Try SpotterManage server certificates on a PowerScale Storage System
| "added in version" 2.5.0 of dellemc.powerscale"
Authors: Felix Stephen (@felixs88) <ansible.team@dell.com>
Install with ansible-galaxy collection install dellemc.powerscale:==3.0.0
collections:
- name: dellemc.powerscale
version: 3.0.0Manage server certificates on a PowerScale Storage System includes import, update, set certificate to default, and delete server certificates.
- name: To import the new server certificate
dellemc.powerscale.server_certificate:
onefs_host: "{{ onefs_host }}"
api_user: "{{ api_user }}"
api_password: "{{ api_password }}"
verify_ssl: "{{ verify_ssl }}"
state: present
alias_name: certificate_name
description: The certificate description
certificate_path: "/ifs/certificates/server.crt"
certificate_key_path: "/ifs/certificates/server.key"
certificate_key_password: "Secret@123"
- name: To import the new server certificate and set the certificate as default
dellemc.powerscale.server_certificate:
onefs_host: "{{ onefs_host }}"
api_user: "{{ api_user }}"
api_password: "{{ api_password }}"
verify_ssl: "{{ verify_ssl }}"
state: present
alias_name: default_certificate
description: The default certificate description
certificate_path: "/ifs/certificates/server.crt"
certificate_key_path: "/ifs/certificates/server.key"
certificate_key_password: "Secret@123"
is_default_certificate: true
certificate_monitor_enabled: true
certificate_pre_expiration_threshold: 300
- name: To update the server certificate
dellemc.powerscale.server_certificate:
onefs_host: "{{ onefs_host }}"
api_user: "{{ api_user }}"
api_password: "{{ api_password }}"
verify_ssl: "{{ verify_ssl }}"
state: present
alias_name: certificate_new_name
description: The updated certificate description
- name: To update the server certificate and set the certificate as default
dellemc.powerscale.server_certificate:
onefs_host: "{{ onefs_host }}"
api_user: "{{ api_user }}"
api_password: "{{ api_password }}"
verify_ssl: "{{ verify_ssl }}"
state: present
certificate_id: "a851d9f3d7b16985be6fcb0402"
description: The updated certificate description
is_default_certificate: true
certificate_monitor_enabled: true
certificate_pre_expiration_threshold: 42949
- name: To delete the server certificate
dellemc.powerscale.server_certificate:
onefs_host: "{{ onefs_host }}"
api_user: "{{ api_user }}"
api_password: "{{ api_password }}"
verify_ssl: "{{ verify_ssl }}"
state: absent
alias_name: certificate_new_name
- name: To delete the server certificate using certificate ID
dellemc.powerscale.server_certificate:
onefs_host: "{{ onefs_host }}"
api_user: "{{ api_user }}"
api_password: "{{ api_password }}"
verify_ssl: "{{ verify_ssl }}"
state: absent
certificate_id: "a851d9f3d7b16985be6fcb0402"
state:
choices:
- absent
- present
default: present
description:
- The state option is used to mention the existence of server certificate.
type: str
port_no:
default: '8080'
description:
- Port number of the PowerScale cluster.It defaults to 8080 if not specified.
required: false
type: str
api_user:
description:
- username of the PowerScale cluster.
required: true
type: str
alias_name:
description:
- The name of the certificate.
- I(alias_name) is mutually exclusive with I(certificate_id).
- The maximum length for I(alias_name) is 128.
type: str
onefs_host:
description:
- IP address or FQDN of the PowerScale cluster.
required: true
type: str
verify_ssl:
choices:
- true
- false
description:
- boolean variable to specify whether to validate SSL certificate or not.
- C(true) - indicates that the SSL certificate should be verified.
- C(false) - indicates that the SSL certificate should not be verified.
required: true
type: bool
description:
description:
- The description of the certificate.
- The maximum length for I(description) is 2048.
- Setting an empty value is necessary to remove the certificate description.
type: str
api_password:
description:
- the password of the PowerScale cluster.
required: true
type: str
certificate_id:
description:
- The ID of the imported certificate.
- I(certificate_id) is mutually exclusive with I(alias_name).
type: str
new_alias_name:
description:
- The I(alias_name) of the certificate.
- The maximum length for I(new_alias_name) is 128.
type: str
certificate_path:
description:
- The path of the certificate file.
type: path
certificate_key_path:
description:
- The path of the certificate key file.
type: path
is_default_certificate:
default: false
description:
- To set the certificate as the default.
- If the C(True) is selected, the server certificate is set to default.
- Another certificate must be selected as default to designate a certificate as non-default.
type: bool
certificate_key_password:
description:
- The password of the certificate key.
- The maximum length for I(certificate_key_password) is 256.
type: str
certificate_monitor_enabled:
description:
- Boolean value indicating whether certificate expiration monitoring is enabled.
- This option is applicable if I(is_default_certificate) is C(True).
type: bool
certificate_pre_expiration_threshold:
description:
- The number of seconds before certificate expiration that the certificate expiration
monitor will start raising alerts.
- The range for this value is from 0 to 4294967295.
- This option is applicable if I(is_default_certificate) is C(True).
type: int
certificate_details:
contains:
certificate_monitor_enabled:
description: Boolean value indicating whether certificate expiration monitoring
is enabled.
type: bool
certificate_pre_expiration_threshold:
description: The number of seconds before certificate expiration that the certificate
expiration monitor will start raising alerts.
type: int
description:
description: Description of the certificate.
type: str
dnsnames:
description: Subject alternative names of the certificate.
type: list
fingerprints:
description: Fingerprint details of the certificate.
type: str
id:
description: System assigned certificate id.
type: str
issuer:
description: Name of the certificate issuer.
type: str
name:
description: Name for the certificate.
type: str
not_after:
description: The date and time from which the certificate becomes valid and
can be used for authentication and encryption.
type: str
not_before:
description: The date and time until which the certificate is valid and can
be used for authentication and encryption.
type: str
status:
description: Status of the certificate.
type: str
subject:
description: Subject of the certificate.
type: str
description: The server certificate details.
returned: always
sample:
certificate_monitor_enabled: true
certificate_pre_expiration_threshold: 4294
description: This the example test description
dnsnames:
- powerscale
fingerprints:
- type: SHA1
value: 68:b2:d5:5d:cc:b0:70:f1:f0:39:3a:bb:e0:44:49:70:6e:05:c3:ed
- type: SHA256
value: 69:99:b9:c0:29:49:c9:62:e8:4b:60:05:60:a8:fa:f0:01:ab:24:43:8a:47:4c:2f:66:2c:95:a1:7c:d8:10:34
id: 6999b9c02949c962e84b600560a8faf001ab24438a474c2f662c95a17cd81034
issuer: C=IN, ST=Karnataka, L=Bangalore, O=Dell, OU=ISG, CN=powerscale, emailAddress=contact@dell.com
name: test
not_after: 1769586969
not_before: 1706514969
status: valid
subject: C=IN, ST=Karnataka, L=Bangalore, O=Dell, OU=ISG, CN=powerscale, emailAddress=contact@dell.com
type: dict
changed:
description: A boolean indicating if the task had to make changes.
returned: always
sample: 'false'
type: bool