netapp.ontap.na_ontap_cifs_server module – NetApp ONTAP CIFS server configuration
Note
This module is part of the netapp.ontap collection (version 21.20.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install netapp.ontap.
To use it in a playbook, specify: netapp.ontap.na_ontap_cifs_server.
New in version 2.6.0: of netapp.ontap
Requirements
The below requirements are needed on the host that executes this module.
Ansible 2.9
Python3 netapp-lib (2018.11.13) or later. Install using ‘pip install netapp-lib’
netapp-lib 2020.3.12 is strongly recommended as it provides better error reporting for connection issues.
A physical or virtual clustered Data ONTAP system. The modules support Data ONTAP 9.1 and onward.
REST support requires ONTAP 9.6 or later.
To enable http on the cluster you must run the following commands ‘set -privilege advanced;’ ‘system services web modify -http-enabled true;’
Parameters
Parameter |
Comments |
|---|---|
Specifies the cifs server admin password. When used with absent, the account will be deleted if admin_user_name is also provided. |
|
Specifies the cifs server admin username. When used with absent, the account will be deleted if admin_password is also provided. |
|
Specifies whether or not an AES session key is enabled for the Netlogon channel. Only supported with REST and requires ontap version 9.10.1 or later. Choices:
|
|
path to SSL client cert file (.pem). not supported with python 2.6. |
|
The Fully Qualified Domain Name of the Windows Active Directory this CIFS server belongs to. |
|
Specifies whether encryption is required for domain controller connections. Only supported with REST and requires ontap version 9.8 or later. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Enable or disable a new feature. This can be used to enable an experimental feature or disable a new feature that breaks backward compatibility. Supported keys and values are subject to change without notice. Unknown keys are ignored. |
|
When state is present, if this is set and a machine account with the same name as specified in ‘name’ exists in the Active Directory, it will be overwritten and reused. When state is absent, if this is set, the local CIFS configuration is deleted regardless of communication errors. For REST, it requires ontap version 9.11. Choices:
|
|
Specifies the existing cifs_server name. This option is used to rename cifs_server. Supported only in REST and requires force to be set to True. Requires ontap version 9.11.0. if the service is running, it will be stopped to perform the rename action, and automatically restarts. if the service is stopped, it will be briefly restarted after the rename action, and stopped again. |
|
The hostname or IP address of the ONTAP instance. |
|
Override the default port (80 or 443) with this port |
|
Enable and disable https. Ignored when using REST as only https is supported. Ignored when using SSL certificate authentication as it requires SSL. Choices:
|
|
Specifies whether AES-128 and AES-256 encryption is enabled for all Kerberos-based communication with the Active Directory KDC. Only supported with REST. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
path to SSL client key file. |
|
Specifies whether or not LDAP referral chasing is enabled for AD LDAP connections. Only supported with REST and requires ontap version 9.10.1 or later. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Specifies the cifs_server name. |
|
The ontap api version to use |
|
The Organizational Unit (OU) within the Windows Active Directory this CIFS server belongs to. |
|
Password for the specified user. |
|
Specifies what level of access an anonymous user is granted. Only supported with REST. Choices:
|
|
CIFS Server Administrative Status. Choices:
|
|
Specifies client session security for AD LDAP connections. Only supported with REST and requires ontap version 9.10.1 or later. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Determine whether SMB encryption is required for incoming CIFS traffic. Only supported with REST. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Specifies whether signing is required for incoming CIFS traffic. Only supported with REST. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Whether the specified cifs_server should exist or not. Choices:
|
|
Specifies whether or not channel binding is attempted in the case of TLS/LDAPS. Only supported with REST and requires ontap version 9.10.1 or later. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Specifies whether or not to use use LDAPS for secure Active Directory LDAP connections. Only supported with REST and requires ontap version 9.10.1 or later. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
Whether to use REST or ZAPI. always – will always use the REST API if the module supports REST. A warning is issued if the module does not support REST. An error is issued if a module option is not supported in REST. never – will always use ZAPI if the module supports ZAPI. An error may be issued if a REST option is not supported in ZAPI. auto – will try to use the REST API if the module supports REST and modules options are supported. Reverts to ZAPI otherwise. Default: “auto” |
|
Specifies whether or not to use SSL/TLS for allowing secure LDAP communication with Active Directory LDAP servers. Only supported with REST and requires ontap version 9.10.1 or later. Use na_ontap_vserver_cifs_security with ZAPI. Choices:
|
|
This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level or SVM-level API is required. For more information, please read the documentation https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/. Two authentication methods are supported
To use a certificate, the certificate must have been installed in the ONTAP cluster, and cert authentication must have been enabled. |
|
If set to This should only set to Choices:
|
|
The name of the vserver to use. |
|
The NetBIOS name of the domain or workgroup this CIFS server belongs to. |
Examples
- name: Create cifs_server
netapp.ontap.na_ontap_cifs_server:
state: present
name: data2
vserver: svm1
service_state: stopped
domain: "{{ id_domain }}"
admin_user_name: "{{ domain_login }}"
admin_password: "{{ domain_pwd }}"
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
- name: Delete cifs_server
netapp.ontap.na_ontap_cifs_server:
state: absent
name: data2
vserver: svm1
admin_user_name: "{{ domain_login }}"
admin_password: "{{ domain_pwd }}"
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
- name: Start cifs_server
netapp.ontap.na_ontap_cifs_server:
state: present
name: data2
vserver: svm1
service_state: started
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
- name: Stop cifs_server
netapp.ontap.na_ontap_cifs_server:
state: present
name: data2
vserver: svm1
service_state: stopped
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
- name: Rename cifs_server - REST
netapp.ontap.na_ontap_cifs_server:
state: present
from_name: data2
name: cifs
vserver: svm1
force: True
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
- name: Modify cifs_server security - REST
netapp.ontap.na_ontap_cifs_server:
state: present
name: data2
vserver: svm1
service_state: stopped
encrypt_dc_connection: True,
smb_encryption: True,
kdc_encryption: True,
smb_signing: True,
aes_netlogon_enabled: True,
ldap_referral_enabled: True,
session_security: seal,
try_ldap_channel_binding: False,
use_ldaps: True,
use_start_tls": True
restrict_anonymous: no_access
domain: "{{ id_domain }}"
admin_user_name: "{{ domain_login }}"
admin_password: "{{ domain_pwd }}"
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
Authors
NetApp Ansible Team (@carchi8py)