purestorage.flashblade.purefb_certs module – Manage FlashBlade SSL Certificates
Note
This module is part of the purestorage.flashblade collection (version 1.18.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install purestorage.flashblade
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: purestorage.flashblade.purefb_certs
.
New in purestorage.flashblade 1.4.0
Synopsis
Create, delete, import and export FlashBlade SSL Certificates
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
purity_fb >= 1.9
netaddr
pytz
urllib3
Parameters
Parameter |
Comments |
---|---|
FlashBlade API token for admin privileged user. |
|
Required for import A valid signed certicate in PEM format (Base64 encoded) Includes the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines Does not exceed 3000 characters in length |
|
The fully qualified domain name (FQDN) of the current system For example, the common name for https://pureblade.example.com is pureblade.example.com, or *.example.com for a wildcard certificate This can also be the management IP address of the system or the shortname of the current system. Maximum of 64 characters If not provided this will default to the shortname of the system |
|
The two-letter ISO code for the country where your organization is located |
|
The number of valid days for the self-signed certificate being generated If not specified, the self-signed certificate expires after 3650 days. Default: |
|
Disable insecure certificate warnings Choices:
|
|
The email address used to contact your organization |
|
Name of file to contain Certificate Signing Request when `status sign` Name of file to export the current SSL Certificate when `status export` File will be overwritten if it already exists |
|
FlashBlade management IP address or Hostname. |
|
Generate a new private key. If not selected, the certificate will use the existing key Choices:
|
|
Intermeadiate certificate provided by the CA |
|
If the Certificate Signed Request (CSR) was not constructed on the system or the private key has changed since construction the CSR, provide a new private key here |
|
The key size in bits if you generate a new private key Choices:
|
|
The full name of the city where your organization is located |
|
Name of the SSL Certificate Default: |
|
The department within your organization that is managing the certificate |
|
The full and exact legal name of your organization. The organization name should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. |
|
Passphrase if the private key is encrypted |
|
The full name of the state or province where your organization is located |
|
Action for the module to perform present will create or re-create an SSL certificate absent will delete an existing SSL certificate sign will construct a Certificate Signing request (CSR) export will export the exisitng SSL certificate import will import a CA provided certificate. Choices:
|
Notes
Note
This module requires the
purity_fb
Python libraryYou must set
PUREFB_URL
andPUREFB_API
environment variables if fb_url and api_token arguments are not passed to the module directly
Examples
- name: Create SSL certifcate foo
purestorage.flashblade.purefd_certs:
name: foo
key_size: 4096
country: US
province: FL
locality: Miami
organization: "Acme Inc"
org_unit: "DevOps"
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Delete SSL certificate foo
purestorage.flashblade.purefb_certs:
name: foo
state: absent
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Request CSR
purestorage.flashblade.purefb_certs:
state: sign
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Request CSR with updated fields
purestorage.flashblade.purefb_certs:
state: sign
org_unit: Development
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Regenerate key for SSL foo
purestorage.flashblade.purefb_certs:
generate: true
name: foo
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Import SSL Cert foo and Private Key
purestorage.flashblade.purefb_certs:
state: import
name: foo
certificate: "{{lookup('file', 'example.crt') }}"
key: "{{lookup('file', 'example.key') }}"
passphrase: password
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641