community.network.avi_sslprofile – Module for setup of SSLProfile Avi RESTful Object

Note

This plugin is part of the community.network collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.avi_sslprofile.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis

This module is used to configure SSLProfile object
more examples at https://github.com/avinetworks/devops

Requirements

The below requirements are needed on the host that executes this module.

avisdk

Parameters

Parameter		Choices/Defaults	Comments
accepted_ciphers string			Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
accepted_versions string			Set of versions accepted by the server.
api_context dictionary			Avi API context that includes current session ID and CSRF Token. This allows user to perform single login and re-use the session.
api_version string		Default: "16.4.4"	Avi API version of to use for Avi API and objects.
avi_api_patch_op string		Choices: add replace delete	Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method string		Choices: put ← patch	Default method for object update is HTTP PUT. Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials dictionary			Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
	api_version string	Default: "16.4.4"	Avi controller version
	controller string		Avi controller IP or SQDN
	csrftoken string		Avi controller API csrftoken to reuse existing session with session id
	password string		Avi controller password
	port string		Avi controller port
	session_id string		Avi controller API session id to reuse existing session with csrftoken
	tenant string	Default: "admin"	Avi controller tenant
	tenant_uuid string		Avi controller tenant UUID
	timeout string	Default: 300	Avi controller request timeout
	token string		Avi controller API token
	username string		Avi controller username
avi_disable_session_cache_as_fact boolean		Choices: no ← yes	It disables avi session information to be cached as a fact.
cipher_enums string			Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
controller string		Default: ""	IP address or hostname of the controller. The default value is the environment variable `AVI_CONTROLLER`.
description string			User defined description for the object.
dhparam string			Dh parameters used in ssl. At this time, it is not configurable and is set to 2048 bits.
enable_ssl_session_reuse boolean		Choices: no yes	Enable ssl session re-use. Default value when not specified in API or module is interpreted by Avi Controller as True.
name string / required			Name of the object.
password string		Default: ""	Password of Avi user in Avi controller. The default value is the environment variable `AVI_PASSWORD`.
prefer_client_cipher_ordering boolean		Choices: no yes	Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. Default value when not specified in API or module is interpreted by Avi Controller as False.
send_close_notify boolean		Choices: no yes	Send 'close notify' alert message for a clean shutdown of the ssl connection. Default value when not specified in API or module is interpreted by Avi Controller as True.
ssl_rating string			Sslrating settings for sslprofile.
ssl_session_timeout string			The amount of time in seconds before an ssl session expires. Default value when not specified in API or module is interpreted by Avi Controller as 86400.
state string		Choices: absent present ←	The state that should be applied on the entity.
tags string			List of tag.
tenant string		Default: "admin"	Name of tenant used for all Avi API calls and context of object.
tenant_ref string			It is a reference to an object of type tenant.
tenant_uuid string		Default: ""	UUID of tenant used for all Avi API calls and context of object.
type string			Ssl profile type. Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. Field introduced in 17.2.8. Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION.
url string			Avi controller URL of the object.
username string		Default: ""	Username used for accessing Avi controller. The default value is the environment variable `AVI_USERNAME`.
uuid string			Unique object identifier of the object.

Notes

Note

For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.

Examples

- name: Create SSL profile with list of allowed ciphers
  community.network.avi_sslprofile:
    controller: '{{ controller }}'
    username: '{{ username }}'
    password: '{{ password }}'
    accepted_ciphers: >
      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
      AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
      AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
      ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
    accepted_versions:
    - type: SSL_VERSION_TLS1
    - type: SSL_VERSION_TLS1_1
    - type: SSL_VERSION_TLS1_2
    cipher_enums:
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_RSA_WITH_AES_128_CBC_SHA256
    - TLS_RSA_WITH_AES_256_CBC_SHA256
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_3DES_EDE_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    name: PFS-BOTH-RSA-EC
    send_close_notify: true
    ssl_rating:
      compatibility_rating: SSL_SCORE_EXCELLENT
      performance_rating: SSL_SCORE_EXCELLENT
      security_score: '100.0'
    tenant_ref: Demo

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
obj dictionary	success, changed	SSLProfile (api/sslprofile) object

Authors

Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/avi_sslprofile_module.html