cs_securitygroup_rule - Manages security group rules on Apache CloudStack based clouds.
New in version 2.0.
Synopsis
- Add and remove security group rules.
Requirements (on host that executes module)
- python >= 2.6
- cs >= 0.6.10
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| api_http_method | no | get |
| HTTP method used. |
| api_key | no | API key of the CloudStack API. | ||
| api_region | no | cloudstack | Name of the ini section in the cloustack.ini file. | |
| api_secret | no | Secret key of the CloudStack API. | ||
| api_timeout | no | 10 | HTTP timeout. | |
| api_url | no | URL of the CloudStack API e.g. https://cloud.example.com/client/api. | ||
| cidr | no | 0.0.0.0/0 | CIDR (full notation) to be used for security group rule. | |
| end_port | no | End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set. | ||
| icmp_code | no | Error code for this icmp message. Required if protocol=icmp. | ||
| icmp_type | no | Type of the icmp message being sent. Required if protocol=icmp. | ||
| poll_async | no | True | Poll async jobs until job has finished. | |
| project | no | Name of the project the security group to be created in. | ||
| protocol | no | tcp |
| Protocol of the security group rule. |
| security_group | yes | Name of the security group the rule is related to. The security group must be existing. | ||
| start_port | no | Start port for this rule. Required if protocol=tcp or protocol=udp.aliases: port | ||
| state | no | present |
| State of the security group rule. |
| type | no | ingress |
| Ingress or egress security group rule. |
| user_security_group | no | Security group this rule is based of. |
Examples
---
# Allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
- local_action:
module: cs_securitygroup_rule
security_group: default
port: 80
cidr: 1.2.3.4/32
# Allow tcp/udp outbound added to security group 'default'
- local_action:
module: cs_securitygroup_rule
security_group: default
type: egress
start_port: 1
end_port: 65535
protocol: '{{ item }}'
with_items:
- tcp
- udp
# Allow inbound icmp from 0.0.0.0/0 added to security group 'default'
- local_action:
module: cs_securitygroup_rule
security_group: default
protocol: icmp
icmp_code: -1
icmp_type: -1
# Remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
- local_action:
module: cs_securitygroup_rule
security_group: default
port: 80
state: absent
# Allow inbound port 80/tcp from security group web added to security group 'default'
- local_action:
module: cs_securitygroup_rule
security_group: default
port: 80
user_security_group: web
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| cidr | CIDR of the rule. | success and cidr is defined | string | 0.0.0.0/0 |
| end_port | end port of the rule. | success | int | 80 |
| id | UUID of the of the rule. | success | string | a6f7a5fc-43f8-11e5-a151-feff819cdc9f |
| protocol | protocol of the rule. | success | string | tcp |
| security_group | security group of the rule. | success | string | default |
| start_port | start port of the rule. | success | int | 80 |
| type | type of the rule. | success | string | ingress |
| user_security_group | user security group of the rule. | success and user_security_group is defined | string | default |
Notes
Note
- Ansible uses the
cslibrary’s configuration method if credentials are not provided by the argumentsapi_url,api_key,api_secret. Configuration is read from several locations, in the following order. - TheCLOUDSTACK_ENDPOINT,CLOUDSTACK_KEY,CLOUDSTACK_SECRETandCLOUDSTACK_METHOD.CLOUDSTACK_TIMEOUTenvironment variables. - ACLOUDSTACK_CONFIGenvironment variable pointing to an.inifile, - Acloudstack.inifile in the current working directory. - A.cloudstack.inifile in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections incloudstack.ini. Use the argumentapi_regionto select the section name, default section iscloudstack. See https://github.com/exoscale/cs for more information. - A detailed guide about cloudstack modules can be found on http://docs.ansible.com/ansible/guide_cloudstack.html
- This module supports check mode.
Status
This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/cs_securitygroup_rule_module.html