summaryrefslogtreecommitdiffstats
path: root/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/infinidat/infinibox/playbooks/configure_array.yml')
-rw-r--r--ansible_collections/infinidat/infinibox/playbooks/configure_array.yml388
1 files changed, 388 insertions, 0 deletions
diff --git a/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml b/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml
new file mode 100644
index 000000000..bee0899d1
--- /dev/null
+++ b/ansible_collections/infinidat/infinibox/playbooks/configure_array.yml
@@ -0,0 +1,388 @@
+---
+# PSDEV-1108: Create playbook automating cluster configuration mobility.
+# Create three volumes: vol_nonwriteable, vol_explicitly_writable and vol_writable.
+- name: Configure an Infinibox Array
+ hosts: localhost
+ gather_facts: false
+ # vars:
+ # - dataset_default_provisioning: THIN
+ # - use_base2_units: true
+ # - table_export_limit: 3000
+ # - admin_user_name: admin
+ # - admin_user_password: 123456
+ # - admin_user_email: dev.mgmt@infinidat.com
+ # - pool_admin_user_name: Commvault
+ # - pool_admin_user_password: 123456
+ # - pool_admin_user_email: dohlemacher@infinidat.com
+ # - ldap_name: PSUS_ANSIBLE_ad
+ # - setup_alerting_emails: ["dohlemacher@infinidat.com"]
+ # - prod_alerting_emails: ["dohlemacher@infinidat.com"]
+ # - alerting_event_levels: ["INFO", "WARNING", "ERROR", "CRITICAL"]
+ # - alerting_includes: []
+ # - alerting_excludes: ["EVENT_FLOOD", "USER_LOGIN_SUCCESS", "USER_LOGGED_OUT"]
+ # - syslogs: # A list of syslog dictionaries
+ # - target_name: syslog1_target
+ # rule_name: syslog1
+ # protocol: SYSLOG
+ # host: 172.31.88.158
+ # port: 514
+ # facility: LOCAL7
+ # transport: UDP
+ # post_test: true # Not a real test if using UDP
+ # - target_name: syslog2_target
+ # rule_name: syslog2
+ # protocol: SYSLOG
+ # host: 172.31.88.158
+ # port: 515
+ # facility: LOCAL7
+ # transport: UDP
+ # post_test: true
+ # - target_name: graylog_target
+ # rule_name: graylog
+ # protocol: SYSLOG
+ # host: 172.31.77.214
+ # port: 1514
+ # facility: LOCAL7
+ # transport: UDP
+ # post_test: true
+ tasks:
+ - name: Configuration
+ ansible.builtin.debug:
+ msg:
+ - "user: {{ user }}"
+ # - "password: {{ password }}"
+ - "system: {{ system }}"
+
+ - name: Pause
+ ansible.builtin.pause:
+ seconds: 2
+
+ - name: Create temporary setup email notification rule setup_email for addresses {{ setup_alerting_emails }}
+ infinidat.infinibox.infini_notification_rule:
+ name: "setup_email"
+ event_level: "{{ alerting_event_levels }}"
+ include_events: "{{ alerting_includes }}"
+ exclude_events: "{{ alerting_excludes }}"
+ recipients: "{{ setup_alerting_emails }}"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Temporarily remove production email notification rule for {{ prod_alerting_emails }}
+ infinidat.infinibox.infini_notification_rule:
+ name: "production_email"
+ state: "absent"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Configure Single Sign On (SSO)
+ infinidat.infinibox.infini_sso:
+ issuer: http://www.okta.com/exkra32oyyU6KCUCk2p7
+ name: OKTA
+ sign_on_url: https://infinidat.okta.com/app/infinidat_ibox2503_1/exkrwdi7dmXSKdC4l2p7/sso/saml
+ signed_assertion: false
+ signed_response: false
+ signing_certificate: "{{ sso_signing_certificate }}"
+ enabled: true
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Stat Single Sign On (SSO)
+ infinidat.infinibox.infini_sso:
+ name: OKTA
+ state: stat
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ register: sso_stat
+
+ - name: Show sso_stat
+ ansible.builtin.debug:
+ var: sso_stat
+
+ - name: Enable compression
+ infinidat.infinibox.infini_config:
+ config_group: "mgmt"
+ key: "pool.compression_enabled_default"
+ value: true
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Set capacity units
+ infinidat.infinibox.infini_metadata:
+ object_type: "system"
+ key: "ui-dataset-base2-units"
+ value: "{{ use_base2_units }}"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Set dataset default provisioning to {{ dataset_default_provisioning }}
+ infinidat.infinibox.infini_metadata:
+ object_type: "system"
+ key: "ui-dataset-default-provisioning"
+ value: "{{ dataset_default_provisioning }}"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Configure Infinibox - Set maximum export rows to {{ table_export_limit }}
+ infinidat.infinibox.infini_metadata:
+ object_type: "system"
+ key: "ui-table-export-limit"
+ value: "{{ table_export_limit }}"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Configure Infinibox - Setup Active Directory
+ infinidat.infinibox.infini_users_repository:
+ name: "{{ ldap_name }}"
+ bind_password: "tuFrAxahuYe4"
+ bind_username: "conldap"
+ ad_domain_name: "infinidat.com"
+ repository_type: "ActiveDirectory"
+ schema_group_class: "group"
+ schema_group_memberof_attribute: "memberof"
+ schema_group_name_attribute: "cn"
+ schema_groups_basedn: ""
+ schema_user_class: "user"
+ schema_username_attribute: "sAMAccountName"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Test user login using Active Directory credentials
+ infinidat.infinibox.infini_user:
+ user_name: "admin" # Must be an AD account, not local
+ user_password: "123456"
+ state: "login"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Configure 'CO-ReadOnly' LDAP user group
+ infinidat.infinibox.infini_user:
+ user_ldap_group_name: "CO-ReadOnly"
+ user_ldap_group_dn: "CN=Infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com"
+ user_ldap_group_ldap: "{{ ldap_name }}"
+ user_ldap_group_role: "read_only"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ # - name: Configure 'CO-StorageAdmin' LDAP user group
+ # infinidat.infinibox.infini_user:
+ # user_ldap_group_name: "CO-StorageAdmin"
+ # user_ldap_group_dn: "CN=Infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com"
+ # user_ldap_group_ldap: "{{ ldap_name }}"
+ # user_ldap_group_role: "admin"
+ # state: "present"
+ # user: "{{ user }}"
+ # password: "{{ password }}"
+ # system: "{{ system }}"
+
+ # - name: Configure 'ETS-CommVault' LDAP user group
+ # infinidat.infinibox.infini_user:
+ # user_ldap_group_name: "ETS-CommVault"
+ # user_ldap_group_dn: "CN=Infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com"
+ # user_ldap_group_ldap: "{{ ldap_name }}"
+ # user_ldap_group_role: "pool_admin"
+ # user_group_pools: [ "pool-a", "pool-b", "pool-c" ]
+ # state: "present"
+ # user: "{{ user }}"
+ # password: "{{ password }}"
+ # system: "{{ system }}"
+
+ - name: Set up an admin user
+ infinidat.infinibox.infini_user:
+ user_name: "{{ admin_user_name }}"
+ user_email: "{{ admin_user_email }}"
+ user_password: "{{ admin_user_password }}"
+ user_role: "admin"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Remove existing syslog notification rules
+ # Rule removal is required since targets cannot be modified if there rules that use them
+ infinidat.infinibox.infini_notification_rule:
+ name: "{{ item.rule_name }}"
+ state: "absent"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ loop:
+ "{{ syslogs }}"
+
+ - name: Create syslog notification targets
+ infinidat.infinibox.infini_notification_target:
+ state: "present"
+ name: "{{ item.target_name }}"
+ protocol: "{{ item.protocol }}"
+ host: "{{ item.host }}"
+ port: "{{ item.port }}"
+ facility: "{{ item.facility }}"
+ transport: "{{ item.transport }}"
+ post_test: "{{ item.post_test }}" # Force a dummy event for notification to be posted
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ loop:
+ "{{ syslogs }}"
+
+ - name: Create syslog notification rules
+ infinidat.infinibox.infini_notification_rule:
+ name: "{{ item.rule_name }}"
+ target: "{{ item.target_name }}"
+ event_level: "{{ alerting_event_levels }}"
+ include_events: "{{ alerting_includes }}"
+ exclude_events: "{{ alerting_excludes }}"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ loop:
+ "{{ syslogs }}"
+
+ - name: Remove replication network space named Replication
+ infinidat.infinibox.infini_network_space:
+ name: Replication
+ state: absent
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Create replication network space named Replication
+ infinidat.infinibox.infini_network_space:
+ name: Replication
+ state: present
+ interfaces:
+ - 80
+ - 81
+ - 82
+ service: RMR_SERVICE
+ netmask: 16
+ network: 172.20.0.0
+ default_gateway: 172.20.95.254
+ # rate_limit: 8
+ # mtu: 1500
+ # async_only: true
+ ips: # IPs borrowed from https://labs.infinidat.com/gdc/systems/psus-vbox-aws44-1/ip/
+ - 172.20.50.111
+ - 172.20.50.70
+ - 172.20.49.243
+ - 172.20.49.241
+ - 172.20.49.239
+ - 172.20.49.237
+ - 172.20.49.235
+ - 172.20.49.233
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ # - name: TODO by David - Configure Infinimetrics - Add Infinibox
+ # ansible.builtin.debug:
+ # msg: (9) Add Infinibox to Infinimetrics
+
+ - name: Create pools
+ infinidat.infinibox.infini_pool:
+ name: "{{ item }}"
+ size: "{{ pool_size }}"
+ vsize: "{{ pool_size }}"
+ state: present
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ loop:
+ - pool-a
+ - pool-b
+ - pool-c
+
+ - name: Set up pool admin user for pool
+ infinidat.infinibox.infini_user:
+ user_name: "{{ pool_admin_user_name }}"
+ user_email: "{{ pool_admin_user_email }}"
+ user_password: "{{ pool_admin_user_password }}"
+ user_role: "pool_admin"
+ user_pool: "pool-a"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Update a fibre channel switch label
+ infinidat.infinibox.infini_fibre_channel_switch:
+ switch_name: VSAN 100
+ new_switch_name: Switch1000
+ state: "rename"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ register: switch_label_result
+ failed_when: > # WARNING: This should be removed if the array has FC configured
+ ("Cannot find switch" not in switch_label_result.msg)
+
+ - name: Install SSL certificate
+ infinidat.infinibox.infini_certificate:
+ certificate_file_name: /home/stack/workspace/ansible-infinidat-collection/signed-certificate-with-pkey.pem
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Pause for a short period since the SSL certificate was updated
+ ansible.builtin.pause:
+ seconds: 30
+
+ - name: Stat SSL certificate
+ infinidat.infinibox.infini_certificate:
+ state: "stat"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+ register: cert_out
+
+ - name: Show SSL stat
+ ansible.builtin.debug:
+ msg: "{{ cert_out }}"
+
+ - name: Create production email notification rule production_email for addresses {{ prod_alerting_emails }}
+ infinidat.infinibox.infini_notification_rule:
+ name: "production_email"
+ event_level: "{{ alerting_event_levels }}"
+ include_events: "{{ alerting_includes }}"
+ exclude_events: "{{ alerting_excludes }}"
+ recipients: "{{ prod_alerting_emails }}"
+ state: "present"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Configure Infinibox - Post event that Infinibox configuration is complete
+ infinidat.infinibox.infini_event:
+ description_template: Infinibox {{ system }} configuration is complete
+ level: INFO
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"
+
+ - name: Remove temporary setup email notification rule for {{ setup_alerting_emails }}
+ infinidat.infinibox.infini_notification_rule:
+ name: "setup_email"
+ state: "absent"
+ user: "{{ user }}"
+ password: "{{ password }}"
+ system: "{{ system }}"