Try SpotterManage a BackendSet resource in Oracle Cloud Infrastructure
| "added in version" 2.9.0 of oracle.oci"
Authors: Oracle (@oracle)
preview | supported by community
Install with ansible-galaxy collection install oracle.oci:==5.0.0
collections:
- name: oracle.oci
version: 5.0.0This module allows the user to create, update and delete a BackendSet resource in Oracle Cloud Infrastructure
For I(state=present), adds a backend set to a load balancer.
- name: Create backend_set
oci_loadbalancer_backend_set:
# required
policy: policy_example
health_checker:
# required
protocol: protocol_example
# optional
url_path: url_path_example
port: 56
return_code: 56
retries: 56
timeout_in_millis: 56
interval_in_millis: 56
response_body_regex: response_body_regex_example
load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"
name: name_example
# optional
backends:
- # required
ip_address: ip_address_example
port: 56
# optional
weight: 56
backup: true
drain: true
offline: true
ssl_configuration:
# optional
verify_depth: 56
verify_peer_certificate: true
trusted_certificate_authority_ids: [ "trusted_certificate_authority_ids_example" ]
certificate_ids: [ "certificate_ids_example" ]
certificate_name: certificate_name_example
protocols: [ "protocols_example" ]
cipher_suite_name: cipher_suite_name_example
server_order_preference: ENABLED
session_persistence_configuration:
# required
cookie_name: cookie_name_example
# optional
disable_fallback: true
lb_cookie_session_persistence_configuration:
# optional
cookie_name: cookie_name_example
disable_fallback: true
domain: domain_example
path: path_example
max_age_in_seconds: 56
is_secure: true
is_http_only: true
- name: Update backend_set
oci_loadbalancer_backend_set:
# required
policy: policy_example
backends:
- # required
ip_address: ip_address_example
port: 56
# optional
weight: 56
backup: true
drain: true
offline: true
health_checker:
# required
protocol: protocol_example
# optional
url_path: url_path_example
port: 56
return_code: 56
retries: 56
timeout_in_millis: 56
interval_in_millis: 56
response_body_regex: response_body_regex_example
load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"
name: name_example
# optional
ssl_configuration:
# optional
verify_depth: 56
verify_peer_certificate: true
trusted_certificate_authority_ids: [ "trusted_certificate_authority_ids_example" ]
certificate_ids: [ "certificate_ids_example" ]
certificate_name: certificate_name_example
protocols: [ "protocols_example" ]
cipher_suite_name: cipher_suite_name_example
server_order_preference: ENABLED
session_persistence_configuration:
# required
cookie_name: cookie_name_example
# optional
disable_fallback: true
lb_cookie_session_persistence_configuration:
# optional
cookie_name: cookie_name_example
disable_fallback: true
domain: domain_example
path: path_example
max_age_in_seconds: 56
is_secure: true
is_http_only: true
- name: Delete backend_set
oci_loadbalancer_backend_set:
# required
load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"
name: name_example
state: absent
name:
description:
- A friendly name for the backend set. It must be unique and it cannot be changed.
- Valid backend set names include only alphanumeric characters, dashes, and underscores.
Backend set names cannot contain spaces. Avoid entering confidential information.
- 'Example: `example_backend_set`'
required: true
type: str
wait:
default: true
description: Whether to wait for create or delete operation to complete.
type: bool
state:
choices:
- present
- absent
default: present
description:
- The state of the BackendSet.
- Use I(state=present) to create or update a BackendSet.
- Use I(state=absent) to delete a BackendSet.
required: false
type: str
key_by:
description: The list of attributes of this resource which should be used to uniquely
identify an instance of the resource. By default, all the attributes of a resource
are used to uniquely identify a resource.
elements: str
type: list
policy:
description:
- The load balancer policy for the backend set. To get a list of available policies,
use the L(ListPolicies,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/loadbalancer/20170115/LoadBalancerPolicy/ListPolicies)
operation.
- 'Example: `LEAST_CONNECTIONS`'
- Required for create using I(state=present), update using I(state=present) with name
present.
type: str
region:
description:
- The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set,
then the value of the OCI_REGION variable, if any, is used. This option is required
if the region is not specified through a configuration file (See C(config_file_location)).
Please refer to U(https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm)
for more information on OCI regions.
type: str
tenancy:
description:
- OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if
any, is used. This option is required if the tenancy OCID is not specified through
a configuration file (See C(config_file_location)). To get the tenancy OCID, please
refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm)
type: str
api_user:
description:
- The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the
value of the OCI_USER_ID environment variable, if any, is used. This option is required
if the user is not specified through a configuration file (See C(config_file_location)).
To get the user's OCID, please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
backends:
description:
- ''
- Required for update using I(state=present) with name present.
elements: dict
suboptions:
backup:
description:
- Whether the load balancer should treat this server as a backup unit. If `true`,
the load balancer forwards no ingress traffic to this backend server unless
all other backend servers not marked as "backup" fail the health check policy.
- '**Note:** You cannot add a backend server marked as `backup` to a backend set
that uses the IP Hash policy.'
- 'Example: `false`'
type: bool
drain:
description:
- Whether the load balancer should drain this server. Servers marked "drain" receive
no new incoming traffic.
- 'Example: `false`'
type: bool
ip_address:
description:
- The IP address of the backend server.
- 'Example: `10.0.0.3`'
required: true
type: str
offline:
description:
- Whether the load balancer should treat this server as offline. Offline servers
receive no incoming traffic.
- 'Example: `false`'
type: bool
port:
description:
- The communication port for the backend server.
- 'Example: `8080`'
required: true
type: int
weight:
description:
- The load balancing policy weight assigned to the server. Backend servers with
a higher weight receive a larger proportion of incoming traffic. For example,
a server weighted '3' receives 3 times the number of new connections as a server
weighted '1'. For more information on load balancing policies, see L(How Load
Balancing Policies Work,https://docs.cloud.oracle.com/Content/Balance/Reference/lbpolicies.htm).
- 'Example: `3`'
type: int
type: list
auth_type:
choices:
- api_key
- instance_principal
- instance_obo_user
- resource_principal
- security_token
default: api_key
description:
- The type of authentication to use for making API requests. By default C(auth_type="api_key")
based authentication is performed and the API key (see I(api_user_key_file)) in
your config file will be used. If this 'auth_type' module option is not specified,
the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use C(auth_type="instance_principal")
to use instance principal based authentication when running ansible playbooks within
an OCI compute instance.
type: str
cert_bundle:
description:
- The full path to a CA certificate bundle to be used for SSL verification. This will
override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE
variable, if any, is used.
type: str
auth_purpose:
choices:
- service_principal
description:
- The auth purpose which can be used in conjunction with 'auth_type=instance_principal'.
The default auth_purpose for instance_principal is None.
type: str
force_create:
default: false
description: Whether to attempt non-idempotent creation of a resource. By default,
create resource is an idempotent operation, and doesn't create the resource if it
already exists. Setting this option to true, forcefully creates a copy of the resource,
even if it already exists.This option is mutually exclusive with I(key_by).
type: bool
wait_timeout:
description: Time, in seconds, to wait when I(wait=yes). Defaults to 1200 for most
of the services but some services might have a longer wait timeout.
type: int
health_checker:
description:
- ''
- Required for create using I(state=present), update using I(state=present) with name
present.
suboptions:
interval_in_millis:
description:
- The interval between health checks, in milliseconds.
- 'Example: `10000`'
type: int
port:
description:
- The backend server port against which to run the health check. If the port is
not specified, the load balancer uses the port information from the `Backend`
object.
- 'Example: `8080`'
type: int
protocol:
description:
- The protocol the health check must use; either HTTP or TCP.
- 'Example: `HTTP`'
required: true
type: str
response_body_regex:
description:
- A regular expression for parsing the response body from the backend server.
- 'Example: `^((?!false).|\s)*$`'
type: str
retries:
description:
- The number of retries to attempt before a backend server is considered "unhealthy".
This number also applies when recovering a server to the "healthy" state.
- 'Example: `3`'
type: int
return_code:
description:
- The status code a healthy backend server should return.
- 'Example: `200`'
type: int
timeout_in_millis:
description:
- The maximum time, in milliseconds, to wait for a reply to a health check. A
health check is successful only if a reply returns within this timeout period.
- 'Example: `3000`'
type: int
url_path:
description:
- The path against which to run the health check.
- 'Example: `/healthcheck`'
type: str
type: dict
load_balancer_id:
aliases:
- id
description:
- The L(OCID,https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm)
of the load balancer on which to add a backend set.
required: true
type: str
api_user_key_file:
description:
- Full path and filename of the private key (in PEM format). If not set, then the
value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required
if the private key is not specified through a configuration file (See C(config_file_location)).
If the key is encrypted with a pass-phrase, the C(api_user_key_pass_phrase) option
must also be provided.
type: str
ssl_configuration:
description:
- ''
- This parameter is updatable.
suboptions:
certificate_ids:
description:
- Ids for OCI certificates service certificates. Currently only a single Id may
be passed.
- 'Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]`'
elements: str
type: list
certificate_name:
description:
- A friendly name for the certificate bundle. It must be unique and it cannot
be changed. Valid certificate bundle names include only alphanumeric characters,
dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid
entering confidential information.
- 'Example: `example_certificate_bundle`'
type: str
cipher_suite_name:
description:
- The name of the cipher suite to use for HTTPS or SSL connections.
- If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.
- '**Notes:**'
- '* You must ensure compatibility between the specified SSL protocols and the
ciphers configured in the cipher suite. Clients cannot perform an SSL handshake
if there is an incompatible configuration. * You must ensure compatibility
between the ciphers configured in the cipher suite and the configured certificates.
For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers
require ECDSA certificates. * If the cipher configuration is not modified after
load balancer creation, the `GET` operation returns `oci-default-ssl-cipher-suite-v1`
as the value of this field in the SSL configuration for existing listeners that
predate this feature. * If the cipher configuration was modified using Oracle
operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite`
as the value of this field in the SSL configuration for existing listeners that
predate this feature. * The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1`
as the value of this field in the SSL configuration for existing backend sets
that predate this feature. * If the `GET` operation on a listener returns `oci-customized-ssl-cipher-suite`
as the value of this field, you must specify an appropriate predefined or custom
cipher suite name when updating the resource. * The `oci-customized-ssl-cipher-suite`
Oracle reserved cipher suite name is not accepted as valid input for this field.'
- 'example: `example_cipher_suite`'
type: str
protocols:
description:
- A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
- The load balancer uses SSL protocols to establish a secure connection between
a client and a server. A secure connection ensures that all data passed between
the client and the server is private.
- 'The Load Balancing service supports the following protocols:'
- '* TLSv1 * TLSv1.1 * TLSv1.2'
- If this field is not specified, TLSv1.2 is the default.
- '**Warning:** All SSL listeners created on a given port must use the same set
of SSL protocols.'
- '**Notes:**'
- '* The handshake to establish an SSL connection fails if the client supports
none of the specified protocols. * You must ensure compatibility between the
specified SSL protocols and the ciphers configured in the cipher suite. * For
all existing load balancer listeners and backend sets that predate this feature,
the `GET` operation displays a list of SSL protocols currently used by those
resources.'
- 'example: `["TLSv1.1", "TLSv1.2"]`'
elements: str
type: list
server_order_preference:
choices:
- ENABLED
- DISABLED
description:
- When this attribute is set to ENABLED, the system gives preference to the server
ciphers over the client ciphers.
- '**Note:** This configuration is applicable only when the load balancer is acting
as an SSL/HTTPS server. This field is ignored when the `SSLConfiguration` object
is associated with a backend set.'
type: str
trusted_certificate_authority_ids:
description:
- Ids for OCI certificates service CA or CA bundles for the load balancer to trust.
- 'Example: `[ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]`'
elements: str
type: list
verify_depth:
description:
- The maximum depth for peer certificate chain verification.
- 'Example: `3`'
type: int
verify_peer_certificate:
description:
- Whether the load balancer listener should verify peer certificates.
- 'Example: `true`'
type: bool
type: dict
config_profile_name:
description:
- The profile to load from the config file referenced by C(config_file_location).
If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any,
is used. Otherwise, defaults to the "DEFAULT" profile in C(config_file_location).
type: str
api_user_fingerprint:
description:
- Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT
environment variable, if any, is used. This option is required if the key fingerprint
is not specified through a configuration file (See C(config_file_location)). To
get the key pair's fingerprint value please refer U(https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm).
type: str
config_file_location:
description:
- Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment
variable, if any, is used. Otherwise, defaults to ~/.oci/config.
type: str
api_user_key_pass_phrase:
description:
- Passphrase used by the key referenced in C(api_user_key_file), if it is encrypted.
If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is
used. This option is required if the key passphrase is not specified through a configuration
file (See C(config_file_location)).
type: str
session_persistence_configuration:
description:
- ''
- This parameter is updatable.
suboptions:
cookie_name:
description:
- The name of the cookie used to detect a session initiated by the backend server.
Use '*' to specify that any cookie set by the backend causes the session to
persist.
- 'Example: `example_cookie`'
required: true
type: str
disable_fallback:
description:
- Whether the load balancer is prevented from directing traffic from a persistent
session client to a different backend server if the original server is unavailable.
Defaults to false.
- 'Example: `false`'
type: bool
type: dict
realm_specific_endpoint_template_enabled:
description:
- Enable/Disable realm specific endpoint template for service client. By Default,
realm specific endpoint template is disabled. If not set, then the value of the
OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
type: bool
lb_cookie_session_persistence_configuration:
description:
- ''
- This parameter is updatable.
suboptions:
cookie_name:
description:
- The name of the cookie inserted by the load balancer. If this field is not configured,
the cookie name defaults to "X-Oracle-BMC-LBS-Route".
- 'Example: `example_cookie`'
- '**Notes:**'
- '* Ensure that the cookie name used at the backend application servers is different
from the cookie name used at the load balancer. To minimize the chance of name
collision, Oracle recommends that you use a prefix such as "X-Oracle-OCI-" for
this field.'
- '* If a backend server and the load balancer both insert cookies with the same
name, the client or browser behavior can vary depending on the domain and path
values associated with the cookie. If the name, domain, and path values of the
`Set-cookie` generated by a backend server and the `Set-cookie` generated by
the load balancer are all the same, the client or browser treats them as one
cookie and returns only one of the cookie values in subsequent requests. If
both `Set-cookie` names are the same, but the domain and path names are different,
the client or browser treats them as two different cookies.'
type: str
disable_fallback:
description:
- Whether the load balancer is prevented from directing traffic from a persistent
session client to a different backend server if the original server is unavailable.
Defaults to false.
- 'Example: `false`'
type: bool
domain:
description:
- The domain in which the cookie is valid. The `Set-cookie` header inserted by
the load balancer contains a domain attribute with the specified value.
- This attribute has no default value. If you do not specify a value, the load
balancer does not insert the domain attribute into the `Set-cookie` header.
- '**Notes:**'
- '* L(RFC 6265 - HTTP State Management Mechanism,https://www.ietf.org/rfc/rfc6265.txt)
describes client and browser behavior when the domain attribute is present or
not present in the `Set-cookie` header.'
- If the value of the `Domain` attribute is `example.com` in the `Set-cookie`
header, the client includes the same cookie in the `Cookie` header when making
HTTP requests to `example.com`, `www.example.com`, and `www.abc.example.com`.
If the `Domain` attribute is not present, the client returns the cookie only
for the domain to which the original request was made.
- '* Ensure that this attribute specifies the correct domain value. If the `Domain`
attribute in the `Set-cookie` header does not include the domain to which the
original request was made, the client or browser might reject the cookie. As
specified in RFC 6265, the client accepts a cookie with the `Domain` attribute
value `example.com` or `www.example.com` sent from `www.example.com`. It does
not accept a cookie with the `Domain` attribute `abc.example.com` or `www.abc.example.com`
sent from `www.example.com`.'
- 'Example: `example.com`'
type: str
is_http_only:
description:
- Whether the `Set-cookie` header should contain the `HttpOnly` attribute. If
`true`, the `Set-cookie` header inserted by the load balancer contains the `HttpOnly`
attribute, which limits the scope of the cookie to HTTP requests. This attribute
directs the client or browser to omit the cookie when providing access to cookies
through non-HTTP APIs. For example, it restricts the cookie from JavaScript
channels.
- 'Example: `true`'
type: bool
is_secure:
description:
- Whether the `Set-cookie` header should contain the `Secure` attribute. If `true`,
the `Set-cookie` header inserted by the load balancer contains the `Secure`
attribute, which directs the client or browser to send the cookie only using
a secure protocol.
- '**Note:** If you set this field to `true`, you cannot associate the corresponding
backend set with an HTTP listener.'
- 'Example: `true`'
type: bool
max_age_in_seconds:
description:
- The amount of time the cookie remains valid. The `Set-cookie` header inserted
by the load balancer contains a `Max-Age` attribute with the specified value.
- The specified value must be at least one second. There is no default value for
this attribute. If you do not specify a value, the load balancer does not include
the `Max-Age` attribute in the `Set-cookie` header. In most cases, the client
or browser retains the cookie until the current session ends, as defined by
the client.
- 'Example: `3600`'
type: int
path:
description:
- The path in which the cookie is valid. The `Set-cookie header` inserted by the
load balancer contains a `Path` attribute with the specified value.
- Clients include the cookie in an HTTP request only if the path portion of the
request-uri matches, or is a subdirectory of, the cookie's `Path` attribute.
- The default value is `/`.
- 'Example: `/example`'
type: str
type: dict
backend_set:
contains:
backends:
contains:
backup:
description:
- Whether the load balancer should treat this server as a backup unit. If
`true`, the load balancer forwards no ingress traffic to this backend
server unless all other backend servers not marked as "backup" fail the
health check policy.
- '**Note:** You cannot add a backend server marked as `backup` to a backend
set that uses the IP Hash policy.'
- 'Example: `false`'
returned: on success
sample: true
type: bool
drain:
description:
- Whether the load balancer should drain this server. Servers marked "drain"
receive no new incoming traffic.
- 'Example: `false`'
returned: on success
sample: true
type: bool
ip_address:
description:
- The IP address of the backend server.
- 'Example: `10.0.0.3`'
returned: on success
sample: ip_address_example
type: str
name:
description:
- A read-only field showing the IP address and port that uniquely identify
this backend server in the backend set.
- 'Example: `10.0.0.3:8080`'
returned: on success
sample: name_example
type: str
offline:
description:
- Whether the load balancer should treat this server as offline. Offline
servers receive no incoming traffic.
- 'Example: `false`'
returned: on success
sample: true
type: bool
port:
description:
- The communication port for the backend server.
- 'Example: `8080`'
returned: on success
sample: 56
type: int
weight:
description:
- The load balancing policy weight assigned to the server. Backend servers
with a higher weight receive a larger proportion of incoming traffic.
For example, a server weighted '3' receives 3 times the number of new
connections as a server weighted '1'. For more information on load balancing
policies, see L(How Load Balancing Policies Work,https://docs.cloud.oracle.com/Content/Balance/Reference/lbpolicies.htm).
- 'Example: `3`'
returned: on success
sample: 56
type: int
description:
- ''
returned: on success
type: complex
health_checker:
contains:
interval_in_millis:
description:
- The interval between health checks, in milliseconds. The default is 10000
(10 seconds).
- 'Example: `10000`'
returned: on success
sample: 56
type: int
port:
description:
- The backend server port against which to run the health check. If the
port is not specified, the load balancer uses the port information from
the `Backend` object.
- 'Example: `8080`'
returned: on success
sample: 56
type: int
protocol:
description:
- The protocol the health check must use; either HTTP or TCP.
- 'Example: `HTTP`'
returned: on success
sample: protocol_example
type: str
response_body_regex:
description:
- A regular expression for parsing the response body from the backend server.
- 'Example: `^((?!false).|\s)*$`'
returned: on success
sample: response_body_regex_example
type: str
retries:
description:
- The number of retries to attempt before a backend server is considered
"unhealthy". This number also applies when recovering a server to the
"healthy" state. Defaults to 3.
- 'Example: `3`'
returned: on success
sample: 56
type: int
return_code:
description:
- The status code a healthy backend server should return. If you configure
the health check policy to use the HTTP protocol, you can use common HTTP
status codes such as "200".
- 'Example: `200`'
returned: on success
sample: 56
type: int
timeout_in_millis:
description:
- The maximum time, in milliseconds, to wait for a reply to a health check.
A health check is successful only if a reply returns within this timeout
period. Defaults to 3000 (3 seconds).
- 'Example: `3000`'
returned: on success
sample: 56
type: int
url_path:
description:
- The path against which to run the health check.
- 'Example: `/healthcheck`'
returned: on success
sample: url_path_example
type: str
description:
- ''
returned: on success
type: complex
lb_cookie_session_persistence_configuration:
contains:
cookie_name:
description:
- The name of the cookie inserted by the load balancer. If this field is
not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route".
- 'Example: `example_cookie`'
- '**Notes:**'
- '* Ensure that the cookie name used at the backend application servers
is different from the cookie name used at the load balancer. To minimize
the chance of name collision, Oracle recommends that you use a prefix
such as "X-Oracle-OCI-" for this field.'
- '* If a backend server and the load balancer both insert cookies with
the same name, the client or browser behavior can vary depending on the
domain and path values associated with the cookie. If the name, domain,
and path values of the `Set-cookie` generated by a backend server and
the `Set-cookie` generated by the load balancer are all the same, the
client or browser treats them as one cookie and returns only one of the
cookie values in subsequent requests. If both `Set-cookie` names are the
same, but the domain and path names are different, the client or browser
treats them as two different cookies.'
returned: on success
sample: cookie_name_example
type: str
disable_fallback:
description:
- Whether the load balancer is prevented from directing traffic from a persistent
session client to a different backend server if the original server is
unavailable. Defaults to false.
- 'Example: `false`'
returned: on success
sample: true
type: bool
domain:
description:
- The domain in which the cookie is valid. The `Set-cookie` header inserted
by the load balancer contains a domain attribute with the specified value.
- This attribute has no default value. If you do not specify a value, the
load balancer does not insert the domain attribute into the `Set-cookie`
header.
- '**Notes:**'
- '* L(RFC 6265 - HTTP State Management Mechanism,https://www.ietf.org/rfc/rfc6265.txt)
describes client and browser behavior when the domain attribute is present
or not present in the `Set-cookie` header.'
- If the value of the `Domain` attribute is `example.com` in the `Set-cookie`
header, the client includes the same cookie in the `Cookie` header when
making HTTP requests to `example.com`, `www.example.com`, and `www.abc.example.com`.
If the `Domain` attribute is not present, the client returns the cookie
only for the domain to which the original request was made.
- '* Ensure that this attribute specifies the correct domain value. If
the `Domain` attribute in the `Set-cookie` header does not include the
domain to which the original request was made, the client or browser might
reject the cookie. As specified in RFC 6265, the client accepts a cookie
with the `Domain` attribute value `example.com` or `www.example.com` sent
from `www.example.com`. It does not accept a cookie with the `Domain`
attribute `abc.example.com` or `www.abc.example.com` sent from `www.example.com`.'
- 'Example: `example.com`'
returned: on success
sample: domain_example
type: str
is_http_only:
description:
- Whether the `Set-cookie` header should contain the `HttpOnly` attribute.
If `true`, the `Set-cookie` header inserted by the load balancer contains
the `HttpOnly` attribute, which limits the scope of the cookie to HTTP
requests. This attribute directs the client or browser to omit the cookie
when providing access to cookies through non-HTTP APIs. For example, it
restricts the cookie from JavaScript channels.
- 'Example: `true`'
returned: on success
sample: true
type: bool
is_secure:
description:
- Whether the `Set-cookie` header should contain the `Secure` attribute.
If `true`, the `Set-cookie` header inserted by the load balancer contains
the `Secure` attribute, which directs the client or browser to send the
cookie only using a secure protocol.
- '**Note:** If you set this field to `true`, you cannot associate the corresponding
backend set with an HTTP listener.'
- 'Example: `true`'
returned: on success
sample: true
type: bool
max_age_in_seconds:
description:
- The amount of time the cookie remains valid. The `Set-cookie` header inserted
by the load balancer contains a `Max-Age` attribute with the specified
value.
- The specified value must be at least one second. There is no default value
for this attribute. If you do not specify a value, the load balancer does
not include the `Max-Age` attribute in the `Set-cookie` header. In most
cases, the client or browser retains the cookie until the current session
ends, as defined by the client.
- 'Example: `3600`'
returned: on success
sample: 56
type: int
path:
description:
- The path in which the cookie is valid. The `Set-cookie header` inserted
by the load balancer contains a `Path` attribute with the specified value.
- Clients include the cookie in an HTTP request only if the path portion
of the request-uri matches, or is a subdirectory of, the cookie's `Path`
attribute.
- The default value is `/`.
- 'Example: `/example`'
returned: on success
sample: path_example
type: str
description:
- ''
returned: on success
type: complex
name:
description:
- A friendly name for the backend set. It must be unique and it cannot be changed.
- Valid backend set names include only alphanumeric characters, dashes, and
underscores. Backend set names cannot contain spaces. Avoid entering confidential
information.
- 'Example: `example_backend_set`'
returned: on success
sample: name_example
type: str
policy:
description:
- The load balancer policy for the backend set. To get a list of available policies,
use the L(ListPolicies,https://docs.cloud.oracle.com/en-us/iaas/api/#/en/loadbalancer/20170115/LoadBalancerPolicy/ListPolicies)
operation.
- 'Example: `LEAST_CONNECTIONS`'
returned: on success
sample: policy_example
type: str
session_persistence_configuration:
contains:
cookie_name:
description:
- The name of the cookie used to detect a session initiated by the backend
server. Use '*' to specify that any cookie set by the backend causes the
session to persist.
- 'Example: `example_cookie`'
returned: on success
sample: cookie_name_example
type: str
disable_fallback:
description:
- Whether the load balancer is prevented from directing traffic from a persistent
session client to a different backend server if the original server is
unavailable. Defaults to false.
- 'Example: `false`'
returned: on success
sample: true
type: bool
description:
- ''
returned: on success
type: complex
ssl_configuration:
contains:
certificate_ids:
description:
- Ids for OCI certificates service certificates. Currently only a single
Id may be passed.
- 'Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]`'
returned: on success
sample: []
type: list
certificate_name:
description:
- A friendly name for the certificate bundle. It must be unique and it cannot
be changed. Valid certificate bundle names include only alphanumeric characters,
dashes, and underscores. Certificate bundle names cannot contain spaces.
Avoid entering confidential information.
- 'Example: `example_certificate_bundle`'
returned: on success
sample: certificate_name_example
type: str
cipher_suite_name:
description:
- The name of the cipher suite to use for HTTPS or SSL connections.
- If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.
- '**Notes:**'
- '* You must ensure compatibility between the specified SSL protocols
and the ciphers configured in the cipher suite. Clients cannot perform
an SSL handshake if there is an incompatible configuration. * You must
ensure compatibility between the ciphers configured in the cipher suite
and the configured certificates. For example, RSA-based ciphers require
RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If
the cipher configuration is not modified after load balancer creation,
the `GET` operation returns `oci-default-ssl-cipher-suite-v1` as the value
of this field in the SSL configuration for existing listeners that predate
this feature. * If the cipher configuration was modified using Oracle
operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite`
as the value of this field in the SSL configuration for existing listeners
that predate this feature. * The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1`
as the value of this field in the SSL configuration for existing backend
sets that predate this feature. * If the `GET` operation on a listener
returns `oci-customized-ssl-cipher-suite` as the value of this field,
you must specify an appropriate predefined or custom cipher suite name
when updating the resource. * The `oci-customized-ssl-cipher-suite` Oracle
reserved cipher suite name is not accepted as valid input for this field.'
- 'example: `example_cipher_suite`'
returned: on success
sample: cipher_suite_name_example
type: str
protocols:
description:
- A list of SSL protocols the load balancer must support for HTTPS or SSL
connections.
- The load balancer uses SSL protocols to establish a secure connection
between a client and a server. A secure connection ensures that all data
passed between the client and the server is private.
- 'The Load Balancing service supports the following protocols:'
- '* TLSv1 * TLSv1.1 * TLSv1.2'
- If this field is not specified, TLSv1.2 is the default.
- '**Warning:** All SSL listeners created on a given port must use the same
set of SSL protocols.'
- '**Notes:**'
- '* The handshake to establish an SSL connection fails if the client supports
none of the specified protocols. * You must ensure compatibility between
the specified SSL protocols and the ciphers configured in the cipher suite.
* For all existing load balancer listeners and backend sets that predate
this feature, the `GET` operation displays a list of SSL protocols currently
used by those resources.'
- 'example: `["TLSv1.1", "TLSv1.2"]`'
returned: on success
sample: []
type: list
server_order_preference:
description:
- When this attribute is set to ENABLED, the system gives preference to
the server ciphers over the client ciphers.
- '**Note:** This configuration is applicable only when the load balancer
is acting as an SSL/HTTPS server. This field is ignored when the `SSLConfiguration`
object is associated with a backend set.'
returned: on success
sample: ENABLED
type: str
trusted_certificate_authority_ids:
description:
- Ids for OCI certificates service CA or CA bundles for the load balancer
to trust.
- 'Example: `[ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]`'
returned: on success
sample: []
type: list
verify_depth:
description:
- The maximum depth for peer certificate chain verification.
- 'Example: `3`'
returned: on success
sample: 56
type: int
verify_peer_certificate:
description:
- Whether the load balancer listener should verify peer certificates.
- 'Example: `true`'
returned: on success
sample: true
type: bool
description:
- ''
returned: on success
type: complex
description:
- Details of the BackendSet resource acted upon by the current operation
returned: on success
sample:
backends:
- backup: true
drain: true
ip_address: ip_address_example
name: name_example
offline: true
port: 56
weight: 56
health_checker:
interval_in_millis: 56
port: 56
protocol: protocol_example
response_body_regex: response_body_regex_example
retries: 56
return_code: 56
timeout_in_millis: 56
url_path: url_path_example
lb_cookie_session_persistence_configuration:
cookie_name: cookie_name_example
disable_fallback: true
domain: domain_example
is_http_only: true
is_secure: true
max_age_in_seconds: 56
path: path_example
name: name_example
policy: policy_example
session_persistence_configuration:
cookie_name: cookie_name_example
disable_fallback: true
ssl_configuration:
certificate_ids: []
certificate_name: certificate_name_example
cipher_suite_name: cipher_suite_name_example
protocols: []
server_order_preference: ENABLED
trusted_certificate_authority_ids: []
verify_depth: 56
verify_peer_certificate: true
type: complex