W3cubDocs

/Ansible

cs_securitygroup_rule - Manages security group rules on Apache CloudStack based clouds.

New in version 2.0.

Synopsis

Add and remove security group rules.

Requirements (on host that executes module)

  • python >= 2.6
  • cs >= 0.6.10

Options

parameter required default choices comments
api_http_method
no get
  • get
  • post
HTTP method used.
api_key
no
API key of the CloudStack API.
api_region
no cloudstack
Name of the ini section in the cloustack.ini file.
api_secret
no
Secret key of the CloudStack API.
api_timeout
no 10
HTTP timeout.
api_url
no
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
cidr
no 0.0.0.0/0
CIDR (full notation) to be used for security group rule.
end_port
no
End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set.
icmp_code
no
Error code for this icmp message. Required if protocol=icmp.
icmp_type
no
Type of the icmp message being sent. Required if protocol=icmp.
poll_async
no True
Poll async jobs until job has finished.
project
no
Name of the project the security group to be created in.
protocol
no tcp
  • tcp
  • udp
  • icmp
  • ah
  • esp
  • gre
Protocol of the security group rule.
security_group
yes
Name of the security group the rule is related to. The security group must be existing.
start_port
no
Start port for this rule. Required if protocol=tcp or protocol=udp.
aliases: port
state
no present
  • present
  • absent
State of the security group rule.
type
no ingress
  • ingress
  • egress
Ingress or egress security group rule.
user_security_group
no
Security group this rule is based of.

Examples

---
# Allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    port: 80
    cidr: 1.2.3.4/32

# Allow tcp/udp outbound added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    type: egress
    start_port: 1
    end_port: 65535
    protocol: '{{ item }}'
  with_items:
  - tcp
  - udp

# Allow inbound icmp from 0.0.0.0/0 added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    protocol: icmp
    icmp_code: -1
    icmp_type: -1

# Remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    port: 80
    state: absent

# Allow inbound port 80/tcp from security group web added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    port: 80
    user_security_group: web

Return Values

Common return values are documented here Common Return Values, the following are the fields unique to this module:

name description returned type sample
protocol protocol of the rule. success string tcp
user_security_group user security group of the rule. success and user_security_group is defined string default
end_port end port of the rule. success int 80
security_group security group of the rule. success string default
start_port start port of the rule. success int 80
cidr CIDR of the rule. success and cidr is defined string 0.0.0.0/0
type type of the rule. success string ingress
id UUID of the of the rule. success string a6f7a5fc-43f8-11e5-a151-feff819cdc9f

Notes

Note

Ansible uses the cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. - The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. - A CLOUDSTACK_CONFIG environment variable pointing to an .ini file, - A cloudstack.ini file in the current working directory. - A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.

Note

A detailed guide about cloudstack modules can be found on http://docs.ansible.com/ansible/guide_cloudstack.html

Note

This module supports check mode.

This is an Extras Module

For more information on what this means please read Extras Modules

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.

© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/cs_securitygroup_rule_module.html