ngine_io.cloudstack.cs_securitygroup_rule – Manages security group rules on Apache CloudStack based clouds.

Note

This plugin is part of the ngine_io.cloudstack collection (version 2.2.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ngine_io.cloudstack.

To use it in a playbook, specify: ngine_io.cloudstack.cs_securitygroup_rule.

New in version 0.1.0: of ngine_io.cloudstack

Synopsis

  • Add and remove security group rules.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • cs >= 0.9.0

Parameters

Parameter Choices/Defaults Comments
api_http_method
string
    Choices:
  • get
  • post
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
api_key
string / required
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
api_secret
string / required
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
api_timeout
integer
Default:
10
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
api_url
string / required
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
api_verify_ssl_cert
string
Verify CA authority cert file.
If not given, the CLOUDSTACK_VERIFY env variable is considered.
cidr
string
Default:
"0.0.0.0/0"
CIDR (full notation) to be used for security group rule.
end_port
integer
End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set.
icmp_code
integer
Error code for this icmp message. Required if protocol=icmp.
icmp_type
integer
Type of the icmp message being sent. Required if protocol=icmp.
poll_async
boolean
    Choices:
  • no
  • yes
Poll async jobs until job has finished.
project
string
Name of the project the security group to be created in.
protocol
string
    Choices:
  • tcp
  • udp
  • icmp
  • ah
  • esp
  • gre
Protocol of the security group rule.
security_group
string / required
Name of the security group the rule is related to. The security group must be existing.
start_port
integer
Start port for this rule. Required if protocol=tcp or protocol=udp.

aliases: port
state
string
    Choices:
  • present
  • absent
State of the security group rule.
type
string
    Choices:
  • ingress
  • egress
Ingress or egress security group rule.
user_security_group
string
Security group this rule is based of.

Notes

Note

  • A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
  • This module supports check mode.

Examples

---
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    port: 80
    cidr: 1.2.3.4/32

- name: allow tcp/udp outbound added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    type: egress
    start_port: 1
    end_port: 65535
    protocol: '{{ item }}'
  with_items:
  - tcp
  - udp

- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    protocol: icmp
    icmp_code: -1
    icmp_type: -1

- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    port: 80
    state: absent

- name: allow inbound port 80/tcp from security group web added to security group 'default'
  ngine_io.cloudstack.cs_securitygroup_rule:
    security_group: default
    port: 80
    user_security_group: web

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cidr
string
success and cidr is defined
CIDR of the rule.

Sample:
0.0.0.0/0
end_port
integer
success
end port of the rule.

Sample:
80
id
string
success
UUID of the of the rule.

Sample:
a6f7a5fc-43f8-11e5-a151-feff819cdc9f
protocol
string
success
protocol of the rule.

Sample:
tcp
security_group
string
success
security group of the rule.

Sample:
default
start_port
integer
success
start port of the rule.

Sample:
80
type
string
success
type of the rule.

Sample:
ingress
user_security_group
string
success and user_security_group is defined
user security group of the rule.

Sample:
default


Authors

  • René Moser (@resmo)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ngine_io/cloudstack/cs_securitygroup_rule_module.html