Skip to main content

HDCrypt Conv Module Overview

Overview

HDCrypt Conv is a module used to convert logical or physical volumes into encrypted ones and vice versa. It supports operations such as encrypting and decrypting logical volumes, physical volumes, and volume groups. The module requires specifying the action to perform (encrypt or decrypt) and the devices to be targeted. A password is required for both encryption and decryption processes, which must also be encrypted.

Usage of HDCrypt Conv

The hdcrypt_conv module is used to encrypt or decrypt logical and physical volumes. It requires specifying the action (encrypt or decrypt) and the devices to be targeted. A password is also required for the encryption/decryption process.

This example demonstrates how to convert a logical volume (LV) named testlv to an encrypted LV using the encrypt action and providing the necessary password.

- name: "convert LV (testlv) to encrypted LV"
  ibm.power_aix.hdcrypt_conv:
    action: encrypt
    device:
      lv: testlv
    password: abc

Main Functions

There are several main functions in this module. Some of them are encrypt_lv, decrypt_lv, encrypt_pv, and decrypt_pv. We will dive a little into encrypt_lv and decrypt_lv.

encrypt_lv

The encrypt_lv function is used to encrypt a logical volume. It first checks if encryption is enabled on the volume group that the logical volume belongs to and enables it if not. Then, it uses the appropriate command to encrypt the logical volume based on the strength of the provided password.

The encrypt_lv function checks if encryption is enabled on the volume group and enables it if not. It then uses the appropriate command to encrypt the logical volume based on the strength of the provided password.

def encrypt_lv(module, name):
    """
    Encrypts the Logical Volume it is passed
    arguments:
        module: Ansible module argument spec.
        name: Name of the logical volume to encrypt
    note:
        If the volume group that the logical volume belongs to is not encryption enabled, it is first encryption enabled.
    return:
        None
    """
    password = module.params['password']
    vg_name = get_vg_name(module, name)

    # Enable Encryption if not already enabled on the VG
    vg_encrypt_enabled(module, vg_name)

    if crypto_status == "uninitialized":
        if not check_password_strength(password):
            cmd = expectPrompts['authinit_weak_pwd'] % (name, password, password)
        else:

decrypt_lv

The decrypt_lv function is used to decrypt a logical volume. It first unlocks the logical volume using the provided password and then uses the appropriate command to decrypt the logical volume.

The decrypt_lv function unlocks the logical volume using the provided password and then uses the appropriate command to decrypt the logical volume.

def decrypt_lv(module, name):
    """
    Decrypts the Logical Volume it is passed
    arguments:
        module: Ansible module argument spec.
        name: Name of the logical volume to decrypt.
    return:
        None
    """
    global convert_failed

    password = module.params['password']
    cmd = expectPrompts['unlock'] % (name, password)
    rc, stdout, stderr = module.run_command(cmd)
    result['stdout'] = stdout
    result['stderr'] = stderr
    result['cmd'] = cmd
    if "3020-0125" in stdout:
        result['msg'] += f"Password to decrypt {name} was incorrect.\n"
        convert_failed = True
        return

encrypt_pv

The encrypt_pv function is used to encrypt a physical volume. It uses the appropriate command to encrypt the physical volume based on the strength of the provided password.

decrypt_pv

The decrypt_pv function is used to decrypt a physical volume. It first unlocks the physical volume using the provided password and then uses the appropriate command to decrypt the physical volume.

The decrypt_pv function unlocks the physical volume using the provided password and then uses the appropriate command to decrypt the physical volume.

def decrypt_pv(module, name):
    '''
    Decrypts the physical volume that is passed.

    arguments:
        module (dict): Ansible module argument spec.
        name (str) : Name of the PV that needs to be decrypted.

    returns:
        None
    '''

    password = module.params['password']

    cmd = expectPrompts['unlock'] % (name, password)

    rc, stdout, stderr = module.run_command(cmd)
    result['stdout'] = stdout
    result['stderr'] = stderr
    result['cmd'] = cmd
    result['rc'] = rc

 

This is an auto-generated document by Swimm 🌊 and has not yet been verified by a human