MAS DevOps Ansible Collection Ansible CLI
Home Roles: Suite Mgmt suite_manage_import_certs_config Usage Modes Role Variables Example Playbook Run Role Playbook License

suite_manage_import_certs_config¤

This role imports custom certificates into Maximo Manage application's workspace. This is useful for establishing trust with external systems, APIs, or services that Manage needs to communicate with securely.

Prerequisites

Manage application must be deployed and activated before importing certificates.

Usage Modes¤

The role supports two usage modes:

  1. Standalone Mode: Provide a local file path containing certificate definitions
  2. Programmatic Mode: Pass certificates as variables from another playbook/role

Certificate Alias Naming¤

When using programmatic mode, certificate aliases are auto-generated by concatenating the prefix with an incremented number: - Input: 3 certificates with prefix myaliasprefixpart - Output: myaliasprefixpart1, myaliasprefixpart2, myaliasprefixpart3

Role Variables¤

mas_instance_id¤

MAS instance identifier.

  • Required
  • Environment Variable: MAS_INSTANCE_ID
  • Default: None

Purpose: Identifies which MAS instance contains the Manage application where certificates will be imported.

When to use: - Always required for certificate import - Must match the instance ID from MAS installation - Used to locate Manage resources

Valid values: Lowercase alphanumeric string, 3-12 characters (e.g., prod, dev, masinst1)

Impact: Determines which MAS instance's Manage application receives the imported certificates.

Related variables: - mas_workspace_id: Workspace within this instance - manage_workspace_cr_name: Constructed from instance and workspace IDs

Note: This must match the instance ID used during Manage installation.

mas_workspace_id¤

Workspace identifier for Manage application.

  • Required
  • Environment Variable: MAS_WORKSPACE_ID
  • Default: None

Purpose: Identifies which workspace within the MAS instance contains the Manage application where certificates will be imported.

When to use: - Always required for certificate import - Must match the workspace ID where Manage is deployed - Used to locate Manage resources

Valid values: Lowercase alphanumeric string, typically 3-12 characters (e.g., prod, dev, masdev)

Impact: Determines which workspace's Manage application receives the imported certificates.

Related variables: - mas_instance_id: Parent instance - manage_workspace_cr_name: Constructed from instance and workspace IDs

Note: This must match the workspace ID used during Manage installation.

manage_workspace_cr_name¤

ManageWorkspace custom resource name.

  • Optional
  • Environment Variable: MANAGE_WORKSPACE_CR_NAME
  • Default: {mas_instance_id}-{mas_workspace_id}

Purpose: Specifies the name of the ManageWorkspace custom resource to update with imported certificates.

When to use: - Use default unless you have a custom CR naming convention - Override if your ManageWorkspace CR has a non-standard name - Required to update certificate configuration

Valid values: Valid Kubernetes resource name

Impact: Determines which ManageWorkspace CR is updated with the imported certificate definitions.

Related variables: - mas_instance_id: Used in default name construction - mas_workspace_id: Used in default name construction

Note: The default naming convention {instance}-{workspace} matches standard Manage deployments. Only override if you have custom CR names.

manage_certificates_file_path_local¤

Local file path for certificate definitions.

  • Required (when running as standalone role)
  • Environment Variable: MANAGE_CERTIFICATES_FILE_PATH_LOCAL
  • Default: None

Purpose: Specifies the local filesystem path to a YAML file containing certificate definitions to import into Manage.

When to use: - Required when running role standalone (not from another playbook) - Use when certificates are stored in a file - Alternative to passing certificates as variables - Mutually exclusive with manage_certificates variable

Valid values: Valid local filesystem path (e.g., /path/to/manage-certs.yml, ~/certs/manage-certs.yml)

Impact: The role reads certificate definitions from this file and imports them into Manage. File must be in valid YAML format.

Related variables: - manage_certificates: Alternative method (programmatic mode) - manage_certificates_alias_prefix: Not used with file mode

Note: Sample file format available in files/manage-certs-sample.yml. The file should contain a list of certificate contents in PEM format. Use this mode for static certificate configurations.

manage_certificates¤

Certificate list for programmatic import.

  • Optional (Required when not using file path)
  • Environment Variable: MANAGE_CERTIFICATES
  • Default: None

Purpose: Provides certificate contents as a list variable for programmatic import from another playbook or role.

When to use: - Use when invoking this role from another playbook/role - When certificates are generated or retrieved dynamically - Alternative to using manage_certificates_file_path_local - Requires manage_certificates_alias_prefix to be set

Valid values: List of certificate strings in PEM format

['-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----']

Impact: Certificates in the list are imported into Manage with auto-generated alias names based on the prefix.

Related variables: - manage_certificates_alias_prefix: Required with this variable - manage_certificates_file_path_local: Alternative method (file mode)

Note: Use this mode for dynamic certificate management, such as when certificates are retrieved from a secret manager or generated during playbook execution. Each certificate must be a complete PEM-formatted string.

manage_certificates_alias_prefix¤

Certificate alias name prefix.

  • Optional (Required when using manage_certificates variable)
  • Environment Variable: MANAGE_CERTIFICATES_ALIAS_PREFIX
  • Default: None

Purpose: Defines the prefix for auto-generated certificate alias names. Aliases are created by appending an incremented number to this prefix.

When to use: - Required when using manage_certificates variable - Use descriptive prefixes to identify certificate purpose - Not used when importing from file (file defines aliases)

Valid values: String suitable for certificate alias (alphanumeric, no spaces)

Impact: Determines how certificates are named in Manage's certificate store. Format: {prefix}1, {prefix}2, {prefix}3, etc.

Related variables: - manage_certificates: Certificates to name with this prefix

Note: Choose meaningful prefixes that indicate the certificate purpose or source (e.g., coscertpart, s3certpart, apicertpart). This helps identify certificates in Manage's certificate management interface.

Example Playbook¤

Using Local File Path¤

The following sample can be used to import Manage certificates for an existing Manage instance, using a local path pointing the certificates definition from a custom file.

- hosts: localhost
  any_errors_fatal: true
  vars:
    mas_instance_id: masinst1
    mas_workspace_id: masdev
    manage_certificates_file_path_local: /my-path/manage-certs.yml
  roles:
    - ibm.mas_devops.suite_manage_import_certs_config

Using Variables¤

The following sample can be used to import Manage certificates for an existing Manage instance, passing the certificates and prefix from a variable.

- hosts: localhost
  any_errors_fatal: true
  vars:
    mas_instance_id: masinst1
    mas_workspace_id: masdev
    manage_certificates: ['-----BEGIN CERTIFICATE----- << your-cert-content >> -----END CERTIFICATE-----']
    manage_certificates_alias_prefix: "myaliasprefixpart"
  roles:
    - ibm.mas_devops.suite_manage_import_certs_config

Run Role Playbook¤

After installing the Ansible Collection you can easily run the role standalone using the run_role playbook provided.

export MAS_INSTANCE_ID=masinst1
export MAS_WORKSPACE_ID=masdev
export MANAGE_CERTIFICATES_FILE_PATH_LOCAL=/my-path/manage-certs.yml
ROLE_NAME='suite_manage_import_certs_config' ansible-playbook playbooks/run_role.yml

License¤

EPL-2.0