ngine_io / ngine_io.cloudstack / 2.3.0 / module / cs_firewall Manages firewall rules on Apache CloudStack based clouds. | "added in version" 0.1.0 of ngine_io.cloudstack" Authors: René Moser (@resmo)ngine_io.cloudstack.cs_firewall (2.3.0) — module
Install with ansible-galaxy collection install ngine_io.cloudstack:==2.3.0
collections: - name: ngine_io.cloudstack version: 2.3.0
Creates and removes firewall rules.
- name: Allow inbound port 80/tcp from 1.2.3.4 to 4.3.2.1 ngine_io.cloudstack.cs_firewall: ip_address: 4.3.2.1 zone: zone01 port: 80 cidr: 1.2.3.4/32
- name: Allow inbound tcp/udp port 53 to 4.3.2.1 ngine_io.cloudstack.cs_firewall: ip_address: 4.3.2.1 zone: zone01 port: 53 protocol: '{{ item }}' with_items: - tcp - udp
- name: Ensure firewall rule is removed ngine_io.cloudstack.cs_firewall: ip_address: 4.3.2.1 zone: zone01 start_port: 8000 end_port: 8888 cidr: 17.0.0.0/8 state: absent
- name: Allow all outbound traffic ngine_io.cloudstack.cs_firewall: network: my_network zone: zone01 type: egress protocol: all
- name: Allow only HTTP outbound traffic for an IP ngine_io.cloudstack.cs_firewall: network: my_network zone: zone01 type: egress port: 80 cidr: 10.101.1.20
tags: aliases: - tag description: - List of tags. Tags are a list of dictionaries having keys I(key) and I(value). - 'To delete all tags, set an empty list e.g. I(tags: []).' elements: dict type: list type: choices: - ingress - egress default: ingress description: - Type of the firewall rule. type: str zone: description: - Name of the zone in which the virtual machine is in. required: true type: str cidrs: aliases: - cidr default: 0.0.0.0/0 description: - List of CIDRs (full notation) to be used for firewall rule. - Since version 2.5, it is a list of CIDR. elements: str type: list state: choices: - present - absent default: present description: - State of the firewall rule. type: str domain: description: - Domain the firewall rule is related to. type: str account: description: - Account the firewall rule is related to. type: str api_key: description: - API key of the CloudStack API. - If not given, the C(CLOUDSTACK_KEY) env variable is considered. required: true type: str api_url: description: - URL of the CloudStack API e.g. https://cloud.example.com/client/api. - If not given, the C(CLOUDSTACK_ENDPOINT) env variable is considered. required: true type: str network: description: - Network the egress rule is related to. - Required if I(type=egress). type: str project: description: - Name of the project the firewall rule is related to. type: str end_port: description: - End port for this rule. Considered if I(protocol=tcp) or I(protocol=udp). - If not specified, equal I(start_port). type: int protocol: choices: - tcp - udp - icmp - all default: tcp description: - Protocol of the firewall rule. - C(all) is only available if I(type=egress). type: str icmp_code: description: - Error code for this icmp message. - Considered if I(protocol=icmp). type: int icmp_type: description: - Type of the icmp message being sent. - Considered if I(protocol=icmp). type: int api_secret: description: - Secret key of the CloudStack API. - If not set, the C(CLOUDSTACK_SECRET) env variable is considered. required: true type: str ip_address: description: - Public IP address the ingress rule is assigned to. - Required if I(type=ingress). type: str poll_async: default: true description: - Poll async jobs until job has finished. type: bool start_port: aliases: - port description: - Start port for this rule. - Considered if I(protocol=tcp) or I(protocol=udp). type: int api_timeout: default: 10 description: - HTTP timeout in seconds. - If not given, the C(CLOUDSTACK_TIMEOUT) env variable is considered. type: int api_http_method: choices: - get - post default: get description: - HTTP method used to query the API endpoint. - If not given, the C(CLOUDSTACK_METHOD) env variable is considered. type: str api_verify_ssl_cert: description: - Verify CA authority cert file. - If not given, the C(CLOUDSTACK_VERIFY) env variable is considered. type: str
cidr: description: CIDR string of the rule. returned: success sample: 0.0.0.0/0 type: str cidrs: description: CIDR list of the rule. returned: success sample: - 0.0.0.0/0 type: list end_port: description: End port of the rule. returned: success sample: 80 type: int icmp_code: description: ICMP code of the rule. returned: success sample: 1 type: int icmp_type: description: ICMP type of the rule. returned: success sample: 1 type: int id: description: UUID of the rule. returned: success sample: 04589590-ac63-4ffc-93f5-b698b8ac38b6 type: str ip_address: description: IP address of the rule if C(type=ingress) returned: success sample: 10.100.212.10 type: str network: description: Name of the network if C(type=egress) returned: success sample: my_network type: str protocol: description: Protocol of the rule. returned: success sample: tcp type: str start_port: description: Start port of the rule. returned: success sample: 80 type: int type: description: Type of the rule. returned: success sample: ingress type: str