ngine_io.cloudstack.cs_securitygroup_rule – Manages security group rules on Apache CloudStack based clouds.

From Get docs
Ansible/docs/2.11/collections/ngine io/cloudstack/cs securitygroup rule module


ngine_io.cloudstack.cs_securitygroup_rule – Manages security group rules on Apache CloudStack based clouds.

Note

This plugin is part of the ngine_io.cloudstack collection (version 2.0.0).

To install it use: ansible-galaxy collection install ngine_io.cloudstack.

To use it in a playbook, specify: ngine_io.cloudstack.cs_securitygroup_rule.


New in version 0.1.0: of ngine_io.cloudstack


Synopsis

  • Add and remove security group rules.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • cs >= 0.9.0

Parameters

Parameter Choices/Defaults Comments

api_http_method

string

  • get

  • post

HTTP method used to query the API endpoint.

If not given, the CLOUDSTACK_METHOD env variable is considered.

api_key

string / required

API key of the CloudStack API.

If not given, the CLOUDSTACK_KEY env variable is considered.

api_secret

string / required

Secret key of the CloudStack API.

If not set, the CLOUDSTACK_SECRET env variable is considered.

api_timeout

integer

Default:

10

HTTP timeout in seconds.

If not given, the CLOUDSTACK_TIMEOUT env variable is considered.

api_url

string / required

URL of the CloudStack API e.g. https://cloud.example.com/client/api.

If not given, the CLOUDSTACK_ENDPOINT env variable is considered.

api_verify_ssl_cert

string

Verify CA authority cert file.

If not given, the CLOUDSTACK_VERIFY env variable is considered.

cidr

string

Default:

"0.0.0.0/0"

CIDR (full notation) to be used for security group rule.

end_port

integer

End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set.

icmp_code

integer

Error code for this icmp message. Required if protocol=icmp.

icmp_type

integer

Type of the icmp message being sent. Required if protocol=icmp.

poll_async

boolean

  • no

  • yes

Poll async jobs until job has finished.

project

string

Name of the project the security group to be created in.

protocol

string

  • tcp

  • udp
  • icmp
  • ah
  • esp
  • gre

Protocol of the security group rule.

security_group

string / required

Name of the security group the rule is related to. The security group must be existing.

start_port

integer

Start port for this rule. Required if protocol=tcp or protocol=udp.


aliases: port

state

string

  • present

  • absent

State of the security group rule.

type

string

  • ingress

  • egress

Ingress or egress security group rule.

user_security_group

string

Security group this rule is based of.



Notes

Note

  • A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
  • This module supports check mode.


Examples

---
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    port: 80
    cidr: 1.2.3.4/32

- name: allow tcp/udp outbound added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    type: egress
    start_port: 1
    end_port: 65535
    protocol: '{{ item }}'
  with_items:
  - tcp
  - udp

- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    protocol: icmp
    icmp_code: -1
    icmp_type: -1

- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    port: 80
    state: absent

- name: allow inbound port 80/tcp from security group web added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    port: 80
    user_security_group: web

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

cidr

string

success and cidr is defined

CIDR of the rule.


Sample:

0.0.0.0/0

end_port

integer

success

end port of the rule.


Sample:

80

id

string

success

UUID of the of the rule.


Sample:

a6f7a5fc-43f8-11e5-a151-feff819cdc9f

protocol

string

success

protocol of the rule.


Sample:

tcp

security_group

string

success

security group of the rule.


Sample:

default

start_port

integer

success

start port of the rule.


Sample:

80

type

string

success

type of the rule.


Sample:

ingress

user_security_group

string

success and user_security_group is defined

user security group of the rule.


Sample:

default




Authors

  • René Moser (@resmo)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/ngine_io/cloudstack/cs_securitygroup_rule_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.11/collections/ngine_io/cloudstack/cs_securitygroup_rule_module&oldid=65233"
Powered by MediaWiki