1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/redfish_config.py
dlehrman 0d50131d5e
Enable Custom Cipher Selection for Redfish Modules (#8533)
* Enable custom cipher selection for redfish modules

Signed-off-by: David Ehrman <dlehrman@liberty.edu>

* Add changelog fragment

Signed-off-by: David Ehrman <dlehrman@liberty.edu>

* Added version_added to the ciphers option in redfish modules

Signed-off-by: David Ehrman <dlehrman@liberty.edu>

---------

Signed-off-by: David Ehrman <dlehrman@liberty.edu>
2024-06-20 21:03:28 +02:00

566 lines
17 KiB
Python

#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright (c) 2017-2018 Dell EMC Inc.
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
---
module: redfish_config
short_description: Manages Out-Of-Band controllers using Redfish APIs
description:
- Builds Redfish URIs locally and sends them to remote OOB controllers to
set or update a configuration attribute.
- Manages BIOS configuration settings.
- Manages OOB controller configuration settings.
extends_documentation_fragment:
- community.general.attributes
attributes:
check_mode:
support: none
diff_mode:
support: none
options:
category:
required: true
description:
- Category to execute on OOB controller.
type: str
command:
required: true
description:
- List of commands to execute on OOB controller.
type: list
elements: str
baseuri:
required: true
description:
- Base URI of OOB controller.
type: str
username:
description:
- Username for authenticating to OOB controller.
type: str
password:
description:
- Password for authenticating to OOB controller.
type: str
auth_token:
description:
- Security token for authenticating to OOB controller.
type: str
version_added: 2.3.0
bios_attributes:
required: false
description:
- Dictionary of BIOS attributes to update.
default: {}
type: dict
version_added: '0.2.0'
timeout:
description:
- Timeout in seconds for HTTP requests to OOB controller.
- The default value for this parameter changed from V(10) to V(60)
in community.general 9.0.0.
type: int
default: 60
boot_order:
required: false
description:
- List of BootOptionReference strings specifying the BootOrder.
default: []
type: list
elements: str
version_added: '0.2.0'
network_protocols:
required: false
description:
- Setting dict of manager services to update.
type: dict
default: {}
version_added: '0.2.0'
resource_id:
required: false
description:
- ID of the System, Manager or Chassis to modify.
type: str
version_added: '0.2.0'
service_id:
required: false
description:
- ID of the manager to update.
type: str
version_added: '8.4.0'
nic_addr:
required: false
description:
- EthernetInterface Address string on OOB controller.
default: 'null'
type: str
version_added: '0.2.0'
nic_config:
required: false
description:
- Setting dict of EthernetInterface on OOB controller.
type: dict
default: {}
version_added: '0.2.0'
strip_etag_quotes:
description:
- Removes surrounding quotes of etag used in C(If-Match) header
of C(PATCH) requests.
- Only use this option to resolve bad vendor implementation where
C(If-Match) only matches the unquoted etag string.
type: bool
default: false
version_added: 3.7.0
hostinterface_config:
required: false
description:
- Setting dict of HostInterface on OOB controller.
type: dict
default: {}
version_added: '4.1.0'
hostinterface_id:
required: false
description:
- Redfish HostInterface instance ID if multiple HostInterfaces are present.
type: str
version_added: '4.1.0'
sessions_config:
required: false
description:
- Setting dict of Sessions.
type: dict
default: {}
version_added: '5.7.0'
storage_subsystem_id:
required: false
description:
- Id of the Storage Subsystem on which the volume is to be created.
type: str
default: ''
version_added: '7.3.0'
volume_ids:
required: false
description:
- List of IDs of volumes to be deleted.
type: list
default: []
elements: str
version_added: '7.3.0'
secure_boot_enable:
required: false
description:
- Setting parameter to enable or disable SecureBoot.
type: bool
default: True
version_added: '7.5.0'
volume_details:
required: false
description:
- Setting dict of volume to be created.
type: dict
default: {}
version_added: '7.5.0'
ciphers:
required: false
description:
- SSL/TLS Ciphers to use for the request.
- 'When a list is provided, all ciphers are joined in order with V(:).'
- See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
for more details.
- The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
type: list
elements: str
version_added: 9.2.0
author:
- "Jose Delarosa (@jose-delarosa)"
- "T S Kushal (@TSKushal)"
'''
EXAMPLES = '''
- name: Set BootMode to UEFI
community.general.redfish_config:
category: Systems
command: SetBiosAttributes
resource_id: 437XR1138R2
bios_attributes:
BootMode: "Uefi"
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set multiple BootMode attributes
community.general.redfish_config:
category: Systems
command: SetBiosAttributes
resource_id: 437XR1138R2
bios_attributes:
BootMode: "Bios"
OneTimeBootMode: "Enabled"
BootSeqRetry: "Enabled"
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Enable PXE Boot for NIC1
community.general.redfish_config:
category: Systems
command: SetBiosAttributes
resource_id: 437XR1138R2
bios_attributes:
PxeDev1EnDis: Enabled
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set BIOS default settings with a timeout of 20 seconds
community.general.redfish_config:
category: Systems
command: SetBiosDefaultSettings
resource_id: 437XR1138R2
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
timeout: 20
- name: Set boot order
community.general.redfish_config:
category: Systems
command: SetBootOrder
boot_order:
- Boot0002
- Boot0001
- Boot0000
- Boot0003
- Boot0004
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set boot order to the default
community.general.redfish_config:
category: Systems
command: SetDefaultBootOrder
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set Manager Network Protocols
community.general.redfish_config:
category: Manager
command: SetNetworkProtocols
network_protocols:
SNMP:
ProtocolEnabled: true
Port: 161
HTTP:
ProtocolEnabled: false
Port: 8080
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set Manager NIC
community.general.redfish_config:
category: Manager
command: SetManagerNic
nic_config:
DHCPv4:
DHCPEnabled: false
IPv4StaticAddresses:
Address: 192.168.1.3
Gateway: 192.168.1.1
SubnetMask: 255.255.255.0
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Disable Host Interface
community.general.redfish_config:
category: Manager
command: SetHostInterface
hostinterface_config:
InterfaceEnabled: false
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Enable Host Interface for HostInterface resource ID '2'
community.general.redfish_config:
category: Manager
command: SetHostInterface
hostinterface_config:
InterfaceEnabled: true
hostinterface_id: "2"
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set SessionService Session Timeout to 30 minutes
community.general.redfish_config:
category: Sessions
command: SetSessionService
sessions_config:
SessionTimeout: 1800
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Enable SecureBoot
community.general.redfish_config:
category: Systems
command: EnableSecureBoot
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
- name: Set SecureBoot
community.general.redfish_config:
category: Systems
command: SetSecureBoot
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
secure_boot_enable: True
- name: Delete All Volumes
community.general.redfish_config:
category: Systems
command: DeleteVolumes
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
storage_subsystem_id: "DExxxxxx"
volume_ids: ["volume1", "volume2"]
- name: Create Volume
community.general.redfish_config:
category: Systems
command: CreateVolume
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
storage_subsystem_id: "DExxxxxx"
volume_details:
Name: "MR Volume"
RAIDType: "RAID0"
Drives:
- "/redfish/v1/Systems/1/Storage/DE00B000/Drives/1"
- name: Set service identification to {{ service_id }}
community.general.redfish_config:
category: Manager
command: SetServiceIdentification
service_id: "{{ service_id }}"
baseuri: "{{ baseuri }}"
username: "{{ username }}"
password: "{{ password }}"
'''
RETURN = '''
msg:
description: Message with action result or error description
returned: always
type: str
sample: "Action was successful"
'''
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.redfish_utils import RedfishUtils
from ansible.module_utils.common.text.converters import to_native
# More will be added as module features are expanded
CATEGORY_COMMANDS_ALL = {
"Systems": ["SetBiosDefaultSettings", "SetBiosAttributes", "SetBootOrder",
"SetDefaultBootOrder", "EnableSecureBoot", "SetSecureBoot", "DeleteVolumes", "CreateVolume"],
"Manager": ["SetNetworkProtocols", "SetManagerNic", "SetHostInterface", "SetServiceIdentification"],
"Sessions": ["SetSessionService"],
}
def main():
result = {}
module = AnsibleModule(
argument_spec=dict(
category=dict(required=True),
command=dict(required=True, type='list', elements='str'),
baseuri=dict(required=True),
username=dict(),
password=dict(no_log=True),
auth_token=dict(no_log=True),
bios_attributes=dict(type='dict', default={}),
timeout=dict(type='int', default=60),
boot_order=dict(type='list', elements='str', default=[]),
network_protocols=dict(
type='dict',
default={}
),
resource_id=dict(),
service_id=dict(),
nic_addr=dict(default='null'),
nic_config=dict(
type='dict',
default={}
),
strip_etag_quotes=dict(type='bool', default=False),
hostinterface_config=dict(type='dict', default={}),
hostinterface_id=dict(),
sessions_config=dict(type='dict', default={}),
storage_subsystem_id=dict(type='str', default=''),
volume_ids=dict(type='list', default=[], elements='str'),
secure_boot_enable=dict(type='bool', default=True),
volume_details=dict(type='dict', default={}),
ciphers=dict(type='list', elements='str'),
),
required_together=[
('username', 'password'),
],
required_one_of=[
('username', 'auth_token'),
],
mutually_exclusive=[
('username', 'auth_token'),
],
supports_check_mode=False
)
category = module.params['category']
command_list = module.params['command']
# admin credentials used for authentication
creds = {'user': module.params['username'],
'pswd': module.params['password'],
'token': module.params['auth_token']}
# timeout
timeout = module.params['timeout']
# BIOS attributes to update
bios_attributes = module.params['bios_attributes']
# boot order
boot_order = module.params['boot_order']
# System, Manager or Chassis ID to modify
resource_id = module.params['resource_id']
# manager nic
nic_addr = module.params['nic_addr']
nic_config = module.params['nic_config']
# Etag options
strip_etag_quotes = module.params['strip_etag_quotes']
# HostInterface config options
hostinterface_config = module.params['hostinterface_config']
# HostInterface instance ID
hostinterface_id = module.params['hostinterface_id']
# Service Identification
service_id = module.params['service_id']
# Sessions config options
sessions_config = module.params['sessions_config']
# Volume deletion options
storage_subsystem_id = module.params['storage_subsystem_id']
volume_ids = module.params['volume_ids']
# Set SecureBoot options
secure_boot_enable = module.params['secure_boot_enable']
# Volume creation options
volume_details = module.params['volume_details']
storage_subsystem_id = module.params['storage_subsystem_id']
# ciphers
ciphers = module.params['ciphers']
# Build root URI
root_uri = "https://" + module.params['baseuri']
rf_utils = RedfishUtils(creds, root_uri, timeout, module,
resource_id=resource_id, data_modification=True, strip_etag_quotes=strip_etag_quotes,
ciphers=ciphers)
# Check that Category is valid
if category not in CATEGORY_COMMANDS_ALL:
module.fail_json(msg=to_native("Invalid Category '%s'. Valid Categories = %s" % (category, list(CATEGORY_COMMANDS_ALL.keys()))))
# Check that all commands are valid
for cmd in command_list:
# Fail if even one command given is invalid
if cmd not in CATEGORY_COMMANDS_ALL[category]:
module.fail_json(msg=to_native("Invalid Command '%s'. Valid Commands = %s" % (cmd, CATEGORY_COMMANDS_ALL[category])))
# Organize by Categories / Commands
if category == "Systems":
# execute only if we find a System resource
result = rf_utils._find_systems_resource()
if result['ret'] is False:
module.fail_json(msg=to_native(result['msg']))
for command in command_list:
if command == "SetBiosDefaultSettings":
result = rf_utils.set_bios_default_settings()
elif command == "SetBiosAttributes":
result = rf_utils.set_bios_attributes(bios_attributes)
elif command == "SetBootOrder":
result = rf_utils.set_boot_order(boot_order)
elif command == "SetDefaultBootOrder":
result = rf_utils.set_default_boot_order()
elif command == "EnableSecureBoot":
result = rf_utils.enable_secure_boot()
elif command == "SetSecureBoot":
result = rf_utils.set_secure_boot(secure_boot_enable)
elif command == "DeleteVolumes":
result = rf_utils.delete_volumes(storage_subsystem_id, volume_ids)
elif command == "CreateVolume":
result = rf_utils.create_volume(volume_details, storage_subsystem_id)
elif category == "Manager":
# execute only if we find a Manager service resource
result = rf_utils._find_managers_resource()
if result['ret'] is False:
module.fail_json(msg=to_native(result['msg']))
for command in command_list:
if command == "SetNetworkProtocols":
result = rf_utils.set_network_protocols(module.params['network_protocols'])
elif command == "SetManagerNic":
result = rf_utils.set_manager_nic(nic_addr, nic_config)
elif command == "SetHostInterface":
result = rf_utils.set_hostinterface_attributes(hostinterface_config, hostinterface_id)
elif command == "SetServiceIdentification":
result = rf_utils.set_service_identification(service_id)
elif category == "Sessions":
# execute only if we find a Sessions resource
result = rf_utils._find_sessionservice_resource()
if result['ret'] is False:
module.fail_json(msg=to_native(result['msg']))
for command in command_list:
if command == "SetSessionService":
result = rf_utils.set_session_service(sessions_config)
# Return data back or fail with proper message
if result['ret'] is True:
if result.get('warning'):
module.warn(to_native(result['warning']))
module.exit_json(changed=result['changed'], msg=to_native(result['msg']))
else:
module.fail_json(msg=to_native(result['msg']))
if __name__ == '__main__':
main()