purestorage.flasharray.purefa_policy module – Manage FlashArray File System Policies
Note
This module is part of the purestorage.flasharray collection (version 1.32.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install purestorage.flasharray
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: purestorage.flasharray.purefa_policy
.
New in purestorage.flasharray 1.5.0
Synopsis
Manage FlashArray file system policies for NFS, SMB and snapshot
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.3
purestorage >= 1.19
py-pure-client >= 1.26.0
netaddr
requests
pycountry
urllib3
Parameters
Parameter |
Comments |
---|---|
Defines if access based enumeration for SMB is enabled Choices:
|
|
The ID to which any users whose GID is affected by access of root-squash or all-squash will be mapped to. This is ignored when user_mapping is enabled. Clear using “”. Default: |
|
The ID to which any users whose UID is affected by access of root-squash or all-squash will be mapped to. Clear using “”. Default: |
|
FlashArray API token for admin privileged user. |
|
Specifies which SMB or NFS clients are given access Accepted notation, IP, IP mask, or hostname |
|
Directories to have the quota rule applied to. |
|
Disable insecure certificate warnings in debug logs Choices:
|
|
Define if policy is enabled or not Choices:
|
|
If true, test password against dictionary of known leaked passwords. Only applies to passwords longer than 6 characters. Choices:
|
|
If true, the username cannot be a substring of the password. It only applies to usernames of 3 characters and longer Choices:
|
|
FlashArray management IPv4 address or Hostname. |
|
Flag used to override checks for quota management operations. If set to true, directory usage is not checked against the quota_limits that are set. If set to false, the actual logical bytes in use are prevented from exceeding the limits set on the directory. Client operations might be impacted. If the limit exceeds the quota, the client operation is not allowed. Choices:
|
|
Account lockout duration, in seconds, after max_login_attempts exceeded Range between 1 second and 90 days (7776000 seconds) |
|
Maximum number of failed logins before account is locked |
|
The minimum number of character groups required to be present in a password. |
|
The minimum number of characters per group to count the group as present. Maximum is limited by the minimum password length divided by the number of character groups |
|
Minimum user password length |
|
Name of the policy |
|
Specifies access control for the export Choices:
|
|
Specifies which read-write client access permissions are allowed for the export Choices:
|
|
NFS protocol version allowed for the export Choices:
|
|
The number of passwords tracked to prevent reuse of passwords. A value of 0 will not check password history |
|
The type of policy to use Choices:
|
|
Defines if the directory quota is enforced. Choices:
|
|
Logical space limit of the share in M, G, T or P units. See examples. If size is not set at filesystem creation time the filesystem size becomes unlimited. This value cannot be set to 0. |
|
Targets to notify when usage approaches the quota limit. The list of notification targets is a comma-separated string If not specified, notification targets are not assigned. Choices:
|
|
New name of policy |
|
The security flavors to use for accessing files on a mount point. If the server does not support the requested flavor, the mount operation fails. This operation updates all rules of the specified policy. Choices:
|
|
Specifies whether access to information is allowed for anonymous users Choices:
|
|
Specifies whether the remote client is required to use SMB encryption Choices:
|
|
Specifies the number of hours since midnight at which to take a snapshot or the hour including AM/PM Can only be set on the rule with the smallest snap_every value. Cannot be set if the snap_every value is not measured in days. Can only be set for at most one rule in the same policy. |
|
The customizable portion of the client visible snapshot name. |
|
Specifies the interval between snapshots, in minutes. The value for all rules must be multiples of one another. Must be unique for each rule in the same policy. Value must be between 5 and 525600. |
|
Specifies the period that snapshots are retained before they are eradicated, in minutes. Cannot be less than the snap_every value of the rule. Value must be unique for each rule in the same policy. Value must be between 5 and 525600. |
|
The snapshot suffix name The suffix value can only be set for one rule in the same policy The suffix value can only be set on a rule with the same ``keep_for`` value and ``every`` value The suffix value can only be set on the rule with the largest ``keep_for`` value If not specified, defaults to a monotonically increasing number generated by the system. |
|
Define whether the policy should exist or not. Choices:
|
|
Defines if user mapping is enabled Choices:
|
Notes
Note
This module requires the
purestorage
andpy-pure-client
Python librariesAdditional Python librarues may be required for specific modules.
You must set
PUREFA_URL
andPUREFA_API
environment variables if fa_url and api_token arguments are not passed to the module directly
Examples
- name: Create an NFS policy with initial rule
purestorage.flasharray.purefa_policy:
name: export1
policy: nfs
nfs_access: root-squash
nfs_permission: ro
client: client1
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create an empty NFS policy with no rules
purestorage.flasharray.purefa_policy:
name: export1
policy: nfs
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create an empty snapshot policy with no rules
purestorage.flasharray.purefa_policy:
name: snap1
policy: snapshot
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create an empty snapshot policy with single directory member
purestorage.flasharray.purefa_policy:
name: snap1
policy: snapshot
directory: "foo:bar"
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Disable a policy
purestorage.flasharray.purefa_policy:
name: export1
policy: nfs
enabled: false
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Add rule to existing NFS export policy
purestorage.flasharray.purefa_policy:
name: export1
policy: nfs
nfs_access: root-squash
nfs_permission: ro
client: client2
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Add rule to existing SMB export policy
purestorage.flasharray.purefa_policy:
name: export1
policy: smb
smb_encrypt: true
smb_anon_allowed: false
client: client1
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Add non-suffix rule to existing snapshot export policy
purestorage.flasharray.purefa_policy:
name: snap1
policy: snapshot
snap_client_name: foo
snap_every: 15
snap_keep_for: 1440
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Add suffix rule to existing snapshot export policy
purestorage.flasharray.purefa_policy:
name: snap1
policy: snapshot
snap_client_name: foo
snap_suffix: bar
snap_every: 1440
snap_keep_for: 1440
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Delete policy rule for a client
purestorage.flasharray.purefa_policy:
name: export1
policy: nfs
client: client2
state: absent
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Delete policy
purestorage.flasharray.purefa_policy:
name: export1
policy: nfs
state: absent
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create directory quota policy for directory bar
purestorage.flasharray.purefa_policy:
name: foo
directory:
- "foo:root"
- "bar:bin"
policy: quota
quota_limit: 10G
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Delete directory quota policy foo
purestorage.flasharray.purefa_policy:
name: foo
policy: quota
state: absent
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create empty directory quota policy foo
purestorage.flasharray.purefa_policy:
name: foo
policy: quota
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Detach directory "foo:bar" from quota policy quota1
purestorage.flasharray.purefa_policy:
name: quota1
directory:
- "foo:bar"
state: absent
policy: quota
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Remove quota rule from quota policy foo
purestorage.flasharray.purefa_policy:
name: foo
policy: quota
quota_limit: 10G
state: absent
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Update password police management
purestorage.flasharray.purefa_policy:
name: management
policy: password
max_login_attempts: 5
enforce_username_check: true
enforce_dictopnary_check: true
min_password_length: 5
password_history: 2
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592