dellemc.openmanage.ome_application_security_settings module – Configure the login security properties
Note
This module is part of the dellemc.openmanage collection (version 9.6.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install dellemc.openmanage
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: dellemc.openmanage.ome_application_security_settings
.
New in dellemc.openmanage 4.4.0
Synopsis
This module allows you to configure the login security properties on OpenManage Enterprise or OpenManage Enterprise Modular
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.9.6
Parameters
Parameter |
Comments |
---|---|
The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation. |
|
The FIPS mode is intended to meet the requirements of FIPS 140-2 level 1. For more information refer to the FIPS user guide This is applicable only for OpenManage Enterprise Modular only This is mutually exclusive with restrict_allowed_ip_range and login_lockout_policy.
Choices:
|
|
OpenManage Enterprise or OpenManage Enterprise Modular IP address or hostname. |
|
Provides an option to wait for job completion. Choices:
|
|
The maximum wait time of job_wait in seconds. The job is tracked only for this duration. This option is applicable when job_wait is Default: |
|
Locks the application after multiple unsuccessful login attempts. This is mutually exclusive with fips_mode_enable. |
|
Enable or disable lockout policy settings based on the IP address. This restricts the number of unsuccessful login attempts from a specific IP address for a specific time interval. Choices:
|
|
Enable or disable lockout policy settings based on the user name. This restricts the number of unsuccessful login attempts from a specific user for a specific time interval. Choices:
|
|
The number of unsuccessful login attempts that are allowed after which the appliance prevents log in from the specific username or IP Address. |
|
Lockout fail window is the time in seconds within which the lockout fail count event must occur to trigger the lockout penalty time. Enter the duration for which OpenManage Enterprise must display information about a failed attempt. |
|
The duration of time, in seconds, that login attempts from the specific user or IP address must not be allowed. |
|
OpenManage Enterprise or OpenManage Enterprise Modular password. If the password is not provided, then the environment variable Example: export OME_PASSWORD=password |
|
OpenManage Enterprise or OpenManage Enterprise Modular HTTPS port. Default: |
|
Restrict to allow inbound connections only from the specified IP address range. This is mutually exclusive with fips_mode_enable.
|
|
Allow connections based on the IP address range. Choices:
|
|
The IP address range in Classless Inter-Domain Routing (CIDR) format. For example: 192.168.100.14/24 or 2001:db8::/24 |
|
The socket level timeout in seconds. Default: |
|
OpenManage Enterprise or OpenManage Enterprise Modular username. If the username is not provided, then the environment variable Example: export OME_USERNAME=username |
|
If Configure Prior to collection version Choices:
|
|
Authentication token. If the x_auth_token is not provided, then the environment variable Example: export OME_X_AUTH_TOKEN=x_auth_token |
Notes
Note
Run this module from a system that has direct access to Dell OpenManage Enterprise or OpenManage Enterprise Modular.
This module supports
check_mode
.
Examples
---
- name: Configure restricted allowed IP range
dellemc.openmanage.ome_application_security_settings:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
restrict_allowed_ip_range:
enable_ip_range: true
ip_range: 192.1.2.3/24
- name: Configure login lockout policy
dellemc.openmanage.ome_application_security_settings:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
login_lockout_policy:
by_user_name: true
by_ip_address: true
lockout_fail_count: 3
lockout_fail_window: 30
lockout_penalty_time: 900
- name: Configure restricted allowed IP range and login lockout policy with job wait time out of 60 seconds
dellemc.openmanage.ome_application_security_settings:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
restrict_allowed_ip_range:
enable_ip_range: true
ip_range: 192.1.2.3/24
login_lockout_policy:
by_user_name: true
by_ip_address: true
lockout_fail_count: 3
lockout_fail_window: 30
lockout_penalty_time: 900
job_wait_timeout: 60
- name: Enable FIPS mode
dellemc.openmanage.ome_application_security_settings:
hostname: "192.168.0.1"
username: "username"
password: "password"
ca_path: "/path/to/ca_cert.pem"
fips_mode_enable: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Details of http error. Returned: on http error Sample: |
|
Job ID of the security configuration task. Returned: When security configuration properties are provided Sample: |
|
Overall status of the login security configuration. Returned: always Sample: |