dellemc / dellemc.enterprise_sonic / 2.4.0 / module / sonic_pki Manages PKI attributes of Enterprise Sonic | "added in version" 2.3.0 of dellemc.enterprise_sonic" Authors: Eric Seifert (@seiferteric) This plugin has a corresponding action plugin.dellemc.enterprise_sonic.sonic_pki (2.4.0) — module
Install with ansible-galaxy collection install dellemc.enterprise_sonic:==2.4.0
collections: - name: dellemc.enterprise_sonic version: 2.4.0
Manages PKI attributes of Enterprise Sonic
# Using "merged" state for initial config # # Before state: # ------------- # # sonic# show running-configuration | grep crypto # sonic# # - name: PKI Config Test hosts: datacenter gather_facts: false connection: httpapi collections: - dellemc.enterprise_sonic tasks: - name: "Initial Config" sonic_pki: config: security_profiles: - profile_name: rest ocsp_responder_list: - http://example.com/ocspa - http://example.com/ocspb certificate_name: host trust_store: default-ts trust_stores: - name: default-ts ca_name: - CA2 state: merged
# After state: # ------------ # # sonic# show running-configuration | grep crypto # crypto trust_store default-ts ca-cert CA2 # crypto security-profile rest # crypto security-profile trust_store rest default-ts # crypto security-profile certificate rest host # crypto security-profile ocsp-list rest http://example.com/ocspa,http://example.com/ocspb # Using "deleted" state to remove configuration # # Before state: # ------------ # # sonic# show running-configuration | grep crypto # crypto trust_store default-ts ca-cert CA2 # crypto security-profile rest # crypto security-profile trust_store rest default-ts # crypto security-profile certificate rest host # crypto security-profile ocsp-list rest http://example.com/ocsp # - name: PKI Delete Test hosts: datacenter gather_facts: true connection: httpapi collections: - dellemc.enterprise_sonic tasks: - name: Remove trust_store from security-profile sonic_pki: config: security_profiles: - profile_name: rest trust_store: default-ts state: deleted
# After state: # ------------ # # sonic# show running-configuration | grep crypto # crypto trust_store default-ts ca-cert CA2 # crypto security-profile rest # crypto security-profile certificate rest host # crypto security-profile ocsp-list rest http://example.com/ocsp # Using "overridden" state # Before state: # ------------ # # sonic# show running-configuration | grep crypto # crypto trust_store default-ts ca-cert CA2 # crypto security-profile rest # crypto security-profile trust_store rest default-ts # crypto security-profile certificate rest host # crypto security-profile ocsp-list rest http://example.com/ocspa,http://example.com/ocspb # - name: PKI Overridden Test hosts: datacenter gather_facts: false connection: httpapi collections: - dellemc.enterprise_sonic tasks: - name: "Overridden Config" sonic_pki: config: security_profiles: - profile_name: telemetry ocsp_responder_list: - http://example.com/ocspb revocation_check: true trust_store: telemetry-ts certificate_name: host trust_stores: - name: telemetry-ts ca_name: CA state: overridden
# After state: # ----------- # # sonic# show running-configuration | grep crypto # crypto trust_store telemetry-ts ca-cert CA # crypto security-profile telemetry revocation_check true # crypto security-profile trust_store telemetry telemetry-ts # crypto security-profile certificate telemetry host # crypto security-profile ocsp-list telemetry http://example.com/ocspb # Using "replaced" state to update config # Before state: # ------------ # # sonic# show running-configuration | grep crypto # crypto trust_store default-ts ca-cert CA2 # crypto security-profile rest # crypto security-profile trust_store rest default-ts # crypto security-profile certificate rest host # crypto security-profile ocsp-list rest http://example.com/ocspa,http://example.com/ocspb # - name: PKI Replace Test hosts: datacenter gather_facts: false connection: httpapi collections: - dellemc.enterprise_sonic tasks: - name: "Replace Config" sonic_pki: config: security_profiles: - profile_name: rest ocsp_responder_list: - http://example.com/ocsp revocation_check: false trust_store: default-ts certificate_name: host state: replaced
state: choices: - merged - deleted - replaced - overridden default: merged description: - The state of the configuration after module completion. type: str config: description: The provided configuration suboptions: security_profiles: description: Application Security Profiles elements: dict suboptions: cdp_list: description: Global list of CDP's elements: str type: list certificate_name: description: Host Certificate Name type: str key_usage_check: description: Require key usage is enforced type: bool ocsp_responder_list: description: Global list of OCSP responders elements: str type: list peer_name_check: description: Require peer name is verified type: bool profile_name: description: Profile Name required: true type: str revocation_check: description: Require certificate revocation check succeeds type: bool trust_store: description: Name of associated trust_store type: str type: list trust_stores: description: Store of CA Certificates elements: dict suboptions: ca_name: description: List of CA certificates in the trust store. elements: str type: list name: description: The name of the Trust Store required: true type: str type: list type: dict
after: description: The resulting configuration model invocation. returned: when changed sample: "The configuration returned will always be in the same format\n of the parameters\ \ above.\n" type: dict before: description: The configuration prior to the model invocation. returned: always sample: "The configuration returned will always be in the same format\n of the parameters\ \ above.\n" type: dict commands: description: The set of commands pushed to the remote device. returned: always sample: - command 1 - command 2 - command 3 type: list