dellemc / dellemc.openmanage / 9.1.0 / module / idrac_certificates Configure certificates for iDRAC | "added in version" 5.5.0 of dellemc.openmanage" Authors: Jagadeesh N V(@jagadeeshnv), Rajshekar P(@rajshekarp87), Kristian Lamb V(@kristian_lamb)dellemc.openmanage.idrac_certificates (9.1.0) — module
Install with ansible-galaxy collection install dellemc.openmanage:==9.1.0
collections: - name: dellemc.openmanage version: 9.1.0
This module allows to generate certificate signing request, import, and export certificates on iDRAC.
--- - name: Generate HTTPS certificate signing request dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" ca_path: "/path/to/ca_cert.pem" command: "generate_csr" certificate_type: "HTTPS" certificate_path: "/home/omam/mycerts" cert_params: common_name: "sample.domain.com" organization_unit: "OrgUnit" locality_name: "Bangalore" state_name: "Karnataka" country_code: "IN" email_address: "admin@domain.com" organization_name: "OrgName" subject_alt_name: - 192.198.2.1
- name: Import a HTTPS certificate. dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" ca_path: "/path/to/ca_cert.pem" command: "import" certificate_type: "HTTPS" certificate_path: "/path/to/cert.pem"
- name: Import an HTTPS certificate along with its private key. dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" ca_path: "/path/to/ca_cert.pem" command: "import" certificate_type: "HTTPS" certificate_path: "/path/to/cert.pem" ssl_key: "/path/to/private_key.pem"
- name: Export a HTTPS certificate. dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" ca_path: "/path/to/ca_cert.pem" command: "export" certificate_type: "HTTPS" certificate_path: "/home/omam/mycert_dir"
- name: Import a CSC certificate. dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" ca_path: "/path/to/ca_cert.pem" command: "import" certificate_type: "CSC" certificate_path: "/path/to/cert.pem"
- name: Import a custom certificate with a passphrase. dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" command: "import" certificate_type: "CUSTOMCERTIFICATE" certificate_path: "/path/to/idrac_cert.p12" passphrase: "cert_passphrase" reset: false
- name: Export a Client trust certificate. dellemc.openmanage.idrac_certificates: idrac_ip: "192.168.0.1" idrac_user: "user_name" idrac_password: "user_password" ca_path: "/path/to/ca_cert.pem" command: "export" certificate_type: "CLIENT_TRUST_CERTIFICATE" certificate_path: "/home/omam/mycert_dir"
wait: default: 300 description: - Maximum wait time for iDRAC to start after the reset, in seconds. - This is applicable when I(command) is C(import) or C(reset) and I(reset) is C(true). type: int reset: default: true description: - To reset the iDRAC after the certificate operation. - This is applicable when I(command) is C(import) or C(reset). type: bool ca_path: description: - The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation. type: path version_added: 5.0.0 version_added_collection: dellemc.openmanage command: choices: - import - export - generate_csr - reset default: generate_csr description: - C(generate_csr), generate CSR. This requires I(cert_params) and I(certificate_path). This is applicable only for C(HTTPS) - C(import), import the certificate file. This requires I(certificate_path). - C(export), export the certificate. This requires I(certificate_path). - C(reset), reset the certificate to default settings. This is applicable only for C(HTTPS). type: str ssl_key: description: - Absolute path of the private or SSL key file. - This is applicable only when I(command) is C(import) and I(certificate_type) is C(HTTPS). - Uploading the SSL key to iDRAC is supported on firmware version 6.00.02.00 and above. type: path version_added: 8.6.0 version_added_collection: dellemc.openmanage timeout: default: 30 description: The socket level timeout in seconds. type: int version_added: 5.0.0 version_added_collection: dellemc.openmanage idrac_ip: description: iDRAC IP Address. required: true type: str idrac_port: default: 443 description: iDRAC port. type: int idrac_user: description: - iDRAC username. - If the username is not provided, then the environment variable C(IDRAC_USERNAME) is used. - 'Example: export IDRAC_USERNAME=username' required: true type: str passphrase: description: The passphrase string if the certificate to be imported is passphrase protected. type: str cert_params: description: Certificate parameters to generate signing request. suboptions: common_name: description: The common name of the certificate. required: true type: str country_code: description: The country code of the country where the entity applying for certification is located. required: true type: str email_address: description: The email associated with the CSR. type: str locality_name: description: The city or other location where the entity applying for certification is located. required: true type: str organization_name: description: The name associated with an organization. required: true type: str organization_unit: description: The name associated with an organizational unit. For example department name. required: true type: str state_name: description: The state where the entity applying for certification is located. required: true type: str subject_alt_name: default: [] description: The alternative domain names associated with the request. elements: str type: list type: dict resource_id: description: Redfish ID of the resource. type: str idrac_password: aliases: - idrac_pwd description: - iDRAC user password. - If the password is not provided, then the environment variable C(IDRAC_PASSWORD) is used. - 'Example: export IDRAC_PASSWORD=password' required: true type: str validate_certs: default: true description: - If C(false), the SSL certificates will not be validated. - Configure C(false) only on personally controlled sites where self-signed certificates are used. - Prior to collection version C(5.0.0), the I(validate_certs) is C(false) by default. type: bool version_added: 5.0.0 version_added_collection: dellemc.openmanage certificate_path: description: - Absolute path of the certificate file if I(command) is C(import). - Directory path with write permissions if I(command) is C(generate_csr) or C(export). type: path certificate_type: choices: - HTTPS - CA - CUSTOMCERTIFICATE - CSC - CLIENT_TRUST_CERTIFICATE default: HTTPS description: - Type of the iDRAC certificate. - C(HTTPS) The Dell self-signed SSL certificate. - C(CA) Certificate Authority(CA) signed SSL certificate. - C(CUSTOMCERTIFICATE) The custom PKCS12 certificate and private key. Export of custom certificate is supported only on iDRAC firmware version 7.00.00.00 and above. - C(CSC) The custom signing SSL certificate. - C(CLIENT_TRUST_CERTIFICATE) Client trust certificate. type: str
certificate_path: description: The csr or exported certificate file path returned: when I(command) is C(export) or C(generate_csr) sample: /home/ansible/myfiles/cert.pem type: str error_info: description: Details of the HTTP Error. returned: on HTTP error sample: error: '@Message.ExtendedInfo': - Message: Unable to process the request because an error occurred. MessageArgs: [] MessageId: GEN1234 RelatedProperties: [] Resolution: Retry the operation. If the issue persists, contact your system administrator. Severity: Critical code: Base.1.0.GeneralError message: A general error has occurred. See ExtendedInfo for more information. type: dict msg: description: Status of the certificate configuration operation. returned: always sample: Successfully performed the 'generate_csr' certificate operation. type: str