purestorage.flasharray.purefa_ad – Manage FlashArray Active Directory Account

Note

This plugin is part of the purestorage.flasharray collection (version 1.10.0).

To install it use: ansible-galaxy collection install purestorage.flasharray.

To use it in a playbook, specify: purestorage.flasharray.purefa_ad.

New in version 1.9.0: of purestorage.flasharray

Synopsis

  • Add or delete FlashArray Active Directory Account

  • FlashArray allows the creation of one AD computer account, or joining of an existing AD computer account.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7

  • purestorage >= 1.19

  • py-pure-client >= 1.6.0

  • netaddr

  • requests

Parameters

Parameter Choices/Defaults Comments
api_token
string
FlashArray API token for admin privileged user.
computer
string
The common name of the computer account to be created in the Active Directory domain.
If not specified, defaults to the name of the Active Directory configuration.
directory_servers
list / elements=string
A list of directory servers that will be used for lookups related to user authorization
Accepted server formats are IP address and DNS name
All specified servers must be registered to the domain appropriately in the array configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS
The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher. If more are provided only the first allowed count used.
domain
string
The Active Directory domain to join
fa_url
string
FlashArray management IPv4 address or Hostname.
join_ou
string
added in 1.10.0 of purestorage.flasharray
Distinguished name of organization unit in which the computer account should be created when joining the domain. e.g. OU=Arrays,OU=Storage.
The DC=... components can be omitted.
If left empty, defaults to CN=Computers.
Requires Purity//FA 6.1.8 or higher
kerberos_servers
list / elements=string
A list of key distribution servers to use for Kerberos protocol
Accepted server formats are IP address and DNS name
All specified servers must be registered to the domain appropriately in the array configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS.
The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher. If more are provided only the first allowed count used.
local_only
boolean
    Choices:
  • no ←
  • yes
Do a local-only delete of an active directory account
name
string / required
Name of the AD account
password
string
Password string for username
state
string
    Choices:
  • absent
  • present ←
Define whether the AD sccount is deleted or not
username
string
A user capable of creating a computer account within the domain

Notes

Note

  • This module requires the purestorage and py-pure-client Python libraries

  • Additional Python librarues may be required for specific modules.

  • You must set PUREFA_URL and PUREFA_API environment variables if fa_url and api_token arguments are not passed to the module directly

Examples

- name: Create new AD account
  purefa_ad:
    name: ad_account
    computer: FLASHARRAY
    domain: acme.com
    join_ou: "OU=Acme,OU=Dev"
    username: Administrator
    password: Password
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Delete AD account locally
  purefa_ad:
    name: ad_account
    local_only: True
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Fully delete AD account. Note that correct AD permissions are required
  purefa_ad:
    name: ad_account
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

Authors