ansible.builtin.zfs_delegate_admin (v2.9.27) — module

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.

See the C(zfs allow) section of C(zfs(1M)) for detailed explanations of options.

This module attempts to adhere to the behavior of the command line tool as much as possible.

Requirements

• A ZFS/OpenZFS implementation that supports delegation with `zfs allow`, including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope
  zfs_delegate_admin:
    name: rpool/myfs
    users: adm
    permissions: allow,unallow

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Grant `zfs send` to everyone, plus the group `backup`
  zfs_delegate_admin:
    name: rpool/myvol
    groups: backup
    everyone: yes
    permissions: send

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only
  zfs_delegate_admin:
    name: rpool/myfs
    users: foo,bar
    permissions: send,receive
    local: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain)

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- zfs_delegate_admin:
    name: rpool/myfs
    everyone: yes
    state: absent

Inputs

    
name:
    description:
    - File system or volume name e.g. C(rpool/myfs).
    required: true
    type: str

local:
    description:
    - Apply permissions to C(name) locally (C(zfs allow -l)).
    type: bool

state:
    choices:
    - absent
    - present
    default: present
    description:
    - Whether to allow (C(present)), or unallow (C(absent)) a permission.
    - When set to C(present), at least one "entity" param of I(users), I(groups), or I(everyone)
      are required.
    - When set to C(absent), removes permissions from the specified entities, or removes
      all permissions if no entity params are specified.
    required: true

users:
    description:
    - List of users to whom permission(s) should be granted.
    type: list

groups:
    description:
    - List of groups to whom permission(s) should be granted.
    type: list

everyone:
    default: false
    description:
    - Apply permissions to everyone.
    type: bool

recursive:
    default: false
    description:
    - Unallow permissions recursively (ignored when C(state) is C(present)).
    type: bool

descendents:
    description:
    - Apply permissions to C(name)'s descendents (C(zfs allow -d)).
    type: bool

permissions:
    choices:
    - allow
    - clone
    - create
    - destroy
    - diff
    - hold
    - mount
    - promote
    - readonly
    - receive
    - release
    - rename
    - rollback
    - send
    - share
    - snapshot
    - unallow
    description:
    - The list of permission(s) to delegate (required if C(state) is C(present)).
    type: list