netapp.storagegrid.na_sg_grid_firewall module – NetApp StorageGRID manage node firewall.

Note

This module is part of the netapp.storagegrid collection (version 21.16.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netapp.storagegrid.

To use it in a playbook, specify: netapp.storagegrid.na_sg_grid_firewall.

New in netapp.storagegrid 21.16.0

Synopsis

  • Create, update, or delete node firewall on NetApp StorageGRID.

Parameters

Parameter

Comments

api_url

string / required

The url to the StorageGRID Admin Node REST API.

auth_token

string / required

The authorization token for the API request

blocked_tcp_ports

list / elements=integer

List of TCP ports to block for external communication.

blocked_udp_ports

list / elements=integer

List of UDP ports to block for external communication.

grid_internal_access

boolean

Whether to allow internal port access to the grid.

Choices:

  • false

  • true

id

string

The node UUID or the default list ID.

privileged_ips

list / elements=string

A list of privileged IP addresses, or subnets in CIDR notation.

Addresses in this list can access ports which are blocked for external communication.

state

string

Whether the firewall should be present or absent.

Choices:

  • "present" ← (default)

  • "absent"

validate_certs

boolean

Should https certificates be validated?

Choices:

  • false

  • true ← (default)

Notes

Note

  • The modules prefixed with na_sg are built to manage NetApp StorageGRID.

Examples

- name: create list of blocked ports
  netapp.storagegrid.na_sg_grid_firewall:
    api_url: "https://<storagegrid-endpoint-url>"
    auth_token: "storagegrid-auth-token"
    validate_certs: false
    state: present
    id: "00000000-0000-0000-0000-000000000000"
    blocked_udp_ports: [68]
    blocked_tcp_ports: [22, 80]

- name: create list of privileged IP
  netapp.storagegrid.na_sg_grid_firewall:
    api_url: "https://<storagegrid-endpoint-url>"
    auth_token: "storagegrid-auth-token"
    validate_certs: false
    state: present
    id: "00000000-0000-0000-0000-000000000000"
    privileged_ips: ["192.168.1.1/32"]
    grid_internal_access: true

- name: create a firewall
  netapp.storagegrid.na_sg_grid_firewall:
    api_url: "https://<storagegrid-endpoint-url>"
    auth_token: "storagegrid-auth-token"
    validate_certs: false
    state: present
    id: "00000000-0000-0000-0000-000000000000"
    blocked_udp_ports: [68]
    blocked_tcp_ports: [22, 80]
    privileged_ips: ["192.168.1.1/32"]
    grid_internal_access: true

- name: delete a firewall
  netapp.storagegrid.na_sg_grid_firewall:
    api_url: "https://<storagegrid-endpoint-url>"
    auth_token: "storagegrid-auth-token"
    validate_certs: false
    state: absent
    id: "00000000-0000-0000-0000-000000000000"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

resp

dictionary

Returns the response from the StorageGRID API for firewall.

Returned: success

Sample: {"blocked_port_info": {"id": "00000000-0000-0000-0000-000000000000", "tcpPorts": [2022, 22, 903], "udpPorts": [68]}, "privileged_ip_info": {"gridInternalAccess": true, "id": "00000000-0000-0000-0000-000000000000", "privilegedIps": ["192.168.10.10", "10.19.10.0/24"]}}

Authors

  • NetApp Ansible Team (@vinaykus)