Try SpotterModule for setup of SSLProfile Avi RESTful Object
Authors: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1This module is used to configure SSLProfile object
more examples at U(https://github.com/avinetworks/devops)
- name: Create SSL profile with list of allowed ciphers
avi_sslprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
accepted_ciphers: >
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
accepted_versions:
- type: SSL_VERSION_TLS1
- type: SSL_VERSION_TLS1_1
- type: SSL_VERSION_TLS1_2
cipher_enums:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
name: PFS-BOTH-RSA-EC
send_close_notify: true
ssl_rating:
compatibility_rating: SSL_SCORE_EXCELLENT
performance_rating: SSL_SCORE_EXCELLENT
security_score: '100.0'
tenant_ref: Demo
url:
description:
- Avi controller URL of the object.
name:
description:
- Name of the object.
required: true
tags:
description:
- List of tag.
type:
description:
- Ssl profile type.
- Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM.
- Field introduced in 17.2.8.
- Default value when not specified in API or module is interpreted by Avi Controller
as SSL_PROFILE_TYPE_APPLICATION.
uuid:
description:
- Unique object identifier of the object.
state:
choices:
- absent
- present
default: present
description:
- The state that should be applied on the entity.
tenant:
default: admin
description:
- Name of tenant used for all Avi API calls and context of object.
type: str
dhparam:
description:
- Dh parameters used in ssl.
- At this time, it is not configurable and is set to 2048 bits.
password:
default: ''
description:
- Password of Avi user in Avi controller. The default value is the environment variable
C(AVI_PASSWORD).
type: str
username:
default: ''
description:
- Username used for accessing Avi controller. The default value is the environment
variable C(AVI_USERNAME).
type: str
controller:
default: ''
description:
- IP address or hostname of the controller. The default value is the environment variable
C(AVI_CONTROLLER).
type: str
ssl_rating:
description:
- Sslrating settings for sslprofile.
tenant_ref:
description:
- It is a reference to an object of type tenant.
api_context:
description:
- Avi API context that includes current session ID and CSRF Token.
- This allows user to perform single login and re-use the session.
type: dict
api_version:
default: 16.4.4
description:
- Avi API version of to use for Avi API and objects.
type: str
description:
description:
- User defined description for the object.
tenant_uuid:
default: ''
description:
- UUID of tenant used for all Avi API calls and context of object.
type: str
cipher_enums:
description:
- Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384,
tls_ecdhe_rsa_with_aes_128_gcm_sha256,
- tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256,
tls_ecdhe_ecdsa_with_aes_256_cbc_sha384,
- tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256,
tls_rsa_with_aes_256_gcm_sha384,
- tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha,
tls_ecdhe_ecdsa_with_aes_256_cbc_sha,
- tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha,
tls_rsa_with_aes_256_cbc_sha,
- tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
avi_credentials:
description:
- Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller
login details.
suboptions:
api_version:
default: 16.4.4
description:
- Avi controller version
controller:
description:
- Avi controller IP or SQDN
csrftoken:
description:
- Avi controller API csrftoken to reuse existing session with session id
password:
description:
- Avi controller password
port:
description:
- Avi controller port
session_id:
description:
- Avi controller API session id to reuse existing session with csrftoken
tenant:
default: admin
description:
- Avi controller tenant
tenant_uuid:
description:
- Avi controller tenant UUID
timeout:
default: 300
description:
- Avi controller request timeout
token:
description:
- Avi controller API token
username:
description:
- Avi controller username
type: dict
accepted_ciphers:
description:
- Ciphers suites represented as defined by U(http://www.openssl.org/docs/apps/ciphers.html).
- Default value when not specified in API or module is interpreted by Avi Controller
as AES:3DES:RC4.
avi_api_patch_op:
choices:
- add
- replace
- delete
description:
- Patch operation to use when using avi_api_update_method as patch.
accepted_versions:
description:
- Set of versions accepted by the server.
send_close_notify:
description:
- Send 'close notify' alert message for a clean shutdown of the ssl connection.
- Default value when not specified in API or module is interpreted by Avi Controller
as True.
type: bool
ssl_session_timeout:
description:
- The amount of time in seconds before an ssl session expires.
- Default value when not specified in API or module is interpreted by Avi Controller
as 86400.
avi_api_update_method:
choices:
- put
- patch
default: put
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
enable_ssl_session_reuse:
description:
- Enable ssl session re-use.
- Default value when not specified in API or module is interpreted by Avi Controller
as True.
type: bool
prefer_client_cipher_ordering:
description:
- Prefer the ssl cipher ordering presented by the client during the ssl handshake
over the one specified in the ssl profile.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
avi_disable_session_cache_as_fact:
description:
- It disables avi session information to be cached as a fact.
type: bool
obj: description: SSLProfile (api/sslprofile) object returned: success, changed type: dict