Try SpotterModule for setup of VirtualService Avi RESTful Object
Authors: Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1This module is used to configure VirtualService object
more examples at U(https://github.com/avinetworks/devops)
- name: Create SSL Virtual Service using Pool testpool2
avi_virtualservice:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
name: newtestvs
state: present
performance_limits:
max_concurrent_connections: 1000
services:
- port: 443
enable_ssl: true
- port: 80
ssl_profile_ref: '/api/sslprofile?name=System-Standard'
application_profile_ref: '/api/applicationprofile?name=System-Secure-HTTP'
ssl_key_and_certificate_refs:
- '/api/sslkeyandcertificate?name=System-Default-Cert'
ip_address:
addr: 10.90.131.103
type: V4
pool_ref: '/api/pool?name=testpool2'
url:
description:
- Avi controller URL of the object.
vip:
description:
- List of virtual service ips.
- While creating a 'shared vs',please use vsvip_ref to point to the shared entities.
- Field introduced in 17.1.1.
fqdn:
description:
- Dns resolvable, fully qualified domain name of the virtualservice.
- Only one of 'fqdn' and 'dns_info' configuration is allowed.
name:
description:
- Name for the virtual service.
required: true
type:
description:
- Specify if this is a normal virtual service, or if it is the parent or child of
an sni-enabled virtual hosted virtual service.
- Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD.
- Default value when not specified in API or module is interpreted by Avi Controller
as VS_TYPE_NORMAL.
uuid:
description:
- Uuid of the virtualservice.
state:
choices:
- absent
- present
default: present
description:
- The state that should be applied on the entity.
subnet:
description:
- Subnet providing reachability for client facing virtual service ip.
- Field deprecated in 17.1.1.
tenant:
default: admin
description:
- Name of tenant used for all Avi API calls and context of object.
type: str
weight:
description:
- The quality of service weight to assign to traffic transmitted from this virtual
service.
- A higher weight will prioritize traffic versus other virtual services sharing the
same service engines.
- Allowed values are 1-128.
- Default value when not specified in API or module is interpreted by Avi Controller
as 1.
enabled:
description:
- Enable or disable the virtual service.
- Default value when not specified in API or module is interpreted by Avi Controller
as True.
type: bool
snat_ip:
description:
- Nat'ted floating source ip address(es) for upstream connection to servers.
dns_info:
description:
- Service discovery specific data including fully qualified domain name, type and
time-to-live of the dns record.
- Note that only one of fqdn and dns_info setting is allowed.
password:
default: ''
description:
- Password of Avi user in Avi controller. The default value is the environment variable
C(AVI_PASSWORD).
type: str
pool_ref:
description:
- The pool is an object that contains destination servers and related attributes such
as load-balancing and persistence.
- It is a reference to an object of type pool.
services:
description:
- List of services defined for this virtual service.
username:
default: ''
description:
- Username used for accessing Avi controller. The default value is the environment
variable C(AVI_USERNAME).
type: str
cloud_ref:
description:
- It is a reference to an object of type cloud.
flow_dist:
description:
- Criteria for flow distribution among ses.
- Enum options - LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT.
- Default value when not specified in API or module is interpreted by Avi Controller
as LOAD_AWARE.
port_uuid:
description:
- (internal-use) network port assigned to the virtual service ip address.
- Field deprecated in 17.1.1.
vsvip_ref:
description:
- Mostly used during the creation of shared vs, this field refers to entities that
can be shared across virtual services.
- It is a reference to an object of type vsvip.
- Field introduced in 17.1.1.
cloud_type:
description:
- Enum options - cloud_none, cloud_vcenter, cloud_openstack, cloud_aws, cloud_vca,
cloud_apic, cloud_mesos, cloud_linuxserver, cloud_docker_ucp,
- cloud_rancher, cloud_oshift_k8s, cloud_azure, cloud_gcp.
- Default value when not specified in API or module is interpreted by Avi Controller
as CLOUD_NONE.
controller:
default: ''
description:
- IP address or hostname of the controller. The default value is the environment variable
C(AVI_CONTROLLER).
type: str
created_by:
description:
- Creator name.
enable_rhi:
description:
- Enable route health injection using the bgp config in the vrf context.
type: bool
ip_address:
description:
- Ip address of the virtual service.
- Field deprecated in 17.1.1.
sso_policy:
description:
- Client authentication and authorization policy for the virtualservice.
- Field deprecated in 18.2.3.
- Field introduced in 18.2.1.
tenant_ref:
description:
- It is a reference to an object of type tenant.
api_context:
description:
- Avi API context that includes current session ID and CSRF Token.
- This allows user to perform single login and re-use the session.
type: dict
api_version:
default: 16.4.4
description:
- Avi API version of to use for Avi API and objects.
type: str
client_auth:
description:
- Http authentication configuration for protected resources.
description:
description:
- User defined description for the object.
floating_ip:
description:
- Floating ip to associate with this virtual service.
- Field deprecated in 17.1.1.
l4_policies:
description:
- L4 policies applied to the data traffic of the virtual service.
- Field introduced in 17.2.7.
limit_doser:
description:
- Limit potential dos attackers who exceed max_cps_per_client significantly to a fraction
of max_cps_per_client for a while.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
network_ref:
description:
- Manually override the network on which the virtual service is placed.
- It is a reference to an object of type network.
- Field deprecated in 17.1.1.
subnet_uuid:
description:
- It represents subnet for the virtual service ip address allocation when auto_allocate_ip
is true.it is only applicable in openstack or aws cloud.
- This field is required if auto_allocate_ip is true.
- Field deprecated in 17.1.1.
tenant_uuid:
default: ''
description:
- UUID of tenant used for all Avi API calls and context of object.
type: str
dns_policies:
description:
- Dns policies applied on the dns traffic of the virtual service.
- Field introduced in 17.1.1.
min_pools_up:
description:
- Minimum number of up pools to mark vs up.
- Field introduced in 18.2.1, 17.2.12.
se_group_ref:
description:
- The service engine group to use for this virtual service.
- Moving to a new se group is disruptive to existing connections for this vs.
- It is a reference to an object of type serviceenginegroup.
sp_pool_refs:
description:
- Gslb pools used to manage site-persistence functionality.
- Each site-persistence pool contains the virtualservices in all the other sites,
that is auto-generated by the gslb manager.
- This is a read-only field for the user.
- It is a reference to an object of type pool.
- Field introduced in 17.2.2.
enable_autogw:
description:
- Response traffic to clients will be sent back to the source mac address of the connection,
rather than statically sent to a default gateway.
- Default value when not specified in API or module is interpreted by Avi Controller
as True.
type: bool
http_policies:
description:
- Http policies applied on the data traffic of the virtual service.
scaleout_ecmp:
description:
- Disable re-distribution of flows across service engines for a virtual service.
- Enable if the network itself performs flow hashing with ecmp in environments such
as gcp.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
delay_fairness:
description:
- Select the algorithm for qos fairness.
- This determines how multiple virtual services sharing the same service engines will
prioritize traffic over a congested network.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
pool_group_ref:
description:
- The pool group is an object that contains pools.
- It is a reference to an object of type poolgroup.
saml_sp_config:
description:
- Application-specific saml config.
- Field introduced in 18.2.3.
sso_policy_ref:
description:
- The sso policy attached to the virtualservice.
- It is a reference to an object of type ssopolicy.
- Field introduced in 18.2.3.
vh_domain_name:
description:
- The exact name requested from the client's sni-enabled tls hello domain name field.
- If this is a match, the parent vs will forward the connection to this child vs.
vs_datascripts:
description:
- Datascripts applied on the data traffic of the virtual service.
waf_policy_ref:
description:
- Waf policy for the virtual service.
- It is a reference to an object of type wafpolicy.
- Field introduced in 17.2.1.
avi_credentials:
description:
- Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller
login details.
suboptions:
api_version:
default: 16.4.4
description:
- Avi controller version
controller:
description:
- Avi controller IP or SQDN
csrftoken:
description:
- Avi controller API csrftoken to reuse existing session with session id
password:
description:
- Avi controller password
port:
description:
- Avi controller port
session_id:
description:
- Avi controller API session id to reuse existing session with csrftoken
tenant:
default: admin
description:
- Avi controller tenant
tenant_uuid:
description:
- Avi controller tenant UUID
timeout:
default: 300
description:
- Avi controller request timeout
token:
description:
- Avi controller API token
username:
description:
- Avi controller username
type: dict
content_rewrite:
description:
- Profile used to match and rewrite strings in request and/or response body.
enable_rhi_snat:
description:
- Enable route health injection for source nat'ted floating ip address using the bgp
config in the vrf context.
type: bool
flow_label_type:
description:
- Criteria for flow labelling.
- Enum options - NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL.
- Default value when not specified in API or module is interpreted by Avi Controller
as NO_LABEL.
host_name_xlate:
description:
- Translate the host name sent to the servers to this value.
- Translate the host name sent from servers back to the value used by the client.
ssl_profile_ref:
description:
- Determines the set of ssl versions and ciphers to accept for ssl/tls terminated
connections.
- It is a reference to an object of type sslprofile.
traffic_enabled:
description:
- Knob to enable the virtual service traffic on its assigned service engines.
- This setting is effective only when the enabled flag is set to true.
- Field introduced in 17.2.8.
- Default value when not specified in API or module is interpreted by Avi Controller
as True.
type: bool
use_vip_as_snat:
description:
- Use the virtual ip as the snat ip for health monitoring and sending traffic to the
backend servers instead of the service engine interface ip.
- The caveat of enabling this option is that the virtualservice cannot be configued
in an active-active ha mode.
- Dns based multi vip solution has to be used for ha & non-disruptive upgrade purposes.
- Field introduced in 17.1.9,17.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
vrf_context_ref:
description:
- Virtual routing context that the virtual service is bound to.
- This is used to provide the isolation of the set of networks the application is
attached to.
- It is a reference to an object of type vrfcontext.
analytics_policy:
description:
- Determines analytics settings for the application.
auto_allocate_ip:
description:
- Auto-allocate vip from the provided subnet.
- Field deprecated in 17.1.1.
type: bool
avi_api_patch_op:
choices:
- add
- replace
- delete
description:
- Patch operation to use when using avi_api_update_method as patch.
microservice_ref:
description:
- Microservice representing the virtual service.
- It is a reference to an object of type microservice.
service_metadata:
description:
- Metadata pertaining to the service provided by this virtual service.
- In openshift/kubernetes environments, egress pod info is stored.
- Any user input to this field will be overwritten by avi vantage.
sideband_profile:
description:
- Sideband configuration to be used for this virtualservice.it can be used for sending
traffic to sideband vips for external inspection etc.
availability_zone:
description:
- Availability-zone to place the virtual service.
- Field deprecated in 17.1.1.
avi_allocated_fip:
description:
- (internal-use) fip allocated by avi in the cloud infrastructure.
- Field deprecated in 17.1.1.
type: bool
avi_allocated_vip:
description:
- (internal-use) vip allocated by avi in the cloud infrastructure.
- Field deprecated in 17.1.1.
type: bool
bulk_sync_kvcache:
description:
- (this is a beta feature).
- Sync key-value cache to the new ses when vs is scaled out.
- For ex ssl sessions are stored using vs's key-value cache.
- When the vs is scaled out, the ssl session information is synced to the new se,
allowing existing ssl sessions to be reused on the new se.
- Field introduced in 17.2.7, 18.1.1.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
discovered_subnet:
description:
- (internal-use) discovered subnets providing reachability for client facing virtual
service ip.
- This field is deprecated.
- Field deprecated in 17.1.1.
nsx_securitygroup:
description:
- A list of nsx service groups representing the clients which can access the virtual
ip of the virtual service.
- Field introduced in 17.1.1.
topology_policies:
description:
- Topology policies applied on the dns traffic of the virtual service based ongslb
topology algorithm.
- Field introduced in 18.2.3.
vh_parent_vs_uuid:
description:
- Specifies the virtual service acting as virtual hosting (sni) parent.
cloud_config_cksum:
description:
- Checksum of cloud configuration for vs.
- Internally set by cloud connector.
ign_pool_net_reach:
description:
- Ignore pool servers network reachability constraints for virtual service placement.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
max_cps_per_client:
description:
- Maximum connections per second per client ip.
- Allowed values are 10-1000.
- Special values are 0- 'unlimited'.
- Default value when not specified in API or module is interpreted by Avi Controller
as 0.
performance_limits:
description:
- Optional settings that determine performance limits like max connections or bandwidth
etc.
static_dns_records:
description:
- List of static dns records applied to this virtual service.
- These are static entries and no health monitoring is performed against the ip addresses.
apic_contract_graph:
description:
- The name of the contract/graph associated with the virtual service.
- Should be in the <contract name> <graph name> format.
- This is applicable only for service integration mode with cisco apic controller.
- Field introduced in 17.2.12,18.1.2.
discovered_networks:
description:
- (internal-use) discovered networks providing reachability for client facing virtual
service ip.
- This field is used internally by avi, not editable by the user.
- Field deprecated in 17.1.1.
east_west_placement:
description:
- Force placement on all se's in service group (mesos mode only).
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
ipam_network_subnet:
description:
- Subnet and/or network for allocating virtualservice ip by ipam provider module.
- Field deprecated in 17.1.1.
network_profile_ref:
description:
- Determines network settings such as protocol, tcp or udp, and related options for
the protocol.
- It is a reference to an object of type networkprofile.
requests_rate_limit:
description:
- Rate limit the incoming requests to this virtual service.
security_policy_ref:
description:
- Security policy applied on the traffic of the virtual service.
- This policy is used to perform security actions such as distributed denial of service
(ddos) attack mitigation, etc.
- It is a reference to an object of type securitypolicy.
- Field introduced in 18.2.1.
service_pool_select:
description:
- Select pool based on destination port.
floating_subnet_uuid:
description:
- If auto_allocate_floating_ip is true and more than one floating-ip subnets exist,
then the subnet for the floating ip address allocation.
- This field is applicable only if the virtualservice belongs to an openstack or aws
cloud.
- In openstack or aws cloud it is required when auto_allocate_floating_ip is selected.
- Field deprecated in 17.1.1.
use_bridge_ip_as_vip:
description:
- Use bridge ip as vip on each host in mesos deployments.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
active_standby_se_tag:
description:
- This configuration only applies if the virtualservice is in legacy active standby
ha mode and load distribution among active standby is enabled.
- This field is used to tag the virtualservice so that virtualservices with the same
tag will share the same active serviceengine.
- Virtualservices with different tags will have different active serviceengines.
- If one of the serviceengine's in the serviceenginegroup fails, all virtualservices
will end up using the same active serviceengine.
- Redistribution of the virtualservices can be either manual or automated when the
failed serviceengine recovers.
- Redistribution is based on the auto redistribute property of the serviceenginegroup.
- Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2.
- Default value when not specified in API or module is interpreted by Avi Controller
as ACTIVE_STANDBY_SE_1.
analytics_profile_ref:
description:
- Specifies settings related to analytics.
- It is a reference to an object of type analyticsprofile.
avi_api_update_method:
choices:
- put
- patch
default: put
description:
- Default method for object update is HTTP PUT.
- Setting to patch will override that behavior to use HTTP PATCH.
ssl_profile_selectors:
description:
- Select ssl profile based on client ip address match.
- Field introduced in 18.2.3.
azure_availability_set:
description:
- (internal-use)applicable for azure only.
- Azure availability set to which this vs is associated.
- Internally set by the cloud connector.
- Field introduced in 17.2.12, 18.1.2.
connections_rate_limit:
description:
- Rate limit the incoming connections to this virtual service.
discovered_network_ref:
description:
- (internal-use) discovered networks providing reachability for client facing virtual
service ip.
- This field is deprecated.
- It is a reference to an object of type network.
- Field deprecated in 17.1.1.
error_page_profile_ref:
description:
- Error page profile to be used for this virtualservice.this profile is used to send
the custom error page to the client generated by the proxy.
- It is a reference to an object of type errorpageprofile.
- Field introduced in 17.2.4.
application_profile_ref:
description:
- Enable application layer specific features for the virtual service.
- It is a reference to an object of type applicationprofile.
ssl_sess_cache_avg_size:
description:
- Expected number of ssl session cache entries (may be exceeded).
- Allowed values are 1024-16383.
- Default value when not specified in API or module is interpreted by Avi Controller
as 1024.
vsvip_cloud_config_cksum:
description:
- Checksum of cloud configuration for vsvip.
- Internally set by cloud connector.
- Field introduced in 17.2.9, 18.1.2.
allow_invalid_client_cert:
description:
- Process request even if invalid client certificate is presented.
- Datascript apis need to be used for processing of such requests.
- Field introduced in 18.2.3.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
auto_allocate_floating_ip:
description:
- Auto-allocate floating/elastic ip from the cloud infrastructure.
- Field deprecated in 17.1.1.
type: bool
traffic_clone_profile_ref:
description:
- Server network or list of servers for cloning traffic.
- It is a reference to an object of type trafficcloneprofile.
- Field introduced in 17.1.1.
server_network_profile_ref:
description:
- Determines the network settings profile for the server side of tcp proxied connections.
- Leave blank to use the same settings as the client to vs side of the connection.
- It is a reference to an object of type networkprofile.
network_security_policy_ref:
description:
- Network security policies for the virtual service.
- It is a reference to an object of type networksecuritypolicy.
ssl_key_and_certificate_refs:
description:
- Select or create one or two certificates, ec and/or rsa, that will be presented
to ssl/tls terminated connections.
- It is a reference to an object of type sslkeyandcertificate.
remove_listening_port_on_vs_down:
description:
- Remove listening port if virtualservice is down.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
avi_disable_session_cache_as_fact:
description:
- It disables avi session information to be cached as a fact.
type: bool
close_client_conn_on_config_update:
description:
- Close client connection on vs config update.
- Field introduced in 17.2.4.
- Default value when not specified in API or module is interpreted by Avi Controller
as False.
type: bool
obj: description: VirtualService (api/virtualservice) object returned: success, changed type: dict