purestorage.flasharray.purefa_ad – Manage FlashArray Active Directory Account

Note

This plugin is part of the purestorage.flasharray collection (version 1.11.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flasharray.

To use it in a playbook, specify: purestorage.flasharray.purefa_ad.

New in version 1.9.0: of purestorage.flasharray

Synopsis

  • Add or delete FlashArray Active Directory Account

  • FlashArray allows the creation of one AD computer account, or joining of an existing AD computer account.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7

  • purestorage >= 1.19

  • py-pure-client >= 1.6.0

  • netaddr

  • requests

Parameters

Parameter

Comments

api_token

string

FlashArray API token for admin privileged user.

computer

string

The common name of the computer account to be created in the Active Directory domain.

If not specified, defaults to the name of the Active Directory configuration.

directory_servers

list / elements=string

A list of directory servers that will be used for lookups related to user authorization

Accepted server formats are IP address and DNS name

All specified servers must be registered to the domain appropriately in the array configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS

The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher. If more are provided only the first allowed count used.

domain

string

The Active Directory domain to join

fa_url

string

FlashArray management IPv4 address or Hostname.

join_ou

string

added in 1.10.0 of purestorage.flasharray

Distinguished name of organization unit in which the computer account should be created when joining the domain. e.g. OU=Arrays,OU=Storage.

The DC=… components can be omitted.

If left empty, defaults to CN=Computers.

Requires Purity//FA 6.1.8 or higher

kerberos_servers

list / elements=string

A list of key distribution servers to use for Kerberos protocol

Accepted server formats are IP address and DNS name

All specified servers must be registered to the domain appropriately in the array configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS.

The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher. If more are provided only the first allowed count used.

local_only

boolean

Do a local-only delete of an active directory account

Choices:

  • no ← (default)

  • yes

name

string / required

Name of the AD account

password

string

Password string for username

state

string

Define whether the AD sccount is deleted or not

Choices:

  • absent

  • present ← (default)

username

string

A user capable of creating a computer account within the domain

Notes

Note

  • This module requires the purestorage and py-pure-client Python libraries

  • Additional Python librarues may be required for specific modules.

  • You must set PUREFA_URL and PUREFA_API environment variables if fa_url and api_token arguments are not passed to the module directly

Examples

- name: Create new AD account
  purefa_ad:
    name: ad_account
    computer: FLASHARRAY
    domain: acme.com
    join_ou: "OU=Acme,OU=Dev"
    username: Administrator
    password: Password
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Delete AD account locally
  purefa_ad:
    name: ad_account
    local_only: True
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Fully delete AD account. Note that correct AD permissions are required
  purefa_ad:
    name: ad_account
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

Authors