ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication module – This module manages certificate trust stores for replication on IBM Storage Virtualize family systems

Note

This module is part of the ibm.storage_virtualize collection (version 2.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ibm.storage_virtualize.

To use it in a playbook, specify: ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication.

New in ibm.storage_virtualize 1.10.0

Synopsis

  • Ansible interface to manage mktruststore and rmtruststore commands.

  • This module transfers the certificate from a remote system to the local system.

  • This module works on SSH and uses paramiko to establish an SSH connection.

  • Once transfer is done successfully, it also adds the certificate to the trust store of the local system.

  • This module can be used to set up mutual TLS (mTLS) for policy-based replication inter-system communication using cluster endpoint certificates (usually system-signed which are exported by the ibm.storage_virtualize.ibm_sv_manage_ssl_certificate module).

Parameters

Parameter

Comments

clustername

string / required

The hostname or management IP of the Storage Virtualize system.

email

string

added in ibm.storage_virtualize 2.5.0

Specifies the certificates in the store are used to validate the email server.

Choices:

  • "on"

  • "off"

ipsec

string

added in ibm.storage_virtualize 2.5.0

Specifies the certificates in the store are used for the IPsec service.

Choices:

  • "on"

  • "off"

key_filename

string

SSH client private key filename. By default, ~/.ssh/id_rsa is used.

log_path

string

Path of debug log file.

name

string

Specifies the name of the trust store.

If not specified, the module generates a name automatically with format store_I(remote_clustername).

password

string

Password for the Storage Virtualize system.

Mandatory, when usesshkey=no.

remote_clustername

string / required

Specifies the name of the partner remote cluster with which mTLS partnership needs to be setup.

remote_password

string

Password for remote cluster.

Applies when state=present to create a trust store.

remote_username

string

Username for remote cluster.

Applies when state=present to create a trust store.

restapi

string

added in ibm.storage_virtualize 2.5.0

Specifies the certificates in the store are used for the REST API.

Choices:

  • "on"

  • "off"

snmp

string

added in ibm.storage_virtualize 2.5.0

Specifies the certificates in the store are used to validate the SNMP servers.

Choices:

  • "on"

  • "off"

state

string / required

Creates (present) or deletes (absent) a trust store.

Choices:

  • "present"

  • "absent"

syslog

string

added in ibm.storage_virtualize 2.5.0

Specifies the certificates to be bundled and provided to rsyslog client for making TLS connections.

Choices:

  • "on"

  • "off"

username

string / required

Username for the Storage Virtualize system.

usesshkey

string

For key-pair based SSH connection, set this field as “yes”. Provide full path of key in key_filename field. If not provided, default path of SSH key is used.

Choices:

  • "yes"

  • "no" ← (default)

vasa

string

added in ibm.storage_virtualize 2.5.0

Specifies the certificates in the store are used for the VASA Provider.

Choices:

  • "on"

  • "off"

Notes

Note

  • This module supports check_mode.

Examples

- name: Create truststore
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{clustername}}"
    username: "{{username}}"
    password: "{{password}}"
    name: "{{name}}"
    remote_clustername: "{{remote_clustername}}"
    remote_username: "{{remote_username}}"
    remote_password: "{{remote_password}}"
    log_path: "{{log_path}}"
    state: "present"
- name: Turn-on syslog facility so that certificates are bundled and provide to rsyslog client
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{clustername}}"
    username: "{{username}}"
    password: "{{password}}"
    name: "{{name}}"
    remote_clustername: "{{remote_clustername}}"
    remote_username: "{{remote_username}}"
    remote_password: "{{remote_password}}"
    log_path: "{{log_path}}"
    syslog: "on"
    state: "present"
- name: Turn-on restapi flag so that certificates in the store are used for the REST API
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{clustername}}"
    username: "{{username}}"
    password: "{{password}}"
    name: "{{name}}"
    remote_clustername: "{{remote_clustername}}"
    remote_username: "{{remote_username}}"
    remote_password: "{{remote_password}}"
    log_path: "{{log_path}}"
    restapi: "on"
    state: "present"
- name: Delete truststore
  ibm.storage_virtualize.ibm_sv_manage_truststore_for_replication:
    clustername: "{{clustername}}"
    username: "{{username}}"
    password: "{{password}}"
    name: "{{name}}"
    remote_clustername: "{{remote_clustername}}"
    log_path: "{{log_path}}"
    state: "absent"

Authors

  • Sanjaikumaar M(@sanjaikumaar)

  • Sumit Kumar Gupta (@sumitguptaibm)

  • Sandip Gulab Rajbanshi (@Sandip-Rajbanshi)