purestorage.flashblade.purefb_ad module – Manage FlashBlade Active Directory Account
Note
This module is part of the purestorage.flashblade collection (version 1.23.1).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install purestorage.flashblade.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: purestorage.flashblade.purefb_ad.
New in purestorage.flashblade 1.6.0
Synopsis
Add or delete FlashBlade Active Directory Account
FlashBlade allows the creation of one AD computer account, or joining of an existing AD computer account.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.9
py-pure-client
netaddr
datetime
pytz
distro
pycountry
urllib3
Parameters
Parameter |
Comments |
|---|---|
FlashBlade API token for admin privileged user. |
|
The common name of the computer account to be created in the Active Directory domain. If not specified, defaults to the name of the Active Directory configuration. |
|
A list of directory servers that will be used for lookups related to user authorization Accepted server formats are IP address and DNS name All specified servers must be registered to the domain appropriately in the array configured DNS and will only be communicated with over the secure LDAP (LDAPS) protocol. If not specified, servers are resolved for the domain in DNS The specified list can have a maximum length of 5. If more are provided only the first 5 are used. |
|
Disable insecure certificate warnings Choices:
|
|
The Active Directory domain to join |
|
The encryption types that will be supported for use by clients for Kerberos authentication Choices:
Default: |
|
Does the account name already exist in the AD environment Choices:
|
|
FlashBlade management IP address or Hostname. |
|
A list of global catalog servers that will be used for lookups related to user authorization. Accepted server formats are IP address and DNS name with optional @domain suffix. If the suffix is ommited, the joined domain is assumed. All specified servers must be registered to the domain appropriately in the arrays configured DNS and will only be communicated with over the secure LDAP (LDAPS) protocol. |
|
Location where the Computer account will be created. e.g. OU=Arrays,OU=Storage. If left empty, defaults to CN=Computers. |
|
A list of key distribution servers to use for Kerberos protocol Accepted server formats are IP address and DNS name All specified servers must be registered to the domain appropriately in the array configured DNS. If not specified, servers are resolved for the domain in DNS. The specified list can have a maximum length of 5. If more are provided only the first 5 are used. |
|
Do a local-only delete of an active directory account Choices:
|
|
Name of the AD account |
|
Password string for username |
|
Name of the local array server into which the AD account is added Do not provide if the AD account is to connect to the default server |
|
Service protocol for Active Directory principals Refer to FlashBlade User Guide for more details Use the service_principals parameter instead to correctly define the service type to be used for each principal. Choices:
Default: |
|
A list of SPNs for registering services with the domain. If not specified Computer Name.Domain is used |
|
Define whether the AD sccount is deleted or not Test state will perform a test against the suppied account name Rotate will force a keytab rotation for the specified account Choices:
|
|
A user capable of creating a computer account within the domain |
Notes
Note
You must set
PUREFB_URLandPUREFB_APIenvironment variables if fb_url and api_token arguments are not passed to the module directly
Examples
- name: Create new AD account
purestorage.flashblade.purefb_ad:
name: ad_account
server: local_server
computer: FLASHBLADE
domain: acme.com
username: Administrator
password: Password
join_ou: "CN=FakeOU"
encryption:
- aes128-cts-hmac-sha1-96
- aes256-cts-hmac-sha1-96
kerberos_servers:
- kdc.acme.com
directory_servers:
- ldap.acme.com
service_principals:
- "nfs/vip1.flashblade.acme.com"
- "HOST/vip2.flashblade.acme.com"
global_catalog_servers:
- gc1.flashblade.acme.com
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Connect to existing AD account
purestorage.flashblade.purefb_ad:
name: ad_account
computer: FLASHBLADE
domain: acme.com
username: Administrator
password: Password
existing: true
kerberos_servers:
- kdc.acme.com
directory_servers:
- ldap.acme.com
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Update existing AD account
purestorage.flashblade.purefb_ad:
name: ad_account
server: local_server
encryption:
- aes256-cts-hmac-sha1-96
kerberos_servers:
- kdc.acme.com
directory_servers:
- ldap.acme.com
service_principals:
- "HOST/vip1.flashblade.acme.com"
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Delete local AD account
purestorage.flashblade.purefb_ad:
name: ad_account
local_only: true
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Fully delete AD account
purestorage.flashblade.purefb_ad:
name: ad_account
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Test AD account
purestorage.flashblade.purefb_ad:
name: ad_account
state: test
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
- name: Rotate AD account keytabs
purestorage.flashblade.purefb_ad:
name: ad_account
state: rotate
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641