oracle.oci.oci_loadbalancer_listener – Manage a Listener resource in Oracle Cloud Infrastructure

Note

This plugin is part of the oracle.oci collection (version 4.14.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install oracle.oci.

To use it in a playbook, specify: oracle.oci.oci_loadbalancer_listener.

New in version 2.9.0: of oracle.oci

Synopsis

  • This module allows the user to create, update and delete a Listener resource in Oracle Cloud Infrastructure

  • For state=present, adds a listener to a load balancer.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_purpose
string
    Choices:
  • service_principal
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
  • instance_obo_user
  • resource_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
cert_bundle
string
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
connection_configuration
dictionary
This parameter is updatable.
backend_tcp_proxy_protocol_version
integer
The backend TCP Proxy Protocol version.
Example: `1`
idle_timeout
integer / required
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations.
For more information, see Connection Configuration.
Example: `1200`
default_backend_set_name
string
The name of the associated backend set.
Example: `example_backend_set`
Required for create using state=present, update using state=present with name present.
force_create
boolean
    Choices:
  • no ←
  • yes
Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with key_by.
hostname_names
list / elements=string
An array of hostname resource names.
This parameter is updatable.
key_by
list / elements=string
The list of attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource are used to uniquely identify a resource.
load_balancer_id
string / required
The OCID of the load balancer on which to add a listener.
name
string / required
A friendly name for the listener. It must be unique and it cannot be changed. Avoid entering confidential information.
Example: `example_listener`
path_route_set_name
string
Deprecated. Please use `routingPolicies` instead.
The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic.
Example: `example_path_route_set`
This parameter is updatable.
port
integer
The communication port for the listener.
Example: `80`
Required for create using state=present, update using state=present with name present.
protocol
string
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation.
Example: `HTTP`
Required for create using state=present, update using state=present with name present.
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
routing_policy_name
string
The name of the routing policy applied to this listener's traffic.
Example: `example_routing_policy`
This parameter is updatable.
rule_set_names
list / elements=string
The names of the rule sets to apply to the listener.
Example: ["example_rule_set"]
This parameter is updatable.
ssl_configuration
dictionary
This parameter is updatable.
certificate_ids
list / elements=string
Ids for OCI certificates service certificates. Currently only a single Id may be passed.
Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]`
certificate_name
string
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.
Example: `example_certificate_bundle`
cipher_suite_name
string
The name of the cipher suite to use for HTTPS or SSL connections.
If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.
**Notes:**
* You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the `GET` operation returns `oci-default-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite` as the value of this field in the SSL configuration for existing listeners that predate this feature. * The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the `GET` operation on a listener returns `oci-customized-ssl-cipher-suite` as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The `oci-customized-ssl-cipher-suite` Oracle reserved cipher suite name is not accepted as valid input for this field.
example: `example_cipher_suite`
protocols
list / elements=string
A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.
The Load Balancing service supports the following protocols:
* TLSv1 * TLSv1.1 * TLSv1.2
If this field is not specified, TLSv1.2 is the default.
**Warning:** All SSL listeners created on a given port must use the same set of SSL protocols.
**Notes:**
* The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the `GET` operation displays a list of SSL protocols currently used by those resources.
example: `["TLSv1.1", "TLSv1.2"]`
server_order_preference
string
    Choices:
  • ENABLED
  • DISABLED
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
**Note:** This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the `SSLConfiguration` object is associated with a backend set.
trusted_certificate_authority_ids
list / elements=string
Ids for OCI certificates service CA or CA bundles for the load balancer to trust.
Example: `[ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]`
verify_depth
integer
The maximum depth for peer certificate chain verification.
Example: `3`
verify_peer_certificate
boolean
    Choices:
  • no
  • yes
Whether the load balancer listener should verify peer certificates.
Example: `true`
state
string
    Choices:
  • present ←
  • absent
The state of the Listener.
Use state=present to create or update a Listener.
Use state=absent to delete a Listener.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm
wait
boolean
    Choices:
  • no
  • yes ←
Whether to wait for create or delete operation to complete.
wait_timeout
integer
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.

Examples

- name: Create listener
  oci_loadbalancer_listener:
    # required
    default_backend_set_name: default_backend_set_name_example
    port: 56
    protocol: protocol_example
    load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"
    name: name_example

    # optional
    hostname_names: [ "hostname_names_example" ]
    path_route_set_name: path_route_set_name_example
    routing_policy_name: routing_policy_name_example
    ssl_configuration:
      # optional
      verify_depth: 56
      verify_peer_certificate: true
      trusted_certificate_authority_ids: [ "trusted_certificate_authority_ids_example" ]
      certificate_ids: [ "certificate_ids_example" ]
      certificate_name: certificate_name_example
      protocols: [ "protocols_example" ]
      cipher_suite_name: cipher_suite_name_example
      server_order_preference: ENABLED
    connection_configuration:
      # required
      idle_timeout: 56

      # optional
      backend_tcp_proxy_protocol_version: 56
    rule_set_names: [ "rule_set_names_example" ]

- name: Update listener
  oci_loadbalancer_listener:
    # required
    default_backend_set_name: default_backend_set_name_example
    port: 56
    protocol: protocol_example
    load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"
    name: name_example

    # optional
    hostname_names: [ "hostname_names_example" ]
    path_route_set_name: path_route_set_name_example
    routing_policy_name: routing_policy_name_example
    ssl_configuration:
      # optional
      verify_depth: 56
      verify_peer_certificate: true
      trusted_certificate_authority_ids: [ "trusted_certificate_authority_ids_example" ]
      certificate_ids: [ "certificate_ids_example" ]
      certificate_name: certificate_name_example
      protocols: [ "protocols_example" ]
      cipher_suite_name: cipher_suite_name_example
      server_order_preference: ENABLED
    connection_configuration:
      # required
      idle_timeout: 56

      # optional
      backend_tcp_proxy_protocol_version: 56
    rule_set_names: [ "rule_set_names_example" ]

- name: Delete listener
  oci_loadbalancer_listener:
    # required
    load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"
    name: name_example
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
listener
complex
on success
Details of the Listener resource acted upon by the current operation

Sample:
{'connection_configuration': {'backend_tcp_proxy_protocol_version': 56, 'idle_timeout': 56}, 'default_backend_set_name': 'default_backend_set_name_example', 'hostname_names': [], 'name': 'name_example', 'path_route_set_name': 'path_route_set_name_example', 'port': 56, 'protocol': 'protocol_example', 'routing_policy_name': 'routing_policy_name_example', 'rule_set_names': [], 'ssl_configuration': {'certificate_ids': [], 'certificate_name': 'certificate_name_example', 'cipher_suite_name': 'cipher_suite_name_example', 'protocols': [], 'server_order_preference': 'ENABLED', 'trusted_certificate_authority_ids': [], 'verify_depth': 56, 'verify_peer_certificate': True}}
 
connection_configuration
complex
on success

   
backend_tcp_proxy_protocol_version
integer
on success
The backend TCP Proxy Protocol version.
Example: `1`

Sample:
56
   
idle_timeout
integer
on success
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations.
For more information, see Connection Configuration.
Example: `1200`

Sample:
56
 
default_backend_set_name
string
on success
The name of the associated backend set.
Example: `example_backend_set`

Sample:
default_backend_set_name_example
 
hostname_names
list / elements=string
on success
An array of hostname resource names.

 
name
string
on success
A friendly name for the listener. It must be unique and it cannot be changed.
Example: `example_listener`

Sample:
name_example
 
path_route_set_name
string
on success
Deprecated. Please use `routingPolicies` instead.
The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic.
Example: `example_path_route_set`

Sample:
path_route_set_name_example
 
port
integer
on success
The communication port for the listener.
Example: `80`

Sample:
56
 
protocol
string
on success
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation.
Example: `HTTP`

Sample:
protocol_example
 
routing_policy_name
string
on success
The name of the routing policy applied to this listener's traffic.
Example: `example_routing_policy_name`

Sample:
routing_policy_name_example
 
rule_set_names
list / elements=string
on success
The names of the rule sets to apply to the listener.
Example: ["example_rule_set"]

 
ssl_configuration
complex
on success

   
certificate_ids
list / elements=string
on success
Ids for OCI certificates service certificates. Currently only a single Id may be passed.
Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]`

   
certificate_name
string
on success
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.
Example: `example_certificate_bundle`

Sample:
certificate_name_example
   
cipher_suite_name
string
on success
The name of the cipher suite to use for HTTPS or SSL connections.
If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.
**Notes:**
* You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the `GET` operation returns `oci-default-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite` as the value of this field in the SSL configuration for existing listeners that predate this feature. * The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the `GET` operation on a listener returns `oci-customized-ssl-cipher-suite` as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The `oci-customized-ssl-cipher-suite` Oracle reserved cipher suite name is not accepted as valid input for this field.
example: `example_cipher_suite`

Sample:
cipher_suite_name_example
   
protocols
list / elements=string
on success
A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.
The Load Balancing service supports the following protocols:
* TLSv1 * TLSv1.1 * TLSv1.2
If this field is not specified, TLSv1.2 is the default.
**Warning:** All SSL listeners created on a given port must use the same set of SSL protocols.
**Notes:**
* The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the `GET` operation displays a list of SSL protocols currently used by those resources.
example: `["TLSv1.1", "TLSv1.2"]`

   
server_order_preference
string
on success
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
**Note:** This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the `SSLConfiguration` object is associated with a backend set.

Sample:
ENABLED
   
trusted_certificate_authority_ids
list / elements=string
on success
Ids for OCI certificates service CA or CA bundles for the load balancer to trust.
Example: `[ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]`

   
verify_depth
integer
on success
The maximum depth for peer certificate chain verification.
Example: `3`

Sample:
56
   
verify_peer_certificate
boolean
on success
Whether the load balancer listener should verify peer certificates.
Example: `true`

Sample:
True


Authors

  • Oracle (@oracle)