Try SpotterManage FlashBlade policies
| "added in version" 1.0.0 of purestorage.flashblade"
Authors: Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
preview | supported by community
Install with ansible-galaxy collection install purestorage.flashblade:==1.17.0
collections:
- name: purestorage.flashblade
version: 1.17.0Manage policies for filesystem, file replica links and object store access.
To update an existing snapshot policy rule, you must first delete the original rule and then add the new rule to replace it. Purity's best-fit will try to ensure that any required snapshots deleted on the deletion of the first rule will be recovered as long replacement rule is added before the snapshot eradication period is exceeded (usuually 24 hours).
- name: Create a simple snapshot policy with no rules
purestorage.flashblade.purefb_policy:
name: test_policy
policy_type: snapshot
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a snapshot policy and connect to existing filesystems and filesystem replica links
purestorage.flashblade.purefb_policy:
name: test_policy_with_members
policy_type: snapshot
filesystem:
- fs1
- fs2
replica_link:
- rl1
- rl2
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a snapshot policy with rules
purestorage.flashblade.purefb_policy:
name: test_policy2
policy_type: snapshot
at: 11AM
keep_for: 86400
every: 86400
timezone: Asia/Shanghai
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a snapshot policy
purestorage.flashblade.purefb_policy:
name: test_policy
policy_type: snapshot
state: absent
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty object store access policy
purestorage.flashblade.purefb_policy:
name: test_os_policy
account: test
policy_type: access
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty object store access policy and assign user
purestorage.flashblade.purefb_policy:
name: test_os_policy
account: test
policy_type: access
user: fred
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a object store access policy with simple rule
purestorage.flashblade.purefb_policy:
name: test_os_policy_rule
policy_type: access
account: test
rule: rule1
actions: "s3:*"
object_resources: "*"
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty SMB client policy
purestorage.flashblade.purefb_policy:
name: test_smb_client
policy_type: smb_client
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an SMB client policy with a client rule
purestorage.flashblade.purefb_policy:
name: test_smb_client
policy_type: smb_client
client: "10.0.1.0/24"
permission: rw
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty NFS export policy
purestorage.flashblade.purefb_policy:
name: test_nfs_export
policy_type: nfs
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an NFS export policy with a client rule
purestorage.flashblade.purefb_policy:
name: test_nfs_export
policy_type: nfs
atime: true
client: "10.0.1.0/24"
secure: true
security: [sys, krb5]
permission: rw
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a new rule for an existing NFS export policy
purestorage.flashblade.purefb_policy:
name: test_nfs_export
policy_type: nfs
atime: true
client: "10.0.2.0/24"
security: sys
permission: ro
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a client rule from an NFS export policy
purestorage.flashblade.purefb_policy:
name: test_nfs_export
client: "10.0.1.0/24"
policy_type: nfs
state: absent
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete an NFS export policy and all associated rules
purestorage.flashblade.purefb_policy:
name: test_nfs_export
state: absent
policy_type: nfs
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a rule from an object store access policy
purestorage.flashblade.purefb_policy:
name: test_os_policy_rule
account: test
policy_type: access
rule: rule1
state: absent
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a user from an object store access policy
purestorage.flashblade.purefb_policy:
name: test_os_policy_rule
account: test
user: fred
policy_type: access
state: absent
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete an object store access policy with attached users (USE WITH CAUTION)
purestorage.flashblade.purefb_policy:
name: test_os_policy_rule
account: test
policy_type: access
force_delete: true
state: absent
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete an object store access policy with no attached users
purestorage.flashblade.purefb_policy:
name: test_os_policy_rule
account: test
policy_type: access
state: absent
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Copy an object store access policy rule to another exisitng policy
purestorage.flashblade.purefb_policy:
name: test_os_policy_rule
policy_type: access
account: test
target: "account2/anotherpolicy"
target_rule: new_rule1
state: copy
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Rename an NFS Export Policy
purestorage.flashblade.purefb_policy:
name: old_name
policy_type: nfs
rename: new_name
fb_url: 10.10.10.2
api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
at:
description:
- Provide a time in 12-hour AM/PM format, eg. 11AM
type: str
desc:
default: ''
description:
- A description of an object store policy, optionally specified when the policy is
created.
- Cannot be modified for an existing policy.
type: str
version_added: 1.14.0
version_added_collection: purestorage.flashblade
name:
description:
- Name of the policy
type: str
read:
choices:
- allow
- deny
- ''
description:
- The state of the SMB share principals Read access permission.
- Setting to "" will clear the current setting
type: str
version_added: 1.12.0
version_added_collection: purestorage.flashblade
rule:
description:
- Name of the rule for the Object Store Access Policy
- Rules in system wide policies cannot be deleted or modified
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
user:
description:
- User in the I(account) that the policy is granted to.
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
atime:
default: true
description:
- After a read operation has occurred, the inode access time is updated only if any
of the following conditions is true; the previous access time is less than the inode
modify time, the previous access time is less than the inode change time, or the
previous access time is more than 24 hours ago.
- If set to false, disables the update of inode access times after read operations.
type: bool
version_added: 1.9.0
version_added_collection: purestorage.flashblade
every:
description:
- Interval between snapshots in seconds
- Range available 300 - 31536000 (equates to 5m to 365d)
type: int
state:
choices:
- absent
- present
- copy
default: present
description:
- Create or delete policy.
- Copy is applicable only to Object Store Access Policies Rules
type: str
access:
choices:
- root-squash
- all-squash
- no-squash
default: root-squash
description:
- Specifies access control for the export policy rule
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
change:
choices:
- allow
- deny
- ''
description:
- The state of the SMB share principals Change access permission.
- Setting to "" will clear the current setting
type: str
version_added: 1.12.0
version_added_collection: purestorage.flashblade
client:
description:
- Specifies the clients that will be permitted to access the export.
- Accepted notation is a single IP address, subnet in CIDR notation, netgroup, or
anonymous (*).
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
effect:
choices:
- allow
- deny
default: allow
description:
- Allow S3 requests that match all of the I(actions) item selected. Rules are additive.
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
fb_url:
description:
- FlashBlade management IP address or Hostname.
type: str
rename:
description:
- New name for policy
- Only applies to NFS and SMB policies
type: str
version_added: 1.10.0
version_added_collection: purestorage.flashblade
secure:
default: false
description:
- If true, this prevents NFS access to client connections coming from non-reserved
ports.
- If false, allows NFS access to client connections coming from non-reserved ports.
- Applies to NFSv3, NFSv4.1, and auxiliary protocols MOUNT and NLM.
type: bool
version_added: 1.9.0
version_added_collection: purestorage.flashblade
target:
description:
- Name of policy to copy rule to
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
account:
description:
- Name of Object Store account policy applies to.
- B(Special Case) I(pure policy) is used for the system-wide S3 policies
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
actions:
choices:
- s3:*
- s3:AbortMultipartUpload
- s3:BypassGovernanceRetention
- s3:CreateBucket
- s3:DeleteBucket
- s3:DeleteObject
- s3:DeleteObjectVersion
- s3:ExtendSafemodeRetentionPeriod
- s3:GetBucketAcl
- s3:GetBucketLocation
- s3:GetBucketVersioning
- s3:GetLifecycleConfiguration
- s3:GetObject
- s3:GetObjectAcl
- s3:GetObjectLegalHold
- s3:GetObjectLockConfiguration
- s3:GetObjectRetention
- s3:GetObjectTagging
- s3:GetObjectVersion
- s3:GetObjectVersionTagging
- s3:ListAllMyBuckets
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:ListBucketVersions
- s3:ListMultipartUploadParts
- s3:PutBucketVersioning
- s3:PutLifecycleConfiguration
- s3:PutObject
- s3:PutObjectLegalHold
- s3:PutObjectLockConfiguration
- s3:PutObjectRetention
- s3:ResolveSafemodeConflicts
description:
- List of permissions to grant.
- System-wide policy rules cannot be deleted or modified
elements: str
type: list
version_added: 1.9.0
version_added_collection: purestorage.flashblade
anongid:
description:
- Any user whose GID is affected by an I(access) of `root_squash` or `all_squash`
will have their GID mapped to anongid. The default anongid is null, which means
65534. Use "" to clear.
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
anonuid:
description:
- Any user whose UID is affected by an I(access) of `root_squash` or `all_squash`
will have their UID mapped to anonuid. The default is null, which means 65534. Use
"" to clear.
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
enabled:
default: true
description:
- State of policy
type: bool
keep_for:
description:
- How long to keep snapshots for
- Range available 300 - 31536000 (equates to 5m to 365d)
- Must not be set less than I(every)
type: int
security:
choices:
- sys
- krb5
- krb5i
- krb5p
default: sys
description:
- The security flavors to use for accessing files on this mount point.
- If the server does not support the requested flavor, the mount operation fails.
- I(sys) trusts the client to specify users identity.
- I(krb) provides cryptographic proof of a users identity in each RPC request.
- I(krb5i) adds integrity checking to krb5, to ensure the data has not been tampered
with.
- I(krb5p) adds integrity checking and encryption to krb5.
elements: str
type: list
version_added: 1.9.0
version_added_collection: purestorage.flashblade
timezone:
description:
- Time Zone used for the I(at) parameter
- If not provided, the module will attempt to get the current local timezone from
the server
type: str
api_token:
description:
- FlashBlade API token for admin privileged user.
type: str
principal:
description:
- The user or group who is the subject of this rule, and their domain
type: str
version_added: 1.12.0
version_added_collection: purestorage.flashblade
filesystem:
description:
- List of filesystems to add to a policy on creation
- To amend policy members use the I(purestorage.flashblade.purefb_fs) module
elements: str
type: list
interfaces:
choices:
- management-ssh
- management-rest-api
- management-web-ui
- snmp
- local-network-superuser-password-access
description:
- Specifies which product interfaces the network access policy rule applies to, whether
it is permitting or denying access.
elements: str
type: list
version_added: 1.17.0
version_added_collection: purestorage.flashblade
permission:
choices:
- rw
- ro
default: ro
description:
- Specifies which read-write client access permissions are allowed for the export.
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
source_ips:
description:
- List of IPs and subnets from which this rule should allow requests; e.g., 10.20.30.40,
10.20.30.0/24, 2001:DB8:1234:5678::/64.
- System-wide policy rules cannot be deleted or modified
elements: str
type: list
version_added: 1.9.0
version_added_collection: purestorage.flashblade
before_rule:
description:
- The index of the client rule to insert or move a client rule before.
type: int
version_added: 1.9.0
version_added_collection: purestorage.flashblade
policy_type:
choices:
- snapshot
- access
- nfs
- smb_share
- smb_client
- network
default: snapshot
description:
- Type of policy
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
s3_prefixes:
description:
- List of 'folders' (object key prefixes) for which object listings may be requested.
- System-wide policy rules cannot be deleted or modified
elements: str
type: list
version_added: 1.9.0
version_added_collection: purestorage.flashblade
target_rule:
description:
- Name of the rule to copy the exisitng rule to.
- If not defined the existing rule name is used.
type: str
version_added: 1.9.0
version_added_collection: purestorage.flashblade
fileid_32bit:
default: false
description:
- Whether the file id is 32 bits or not.
type: bool
version_added: 1.9.0
version_added_collection: purestorage.flashblade
force_delete:
default: false
description:
- Force the deletion of a Object Store Access Policy is this has attached users.
- WARNING This can have undesired side-effects.
- System-wide policies cannot be deleted
type: bool
version_added: 1.9.0
version_added_collection: purestorage.flashblade
full_control:
choices:
- allow
- deny
- ''
description:
- The state of the SMB share principals Full Control access permission.
- Setting to "" will clear the current setting
type: str
version_added: 1.12.0
version_added_collection: purestorage.flashblade
replica_link:
description:
- List of filesystem replica links to add to a policy on creation
- To amend policy members use the I(purestorage.flashblade.purefb_fs_replica) module
elements: str
type: list
s3_delimiters:
description:
- List of delimiter characters allowed in object list requests.
- Grants permissions to list 'folder names' (prefixes ending in a delimiter) instead
of object keys.
- System-wide policy rules cannot be deleted or modified
elements: str
type: list
version_added: 1.9.0
version_added_collection: purestorage.flashblade
smb_encryption:
choices:
- disabled
- optional
- required
default: optional
description:
- The status of SMB encryption in a client policy rule
type: str
version_added: 1.12.0
version_added_collection: purestorage.flashblade
object_resources:
description:
- List of bucket names and object paths, with a wildcard (*) to specify objects in
a bucket; e.g., bucket1, bucket1/*, bucket2, bucket2/*.
- System-wide policy rules cannot be deleted or modified
elements: str
type: list
version_added: 1.9.0
version_added_collection: purestorage.flashblade
destroy_snapshots:
default: false
description:
- This parameter must be set to true in order to modify a policy such that local or
remote snapshots would be destroyed.
type: bool
version_added: 1.11.0
version_added_collection: purestorage.flashblade
ignore_enforcement:
default: true
description:
- Certain combinations of actions and other rule elements are inherently ignored if
specified together in a rule.
- If set to true, operations which attempt to set these combinations will fail.
- If set to false, such operations will instead be allowed.
type: bool
version_added: 1.9.0
version_added_collection: purestorage.flashblade