hdcrypt_auth – Controls authentication methods

Synopsis

This module is used for managing authentication methods for logical volumes.

This module is a wrapper around hdcryptmgr command.

Requirements

The below requirements are needed on the host that executes this module.

  • AIX >= 72X

  • Python >= 3.6

Parameters

action (True, str, None)

Specifies which operation needs to be performed. initialize initializes master key for data encryption; unlock authenticates to unlock master key of the device; add adds additional authentication methods; check checks validity of an authentication method; delete removes an authentication method;

device (False, str, None)

Specifies the device for which you want to manage the authentication methods.

auth_name (False, str, None)

Specifies the name of the authentication method.

auth_index (False, int, None)

Specifies the index of the authentication method upon which action needs to be performed.

auth_detail (optional, str, None)

Specifies any additional information about the key-protection method

In case of keyfile authentication method, input path to the authentication key file needs to be provided.

auto_key_protection (optional, bool, False)

Authenticates to the encrypted LV by using the automatic key-protection methods that do not require any user inputs.

auth_type (False, str, None)

Specifies the type of authentication method you want to perform the action upon. pwd specifies passphrase authentication method. keyfile specifies key file based authentication method. pks specifies PKS based authentication method.

password (optional, str, None)

Specifies the password in case when auth_type is set to pwd.

force (optional, bool, False)

Specifies if -f flag should be used with the command to forcefully perform the action.

Notes

Note

Examples

- name: "Initialize a authentication method"
  ibm.power_aix.hdcrypt_auth:
    action: initialize
    device: testlv
    auth_name: initpwd
    password: testpass

- name: Add a phasphrase authentication method
  ibm.power_aix.hdcrypt_auth:
    action: add
    device: testlv
    auth_name: pwd2
    auth_type: pwd
    password: 'testpass'

- name: Add a keyfile authentication method
  ibm.power_aix.hdcrypt_auth:
    action: add
    device: testlv
    auth_name: file_2
    auth_type: keyfile
    auth_detail: /key2

- name: Add a pks authentication method
  ibm.power_aix.hdcrypt_auth:
    action: add
    device: testlv
    auth_name: test_pks
    auth_type: pks

- name: Delete a passphrase auth method
  ibm.power_aix.hdcrypt_auth:
    action: delete
    device: testlv
    auth_type: pwd
    auth_name: pwd5
    password: "testpass"

- name: Delete a pks auth method
  ibm.power_aix.hdcrypt_auth:
    action: delete
    device: testlv
    auth_type: pks
    auth_name: test_pks

- name: Delete a keyfile auth method
  ibm.power_aix.hdcrypt_auth:
    action: delete
    device: testlv
    auth_type: keyfile
    auth_name: file_2
    auth_detail: /key2

- name: Unlock using keyfile authentication method
  ibm.power_aix.hdcrypt_auth:
    action: unlock
    device: testlv
    auth_type: keyfile
    auth_detail: /key2

- name: Check auth method passphrase
  ibm.power_aix.hdcrypt_auth:
    action: check
    device: testlv
    auth_name: pwd5
    auth_type: pwd
    password: 'testpass'

- name: Check auth method passphrase using keyfile
  ibm.power_aix.hdcrypt_auth:
    action: check
    device: testlv
    auth_name: file2
    auth_type: keyfile
    auth_detail: /key2

- name: Check pks authentication method using pks
  ibm.power_aix.hdcrypt_auth:
    action: check
    device: testlv
    auth_name: test_pks
    auth_type: pks

Return Values

msg (always, str, Successfully unlocked the authentication method, command: /usr/sbin/hdcryptmgr authunlock -t pwd testlv. Action(unlock) completed successfully.)

The execution message.

cmd (always, str, )

The command executed.

rc (When an error is encountered while running the command., int, )

The command return code.

stdout (always, str, )

The standard output of the command.

stderr (When an error is encountered while running the command., str, )

The standard error of the command.

changed (always, bool, )

Shows if any change was made.

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • Shreyansh Chamola (@schamola)