hdcrypt_conv – Encrypt/Decrypt logical and physical volumes.
Synopsis
This module is used to convert a logical or physical volume into an encrypted one and vice versa.
Requirements
The below requirements are needed on the host that executes this module.
AIX >= 72X
Python >= 2.7
Parameters
- action (True, str, None)
Specifies which operation to perform on logical volumes.
encryptenables encryption and encrypts a logical volume;decryptdecrypts a logical volume;- device (True, dict, None)
Specifies the devices to encrypt or decrypt.
For action=encrypt lv/pv/vg will become encryption enabled if it is not already.
- lv (optional, list, None)
Specify the logical volume(s) to be encrypted/decrypted.
- pv (optional, list, None)
Specify the Physical volume(s) to be encrypted/decrypted.
- vg (optional, list, None)
Specify the volume group(s) to be encrypted/decrypted.
- except_lv (optional, list, None)
Specify the logical volume(s) to ignore when encrypting/decrypting.
- password (True, str, None)
Specifies the password for encryption/decryption.
Used to set the intial password for encryption and provide authentication for decryption.
Password must also be encrypted.
Notes
Note
You can refer to the IBM documentation for additional information on the commands used at https://www.ibm.com/docs/en/aix/7.2?topic=h-hdcryptmgr-command.
Using this module on SAN disks might throw an error. It is a known error for AIX.
Examples
- name: "convert LV (testlv) to encrypted LV"
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
lv: testlv
password: abc
- name: "convert multiple LVs to encrypted LV"
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
lv: testlv1, testlv2
password: abc
- name: "convert LVs in VG (testvg) to encrypted LVs"
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
vg: testvg
password: abc
- name: "convert multple VGs to encrypted LVs"
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
vg: testvg1, testvg2
password: abc
- name: "convert LVs in VG (testvg) to encrypted LVs, except testlv3"
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
vg: testvg
except_lv: testlv3
password: abc
- name: "convert encrypted LV (testlv) to unencrypted LV"
ibm.power_aix.hdcrypt_conv:
action: decrypt
device:
lv: testlv
password: abc
- name: "convert encrypted LVs in VG (testvg) to unencrypted LVs"
ibm.power_aix.hdcrypt_conv:
action: decrypt
device:
vg: testvg
password: abc
- name: "convert encrypted LVs in VG (testvg) to unencrypted LVs, except testlv3"
ibm.power_aix.hdcrypt_conv:
action: decrypt
device:
vg: testvg
except_lv: testlv3
password: abc
- name: "Convert PV to encrypted PV"
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
pv: hdisk2
password: abc
- name: "Convert encrypted PV to unencrypted PV"
ibm.power_aix.hdcrypt_conv:
action: decrypt
device:
pv: hdisk2
password: abc
- name: Encrypt multiple PVs
ibm.power_aix.hdcrypt_conv:
action: encrypt
device:
pv: hdisk2, hdisk3
password: abc
Return Values
- msg (always, str, Logical Volume ‘testlv’ encrypted.)
The execution message.
- cmd (always, str, )
The command executed.
- rc (When the command is executed., int, )
The command return code.
- stdout (always, str, )
The standard output of the command.
- stderr (always, str, )
The standard error of the command.
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.