cisco.intersight.intersight_drive_security_policy module – Drive Security Policy configuration for Cisco Intersight

Note

This module is part of the cisco.intersight collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.intersight.

To use it in a playbook, specify: cisco.intersight.intersight_drive_security_policy.

Synopsis

• Manages Drive Security Policy configuration on Cisco Intersight.

• A policy to configure drive security settings for Cisco Intersight managed servers.

• Supports both Manual key management and Remote key management (KMIP).

• For more information see Cisco Intersight.

Parameters

Parameter	Comments
api_key_id string / required	Public API Key ID associated with the private key. If not set, the value of the INTERSIGHT_API_KEY_ID environment variable is used.
api_private_key path / required	Filename (absolute path) or string of PEM formatted private key data to be used for Intersight API authentication. If a string is used, Ansible vault should be used to encrypt string data. Ex. ansible-vault encrypt_string --vault-id tme@/Users/dsoper/Documents/vault_password_file ‘-----BEGIN EC PRIVATE KEY----- <your private key data> -----END EC PRIVATE KEY-----’ If not set, the value of the INTERSIGHT_API_PRIVATE_KEY environment variable is used.
api_uri string	URI used to access the Intersight API. If not set, the value of the INTERSIGHT_API_URI environment variable is used. Default: "https://intersight.com/api/v1"
description aliases: descr string	The user-defined description for the Drive Security Policy. Description can contain letters(a-z, A-Z), numbers(0-9), hyphen(-), period(.), colon(:), or an underscore(_).
manual_key dictionary	Configuration for manual key management. Use this for local key management with manual passphrase. Either manual_key or remote_key must be specified, but not both.
existing_key string	Current Security Key Passphrase which is already configured on the server. Required only if drive security is already enabled with manual key. The passphrase must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character.
new_key string / required	New Security Key Passphrase to be configured on the server. The passphrase must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character.
name string / required	The name assigned to the Drive Security Policy. The name must be between 1 and 62 alphanumeric characters, allowing special characters :-_.
organization string	The name of the Organization this resource is assigned to. Profiles, Policies, and Pools that are created within a Custom Organization are applicable only to devices in the same Organization. Default: "default"
remote_key dictionary	Configuration for remote key management using KMIP server. Use this for remote key management with KMIP protocol. Either manual_key or remote_key must be specified, but not both.
existing_key string	Current Security Key Passphrase which is already configured on the server. Required only if drive security is already enabled with manual key and switching to KMIP. The passphrase must be at least 8 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character.
password string	The password for the KMIP server login. Optional parameter for KMIP authentication.
primary_server dictionary	Primary KMIP server configuration. At least one of primary_server or secondary_server must be enabled.
enable_drive_security boolean / required	Enables/disables the primary KMIP server. Choices: false true
ip_address string	The IP address or hostname of the KMIP server. Can be an IPv4 address, IPv6 address, or hostname. Hostnames are valid only when Inband is configured for the CIMC address. Required when enable_drive_security is true.
port integer	The port to which the KMIP client should connect. Valid range is 1024-65535. Default: 5696
timeout integer	The timeout before which the KMIP client should connect. Valid range is 1-250 seconds. Default: 60
secondary_server dictionary	Secondary KMIP server configuration. At least one of primary_server or secondary_server must be enabled.
enable_drive_security boolean / required	Enables/disables the secondary KMIP server. Choices: false true
ip_address string	The IP address or hostname of the KMIP server. Can be an IPv4 address, IPv6 address, or hostname. Hostnames are valid only when Inband is configured for the CIMC address. Required when enable_drive_security is true.
port integer	The port to which the KMIP client should connect. Valid range is 1024-65535. Default: 5696
timeout integer	The timeout before which the KMIP client should connect. Valid range is 1-250 seconds. Default: 60
server_certificate string / required	Server Public Root CA Certificate in base64 encoded format. Required when using remote key management (KMIP).
use_authentication boolean	Enables/disables authentication for communicating with KMIP server. When enabled, authentication is mandatory. Choices: false ← (default) true
username string	The username for the KMIP server login. Required when use_authentication is true.
state string	If present, will verify the resource is present and will create if needed. If absent, will verify the resource is absent and will delete if needed. Choices: "present" ← (default) "absent"
tags list / elements=dictionary	List of tags in Key:<user-defined key> Value:<user-defined value> format. Default: []
use_proxy boolean	If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts. Choices: false true ← (default)
validate_certs boolean	Boolean control for verifying the api_uri TLS certificate Choices: false true ← (default)

Examples

- name: Create Drive Security Policy with Manual Key
  cisco.intersight.intersight_drive_security_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "manual-drive-security-policy"
    description: "Drive security policy with manual key management"
    manual_key:
      new_key: "MyS3cur3P@ssw0rd"
    tags:
      - Key: "Environment"
        Value: "Production"
    state: present

- name: Create Drive Security Policy with Manual Key (updating existing)
  cisco.intersight.intersight_drive_security_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "manual-drive-security-policy"
    description: "Drive security policy with manual key management"
    manual_key:
      new_key: "MyN3wS3cur3P@ssw0rd"
      existing_key: "MyS3cur3P@ssw0rd"
    state: present

- name: Create Drive Security Policy with KMIP (Primary Server Only)
  cisco.intersight.intersight_drive_security_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "kmip-drive-security-policy"
    description: "Drive security policy with KMIP"
    remote_key:
      primary_server:
        enable_drive_security: true
        ip_address: "192.168.1.100"
        port: 5696
        timeout: 60
      secondary_server:
        enable_drive_security: false
      server_certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t..."
      use_authentication: false
    state: present

- name: Create Drive Security Policy with KMIP (Both Servers with Authentication)
  cisco.intersight.intersight_drive_security_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "kmip-auth-drive-security-policy"
    description: "Drive security policy with KMIP and authentication"
    remote_key:
      primary_server:
        enable_drive_security: true
        ip_address: "192.168.1.100"
        port: 5696
        timeout: 60
      secondary_server:
        enable_drive_security: true
        ip_address: "192.168.1.101"
        port: 5696
        timeout: 60
      server_certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t..."
      use_authentication: true
      username: "kmip_user"
      password: "kmip_password"
    state: present

- name: Delete Drive Security Policy
  cisco.intersight.intersight_drive_security_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "manual-drive-security-policy"
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_response dictionary

The API response output returned by the specified resource. Returned: always Sample: {"api_response": {"Description": "Drive security policy with manual key management", "KeySetting": {"ClassId": "storage.KeySetting", "KeyType": "Manual", "ManualKey": {"ClassId": "storage.LocalKeySetting", "IsExistingKeySet": false, "IsNewKeySet": true, "ObjectType": "storage.LocalKeySetting"}, "ObjectType": "storage.KeySetting", "RemoteKey": {"AuthCredentials": {"ClassId": "storage.KmipAuthCredentials", "IsPasswordSet": false, "ObjectType": "storage.KmipAuthCredentials", "UseAuthentication": false, "Username": ""}, "ClassId": "storage.RemoteKeySetting", "IsExistingKeySet": false, "ObjectType": "storage.RemoteKeySetting", "PrimaryServer": {"ClassId": "storage.KmipServer", "EnableDriveSecurity": false, "IpAddress": "", "ObjectType": "storage.KmipServer", "Port": 5696, "Timeout": 60}, "SecondaryServer": {"ClassId": "storage.KmipServer", "EnableDriveSecurity": false, "IpAddress": "", "ObjectType": "storage.KmipServer", "Port": 5696, "Timeout": 60}, "ServerCertificate": ""}}, "Name": "manual-drive-security-policy", "ObjectType": "storage.DriveSecurityPolicy", "Tags": [{"Key": "Environment", "Value": "Production"}]}}

Authors

• Ron Gershburg (@rgershbu)

Collection links

• Issue Tracker
• Repository (Sources)