Try SpotterManages the ADS authentication provider on PowerScale
| "added in version" 1.2.0 of dellemc.powerscale"
Authors: Jennifer John (@johnj9) <ansible.team@dell.com>
Install with ansible-galaxy collection install dellemc.powerscale:==3.0.0
collections:
- name: dellemc.powerscale
version: 3.0.0Manages the Active Directory authentication provider on the PowerScale storage system. This includes adding spn, removing spn, fixing spn, checking spn, creating, modifying, deleting and retreiving the details of an ADS provider.
- name: Add an Active Directory provider
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
domain_name: "ansibleneo.com"
instance_name: "ansibleneo.com"
ads_user: "administrator"
ads_password: "*****"
ads_parameters:
groupnet: "groupnet5"
home_directory_template: "/ifs/home/%D/%U"
login_shell: "/bin/zsh"
machine_account: "test_account"
organizational_unit: "org/sub_org"
state: "present"
- name: Modify an Active Directory provider with domain name
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
verify_ssl: "{{verify_ssl}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
domain_name: "ansibleneo.com"
ads_parameters:
home_directory_template: "/ifs/usr_home/%D/%U"
login_shell: "/bin/rbash"
state: "present"
- name: Modify an Active Directory provider with instance name
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
verify_ssl: "{{verify_ssl}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
instance_name: "ansibleneo.com"
ads_parameters:
home_directory_template: "/ifs/usr_home/%D/%U"
login_shell: "/bin/rbash"
state: "present"
- name: Get Active Directory provider details with domain name
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
domain_name: "ansibleneo.com"
state: "present"
- name: Add an SPN
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
domain_name: "ansibleneo.com"
spns:
- spn: "HOST/test1"
state: "present"
- name: Remove an SPN
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
domain_name: "ansibleneo.com"
spns:
- spn: "HOST/test1"
state: "absent"
state: "present"
- name: Check an SPN
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
domain_name: "ansibleneo.com"
spn_command: "check"
state: "present"
- name: Fix an SPN
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
domain_name: "ansibleneo.com"
spn_command: "fix"
state: "present"
- name: Get Active Directory provider details with instance name
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
verify_ssl: "{{verify_ssl}}"
instance_name: "ansibleneo.com"
state: "present"
- name: Delete an Active Directory provider with domain name
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
verify_ssl: "{{verify_ssl}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
domain_name: "ansibleneo.com"
state: "absent"
- name: Delete an Active Directory provider with instance name
dellemc.powerscale.ads:
onefs_host: "{{onefs_host}}"
verify_ssl: "{{verify_ssl}}"
api_user: "{{api_user}}"
api_password: "{{api_password}}"
instance_name: "ansibleneo.com"
state: "absent"
spns:
description: List of SPN's to configure.
elements: dict
suboptions:
spn:
description:
- Service Principle Name(SPN).
required: true
type: str
state:
choices:
- absent
- present
default: present
description:
- The state of the SPN.
- C(present) - indicates that the SPN should exist on the machine account.
- C(absent) - indicates that the SPN should not exist on the machine account.
type: str
type: list
state:
choices:
- absent
- present
description:
- The state of the ads provider after the task is performed.
- C(present) - indicates that the ADS provider should exist on the system.
- C(absent) - indicates that the ADS provider should not exist on the system.
required: true
type: str
port_no:
default: '8080'
description:
- Port number of the PowerScale cluster.It defaults to 8080 if not specified.
required: false
type: str
ads_user:
description:
- Specifies the user name that has permission to join a machine to the given domain.
- This parameter is mandatory during create.
type: str
api_user:
description:
- username of the PowerScale cluster.
required: true
type: str
onefs_host:
description:
- IP address or FQDN of the PowerScale cluster.
required: true
type: str
verify_ssl:
choices:
- true
- false
description:
- boolean variable to specify whether to validate SSL certificate or not.
- C(true) - indicates that the SSL certificate should be verified.
- C(false) - indicates that the SSL certificate should not be verified.
required: true
type: bool
domain_name:
description:
- Specifies the domain name of an Active Directory provider.
- This parameter is mandatory during create.
type: str
spn_command:
choices:
- check
- fix
description:
- Specify command of SPN.
- C(check) - Check for missing SPNs for an AD provider.
- C(fix) - Adds missing SPNs for an AD provider.
type: str
ads_password:
description:
- Specifies the password used during domain join.
- This parameter is mandatory during create.
type: str
api_password:
description:
- the password of the PowerScale cluster.
required: true
type: str
instance_name:
description:
- Specifies the instance name of Active Directory provider.
- This is an optional parameter during create, and defaults to the provider name if
it is not specified during the create operation.
- Get, modify and delete operations can also be performed through instance_name.
- It is mutually exclusive with I(domain_name) for get, modify and delete operations.
type: str
ads_parameters:
description:
- Specify additional parameters to configure ADS domain.
suboptions:
groupnet:
description:
- Groupnet identifier.
- This is an optional parameter and defaults to C(groupnet0).
type: str
home_directory_template:
description:
- Specifies the path to the home directory template.
- This is an optional parameter and defaults to C(/ifs/home/%D/%U).
type: str
login_shell:
choices:
- /bin/sh
- /bin/csh
- /bin/tcsh
- /bin/zsh
- /bin/bash
- /bin/rbash
- /sbin/nologin
description:
- Specifies the login shell path.
- This is an optional parameter and defaults to C(/bin/zsh).
type: str
machine_account:
description:
- Specifies the machine account name when creating a SAM account with Active Directory.
- The default cluster name is called C(default).
type: str
organizational_unit:
description:
- Specifies the organizational unit.
type: str
type: dict
ads_provider_details:
contains:
groupnet:
description: Groupnet identifier.
type: str
home_directory_template:
description: Specifies the path to the home directory template.
type: str
id:
description: Specifies the ID of the Active Directory provider instance.
type: str
linked_access_zones:
description: List of access zones linked to the authentication provider.
type: list
login_shell:
description: Specifies the login shell path.
type: str
machine_account:
description: Specifies the machine account name when creating a SAM account
with Active Directory.
type: str
name:
description: Specifies the Active Directory provider name.
type: str
description: The Active Directory provider details.
returned: When Active Directory provider exists
sample:
ads_provider_details:
- extra_expected_spns:
- HOST/test5
forest: sample.com
groupnet: groupnet0
home_directory_template: /ifs/home/%D/%U
hostname: v.sample.com
id: sample.com
linked_access_zones: []
login_shell: /bin/abc
machine_account: m1
name: sample.com
recommended_spns:
- HOST/test1
- HOST/test2
- HOST/test3
- HOST/test4
spns:
- HOST/test2
- HOST/test3
- HOST/test4
- HOST/test5
status: online
type: complex
changed:
description: Whether or not the resource has changed.
returned: always
sample: 'false'
type: bool
spn_check:
description: Missing SPNs for an AD provider.
returned: When check operation is done.
sample:
- host/test1
type: list