community.network.avi_sslprofile – Module for setup of SSLProfile Avi RESTful Object

Note

This plugin is part of the community.network collection (version 3.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.avi_sslprofile.

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • avisdk

Parameters

Parameter Choices/Defaults Comments
accepted_ciphers
string
Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html.
Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
accepted_versions
string
Set of versions accepted by the server.
api_context
dictionary
Avi API context that includes current session ID and CSRF Token.
This allows user to perform single login and re-use the session.
api_version
string
Default:
"16.4.4"
Avi API version of to use for Avi API and objects.
avi_api_patch_op
string
    Choices:
  • add
  • replace
  • delete
Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method
string
    Choices:
  • put
  • patch
Default method for object update is HTTP PUT.
Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials
dictionary
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
api_version
string
Default:
"16.4.4"
Avi controller version
controller
string
Avi controller IP or SQDN
csrftoken
string
Avi controller API csrftoken to reuse existing session with session id
password
string
Avi controller password
port
string
Avi controller port
session_id
string
Avi controller API session id to reuse existing session with csrftoken
tenant
string
Default:
"admin"
Avi controller tenant
tenant_uuid
string
Avi controller tenant UUID
timeout
string
Default:
300
Avi controller request timeout
token
string
Avi controller API token
username
string
Avi controller username
avi_disable_session_cache_as_fact
boolean
    Choices:
  • no
  • yes
It disables avi session information to be cached as a fact.
cipher_enums
string
Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256,
tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384,
tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384,
tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha,
tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha,
tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
controller
string
Default:
""
IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER.
description
string
User defined description for the object.
dhparam
string
Dh parameters used in ssl.
At this time, it is not configurable and is set to 2048 bits.
enable_ssl_session_reuse
boolean
    Choices:
  • no
  • yes
Enable ssl session re-use.
Default value when not specified in API or module is interpreted by Avi Controller as True.
name
string / required
Name of the object.
password
string
Default:
""
Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD.
prefer_client_cipher_ordering
boolean
    Choices:
  • no
  • yes
Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile.
Default value when not specified in API or module is interpreted by Avi Controller as False.
send_close_notify
boolean
    Choices:
  • no
  • yes
Send 'close notify' alert message for a clean shutdown of the ssl connection.
Default value when not specified in API or module is interpreted by Avi Controller as True.
ssl_rating
string
Sslrating settings for sslprofile.
ssl_session_timeout
string
The amount of time in seconds before an ssl session expires.
Default value when not specified in API or module is interpreted by Avi Controller as 86400.
state
string
    Choices:
  • absent
  • present
The state that should be applied on the entity.
tags
string
List of tag.
tenant
string
Default:
"admin"
Name of tenant used for all Avi API calls and context of object.
tenant_ref
string
It is a reference to an object of type tenant.
tenant_uuid
string
Default:
""
UUID of tenant used for all Avi API calls and context of object.
type
string
Ssl profile type.
Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM.
Field introduced in 17.2.8.
Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION.
url
string
Avi controller URL of the object.
username
string
Default:
""
Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME.
uuid
string
Unique object identifier of the object.

Notes

Note

Examples

- name: Create SSL profile with list of allowed ciphers
  community.network.avi_sslprofile:
    controller: '{{ controller }}'
    username: '{{ username }}'
    password: '{{ password }}'
    accepted_ciphers: >
      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
      AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
      AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
      ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
    accepted_versions:
    - type: SSL_VERSION_TLS1
    - type: SSL_VERSION_TLS1_1
    - type: SSL_VERSION_TLS1_2
    cipher_enums:
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_RSA_WITH_AES_128_CBC_SHA256
    - TLS_RSA_WITH_AES_256_CBC_SHA256
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_3DES_EDE_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    name: PFS-BOTH-RSA-EC
    send_close_notify: true
    ssl_rating:
      compatibility_rating: SSL_SCORE_EXCELLENT
      performance_rating: SSL_SCORE_EXCELLENT
      security_score: '100.0'
    tenant_ref: Demo

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
obj
dictionary
success, changed
SSLProfile (api/sslprofile) object



Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/network/avi_sslprofile_module.html