netapp_eseries.santricity.na_santricity_server_certificate – NetApp E-Series manage the storage system’s server SSL certificates.

Note

This plugin is part of the netapp_eseries.santricity collection (version 1.2.7).

To install it use: ansible-galaxy collection install netapp_eseries.santricity.

To use it in a playbook, specify: netapp_eseries.santricity.na_santricity_server_certificate.

Synopsis

  • Manage NetApp E-Series storage system’s server SSL certificates.

Requirements

The below requirements are needed on the host that executes this module.

  • cryptography

Parameters

Parameter Choices/Defaults Comments
api_password
string / required
The password to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API.
api_url
string / required
The url to the SANtricity Web Services Proxy or Embedded Web Services API.
Example https://prod-1.wahoo.acme.com:8443/devmgr/v2
api_username
string / required
The username to authenticate with the SANtricity Web Services Proxy or Embedded Web Services API.
certificates
list / elements=string
Unordered list of all server certificate files which include PEM and DER encoded certificates as well as private keys.
When certificates is not defined then a self-signed certificate will be expected.
controller
string / required
    Choices:
  • A
  • B
The controller that owns the port you want to configure.
Controller names are represented alphabetically, with the first controller as A, the second as B, and so on.
Current hardware models have either 1 or 2 available controllers, but that is not a guaranteed hard limitation and could change in the future.
passphrase
string
Passphrase for PEM encoded private key encryption.
If passphrase is not supplied then Ansible will prompt for private key certificate.
ssid
string
Default:
1
The ID of the array to manage. This value must be unique for each array.
validate_certs
boolean
    Choices:
  • no
  • yes ←
Should https certificates be validated?

Notes

Note

  • Set ssid==’0’ or ssid==’proxy’ to specifically reference SANtricity Web Services Proxy.

  • Certificates can be the following filetypes - PEM (.pem, .crt, .cer, or .key) or DER (.der or .cer)

  • When certificates is not defined then a self-signed certificate will be expected.

  • The E-Series Ansible modules require either an instance of the Web Services Proxy (WSP), to be available to manage the storage-system, or an E-Series storage-system that supports the Embedded Web Services API.

  • Embedded Web Services is currently available on the E2800, E5700, EF570, and newer hardware models.

  • netapp_e_storage_system may be utilized for configuring the systems managed by a WSP instance.

Examples

- name: Ensure signed certificate is installed.
  na_santricity_server_certificate:
    ssid: 1
    api_url: https://192.168.1.100:8443/devmgr/v2
    api_username: admin
    api_password: adminpass
    controller: A
    certificates:
      - 'root_auth_cert.pem'
      - 'intermediate_auth1_cert.pem'
      - 'intermediate_auth2_cert.pem'
      - 'public_cert.pem'
      - 'private_key.pem'
    passphrase: keypass
- name: Ensure signed certificate bundle is installed.
  na_santricity_server_certificate:
    ssid: 1
    api_url: https://192.168.1.100:8443/devmgr/v2
    api_username: admin
    api_password: adminpass
    controller: B
    certificates:
      - 'cert_bundle.pem'
    passphrase: keypass
- name: Ensure storage system generated self-signed certificate is installed.
  na_santricity_server_certificate:
    ssid: 1
    api_url: https://192.168.1.100:8443/devmgr/v2
    api_username: admin
    api_password: adminpass
    controller: A

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
added_certificates
list / elements=string
always
Any SSL certificates that were added.

Sample:
['added_certificiate.crt']
changed
boolean
always
Whether changes have been made.

Sample:
True
removed_certificates
list / elements=string
always
Any SSL certificates that were removed.

Sample:
['removed_certificiate.crt']
signed_server_certificate
boolean
always
Whether the public server certificate is signed.

Sample:
True


Authors

  • Nathan Swartz (@ndswartz)