hpe.nimble.hpe_nimble_encryption – Manage the HPE Nimble Storage encryption

Note

This plugin is part of the hpe.nimble collection (version 1.1.3).

To install it use: ansible-galaxy collection install hpe.nimble.

To use it in a playbook, specify: hpe.nimble.hpe_nimble_encryption.

New in version 1.0.0: of hpe.nimble

Synopsis

  • Manage the encryption on an Nimble Storage group.

Requirements

The below requirements are needed on the host that executes this module.

  • Ansible 2.9 or later

  • Python 3.6 or later

  • HPE Nimble Storage SDK for Python

  • HPE Nimble Storage arrays running NimbleOS 5.0 or later

Parameters

Parameter Choices/Defaults Comments
active
boolean
    Choices:
  • no
  • yes
Whether the master key is active or not.
age
integer
Minimum age (in hours) of inactive encryption keys to be purged. '0' indicates to purge the keys immediately.
encryption_config
dictionary
How encryption is configured for this group. Group encryption settings.
group_encrypt
boolean
    Choices:
  • no
  • yes
Flag for setting group encryption.
host
string / required
HPE Nimble Storage IP address.
name
string / required
Name of the master key. The only allowed value is "default".
new_passphrase
string
When changing the passphrase, this attribute specifies the new value of the passphrase. String with size from 8 to 64 printable characters.
passphrase
string
Passphrase used to protect the master key, required during creation, enabling/disabling the key and change the passphrase to a new value. String with size from 8 to 64 printable characters.
password
string / required
HPE Nimble Storage password.
purge_inactive
boolean
    Choices:
  • no
  • yes
Purges encryption keys that have been inactive for the age or longer. If you do not specify an age, the keys will be purged immediately.
state
string / required
    Choices:
  • create
  • present
  • absent
The encryption operation.
username
string / required
HPE Nimble Storage user name.

Notes

Note

  • This module does not support check_mode.

Examples

# if state is create, then create master key, fails if it exist or cannot create
# if state is present, then create master key if not present ,else success
- name: Create master key
  hpe.nimble.hpe_nimble_encryption:
    host: "{{ host }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "default"
    passphrase: "{{ passphrase }}"
    active: "{{ active | default('false') }}"
    state: "{{ state | default('present') }}"

- name: Delete master key
  hpe.nimble.hpe_nimble_encryption:
    host: "{{ host }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "default"
    state: "absent"

- name: Purge inactive master key
  hpe.nimble.hpe_nimble_encryption:
    host: "{{ host }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "default"
    age: "{{ age | mandatory }}"
    state: "present"
    purge_inactive: true

- name: Group encryption
  hpe.nimble.hpe_nimble_encryption:
    host: "{{ host }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "{{ name }}"
    encryption_config: "{{ encryption_config | mandatory }}"
    state: "present"
    group_encrypt: true

Authors