Try SpotterConfigure certificates for iDRAC
| "added in version" 5.5.0 of dellemc.openmanage"
Authors: Jagadeesh N V(@jagadeeshnv), Rajshekar P(@rajshekarp87), Kristian Lamb V(@kristian_lamb)
Install with ansible-galaxy collection install dellemc.openmanage:==9.1.0
collections:
- name: dellemc.openmanage
version: 9.1.0This module allows to generate certificate signing request, import, and export certificates on iDRAC.
---
- name: Generate HTTPS certificate signing request
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
ca_path: "/path/to/ca_cert.pem"
command: "generate_csr"
certificate_type: "HTTPS"
certificate_path: "/home/omam/mycerts"
cert_params:
common_name: "sample.domain.com"
organization_unit: "OrgUnit"
locality_name: "Bangalore"
state_name: "Karnataka"
country_code: "IN"
email_address: "admin@domain.com"
organization_name: "OrgName"
subject_alt_name:
- 192.198.2.1
- name: Import a HTTPS certificate.
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
ca_path: "/path/to/ca_cert.pem"
command: "import"
certificate_type: "HTTPS"
certificate_path: "/path/to/cert.pem"
- name: Import an HTTPS certificate along with its private key.
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
ca_path: "/path/to/ca_cert.pem"
command: "import"
certificate_type: "HTTPS"
certificate_path: "/path/to/cert.pem"
ssl_key: "/path/to/private_key.pem"
- name: Export a HTTPS certificate.
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
ca_path: "/path/to/ca_cert.pem"
command: "export"
certificate_type: "HTTPS"
certificate_path: "/home/omam/mycert_dir"
- name: Import a CSC certificate.
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
ca_path: "/path/to/ca_cert.pem"
command: "import"
certificate_type: "CSC"
certificate_path: "/path/to/cert.pem"
- name: Import a custom certificate with a passphrase.
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
command: "import"
certificate_type: "CUSTOMCERTIFICATE"
certificate_path: "/path/to/idrac_cert.p12"
passphrase: "cert_passphrase"
reset: false
- name: Export a Client trust certificate.
dellemc.openmanage.idrac_certificates:
idrac_ip: "192.168.0.1"
idrac_user: "user_name"
idrac_password: "user_password"
ca_path: "/path/to/ca_cert.pem"
command: "export"
certificate_type: "CLIENT_TRUST_CERTIFICATE"
certificate_path: "/home/omam/mycert_dir"
wait:
default: 300
description:
- Maximum wait time for iDRAC to start after the reset, in seconds.
- This is applicable when I(command) is C(import) or C(reset) and I(reset) is C(true).
type: int
reset:
default: true
description:
- To reset the iDRAC after the certificate operation.
- This is applicable when I(command) is C(import) or C(reset).
type: bool
ca_path:
description:
- The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for
the validation.
type: path
version_added: 5.0.0
version_added_collection: dellemc.openmanage
command:
choices:
- import
- export
- generate_csr
- reset
default: generate_csr
description:
- C(generate_csr), generate CSR. This requires I(cert_params) and I(certificate_path).
This is applicable only for C(HTTPS)
- C(import), import the certificate file. This requires I(certificate_path).
- C(export), export the certificate. This requires I(certificate_path).
- C(reset), reset the certificate to default settings. This is applicable only for
C(HTTPS).
type: str
ssl_key:
description:
- Absolute path of the private or SSL key file.
- This is applicable only when I(command) is C(import) and I(certificate_type) is
C(HTTPS).
- Uploading the SSL key to iDRAC is supported on firmware version 6.00.02.00 and above.
type: path
version_added: 8.6.0
version_added_collection: dellemc.openmanage
timeout:
default: 30
description: The socket level timeout in seconds.
type: int
version_added: 5.0.0
version_added_collection: dellemc.openmanage
idrac_ip:
description: iDRAC IP Address.
required: true
type: str
idrac_port:
default: 443
description: iDRAC port.
type: int
idrac_user:
description:
- iDRAC username.
- If the username is not provided, then the environment variable C(IDRAC_USERNAME)
is used.
- 'Example: export IDRAC_USERNAME=username'
required: true
type: str
passphrase:
description: The passphrase string if the certificate to be imported is passphrase
protected.
type: str
cert_params:
description: Certificate parameters to generate signing request.
suboptions:
common_name:
description: The common name of the certificate.
required: true
type: str
country_code:
description: The country code of the country where the entity applying for certification
is located.
required: true
type: str
email_address:
description: The email associated with the CSR.
type: str
locality_name:
description: The city or other location where the entity applying for certification
is located.
required: true
type: str
organization_name:
description: The name associated with an organization.
required: true
type: str
organization_unit:
description: The name associated with an organizational unit. For example department
name.
required: true
type: str
state_name:
description: The state where the entity applying for certification is located.
required: true
type: str
subject_alt_name:
default: []
description: The alternative domain names associated with the request.
elements: str
type: list
type: dict
resource_id:
description: Redfish ID of the resource.
type: str
idrac_password:
aliases:
- idrac_pwd
description:
- iDRAC user password.
- If the password is not provided, then the environment variable C(IDRAC_PASSWORD)
is used.
- 'Example: export IDRAC_PASSWORD=password'
required: true
type: str
validate_certs:
default: true
description:
- If C(false), the SSL certificates will not be validated.
- Configure C(false) only on personally controlled sites where self-signed certificates
are used.
- Prior to collection version C(5.0.0), the I(validate_certs) is C(false) by default.
type: bool
version_added: 5.0.0
version_added_collection: dellemc.openmanage
certificate_path:
description:
- Absolute path of the certificate file if I(command) is C(import).
- Directory path with write permissions if I(command) is C(generate_csr) or C(export).
type: path
certificate_type:
choices:
- HTTPS
- CA
- CUSTOMCERTIFICATE
- CSC
- CLIENT_TRUST_CERTIFICATE
default: HTTPS
description:
- Type of the iDRAC certificate.
- C(HTTPS) The Dell self-signed SSL certificate.
- C(CA) Certificate Authority(CA) signed SSL certificate.
- C(CUSTOMCERTIFICATE) The custom PKCS12 certificate and private key. Export of custom
certificate is supported only on iDRAC firmware version 7.00.00.00 and above.
- C(CSC) The custom signing SSL certificate.
- C(CLIENT_TRUST_CERTIFICATE) Client trust certificate.
type: str
certificate_path:
description: The csr or exported certificate file path
returned: when I(command) is C(export) or C(generate_csr)
sample: /home/ansible/myfiles/cert.pem
type: str
error_info:
description: Details of the HTTP Error.
returned: on HTTP error
sample:
error:
'@Message.ExtendedInfo':
- Message: Unable to process the request because an error occurred.
MessageArgs: []
MessageId: GEN1234
RelatedProperties: []
Resolution: Retry the operation. If the issue persists, contact your system
administrator.
Severity: Critical
code: Base.1.0.GeneralError
message: A general error has occurred. See ExtendedInfo for more information.
type: dict
msg:
description: Status of the certificate configuration operation.
returned: always
sample: Successfully performed the 'generate_csr' certificate operation.
type: str