fabiog1901.cockroachdb.cc_networking_info module – List networking details for a cluster.

Note

This module is part of the fabiog1901.cockroachdb collection (version 1.0.0).

To install it, use: ansible-galaxy collection install fabiog1901.cockroachdb. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: fabiog1901.cockroachdb.cc_networking_info.

New in fabiog1901.cockroachdb 1.0.0

Synopsis

  • List networking details for a cluster.

  • A Cockroach Cloud Service Account API Key is required.

  • Export the key as environment variable ‘CC_KEY’ or pass it on module invokation

Requirements

The below requirements are needed on the host that executes this module.

  • cockroachdb-cloud-client

Parameters

Parameter

Comments

api_client

string

Define details for the API client

api_version

string

The API version to use

Default: "latest"

cc_key

string

The Service Account API key

This value is log redacted

By default it reads the env variable ‘CC_KEY’

host

string

the hostname of the API server

Default: "cockroachlabs.cloud"

path

string

the path to the API endpoint

Default: ""

port

string

the port number, as a string, for the API server

Default: "443"

scheme

string

http or https

Choices:

  • "http"

  • "https" ← (default)

verify_ssl

boolean

whether the client should verify the server cert

Choices:

  • false

  • true ← (default)

cluster_id

string

The UUID or name of the cluster you want to get information for.

egress_rule

string

Get an existing egress rule, either by name or id

Default: "False"

show_allowlist

boolean

Get the IP allowlist and propagation status for a cluster - If true, show clusters that have been deleted or failed to initialize.

Choices:

  • false ← (default)

  • true

show_aws_endpoints

boolean

Lists all AwsEndpointConnections for a given cluster

Choices:

  • false ← (default)

  • true

show_egress_rules

boolean

List all egress rules associates with a cluster

Choices:

  • false ← (default)

  • true

show_private_endpoint_services

boolean

Lists all PrivateEndpointServices for a given cluster

Choices:

  • false ← (default)

  • true

Examples

- name: list networking details
  fabiog1901.cockroachdb.cc_networking_info:
    cluster_id: 2ea5b593-8766-4e92-aef2-caba191f0cab
    show_allowlist: yes
    show_aws_endpoints: yes
    show_private_endpoint_services: yes
    show_egress_rules: yes
    api_client:
      api_version: '2022-09-20'
    register: out

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

networking

dictionary

Returned: always

allowlist

list / elements=dictionary

Get the IP allowlist and propagation status for a cluster.

Returned if show_allowlist is true

Returned: always

cidr_ip

string

Returned: success

cidr_mask

integer

Returned: success

name

string

Returned: success

sql

boolean

Returned: success

ui

boolean

Returned: success

connections

list / elements=dictionary

Connections is a list of private endpoints.

Returned if show_aws_endpoints is true

Returned: always

cloud_provider

string

GCP: The Google Cloud Platform cloud provider.

AWS: The Amazon Web Services cloud provider.

Allowed: GCP┃AWS

Returned: success

endpoint_id

string

endpoint_id is the client side of the PrivateLink connection.

Returned: success

region_name

string

region_name is the cloud provider region name (i.e. us-east-1).

Returned: success

service_id

string

service_id is the server side of the PrivateLink connection. This is the same as AWSPrivateLinkEndpoint.service_id.

Returned: success

status

string

The statuses map to the statuses returned by the AWS API.

Allowed: ENDPOINT_PENDING┃ENDPOINT_PENDING_ACCEPTANCE┃ENDPOINT_AVAILABLE┃ENDPOINT_DELETING┃ENDPOINT_DELETED┃ENDPOINT_REJECTED┃ENDPOINT_FAILED┃ENDPOINT_EXPIRED

Returned: success

propagating

boolean

Returned if show_allowlist is true

Returned: success

rules

list / elements=dictionary

Network egress rule.

Returned if show_egress_rules is true or egress_rule is specified.

Returned: always

cluster_id

string

cluster_id identifies the cluster to which this egress rule applies.

Returned: success

created_at

string

created_at is the time at which the time at which the egress rule was created.

Returned: success

crl_managed

boolean

crl_managed indicates this egress rule is managed by CockroachDB Cloud services. This field is set by the server.

Returned: success

description

string

description is a longer that serves to document the rules purpose.

Returned: success

destination

string

destination is the endpoint (or subnetwork if CIDR) to which traffic is allowed.

Returned: success

id

string

id uniquely identifies this egress rule.

Returned: success

name

string

name is the name of the egress rule.

Returned: success

paths

list / elements=string

paths are the allowed URL paths. Only valid if Type=”FQDN”.

Returned: success

ports

list / elements=integer

ports are the allowed ports for TCP protocol. If Empty, all ports are allowed.

Returned: success

state

string

state indicates the state of the egress rule.

Returned: success

type

string

type classifies the destination field. Valid types include: “FQDN”, “CIDR”.

Returned: success

services

list / elements=dictionary

Services contains a list of all cluster related services.

Returned if show_private_endpoint_services is true

Returned: always

aws

dictionary

Returned: success

availability_zone_ids

string

availability_zone_ids are the identifiers for the availability zones that the service is available in.

Returned: success

service_id

string

service_id is the server side of the PrivateLink connection. This is the same as AWSPrivateLinkEndpoint.service_id.

Returned: success

service_name

string

service_name is the AWS service name customers use to create endpoints on their end.

Returned: success

cloud_provider

string

GCP: The Google Cloud Platform cloud provider.

AWS: The Amazon Web Services cloud provider.

Allowed: GCP┃AWS

Returned: success

region_name

string

region_name is the cloud provider region name (i.e. us-east-1).

Returned: success

status

string

Private Endpoints: - ENDPOINT_SERVICE_STATUS_DELETE_FAILED: One note is that if the service is deleted, there is no longer a record, hence there is no “DELETED” status.

Allowed: ENDPOINT_SERVICE_STATUS_CREATING┃ENDPOINT_SERVICE_STATUS_AVAILABLE┃ENDPOINT_SERVICE_STATUS_CREATE_FAILED┃ENDPOINT_SERVICE_STATUS_DELETING┃ENDPOINT_SERVICE_STATUS_DELETE_FAILED}]

Returned: success

Authors

  • Cockroach Labs