netapp.ontap.na_ontap_fpolicy_ext_engine – NetApp ONTAP fPolicy external engine configuration.

Note

This plugin is part of the netapp.ontap collection (version 21.4.0).

To install it use: ansible-galaxy collection install netapp.ontap.

To use it in a playbook, specify: netapp.ontap.na_ontap_fpolicy_ext_engine.

New in version 21.4.0: of netapp.ontap

Synopsis

  • Create, delete or modify fpolicy external engine.

Requirements

The below requirements are needed on the host that executes this module.

  • Ansible 2.9

  • Python3 netapp-lib (2018.11.13) or later. Install using ‘pip install netapp-lib’

  • netapp-lib 2020.3.12 is strongly recommended as it provides better error reporting for connection issues.

  • A physical or virtual clustered Data ONTAP system. The modules support Data ONTAP 9.1 and onward.

  • REST support requires ONTAP 9.6 or later.

  • To enable http on the cluster you must run the following commands ‘set -privilege advanced;’ ‘system services web modify -http-enabled true;’

Parameters

Parameter Choices/Defaults Comments
cert_filepath
string
added in 20.6.0 of netapp.ontap
path to SSL client cert file (.pem).
not supported with python 2.6.
certificate_ca
string
Certificate authority name. No default value is set for this field.
certificate_common_name
string
FQDN or custom common name of certificate. No default value is set for this field.
certificate_serial
string
Serial number of certificate. No default value is set for this field.
extern_engine_type
string
    Choices:
  • synchronous
  • asynchronous
External engine type. If the engine is asynchronous, no reply is sent from FPolicy servers. Default value set for this field is synchronous.
feature_flags
dictionary
added in 20.5.0 of netapp.ontap
Enable or disable a new feature.
This can be used to enable an experimental feature or disable a new feature that breaks backward compatibility.
Supported keys and values are subject to change without notice. Unknown keys are ignored.
hostname
string / required
The hostname or IP address of the ONTAP instance.
http_port
integer
Override the default port (80 or 443) with this port
https
boolean
    Choices:
  • no ←
  • yes
Enable and disable https.
Ignored when using REST as only https is supported.
Ignored when using SSL certificate authentication as it requires SSL.
is_resiliency_enabled
boolean
    Choices:
  • no
  • yes
Indicates if the resiliency with this engine is required.
If set to true, the notifications will be stored in a path as resiliency_directory_path
If it is false, the notifications will not be stored. Default value is false.
key_filepath
string
added in 20.6.0 of netapp.ontap
path to SSL client key file.
max_connection_retries
integer
Number of times storage appliance will attempt to establish a broken connection to FPolicy server. Default value set for this field is 5.
max_server_reqs
integer
Maximum number of outstanding screen requests that will be queued for an FPolicy Server. Default value set for this field is 50.
name
string / required
Name of the external engine.
ontapi
integer
The ontap api version to use
password
string
Password for the specified user.

aliases: pass
port
integer
Port number of the FPolicy server application.
primary_servers
list / elements=string
Primary FPolicy servers.
recv_buffer_size
integer
Receive buffer size of connected socket for FPolicy Server. Default value set for this field is 256 kilobytes (256Kb).
resiliency_directory_path
string
Directory path under Vserver for storing file access notifications. File access notifications will be stored in a generated file during the outage time.
The path is the full, user visible path relative to the Vserver root, and it might be crossing junction mount points.
secondary_servers
list / elements=string
Secondary FPolicy servers. No default value is set for this field.
send_buffer_size
integer
Send buffer size of connected socket for FPolicy Server. Default value set for this field is 256 kilobytes (256Kb).
ssl_option
string
    Choices:
  • no_auth
  • server_auth
  • mutual_auth
SSL option for external communication. No default value is set for this field
state
string
    Choices:
  • present ←
  • absent
Whether the fPolicy external engine is present or not
use_rest
string
Default:
"auto"
REST API if supported by the target system for all the resources and attributes the module requires. Otherwise will revert to ZAPI.
always -- will always use the REST API
never -- will always use the ZAPI
auto -- will try to use the REST Api
username
string
This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level or SVM-level API is required.
For more information, please read the documentation https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/.
Two authentication methods are supported
1. basic authentication, using username and password,
2. SSL certificate authentication, using a ssl client cert file, and optionally a private key file.
To use a certificate, the certificate must have been installed in the ONTAP cluster, and cert authentication must have been enabled.

aliases: user
validate_certs
boolean
    Choices:
  • no
  • yes ←
If set to no, the SSL certificates will not be validated.
This should only set to False used on personally controlled sites using self-signed certificates.
vserver
string / required
the name of the vserver to create the external engine on

Notes

Note

  • The modules prefixed with na\_ontap are built to support the ONTAP storage platform.

Examples

- name: Create fPolicy external engine
  na_ontap_fpolicy_ext_engine:
    state: present
    vserver: svm1
    name: fpolicy_ext_engine
    port: 8787
    extern_engine_type: asynchronous
    primary_servers: ['10.11.12.13', '10.11.12.14']
    ssl_option: no_auth
    username: "{{ username }}"
    password: "{{ password }}"
    hostname: "{{ hostname }}"

- name: Modify fPolicy external engine
  na_ontap_fpolicy_ext_engine:
    state: present
    vserver: svm1
    name: fpolicy_ext_engine
    port: 7878
    extern_engine_type: synchronous
    primary_servers: ['10.11.12.15', '10.11.12.16']
    ssl_option: server_auth
    username: "{{ username }}"
    password: "{{ password }}"
    hostname: "{{ hostname }}"

- name: Delete fPolicy external engine
  na_ontap_fpolicy_ext_engine:
    state: absent
    vserver: svm1
    name: fpolicy_engine
    username: "{{ username }}"
    password: "{{ password }}"
    hostname: "{{ hostname }}"

Authors