Try SpotterManages access zones on PowerScale
| "added in version" 1.2.0 of dellemc.powerscale"
Authors: Akash Shendge (@shenda1) <ansible.team@dell.com>
preview | supported by community
Install with ansible-galaxy collection install dellemc.powerscale:==1.4.0
collections:
- name: dellemc.powerscale
version: 1.4.0Managing access zones on the PowerScale storage system includes getting details of the access zone and modifying the smb and nfs settings.
- name: Get details of access zone including smb and nfs settings
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
- name: Modify smb settings of access zone
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
smb:
create_permissions: 'default acl'
directory_create_mask: '777'
directory_create_mode: '700'
file_create_mask: '700'
file_create_mode: '100'
access_based_enumeration: true
access_based_enumeration_root_only: false
ntfs_acl_support: true
oplocks: true
- name: Modify nfs settings of access zone
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
nfs:
commit_asynchronous: false
nfsv4_allow_numeric_ids: false
nfsv4_domain: 'localhost'
nfsv4_no_domain: false
nfsv4_no_domain_uids: false
nfsv4_no_names: false
- name: Modify smb and nfs settings of access zone
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
smb:
create_permissions: 'default acl'
directory_create_mask: '777'
directory_create_mode: '700'
file_create_mask: '700'
file_create_mode: '100'
access_based_enumeration: true
access_based_enumeration_root_only: false
ntfs_acl_support: true
oplocks: true
nfs:
commit_asynchronous: false
nfsv4_allow_numeric_ids: false
nfsv4_domain: 'localhost'
nfsv4_no_domain: false
nfsv4_no_domain_uids: false
nfsv4_no_names: false
- name: Add Auth Providers to the access zone
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
provider_state: "add"
auth_providers:
- provider_name: "System"
provider_type: "file"
- provider_name: "ldap-prashant"
provider_type: "ldap"
state: "present"
- name: Remove Auth Providers from the access zone
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
provider_state: "remove"
auth_providers:
- provider_name: "System"
provider_type: "file"
state: "present"
- name: Create New Access Zone
dellemc_powerscale_accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
path: "/ifs/test_dir"
groupnet: "groupnet1"
create_path: True
provider_state: "add"
auth_providers:
- provider_name: "System"
provider_type: "file"
state: "present"
nfs:
description:
- Specifies the default NFS setting parameters of access zone.
suboptions:
commit_asynchronous:
description:
- Set to True if NFS commit requests execute asynchronously.
type: bool
nfsv4_allow_numeric_ids:
description:
- If true, sends owners and groups as UIDs and GIDs when look up fails or if the
'nfsv4_no_name' property is set to 1.
type: bool
nfsv4_domain:
description:
- Specifies the domain or realm through which users and groups are associated.
type: str
nfsv4_no_domain:
description:
- If true, sends owners and groups without a domain name.
type: bool
nfsv4_no_domain_uids:
description:
- If true, sends UIDs and GIDs without a domain name.
type: bool
nfsv4_no_names:
description:
- If true, sends owners and groups as UIDs and GIDs.
type: bool
type: dict
smb:
description:
- Specifies the default SMB setting parameters of access zone.
suboptions:
access_based_enumeration:
description:
- Allows access based enumeration only on the files and folders that the requesting
user can access.
type: bool
access_based_enumeration_root_only:
description:
- Access-based enumeration on only the root directory of the share.
type: bool
create_permissions:
choices:
- default acl
- Inherit mode bits
- Use create mask and mode
default: default acl
description:
- Sets the default source permissions to apply when a file or directory is created.
type: str
directory_create_mask:
description:
- Specifies the UNIX mask bits (octal) that are removed when a directory is created,
restricting permissions.
- Mask bits are applied before mode bits are applied.
type: str
directory_create_mode:
description:
- Specifies the UNIX mode bits (octal) that are added when a directory is created,
enabling permissions.
type: str
file_create_mask:
description:
- Specifies the UNIX mask bits (octal) that are removed when a file is created,
restricting permissions.
type: str
file_create_mode:
description:
- Specifies the UNIX mode bits (octal) that are added when a file is created,
enabling permissions.
type: str
ntfs_acl_support:
description:
- Allows ACLs to be stored and edited from SMB clients.
type: bool
oplocks:
description:
- An oplock allows clients to provide performance improvements by using locally-cached
information.
type: bool
type: dict
path:
description:
- Specifies the access zone base directory path.
type: str
state:
choices:
- present
- absent
description:
- Defines whether the access zone should exist or not.
- present - indicates that the access zone should exist on the system.
- absent - indicates that the access zone should not exist on the system.
required: true
type: str
az_name:
description:
- The name of the access zone.
required: true
type: str
port_no:
default: '8080'
description:
- Port number of the PowerScale cluster.It defaults to 8080 if not specified.
required: false
type: str
api_user:
description:
- username of the PowerScale cluster.
required: true
type: str
groupnet:
default: groupnet0
description:
- Name of the groupnet for create access zone
type: str
onefs_host:
description:
- IP address or FQDN of the PowerScale cluster.
required: true
type: str
verify_ssl:
choices:
- true
- false
description:
- boolean variable to specify whether to validate SSL certificate or not.
- True - indicates that the SSL certificate should be verified.
- False - indicates that the SSL certificate should not be verified.
required: true
type: bool
create_path:
description:
- Determines if a path is created when a path does not exist.
type: bool
api_password:
description:
- the password of the PowerScale cluster.
required: true
type: str
auth_providers:
description:
- Specifies the auth providers which need to be added or removed from access zone.
- If auth_providers are given, then provider_state should also be specified.
elements: dict
suboptions:
provider_name:
description:
- Specifies the auth provider name which needs to be added or removed from access
zone.
required: true
type: str
provider_type:
choices:
- local
- file
- ldap
- ads
description:
- Specifies the auth provider type which needs to be added or removed from access
zone.
required: true
type: str
type: list
provider_state:
choices:
- add
- remove
description:
- Defines whether the auth providers should be added or removed from access zone.
- If auth_providers are given, then provider_state should also be specified.
- add - indicates that the auth providers should be added to the access zone.
- remove - indicates that auth providers should be removed from the access zone.
required: false
type: str
access_zone_details:
contains:
nfs_settings:
contains:
export_settings:
contains:
commit_asynchronous:
description: Set to True if NFS commit requests execute asynchronously
type: bool
description: Default values for NFS exports
type: complex
zone_settings:
contains:
nfsv4_allow_numeric_ids:
description: If true, sends owners and groups as UIDs and GIDs when
look up fails or if the 'nfsv4_no_name' property is set to 1
type: bool
nfsv4_domain:
description: Specifies the domain or realm through which users and groups
are associated
type: str
nfsv4_no_domain:
description: If true, sends owners and groups without a domain name
type: bool
nfsv4_no_domain_uids:
description: If true, sends UIDs and GIDs without a domain name
type: bool
nfsv4_no_names:
description: If true, sends owners and groups as UIDs and GIDs
type: bool
description: NFS server settings for this zone
type: complex
description: NFS settings of access zone
type: complex
smb_settings:
contains:
directory_create_mask(octal):
description: UNIX mask bits for directory in octal format
type: str
directory_create_mode(octal):
description: UNIX mode bits for directory in octal format
type: str
file_create_mask(octal):
description: UNIX mask bits for file in octal format
type: str
file_create_mode(octal):
description: UNIX mode bits for file in octal format
type: str
description: SMB settings of access zone
type: complex
description: The access zone details
returned: When access zone exists
type: complex
access_zone_modify_flag:
description: Whether auth providers linked to access zone has changed
returned: on success
type: bool
changed:
description: Whether or not the resource has changed
returned: always
type: bool
nfs_modify_flag:
description: Whether or not the default NFS settings of access zone has changed
returned: on success
type: bool
smb_modify_flag:
description: Whether or not the default SMB settings of access zone has changed
returned: on success
type: bool