dellemc.enterprise_sonic.sonic_fips module – Manage FIPS configurations on SONiC

Note

This module is part of the dellemc.enterprise_sonic collection (version 2.5.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_fips.

New in dellemc.enterprise_sonic 2.1.0

Synopsis

  • This module provides FIPS configuration management to specify the security requirements for cryptographic modules in devices running SONiC.

Parameters

Parameter

Comments

config

dictionary

The mode of FIPS configuration with specifications of security requirements for cryptographic modules.

enable

boolean

This argument is a boolean value to enable or disable FIPS mode.

Choices:

  • false

  • true

state

string

The state specifies the type of configuration update to be performed on the device. If the state is “merged”, merge specified attributes with existing configured attributes. For “deleted”, delete the specified attributes from existing configuration.

Choices:

  • "merged" ← (default)

  • "deleted"

Examples

# Using deleted
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep fips
# !
# crypto fips enable
# !

  - name: Delete FIPS mode configuration
    dellemc.enterprise_sonic.sonic_fips:
      config:
        enable: false
      state: deleted

# After State:
# ------------
# sonic# show running-configuration | grep fips
# sonic#


# Using deleted
#
# Before State:
# -------------
#
# sonic# show fips status
# !
# FIPS Mode           : Enabled
# Crypto Library      : OpenSSL 1.1.1n-fips  15 Mar 2022
# FIPS Object Module  : DELL OpenSSL FIPS Crypto Module v2.6 July 2021
# !

  - name: Disable FIPS mode
    dellemc.enterprise_sonic.sonic_fips:
      config:
        enable: false
      state: deleted

# After State:
# ------------
#
# sonic# show fips status
# !
# FIPS Mode           : Disabled
# Crypto Library      : OpenSSL 1.1.1n-fips  15 Mar 2022
# FIPS Object Module  : DELL OpenSSL FIPS Crypto Module v2.6 July 2021
# !


# Using Merged
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep fips
# sonic#

  - name: Modify FIPS configurations
    dellemc.enterprise_sonic.sonic_fips:
      config:
        enable: true
      state: merged

# After State:
# ------------
# sonic# show running-configuration | grep fips
# !
# crypto fips enable
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show fips status
# !
# FIPS Mode           : Disabled
# Crypto Library      : OpenSSL 1.1.1n-fips  15 Mar 2022
# FIPS Object Module  : DELL OpenSSL FIPS Crypto Module v2.6 July 2021
# !

  - name: Enable FIPS mode
    dellemc.enterprise_sonic.sonic_fips:
      config:
        enable: true
      state: merged

# After State:
# ------------
#
# sonic# show fips status
# !
# FIPS Mode           : Enabled
# Crypto Library      : OpenSSL 1.1.1n-fips  15 Mar 2022
# FIPS Object Module  : DELL OpenSSL FIPS Crypto Module v2.6 July 2021
# !

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

after

dictionary

The resulting configuration module invocation.

Returned: when changed

Sample: "The configuration returned will always be in the same format as the parameters above.\n"

before

dictionary

The configuration prior to the module invocation.

Returned: always

Sample: "The configuration returned will always be in the same format as the parameters above.\n"

commands

list / elements=string

The set of commands pushed to the remote device.

Returned: always

Sample: ["command 1", "command 2", "command 3"]

Authors

  • Balasubramaniam Koundappa(@balasubramaniam-k)