purestorage.flashblade.purefb_ad – Manage FlashBlade Active Directory Account

Note

This plugin is part of the purestorage.flashblade collection (version 1.6.0).

To install it use: ansible-galaxy collection install purestorage.flashblade.

To use it in a playbook, specify: purestorage.flashblade.purefb_ad.

New in version 1.6.0: of purestorage.flashblade

Synopsis

  • Add or delete FlashBlade Active Directory Account

  • FlashBlade allows the creation of one AD computer account, or joining of an existing AD computer account.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7

  • purity_fb >= 1.9

  • netaddr

  • pytz

Parameters

Parameter Choices/Defaults Comments
api_token
string
FlashBlade API token for admin privileged user.
computer
string
The common name of the computer account to be created in the Active Directory domain.
If not specified, defaults to the name of the Active Directory configuration.
directory_servers
list / elements=string
A list of directory servers that will be used for lookups related to user authorization
Accepted server formats are IP address and DNS name
All specified servers must be registered to the domain appropriately in the array configured DNS and will only be communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS
The specified list can have a maximum length of 5. If more are provided only the first 5 are used.
domain
string
The Active Directory domain to join
encryption
list / elements=string
    Choices:
  • aes256-sha1 ←
  • aes128-sha1
  • arcfour-hmac
The encryption types that will be supported for use by clients for Kerberos authentication
existing
boolean
    Choices:
  • no ←
  • yes
Does the account name already exist in the AD environment
fb_url
string
FlashBlade management IP address or Hostname.
join_ou
string
Location where the Computer account will be created. e.g. OU=Arrays,OU=Storage.
If left empty, defaults to CN=Computers.
kerberos_servers
list / elements=string
A list of key distribution servers to use for Kerberos protocol
Accepted server formats are IP address and DNS name
All specified servers must be registered to the domain appropriately in the array configured DNS. If not specified, servers are resolved for the domain in DNS.
The specified list can have a maximum length of 5. If more are provided only the first 5 are used.
local_only
boolean
    Choices:
  • no ←
  • yes
Do a local-only delete of an active directory account
name
string / required
Name of the AD account
password
string
Password string for username
service
string
    Choices:
  • nfs ←
  • cifs
  • HOST
Service protocol for Active Directory principals
Refer to FlashBlade User Guide for more details
service_principals
list / elements=string
A list of either FQDNs or SPNs for registering services with the domain.
If not specified Computer Name.Domain is used
state
string
    Choices:
  • absent
  • present ←
Define whether the AD sccount is deleted or not
username
string
A user capable of creating a computer account within the domain

Notes

Note

  • This module requires the purity_fb Python library

  • You must set PUREFB_URL and PUREFB_API environment variables if fb_url and api_token arguments are not passed to the module directly

Examples

- name: Create new AD account
  purefb_ad:
    name: ad_account
    computer: FLASHBLADE
    domain: acme.com
    username: Administrator
    password: Password
    join_ou: "CN=FakeOU"
    encryption:
    - aes128-cts-hmac-sha1-96
    - aes256-cts-hmac-sha1-96
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    service_principals:
    - vip1.flashblade.acme.com
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Connect to existing AD account
  purefb_ad:
    name: ad_account
    computer: FLASHBLADE
    domain: acme.com
    username: Administrator
    password: Password
    existing: True
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Update existing AD account
  purefb_ad:
    name: ad_account
    encryption:
    - aes256-cts-hmac-sha1-96
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    service_principals:
    - vip1.flashblade.acme.com
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Delete local AD account
  purefb_ad:
    name: ad_account
    local_only: True
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Fully delete AD account
  purefb_ad:
    name: ad_account
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

Authors