W3cubDocs

/Ansible

purestorage.flashblade.purefb_ad – Manage FlashBlade Active Directory Account

Note

This plugin is part of the purestorage.flashblade collection (version 1.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flashblade.

To use it in a playbook, specify: purestorage.flashblade.purefb_ad.

New in version 1.6.0: of purestorage.flashblade

Synopsis
Requirements
Parameters
Notes
Examples

Synopsis

Add or delete FlashBlade Active Directory Account
FlashBlade allows the creation of one AD computer account, or joining of an existing AD computer account.

Requirements

The below requirements are needed on the host that executes this module.

python >= 2.7
purity_fb >= 1.9
netaddr
pytz

Parameters

Parameter	Choices/Defaults	Comments
api_token string		FlashBlade API token for admin privileged user.
computer string		The common name of the computer account to be created in the Active Directory domain. If not specified, defaults to the name of the Active Directory configuration.
directory_servers list / elements=string		A list of directory servers that will be used for lookups related to user authorization Accepted server formats are IP address and DNS name All specified servers must be registered to the domain appropriately in the array configured DNS and will only be communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS The specified list can have a maximum length of 5. If more are provided only the first 5 are used.
domain string		The Active Directory domain to join
encryption list / elements=string	Choices: aes256-sha1 ← aes128-sha1 arcfour-hmac	The encryption types that will be supported for use by clients for Kerberos authentication
existing boolean	Choices: no ← yes	Does the account name already exist in the AD environment
fb_url string		FlashBlade management IP address or Hostname.
join_ou string		Location where the Computer account will be created. e.g. OU=Arrays,OU=Storage. If left empty, defaults to CN=Computers.
kerberos_servers list / elements=string		A list of key distribution servers to use for Kerberos protocol Accepted server formats are IP address and DNS name All specified servers must be registered to the domain appropriately in the array configured DNS. If not specified, servers are resolved for the domain in DNS. The specified list can have a maximum length of 5. If more are provided only the first 5 are used.
local_only boolean	Choices: no ← yes	Do a local-only delete of an active directory account
name string / required		Name of the AD account
password string		Password string for username
service string	Choices: nfs ← cifs HOST	Service protocol for Active Directory principals Refer to FlashBlade User Guide for more details
service_principals list / elements=string		A list of either FQDNs or SPNs for registering services with the domain. If not specified Computer Name.Domain is used
state string	Choices: absent present ←	Define whether the AD sccount is deleted or not
username string		A user capable of creating a computer account within the domain

Notes

Note

This module requires the purity_fb Python library
You must set PUREFB_URL and PUREFB_API environment variables if fb_url and api_token arguments are not passed to the module directly

Examples

- name: Create new AD account
  purefb_ad:
    name: ad_account
    computer: FLASHBLADE
    domain: acme.com
    username: Administrator
    password: Password
    join_ou: "CN=FakeOU"
    encryption:
    - aes128-cts-hmac-sha1-96
    - aes256-cts-hmac-sha1-96
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    service_principals:
    - vip1.flashblade.acme.com
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Connect to existing AD account
  purefb_ad:
    name: ad_account
    computer: FLASHBLADE
    domain: acme.com
    username: Administrator
    password: Password
    existing: True
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Update existing AD account
  purefb_ad:
    name: ad_account
    encryption:
    - aes256-cts-hmac-sha1-96
    kerberos_servers:
    - kdc.acme.com
    directory_servers:
    - ldap.acme.com
    service_principals:
    - vip1.flashblade.acme.com
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Delete local AD account
  purefb_ad:
    name: ad_account
    local_only: True
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

- name: Fully delete AD account
  purefb_ad:
    name: ad_account
    fb_url: 10.10.10.2
    api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641

Authors

Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/purestorage/flashblade/purefb_ad_module.html