ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication module – This module manages certificate trust stores for replication on IBM Storage Virtualize family systems
Note
This module is part of the ibm.storage_virtualize collection (version 2.5.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ibm.storage_virtualize
.
To use it in a playbook, specify: ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication
.
New in ibm.storage_virtualize 1.10.0
Synopsis
Ansible interface to manage mktruststore and rmtruststore commands.
This module transfers the certificate from a remote system to the local system.
This module works on SSH and uses paramiko to establish an SSH connection.
Once transfer is done successfully, it also adds the certificate to the trust store of the local system.
This module can be used to set up mutual TLS (mTLS) for policy-based replication inter-system communication using cluster endpoint certificates (usually system-signed which are exported by the ibm.storage_virtualize.ibm_sv_manage_ssl_certificate module).
Parameters
Parameter |
Comments |
---|---|
The hostname or management IP of the Storage Virtualize system. |
|
Specifies the certificates in the store are used to validate the email server. Choices:
|
|
Specifies the certificates in the store are used for the IPsec service. Choices:
|
|
SSH client private key filename. By default, ~/.ssh/id_rsa is used. |
|
Path of debug log file. |
|
Specifies the name of the trust store. If not specified, the module generates a name automatically with format store_I(remote_clustername). |
|
Password for the Storage Virtualize system. Mandatory, when usesshkey=no. |
|
Specifies the name of the partner remote cluster with which mTLS partnership needs to be setup. |
|
Password for remote cluster. Applies when state=present to create a trust store. |
|
Username for remote cluster. Applies when state=present to create a trust store. |
|
Specifies the certificates in the store are used for the REST API. Choices:
|
|
Specifies the certificates in the store are used to validate the SNMP servers. Choices:
|
|
Creates ( Choices:
|
|
Specifies the certificates to be bundled and provided to rsyslog client for making TLS connections. Choices:
|
|
Username for the Storage Virtualize system. |
|
For key-pair based SSH connection, set this field as “yes”. Provide full path of key in key_filename field. If not provided, default path of SSH key is used. Choices:
|
|
Specifies the certificates in the store are used for the VASA Provider. Choices:
|
Notes
Note
This module supports
check_mode
.
Examples
- name: Create truststore
ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
clustername: "{{clustername}}"
username: "{{username}}"
password: "{{password}}"
name: "{{name}}"
remote_clustername: "{{remote_clustername}}"
remote_username: "{{remote_username}}"
remote_password: "{{remote_password}}"
log_path: "{{log_path}}"
state: "present"
- name: Turn-on syslog facility so that certificates are bundled and provide to rsyslog client
ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
clustername: "{{clustername}}"
username: "{{username}}"
password: "{{password}}"
name: "{{name}}"
remote_clustername: "{{remote_clustername}}"
remote_username: "{{remote_username}}"
remote_password: "{{remote_password}}"
log_path: "{{log_path}}"
syslog: "on"
state: "present"
- name: Turn-on restapi flag so that certificates in the store are used for the REST API
ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
clustername: "{{clustername}}"
username: "{{username}}"
password: "{{password}}"
name: "{{name}}"
remote_clustername: "{{remote_clustername}}"
remote_username: "{{remote_username}}"
remote_password: "{{remote_password}}"
log_path: "{{log_path}}"
restapi: "on"
state: "present"
- name: Delete truststore
ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
clustername: "{{clustername}}"
username: "{{username}}"
password: "{{password}}"
name: "{{name}}"
remote_clustername: "{{remote_clustername}}"
log_path: "{{log_path}}"
state: "absent"