avi_sslprofile - Module for setup of SSLProfile Avi RESTful Object¶

New in version 2.3.

Synopsis
- Requirements
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Author

Synopsis ¶

This module is used to configure SSLProfile object
more examples at https://github.com/avinetworks/devops

Requirements ¶

The below requirements are needed on the host that executes this module.

avisdk

Parameters ¶

Parameter	Choices/Defaults	Comments
accepted_ciphers		Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
accepted_versions		Set of versions accepted by the server.
api_context (added in 2.5)		Avi API context that includes current session ID and CSRF Token. This allows user to perform single login and re-use the session.
api_version	Default: 16.4.4	Avi API version of to use for Avi API and objects.
avi_api_patch_op (added in 2.5)	Choices: add replace delete	Patch operation to use when using avi_api_update_method as patch.
avi_api_update_method (added in 2.5)	Choices: put ← patch	Default method for object update is HTTP PUT. Setting to patch will override that behavior to use HTTP PATCH.
avi_credentials (added in 2.5)		Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
cipher_enums		Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384, tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
controller	Default:	IP address or hostname of the controller. The default value is the environment variable `AVI_CONTROLLER`.
description		User defined description for the object.
dhparam		Dh parameters used in ssl. At this time, it is not configurable and is set to 2048 bits.
enable_ssl_session_reuse bool	Choices: no yes	Enable ssl session re-use. Default value when not specified in API or module is interpreted by Avi Controller as True.
name required		Name of the object.
password	Default:	Password of Avi user in Avi controller. The default value is the environment variable `AVI_PASSWORD`.
prefer_client_cipher_ordering bool	Choices: no yes	Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile. Default value when not specified in API or module is interpreted by Avi Controller as False.
send_close_notify bool	Choices: no yes	Send 'close notify' alert message for a clean shutdown of the ssl connection. Default value when not specified in API or module is interpreted by Avi Controller as True.
ssl_rating		Sslrating settings for sslprofile.
ssl_session_timeout		The amount of time before an ssl session expires. Default value when not specified in API or module is interpreted by Avi Controller as 86400. Units(SEC).
state	Choices: absent present ←	The state that should be applied on the entity.
tags		List of tag.
tenant	Default: admin	Name of tenant used for all Avi API calls and context of object.
tenant_ref		It is a reference to an object of type tenant.
tenant_uuid	Default:	UUID of tenant used for all Avi API calls and context of object.
type (added in 2.6)		Ssl profile type. Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. Field introduced in 17.2.8. Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION.
url		Avi controller URL of the object.
username	Default:	Username used for accessing Avi controller. The default value is the environment variable `AVI_USERNAME`.
uuid		Unique object identifier of the object.

Notes ¶

Note

For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.

Examples ¶

- name: Create SSL profile with list of allowed ciphers
  avi_sslprofile:
    controller: '{{ controller }}'
    username: '{{ username }}'
    password: '{{ password }}'
    accepted_ciphers: >
      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
      AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
      AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
      ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
    accepted_versions:
    - type: SSL_VERSION_TLS1
    - type: SSL_VERSION_TLS1_1
    - type: SSL_VERSION_TLS1_2
    cipher_enums:
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_256_GCM_SHA384
    - TLS_RSA_WITH_AES_128_CBC_SHA256
    - TLS_RSA_WITH_AES_256_CBC_SHA256
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_3DES_EDE_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    name: PFS-BOTH-RSA-EC
    send_close_notify: true
    ssl_rating:
      compatibility_rating: SSL_SCORE_EXCELLENT
      performance_rating: SSL_SCORE_EXCELLENT
      security_score: '100.0'
    tenant_ref: Demo

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
obj dict	success, changed	SSLProfile (api/sslprofile) object

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author ¶

Gaurav Rastogi (grastogi@avinetworks.com)

Hint

If you notice any issues in this documentation you can edit this document to improve it.