community / community.general / 6.6.8 / module / rax_clb_ssl Manage SSL termination for a Rackspace Cloud Load Balancer Authors: Ash Wilson (@smashwilson)community.general.rax_clb_ssl (6.6.8) — module
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
Set up, reconfigure, or remove SSL termination for an existing load balancer.
This module relies on the C(pyrax) package which is deprecated in favour of using Openstack API.
Unless maintainers step up to work on the module, it will be marked as deprecated in community.general 7.0.0 and removed in version 9.0.0.
- name: Enable SSL termination on a load balancer community.general.rax_clb_ssl: loadbalancer: the_loadbalancer state: present private_key: "{{ lookup('file', 'credentials/server.key' ) }}" certificate: "{{ lookup('file', 'credentials/server.crt' ) }}" intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}" secure_traffic_only: true wait: true
- name: Disable SSL termination community.general.rax_clb_ssl: loadbalancer: "{{ registered_lb.balancer.id }}" state: absent wait: true
env: description: - Environment as configured in I(~/.pyrax.cfg), see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration). type: str wait: default: false description: - Wait for the balancer to be in state "running" before turning. type: bool state: choices: - present - absent default: present description: - If set to "present", SSL termination will be added to this load balancer. - If "absent", SSL termination will be removed instead. type: str region: description: - Region to create an instance in. type: str api_key: aliases: - password description: - Rackspace API key, overrides I(credentials). type: str enabled: default: true description: - If set to "false", temporarily disable SSL termination without discarding - existing credentials. type: bool username: description: - Rackspace username, overrides I(credentials). type: str tenant_id: description: - The tenant ID used for authentication. type: str certificate: description: - The public SSL certificates as a string in PEM format. type: str credentials: aliases: - creds_file description: - File to find the Rackspace credentials in. Ignored if I(api_key) and I(username) are provided. type: path private_key: description: - The private SSL key as a string in PEM format. type: str secure_port: default: 443 description: - The port to listen for secure traffic. type: int tenant_name: description: - The tenant name used for authentication. type: str loadbalancer: description: - Name or ID of the load balancer on which to manage SSL termination. required: true type: str wait_timeout: default: 300 description: - How long before "wait" gives up, in seconds. type: int auth_endpoint: description: - The URI of the authentication service. - If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/) type: str identity_type: default: rackspace description: - Authentication mechanism to use, such as rackspace or keystone. type: str https_redirect: description: - If "true", the load balancer will redirect HTTP traffic to HTTPS. - Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL - termination is also applied or removed. type: bool validate_certs: aliases: - verify_ssl description: - Whether or not to require SSL validation of API endpoints. type: bool secure_traffic_only: default: false description: - If "true", the load balancer will *only* accept secure traffic. type: bool intermediate_certificate: description: - One or more intermediate certificate authorities as a string in PEM - format, concatenated into a single string. type: str