dellemc / dellemc.openmanage / 9.1.0 / module / ome_application_security_settings Configure the login security properties | "added in version" 4.4.0 of dellemc.openmanage" Authors: Jagadeesh N V(@jagadeeshnv)dellemc.openmanage.ome_application_security_settings (9.1.0) — module
Install with ansible-galaxy collection install dellemc.openmanage:==9.1.0
collections: - name: dellemc.openmanage version: 9.1.0
This module allows you to configure the login security properties on OpenManage Enterprise or OpenManage Enterprise Modular
--- - name: Configure restricted allowed IP range dellemc.openmanage.ome_application_security_settings: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" restrict_allowed_ip_range: enable_ip_range: true ip_range: 192.1.2.3/24
- name: Configure login lockout policy dellemc.openmanage.ome_application_security_settings: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" login_lockout_policy: by_user_name: true by_ip_address: true lockout_fail_count: 3 lockout_fail_window: 30 lockout_penalty_time: 900
- name: Configure restricted allowed IP range and login lockout policy with job wait time out of 60 seconds dellemc.openmanage.ome_application_security_settings: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" restrict_allowed_ip_range: enable_ip_range: true ip_range: 192.1.2.3/24 login_lockout_policy: by_user_name: true by_ip_address: true lockout_fail_count: 3 lockout_fail_window: 30 lockout_penalty_time: 900 job_wait_timeout: 60
- name: Enable FIPS mode dellemc.openmanage.ome_application_security_settings: hostname: "192.168.0.1" username: "username" password: "password" ca_path: "/path/to/ca_cert.pem" fips_mode_enable: true
port: default: 443 description: OpenManage Enterprise or OpenManage Enterprise Modular HTTPS port. type: int ca_path: description: - The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation. type: path version_added: 5.0.0 version_added_collection: dellemc.openmanage timeout: default: 30 description: The socket level timeout in seconds. type: int version_added: 5.0.0 version_added_collection: dellemc.openmanage hostname: description: OpenManage Enterprise or OpenManage Enterprise Modular IP address or hostname. required: true type: str job_wait: default: true description: - Provides an option to wait for job completion. type: bool password: description: - OpenManage Enterprise or OpenManage Enterprise Modular password. - If the password is not provided, then the environment variable C(OME_PASSWORD) is used. - 'Example: export OME_PASSWORD=password' required: true type: str username: description: - OpenManage Enterprise or OpenManage Enterprise Modular username. - If the username is not provided, then the environment variable C(OME_USERNAME) is used. - 'Example: export OME_USERNAME=username' required: true type: str validate_certs: default: true description: - If C(false), the SSL certificates will not be validated. - Configure C(false) only on personally controlled sites where self-signed certificates are used. - Prior to collection version C(5.0.0), the I(validate_certs) is C(false) by default. type: bool version_added: 5.0.0 version_added_collection: dellemc.openmanage fips_mode_enable: description: - The FIPS mode is intended to meet the requirements of FIPS 140-2 level 1. For more information refer to the FIPS user guide - This is applicable only for OpenManage Enterprise Modular only - This is mutually exclusive with I(restrict_allowed_ip_range) and I(login_lockout_policy). - C(WARNING) Enabling or Disabling this option resets your chassis to default settings. This may cause change in IP settings and loss of network connectivity. - C(WARNING) The FIPS mode cannot be enabled on a lead chassis in a multi-chassis management configuration. To toggle enable FIPS on a lead chassis, delete the chassis group, enable FIPS and recreate the group. - C(WARNING) For a Standalone or member chassis, enabling the FIPS mode deletes any fabrics created. This may cause loss of network connectivity and data paths to the compute sleds. type: bool job_wait_timeout: default: 120 description: - The maximum wait time of I(job_wait) in seconds. The job is tracked only for this duration. - This option is applicable when I(job_wait) is C(true). type: int login_lockout_policy: description: - Locks the application after multiple unsuccessful login attempts. - This is mutually exclusive with I(fips_mode_enable). suboptions: by_ip_address: description: Enable or disable lockout policy settings based on the IP address. This restricts the number of unsuccessful login attempts from a specific IP address for a specific time interval. type: bool by_user_name: description: Enable or disable lockout policy settings based on the user name. This restricts the number of unsuccessful login attempts from a specific user for a specific time interval. type: bool lockout_fail_count: description: The number of unsuccessful login attempts that are allowed after which the appliance prevents log in from the specific username or IP Address. type: int lockout_fail_window: description: Lockout fail window is the time in seconds within which the lockout fail count event must occur to trigger the lockout penalty time. Enter the duration for which OpenManage Enterprise must display information about a failed attempt. type: int lockout_penalty_time: description: The duration of time, in seconds, that login attempts from the specific user or IP address must not be allowed. type: int type: dict restrict_allowed_ip_range: description: - Restrict to allow inbound connections only from the specified IP address range. - This is mutually exclusive with I(fips_mode_enable). - C(NOTE) When I(restrict_allowed_ip_range) is configured on the appliance, any inbound connection to the appliance, such as alert reception, firmware update, and network identities are blocked from the devices that are outside the specified IP address range. However, any outbound connection from the appliance will work on all devices. suboptions: enable_ip_range: description: Allow connections based on the IP address range. required: true type: bool ip_range: description: 'The IP address range in Classless Inter-Domain Routing (CIDR) format. For example: 192.168.100.14/24 or 2001:db8::/24' type: str type: dict
error_info: description: Details of http error. returned: on http error sample: error: '@Message.ExtendedInfo': - Message: Unable to process the request because the domain information cannot be retrieved. MessageArgs: [] MessageId: CGEN8007 RelatedProperties: [] Resolution: Verify the status of the database and domain configuration, and then retry the operation. Severity: Critical code: Base.1.0.GeneralError message: A general error has occurred. See ExtendedInfo for more information. type: dict job_id: description: Job ID of the security configuration task. returned: When security configuration properties are provided sample: 10123 type: int msg: description: Overall status of the login security configuration. returned: always sample: Successfully applied the security settings. type: str