radware / radware.radware_modules / 0.6.12 / module / alteon_config_virtual_service Manage virtual service in Radware Alteon | "added in version" 2.9 of radware.radware_modules" Authors: Leon Meguira (@leonmeguira), Nati Fridman (@natifridman) stableinterface | supported by certifiedradware.radware_modules.alteon_config_virtual_service (0.6.12) — module
Install with ansible-galaxy collection install radware.radware_modules:==0.6.12
collections: - name: radware.radware_modules version: 0.6.12
Manage virtual service in Radware Alteon.
- name: alteon configuration command radware.radware_modules.alteon_config_virtual_service: provider: server: 192.168.1.1 user: admin password: admin validate_certs: no https_port: 443 ssh_port: 22 timeout: 5 state: present parameters: index: virt_test service_index: 1 service_port: 8080 server_port: 0 log_sessions: enabled session_mirror: enabled service_down_connection: reset persistent_timeout_minutes: 30 close_connection_with_reset: enabled direct_server_return: enabled application_type: http server_cert_name: cert_test
state: choices: - present - absent - read - overwrite - append default: null description: - When C(present), guarantees that the object exists with the provided attributes. - When C(absent), when applicable removes the object. - When C(read), when exists read object from configuration to parameter format. - When C(overwrite), removes the object if exists then recreate it - When C(append), append object configuration with the provided parameters required: true provider: description: - Radware Alteon connection details. required: true suboptions: https_port: default: null description: - Radware Alteon https port. required: true password: default: null description: - Radware Alteon password. required: true server: default: null description: - Radware Alteon IP address. required: true ssh_port: default: null description: - Radware Alteon ssh port. required: true timeout: default: null description: - Timeout for connection. required: true user: default: null description: - Radware Alteon username. required: true validate_certs: default: null description: - If C(no), SSL certificates will not be validated. - This should only set to C(no) used on personally controlled sites using self-signed certificates. required: true type: bool parameters: description: - Parameters for virtual service configuration. suboptions: application_type: choices: - basic_slb - dns - ftp - ftp_data - ldap - http - https - ssl - rtsp - sip - wts - tftp - smtp - pop3 - ip default: basic_slb description: - The application type for virtual service. required: false appshapes: default: null description: - Appshape scripts. elements: dict required: false suboptions: name: description: - Appshape script name. required: false type: str priority: description: - Appshape script priority. required: true type: int cdn_proxy_mode: choices: - enabled - disabled default: disabled description: - Enable/Disable service in CDN/proxy deployment mode. required: false close_connection_with_reset: choices: - enabled - disabled default: disabled description: - Specifies whether to reset a connection when a session ages out by sending a TCP RST message. required: false cluster_mode: choices: - enabled - disabled default: null description: - Enable/Disable service cluster. required: false connection_idle_timeout_minutes: default: 10 description: - Specifies the timeout, in minutes, after which an idle server connection is closed. This parameter is relevant only when HTTP multiplexing is performed. required: false type: int cookie_id: default: AlteonP description: - Specifies the name of the cookie whose value is used to select the server. required: false type: str cookie_insert_domain_name: choices: - enabled - disabled default: disabled description: - Specifies whether to the include or exclude the domain attribute in the inserted Set-Cookie header. This attribute specifies to the browser the domain for which the cookie is valid. required: false cookie_mode: choices: - rewrite - passive - insert default: passive description: - Specifies the cookie persistence mode. - C(rewrite)-The server inserts a persistency cookie in the response but Alteon, and not the network administrator, rewrites it, eliminating the need for the server to generate cookies for each client. - C(passive)-The Web server embeds a cookie in its response to the client. Alteon records the specified cookie value and server, and forwards subsequent requests carrying the same cookie value to the same server. - Available only for HTTP services and HTTPS services with SSL offload. - C(insert)-Alteon generates a cookie value, inserts the Set-Cookie header in the server response, and records the cookie value and the server. All subsequent HTTP requests carrying this cookie value are forwarded to the same server. - Available only for HTTP services and HTTPS services with SSL offload (the default persistence type for these services). required: false cookie_path: default: null description: - Specifies the path attribute in the inserted Set-Cookie header. This attribute specifies to the browser whether or not the cookie is valid only for the specific path. required: false type: str delayed_binding: choices: - disabled - enabled - forceproxy default: disabled description: - Enables or disables Layer 4 delayed binding or full proxy mode for TCP service and ports - delayed_binding may automatically set by a feature requires application engine. - C(disabled)- Processes traffic at Layer 4 without any interference in the TCP session - C(enabled)- Basic delayed binding, until sufficient information is acquired to make a load balancing/routing decision - C(forceproxy)- Alteon processes traffic in full proxy mode using the Application Service Engine required: false description: default: null description: - Virtual Service description. required: false type: str direct_access_mode: choices: - enabled - disabled default: disabled description: - Specifies whether to enable or disable Direct Access Mode (DAM) on this virtual service. This takes precedence when DAM is globally enabled on Alteon. required: false direct_server_return: choices: - enabled - disabled default: disabled description: - Specifies whether to allow the servers to respond directly to the client, without passing through Alteon. This is useful for sites where large amounts of data flow from servers to clients, such as with content providers or portal sites that typically have asymmetric traffic patterns. - Direct Server Return allows the server to respond directly to the client, without passing through Alteon. This is useful for sites where large amounts of data flow from servers to clients, such as with content providers or portal sites that typically have asymmetric traffic patterns. - When Direct Server Return is enabled, Alteon translates only the destination MAC address to the real server MAC address, and not the destination IP. On the servers you must define a loopback interface with the virtual server IP address. - Direct Server Return and content-intelligent Layer 7 load balancing cannot be performed at the same time because content-intelligent load balancing requires that all frames go back to the Alteon for connection splicing. required: false gslb_http_redirect: choices: - enabled - disabled default: null description: - GSLB HTTP/S Redirect to remote site - Should set to disabled for proxy redirection required: false http_mod_policy_name: default: null description: - Specify the list of user-defined HTTP modification rules. This enables the flexible configuration of modification rules per virtual service. required: false type: str index: default: null description: - The Virtual Server Index associated with the virtual service. required: true type: str ip_header: default: x-forwarded-for description: - Set the HTTP header indicating the IP address of the client. - valid options:x-forwarded-for, remote_addr, http_client_ip, http_x_forwarded_for, x-real-ip, http_x_forwarded, proxy-client-ip, - wl-proxy-client-ip, http_x_cluster_client_ip, http_forwarded_for, http_forwarded, http_via, x-true-client-ip, user-defined. - This field is available from alteon version 33.0.1.0. required: false type: str log_sessions: choices: - enabled - disabled default: disabled description: - Specifies whether to enable or disable session logging. - Session logs are sent to the syslog servers via the data port when the sessions are deleted or aged out. The Alteon switch processor sends the buffered session logging data to the syslog server at regular intervals (every 30 seconds) if the buffer is not completely filled. There will be no session syslog if no sessions have aged out during this duration of 30 seconds. - 'Note: Syslog servers configured on Alteon must be accessible via the data ports.' required: false nat6_address: default: null description: - Specifies the Client NAT IPv6 address for the service. required: false type: str nat6_prefix: default: 128 description: - Specifies the prefix for the Client NAT IPv6 address for the real server. required: false type: int nat_address: default: null description: - Specifies the Client NAT IPv4 address for the service. required: false type: str nat_ip_persistency: choices: - disable - client - host default: disable description: - Specifies whether to use the same NAT address for all connections from a specific client IP. This is relevant only when the service NAT address is defined as a subnet or a network class. required: false nat_mode: choices: - ingress - egress - address - nwclss - disable default: ingress description: - Client NAT specifies whether to translate the source IP to a specified NAT address before forwarding the packet to the server. This capability can be optionally used to hide the original client IP, but it is mandatory in the following cases - When client and servers belong to the same IP address space (subnet). By using NAT on the client IP, traffic returning from the server is forced to pass through Alteon. - When HTTP multiplexing is enabled. - When the clients and servers have different IP versions (IPv4/v6 gateway conversion is performed). - When source IP translation is enabled for HTTP or HTTPS with SSL offload service, Alteon enables automatic inserting on the service of an X-Forwarded-For header carrying the original client IP. - C(disable)-Do not perform Client NAT for this service. - C(ingress)-Perform Client NAT using the NAT (PIP) address configured on the ingress port or VLAN. - C(egress)-Perform Client NAT using the NAT (PIP) address configured on the egress port or VLAN. - C(address)-Perform Client NAT using the specified NAT (PIP) address and subnet mask (for an IPv4 server) or prefix (for an IPv6 server). - C(nwclss)-Perform Client NAT using the specified IPv4 and/or IPv6 network class. required: false nat_net_class_ip_persistency: choices: - disable - client default: disable description: - Specifies whether to use the same NAT address for all connections from a specific client IP. This is relevant only when the service NAT address is defined as a subnet or a network class. required: false nat_network_class_name: default: null description: - Specifies the Client NAT network class for the real server. required: false type: str nat_subnet: default: null description: - Specifies the subnet mask for the Client NAT IPv4 address for the real server. required: false type: str persistent_mode: choices: - clientip - disabled - sslid - cookie default: disabled description: - Specifies the persistence method to be used for this service. - Note-Additional persistence methods can be achieved using an AppShape++ script. - C(clientip)-Uses the client IP address as the session identifier, and associates all connections from the same client with the same real server until the client becomes inactive, and the persistent entry is aged out of the session table. - Different services from the same client may not map to the same server. - C(cookie)-Uses a cookie header or a URI cookie as an identifier, and associates all HTTP requests with the same cookie value to the same server. - Available only for HTTP and HTTPS (with SSL offload) applications. - If the cookie expiration time is greater than the virtual service Persistency Timeout value, timed out requests will not be persistent. - C(disabled)-Disables persistence for this service. - C(sslid)-Alteon records the SSL session ID and server, and directs all subsequent SSL sessions which present the same session ID to the same real server. - Available only for HTTPS and SSL services without SSL offload. - Alteon does not support the SSL ID option when you set the virtual service Delayed Binding option to Force Proxy. required: false persistent_server_port: choices: - enabled - disabled default: enabled description: - Specifies whether to use the real server port in the session lookup for a persistent session. required: false persistent_timeout_minutes: default: 0 description: - Specifies the time, in minutes, after which an inactive persistence entry is removed. required: false type: int protocol: choices: - udp - tcp - stateless - tcpAndUdp default: tcp description: - Defines the Layer 4 protocol for applications that can run on either TCP or UDP. Read-only for applications that only run on a specific Layer 4 protocol. - Available protocols vary according to the application selected. - C(tcp)-For load balancing a TCP service. - C(udp)-For load balancing a UDP service. - C(tcpAndUdp)-(Available for IP applications only.) For load balancing TCP and UDP services. When this option is selected, IPsec and ICMP are included in the services to be load balanced. - C(stateless)-No session table entry is created. Because no session is created, you have to bind to a new server every time. required: false redirect_location: default: null description: - Sets the application redirection location of this virtual service. - The redirection location is a string of up to 255 characters with the following format - <protocol>://<host>[:<port>][/<path>][?<query>] - The protocol and host parameters are mandatory. All other parameters are optional. required: false type: str secure_cookie: choices: - false - true default: false description: - Specifies whether to include or exclude the Secure attribute in the inserted Set-Cookie header. This attribute specifies that the client is required to use a secure connection to obtain content associated with the cookie. required: false secure_path_policy: default: null description: - Set secure path policy for this virtual service. - This field is available from alteon version 33.5.2.0. required: false type: str server_cert_name: default: null description: - Specifies the name of the server certificate (single hostname certificate) or certificates group (multiple hostname certificate) associated with this virtual service. required: false type: str server_cert_type: choices: - cert - group default: cert description: - Specifies whether a single certificate is used for all hostnames available via this service, or whether each hostname requires a separate certificate. required: false server_group_name: default: 1 description: - Sets the real server group for this service. required: false type: str server_port: default: 0 description: - Specifies the Layer 4 TCP or UDP port on which the real servers listen for this service. - This parameter must be specified only when all real servers listen for the service on a port that is different from the service port. For all other cases it should be left empty (0). - The real server port can alternatively be defined at real server level, allowing for different listening ports per server. required: false type: int service_action: choices: - group - redirect - discard default: group description: - Sets the action type of this virtual service. When content rules are configured for the service, this parameter specifies the default action when traffic does not match any of the content rules. required: false service_always_on_with_appshape: choices: - enabled - disabled default: disabled description: - Specifies whether a virtual service should always be available, even if all servers are down, when an AppShape++ script is attached to the service. This parameter needs to be enabled only when one of the attached AppShape++ scripts contains treatment for the 'no server available' state (such as returning the Sorry page or redirecting to a special URL). required: false service_down_connection: choices: - reset - drop default: reset description: - Specifies how Alteon handles new connections when a TCP service is unavailable. - This parameter can be used only when Delayed Binding is disabled. required: false service_index: default: ipv4 description: - The Virtual Service Index. required: true type: int service_port: default: null description: - The Layer 4 port number of the service. required: false type: int session_mirror: choices: - enabled - disabled default: disabled description: - Specifies whether to enable or disable session mirroring on the selected virtual service. - Session mirroring synchronizes the state of active connections with the standby Alteon to prevent service interruptions in case of failover. - Session mirroring is recommended for long-lived TCP connections, such as FTP, SSH, and Telnet connections. Session mirroring for protocols characterized by short-lived connections such as UDP and in many cases HTTP, is not necessary. Radware recommends that you use session mirroring only when you need to maintain the state of a long connection. required: false sideband_policy_id: default: null description: - Set sideband policy for this virtual service. - This field is available from alteon version 33.0.1.0. required: false type: str ssl_policy_name: default: null description: - Specifies the name of the SSL policy associated with this virtual service. required: false type: str user_defined_ip_header: default: null description: - Set the user defined HTTP header indicating the IP address of the client. - This field can be set only if ip_header is set to uder_defined. - This field is available from alteon version 33.0.1.0. required: false type: str x_fwd_for_inject: choices: - enabled - disabled default: disabled description: - Specifies whether to insert an X-Forwarded-For header with the client IP address in HTTP requests. This capability is useful in preserving client IP address information when NAT is performed. required: false revert_on_error: default: false description: - If an error occurs, perform revert on alteon. required: false type: bool write_on_change: default: false description: - Executes Alteon write calls only when an actual change has been evaluated. required: false type: bool
obj: description: parameters object type returned: changed, read type: dictionary status: description: Message detailing run result returned: success sample: object deployed successfully type: str