Documentation

rax_clb_ssl - Manage SSL termination for a Rackspace Cloud Load Balancer.

New in version 2.0.

Synopsis

Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements (on host that executes module)

  • python >= 2.6
  • pyrax

Options

parameter required default choices comments
api_key
no
    Rackspace API key (overrides credentials)

    aliases: password
    certificate
    no
      The public SSL certificates as a string in PEM format.
      credentials
      no
        File to find the Rackspace credentials in (ignored if api_key and username are provided)

        aliases: creds_file
        enabled
        no True
          If set to "false", temporarily disable SSL termination without discarding
          existing credentials.
          env
          (added in 1.5)
          no
            https_redirect
            no
              If "true", the load balancer will redirect HTTP traffic to HTTPS.
              Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
              termination is also applied or removed.
              intermediate_certificate
              no
                One or more intermediate certificate authorities as a string in PEM
                format, concatenated into a single string.
                loadbalancer
                yes
                  Name or ID of the load balancer on which to manage SSL termination.
                  private_key
                  no
                    The private SSL key as a string in PEM format.
                    region
                    no DFW
                      Region to create an instance in
                      secure_port
                      no 443
                        The port to listen for secure traffic.
                        secure_traffic_only
                        no
                          If "true", the load balancer will *only* accept secure traffic.
                          state
                          no present
                          • present
                          • absent
                          If set to "present", SSL termination will be added to this load balancer.
                          If "absent", SSL termination will be removed instead.
                          username
                          no
                            Rackspace username (overrides credentials)
                            verify_ssl
                            (added in 1.5)
                            no
                              Whether or not to require SSL validation of API endpoints
                              wait
                              no
                                Wait for the balancer to be in state "running" before turning.
                                wait_timeout
                                no 300
                                  How long before "wait" gives up, in seconds.

                                  Examples

                                  - name: Enable SSL termination on a load balancer
                                    rax_clb_ssl:
                                      loadbalancer: the_loadbalancer
                                      state: present
                                      private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
                                      certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
                                      intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
                                      secure_traffic_only: true
                                      wait: true
                                  
                                  - name: Disable SSL termination
                                    rax_clb_ssl:
                                      loadbalancer: "{{ registered_lb.balancer.id }}"
                                      state: absent
                                      wait: true
                                  

                                  Notes

                                  Note

                                  The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

                                  Note

                                  RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

                                  Note

                                  RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

                                  Note

                                  RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, ...)

                                  This is an Extras Module

                                  For more information on what this means please read Extras Modules

                                  For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.