rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer¶
Requirements¶
The below requirements are needed on the host that executes this module.
- pyrax
- python >= 2.6
Parameters¶
| Parameter | Choices/Defaults | Comments | 
|---|---|---|
| api_key 
                    string
                                                                 | Rackspace API key, overrides credentials. aliases: password | |
| auth_endpoint 
                    -
                                                                 | Default: "https://identity.api.rackspacecloud.com/v2.0/" | The URI of the authentication service. | 
| certificate 
                    -
                                                                 | The public SSL certificates as a string in PEM format. | |
| credentials 
                    path
                                                                 | File to find the Rackspace credentials in. Ignored if api_key and username are provided. aliases: creds_file | |
| enabled 
                    boolean
                                                                 | 
 | If set to "false", temporarily disable SSL termination without discarding existing credentials. | 
| env 
                    string
                                                                 | Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration. | |
| https_redirect 
                    boolean
                                                                 | 
 | If "true", the load balancer will redirect HTTP traffic to HTTPS. Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL termination is also applied or removed. | 
| identity_type 
                    -
                                                                 | Default: "rackspace" | Authentication mechanism to use, such as rackspace or keystone. | 
| intermediate_certificate 
                    -
                                                                 | One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string. | |
| loadbalancer 
                    -
                                             / required                     | Name or ID of the load balancer on which to manage SSL termination. | |
| private_key 
                    -
                                                                 | The private SSL key as a string in PEM format. | |
| region 
                    string
                                                                 | Default: "DFW" | Region to create an instance in. | 
| secure_port 
                    -
                                                                 | Default: 443 | The port to listen for secure traffic. | 
| secure_traffic_only 
                    boolean
                                                                 | 
 | If "true", the load balancer will *only* accept secure traffic. | 
| state 
                    -
                                                                 | 
 | If set to "present", SSL termination will be added to this load balancer. If "absent", SSL termination will be removed instead. | 
| tenant_id 
                    -
                                                                 | The tenant ID used for authentication. | |
| tenant_name 
                    -
                                                                 | The tenant name used for authentication. | |
| username 
                    string
                                                                 | Rackspace username, overrides credentials. | |
| validate_certs 
                    boolean
                                                                 | 
 | Whether or not to require SSL validation of API endpoints. aliases: verify_ssl | 
| wait 
                    boolean
                                                                 | 
 | Wait for the balancer to be in state "running" before turning. | 
| wait_timeout 
                    -
                                                                 | Default: 300 | How long before "wait" gives up, in seconds. | 
Notes¶
Note
- The following environment variables can be used, RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION.
- RAX_CREDENTIALSand- RAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
- RAX_USERNAMEand- RAX_API_KEYobviate the use of a credentials file
- RAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
- The following environment variables can be used, RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION.
- RAX_CREDENTIALSand- RAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
- RAX_USERNAMEand- RAX_API_KEYobviate the use of a credentials file
- RAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
Examples¶
- name: Enable SSL termination on a load balancer
  rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true
- name: Disable SSL termination
  rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Ash Wilson (@smashwilson)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
