dellemc / dellemc.powerscale / 3.0.0 / module / accesszone Manages access zones on PowerScale | "added in version" 1.2.0 of dellemc.powerscale" Authors: Akash Shendge (@shenda1) <ansible.team@dell.com>, Pavan Mudunuri (@Pavan-Mudunuri) <ansible.team@dell.com>, Trisha Datta (@trisha-dell) <ansible.team@dell.com>dellemc.powerscale.accesszone (3.0.0) — module
Install with ansible-galaxy collection install dellemc.powerscale:==3.0.0
collections: - name: dellemc.powerscale version: 3.0.0
Managing access zones on the PowerScale storage system includes getting details of the access zone and modifying the smb and nfs settings.
- name: Get details of access zone including smb and nfs settings dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" state: "present"
- name: Modify smb settings of access zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" state: "present" smb: create_permissions: 'default acl' directory_create_mask: '777' directory_create_mode: '700' file_create_mask: '700' file_create_mode: '100' access_based_enumeration: true access_based_enumeration_root_only: false ntfs_acl_support: true oplocks: true
- name: Modify nfs settings of access zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" state: "present" nfs: commit_asynchronous: false nfsv4_allow_numeric_ids: false nfsv4_domain: 'localhost' nfsv4_no_domain: false nfsv4_no_domain_uids: false nfsv4_no_names: false
- name: Modify smb and nfs settings of access zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" state: "present" smb: create_permissions: 'default acl' directory_create_mask: '777' directory_create_mode: '700' file_create_mask: '700' file_create_mode: '100' access_based_enumeration: true access_based_enumeration_root_only: false ntfs_acl_support: true oplocks: true nfs: commit_asynchronous: false nfsv4_allow_numeric_ids: false nfsv4_domain: 'localhost' nfsv4_no_domain: false nfsv4_no_domain_uids: false nfsv4_no_names: false
- name: Add Auth Providers to the access zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" provider_state: "add" auth_providers: - provider_name: "System" provider_type: "file" priority: 3 - provider_name: "ldap-prashant" provider_type: "ldap" state: "present"
- name: Remove Auth Providers from the access zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" provider_state: "remove" auth_providers: - provider_name: "System" provider_type: "file" state: "present"
- name: Create New Access Zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "{{access zone}}" path: "/ifs/test_dir" groupnet: "groupnet1" create_path: true provider_state: "add" auth_providers: - provider_name: "System" provider_type: "file" state: "present"
- name: Delete Access Zone dellemc.powerscale.accesszone: onefs_host: "{{onefs_host}}" api_user: "{{api_user}}" api_password: "{{api_password}}" verify_ssl: "{{verify_ssl}}" az_name: "sample_name" state: "absent"
nfs: description: - Specifies the default NFS setting parameters of access zone. suboptions: commit_asynchronous: description: - Set to C(true) if NFS commit requests execute asynchronously. type: bool nfsv4_allow_numeric_ids: description: - If C(true), sends owners and groups as UIDs and GIDs when look up fails or if the I(nfsv4_no_name) property is set to 1. type: bool nfsv4_domain: description: - Specifies the domain or realm through which users and groups are associated. type: str nfsv4_no_domain: description: - If C(true), sends owners and groups without a domain name. type: bool nfsv4_no_domain_uids: description: - If C(true), sends UIDs and GIDs without a domain name. type: bool nfsv4_no_names: description: - If C(true), sends owners and groups as UIDs and GIDs. type: bool type: dict smb: description: - Specifies the default SMB setting parameters of access zone. suboptions: access_based_enumeration: description: - Allows access based enumeration only on the files and folders that the requesting user can access. type: bool access_based_enumeration_root_only: description: - Access-based enumeration on only the root directory of the share. type: bool create_permissions: choices: - default acl - Inherit mode bits - Use create mask and mode default: default acl description: - Sets the default source permissions to apply when a file or directory is created. type: str directory_create_mask: description: - Specifies the C(UNIX) mask bits (octal) that are removed when a directory is created, restricting permissions. - Mask bits are applied before mode bits are applied. type: str directory_create_mode: description: - Specifies the C(UNIX) mode bits (octal) that are added when a directory is created, enabling permissions. type: str file_create_mask: description: - Specifies the C(UNIX) mask bits (octal) that are removed when a file is created, restricting permissions. type: str file_create_mode: description: - Specifies the C(UNIX) mode bits (octal) that are added when a file is created, enabling permissions. type: str ntfs_acl_support: description: - Allows ACLs to be stored and edited from SMB clients. type: bool oplocks: description: - An oplock allows clients to provide performance improvements by using locally-cached information. type: bool type: dict path: description: - Specifies the access zone base directory path. type: str state: choices: - present - absent description: - Defines whether the access zone should exist or not. - C(present) - indicates that the access zone should exist on the system. - C(absent) - indicates that the access zone should not exist on the system. required: true type: str az_name: description: - The name of the access zone. required: true type: str port_no: default: '8080' description: - Port number of the PowerScale cluster.It defaults to 8080 if not specified. required: false type: str api_user: description: - username of the PowerScale cluster. required: true type: str groupnet: default: groupnet0 description: - Name of the groupnet for create access zone. type: str onefs_host: description: - IP address or FQDN of the PowerScale cluster. required: true type: str verify_ssl: choices: - true - false description: - boolean variable to specify whether to validate SSL certificate or not. - C(true) - indicates that the SSL certificate should be verified. - C(false) - indicates that the SSL certificate should not be verified. required: true type: bool create_path: description: - Determines if a path is created when a path does not exist. type: bool api_password: description: - the password of the PowerScale cluster. required: true type: str auth_providers: description: - Specifies the auth providers which need to be added or removed from access zone. - If I(auth_providers) are given, then I(provider_state) should also be specified. elements: dict suboptions: priority: description: - Specifies the order of priority of the auth provider which needs to be added to access zone. - C(1) denotes the topmost priority. - If I(priority) is not provided, authentication provider will have lowest priority. type: int provider_name: description: - Specifies the auth provider name which needs to be added or removed from access zone. required: true type: str provider_type: choices: - local - file - ldap - ads - nis description: - Specifies the auth provider type which needs to be added or removed from access zone. required: true type: str type: list provider_state: choices: - add - remove description: - Defines whether the auth providers should be added or removed from access zone. - If I(auth_providers) are given, then I(provider_state) should also be specified. - C(add) - indicates that the auth providers should be added to the access zone. - C(remove) - indicates that auth providers should be removed from the access zone. required: false type: str
access_zone_details: contains: Zones: contains: alternate_system_provider: description: Specifies an alternate system provider. type: str auth_providers: description: Specifies the list of authentication providers available on this access zone. type: list groupnet: description: Groupnet identifier. type: str ifs_restricted: description: Specifies a list of users and groups that have read and write access to /ifs. type: list name: description: Specifies the access zone name. type: str system_provider: description: Specifies the system provider for the access zone. type: str user_mapping_rules: description: Specifies the current ID mapping rules. type: list zone_id: description: Specifies the access zone ID on the system. type: int description: Specifies the properties of Zone. type: list nfs_settings: contains: export_settings: contains: commit_asynchronous: description: Set to C(true) if NFS commit requests execute asynchronously type: bool description: Default values for NFS exports type: complex zone_settings: contains: nfsv4_allow_numeric_ids: description: If C(true), sends owners and groups as UIDs and GIDs when look up fails or if the 'nfsv4_no_name' property is set to 1 type: bool nfsv4_domain: description: Specifies the domain or realm through which users and groups are associated type: str nfsv4_no_domain: description: If C(true), sends owners and groups without a domain name type: bool nfsv4_no_domain_uids: description: If C(true), sends UIDs and GIDs without a domain name type: bool nfsv4_no_names: description: If C(true), sends owners and groups as UIDs and GIDs type: bool description: NFS server settings for this zone type: complex description: NFS settings of access zone type: complex smb_settings: contains: directory_create_mask(octal): description: UNIX mask bits for directory in octal format type: str directory_create_mode(octal): description: UNIX mode bits for directory in octal format type: str file_create_mask(octal): description: UNIX mask bits for file in octal format type: str file_create_mode(octal): description: UNIX mode bits for file in octal format type: str description: SMB settings of access zone type: complex description: The access zone details. returned: When access zone exists sample: nfs_settings: export_settings: all_dirs: false block_size: 8192 can_set_time: true case_insensitive: false case_preserving: true chown_restricted: false commit_asynchronous: false directory_transfer_size: 131072 encoding: DEFAULT link_max: 32767 map_all: null map_failure: enabled: false primary_group: id: null name: null type: null secondary_groups: [] user: id: USER:nobody name: null type: null map_full: true map_lookup_uid: false map_non_root: enabled: false primary_group: id: null name: null type: null secondary_groups: [] user: id: USER:nobody name: null type: null map_retry: true map_root: enabled: true primary_group: id: null name: null type: null secondary_groups: [] user: id: USER:nobody name: null type: null max_file_size: 9223372036854775807 name_max_size: 255 no_truncate: false read_only: false read_transfer_max_size: 1048576 read_transfer_multiple: 512 read_transfer_size: 131072 readdirplus: true readdirplus_prefetch: 10 return_32bit_file_ids: false security_flavors: - unix setattr_asynchronous: false snapshot: '-' symlinks: true time_delta: 1e-09 write_datasync_action: DATASYNC write_datasync_reply: DATASYNC write_filesync_action: FILESYNC write_filesync_reply: FILESYNC write_transfer_max_size: 1048576 write_transfer_multiple: 512 write_transfer_size: 524288 write_unstable_action: UNSTABLE write_unstable_reply: UNSTABLE zone: System zone_settings: nfsv4_allow_numeric_ids: true nfsv4_domain: localhost nfsv4_no_domain: false nfsv4_no_domain_uids: true nfsv4_no_names: false nfsv4_replace_domain: true zone: null smb_settings: access_based_enumeration: false access_based_enumeration_root_only: false allow_delete_readonly: false allow_execute_always: false ca_timeout: 120 ca_write_integrity: write-read-coherent change_notify: norecurse continuously_available: null create_permissions: default acl csc_policy: null directory_create_mask: 448 directory_create_mask(octal): '700' directory_create_mode: 0 directory_create_mode(octal): '0' file_create_mask: 448 file_create_mask(octal): '700' file_create_mode: 64 file_create_mode(octal): '100' file_filter_extensions: [] file_filter_type: deny file_filtering_enabled: false hide_dot_files: false host_acl: [] impersonate_guest: never impersonate_user: '' ntfs_acl_support: true oplocks: true smb3_encryption_enabled: false sparse_file: false strict_ca_lockout: true strict_flush: true strict_locking: false zone: null zones: - alternate_system_provider: lsa-file-provider:System auth_providers: - lsa-ldap-provider:ansildap cache_entry_expiry: 14400 create_path: null force_overlap: null groupnet: groupnet0 home_directory_umask: 63 id: System ifs_restricted: [] map_untrusted: '' name: System negative_cache_entry_expiry: 60 netbios_name: '' path: /ifs skeleton_directory: /usr/share system: true system_provider: lsa-file-provider:System user_mapping_rules: - test_user_13 ++ test_user_15 [user] - test_user_14 => test_user [] - test_user_13 ++ test_user_15 [user] - test_user_12 &= test_user_13 [] zone_id: 1 type: complex access_zone_modify_flag: description: Whether auth providers linked to access zone has changed. returned: on success sample: 'false' type: bool changed: description: Whether or not the resource has changed. returned: always sample: 'false' type: bool nfs_modify_flag: description: Whether or not the default NFS settings of access zone has changed. returned: on success sample: 'false' type: bool smb_modify_flag: description: Whether or not the default SMB settings of access zone has changed. returned: on success sample: 'false' type: bool