Try SpotterManages access zones on PowerScale
| "added in version" 1.2.0 of dellemc.powerscale"
Authors: Akash Shendge (@shenda1) <ansible.team@dell.com>, Pavan Mudunuri (@Pavan-Mudunuri) <ansible.team@dell.com>, Trisha Datta (@trisha-dell) <ansible.team@dell.com>
Install with ansible-galaxy collection install dellemc.powerscale:==3.0.0
collections:
- name: dellemc.powerscale
version: 3.0.0Managing access zones on the PowerScale storage system includes getting details of the access zone and modifying the smb and nfs settings.
- name: Get details of access zone including smb and nfs settings
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
- name: Modify smb settings of access zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
smb:
create_permissions: 'default acl'
directory_create_mask: '777'
directory_create_mode: '700'
file_create_mask: '700'
file_create_mode: '100'
access_based_enumeration: true
access_based_enumeration_root_only: false
ntfs_acl_support: true
oplocks: true
- name: Modify nfs settings of access zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
nfs:
commit_asynchronous: false
nfsv4_allow_numeric_ids: false
nfsv4_domain: 'localhost'
nfsv4_no_domain: false
nfsv4_no_domain_uids: false
nfsv4_no_names: false
- name: Modify smb and nfs settings of access zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
state: "present"
smb:
create_permissions: 'default acl'
directory_create_mask: '777'
directory_create_mode: '700'
file_create_mask: '700'
file_create_mode: '100'
access_based_enumeration: true
access_based_enumeration_root_only: false
ntfs_acl_support: true
oplocks: true
nfs:
commit_asynchronous: false
nfsv4_allow_numeric_ids: false
nfsv4_domain: 'localhost'
nfsv4_no_domain: false
nfsv4_no_domain_uids: false
nfsv4_no_names: false
- name: Add Auth Providers to the access zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
provider_state: "add"
auth_providers:
- provider_name: "System"
provider_type: "file"
priority: 3
- provider_name: "ldap-prashant"
provider_type: "ldap"
state: "present"
- name: Remove Auth Providers from the access zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
provider_state: "remove"
auth_providers:
- provider_name: "System"
provider_type: "file"
state: "present"
- name: Create New Access Zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "{{access zone}}"
path: "/ifs/test_dir"
groupnet: "groupnet1"
create_path: true
provider_state: "add"
auth_providers:
- provider_name: "System"
provider_type: "file"
state: "present"
- name: Delete Access Zone
dellemc.powerscale.accesszone:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
az_name: "sample_name"
state: "absent"
nfs:
description:
- Specifies the default NFS setting parameters of access zone.
suboptions:
commit_asynchronous:
description:
- Set to C(true) if NFS commit requests execute asynchronously.
type: bool
nfsv4_allow_numeric_ids:
description:
- If C(true), sends owners and groups as UIDs and GIDs when look up fails or if
the I(nfsv4_no_name) property is set to 1.
type: bool
nfsv4_domain:
description:
- Specifies the domain or realm through which users and groups are associated.
type: str
nfsv4_no_domain:
description:
- If C(true), sends owners and groups without a domain name.
type: bool
nfsv4_no_domain_uids:
description:
- If C(true), sends UIDs and GIDs without a domain name.
type: bool
nfsv4_no_names:
description:
- If C(true), sends owners and groups as UIDs and GIDs.
type: bool
type: dict
smb:
description:
- Specifies the default SMB setting parameters of access zone.
suboptions:
access_based_enumeration:
description:
- Allows access based enumeration only on the files and folders that the requesting
user can access.
type: bool
access_based_enumeration_root_only:
description:
- Access-based enumeration on only the root directory of the share.
type: bool
create_permissions:
choices:
- default acl
- Inherit mode bits
- Use create mask and mode
default: default acl
description:
- Sets the default source permissions to apply when a file or directory is created.
type: str
directory_create_mask:
description:
- Specifies the C(UNIX) mask bits (octal) that are removed when a directory is
created, restricting permissions.
- Mask bits are applied before mode bits are applied.
type: str
directory_create_mode:
description:
- Specifies the C(UNIX) mode bits (octal) that are added when a directory is created,
enabling permissions.
type: str
file_create_mask:
description:
- Specifies the C(UNIX) mask bits (octal) that are removed when a file is created,
restricting permissions.
type: str
file_create_mode:
description:
- Specifies the C(UNIX) mode bits (octal) that are added when a file is created,
enabling permissions.
type: str
ntfs_acl_support:
description:
- Allows ACLs to be stored and edited from SMB clients.
type: bool
oplocks:
description:
- An oplock allows clients to provide performance improvements by using locally-cached
information.
type: bool
type: dict
path:
description:
- Specifies the access zone base directory path.
type: str
state:
choices:
- present
- absent
description:
- Defines whether the access zone should exist or not.
- C(present) - indicates that the access zone should exist on the system.
- C(absent) - indicates that the access zone should not exist on the system.
required: true
type: str
az_name:
description:
- The name of the access zone.
required: true
type: str
port_no:
default: '8080'
description:
- Port number of the PowerScale cluster.It defaults to 8080 if not specified.
required: false
type: str
api_user:
description:
- username of the PowerScale cluster.
required: true
type: str
groupnet:
default: groupnet0
description:
- Name of the groupnet for create access zone.
type: str
onefs_host:
description:
- IP address or FQDN of the PowerScale cluster.
required: true
type: str
verify_ssl:
choices:
- true
- false
description:
- boolean variable to specify whether to validate SSL certificate or not.
- C(true) - indicates that the SSL certificate should be verified.
- C(false) - indicates that the SSL certificate should not be verified.
required: true
type: bool
create_path:
description:
- Determines if a path is created when a path does not exist.
type: bool
api_password:
description:
- the password of the PowerScale cluster.
required: true
type: str
auth_providers:
description:
- Specifies the auth providers which need to be added or removed from access zone.
- If I(auth_providers) are given, then I(provider_state) should also be specified.
elements: dict
suboptions:
priority:
description:
- Specifies the order of priority of the auth provider which needs to be added
to access zone.
- C(1) denotes the topmost priority.
- If I(priority) is not provided, authentication provider will have lowest priority.
type: int
provider_name:
description:
- Specifies the auth provider name which needs to be added or removed from access
zone.
required: true
type: str
provider_type:
choices:
- local
- file
- ldap
- ads
- nis
description:
- Specifies the auth provider type which needs to be added or removed from access
zone.
required: true
type: str
type: list
provider_state:
choices:
- add
- remove
description:
- Defines whether the auth providers should be added or removed from access zone.
- If I(auth_providers) are given, then I(provider_state) should also be specified.
- C(add) - indicates that the auth providers should be added to the access zone.
- C(remove) - indicates that auth providers should be removed from the access zone.
required: false
type: str
access_zone_details:
contains:
Zones:
contains:
alternate_system_provider:
description: Specifies an alternate system provider.
type: str
auth_providers:
description: Specifies the list of authentication providers available on
this access zone.
type: list
groupnet:
description: Groupnet identifier.
type: str
ifs_restricted:
description: Specifies a list of users and groups that have read and write
access to /ifs.
type: list
name:
description: Specifies the access zone name.
type: str
system_provider:
description: Specifies the system provider for the access zone.
type: str
user_mapping_rules:
description: Specifies the current ID mapping rules.
type: list
zone_id:
description: Specifies the access zone ID on the system.
type: int
description: Specifies the properties of Zone.
type: list
nfs_settings:
contains:
export_settings:
contains:
commit_asynchronous:
description: Set to C(true) if NFS commit requests execute asynchronously
type: bool
description: Default values for NFS exports
type: complex
zone_settings:
contains:
nfsv4_allow_numeric_ids:
description: If C(true), sends owners and groups as UIDs and GIDs when
look up fails or if the 'nfsv4_no_name' property is set to 1
type: bool
nfsv4_domain:
description: Specifies the domain or realm through which users and groups
are associated
type: str
nfsv4_no_domain:
description: If C(true), sends owners and groups without a domain name
type: bool
nfsv4_no_domain_uids:
description: If C(true), sends UIDs and GIDs without a domain name
type: bool
nfsv4_no_names:
description: If C(true), sends owners and groups as UIDs and GIDs
type: bool
description: NFS server settings for this zone
type: complex
description: NFS settings of access zone
type: complex
smb_settings:
contains:
directory_create_mask(octal):
description: UNIX mask bits for directory in octal format
type: str
directory_create_mode(octal):
description: UNIX mode bits for directory in octal format
type: str
file_create_mask(octal):
description: UNIX mask bits for file in octal format
type: str
file_create_mode(octal):
description: UNIX mode bits for file in octal format
type: str
description: SMB settings of access zone
type: complex
description: The access zone details.
returned: When access zone exists
sample:
nfs_settings:
export_settings:
all_dirs: false
block_size: 8192
can_set_time: true
case_insensitive: false
case_preserving: true
chown_restricted: false
commit_asynchronous: false
directory_transfer_size: 131072
encoding: DEFAULT
link_max: 32767
map_all: null
map_failure:
enabled: false
primary_group:
id: null
name: null
type: null
secondary_groups: []
user:
id: USER:nobody
name: null
type: null
map_full: true
map_lookup_uid: false
map_non_root:
enabled: false
primary_group:
id: null
name: null
type: null
secondary_groups: []
user:
id: USER:nobody
name: null
type: null
map_retry: true
map_root:
enabled: true
primary_group:
id: null
name: null
type: null
secondary_groups: []
user:
id: USER:nobody
name: null
type: null
max_file_size: 9223372036854775807
name_max_size: 255
no_truncate: false
read_only: false
read_transfer_max_size: 1048576
read_transfer_multiple: 512
read_transfer_size: 131072
readdirplus: true
readdirplus_prefetch: 10
return_32bit_file_ids: false
security_flavors:
- unix
setattr_asynchronous: false
snapshot: '-'
symlinks: true
time_delta: 1e-09
write_datasync_action: DATASYNC
write_datasync_reply: DATASYNC
write_filesync_action: FILESYNC
write_filesync_reply: FILESYNC
write_transfer_max_size: 1048576
write_transfer_multiple: 512
write_transfer_size: 524288
write_unstable_action: UNSTABLE
write_unstable_reply: UNSTABLE
zone: System
zone_settings:
nfsv4_allow_numeric_ids: true
nfsv4_domain: localhost
nfsv4_no_domain: false
nfsv4_no_domain_uids: true
nfsv4_no_names: false
nfsv4_replace_domain: true
zone: null
smb_settings:
access_based_enumeration: false
access_based_enumeration_root_only: false
allow_delete_readonly: false
allow_execute_always: false
ca_timeout: 120
ca_write_integrity: write-read-coherent
change_notify: norecurse
continuously_available: null
create_permissions: default acl
csc_policy: null
directory_create_mask: 448
directory_create_mask(octal): '700'
directory_create_mode: 0
directory_create_mode(octal): '0'
file_create_mask: 448
file_create_mask(octal): '700'
file_create_mode: 64
file_create_mode(octal): '100'
file_filter_extensions: []
file_filter_type: deny
file_filtering_enabled: false
hide_dot_files: false
host_acl: []
impersonate_guest: never
impersonate_user: ''
ntfs_acl_support: true
oplocks: true
smb3_encryption_enabled: false
sparse_file: false
strict_ca_lockout: true
strict_flush: true
strict_locking: false
zone: null
zones:
- alternate_system_provider: lsa-file-provider:System
auth_providers:
- lsa-ldap-provider:ansildap
cache_entry_expiry: 14400
create_path: null
force_overlap: null
groupnet: groupnet0
home_directory_umask: 63
id: System
ifs_restricted: []
map_untrusted: ''
name: System
negative_cache_entry_expiry: 60
netbios_name: ''
path: /ifs
skeleton_directory: /usr/share
system: true
system_provider: lsa-file-provider:System
user_mapping_rules:
- test_user_13 ++ test_user_15 [user]
- test_user_14 => test_user []
- test_user_13 ++ test_user_15 [user]
- test_user_12 &= test_user_13 []
zone_id: 1
type: complex
access_zone_modify_flag:
description: Whether auth providers linked to access zone has changed.
returned: on success
sample: 'false'
type: bool
changed:
description: Whether or not the resource has changed.
returned: always
sample: 'false'
type: bool
nfs_modify_flag:
description: Whether or not the default NFS settings of access zone has changed.
returned: on success
sample: 'false'
type: bool
smb_modify_flag:
description: Whether or not the default SMB settings of access zone has changed.
returned: on success
sample: 'false'
type: bool