rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer

Synopsis
Requirements
Parameters
Notes
Examples
Status

Synopsis

Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements

The below requirements are needed on the host that executes this module.

pyrax
python >= 2.6

Parameters

Parameter	Choices/Defaults	Comments
api_key string		Rackspace API key, overrides credentials. aliases: password
auth_endpoint -	Default: "https://identity.api.rackspacecloud.com/v2.0/%22	The URI of the authentication service.
certificate -		The public SSL certificates as a string in PEM format.
credentials path		File to find the Rackspace credentials in. Ignored if api_key and username are provided. aliases: creds_file
enabled boolean	no yes ←	If set to "false", temporarily disable SSL termination without discarding existing credentials.
env string		Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration.
https_redirect boolean	no yes	If "true", the load balancer will redirect HTTP traffic to HTTPS. Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL termination is also applied or removed.
identity_type -	Default: "rackspace"	Authentication mechanism to use, such as rackspace or keystone.
intermediate_certificate -		One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string.
loadbalancer - / required		Name or ID of the load balancer on which to manage SSL termination.
private_key -		The private SSL key as a string in PEM format.
region string	Default: "DFW"	Region to create an instance in.
secure_port -	Default: 443	The port to listen for secure traffic.
secure_traffic_only boolean	no ← yes	If "true", the load balancer will only accept secure traffic.
state -	present ← absent	If set to "present", SSL termination will be added to this load balancer. If "absent", SSL termination will be removed instead.
tenant_id -		The tenant ID used for authentication.
tenant_name -		The tenant name used for authentication.
username string		Rackspace username, overrides credentials.
validate_certs boolean	no yes	Whether or not to require SSL validation of API endpoints. aliases: verify_ssl
wait boolean	no ← yes	Wait for the balancer to be in state "running" before turning.
wait_timeout -	Default: 300	How long before "wait" gives up, in seconds.

Notes

Note

The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.
RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file
RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)
The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.
RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file
RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

Examples

- name: Enable SSL termination on a load balancer
  rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Ash Wilson (@smashwilson)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/rax_clb_ssl_module.html