avi_sslprofile – Module for setup of SSLProfile Avi RESTful Object¶
Synopsis¶
- This module is used to configure SSLProfile object
- more examples at https://github.com/avinetworks/devops
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| accepted_ciphers 
                    -
                                                                 | Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4. | ||
| accepted_versions 
                    -
                                                                 | Set of versions accepted by the server. | ||
| api_context 
                    dictionary
                                                                 added in 2.5 | Avi API context that includes current session ID and CSRF Token. This allows user to perform single login and re-use the session. | ||
| api_version 
                    string
                                                                 | Default: "16.4.4" | Avi API version of to use for Avi API and objects. | |
| avi_api_patch_op 
                    -
                                                                 added in 2.5 | 
 | Patch operation to use when using avi_api_update_method as patch. | |
| avi_api_update_method 
                    -
                                                                 added in 2.5 | 
 | Default method for object update is HTTP PUT. Setting to patch will override that behavior to use HTTP PATCH. | |
| avi_credentials 
                    dictionary
                                                                 added in 2.5 | Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details. | ||
| api_version 
                    -
                                                                 | Default: "16.4.4" | Avi controller version | |
| controller 
                    -
                                                                 | Avi controller IP or SQDN | ||
| csrftoken 
                    -
                                                                 | Avi controller API csrftoken to reuse existing session with session id | ||
| password 
                    -
                                                                 | Avi controller password | ||
| port 
                    -
                                                                 | Avi controller port | ||
| session_id 
                    -
                                                                 | Avi controller API session id to reuse existing session with csrftoken | ||
| tenant 
                    -
                                                                 | Default: "admin" | Avi controller tenant | |
| tenant_uuid 
                    -
                                                                 | Avi controller tenant UUID | ||
| timeout 
                    -
                                                                 | Default: 300 | Avi controller request timeout | |
| token 
                    -
                                                                 | Avi controller API token | ||
| username 
                    -
                                                                 | Avi controller username | ||
| avi_disable_session_cache_as_fact 
                    boolean
                                                                 added in 2.6 | 
 | It disables avi session information to be cached as a fact. | |
| cipher_enums 
                    -
                                                                 | Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha. | ||
| controller 
                    string
                                                                 | Default: "" | IP address or hostname of the controller. The default value is the environment variable  AVI_CONTROLLER. | |
| description 
                    -
                                                                 | User defined description for the object. | ||
| dhparam 
                    -
                                                                 | Dh parameters used in ssl. At this time, it is not configurable and is set to 2048 bits. | ||
| enable_ssl_session_reuse 
                    boolean
                                                                 | 
 | Enable ssl session re-use. Default value when not specified in API or module is interpreted by Avi Controller as True. | |
| name 
                    -
                                             / required                     | Name of the object. | ||
| password 
                    string
                                                                 | Default: "" | Password of Avi user in Avi controller. The default value is the environment variable  AVI_PASSWORD. | |
| prefer_client_cipher_ordering 
                    boolean
                                                                 | 
 | Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. Default value when not specified in API or module is interpreted by Avi Controller as False. | |
| send_close_notify 
                    boolean
                                                                 | 
 | Send 'close notify' alert message for a clean shutdown of the ssl connection. Default value when not specified in API or module is interpreted by Avi Controller as True. | |
| ssl_rating 
                    -
                                                                 | Sslrating settings for sslprofile. | ||
| ssl_session_timeout 
                    -
                                                                 | The amount of time in seconds before an ssl session expires. Default value when not specified in API or module is interpreted by Avi Controller as 86400. | ||
| state 
                    -
                                                                 | 
 | The state that should be applied on the entity. | |
| tags 
                    -
                                                                 | List of tag. | ||
| tenant 
                    string
                                                                 | Default: "admin" | Name of tenant used for all Avi API calls and context of object. | |
| tenant_ref 
                    -
                                                                 | It is a reference to an object of type tenant. | ||
| tenant_uuid 
                    string
                                                                 | Default: "" | UUID of tenant used for all Avi API calls and context of object. | |
| type 
                    -
                                                                 added in 2.6 | Ssl profile type. Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. Field introduced in 17.2.8. Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION. | ||
| url 
                    -
                                                                 | Avi controller URL of the object. | ||
| username 
                    string
                                                                 | Default: "" | Username used for accessing Avi controller. The default value is the environment variable  AVI_USERNAME. | |
| uuid 
                    -
                                                                 | Unique object identifier of the object. | ||
Notes¶
Note
- For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.
Examples¶
- name: Create SSL profile with list of allowed ciphers
  avi_sslprofile:
    controller: '{{ controller }}'
    username: '{{ username }}'
    password: '{{ password }}'
    accepted_ciphers: >
      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
      AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
      AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
      ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
    accepted_versions:
    - type: SSL_VERSION_TLS1
    - type: SSL_VERSION_TLS1_1
    - type: SSL_VERSION_TLS1_2
    cipher_enums:
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_RSA_WITH_AES_128_CBC_SHA256
    - TLS_RSA_WITH_AES_256_CBC_SHA256
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_3DES_EDE_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    name: PFS-BOTH-RSA-EC
    send_close_notify: true
    ssl_rating:
      compatibility_rating: SSL_SCORE_EXCELLENT
      performance_rating: SSL_SCORE_EXCELLENT
      security_score: '100.0'
    tenant_ref: Demo
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | 
|---|---|---|
| obj 
                  dictionary
                                       | success, changed | SSLProfile (api/sslprofile) object | 
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
