From 16424fe23dc40b4898c55a0a46577ff5b61e0b67 Mon Sep 17 00:00:00 2001 From: Felix Stephen <38071645+felixs88@users.noreply.github.com> Date: Fri, 4 Feb 2022 19:16:28 +0530 Subject: [PATCH] Adding document changes for SSL Certificate Validations(#359) * Adding README changes for SSL Certificate Validations * Adding changelog changes for SSL Certificate Validations --- CHANGELOG.rst | 20 ++++++++++++-------- README.md | 17 +++++++++++++++++ changelogs/changelog.yaml | 5 ++++- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f6e19619b..7dce06924 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,11 @@ Major Changes - All modules now support SSL over HTTPS and socket level timeout. +Breaking Changes / Porting Guide +-------------------------------- + +- HTTPS SSL certificate validation is a **breaking change** and will require modification in the existing playbooks. Please refer to `SSL Certificate Validation `_ section in the `README.md `_ for modification to existing playbooks. + Bugfixes -------- @@ -26,22 +31,21 @@ Bugfixes Known Issues ------------ -- ome_device_quick_deploy - Issue(216352) - The module does not display a proper error message if an unsupported value is provided for the ipv6_prefix_length and vlan_id parameters. -- ome_device_local_access_configuration - Issue(217865) - The module does not display a proper error message if an unsupported value is provided for the user_defined and lcd_language parameters. -- ome_device_local_access_configuration - Issue(215035) - The module reports ``Successfully updated the local access setting`` if an unsupported value is provided for the parameter timeout_limit. However, this value is not actually applied on OpenManage Enterprise Modular. -- ome_device_network_services - Issue(212681) - The module does not provide a proper error message if unsupported values are provided for the parameters-port_number, community_name, max_sessions, max_auth_retries, and idle_timeout. -- ome_application_alerts_syslog - Issue(215374) - The module does not provide a proper error message if the destination_address is more than 255 characters. -- ome_application_alerts_smtp - Issue(212310) - The module does not provide a proper error message if the destination_address is more than 255 characters. - idrac_user - Issue(192043) The module may error out with the message ``unable to perform the import or export operation because there are pending attribute changes or a configuration job is in progress``. Wait for the job to complete and run the task again. -- ome_smart_fabric_uplink - Issue(186024) - The module does not allow the creation of multiple uplinks of the same name even though it is supported by OpenManage Enterprise Modular. If an uplink is created using the same name as an existing uplink, the existing uplink is modified. +- ome_application_alerts_smtp - Issue(212310) - The module does not provide a proper error message if the destination_address is more than 255 characters. +- ome_application_alerts_syslog - Issue(215374) - The module does not provide a proper error message if the destination_address is more than 255 characters. +- ome_device_local_access_configuration - Issue(215035) - The module reports ``Successfully updated the local access setting`` if an unsupported value is provided for the parameter timeout_limit. However, this value is not actually applied on OpenManage Enterprise Modular. +- ome_device_local_access_configuration - Issue(217865) - The module does not display a proper error message if an unsupported value is provided for the user_defined and lcd_language parameters. +- ome_device_network_services - Issue(212681) - The module does not provide a proper error message if unsupported values are provided for the parameters- port_number, community_name, max_sessions, max_auth_retries, and idle_timeout. - ome_device_power_settings - Issue(212679) - The module errors out with the following message if the value provided for the parameter ``power_cap`` is not within the supported range of 0 to 32767, ``Unable to complete the request because PowerCap does not exist or is not applicable for the resource URI.`` +- ome_device_quick_deploy - Issue(216352) - The module does not display a proper error message if an unsupported value is provided for the ipv6_prefix_length and vlan_id parameters. +- ome_smart_fabric_uplink - Issue(186024) - The module does not allow the creation of multiple uplinks of the same name even though it is supported by OpenManage Enterprise Modular. If an uplink is created using the same name as an existing uplink, the existing uplink is modified. New Modules ----------- - dellemc.openmanage.ome_device_quick_deploy - Configure Quick Deploy settings on OpenManage Enterprise Modular - v4.4.0 ====== diff --git a/README.md b/README.md index dd74e5c1d..ff87ceca9 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,23 @@ OpenManage Ansible Modules simplifies and automates provisioning, deployment, an Install the collection from the github repository using the latest commit on the branch 'collections' ```ansible-galaxy collection install git+https://github.com/dell/dellemc-openmanage-ansible-modules.git,collections``` +## SSL Certificate Validation +**By default, SSL certificate validation is enabled in all modules to enforce secure communication.** + +### Enable SSL certificate validation +To enable SSL certificate validation, perform the following steps: + * Generate and upload the custom or organizational CA signed certificates on the iDRACs, OpenManage Enterprise, and OpenManage Enterprise-Modular, as required. + * For iDRAC, see the section `SSL server certificates` in the `Integrated Dell Remote Access Controller Users Guide`. + * For OpenManage Enterprise, see the section `Security Certificates` in the `OpenManage Enterprise Users Guide`. + * For OpenManage Enterprise-Modular Edition, see the section `Managing certificates` in the `OpenManage Enterprise-Modular Edition for PowerEdge MX7000 Chassis Users Guide`. + * After you have uploaded the custom or organizational CA signed certificate to iDRAC or OME or OME-M, you must have the CA file or bundle available on your Ansible controller. For example, copy the CA file or bundle in the following path: /usr/share/ssl-certs/ + > **_NOTE_**: Ensure that the user running the Ansible modules has permission to access the certificate file or bundle. + * In your playbook, set the ca_path argument to the file path of your custom or organization CA certificate file or bundle. + ```ca_path: /usr/share/ssl-certs/ca-cert.pem``` + +### Ignore SSL certificate validation +It is common to run a test environment without a proper SSL certificate configuration. To disable the certificate validation for a module, set the validate_certs module argument to ```False``` in the playbook. + ## Playbooks and Tutorials * For the latest sample playbooks and examples, see [playbooks](https://github.com/dell/dellemc-openmanage-ansible-modules/tree/collections/playbooks). * For the tutorials and sample use cases, see the tutorials available at [developer.dell.com](https://developer.dell.com/). diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index b6f8c0ac5..2d059c694 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -489,6 +489,9 @@ releases: changes: major_changes: - All modules now support SSL over HTTPS and socket level timeout. + breaking_changes: + - HTTPS SSL certificate validation is a **breaking change** and will require modification in the + existing playbooks. Please refer to `SSL Certificate Validation `_ section in the `README.md `_ for modification to existing playbooks. bugfixes: - idrac_bios - The issue while configuring boot sources is fixed (https://github.com/dell/dellemc-openmanage-ansible-modules/issues/347) known_issues: @@ -525,4 +528,4 @@ releases: - description: Configure Quick Deploy settings on OpenManage Enterprise Modular name: ome_device_quick_deploy namespace: '' - release_date: '2022-01-30' \ No newline at end of file + release_date: '2022-01-27'