diff options
Diffstat (limited to 'ansible_collections/infinidat/infinibox/playbooks/configure_array.yml')
-rw-r--r-- | ansible_collections/infinidat/infinibox/playbooks/configure_array.yml | 388 |
1 files changed, 388 insertions, 0 deletions
diff --git a/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml b/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml new file mode 100644 index 000000000..bee0899d1 --- /dev/null +++ b/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml @@ -0,0 +1,388 @@ +--- +# PSDEV-1108: Create playbook automating cluster configuration mobility. +# Create three volumes: vol_nonwriteable, vol_explicitly_writable and vol_writable. +- name: Configure an Infinibox Array + hosts: localhost + gather_facts: false + # vars: + # - dataset_default_provisioning: THIN + # - use_base2_units: true + # - table_export_limit: 3000 + # - admin_user_name: admin + # - admin_user_password: 123456 + # - admin_user_email: dev.mgmt@infinidat.com + # - pool_admin_user_name: Commvault + # - pool_admin_user_password: 123456 + # - pool_admin_user_email: dohlemacher@infinidat.com + # - ldap_name: PSUS_ANSIBLE_ad + # - setup_alerting_emails: ["dohlemacher@infinidat.com"] + # - prod_alerting_emails: ["dohlemacher@infinidat.com"] + # - alerting_event_levels: ["INFO", "WARNING", "ERROR", "CRITICAL"] + # - alerting_includes: [] + # - alerting_excludes: ["EVENT_FLOOD", "USER_LOGIN_SUCCESS", "USER_LOGGED_OUT"] + # - syslogs: # A list of syslog dictionaries + # - target_name: syslog1_target + # rule_name: syslog1 + # protocol: SYSLOG + # host: 172.31.88.158 + # port: 514 + # facility: LOCAL7 + # transport: UDP + # post_test: true # Not a real test if using UDP + # - target_name: syslog2_target + # rule_name: syslog2 + # protocol: SYSLOG + # host: 172.31.88.158 + # port: 515 + # facility: LOCAL7 + # transport: UDP + # post_test: true + # - target_name: graylog_target + # rule_name: graylog + # protocol: SYSLOG + # host: 172.31.77.214 + # port: 1514 + # facility: LOCAL7 + # transport: UDP + # post_test: true + tasks: + - name: Configuration + ansible.builtin.debug: + msg: + - "user: {{ user }}" + # - "password: {{ password }}" + - "system: {{ system }}" + + - name: Pause + ansible.builtin.pause: + seconds: 2 + + - name: Create temporary setup email notification rule setup_email for addresses {{ setup_alerting_emails }} + infinidat.infinibox.infini_notification_rule: + name: "setup_email" + event_level: "{{ alerting_event_levels }}" + include_events: "{{ alerting_includes }}" + exclude_events: "{{ alerting_excludes }}" + recipients: "{{ setup_alerting_emails }}" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Temporarily remove production email notification rule for {{ prod_alerting_emails }} + infinidat.infinibox.infini_notification_rule: + name: "production_email" + state: "absent" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Configure Single Sign On (SSO) + infinidat.infinibox.infini_sso: + issuer: http://www.okta.com/exkra32oyyU6KCUCk2p7 + name: OKTA + sign_on_url: https://infinidat.okta.com/app/infinidat_ibox2503_1/exkrwdi7dmXSKdC4l2p7/sso/saml + signed_assertion: false + signed_response: false + signing_certificate: "{{ sso_signing_certificate }}" + enabled: true + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Stat Single Sign On (SSO) + infinidat.infinibox.infini_sso: + name: OKTA + state: stat + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + register: sso_stat + + - name: Show sso_stat + ansible.builtin.debug: + var: sso_stat + + - name: Enable compression + infinidat.infinibox.infini_config: + config_group: "mgmt" + key: "pool.compression_enabled_default" + value: true + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Set capacity units + infinidat.infinibox.infini_metadata: + object_type: "system" + key: "ui-dataset-base2-units" + value: "{{ use_base2_units }}" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Set dataset default provisioning to {{ dataset_default_provisioning }} + infinidat.infinibox.infini_metadata: + object_type: "system" + key: "ui-dataset-default-provisioning" + value: "{{ dataset_default_provisioning }}" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Configure Infinibox - Set maximum export rows to {{ table_export_limit }} + infinidat.infinibox.infini_metadata: + object_type: "system" + key: "ui-table-export-limit" + value: "{{ table_export_limit }}" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Configure Infinibox - Setup Active Directory + infinidat.infinibox.infini_users_repository: + name: "{{ ldap_name }}" + bind_password: "tuFrAxahuYe4" + bind_username: "conldap" + ad_domain_name: "infinidat.com" + repository_type: "ActiveDirectory" + schema_group_class: "group" + schema_group_memberof_attribute: "memberof" + schema_group_name_attribute: "cn" + schema_groups_basedn: "" + schema_user_class: "user" + schema_username_attribute: "sAMAccountName" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Test user login using Active Directory credentials + infinidat.infinibox.infini_user: + user_name: "admin" # Must be an AD account, not local + user_password: "123456" + state: "login" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Configure 'CO-ReadOnly' LDAP user group + infinidat.infinibox.infini_user: + user_ldap_group_name: "CO-ReadOnly" + user_ldap_group_dn: "CN=Infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com" + user_ldap_group_ldap: "{{ ldap_name }}" + user_ldap_group_role: "read_only" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + # - name: Configure 'CO-StorageAdmin' LDAP user group + # infinidat.infinibox.infini_user: + # user_ldap_group_name: "CO-StorageAdmin" + # user_ldap_group_dn: "CN=Infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com" + # user_ldap_group_ldap: "{{ ldap_name }}" + # user_ldap_group_role: "admin" + # state: "present" + # user: "{{ user }}" + # password: "{{ password }}" + # system: "{{ system }}" + + # - name: Configure 'ETS-CommVault' LDAP user group + # infinidat.infinibox.infini_user: + # user_ldap_group_name: "ETS-CommVault" + # user_ldap_group_dn: "CN=Infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com" + # user_ldap_group_ldap: "{{ ldap_name }}" + # user_ldap_group_role: "pool_admin" + # user_group_pools: [ "pool-a", "pool-b", "pool-c" ] + # state: "present" + # user: "{{ user }}" + # password: "{{ password }}" + # system: "{{ system }}" + + - name: Set up an admin user + infinidat.infinibox.infini_user: + user_name: "{{ admin_user_name }}" + user_email: "{{ admin_user_email }}" + user_password: "{{ admin_user_password }}" + user_role: "admin" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Remove existing syslog notification rules + # Rule removal is required since targets cannot be modified if there rules that use them + infinidat.infinibox.infini_notification_rule: + name: "{{ item.rule_name }}" + state: "absent" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + loop: + "{{ syslogs }}" + + - name: Create syslog notification targets + infinidat.infinibox.infini_notification_target: + state: "present" + name: "{{ item.target_name }}" + protocol: "{{ item.protocol }}" + host: "{{ item.host }}" + port: "{{ item.port }}" + facility: "{{ item.facility }}" + transport: "{{ item.transport }}" + post_test: "{{ item.post_test }}" # Force a dummy event for notification to be posted + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + loop: + "{{ syslogs }}" + + - name: Create syslog notification rules + infinidat.infinibox.infini_notification_rule: + name: "{{ item.rule_name }}" + target: "{{ item.target_name }}" + event_level: "{{ alerting_event_levels }}" + include_events: "{{ alerting_includes }}" + exclude_events: "{{ alerting_excludes }}" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + loop: + "{{ syslogs }}" + + - name: Remove replication network space named Replication + infinidat.infinibox.infini_network_space: + name: Replication + state: absent + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Create replication network space named Replication + infinidat.infinibox.infini_network_space: + name: Replication + state: present + interfaces: + - 80 + - 81 + - 82 + service: RMR_SERVICE + netmask: 16 + network: 172.20.0.0 + default_gateway: 172.20.95.254 + # rate_limit: 8 + # mtu: 1500 + # async_only: true + ips: # IPs borrowed from https://labs.infinidat.com/gdc/systems/psus-vbox-aws44-1/ip/ + - 172.20.50.111 + - 172.20.50.70 + - 172.20.49.243 + - 172.20.49.241 + - 172.20.49.239 + - 172.20.49.237 + - 172.20.49.235 + - 172.20.49.233 + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + # - name: TODO by David - Configure Infinimetrics - Add Infinibox + # ansible.builtin.debug: + # msg: (9) Add Infinibox to Infinimetrics + + - name: Create pools + infinidat.infinibox.infini_pool: + name: "{{ item }}" + size: "{{ pool_size }}" + vsize: "{{ pool_size }}" + state: present + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + loop: + - pool-a + - pool-b + - pool-c + + - name: Set up pool admin user for pool + infinidat.infinibox.infini_user: + user_name: "{{ pool_admin_user_name }}" + user_email: "{{ pool_admin_user_email }}" + user_password: "{{ pool_admin_user_password }}" + user_role: "pool_admin" + user_pool: "pool-a" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Update a fibre channel switch label + infinidat.infinibox.infini_fibre_channel_switch: + switch_name: VSAN 100 + new_switch_name: Switch1000 + state: "rename" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + register: switch_label_result + failed_when: > # WARNING: This should be removed if the array has FC configured + ("Cannot find switch" not in switch_label_result.msg) + + - name: Install SSL certificate + infinidat.infinibox.infini_certificate: + certificate_file_name: /home/stack/workspace/ansible-infinidat-collection/signed-certificate-with-pkey.pem + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Pause for a short period since the SSL certificate was updated + ansible.builtin.pause: + seconds: 30 + + - name: Stat SSL certificate + infinidat.infinibox.infini_certificate: + state: "stat" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + register: cert_out + + - name: Show SSL stat + ansible.builtin.debug: + msg: "{{ cert_out }}" + + - name: Create production email notification rule production_email for addresses {{ prod_alerting_emails }} + infinidat.infinibox.infini_notification_rule: + name: "production_email" + event_level: "{{ alerting_event_levels }}" + include_events: "{{ alerting_includes }}" + exclude_events: "{{ alerting_excludes }}" + recipients: "{{ prod_alerting_emails }}" + state: "present" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Configure Infinibox - Post event that Infinibox configuration is complete + infinidat.infinibox.infini_event: + description_template: Infinibox {{ system }} configuration is complete + level: INFO + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" + + - name: Remove temporary setup email notification rule for {{ setup_alerting_emails }} + infinidat.infinibox.infini_notification_rule: + name: "setup_email" + state: "absent" + user: "{{ user }}" + password: "{{ password }}" + system: "{{ system }}" |