hdcrypt_auth – Controls authentication methods
Synopsis
This module is used for managing authentication methods for logical volumes.
This module is a wrapper around hdcryptmgr command.
Requirements
The below requirements are needed on the host that executes this module.
AIX >= 72X
Python >= 3.6
Parameters
- action (True, str, None)
Specifies which operation needs to be performed.
initializeinitializes master key for data encryption;unlockauthenticates to unlock master key of the device;addadds additional authentication methods;checkchecks validity of an authentication method;deleteremoves an authentication method;- device (False, str, None)
Specifies the device for which you want to manage the authentication methods.
- auth_name (False, str, None)
Specifies the name of the authentication method.
- auth_index (False, int, None)
Specifies the index of the authentication method upon which
actionneeds to be performed.- auth_detail (optional, str, None)
Specifies any additional information about the key-protection method
In case of keyfile authentication method, input path to the authentication key file needs to be provided.
- auto_key_protection (optional, bool, False)
Authenticates to the encrypted LV by using the automatic key-protection methods that do not require any user inputs.
- auth_type (False, str, None)
Specifies the type of authentication method you want to perform the
actionupon.pwdspecifies passphrase authentication method.keyfilespecifies key file based authentication method.pksspecifies PKS based authentication method.- password (optional, str, None)
Specifies the password in case when
auth_typeis set to pwd.- force (optional, bool, False)
Specifies if -f flag should be used with the command to forcefully perform the action.
Notes
Note
You can refer to the IBM documentation for additional information on the commands used at https://www.ibm.com/docs/en/aix/7.2?topic=h-hdcryptmgr-command.
Examples
- name: "Initialize a authentication method"
ibm.power_aix.hdcrypt_auth:
action: initialize
device: testlv
auth_name: initpwd
password: testpass
- name: Add a phasphrase authentication method
ibm.power_aix.hdcrypt_auth:
action: add
device: testlv
auth_name: pwd2
auth_type: pwd
password: 'testpass'
- name: Add a keyfile authentication method
ibm.power_aix.hdcrypt_auth:
action: add
device: testlv
auth_name: file_2
auth_type: keyfile
auth_detail: /key2
- name: Add a pks authentication method
ibm.power_aix.hdcrypt_auth:
action: add
device: testlv
auth_name: test_pks
auth_type: pks
- name: Delete a passphrase auth method
ibm.power_aix.hdcrypt_auth:
action: delete
device: testlv
auth_type: pwd
auth_name: pwd5
password: "testpass"
- name: Delete a pks auth method
ibm.power_aix.hdcrypt_auth:
action: delete
device: testlv
auth_type: pks
auth_name: test_pks
- name: Delete a keyfile auth method
ibm.power_aix.hdcrypt_auth:
action: delete
device: testlv
auth_type: keyfile
auth_name: file_2
auth_detail: /key2
- name: Unlock using keyfile authentication method
ibm.power_aix.hdcrypt_auth:
action: unlock
device: testlv
auth_type: keyfile
auth_detail: /key2
- name: Check auth method passphrase
ibm.power_aix.hdcrypt_auth:
action: check
device: testlv
auth_name: pwd5
auth_type: pwd
password: 'testpass'
- name: Check auth method passphrase using keyfile
ibm.power_aix.hdcrypt_auth:
action: check
device: testlv
auth_name: file2
auth_type: keyfile
auth_detail: /key2
- name: Check pks authentication method using pks
ibm.power_aix.hdcrypt_auth:
action: check
device: testlv
auth_name: test_pks
auth_type: pks
Return Values
- msg (always, str, Successfully unlocked the authentication method, command: /usr/sbin/hdcryptmgr authunlock -t pwd testlv. Action(unlock) completed successfully.)
The execution message.
- cmd (always, str, )
The command executed.
- rc (When an error is encountered while running the command., int, )
The command return code.
- stdout (always, str, )
The standard output of the command.
- stderr (When an error is encountered while running the command., str, )
The standard error of the command.
- changed (always, bool, )
Shows if any change was made.
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.