ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication module – This module manages certificate trust stores for replication on IBM Storage Virtualize family systems

Note

This module is part of the ibm.storage_virtualize collection (version 2.7.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.storage_virtualize.

To use it in a playbook, specify: ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication.

New in ibm.storage_virtualize 1.10.0

Synopsis

• Ansible interface to manage mktruststore and rmtruststore commands.

• This module transfers the certificate from a remote system to the local system.

• This module works on SSH and uses paramiko to establish an SSH connection.

• Once transfer is done successfully, it also adds the certificate to the trust store of the local system.

• This module can be used to set up mutual TLS (mTLS) for policy-based replication inter-system communication using cluster endpoint certificates (usually system-signed which are exported by the ibm.storage_virtualize.ibm_sv_manage_ssl_certificate module).

• To create a truststore for flashsystem grid, a root CA certificate has to be created and exported first. It can be achieved via ibm_svctask_command module via command chsystemcert -mksystemsigned and chsystemcert -exportrootcacert currently.

Parameters

Parameter	Comments
clustername string / required	The hostname or management IP of the Storage Virtualize system.
domain string	Domain for the Storage Virtualize storage system. Valid when hostname is used for the parameter clustername.
email string added in ibm.storage_virtualize 2.5.0	Specifies the certificates in the store are used to validate the email server. Choices: "on" "off"
flashgrid string added in ibm.storage_virtualize 2.7.0	Specifies the certificates in the store are used for the flashsystem grid. Choices: "on" "off"
ipsec string added in ibm.storage_virtualize 2.5.0	Specifies the certificates in the store are used for the IPsec service. Choices: "on" "off"
key_filename string	SSH client private key filename. By default, ~/.ssh/id_rsa is used.
log_path string	Path of debug log file.
name string / required	Specifies the name of the trust store.
password string	Password for the Storage Virtualize system. Mandatory, when usesshkey=no.
remote_clustername string	Specifies the name of the partner remote cluster with which mTLS partnership needs to be setup.
remote_domain string	Domain for the Storage Virtualize storage system. Valid when hostname is used for the parameter remote_clustername.
remote_password string	Password for remote cluster. Applies when state=present to create a trust store.
remote_username string	Username for remote cluster. Applies when state=present to create a trust store.
restapi string added in ibm.storage_virtualize 2.5.0	Specifies the certificates in the store are used for the REST API. Choices: "on" "off"
snmp string added in ibm.storage_virtualize 2.5.0	Specifies the certificates in the store are used to validate the SNMP servers. Choices: "on" "off"
state string / required	Creates (present) or deletes (absent) a trust store. Choices: "present" "absent"
syslog string added in ibm.storage_virtualize 2.5.0	Specifies the certificates to be bundled and provided to rsyslog client for making TLS connections. Choices: "on" "off"
username string / required	Username for the Storage Virtualize system.
usesshkey string	For key-pair based SSH connection, set this field as “yes”. Provide full path of key in key_filename field. If not provided, default path of SSH key is used. Choices: "yes" "no" ← (default)
vasa string added in ibm.storage_virtualize 2.5.0	Specifies the certificates in the store are used for the VASA Provider. Choices: "on" "off"

Notes

Note

• This module supports check_mode.

Examples

- name: Create truststore with email settings enabled
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{ clustername }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "{{ name }}"
    remote_clustername: "{{ remote_clustername }}"
    remote_username: "{{ remote_username }}"
    remote_password: "{{ remote_password }}"
    log_path: "{{ log_path }}"
    email: "on"
    state: "present"
- name: Turn-on syslog facility in existing truststore so that certificates are bundled and provide to rsyslog client
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{ clustername }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "{{ name }}"
    log_path: "{{ log_path }}"
    syslog: "on"
    state: "present"
- name: Turn-on restapi flag in existing truststore so that certificates in the store are used for the REST API
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{ clustername }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "{{ name }}"
    log_path: "{{ log_path }}"
    restapi: "on"
    state: "present"
- name: Create truststore for flashsystem grid
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{ clustername }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "{{ name }}"
    remote_clustername: "{{ remote_clustername }}"
    remote_username: "{{ remote_username }}"
    remote_password: "{{ remote_password }}"
    log_path: "{{ log_path }}"
    flashgrid: "on"
    state: "present"
- name: Delete truststore
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{ clustername }}"
    username: "{{ username }}"
    password: "{{ password }}"
    name: "{{ name }}"
    log_path: "{{ log_path }}"
    state: "absent"

Authors

• Sanjaikumaar M(@sanjaikumaar)

• Sumit Kumar Gupta (@sumitguptaibm)

• Sandip Gulab Rajbanshi (@Sandip-Rajbanshi)

Collection links

• Issue Tracker
• Repository (Sources)
• Report an issue