dellemc.openmanage.idrac_certificates module – Configure certificates for iDRAC

Note

This module is part of the dellemc.openmanage collection (version 5.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.openmanage. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: dellemc.openmanage.idrac_certificates.

New in dellemc.openmanage 5.5.0

Synopsis

  • This module allows to generate certificate signing request, import, and export certificates on iDRAC.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.8.6

Parameters

Parameter

Comments

ca_path

path

added in dellemc.openmanage 5.0.0

The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation.

cert_params

dictionary

Certificate parameters to generate signing request.

common_name

string / required

The common name of the certificate.

country_code

string / required

The country code of the country where the entity applying for certification is located.

email_address

string / required

The email associated with the CSR.

locality_name

string / required

The city or other location where the entity applying for certification is located.

organization_name

string / required

The name associated with an organization.

organization_unit

string / required

The name associated with an organizational unit. For example department name.

state_name

string / required

The state where the entity applying for certification is located.

subject_alt_name

list / elements=string

The alternative domain names associated with the request.

Default: []

certificate_path

path

Absolute path of the certificate file if command is import.

Directory path with write permissions if command is generate_csr or export.

certificate_type

string

Type of the iDRAC certificate.

HTTPS The Dell self-signed SSL certificate.

CA Certificate Authority(CA) signed SSL certificate.

CSC The custom signed SSL certificate.

CLIENT_TRUST_CERTIFICATE Client trust certificate.

Choices:

  • "HTTPS" ← (default)

  • "CA"

  • "CSC"

  • "CLIENT_TRUST_CERTIFICATE"

command

string

generate_csr, generate CSR. This requires cert_params and certificate_path. This is applicable only for HTTPS

import, import the certificate file. This requires certificate_path.

export, export the certificate. This requires certificate_path.

reset, reset the certificate to default settings. This is applicable only for HTTPS.

Choices:

  • "import"

  • "export"

  • "generate_csr" ← (default)

  • "reset"

idrac_ip

string / required

iDRAC IP Address.

idrac_password

aliases: idrac_pwd

string / required

iDRAC user password.

idrac_port

integer

iDRAC port.

Default: 443

idrac_user

string / required

iDRAC username.

passphrase

string

The passphrase string if the certificate to be imported is passphrase protected.

reset

boolean

To reset the iDRAC after the certificate operation.

This is applicable when command is import or reset.

Choices:

  • false

  • true ← (default)

resource_id

string

Redfish ID of the resource.

timeout

integer

added in dellemc.openmanage 5.0.0

The socket level timeout in seconds.

Default: 30

validate_certs

boolean

added in dellemc.openmanage 5.0.0

If False, the SSL certificates will not be validated.

Configure False only on personally controlled sites where self-signed certificates are used.

Prior to collection version 5.0.0, the validate_certs is False by default.

Choices:

  • false

  • true ← (default)

wait

integer

Maximum wait time for iDRAC to start after the reset, in seconds.

This is applicable when command is import or reset and reset is True.

Default: 300

Notes

Note

  • The certificate operations are supported on iDRAC firmware 5.10.10.00 and above.

  • Run this module from a system that has direct access to Dell iDRAC.

  • This module supports check_mode.

Examples

---
- name: Generate HTTPS certificate signing request
  dellemc.openmanage.idrac_certificates:
    idrac_ip: "192.168.0.1"
    idrac_user: "user_name"
    idrac_password: "user_password"
    ca_path: "/path/to/ca_cert.pem"
    command: "generate_csr"
    certificate_type: "HTTPS"
    certificate_path: "/home/omam/mycerts"
    cert_params:
      common_name: "sample.domain.com"
      organization_unit: "OrgUnit"
      locality_name: "Bangalore"
      state_name: "Karnataka"
      country_code: "IN"
      email_address: "[email protected]"
      organization_name: "OrgName"
      subject_alt_name:
        - 192.198.2.1

- name: Import a HTTPS certificate.
  dellemc.openmanage.idrac_certificates:
    idrac_ip: "192.168.0.1"
    idrac_user: "user_name"
    idrac_password: "user_password"
    ca_path: "/path/to/ca_cert.pem"
    command: "import"
    certificate_type: "HTTPS"
    certificate_path: "/path/to/cert.pem"

- name: Export a HTTPS certificate.
  dellemc.openmanage.idrac_certificates:
    idrac_ip: "192.168.0.1"
    idrac_user: "user_name"
    idrac_password: "user_password"
    ca_path: "/path/to/ca_cert.pem"
    command: "export"
    certificate_type: "HTTPS"
    certificate_path: "/home/omam/mycert_dir"

- name: Import a CSC certificate.
  dellemc.openmanage.idrac_certificates:
    idrac_ip: "192.168.0.1"
    idrac_user: "user_name"
    idrac_password: "user_password"
    ca_path: "/path/to/ca_cert.pem"
    command: "import"
    certificate_type: "CSC"
    certificate_path: "/path/to/cert.pem"

- name: Export a Client trust certificate.
  dellemc.openmanage.idrac_certificates:
    idrac_ip: "192.168.0.1"
    idrac_user: "user_name"
    idrac_password: "user_password"
    ca_path: "/path/to/ca_cert.pem"
    command: "export"
    certificate_type: "CLIENT_TRUST_CERTIFICATE"
    certificate_path: "/home/omam/mycert_dir"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

certificate_path

string

The csr or exported certificate file path

Returned: when command is export or generate_csr

Sample: "/home/ansible/myfiles/cert.pem"

error_info

dictionary

Details of the HTTP Error.

Returned: on HTTP error

Sample: {"error": {"@Message.ExtendedInfo": [{"Message": "Unable to process the request because an error occurred.", "MessageArgs": [], "MessageId": "GEN1234", "RelatedProperties": [], "Resolution": "Retry the operation. If the issue persists, contact your system administrator.", "Severity": "Critical"}], "code": "Base.1.0.GeneralError", "message": "A general error has occurred. See ExtendedInfo for more information."}}

msg

string

Status of the certificate configuration operation.

Returned: always

Sample: "Successfully performed the operation generate_csr."

Authors

  • Jagadeesh N V(@jagadeeshnv)