W3cubDocs

/Ansible

avi_sslprofile - Module for setup of SSLProfile Avi RESTful Object

New in version 2.3.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
- Status

Synopsis

This module is used to configure SSLProfile object
more examples at https://github.com/avinetworks/devops

Requirements (on host that executes module)

avisdk

Options

parameter	required	default	choices	comments
accepted_ciphers	no			Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
accepted_versions	no			Set of versions accepted by the server.
api_version	no			Avi API version of to use for Avi API and objects.
cipher_enums	no			Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
controller	no			IP address or hostname of the controller. The default value is the environment variable `AVI_CONTROLLER`.
description	no			User defined description for the object.
dhparam	no			Dh parameters used in ssl. At this time, it is not configurable and is set to 2048 bits.
enable_ssl_session_reuse	no			Enable ssl session re-use. Default value when not specified in API or module is interpreted by Avi Controller as True.
name	yes			Name of the object.
password	no			Password of Avi user in Avi controller. The default value is the environment variable `AVI_PASSWORD`.
prefer_client_cipher_ordering	no			Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. Default value when not specified in API or module is interpreted by Avi Controller as False.
send_close_notify	no			Send 'close notify' alert message for a clean shutdown of the ssl connection. Default value when not specified in API or module is interpreted by Avi Controller as True.
ssl_rating	no			Sslrating settings for sslprofile.
ssl_session_timeout	no			The amount of time before an ssl session expires. Default value when not specified in API or module is interpreted by Avi Controller as 86400.
state	no	present	absent present	The state that should be applied on the entity.
tags	no			List of tag.
tenant	no	admin		Name of tenant used for all Avi API calls and context of object.
tenant_ref	no			It is a reference to an object of type tenant.
tenant_uuid	no			UUID of tenant used for all Avi API calls and context of object.
url	no			Avi controller URL of the object.
username	no			Username used for accessing Avi controller. The default value is the environment variable `AVI_USERNAME`.
uuid	no			Unique object identifier of the object.

Examples

- name: Create SSL profile with list of allowed ciphers
  avi_sslprofile:
    controller: ''
    username: ''
    password: ''
    accepted_ciphers: >
      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
      AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
      AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
      ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
    accepted_versions:
    - type: SSL_VERSION_TLS1
    - type: SSL_VERSION_TLS1_1
    - type: SSL_VERSION_TLS1_2
    cipher_enums:
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_RSA_WITH_AES_128_CBC_SHA256
    - TLS_RSA_WITH_AES_256_CBC_SHA256
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_3DES_EDE_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    name: PFS-BOTH-RSA-EC
    send_close_notify: true
    ssl_rating:
      compatibility_rating: SSL_SCORE_EXCELLENT
      performance_rating: SSL_SCORE_EXCELLENT
      security_score: '100.0'
    tenant_ref: Demo

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
obj	SSLProfile (api/sslprofile) object	success, changed	dict

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/avi_sslprofile_module.html