Note
This plugin is part of the ngine_io.cloudstack collection.
To install it use: ansible-galaxy collection install ngine_io.cloudstack.
To use it in a playbook, specify: ngine_io.cloudstack.cs_securitygroup_rule.
New in version 0.1.0: of ngine_io.cloudstack
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| api_http_method string |
| HTTP method used to query the API endpoint. If not given, the CLOUDSTACK_METHOD env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is get if not specified. |
| api_key string | API key of the CloudStack API. If not given, the CLOUDSTACK_KEY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
| api_region string | Default: "cloudstack" | Name of the ini section in the cloustack.ini file.If not given, the CLOUDSTACK_REGION env variable is considered. |
| api_secret string | Secret key of the CloudStack API. If not set, the CLOUDSTACK_SECRET env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
| api_timeout integer | HTTP timeout in seconds. If not given, the CLOUDSTACK_TIMEOUT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is 10 seconds if not specified. | |
| api_url string | URL of the CloudStack API e.g. https://cloud.example.com/client/api. If not given, the CLOUDSTACK_ENDPOINT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
| api_verify_ssl_cert string | CA authority cert file. If not given, the CLOUDSTACK_VERIFY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is null if not specified. | |
| cidr string | Default: "0.0.0.0/0" | CIDR (full notation) to be used for security group rule. |
| end_port integer | End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set. | |
| icmp_code integer | Error code for this icmp message. Required if protocol=icmp. | |
| icmp_type integer | Type of the icmp message being sent. Required if protocol=icmp. | |
| poll_async boolean |
| Poll async jobs until job has finished. |
| project string | Name of the project the security group to be created in. | |
| protocol string |
| Protocol of the security group rule. |
| security_group string / required | Name of the security group the rule is related to. The security group must be existing. | |
| start_port integer | Start port for this rule. Required if protocol=tcp or protocol=udp. aliases: port | |
| state string |
| State of the security group rule. |
| type string |
| Ingress or egress security group rule. |
| user_security_group string | Security group this rule is based of. |
Note
cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. A CLOUDSTACK_CONFIG environment variable pointing to an .ini file. A cloudstack.ini file in the current working directory. A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.---
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
port: 80
cidr: 1.2.3.4/32
- name: allow tcp/udp outbound added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
type: egress
start_port: 1
end_port: 65535
protocol: '{{ item }}'
with_items:
- tcp
- udp
- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
protocol: icmp
icmp_code: -1
icmp_type: -1
- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
port: 80
state: absent
- name: allow inbound port 80/tcp from security group web added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
port: 80
user_security_group: web
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| cidr string | success and cidr is defined | CIDR of the rule. Sample: 0.0.0.0/0 |
| end_port integer | success | end port of the rule. Sample: 80 |
| id string | success | UUID of the of the rule. Sample: a6f7a5fc-43f8-11e5-a151-feff819cdc9f |
| protocol string | success | protocol of the rule. Sample: tcp |
| security_group string | success | security group of the rule. Sample: default |
| start_port integer | success | start port of the rule. Sample: 80 |
| type string | success | type of the rule. Sample: ingress |
| user_security_group string | success and user_security_group is defined | user security group of the rule. Sample: default |
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ngine_io/cloudstack/cs_securitygroup_rule_module.html