diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
| commit | 38b7c80217c4e72b1d8988eb1e60bb6e77334114 (patch) | |
| tree | 356e9fd3762877d07cde52d21e77070aeff7e789 /ansible_collections/dellemc/openmanage/roles/idrac_certificate | |
| parent | Adding upstream version 7.7.0+dfsg. (diff) | |
| download | ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.tar.xz ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.zip | |
Adding upstream version 9.4.0+dfsg.upstream/9.4.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/dellemc/openmanage/roles/idrac_certificate')
35 files changed, 1944 insertions, 0 deletions
diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/README.md b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/README.md new file mode 100644 index 000000000..30f8f8008 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/README.md @@ -0,0 +1,386 @@ +# idrac_certificate + +Role to manage the iDRAC certificates - Generate Certificate Signing Request, Import/Export certificates, and Reset configuration - for PowerEdge servers. + +## Requirements + +--- + +Requirements to develop and contribute to the role. + +### Development + +``` +ansible +docker +molecule +python +``` + +### Production + +Requirements to use the role. + +``` +ansible +python +``` + +## Ansible collections + +Collections required to use the role. + +``` +dellemc.openmanage +``` + +## Role Variables + +--- + +<table> +<thead> + <tr> + <th>Name</th> + <th>Required</th> + <th>Default Value</th> + <th>Choices</th> + <th>Type</th> + <th>Description</th> + </tr> +</thead> +<tbody> + <tr> + <td>hostname</td> + <td>true</td> + <td></td> + <td></td> + <td>str</td> + <td>- iDRAC IP Address</td> + </tr> + <tr> + <td>username</td> + <td>true</td> + <td></td> + <td></td> + <td>str</td> + <td>- iDRAC username</td> + </tr> + <tr> + <td>password</td> + <td>true</td> + <td></td> + <td></td> + <td>str</td> + <td>- iDRAC user password.</td> + </tr> + <tr> + <td>https_port</td> + <td>false</td> + <td>443</td> + <td></td> + <td>int</td> + <td>- iDRAC port.</td> + </tr> + <tr> + <td>validate_certs</td> + <td>false</td> + <td>true</td> + <td></td> + <td>bool</td> + <td>- If C(false), the SSL certificates will not be validated.<br>- Configure C(false) only on personally controlled sites where self-signed certificates are used.</td> + </tr> + <tr> + <td>ca_path</td> + <td>false</td> + <td></td> + <td></td> + <td>path</td> + <td>- The Privacy Enhanced Mail (PEM) file that contains a CA certificate to be used for the validation.</td> + </tr> + <tr> + <td>https_timeout</td> + <td>false</td> + <td>30</td> + <td></td> + <td>int</td> + <td>- The socket level timeout in seconds.</td> + </tr> + <tr> + <td>command</td> + <td>false</td> + <td>generate_csr</td> + <td>'import', 'export', 'generate_csr', 'reset'</td> + <td>str</td> + <td>- C(generate_csr), generate CSR. This requires I(cert_params) and I(certificate_path). + <br>- C(import), import the certificate file. This requires I(certificate_path). + <br>- C(export), export the certificate. This requires I(certificate_path). + <br>- C(reset), reset the certificate to default settings. This is applicable only for C(HTTPS). + </td> + </tr> + <tr> + <td>certificate_type</td> + <td>false</td> + <td>HTTPS</td> + <td>'HTTPS', 'CA', 'CSC', 'CLIENT_TRUST_CERTIFICATE', 'CUSTOMCERTIFICATE'</td> + <td>str</td> + <td>-Type of the iDRAC certificate: + <br>- C(HTTPS) The Dell self-signed SSL certificate. + <br>- C(CA) Certificate Authority(CA) signed SSL certificate. + <br>- C(CSC) The custom signed SSL certificate. + <br>- C(CLIENT_TRUST_CERTIFICATE) Client trust certificate. + <br>- C(CUSTOMCERTIFICATE) The custom PKCS12 certificate and private key. Export of custom certificate is supported only on iDRAC firmware version 7.00.00.00 and above.</td> + </tr> + <tr> + <td>certificate_path</td> + <td>false</td> + <td></td> + <td></td> + <td>path</td> + <td>- Absolute path of the certificate file if I(command) is C(import). + <br>- Directory path with write permissions if I(command) is C(generate_csr) or C(export).<br></td> + </tr> + <tr> + <td>passpharse</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- The passphrase string if the certificate to be imported is passphrase protected.</td> + </tr> + <tr> + <td>ssl_key</td> + <td>false</td> + <td></td> + <td></td> + <td>path</td> + <td>- Absolute path of the private or SSL key file. + <br>- This is applicable only when I(command) is C(import) and I(certificate_type) is C(HTTPS). + <br>- Uploading the SSL key on iDRAC is supported on version 6.00.02.00 and newer versions.<br></td> + </tr> + <tr> + <td>cert_params</td> + <td>false</td> + <td></td> + <td></td> + <td>dict</td> + <td></td> + </tr> + <tr> + <td> common_name</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- The common name of the certificate.</td> + </tr> + <tr> + <td> organization_unit</td> + <td>false</td> + <td>true</td> + <td></td> + <td>str</td> + <td>- The name associated with an organizational unit. For example, department name.</td> + </tr> + <tr> + <td> locality_name</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- The city or other location where the entity applying for certification is located.</td> + </tr> + <tr> + <td> state_name</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- The state where the entity applying for certification is located.</td> + </tr> + <tr> + <td> country_code</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td> - The country code of the country where the entity applying for certification is located.</td> + </tr> + <tr> + <td> email_address</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- The email associated with the CSR.</td> + </tr> + <tr> + <td> organization_name</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- The name associated with an organization.</td> + </tr> + <tr> + <td> subject_alt_name</td> + <td>false</td> + <td>[]</td> + <td></td> + <td>list</td> + <td>- The alternative domain names associated with the request.</td> + </tr> + <tr> + <td>resource_id</td> + <td>false</td> + <td></td> + <td></td> + <td>str</td> + <td>- Redfish ID of the resource.</td> + </tr> + <tr> + <td>reset</td> + <td>false</td> + <td>true</td> + <td></td> + <td>bool</td> + <td>- To reset the iDRAC after the certificate operation.<br>- This is applicable when I(command) is C(import) or C(reset).<br></td> + </tr> + <tr> + <td>wait</td> + <td>false</td> + <td>300</td> + <td></td> + <td>bool</td> + <td>- Maximum wait time for iDRAC to start after the reset, in seconds.<br>- This is applicable when I(command) is C(import) or C(reset) and I(reset) is C(True).<br></td> + </tr> +</tbody> +</table> + +## Fact variables + +<table> +<thead> + <tr> + <th>Name</th> + <th>Sample</th> + <th>Description</th> + </tr> +</thead> + <tbody> + <tr> + <td>idrac_certificate_out</td> + <td>{ +"certificate_path": "/root/Certs/192.168.0.1_202333_4130_HTTPS.pem", + "changed": false, + "msg": "Successfully performed the 'export' operation." +}</td> + <td>Module output of the cerificate export job.</td> + </tr> + </tbody> +</table> + +## Examples + +--- + +``` +- name: Generate HTTPS certificate signing request + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "192.168.0.1" + username: "user_name" + password: "user_password" + ca_path: "/path/to/ca_cert.pem" + command: "generate_csr" + certificate_type: "HTTPS" + certificate_path: "/home/omam/mycerts" + cert_params: + common_name: "sample.domain.com" + organization_unit: "OrgUnit" + locality_name: "Bangalore" + state_name: "Karnataka" + country_code: "IN" + email_address: "admin@domain.com" + organization_name: "OrgName" + subject_alt_name: + - 192.198.2.1 +``` + +``` +- name: Importing certificate. + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "192.168.0.1" + username: "user_name" + password: "user_password" + ca_path: "/path/to/ca_cert.pem" + command: "import" + certificate_type: "HTTPS" + certificate_path: "/path/to/cert.pem" +``` + +``` +- name: Exporting certificate. + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "192.168.0.1" + username: "user_name" + password: "user_password" + ca_path: "/path/to/ca_cert.pem" + command: "export" + certificate_type: "HTTPS" + certificate_path: "/home/omam/mycert_dir" +``` + +``` +- name: Importing Custom Signing Certificate. + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "192.168.0.1" + username: "user_name" + password: "user_password" + ca_path: "/path/to/ca_cert.pem" + command: "import" + certificate_type: "CSC" + certificate_path: "/path/to/cert.pem" +``` + +``` +- name: Import an HTTPS certificate with private key. + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "192.168.0.1" + username: "user_name" + password: "user_password" + ca_path: "/path/to/ca_cert.pem" + command: "import" + certificate_type: "HTTPS" + certificate_path: "/path/to/cert.pem" + ssl_key: "/path/to/ssl_key" +``` + +``` +- name: Exporting certificate. + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "192.168.0.1" + username: "user_name" + password: "user_password" + ca_path: "/path/to/ca_cert.pem" + command: "export" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "/home/omam/mycert_dir" +``` + +## Author Information +--- +Dell Technologies <br> +Shivam Sharma (Shivam.Sharma3@Dell.com) 2023<br> +Jagadeesh N V (Jagadeesh.N.V@Dell.com) 2023 diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/defaults/main.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/defaults/main.yml new file mode 100644 index 000000000..5c3acbfe1 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# defaults file for idrac_certificate + +https_port: 443 +validate_certs: true +https_timeout: 30 +certificate_type: "HTTPS" +command: generate_csr +reset: true +wait: 300 diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/handlers/main.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/handlers/main.yml new file mode 100644 index 000000000..edfc1a30b --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for idrac_certificate diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/meta/argument_specs.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/meta/argument_specs.yml new file mode 100644 index 000000000..9b1220ae5 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/meta/argument_specs.yml @@ -0,0 +1,132 @@ +--- +argument_specs: + main: + version_added: "7.4.0" + short_description: This role allows to generate certificate signing + request, import, and export certificates on iDRAC + description: + - Role to manage the iDRAC certificates - Generate CSR, + Import/Export certificates, and Reset configuration - for + PowerEdge servers. + options: + hostname: + required: true + type: str + description: iDRAC IP Address. + username: + type: str + description: iDRAC username. + password: + type: str + description: iDRAC user password. + https_port: + type: int + description: iDRAC port. + default: 443 + validate_certs: + description: + - If C(false), the SSL certificates will not be validated. + - Configure C(false) only on personally controlled sites where + self-signed certificates are used. + - Prior to collection version C(5.0.0), the I(validate_certs) is + C(false) by default. + type: bool + default: true + ca_path: + description: + - The Privacy Enhanced Mail (PEM) file that contains a + CA certificate to be used for the validation. + type: str + https_timeout: + description: The socket level timeout in seconds. + type: int + default: 30 + command: + description: C(generate_csr), generate CSR. This requires + I(cert_params) and I(certificate_path). + choices: ["import", "export", "generate_csr", "reset"] + default: "generate_csr" + type: str + certificate_type: + description: Type of the iDRAC certificate + - C(HTTPS) The Dell self-signed SSL certificate. + - C(CA) Certificate Authority(CA) signed SSL certificate. + - C(CSC) The custom signed SSL certificate. + - C(CLIENT_TRUST_CERTIFICATE) Client trust certificate. + - C(CUSTOMCERTIFICATE) The custom PKCS12 certificate and private key. + Export of custom certificate is supported only on + iDRAC firmware version 7.00.00.00 and above. + type: str + choices: ["HTTPS", "CA", "CSC", "CLIENT_TRUST_CERTIFICATE", + "CUSTOMCERTIFICATE"] + default: "HTTPS" + certificate_path: + description: + - Absolute path of the certificate file if I(command) is C(import). + - Directory path with write permissions if I(command) + is C(generate_csr) or C(export). + type: path + passphrase: + description: The passphrase string if the certificate to be + imported is passphrase protected. + type: str + ssl_key: + description: + - Absolute path of the private or SSL key file. + - This is applicable only when I(command) is C(import) + and I(certificate_type) is C(HTTPS). + - Uploading the SSL key on iDRAC is supported on version + 6.00.02.00 and newer versions. + type: path + version_added: 8.6.0 + cert_params: + description: Certificate parameters to generate signing request. + type: dict + options: + common_name: + description: The common name of the certificate. + type: str + organization_unit: + description: The name associated with an organizational unit. + For example, department name. + type: str + default: true + locality_name: + description: The city or other location where the entity + applying for certification is located. + type: str + state_name: + description: The state where the entity applying for + certification is located. + type: str + country_code: + description: The country code of the country where the entity + applying for certification is located. + type: str + email_address: + description: The email associated with the CSR. + type: str + organization_name: + description: The name associated with an organization. + type: str + subject_alt_name: + description: The alternative domain names associated with the request. + type: list + elements: str + default: [] + resource_id: + description: Redfish ID of the resource. + type: str + reset: + description: + - To reset the iDRAC after the certificate operation. + - This is applicable when I(command) is C(import) or C(reset). + type: bool + default: true + wait: + description: + - Maximum wait time for iDRAC to start after the reset, in seconds. + - This is applicable when I(command) is C(import) or C(reset) + and I(reset) is C(True). + type: int + default: 300 diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/meta/main.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/meta/main.yml new file mode 100644 index 000000000..d6a65cf69 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/meta/main.yml @@ -0,0 +1,22 @@ +galaxy_info: + author: | + "Shivam Sharma + Jagadeesh N V" + description: Role to manage the iDRAC certificates - Generate CSR, Import/Export certificates, and Reset configuration - for PowerEdge servers. + company: Dell Technologies + license: GPL-3.0-only + min_ansible_version: "2.13" + platforms: + - name: Ubuntu + versions: + - jammy + - name: SLES + versions: + - "15SP3" + - "15SP4" + - name: EL + versions: + - "9" + - "8" + galaxy_tags: [] +dependencies: [] diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CA/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CA/converge.yml new file mode 100644 index 000000000..64e2a242f --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CA/converge.yml @@ -0,0 +1,90 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + ca_cert_name: "{{ lookup('env', 'ca_cert_name') }}" + import_cert_path: "{{ lookup('env', 'path_for_import_cert') }}" + export_cert_path: "{{ lookup('env', 'path_for_export_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Fetching CA certificate from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ ca_cert_name }}" + + - name: Import CA certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CA" + certificate_path: "{{ import_cert_path }}{{ ca_cert_name }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 30 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + - name: Export CA certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "CA" + certificate_path: "{{ export_cert_path }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + when: not ansible_check_mode + + - name: Setting up CA certificate path for exported file + when: idrac_certificate_out is defined + and idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: ca_cert_file + delegate_to: "{{ idrac_delegate_to }}" + no_log: true + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: + - ca_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the + 'export' certificate operation." + when: not ansible_check_mode and not idrac_certificate_out.changed + + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CA/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CA/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CA/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CSC/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CSC/converge.yml new file mode 100644 index 000000000..2a8708f27 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CSC/converge.yml @@ -0,0 +1,168 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + csc_cert_name: "{{ lookup('env', 'csc_certificate') }}" + csc_cert_pass_name: "{{ lookup('env', 'csc_passphrase_certificate') }}" + import_cert_path: "{{ lookup('env', 'path_for_import_cert') }}" + export_cert_path: "{{ lookup('env', 'path_for_export_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Fetching CSC certificates from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ csc_cert_name }}" + + - name: Import CSC certificate without passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CSC" + passphrase: "" + certificate_path: "{{ import_cert_path }}{{ csc_cert_name }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 30 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + - name: Export CSC certificate without passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "CSC" + certificate_path: "{{ export_cert_path }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + when: not ansible_check_mode + + - name: Setting up CSC certificate path for exported file + when: idrac_certificate_out is defined + and idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: csc_cert_file + delegate_to: "{{ idrac_delegate_to }}" + no_log: true + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: + - csc_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the + 'export' certificate operation." + when: not ansible_check_mode and not idrac_certificate_out.changed + + - name: Fetching CSC certificates from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ csc_cert_pass_name }}" + + - name: Import CSC certificate with passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CSC" + passphrase: "{{ lookup('env', 'passphrase') }}" + certificate_path: "{{ import_cert_path }}{{ csc_cert_pass_name }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 30 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + - name: Export CSC certificate with passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "CSC" + certificate_path: "{{ export_cert_path }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + when: not ansible_check_mode + + - name: Setting up CSC certificate path for exported file + when: idrac_certificate_out is defined + and idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: csc_cert_file + delegate_to: "{{ idrac_delegate_to }}" + no_log: true + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: + - csc_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the + 'export' certificate operation." + when: not ansible_check_mode and not idrac_certificate_out.changed + + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CSC/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CSC/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CSC/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CTC/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CTC/converge.yml new file mode 100644 index 000000000..cdf53ff08 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CTC/converge.yml @@ -0,0 +1,90 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + ctc_cert_name: "{{ lookup('env', 'ctc_cert_name') }}" + import_cert_path: "{{ lookup('env', 'path_for_import_cert') }}" + export_cert_path: "{{ lookup('env', 'path_for_export_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Fetching CTC certificate from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ ctc_cert_name }}" + + - name: Import CTC certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "{{ import_cert_path }}{{ ctc_cert_name }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 30 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + - name: Export CTC certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "{{ export_cert_path }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + when: not ansible_check_mode + + - name: Setting up CTC certificate path for exported file + when: idrac_certificate_out is defined + and idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: ctc_cert_file + delegate_to: "{{ idrac_delegate_to }}" + no_log: true + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: + - ctc_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the + 'export' certificate operation." + when: not ansible_check_mode and not idrac_certificate_out.changed + + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CTC/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CTC/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CTC/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CustomCertificate/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CustomCertificate/converge.yml new file mode 100644 index 000000000..0f07f68ca --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CustomCertificate/converge.yml @@ -0,0 +1,207 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + custom_certificate_failure: {} + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + custom_cert_name: "{{ lookup('env', 'custom_cert_name') }}" + cust_crt_name_pass: "{{ lookup('env', 'custom_cert_name_pass') }}" + import_cert_path: "{{ lookup('env', 'path_for_import_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Fetching firmware version for IDRAC + ansible.builtin.include_tasks: + file: ../__extract_firmware_version.yml + vars: + idrac_ip: "{{ lookup('env', 'hostname') }}" + idrac_user: "{{ lookup('env', 'username') }}" + idrac_password: "{{ lookup('env', 'password') }}" + + - name: Set expected firmware version + ansible.builtin.set_fact: + firmware_version_expected: "6.10.80.00" + firmware_version_expected_export: "7.00.00.00" + + - name: Import CUSTOMCERTIFICATE without passphrase + when: idrac_certificate_firmware_version is defined and + "idrac_certificate_firmware_version >= firmware_version_expected" + and custom_cert_name + block: + - name: Fetching Custom certificate from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ custom_cert_name }}" + + - name: Import a custom certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CUSTOMCERTIFICATE" + certificate_path: "{{ import_cert_path }}{{ custom_cert_name }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + passphrase: "" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 60 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + rescue: + - name: Set the failure messages for CUSTOMECERT + ansible.builtin.set_fact: + custom_certificate_failure: "{{ custom_certificate_failure | + combine({'CUSTOMCERTIFICATE_WITHOUT_PASS_IMPORT': + {'msg': ansible_failed_result.msg, + 'failed_task_name': ansible_failed_task.name}}) }}" + always: + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml + + - name: Export CUSTOMCERTIFICATE + when: + - idrac_certificate_firmware_version is defined + - "idrac_certificate_firmware_version >= + firmware_version_expected_export" + block: + - name: Fetching Custom certificate from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + + - name: Export a custom certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "CUSTOMCERTIFICATE" + certificate_path: "{{ import_cert_path }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + when: not ansible_check_mode + + - name: Setting up CustomCertificate certificate path for exported file + when: idrac_certificate_out is defined + and idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: csc_cert_file + delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + no_log: true + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: + - csc_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the + 'export' certificate operation." + when: not ansible_check_mode and not idrac_certificate_out.changed + + rescue: + - name: Set the failure messages for CUSTOMECERT + ansible.builtin.set_fact: + custom_certificate_failure: "{{ custom_certificate_failure | + combine({'CUSTOMCERTIFICATE_EXPORT': + {'msg': ansible_failed_result.msg, + 'failed_task_name': ansible_failed_task.name}}) }}" + + always: + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml + + - name: Import CUSTOMCERTIFICATE with passphrase + when: idrac_certificate_firmware_version is defined and + "idrac_certificate_firmware_version >= firmware_version_expected" + and cust_crt_name_pass + block: + - name: Fetching Custom certificate from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ cust_crt_name_pass }}" + + - name: Import a custom certificate with passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CUSTOMCERTIFICATE" + certificate_path: "{{ import_cert_path }}{{ cust_crt_name_pass }}" + passphrase: "{{ lookup('env', 'passphrase') }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 60 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + rescue: + - name: Set the failure messages for CUSTOMECERT + ansible.builtin.set_fact: + custom_certificate_failure: "{{ custom_certificate_failure | + combine({'CUSTOMCERTIFICATE_WITH_PASS_IMPORT': + {'msg': ansible_failed_result.msg, + 'failed_task_name': ansible_failed_task.name}}) }}" + + always: + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml + + - name: Collecting failure + ansible.builtin.debug: + var: custom_certificate_failure + when: custom_certificate_failure + failed_when: true diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CustomCertificate/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CustomCertificate/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/CustomCertificate/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/HTTPS/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/HTTPS/converge.yml new file mode 100644 index 000000000..28cdf16b8 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/HTTPS/converge.yml @@ -0,0 +1,90 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + https_cert_name: "{{ lookup('env', 'https_cert_name') }}" + import_cert_path: "{{ lookup('env', 'path_for_import_cert') }}" + export_cert_path: "{{ lookup('env', 'path_for_export_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Fetching HTTPS certificate from share + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ https_cert_name }}" + + - name: Import HTTPS certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "HTTPS" + certificate_path: "{{ import_cert_path }}{{ https_cert_name }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 30 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'import' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + - name: Export a custom certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "HTTPS" + certificate_path: "{{ export_cert_path }}" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + when: not ansible_check_mode + + - name: Setting up HTTPS certificate path for exported file + when: idrac_certificate_out is defined + and idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: https_cert_file + delegate_to: "{{ idrac_delegate_to }}" + no_log: true + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: + - https_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the + 'export' certificate operation." + when: not ansible_check_mode and not idrac_certificate_out.changed + + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/HTTPS/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/HTTPS/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/HTTPS/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/SSLKEY/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/SSLKEY/converge.yml new file mode 100644 index 000000000..c90e4e53e --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/SSLKEY/converge.yml @@ -0,0 +1,94 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + https_cert_ssl_failure: {} + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + path_for_import_cert: "{{ lookup('env', 'path_for_import_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Fetching firmware version for IDRAC + ansible.builtin.include_tasks: + file: ../__extract_firmware_version.yml + vars: + idrac_ip: "{{ lookup('env', 'hostname') }}" + idrac_user: "{{ lookup('env', 'username') }}" + idrac_password: "{{ lookup('env', 'password') }}" + + - name: Set expected firmware version + ansible.builtin.set_fact: + firmware_version_expected: "6.00.02.00" + + - name: Import Https certificate using ssl_key + when: idrac_certificate_firmware_version is defined and + "idrac_certificate_firmware_version >= firmware_version_expected" + block: + - name: Create directory + ansible.builtin.include_tasks: + file: ../__get_helper.yml + + - name: Create SSL Key ans self-signed certificate + when: idrac_certificate_check_file_created.stat.exists + ansible.builtin.include_tasks: + file: ../__get_ssl_key.yml + + - name: Importing HTTPS certificate using ssl_key + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "HTTPS" + certificate_path: "{{ path_for_import_cert }}cert.pem" + ssl_key: "{{ path_for_import_cert }}cert.key" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Waiting for idrac readiness + ansible.builtin.wait_for: + timeout: 60 + when: + - not ansible_check_mode + - idrac_certificate_out is defined + - idrac_certificate_out.changed + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with normal mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the SSL + key upload and 'import' certificate operation. + iDRAC has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed + + - name: Asserting operation with idempotence. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "No changes found to be applied." + when: not ansible_check_mode and not idrac_certificate_out.changed + + rescue: + - name: Set the failure messages for SSLKEY + ansible.builtin.set_fact: + https_cert_ssl_failure: "{{ https_cert_ssl_failure | + combine({'HTTPS_SSL_KEY_CERT_IMPORT': + {'msg': ansible_failed_result.msg, + 'failed_task_name': ansible_failed_task.name}}) }}" + + always: + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml + + - name: Collecting failure + ansible.builtin.debug: + var: https_cert_ssl_failure + when: https_cert_ssl_failure + failed_when: true diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/SSLKEY/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/SSLKEY/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/SSLKEY/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__delete_directory.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__delete_directory.yml new file mode 100644 index 000000000..d301ea290 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__delete_directory.yml @@ -0,0 +1,6 @@ +--- +- name: Delete the directory + ansible.builtin.file: + path: "{{ lookup('env', 'path_for_import_cert') }}" + state: absent + delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__extract_firmware_version.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__extract_firmware_version.yml new file mode 100644 index 000000000..9ffc8b8df --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__extract_firmware_version.yml @@ -0,0 +1,21 @@ +--- +- name: Fetch firmware version + ansible.builtin.uri: + url: "https://{{ idrac_ip }}/redfish/v1/Managers/iDRAC.Embedded.1" + user: "{{ idrac_user }}" + password: "{{ idrac_password }}" + method: GET + force_basic_auth: true + validate_certs: false + body_format: json + return_content: true + status_code: 200 + register: idrac_certificate_uri_data + when: idrac_ip is defined and idrac_password is defined + and idrac_user is defined + check_mode: false + +- name: Set firmware version + ansible.builtin.set_fact: + idrac_certificate_firmware_version: "{{ idrac_certificate_uri_data.json.FirmwareVersion }}" + when: idrac_certificate_uri_data.json is defined diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__get_helper.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__get_helper.yml new file mode 100644 index 000000000..3994eed1e --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__get_helper.yml @@ -0,0 +1,40 @@ +--- +- name: Set the share vars + ansible.builtin.set_fact: + https_share_ip: "{{ lookup('env', 'https_share_ip') }}" + https_certificate_path: "{{ lookup('env', 'https_certificate_path') }}" + https_share_username: "{{ lookup('env', 'https_share_username') }}" + https_share_password: "{{ lookup('env', 'https_share_password') }}" + path_for_import_cert: "{{ lookup('env', 'path_for_import_cert') }}" + idrac_cert_dlg_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + no_log: true + +- name: Create Directory + ansible.builtin.file: + path: "{{ path_for_import_cert }}" + state: directory + mode: "0755" + register: idrac_certificate_created_directory + check_mode: false + delegate_to: "{{ idrac_cert_dlg_to }}" + +- name: Setting up certificate path + ansible.builtin.stat: + path: "{{ path_for_import_cert }}" + register: idrac_certificate_check_file_created + check_mode: false + delegate_to: "{{ idrac_cert_dlg_to }}" + +- name: Copy file from HTTPS share to local machine + when: idrac_cert_name is defined and (idrac_cert_name | length > 0) + and idrac_certificate_check_file_created.stat.exists + ansible.builtin.uri: + url: "https://{{ https_share_ip }}{{ https_certificate_path }}{{ item }}" + dest: "{{ path_for_import_cert }}" + force_basic_auth: true + validate_certs: false + url_username: "{{ https_share_username }}" + url_password: "{{ https_share_password }}" + check_mode: false + loop: "{{ idrac_cert_name }}" + delegate_to: "{{ idrac_cert_dlg_to }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__get_ssl_key.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__get_ssl_key.yml new file mode 100644 index 000000000..ed3c34000 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/__get_ssl_key.yml @@ -0,0 +1,18 @@ +--- +- name: Create private key is present + community.crypto.openssl_privatekey: + path: "{{ lookup('env', 'path_for_import_cert') }}cert.key" + size: 2048 + type: RSA + check_mode: false + no_log: true + delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + +- name: Ensure self-signed cert is present + community.crypto.x509_certificate: + path: "{{ lookup('env', 'path_for_import_cert') }}cert.pem" + privatekey_path: "{{ lookup('env', 'path_for_import_cert') }}cert.key" + provider: selfsigned + check_mode: false + no_log: true + delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/default/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/default/converge.yml new file mode 100644 index 000000000..56c26b4a6 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/default/converge.yml @@ -0,0 +1,381 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + cert_export_path: "{{ lookup('env', 'certificate_path') }}" + import_cert_path: "{{ lookup('env', 'path_for_import_cert') }}" + custom_cert_name: "{{ lookup('env', 'custom_cert_name') }}" + cust_crt_name_pass: "{{ lookup('env', 'custom_cert_name_pass') }}" + csc_pass_cert: "{{ lookup('env', 'csc_passphrase_certificate') }}" + cert_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Invalid Scenarios + when: not ansible_check_mode + block: + - name: Set the failure messages + ansible.builtin.set_fact: + ssl_key_fail_msg: "Unable to locate the SSL key file" + ctc_invalid_path: "[Errno 2] No such file or directory" + + - name: Create directory and fetch certificates + ansible.builtin.include_tasks: + file: ../__get_helper.yml + vars: + idrac_cert_name: + - "{{ custom_cert_name }}" + - "{{ cust_crt_name_pass }}" + - "{{ csc_pass_cert }}" + + - name: Create SSL Key ans self-signed certificate + when: idrac_certificate_check_file_created is defined and + idrac_certificate_check_file_created.stat.exists + ansible.builtin.include_tasks: + file: ../__get_ssl_key.yml + + - name: Export a Client Trust Certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "export" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "{{ cert_export_path }}" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + ignore_errors: true + register: idrac_certificate_res + + - name: Setting up Client Trust certificate path for exported file + when: idrac_certificate_out.certificate_path is defined + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: ctc_cert_file + no_log: true + + - name: Import a Client Trust Certificate invalid path + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "/path/invalid-path/to/certificate.pem" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + ignore_errors: true + register: idrrac_certificate_res_err + + - name: Verifying Import a Client Trust Certificate invalid path + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - "ctc_invalid_path in idrac_certificate_out.msg" + + - name: Import a Client Trust Certificate invalid certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "{{ lookup('env', 'invalid_certificate') }}" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + ignore_errors: true + register: idrac_certificate_res_err1 + + - name: Verifying Import a Client Trust Certificate invalid certificate + ansible.builtin.assert: + that: + - ('"HTTP Error 400" in idrac_certificate_out.msg') + - idrac_certificate_out.failed + + - name: Import a Client Trust Certificate invalid certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "{{ lookup('env', 'invalid_certificate') }}" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + ignore_errors: true + register: idrac_certificate_res_err2 + + - name: Verifying Import a Client Trust Certificate invalid certificate + ansible.builtin.assert: + that: + - ('"HTTP Error 400" in idrac_certificate_out.msg') + - idrac_certificate_out.failed + + - name: Import a Client Trust Certificate with invalid credentials + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'invalid_password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "import" + certificate_type: "CLIENT_TRUST_CERTIFICATE" + certificate_path: "{{ ctc_cert_file.stat.path }}" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + ignore_errors: true + register: res_err3 + + - name: Verifying Import a Client Trust Certificate + with invalid credentials + ansible.builtin.assert: + that: + - ('"HTTP Error 401" in idrac_certificate_out.msg') + - idrac_certificate_out.failed + when: idrac_certificate_out is defined + + - name: Negative - unreachable host + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "999.999.999.999" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "reset" + certificate_type: "HTTPS" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_unreachable + ignore_errors: true + ignore_unreachable: true + + - name: Verify task status - Negative - invalid unreachable host + ansible.builtin.assert: + that: + - idrac_certificate_out.unreachable + - '"Unable to communicate with" in idrac_certificate_out.msg' + + - name: Negative - invalid idrac user + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: invalid + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "reset" + certificate_type: "HTTPS" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_idrac_user + ignore_errors: true + + - name: Verify task status - Negative - invalid idrac user + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - '"HTTP Error 401: Unauthorized" in idrac_certificate_out.msg' + + - name: Negative - invalid idrac password + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: invalid + validate_certs: false + command: "reset" + certificate_type: "HTTPS" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_idrac_pass + ignore_errors: true + + - name: Verify task status - Negative - invalid idrac password + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - '"HTTP Error 401: Unauthorized" in idrac_certificate_out.msg' + + - name: Invalid command + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "invalid" + certificate_type: "HTTPS" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_command + ignore_errors: true + + - name: Verify task status - Negative - invalid command + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + + - name: Invalid certificate path + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "export" + certificate_type: "HTTPS" + certificate_path: "invalid_dir" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_cert_path + ignore_errors: true + + - name: Verify task status - Negative - invalid certificate path + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + - "'Provided directory path \\'invalid_dir\\' is + not valid.' == idrac_certificate_out.msg" + + - name: Invalid passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "import" + certificate_type: "CSC" + certificate_path: "{{ import_cert_path }}{{ csc_pass_cert }}" + passphrase: "invalid" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_passphrase + ignore_errors: true + + - name: Verify task status - Negative - invalid passphrase + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + - "'HTTP Error 400: Bad Request' == idrac_certificate_out.msg" + + - name: Invalid certificate parameters to generate signing request + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "generate_csr" + certificate_type: "HTTPS" + certificate_path: "/root/" + cert_params: + invalid_args: "invalid" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_cert_params + ignore_errors: true + + - name: Verify task status - Negative - + Invalid certificate parameters to generate signing request + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + - "'missing required arguments: common_name, country_code, + locality_name, organization_name, organization_unit, + state_name found in cert_params' == idrac_certificate_out.msg" + + - name: Invalid passphrase for a valid custom + certificate without passphrase + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "import" + certificate_type: "CUSTOMCERTIFICATE" + certificate_path: "{{ import_cert_path }}{{ custom_cert_name }}" + passphrase: "invalid" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_custom_cert_pass + ignore_errors: true + + - name: Verify task status + - Negative - invalid custom certificate passphrase + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + - "'HTTP Error 400: Bad Request' == idrac_certificate_out.msg" + + - name: Invalid custom certificate + passphrase for a valid custom certificate + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "import" + certificate_type: "CUSTOMCERTIFICATE" + certificate_path: "{{ import_cert_path }}/{{ cust_crt_name_pass }}" + passphrase: "invalid" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_custom_cert_without_pass + ignore_errors: true + + - name: Verify task status - Negative - invalid custom certificate + passphrase for a valid custom certificate + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + - "'HTTP Error 400: Bad Request' == idrac_certificate_out.msg" + + - name: Invalid ssl key + ansible.builtin.import_role: + name: dellemc.openmanage.idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + command: "import" + certificate_type: "HTTPS" + certificate_path: "{{ import_cert_path }}cert.pem" + ssl_key: "invalid" + idrac_certificate_delegate: "{{ cert_delegate_to }}" + register: invalid_ssl_key + ignore_errors: true + + - name: Verify task status - Negative - invalid ssl key + ansible.builtin.assert: + that: + - idrac_certificate_out.failed + - not idrac_certificate_out.changed + - "ssl_key_fail_msg in idrac_certificate_out.msg" + + always: + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/default/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/default/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/default/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/generateCSR/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/generateCSR/converge.yml new file mode 100644 index 000000000..9f57c7e84 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/generateCSR/converge.yml @@ -0,0 +1,56 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + cert_export_path: "{{ lookup('env', 'path_for_export_cert') }}" + idrac_delegate_to: "{{ lookup('env', 'idrac_certificate_delegate_to') }}" + + tasks: + - name: Setting up directory + ansible.builtin.include_tasks: + file: ../__get_helper.yml + + - name: Generate HTTPS CSR signing request + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "generate_csr" + certificate_type: "HTTPS" + certificate_path: "{{ cert_export_path }}" + cert_params: + common_name: "sample.domain.com" + organization_unit: "OrgUnit" + locality_name: "Bangalore" + state_name: "Karnataka" + country_code: "IN" + email_address: "admin@domain.com" + organization_name: "OrgName" + subject_alt_name: + - "hostname1.chassis.com" + idrac_certificate_delegate: "{{ idrac_delegate_to }}" + + - name: Setting up HTTPS CSR certificate path for exported file + ansible.builtin.stat: + path: "{{ idrac_certificate_out.certificate_path }}" + register: csr_cert_file + delegate_to: "{{ idrac_delegate_to }}" + no_log: true + + - name: Verifying HTTPS generate CSR certificate + ansible.builtin.assert: + that: + - csr_cert_file.stat.exists + - not idrac_certificate_out.changed + - not idrac_certificate_out.failed + - idrac_certificate_out.msg == "Successfully performed the 'generate_csr' certificate operation." + + - name: Deleting the directory + ansible.builtin.include_tasks: + file: ../__delete_directory.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/generateCSR/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/generateCSR/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/generateCSR/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/reset/converge.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/reset/converge.yml new file mode 100644 index 000000000..8a3e23ab5 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/reset/converge.yml @@ -0,0 +1,31 @@ +--- +- name: Converge + hosts: all + gather_facts: false + vars: + ca_cert_path: "{{ lookup('env', 'ca_cert_path') }}" + + tasks: + - name: Reset HTTPS certificate + ansible.builtin.import_role: + name: idrac_certificate + vars: + hostname: "{{ lookup('env', 'hostname') }}" + username: "{{ lookup('env', 'username') }}" + password: "{{ lookup('env', 'password') }}" + validate_certs: false + ca_path: "{{ ca_cert_path }}" + command: "reset" + certificate_type: "HTTPS" + + - name: Asserting operation with check mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Changes found to be applied." + when: ansible_check_mode + + - name: Asserting operation with Normal/Idempotence mode. + ansible.builtin.assert: + that: idrac_certificate_out.msg == "Successfully performed the + 'reset' certificate operation.iDRAC + has been reset successfully." + when: not ansible_check_mode and idrac_certificate_out.changed diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/reset/molecule.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/reset/molecule.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/molecule/reset/molecule.yml diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/export.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/export.yml new file mode 100644 index 000000000..3f4044e31 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/export.yml @@ -0,0 +1,14 @@ +- name: Exporting certificate. + dellemc.openmanage.idrac_certificates: + idrac_ip: "{{ hostname }}" + idrac_user: "{{ username }}" + idrac_password: "{{ password }}" + idrac_port: "{{ https_port }}" + timeout: "{{ https_timeout }}" + validate_certs: "{{ validate_certs }}" + ca_path: "{{ ca_path | default(omit) }}" + command: "export" + certificate_type: "{{ certificate_type }}" + certificate_path: "{{ certificate_path }}" + register: idrac_certificate_out + delegate_to: "{{ idrac_certificate_delegate }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/generate_csr.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/generate_csr.yml new file mode 100644 index 000000000..25a958fa2 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/generate_csr.yml @@ -0,0 +1,24 @@ +--- +- name: Generate HTTPS certificate signing request + dellemc.openmanage.idrac_certificates: + idrac_ip: "{{ hostname }}" + idrac_user: "{{ username }}" + idrac_password: "{{ password }}" + idrac_port: "{{ https_port }}" + timeout: "{{ https_timeout }}" + validate_certs: "{{ validate_certs }}" + ca_path: "{{ ca_path | default(omit) }}" + command: "generate_csr" + certificate_type: "{{ certificate_type }}" + certificate_path: "{{ certificate_path }}" + cert_params: + common_name: "{{ cert_params.common_name | default(omit) }}" + organization_unit: "{{ cert_params.organization_unit | default(omit) }}" + locality_name: "{{ cert_params.locality_name | default(omit) }}" + state_name: "{{ cert_params.state_name | default(omit) }}" + country_code: "{{ cert_params.country_code | default(omit) }}" + email_address: "{{ cert_params.email_address | default(omit) }}" + organization_name: "{{ cert_params.organization_name | default(omit) }}" + subject_alt_name: "{{ cert_params.subject_alt_name | default(omit) }}" + register: idrac_certificate_out + delegate_to: "{{ idrac_certificate_delegate }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/import.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/import.yml new file mode 100644 index 000000000..eab08d4b7 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/import.yml @@ -0,0 +1,18 @@ +- name: Importing certificate. + dellemc.openmanage.idrac_certificates: + idrac_ip: "{{ hostname }}" + idrac_user: "{{ username }}" + idrac_password: "{{ password }}" + idrac_port: "{{ https_port }}" + timeout: "{{ https_timeout }}" + validate_certs: "{{ validate_certs }}" + passphrase: "{{ passphrase | default(omit) }}" + ca_path: "{{ ca_path | default(omit) }}" + command: "import" + certificate_type: "{{ certificate_type }}" + certificate_path: "{{ certificate_path }}" + ssl_key: "{{ ssl_key | default(omit) }}" + reset: "{{ reset }}" + wait: "{{ wait }}" + register: idrac_certificate_out + delegate_to: "{{ idrac_certificate_delegate }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/main.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/main.yml new file mode 100644 index 000000000..1c586570b --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# tasks file for idrac_certificate + +- name: Generate CSR + ansible.builtin.include_tasks: generate_csr.yml + when: command == "generate_csr" + +- name: Import certificate + ansible.builtin.include_tasks: import.yml + when: command == "import" + +- name: Export certificate + ansible.builtin.include_tasks: export.yml + when: command == "export" + +- name: Reset certificate + ansible.builtin.include_tasks: reset.yml + when: command == "reset" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/reset.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/reset.yml new file mode 100644 index 000000000..dd8f01d1c --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tasks/reset.yml @@ -0,0 +1,16 @@ +--- +- name: Reset Certificate + dellemc.openmanage.idrac_certificates: + idrac_ip: "{{ hostname }}" + idrac_user: "{{ username }}" + idrac_password: "{{ password }}" + idrac_port: "{{ https_port }}" + timeout: "{{ https_timeout }}" + validate_certs: "{{ validate_certs }}" + ca_path: "{{ ca_path | default(omit) }}" + command: "reset" + reset: "{{ reset }}" + wait: "{{ wait }}" + certificate_type: "HTTPS" + register: idrac_certificate_out + delegate_to: "{{ idrac_certificate_delegate }}" diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tests/inventory b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tests/test.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tests/test.yml new file mode 100644 index 000000000..bdd3628e3 --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/tests/test.yml @@ -0,0 +1,6 @@ +--- +- name: This role is to generate certificate signing request, import, and export certificates on iDRAC. +- hosts: localhost + remote_user: root + roles: + - idrac_certificate diff --git a/ansible_collections/dellemc/openmanage/roles/idrac_certificate/vars/main.yml b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/vars/main.yml new file mode 100644 index 000000000..ea6e3efad --- /dev/null +++ b/ansible_collections/dellemc/openmanage/roles/idrac_certificate/vars/main.yml @@ -0,0 +1,3 @@ +--- +# vars file for idrac_certificate +idrac_certificate_delegate: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" |