Documentation

rax_clb_ssl - Manage SSL termination for a Rackspace Cloud Load Balancer.

New in version 2.0.

Synopsis

  • Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements

The below requirements are needed on the host that executes this module.

  • pyrax
  • python >= 2.6

Parameters

Parameter
Choices/Defaults
Comments
api_key
Rackspace API key, overrides credentials.

aliases: password
auth_endpoint
(added in 1.5)
Default:
https://identity.api.rackspacecloud.com/v2.0/
The URI of the authentication service.
certificate
The public SSL certificates as a string in PEM format.
credentials
File to find the Rackspace credentials in. Ignored if api_key and username are provided.

aliases: creds_file
enabled
Default:
yes
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
env
(added in 1.5)
https_redirect
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
identity_type
(added in 1.5)
Default:
rackspace
Authentication mechanism to use, such as rackspace or keystone.
intermediate_certificate
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
loadbalancer
required
Name or ID of the load balancer on which to manage SSL termination.
private_key
The private SSL key as a string in PEM format.
region
Default:
DFW
Region to create an instance in.
secure_port
Default:
443
The port to listen for secure traffic.
secure_traffic_only
Default:
no
If "true", the load balancer will *only* accept secure traffic.
state
    Choices:
  • present ←
  • absent
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
tenant_id
(added in 1.5)
The tenant ID used for authentication.
tenant_name
(added in 1.5)
The tenant name used for authentication.
username
Rackspace username, overrides credentials.
verify_ssl
(added in 1.5)
Whether or not to require SSL validation of API endpoints.
wait
Default:
no
Wait for the balancer to be in state "running" before turning.
wait_timeout
Default:
300
How long before "wait" gives up, in seconds.

Notes

Note

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.
  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file
  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)
  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.
  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file
  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

Examples

- name: Enable SSL termination on a load balancer
  rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

  • Ash Wilson

Hint

If you notice any issues in this documentation you can edit this document to improve it.