zhmc_crypto_attachment – Attach crypto resources to partitions

Synopsis

• Gather facts about the attachment of crypto adapters and crypto domains to a partition of a CPC (Z system).

• Attach a range of crypto domains and a number of crypto adapters to a partition.

• Detach all crypto domains and all crypto adapters from a partition.

Requirements

• The targeted Z system must be in the Dynamic Partition Manager (DPM) operational mode.

• The HMC userid must have these task permissions: ‘Partition Details’.

• The HMC userid must have object-access permissions to these objects: Target partitions, target crypto adapters, CPC with target partitions and adapters.

Parameters

hmc_host

The hostnames or IP addresses of a single HMC or of a list of redundant HMCs. A single HMC can be specified as a string type or as an HMC list with one item. An HMC list can be specified as a list type or as a string type containing a Python list representation.

The first available HMC of a list of redundant HMCs is used for the entire execution of the module.

required: True

type: raw

hmc_auth

The authentication credentials for the HMC.

required: True

type: dict

userid

The userid (username) for authenticating with the HMC. This is mutually exclusive with providing session_id.

required: False

type: str

password

The password for authenticating with the HMC. This is mutually exclusive with providing session_id.

required: False

type: str

session_id

HMC session ID to be used. This is mutually exclusive with providing userid and password and can be created as described in :ref:`zhmc_session_module`.

required: False

type: str

ca_certs

Path name of certificate file or certificate directory to be used for verifying the HMC certificate. If null (default), the path name in the ‘REQUESTS_CA_BUNDLE’ environment variable or the path name in the ‘CURL_CA_BUNDLE’ environment variable is used, or if neither of these variables is set, the certificates in the Mozilla CA Certificate List provided by the ‘certifi’ Python package are used for verifying the HMC certificate.

required: False

type: str

verify

If True (default), verify the HMC certificate as specified in the ca_certs parameter. If False, ignore what is specified in the ca_certs parameter and do not verify the HMC certificate.

required: False

type: bool

default: True

cpc_name

The name of the CPC that has the partition and the crypto adapters.

required: True

type: str

partition_name

The name of the partition to which the crypto domains and crypto adapters are attached.

required: True

type: str

state

The desired state for the crypto attachment. All states are fully idempotent within the limits of the properties that can be changed:

* attached: Ensures that the specified number of crypto adapters of the specified crypto type, and the specified range of domain index numbers in the specified access mode are attached to the partition.

* detached: Ensures that no crypto adapter and no crypto domains are attached to the partition.

* facts: Returns the crypto configuration of the partition.

required: True

type: str

choices: attached, detached, facts

adapter_count

Only for state=attached: The number of crypto adapters the partition needs to have attached. The special value -1 means all adapters of the desired crypto type in the CPC. The adapter_names and adapter_count parameters are mutually exclusive and one of them must be specified.

required: False

type: int

crypto_type

Only for state=attached: The crypto type of the crypto adapters that will be selected from when adapter_count is specified. Ignored when adapter_names is specified.

required: False

type: str

default: ep11

choices: ep11, cca, acc

adapter_names

Only for state=attached: The names of the crypto adapters the partition needs to have attached. The adapter_names and adapter_count parameters are mutually exclusive and one of them must be specified.

required: False

type: list

elements: str

domain_range

Only for state=attached: The domain range the partition needs to have attached, as a tuple of integers (min, max) that specify the inclusive range of domain index numbers. Other domains attached to the partition remain unchanged. The special value -1 for the max item means the maximum supported domain index number.

required: False

type: list

elements: int

default: [0, -1]

access_mode

Only for state=attached: The access mode in which the crypto domains specified in domain_range need to be attached.

required: False

type: str

default: usage

choices: usage, control

log_file

File path of a log file to which the logic flow of this module as well as interactions with the HMC are logged. If null, logging will be propagated to the Python root logger.

required: False

type: str

Examples

---
# Note: The following examples assume that some variables named 'my_*' are set.

- name: Gather facts about the crypto configuration of a partition
  zhmc_crypto_attachment:
    hmc_host: "{{ my_hmc_host }}"
    hmc_auth: "{{ my_hmc_auth }}"
    cpc_name: "{{ my_cpc_name }}"
    partition_name: "{{ my_partition_name }}"
    state: facts
  register: crypto1

- name: Ensure domain 0 on all ep11 adapters is attached in usage mode
  zhmc_crypto_attachment:
    hmc_host: "{{ my_hmc_host }}"
    hmc_auth: "{{ my_hmc_auth }}"
    cpc_name: "{{ my_cpc_name }}"
    partition_name: "{{ my_first_partition_name }}"
    state: attached
    crypto_type: ep11
    adapter_count: -1
    domain_range: 0,0
    access_mode: usage

- name: Ensure domains 1-max on all ep11 adapters are attached in control mode
  zhmc_crypto_attachment:
    hmc_host: "{{ my_hmc_host }}"
    hmc_auth: "{{ my_hmc_auth }}"
    cpc_name: "{{ my_cpc_name }}"
    partition_name: "{{ my_first_partition_name }}"
    state: attached
    crypto_type: ep11
    adapter_count: -1
    domain_range: 1,-1
    access_mode: control

- name: Ensure domains 0-max on 1 ep11 adapter are attached to in usage mode
  zhmc_crypto_attachment:
    hmc_host: "{{ my_hmc_host }}"
    hmc_auth: "{{ my_hmc_auth }}"
    cpc_name: "{{ my_cpc_name }}"
    partition_name: "{{ my_second_partition_name }}"
    state: attached
    crypto_type: ep11
    adapter_count: 1
    domain_range: 0,-1
    access_mode: usage

- name: Ensure domains 0-max on two specific adapters are attached
  zhmc_crypto_attachment:
    hmc_host: "{{ my_hmc_host }}"
    hmc_auth: "{{ my_hmc_auth }}"
    cpc_name: "{{ my_cpc_name }}"
    partition_name: "{{ my_second_partition_name }}"
    state: attached
    adapter_names: [CRYP00, CRYP01]
    domain_range: 0,-1
    access_mode: usage

Return Values

changed

Indicates if any change has been made by the module. For state=facts, always will be false.

returned: always

type: bool

msg

An error message that describes the failure.

returned: failure

type: str

changes

The changes that were performed by the module.

returned: success

type: dict

added-adapters

Names of the adapters that were added to the partition

type: list

elements: str

added-domains

Domain index numbers of the crypto domains that were added to the partition

type: list

elements: str

crypto_configuration

The crypto configuration of the partition after the changes performed by the module.

returned: success

type: dict

sample:

{
    "CSPF1": {
        "adapters": {
            "CRYP00": {
                "adapter-family": "crypto",
                "adapter-id": "118",
                "card-location": "A14B-LG09",
                "class": "adapter",
                "crypto-number": 0,
                "crypto-type": "ep11-coprocessor",
                "description": "",
                "detected-card-type": "crypto-express-6s",
                "name": "CRYP00",
                "object-id": "e1274d16-e578-11e8-a87c-00106f239c31",
                "object-uri": "/api/adapters/e1274d16-e578-11e8-a87c-00106f239c31",
                "parent": "/api/cpcs/66942455-4a14-3f99-8904-3e7ed5ca28d7",
                "physical-channel-status": "operating",
                "state": "online",
                "status": "active",
                "tke-commands-enabled": true,
                "type": "crypto",
                "udx-loaded": false
            }
        },
        "control_domains": [],
        "domain_config": {
            "10": "usage",
            "11": "usage"
        },
        "usage_domains": [
            10,
            11
        ]
    }
}

{name}

Partition name

type: dict

adapters

Attached crypto adapters

type: dict

{name}

Adapter name

type: dict

name

Adapter name

type: str

{property}

Additional properties of the adapter, as described in the data model of the ‘Adapter’ object in the :term:`HMC API` book. The property names have hyphens (-) as described in that book.

type: raw

domain_config

Attached crypto domains

type: dict

{index}

Crypto domain index

type: dict

{access_mode}

Access mode (‘control’ or ‘usage’).

type: str

usage_domains

Domain index numbers of the crypto domains attached in usage mode

type: list

elements: str

control_domains

Domain index numbers of the crypto domains attached in control mode

type: list

elements: str