purestorage.flasharray.purefa_ad – Manage FlashArray Active Directory Account
Note
This plugin is part of the purestorage.flasharray collection (version 1.11.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install purestorage.flasharray
.
To use it in a playbook, specify: purestorage.flasharray.purefa_ad
.
New in version 1.9.0: of purestorage.flasharray
Synopsis
Add or delete FlashArray Active Directory Account
FlashArray allows the creation of one AD computer account, or joining of an existing AD computer account.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
purestorage >= 1.19
py-pure-client >= 1.6.0
netaddr
requests
Parameters
Parameter |
Comments |
---|---|
FlashArray API token for admin privileged user. |
|
The common name of the computer account to be created in the Active Directory domain. If not specified, defaults to the name of the Active Directory configuration. |
|
A list of directory servers that will be used for lookups related to user authorization Accepted server formats are IP address and DNS name All specified servers must be registered to the domain appropriately in the array configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher. If more are provided only the first allowed count used. |
|
The Active Directory domain to join |
|
FlashArray management IPv4 address or Hostname. |
|
Distinguished name of organization unit in which the computer account should be created when joining the domain. e.g. OU=Arrays,OU=Storage. The DC=… components can be omitted. If left empty, defaults to CN=Computers. Requires Purity//FA 6.1.8 or higher |
|
A list of key distribution servers to use for Kerberos protocol Accepted server formats are IP address and DNS name All specified servers must be registered to the domain appropriately in the array configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS. The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher. If more are provided only the first allowed count used. |
|
Do a local-only delete of an active directory account Choices:
|
|
Name of the AD account |
|
Password string for username |
|
Define whether the AD sccount is deleted or not Choices:
|
|
A user capable of creating a computer account within the domain |
Notes
Note
This module requires the
purestorage
andpy-pure-client
Python librariesAdditional Python librarues may be required for specific modules.
You must set
PUREFA_URL
andPUREFA_API
environment variables if fa_url and api_token arguments are not passed to the module directly
Examples
- name: Create new AD account
purefa_ad:
name: ad_account
computer: FLASHARRAY
domain: acme.com
join_ou: "OU=Acme,OU=Dev"
username: Administrator
password: Password
kerberos_servers:
- kdc.acme.com
directory_servers:
- ldap.acme.com
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Delete AD account locally
purefa_ad:
name: ad_account
local_only: True
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Fully delete AD account. Note that correct AD permissions are required
purefa_ad:
name: ad_account
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
Authors
Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>