kowabunga.cloud.kawaii_ipsec module – Manage Kowabunga IPsec connections

Note

This module is part of the kowabunga.cloud collection (version 0.1.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install kowabunga.cloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: kowabunga.cloud.kawaii_ipsec.

Synopsis

  • Create, update or delete a Kowabunga Kawaii IPsec connection.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.8

  • kowabunga >= 0.52.5

Parameters

Parameter

Comments

api_key

string / required

Private API key used to connect with specified Kowabunga Kahuna endpoint. Recommended to be encrypted using Ansible Vault or SOPS.

description

string

Description for the IPsec connection.

dpd_timeout

string

DPD timeout duration.

dpd_timeout_action

string

Action to take when DPD timeout is reached.

endpoint

string / required

HTTPS(S) URI of the Kowabunga Kahuna endpoint. Should be formatted as https://kowabunga.acme.com for example.

kawaii

string / required

Name (or ID) of the kawaii gateway where the IPsec connection will be created.

name

string / required

Name for the IPsec connection.

This attribute cannot be updated.

phase1_dh_group_number

integer / required

Phase 1 Diffie-Hellman group number.

phase1_encryption_algorithm

string / required

Phase 1 encryption algorithm.

phase1_integrity_algorithm

string / required

Phase 1 integrity algorithm.

phase1_lifetime

string

Phase 1 SA lifetime.

phase2_dh_group_number

integer / required

Phase 2 Diffie-Hellman group number.

phase2_encryption_algorithm

string / required

Phase 2 encryption algorithm.

phase2_integrity_algorithm

string / required

Phase 2 integrity algorithm.

phase2_lifetime

string

Phase 2 SA lifetime.

pre_shared_key

string / required

Pre-shared key for IKE authentication.

rekey_time

string

Time interval before re-keying.

remote_ip

string / required

Remote peer IP address.

This attribute cannot be updated.

remote_subnet

string / required

Remote subnet in CIDR notation.

This attribute cannot be updated.

start_action

string

Action to take at connection start.

state

string

Should the resource be present or absent.

Choices:

  • "present" ← (default)

  • "absent"

Examples

- name: Create an IPsec connection
  kowabunga.cloud.kawaii_ipsec:
    endpoint: https://kowabunga.acme.com
    api_key: API_KEY
    name: ipsec-to-hq
    remote_ip: 203.0.113.1
    remote_subnet: 10.0.0.0/8
    pre_shared_key: mysecretkey
    phase1_dh_group_number: 14
    phase1_integrity_algorithm: sha256
    phase1_encryption_algorithm: aes256
    phase2_dh_group_number: 14
    phase2_integrity_algorithm: sha256
    phase2_encryption_algorithm: aes256
    kawaii: gw-01

- name: Delete an IPsec connection
  kowabunga.cloud.kawaii_ipsec:
    endpoint: https://kowabunga.acme.com
    api_key: API_KEY
    name: ipsec-to-hq
    kawaii: gw-01
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

kawaii_ipsec

dictionary

Dictionary describing the IPsec connection.

Returned: On success when state is present.

id

string

IPsec connection ID

Returned: success

Sample: "6850281677f2462b6919dbe5"

name

string

IPsec connection name

Returned: success

Sample: "ipsec-to-hq"

remote_ip

string

Remote peer IP

Returned: success

Sample: "203.0.113.1"

remote_subnet

string

Remote subnet

Returned: success

Sample: "10.0.0.0/8"

Authors

  • The Kowabunga Project