The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
api_http_method string |
| HTTP method used to query the API endpoint. If not given, the CLOUDSTACK_METHOD env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is get if not specified. |
api_key string | API key of the CloudStack API. If not given, the CLOUDSTACK_KEY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
api_region string | Default: "cloudstack" | Name of the ini section in the cloustack.ini file.If not given, the CLOUDSTACK_REGION env variable is considered. |
api_secret string | Secret key of the CloudStack API. If not set, the CLOUDSTACK_SECRET env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
api_timeout integer | HTTP timeout in seconds. If not given, the CLOUDSTACK_TIMEOUT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. Fallback value is 10 seconds if not specified. | |
api_url string | URL of the CloudStack API e.g. https://cloud.example.com/client/api. If not given, the CLOUDSTACK_ENDPOINT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes. | |
cidr string | Default: "0.0.0.0/0" | CIDR (full notation) to be used for security group rule. |
end_port integer | End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set. | |
icmp_code integer | Error code for this icmp message. Required if protocol=icmp. | |
icmp_type integer | Type of the icmp message being sent. Required if protocol=icmp. | |
poll_async boolean |
| Poll async jobs until job has finished. |
project string | Name of the project the security group to be created in. | |
protocol string |
| Protocol of the security group rule. |
security_group string / required | Name of the security group the rule is related to. The security group must be existing. | |
start_port integer | Start port for this rule. Required if protocol=tcp or protocol=udp. aliases: port | |
state string |
| State of the security group rule. |
type string |
| Ingress or egress security group rule. |
user_security_group string | Security group this rule is based of. |
Note
cs
library’s configuration method if credentials are not provided by the arguments api_url
, api_key
, api_secret
. Configuration is read from several locations, in the following order. The CLOUDSTACK_ENDPOINT
, CLOUDSTACK_KEY
, CLOUDSTACK_SECRET
and CLOUDSTACK_METHOD
. CLOUDSTACK_TIMEOUT
environment variables. A CLOUDSTACK_CONFIG
environment variable pointing to an .ini
file. A cloudstack.ini
file in the current working directory. A .cloudstack.ini
file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini
. Use the argument api_region
to select the section name, default section is cloudstack
. See https://github.com/exoscale/cs for more information.--- - name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default' cs_securitygroup_rule: security_group: default port: 80 cidr: 1.2.3.4/32 delegate_to: localhost - name: allow tcp/udp outbound added to security group 'default' cs_securitygroup_rule: security_group: default type: egress start_port: 1 end_port: 65535 protocol: '{{ item }}' with_items: - tcp - udp delegate_to: localhost - name: allow inbound icmp from 0.0.0.0/0 added to security group 'default' cs_securitygroup_rule: security_group: default protocol: icmp icmp_code: -1 icmp_type: -1 delegate_to: localhost - name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default' cs_securitygroup_rule: security_group: default port: 80 state: absent delegate_to: localhost - name: allow inbound port 80/tcp from security group web added to security group 'default' cs_securitygroup_rule: security_group: default port: 80 user_security_group: web delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cidr string | success and cidr is defined | CIDR of the rule. Sample: 0.0.0.0/0 |
end_port integer | success | end port of the rule. Sample: 80 |
id string | success | UUID of the of the rule. Sample: a6f7a5fc-43f8-11e5-a151-feff819cdc9f |
protocol string | success | protocol of the rule. Sample: tcp |
security_group string | success | security group of the rule. Sample: default |
start_port integer | success | start port of the rule. Sample: 80 |
type string | success | type of the rule. Sample: ingress |
user_security_group string | success and user_security_group is defined | user security group of the rule. Sample: default |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cs_securitygroup_rule_module.html