New in version 2.0.
Set up, reconfigure, or remove SSL termination for an existing load balancer.
- python >= 2.6
- pyrax
parameter | required | default | choices | comments |
---|---|---|---|---|
api_key |
no | Rackspace API key (overrides credentials) aliases: password | ||
certificate |
no | The public SSL certificates as a string in PEM format. | ||
credentials |
no | File to find the Rackspace credentials in (ignored if api_key and username are provided) aliases: creds_file | ||
enabled |
no | True | If set to "false", temporarily disable SSL termination without discarding existing credentials. | |
env (added in 1.5) |
no | Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration | ||
https_redirect |
no | If "true", the load balancer will redirect HTTP traffic to HTTPS. Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL termination is also applied or removed. | ||
intermediate_certificate |
no | One or more intermediate certificate authorities as a string in PEM format, concatenated into a single string. | ||
loadbalancer |
yes | Name or ID of the load balancer on which to manage SSL termination. | ||
private_key |
no | The private SSL key as a string in PEM format. | ||
region |
no | DFW | Region to create an instance in | |
secure_port |
no | 443 | The port to listen for secure traffic. | |
secure_traffic_only |
no | If "true", the load balancer will *only* accept secure traffic. | ||
state |
no | present |
|
If set to "present", SSL termination will be added to this load balancer. If "absent", SSL termination will be removed instead. |
username |
no | Rackspace username (overrides credentials) | ||
verify_ssl (added in 1.5) |
no | Whether or not to require SSL validation of API endpoints | ||
wait |
no | Wait for the balancer to be in state "running" before turning. | ||
wait_timeout |
no | 300 | How long before "wait" gives up, in seconds. |
- name: Enable SSL termination on a load balancer rax_clb_ssl: loadbalancer: the_loadbalancer state: present private_key: "{{ lookup('file', 'credentials/server.key' ) }}" certificate: "{{ lookup('file', 'credentials/server.crt' ) }}" intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}" secure_traffic_only: true wait: true - name: Disable SSL termination rax_clb_ssl: loadbalancer: "{{ registered_lb.balancer.id }}" state: absent wait: true
Note
The following environment variables can be used, RAX_USERNAME
, RAX_API_KEY
, RAX_CREDS_FILE
, RAX_CREDENTIALS
, RAX_REGION
.
Note
RAX_CREDENTIALS
and RAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating
Note
RAX_USERNAME
and RAX_API_KEY
obviate the use of a credentials file
Note
RAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, ...)
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.