Try SpotterManage SSL termination for a Rackspace Cloud Load Balancer
Authors: Ash Wilson (@smashwilson)
Install with ansible-galaxy collection install community.general:==6.6.8
collections:
- name: community.general
version: 6.6.8Set up, reconfigure, or remove SSL termination for an existing load balancer.
This module relies on the C(pyrax) package which is deprecated in favour of using Openstack API.
Unless maintainers step up to work on the module, it will be marked as deprecated in community.general 7.0.0 and removed in version 9.0.0.
- name: Enable SSL termination on a load balancer
community.general.rax_clb_ssl:
loadbalancer: the_loadbalancer
state: present
private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
secure_traffic_only: true
wait: true
- name: Disable SSL termination
community.general.rax_clb_ssl:
loadbalancer: "{{ registered_lb.balancer.id }}"
state: absent
wait: true
env:
description:
- Environment as configured in I(~/.pyrax.cfg), see U(https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration).
type: str
wait:
default: false
description:
- Wait for the balancer to be in state "running" before turning.
type: bool
state:
choices:
- present
- absent
default: present
description:
- If set to "present", SSL termination will be added to this load balancer.
- If "absent", SSL termination will be removed instead.
type: str
region:
description:
- Region to create an instance in.
type: str
api_key:
aliases:
- password
description:
- Rackspace API key, overrides I(credentials).
type: str
enabled:
default: true
description:
- If set to "false", temporarily disable SSL termination without discarding
- existing credentials.
type: bool
username:
description:
- Rackspace username, overrides I(credentials).
type: str
tenant_id:
description:
- The tenant ID used for authentication.
type: str
certificate:
description:
- The public SSL certificates as a string in PEM format.
type: str
credentials:
aliases:
- creds_file
description:
- File to find the Rackspace credentials in. Ignored if I(api_key) and I(username)
are provided.
type: path
private_key:
description:
- The private SSL key as a string in PEM format.
type: str
secure_port:
default: 443
description:
- The port to listen for secure traffic.
type: int
tenant_name:
description:
- The tenant name used for authentication.
type: str
loadbalancer:
description:
- Name or ID of the load balancer on which to manage SSL termination.
required: true
type: str
wait_timeout:
default: 300
description:
- How long before "wait" gives up, in seconds.
type: int
auth_endpoint:
description:
- The URI of the authentication service.
- If not specified will be set to U(https://identity.api.rackspacecloud.com/v2.0/)
type: str
identity_type:
default: rackspace
description:
- Authentication mechanism to use, such as rackspace or keystone.
type: str
https_redirect:
description:
- If "true", the load balancer will redirect HTTP traffic to HTTPS.
- Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
- termination is also applied or removed.
type: bool
validate_certs:
aliases:
- verify_ssl
description:
- Whether or not to require SSL validation of API endpoints.
type: bool
secure_traffic_only:
default: false
description:
- If "true", the load balancer will *only* accept secure traffic.
type: bool
intermediate_certificate:
description:
- One or more intermediate certificate authorities as a string in PEM
- format, concatenated into a single string.
type: str