diff --git a/changelogs/fragments/3702-ipmi-encryption-key.yml b/changelogs/fragments/3702-ipmi-encryption-key.yml new file mode 100644 index 0000000000..c26f392de8 --- /dev/null +++ b/changelogs/fragments/3702-ipmi-encryption-key.yml @@ -0,0 +1,4 @@ +--- +minor_changes: + - ipmi_boot - add support for user-specified IPMI encryption key (https://github.com/ansible-collections/community.general/issues/3698). + - ipmi_power - add support for user-specified IPMI encryption key (https://github.com/ansible-collections/community.general/issues/3698). diff --git a/plugins/modules/remote_management/ipmi/ipmi_boot.py b/plugins/modules/remote_management/ipmi/ipmi_boot.py index f4bdbb2112..f8cff0e7e0 100644 --- a/plugins/modules/remote_management/ipmi/ipmi_boot.py +++ b/plugins/modules/remote_management/ipmi/ipmi_boot.py @@ -35,6 +35,12 @@ options: - Password to connect to the BMC. required: true type: str + key: + description: + - Encryption key to connect to the BMC in hex format. + required: false + type: str + version_added: 4.1.0 bootdev: description: - Set boot device to use on next reboot @@ -115,11 +121,13 @@ EXAMPLES = ''' name: test.testdomain.com user: admin password: password + key: 1234567890AABBCCDEFF000000EEEE12 bootdev: network state: absent ''' import traceback +import binascii PYGHMI_IMP_ERR = None try: @@ -138,6 +146,7 @@ def main(): port=dict(default=623, type='int'), user=dict(required=True, no_log=True), password=dict(required=True, no_log=True), + key=dict(type='str', no_log=True), state=dict(default='present', choices=['present', 'absent']), bootdev=dict(required=True, choices=['network', 'hd', 'floppy', 'safe', 'optical', 'setup', 'default']), persistent=dict(default=False, type='bool'), @@ -162,10 +171,18 @@ def main(): if state == 'absent' and bootdev == 'default': module.fail_json(msg="The bootdev 'default' cannot be used with state 'absent'.") + try: + if module.params['key']: + key = binascii.unhexlify(module.params['key']) + else: + key = None + except Exception as e: + module.fail_json(msg="Unable to convert 'key' from hex string.") + # --- run command --- try: ipmi_cmd = command.Command( - bmc=name, userid=user, password=password, port=port + bmc=name, userid=user, password=password, port=port, kg=key ) module.debug('ipmi instantiated - name: "%s"' % name) current = ipmi_cmd.get_bootdev() diff --git a/plugins/modules/remote_management/ipmi/ipmi_power.py b/plugins/modules/remote_management/ipmi/ipmi_power.py index 8a88679697..e2d977f6e8 100644 --- a/plugins/modules/remote_management/ipmi/ipmi_power.py +++ b/plugins/modules/remote_management/ipmi/ipmi_power.py @@ -35,6 +35,12 @@ options: - Password to connect to the BMC. required: true type: str + key: + description: + - Encryption key to connect to the BMC in hex format. + required: false + type: str + version_added: 4.1.0 state: description: - Whether to ensure that the machine in desired state. @@ -76,6 +82,7 @@ EXAMPLES = ''' ''' import traceback +import binascii PYGHMI_IMP_ERR = None try: @@ -95,6 +102,7 @@ def main(): state=dict(required=True, choices=['on', 'off', 'shutdown', 'reset', 'boot']), user=dict(required=True, no_log=True), password=dict(required=True, no_log=True), + key=dict(type='str', no_log=True), timeout=dict(default=300, type='int'), ), supports_check_mode=True, @@ -110,10 +118,18 @@ def main(): state = module.params['state'] timeout = module.params['timeout'] + try: + if module.params['key']: + key = binascii.unhexlify(module.params['key']) + else: + key = None + except Exception as e: + module.fail_json(msg="Unable to convert 'key' from hex string.") + # --- run command --- try: ipmi_cmd = command.Command( - bmc=name, userid=user, password=password, port=port + bmc=name, userid=user, password=password, port=port, kg=key ) module.debug('ipmi instantiated - name: "%s"' % name)