IBM Spectrum Virtualize Collection v1.10.0

README.md

@@ -2,7 +2,7 @@
 
 [![Code of conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html )
 
-This collection provides a series of Ansible modules and plugins for interacting with the IBM Spectrum Virtualize family storage products. These products include the IBM SAN Volume Controller, IBM FlashSystem family members built with IBM Spectrum Virtualize (FlashSystem 5xxx, 7xxx, 9xxx), IBM Storwize family, and IBM Spectrum Virtualize for Public Cloud. For more information regarding these products, see [IBM Documentation](https://www.ibm.com/docs/en ).
+This collection provides a series of Ansible modules and plugins for interacting with the IBM Spectrum Virtualize family storage products. These products include the IBM SAN Volume Controller, IBM FlashSystem family members built with IBM Spectrum Virtualize (FlashSystem 5xxx, 7xxx, 9xxx), IBM Storwize family, and IBM Spectrum Virtualize for Public Cloud. For more information regarding these products, see [IBM Documentation](https://www.ibm.com/docs/).
 
 ## Requirements
 
@@ -68,39 +68,44 @@ Alternatively, you can add a full namepsace and collection name in the `collecti
 
 ### Modules
 
-- ibm_svc_auth - Generates an authentication token for a user on IBM Spectrum Virtualize family storage system
+- ibm_svc_auth - Generates an authentication token for a user on Spectrum Virtualize storage systems
 - ibm_svc_complete_initial_setup - Completes the initial setup configuration for LMC systems
-- ibm_svc_host - Manages hosts on IBM Spectrum Virtualize system
-- ibm_svc_hostcluster - Manages host cluster on IBM Spectrum Virtualize system
-- ibm_svc_info - Collects information on IBM Spectrum Virtualize system
-- ibm_svc_initial_setup - Manages initial setup configuration on IBM Spectrum Virtualize system
-- ibm_svc_manage_callhome - Manages configuration of Call Home feature on IBM Spectrum Virtualize system
-- ibm_svc_manage_consistgrp_flashcopy - Manages FlashCopy consistency groups on IBM Spectrum Virtualize system
-- ibm_svc_manage_cv - Manages the change volume in remote copy replication on IBM Spectrum Virtualize system
-- ibm_svc_manage_flashcopy - Manages FlashCopy mappings on IBM Spectrum Virtualize system
-- ibm_svc_manage_ip - Manages IP provisioning on IBM Spectrum Virtualize system
-- ibm_svc_manage_mirrored_volume - Manages mirrored volumes on IBM Spectrum Virtualize system
-- ibm_svc_manage_migration - Manages volume migration between clusters on IBM Spectrum Virtualize system
-- ibm_svc_manage_ownershipgroup - Manages ownership groups on IBM Spectrum Virtualize system
-- ibm_svc_manage_portset - Manages IP portset on IBM Spectrum Virtualize system
-- ibm_svc_manage_replication - Manages remote copy replication on IBM Spectrum Virtualize system
-- ibm_svc_manage_replicationgroup - Manages remote copy consistency groups on IBM Spectrum Virtualize system
-- ibm_svc_manage_safeguarded_policy - Manages safeguarded policy configuration on IBM Spectrum Virtualize system
-- ibm_svc_manage_sra - Manages the remote support assistance configuration on IBM Spectrum Virtualize system
-- ibm_svc_manage_user - Manages user on IBM Spectrum Virtualize system
-- ibm_svc_manage_usergroup - Manages user groups on IBM Spectrum Virtualize system
-- ibm_svc_manage_volume - Manages standard volumes on IBM Spectrum Virtualize system
-- ibm_svc_manage_volumegroup - Manages volume groups on IBM Spectrum Virtualize system
-- ibm_svc_mdisk - Manages MDisks for IBM Spectrum Virtualize system
-- ibm_svc_mdiskgrp - Manages pools for IBM Spectrum Virtualize system
-- ibm_svc_start_stop_flashcopy - Starts or stops FlashCopy mapping and consistency groups on IBM Spectrum Virtualize system
-- ibm_svc_start_stop_replication - Starts or stops remote-copy independent relationships or consistency groups on IBM Spectrum Virtualize system
-- ibm_svc_vol_map - Manages volume mapping for IBM Spectrum Virtualize system
-- ibm_svcinfo_command - Runs svcinfo CLI command on IBM Spectrum Virtualize system over SSH session
-- ibm_svctask_command - Runs svctask CLI command(s) on IBM Spectrum Virtualize system over SSH session
-- ibm_sv_manage_ip_partnership - Manages IP partnership configuration on IBM Spectrum Virtualize systems
-- ibm_sv_manage_snapshot - Manages snapshots (mutual consistent images of a volume) on IBM Spectrum Virtualize systems
-- ibm_sv_manage_snapshotpolicy - Manages snapshot policy configuration on IBM Spectrum Virtualize systems
+- ibm_svc_host - Manages hosts on Spectrum Virtualize storage systems
+- ibm_svc_hostcluster - Manages host cluster on Spectrum Virtualize storage systems
+- ibm_svc_info - Collects information on Spectrum Virtualize storage systems
+- ibm_svc_initial_setup - Manages initial setup configuration on Spectrum Virtualize storage systems
+- ibm_svc_manage_callhome - Manages configuration of Call Home feature on Spectrum Virtualize storage systems
+- ibm_svc_manage_consistgrp_flashcopy - Manages FlashCopy consistency groups on Spectrum Virtualize storage systems
+- ibm_svc_manage_cv - Manages the change volume in remote copy replication on Spectrum Virtualize storage systems
+- ibm_svc_manage_flashcopy - Manages FlashCopy mappings on Spectrum Virtualize storage systems
+- ibm_svc_manage_ip - Manages IP provisioning on Spectrum Virtualize storage systems
+- ibm_svc_manage_migration - Manages volume migration between clusters on Spectrum Virtualize storage systems
+- ibm_svc_manage_mirrored_volume - Manages mirrored volumes on Spectrum Virtualize storage systems
+- ibm_svc_manage_ownershipgroup - Manages ownership groups on Spectrum Virtualize storage systems
+- ibm_svc_manage_portset - Manages IP portset on Spectrum Virtualize storage systems
+- ibm_svc_manage_replication - Manages remote copy replication on Spectrum Virtualize storage systems
+- ibm_svc_manage_replicationgroup - Manages remote copy consistency groups on Spectrum Virtualize storage systems
+- ibm_svc_manage_safeguarded_policy - Manages safeguarded policy configuration on Spectrum Virtualize storage systems
+- ibm_svc_manage_sra - Manages the remote support assistance configuration on Spectrum Virtualize storage systems
+- ibm_svc_manage_user - Manages user on Spectrum Virtualize storage systems
+- ibm_svc_manage_usergroup - Manages user groups on Spectrum Virtualize storage systems
+- ibm_svc_manage_volume - Manages standard volumes on Spectrum Virtualize storage systems
+- ibm_svc_manage_volumegroup - Manages volume groups on Spectrum Virtualize storage systems
+- ibm_svc_mdisk - Manages MDisks for Spectrum Virtualize storage systems
+- ibm_svc_mdiskgrp - Manages pools for Spectrum Virtualize storage systems
+- ibm_svc_start_stop_flashcopy - Starts or stops FlashCopy mapping and consistency groups on Spectrum Virtualize storage systems
+- ibm_svc_start_stop_replication - Starts or stops remote-copy independent relationships or consistency groups on Spectrum Virtualize storage systems
+- ibm_svc_vol_map - Manages volume mapping for Spectrum Virtualize storage systems
+- ibm_svcinfo_command - Runs svcinfo CLI command on Spectrum Virtualize storage systems over SSH session
+- ibm_svctask_command - Runs svctask CLI command(s) on Spectrum Virtualize storage systems over SSH session
+- ibm_sv_manage_ip_partnership - Manages IP partnership configuration on Spectrum Virtualize storage systems
+- ibm_sv_manage_provisioning_policy - Manages provisioning policy configuration on Spectrum Virtualize storage systems
+- ibm_sv_manage_replication_policy - Manages policy-based replication configuration on Spectrum Virtualize storage systems
+- ibm_sv_manage_snapshot - Manages snapshots (mutual consistent images of a volume) on Spectrum Virtualize storage systems
+- ibm_sv_manage_snapshotpolicy - Manages snapshot policy configuration on Spectrum Virtualize storage systems
+- ibm_sv_manage_SSL_certificate - Exports an existing system certificate on to Spectrum Virtualize storage systems
+- ibm_sv_manage_truststore_for_replication - Manages certificate trust stores for replication on Spectrum Virtualize family storage systems
+- ibm_sv_switch_replication_direction - Switches the replication direction on Spectrum Virtualize storage systems
 
 ### Other Feature Information
 - SV Ansible Collection v1.8.0 provides the new 'ibm_svc_complete_initial_setup' module, to complete the automation of Day 0 configuration on Licensed Machine Code (LMC) systems.
@@ -121,7 +126,7 @@ Alternatively, you can add a full namepsace and collection name in the `collecti
 The modules in the IBM Spectrum Virtualize Ansible collection leverage REST APIs to connect to the IBM Spectrum Virtualize storage system. This has following limitations:
 1. Using the REST APIs to list more than 2000 objects may create a loss of service from the API side, as it automatically restarts due to memory constraints.
 2. It is not possible to access REST APIs using an IPv6 address on a cluster.
-3. The Ansible collection can run on all IBM Spectrum Virtualize storage versions above 8.1.3, except versions 8.3.1.3 and 8.3.1.4.
+3. The Ansible collection can run on all IBM Spectrum Virtualize storage system versions above 8.1.3, except versions 8.3.1.3 and 8.3.1.4.
 4. At time of release of the SV Ansible v1.8.0 collection, no module is available for non LMC systems to automate license agreements acceptance, including EULA.
    User will be presented with a GUI setup wizard upon user-interface login, whether the Ansible modules have been used for initial configuration or not.
 

changelogs/changelog.yaml

@@ -82,3 +82,24 @@ releases:
     - description: Manages snapshot policy configuration on Spectrum Virtualize storage systems
       name: ibm_sv_manage_snapshotpolicy
       namespace: ''
+  1.10.0:
+    release_date: '2022-9-30'
+    changes:
+      release_summary: Added new modules for managing provisioning policy and managing policy based replication.
+        Also added support to use an existing SSL certificate to create mTLS partnership between partner systems.
+    modules:
+    - description: Manages provisioning policy on Spectrum Virtualize systems
+      name: ibm_sv_manage_provisioning_policy
+      namespace: ''
+    - description: Manages policy based replication on Spectrum Virtualize systems
+      name: ibm_sv_manage_replication_policy
+      namespace: ''
+    - description: Allows user to switch replication direction in case of DR on Spectrum Virtualize storage systems
+      name: ibm_sv_switch_replication_direction
+      namespace: ''
+    - description: Allows user to export an existing system certificate on Spectrum Virtualize storage systems
+      name: ibm_sv_manage_SSL_certificate
+      namespace: ''
+    - description: Manages the certificates trust store on Spectrum Virtualize storage systems
+      name: ibm_sv_manage_truststore_for_replication
+      namespace: ''

galaxy.yml

@@ -9,19 +9,17 @@ namespace: ibm
 name: spectrum_virtualize
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.9.0
+version: 1.10.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
 
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
-- Peng Wang <[email protected]>
 - Shilpi Jain <[email protected]>
-- Rohit Kumar <[email protected]>
-- Sreshtant Bohidar <[email protected]>
 - Sanjaikumaar M <[email protected]>
+- Rohit Kumar <[email protected]>
 
 
 ### OPTIONAL but strongly recommended

plugins/module_utils/ibm_svc_utils.py

@@ -51,6 +51,22 @@ def svc_ssh_argument_spec():
     )
 
 
+def strtobool(val):
+    '''
+    Converts a string representation to boolean.
+
+    This is a built-in function available in python till the version 3.9 under disutils.util
+    but this has been deprecated in 3.10 and may not be available in future python releases
+    so adding the source code here.
+    '''
+    if val in {'y', 'yes', 't', 'true', 'on', '1'}:
+        return 1
+    elif val in {'n', 'no', 'f', 'false', 'off', '0'}:
+        return 0
+    else:
+        raise ValueError("invalid truth value %r" % (val,))
+
+
 def get_logger(module_name, log_file_name, log_level=logging.INFO):
     FORMAT = '%(asctime)s.%(msecs)03d %(levelname)5s %(thread)d %(filename)s:%(funcName)s():%(lineno)s %(message)s'
     DATEFORMAT = '%Y-%m-%dT%H:%M:%S'

plugins/modules/ibm_sv_manage_SSL_certificate.py

@@ -0,0 +1,158 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2022 IBM CORPORATION
+# Author(s): Sanjaikumaar M <[email protected]>
+#
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: ibm_sv_manage_SSL_certificate
+short_description: This module exports existing system-signed certificate on to IBM Spectrum Virtualize family storage systems
+version_added: '1.10.0'
+description:
+  - Only existing system-signed certificates can be exported. External authority certificate generation is not supported.
+options:
+    clustername:
+        description:
+            - The hostname or management IP of the Spectrum Virtualize storage system.
+        required: true
+        type: str
+    domain:
+        description:
+            - Domain for the Spectrum Virtualize storage system.
+            - Valid when the hostname is used for the parameter I(clustername).
+        type: str
+    username:
+        description:
+            - REST API username for the Spectrum Virtualize storage system.
+            - The parameters I(username) and I(password) are required if not using I(token) to authenticate a user.
+        type: str
+    password:
+        description:
+            - REST API password for the Spectrum Virtualize storage system.
+            - The parameters I(username) and I(password) are required if not using I(token) to authenticate a user.
+        type: str
+    token:
+        description:
+            - The authentication token to verify a user on the Spectrum Virtualize storage system.
+            - To generate a token, use the M(ibm.spectrum_virtualize.ibm_svc_auth) module.
+        type: str
+    log_path:
+        description:
+            - Path of debug log file.
+        type: str
+    certificate_type:
+        description:
+            - Specify the certificate type to be exported.
+        choices: [ 'system' ]
+        default: 'system'
+        type: str
+    validate_certs:
+        description:
+            - Validates certification.
+        default: false
+        type: bool
+author:
+    - Sanjaikumaar M(@sanjaikumaar)
+notes:
+    - This module supports C(check_mode).
+'''
+
+EXAMPLES = '''
+- name: Export SSL certificate internally
+  ibm_sv_manage_SSL_certificate:
+    clustername: "x.x.x.x"
+    username: "username"
+    password: "password"
+    certificate_type: "system"
+'''
+
+RETURN = '''#'''
+
+from traceback import format_exc
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.ibm.spectrum_virtualize.plugins.module_utils.ibm_svc_utils import (
+    IBMSVCRestApi, svc_argument_spec,
+    get_logger
+)
+from ansible.module_utils._text import to_native
+
+
+class IBMSVSSLCertificate:
+
+    def __init__(self):
+        argument_spec = svc_argument_spec()
+        argument_spec.update(
+            dict(
+                certificate_type=dict(
+                    type='str',
+                    choices=['system'],
+                    default='system'
+                )
+            )
+        )
+
+        self.module = AnsibleModule(argument_spec=argument_spec,
+                                    supports_check_mode=True)
+        # Default parameters
+        self.certificate_type = self.module.params['certificate_type']
+
+        # logging setup
+        self.log_path = self.module.params['log_path']
+        log = get_logger(self.__class__.__name__, self.log_path)
+        self.log = log.info
+
+        # Dynamic variables
+        self.changed = False
+        self.msg = ''
+
+        self.restapi = IBMSVCRestApi(
+            module=self.module,
+            clustername=self.module.params['clustername'],
+            domain=self.module.params['domain'],
+            username=self.module.params['username'],
+            password=self.module.params['password'],
+            validate_certs=self.module.params['validate_certs'],
+            log_path=self.log_path,
+            token=self.module.params['token']
+        )
+
+    def export_cert(self):
+        if self.module.check_mode:
+            self.changed = True
+            return
+
+        self.restapi.svc_run_command('chsystemcert', cmdopts=None, cmdargs=['-export'])
+        self.log('Certificate exported')
+        self.changed = True
+
+    def apply(self):
+        if self.certificate_type == 'system':
+            self.export_cert()
+            self.msg = 'Certificate exported.'
+
+        if self.module.check_mode:
+            self.msg = 'skipping changes due to check mode.'
+
+        self.module.exit_json(
+            changed=self.changed,
+            msg=self.msg
+        )
+
+
+def main():
+    v = IBMSVSSLCertificate()
+    try:
+        v.apply()
+    except Exception as e:
+        v.log('Exception in apply(): \n%s', format_exc())
+        v.module.fail_json(msg='Module failed. Error [%s].' % to_native(e))
+
+
+if __name__ == '__main__':
+    main()