avi_virtualservice - Module for setup of VirtualService Avi RESTful Object
New in version 2.3.
Synopsis
- This module is used to configure VirtualService object
- more examples at https://github.com/avinetworks/devops
Requirements (on host that executes module)
- avisdk
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| active_standby_se_tag | no | This configuration only applies if the virtualservice is in legacy active standby ha mode and load distribution among active standby is enabled. This field is used to tag the virtualservice so that virtualservices with the same tag will share the same active serviceengine. Virtualservices with different tags will have different active serviceengines. If one of the serviceengine's in the serviceenginegroup fails, all virtualservices will end up using the same active serviceengine. Redistribution of the virtualservices can be either manual or automated when the failed serviceengine recovers. Redistribution is based on the auto redistribute property of the serviceenginegroup. Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2. Default value when not specified in API or module is interpreted by Avi Controller as ACTIVE_STANDBY_SE_1. | ||
| analytics_policy | no | Determines analytics settings for the application. | ||
| analytics_profile_ref | no | Specifies settings related to analytics. It is a reference to an object of type analyticsprofile. | ||
| api_version | no | Avi API version of to use for Avi API and objects. | ||
| application_profile_ref | no | Enable application layer specific features for the virtual service. It is a reference to an object of type applicationprofile. | ||
| auto_allocate_floating_ip | no | Auto-allocate floating/elastic ip from the cloud infrastructure. Field deprecated in 17.1.1. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| auto_allocate_ip | no | Auto-allocate vip from the provided subnet. Field deprecated in 17.1.1. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| availability_zone | no | Availability-zone to place the virtual service. Field deprecated in 17.1.1. | ||
| avi_allocated_fip | no | (internal-use) fip allocated by avi in the cloud infrastructure. Field deprecated in 17.1.1. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| avi_allocated_vip | no | (internal-use) vip allocated by avi in the cloud infrastructure. Field deprecated in 17.1.1. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| client_auth | no | Http authentication configuration for protected resources. | ||
| cloud_config_cksum | no | Checksum of cloud configuration for vs. Internally set by cloud connector. | ||
| cloud_ref | no | It is a reference to an object of type cloud. | ||
| cloud_type | no | Enum options - cloud_none, cloud_vcenter, cloud_openstack, cloud_aws, cloud_vca, cloud_apic, cloud_mesos, cloud_linuxserver, cloud_docker_ucp, cloud_rancher, cloud_oshift_k8s. Default value when not specified in API or module is interpreted by Avi Controller as CLOUD_NONE. | ||
| connections_rate_limit | no | Rate limit the incoming connections to this virtual service. | ||
| content_rewrite | no | Profile used to match and rewrite strings in request and/or response body. | ||
| controller | no | IP address or hostname of the controller. The default value is the environment variable AVI_CONTROLLER. | ||
| created_by | no | Creator name. | ||
| delay_fairness | no | Select the algorithm for qos fairness. This determines how multiple virtual services sharing the same service engines will prioritize traffic over a congested network. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| description | no | User defined description for the object. | ||
| discovered_network_ref | no | (internal-use) discovered networks providing reachability for client facing virtual service ip. This field is deprecated. It is a reference to an object of type network. Field deprecated in 17.1.1. | ||
| discovered_networks | no | (internal-use) discovered networks providing reachability for client facing virtual service ip. This field is used internally by avi, not editable by the user. Field deprecated in 17.1.1. | ||
| discovered_subnet | no | (internal-use) discovered subnets providing reachability for client facing virtual service ip. This field is deprecated. Field deprecated in 17.1.1. | ||
| dns_info | no | Service discovery specific data including fully qualified domain name, type and time-to-live of the dns record. Note that only one of fqdn and dns_info setting is allowed. | ||
| dns_policies (added in 2.4)
| no | Dns policies applied on the dns traffic of the virtual service. Field introduced in 17.1.1. | ||
| east_west_placement | no | Force placement on all se's in service group (mesos mode only). Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| enable_autogw | no | Response traffic to clients will be sent back to the source mac address of the connection, rather than statically sent to a default gateway. Default value when not specified in API or module is interpreted by Avi Controller as True. | ||
| enable_rhi | no | Enable route health injection using the bgp config in the vrf context. | ||
| enable_rhi_snat | no | Enable route health injection for source nat'ted floating ip address using the bgp config in the vrf context. | ||
| enabled | no | Enable or disable the virtual service. Default value when not specified in API or module is interpreted by Avi Controller as True. | ||
| floating_ip | no | Floating ip to associate with this virtual service. Field deprecated in 17.1.1. | ||
| floating_subnet_uuid | no | If auto_allocate_floating_ip is true and more than one floating-ip subnets exist, then the subnet for the floating ip address allocation. This field is applicable only if the virtualservice belongs to an openstack or aws cloud. In openstack or aws cloud it is required when auto_allocate_floating_ip is selected. Field deprecated in 17.1.1. | ||
| flow_dist | no | Criteria for flow distribution among ses. Enum options - LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT. Default value when not specified in API or module is interpreted by Avi Controller as LOAD_AWARE. | ||
| flow_label_type | no | Criteria for flow labelling. Enum options - NO_LABEL, SERVICE_LABEL. Default value when not specified in API or module is interpreted by Avi Controller as NO_LABEL. | ||
| fqdn | no | Dns resolvable, fully qualified domain name of the virtualservice. Only one of 'fqdn' and 'dns_info' configuration is allowed. | ||
| host_name_xlate | no | Translate the host name sent to the servers to this value. Translate the host name sent from servers back to the value used by the client. | ||
| http_policies | no | Http policies applied on the data traffic of the virtual service. | ||
| ign_pool_net_reach | no | Ignore pool servers network reachability constraints for virtual service placement. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| ip_address | no | Ip address of the virtual service. Field deprecated in 17.1.1. | ||
| ipam_network_subnet | no | Subnet and/or network for allocating virtualservice ip by ipam provider module. | ||
| limit_doser | no | Limit potential dos attackers who exceed max_cps_per_client significantly to a fraction of max_cps_per_client for a while. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| max_cps_per_client | no | Maximum connections per second per client ip. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by Avi Controller as 0. | ||
| microservice_ref | no | Microservice representing the virtual service. It is a reference to an object of type microservice. | ||
| name | yes | Name for the virtual service. | ||
| network_profile_ref | no | Determines network settings such as protocol, tcp or udp, and related options for the protocol. It is a reference to an object of type networkprofile. | ||
| network_ref | no | Manually override the network on which the virtual service is placed. It is a reference to an object of type network. Field deprecated in 17.1.1. | ||
| network_security_policy_ref | no | Network security policies for the virtual service. It is a reference to an object of type networksecuritypolicy. | ||
| nsx_securitygroup (added in 2.4)
| no | A list of nsx service groups representing the clients which can access the virtual ip of the virtual service. Field introduced in 17.1.1. | ||
| password | no | Password of Avi user in Avi controller. The default value is the environment variable AVI_PASSWORD. | ||
| performance_limits | no | Optional settings that determine performance limits like max connections or bandwdith etc. | ||
| pool_group_ref | no | The pool group is an object that contains pools. It is a reference to an object of type poolgroup. | ||
| pool_ref | no | The pool is an object that contains destination servers and related attributes such as load-balancing and persistence. It is a reference to an object of type pool. | ||
| port_uuid | no | (internal-use) network port assigned to the virtual service ip address. Field deprecated in 17.1.1. | ||
| remove_listening_port_on_vs_down | no | Remove listening port if virtualservice is down. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| requests_rate_limit | no | Rate limit the incoming requests to this virtual service. | ||
| scaleout_ecmp | no | Disable re-distribution of flows across service engines for a virtual service. Enable if the network itself performs flow hashing with ecmp in environments such as gcp. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| se_group_ref | no | The service engine group to use for this virtual service. Moving to a new se group is disruptive to existing connections for this vs. It is a reference to an object of type serviceenginegroup. | ||
| server_network_profile_ref | no | Determines the network settings profile for the server side of tcp proxied connections. Leave blank to use the same settings as the client to vs side of the connection. It is a reference to an object of type networkprofile. | ||
| service_metadata (added in 2.4)
| no | Metadata pertaining to the service provided by this virtual service. In openshift/kubernetes environments, egress pod info is stored. Any user input to this field will be overwritten by avi vantage. | ||
| service_pool_select | no | Select pool based on destination port. | ||
| services | no | List of services defined for this virtual service. | ||
| sideband_profile (added in 2.4)
| no | Sideband configuration to be used for this virtualservice.it can be used for sending traffic to sideband vips for external inspection etc. | ||
| snat_ip | no | Nat'ted floating source ip address(es) for upstream connection to servers. | ||
| ssl_key_and_certificate_refs | no | Select or create one or two certificates, ec and/or rsa, that will be presented to ssl/tls terminated connections. It is a reference to an object of type sslkeyandcertificate. | ||
| ssl_profile_ref | no | Determines the set of ssl versions and ciphers to accept for ssl/tls terminated connections. It is a reference to an object of type sslprofile. | ||
| ssl_sess_cache_avg_size | no | Expected number of ssl session cache entries (may be exceeded). Allowed values are 1024-16383. Default value when not specified in API or module is interpreted by Avi Controller as 1024. | ||
| state | no | present |
| The state that should be applied on the entity. |
| static_dns_records | no | List of static dns records applied to this virtual service. These are static entries and no health monitoring is performed against the ip addresses. | ||
| subnet | no | Subnet providing reachability for client facing virtual service ip. Field deprecated in 17.1.1. | ||
| subnet_uuid | no | It represents subnet for the virtual service ip address allocation when auto_allocate_ip is true.it is only applicable in openstack or aws cloud. This field is required if auto_allocate_ip is true. Field deprecated in 17.1.1. | ||
| tenant | no | admin | Name of tenant used for all Avi API calls and context of object. | |
| tenant_ref | no | It is a reference to an object of type tenant. | ||
| tenant_uuid | no | UUID of tenant used for all Avi API calls and context of object. | ||
| traffic_clone_profile_ref (added in 2.4)
| no | Server network or list of servers for cloning traffic. It is a reference to an object of type trafficcloneprofile. Field introduced in 17.1.1. | ||
| type | no | Specify if this is a normal virtual service, or if it is the parent or child of an sni-enabled virtual hosted virtual service. Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD. Default value when not specified in API or module is interpreted by Avi Controller as VS_TYPE_NORMAL. | ||
| url | no | Avi controller URL of the object. | ||
| use_bridge_ip_as_vip | no | Use bridge ip as vip on each host in mesos deployments. Default value when not specified in API or module is interpreted by Avi Controller as False. | ||
| username | no | Username used for accessing Avi controller. The default value is the environment variable AVI_USERNAME. | ||
| uuid | no | Uuid of the virtualservice. | ||
| vh_domain_name | no | The exact name requested from the client's sni-enabled tls hello domain name field. If this is a match, the parent vs will forward the connection to this child vs. | ||
| vh_parent_vs_uuid | no | Specifies the virtual service acting as virtual hosting (sni) parent. | ||
| vip (added in 2.4)
| no | List of virtual service ips. While creating a 'shared vs',please use vsvip_ref to point to the shared entities. Field introduced in 17.1.1. | ||
| vrf_context_ref | no | Virtual routing context that the virtual service is bound to. This is used to provide the isolation of the set of networks the application is attached to. It is a reference to an object of type vrfcontext. | ||
| vs_datascripts | no | Datascripts applied on the data traffic of the virtual service. | ||
| vsvip_ref (added in 2.4)
| no | Mostly used during the creation of shared vs, this fieldrefers to entities that can be shared across virtual services. It is a reference to an object of type vsvip. Field introduced in 17.1.1. | ||
| weight | no | The quality of service weight to assign to traffic transmitted from this virtual service. A higher weight will prioritize traffic versus other virtual services sharing the same service engines. Default value when not specified in API or module is interpreted by Avi Controller as 1. |
Examples
- name: Create SSL Virtual Service using Pool testpool2
avi_virtualservice:
controller: 10.10.27.90
username: admin
password: AviNetworks123!
name: newtestvs
state: present
performance_limits:
max_concurrent_connections: 1000
services:
- port: 443
enable_ssl: true
- port: 80
ssl_profile_ref: '/api/sslprofile?name=System-Standard'
application_profile_ref: '/api/applicationprofile?name=System-Secure-HTTP'
ssl_key_and_certificate_refs:
- '/api/sslkeyandcertificate?name=System-Default-Cert'
ip_address:
addr: 10.90.131.103
type: V4
pool_ref: '/api/pool?name=testpool2'
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| obj | VirtualService (api/virtualservice) object | success, changed | dict |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/avi_virtualservice_module.html