hdcrypt_pks – Adds PKS authentication method and manages PKS keys

Synopsis

This module is useful for adding Platform Key Store authentication method to a device and managing the PKS keys.

This module is a wrapper around hdcryptmgr command.

Requirements

The below requirements are needed on the host that executes this module.

• AIX >= 72X

• Python >= 2.7

Parameters

action (True, str, None)

Specifies which action needs to be performed. addpks adds PKS as an authentication method; show displays the LV ids that are associated with the PKS keys and their status; export exports the PKS keys into a specific file; import imports the PKS keys from the specified file; clean removes an invalid key from the PKS;

device (False, str, None)

Specifies the devices for which you want to perform the action.

Required for action=addpks, action=export and action=import.

method_name (False, str, initpks)

Specifies a name for the PKS method.

location (False, str, None)

Location of the file where PKS keys will be exported/imported from

passphrase (False, str, )

Specifies the passphrase that will be used for importing/exporting PKS keys

pks_label (False, str, None)

logical volume ID that is associated with the invalid key that needs to be removed

Notes

Note

• You can refer to the IBM documentation for additional information on the commands used at https://www.ibm.com/docs/en/aix/7.2?topic=h-hdcryptmgr-command.

• If the VG is in locked state, addpks action will not work.

Examples

- name: Add PKS to filesystem
    ibm.power_aix.hdcrypt_pks:
        action: addpks
        device: testlv1
        method_name: initpks

- name: Display PKS keys status
    ibm.power_aix.hdcrypt_pks:
        action: show

- name: Export PKS key to a file
    ibm.power_aix.hdcrypt_pks:
        action: export
        device: testlv1
        location: /tmp/file123
        passphrase: abc1234
    no_log: True

- name: Import PKS key
    ibm.power_aix.hdcrypt_pks:
        action: import
        device: testlv1
        location: /tmp/file123
        passphrase: abc1234
    no_log: True

- name: Clean invalid PKS key
    ibm.power_aix.hdcrypt_pks:
        action: clean
        pks_label: 00fb293100004c000000018deea122dc.3

Return Values

msg (always, str, )

The execution message.

cmd (always, str, )

The command executed.

rc (always, int, )

The command return code.

stdout (always, str, )

The standard output of the command.

stderr (always, str, )

The standard error of the command.

changed (always, bool, )

Shows if any change was made.

pksshow_results (If I(action=show), dict, )

Contains parsed output of “hdcryptmgr pksshow” command.

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by community.

Authors

• Shreyansh Chamola (@schamola)