Try SpotterManage an enrolled Hyperledger Fabric identity
Authors: Simon Stone (@sstone1)
preview | supported by community
Install with ansible-galaxy collection install hyperledger.fabric_ansible_collection:==2.0.7
collections:
- name: hyperledger.fabric_ansible_collection
version: 2.0.7Enroll, re-enroll, or delete an enrolled Hyperledger Fabric identity.
This module works with the IBM Support for Hyperledger Fabric software or the Hyperledger Fabric Open Source Stack running in a Red Hat OpenShift or Kubernetes cluster.
- name: Enroll an identity
hyperledger.fabric_ansible_collection.enrolled_identity:
state: present
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
certificate_authority: Org1 CA
name: Org1 Admin
enrollment_id: org1admin
enrollment_secret: org1adminpw
path: Org1 Admin.json
- name: Remove an enrolled identity
hyperledger.fabric_ansible_collection.enrolled_identity:
state: absent
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
path: Org1 Admin.json
hsm:
description:
- 'The PKCS #11 compliant HSM configuration to use for generating and storing the
private key.'
suboptions:
label:
description:
- The HSM label that should be used for generating and storing the private key.
type: str
pin:
description:
- The HSM pin that should be used for generating and storing the private key.
type: str
pkcs11library:
description:
- 'The PKCS #11 library that should be used for generating and storing the private
key.'
type: str
type: dict
tls:
default: false
description:
- True if the identity should be enrolled against the TLS certificate authority, false
otherwise.
- Cannot be specified at the same time as a PKCS
type: bool
name:
description:
- The name of the enrolled identity.
- Only required when I(state) is C(present).
type: str
path:
description:
- The path to the JSON file where the enrolled identity will be stored.
required: true
hosts:
description:
- The list of host names to add to the certificate as X.509 Subject Alternative Names.
- Can only be specified when enrolling the identity against the TLS certificate authority.
elements: str
type: list
state:
choices:
- absent
- present
default: present
description:
- C(absent) - A certificate authority matching the specified name will be stopped
and removed.
- C(present) - Asserts that a certificate authority matching the specified name and
configuration exists. If no certificate authority matches the specified name, a
certificate authority will be created. If a certificate authority matches the specified
name but the configuration does not match, then the certificate authority will be
updated, if it can be. If it cannot be updated, it will be removed and re-created
with the specified configuration.
type: str
api_key:
description:
- The API key for the Fabric operations console.
required: true
type: str
api_secret:
description:
- The API secret for the Fabric operations console.
- Only required when I(api_authtype) is C(basic).
type: str
api_timeout:
default: 60
description:
- The timeout, in seconds, to use when interacting with the Fabric operations console.
type: int
api_authtype:
description:
- C(basic) - Authenticate to the Fabric operations console using basic authentication.
You must provide both a valid API key using I(api_key) and API secret using I(api_secret).
required: true
type: str
api_endpoint:
description:
- The URL for the Fabric operations console.
required: true
type: str
enrollment_id:
description:
- The enrollment ID, or user name, of an identity registered on the certificate authority
for this peer.
- Only required when I(state) is C(present).
type: str
force_reenroll:
default: false
description:
- True if the identity should be re-enrolled, false otherwise.
- If specified, then the identity will be re-enrolled every time that your playbook
is run.
type: bool
enrollment_secret:
description:
- The enrollment secret, or password, of an identity registered on the certificate
authority for this peer.
- Only required when I(state) is C(present).
type: str
certificate_authority:
description:
- The certificate authority to use to enroll this identity.
- You can pass a string, which is the display name of a certificate authority registered
with the Fabric operations console.
- You can also pass a dictionary, which must match the result format of one of the
M(certificate_authority_info) or M(certificate_authority) modules.
- Only required when I(state) is C(present).
type: raw
reenroll_before_expiry:
default: -1
description:
- Use this option to automatically re-enroll the identity before the certificate expires.
- Specified as the maximum time in seconds before the expiration of the certificate.
- For example, to automatically re-enroll the identity when there are less than 30
days remaining before the certificate expires, set this option to C(2592000).
type: int
enrolled_identity:
contains:
ca:
description:
- The base64 encoded CA certificate chain of the enrolled identity.
sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
type: str
cert:
description:
- The base64 encoded certificate of the enrolled identity.
sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
type: str
name:
description:
- The name of the enrolled identity.
sample: Org1 Admin
type: str
private_key:
description:
- The base64 encoded private key of the enrolled identity.
sample: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t...
type: str
description:
- The enrolled identity.
returned: when I(state) is C(present)
type: dict