hdcrypt_auth – Controls authentication methods
Synopsis
This module is used for managing authentication methods for logical volumes.
This module is a wrapper around hdcryptmgr command.
Requirements
The below requirements are needed on the host that executes this module.
AIX >= 72X
Python >= 3.6
Parameters
- action (True, str, None)
Specifies which operation needs to be performed.
initialize
initializes master key for data encryption;unlock
authenticates to unlock master key of the device;add
adds additional authentication methods;check
checks validity of an authentication method;delete
removes an authentication method;- device (False, str, None)
Specifies the device for which you want to manage the authentication methods.
- auth_name (False, str, None)
Specifies the name of the authentication method.
- auth_index (False, int, None)
Specifies the index of the authentication method upon which
action
needs to be performed.- auth_detail (optional, str, None)
Specifies any additional information about the key-protection method
In case of keyfile authentication method, input path to the authentication key file needs to be provided.
- auto_key_protection (optional, bool, False)
Authenticates to the encrypted LV by using the automatic key-protection methods that do not require any user inputs.
- auth_type (False, str, None)
Specifies the type of authentication method you want to perform the
action
upon.pwd
specifies passphrase authentication method.keyfile
specifies key file based authentication method.pks
specifies PKS based authentication method.- password (optional, str, None)
Specifies the password in case when
auth_type
is set to pwd.- force (optional, bool, False)
Specifies if -f flag should be used with the command to forcefully perform the action.
Notes
Note
You can refer to the IBM documentation for additional information on the commands used at https://www.ibm.com/docs/en/aix/7.2?topic=h-hdcryptmgr-command.
Examples
- name: "Initialize a authentication method"
ibm.power_aix.hdcrypt_auth:
action: initialize
device: testlv
auth_name: initpwd
password: testpass
- name: Add a phasphrase authentication method
ibm.power_aix.hdcrypt_auth:
action: add
device: testlv
auth_name: pwd2
auth_type: pwd
password: 'testpass'
- name: Add a keyfile authentication method
ibm.power_aix.hdcrypt_auth:
action: add
device: testlv
auth_name: file_2
auth_type: keyfile
auth_detail: /key2
- name: Add a pks authentication method
ibm.power_aix.hdcrypt_auth:
action: add
device: testlv
auth_name: test_pks
auth_type: pks
- name: Delete a passphrase auth method
ibm.power_aix.hdcrypt_auth:
action: delete
device: testlv
auth_type: pwd
auth_name: pwd5
password: "testpass"
- name: Delete a pks auth method
ibm.power_aix.hdcrypt_auth:
action: delete
device: testlv
auth_type: pks
auth_name: test_pks
- name: Delete a keyfile auth method
ibm.power_aix.hdcrypt_auth:
action: delete
device: testlv
auth_type: keyfile
auth_name: file_2
auth_detail: /key2
- name: Unlock using keyfile authentication method
ibm.power_aix.hdcrypt_auth:
action: unlock
device: testlv
auth_type: keyfile
auth_detail: /key2
- name: Check auth method passphrase
ibm.power_aix.hdcrypt_auth:
action: check
device: testlv
auth_name: pwd5
auth_type: pwd
password: 'testpass'
- name: Check auth method passphrase using keyfile
ibm.power_aix.hdcrypt_auth:
action: check
device: testlv
auth_name: file2
auth_type: keyfile
auth_detail: /key2
- name: Check pks authentication method using pks
ibm.power_aix.hdcrypt_auth:
action: check
device: testlv
auth_name: test_pks
auth_type: pks
Return Values
- msg (always, str, Successfully unlocked the authentication method, command: /usr/sbin/hdcryptmgr authunlock -t pwd testlv. Action(unlock) completed successfully.)
The execution message.
- cmd (always, str, )
The command executed.
- rc (When an error is encountered while running the command., int, )
The command return code.
- stdout (always, str, )
The standard output of the command.
- stderr (When an error is encountered while running the command., str, )
The standard error of the command.
- changed (always, bool, )
Shows if any change was made.
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.