_128_cbc_sha
- tls_dhe_dss_with_aes_256_cbc_sha256
- tls_dhe_dss_with_aes_128_cbc_sha256
- tls_dhe_dss_with_aes_256_cbc_sha
- tls_dhe_dss_with_aes_128_cbc_sha
- tls_rsa_with_3des_ede_cbc_sha
- tls_dhe_dss_with_3des_ede_cbc_sha
description:
- List of SSL cipher suites to be enabled in the specified order to application
gateway.
disabled_ssl_protocols:
choices:
- tls_v1_0
- tls_v1_1
- tls_v1_2
description:
- List of SSL protocols to be disabled on application gateway.
min_protocol_version:
choices:
- tls_v1_0
- tls_v1_1
- tls_v1_2
description:
- Minimum version of Ssl protocol to be supported on application gateway.
policy_name:
choices:
- ssl_policy20150501
- ssl_policy20170401
- ssl_policy20170401_s
description:
- Name of Ssl C(predefined) policy.
policy_type:
choices:
- predefined
- custom
description:
- Type of SSL Policy.
api_profile:
default: latest
description:
- Selects an API profile to use when communicating with Azure services. Default value
of C(latest) is appropriate for public clouds; future values will allow use with
Azure Stack.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
append_tags:
default: true
description:
- Use to control if tags field is canonical or just appends to existing tags.
- When canonical, any tags not found in the tags parameter will be removed from the
object's metadata.
type: bool
auth_source:
choices:
- auto
- cli
- credential_file
- env
- msi
default: auto
description:
- Controls the source of the credentials to use for authentication.
- Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable.
- When set to C(auto) (the default) the precedence is module parameters -> C(env)
-> C(credential_file) -> C(cli).
- When set to C(env), the credentials will be read from the environment variables
- When set to C(credential_file), it will read the profile from C(~/.azure/credentials).
- When set to C(cli), the credentials will be sources from the Azure CLI profile.
C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used
to identify the subscription ID if more than one is present otherwise the default
az cli subscription is used.
- When set to C(msi), the host machine must be an azure resource with an enabled MSI
extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID)
can be used to identify the subscription ID if the resource is granted access to
more than one subscription, otherwise the first subscription is chosen.
- The C(msi) was added in Ansible 2.6.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
frontend_ports:
description:
- List of frontend ports of the application gateway resource.
suboptions:
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
port:
description:
- Frontend port.
http_listeners:
description:
- List of HTTP listeners of the application gateway resource.
suboptions:
frontend_ip_configuration:
description:
- Frontend IP configuration resource of an application gateway.
frontend_port:
description:
- Frontend port resource of an application gateway.
host_name:
description:
- Host name of C(http) listener.
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
protocol:
choices:
- http
- https
description:
- Protocol of the c(http) listener.
require_server_name_indication:
description:
- Applicable only if I(protocol) is C(https). Enables SNI for multi-hosting.
ssl_certificate:
description:
- SSL certificate resource of an application gateway.
resource_group:
description:
- The name of the resource group.
required: true
subscription_id:
description:
- Your Azure subscription Id.
type: str
ssl_certificates:
description:
- SSL certificates of the application gateway resource.
suboptions:
data:
description:
- Base-64 encoded pfx certificate.
- Only applicable in PUT Request.
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
password:
description:
- Password for the pfx file specified in I(data).
- Only applicable in PUT request.
cloud_environment:
default: AzureCloud
description:
- For cloud environments other than the US public cloud, the environment name (as
defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a
metadata discovery endpoint URL (required for Azure Stack). Can also be set via
credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
adfs_authority_url:
description:
- Azure AD authority url. Use when authenticating with Username/password, and has
your own ADFS authority.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
cert_validation_mode:
choices:
- ignore
- validate
description:
- Controls the certificate validation behavior for Azure endpoints. By default, all
modules will validate the server certificate, but when an HTTPS proxy is in use,
or against Azure Stack, it may be necessary to disable this behavior by passing
C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION)
environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
backend_address_pools:
description:
- List of backend address pool of the application gateway resource.
suboptions:
backend_addresses:
description:
- List of backend addresses.
suboptions:
fqdn:
description:
- Fully qualified domain name (FQDN).
ip_address:
description:
- IP address.
name:
description:
- Resource that is unique within a resource group. This name can be used to access
the resource.
request_routing_rules:
description:
- List of request routing rules of the application gateway resource.
suboptions:
backend_address_pool:
description:
- Backend address pool resource of the application gateway.
backend_http_settings:
description:
- Backend C(http) settings resource of the application gateway.
http_listener:
description:
- Http listener resource of the application gateway.
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
redirect_configuration:
description:
- Redirect configuration resource of the application gateway.
rule_type:
choices:
- basic
- path_based_routing
description:
- Rule type.
redirect_configurations:
description:
- Redirect configurations of the application gateway resource.
suboptions:
include_path:
description:
- Include path in the redirected url.
include_query_string:
description:
- Include query string in the redirected url.
name:
description:
- Name of the resource that is unique within a resource group.
redirect_type:
choices:
- permanent
- found
- see_other
- temporary
description:
- Redirection type.
target_listener:
description:
- Reference to a listener to redirect the request to.
version_added: '2.8'
version_added_collection: ansible.builtin
gateway_ip_configurations:
description:
- List of subnets used by the application gateway.
suboptions:
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
subnet:
description:
- Reference of the subnet resource. A subnet from where application gateway gets
its private address.
frontend_ip_configurations:
description:
- Frontend IP addresses of the application gateway resource.
suboptions:
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
private_ip_address:
description:
- PrivateIPAddress of the network interface IP Configuration.
private_ip_allocation_method:
choices:
- static
- dynamic
description:
- PrivateIP allocation method.
public_ip_address:
description:
- Reference of the PublicIP resource.
subnet:
description:
- Reference of the subnet resource.
authentication_certificates:
description:
- Authentication certificates of the application gateway resource.
suboptions:
data:
description:
- Certificate public data - base64 encoded pfx.
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
backend_http_settings_collection:
description:
- Backend http settings of the application gateway resource.
suboptions:
affinity_cookie_name:
description:
- Cookie name to use for the affinity cookie.
authentication_certificates:
description:
- List of references to application gateway authentication certificates.
- Applicable only when C(cookie_based_affinity) is enabled, otherwise quietly
ignored.
suboptions:
id:
description:
- Resource ID.
cookie_based_affinity:
choices:
- enabled
- disabled
description:
- Cookie based affinity.
host_name:
description:
- Host header to be sent to the backend servers.
name:
description:
- Name of the resource that is unique within a resource group. This name can be
used to access the resource.
path:
description:
- Path which should be used as a prefix for all C(http) requests.
- Null means no path will be prefixed. Default value is null.
pick_host_name_from_backend_address:
description:
- Whether to pick host header should be picked from the host name of the backend
server. Default value is false.
port:
description:
- The destination port on the backend.
probe:
description:
- Probe resource of an application gateway.
protocol:
choices:
- http
- https
description:
- The protocol used to communicate with the backend.
request_timeout:
description:
- Request timeout in seconds.
- Application Gateway will fail the request if response is not received within
RequestTimeout.
- Acceptable values are from 1 second to 86400 seconds.
id: description: - Resource ID. returned: always sample: id type: str