New in version 2.0.
Set up, reconfigure, or remove SSL termination for an existing load balancer.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| api_key | no |
Rackspace API key, overrides credentials. aliases: password
|
||
| certificate | no | The public SSL certificates as a string in PEM format. |
||
| credentials | no |
File to find the Rackspace credentials in. Ignored if api_key and username are provided. aliases: creds_file
|
||
| enabled | no | True |
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
|
|
| env (added in 1.5)
| no | Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration. |
||
| https_redirect | no |
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
|
||
| intermediate_certificate | no |
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
|
||
| loadbalancer | yes | Name or ID of the load balancer on which to manage SSL termination. |
||
| private_key | no | The private SSL key as a string in PEM format. |
||
| region | no | DFW | Region to create an instance in. |
|
| secure_port | no | 443 | The port to listen for secure traffic. |
|
| secure_traffic_only | no | If "true", the load balancer will *only* accept secure traffic. |
||
| state | no | present |
|
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
|
| username | no | Rackspace username, overrides credentials. |
||
| verify_ssl (added in 1.5)
| no | Whether or not to require SSL validation of API endpoints. |
||
| wait | no | Wait for the balancer to be in state "running" before turning. |
||
| wait_timeout | no | 300 | How long before "wait" gives up, in seconds. |
- name: Enable SSL termination on a load balancer
rax_clb_ssl:
loadbalancer: the_loadbalancer
state: present
private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
secure_traffic_only: true
wait: true
- name: Disable SSL termination
rax_clb_ssl:
loadbalancer: "{{ registered_lb.balancer.id }}"
state: absent
wait: true
Note
The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.
Note
RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
Note
RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file
Note
RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.
© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/rax_clb_ssl_module.html