ibm / ibm.storage_virtualize / 2.3.1 / module / ibm_sv_manage_security This module manages security options on IBM Storage Virtualize family storage systems | "added in version" 2.1.0 of ibm.storage_virtualize" Authors: Sumit Kumar Gupta (@sumitguptaibm)ibm.storage_virtualize.ibm_sv_manage_security (2.3.1) — module
Install with ansible-galaxy collection install ibm.storage_virtualize:==2.3.1
collections: - name: ibm.storage_virtualize version: 2.3.1
Ansible interface to manage 'chsecurity' command.
- name: Change max failed login limit ibm.storage_virtualize.ibm_sv_manage_security: clustername: "{{cluster}}" username: "{{username}}" password: "{{password}}" log_path: /tmp/playbook.debug maxfailedlogins: 5
- name: Change SSH protocol level ibm.storage_virtualize.ibm_sv_manage_security: clustername: "{{cluster}}" username: "{{username}}" password: "{{password}}" log_path: /tmp/playbook.debug sshprotocol: 2
token: description: - The authentication token to verify a user on the Storage Virtualize storage system. - To generate a token, use the ibm_svc_auth module. type: str domain: description: - Domain for the Storage Virtualize storage system. - Valid when hostname is used for the parameter I(clustername). type: str log_path: description: - Path of debug log file. type: str password: description: - REST API password for the Storage Virtualize storage system. - The parameters I(username) and I(password) are required if not using I(token) to authenticate a user. type: str username: description: - REST API username for the Storage Virtualize storage system. - The parameters I(username) and I(password) are required if not using I(token) to authenticate a user. type: str clitimeout: description: - Specifies the amount of time (in minutes) in range 5 - 240 before a session expires and the user is logged out of the CLI for inactivity. type: int guitimeout: description: - Specifies the amount of time (in minutes) in range 5 - 240 before a session expires and the user is logged out of the GUI for inactivity. type: int clustername: description: - The hostname or management IP of the Storage Virtualize storage system. required: true type: str sshmaxtries: description: - Specifies the amount of allowed login attempts (in range 1-10) per a single SSH connection. type: int sshprotocol: description: - Specifies the numeric value for the SSH security level setting in range 1 - 3. - The level 1 Allows the following key exchange methods curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 - The level 2 Allows the following key exchange methods curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 - The level 3 Allows the following key exchange methods curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 type: int sshgracetime: description: - Specifies the duration of time in seconds in range 15-1800, a user has to enter login factors per SSH connection before the connection is terminated. type: int expirywarning: description: - Specifies the number of days in range 0 -30 before a password expires to raise a warning. The warning is displayed on every CLI login until the password is changed. A value of 0 means that the feature is disabled and warnings are not displayed. type: int lockoutperiod: description: - Specifies the number of minutes in range 0 - 10080 that a user is locked out for if the max failed logins value is reached. A value of 0 implies the user is indefinitely locked out when the max failed login attempts are reached. type: int minpasswordage: description: - Specifies the minimum number of days between password changes in range 0 -365. This setting is enforced if checkpasswordhistory is enabled. This restriction is ignored if the password is expired. The setting does nothing if the value is greater than the passwordexpiry value. type: int passworddigits: description: - Specifies mimimum number of digits in range 0 -3 required in passwords for local users. type: int passwordexpiry: description: - Specifies the number of days in range 0 - 365 before a password expires. A value of 0 means the feature is disabled and passwords do not expire. type: int restapitimeout: description: - Specifies token expiry time in minutes in the range 10 - 120. type: int validate_certs: default: false description: - Validates certification. type: bool maxfailedlogins: description: - Specifies the number of failed login attempts in range 0 -10 before the user account is locked for the amount of time that is specified in lockout period. A value of 0 means that the feature is disabled and accounts are not locked out after failed login attempts. type: int resetsshprotocol: description: - Resets the SSH protocol security level to the default value 3 and configures the system to automatically follow the suggested level. type: bool superuserlocking: choices: - enable - disable description: - Specifies whether the locking policy configured on the system also applies to the superuser. The value is either enable or disable. This parameter is only supported on systems with a dedicated technician port. type: str minpasswordlength: description: - Specifies the minimum length requirement in range 6 -64 for user account passwords on the system. type: int passwordlowercase: description: - Specifies number of minimum lowercase characters in range 0 - 3 required in passwords for local users. type: int passworduppercase: description: - Specifies number of minimum uppercase characters in range 0 - 3 in passwords for local users. type: int maxpasswordhistory: description: - Specifies the number of previous passwords in range 0 - 10 to compare with if checkpasswordhistory is enabled. A value of 0 means that the new password is compared with the current password only. type: int disablesuperusercim: choices: - 'yes' - 'no' description: - Specifies whether CIMOM access must be disabled for the superuser. type: str disablesuperusergui: choices: - 'yes' - 'no' description: - Specifies whether GUI access must be disabled for the superuser. type: str checkpasswordhistory: choices: - 'yes' - 'no' description: - Specifies whether the system prevents the user from reusing a previous password. type: str disablesuperuserrest: choices: - 'yes' - 'no' description: - Specifies whether REST API access must be disabled for the superuser. type: str passwordspecialchars: description: - Specifies number of minimum required special characters in range 0 - 3 in passwords for local users. type: int superusermultifactor: choices: - 'yes' - 'no' description: - Specifies whether the superuser should be prompted for multifactor authentication. type: str superuserpasswordkeyrequired: choices: - 'yes' - 'no' description: - Specifies whether the superuser must provide both a password and SSH key for authentication. type: str