purestorage.flashblade.purefb_certs module – Manage FlashBlade SSL Certificates

Note

This module is part of the purestorage.flashblade collection (version 1.19.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flashblade. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: purestorage.flashblade.purefb_certs.

New in purestorage.flashblade 1.4.0

Synopsis

  • Create, delete, import and export FlashBlade SSL Certificates

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.9

  • py-pure-client

  • purity_fb >= 1.12.2

  • netaddr

  • datetime

  • pytz

  • distro

  • pycountry

  • urllib3

Parameters

Parameter

Comments

api_token

string

FlashBlade API token for admin privileged user.

certificate

aliases: contents

string

Required for import

A valid signed certicate in PEM format (Base64 encoded)

Includes the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines

Does not exceed 3000 characters in length

common_name

string

The fully qualified domain name (FQDN) of the current system

For example, the common name for https://pureblade.example.com is pureblade.example.com, or *.example.com for a wildcard certificate

This can also be the management IP address of the system or the shortname of the current system.

Maximum of 64 characters

If not provided this will default to the shortname of the system

country

string

The two-letter ISO code for the country where your organization is located

days

integer

The number of valid days for the self-signed certificate being generated

If not specified, the self-signed certificate expires after 3650 days.

Default: 3650

disable_warnings

boolean

added in purestorage.flashblade 1.18.0

Disable insecure certificate warnings

Choices:

  • false ← (default)

  • true

email

string

The email address used to contact your organization

export_file

string

Name of file to contain Certificate Signing Request when `status sign`

Name of file to export the current SSL Certificate when `status export`

File will be overwritten if it already exists

fb_url

string

FlashBlade management IP address or Hostname.

generate

boolean

Generate a new private key.

If not selected, the certificate will use the existing key

Choices:

  • false ← (default)

  • true

intermediate_cert

aliases: intermeadiate_cert

string

Intermeadiate certificate provided by the CA

key

aliases: private_key

string

If the Certificate Signed Request (CSR) was not constructed on the system or the private key has changed since construction the CSR, provide a new private key here

key_size

integer

The key size in bits if you generate a new private key

Choices:

  • 1024

  • 2048 ← (default)

  • 4096

locality

string

The full name of the city where your organization is located

name

string

Name of the SSL Certificate

Default: "management"

org_unit

string

The department within your organization that is managing the certificate

organization

string

The full and exact legal name of your organization.

The organization name should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.

passphrase

string

Passphrase if the private key is encrypted

province

string

The full name of the state or province where your organization is located

state

string

Action for the module to perform

present will create or re-create an SSL certificate

absent will delete an existing SSL certificate

sign will construct a Certificate Signing request (CSR)

export will export the exisitng SSL certificate

import will import a CA provided certificate.

Choices:

  • "absent"

  • "present" ← (default)

  • "import"

  • "export"

  • "sign"

Notes

Note

  • This module requires the purity_fb Python library

  • You must set PUREFB_URL and PUREFB_API environment variables if fb_url and api_token arguments are not passed to the module directly

Examples

- name: Create SSL certifcate foo
  purestorage.flashblade.purefd_certs:
    name: foo
    key_size: 4096
    country: US
    province: FL
    locality: Miami
    organization: "Acme Inc"
    org_unit: "DevOps"
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Delete SSL certificate foo
  purestorage.flashblade.purefb_certs:
    name: foo
    state: absent
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Request CSR
  purestorage.flashblade.purefb_certs:
    state: sign
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Request CSR with updated fields
  purestorage.flashblade.purefb_certs:
    state: sign
    org_unit: Development
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Regenerate key for SSL foo
  purestorage.flashblade.purefb_certs:
    generate: true
    name: foo
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Import SSL Cert foo and Private Key
  purestorage.flashblade.purefb_certs:
    state: import
    name: foo
    certificate: "{{lookup('file', 'example.crt') }}"
    key: "{{lookup('file', 'example.key') }}"
    passphrase: password
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

Authors

  • Pure Storage Ansible Team (@sdodsley)