Note
This plugin is part of the purestorage.flasharray collection (version 1.11.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install purestorage.flasharray
.
To use it in a playbook, specify: purestorage.flasharray.purefa_certs
.
New in version 1.8.0: of purestorage.flasharray
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
api_token string | FlashArray API token for admin privileged user. | |
certificate string | Required for import
A valid signed certicate in PEM format (Base64 encoded) Includes the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines Does not exceed 3000 characters in length | |
common_name string | The fully qualified domain name (FQDN) of the current array For example, the common name for https://purearray.example.com is purearray.example.com, or *.example.com for a wildcard certificate This can also be the management IP address of the array or the shortname of the current array. Maximum of 64 characters If not provided this will default to the shortname of the array | |
country string | The two-letter ISO code for the country where your organization is located | |
days integer | Default: 3650 | The number of valid days for the self-signed certificate being generated If not specified, the self-signed certificate expires after 3650 days. |
email string | The email address used to contact your organization | |
export_file string | Name of file to contain Certificate Signing Request when `status sign` Name of file to export the current SSL Certificate when `status export` File will be overwritten if it already exists | |
fa_url string | FlashArray management IPv4 address or Hostname. | |
generate boolean |
| Generate a new private key. If not selected, the certificate will use the existing key |
intermeadiate_cert string | Intermeadiate certificate provided by the CA | |
key string | If the Certificate Signed Request (CSR) was not constructed on the array or the private key has changed since construction the CSR, provide a new private key here | |
key_size integer |
2048 | The key size in bits if you generate a new private key |
locality string | The full name of the city where your organization is located | |
name string | Default: "management" | Name of the SSL Certificate |
org_unit string | The department within your organization that is managing the certificate | |
organization string | The full and exact legal name of your organization. The organization name should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. | |
passphrase string | Passphrase if the private key is encrypted | |
province string | The full name of the state or province where your organization is located | |
state string |
| Action for the module to perform
present will create or re-create an SSL certificate
absent will delete an existing SSL certificate
sign will construct a Certificate Signing request (CSR)
export will export the exisitng SSL certificate
import will import a CA provided certificate |
Note
purestorage
and py-pure-client
Python librariesPUREFA_URL
and PUREFA_API
environment variables if fa_url and api_token arguments are not passed to the module directly- name: Create SSL certifcate foo purefa_certs: name: foo key_size: 4096 country: US province: FL locality: Miami organization: "Acme Inc" org_unit: "DevOps" fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 - name: Delete SSL certificate foo purefa_certs: name: foo state: absent fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 - name: Request CSR purefa_certs: state: sign fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 - name: Regenerate key for SSL foo purefa_certs: generate: true name: foo fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 - name: Import SSL Cert foo and Private Key purefa_certs: state: import name: foo certificate: "{{lookup('file', 'example.crt') }}" key: "{{lookup('file', 'example.key') }}" passphrase: password fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/purestorage/flasharray/purefa_certs_module.html