W3cubDocs

/Ansible

cs_securitygroup_rule - Manages security group rules on Apache CloudStack based clouds.

New in version 2.0.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis

Add and remove security group rules.

Requirements (on host that executes module)

python >= 2.6
cs >= 0.6.10

Options

parameter	required	default	choices	comments
api_http_method	no	get	get post	HTTP method used.
api_key	no			API key of the CloudStack API.
api_region	no	cloudstack		Name of the ini section in the `cloustack.ini` file.
api_secret	no			Secret key of the CloudStack API.
api_timeout	no	10		HTTP timeout.
api_url	no			URL of the CloudStack API e.g. https://cloud.example.com/client/api.
cidr	no	0.0.0.0/0		CIDR (full notation) to be used for security group rule.
end_port	no			End port for this rule. Required if `protocol=tcp` or `protocol=udp`, but `start_port` will be used if not set.
icmp_code	no			Error code for this icmp message. Required if `protocol=icmp`.
icmp_type	no			Type of the icmp message being sent. Required if `protocol=icmp`.
poll_async	no	True		Poll async jobs until job has finished.
project	no			Name of the project the security group to be created in.
protocol	no	tcp	tcp udp icmp ah esp gre	Protocol of the security group rule.
security_group	yes			Name of the security group the rule is related to. The security group must be existing.
start_port	no			Start port for this rule. Required if `protocol=tcp` or `protocol=udp`. aliases: port
state	no	present	present absent	State of the security group rule.
type	no	ingress	ingress egress	Ingress or egress security group rule.
user_security_group	no			Security group this rule is based of.

Examples

---
# Allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    port: 80
    cidr: 1.2.3.4/32

# Allow tcp/udp outbound added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    type: egress
    start_port: 1
    end_port: 65535
    protocol: '{{ item }}'
  with_items:
  - tcp
  - udp

# Allow inbound icmp from 0.0.0.0/0 added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    protocol: icmp
    icmp_code: -1
    icmp_type: -1

# Remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    port: 80
    state: absent

# Allow inbound port 80/tcp from security group web added to security group 'default'
- local_action:
    module: cs_securitygroup_rule
    security_group: default
    port: 80
    user_security_group: web

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
protocol	protocol of the rule.	success	string	tcp
user_security_group	user security group of the rule.	success and user_security_group is defined	string	default
end_port	end port of the rule.	success	int	80
security_group	security group of the rule.	success	string	default
start_port	start port of the rule.	success	int	80
cidr	CIDR of the rule.	success and cidr is defined	string	0.0.0.0/0
type	type of the rule.	success	string	ingress
id	UUID of the of the rule.	success	string	a6f7a5fc-43f8-11e5-a151-feff819cdc9f

Notes

Note

Ansible uses the cs library’s configuration method if credentials are not provided by the arguments api_url, api_key, api_secret. Configuration is read from several locations, in the following order. - The CLOUDSTACK_ENDPOINT, CLOUDSTACK_KEY, CLOUDSTACK_SECRET and CLOUDSTACK_METHOD. CLOUDSTACK_TIMEOUT environment variables. - A CLOUDSTACK_CONFIG environment variable pointing to an .ini file, - A cloudstack.ini file in the current working directory. - A .cloudstack.ini file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections in cloudstack.ini. Use the argument api_region to select the section name, default section is cloudstack. See https://github.com/exoscale/cs for more information.
A detailed guide about cloudstack modules can be found on http://docs.ansible.com/ansible/guide_cloudstack.html
This module supports check mode.

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/cs_securitygroup_rule_module.html