community.vmware.vcenter_standard_key_provider_module.rst

community.vmware.vcenter_standard_key_provider

Add, reconfigure or remove Standard Key Provider on vCenter server

• Synopsis
• Parameters
• Notes
• Examples
• Return Values
• Status

Synopsis

• This module is used for adding, reconfiguring or removing Standard Key Provider on vCenter server. Refer to VMware docs for more information: Standard Key Provider

Parameters

Parameter		Choices/Defaults	Comments
hostname string			The hostname or IP address of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_HOST will be used instead. Environment variable support added in Ansible 2.6.
kms_info list / elements=dictionary		Default: []	The information of an external key server (KMS). kms_name, kms_ip are required when adding a Standard Key Provider. If kms_port is not specified, the default port 5696 will be used. kms_ip, kms_port can be reconfigured for an existing KMS with name kms_name.
	kms_ip string		IP address of the external KMS.
	kms_name string		Name of the KMS to be configured.
	kms_port integer		Port of the external KMS.
	remove_kms boolean	Choices: no yes	Remove the configured KMS with name kms_name from the KMIP cluster.
kms_password string			Password to authenticate to the KMS.
kms_username string			Username to authenticate to the KMS.
make_kms_trust_vc dictionary			After adding the Standard Key Provider to the vCenter Server, you can establish a trusted connection, the exact process depends on the certificates that the key provider accepts, and on your company policy. Three methods implemented here, (1) upload client certificate and private key through upload_client_cert and upload_client_key parameters, (2) generate, update, download vCenter self signed certificate through download_self_signed_cert parameter, (3) download generated Certificate Signing Request(CSR) through download_client_csr parameter, send it to KMS then upload the KMS signed CSR through upload_kms_signed_client_csr parameter. This is not set to be mandatory, if not set, please go to vCenter to setup trust connection with KMS manually.
	download_client_csr path		The absolute path on local machine for keeping vCenter generated CSR. Then upload the KMS signed CSR using upload_kms_signed_client_csr to vCenter.
	download_self_signed_cert path		The absolute path on local machine for keeping vCenter generated self signed client cert.
	upload_client_cert path		The absolute file path of client certificate. Request a certificate and private key from the KMS vendor. The files are X509 files in PEM format. The certificate might be already trusted by the KMS server.
	upload_client_key path		The absolute file path of client private key to be uploaded together with upload_client_cert.
	upload_kms_signed_client_csr path		The absolute file path of KMS signed CSR downloaded from download_client_csr.
mark_default boolean		Choices: no ← yes	Set specified Key Provider with name name as the default Key Provider. If new added Key Provider is the only key provider in vCenter, then will mark it as default after adding.
name string / required			Name of the Key Provider to be added, reconfigured or removed from vCenter.
password string			The password of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_PASSWORD will be used instead. Environment variable support added in Ansible 2.6. aliases: pass, pwd
port integer		Default: 443	The port number of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_PORT will be used instead. Environment variable support added in Ansible 2.6.
proxy_host string			Address of a proxy that will receive all HTTPS requests and relay them. The format is a hostname or a IP. If the value is not specified in the task, the value of environment variable VMWARE_PROXY_HOST will be used instead. This feature depends on a version of pyvmomi greater than v6.7.1.2018.12
proxy_port integer			Port of the proxy server.
proxy_server string			Address of the proxy server to connect to KMS.
state string		Choices: present ← absent	If set to absent, the named Key Provider will be removed from vCenter. If set to present, the named existing Key Provider will be reconfigured or new Key Provider will be added.
username string			The username of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_USER will be used instead. Environment variable support added in Ansible 2.6. aliases: admin, user
validate_certs boolean		Choices: no yes ←	Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted. If the value is not specified in the task, the value of environment variable VMWARE_VALIDATE_CERTS will be used instead. Environment variable support added in Ansible 2.6. If set to true, please make sure Python >= 2.7.9 is installed on the given machine.

Notes

Note

• All modules requires API write access and hence is not supported on a free ESXi license.

Examples

- name: Add a new Standard Key Provider with client certificate and private key
  community.vmware.vcenter_standard_key_provider:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
    name: 'test_standard_kp'
    state: 'present'
    mark_default: true
    kms_info:
      - kms_name: test_kms_1
        kms_ip: 192.168.1.10
    make_kms_trust_vc:
      upload_client_cert: "/tmp/test_cert.pem"
      upload_client_key: "/tmp/test_cert_key.pem"
  register: add_skp_result

- name: Remove the KMS from the key provider cluster
  community.vmware.vcenter_standard_key_provider:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
    name: 'test_standard_kp'
    state: 'present'
    kms_info:
      - kms_name: test_kms_1
        remove_kms: true
  register: remove_kms_result

- name: Remove the Standard Key Provider
  community.vmware.vcenter_standard_key_provider:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
    name: 'test_standard_kp'
    state: 'absent'
  register: remove_kp_result

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
key_provider_clusters list	always	the Key Provider cluster info Sample: [{'has_backup': None, 'key_id': None, 'key_provide_id': 'test_standard', 'management_type': None, 'servers': [{'address': '192.168.1.10', 'name': 'test_kms', 'port': 5696, 'protocol': '', 'proxy': '', 'proxy_port': None, 'user_name': ''}], 'tpm_required': None, 'use_as_default': True}]

Status

Authors

• Diane Wang (@Tomorrow9) <[email protected]>