ngine_io / ngine_io.cloudstack / 2.3.0 / module / cs_securitygroup_rule Manages security group rules on Apache CloudStack based clouds. | "added in version" 0.1.0 of ngine_io.cloudstack" Authors: René Moser (@resmo)ngine_io.cloudstack.cs_securitygroup_rule (2.3.0) — module
Install with ansible-galaxy collection install ngine_io.cloudstack:==2.3.0
collections: - name: ngine_io.cloudstack version: 2.3.0
Add and remove security group rules.
--- - name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default' ngine_io.cloudstack.cs_securitygroup_rule: security_group: default port: 80 cidr: 1.2.3.4/32
- name: allow tcp/udp outbound added to security group 'default' ngine_io.cloudstack.cs_securitygroup_rule: security_group: default type: egress start_port: 1 end_port: 65535 protocol: '{{ item }}' with_items: - tcp - udp
- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default' ngine_io.cloudstack.cs_securitygroup_rule: security_group: default protocol: icmp icmp_code: -1 icmp_type: -1
- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default' ngine_io.cloudstack.cs_securitygroup_rule: security_group: default port: 80 state: absent
- name: allow inbound port 80/tcp from security group web added to security group 'default' ngine_io.cloudstack.cs_securitygroup_rule: security_group: default port: 80 user_security_group: web
cidr: default: 0.0.0.0/0 description: - CIDR (full notation) to be used for security group rule. type: str type: choices: - ingress - egress default: ingress description: - Ingress or egress security group rule. type: str state: choices: - present - absent default: present description: - State of the security group rule. type: str api_key: description: - API key of the CloudStack API. - If not given, the C(CLOUDSTACK_KEY) env variable is considered. required: true type: str api_url: description: - URL of the CloudStack API e.g. https://cloud.example.com/client/api. - If not given, the C(CLOUDSTACK_ENDPOINT) env variable is considered. required: true type: str project: description: - Name of the project the security group to be created in. type: str end_port: description: - End port for this rule. Required if I(protocol=tcp) or I(protocol=udp), but I(start_port) will be used if not set. type: int protocol: choices: - tcp - udp - icmp - ah - esp - gre default: tcp description: - Protocol of the security group rule. type: str icmp_code: description: - Error code for this icmp message. Required if I(protocol=icmp). type: int icmp_type: description: - Type of the icmp message being sent. Required if I(protocol=icmp). type: int api_secret: description: - Secret key of the CloudStack API. - If not set, the C(CLOUDSTACK_SECRET) env variable is considered. required: true type: str poll_async: default: true description: - Poll async jobs until job has finished. type: bool start_port: aliases: - port description: - Start port for this rule. Required if I(protocol=tcp) or I(protocol=udp). type: int api_timeout: default: 10 description: - HTTP timeout in seconds. - If not given, the C(CLOUDSTACK_TIMEOUT) env variable is considered. type: int security_group: description: - Name of the security group the rule is related to. The security group must be existing. required: true type: str api_http_method: choices: - get - post default: get description: - HTTP method used to query the API endpoint. - If not given, the C(CLOUDSTACK_METHOD) env variable is considered. type: str api_verify_ssl_cert: description: - Verify CA authority cert file. - If not given, the C(CLOUDSTACK_VERIFY) env variable is considered. type: str user_security_group: description: - Security group this rule is based of. type: str
cidr: description: CIDR of the rule. returned: success and cidr is defined sample: 0.0.0.0/0 type: str end_port: description: end port of the rule. returned: success sample: 80 type: int id: description: UUID of the of the rule. returned: success sample: a6f7a5fc-43f8-11e5-a151-feff819cdc9f type: str protocol: description: protocol of the rule. returned: success sample: tcp type: str security_group: description: security group of the rule. returned: success sample: default type: str start_port: description: start port of the rule. returned: success sample: 80 type: int type: description: type of the rule. returned: success sample: ingress type: str user_security_group: description: user security group of the rule. returned: success and user_security_group is defined sample: default type: str