Try SpotterManages site-to-site VPN customer gateway configurations on Apache CloudStack based clouds.
Authors: René Moser (@resmo)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Create, update and remove VPN customer gateways.
- name: Create a vpn customer gateway
cs_vpn_customer_gateway:
name: my vpn customer gateway
cidrs:
- 192.168.123.0/24
- 192.168.124.0/24
esp_policy: aes256-sha1;modp1536
gateway: 10.10.1.1
ike_policy: aes256-sha1;modp1536
ipsec_psk: "S3cr3Tk3Y"
delegate_to: localhost
- name: Remove a vpn customer gateway
cs_vpn_customer_gateway:
name: my vpn customer gateway
state: absent
delegate_to: localhost
dpd:
description:
- Enable Dead Peer Detection.
- Disabled per default by the API on creation if not set.
type: bool
name:
description:
- Name of the gateway.
required: true
type: str
cidrs:
aliases:
- cidr
description:
- List of guest CIDRs behind the gateway.
- Required if I(state=present).
type: list
state:
choices:
- present
- absent
default: present
description:
- State of the VPN customer gateway.
type: str
domain:
description:
- Domain the VPN customer gateway is related to.
type: str
account:
description:
- Account the VPN customer gateway is related to.
type: str
api_key:
description:
- API key of the CloudStack API.
- If not given, the C(CLOUDSTACK_KEY) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
type: str
api_url:
description:
- URL of the CloudStack API e.g. https://cloud.example.com/client/api.
- If not given, the C(CLOUDSTACK_ENDPOINT) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
type: str
gateway:
description:
- Public IP address of the gateway.
- Required if I(state=present).
type: str
project:
description:
- Name of the project the VPN gateway is related to.
type: str
ipsec_psk:
description:
- IPsec Preshared-Key.
- Cannot contain newline or double quotes.
- Required if I(state=present).
type: str
api_region:
default: cloudstack
description:
- Name of the ini section in the C(cloustack.ini) file.
- If not given, the C(CLOUDSTACK_REGION) env variable is considered.
type: str
api_secret:
description:
- Secret key of the CloudStack API.
- If not set, the C(CLOUDSTACK_SECRET) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
type: str
esp_policy:
description:
- ESP policy in the format e.g. C(aes256-sha1;modp1536).
- Required if I(state=present).
type: str
ike_policy:
description:
- IKE policy in the format e.g. C(aes256-sha1;modp1536).
- Required if I(state=present).
type: str
poll_async:
default: true
description:
- Poll async jobs until job has finished.
type: bool
api_timeout:
description:
- HTTP timeout in seconds.
- If not given, the C(CLOUDSTACK_TIMEOUT) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
- Fallback value is 10 seconds if not specified.
type: int
force_encap:
description:
- Force encapsulation for NAT traversal.
- Disabled per default by the API on creation if not set.
type: bool
esp_lifetime:
description:
- Lifetime in seconds of phase 2 VPN connection.
- Defaulted to 3600 by the API on creation if not set.
type: int
ike_lifetime:
description:
- Lifetime in seconds of phase 1 VPN connection.
- Defaulted to 86400 by the API on creation if not set.
type: int
api_http_method:
choices:
- get
- post
description:
- HTTP method used to query the API endpoint.
- If not given, the C(CLOUDSTACK_METHOD) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
- Fallback value is C(get) if not specified.
type: str
account: description: Account the VPN customer gateway is related to. returned: success sample: example account type: str cidrs: description: List of CIDRs of this customer gateway. returned: success sample: - 10.10.10.0/24 type: list domain: description: Domain the VPN customer gateway is related to. returned: success sample: example domain type: str dpd: description: Whether dead pear detection is enabled or not. returned: success sample: true type: bool esp_lifetime: description: Lifetime in seconds of phase 2 VPN connection. returned: success sample: 86400 type: int esp_policy: description: IKE policy of the VPN customer gateway. returned: success sample: aes256-sha1;modp1536 type: str force_encap: description: Whether encapsulation for NAT traversal is enforced or not. returned: success sample: true type: bool gateway: description: IP address of the VPN customer gateway. returned: success sample: 10.100.212.10 type: str id: description: UUID of the VPN customer gateway. returned: success sample: 04589590-ac63-4ffc-93f5-b698b8ac38b6 type: str ike_lifetime: description: Lifetime in seconds of phase 1 VPN connection. returned: success sample: 86400 type: int ike_policy: description: ESP policy of the VPN customer gateway. returned: success sample: aes256-sha1;modp1536 type: str name: description: Name of this customer gateway. returned: success sample: my vpn customer gateway type: str project: description: Name of project the VPN customer gateway is related to. returned: success sample: Production type: str