summaryrefslogtreecommitdiffstats
path: root/ansible_collections/purestorage/flasharray/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/purestorage/flasharray/plugins')
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/doc_fragments/purestorage.py46
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/module_utils/purefa.py137
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_ad.py323
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_admin.py180
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_alert.py208
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_apiclient.py250
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_arrayname.py103
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_banner.py125
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_certs.py524
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_connect.py238
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_console.py107
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_default_protection.py328
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_directory.py234
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_dirsnap.py474
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_dns.py349
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_ds.py609
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_dsrole.py200
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_endpoint.py347
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_eradication.py117
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_eula.py117
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_export.py251
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_fs.py367
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_hg.py433
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_host.py1085
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_info.py2286
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_inventory.py368
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_kmip.py251
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_logging.py166
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_maintenance.py133
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_messages.py198
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_network.py437
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_ntp.py151
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_offload.py443
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_pg.py909
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsched.py527
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsnap.py481
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_phonehome.py106
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod.py664
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod_replica.py279
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_policy.py1606
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_proxy.py131
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_ra.py121
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_saml.py340
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_smis.py132
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_smtp.py161
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_snap.py640
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp.py425
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp_agent.py267
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_sso.py119
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_subnet.py327
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog.py218
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog_settings.py171
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_timeout.py116
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_token.py225
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_user.py278
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_vg.py685
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_vlan.py267
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_vnc.py161
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume.py1726
-rw-r--r--ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume_tags.py295
60 files changed, 22962 insertions, 0 deletions
diff --git a/ansible_collections/purestorage/flasharray/plugins/doc_fragments/purestorage.py b/ansible_collections/purestorage/flasharray/plugins/doc_fragments/purestorage.py
new file mode 100644
index 000000000..7c19925e6
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/doc_fragments/purestorage.py
@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2017, Simon Dodsley <simon@purestorage.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+ # Standard Pure Storage documentation fragment
+ DOCUMENTATION = r"""
+options:
+ - See separate platform section for more details
+requirements:
+ - See separate platform section for more details
+notes:
+ - Ansible modules are available for the following Pure Storage products: FlashArray, FlashBlade
+"""
+
+ # Documentation fragment for FlashArray
+ FA = r"""
+options:
+ fa_url:
+ description:
+ - FlashArray management IPv4 address or Hostname.
+ type: str
+ api_token:
+ description:
+ - FlashArray API token for admin privileged user.
+ type: str
+notes:
+ - This module requires the C(purestorage) and C(py-pure-client) Python libraries
+ - Additional Python librarues may be required for specific modules.
+ - You must set C(PUREFA_URL) and C(PUREFA_API) environment variables
+ if I(fa_url) and I(api_token) arguments are not passed to the module directly
+requirements:
+ - python >= 3.3
+ - purestorage >= 1.19
+ - py-pure-client >= 1.26.0
+ - netaddr
+ - requests
+ - pycountry
+ - packaging
+"""
diff --git a/ansible_collections/purestorage/flasharray/plugins/module_utils/purefa.py b/ansible_collections/purestorage/flasharray/plugins/module_utils/purefa.py
new file mode 100644
index 000000000..b85ce0e29
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/module_utils/purefa.py
@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is BSD licensed.
+# Modules you write using this snippet, which is embedded dynamically by Ansible
+# still belong to the author of the module, and may assign their own license
+# to the complete work.
+#
+# Copyright (c), Simon Dodsley <simon@purestorage.com>,2017
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+HAS_PURESTORAGE = True
+try:
+ from purestorage import purestorage
+except ImportError:
+ HAS_PURESTORAGE = False
+
+HAS_PYPURECLIENT = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PYPURECLIENT = False
+
+from os import environ
+import platform
+
+VERSION = 1.4
+USER_AGENT_BASE = "Ansible"
+
+
+def get_system(module):
+ """Return System Object or Fail"""
+ user_agent = "%(base)s %(class)s/%(version)s (%(platform)s)" % {
+ "base": USER_AGENT_BASE,
+ "class": __name__,
+ "version": VERSION,
+ "platform": platform.platform(),
+ }
+ array_name = module.params["fa_url"]
+ api = module.params["api_token"]
+ if HAS_PURESTORAGE:
+ if array_name and api:
+ system = purestorage.FlashArray(
+ array_name, api_token=api, user_agent=user_agent, verify_https=False
+ )
+ elif environ.get("PUREFA_URL") and environ.get("PUREFA_API"):
+ system = purestorage.FlashArray(
+ environ.get("PUREFA_URL"),
+ api_token=(environ.get("PUREFA_API")),
+ user_agent=user_agent,
+ verify_https=False,
+ )
+ else:
+ module.fail_json(
+ msg="You must set PUREFA_URL and PUREFA_API environment variables "
+ "or the fa_url and api_token module arguments"
+ )
+ try:
+ system.get()
+ except Exception:
+ module.fail_json(
+ msg="Pure Storage FlashArray authentication failed. Check your credentials"
+ )
+ else:
+ module.fail_json(msg="purestorage SDK is not installed.")
+ return system
+
+
+def get_array(module):
+ """Return System Object or Fail"""
+ user_agent = "%(base)s %(class)s/%(version)s (%(platform)s)" % {
+ "base": USER_AGENT_BASE,
+ "class": __name__,
+ "version": VERSION,
+ "platform": platform.platform(),
+ }
+ array_name = module.params["fa_url"]
+ api = module.params["api_token"]
+ if HAS_PYPURECLIENT:
+ if array_name and api:
+ system = flasharray.Client(
+ target=array_name,
+ api_token=api,
+ user_agent=user_agent,
+ )
+ elif environ.get("PUREFA_URL") and environ.get("PUREFA_API"):
+ system = flasharray.Client(
+ target=(environ.get("PUREFA_URL")),
+ api_token=(environ.get("PUREFA_API")),
+ user_agent=user_agent,
+ )
+ else:
+ module.fail_json(
+ msg="You must set PUREFA_URL and PUREFA_API environment variables "
+ "or the fa_url and api_token module arguments"
+ )
+ try:
+ system.get_hardware()
+ except Exception:
+ module.fail_json(
+ msg="Pure Storage FlashArray authentication failed. Check your credentials"
+ )
+ else:
+ module.fail_json(msg="py-pure-client and/or requests are not installed.")
+ return system
+
+
+def purefa_argument_spec():
+ """Return standard base dictionary used for the argument_spec argument in AnsibleModule"""
+
+ return dict(
+ fa_url=dict(),
+ api_token=dict(no_log=True),
+ )
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ad.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ad.py
new file mode 100644
index 000000000..d9eee96ac
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ad.py
@@ -0,0 +1,323 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_ad
+version_added: '1.9.0'
+short_description: Manage FlashArray Active Directory Account
+description:
+- Add or delete FlashArray Active Directory Account
+- FlashArray allows the creation of one AD computer account, or joining of an
+ existing AD computer account.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the AD account
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the AD sccount is deleted or not
+ default: present
+ choices: [ absent, present ]
+ type: str
+ computer:
+ description:
+ - The common name of the computer account to be created in the Active Directory domain.
+ - If not specified, defaults to the name of the Active Directory configuration.
+ type: str
+ domain:
+ description:
+ - The Active Directory domain to join
+ type: str
+ username:
+ description:
+ - A user capable of creating a computer account within the domain
+ type: str
+ password:
+ description:
+ - Password string for I(username)
+ type: str
+ directory_servers:
+ description:
+ - A list of directory servers that will be used for lookups related to user authorization
+ - Accepted server formats are IP address and DNS name
+ - All specified servers must be registered to the domain appropriately in the array
+ configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol.
+ If not specified, servers are resolved for the domain in DNS
+ - The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher.
+ If more are provided only the first allowed count used.
+ type: list
+ elements: str
+ kerberos_servers:
+ description:
+ - A list of key distribution servers to use for Kerberos protocol
+ - Accepted server formats are IP address and DNS name
+ - All specified servers must be registered to the domain appropriately in the array
+ configured DNS and are only communicated with over the secure LDAP (LDAPS) protocol.
+ If not specified, servers are resolved for the domain in DNS.
+ - The specified list can have a maximum length of 1, or 3 for Purity 6.1.6 or higher.
+ If more are provided only the first allowed count used.
+ type: list
+ elements: str
+ local_only:
+ description:
+ - Do a local-only delete of an active directory account
+ type: bool
+ default: false
+ join_ou:
+ description:
+ - Distinguished name of organization unit in which the computer account
+ should be created when joining the domain. e.g. OU=Arrays,OU=Storage.
+ - The B(DC=...) components can be omitted.
+ - If left empty, defaults to B(CN=Computers).
+ - Requires Purity//FA 6.1.8 or higher
+ type: str
+ version_added: '1.10.0'
+ tls:
+ description:
+ - TLS mode for communication with domain controllers.
+ type: str
+ choices: [ required, optional ]
+ default: required
+ version_added: '1.14.0'
+ join_existing:
+ description:
+ - If specified as I(true), the domain is searched for a pre-existing
+ computer account to join to, and no new account will be created within the domain.
+ The C(username) specified when joining a pre-existing account must have
+ permissions to 'read all properties from' and 'reset the password of'
+ the pre-existing account. C(join_ou) will be read from the pre-existing
+ account and cannot be specified when joining to an existing account
+ type: bool
+ default: false
+ version_added: '1.14.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new AD account
+ purestorage.flasharray.purefa_ad:
+ name: ad_account
+ computer: FLASHARRAY
+ domain: acme.com
+ join_ou: "OU=Acme,OU=Dev"
+ username: Administrator
+ password: Password
+ kerberos_servers:
+ - kdc.acme.com
+ directory_servers:
+ - ldap.acme.com
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete AD account locally
+ purestorage.flasharray.purefa_ad:
+ name: ad_account
+ local_only: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Fully delete AD account. Note that correct AD permissions are required
+ purestorage.flasharray.purefa_ad:
+ name: ad_account
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient.flasharray import ActiveDirectoryPost, ActiveDirectoryPatch
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+SERVER_API_VERSION = "2.6"
+MIN_JOIN_OU_API_VERSION = "2.8"
+MIN_TLS_API_VERSION = "2.15"
+
+
+def delete_account(module, array):
+ """Delete Active directory Account"""
+ changed = True
+ if not module.check_mode:
+ res = array.delete_active_directory(
+ names=[module.params["name"]], local_only=module.params["local_only"]
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete AD Account {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def update_account(module, array):
+ """Update existing AD account"""
+ changed = False
+ current_acc = list(array.get_active_directory(names=[module.params["name"]]).items)[
+ 0
+ ]
+ if current_acc.tls != module.params["tls"]:
+ changed = True
+ if not module.check_mode:
+ res = array.patch_active_directory(
+ names=[module.params["name"]],
+ active_directory=ActiveDirectoryPatch(tls=module.params["tls"]),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update AD Account {0} TLS setting. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_account(module, array, api_version):
+ """Create Active Directory Account"""
+ changed = True
+ if MIN_JOIN_OU_API_VERSION not in api_version:
+ ad_config = ActiveDirectoryPost(
+ computer_name=module.params["computer"],
+ directory_servers=module.params["directory_servers"],
+ kerberos_servers=module.params["kerberos_servers"],
+ domain=module.params["domain"],
+ user=module.params["username"],
+ password=module.params["password"],
+ )
+ elif MIN_TLS_API_VERSION in api_version:
+ ad_config = ActiveDirectoryPost(
+ computer_name=module.params["computer"],
+ directory_servers=module.params["directory_servers"],
+ kerberos_servers=module.params["kerberos_servers"],
+ domain=module.params["domain"],
+ user=module.params["username"],
+ join_ou=module.params["join_ou"],
+ password=module.params["password"],
+ tls=module.params["tls"],
+ )
+ else:
+ ad_config = ActiveDirectoryPost(
+ computer_name=module.params["computer"],
+ directory_servers=module.params["directory_servers"],
+ kerberos_servers=module.params["kerberos_servers"],
+ domain=module.params["domain"],
+ user=module.params["username"],
+ join_ou=module.params["join_ou"],
+ password=module.params["password"],
+ )
+ if not module.check_mode:
+ if MIN_TLS_API_VERSION in api_version:
+ res = array.post_active_directory(
+ names=[module.params["name"]],
+ join_existing_account=module.params["join_existing"],
+ active_directory=ad_config,
+ )
+ else:
+ res = array.post_active_directory(
+ names=[module.params["name"]],
+ active_directory=ad_config,
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to add Active Directory Account {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ username=dict(type="str"),
+ password=dict(type="str", no_log=True),
+ name=dict(type="str", required=True),
+ computer=dict(type="str"),
+ local_only=dict(type="bool", default=False),
+ domain=dict(type="str"),
+ join_ou=dict(type="str"),
+ directory_servers=dict(type="list", elements="str"),
+ kerberos_servers=dict(type="list", elements="str"),
+ tls=dict(type="str", default="required", choices=["required", "optional"]),
+ join_existing=dict(type="bool", default=False),
+ )
+ )
+
+ required_if = [["state", "present", ["username", "password", "domain"]]]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ state = module.params["state"]
+ array = get_array(module)
+ exists = bool(
+ array.get_active_directory(names=[module.params["name"]]).status_code == 200
+ )
+
+ if not module.params["computer"]:
+ module.params["computer"] = module.params["name"].replace("_", "-")
+ if module.params["kerberos_servers"]:
+ if SERVER_API_VERSION in api_version:
+ module.params["kerberos_servers"] = module.params["kerberos_servers"][0:3]
+ else:
+ module.params["kerberos_servers"] = module.params["kerberos_servers"][0:1]
+ if module.params["directory_servers"]:
+ if SERVER_API_VERSION in api_version:
+ module.params["directory_servers"] = module.params["directory_servers"][0:3]
+ else:
+ module.params["directory_servers"] = module.params["directory_servers"][0:1]
+ if not exists and state == "present":
+ create_account(module, array, api_version)
+ elif exists and state == "present" and MIN_TLS_API_VERSION in api_version:
+ update_account(module, array)
+ elif exists and state == "absent":
+ delete_account(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_admin.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_admin.py
new file mode 100644
index 000000000..becb86893
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_admin.py
@@ -0,0 +1,180 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_admin
+version_added: '1.12.0'
+short_description: Configure Pure Storage FlashArray Global Admin settings
+description:
+- Set global admin settings for the FlashArray
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ sso:
+ description:
+ - Enable or disable the array Signle Sign-On from Pure1 Manage
+ default: false
+ type: bool
+ max_login:
+ description:
+ - Maximum number of failed logins before account is locked
+ type: int
+ min_password:
+ description:
+ - Minimum user password length
+ default: 1
+ type: int
+ lockout:
+ description:
+ - Account lockout duration, in seconds, after max_login exceeded
+ - Range between 1 second and 90 days (7776000 seconds)
+ type: int
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Set global login parameters
+ purestorage.flasharray.purefa_admin:
+ sso: false
+ max_login: 5
+ min_password: 10
+ lockout: 300
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient.flasharray import AdminSettings
+except ImportError:
+ HAS_PURESTORAGE = False
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_API_VERSION = "2.2"
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ sso=dict(type="bool", default=False),
+ max_login=dict(type="int"),
+ min_password=dict(type="int", default=1, no_log=False),
+ lockout=dict(type="int"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+ if module.params["lockout"] and not 1 <= module.params["lockout"] <= 7776000:
+ module.fail_json(msg="Lockout must be between 1 and 7776000 seconds")
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ changed = False
+ if MIN_API_VERSION in api_version:
+ array = get_array(module)
+ current_settings = list(array.get_admins_settings().items)[0]
+ if (
+ module.params["sso"]
+ and module.params["sso"] != current_settings.single_sign_on_enabled
+ ):
+ changed = True
+ sso = module.params["sso"]
+ else:
+ sso = current_settings.single_sign_on_enabled
+ if (
+ module.params["min_password"]
+ and module.params["min_password"] != current_settings.min_password_length
+ ):
+ changed = True
+ min_password = module.params["min_password"]
+ else:
+ min_password = current_settings.min_password_length
+ lockout = getattr(current_settings, "lockout_duration", None)
+ if (
+ lockout
+ and module.params["lockout"]
+ and lockout != module.params["lockout"] * 1000
+ ):
+ changed = True
+ lockout = module.params["lockout"] * 1000
+ elif not lockout and module.params["lockout"]:
+ changed = True
+ lockout = module.params["lockout"] * 1000
+ max_login = getattr(current_settings, "max_login_attempts", None)
+ if (
+ max_login
+ and module.params["max_login"]
+ and max_login != module.params["max_login"]
+ ):
+ changed = True
+ max_login = module.params["max_login"]
+ elif not max_login and module.params["max_login"]:
+ changed = True
+ max_login = module.params["max_login"]
+ if changed and not module.check_mode:
+ if max_login:
+ admin = AdminSettings(
+ single_sign_on_enabled=sso,
+ min_password_length=min_password,
+ max_login_attempts=max_login,
+ )
+ if lockout:
+ admin = AdminSettings(
+ single_sign_on_enabled=sso,
+ min_password_length=min_password,
+ lockout_duration=lockout,
+ )
+ if lockout and max_login:
+ admin = AdminSettings(
+ single_sign_on_enabled=sso,
+ min_password_length=min_password,
+ lockout_duration=lockout,
+ max_login_attempts=max_login,
+ )
+ if not lockout and not max_login:
+ admin = AdminSettings(
+ single_sign_on_enabled=sso,
+ min_password_length=min_password,
+ )
+ res = array.patch_admins_settings(admin_settings=admin)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to change Global Admin settings. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ module.fail_json(msg="Purity version does not support Global Admin settings")
+ module.exit_json(changed=changed)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_alert.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_alert.py
new file mode 100644
index 000000000..1220ed560
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_alert.py
@@ -0,0 +1,208 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_alert
+version_added: '1.0.0'
+short_description: Configure Pure Storage FlashArray alert email settings
+description:
+- Configure alert email configuration for Pure Storage FlashArrays.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ type: str
+ description:
+ - Create or delete alert email
+ default: present
+ choices: [ absent, present ]
+ address:
+ type: str
+ description:
+ - Email address (valid format required)
+ required: true
+ enabled:
+ type: bool
+ default: true
+ description:
+ - Set specified email address to be enabled or disabled
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Add new email recipient and enable, or enable existing email
+ purestorage.flasharray.purefa_alert:
+ address: "user@domain.com"
+ enabled: true
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Delete existing email recipient
+ purestorage.flasharray.purefa_alert:
+ state: absent
+ address: "user@domain.com"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def create_alert(module, array):
+ """Create Alert Email"""
+ changed = True
+ if not module.check_mode:
+ changed = False
+ try:
+ array.create_alert_recipient(module.params["address"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to create alert email: {0}".format(module.params["address"])
+ )
+
+ if not module.params["enabled"]:
+ try:
+ array.disable_alert_recipient(module.params["address"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to create alert email: {0}".format(
+ module.params["address"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def enable_alert(module, array):
+ """Enable Alert Email"""
+ changed = True
+ if not module.check_mode:
+ changed = False
+ try:
+ array.enable_alert_recipient(module.params["address"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to enable alert email: {0}".format(module.params["address"])
+ )
+
+ module.exit_json(changed=changed)
+
+
+def disable_alert(module, array):
+ """Disable Alert Email"""
+ changed = True
+ if not module.check_mode:
+ changed = False
+ try:
+ array.disable_alert_recipient(module.params["address"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to disable alert email: {0}".format(
+ module.params["address"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def delete_alert(module, array):
+ """Delete Alert Email"""
+ changed = True
+ if module.params["address"] == "flasharray-alerts@purestorage.com":
+ module.fail_json(
+ msg="Built-in address {0} cannot be deleted.".format(
+ module.params["address"]
+ )
+ )
+ if not module.check_mode:
+ changed = False
+ try:
+ array.delete_alert_recipient(module.params["address"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete alert email: {0}".format(module.params["address"])
+ )
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ address=dict(type="str", required=True),
+ enabled=dict(type="bool", default=True),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ pattern = re.compile(r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$")
+ if not pattern.match(module.params["address"]):
+ module.fail_json(msg="Valid email address not provided.")
+
+ array = get_system(module)
+
+ exists = False
+ try:
+ emails = array.list_alert_recipients()
+ except Exception:
+ module.fail_json(msg="Failed to get exisitng email list")
+ for email in range(0, len(emails)):
+ if emails[email]["name"] == module.params["address"]:
+ exists = True
+ enabled = emails[email]["enabled"]
+ break
+ if module.params["state"] == "present" and not exists:
+ create_alert(module, array)
+ elif (
+ module.params["state"] == "present"
+ and exists
+ and not enabled
+ and module.params["enabled"]
+ ):
+ enable_alert(module, array)
+ elif (
+ module.params["state"] == "present"
+ and exists
+ and enabled
+ and not module.params["enabled"]
+ ):
+ disable_alert(module, array)
+ elif module.params["state"] == "absent" and exists:
+ delete_alert(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_apiclient.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_apiclient.py
new file mode 100644
index 000000000..12970dddb
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_apiclient.py
@@ -0,0 +1,250 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_apiclient
+version_added: '1.5.0'
+short_description: Manage FlashArray API Clients
+description:
+- Enable or disable FlashArray API Clients
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the API Client
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the API client should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ role:
+ description:
+ - The maximum role allowed for ID Tokens issued by this API client
+ type: str
+ choices: [readonly, ops_admin, storage_admin, array_admin]
+ issuer:
+ description:
+ - The name of the identity provider that will be issuing ID Tokens for this API client
+ - If not specified, defaults to the API client name, I(name).
+ type: str
+ public_key:
+ description:
+ - The API clients PEM formatted (Base64 encoded) RSA public key.
+ - Include the I(—–BEGIN PUBLIC KEY—–) and I(—–END PUBLIC KEY—–) lines
+ type: str
+ token_ttl:
+ description:
+ - Time To Live length in seconds for the exchanged access token
+ - Range is 1 second to 1 day (86400 seconds)
+ type: int
+ default: 86400
+ enabled:
+ description:
+ - State of the API Client Key
+ type: bool
+ default: true
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create API token ansible-token
+ purestorage.flasharray.purefa_apiclient:
+ name: ansible-token
+ issuer: "Pure Storage"
+ ttl: 3000
+ role: array_admin
+ public_key: "{{lookup('file', 'public_pem_file') }}"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable API CLient
+ purestorage.flasharray.purefa_apiclient:
+ name: ansible-token
+ enabled: false
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Enable API CLient
+ purestorage.flasharray.purefa_apiclient:
+ name: ansible-token
+ enabled: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete API Client
+ purestorage.flasharray.purefa_apiclient:
+ state: absent
+ name: ansible-token
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.1"
+
+
+def delete_client(module, array):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_api_clients(names=[module.params["name"]])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete API Client {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def update_client(module, array, client):
+ """Update API Client"""
+ changed = False
+ if client.enabled != module.params["enabled"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.patch_api_clients(
+ names=[module.params["name"]],
+ api_clients=flasharray.ApiClientPatch(
+ enabled=module.params["enabled"]
+ ),
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update API Client {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def create_client(module, array):
+ """Create API Client"""
+ changed = True
+ if not 1 <= module.params["token_ttl"] <= 86400:
+ module.fail_json(msg="token_ttl parameter is out of range (1 to 86400)")
+ else:
+ token_ttl = module.params["token_ttl"] * 1000
+ if not module.params["issuer"]:
+ module.params["issuer"] = module.params["name"]
+ try:
+ client = flasharray.ApiClientPost(
+ max_role=module.params["role"],
+ issuer=module.params["issuer"],
+ access_token_ttl_in_ms=token_ttl,
+ public_key=module.params["public_key"],
+ )
+ if not module.check_mode:
+ res = array.post_api_clients(
+ names=[module.params["name"]], api_clients=client
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create API CLient {0}. Error message: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ if module.params["enabled"]:
+ try:
+ array.patch_api_clients(
+ names=[module.params["name"]],
+ api_clients=flasharray.ApiClientPatch(
+ enabled=module.params["enabled"]
+ ),
+ )
+ except Exception:
+ array.delete_api_clients(names=[module.params["name"]])
+ module.fail_json(
+ msg="Failed to create API Client {0}".format(
+ module.params["name"]
+ )
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create API Client {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ enabled=dict(type="bool", default=True),
+ name=dict(type="str", required=True),
+ role=dict(
+ type="str",
+ choices=["readonly", "ops_admin", "storage_admin", "array_admin"],
+ ),
+ public_key=dict(type="str", no_log=True),
+ token_ttl=dict(type="int", default=86400, no_log=False),
+ issuer=dict(type="str"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array = get_array(module)
+ state = module.params["state"]
+
+ try:
+ client = list(array.get_api_clients(names=[module.params["name"]]).items)[0]
+ exists = True
+ except Exception:
+ exists = False
+
+ if not exists and state == "present":
+ create_client(module, array)
+ elif exists and state == "present":
+ update_client(module, array, client)
+ elif exists and state == "absent":
+ delete_client(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_arrayname.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_arrayname.py
new file mode 100644
index 000000000..cf5202c6f
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_arrayname.py
@@ -0,0 +1,103 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_arrayname
+version_added: '1.0.0'
+short_description: Configure Pure Storage FlashArray array name
+description:
+- Configure name of array for Pure Storage FlashArrays.
+- Ideal for Day 0 initial configuration.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Set the array name
+ type: str
+ default: present
+ choices: [ present ]
+ name:
+ description:
+ - Name of the array. Must conform to correct naming schema.
+ type: str
+ required: true
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Set new array name
+ purestorage.flasharray.purefa_arrayname:
+ name: new-array-name
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def update_name(module, array):
+ """Change aray name"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(name=module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to change array name to {0}".format(module.params["name"])
+ )
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ state=dict(type="str", default="present", choices=["present"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+ pattern = re.compile("^[a-zA-Z0-9]([a-zA-Z0-9-]{0,54}[a-zA-Z0-9])?$")
+ if not pattern.match(module.params["name"]):
+ module.fail_json(
+ msg="Array name {0} does not conform to array name rules".format(
+ module.params["name"]
+ )
+ )
+ if module.params["name"] != array.get()["array_name"]:
+ update_name(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_banner.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_banner.py
new file mode 100644
index 000000000..bd7a367a5
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_banner.py
@@ -0,0 +1,125 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_banner
+version_added: '1.0.0'
+short_description: Configure Pure Storage FlashArray GUI and SSH MOTD message
+description:
+- Configure MOTD for Pure Storage FlashArrays.
+- This will be shown during an SSH or GUI login to the array.
+- Multiple line messages can be achieved using \\n.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Set ot delete the MOTD
+ default: present
+ type: str
+ choices: [ present, absent ]
+ banner:
+ description:
+ - Banner text, or MOTD, to use
+ type: str
+ default: "Welcome to the machine..."
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Set new banner text
+ purestorage.flasharray.purefa_banner:
+ banner: "Banner over\ntwo lines"
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete banner text
+ purestorage.flasharray.purefa_banner:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def set_banner(module, array):
+ """Set MOTD banner text"""
+ changed = True
+ if not module.params["banner"]:
+ module.fail_json(msg="Invalid MOTD banner given")
+ if not module.check_mode:
+ try:
+ array.set(banner=module.params["banner"])
+ except Exception:
+ module.fail_json(msg="Failed to set MOTD banner text")
+
+ module.exit_json(changed=changed)
+
+
+def delete_banner(module, array):
+ """Delete MOTD banner text"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(banner="")
+ except Exception:
+ module.fail_json(msg="Failed to delete current MOTD banner text")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ banner=dict(type="str", default="Welcome to the machine..."),
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ )
+ )
+
+ required_if = [("state", "present", ["banner"])]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+ current_banner = array.get(banner=True)["banner"]
+ # set banner if empty value or value differs
+ if state == "present" and (
+ not current_banner or current_banner != module.params["banner"]
+ ):
+ set_banner(module, array)
+ # clear banner if it has a value
+ elif state == "absent" and current_banner:
+ delete_banner(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_certs.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_certs.py
new file mode 100644
index 000000000..33ffb60cc
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_certs.py
@@ -0,0 +1,524 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_certs
+version_added: '1.8.0'
+short_description: Manage FlashArray SSL Certificates
+description:
+- Create, delete, import and export FlashArray SSL Certificates
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the SSL Certificate
+ type: str
+ default: management
+ state:
+ description:
+ - Action for the module to perform
+ - I(present) will create or re-create an SSL certificate
+ - I(absent) will delete an existing SSL certificate
+ - I(sign) will construct a Certificate Signing request (CSR)
+ - I(export) will export the exisitng SSL certificate
+ - I(import) will import a CA provided certificate.
+ default: present
+ choices: [ absent, present, import, export, sign ]
+ type: str
+ country:
+ type: str
+ description:
+ - The two-letter ISO code for the country where your organization is located
+ province:
+ type: str
+ description:
+ - The full name of the state or province where your organization is located
+ locality:
+ type: str
+ description:
+ - The full name of the city where your organization is located
+ organization:
+ type: str
+ description:
+ - The full and exact legal name of your organization.
+ - The organization name should not be abbreviated and should
+ include suffixes such as Inc, Corp, or LLC.
+ org_unit:
+ type: str
+ description:
+ - The department within your organization that is managing the certificate
+ common_name:
+ type: str
+ description:
+ - The fully qualified domain name (FQDN) of the current array
+ - For example, the common name for https://purearray.example.com is
+ purearray.example.com, or *.example.com for a wildcard certificate
+ - This can also be the management IP address of the array or the
+ shortname of the current array.
+ - Maximum of 64 characters
+ - If not provided this will default to the shortname of the array
+ email:
+ type: str
+ description:
+ - The email address used to contact your organization
+ key_size:
+ type: int
+ description:
+ - The key size in bits if you generate a new private key
+ default: 2048
+ choices: [ 1024, 2048, 4096 ]
+ days:
+ default: 3650
+ type: int
+ description:
+ - The number of valid days for the self-signed certificate being generated
+ - If not specified, the self-signed certificate expires after 3650 days.
+ generate:
+ default: false
+ type: bool
+ description:
+ - Generate a new private key.
+ - If not selected, the certificate will use the existing key
+ certificate:
+ type: str
+ description:
+ - Required for I(import)
+ - A valid signed certicate in PEM format (Base64 encoded)
+ - Includes the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines
+ - Does not exceed 3000 characters in length
+ intermeadiate_cert:
+ type: str
+ description:
+ - Intermeadiate certificate provided by the CA
+ key:
+ type: str
+ description:
+ - If the Certificate Signed Request (CSR) was not constructed on the array
+ or the private key has changed since construction the CSR, provide
+ a new private key here
+ passphrase:
+ type: str
+ description:
+ - Passphrase if the private key is encrypted
+ export_file:
+ type: str
+ description:
+ - Name of file to contain Certificate Signing Request when `status sign`
+ - Name of file to export the current SSL Certificate when `status export`
+ - File will be overwritten if it already exists
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create SSL certifcate foo
+ purestorage.flasharray.purefa_certs:
+ name: foo
+ key_size: 4096
+ country: US
+ province: FL
+ locality: Miami
+ organization: "Acme Inc"
+ org_unit: "DevOps"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete SSL certificate foo
+ purestorage.flasharray.purefa_certs:
+ name: foo
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Request CSR
+ purestorage.flasharray.purefa_certs:
+ state: sign
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Regenerate key for SSL foo
+ purestorage.flasharray.purefa_certs:
+ generate: true
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Import SSL Cert foo and Private Key
+ purestorage.flasharray.purefa_certs:
+ state: import
+ name: foo
+ certificate: "{{lookup('file', 'example.crt') }}"
+ key: "{{lookup('file', 'example.key') }}"
+ passphrase: password
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+HAS_PYCOUNTRY = True
+try:
+ import pycountry
+except ImportError:
+ HAS_PYCOUNTRY = False
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.4"
+
+
+def update_cert(module, array):
+ """Update existing SSL Certificate"""
+ changed = True
+ current_cert = list(array.get_certificates(names=[module.params["name"]]).items)[0]
+ try:
+ if module.params["common_name"] != current_cert.common_name:
+ module.params["common_name"] = current_cert.common_name
+ except AttributeError:
+ pass
+ try:
+ if module.params["country"] != current_cert.country:
+ module.params["country"] = current_cert.country
+ except AttributeError:
+ pass
+ try:
+ if module.params["email"] != current_cert.email:
+ module.params["email"] = current_cert.email
+ except AttributeError:
+ pass
+ try:
+ if module.params["key_size"] != current_cert.key_size:
+ module.params["key_size"] = current_cert.key_size
+ except AttributeError:
+ pass
+ try:
+ if module.params["locality"] != current_cert.locality:
+ module.params["locality"] = current_cert.locality
+ except AttributeError:
+ pass
+ try:
+ if module.params["province"] != current_cert.state:
+ module.params["province"] = current_cert.state
+ except AttributeError:
+ pass
+ try:
+ if module.params["organization"] != current_cert.organization:
+ module.params["organization"] = current_cert.organization
+ except AttributeError:
+ pass
+ try:
+ if module.params["org_unit"] != current_cert.organizational_unit:
+ module.params["org_unit"] = current_cert.organizational_unit
+ except AttributeError:
+ pass
+ certificate = flasharray.CertificatePost(
+ common_name=module.params["common_name"],
+ country=module.params["country"],
+ email=module.params["email"],
+ key_size=module.params["key_size"],
+ locality=module.params["locality"],
+ organization=module.params["organization"],
+ organizational_unit=module.params["org_unit"],
+ state=module.params["province"],
+ days=module.params["days"],
+ )
+ if not module.check_mode:
+ res = array.patch_certificates(
+ names=[module.params["name"]],
+ certificate=certificate,
+ generate_new_key=module.params["generate"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Updating existing SSL certificate {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def create_cert(module, array):
+ changed = True
+ certificate = flasharray.CertificatePost(
+ common_name=module.params["common_name"],
+ country=module.params["country"],
+ email=module.params["email"],
+ key_size=module.params["key_size"],
+ locality=module.params["locality"],
+ organization=module.params["organization"],
+ organizational_unit=module.params["org_unit"],
+ state=module.params["province"],
+ status="self-signed",
+ days=module.params["days"],
+ )
+ if not module.check_mode:
+ res = array.post_certificates(
+ names=[module.params["name"]], certificate=certificate
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Creating SSL certificate {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def delete_cert(module, array):
+ changed = True
+ if module.params["name"] == "management":
+ module.fail_json(msg="management SSL cannot be deleted")
+ if not module.check_mode:
+ res = array.delete_certificates(names=[module.params["name"]])
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete {0} SSL certifcate. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def import_cert(module, array, reimport=False):
+ """Import a CA provided SSL certificate"""
+ changed = True
+ if len(module.params["certificate"]) > 3000:
+ module.fail_json(msg="Imported Certificate exceeds 3000 characters")
+ certificate = flasharray.CertificatePost(
+ certificate=module.params["certificate"],
+ intermediate_certificate=module.params["intermeadiate_cert"],
+ key=module.params["key"],
+ passphrase=module.params["passphrase"],
+ status="imported",
+ )
+ if not module.check_mode:
+ if reimport:
+ res = array.patch_certificates(
+ names=[module.params["name"]], certificate=certificate
+ )
+ else:
+ res = array.post_certificates(
+ names=[module.params["name"]], certificate=certificate
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Importing Certificate failed. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def export_cert(module, array):
+ """Export current SSL certificate"""
+ changed = True
+ if not module.check_mode:
+ ssl = array.get_certificates(names=[module.params["name"]])
+ if ssl.status_code != 200:
+ module.fail_json(
+ msg="Exporting Certificate failed. Error: {0}".format(
+ ssl.errors[0].message
+ )
+ )
+ ssl_file = open(module.params["export_file"], "w")
+ ssl_file.write(list(ssl.items)[0].certificate)
+ ssl_file.close()
+ module.exit_json(changed=changed)
+
+
+def create_csr(module, array):
+ """Construct a Certificate Signing Request
+
+ Output the result to a specified file
+ """
+ changed = True
+ current_attr = list(array.get_certificates(names=[module.params["name"]]).items)[0]
+ try:
+ if module.params["common_name"] != current_attr.common_name:
+ module.params["common_name"] = current_attr.common_name
+ except AttributeError:
+ pass
+ try:
+ if module.params["country"] != current_attr.country:
+ module.params["country"] = current_attr.country
+ except AttributeError:
+ pass
+ try:
+ if module.params["email"] != current_attr.email:
+ module.params["email"] = current_attr.email
+ except AttributeError:
+ pass
+ try:
+ if module.params["locality"] != current_attr.locality:
+ module.params["locality"] = current_attr.locality
+ except AttributeError:
+ pass
+ try:
+ if module.params["province"] != current_attr.state:
+ module.params["province"] = current_attr.state
+ except AttributeError:
+ pass
+ try:
+ if module.params["organization"] != current_attr.organization:
+ module.params["organization"] = current_attr.organization
+ except AttributeError:
+ pass
+ try:
+ if module.params["org_unit"] != current_attr.organization_unit:
+ module.params["org_unit"] = current_attr.organization_unit
+ except AttributeError:
+ pass
+ if not module.check_mode:
+ certificate = flasharray.CertificateSigningRequestPost(
+ certificate={"name": "management"},
+ common_name=module.params["common_name"],
+ country=module.params["country"],
+ email=module.params["email"],
+ locality=module.params["locality"],
+ state=module.params["province"],
+ organization=module.params["organization"],
+ organization_unit=module.params["org_unit"],
+ )
+ csr = list(
+ array.post_certificates_certificate_signing_requests(
+ certificate=certificate
+ ).items
+ )[0].certificate_signing_request
+ csr_file = open(module.params["export_file"], "w")
+ csr_file.write(csr)
+ csr_file.close()
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(
+ type="str",
+ default="present",
+ choices=["absent", "present", "import", "export", "sign"],
+ ),
+ generate=dict(type="bool", default=False),
+ name=dict(type="str", default="management"),
+ country=dict(type="str"),
+ province=dict(type="str"),
+ locality=dict(type="str"),
+ organization=dict(type="str"),
+ org_unit=dict(type="str"),
+ common_name=dict(type="str"),
+ email=dict(type="str"),
+ key_size=dict(type="int", default=2048, choices=[1024, 2048, 4096]),
+ certificate=dict(type="str", no_log=True),
+ intermeadiate_cert=dict(type="str", no_log=True),
+ key=dict(type="str", no_log=True),
+ export_file=dict(type="str"),
+ passphrase=dict(type="str", no_log=True),
+ days=dict(type="int", default=3650),
+ )
+ )
+
+ mutually_exclusive = [["certificate", "key_size"]]
+ required_if = [
+ ["state", "import", ["certificate"]],
+ ["state", "export", ["export_file"]],
+ ]
+
+ module = AnsibleModule(
+ argument_spec,
+ mutually_exclusive=mutually_exclusive,
+ required_if=required_if,
+ supports_check_mode=True,
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ if not HAS_PYCOUNTRY:
+ module.fail_json(msg="pycountry sdk is required for this module")
+
+ email_pattern = r"^(\w|\.|\_|\-)+[@](\w|\_|\-|\.)+[.]\w{2,3}$"
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+
+ array = get_array(module)
+ if module.params["email"]:
+ if not re.search(email_pattern, module.params["email"]):
+ module.fail_json(
+ msg="Email {0} is not valid".format(module.params["email"])
+ )
+ if module.params["country"]:
+ if len(module.params["country"]) != 2:
+ module.fail_json(msg="Country must be a two-letter country (ISO) code")
+ if not pycountry.countries.get(alpha_2=module.params["country"].upper()):
+ module.fail_json(
+ msg="Country code {0} is not an assigned ISO 3166-1 code".format(
+ module.params["country"].upper()
+ )
+ )
+ state = module.params["state"]
+ if state in ["present", "sign"]:
+ if not module.params["common_name"]:
+ module.params["common_name"] = list(array.get_arrays().items)[0].name
+ module.params["common_name"] = module.params["common_name"][:64]
+
+ exists = bool(
+ array.get_certificates(names=[module.params["name"]]).status_code == 200
+ )
+
+ if not exists and state == "present":
+ create_cert(module, array)
+ elif exists and state == "present":
+ update_cert(module, array)
+ elif state == "sign":
+ create_csr(module, array)
+ elif not exists and state == "import":
+ import_cert(module, array)
+ elif exists and state == "import":
+ import_cert(module, array, reimport=True)
+ elif state == "export":
+ export_cert(module, array)
+ elif exists and state == "absent":
+ delete_cert(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_connect.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_connect.py
new file mode 100644
index 000000000..3148ea482
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_connect.py
@@ -0,0 +1,238 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_connect
+version_added: '1.0.0'
+short_description: Manage replication connections between two FlashArrays
+description:
+- Manage array connections to specified target array
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create or delete array connection
+ default: present
+ type: str
+ choices: [ absent, present ]
+ target_url:
+ description:
+ - Management IP address of remote array.
+ type: str
+ required: true
+ target_api:
+ description:
+ - API token for target array
+ type: str
+ connection:
+ description:
+ - Type of connection between arrays.
+ type: str
+ choices: [ sync, async ]
+ default: async
+ transport:
+ description:
+ - Type of transport protocol to use for replication
+ type: str
+ choices: [ ip, fc ]
+ default: ip
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create an async connection to remote array
+ purestorage.flasharray.purefa_connect:
+ target_url: 10.10.10.20
+ target_api: 9c0b56bc-f941-f7a6-9f85-dcc3e9a8f7d6
+ connection: async
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Delete connection to remote array
+ purestorage.flasharray.purefa_connect:
+ state: absent
+ target_url: 10.10.10.20
+ target_api: 9c0b56bc-f941-f7a6-9f85-dcc3e9a8f7d6
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from purestorage import FlashArray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+HAS_PYPURECLIENT = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PYPURECLIENT = False
+
+import platform
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+
+P53_API_VERSION = "1.17"
+FC_REPL_VERSION = "2.4"
+
+
+def _check_connected(module, array):
+ connected_arrays = array.list_array_connections()
+ api_version = array._list_available_rest_versions()
+ for target in range(0, len(connected_arrays)):
+ if P53_API_VERSION in api_version:
+ if (
+ connected_arrays[target]["management_address"]
+ == module.params["target_url"]
+ and "connected" in connected_arrays[target]["status"]
+ ):
+ return connected_arrays[target]
+ else:
+ if (
+ connected_arrays[target]["management_address"]
+ == module.params["target_url"]
+ and connected_arrays[target]["connected"]
+ ):
+ return connected_arrays[target]
+ return None
+
+
+def break_connection(module, array, target_array):
+ """Break connection between arrays"""
+ changed = True
+ source_array = array.get()["array_name"]
+ if target_array["management_address"] is None:
+ module.fail_json(
+ msg="disconnect can only happen from the array that formed the connection"
+ )
+ if not module.check_mode:
+ try:
+ array.disconnect_array(target_array["array_name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to disconnect {0} from {1}.".format(
+ target_array["array_name"], source_array
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_connection(module, array):
+ """Create connection between arrays"""
+ changed = True
+ remote_array = module.params["target_url"]
+ user_agent = "%(base)s %(class)s/%(version)s (%(platform)s)" % {
+ "base": "Ansible",
+ "class": __name__,
+ "version": 1.2,
+ "platform": platform.platform(),
+ }
+ try:
+ remote_system = FlashArray(
+ module.params["target_url"],
+ api_token=module.params["target_api"],
+ user_agent=user_agent,
+ )
+ connection_key = remote_system.get(connection_key=True)["connection_key"]
+ remote_array = remote_system.get()["array_name"]
+ api_version = array._list_available_rest_versions()
+ # TODO: Refactor when FC async is supported
+ if (
+ FC_REPL_VERSION in api_version
+ and module.params["transport"].lower() == "fc"
+ ):
+ if module.params["connection"].lower() == "async":
+ module.fail_json(
+ msg="Asynchronous replication not supported using FC transport"
+ )
+ array_connection = flasharray.ArrayConnectionPost(
+ type="sync-replication",
+ management_address=module.params["target_url"],
+ replication_transport="fc",
+ connection_key=connection_key,
+ )
+ array = get_array(module)
+ if not module.check_mode:
+ res = array.post_array_connections(array_connection=array_connection)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Array Connection failed. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ if not module.check_mode:
+ array.connect_array(
+ module.params["target_url"],
+ connection_key,
+ [module.params["connection"]],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to connect to remote array {0}.".format(remote_array)
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ connection=dict(type="str", default="async", choices=["async", "sync"]),
+ transport=dict(type="str", default="ip", choices=["ip", "fc"]),
+ target_url=dict(type="str", required=True),
+ target_api=dict(type="str"),
+ )
+ )
+
+ required_if = [("state", "present", ["target_api"])]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="purestorage sdk is required for this module")
+
+ if module.params["transport"] == "fc" and not HAS_PYPURECLIENT:
+ module.fail_json(msg="pypureclient sdk is required for this module")
+
+ state = module.params["state"]
+ array = get_system(module)
+ target_array = _check_connected(module, array)
+
+ if state == "present" and target_array is None:
+ create_connection(module, array)
+ elif state == "absent" and target_array is not None:
+ break_connection(module, array, target_array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_console.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_console.py
new file mode 100644
index 000000000..f3c4df429
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_console.py
@@ -0,0 +1,107 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_console
+version_added: '1.0.0'
+short_description: Enable or Disable Pure Storage FlashArray Console Lock
+description:
+- Enablke or Disable root lockout from the array at the physical console for a Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Define state of console lockout
+ - When set to I(enable) the console port is locked from root login.
+ type: str
+ default: disable
+ choices: [ enable, disable ]
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Enable Console Lockout
+ purestorage.flasharray.purefa_console:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable Console Lockout
+ purestorage.flasharray.purefa_console:
+ state: disable
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def enable_console(module, array):
+ """Enable Console Lockout"""
+ changed = False
+ if array.get_console_lock_status()["console_lock"] != "enabled":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.enable_console_lock()
+ except Exception:
+ module.fail_json(msg="Enabling Console Lock failed")
+ module.exit_json(changed=changed)
+
+
+def disable_console(module, array):
+ """Disable Console Lock"""
+ changed = False
+ if array.get_console_lock_status()["console_lock"] == "enabled":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.disable_console_lock()
+ except Exception:
+ module.fail_json(msg="Disabling Console Lock failed")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="disable", choices=["enable", "disable"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+
+ if module.params["state"] == "enable":
+ enable_console(module, array)
+ else:
+ disable_console(module, array)
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_default_protection.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_default_protection.py
new file mode 100644
index 000000000..5038de423
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_default_protection.py
@@ -0,0 +1,328 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_default_protection
+version_added: '1.14.0'
+short_description: Manage SafeMode default protection for a Pure Storage FlashArray
+description:
+- Configure automatic protection group membership for new volumes and copied volumes
+ array wide, or at the pod level.
+- Requires a minimum of Purity 6.3.4
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ scope:
+ description:
+ - The scope of the default protection group
+ type: str
+ choices: [ array, pod ]
+ default: array
+ name:
+ description:
+ - The name of the protection group to assign or remove as default for the scope.
+ - If I(scope) is I(pod) only the short-name for the pod protection group is needed.
+ See examples
+ elements: str
+ type: list
+ required: true
+ pod:
+ description:
+ - name of the pod to apply the default protection to.
+ - Only required for I(scope) is I(pod)
+ type: str
+ state:
+ description:
+ - Define whether to add or delete the protection group to the default list
+ default: present
+ choices: [ absent, present ]
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Add protection group foo::bar as default for pod foo
+ purestorage.flasharray.purefa_default_protection:
+ name: bar
+ pod: foo
+ scope: pod
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add protection group foo as default for array
+ purestorage.flasharray.purefa_default_protection:
+ name: foo
+ scope: array
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Remove protection group foo from array default protection
+ purestorage.flasharray.purefa_default_protection:
+ name: foo
+ scope: array
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Clear default protection for the array
+ purestorage.flasharray.purefa_volume_tags:
+ name: ''
+ scope: array
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+
+DEFAULT_API_VERSION = "2.16"
+
+
+def _get_pod(module, array):
+ """Return Pod or None"""
+ try:
+ return array.get_pods(names=[module.params["pod"]])
+ except Exception:
+ return None
+
+
+def _get_pg(array, pod):
+ """Return Protection Group or None"""
+ try:
+ return array.get_protection_groups(names=[pod])
+ except Exception:
+ return None
+
+
+def create_default(module, array):
+ """Create Default Protection"""
+ changed = True
+ pg_list = []
+ if not module.check_mode:
+ for pgroup in range(0, len(module.params["name"])):
+ if module.params["scope"] == "array":
+ pg_list.append(
+ flasharray.DefaultProtectionReference(
+ name=module.params["name"][pgroup], type="protection_group"
+ )
+ )
+ else:
+ pg_list.append(
+ flasharray.DefaultProtectionReference(
+ name=module.params["pod"]
+ + "::"
+ + module.params["name"][pgroup],
+ type="protection_group",
+ )
+ )
+ if module.params["scope"] == "array":
+ protection = flasharray.ContainerDefaultProtection(
+ name="", type="", default_protections=pg_list
+ )
+ res = array.patch_container_default_protections(
+ names=[""], container_default_protection=protection
+ )
+ else:
+ protection = flasharray.ContainerDefaultProtection(
+ name=module.params["pod"], type="pod", default_protections=pg_list
+ )
+ res = array.patch_container_default_protections(
+ names=[module.params["pod"]], container_default_protection=protection
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to set default protection. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def update_default(module, array, current_default):
+ """Update Default Protection"""
+ changed = False
+ current = []
+ for default in range(0, len(current_default)):
+ if module.params["scope"] == "array":
+ current.append(current_default[default].name)
+ else:
+ current.append(current_default[default].name.split(":")[-1])
+ pg_list = []
+ if module.params["state"] == "present":
+ if current:
+ new_list = sorted(list(set(module.params["name"] + current)))
+ else:
+ new_list = sorted(list(set(module.params["name"])))
+ elif current:
+ new_list = sorted(list(set(current).difference(module.params["name"])))
+ else:
+ new_list = []
+ if not new_list:
+ delete_default(module, array)
+ elif new_list == current:
+ changed = False
+ else:
+ changed = True
+ if not module.check_mode:
+ for pgroup in range(0, len(new_list)):
+ if module.params["scope"] == "array":
+ pg_list.append(
+ flasharray.DefaultProtectionReference(
+ name=new_list[pgroup], type="protection_group"
+ )
+ )
+ else:
+ pg_list.append(
+ flasharray.DefaultProtectionReference(
+ name=module.params["pod"] + "::" + new_list[pgroup],
+ type="protection_group",
+ )
+ )
+ if module.params["scope"] == "array":
+ protection = flasharray.ContainerDefaultProtection(
+ name="", type="", default_protections=pg_list
+ )
+ res = array.patch_container_default_protections(
+ names=[""], container_default_protection=protection
+ )
+ else:
+ protection = flasharray.ContainerDefaultProtection(
+ name=module.params["pod"],
+ type="pod",
+ default_protections=pg_list,
+ )
+ res = array.patch_container_default_protections(
+ names=[module.params["pod"]],
+ container_default_protection=protection,
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update default protection. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_default(module, array):
+ """Delete Default Protection"""
+ changed = True
+ if not module.check_mode:
+ if module.params["scope"] == "array":
+ protection = flasharray.ContainerDefaultProtection(
+ name="", type="", default_protections=[]
+ )
+ res = array.patch_container_default_protections(
+ names=[""], container_default_protection=protection
+ )
+ else:
+ protection = flasharray.ContainerDefaultProtection(
+ name=module.params["pod"], type="pod", default_protections=[]
+ )
+ res = array.patch_container_default_protections(
+ names=[module.params["pod"]], container_default_protection=[]
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete default protection. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="list", elements="str", required=True),
+ pod=dict(type="str"),
+ scope=dict(type="str", default="array", choices=["array", "pod"]),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ )
+ )
+
+ required_if = [["scope", "pod", ["pod"]]]
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+ state = module.params["state"]
+ if not HAS_PURESTORAGE:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'count' parameter"
+ )
+ arrayv5 = get_system(module)
+ module.params["name"] = sorted(module.params["name"])
+ api_version = arrayv5._list_available_rest_versions()
+ if DEFAULT_API_VERSION not in api_version:
+ module.fail_json(
+ msg="Default Protection is not supported. Purity//FA 6.3.4, or higher, is required."
+ )
+ array = get_array(module)
+ if module.params["scope"] == "pod":
+ if not _get_pod(module, array):
+ module.fail_json(
+ msg="Invalid pod {0} specified.".format(module.params["pod"])
+ )
+ current_default = list(
+ array.get_container_default_protections(names=[module.params["pod"]]).items
+ )[0].default_protections
+ else:
+ current_default = list(array.get_container_default_protections().items)[
+ 0
+ ].default_protections
+ for pgroup in range(0, len(module.params["name"])):
+ if module.params["scope"] == "pod":
+ pod_name = module.params["pod"] + module.params["name"][pgroup]
+ else:
+ pod_name = module.params["name"][pgroup]
+ if not _get_pg(array, pod_name):
+ module.fail_json(msg="Protection Group {0} does not exist".format(pod_name))
+
+ if state == "present" and not current_default:
+ create_default(module, array)
+ elif state == "absent" and not current_default:
+ module.exit_json(changed=False)
+ elif state == "present" and current_default:
+ update_default(module, array, current_default)
+ elif state == "absent" and current_default and module.params["name"] != [""]:
+ update_default(module, array, current_default)
+ elif state == "absent" and current_default and module.params["name"] == [""]:
+ delete_default(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_directory.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_directory.py
new file mode 100644
index 000000000..125b84172
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_directory.py
@@ -0,0 +1,234 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_directory
+version_added: '1.5.0'
+short_description: Manage FlashArray File System Directories
+description:
+- Create/Delete FlashArray File Systems
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the directory
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the directory should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ filesystem:
+ description:
+ - Name of the filesystem the directory links to.
+ type: str
+ required: true
+ path:
+ description:
+ - Path of the managed directory in the file system
+ - If not provided will default to I(name)
+ type: str
+ rename:
+ description:
+ - Value to rename the specified directory to
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create direcotry foo in filesysten bar with path zeta
+ purestorage.flasharray.purefa_directory:
+ name: foo
+ filesystem: bar
+ path: zeta
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Rename directory foo to fin in filesystem bar
+ purestorage.flasharray.purefa_directory:
+ name: foo
+ rename: fin
+ filesystem: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete diectory foo in filesystem bar
+ purestorage.flasharray.purefa_directory:
+ name: foo
+ filesystem: bar
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+
+
+def delete_dir(module, array):
+ """Delete a file system directory"""
+ changed = True
+ if not module.check_mode:
+ res = array.delete_directories(
+ names=[module.params["filesystem"] + ":" + module.params["name"]]
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete file system {0}. {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def rename_dir(module, array):
+ """Rename a file system directory"""
+ changed = False
+ target = array.get_directories(
+ names=[module.params["filesystem"] + ":" + module.params["rename"]]
+ )
+ if target.status_code != 200:
+ if not module.check_mode:
+ changed = True
+ directory = flasharray.DirectoryPatch(
+ name=module.params["filesystem"] + ":" + module.params["rename"]
+ )
+ res = array.patch_directories(
+ names=[module.params["filesystem"] + ":" + module.params["name"]],
+ directory=directory,
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete file system {0}".format(module.params["name"])
+ )
+ else:
+ module.fail_json(
+ msg="Target file system {0} already exists".format(module.params["rename"])
+ )
+ module.exit_json(changed=changed)
+
+
+def create_dir(module, array):
+ """Create a file system directory"""
+ changed = False
+ if not module.params["path"]:
+ module.params["path"] = module.params["name"]
+ all_fs = list(
+ array.get_directories(file_system_names=[module.params["filesystem"]]).items
+ )
+ for check in range(0, len(all_fs)):
+ if module.params["path"] == all_fs[check].path[1:]:
+ module.fail_json(
+ msg="Path {0} already existis in file system {1}".format(
+ module.params["path"], module.params["filesystem"]
+ )
+ )
+ changed = True
+ if not module.check_mode:
+ directory = flasharray.DirectoryPost(
+ directory_name=module.params["name"], path=module.params["path"]
+ )
+ res = array.post_directories(
+ file_system_names=[module.params["filesystem"]], directory=directory
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create file system {0}. {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ filesystem=dict(type="str", required=True),
+ name=dict(type="str", required=True),
+ rename=dict(type="str"),
+ path=dict(type="str"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array = get_array(module)
+ state = module.params["state"]
+
+ try:
+ filesystem = list(
+ array.get_file_systems(names=[module.params["filesystem"]]).items
+ )[0]
+ except Exception:
+ module.fail_json(
+ msg="Selected file system {0} does not exist".format(
+ module.params["filesystem"]
+ )
+ )
+ res = array.get_directories(
+ names=[module.params["filesystem"] + ":" + module.params["name"]]
+ )
+ exists = bool(res.status_code == 200)
+
+ if state == "present" and not exists:
+ create_dir(module, array)
+ elif (
+ state == "present"
+ and exists
+ and module.params["rename"]
+ and not filesystem.destroyed
+ ):
+ rename_dir(module, array)
+ elif state == "absent" and exists:
+ delete_dir(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dirsnap.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dirsnap.py
new file mode 100644
index 000000000..4c090bde8
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dirsnap.py
@@ -0,0 +1,474 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_dirsnap
+version_added: '1.9.0'
+short_description: Manage FlashArray File System Directory Snapshots
+description:
+- Create/Delete FlashArray File System directory snapshots
+- A full snapshot name is constructed in the form of DIR.CLIENT_NAME.SUFFIX
+ where DIR is the managed directory name, CLIENT_NAME is the client name,
+ and SUFFIX is the suffix.
+- The client visible snapshot name is CLIENT_NAME.SUFFIX.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the directory to snapshot
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the directory snapshot should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ filesystem:
+ description:
+ - Name of the filesystem the directory links to.
+ type: str
+ required: true
+ eradicate:
+ description:
+ - Define whether to eradicate the snapshot on delete or leave in trash
+ type: bool
+ default: false
+ client:
+ description:
+ - The client name portion of the client visible snapshot name
+ type: str
+ required: true
+ suffix:
+ description:
+ - Snapshot suffix to use
+ type: str
+ new_client:
+ description:
+ - The new client name when performing a rename
+ type: str
+ version_added: '1.12.0'
+ new_suffix:
+ description:
+ - The new suffix when performing a rename
+ type: str
+ version_added: '1.12.0'
+ rename:
+ description:
+ - Whether to rename a directory snapshot
+ - The snapshot client name and suffix can be changed
+ - Required with I(new_client) ans I(new_suffix)
+ type: bool
+ default: false
+ version_added: '1.12.0'
+ keep_for:
+ description:
+ - Retention period, after which snapshots will be eradicated
+ - Specify in seconds. Range 300 - 31536000 (5 minutes to 1 year)
+ - Value of 0 will set no retention period.
+ - If not specified on create will default to 0 (no retention period)
+ type: int
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create a snapshot direcotry foo in filesysten bar for client test with suffix test
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: test
+ suffix: test
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update retention time for a snapshot foo:bar.client.test
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: client
+ suffix: test
+ keep_for: 300 # 5 minutes
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete snapshot foo:bar.client.test
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: client
+ suffix: test
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Recover deleted snapshot foo:bar.client.test
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: client
+ suffix: test
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete and eradicate snapshot foo:bar.client.test
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: client
+ suffix: test
+ state: absent
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Eradicate deleted snapshot foo:bar.client.test
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: client
+ suffix: test
+ eradicate: true
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Rename snapshot
+ purestorage.flasharray.purefa_dirsnap:
+ name: foo
+ filesystem: bar
+ client: client
+ suffix: test
+ rename: true
+ new_client: client2
+ new_suffix: test2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient.flasharray import DirectorySnapshotPost, DirectorySnapshotPatch
+except ImportError:
+ HAS_PURESTORAGE = False
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+MIN_RENAME_API_VERSION = "2.10"
+
+
+def eradicate_snap(module, array):
+ """Eradicate a filesystem snapshot"""
+ changed = True
+ if not module.check_mode:
+ snapname = (
+ module.params["filesystem"]
+ + ":"
+ + module.params["name"]
+ + "."
+ + module.params["client"]
+ + "."
+ + module.params["suffix"]
+ )
+ res = array.delete_directory_snapshots(names=[snapname])
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to eradicate filesystem snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_snap(module, array):
+ """Delete a filesystem snapshot"""
+ changed = True
+ if not module.check_mode:
+ snapname = (
+ module.params["filesystem"]
+ + ":"
+ + module.params["name"]
+ + "."
+ + module.params["client"]
+ + "."
+ + module.params["suffix"]
+ )
+ directory_snapshot = DirectorySnapshotPatch(destroyed=True)
+ res = array.patch_directory_snapshots(
+ names=[snapname], directory_snapshot=directory_snapshot
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete filesystem snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ if module.params["eradicate"]:
+ eradicate_snap(module, array)
+ module.exit_json(changed=changed)
+
+
+def update_snap(module, array, snap_detail):
+ """Update a filesystem snapshot retention time"""
+ changed = True
+ snapname = (
+ module.params["filesystem"]
+ + ":"
+ + module.params["name"]
+ + "."
+ + module.params["client"]
+ + "."
+ + module.params["suffix"]
+ )
+ if module.params["rename"]:
+ if not module.params["new_client"]:
+ new_client = module.params["client"]
+ else:
+ new_client = module.params["new_client"]
+ if not module.params["new_suffix"]:
+ new_suffix = module.params["suffix"]
+ else:
+ new_suffix = module.params["new_suffix"]
+ new_snapname = (
+ module.params["filesystem"]
+ + ":"
+ + module.params["name"]
+ + "."
+ + new_client
+ + "."
+ + new_suffix
+ )
+ directory_snapshot = DirectorySnapshotPatch(
+ client_name=new_client, suffix=new_suffix
+ )
+ if not module.check_mode:
+ res = array.patch_directory_snapshots(
+ names=[snapname], directory_snapshot=directory_snapshot
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to rename snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ else:
+ snapname = new_snapname
+ if not module.params["keep_for"] or module.params["keep_for"] == 0:
+ keep_for = 0
+ elif 300 <= module.params["keep_for"] <= 31536000:
+ keep_for = module.params["keep_for"] * 1000
+ else:
+ module.fail_json(msg="keep_for not in range of 300 - 31536000")
+ if not module.check_mode:
+ if snap_detail.destroyed:
+ directory_snapshot = DirectorySnapshotPatch(destroyed=False)
+ res = array.patch_directory_snapshots(
+ names=[snapname], directory_snapshot=directory_snapshot
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to recover snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ directory_snapshot = DirectorySnapshotPatch(keep_for=keep_for)
+ if snap_detail.time_remaining == 0 and keep_for != 0:
+ res = array.patch_directory_snapshots(
+ names=[snapname], directory_snapshot=directory_snapshot
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to retention time for snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ elif snap_detail.time_remaining > 0:
+ if module.params["rename"] and module.params["keep_for"]:
+ res = array.patch_directory_snapshots(
+ names=[snapname], directory_snapshot=directory_snapshot
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to retention time for renamed snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def create_snap(module, array):
+ """Create a filesystem snapshot"""
+ changed = True
+ if not module.check_mode:
+ if not module.params["keep_for"] or module.params["keep_for"] == 0:
+ keep_for = 0
+ elif 300 <= module.params["keep_for"] <= 31536000:
+ keep_for = module.params["keep_for"] * 1000
+ else:
+ module.fail_json(msg="keep_for not in range of 300 - 31536000")
+ directory = module.params["filesystem"] + ":" + module.params["name"]
+ if module.params["suffix"]:
+ directory_snapshot = DirectorySnapshotPost(
+ client_name=module.params["client"],
+ keep_for=keep_for,
+ suffix=module.params["suffix"],
+ )
+ else:
+ directory_snapshot = DirectorySnapshotPost(
+ client_name=module.params["client"], keep_for=keep_for
+ )
+ res = array.post_directory_snapshots(
+ source_names=[directory], directory_snapshot=directory_snapshot
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create client {0} snapshot for {1}. Error: {2}".format(
+ module.params["client"], directory, res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ filesystem=dict(type="str", required=True),
+ name=dict(type="str", required=True),
+ eradicate=dict(type="bool", default=False),
+ client=dict(type="str", required=True),
+ suffix=dict(type="str"),
+ rename=dict(type="bool", default=False),
+ new_client=dict(type="str"),
+ new_suffix=dict(type="str"),
+ keep_for=dict(type="int"),
+ )
+ )
+
+ required_if = [["state", "absent", ["suffix"]]]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ if module.params["rename"]:
+ if not module.params["new_client"] and not module.params["new_suffix"]:
+ module.fail_json(msg="Rename requires one of: new_client, new_suffix")
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ client_pattern = re.compile(
+ "^(?=.*[a-zA-Z-])[a-zA-Z0-9]([a-zA-Z0-9-]{0,56}[a-zA-Z0-9])?$"
+ )
+ suffix_pattern = re.compile(
+ "^(?=.*[a-zA-Z-])[a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?$"
+ )
+ if module.params["suffix"]:
+ if not suffix_pattern.match(module.params["suffix"]):
+ module.fail_json(
+ msg="Suffix name {0} does not conform to the suffix name rules.".format(
+ module.params["suffix"]
+ )
+ )
+ if module.params["new_suffix"]:
+ if not suffix_pattern.match(module.params["new_suffix"]):
+ module.fail_json(
+ msg="Suffix rename {0} does not conform to the suffix name rules.".format(
+ module.params["new_suffix"]
+ )
+ )
+ if module.params["client"]:
+ if not client_pattern.match(module.params["client"]):
+ module.fail_json(
+ msg="Client name {0} does not conform to the client name rules.".format(
+ module.params["client"]
+ )
+ )
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ if module.params["rename"] and MIN_RENAME_API_VERSION not in api_version:
+ module.fail_json(
+ msg="Directory snapshot rename not supported. "
+ "Minimum Purity//FA version required: 6.2.1"
+ )
+ array = get_array(module)
+ state = module.params["state"]
+ snapshot_root = module.params["filesystem"] + ":" + module.params["name"]
+ if bool(
+ array.get_directories(
+ filter='name="' + snapshot_root + '"', total_item_count=True
+ ).total_item_count
+ == 0
+ ):
+ module.fail_json(msg="Directory {0} does not exist.".format(snapshot_root))
+ snap_exists = False
+ if module.params["suffix"]:
+ snap_detail = array.get_directory_snapshots(
+ filter="name='"
+ + snapshot_root
+ + "."
+ + module.params["client"]
+ + "."
+ + module.params["suffix"]
+ + "'",
+ total_item_count=True,
+ )
+ if bool(snap_detail.status_code == 200):
+ snap_exists = bool(snap_detail.total_item_count != 0)
+ if snap_exists:
+ snap_facts = list(snap_detail.items)[0]
+ if state == "present" and not snap_exists:
+ create_snap(module, array)
+ elif state == "present" and snap_exists and module.params["suffix"]:
+ update_snap(module, array, snap_facts)
+ elif state == "absent" and snap_exists and not snap_facts.destroyed:
+ delete_snap(module, array)
+ elif (
+ state == "absent"
+ and snap_exists
+ and snap_facts.destroyed
+ and module.params["eradicate"]
+ ):
+ eradicate_snap(module, array)
+ else:
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dns.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dns.py
new file mode 100644
index 000000000..746a4ed52
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dns.py
@@ -0,0 +1,349 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_dns
+version_added: '1.0.0'
+short_description: Configure FlashArray DNS settings
+description:
+- Set or erase configuration for the DNS settings.
+- Nameservers provided will overwrite any existing nameservers.
+- From Purity//FA 6.3.3 DNS setting for FA-File can be configured seperately
+ to the management DNS settings
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the DNS configuration.
+ - Default value only supported for management service
+ default: management
+ type: str
+ version_added: 1.14.0
+ state:
+ description:
+ - Set or delete directory service configuration
+ default: present
+ type: str
+ choices: [ absent, present ]
+ domain:
+ description:
+ - Domain suffix to be appended when perofrming DNS lookups.
+ type: str
+ nameservers:
+ description:
+ - List of up to 3 unique DNS server IP addresses. These can be
+ IPv4 or IPv6 - No validation is done of the addresses is performed.
+ type: list
+ elements: str
+ service:
+ description:
+ - Type of ser vice the DNS will work with
+ type: str
+ version_added: 1.14.0
+ choices: [ management, file ]
+ default: management
+ source:
+ description:
+ - A virtual network interface (vif)
+ type: str
+ version_added: 1.14.0
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng DNS settings
+ purestorage.flasharray.purefa_dns:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set managemnt DNS settings
+ purestorage.flasharray.purefa_dns:
+ domain: purestorage.com
+ nameservers:
+ - 8.8.8.8
+ - 8.8.4.4
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set file DNS settings
+ purestorage.flasharray.purefa_dns:
+ domain: purestorage.com
+ nameservers:
+ - 8.8.8.8
+ - 8.8.4.4
+ name: ad_dns
+ service: file
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MULTIPLE_DNS = "2.15"
+
+
+def remove(duplicate):
+ final_list = []
+ for num in duplicate:
+ if num not in final_list:
+ final_list.append(num)
+ return final_list
+
+
+def _get_source(module, array):
+ res = array.get_network_interfaces(names=[module.params["source"]])
+ if res.status_code == 200:
+ return True
+ else:
+ return False
+
+
+def delete_dns(module, array):
+ """Delete DNS settings"""
+ changed = False
+ current_dns = array.get_dns()
+ if current_dns["domain"] == "" and current_dns["nameservers"] == [""]:
+ module.exit_json(changed=changed)
+ else:
+ try:
+ changed = True
+ if not module.check_mode:
+ array.set_dns(domain="", nameservers=[])
+ except Exception:
+ module.fail_json(msg="Delete DNS settigs failed")
+ module.exit_json(changed=changed)
+
+
+def create_dns(module, array):
+ """Set DNS settings"""
+ changed = False
+ current_dns = array.get_dns()
+ if current_dns["domain"] != module.params["domain"] or sorted(
+ module.params["nameservers"]
+ ) != sorted(current_dns["nameservers"]):
+ try:
+ changed = True
+ if not module.check_mode:
+ array.set_dns(
+ domain=module.params["domain"],
+ nameservers=module.params["nameservers"][0:3],
+ )
+ except Exception:
+ module.fail_json(msg="Set DNS settings failed: Check configuration")
+ module.exit_json(changed=changed)
+
+
+def update_multi_dns(module, array):
+ """Update a DNS configuration"""
+ changed = False
+ current_dns = list(array.get_dns(names=[module.params["name"]]).items)[0]
+ new_dns = current_dns
+ if module.params["domain"] and current_dns.domain != module.params["domain"]:
+ new_dns.domain = module.params["domain"]
+ changed = True
+ if module.params["service"] and current_dns.services != [module.params["service"]]:
+ module.fail_json(msg="Changing service type is not permitted")
+ if module.params["nameservers"] and sorted(current_dns.nameservers) != sorted(
+ module.params["nameservers"]
+ ):
+ new_dns.nameservers = module.params["nameservers"]
+ changed = True
+ if (
+ module.params["source"] or module.params["source"] == ""
+ ) and current_dns.source.name != module.params["source"]:
+ new_dns.source.name = module.params["source"]
+ changed = True
+ if changed and not module.check_mode:
+ res = array.patch_dns(
+ names=[module.params["name"]],
+ dns=flasharray.Dns(
+ domain=new_dns.domain,
+ nameservers=new_dns.nameservers,
+ source=flasharray.ReferenceNoId(module.params["source"]),
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Update to DNS service {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_multi_dns(module, array):
+ """Delete a DNS configuration"""
+ changed = True
+ if module.params["name"] == "management":
+ res = array.update_dns(
+ names=[module.params["name"]],
+ dns=flasharray.DnsPatch(
+ domain=module.params["domain"],
+ nameservers=module.params["nameservers"],
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Management DNS configuration not deleted. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ if not module.check_mode:
+ res = array.delete_dns(names=[module.params["name"]])
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete DNS configuration {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_multi_dns(module, array):
+ """Create a DNS configuration"""
+ changed = True
+ if not module.check_mode:
+ if module.params["service"] == "file":
+ if module.params["source"]:
+ res = array.post_dns(
+ names=[module.params["name"]],
+ dns=flasharray.DnsPost(
+ services=[module.params["service"]],
+ domain=module.params["domain"],
+ nameservers=module.params["nameservers"],
+ source=flasharray.ReferenceNoId(
+ module.params["source"].lower()
+ ),
+ ),
+ )
+ else:
+ res = array.post_dns(
+ names=[module.params["name"]],
+ dns=flasharray.DnsPost(
+ services=[module.params["service"]],
+ domain=module.params["domain"],
+ nameservers=module.params["nameservers"],
+ ),
+ )
+ else:
+ res = array.create_dns(
+ names=[module.params["name"]],
+ services=[module.params["service"]],
+ domain=module.params["domain"],
+ nameservers=module.params["nameservers"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create {0} DNS configuration {1}. Error: {2}".format(
+ module.params["service"],
+ module.params["name"],
+ res.errors[0].message,
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ name=dict(type="str", default="management"),
+ service=dict(
+ type="str", default="management", choices=["management", "file"]
+ ),
+ domain=dict(type="str"),
+ source=dict(type="str"),
+ nameservers=dict(type="list", elements="str"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if module.params["nameservers"]:
+ module.params["nameservers"] = remove(module.params["nameservers"])
+ if module.params["service"] == "management":
+ module.params["nameservers"] = module.params["nameservers"][0:3]
+
+ if MULTIPLE_DNS in api_version:
+ array = get_array(module)
+ configs = list(array.get_dns().items)
+ exists = False
+ for config in range(0, len(configs)):
+ if configs[config].name == module.params["name"]:
+ exists = True
+ if (
+ module.params["service"] == "management"
+ and module.params["name"] != "management"
+ and not exists
+ ):
+ module.warn("Overriding configuration name to management")
+ module.params["name"] = "management"
+ if module.params["source"] and not _get_source(module, array):
+ module.fail_json(
+ msg="Specified VIF {0} does not exist.".format(module.params["source"])
+ )
+ if state == "present" and exists:
+ update_multi_dns(module, array)
+ elif state == "present" and not exists:
+ if len(configs) == 2:
+ module.fail_json(
+ msg="Only 2 DNS configurations are currently "
+ "supported. One for management and one for file services"
+ )
+ create_multi_dns(module, array)
+ elif exists and state == "absent":
+ delete_multi_dns(module, array)
+ else:
+ module.exit_json(changed=False)
+ else:
+ if state == "absent":
+ delete_dns(module, array)
+ elif state == "present":
+ if not module.params["domain"] or not module.params["nameservers"]:
+ module.fail_json(
+ msg="`domain` and `nameservers` are required for DNS configuration"
+ )
+ create_dns(module, array)
+ else:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ds.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ds.py
new file mode 100644
index 000000000..195aa2155
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ds.py
@@ -0,0 +1,609 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_ds
+version_added: '1.0.0'
+short_description: Configure FlashArray Directory Service
+description:
+- Set or erase configuration for the directory service. There is no facility
+ to SSL certificates at this time. Use the FlashArray GUI for this
+ additional configuration work.
+- To modify an existing directory service configuration you must first delete
+ an exisitng configuration and then recreate with new settings.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ type: str
+ description:
+ - Create or delete directory service configuration
+ default: present
+ choices: [ absent, present ]
+ enable:
+ description:
+ - Whether to enable or disable directory service support.
+ default: false
+ type: bool
+ dstype:
+ description:
+ - The type of directory service to work on
+ choices: [ management, data ]
+ type: str
+ default: management
+ uri:
+ type: list
+ elements: str
+ description:
+ - A list of up to 30 URIs of the directory servers. Each URI must include
+ the scheme ldap:// or ldaps:// (for LDAP over SSL), a hostname, and a
+ domain name or IP address. For example, ldap://ad.company.com configures
+ the directory service with the hostname "ad" in the domain "company.com"
+ while specifying the unencrypted LDAP protocol.
+ base_dn:
+ type: str
+ description:
+ - Sets the base of the Distinguished Name (DN) of the directory service
+ groups. The base should consist of only Domain Components (DCs). The
+ base_dn will populate with a default value when a URI is entered by
+ parsing domain components from the URI. The base DN should specify DC=
+ for each domain component and multiple DCs should be separated by commas.
+ bind_password:
+ type: str
+ description:
+ - Sets the password of the bind_user user name account.
+ force_bind_password:
+ type: bool
+ default: true
+ description:
+ - Will force the bind password to be reset even if the bind user password
+ is unchanged.
+ - If set to I(false) and I(bind_user) is unchanged the password will not
+ be reset.
+ version_added: 1.14.0
+ bind_user:
+ type: str
+ description:
+ - Sets the user name that can be used to bind to and query the directory.
+ - For Active Directory, enter the username - often referred to as
+ sAMAccountName or User Logon Name - of the account that is used to
+ perform directory lookups.
+ - For OpenLDAP, enter the full DN of the user.
+ group_base:
+ type: str
+ description:
+ - Specifies where the configured groups are located in the directory
+ tree. This field consists of Organizational Units (OUs) that combine
+ with the base DN attribute and the configured group CNs to complete
+ the full Distinguished Name of the groups. The group base should
+ specify OU= for each OU and multiple OUs should be separated by commas.
+ The order of OUs is important and should get larger in scope from left
+ to right. Each OU should not exceed 64 characters in length.
+ - Not Supported from Purity 5.2.0 or higher.
+ Use I(purestorage.flasharray.purefa_dsrole) module.
+ ro_group:
+ type: str
+ description:
+ - Sets the common Name (CN) of the configured directory service group
+ containing users with read-only privileges on the FlashArray. This
+ name should be just the Common Name of the group without the CN=
+ specifier. Common Names should not exceed 64 characters in length.
+ - Not Supported from Purity 5.2.0 or higher.
+ Use I(purestorage.flasharray.purefa_dsrole) module.
+ sa_group:
+ type: str
+ description:
+ - Sets the common Name (CN) of the configured directory service group
+ containing administrators with storage-related privileges on the
+ FlashArray. This name should be just the Common Name of the group
+ without the CN= specifier. Common Names should not exceed 64
+ characters in length.
+ - Not Supported from Purity 5.2.0 or higher.
+ Use I(purestorage.flasharray.purefa_dsrole) module.
+ aa_group:
+ type: str
+ description:
+ - Sets the common Name (CN) of the directory service group containing
+ administrators with full privileges when managing the FlashArray.
+ The name should be just the Common Name of the group without the
+ CN= specifier. Common Names should not exceed 64 characters in length.
+ - Not Supported from Purity 5.2.0 or higher.
+ Use I(purestorage.flasharray.purefa_dsrole) module.
+ user_login:
+ type: str
+ description:
+ - User login attribute in the structure of the configured LDAP servers.
+ Typically the attribute field that holds the users unique login name.
+ Default value is I(sAMAccountName) for Active Directory or I(uid)
+ for all other directory services
+ - Supported from Purity 6.0 or higher.
+ user_object:
+ type: str
+ description:
+ - Value of the object class for a management LDAP user.
+ Defaults to I(User) for Active Directory servers, I(posixAccount) or
+ I(shadowAccount) for OpenLDAP servers dependent on the group type
+ of the server, or person for all other directory servers.
+ - Supported from Purity 6.0 or higher.
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete existing directory service
+ purestorage.flasharray.purefa_ds:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create directory service (disabled) - Pre-5.2.0
+ purestorage.flasharray.purefa_ds:
+ uri: "ldap://lab.purestorage.com"
+ base_dn: "DC=lab,DC=purestorage,DC=com"
+ bind_user: Administrator
+ bind_password: password
+ group_base: "OU=Pure-Admin"
+ ro_group: PureReadOnly
+ sa_group: PureStorage
+ aa_group: PureAdmin
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create directory service (disabled) - 5.2.0 or higher
+ purestorage.flasharray.purefa_ds:
+ dstype: management
+ uri: "ldap://lab.purestorage.com"
+ base_dn: "DC=lab,DC=purestorage,DC=com"
+ bind_user: Administrator
+ bind_password: password
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Enable existing directory service
+ purestorage.flasharray.purefa_ds:
+ enable: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable existing directory service
+ purestorage.flasharray.purefa_ds:
+ enable: false
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create directory service (enabled) - Pre-5.2.0
+ purestorage.flasharray.purefa_ds:
+ enable: true
+ uri: "ldap://lab.purestorage.com"
+ base_dn: "DC=lab,DC=purestorage,DC=com"
+ bind_user: Administrator
+ bind_password: password
+ group_base: "OU=Pure-Admin"
+ ro_group: PureReadOnly
+ sa_group: PureStorage
+ aa_group: PureAdmin
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create directory service (enabled) - 5.2.0 or higher
+ purestorage.flasharray.purefa_ds:
+ enable: true
+ dstype: management
+ uri: "ldap://lab.purestorage.com"
+ base_dn: "DC=lab,DC=purestorage,DC=com"
+ bind_user: Administrator
+ bind_password: password
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+
+DS_ROLE_REQUIRED_API_VERSION = "1.16"
+FAFILES_API_VERSION = "2.2"
+
+
+def disable_ds(module, array):
+ """Disable Directory Service"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.disable_directory_service()
+ except Exception:
+ module.fail_json(msg="Disable Directory Service failed")
+ module.exit_json(changed=changed)
+
+
+def enable_ds(module, array):
+ """Enable Directory Service"""
+ changed = False
+ api_version = array._list_available_rest_versions()
+ if DS_ROLE_REQUIRED_API_VERSION in api_version:
+ try:
+ roles = array.list_directory_service_roles()
+ enough_roles = False
+ for role in range(0, len(roles)):
+ if roles[role]["group_base"]:
+ enough_roles = True
+ if enough_roles:
+ changed = True
+ if not module.check_mode:
+ array.enable_directory_service()
+ else:
+ module.fail_json(
+ msg="Cannot enable directory service - please create a directory service role"
+ )
+ except Exception:
+ module.fail_json(msg="Enable Directory Service failed: Check Configuration")
+ else:
+ try:
+ changed = True
+ if not module.check_mode:
+ array.enable_directory_service()
+ except Exception:
+ module.fail_json(msg="Enable Directory Service failed: Check Configuration")
+ module.exit_json(changed=changed)
+
+
+def delete_ds(module, array):
+ """Delete Directory Service"""
+ changed = True
+ if not module.check_mode:
+ try:
+ api_version = array._list_available_rest_versions()
+ array.set_directory_service(enabled=False)
+ if DS_ROLE_REQUIRED_API_VERSION in api_version:
+ array.set_directory_service(
+ uri=[""], base_dn="", bind_user="", bind_password="", certificate=""
+ )
+ else:
+ array.set_directory_service(
+ uri=[""],
+ base_dn="",
+ group_base="",
+ bind_user="",
+ bind_password="",
+ readonly_group="",
+ storage_admin_group="",
+ array_admin_group="",
+ certificate="",
+ )
+ except Exception:
+ module.fail_json(msg="Delete Directory Service failed")
+ module.exit_json(changed=changed)
+
+
+def delete_ds_v6(module, array):
+ """Delete Directory Service"""
+ changed = True
+ if module.params["dstype"] == "management":
+ management = flasharray.DirectoryServiceManagement(
+ user_login_attribute="", user_object_class=""
+ )
+ directory_service = flasharray.DirectoryService(
+ uris=[""],
+ base_dn="",
+ bind_user="",
+ bind_password="",
+ enabled=False,
+ services=module.params["dstype"],
+ management=management,
+ )
+ else:
+ directory_service = flasharray.DirectoryService(
+ uris=[""],
+ base_dn="",
+ bind_user="",
+ bind_password="",
+ enabled=False,
+ services=module.params["dstype"],
+ )
+ if not module.check_mode:
+ res = array.patch_directory_services(
+ names=[module.params["dstype"]], directory_service=directory_service
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Delete {0} Directory Service failed. Error message: {1}".format(
+ module.params["dstype"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_ds(module, array):
+ """Create Directory Service"""
+ changed = False
+ if None in (
+ module.params["bind_password"],
+ module.params["bind_user"],
+ module.params["base_dn"],
+ module.params["uri"],
+ ):
+ module.fail_json(
+ msg="Parameters 'bind_password', 'bind_user', 'base_dn' and 'uri' are all required"
+ )
+ api_version = array._list_available_rest_versions()
+ if DS_ROLE_REQUIRED_API_VERSION in api_version:
+ try:
+ changed = True
+ if not module.check_mode:
+ array.set_directory_service(
+ uri=module.params["uri"],
+ base_dn=module.params["base_dn"],
+ bind_user=module.params["bind_user"],
+ bind_password=module.params["bind_password"],
+ )
+ roles = array.list_directory_service_roles()
+ enough_roles = False
+ for role in range(0, len(roles)):
+ if roles[role]["group_base"]:
+ enough_roles = True
+ if enough_roles:
+ array.set_directory_service(enabled=module.params["enable"])
+ else:
+ module.fail_json(
+ msg="Cannot enable directory service - please create a directory service role"
+ )
+ except Exception:
+ module.fail_json(msg="Create Directory Service failed: Check configuration")
+ else:
+ groups_rule = [
+ not module.params["ro_group"],
+ not module.params["sa_group"],
+ not module.params["aa_group"],
+ ]
+
+ if all(groups_rule):
+ module.fail_json(msg="At least one group must be configured")
+ try:
+ changed = True
+ if not module.check_mode:
+ array.set_directory_service(
+ uri=module.params["uri"],
+ base_dn=module.params["base_dn"],
+ group_base=module.params["group_base"],
+ bind_user=module.params["bind_user"],
+ bind_password=module.params["bind_password"],
+ readonly_group=module.params["ro_group"],
+ storage_admin_group=module.params["sa_group"],
+ array_admin_group=module.params["aa_group"],
+ )
+ array.set_directory_service(enabled=module.params["enable"])
+ except Exception:
+ module.fail_json(msg="Create Directory Service failed: Check configuration")
+ module.exit_json(changed=changed)
+
+
+def update_ds_v6(module, array):
+ """Update Directory Service"""
+ changed = False
+ ds_change = False
+ password_required = False
+ dirserv = list(
+ array.get_directory_services(
+ filter="name='" + module.params["dstype"] + "'"
+ ).items
+ )[0]
+ current_ds = dirserv
+ if module.params["uri"] and current_ds.uris is None:
+ password_required = True
+ if current_ds.uris != module.params["uri"]:
+ uris = module.params["uri"]
+ ds_change = True
+ else:
+ uris = current_ds.uris
+ try:
+ base_dn = current_ds.base_dn
+ except AttributeError:
+ base_dn = ""
+ try:
+ bind_user = current_ds.bind_user
+ except AttributeError:
+ bind_user = ""
+ if module.params["base_dn"] != "" and module.params["base_dn"] != base_dn:
+ base_dn = module.params["base_dn"]
+ ds_change = True
+ if module.params["bind_user"] != "":
+ bind_user = module.params["bind_user"]
+ if module.params["bind_user"] != bind_user:
+ password_required = True
+ ds_change = True
+ elif module.params["force_bind_password"]:
+ password_required = True
+ ds_change = True
+ if module.params["bind_password"] is not None and password_required:
+ bind_password = module.params["bind_password"]
+ ds_change = True
+ if module.params["enable"] != current_ds.enabled:
+ ds_change = True
+ if password_required and not module.params["bind_password"]:
+ module.fail_json(msg="'bind_password' must be provided for this task")
+ if module.params["dstype"] == "management":
+ try:
+ user_login = current_ds.management.user_login_attribute
+ except AttributeError:
+ user_login = ""
+ try:
+ user_object = current_ds.management.user_object_class
+ except AttributeError:
+ user_object = ""
+ if (
+ module.params["user_object"] is not None
+ and user_object != module.params["user_object"]
+ ):
+ user_object = module.params["user_object"]
+ ds_change = True
+ if (
+ module.params["user_login"] is not None
+ and user_login != module.params["user_login"]
+ ):
+ user_login = module.params["user_login"]
+ ds_change = True
+ management = flasharray.DirectoryServiceManagement(
+ user_login_attribute=user_login, user_object_class=user_object
+ )
+ if password_required:
+ directory_service = flasharray.DirectoryService(
+ uris=uris,
+ base_dn=base_dn,
+ bind_user=bind_user,
+ bind_password=bind_password,
+ enabled=module.params["enable"],
+ services=module.params["dstype"],
+ management=management,
+ )
+ else:
+ directory_service = flasharray.DirectoryService(
+ uris=uris,
+ base_dn=base_dn,
+ bind_user=bind_user,
+ enabled=module.params["enable"],
+ services=module.params["dstype"],
+ management=management,
+ )
+ else:
+ if password_required:
+ directory_service = flasharray.DirectoryService(
+ uris=uris,
+ base_dn=base_dn,
+ bind_user=bind_user,
+ bind_password=bind_password,
+ enabled=module.params["enable"],
+ services=module.params["dstype"],
+ )
+ else:
+ directory_service = flasharray.DirectoryService(
+ uris=uris,
+ base_dn=base_dn,
+ bind_user=bind_user,
+ enabled=module.params["enable"],
+ services=module.params["dstype"],
+ )
+ if ds_change:
+ changed = True
+ if not module.check_mode:
+ res = array.patch_directory_services(
+ names=[module.params["dstype"]], directory_service=directory_service
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="{0} Directory Service failed. Error message: {1}".format(
+ module.params["dstype"].capitalize(), res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ uri=dict(type="list", elements="str"),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ enable=dict(type="bool", default=False),
+ force_bind_password=dict(type="bool", default=True, no_log=True),
+ bind_password=dict(type="str", no_log=True),
+ bind_user=dict(type="str"),
+ base_dn=dict(type="str"),
+ group_base=dict(type="str"),
+ user_login=dict(type="str"),
+ user_object=dict(type="str"),
+ ro_group=dict(type="str"),
+ sa_group=dict(type="str"),
+ aa_group=dict(type="str"),
+ dstype=dict(
+ type="str", default="management", choices=["management", "data"]
+ ),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required to for this module")
+
+ if FAFILES_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+
+ if module.params["dstype"] == "data":
+ if FAFILES_API_VERSION in api_version:
+ if len(list(arrayv6.get_directory_services().items)) == 1:
+ module.warn("FA-Files is not enabled - ignoring")
+ module.exit_json(changed=False)
+ else:
+ module.fail_json(
+ msg="'data' directory service requires Purity//FA 6.0.0 or higher"
+ )
+
+ state = module.params["state"]
+ ds_exists = False
+ if FAFILES_API_VERSION in api_version:
+ dirserv = list(
+ arrayv6.get_directory_services(
+ filter="name='" + module.params["dstype"] + "'"
+ ).items
+ )[0]
+ if state == "absent" and dirserv.uris != []:
+ delete_ds_v6(module, arrayv6)
+ else:
+ update_ds_v6(module, arrayv6)
+ else:
+ dirserv = array.get_directory_service()
+ ds_enabled = dirserv["enabled"]
+ if dirserv["base_dn"]:
+ ds_exists = True
+
+ if state == "absent" and ds_exists:
+ delete_ds(module, array)
+ elif ds_exists and module.params["enable"] and ds_enabled:
+ module.warn(
+ "To update an existing directory service configuration in Purity//FA 5.x, please delete and recreate"
+ )
+ module.exit_json(changed=False)
+ elif ds_exists and not module.params["enable"] and ds_enabled:
+ disable_ds(module, array)
+ elif ds_exists and module.params["enable"] and not ds_enabled:
+ enable_ds(module, array)
+ elif not ds_exists and state == "present":
+ create_ds(module, array)
+ else:
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dsrole.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dsrole.py
new file mode 100644
index 000000000..ce6e8c0a5
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_dsrole.py
@@ -0,0 +1,200 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_dsrole
+version_added: '1.0.0'
+short_description: Configure FlashArray Directory Service Roles
+description:
+- Set or erase directory services role configurations.
+- Only available for FlashArray running Purity 5.2.0 or higher
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create or delete directory service role
+ type: str
+ default: present
+ choices: [ absent, present ]
+ role:
+ description:
+ - The directory service role to work on
+ type: str
+ required: true
+ choices: [ array_admin, ops_admin, readonly, storage_admin ]
+ group_base:
+ type: str
+ description:
+ - Specifies where the configured group is located in the directory
+ tree. This field consists of Organizational Units (OUs) that combine
+ with the base DN attribute and the configured group CNs to complete
+ the full Distinguished Name of the groups. The group base should
+ specify OU= for each OU and multiple OUs should be separated by commas.
+ The order of OUs is important and should get larger in scope from left
+ to right.
+ - Each OU should not exceed 64 characters in length.
+ group:
+ type: str
+ description:
+ - Sets the common Name (CN) of the configured directory service group
+ containing users for the FlashBlade. This name should be just the
+ Common Name of the group without the CN= specifier.
+ - Common Names should not exceed 64 characters in length.
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng array_admin directory service role
+ purestorage.flasharray.purefa_dsrole:
+ role: array_admin
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create array_admin directory service role
+ purestorage.flasharray.purefa_dsrole:
+ role: array_admin
+ group_base: "OU=PureGroups,OU=SANManagers"
+ group: pureadmins
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update ops_admin directory service role
+ purestorage.flasharray.purefa_dsrole:
+ role: ops_admin
+ group_base: "OU=PureGroups"
+ group: opsgroup
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def update_role(module, array):
+ """Update Directory Service Role"""
+ changed = False
+ role = array.list_directory_service_roles(names=[module.params["role"]])
+ if (
+ role[0]["group_base"] != module.params["group_base"]
+ or role[0]["group"] != module.params["group"]
+ ):
+ try:
+ changed = True
+ if not module.check_mode:
+ array.set_directory_service_roles(
+ names=[module.params["role"]],
+ group_base=module.params["group_base"],
+ group=module.params["group"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Update Directory Service Role {0} failed".format(
+ module.params["role"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_role(module, array):
+ """Delete Directory Service Role"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_directory_service_roles(
+ names=[module.params["role"]], group_base="", group=""
+ )
+ except Exception:
+ module.fail_json(
+ msg="Delete Directory Service Role {0} failed".format(
+ module.params["role"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_role(module, array):
+ """Create Directory Service Role"""
+ changed = False
+ if not module.params["group"] == "" or not module.params["group_base"] == "":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_directory_service_roles(
+ names=[module.params["role"]],
+ group_base=module.params["group_base"],
+ group=module.params["group"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Create Directory Service Role {0} failed".format(
+ module.params["role"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ role=dict(
+ required=True,
+ type="str",
+ choices=["array_admin", "ops_admin", "readonly", "storage_admin"],
+ ),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ group_base=dict(type="str"),
+ group=dict(type="str"),
+ )
+ )
+
+ required_together = [["group", "group_base"]]
+
+ module = AnsibleModule(
+ argument_spec, required_together=required_together, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+ role_configured = False
+ role = array.list_directory_service_roles(names=[module.params["role"]])
+ if role[0]["group"] is not None:
+ role_configured = True
+
+ if state == "absent" and role_configured:
+ delete_role(module, array)
+ elif role_configured and state == "present":
+ update_role(module, array)
+ elif not role_configured and state == "present":
+ create_role(module, array)
+ else:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_endpoint.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_endpoint.py
new file mode 100644
index 000000000..c759be4af
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_endpoint.py
@@ -0,0 +1,347 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_endpoint
+short_description: Manage VMware protocol-endpoints on Pure Storage FlashArrays
+version_added: '1.0.0'
+description:
+- Create, delete or eradicate the an endpoint on a Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the endpoint.
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the endpoint should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ eradicate:
+ description:
+ - Define whether to eradicate the endpoint on delete or leave in trash.
+ type: bool
+ default: false
+ rename:
+ description:
+ - Value to rename the specified endpoint to.
+ - Rename only applies to the container the current endpoint is in.
+ type: str
+ host:
+ description:
+ - name of host to attach endpoint to
+ type: str
+ hgroup:
+ description:
+ - name of hostgroup to attach endpoint to
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new endpoint named foo
+ purestorage.flasharray.purefa_endpoint:
+ name: test-endpoint
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Delete and eradicate endpoint named foo
+ purestorage.flasharray.purefa_endpoint:
+ name: foo
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Rename endpoint foor to bar
+ purestorage.flasharray.purefa_endpoint:
+ name: foo
+ rename: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+volume:
+ description: A dictionary describing the changed volume. Only some
+ attributes below will be returned with various actions.
+ type: dict
+ returned: success
+ contains:
+ source:
+ description: Volume name of source volume used for volume copy
+ type: str
+ serial:
+ description: Volume serial number
+ type: str
+ sample: '361019ECACE43D83000120A4'
+ created:
+ description: Volume creation time
+ type: str
+ sample: '2019-03-13T22:49:24Z'
+ name:
+ description: Volume name
+ type: str
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+VGROUPS_API_VERSION = "1.13"
+
+
+def get_volume(volume, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(volume, pending=True)
+ except Exception:
+ return None
+
+
+def get_target(volume, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(volume, pending=True)
+ except Exception:
+ return None
+
+
+def get_endpoint(vol, array):
+ """Return Endpoint or None"""
+ try:
+ return array.get_volume(vol, protocol_endpoint=True)
+ except Exception:
+ return None
+
+
+def get_destroyed_endpoint(vol, array):
+ """Return Endpoint Endpoint or None"""
+ try:
+ return bool(
+ array.get_volume(vol, protocol_endpoint=True, pending=True)[
+ "time_remaining"
+ ]
+ != ""
+ )
+ except Exception:
+ return None
+
+
+def check_vgroup(module, array):
+ """Check is the requested VG to create volume in exists"""
+ vg_exists = False
+ vg_name = module.params["name"].split("/")[0]
+ try:
+ vgs = array.list_vgroups()
+ except Exception:
+ module.fail_json(msg="Failed to get volume groups list. Check array.")
+ for vgroup in range(0, len(vgs)):
+ if vg_name == vgs[vgroup]["name"]:
+ vg_exists = True
+ break
+ return vg_exists
+
+
+def create_endpoint(module, array):
+ """Create Endpoint"""
+ changed = False
+ volfact = []
+ if "/" in module.params["name"] and not check_vgroup(module, array):
+ module.fail_json(
+ msg="Failed to create endpoint {0}. Volume Group does not exist.".format(
+ module.params["name"]
+ )
+ )
+ try:
+ changed = True
+ if not module.check_mode:
+ volfact = array.create_conglomerate_volume(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Endpoint {0} creation failed.".format(module.params["name"])
+ )
+ if module.params["host"]:
+ try:
+ if not module.check_mode:
+ array.connect_host(module.params["host"], module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to attach endpoint {0} to host {1}.".format(
+ module.params["name"], module.params["host"]
+ )
+ )
+ if module.params["hgroup"]:
+ try:
+ if not module.check_mode:
+ array.connect_hgroup(module.params["hgroup"], module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to attach endpoint {0} to hostgroup {1}.".format(
+ module.params["name"], module.params["hgroup"]
+ )
+ )
+
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def rename_endpoint(module, array):
+ """Rename endpoint within a container, ie vgroup or local array"""
+ changed = False
+ volfact = []
+ target_name = module.params["rename"]
+ if "/" in module.params["rename"] or "::" in module.params["rename"]:
+ module.fail_json(msg="Target endpoint cannot include a container name")
+ if "/" in module.params["name"]:
+ vgroup_name = module.params["name"].split("/")[0]
+ target_name = vgroup_name + "/" + module.params["rename"]
+ if get_target(target_name, array) or get_destroyed_endpoint(target_name, array):
+ module.fail_json(msg="Target endpoint {0} already exists.".format(target_name))
+ else:
+ try:
+ changed = True
+ if not module.check_mode:
+ volfact = array.rename_volume(module.params["name"], target_name)
+ except Exception:
+ module.fail_json(
+ msg="Rename endpoint {0} to {1} failed.".format(
+ module.params["name"], module.params["rename"]
+ )
+ )
+
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def delete_endpoint(module, array):
+ """Delete Endpoint"""
+ changed = True
+ volfact = []
+ if not module.check_mode:
+ try:
+ array.destroy_volume(module.params["name"])
+ if module.params["eradicate"]:
+ try:
+ volfact = array.eradicate_volume(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Eradicate endpoint {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ except Exception:
+ module.fail_json(
+ msg="Delete endpoint {0} failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def recover_endpoint(module, array):
+ """Recover Deleted Endpoint"""
+ changed = True
+ volfact = []
+ if not module.check_mode:
+ try:
+ array.recover_volume(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Recovery of endpoint {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def eradicate_endpoint(module, array):
+ """Eradicate Deleted Endpoint"""
+ changed = True
+ volfact = []
+ if not module.check_mode:
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_volume(module.params["name"], protocol_endpoint=True)
+ except Exception:
+ module.fail_json(
+ msg="Eradication of endpoint {0} failed".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ rename=dict(type="str"),
+ host=dict(type="str"),
+ hgroup=dict(type="str"),
+ eradicate=dict(type="bool", default=False),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ )
+ )
+
+ mutually_exclusive = [["rename", "eradicate"], ["host", "hgroup"]]
+
+ module = AnsibleModule(
+ argument_spec, mutually_exclusive=mutually_exclusive, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ destroyed = False
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if VGROUPS_API_VERSION not in api_version:
+ module.fail_json(
+ msg="Purity version does not support endpoints. Please contact support"
+ )
+ volume = get_volume(module.params["name"], array)
+ if volume:
+ module.fail_json(
+ msg="Volume {0} is an true volume. Please use the purefa_volume module".format(
+ module.params["name"]
+ )
+ )
+ endpoint = get_endpoint(module.params["name"], array)
+ if not endpoint:
+ destroyed = get_destroyed_endpoint(module.params["name"], array)
+
+ if state == "present" and not endpoint and not destroyed:
+ create_endpoint(module, array)
+ elif state == "present" and endpoint and module.params["rename"]:
+ rename_endpoint(module, array)
+ elif state == "present" and destroyed:
+ recover_endpoint(module, array)
+ elif state == "absent" and endpoint:
+ delete_endpoint(module, array)
+ elif state == "absent" and destroyed:
+ eradicate_endpoint(module, array)
+ elif state == "absent" and not endpoint and not volume:
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_eradication.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_eradication.py
new file mode 100644
index 000000000..ea7bd48bc
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_eradication.py
@@ -0,0 +1,117 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_eradication
+version_added: '1.9.0'
+short_description: Configure Pure Storage FlashArray Eradication Timer
+description:
+- Configure the eradication timer for destroyed items on a FlashArray.
+- Valid values are integer days from 1 to 30. Default is 1.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ timer:
+ description:
+ - Set the eradication timer for the FlashArray
+ - Allowed values are integers from 1 to 30. Default is 1
+ default: 1
+ type: int
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Set eradication timer to 30 days
+ purestorage.flasharray.purefa_eradication:
+ timer: 30
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set eradication timer to 1 day
+ purestorage.flasharray.purefa_eradication:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient.flasharray import Arrays, EradicationConfig
+except ImportError:
+ HAS_PURESTORAGE = False
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+SEC_PER_DAY = 86400000
+ERADICATION_API_VERSION = "2.6"
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ timer=dict(type="int", default="1"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+ if not 30 >= module.params["timer"] >= 1:
+ module.fail_json(msg="Eradication Timer must be between 1 and 30 days.")
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ changed = False
+ if ERADICATION_API_VERSION in api_version:
+ array = get_array(module)
+ current_timer = (
+ list(array.get_arrays().items)[0].eradication_config.eradication_delay
+ / SEC_PER_DAY
+ )
+ if module.params["timer"] != current_timer:
+ changed = True
+ if not module.check_mode:
+ new_timer = SEC_PER_DAY * module.params["timer"]
+ eradication_config = EradicationConfig(eradication_delay=new_timer)
+ res = array.patch_arrays(
+ array=Arrays(eradication_config=eradication_config)
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to change Eradication Timer. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Purity version does not support changing Eradication Timer"
+ )
+ module.exit_json(changed=changed)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_eula.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_eula.py
new file mode 100644
index 000000000..8d4d9536c
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_eula.py
@@ -0,0 +1,117 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_eula
+version_added: '1.0.0'
+short_description: Sign Pure Storage FlashArray EULA
+description:
+- Sign the FlashArray EULA for Day 0 config, or change signatory.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ company:
+ description:
+ - Full legal name of the entity.
+ - The value must be between 1 and 64 characters in length.
+ type: str
+ required: true
+ name:
+ description:
+ - Full legal name of the individual at the company who has the authority to accept the terms of the agreement.
+ - The value must be between 1 and 64 characters in length.
+ type: str
+ required: true
+ title:
+ description:
+ - Individual's job title at the company.
+ - The value must be between 1 and 64 characters in length.
+ type: str
+ required: true
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Sign EULA for FlashArray
+ purestorage.flasharray.purefa_eula:
+ company: "ACME Storage, Inc."
+ name: "Fred Bloggs"
+ title: "Storage Manager"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+EULA_API_VERSION = "1.17"
+
+
+def set_eula(module, array):
+ """Sign EULA"""
+ changed = False
+ try:
+ current_eula = array.get_eula()
+ except Exception:
+ module.fail_json(msg="Failed to get current EULA")
+ if (
+ current_eula["acceptance"]["company"] != module.params["company"]
+ or current_eula["acceptance"]["title"] != module.params["title"]
+ or current_eula["acceptance"]["name"] != module.params["name"]
+ ):
+ try:
+ changed = True
+ if not module.check_mode:
+ array.set_eula(
+ company=module.params["company"],
+ title=module.params["title"],
+ name=module.params["name"],
+ )
+ except Exception:
+ module.fail_json(msg="Signing EULA failed")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ company=dict(type="str", required=True),
+ name=dict(type="str", required=True),
+ title=dict(type="str", required=True),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if EULA_API_VERSION in api_version:
+ set_eula(module, array)
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_export.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_export.py
new file mode 100644
index 000000000..5188dbd96
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_export.py
@@ -0,0 +1,251 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_export
+version_added: '1.5.0'
+short_description: Manage FlashArray File System Exports
+description:
+- Create/Delete FlashArray File Systems Exports
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the export
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the export should exist or not.
+ - You must specify an NFS or SMB policy, or both on creation and deletion.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ filesystem:
+ description:
+ - Name of the filesystem the export applies to
+ type: str
+ required: true
+ directory:
+ description:
+ - Name of the managed directory in the file system the export applies to
+ type: str
+ required: true
+ nfs_policy:
+ description:
+ - Name of NFS Policy to apply to the export
+ type: str
+ smb_policy:
+ description:
+ - Name of SMB Policy to apply to the export
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create NFS and SMB exports for directory foo in filesysten bar
+ purestorage.flasharray.purefa_export:
+ name: export1
+ filesystem: bar
+ directory: foo
+ nfs_policy: nfs-example
+ smb_polict: smb-example
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete NFS export for directory foo in filesystem bar
+ purestorage.flasharray.purefa_export:
+ name: export1
+ filesystem: bar
+ directory: foo
+ nfs_policy: nfs-example
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.3"
+
+
+def delete_export(module, array):
+ """Delete a file system export"""
+ changed = False
+ all_policies = []
+ directory = module.params["filesystem"] + ":" + module.params["directory"]
+ if not module.params["nfs_policy"] and not module.params["smb_policy"]:
+ module.fail_json(msg="At least one policy must be provided")
+ if module.params["nfs_policy"]:
+ policy_exists = bool(
+ array.get_directory_exports(
+ export_names=[module.params["name"]],
+ policy_names=[module.params["nfs_policy"]],
+ directory_names=[directory],
+ ).status_code
+ == 200
+ )
+ if policy_exists:
+ all_policies.append(module.params["nfs_policy"])
+ if module.params["smb_policy"]:
+ policy_exists = bool(
+ array.get_directory_exports(
+ export_names=[module.params["name"]],
+ policy_names=[module.params["smb_policy"]],
+ directory_names=[directory],
+ ).status_code
+ == 200
+ )
+ if policy_exists:
+ all_policies.append(module.params["smb_policy"])
+ if all_policies:
+ changed = True
+ if not module.check_mode:
+ res = array.delete_directory_exports(
+ export_names=[module.params["name"]], policy_names=all_policies
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete file system export {0}. {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_export(module, array):
+ """Create a file system export"""
+ changed = False
+ if not module.params["nfs_policy"] and not module.params["smb_policy"]:
+ module.fail_json(msg="At least one policy must be provided")
+ all_policies = []
+ if module.params["nfs_policy"]:
+ if bool(
+ array.get_policies_nfs(names=[module.params["nfs_policy"]]).status_code
+ != 200
+ ):
+ module.fail_json(
+ msg="NFS Policy {0} does not exist.".format(module.params["nfs_policy"])
+ )
+ if bool(
+ array.get_directory_exports(
+ export_names=[module.params["name"]],
+ policy_names=[module.params["nfs_policy"]],
+ ).status_code
+ != 200
+ ):
+ all_policies.append(module.params["nfs_policy"])
+ if module.params["smb_policy"]:
+ if bool(
+ array.get_policies_smb(names=[module.params["smb_policy"]]).status_code
+ != 200
+ ):
+ module.fail_json(
+ msg="SMB Policy {0} does not exist.".format(module.params["smb_policy"])
+ )
+ if bool(
+ array.get_directory_exports(
+ export_names=[module.params["name"]],
+ policy_names=[module.params["smb_policy"]],
+ ).status_code
+ != 200
+ ):
+ all_policies.append(module.params["smb_policy"])
+ if all_policies:
+ export = flasharray.DirectoryExportPost(export_name=module.params["name"])
+ changed = True
+ if not module.check_mode:
+ res = array.post_directory_exports(
+ directory_names=[
+ module.params["filesystem"] + ":" + module.params["directory"]
+ ],
+ exports=export,
+ policy_names=all_policies,
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create file system exports for {0}:{1}. Error: {2}".format(
+ module.params["filesystem"],
+ module.params["directory"],
+ res.errors[0].message,
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ filesystem=dict(type="str", required=True),
+ directory=dict(type="str", required=True),
+ name=dict(type="str", required=True),
+ nfs_policy=dict(type="str"),
+ smb_policy=dict(type="str"),
+ )
+ )
+
+ required_if = [["state", "present", ["filesystem", "directory"]]]
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array = get_array(module)
+ state = module.params["state"]
+
+ exists = bool(
+ array.get_directory_exports(export_names=[module.params["name"]]).status_code
+ == 200
+ )
+
+ if state == "present":
+ create_export(module, array)
+ elif state == "absent" and exists:
+ delete_export(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_fs.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_fs.py
new file mode 100644
index 000000000..05fbcb29b
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_fs.py
@@ -0,0 +1,367 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_fs
+version_added: '1.5.0'
+short_description: Manage FlashArray File Systems
+description:
+- Create/Delete FlashArray File Systems
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the file system
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the file system should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ eradicate:
+ description:
+ - Define whether to eradicate the file system on delete or leave in trash.
+ type: bool
+ default: false
+ rename:
+ description:
+ - Value to rename the specified file system to
+ - Rename only applies to the container the current filesystem is in.
+ - There is no requirement to specify the pod name as this is implied.
+ type: str
+ move:
+ description:
+ - Move a filesystem in and out of a pod
+ - Provide the name of pod to move the filesystem to
+ - Pod names must be unique in the array
+ - To move to the local array, specify C(local)
+ - This is not idempotent - use C(ignore_errors) in the play
+ type: str
+ version_added: '1.13.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create file system foo
+ purestorage.flasharray.purefa_fs:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete and eradicate file system foo
+ purestorage.flasharray.purefa_fs:
+ name: foo
+ eradicate: true
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Rename file system foo to bar
+ purestorage.flasharray.purefa_fs:
+ name: foo
+ rename: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+REPL_SUPPORT_API = "2.13"
+
+
+def delete_fs(module, array):
+ """Delete a file system"""
+ changed = True
+ if not module.check_mode:
+ try:
+ file_system = flasharray.FileSystemPatch(destroyed=True)
+ array.patch_file_systems(
+ names=[module.params["name"]], file_system=file_system
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete file system {0}".format(module.params["name"])
+ )
+ if module.params["eradicate"]:
+ try:
+ array.delete_file_systems(names=[module.params["name"]])
+ except Exception:
+ module.fail_json(
+ msg="Eradication of file system {0} failed".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def recover_fs(module, array):
+ """Recover a deleted file system"""
+ changed = True
+ if not module.check_mode:
+ try:
+ file_system = flasharray.FileSystemPatch(destroyed=False)
+ array.patch_file_systems(
+ names=[module.params["name"]], file_system=file_system
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to recover file system {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def eradicate_fs(module, array):
+ """Eradicate a file system"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_file_systems(names=[module.params["name"]])
+ except Exception:
+ module.fail_json(
+ msg="Failed to eradicate file system {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def rename_fs(module, array):
+ """Rename a file system"""
+ changed = False
+ target_name = module.params["rename"]
+ if "::" in module.params["name"]:
+ pod_name = module.params["name"].split("::")[0]
+ target_name = pod_name + "::" + module.params["rename"]
+ try:
+ target = list(array.get_file_systems(names=[target_name]).items)[0]
+ except Exception:
+ target = None
+ if not target:
+ changed = True
+ if not module.check_mode:
+ try:
+ file_system = flasharray.FileSystemPatch(name=target_name)
+ array.patch_file_systems(
+ names=[module.params["name"]], file_system=file_system
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to rename file system {0}".format(module.params["name"])
+ )
+ else:
+ module.fail_json(
+ msg="Target file system {0} already exists".format(module.params["rename"])
+ )
+ module.exit_json(changed=changed)
+
+
+def create_fs(module, array):
+ """Create a file system"""
+ changed = True
+ if "::" in module.params["name"]:
+ pod_name = module.params["name"].split("::")[0]
+ try:
+ pod = list(array.get_pods(names=[pod_name]).items)[0]
+ except Exception:
+ module.fail_json(
+ msg="Failed to create filesystem. Pod {0} does not exist".format(
+ pod_name
+ )
+ )
+ if pod.promotion_status == "demoted":
+ module.fail_json(msg="Filesystem cannot be created in a demoted pod")
+ if not module.check_mode:
+ try:
+ array.post_file_systems(names=[module.params["name"]])
+ except Exception:
+ module.fail_json(
+ msg="Failed to create file system {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def move_fs(module, array):
+ """Move filesystem between pods or local array"""
+ changed = False
+ target_exists = False
+ pod_name = ""
+ fs_name = module.params["name"]
+ if "::" in module.params["name"]:
+ fs_name = module.params["name"].split("::")[1]
+ pod_name = module.params["name"].split("::")[0]
+ if module.params["move"] == "local":
+ target_location = ""
+ if "::" not in module.params["name"]:
+ module.fail_json(msg="Source and destination [local] cannot be the same.")
+ try:
+ target_exists = list(array.get_file_systems(names=[fs_name]).items)[0]
+ except Exception:
+ target_exists = False
+ if target_exists:
+ module.fail_json(msg="Target filesystem {0} already exists".format(fs_name))
+ else:
+ try:
+ pod = list(array.get_pods(names=[module.params["move"]]).items)[0]
+ if len(pod.arrays) > 1:
+ module.fail_json(msg="Filesystem cannot be moved into a stretched pod")
+ if pod.link_target_count != 0:
+ module.fail_json(
+ msg="Filesystem cannot be moved into a linked source pod"
+ )
+ if pod.promotion_status == "demoted":
+ module.fail_json(msg="Volume cannot be moved into a demoted pod")
+ except Exception:
+ module.fail_json(
+ msg="Failed to move filesystem. Pod {0} does not exist".format(pod_name)
+ )
+ if "::" in module.params["name"]:
+ pod = list(array.get_pods(names=[module.params["move"]]).items)[0]
+ if len(pod.arrays) > 1:
+ module.fail_json(
+ msg="Filesystem cannot be moved out of a stretched pod"
+ )
+ if pod.linked_target_count != 0:
+ module.fail_json(
+ msg="Filesystem cannot be moved out of a linked source pod"
+ )
+ if pod.promotion_status == "demoted":
+ module.fail_json(msg="Volume cannot be moved out of a demoted pod")
+ target_location = module.params["move"]
+ changed = True
+ if not module.check_mode:
+ file_system = flasharray.FileSystemPatch(
+ pod=flasharray.Reference(name=target_location)
+ )
+ move_res = array.patch_file_systems(
+ names=[module.params["name"]], file_system=file_system
+ )
+ if move_res.status_code != 200:
+ module.fail_json(
+ msg="Move of filesystem {0} failed. Error: {1}".format(
+ module.params["name"], move_res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ eradicate=dict(type="bool", default=False),
+ name=dict(type="str", required=True),
+ move=dict(type="str"),
+ rename=dict(type="str"),
+ )
+ )
+
+ mutually_exclusive = [["move", "rename"]]
+ module = AnsibleModule(
+ argument_spec, mutually_exclusive=mutually_exclusive, supports_check_mode=True
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ if REPL_SUPPORT_API not in api_version and "::" in module.params["name"]:
+ module.fail_json(
+ msg="Filesystem Replication is only supported in Purity//FA 6.3.0 or higher"
+ )
+ array = get_array(module)
+ state = module.params["state"]
+
+ try:
+ filesystem = list(array.get_file_systems(names=[module.params["name"]]).items)[
+ 0
+ ]
+ exists = True
+ except Exception:
+ exists = False
+
+ if state == "present" and not exists and not module.params["move"]:
+ create_fs(module, array)
+ elif (
+ state == "present"
+ and exists
+ and module.params["move"]
+ and not filesystem.destroyed
+ ):
+ move_fs(module, array)
+ elif (
+ state == "present"
+ and exists
+ and module.params["rename"]
+ and not filesystem.destroyed
+ ):
+ rename_fs(module, array)
+ elif (
+ state == "present"
+ and exists
+ and filesystem.destroyed
+ and not module.params["rename"]
+ and not module.params["move"]
+ ):
+ recover_fs(module, array)
+ elif (
+ state == "present" and exists and filesystem.destroyed and module.params["move"]
+ ):
+ module.fail_json(
+ msg="Filesystem {0} exists, but in destroyed state".format(
+ module.params["name"]
+ )
+ )
+ elif state == "absent" and exists and not filesystem.destroyed:
+ delete_fs(module, array)
+ elif (
+ state == "absent"
+ and exists
+ and module.params["eradicate"]
+ and filesystem.destroyed
+ ):
+ eradicate_fs(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_hg.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_hg.py
new file mode 100644
index 000000000..0467501e2
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_hg.py
@@ -0,0 +1,433 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_hg
+version_added: '1.0.0'
+short_description: Manage hostgroups on Pure Storage FlashArrays
+description:
+- Create, delete or modifiy hostgroups on Pure Storage FlashArrays.
+author:
+- Pure Storage ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the hostgroup.
+ type: str
+ required: true
+ aliases: [ hostgroup ]
+ state:
+ description:
+ - Define whether the hostgroup should exist or not.
+ type: str
+ default: present
+ choices: [ absent, present ]
+ host:
+ type: list
+ elements: str
+ description:
+ - List of existing hosts to add to hostgroup.
+ - Note that hostnames are case-sensitive however FlashArray hostnames are unique
+ and ignore case - you cannot have I(hosta) and I(hostA)
+ volume:
+ type: list
+ elements: str
+ description:
+ - List of existing volumes to add to hostgroup.
+ - Note that volumes are case-sensitive however FlashArray volume names are unique
+ and ignore case - you cannot have I(volumea) and I(volumeA)
+ lun:
+ description:
+ - LUN ID to assign to volume for hostgroup. Must be unique.
+ - Only applicable when only one volume is specified for connection.
+ - If not provided the ID will be automatically assigned.
+ - Range for LUN ID is 1 to 4095.
+ type: int
+ rename:
+ description:
+ - New name of hostgroup
+ type: str
+ version_added: '1.10.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create empty hostgroup
+ purestorage.flasharray.purefa_hg:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add hosts and volumes to existing or new hostgroup
+ purestorage.flasharray.purefa_hg:
+ name: foo
+ host:
+ - host1
+ - host2
+ volume:
+ - vol1
+ - vol2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete hosts and volumes from hostgroup
+ purestorage.flasharray.purefa_hg:
+ name: foo
+ host:
+ - host1
+ - host2
+ volume:
+ - vol1
+ - vol2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+# This will disconnect all hosts and volumes in the hostgroup
+- name: Delete hostgroup
+ purestorage.flasharray.purefa_hg:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Rename hostgroup
+ purestorage.flasharray.purefa_hg:
+ name: foo
+ rename: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create host group with hosts and volumes
+ purestorage.flasharray.purefa_hg:
+ name: bar
+ host:
+ - host1
+ - host2
+ volume:
+ - vol1
+ - vol2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def rename_exists(module, array):
+ """Determine if rename target already exists"""
+ exists = False
+ new_name = module.params["rename"]
+ for hgroup in array.list_hgroups():
+ if hgroup["name"].casefold() == new_name.casefold():
+ exists = True
+ break
+ return exists
+
+
+def get_hostgroup(module, array):
+ hostgroup = None
+
+ for host in array.list_hgroups():
+ if host["name"].casefold() == module.params["name"].casefold():
+ hostgroup = host
+ break
+
+ return hostgroup
+
+
+def make_hostgroup(module, array):
+ if module.params["rename"]:
+ module.fail_json(
+ msg="Hostgroup {0} does not exist - rename failed.".format(
+ module.params["name"]
+ )
+ )
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_hgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to create hostgroup {0}".format(module.params["name"])
+ )
+ if module.params["host"]:
+ array.set_hgroup(module.params["name"], hostlist=module.params["host"])
+ if module.params["volume"]:
+ if len(module.params["volume"]) == 1 and module.params["lun"]:
+ try:
+ array.connect_hgroup(
+ module.params["name"],
+ module.params["volume"][0],
+ lun=module.params["lun"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to add volume {0} with LUN ID {1}".format(
+ module.params["volume"][0], module.params["lun"]
+ )
+ )
+ else:
+ for vol in module.params["volume"]:
+ try:
+ array.connect_hgroup(module.params["name"], vol)
+ except Exception:
+ module.fail_json(msg="Failed to add volume to hostgroup")
+ module.exit_json(changed=changed)
+
+
+def update_hostgroup(module, array):
+ changed = False
+ renamed = False
+ hgroup = get_hostgroup(module, array)
+ current_hostgroup = module.params["name"]
+ volumes = array.list_hgroup_connections(module.params["name"])
+ if module.params["state"] == "present":
+ if module.params["rename"]:
+ if not rename_exists(module, array):
+ try:
+ if not module.check_mode:
+ array.rename_hgroup(
+ module.params["name"], module.params["rename"]
+ )
+ current_hostgroup = module.params["rename"]
+ renamed = True
+ except Exception:
+ module.fail_json(
+ msg="Rename to {0} failed.".format(module.params["rename"])
+ )
+ else:
+ module.warn(
+ "Rename failed. Hostgroup {0} already exists. Continuing with other changes...".format(
+ module.params["rename"]
+ )
+ )
+ if module.params["host"]:
+ cased_hosts = list(module.params["host"])
+ cased_hghosts = list(hgroup["hosts"])
+ new_hosts = list(set(cased_hosts).difference(cased_hghosts))
+ if new_hosts:
+ try:
+ if not module.check_mode:
+ array.set_hgroup(current_hostgroup, addhostlist=new_hosts)
+ changed = True
+ except Exception:
+ module.fail_json(msg="Failed to add host(s) to hostgroup")
+ if module.params["volume"]:
+ if volumes:
+ current_vols = [vol["vol"] for vol in volumes]
+ cased_vols = list(module.params["volume"])
+ new_volumes = list(set(cased_vols).difference(set(current_vols)))
+ if len(new_volumes) == 1 and module.params["lun"]:
+ try:
+ if not module.check_mode:
+ array.connect_hgroup(
+ current_hostgroup,
+ new_volumes[0],
+ lun=module.params["lun"],
+ )
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to add volume {0} with LUN ID {1}".format(
+ new_volumes[0], module.params["lun"]
+ )
+ )
+ else:
+ for cvol in new_volumes:
+ try:
+ if not module.check_mode:
+ array.connect_hgroup(current_hostgroup, cvol)
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to connect volume {0} to hostgroup {1}.".format(
+ cvol, current_hostgroup
+ )
+ )
+ else:
+ if len(module.params["volume"]) == 1 and module.params["lun"]:
+ try:
+ if not module.check_mode:
+ array.connect_hgroup(
+ current_hostgroup,
+ module.params["volume"][0],
+ lun=module.params["lun"],
+ )
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to add volume {0} with LUN ID {1}".format(
+ module.params["volume"], module.params["lun"]
+ )
+ )
+ else:
+ for cvol in module.params["volume"]:
+ try:
+ if not module.check_mode:
+ array.connect_hgroup(current_hostgroup, cvol)
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to connect volume {0} to hostgroup {1}.".format(
+ cvol, current_hostgroup
+ )
+ )
+ else:
+ if module.params["host"]:
+ cased_old_hosts = list(module.params["host"])
+ cased_hosts = list(hgroup["hosts"])
+ old_hosts = list(set(cased_old_hosts).intersection(cased_hosts))
+ if old_hosts:
+ try:
+ if not module.check_mode:
+ array.set_hgroup(current_hostgroup, remhostlist=old_hosts)
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Failed to remove hosts {0} from hostgroup {1}".format(
+ old_hosts, current_hostgroup
+ )
+ )
+ if module.params["volume"]:
+ cased_old_vols = list(module.params["volume"])
+ old_volumes = list(
+ set(cased_old_vols).intersection(set([vol["vol"] for vol in volumes]))
+ )
+ if old_volumes:
+ changed = True
+ for cvol in old_volumes:
+ try:
+ if not module.check_mode:
+ array.disconnect_hgroup(current_hostgroup, cvol)
+ except Exception:
+ module.fail_json(
+ msg="Failed to disconnect volume {0} from hostgroup {1}".format(
+ cvol, current_hostgroup
+ )
+ )
+ changed = changed or renamed
+ module.exit_json(changed=changed)
+
+
+def delete_hostgroup(module, array):
+ changed = True
+ try:
+ vols = array.list_hgroup_connections(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to get volume connection for hostgroup {0}".format(
+ module.params["hostgroup"]
+ )
+ )
+ if not module.check_mode:
+ for vol in vols:
+ try:
+ array.disconnect_hgroup(module.params["name"], vol["vol"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to disconnect volume {0} from hostgroup {1}".format(
+ vol["vol"], module.params["name"]
+ )
+ )
+ host = array.get_hgroup(module.params["name"])
+ if not module.check_mode:
+ try:
+ array.set_hgroup(module.params["name"], remhostlist=host["hosts"])
+ try:
+ array.delete_hgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete hostgroup {0}".format(
+ module.params["name"]
+ )
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to remove hosts {0} from hostgroup {1}".format(
+ host["hosts"], module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True, aliases=["hostgroup"]),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ host=dict(type="list", elements="str"),
+ lun=dict(type="int"),
+ rename=dict(type="str"),
+ volume=dict(type="list", elements="str"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ array = get_system(module)
+ hostgroup = get_hostgroup(module, array)
+
+ if module.params["host"]:
+ try:
+ for hst in module.params["host"]:
+ array.get_host(hst)
+ except Exception:
+ module.fail_json(msg="Host {0} not found".format(hst))
+ if module.params["lun"] and len(module.params["volume"]) > 1:
+ module.fail_json(msg="LUN ID cannot be specified with multiple volumes.")
+
+ if module.params["lun"] and not 1 <= module.params["lun"] <= 4095:
+ module.fail_json(
+ msg="LUN ID of {0} is out of range (1 to 4095)".format(module.params["lun"])
+ )
+
+ if module.params["volume"]:
+ try:
+ for vol in module.params["volume"]:
+ array.get_volume(vol)
+ except Exception:
+ module.exit_json(changed=False)
+
+ if hostgroup and state == "present":
+ update_hostgroup(module, array)
+ elif hostgroup and module.params["volume"] and state == "absent":
+ update_hostgroup(module, array)
+ elif hostgroup and module.params["host"] and state == "absent":
+ update_hostgroup(module, array)
+ elif hostgroup and state == "absent":
+ delete_hostgroup(module, array)
+ elif hostgroup is None and state == "absent":
+ module.exit_json(changed=False)
+ else:
+ make_hostgroup(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_host.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_host.py
new file mode 100644
index 000000000..9054d8f30
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_host.py
@@ -0,0 +1,1085 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2017, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_host
+version_added: '1.0.0'
+short_description: Manage hosts on Pure Storage FlashArrays
+description:
+- Create, delete or modify hosts on Pure Storage FlashArrays.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+notes:
+- If specifying C(lun) option ensure host support requested value
+options:
+ name:
+ description:
+ - The name of the host.
+ - Note that hostnames are case-sensitive however FlashArray hostnames are unique
+ and ignore case - you cannot have I(hosta) and I(hostA)
+ - Multi-host support available from Purity//FA 6.0.0
+ B(***NOTE***) Manual deletion of individual hosts created
+ using multi-host will cause idempotency to fail
+ - Multi-host support only exists for host creation
+ type: str
+ required: true
+ aliases: [ host ]
+ protocol:
+ description:
+ - Defines the host connection protocol for volumes.
+ - DEPRECATED No longer a necessary parameter
+ type: str
+ choices: [ fc, iscsi, nvme, mixed ]
+ rename:
+ description:
+ - The name to rename to.
+ - Note that hostnames are case-sensitive however FlashArray hostnames are unique
+ and ignore case - you cannot have I(hosta) and I(hostA)
+ type: str
+ state:
+ description:
+ - Define whether the host should exist or not.
+ - When removing host all connected volumes will be disconnected.
+ type: str
+ default: present
+ choices: [ absent, present ]
+ wwns:
+ type: list
+ elements: str
+ description:
+ - List of wwns of the host.
+ iqn:
+ type: list
+ elements: str
+ description:
+ - List of IQNs of the host.
+ nqn:
+ type: list
+ elements: str
+ description:
+ - List of NQNs of the host.
+ volume:
+ type: str
+ description:
+ - Volume name to map to the host.
+ lun:
+ description:
+ - LUN ID to assign to volume for host. Must be unique.
+ - If not provided the ID will be automatically assigned.
+ - Range for LUN ID is 1 to 4095.
+ type: int
+ count:
+ description:
+ - Number of hosts to be created in a multiple host creation
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: int
+ start:
+ description:
+ - Number at which to start the multiple host creation index
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: int
+ default: 0
+ digits:
+ description:
+ - Number of digits to use for multiple host count. This
+ will pad the index number with zeros where necessary
+ - Only supported from Purity//FA v6.0.0 and higher
+ - Range is between 1 and 10
+ type: int
+ default: 1
+ suffix:
+ description:
+ - Suffix string, if required, for multiple host create
+ - Host names will be formed as I(<name>#<suffix>), where
+ I(#) is a placeholder for the host index
+ See associated descriptions
+ - Suffix string is optional
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: str
+ personality:
+ type: str
+ description:
+ - Define which operating system the host is. Recommended for
+ ActiveCluster integration.
+ default: ''
+ choices: ['hpux', 'vms', 'aix', 'esxi', 'solaris', 'hitachi-vsp', 'oracle-vm-server', 'delete', '']
+ preferred_array:
+ type: list
+ elements: str
+ description:
+ - List of preferred arrays in an ActiveCluster environment.
+ - To remove existing preferred arrays from the host, specify I(delete).
+ target_user:
+ type: str
+ description:
+ - Sets the target user name for CHAP authentication
+ - Required with I(target_password)
+ - To clear the username/password pair use I(clear) as the password
+ target_password:
+ type: str
+ description:
+ - Sets the target password for CHAP authentication
+ - Password length between 12 and 255 characters
+ - To clear the username/password pair use I(clear) as the password
+ - SETTING A PASSWORD IS NON-IDEMPOTENT
+ host_user:
+ type: str
+ description:
+ - Sets the host user name for CHAP authentication
+ - Required with I(host_password)
+ - To clear the username/password pair use I(clear) as the password
+ host_password:
+ type: str
+ description:
+ - Sets the host password for CHAP authentication
+ - Password length between 12 and 255 characters
+ - To clear the username/password pair use I(clear) as the password
+ - SETTING A PASSWORD IS NON-IDEMPOTENT
+ vlan:
+ type: str
+ description:
+ - The VLAN ID that the host is associated with.
+ - If not set or set to I(any), the host can access any VLAN.
+ - If set to I(untagged), the host can only access untagged VLANs.
+ - If set to a number between 1 and 4094, the host can only access the specified VLAN with that number.
+ version_added: '1.16.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new AIX host
+ purestorage.flasharray.purefa_host:
+ name: foo
+ personality: aix
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create 10 hosts with index starting at 10 but padded with 3 digits
+ purestorage.flasharray.purefa_host:
+ name: foo
+ personality: vms
+ suffix: bar
+ count: 10
+ start: 10
+ digits: 3
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Rename host foo to bar
+ purestorage.flasharray.purefa_host:
+ name: foo
+ rename: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete host
+ purestorage.flasharray.purefa_host:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Make host bar with wwn ports
+ purestorage.flasharray.purefa_host:
+ name: bar
+ wwns:
+ - 00:00:00:00:00:00:00
+ - 11:11:11:11:11:11:11
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Make host bar with iSCSI ports
+ purestorage.flasharray.purefa_host:
+ name: bar
+ iqn:
+ - iqn.1994-05.com.redhat:7d366003913
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Make host bar with NVMe ports
+ purestorage.flasharray.purefa_host:
+ name: bar
+ nqn:
+ - nqn.2014-08.com.vendor:nvme:nvm-subsystem-sn-d78432
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Make mixed protocol host
+ purestorage.flasharray.purefa_host:
+ name: bar
+ nqn:
+ - nqn.2014-08.com.vendor:nvme:nvm-subsystem-sn-d78432
+ iqn:
+ - iqn.1994-05.com.redhat:7d366003914
+ wwns:
+ - 00:00:00:00:00:00:01
+ - 11:11:11:11:11:11:12
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Map host foo to volume bar as LUN ID 12
+ purestorage.flasharray.purefa_host:
+ name: foo
+ volume: bar
+ lun: 12
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disconnect volume bar from host foo
+ purestorage.flasharray.purefa_host:
+ name: foo
+ volume: bar
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add preferred arrays to host foo
+ purestorage.flasharray.purefa_host:
+ name: foo
+ preferred_array:
+ - array1
+ - array2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete preferred arrays from host foo
+ purestorage.flasharray.purefa_host:
+ name: foo
+ preferred_array: delete
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete exisitng WWNs from host foo (does not delete host object)
+ purestorage.flasharray.purefa_host:
+ name: foo
+ wwns: ""
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set CHAP target and host username/password pairs
+ purestorage.flasharray.purefa_host:
+ name: foo
+ target_user: user1
+ target_password: passwrodpassword
+ host_user: user2
+ host_password: passwrodpassword
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete CHAP target and host username/password pairs
+ purestorage.flasharray.purefa_host:
+ name: foo
+ target_user: user
+ target_password: clear
+ host_user: user
+ host_password: clear
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+
+AC_REQUIRED_API_VERSION = "1.14"
+PREFERRED_ARRAY_API_VERSION = "1.15"
+NVME_API_VERSION = "1.16"
+MULTI_HOST_VERSION = "2.2"
+VLAN_VERSION = "2.16"
+
+
+def _is_cbs(array, is_cbs=False):
+ """Is the selected array a Cloud Block Store"""
+ model = array.get(controllers=True)[0]["model"]
+ is_cbs = bool("CBS" in model)
+ return is_cbs
+
+
+def _set_host_initiators(module, array):
+ """Set host initiators."""
+ if module.params["nqn"]:
+ try:
+ array.set_host(module.params["name"], nqnlist=module.params["nqn"])
+ except Exception:
+ module.fail_json(msg="Setting of NVMe NQN failed.")
+ if module.params["iqn"]:
+ try:
+ array.set_host(module.params["name"], iqnlist=module.params["iqn"])
+ except Exception:
+ module.fail_json(msg="Setting of iSCSI IQN failed.")
+ if module.params["wwns"]:
+ try:
+ array.set_host(module.params["name"], wwnlist=module.params["wwns"])
+ except Exception:
+ module.fail_json(msg="Setting of FC WWNs failed.")
+
+
+def _update_host_initiators(module, array, answer=False):
+ """Change host initiator if iscsi or nvme or add new FC WWNs"""
+ if module.params["nqn"]:
+ current_nqn = array.get_host(module.params["name"])["nqn"]
+ if module.params["nqn"] != [""]:
+ if current_nqn != module.params["nqn"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"], nqnlist=module.params["nqn"]
+ )
+ except Exception:
+ module.fail_json(msg="Change of NVMe NQN failed.")
+ elif current_nqn:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], remnqnlist=current_nqn)
+ except Exception:
+ module.fail_json(msg="Removal of NVMe NQN failed.")
+ if module.params["iqn"]:
+ current_iqn = array.get_host(module.params["name"])["iqn"]
+ if module.params["iqn"] != [""]:
+ if current_iqn != module.params["iqn"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"], iqnlist=module.params["iqn"]
+ )
+ except Exception:
+ module.fail_json(msg="Change of iSCSI IQN failed.")
+ elif current_iqn:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], remiqnlist=current_iqn)
+ except Exception:
+ module.fail_json(msg="Removal of iSCSI IQN failed.")
+ if module.params["wwns"]:
+ module.params["wwns"] = [wwn.replace(":", "") for wwn in module.params["wwns"]]
+ module.params["wwns"] = [wwn.upper() for wwn in module.params["wwns"]]
+ current_wwn = array.get_host(module.params["name"])["wwn"]
+ if module.params["wwns"] != [""]:
+ if current_wwn != module.params["wwns"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"], wwnlist=module.params["wwns"]
+ )
+ except Exception:
+ module.fail_json(msg="FC WWN change failed.")
+ elif current_wwn:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], remwwnlist=current_wwn)
+ except Exception:
+ module.fail_json(msg="Removal of all FC WWNs failed.")
+ return answer
+
+
+def _connect_new_volume(module, array, answer=False):
+ """Connect volume to host"""
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version and module.params["lun"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.connect_host(
+ module.params["name"],
+ module.params["volume"],
+ lun=module.params["lun"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="LUN ID {0} invalid. Check for duplicate LUN IDs.".format(
+ module.params["lun"]
+ )
+ )
+ else:
+ answer = True
+ if not module.check_mode:
+ array.connect_host(module.params["name"], module.params["volume"])
+ return answer
+
+
+def _disconnect_volume(module, array, answer=False):
+ """Disconnect volume from host"""
+ answer = True
+ if not module.check_mode:
+ try:
+ array.disconnect_host(module.params["name"], module.params["volume"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to disconnect volume {0}".format(module.params["volume"])
+ )
+ return answer
+
+
+def _set_host_personality(module, array):
+ """Set host personality. Only called when supported"""
+ if module.params["personality"] != "delete":
+ array.set_host(module.params["name"], personality=module.params["personality"])
+ else:
+ array.set_host(module.params["name"], personality="")
+
+
+def _set_preferred_array(module, array):
+ """Set preferred array list. Only called when supported"""
+ if module.params["preferred_array"] != ["delete"]:
+ array.set_host(
+ module.params["name"], preferred_array=module.params["preferred_array"]
+ )
+ else:
+ array.set_host(module.params["name"], preferred_array=[])
+
+
+def _set_chap_security(module, array):
+ """Set CHAP usernames and passwords"""
+ pattern = re.compile("[^ ]{12,255}")
+ if module.params["host_user"]:
+ if not pattern.match(module.params["host_password"]):
+ module.fail_json(
+ msg="host_password must contain a minimum of 12 and a maximum of 255 characters"
+ )
+ try:
+ array.set_host(
+ module.params["name"],
+ host_user=module.params["host_user"],
+ host_password=module.params["host_password"],
+ )
+ except Exception:
+ module.params(msg="Failed to set CHAP host username and password")
+ if module.params["target_user"]:
+ if not pattern.match(module.params["target_password"]):
+ module.fail_json(
+ msg="target_password must contain a minimum of 12 and a maximum of 255 characters"
+ )
+ try:
+ array.set_host(
+ module.params["name"],
+ target_user=module.params["target_user"],
+ target_password=module.params["target_password"],
+ )
+ except Exception:
+ module.params(msg="Failed to set CHAP target username and password")
+
+
+def _update_chap_security(module, array, answer=False):
+ """Change CHAP usernames and passwords"""
+ pattern = re.compile("[^ ]{12,255}")
+ chap = array.get_host(module.params["name"], chap=True)
+ if module.params["host_user"]:
+ if module.params["host_password"] == "clear":
+ if chap["host_user"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], host_user="")
+ except Exception:
+ module.params(
+ msg="Failed to clear CHAP host username and password"
+ )
+ else:
+ if not pattern.match(module.params["host_password"]):
+ module.fail_json(
+ msg="host_password must contain a minimum of 12 and a maximum of 255 characters"
+ )
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"],
+ host_user=module.params["host_user"],
+ host_password=module.params["host_password"],
+ )
+ except Exception:
+ module.params(msg="Failed to set CHAP host username and password")
+ if module.params["target_user"]:
+ if module.params["target_password"] == "clear":
+ if chap["target_user"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], target_user="")
+ except Exception:
+ module.params(
+ msg="Failed to clear CHAP target username and password"
+ )
+ else:
+ if not pattern.match(module.params["target_password"]):
+ module.fail_json(
+ msg="target_password must contain a minimum of 12 and a maximum of 255 characters"
+ )
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"],
+ target_user=module.params["target_user"],
+ target_password=module.params["target_password"],
+ )
+ except Exception:
+ module.params(msg="Failed to set CHAP target username and password")
+ return answer
+
+
+def _update_host_personality(module, array, answer=False):
+ """Change host personality. Only called when supported"""
+ personality = array.get_host(module.params["name"], personality=True)["personality"]
+ if personality is None and module.params["personality"] != "delete":
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"], personality=module.params["personality"]
+ )
+ except Exception:
+ module.fail_json(msg="Personality setting failed.")
+ if personality is not None:
+ if module.params["personality"] == "delete":
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], personality="")
+ except Exception:
+ module.fail_json(msg="Personality deletion failed.")
+ elif personality != module.params["personality"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"], personality=module.params["personality"]
+ )
+ except Exception:
+ module.fail_json(msg="Personality change failed.")
+ return answer
+
+
+def _update_preferred_array(module, array, answer=False):
+ """Update existing preferred array list. Only called when supported"""
+ preferred_array = array.get_host(module.params["name"], preferred_array=True)[
+ "preferred_array"
+ ]
+ if preferred_array == [] and module.params["preferred_array"] != ["delete"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"],
+ preferred_array=module.params["preferred_array"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Preferred array list creation failed for {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif preferred_array != []:
+ if module.params["preferred_array"] == ["delete"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(module.params["name"], preferred_array=[])
+ except Exception:
+ module.fail_json(
+ msg="Preferred array list deletion failed for {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif preferred_array != module.params["preferred_array"]:
+ answer = True
+ if not module.check_mode:
+ try:
+ array.set_host(
+ module.params["name"],
+ preferred_array=module.params["preferred_array"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Preferred array list change failed for {0}.".format(
+ module.params["name"]
+ )
+ )
+ return answer
+
+
+def _set_vlan(module):
+ array = get_array(module)
+ res = array.patch_hosts(
+ names=[module.params["name"]],
+ host=flasharray.HostPatch(vlan=module.params["vlan"]),
+ )
+ if res.status_code != 200:
+ module.warn(
+ "Failed to set host VLAN ID. Error: {0}".format(res.errors[0].message)
+ )
+
+
+def _update_vlan(module):
+ changed = False
+ array = get_array(module)
+ host_vlan = getattr(
+ list(array.get_hosts(names=[module.params["name"]]).items)[0], "vlan", None
+ )
+ if module.params["vlan"] != host_vlan:
+ changed = True
+ if not module.check_mode:
+ res = array.patch_hosts(
+ names=[module.params["name"]],
+ host=flasharray.HostPatch(vlan=module.params["vlan"]),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update host VLAN ID. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ return changed
+
+
+def get_multi_hosts(module):
+ """Return True is all hosts exist"""
+ hosts = []
+ array = get_array(module)
+ for host_num in range(
+ module.params["start"], module.params["count"] + module.params["start"]
+ ):
+ if module.params["suffix"]:
+ hosts.append(
+ module.params["name"]
+ + str(host_num).zfill(module.params["digits"])
+ + module.params["suffix"]
+ )
+ else:
+ hosts.append(
+ module.params["name"] + str(host_num).zfill(module.params["digits"])
+ )
+ return bool(array.get_hosts(names=hosts).status_code == 200)
+
+
+def get_host(module, array):
+ """Return host or None"""
+ host = None
+ for hst in array.list_hosts():
+ if hst["name"].casefold() == module.params["name"].casefold():
+ module.params["name"] = hst["name"]
+ host = hst
+ break
+ return host
+
+
+def rename_exists(module, array):
+ """Determine if rename target already exists"""
+ exists = False
+ for hst in array.list_hosts():
+ if hst["name"].casefold() == module.params["rename"].casefold():
+ exists = True
+ break
+ return exists
+
+
+def make_multi_hosts(module):
+ """Create multiple hosts"""
+ changed = True
+ if not module.check_mode:
+ hosts = []
+ array = get_array(module)
+ for host_num in range(
+ module.params["start"], module.params["count"] + module.params["start"]
+ ):
+ if module.params["suffix"]:
+ hosts.append(
+ module.params["name"]
+ + str(host_num).zfill(module.params["digits"])
+ + module.params["suffix"]
+ )
+ else:
+ hosts.append(
+ module.params["name"] + str(host_num).zfill(module.params["digits"])
+ )
+ if module.params["personality"]:
+ host = flasharray.HostPost(personality=module.params["personality"])
+ else:
+ host = flasharray.HostPost()
+ res = array.post_hosts(names=hosts, host=host)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Multi-Host {0}#{1} creation failed: {2}".format(
+ module.params["name"],
+ module.params["suffix"],
+ res.errors[0].message,
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def make_host(module, array):
+ """Create a new host"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_host(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Host {0} creation failed.".format(module.params["name"])
+ )
+ try:
+ if module.params["vlan"]:
+ _set_vlan(module)
+ _set_host_initiators(module, array)
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version and module.params["personality"]:
+ _set_host_personality(module, array)
+ if (
+ PREFERRED_ARRAY_API_VERSION in api_version
+ and module.params["preferred_array"]
+ ):
+ _set_preferred_array(module, array)
+ if module.params["host_user"] or module.params["target_user"]:
+ _set_chap_security(module, array)
+ if module.params["volume"]:
+ if module.params["lun"]:
+ array.connect_host(
+ module.params["name"],
+ module.params["volume"],
+ lun=module.params["lun"],
+ )
+ else:
+ array.connect_host(module.params["name"], module.params["volume"])
+ except Exception:
+ module.fail_json(
+ msg="Host {0} configuration failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def update_host(module, array):
+ """Modify a host"""
+ changed = False
+ renamed = False
+ vlan_changed = False
+ if module.params["state"] == "present":
+ if module.params["vlan"]:
+ vlan_changed = _update_vlan(module)
+ if module.params["rename"]:
+ if not rename_exists(module, array):
+ if not module.check_mode:
+ try:
+ array.rename_host(
+ module.params["name"], module.params["rename"]
+ )
+ module.params["name"] = module.params["rename"]
+ renamed = True
+ except Exception:
+ module.fail_json(
+ msg="Rename to {0} failed.".format(module.params["rename"])
+ )
+ else:
+ module.warn(
+ "Rename failed. Target hostname {0} already exists. "
+ "Continuing with any other changes...".format(
+ module.params["rename"]
+ )
+ )
+ init_changed = vol_changed = pers_changed = pref_changed = chap_changed = False
+ volumes = array.list_host_connections(module.params["name"])
+ if module.params["iqn"] or module.params["wwns"] or module.params["nqn"]:
+ init_changed = _update_host_initiators(module, array)
+ if module.params["volume"]:
+ current_vols = [vol["vol"] for vol in volumes]
+ if not module.params["volume"] in current_vols:
+ vol_changed = _connect_new_volume(module, array)
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version:
+ if module.params["personality"]:
+ pers_changed = _update_host_personality(module, array)
+ if PREFERRED_ARRAY_API_VERSION in api_version:
+ if module.params["preferred_array"]:
+ pref_changed = _update_preferred_array(module, array)
+ if module.params["target_user"] or module.params["host_user"]:
+ chap_changed = _update_chap_security(module, array)
+ changed = (
+ init_changed
+ or vol_changed
+ or pers_changed
+ or pref_changed
+ or chap_changed
+ or vlan_changed
+ or renamed
+ )
+ else:
+ if module.params["volume"]:
+ volumes = array.list_host_connections(module.params["name"])
+ current_vols = [vol["vol"] for vol in volumes]
+ if module.params["volume"] in current_vols:
+ vol_changed = _disconnect_volume(module, array)
+ changed = vol_changed
+ module.exit_json(changed=changed)
+
+
+def delete_host(module, array):
+ """Delete a host"""
+ changed = True
+ if not module.check_mode:
+ try:
+ hgroup = array.get_host(module.params["name"])["hgroup"]
+ if hgroup is not None:
+ array.set_hgroup(hgroup, remhostlist=[module.params["name"]])
+ for vol in array.list_host_connections(module.params["name"]):
+ array.disconnect_host(module.params["name"], vol["vol"])
+ array.delete_host(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Host {0} deletion failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True, aliases=["host"]),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ protocol=dict(
+ type="str",
+ choices=["fc", "iscsi", "nvme", "mixed"],
+ removed_from_collection="1.13",
+ removed_in_version="2.0.0",
+ ),
+ nqn=dict(type="list", elements="str"),
+ iqn=dict(type="list", elements="str"),
+ wwns=dict(type="list", elements="str"),
+ host_password=dict(type="str", no_log=True),
+ host_user=dict(type="str"),
+ target_password=dict(type="str", no_log=True),
+ target_user=dict(type="str"),
+ volume=dict(type="str"),
+ rename=dict(type="str"),
+ lun=dict(type="int"),
+ count=dict(type="int"),
+ start=dict(type="int", default=0),
+ digits=dict(type="int", default=1),
+ suffix=dict(type="str"),
+ personality=dict(
+ type="str",
+ default="",
+ choices=[
+ "hpux",
+ "vms",
+ "aix",
+ "esxi",
+ "solaris",
+ "hitachi-vsp",
+ "oracle-vm-server",
+ "delete",
+ "",
+ ],
+ ),
+ preferred_array=dict(type="list", elements="str"),
+ vlan=dict(type="str"),
+ )
+ )
+
+ required_together = [
+ ["host_password", "host_user"],
+ ["target_password", "target_user"],
+ ]
+
+ module = AnsibleModule(
+ argument_spec, supports_check_mode=True, required_together=required_together
+ )
+
+ array = get_system(module)
+ pattern = re.compile("^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$")
+ if module.params["rename"]:
+ if not pattern.match(module.params["rename"]):
+ module.fail_json(
+ msg="Rename value {0} does not conform to naming convention".format(
+ module.params["rename"]
+ )
+ )
+ if not pattern.match(module.params["name"]):
+ module.fail_json(
+ msg="Host name {0} does not conform to naming convention".format(
+ module.params["name"]
+ )
+ )
+ if _is_cbs(array):
+ if module.params["wwns"] or module.params["nqn"]:
+ module.fail_json(msg="Cloud Block Store only supports iSCSI as a protocol")
+ api_version = array._list_available_rest_versions()
+ if module.params["nqn"] is not None and NVME_API_VERSION not in api_version:
+ module.fail_json(msg="NVMe protocol not supported. Please upgrade your array.")
+ state = module.params["state"]
+ if module.params["suffix"]:
+ suffix_len = len(module.params["suffix"])
+ else:
+ suffix_len = 0
+ if module.params["vlan"]:
+ if not HAS_PURESTORAGE:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'vlan' parameter"
+ )
+ if VLAN_VERSION not in api_version:
+ module.fail_json(
+ msg="'vlan' parameter is not supported until Purity//FA 6.3.4 or higher"
+ )
+ if not module.params["vlan"] in ["any", "untagged"]:
+ try:
+ vlan = int(module.params["vlan"])
+ if vlan not in range(1, 4094):
+ module.fail_json(
+ msg="VLAN must be set to a number between 1 and 4094"
+ )
+ except Exception:
+ module.fail_json(
+ msg="Invalid string for VLAN. Must be 'any', 'untagged' or a number between 1 and 4094"
+ )
+ if module.params["count"]:
+ if not HAS_PURESTORAGE:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'count' parameter"
+ )
+ if MULTI_HOST_VERSION not in api_version:
+ module.fail_json(
+ msg="'count' parameter is not supported until Purity//FA 6.0.0 or higher"
+ )
+ if module.params["digits"] and module.params["digits"] not in range(1, 10):
+ module.fail_json(msg="'digits' must be in the range of 1 to 10")
+ if module.params["start"] < 0:
+ module.fail_json(msg="'start' must be a positive number")
+ if not pattern.match(module.params["name"]):
+ module.fail_json(
+ msg="Host name pattern {0} does not conform to naming convention".format(
+ module.params["name"]
+ )
+ )
+ elif module.params["suffix"] and not pattern.match(module.params["suffix"]):
+ module.fail_json(
+ msg="Suffix pattern {0} does not conform to naming convention".format(
+ module.params["suffix"]
+ )
+ )
+ elif (
+ len(module.params["name"])
+ + max(
+ len(str(module.params["count"] + module.params["start"])),
+ module.params["digits"],
+ )
+ + suffix_len
+ > 63
+ ):
+ module.fail_json(msg="Host name length exceeds maximum allowed")
+ host = get_multi_hosts(module)
+ if not host and state == "present":
+ make_multi_hosts(module)
+ else:
+ host = get_host(module, array)
+ if module.params["lun"] and not 1 <= module.params["lun"] <= 4095:
+ module.fail_json(
+ msg="LUN ID of {0} is out of range (1 to 4095)".format(
+ module.params["lun"]
+ )
+ )
+ if module.params["volume"]:
+ try:
+ array.get_volume(module.params["volume"])
+ except Exception:
+ module.exit_json(changed=False)
+ if module.params["preferred_array"]:
+ try:
+ if module.params["preferred_array"] != ["delete"]:
+ all_connected_arrays = array.list_array_connections()
+ if not all_connected_arrays:
+ module.fail_json(
+ msg="No target arrays connected to source array - preferred arrays not possible."
+ )
+ else:
+ current_arrays = [array.get()["array_name"]]
+ api_version = array._list_available_rest_versions()
+ if NVME_API_VERSION in api_version:
+ for current_array in range(0, len(all_connected_arrays)):
+ if (
+ all_connected_arrays[current_array]["type"]
+ == "sync-replication"
+ ):
+ current_arrays.append(
+ all_connected_arrays[current_array][
+ "array_name"
+ ]
+ )
+ else:
+ for current_array in range(0, len(all_connected_arrays)):
+ if all_connected_arrays[current_array]["type"] == [
+ "sync-replication"
+ ]:
+ current_arrays.append(
+ all_connected_arrays[current_array][
+ "array_name"
+ ]
+ )
+ for array_to_connect in range(
+ 0, len(module.params["preferred_array"])
+ ):
+ if (
+ module.params["preferred_array"][array_to_connect]
+ not in current_arrays
+ ):
+ module.fail_json(
+ msg="Array {0} is not a synchronously connected array.".format(
+ module.params["preferred_array"][array_to_connect]
+ )
+ )
+ except Exception:
+ module.fail_json(msg="Failed to get existing array connections.")
+
+ if host is None and state == "present" and not module.params["rename"]:
+ make_host(module, array)
+ elif host is None and state == "present" and module.params["rename"]:
+ module.exit_json(changed=False)
+ elif host and state == "present":
+ update_host(module, array)
+ elif host and state == "absent" and module.params["volume"]:
+ update_host(module, array)
+ elif host and state == "absent":
+ delete_host(module, array)
+ elif host is None and state == "absent":
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_info.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_info.py
new file mode 100644
index 000000000..de7f05002
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_info.py
@@ -0,0 +1,2286 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_info
+version_added: '1.0.0'
+short_description: Collect information from Pure Storage FlashArray
+description:
+ - Collect information from a Pure Storage Flasharray running the
+ Purity//FA operating system. By default, the module will collect basic
+ information including hosts, host groups, protection
+ groups and volume counts. Additional information can be collected
+ based on the configured set of arguements.
+author:
+ - Pure Storage ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ gather_subset:
+ description:
+ - When supplied, this argument will define the information to be collected.
+ Possible values for this include all, minimum, config, performance,
+ capacity, network, subnet, interfaces, hgroups, pgroups, hosts,
+ admins, volumes, snapshots, pods, replication, vgroups, offload, apps,
+ arrays, certs, kmip, clients, policies, dir_snaps, filesystems,
+ alerts and virtual_machines.
+ type: list
+ elements: str
+ required: false
+ default: minimum
+extends_documentation_fragment:
+ - purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: collect default set of information
+ purestorage.flasharray.purefa_info:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ register: array_info
+- name: show default information
+ debug:
+ msg: "{{ array_info['purefa_info']['default'] }}"
+
+- name: collect configuration and capacity information
+ purestorage.flasharray.purefa_info:
+ gather_subset:
+ - config
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ register: array_info
+- name: show configuration information
+ debug:
+ msg: "{{ array_info['purefa_info']['config'] }}"
+
+- name: collect all information
+ purestorage.flasharray.purefa_info:
+ gather_subset:
+ - all
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: show all information
+ debug:
+ msg: "{{ array_info['purefa_info'] }}"
+"""
+
+RETURN = r"""
+purefa_info:
+ description: Returns the information collected from the FlashArray
+ returned: always
+ type: dict
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+HAS_PACKAGING = True
+try:
+ from packaging import version
+except ImportError:
+ HAS_PACKAGING = False
+try:
+ from purestorage import purestorage
+except ImportError:
+ purestorage = None
+import time
+
+SEC_TO_DAY = 86400000
+ADMIN_API_VERSION = "1.14"
+S3_REQUIRED_API_VERSION = "1.16"
+LATENCY_REQUIRED_API_VERSION = "1.16"
+AC_REQUIRED_API_VERSION = "1.14"
+CAP_REQUIRED_API_VERSION = "1.6"
+SAN_REQUIRED_API_VERSION = "1.10"
+NVME_API_VERSION = "1.16"
+PREFERRED_API_VERSION = "1.15"
+P53_API_VERSION = "1.17"
+ACTIVE_DR_API = "1.19"
+V6_MINIMUM_API_VERSION = "2.2"
+FILES_API_VERSION = "2.3"
+FC_REPL_API_VERSION = "2.4"
+ENCRYPTION_STATUS_API_VERSION = "2.6"
+DIR_QUOTA_API_VERSION = "2.7"
+SHARED_CAP_API_VERSION = "2.9"
+PURE_OUI = "naa.624a9370"
+SAFE_MODE_VERSION = "2.10"
+PER_PG_VERSION = "2.13"
+SAML2_VERSION = "2.11"
+NFS_USER_MAP_VERSION = "2.15"
+DEFAULT_PROT_API_VERSION = "2.16"
+VM_VERSION = "2.14"
+VLAN_VERSION = "2.17"
+NEIGHBOR_API_VERSION = "2.22"
+POD_QUOTA_VERSION = "2.23"
+
+
+def generate_default_dict(module, array):
+ default_info = {}
+ defaults = array.get()
+ api_version = array._list_available_rest_versions()
+ default_info["api_versions"] = api_version
+ if FILES_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ if VM_VERSION in api_version:
+ default_info["virtual_machines"] = len(
+ arrayv6.get_virtual_machines(vm_type="vvol").items
+ )
+ default_info["virtual_machine_snaps"] = len(
+ arrayv6.get_virtual_machine_snapshots(vm_type="vvol").items
+ )
+ default_info["snapshot_policies"] = len(arrayv6.get_policies_snapshot().items)
+ default_info["nfs_policies"] = len(arrayv6.get_policies_nfs().items)
+ default_info["smb_policies"] = len(arrayv6.get_policies_smb().items)
+ default_info["filesystems"] = len(arrayv6.get_file_systems().items)
+ default_info["directories"] = len(arrayv6.get_directories().items)
+ default_info["exports"] = len(arrayv6.get_directory_exports().items)
+ default_info["directory_snapshots"] = len(
+ arrayv6.get_directory_snapshots().items
+ )
+ if DIR_QUOTA_API_VERSION in api_version:
+ default_info["quota_policies"] = len(arrayv6.get_policies_quota().items)
+ if ENCRYPTION_STATUS_API_VERSION in api_version:
+ array_data = list(arrayv6.get_arrays().items)[0]
+ encryption = array_data.encryption
+ default_info["encryption_enabled"] = encryption.data_at_rest.enabled
+ if default_info["encryption_enabled"]:
+ default_info["encryption_algorithm"] = encryption.data_at_rest.algorithm
+ default_info["encryption_module_version"] = encryption.module_version
+ eradication = array_data.eradication_config
+ default_info["eradication_days_timer"] = int(
+ eradication.eradication_delay / SEC_TO_DAY
+ )
+ if SAFE_MODE_VERSION in api_version:
+ if eradication.manual_eradication == "all-enabled":
+ default_info["safe_mode"] = "Disabled"
+ else:
+ default_info["safe_mode"] = "Enabled"
+ if AC_REQUIRED_API_VERSION in api_version:
+ default_info["volume_groups"] = len(array.list_vgroups())
+ default_info["connected_arrays"] = len(array.list_array_connections())
+ default_info["pods"] = len(array.list_pods())
+ default_info["connection_key"] = array.get(connection_key=True)[
+ "connection_key"
+ ]
+ hosts = array.list_hosts()
+ admins = array.list_admins()
+ snaps = array.list_volumes(snap=True, pending=True)
+ volumes = array.list_volumes(pending=True)
+ pgroups = array.list_pgroups(pending=True)
+ hgroups = array.list_hgroups()
+ default_info["array_model"] = array.get(controllers=True)[0]["model"]
+ default_info["array_name"] = defaults["array_name"]
+ default_info["purity_version"] = defaults["version"]
+ default_info["hosts"] = len(hosts)
+ default_info["snapshots"] = len(snaps)
+ default_info["volumes"] = len(volumes)
+ default_info["protection_groups"] = len(pgroups)
+ default_info["hostgroups"] = len(hgroups)
+ default_info["admins"] = len(admins)
+ default_info["remote_assist"] = array.get_remote_assist_status()["status"]
+ if P53_API_VERSION in api_version:
+ default_info["maintenance_window"] = array.list_maintenance_windows()
+ return default_info
+
+
+def generate_perf_dict(array):
+ perf_info = {}
+ api_version = array._list_available_rest_versions()
+ if LATENCY_REQUIRED_API_VERSION in api_version:
+ latency_info = array.get(action="monitor", latency=True)[0]
+ perf_info = array.get(action="monitor")[0]
+ perf_info["writes_per_sec"] = perf_info["writes_per_sec"]
+ perf_info["reads_per_sec"] = perf_info["reads_per_sec"]
+
+ perf_info["input_per_sec"] = perf_info["input_per_sec"]
+ perf_info["output_per_sec"] = perf_info["output_per_sec"]
+
+ if LATENCY_REQUIRED_API_VERSION in api_version:
+ perf_info["san_usec_per_read_op"] = latency_info["san_usec_per_read_op"]
+ perf_info["san_usec_per_write_op"] = latency_info["san_usec_per_write_op"]
+ perf_info["queue_usec_per_read_op"] = latency_info["queue_usec_per_read_op"]
+ perf_info["queue_usec_per_write_op"] = latency_info["queue_usec_per_write_op"]
+ perf_info["qos_rate_limit_usec_per_read_op"] = latency_info[
+ "qos_rate_limit_usec_per_read_op"
+ ]
+ perf_info["qos_rate_limit_usec_per_write_op"] = latency_info[
+ "qos_rate_limit_usec_per_write_op"
+ ]
+ perf_info["local_queue_usec_per_op"] = perf_info["local_queue_usec_per_op"]
+ perf_info["usec_per_read_op"] = perf_info["usec_per_read_op"]
+ perf_info["usec_per_write_op"] = perf_info["usec_per_write_op"]
+ perf_info["queue_depth"] = perf_info["queue_depth"]
+ return perf_info
+
+
+def generate_config_dict(module, array):
+ config_info = {}
+ api_version = array._list_available_rest_versions()
+ config_info["console_lock"] = array.get_console_lock_status()["console_lock"]
+ if NFS_USER_MAP_VERSION not in api_version:
+ config_info["dns"] = array.get_dns()
+ config_info["smtp"] = array.list_alert_recipients()
+ config_info["snmp"] = array.list_snmp_managers()
+ config_info["snmp_v3_engine_id"] = array.get_snmp_engine_id()["engine_id"]
+ if V6_MINIMUM_API_VERSION in api_version:
+ config_info["directory_service"] = {}
+ arrayv6 = get_array(module)
+ services = list(arrayv6.get_directory_services().items)
+ for service in range(0, len(services)):
+ service_type = services[service].name
+ config_info["directory_service"][service_type] = {
+ "base_dn": getattr(services[service], "base_dn", "None"),
+ "bind_user": getattr(services[service], "bind_user", "None"),
+ "enabled": services[service].enabled,
+ "services": services[service].services,
+ "uris": services[service].uris,
+ }
+ config_info["directory_service_roles"] = {}
+ roles = list(arrayv6.get_directory_services_roles().items)
+ for role in range(0, len(roles)):
+ role_name = roles[role].role.name
+ try:
+ config_info["directory_service_roles"][role_name] = {
+ "group": roles[role].group,
+ "group_base": roles[role].group_base,
+ }
+ except Exception:
+ pass
+ smi_s = list(arrayv6.get_smi_s().items)[0]
+ config_info["smi-s"] = {
+ "slp_enabled": smi_s.slp_enabled,
+ "wbem_https_enabled": smi_s.wbem_https_enabled,
+ }
+ # Add additional SMI-S section to help with formatting
+ # issues caused by `-` in the dict name.
+ config_info["smi_s"] = {
+ "slp_enabled": smi_s.slp_enabled,
+ "wbem_https_enabled": smi_s.wbem_https_enabled,
+ }
+ if NFS_USER_MAP_VERSION in api_version:
+ config_info["dns"] = {}
+ dns_configs = list(arrayv6.get_dns().items)
+ for config in range(0, len(dns_configs)):
+ config_info["dns"][dns_configs[config].services[0]] = {
+ "nameservers": dns_configs[config].nameservers,
+ "domain": dns_configs[config].domain,
+ }
+ try:
+ config_info["dns"][dns_configs[config].services[0]][
+ "source"
+ ] = dns_configs[config].source["name"]
+ except Exception:
+ pass
+ if SAML2_VERSION in api_version:
+ config_info["saml2sso"] = {}
+ saml2 = list(arrayv6.get_sso_saml2_idps().items)
+ if saml2:
+ config_info["saml2sso"] = {
+ "enabled": saml2[0].enabled,
+ "array_url": saml2[0].array_url,
+ "name": saml2[0].name,
+ "idp": {
+ "url": getattr(saml2[0].idp, "url", None),
+ "encrypt_enabled": saml2[0].idp.encrypt_assertion_enabled,
+ "sign_enabled": saml2[0].idp.sign_request_enabled,
+ "metadata_url": saml2[0].idp.metadata_url,
+ },
+ "sp": {
+ "decrypt_cred": getattr(
+ saml2[0].sp.decryption_credential, "name", None
+ ),
+ "sign_cred": getattr(
+ saml2[0].sp.signing_credential, "name", None
+ ),
+ },
+ }
+ if FILES_API_VERSION in api_version:
+ config_info["active_directory"] = {}
+ try:
+ ad_accounts = list(arrayv6.get_active_directory().items)
+ for ad_account in range(0, len(ad_accounts)):
+ ad_name = ad_accounts[ad_account].name
+ config_info["active_directory"][ad_name] = {
+ "computer_name": ad_accounts[ad_account].computer_name,
+ "domain": ad_accounts[ad_account].domain,
+ "directory_servers": getattr(
+ ad_accounts[ad_account], "directory_servers", None
+ ),
+ "kerberos_servers": getattr(
+ ad_accounts[ad_account], "kerberos_servers", None
+ ),
+ "service_principal_names": getattr(
+ ad_accounts[ad_account], "service_principal_names", None
+ ),
+ "tls": getattr(ad_accounts[ad_account], "tls", None),
+ }
+ except Exception:
+ module.warn("FA-Files is not enabled on this array")
+ if DEFAULT_PROT_API_VERSION in api_version:
+ config_info["default_protections"] = {}
+ default_prots = list(arrayv6.get_container_default_protections().items)
+ for prot in range(0, len(default_prots)):
+ container = getattr(default_prots[prot], "name", "-")
+ config_info["default_protections"][container] = {
+ "protections": [],
+ "type": getattr(default_prots[prot], "type", "array"),
+ }
+ for container_prot in range(
+ 0, len(default_prots[prot].default_protections)
+ ):
+ config_info["default_protections"][container]["protections"].append(
+ {
+ "type": default_prots[prot]
+ .default_protections[container_prot]
+ .type,
+ "name": default_prots[prot]
+ .default_protections[container_prot]
+ .name,
+ }
+ )
+
+ else:
+ config_info["directory_service"] = {}
+ config_info["directory_service"]["management"] = array.get_directory_service()
+ if S3_REQUIRED_API_VERSION in api_version:
+ config_info["directory_service_roles"] = {}
+ roles = array.list_directory_service_roles()
+ for role in range(0, len(roles)):
+ role_name = roles[role]["name"]
+ config_info["directory_service_roles"][role_name] = {
+ "group": roles[role]["group"],
+ "group_base": roles[role]["group_base"],
+ }
+ else:
+ config_info["directory_service"].update(
+ array.get_directory_service(groups=True)
+ )
+ config_info["ntp"] = array.get(ntpserver=True)["ntpserver"]
+ config_info["syslog"] = array.get(syslogserver=True)["syslogserver"]
+ config_info["phonehome"] = array.get(phonehome=True)["phonehome"]
+ config_info["proxy"] = array.get(proxy=True)["proxy"]
+ config_info["relayhost"] = array.get(relayhost=True)["relayhost"]
+ config_info["senderdomain"] = array.get(senderdomain=True)["senderdomain"]
+ config_info["syslog"] = array.get(syslogserver=True)["syslogserver"]
+ config_info["idle_timeout"] = array.get(idle_timeout=True)["idle_timeout"]
+ config_info["scsi_timeout"] = array.get(scsi_timeout=True)["scsi_timeout"]
+ if S3_REQUIRED_API_VERSION in api_version:
+ config_info["global_admin"] = array.get_global_admin_attributes()
+ if (
+ config_info["global_admin"]["lockout_duration"]
+ and config_info["global_admin"]["lockout_duration"] > 0
+ ):
+ config_info["global_admin"]["lockout_duration"] = int(
+ config_info["global_admin"]["lockout_duration"] / 1000
+ )
+ return config_info
+
+
+def generate_filesystems_dict(array):
+ files_info = {}
+ filesystems = list(array.get_file_systems().items)
+ for filesystem in range(0, len(filesystems)):
+ fs_name = filesystems[filesystem].name
+ files_info[fs_name] = {
+ "destroyed": filesystems[filesystem].destroyed,
+ "directories": {},
+ }
+ directories = list(array.get_directories(file_system_names=[fs_name]).items)
+ for directory in range(0, len(directories)):
+ d_name = directories[directory].directory_name
+ files_info[fs_name]["directories"][d_name] = {
+ "path": directories[directory].path,
+ "data_reduction": directories[directory].space.data_reduction,
+ "snapshots_space": directories[directory].space.snapshots,
+ "total_physical_space": directories[directory].space.total_physical,
+ "unique_space": directories[directory].space.unique,
+ "virtual_space": directories[directory].space.virtual,
+ "destroyed": directories[directory].destroyed,
+ "full_name": directories[directory].name,
+ "used_provisioned": getattr(
+ directories[directory].space, "used_provisioned", None
+ ),
+ "exports": {},
+ }
+ exports = list(
+ array.get_directory_exports(
+ directory_names=[
+ files_info[fs_name]["directories"][d_name]["full_name"]
+ ]
+ ).items
+ )
+ for export in range(0, len(exports)):
+ e_name = exports[export].export_name
+ files_info[fs_name]["directories"][d_name]["exports"][e_name] = {
+ "enabled": exports[export].enabled,
+ "policy": {
+ "name": exports[export].policy.name,
+ "type": exports[export].policy.resource_type,
+ },
+ }
+ return files_info
+
+
+def generate_pgsnaps_dict(array):
+ pgsnaps_info = {}
+ snapshots = list(array.get_protection_group_snapshots().items)
+ for snapshot in range(0, len(snapshots)):
+ s_name = snapshots[snapshot].name
+ pgsnaps_info[s_name] = {
+ "destroyed": snapshots[snapshot].destroyed,
+ "source": snapshots[snapshot].source.name,
+ "suffix": snapshots[snapshot].suffix,
+ "snapshot_space": snapshots[snapshot].space.snapshots,
+ "used_provisioned": getattr(
+ snapshots[snapshot].space, "used_provisioned", None
+ ),
+ }
+ try:
+ if pgsnaps_info[s_name]["destroyed"]:
+ pgsnaps_info[s_name]["time_remaining"] = snapshots[
+ snapshot
+ ].time_remaining
+ except AttributeError:
+ pass
+ try:
+ pgsnaps_info[s_name]["manual_eradication"] = snapshots[
+ snapshot
+ ].eradication_config.manual_eradication
+ except AttributeError:
+ pass
+ return pgsnaps_info
+
+
+def generate_dir_snaps_dict(array):
+ dir_snaps_info = {}
+ snapshots = list(array.get_directory_snapshots().items)
+ for snapshot in range(0, len(snapshots)):
+ s_name = snapshots[snapshot].name
+ dir_snaps_info[s_name] = {
+ "destroyed": snapshots[snapshot].destroyed,
+ "source": snapshots[snapshot].source.name,
+ "suffix": snapshots[snapshot].suffix,
+ "client_name": snapshots[snapshot].client_name,
+ "snapshot_space": snapshots[snapshot].space.snapshots,
+ "total_physical_space": snapshots[snapshot].space.total_physical,
+ "unique_space": snapshots[snapshot].space.unique,
+ "used_provisioned": getattr(
+ snapshots[snapshot].space, "used_provisioned", None
+ ),
+ }
+ try:
+ dir_snaps_info[s_name]["policy"] = snapshots[snapshot].policy.name
+ except Exception:
+ dir_snaps_info[s_name]["policy"] = ""
+ if dir_snaps_info[s_name]["destroyed"]:
+ dir_snaps_info[s_name]["time_remaining"] = snapshots[
+ snapshot
+ ].time_remaining
+ return dir_snaps_info
+
+
+def generate_policies_dict(array, quota_available, nfs_user_mapping):
+ policy_info = {}
+ policies = list(array.get_policies().items)
+ for policy in range(0, len(policies)):
+ p_name = policies[policy].name
+ policy_info[p_name] = {
+ "type": policies[policy].policy_type,
+ "enabled": policies[policy].enabled,
+ "members": [],
+ "rules": [],
+ }
+ members = list(array.get_directories_policies(policy_names=[p_name]).items)
+ for member in range(0, len(members)):
+ m_name = members[member].member.name
+ policy_info[p_name]["members"].append(m_name)
+ if policies[policy].policy_type == "smb":
+ rules = list(
+ array.get_policies_smb_client_rules(policy_names=[p_name]).items
+ )
+ for rule in range(0, len(rules)):
+ smb_rules_dict = {
+ "client": rules[rule].client,
+ "smb_encryption_required": rules[rule].smb_encryption_required,
+ "anonymous_access_allowed": rules[rule].anonymous_access_allowed,
+ }
+ policy_info[p_name]["rules"].append(smb_rules_dict)
+ if policies[policy].policy_type == "nfs":
+ if nfs_user_mapping:
+ nfs_policy = list(array.get_policies_nfs(names=[p_name]).items)[0]
+ policy_info[p_name][
+ "user_mapping_enabled"
+ ] = nfs_policy.user_mapping_enabled
+ rules = list(
+ array.get_policies_nfs_client_rules(policy_names=[p_name]).items
+ )
+ for rule in range(0, len(rules)):
+ nfs_rules_dict = {
+ "access": rules[rule].access,
+ "permission": rules[rule].permission,
+ "client": rules[rule].client,
+ }
+ policy_info[p_name]["rules"].append(nfs_rules_dict)
+ if policies[policy].policy_type == "snapshot":
+ if HAS_PACKAGING:
+ suffix_enabled = version.parse(
+ array.get_rest_version()
+ ) >= version.parse(SHARED_CAP_API_VERSION)
+ else:
+ suffix_enabled = False
+ rules = list(array.get_policies_snapshot_rules(policy_names=[p_name]).items)
+ for rule in range(0, len(rules)):
+ try:
+ snap_rules_dict = {
+ "at": str(int(rules[rule].at / 3600000)).zfill(2) + ":00",
+ "client_name": rules[rule].client_name,
+ "every": str(int(rules[rule].every / 60000)) + " mins",
+ "keep_for": str(int(rules[rule].keep_for / 60000)) + " mins",
+ }
+ except AttributeError:
+ snap_rules_dict = {
+ "at": None,
+ "client_name": rules[rule].client_name,
+ "every": str(int(rules[rule].every / 60000)) + " mins",
+ "keep_for": str(int(rules[rule].keep_for / 60000)) + " mins",
+ }
+ if suffix_enabled:
+ try:
+ snap_rules_dict["suffix"] = rules[rule].suffix
+ except AttributeError:
+ snap_rules_dict["suffix"] = ""
+ policy_info[p_name]["rules"].append(snap_rules_dict)
+ if policies[policy].policy_type == "quota" and quota_available:
+ rules = list(array.get_policies_quota_rules(policy_names=[p_name]).items)
+ for rule in range(0, len(rules)):
+ quota_rules_dict = {
+ "enforced": rules[rule].enforced,
+ "quota_limit": rules[rule].quota_limit,
+ "notifications": rules[rule].notifications,
+ }
+ policy_info[p_name]["rules"].append(quota_rules_dict)
+ return policy_info
+
+
+def generate_clients_dict(array):
+ clients_info = {}
+ clients = list(array.get_api_clients().items)
+ for client in range(0, len(clients)):
+ c_name = clients[client].name
+ clients_info[c_name] = {
+ "enabled": clients[client].enabled,
+ "TTL(seconds)": clients[client].access_token_ttl_in_ms / 1000,
+ "key_id": clients[client].key_id,
+ "client_id": clients[client].id,
+ "max_role": clients[client].max_role,
+ "public_key": clients[client].public_key,
+ }
+ return clients_info
+
+
+def generate_admin_dict(array):
+ admin_info = {}
+ api_version = array._list_available_rest_versions()
+ if ADMIN_API_VERSION in api_version:
+ admins = array.list_admins()
+ for admin in range(0, len(admins)):
+ admin_name = admins[admin]["name"]
+ admin_info[admin_name] = {
+ "type": admins[admin]["type"],
+ "role": admins[admin]["role"],
+ }
+ return admin_info
+
+
+def generate_subnet_dict(array):
+ sub_info = {}
+ subnets = array.list_subnets()
+ for sub in range(0, len(subnets)):
+ sub_name = subnets[sub]["name"]
+ if subnets[sub]["enabled"]:
+ sub_info[sub_name] = {
+ "gateway": subnets[sub]["gateway"],
+ "mtu": subnets[sub]["mtu"],
+ "vlan": subnets[sub]["vlan"],
+ "prefix": subnets[sub]["prefix"],
+ "interfaces": subnets[sub]["interfaces"],
+ "services": subnets[sub]["services"],
+ }
+ return sub_info
+
+
+def generate_network_dict(module, array):
+ net_info = {}
+ api_version = array._list_available_rest_versions()
+ ports = array.list_network_interfaces()
+ for port in range(0, len(ports)):
+ int_name = ports[port]["name"]
+ net_info[int_name] = {
+ "hwaddr": ports[port]["hwaddr"],
+ "mtu": ports[port]["mtu"],
+ "enabled": ports[port]["enabled"],
+ "speed": ports[port]["speed"],
+ "address": ports[port]["address"],
+ "slaves": ports[port]["slaves"],
+ "services": ports[port]["services"],
+ "gateway": ports[port]["gateway"],
+ "netmask": ports[port]["netmask"],
+ }
+ if ports[port]["subnet"]:
+ subnets = array.get_subnet(ports[port]["subnet"])
+ if subnets["enabled"]:
+ net_info[int_name]["subnet"] = {
+ "name": subnets["name"],
+ "prefix": subnets["prefix"],
+ "vlan": subnets["vlan"],
+ }
+ if NEIGHBOR_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ neighbors = list(arrayv6.get_network_interfaces_neighbors().items)
+ for neighbor in range(0, len(neighbors)):
+ neighbor_info = neighbors[neighbor]
+ int_name = neighbor_info.local_port.name
+ net_info[int_name].update(
+ {
+ "neighbor": {
+ "initial_ttl_in_sec": neighbor_info.initial_ttl_in_sec,
+ "neighbor_port": {
+ "description": getattr(
+ neighbor_info.neighbor_port, "description", None
+ ),
+ "name": getattr(
+ neighbor_info.neighbor_chassis, "name", None
+ ),
+ "id": getattr(
+ neighbor_info.neighbor_port.id, "value", None
+ ),
+ },
+ "neighbor_chassis": {
+ "addresses": getattr(
+ neighbor_info.neighbor_chassis, "addresses", None
+ ),
+ "description": getattr(
+ neighbor_info.neighbor_chassis, "description", None
+ ),
+ "name": getattr(
+ neighbor_info.neighbor_chassis, "name", None
+ ),
+ "bridge": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.bridge,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.bridge,
+ "supported",
+ False,
+ ),
+ },
+ "repeater": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.repeater,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.repeater,
+ "supported",
+ False,
+ ),
+ },
+ "router": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.router,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.router,
+ "supported",
+ False,
+ ),
+ },
+ "station_only": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.station_only,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.station_only,
+ "supported",
+ False,
+ ),
+ },
+ "telephone": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.telephone,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.telephone,
+ "supported",
+ False,
+ ),
+ },
+ "wlan_access_point": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.wlan_access_point,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.wlan_access_point,
+ "supported",
+ False,
+ ),
+ },
+ "docsis_cable_device": {
+ "enabled": getattr(
+ neighbor_info.neighbor_chassis.docsis_cable_device,
+ "enabled",
+ False,
+ ),
+ "supported": getattr(
+ neighbor_info.neighbor_chassis.docsis_cable_device,
+ "supported",
+ False,
+ ),
+ },
+ "id": {
+ "type": getattr(
+ neighbor_info.neighbor_chassis.id,
+ "type",
+ None,
+ ),
+ "value": getattr(
+ neighbor_info.neighbor_chassis.id,
+ "value",
+ None,
+ ),
+ },
+ },
+ }
+ }
+ )
+ return net_info
+
+
+def generate_capacity_dict(module, array):
+ capacity_info = {}
+ api_version = array._list_available_rest_versions()
+ if V6_MINIMUM_API_VERSION in api_version:
+ new_version = bool(SHARED_CAP_API_VERSION in api_version)
+ arrayv6 = get_array(module)
+ total_capacity = list(arrayv6.get_arrays().items)[0].capacity
+ capacity = list(arrayv6.get_arrays_space().items)[0]
+ capacity_info["total_capacity"] = total_capacity
+ if new_version:
+ capacity_info["provisioned_space"] = getattr(
+ capacity.space, "total_provisioned", 0
+ )
+ capacity_info["free_space"] = total_capacity - getattr(
+ capacity.space, "total_physical", 0
+ )
+ capacity_info["data_reduction"] = getattr(
+ capacity.space, "data_reduction", 0
+ )
+ capacity_info["system_space"] = getattr(capacity.space, "system", 0)
+ capacity_info["volume_space"] = getattr(capacity.space, "unique", 0)
+ capacity_info["shared_space"] = getattr(capacity.space, "shared", 0)
+ capacity_info["snapshot_space"] = getattr(capacity.space, "snapshots", 0)
+ capacity_info["thin_provisioning"] = getattr(
+ capacity.space, "thin_provisioning", 0
+ )
+ capacity_info["total_reduction"] = getattr(
+ capacity.space, "total_reduction", 0
+ )
+ capacity_info["replication"] = getattr(capacity.space, "replication", 0)
+ capacity_info["shared_effective"] = getattr(
+ capacity.space, "shared_effective", 0
+ )
+ capacity_info["snapshots_effective"] = getattr(
+ capacity.space, "snapshots_effective", 0
+ )
+ capacity_info["unique_effective"] = getattr(
+ capacity.space, "total_effective", 0
+ )
+ capacity_info["total_effective"] = getattr(
+ capacity.space, "total_effective", 0
+ )
+ capacity_info["used_provisioned"] = getattr(
+ capacity.space, "used_provisioned", 0
+ )
+ else:
+ capacity_info["provisioned_space"] = capacity.space["total_provisioned"]
+ capacity_info["free_space"] = (
+ total_capacity - capacity.space["total_physical"]
+ )
+ capacity_info["data_reduction"] = capacity.space["data_reduction"]
+ capacity_info["system_space"] = capacity.space["system"]
+ capacity_info["volume_space"] = capacity.space["unique"]
+ capacity_info["shared_space"] = capacity.space["shared"]
+ capacity_info["snapshot_space"] = capacity.space["snapshots"]
+ capacity_info["thin_provisioning"] = capacity.space["thin_provisioning"]
+ capacity_info["total_reduction"] = capacity.space["total_reduction"]
+ capacity_info["replication"] = capacity.space["replication"]
+ elif CAP_REQUIRED_API_VERSION in api_version:
+ volumes = array.list_volumes(pending=True)
+ capacity_info["provisioned_space"] = sum(item["size"] for item in volumes)
+ capacity = array.get(space=True)
+ total_capacity = capacity[0]["capacity"]
+ used_space = capacity[0]["total"]
+ capacity_info["free_space"] = total_capacity - used_space
+ capacity_info["total_capacity"] = total_capacity
+ capacity_info["data_reduction"] = capacity[0]["data_reduction"]
+ capacity_info["system_space"] = capacity[0]["system"]
+ capacity_info["volume_space"] = capacity[0]["volumes"]
+ capacity_info["shared_space"] = capacity[0]["shared_space"]
+ capacity_info["snapshot_space"] = capacity[0]["snapshots"]
+ capacity_info["thin_provisioning"] = capacity[0]["thin_provisioning"]
+ capacity_info["total_reduction"] = capacity[0]["total_reduction"]
+ return capacity_info
+
+
+def generate_snap_dict(module, array):
+ snap_info = {}
+ api_version = array._list_available_rest_versions()
+ if FC_REPL_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ snapsv6 = list(arrayv6.get_volume_snapshots(destroyed=False).items)
+ snaps = array.list_volumes(snap=True)
+ for snap in range(0, len(snaps)):
+ snapshot = snaps[snap]["name"]
+ snap_info[snapshot] = {
+ "size": snaps[snap]["size"],
+ "source": snaps[snap]["source"],
+ "created": snaps[snap]["created"],
+ "tags": [],
+ "remote": [],
+ }
+ if FC_REPL_API_VERSION in api_version:
+ for snap in range(0, len(snapsv6)):
+ snapshot = snapsv6[snap].name
+ snap_info[snapshot]["snapshot_space"] = snapsv6[snap].space.snapshots
+ snap_info[snapshot]["used_provisioned"] = (
+ getattr(snapsv6[snap].space, "used_provisioned", None),
+ )
+ snap_info[snapshot]["total_physical"] = snapsv6[snap].space.total_physical
+ snap_info[snapshot]["total_provisioned"] = snapsv6[
+ snap
+ ].space.total_provisioned
+ snap_info[snapshot]["unique_space"] = snapsv6[snap].space.unique
+ if SHARED_CAP_API_VERSION in api_version:
+ snap_info[snapshot]["snapshots_effective"] = snapsv6[
+ snap
+ ].space.snapshots_effective
+ offloads = list(arrayv6.get_offloads().items)
+ for offload in range(0, len(offloads)):
+ offload_name = offloads[offload].name
+ check_offload = arrayv6.get_remote_volume_snapshots(on=offload_name)
+ if check_offload.status_code == 200:
+ remote_snaps = list(
+ arrayv6.get_remote_volume_snapshots(
+ on=offload_name, destroyed=False
+ ).items
+ )
+ for remote_snap in range(0, len(remote_snaps)):
+ remote_snap_name = remote_snaps[remote_snap].name.split(":")[1]
+ remote_transfer = list(
+ arrayv6.get_remote_volume_snapshots_transfer(
+ on=offload_name, names=[remote_snaps[remote_snap].name]
+ ).items
+ )[0]
+ remote_dict = {
+ "source": remote_snaps[remote_snap].source.name,
+ "suffix": remote_snaps[remote_snap].suffix,
+ "size": remote_snaps[remote_snap].provisioned,
+ "data_transferred": remote_transfer.data_transferred,
+ "completed": time.strftime(
+ "%Y-%m-%d %H:%M:%S",
+ time.gmtime(remote_transfer.completed / 1000),
+ )
+ + " UTC",
+ "physical_bytes_written": remote_transfer.physical_bytes_written,
+ "progress": remote_transfer.progress,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S",
+ time.gmtime(remote_snaps[remote_snap].created / 1000),
+ )
+ + " UTC",
+ }
+ try:
+ snap_info[remote_snap_name]["remote"].append(remote_dict)
+ except KeyError:
+ snap_info[remote_snap_name] = {"remote": []}
+ snap_info[remote_snap_name]["remote"].append(remote_dict)
+ if ACTIVE_DR_API in api_version:
+ snaptags = array.list_volumes(snap=True, tags=True, namespace="*")
+ for snaptag in range(0, len(snaptags)):
+ if snaptags[snaptag]["namespace"] != "vasa-integration.purestorage.com":
+ snapname = snaptags[snaptag]["name"]
+ tagdict = {
+ "key": snaptags[snaptag]["key"],
+ "value": snaptags[snaptag]["value"],
+ "namespace": snaptags[snaptag]["namespace"],
+ }
+ snap_info[snapname]["tags"].append(tagdict)
+ return snap_info
+
+
+def generate_del_snap_dict(module, array):
+ snap_info = {}
+ api_version = array._list_available_rest_versions()
+ if FC_REPL_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ snapsv6 = list(arrayv6.get_volume_snapshots(destroyed=True).items)
+ snaps = array.list_volumes(snap=True, pending_only=True)
+ for snap in range(0, len(snaps)):
+ snapshot = snaps[snap]["name"]
+ snap_info[snapshot] = {
+ "size": snaps[snap]["size"],
+ "source": snaps[snap]["source"],
+ "created": snaps[snap]["created"],
+ "time_remaining": snaps[snap]["time_remaining"],
+ "tags": [],
+ "remote": [],
+ }
+ if FC_REPL_API_VERSION in api_version:
+ for snap in range(0, len(snapsv6)):
+ snapshot = snapsv6[snap].name
+ snap_info[snapshot]["snapshot_space"] = snapsv6[snap].space.snapshots
+ snap_info[snapshot]["used_provisioned"] = (
+ getattr(snapsv6[snap].space, "used_provisioned", None),
+ )
+ snap_info[snapshot]["total_physical"] = snapsv6[snap].space.total_physical
+ snap_info[snapshot]["total_provisioned"] = snapsv6[
+ snap
+ ].space.total_provisioned
+ snap_info[snapshot]["unique_space"] = snapsv6[snap].space.unique
+ offloads = list(arrayv6.get_offloads().items)
+ for offload in range(0, len(offloads)):
+ offload_name = offloads[offload].name
+ check_offload = arrayv6.get_remote_volume_snapshots(on=offload_name)
+ if check_offload.status_code == 200:
+ remote_snaps = list(
+ arrayv6.get_remote_volume_snapshots(
+ on=offload_name, destroyed=True
+ ).items
+ )
+ for remote_snap in range(0, len(remote_snaps)):
+ remote_snap_name = remote_snaps[remote_snap].name.split(":")[1]
+ remote_transfer = list(
+ arrayv6.get_remote_volume_snapshots_transfer(
+ on=offload_name, names=[remote_snaps[remote_snap].name]
+ ).items
+ )[0]
+ remote_dict = {
+ "source": remote_snaps[remote_snap].source.name,
+ "suffix": remote_snaps[remote_snap].suffix,
+ "size": remote_snaps[remote_snap].provisioned,
+ "data_transferred": remote_transfer.data_transferred,
+ "completed": time.strftime(
+ "%Y-%m-%d %H:%M:%S",
+ time.gmtime(remote_transfer.completed / 1000),
+ )
+ + " UTC",
+ "physical_bytes_written": remote_transfer.physical_bytes_written,
+ "progress": remote_transfer.progress,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S",
+ time.gmtime(remote_snaps[remote_snap].created / 1000),
+ )
+ + " UTC",
+ }
+ try:
+ snap_info[remote_snap_name]["remote"].append(remote_dict)
+ except KeyError:
+ snap_info[remote_snap_name] = {"remote": []}
+ snap_info[remote_snap_name]["remote"].append(remote_dict)
+ if ACTIVE_DR_API in api_version:
+ snaptags = array.list_volumes(
+ snap=True, tags=True, pending_only=True, namespace="*"
+ )
+ for snaptag in range(0, len(snaptags)):
+ if snaptags[snaptag]["namespace"] != "vasa-integration.purestorage.com":
+ snapname = snaptags[snaptag]["name"]
+ tagdict = {
+ "key": snaptags[snaptag]["key"],
+ "value": snaptags[snaptag]["value"],
+ "namespace": snaptags[snaptag]["namespace"],
+ }
+ snap_info[snapname]["tags"].append(tagdict)
+ return snap_info
+
+
+def generate_del_vol_dict(module, array):
+ volume_info = {}
+ api_version = array._list_available_rest_versions()
+ vols = array.list_volumes(pending_only=True)
+ for vol in range(0, len(vols)):
+ volume = vols[vol]["name"]
+ volume_info[volume] = {
+ "size": vols[vol]["size"],
+ "source": vols[vol]["source"],
+ "created": vols[vol]["created"],
+ "serial": vols[vol]["serial"],
+ "page83_naa": PURE_OUI + vols[vol]["serial"],
+ "nvme_nguid": "eui.00"
+ + vols[vol]["serial"][0:14].lower()
+ + "24a937"
+ + vols[vol]["serial"][-10:].lower(),
+ "time_remaining": vols[vol]["time_remaining"],
+ "tags": [],
+ }
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ vols_space = list(arrayv6.get_volumes_space(destroyed=True).items)
+ for vol in range(0, len(vols_space)):
+ name = vols_space[vol].name
+ volume_info[name]["snapshots_space"] = vols_space[vol].space.snapshots
+ # Provide system as this matches the old naming convention
+ volume_info[name]["system"] = vols_space[vol].space.unique
+ volume_info[name]["unique_space"] = vols_space[vol].space.unique
+ volume_info[name]["virtual_space"] = vols_space[vol].space.virtual
+ volume_info[name]["total_physical_space"] = vols_space[
+ vol
+ ].space.total_physical
+ volume_info[name]["data_reduction"] = vols_space[vol].space.data_reduction
+ volume_info[name]["total_reduction"] = vols_space[vol].space.total_reduction
+ volume_info[name]["total_provisioned"] = vols_space[
+ vol
+ ].space.total_provisioned
+ volume_info[name]["thin_provisioning"] = vols_space[
+ vol
+ ].space.thin_provisioning
+ if SHARED_CAP_API_VERSION in api_version:
+ volume_info[name]["snapshots_effective"] = vols_space[
+ vol
+ ].space.snapshots_effective
+ volume_info[name]["unique_effective"] = vols_space[
+ vol
+ ].space.unique_effective
+ volume_info[name]["used_provisioned"] = (
+ getattr(vols_space[vol].space, "used_provisioned", None),
+ )
+ if ACTIVE_DR_API in api_version:
+ voltags = array.list_volumes(tags=True, pending_only=True)
+ for voltag in range(0, len(voltags)):
+ if voltags[voltag]["namespace"] != "vasa-integration.purestorage.com":
+ volume = voltags[voltag]["name"]
+ tagdict = {
+ "key": voltags[voltag]["key"],
+ "value": voltags[voltag]["value"],
+ "copyable": voltags[voltag]["copyable"],
+ "namespace": voltags[voltag]["namespace"],
+ }
+ volume_info[volume]["tags"].append(tagdict)
+ if SAFE_MODE_VERSION in api_version:
+ volumes = list(arrayv6.get_volumes(destroyed=True).items)
+ for vol in range(0, len(volumes)):
+ name = volumes[vol].name
+ volume_info[name]["priority"] = volumes[vol].priority
+ volume_info[name]["priority_adjustment"] = volumes[
+ vol
+ ].priority_adjustment.priority_adjustment_operator + str(
+ volumes[vol].priority_adjustment.priority_adjustment_value
+ )
+ return volume_info
+
+
+def generate_vol_dict(module, array):
+ volume_info = {}
+ vols_space = array.list_volumes(space=True)
+ vols = array.list_volumes()
+ for vol in range(0, len(vols)):
+ volume = vols[vol]["name"]
+ volume_info[volume] = {
+ "protocol_endpoint": False,
+ "source": vols[vol]["source"],
+ "size": vols[vol]["size"],
+ "serial": vols[vol]["serial"],
+ "page83_naa": PURE_OUI + vols[vol]["serial"],
+ "nvme_nguid": "eui.00"
+ + vols[vol]["serial"][0:14].lower()
+ + "24a937"
+ + vols[vol]["serial"][-10:].lower(),
+ "tags": [],
+ "hosts": [],
+ "bandwidth": "",
+ "iops_limit": "",
+ "data_reduction": vols_space[vol]["data_reduction"],
+ "thin_provisioning": vols_space[vol]["thin_provisioning"],
+ "total_reduction": vols_space[vol]["total_reduction"],
+ }
+ api_version = array._list_available_rest_versions()
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ vols_space = list(arrayv6.get_volumes_space(destroyed=False).items)
+ for vol in range(0, len(vols_space)):
+ name = vols_space[vol].name
+ volume_info[name]["snapshots_space"] = vols_space[vol].space.snapshots
+ # Provide system as this matches the old naming convention
+ volume_info[name]["system"] = vols_space[vol].space.unique
+ volume_info[name]["unique_space"] = vols_space[vol].space.unique
+ volume_info[name]["virtual_space"] = vols_space[vol].space.virtual
+ volume_info[name]["total_physical_space"] = vols_space[
+ vol
+ ].space.total_physical
+ if SHARED_CAP_API_VERSION in api_version:
+ volume_info[name]["snapshots_effective"] = vols_space[
+ vol
+ ].space.snapshots_effective
+ volume_info[name]["unique_effective"] = vols_space[
+ vol
+ ].space.unique_effective
+ volume_info[name]["total_effective"] = vols_space[
+ vol
+ ].space.total_effective
+ volume_info[name]["used_provisioned"] = (
+ getattr(vols_space[vol].space, "used_provisioned", None),
+ )
+ if AC_REQUIRED_API_VERSION in api_version:
+ qvols = array.list_volumes(qos=True)
+ for qvol in range(0, len(qvols)):
+ volume = qvols[qvol]["name"]
+ qos = qvols[qvol]["bandwidth_limit"]
+ volume_info[volume]["bandwidth"] = qos
+ if P53_API_VERSION in api_version:
+ iops = qvols[qvol]["iops_limit"]
+ volume_info[volume]["iops_limit"] = iops
+ vvols = array.list_volumes(protocol_endpoint=True)
+ for vvol in range(0, len(vvols)):
+ volume = vvols[vvol]["name"]
+ volume_info[volume] = {
+ "protocol_endpoint": True,
+ "host_encryption_key_status": None,
+ "source": vvols[vvol]["source"],
+ "serial": vvols[vvol]["serial"],
+ "nvme_nguid": "eui.00"
+ + vols[vol]["serial"][0:14].lower()
+ + "24a937"
+ + vols[vol]["serial"][-10:].lower(),
+ "page83_naa": PURE_OUI + vvols[vvol]["serial"],
+ "tags": [],
+ "hosts": [],
+ }
+ if P53_API_VERSION in array._list_available_rest_versions():
+ e2ees = array.list_volumes(host_encryption_key=True)
+ for e2ee in range(0, len(e2ees)):
+ volume = e2ees[e2ee]["name"]
+ volume_info[volume]["host_encryption_key_status"] = e2ees[e2ee][
+ "host_encryption_key_status"
+ ]
+ if SAFE_MODE_VERSION in api_version:
+ volumes = list(arrayv6.get_volumes(destroyed=False).items)
+ for vol in range(0, len(volumes)):
+ name = volumes[vol].name
+ volume_info[name]["priority"] = volumes[vol].priority
+ volume_info[name]["priority_adjustment"] = volumes[
+ vol
+ ].priority_adjustment.priority_adjustment_operator + str(
+ volumes[vol].priority_adjustment.priority_adjustment_value
+ )
+ cvols = array.list_volumes(connect=True)
+ for cvol in range(0, len(cvols)):
+ volume = cvols[cvol]["name"]
+ voldict = {"host": cvols[cvol]["host"], "lun": cvols[cvol]["lun"]}
+ volume_info[volume]["hosts"].append(voldict)
+ if ACTIVE_DR_API in api_version:
+ voltags = array.list_volumes(tags=True)
+ for voltag in range(0, len(voltags)):
+ if voltags[voltag]["namespace"] != "vasa-integration.purestorage.com":
+ volume = voltags[voltag]["name"]
+ tagdict = {
+ "key": voltags[voltag]["key"],
+ "value": voltags[voltag]["value"],
+ "copyable": voltags[voltag]["copyable"],
+ "namespace": voltags[voltag]["namespace"],
+ }
+ volume_info[volume]["tags"].append(tagdict)
+ return volume_info
+
+
+def generate_host_dict(module, array):
+ api_version = array._list_available_rest_versions()
+ host_info = {}
+ hosts = array.list_hosts()
+ for host in range(0, len(hosts)):
+ hostname = hosts[host]["name"]
+ tports = []
+ all_tports = []
+ host_all_info = None
+ try:
+ host_all_info = array.get_host(hostname, all=True)
+ except purestorage.PureHTTPError as err:
+ if err.code == 400:
+ continue
+ if host_all_info:
+ for tport in range(0, len(host_all_info)):
+ for itport in range(0, len(host_all_info[tport]["target_port"])):
+ tports.append(host_all_info[tport]["target_port"][itport])
+ all_tports = list(dict.fromkeys(tports))
+ host_info[hostname] = {
+ "hgroup": hosts[host]["hgroup"],
+ "iqn": hosts[host]["iqn"],
+ "wwn": hosts[host]["wwn"],
+ "personality": array.get_host(hostname, personality=True)["personality"],
+ "target_port": all_tports,
+ "volumes": [],
+ }
+ host_connections = array.list_host_connections(hostname)
+ for connection in range(0, len(host_connections)):
+ connection_dict = {
+ "hostgroup": host_connections[connection]["hgroup"],
+ "volume": host_connections[connection]["vol"],
+ "lun": host_connections[connection]["lun"],
+ }
+ host_info[hostname]["volumes"].append(connection_dict)
+ if host_info[hostname]["iqn"]:
+ chap_data = array.get_host(hostname, chap=True)
+ host_info[hostname]["target_user"] = chap_data["target_user"]
+ host_info[hostname]["host_user"] = chap_data["host_user"]
+ if NVME_API_VERSION in api_version:
+ host_info[hostname]["nqn"] = hosts[host]["nqn"]
+ if PREFERRED_API_VERSION in api_version:
+ hosts = array.list_hosts(preferred_array=True)
+ for host in range(0, len(hosts)):
+ hostname = hosts[host]["name"]
+ host_info[hostname]["preferred_array"] = hosts[host]["preferred_array"]
+ if VLAN_VERSION in api_version:
+ arrayv6 = get_array(module)
+ hosts = list(arrayv6.get_hosts().items)
+ for host in range(0, len(hosts)):
+ if hosts[host].is_local:
+ hostname = hosts[host].name
+ host_info[hostname]["vlan"] = getattr(hosts[host], "vlan", None)
+ return host_info
+
+
+def generate_pgroups_dict(module, array):
+ pgroups_info = {}
+ api_version = array._list_available_rest_versions()
+ pgroups = array.list_pgroups()
+ if SHARED_CAP_API_VERSION in api_version:
+ array_v6 = get_array(module)
+ deleted_enabled = True
+ else:
+ deleted_enabled = False
+ for pgroup in range(0, len(pgroups)):
+ protgroup = pgroups[pgroup]["name"]
+ pgroups_info[protgroup] = {
+ "hgroups": pgroups[pgroup]["hgroups"],
+ "hosts": pgroups[pgroup]["hosts"],
+ "source": pgroups[pgroup]["source"],
+ "targets": pgroups[pgroup]["targets"],
+ "volumes": pgroups[pgroup]["volumes"],
+ }
+ try:
+ prot_sched = array.get_pgroup(protgroup, schedule=True)
+ prot_reten = array.get_pgroup(protgroup, retention=True)
+ snap_transfers = array.get_pgroup(
+ protgroup, snap=True, transfer=True, pending=True
+ )
+ except purestorage.PureHTTPError as err:
+ if err.code == 400:
+ continue
+ if prot_sched["snap_enabled"] or prot_sched["replicate_enabled"]:
+ pgroups_info[protgroup]["snap_frequency"] = prot_sched["snap_frequency"]
+ pgroups_info[protgroup]["replicate_frequency"] = prot_sched[
+ "replicate_frequency"
+ ]
+ pgroups_info[protgroup]["snap_enabled"] = prot_sched["snap_enabled"]
+ pgroups_info[protgroup]["replicate_enabled"] = prot_sched[
+ "replicate_enabled"
+ ]
+ pgroups_info[protgroup]["snap_at"] = prot_sched["snap_at"]
+ pgroups_info[protgroup]["replicate_at"] = prot_sched["replicate_at"]
+ pgroups_info[protgroup]["replicate_blackout"] = prot_sched[
+ "replicate_blackout"
+ ]
+ pgroups_info[protgroup]["per_day"] = prot_reten["per_day"]
+ pgroups_info[protgroup]["target_per_day"] = prot_reten["target_per_day"]
+ pgroups_info[protgroup]["target_days"] = prot_reten["target_days"]
+ pgroups_info[protgroup]["days"] = prot_reten["days"]
+ pgroups_info[protgroup]["all_for"] = prot_reten["all_for"]
+ pgroups_info[protgroup]["target_all_for"] = prot_reten["target_all_for"]
+ pgroups_info[protgroup]["snaps"] = {}
+ for snap_transfer in range(0, len(snap_transfers)):
+ snap = snap_transfers[snap_transfer]["name"]
+ pgroups_info[protgroup]["snaps"][snap] = {
+ "time_remaining": snap_transfers[snap_transfer]["time_remaining"],
+ "created": snap_transfers[snap_transfer]["created"],
+ "started": snap_transfers[snap_transfer]["started"],
+ "completed": snap_transfers[snap_transfer]["completed"],
+ "physical_bytes_written": snap_transfers[snap_transfer][
+ "physical_bytes_written"
+ ],
+ "data_transferred": snap_transfers[snap_transfer]["data_transferred"],
+ "progress": snap_transfers[snap_transfer]["progress"],
+ }
+ if deleted_enabled:
+ pgroups_info[protgroup]["deleted_volumes"] = []
+ volumes = list(
+ array_v6.get_protection_groups_volumes(group_names=[protgroup]).items
+ )
+ if volumes:
+ for volume in range(0, len(volumes)):
+ if volumes[volume].member["destroyed"]:
+ pgroups_info[protgroup]["deleted_volumes"].append(
+ volumes[volume].member["name"]
+ )
+ else:
+ pgroups_info[protgroup]["deleted_volumes"] = None
+ if PER_PG_VERSION in api_version:
+ try:
+ pgroups_info[protgroup]["retention_lock"] = list(
+ array_v6.get_protection_groups(names=[protgroup]).items
+ )[0].retention_lock
+ pgroups_info[protgroup]["manual_eradication"] = list(
+ array_v6.get_protection_groups(names=[protgroup]).items
+ )[0].eradication_config.manual_eradication
+ except Exception:
+ pass
+ if V6_MINIMUM_API_VERSION in api_version:
+ pgroups = list(array_v6.get_protection_groups().items)
+ for pgroup in range(0, len(pgroups)):
+ name = pgroups[pgroup].name
+ pgroups_info[name]["snapshots"] = getattr(
+ pgroups[pgroup].space, "snapshots", None
+ )
+ pgroups_info[name]["shared"] = getattr(
+ pgroups[pgroup].space, "shared", None
+ )
+ pgroups_info[name]["data_reduction"] = getattr(
+ pgroups[pgroup].space, "data_reduction", None
+ )
+ pgroups_info[name]["thin_provisioning"] = getattr(
+ pgroups[pgroup].space, "thin_provisioning", None
+ )
+ pgroups_info[name]["total_physical"] = getattr(
+ pgroups[pgroup].space, "total_physical", None
+ )
+ pgroups_info[name]["total_provisioned"] = getattr(
+ pgroups[pgroup].space, "total_provisioned", None
+ )
+ pgroups_info[name]["total_reduction"] = getattr(
+ pgroups[pgroup].space, "total_reduction", None
+ )
+ pgroups_info[name]["unique"] = getattr(
+ pgroups[pgroup].space, "unique", None
+ )
+ pgroups_info[name]["virtual"] = getattr(
+ pgroups[pgroup].space, "virtual", None
+ )
+ pgroups_info[name]["replication"] = getattr(
+ pgroups[pgroup].space, "replication", None
+ )
+ pgroups_info[name]["used_provisioned"] = getattr(
+ pgroups[pgroup].space, "used_provisioned", None
+ )
+ return pgroups_info
+
+
+def generate_rl_dict(module, array):
+ rl_info = {}
+ api_version = array._list_available_rest_versions()
+ if ACTIVE_DR_API in api_version:
+ try:
+ rlinks = array.list_pod_replica_links()
+ for rlink in range(0, len(rlinks)):
+ link_name = rlinks[rlink]["local_pod_name"]
+ since_epoch = rlinks[rlink]["recovery_point"] / 1000
+ recovery_datatime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(since_epoch)
+ )
+ rl_info[link_name] = {
+ "status": rlinks[rlink]["status"],
+ "direction": rlinks[rlink]["direction"],
+ "lag": str(rlinks[rlink]["lag"] / 1000) + "s",
+ "remote_pod_name": rlinks[rlink]["remote_pod_name"],
+ "remote_names": rlinks[rlink]["remote_names"],
+ "recovery_point": recovery_datatime,
+ }
+ except Exception:
+ module.warn("Replica Links info requires purestorage SDK 1.19 or hisher")
+ return rl_info
+
+
+def generate_del_pods_dict(module, array):
+ pods_info = {}
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version:
+ pods = array.list_pods(mediator=True, pending_only=True)
+ for pod in range(0, len(pods)):
+ acpod = pods[pod]["name"]
+ pods_info[acpod] = {
+ "source": pods[pod]["source"],
+ "arrays": pods[pod]["arrays"],
+ "mediator": pods[pod]["mediator"],
+ "mediator_version": pods[pod]["mediator_version"],
+ "time_remaining": pods[pod]["time_remaining"],
+ }
+ if ACTIVE_DR_API in api_version:
+ if pods_info[acpod]["arrays"][0]["frozen_at"]:
+ frozen_time = pods_info[acpod]["arrays"][0]["frozen_at"] / 1000
+ frozen_datetime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(frozen_time)
+ )
+ pods_info[acpod]["arrays"][0]["frozen_at"] = frozen_datetime
+ pods_info[acpod]["link_source_count"] = pods[pod]["link_source_count"]
+ pods_info[acpod]["link_target_count"] = pods[pod]["link_target_count"]
+ pods_info[acpod]["promotion_status"] = pods[pod]["promotion_status"]
+ pods_info[acpod]["requested_promotion_state"] = pods[pod][
+ "requested_promotion_state"
+ ]
+ if PREFERRED_API_VERSION in api_version:
+ pods_fp = array.list_pods(failover_preference=True, pending_only=True)
+ for pod in range(0, len(pods_fp)):
+ acpod = pods_fp[pod]["name"]
+ pods_info[acpod]["failover_preference"] = pods_fp[pod][
+ "failover_preference"
+ ]
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ pods = list(arrayv6.get_pods(destroyed=True).items)
+ for pod in range(0, len(pods)):
+ name = pods[pod].name
+ pods_info[name]["snapshots"] = pods[pod].space.snapshots
+ pods_info[name]["shared"] = pods[pod].space.shared
+ pods_info[name]["data_reduction"] = pods[pod].space.data_reduction
+ pods_info[name]["thin_provisioning"] = pods[pod].space.thin_provisioning
+ pods_info[name]["total_physical"] = pods[pod].space.total_physical
+ pods_info[name]["total_provisioned"] = pods[pod].space.total_provisioned
+ pods_info[name]["total_reduction"] = pods[pod].space.total_reduction
+ pods_info[name]["unique"] = pods[pod].space.unique
+ pods_info[name]["virtual"] = pods[pod].space.virtual
+ pods_info[name]["replication"] = pods[pod].space.replication
+ pods_info[name]["used_provisioned"] = getattr(
+ pods[pod].space, "used_provisioned", None
+ )
+ if POD_QUOTA_VERSION in api_version:
+ pods_info[name]["quota_limit"] = pods[pod].quota_limit
+ return pods_info
+
+
+def generate_pods_dict(module, array):
+ pods_info = {}
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version:
+ pods = array.list_pods(mediator=True)
+ for pod in range(0, len(pods)):
+ acpod = pods[pod]["name"]
+ pods_info[acpod] = {
+ "source": pods[pod]["source"],
+ "arrays": pods[pod]["arrays"],
+ "mediator": pods[pod]["mediator"],
+ "mediator_version": pods[pod]["mediator_version"],
+ }
+ if ACTIVE_DR_API in api_version:
+ if pods_info[acpod]["arrays"][0]["frozen_at"]:
+ frozen_time = pods_info[acpod]["arrays"][0]["frozen_at"] / 1000
+ frozen_datetime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(frozen_time)
+ )
+ pods_info[acpod]["arrays"][0]["frozen_at"] = frozen_datetime
+ pods_info[acpod]["link_source_count"] = pods[pod]["link_source_count"]
+ pods_info[acpod]["link_target_count"] = pods[pod]["link_target_count"]
+ pods_info[acpod]["promotion_status"] = pods[pod]["promotion_status"]
+ pods_info[acpod]["requested_promotion_state"] = pods[pod][
+ "requested_promotion_state"
+ ]
+ if PREFERRED_API_VERSION in api_version:
+ pods_fp = array.list_pods(failover_preference=True)
+ for pod in range(0, len(pods_fp)):
+ acpod = pods_fp[pod]["name"]
+ pods_info[acpod]["failover_preference"] = pods_fp[pod][
+ "failover_preference"
+ ]
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ pods = list(arrayv6.get_pods(destroyed=False).items)
+ for pod in range(0, len(pods)):
+ name = pods[pod].name
+ pods_info[name]["snapshots"] = getattr(
+ pods[pod].space, "snapshots", None
+ )
+ pods_info[name]["shared"] = getattr(pods[pod].space, "shared", None)
+ pods_info[name]["data_reduction"] = getattr(
+ pods[pod].space, "data_reduction", None
+ )
+ pods_info[name]["thin_provisioning"] = getattr(
+ pods[pod].space, "thin_provisioning", None
+ )
+ pods_info[name]["total_physical"] = getattr(
+ pods[pod].space, "total_physical", None
+ )
+ pods_info[name]["total_provisioned"] = getattr(
+ pods[pod].space, "total_provisioned", None
+ )
+ pods_info[name]["total_reduction"] = getattr(
+ pods[pod].space, "total_reduction", None
+ )
+ pods_info[name]["unique"] = getattr(pods[pod].space, "unique", None)
+ pods_info[name]["virtual"] = getattr(pods[pod].space, "virtual", None)
+ pods_info[name]["replication"] = getattr(
+ pods[pod].space, "replication", None
+ )
+ pods_info[name]["used_provisioned"] = getattr(
+ pods[pod].space, "used_provisioned", None
+ )
+ return pods_info
+
+
+def generate_conn_array_dict(module, array):
+ conn_array_info = {}
+ api_version = array._list_available_rest_versions()
+ if FC_REPL_API_VERSION not in api_version:
+ carrays = array.list_array_connections()
+ for carray in range(0, len(carrays)):
+ arrayname = carrays[carray]["array_name"]
+ conn_array_info[arrayname] = {
+ "array_id": carrays[carray]["id"],
+ "throttled": carrays[carray]["throttled"],
+ "version": carrays[carray]["version"],
+ "type": carrays[carray]["type"],
+ "mgmt_ip": carrays[carray]["management_address"],
+ "repl_ip": carrays[carray]["replication_address"],
+ }
+ if P53_API_VERSION in api_version:
+ conn_array_info[arrayname]["status"] = carrays[carray]["status"]
+ else:
+ conn_array_info[arrayname]["connected"] = carrays[carray]["connected"]
+ throttles = array.list_array_connections(throttle=True)
+ for throttle in range(0, len(throttles)):
+ arrayname = throttles[throttle]["array_name"]
+ if conn_array_info[arrayname]["throttled"]:
+ conn_array_info[arrayname]["throttling"] = {
+ "default_limit": throttles[throttle]["default_limit"],
+ "window_limit": throttles[throttle]["window_limit"],
+ "window": throttles[throttle]["window"],
+ }
+ else:
+ arrayv6 = get_array(module)
+ carrays = list(arrayv6.get_array_connections().items)
+ for carray in range(0, len(carrays)):
+ arrayname = carrays[carray].name
+ conn_array_info[arrayname] = {
+ "array_id": carrays[carray].id,
+ "version": getattr(carrays[carray], "version", None),
+ "status": carrays[carray].status,
+ "type": carrays[carray].type,
+ "mgmt_ip": getattr(carrays[carray], "management_address", "-"),
+ "repl_ip": getattr(carrays[carray], "replication_addresses", "-"),
+ "transport": carrays[carray].replication_transport,
+ }
+
+ if bool(carrays[carray].throttle.to_dict()):
+ conn_array_info[arrayname]["throttled"] = True
+ conn_array_info[arrayname]["throttling"] = {}
+ try:
+ if bool(carrays[carray].throttle.window):
+ conn_array_info[arrayname]["throttling"]["window"] = carrays[
+ carray
+ ].throttle.window.to_dict()
+ except AttributeError:
+ pass
+ try:
+ if bool(carrays[carray].throttle.default_limit):
+ conn_array_info[arrayname]["throttling"][
+ "default_limit"
+ ] = carrays[carray].throttle.default_limit
+ except AttributeError:
+ pass
+ try:
+ if bool(carrays[carray].throttle.window_limit):
+ conn_array_info[arrayname]["throttling"][
+ "window_limit"
+ ] = carrays[carray].throttle.window_limit
+ except AttributeError:
+ pass
+ else:
+ conn_array_info[arrayname]["throttled"] = False
+ return conn_array_info
+
+
+def generate_apps_dict(array):
+ apps_info = {}
+ api_version = array._list_available_rest_versions()
+ if SAN_REQUIRED_API_VERSION in api_version:
+ apps = array.list_apps()
+ for app in range(0, len(apps)):
+ appname = apps[app]["name"]
+ apps_info[appname] = {
+ "version": apps[app]["version"],
+ "status": apps[app]["status"],
+ "description": apps[app]["description"],
+ }
+ if P53_API_VERSION in api_version:
+ app_nodes = array.list_app_nodes()
+ for app in range(0, len(app_nodes)):
+ appname = app_nodes[app]["name"]
+ apps_info[appname]["index"] = app_nodes[app]["index"]
+ apps_info[appname]["vnc"] = app_nodes[app]["vnc"]
+ return apps_info
+
+
+def generate_vgroups_dict(module, array):
+ vgroups_info = {}
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version:
+ vgroups = array.list_vgroups(pending=False)
+ for vgroup in range(0, len(vgroups)):
+ virtgroup = vgroups[vgroup]["name"]
+ vgroups_info[virtgroup] = {
+ "volumes": vgroups[vgroup]["volumes"],
+ }
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ vgroups = list(arrayv6.get_volume_groups(destroyed=False).items)
+ for vgroup in range(0, len(vgroups)):
+ name = vgroups[vgroup].name
+ vgroups_info[name]["snapshots_space"] = vgroups[vgroup].space.snapshots
+ # Provide system as this matches the old naming convention
+ vgroups_info[name]["system"] = vgroups[vgroup].space.unique
+ vgroups_info[name]["unique_space"] = vgroups[vgroup].space.unique
+ vgroups_info[name]["virtual_space"] = vgroups[vgroup].space.virtual
+ vgroups_info[name]["data_reduction"] = vgroups[vgroup].space.data_reduction
+ vgroups_info[name]["total_reduction"] = vgroups[
+ vgroup
+ ].space.total_reduction
+ vgroups_info[name]["total_provisioned"] = vgroups[
+ vgroup
+ ].space.total_provisioned
+ vgroups_info[name]["thin_provisioning"] = vgroups[
+ vgroup
+ ].space.thin_provisioning
+ vgroups_info[name]["used_provisioned"] = (
+ getattr(vgroups[vgroup].space, "used_provisioned", None),
+ )
+ vgroups_info[name]["bandwidth_limit"] = getattr(
+ vgroups[vgroup].qos, "bandwidth_limit", ""
+ )
+ vgroups_info[name]["iops_limit"] = getattr(
+ vgroups[vgroup].qos, "iops_limit", ""
+ )
+ if SAFE_MODE_VERSION in api_version:
+ for vgroup in range(0, len(vgroups)):
+ name = vgroups[vgroup].name
+ vgroups_info[name]["priority_adjustment"] = vgroups[
+ vgroup
+ ].priority_adjustment.priority_adjustment_operator + str(
+ vgroups[vgroup].priority_adjustment.priority_adjustment_value
+ )
+ return vgroups_info
+
+
+def generate_del_vgroups_dict(module, array):
+ vgroups_info = {}
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version:
+ vgroups = array.list_vgroups(pending_only=True)
+ for vgroup in range(0, len(vgroups)):
+ virtgroup = vgroups[vgroup]["name"]
+ vgroups_info[virtgroup] = {
+ "volumes": vgroups[vgroup]["volumes"],
+ }
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ vgroups = list(arrayv6.get_volume_groups(destroyed=True).items)
+ for vgroup in range(0, len(vgroups)):
+ name = vgroups[vgroup].name
+ vgroups_info[name]["snapshots_space"] = vgroups[vgroup].space.snapshots
+ # Provide system as this matches the old naming convention
+ vgroups_info[name]["system"] = vgroups[vgroup].space.unique
+ vgroups_info[name]["unique_space"] = vgroups[vgroup].space.unique
+ vgroups_info[name]["virtual_space"] = vgroups[vgroup].space.virtual
+ vgroups_info[name]["data_reduction"] = vgroups[vgroup].space.data_reduction
+ vgroups_info[name]["total_reduction"] = vgroups[
+ vgroup
+ ].space.total_reduction
+ vgroups_info[name]["total_provisioned"] = vgroups[
+ vgroup
+ ].space.total_provisioned
+ vgroups_info[name]["thin_provisioning"] = vgroups[
+ vgroup
+ ].space.thin_provisioning
+ vgroups_info[name]["used_provisioned"] = (
+ getattr(vgroups[vgroup].space, "used_provisioned", None),
+ )
+ vgroups_info[name]["time_remaining"] = (vgroups[vgroup].time_remaining,)
+ vgroups_info[name]["bandwidth_limit"] = getattr(
+ vgroups[vgroup].qos, "bandwidth_limit", ""
+ )
+ vgroups_info[name]["iops_limit"] = getattr(
+ vgroups[vgroup].qos, "iops_limit", ""
+ )
+ if SAFE_MODE_VERSION in api_version:
+ for vgroup in range(0, len(vgroups)):
+ name = vgroups[vgroup].name
+ vgroups_info[name]["priority_adjustment"] = vgroups[
+ vgroup
+ ].priority_adjustment.priority_adjustment_operator + str(
+ vgroups[vgroup].priority_adjustment.priority_adjustment_value
+ )
+ return vgroups_info
+
+
+def generate_certs_dict(array):
+ certs_info = {}
+ api_version = array._list_available_rest_versions()
+ if P53_API_VERSION in api_version:
+ certs = array.list_certificates()
+ for cert in range(0, len(certs)):
+ certificate = certs[cert]["name"]
+ valid_from = time.strftime(
+ "%a, %d %b %Y %H:%M:%S %Z",
+ time.localtime(certs[cert]["valid_from"] / 1000),
+ )
+ valid_to = time.strftime(
+ "%a, %d %b %Y %H:%M:%S %Z",
+ time.localtime(certs[cert]["valid_to"] / 1000),
+ )
+ certs_info[certificate] = {
+ "status": certs[cert]["status"],
+ "issued_to": certs[cert]["issued_to"],
+ "valid_from": valid_from,
+ "locality": certs[cert]["locality"],
+ "country": certs[cert]["country"],
+ "issued_by": certs[cert]["issued_by"],
+ "valid_to": valid_to,
+ "state": certs[cert]["state"],
+ "key_size": certs[cert]["key_size"],
+ "org_unit": certs[cert]["organizational_unit"],
+ "common_name": certs[cert]["common_name"],
+ "organization": certs[cert]["organization"],
+ "email": certs[cert]["email"],
+ }
+ return certs_info
+
+
+def generate_kmip_dict(array):
+ kmip_info = {}
+ api_version = array._list_available_rest_versions()
+ if P53_API_VERSION in api_version:
+ kmips = array.list_kmip()
+ for kmip in range(0, len(kmips)):
+ key = kmips[kmip]["name"]
+ kmip_info[key] = {
+ "certificate": kmips[kmip]["certificate"],
+ "ca_cert_configured": kmips[kmip]["ca_certificate_configured"],
+ "uri": kmips[kmip]["uri"],
+ }
+ return kmip_info
+
+
+def generate_nfs_offload_dict(module, array):
+ offload_info = {}
+ api_version = array._list_available_rest_versions()
+ if AC_REQUIRED_API_VERSION in api_version:
+ offload = array.list_nfs_offload()
+ for target in range(0, len(offload)):
+ offloadt = offload[target]["name"]
+ offload_info[offloadt] = {
+ "status": offload[target]["status"],
+ "mount_point": offload[target]["mount_point"],
+ "protocol": offload[target]["protocol"],
+ "mount_options": offload[target]["mount_options"],
+ "address": offload[target]["address"],
+ }
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ offloads = list(arrayv6.get_offloads(protocol="nfs").items)
+ for offload in range(0, len(offloads)):
+ name = offloads[offload].name
+ offload_info[name]["snapshots"] = getattr(
+ offloads[offload].space, "snapshots", None
+ )
+ offload_info[name]["shared"] = getattr(
+ offloads[offload].space, "shared", None
+ )
+ offload_info[name]["data_reduction"] = getattr(
+ offloads[offload].space, "data_reduction", None
+ )
+ offload_info[name]["thin_provisioning"] = getattr(
+ offloads[offload].space, "thin_provisioning", None
+ )
+ offload_info[name]["total_physical"] = getattr(
+ offloads[offload].space, "total_physical", None
+ )
+ offload_info[name]["total_provisioned"] = getattr(
+ offloads[offload].space, "total_provisioned", None
+ )
+ offload_info[name]["total_reduction"] = getattr(
+ offloads[offload].space, "total_reduction", None
+ )
+ offload_info[name]["unique"] = getattr(
+ offloads[offload].space, "unique", None
+ )
+ offload_info[name]["virtual"] = getattr(
+ offloads[offload].space, "virtual", None
+ )
+ offload_info[name]["replication"] = getattr(
+ offloads[offload].space, "replication", None
+ )
+ offload_info[name]["used_provisioned"] = getattr(
+ offloads[offload].space, "used_provisioned", None
+ )
+ return offload_info
+
+
+def generate_s3_offload_dict(module, array):
+ offload_info = {}
+ api_version = array._list_available_rest_versions()
+ if S3_REQUIRED_API_VERSION in api_version:
+ offload = array.list_s3_offload()
+ for target in range(0, len(offload)):
+ offloadt = offload[target]["name"]
+ offload_info[offloadt] = {
+ "status": offload[target]["status"],
+ "bucket": offload[target]["bucket"],
+ "protocol": offload[target]["protocol"],
+ "access_key_id": offload[target]["access_key_id"],
+ }
+ if P53_API_VERSION in api_version:
+ offload_info[offloadt]["placement_strategy"] = offload[target][
+ "placement_strategy"
+ ]
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ offloads = list(arrayv6.get_offloads(protocol="s3").items)
+ for offload in range(0, len(offloads)):
+ name = offloads[offload].name
+ offload_info[name]["snapshots"] = getattr(
+ offloads[offload].space, "snapshots", None
+ )
+ offload_info[name]["shared"] = getattr(
+ offloads[offload].space, "shared", None
+ )
+ offload_info[name]["data_reduction"] = getattr(
+ offloads[offload].space, "data_reduction", None
+ )
+ offload_info[name]["thin_provisioning"] = getattr(
+ offloads[offload].space, "thin_provisioning", None
+ )
+ offload_info[name]["total_physical"] = getattr(
+ offloads[offload].space, "total_physical", None
+ )
+ offload_info[name]["total_provisioned"] = getattr(
+ offloads[offload].space, "total_provisioned", None
+ )
+ offload_info[name]["total_reduction"] = getattr(
+ offloads[offload].space, "total_reduction", None
+ )
+ offload_info[name]["unique"] = getattr(
+ offloads[offload].space, "unique", None
+ )
+ offload_info[name]["virtual"] = getattr(
+ offloads[offload].space, "virtual", None
+ )
+ offload_info[name]["replication"] = getattr(
+ offloads[offload].space, "replication", None
+ )
+ offload_info[name]["used_provisioned"] = getattr(
+ offloads[offload].space, "used_provisioned", None
+ )
+ return offload_info
+
+
+def generate_azure_offload_dict(module, array):
+ offload_info = {}
+ api_version = array._list_available_rest_versions()
+ if P53_API_VERSION in api_version:
+ offload = array.list_azure_offload()
+ for target in range(0, len(offload)):
+ offloadt = offload[target]["name"]
+ offload_info[offloadt] = {
+ "status": offload[target]["status"],
+ "account_name": offload[target]["account_name"],
+ "protocol": offload[target]["protocol"],
+ "secret_access_key": offload[target]["secret_access_key"],
+ "container_name": offload[target]["container_name"],
+ }
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ offloads = list(arrayv6.get_offloads(protocol="azure").items)
+ for offload in range(0, len(offloads)):
+ name = offloads[offload].name
+ offload_info[name]["snapshots"] = getattr(
+ offloads[offload].space, "snapshots", None
+ )
+ offload_info[name]["shared"] = getattr(
+ offloads[offload].space, "shared", None
+ )
+ offload_info[name]["data_reduction"] = getattr(
+ offloads[offload].space, "data_reduction", None
+ )
+ offload_info[name]["thin_provisioning"] = getattr(
+ offloads[offload].space, "thin_provisioning", None
+ )
+ offload_info[name]["total_physical"] = getattr(
+ offloads[offload].space, "total_physical", None
+ )
+ offload_info[name]["total_provisioned"] = getattr(
+ offloads[offload].space, "total_provisioned", None
+ )
+ offload_info[name]["total_reduction"] = getattr(
+ offloads[offload].space, "total_reduction", None
+ )
+ offload_info[name]["unique"] = getattr(
+ offloads[offload].space, "unique", None
+ )
+ offload_info[name]["virtual"] = getattr(
+ offloads[offload].space, "virtual", None
+ )
+ offload_info[name]["replication"] = getattr(
+ offloads[offload].space, "replication", None
+ )
+ offload_info[name]["used_provisioned"] = getattr(
+ offloads[offload].space, "used_provisioned", None
+ )
+ return offload_info
+
+
+def generate_google_offload_dict(array):
+ offload_info = {}
+ offloads = list(array.get_offloads(protocol="google-cloud").items)
+ for offload in range(0, len(offloads)):
+ name = offloads[offload].name
+ offload_info[name] = {
+ # "access_key_id": offloads[offload].google-cloud.access_key_id,
+ # "bucket": offloads[offload].google-cloud.bucket,
+ # "auth_region": offloads[offload].google-cloud.auth_region,
+ "snapshots": getattr(offloads[offload].space, "snapshots", None),
+ "shared": getattr(offloads[offload].space, "shared", None),
+ "data_reduction": getattr(offloads[offload].space, "data_reduction", None),
+ "thin_provisioning": getattr(
+ offloads[offload].space, "thin_provisioning", None
+ ),
+ "total_physical": getattr(offloads[offload].space, "total_physical", None),
+ "total_provisioned": getattr(
+ offloads[offload].space, "total_provisioned", None
+ ),
+ "total_reduction": getattr(
+ offloads[offload].space, "total_reduction", None
+ ),
+ "unique": getattr(offloads[offload].space, "unique", None),
+ "virtual": getattr(offloads[offload].space, "virtual", None),
+ "replication": getattr(offloads[offload].space, "replication", None),
+ "used_provisioned": getattr(
+ offloads[offload].space, "used_provisioned", None
+ ),
+ }
+ return offload_info
+
+
+def generate_hgroups_dict(module, array):
+ hgroups_info = {}
+ api_version = array._list_available_rest_versions()
+ hgroups = array.list_hgroups()
+ for hgroup in range(0, len(hgroups)):
+ hostgroup = hgroups[hgroup]["name"]
+ hgroups_info[hostgroup] = {
+ "hosts": hgroups[hgroup]["hosts"],
+ "pgs": [],
+ "vols": [],
+ }
+ pghgroups = array.list_hgroups(protect=True)
+ for pghg in range(0, len(pghgroups)):
+ pgname = pghgroups[pghg]["name"]
+ hgroups_info[pgname]["pgs"].append(pghgroups[pghg]["protection_group"])
+ volhgroups = array.list_hgroups(connect=True)
+ for pgvol in range(0, len(volhgroups)):
+ pgname = volhgroups[pgvol]["name"]
+ volpgdict = [volhgroups[pgvol]["vol"], volhgroups[pgvol]["lun"]]
+ hgroups_info[pgname]["vols"].append(volpgdict)
+ if V6_MINIMUM_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ hgroups = list(arrayv6.get_host_groups().items)
+ for hgroup in range(0, len(hgroups)):
+ name = hgroups[hgroup].name
+ hgroups_info[name]["snapshots"] = hgroups[hgroup].space.snapshots
+ hgroups_info[name]["data_reduction"] = hgroups[hgroup].space.data_reduction
+ hgroups_info[name]["thin_provisioning"] = hgroups[
+ hgroup
+ ].space.thin_provisioning
+ hgroups_info[name]["total_physical"] = hgroups[hgroup].space.total_physical
+ hgroups_info[name]["total_provisioned"] = hgroups[
+ hgroup
+ ].space.total_provisioned
+ hgroups_info[name]["total_reduction"] = hgroups[
+ hgroup
+ ].space.total_reduction
+ hgroups_info[name]["unique"] = hgroups[hgroup].space.unique
+ hgroups_info[name]["virtual"] = hgroups[hgroup].space.virtual
+ hgroups_info[name]["used_provisioned"] = getattr(
+ hgroups[hgroup].space, "used_provisioned", None
+ )
+ return hgroups_info
+
+
+def generate_interfaces_dict(array):
+ api_version = array._list_available_rest_versions()
+ int_info = {}
+ ports = array.list_ports()
+ for port in range(0, len(ports)):
+ int_name = ports[port]["name"]
+ if ports[port]["wwn"]:
+ int_info[int_name] = ports[port]["wwn"]
+ if ports[port]["iqn"]:
+ int_info[int_name] = ports[port]["iqn"]
+ if NVME_API_VERSION in api_version:
+ if ports[port]["nqn"]:
+ int_info[int_name] = ports[port]["nqn"]
+ return int_info
+
+
+def generate_vm_dict(array):
+ vm_info = {}
+ virt_machines = list(array.get_virtual_machines(vm_type="vvol").items)
+ for machine in range(0, len(virt_machines)):
+ name = virt_machines[machine].name
+ vm_info[name] = {
+ "vm_type": virt_machines[machine].vm_type,
+ "vm_id": virt_machines[machine].vm_id,
+ "destroyed": virt_machines[machine].destroyed,
+ "created": virt_machines[machine].created,
+ "time_remaining": getattr(virt_machines[machine], "time_remaining", None),
+ "latest_snapshot_name": getattr(
+ virt_machines[machine].recover_context, "name", None
+ ),
+ "latest_snapshot_id": getattr(
+ virt_machines[machine].recover_context, "id", None
+ ),
+ }
+ return vm_info
+
+
+def generate_alerts_dict(array):
+ alerts_info = {}
+ alerts = list(array.get_alerts().items)
+ for alert in range(0, len(alerts)):
+ name = alerts[alert].name
+ try:
+ notified_time = alerts[alert].notified / 1000
+ notified_datetime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(notified_time)
+ )
+ except AttributeError:
+ notified_datetime = ""
+ try:
+ closed_time = alerts[alert].closed / 1000
+ closed_datetime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(closed_time)
+ )
+ except AttributeError:
+ closed_datetime = ""
+ try:
+ updated_time = alerts[alert].updated / 1000
+ updated_datetime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(updated_time)
+ )
+ except AttributeError:
+ updated_datetime = ""
+ try:
+ created_time = alerts[alert].created / 1000
+ created_datetime = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(created_time)
+ )
+ except AttributeError:
+ updated_datetime = ""
+ alerts_info[name] = {
+ "flagged": alerts[alert].flagged,
+ "category": alerts[alert].category,
+ "code": alerts[alert].code,
+ "issue": alerts[alert].issue,
+ "kb_url": alerts[alert].knowledge_base_url,
+ "summary": alerts[alert].summary,
+ "id": alerts[alert].id,
+ "state": alerts[alert].state,
+ "severity": alerts[alert].severity,
+ "component_name": alerts[alert].component_name,
+ "component_type": alerts[alert].component_type,
+ "created": created_datetime,
+ "closed": closed_datetime,
+ "notified": notified_datetime,
+ "updated": updated_datetime,
+ "actual": getattr(alerts[alert], "actual", ""),
+ "expected": getattr(alerts[alert], "expected", ""),
+ }
+ return alerts_info
+
+
+def generate_vmsnap_dict(array):
+ vmsnap_info = {}
+ virt_snaps = list(array.get_virtual_machine_snapshots(vm_type="vvol").items)
+ for snap in range(0, len(virt_snaps)):
+ name = virt_snaps[snap].name
+ vmsnap_info[name] = {
+ "vm_type": virt_snaps[snap].vm_type,
+ "vm_id": virt_snaps[snap].vm_id,
+ "destroyed": virt_snaps[snap].destroyed,
+ "created": virt_snaps[snap].created,
+ "time_remaining": getattr(virt_snaps[snap], "time_remaining", None),
+ "latest_pgsnapshot_name": getattr(
+ virt_snaps[snap].recover_context, "name", None
+ ),
+ "latest_pgsnapshot_id": getattr(
+ virt_snaps[snap].recover_context, "id", None
+ ),
+ }
+ return vmsnap_info
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(gather_subset=dict(default="minimum", type="list", elements="str"))
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ subset = [test.lower() for test in module.params["gather_subset"]]
+ valid_subsets = (
+ "all",
+ "minimum",
+ "config",
+ "performance",
+ "capacity",
+ "network",
+ "subnet",
+ "interfaces",
+ "hgroups",
+ "pgroups",
+ "hosts",
+ "admins",
+ "volumes",
+ "snapshots",
+ "pods",
+ "replication",
+ "vgroups",
+ "offload",
+ "apps",
+ "arrays",
+ "certs",
+ "kmip",
+ "clients",
+ "policies",
+ "dir_snaps",
+ "filesystems",
+ "virtual_machines",
+ )
+ subset_test = (test in valid_subsets for test in subset)
+ if not all(subset_test):
+ module.fail_json(
+ msg="value must gather_subset must be one or more of: %s, got: %s"
+ % (",".join(valid_subsets), ",".join(subset))
+ )
+
+ info = {}
+
+ if "minimum" in subset or "all" in subset or "apps" in subset:
+ info["default"] = generate_default_dict(module, array)
+ if "performance" in subset or "all" in subset:
+ info["performance"] = generate_perf_dict(array)
+ if "config" in subset or "all" in subset:
+ info["config"] = generate_config_dict(module, array)
+ if "capacity" in subset or "all" in subset:
+ info["capacity"] = generate_capacity_dict(module, array)
+ if "network" in subset or "all" in subset:
+ info["network"] = generate_network_dict(module, array)
+ if "subnet" in subset or "all" in subset:
+ info["subnet"] = generate_subnet_dict(array)
+ if "interfaces" in subset or "all" in subset:
+ info["interfaces"] = generate_interfaces_dict(array)
+ if "hosts" in subset or "all" in subset:
+ info["hosts"] = generate_host_dict(module, array)
+ if "volumes" in subset or "all" in subset:
+ info["volumes"] = generate_vol_dict(module, array)
+ info["deleted_volumes"] = generate_del_vol_dict(module, array)
+ if "snapshots" in subset or "all" in subset:
+ info["snapshots"] = generate_snap_dict(module, array)
+ info["deleted_snapshots"] = generate_del_snap_dict(module, array)
+ if "hgroups" in subset or "all" in subset:
+ info["hgroups"] = generate_hgroups_dict(module, array)
+ if "pgroups" in subset or "all" in subset:
+ info["pgroups"] = generate_pgroups_dict(module, array)
+ if "pods" in subset or "all" in subset or "replication" in subset:
+ info["replica_links"] = generate_rl_dict(module, array)
+ info["pods"] = generate_pods_dict(module, array)
+ info["deleted_pods"] = generate_del_pods_dict(module, array)
+ if "admins" in subset or "all" in subset:
+ info["admins"] = generate_admin_dict(array)
+ if "vgroups" in subset or "all" in subset:
+ info["vgroups"] = generate_vgroups_dict(module, array)
+ info["deleted_vgroups"] = generate_del_vgroups_dict(module, array)
+ if "offload" in subset or "all" in subset:
+ info["azure_offload"] = generate_azure_offload_dict(module, array)
+ info["nfs_offload"] = generate_nfs_offload_dict(module, array)
+ info["s3_offload"] = generate_s3_offload_dict(module, array)
+ if "apps" in subset or "all" in subset:
+ if "CBS" not in info["default"]["array_model"]:
+ info["apps"] = generate_apps_dict(array)
+ else:
+ info["apps"] = {}
+ if "arrays" in subset or "all" in subset:
+ info["arrays"] = generate_conn_array_dict(module, array)
+ if "certs" in subset or "all" in subset:
+ info["certs"] = generate_certs_dict(array)
+ if "kmip" in subset or "all" in subset:
+ info["kmip"] = generate_kmip_dict(array)
+ if FILES_API_VERSION in api_version:
+ array_v6 = get_array(module)
+ if "offload" in subset or "all" in subset:
+ info["google_offload"] = generate_google_offload_dict(array_v6)
+ if "filesystems" in subset or "all" in subset:
+ info["filesystems"] = generate_filesystems_dict(array_v6)
+ if "policies" in subset or "all" in subset:
+ if NFS_USER_MAP_VERSION in api_version:
+ user_map = True
+ else:
+ user_map = False
+ if DIR_QUOTA_API_VERSION in api_version:
+ quota = True
+ else:
+ quota = False
+ info["policies"] = generate_policies_dict(array_v6, quota, user_map)
+ if "clients" in subset or "all" in subset:
+ info["clients"] = generate_clients_dict(array_v6)
+ if "dir_snaps" in subset or "all" in subset:
+ info["dir_snaps"] = generate_dir_snaps_dict(array_v6)
+ if "snapshots" in subset or "all" in subset:
+ info["pg_snapshots"] = generate_pgsnaps_dict(array_v6)
+ if "alerts" in subset or "all" in subset:
+ info["alerts"] = generate_alerts_dict(array_v6)
+ if VM_VERSION in api_version and (
+ "virtual_machines" in subset or "all" in subset
+ ):
+ info["virtual_machines"] = generate_vm_dict(array_v6)
+ info["virtual_machines_snaps"] = generate_vmsnap_dict(array_v6)
+
+ module.exit_json(changed=False, purefa_info=info)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_inventory.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_inventory.py
new file mode 100644
index 000000000..8e65ee07e
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_inventory.py
@@ -0,0 +1,368 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_inventory
+short_description: Collect information from Pure Storage FlashArray
+version_added: '1.0.0'
+description:
+ - Collect hardware inventory information from a Pure Storage Flasharray
+author:
+ - Pure Storage ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+extends_documentation_fragment:
+ - purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: collect FlashArray invenroty
+ purestorage.flasharray.purefa_inventory:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: show inventory information
+ debug:
+ msg: "{{ array_info['purefa_inv'] }}"
+
+"""
+
+RETURN = r"""
+purefa_inventory:
+ description: Returns the inventory information for the FlashArray
+ returned: always
+ type: dict
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+
+NEW_API_VERSION = "2.2"
+SFP_API_VERSION = "2.16"
+
+
+def generate_new_hardware_dict(array, versions):
+ hw_info = {
+ "fans": {},
+ "controllers": {},
+ "temps": {},
+ "drives": {},
+ "interfaces": {},
+ "power": {},
+ "chassis": {},
+ "tempatures": {},
+ }
+ components = list(array.get_hardware().items)
+ for component in range(0, len(components)):
+ component_name = components[component].name
+ if components[component].type == "chassis":
+ hw_info["chassis"][component_name] = {
+ "status": components[component].status,
+ "serial": components[component].serial,
+ "model": components[component].model,
+ "identify_enabled": components[component].identify_enabled,
+ }
+ if components[component].type == "controller":
+ hw_info["controllers"][component_name] = {
+ "status": components[component].status,
+ "serial": components[component].serial,
+ "model": components[component].model,
+ "identify_enabled": components[component].identify_enabled,
+ }
+ if components[component].type == "cooling":
+ hw_info["fans"][component_name] = {
+ "status": components[component].status,
+ }
+ if components[component].type == "temp_sensor":
+ hw_info["controllers"][component_name] = {
+ "status": components[component].status,
+ "temperature": components[component].temperature,
+ }
+ if components[component].type == "drive_bay":
+ hw_info["drives"][component_name] = {
+ "status": components[component].status,
+ "identify_enabled": components[component].identify_enabled,
+ "serial": getattr(components[component], "serial", None),
+ }
+ if components[component].type in [
+ "sas_port",
+ "fc_port",
+ "eth_port",
+ "ib_port",
+ ]:
+ hw_info["interfaces"][component_name] = {
+ "type": components[component].type,
+ "status": components[component].status,
+ "speed": components[component].speed,
+ "connector_type": None,
+ "rx_los": None,
+ "rx_power": None,
+ "static": {},
+ "temperature": None,
+ "tx_bias": None,
+ "tx_fault": None,
+ "tx_power": None,
+ "voltage": None,
+ }
+ if components[component].type == "power_supply":
+ hw_info["power"][component_name] = {
+ "status": components[component].status,
+ "voltage": components[component].voltage,
+ "serial": components[component].serial,
+ "model": components[component].model,
+ }
+ drives = list(array.get_drives().items)
+ for drive in range(0, len(drives)):
+ drive_name = drives[drive].name
+ hw_info["drives"][drive_name] = {
+ "capacity": drives[drive].capacity,
+ "status": drives[drive].status,
+ "protocol": getattr(drives[drive], "protocol", None),
+ "type": drives[drive].type,
+ }
+ if SFP_API_VERSION in versions:
+ port_details = list(array.get_network_interfaces_port_details().items)
+ for port_detail in range(0, len(port_details)):
+ port_name = port_details[port_detail].name
+ hw_info["interfaces"][port_name]["interface_type"] = port_details[
+ port_detail
+ ].interface_type
+ hw_info["interfaces"][port_name]["rx_los"] = (
+ port_details[port_detail].rx_los[0].flag
+ )
+ hw_info["interfaces"][port_name]["rx_power"] = (
+ port_details[port_detail].rx_power[0].measurement
+ )
+ hw_info["interfaces"][port_name]["static"] = {
+ "connector_type": port_details[port_detail].static.connector_type,
+ "vendor_name": port_details[port_detail].static.vendor_name,
+ "vendor_oui": port_details[port_detail].static.vendor_oui,
+ "vendor_serial_number": port_details[
+ port_detail
+ ].static.vendor_serial_number,
+ "vendor_part_number": port_details[
+ port_detail
+ ].static.vendor_part_number,
+ "vendor_date_code": port_details[port_detail].static.vendor_date_code,
+ "signaling_rate": port_details[port_detail].static.signaling_rate,
+ "wavelength": port_details[port_detail].static.wavelength,
+ "rate_identifier": port_details[port_detail].static.rate_identifier,
+ "identifier": port_details[port_detail].static.identifier,
+ "link_length": port_details[port_detail].static.link_length,
+ "voltage_thresholds": {
+ "alarm_high": port_details[
+ port_detail
+ ].static.voltage_thresholds.alarm_high,
+ "alarm_low": port_details[
+ port_detail
+ ].static.voltage_thresholds.alarm_low,
+ "warn_high": port_details[
+ port_detail
+ ].static.voltage_thresholds.warn_high,
+ "warn_low": port_details[
+ port_detail
+ ].static.voltage_thresholds.warn_low,
+ },
+ "tx_power_thresholds": {
+ "alarm_high": port_details[
+ port_detail
+ ].static.tx_power_thresholds.alarm_high,
+ "alarm_low": port_details[
+ port_detail
+ ].static.tx_power_thresholds.alarm_low,
+ "warn_high": port_details[
+ port_detail
+ ].static.tx_power_thresholds.warn_high,
+ "warn_low": port_details[
+ port_detail
+ ].static.tx_power_thresholds.warn_low,
+ },
+ "rx_power_thresholds": {
+ "alarm_high": port_details[
+ port_detail
+ ].static.rx_power_thresholds.alarm_high,
+ "alarm_low": port_details[
+ port_detail
+ ].static.rx_power_thresholds.alarm_low,
+ "warn_high": port_details[
+ port_detail
+ ].static.rx_power_thresholds.warn_high,
+ "warn_low": port_details[
+ port_detail
+ ].static.rx_power_thresholds.warn_low,
+ },
+ "tx_bias_thresholds": {
+ "alarm_high": port_details[
+ port_detail
+ ].static.tx_bias_thresholds.alarm_high,
+ "alarm_low": port_details[
+ port_detail
+ ].static.tx_bias_thresholds.alarm_low,
+ "warn_high": port_details[
+ port_detail
+ ].static.tx_bias_thresholds.warn_high,
+ "warn_low": port_details[
+ port_detail
+ ].static.tx_bias_thresholds.warn_low,
+ },
+ "temperature_thresholds": {
+ "alarm_high": port_details[
+ port_detail
+ ].static.temperature_thresholds.alarm_high,
+ "alarm_low": port_details[
+ port_detail
+ ].static.temperature_thresholds.alarm_low,
+ "warn_high": port_details[
+ port_detail
+ ].static.temperature_thresholds.warn_high,
+ "warn_low": port_details[
+ port_detail
+ ].static.temperature_thresholds.warn_low,
+ },
+ "fc_speeds": port_details[port_detail].static.fc_speeds,
+ "fc_technology": port_details[port_detail].static.fc_technology,
+ "encoding": port_details[port_detail].static.encoding,
+ "fc_link_lengths": port_details[port_detail].static.fc_link_lengths,
+ "fc_transmission_media": port_details[
+ port_detail
+ ].static.fc_transmission_media,
+ "extended_identifier": port_details[
+ port_detail
+ ].static.extended_identifier,
+ }
+ hw_info["interfaces"][port_name]["temperature"] = (
+ port_details[port_detail].temperature[0].measurement
+ )
+ hw_info["interfaces"][port_name]["tx_bias"] = (
+ port_details[port_detail].tx_bias[0].measurement
+ )
+ hw_info["interfaces"][port_name]["tx_fault"] = (
+ port_details[port_detail].tx_fault[0].flag
+ )
+ hw_info["interfaces"][port_name]["tx_power"] = (
+ port_details[port_detail].tx_power[0].measurement
+ )
+ hw_info["interfaces"][port_name]["voltage"] = (
+ port_details[port_detail].voltage[0].measurement
+ )
+ return hw_info
+
+
+def generate_hardware_dict(array):
+ hw_info = {
+ "fans": {},
+ "controllers": {},
+ "temps": {},
+ "drives": {},
+ "interfaces": {},
+ "power": {},
+ "chassis": {},
+ }
+ components = array.list_hardware()
+ for component in range(0, len(components)):
+ component_name = components[component]["name"]
+ if "FAN" in component_name:
+ fan_name = component_name
+ hw_info["fans"][fan_name] = {"status": components[component]["status"]}
+ if "PWR" in component_name:
+ pwr_name = component_name
+ hw_info["power"][pwr_name] = {
+ "status": components[component]["status"],
+ "voltage": components[component]["voltage"],
+ "serial": components[component]["serial"],
+ "model": components[component]["model"],
+ }
+ if "IB" in component_name:
+ ib_name = component_name
+ hw_info["interfaces"][ib_name] = {
+ "status": components[component]["status"],
+ "speed": components[component]["speed"],
+ }
+ if "SAS" in component_name:
+ sas_name = component_name
+ hw_info["interfaces"][sas_name] = {
+ "status": components[component]["status"],
+ "speed": components[component]["speed"],
+ }
+ if "ETH" in component_name:
+ eth_name = component_name
+ hw_info["interfaces"][eth_name] = {
+ "status": components[component]["status"],
+ "speed": components[component]["speed"],
+ }
+ if "FC" in component_name:
+ eth_name = component_name
+ hw_info["interfaces"][eth_name] = {
+ "status": components[component]["status"],
+ "speed": components[component]["speed"],
+ }
+ if "TMP" in component_name:
+ tmp_name = component_name
+ hw_info["temps"][tmp_name] = {
+ "status": components[component]["status"],
+ "temperature": components[component]["temperature"],
+ }
+ if component_name in ["CT0", "CT1"]:
+ cont_name = component_name
+ hw_info["controllers"][cont_name] = {
+ "status": components[component]["status"],
+ "serial": components[component]["serial"],
+ "model": components[component]["model"],
+ }
+ if component_name in ["CH0"]:
+ cont_name = component_name
+ hw_info["chassis"][cont_name] = {
+ "status": components[component]["status"],
+ "serial": components[component]["serial"],
+ "model": components[component]["model"],
+ }
+
+ drives = array.list_drives()
+ for drive in range(0, len(drives)):
+ drive_name = drives[drive]["name"]
+ hw_info["drives"][drive_name] = {
+ "capacity": drives[drive]["capacity"],
+ "status": drives[drive]["status"],
+ "protocol": drives[drive]["protocol"],
+ "type": drives[drive]["type"],
+ }
+ for disk in range(0, len(components)):
+ if components[disk]["name"] == drive_name:
+ hw_info["drives"][drive_name]["serial"] = components[disk]["serial"]
+
+ return hw_info
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ inv_info = {}
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if NEW_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ inv_info = generate_new_hardware_dict(arrayv6, api_version)
+ else:
+ inv_info = generate_hardware_dict(array)
+ module.exit_json(changed=False, purefa_inv=inv_info)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_kmip.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_kmip.py
new file mode 100644
index 000000000..8774abe87
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_kmip.py
@@ -0,0 +1,251 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_kmip
+version_added: '1.10.0'
+short_description: Manage FlashArray KMIP server objects
+description:
+- Manage FlashArray KMIP Server objects
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the KMIP server object
+ type: str
+ required: true
+ certificate:
+ description:
+ - Name of existing certifcate used to verify FlashArray
+ authenticity to the KMIP server.
+ - Use the I(purestorage.flasharray.purefa_certs) module to create certificates.
+ type: str
+ state:
+ description:
+ - Action for the module to perform
+ default: present
+ choices: [ absent, present ]
+ type: str
+ ca_certificate:
+ type: str
+ description:
+ - The text of the CA certificate for the KMIP server.
+ - Includes the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines
+ - Does not exceed 3000 characters in length
+ uris:
+ type: list
+ elements: str
+ description:
+ - A list of URIs for the configured KMIP servers.
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create KMIP obejct
+ purestorage.flasharray.purefa_kmip:
+ name: foo
+ certificate: bar
+ ca_certificate: "{{lookup('file', 'example.crt') }}"
+ uris:
+ - 1.1.1.1:8888
+ - 2.3.3.3:9999
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete KMIP object
+ purestorage.flasharray.purefa_kmip:
+ name: foo
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update KMIP object
+ purestorage.flasharray.purefa_kmip:
+ name: foo
+ ca_certificate: "{{lookup('file', 'example2.crt') }}"
+ uris:
+ - 3.3.3.3:8888
+ - 4.4.4.4:9999
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+
+
+def update_kmip(module, array):
+ """Update existing KMIP object"""
+ changed = False
+ current_kmip = list(array.get_kmip(names=[module.params["name"]]).items)[0]
+ if (
+ module.params["certificate"]
+ and current_kmip.certificate.name != module.params["certificate"]
+ ):
+ if (
+ array.get_certificates(names=[module.params["certificate"]]).status_code
+ != 200
+ ):
+ module.fail_json(
+ msg="Array certificate {0} does not exist.".format(
+ module.params["certificate"]
+ )
+ )
+ changed = True
+ certificate = module.params["certificate"]
+ else:
+ certificate = current_kmip.certificate.name
+ if module.params["uris"] and sorted(current_kmip.uris) != sorted(
+ module.params["uris"]
+ ):
+ changed = True
+ uris = sorted(module.params["uris"])
+ else:
+ uris = sorted(current_kmip.uris)
+ if (
+ module.params["ca_certificate"]
+ and module.params["ca_certificate"] != current_kmip.ca_certificate
+ ):
+ changed = True
+ ca_cert = module.params["ca_certificate"]
+ else:
+ ca_cert = current_kmip.ca_certificate
+ if not module.check_mode:
+ if changed:
+ kmip = flasharray.KmipPost(
+ uris=uris,
+ ca_certificate=ca_cert,
+ certificate=flasharray.ReferenceNoId(name=certificate),
+ )
+ res = array.patch_kmip(names=[module.params["name"]], kmip=kmip)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Updating existing KMIP object {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def create_kmip(module, array):
+ """Create KMIP object"""
+ if array.get_certificates(names=[module.params["certificate"]]).status_code != 200:
+ module.fail_json(
+ msg="Array certificate {0} does not exist.".format(
+ module.params["certificate"]
+ )
+ )
+ changed = True
+ kmip = flasharray.KmipPost(
+ uris=sorted(module.params["uris"]),
+ ca_certificate=module.params["ca_certificate"],
+ certificate=flasharray.ReferenceNoId(name=module.params["certificate"]),
+ )
+ if not module.check_mode:
+ res = array.post_kmip(names=[module.params["name"]], kmip=kmip)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Creating KMIP object {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_kmip(module, array):
+ """Delete existing KMIP object"""
+ changed = True
+ if not module.check_mode:
+ res = array.delete_kmip(names=[module.params["name"]])
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete {0} KMIP object. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(
+ type="str",
+ default="present",
+ choices=["absent", "present"],
+ ),
+ name=dict(type="str", required=True),
+ certificate=dict(type="str"),
+ ca_certificate=dict(type="str", no_log=True),
+ uris=dict(type="list", elements="str"),
+ )
+ )
+
+ module = AnsibleModule(
+ argument_spec,
+ supports_check_mode=True,
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+
+ array = get_array(module)
+ state = module.params["state"]
+ exists = bool(array.get_kmip(names=[module.params["name"]]).status_code == 200)
+ if module.params["certificate"] and len(module.params["certificate"]) > 3000:
+ module.fail_json(msg="Certificate exceeds 3000 characters")
+
+ if not exists and state == "present":
+ create_kmip(module, array)
+ elif exists and state == "present":
+ update_kmip(module, array)
+ elif exists and state == "absent":
+ delete_kmip(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_logging.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_logging.py
new file mode 100644
index 000000000..a2f8e136d
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_logging.py
@@ -0,0 +1,166 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["deprecated"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_logging
+version_added: '1.19.0'
+short_description: Manage Pure Storage FlashArray Audit and Session logs
+description:
+- view the FlashArray audit trail oe session logs, newest to oldest based on (start) time
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ log_type:
+ description:
+ - The type of logs to be viewed
+ type: str
+ default: audit
+ choices: [audit, session]
+ limit:
+ description:
+ - The maximum number of audit events returned
+ default: 1000
+ type: int
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: List last 100 audit events
+ purestorage.flasharray.purefa_audit:
+ limit: 100
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: List last 24 session events
+ purestorage.flasharray.purefa_audit:
+ limit: 24
+ log_type: session
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+import time
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+AUDIT_API_VERSION = "2.2"
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ limit=dict(type="int", default=1000),
+ log_type=dict(type="str", default="audit", choices=["audit", "session"]),
+ )
+ )
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ audits = []
+ changed = False
+ if AUDIT_API_VERSION in api_version:
+ changed = True
+ array = get_array(module)
+ if not module.check_mode:
+ if module.params["log_type"] == "audit":
+ all_audits = list(
+ array.get_audits(
+ limit=module.params["limit"],
+ sort=flasharray.Property("time-"),
+ ).items
+ )
+ else:
+ all_audits = list(
+ array.get_sessions(
+ limit=module.params["limit"],
+ sort=flasharray.Property("start_time-"),
+ ).items
+ )
+ for audit in range(0, len(all_audits)):
+ if module.params["log_type"] == "session":
+ start_time = getattr(all_audits[audit], "start_time", None)
+ end_time = getattr(all_audits[audit], "end_time", None)
+ if start_time:
+ human_start_time = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(start_time / 1000)
+ )
+ else:
+ human_start_time = None
+ if end_time:
+ human_end_time = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(end_time / 1000)
+ )
+ else:
+ human_end_time = None
+
+ data = {
+ "start_time": human_start_time,
+ "end_time": human_end_time,
+ "location": getattr(all_audits[audit], "location", None),
+ "user": getattr(all_audits[audit], "user", None),
+ "event": all_audits[audit].event,
+ "event_count": all_audits[audit].event_count,
+ "user_interface": getattr(
+ all_audits[audit], "user_interface", None
+ ),
+ }
+ else:
+ event_time = getattr(all_audits[audit], "time", None)
+ if event_time:
+ human_event_time = time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(event_time / 1000)
+ )
+ else:
+ human_event_time = None
+ data = {
+ "time": human_event_time,
+ "arguments": all_audits[audit].arguments,
+ "command": all_audits[audit].command,
+ "subcommand": all_audits[audit].subcommand,
+ "user": all_audits[audit].user,
+ "origin": all_audits[audit].origin.name,
+ }
+ audits.append(data)
+ else:
+ module.fail_json(msg="Purity version does not support audit log return")
+ if module.params["log_type"] == "audit":
+ module.exit_json(changed=changed, audits=audits)
+ else:
+ module.exit_json(changed=changed, sessions=audits)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_maintenance.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_maintenance.py
new file mode 100644
index 000000000..8aa5c76f9
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_maintenance.py
@@ -0,0 +1,133 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_maintenance
+version_added: '1.7.0'
+short_description: Configure Pure Storage FlashArray Maintence Windows
+description:
+- Configuration for Pure Storage FlashArray Maintenance Windows.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create or delete maintennance window
+ type: str
+ default: present
+ choices: [ absent, present ]
+ timeout :
+ type: int
+ default: 3600
+ description:
+ - Maintenance window period, specified in seconds.
+ - Range allowed is 1 minute (60 seconds) to 24 hours (86400 seconds)
+ - Default setting is 1 hour (3600 seconds)
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng maintenance window
+ purestorage.flasharray.purefa_maintenance:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set maintnence window to default of 1 hour
+ purestorage.flasharray.purefa_maintenance:
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update existing maintnence window
+ purestorage.flasharray.purefa_maintenance:
+ state: present
+ timeout: 86400
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ purefa_argument_spec,
+)
+
+
+def delete_window(module, array):
+ """Delete Maintenance Window"""
+ changed = False
+ if list(array.get_maintenance_windows().items):
+ changed = True
+ if not module.check_mode:
+ state = array.delete_maintenance_windows(names=["environment"])
+ if state.status_code != 200:
+ changed = False
+ module.exit_json(changed=changed)
+
+
+def set_window(module, array):
+ """Set Maintenace Window"""
+ changed = True
+ if not 60 <= module.params["timeout"] <= 86400:
+ module.fail_json(msg="Maintenance Window Timeout is out of range (60 to 86400)")
+ window = flasharray.MaintenanceWindowPost(timeout=module.params["timeout"] * 1000)
+ if not module.check_mode:
+ state = array.post_maintenance_windows(
+ names=["environment"], maintenance_window=window
+ )
+ if state.status_code != 200:
+ module.fail_json(msg="Setting maintenance window failed")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ timeout=dict(type="int", default=3600),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_array(module)
+
+ if module.params["state"] == "absent":
+ delete_window(module, array)
+ else:
+ set_window(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_messages.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_messages.py
new file mode 100644
index 000000000..a28bd56b2
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_messages.py
@@ -0,0 +1,198 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2022, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_messages
+version_added: '1.14.0'
+short_description: List FlashArray Alert Messages
+description:
+- List Alert messages based on filters provided
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ severity:
+ description:
+ - severity of the alerts to show
+ type: list
+ elements: str
+ choices: [ all, critical, warning, info ]
+ default: [ all ]
+ state:
+ description:
+ - State of alerts to show
+ default: open
+ choices: [ all, open, closed ]
+ type: str
+ flagged:
+ description:
+ - Show alerts that have been acknowledged or not
+ default: false
+ type: bool
+ history:
+ description:
+ - Historical time period to show alerts for, from present time
+ - Allowed time period are hour(h), day(d), week(w) and year(y)
+ type: str
+ default: 1w
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Show critical alerts from past 4 weeks that haven't been acknowledged
+ purefa_messages:
+ history: 4w
+ flagged : false
+ severity:
+ - critical
+ fa_url: 10.10.10.2
+ api_token: 89a9356f-c203-d263-8a89-c229486a13ba
+"""
+
+RETURN = r"""
+"""
+
+import time
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+ALLOWED_PERIODS = ["h", "d", "w", "y"]
+# Time periods in micro-seconds
+HOUR = 3600000
+DAY = HOUR * 24
+WEEK = DAY * 7
+YEAR = WEEK * 52
+
+
+def _create_time_window(window):
+ period = window[-1].lower()
+ multiple = int(window[0:-1])
+ if period == "h":
+ return HOUR * multiple
+ if period == "d":
+ return DAY * multiple
+ if period == "w":
+ return WEEK * multiple
+ if period == "y":
+ return YEAR * multiple
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="open", choices=["all", "open", "closed"]),
+ history=dict(type="str", default="1w"),
+ flagged=dict(type="bool", default=False),
+ severity=dict(
+ type="list",
+ elements="str",
+ default=["all"],
+ choices=["all", "critical", "warning", "info"],
+ ),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+ time_now = int(time.time() * 1000)
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array_v6 = get_array(module)
+ if module.params["history"][-1].lower() not in ALLOWED_PERIODS:
+ module.fail_json(msg="historical window value is not an allowsd time period")
+ since_time = str(time_now - _create_time_window(module.params["history"].lower()))
+ if module.params["flagged"]:
+ flagged = " and flagged='True'"
+ else:
+ flagged = " and flagged='False'"
+
+ multi_sev = False
+ if len(module.params["severity"]) > 1:
+ if "all" in module.params["severity"]:
+ module.params["severity"] = ["*"]
+ else:
+ multi_sev = True
+ if multi_sev:
+ severity = " and ("
+ for level in range(0, len(module.params["severity"])):
+ severity += "severity='" + str(module.params["severity"][level]) + "' or "
+ severity = severity[0:-4] + ")"
+ else:
+ if module.params["severity"] == ["all"]:
+ severity = " and severity='*'"
+ else:
+ severity = " and severity='" + str(module.params["severity"][0]) + "'"
+ messages = {}
+ if module.params["state"] == "all":
+ state = " and state='*'"
+ else:
+ state = " and state='" + module.params["state"] + "'"
+ filter_string = "notified>" + since_time + state + flagged + severity
+ try:
+ res = array_v6.get_alerts(filter=filter_string)
+ alerts = list(res.items)
+ except Exception:
+ module.fail_json(
+ msg="Failed to get alert messages. Error: {0}".format(res.errors[0].message)
+ )
+ for message in range(0, len(alerts)):
+ name = alerts[message].name
+ messages[name] = {
+ "summary": alerts[message].summary,
+ "component_type": alerts[message].component_type,
+ "component_name": alerts[message].component_name,
+ "code": alerts[message].code,
+ "severity": alerts[message].severity,
+ "actual": alerts[message].actual,
+ "issue": alerts[message].issue,
+ "state": alerts[message].state,
+ "flagged": alerts[message].flagged,
+ "closed": None,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S",
+ time.gmtime(alerts[message].created / 1000),
+ )
+ + " UTC",
+ "updated": time.strftime(
+ "%Y-%m-%d %H:%M:%S",
+ time.gmtime(alerts[message].updated / 1000),
+ )
+ + " UTC",
+ }
+ if alerts[message].state == "closed":
+ messages[name]["closed"] = (
+ time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.gmtime(alerts[message].closed / 1000)
+ )
+ + " UTC"
+ )
+ module.exit_json(changed=False, purefa_messages=messages)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_network.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_network.py
new file mode 100644
index 000000000..e5004568a
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_network.py
@@ -0,0 +1,437 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+
+DOCUMENTATION = """
+---
+module: purefa_network
+short_description: Manage network interfaces in a Pure Storage FlashArray
+version_added: '1.0.0'
+description:
+ - This module manages the physical and virtual network interfaces on a Pure Storage FlashArray.
+ - To manage VLAN interfaces use the I(purestorage.flasharray.purefa_vlan) module.
+ - To manage network subnets use the I(purestorage.flasharray.purefa_subnet) module.
+ - To remove an IP address from a non-management port use 0.0.0.0/0
+author: Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Interface name (physical or virtual).
+ required: true
+ type: str
+ state:
+ description:
+ - State of existing interface (on/off).
+ required: false
+ default: present
+ choices: [ "present", "absent" ]
+ type: str
+ address:
+ description:
+ - IPv4 or IPv6 address of interface in CIDR notation.
+ - To remove an IP address from a non-management port use 0.0.0.0/0
+ required: false
+ type: str
+ gateway:
+ description:
+ - IPv4 or IPv6 address of interface gateway.
+ required: false
+ type: str
+ mtu:
+ description:
+ - MTU size of the interface. Range is 1280 to 9216.
+ required: false
+ default: 1500
+ type: int
+ servicelist:
+ description:
+ - Assigns the specified (comma-separated) service list to one or more specified interfaces.
+ - Replaces the previous service list.
+ - Supported service lists depend on whether the network interface is Ethernet or Fibre Channel.
+ - Note that I(system) is only valid for Cloud Block Store.
+ elements: str
+ type: list
+ choices: [ "replication", "management", "ds", "file", "iscsi", "scsi-fc", "nvme-fc", "nvme-tcp", "nvme-roce", "system"]
+ version_added: '1.15.0'
+extends_documentation_fragment:
+ - purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = """
+- name: Configure and enable network interface ct0.eth8
+ purestorage.flasharray.purefa_network:
+ name: ct0.eth8
+ gateway: 10.21.200.1
+ address: "10.21.200.18/24"
+ mtu: 9000
+ state: present
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Disable physical interface ct1.eth2
+ purestorage.flasharray.purefa_network:
+ name: ct1.eth2
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Enable virtual network interface vir0
+ purestorage.flasharray.purefa_network:
+ name: vir0
+ state: present
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Remove an IP address from iSCSI interface ct0.eth4
+ purestorage.flasharray.purefa_network:
+ name: ct0.eth4
+ address: 0.0.0.0/0
+ gateway: 0.0.0.0
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Change service list for FC interface ct0.fc1
+ purestorage.flasharray.purefa_network:
+ name: ct0.fc1
+ servicelist:
+ - replication
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+"""
+
+RETURN = """
+"""
+
+try:
+ from netaddr import IPAddress, IPNetwork
+
+ HAS_NETADDR = True
+except ImportError:
+ HAS_NETADDR = False
+
+try:
+ from pypureclient.flasharray import NetworkInterfacePatch
+
+ HAS_PYPURECLIENT = True
+except ImportError:
+ HAS_PYPURECLIENT = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+FC_ENABLE_API = "2.4"
+
+
+def _is_cbs(array, is_cbs=False):
+ """Is the selected array a Cloud Block Store"""
+ model = array.get(controllers=True)[0]["model"]
+ is_cbs = bool("CBS" in model)
+ return is_cbs
+
+
+def _get_fc_interface(module, array):
+ """Return FC Interface or None"""
+ interface = {}
+ interface_list = array.get_network_interfaces(names=[module.params["name"]])
+ if interface_list.status_code == 200:
+ interface = list(interface_list.items)[0]
+ return interface
+ else:
+ return None
+
+
+def _get_interface(module, array):
+ """Return Network Interface or None"""
+ interface = {}
+ if module.params["name"][0] == "v":
+ try:
+ interface = array.get_network_interface(module.params["name"])
+ except Exception:
+ return None
+ else:
+ try:
+ interfaces = array.list_network_interfaces()
+ except Exception:
+ return None
+ for ints in range(0, len(interfaces)):
+ if interfaces[ints]["name"] == module.params["name"]:
+ interface = interfaces[ints]
+ break
+ return interface
+
+
+def update_fc_interface(module, array, interface, api_version):
+ """Modify FC Interface settings"""
+ changed = False
+ if FC_ENABLE_API in api_version:
+ if not interface.enabled and module.params["state"] == "present":
+ changed = True
+ if not module.check_mode:
+ network = NetworkInterfacePatch(enabled=True, override_npiv_check=True)
+ res = array.patch_network_interfaces(
+ names=[module.params["name"]], network=network
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to enable interface {0}.".format(
+ module.params["name"]
+ )
+ )
+ if interface.enabled and module.params["state"] == "absent":
+ changed = True
+ if not module.check_mode:
+ network = NetworkInterfacePatch(enabled=False, override_npiv_check=True)
+ res = array.patch_network_interfaces(
+ names=[module.params["name"]], network=network
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to disable interface {0}.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["servicelist"] and sorted(module.params["servicelist"]) != sorted(
+ interface.services
+ ):
+ changed = True
+ if not module.check_mode:
+ network = NetworkInterfacePatch(services=module.params["servicelist"])
+ res = array.patch_network_interfaces(
+ names=[module.params["name"]], network=network
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update interface service list {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def update_interface(module, array, interface):
+ """Modify Interface settings"""
+ changed = False
+ current_state = {
+ "mtu": interface["mtu"],
+ "gateway": interface["gateway"],
+ "address": interface["address"],
+ "netmask": interface["netmask"],
+ "services": sorted(interface["services"]),
+ }
+ if not module.params["servicelist"]:
+ services = sorted(interface["services"])
+ else:
+ services = sorted(module.params["servicelist"])
+ if not module.params["address"]:
+ address = interface["address"]
+ else:
+ if module.params["gateway"]:
+ if module.params["gateway"] and module.params["gateway"] not in IPNetwork(
+ module.params["address"]
+ ):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ elif not module.params["gateway"] and interface["gateway"] not in [
+ None,
+ IPNetwork(module.params["address"]),
+ ]:
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ address = str(module.params["address"].split("/", 1)[0])
+ ip_version = str(IPAddress(address).version)
+ if not module.params["mtu"]:
+ mtu = interface["mtu"]
+ else:
+ if not 1280 <= module.params["mtu"] <= 9216:
+ module.fail_json(
+ msg="MTU {0} is out of range (1280 to 9216)".format(
+ module.params["mtu"]
+ )
+ )
+ else:
+ mtu = module.params["mtu"]
+ if module.params["address"]:
+ netmask = str(IPNetwork(module.params["address"]).netmask)
+ else:
+ netmask = interface["netmask"]
+ if not module.params["gateway"]:
+ gateway = interface["gateway"]
+ else:
+ cidr = str(IPAddress(netmask).netmask_bits())
+ full_addr = address + "/" + cidr
+ if module.params["gateway"] not in IPNetwork(full_addr):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ gateway = module.params["gateway"]
+ if ip_version == "6":
+ netmask = str(IPAddress(netmask).netmask_bits())
+ new_state = {
+ "address": address,
+ "mtu": mtu,
+ "gateway": gateway,
+ "netmask": netmask,
+ "services": services,
+ }
+ if new_state != current_state:
+ changed = True
+ if (
+ "management" in interface["services"] or "app" in interface["services"]
+ ) and address == "0.0.0.0/0":
+ module.fail_json(
+ msg="Removing IP address from a management or app port is not supported"
+ )
+ if not module.check_mode:
+ try:
+ if new_state["gateway"] is not None:
+ array.set_network_interface(
+ interface["name"],
+ address=new_state["address"],
+ mtu=new_state["mtu"],
+ netmask=new_state["netmask"],
+ gateway=new_state["gateway"],
+ )
+ else:
+ array.set_network_interface(
+ interface["name"],
+ address=new_state["address"],
+ mtu=new_state["mtu"],
+ netmask=new_state["netmask"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to change settings for interface {0}.".format(
+ interface["name"]
+ )
+ )
+ if not interface["enabled"] and module.params["state"] == "present":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.enable_network_interface(interface["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to enable interface {0}.".format(interface["name"])
+ )
+ if interface["enabled"] and module.params["state"] == "absent":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.disable_network_interface(interface["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to disable interface {0}.".format(interface["name"])
+ )
+ if (
+ module.params["servicelist"]
+ and sorted(module.params["servicelist"]) != interface["services"]
+ ):
+ api_version = array._list_available_rest_versions()
+ if FC_ENABLE_API in api_version:
+ if HAS_PYPURECLIENT:
+ array = get_array(module)
+ changed = True
+ if not module.check_mode:
+ network = NetworkInterfacePatch(
+ services=module.params["servicelist"]
+ )
+ res = array.patch_network_interfaces(
+ names=[module.params["name"]], network=network
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update interface service list {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ else:
+ module.warn_json(
+ "Servicelist not update as pypureclient module is required"
+ )
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ address=dict(type="str"),
+ gateway=dict(type="str"),
+ mtu=dict(type="int", default=1500),
+ servicelist=dict(
+ type="list",
+ elements="str",
+ choices=[
+ "replication",
+ "management",
+ "ds",
+ "file",
+ "iscsi",
+ "scsi-fc",
+ "nvme-fc",
+ "nvme-tcp",
+ "nvme-roce",
+ "system",
+ ],
+ ),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_NETADDR:
+ module.fail_json(msg="netaddr module is required")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if not _is_cbs(array):
+ if module.params["servicelist"] and "system" in module.params["servicelist"]:
+ module.fail_json(
+ msg="Only Cloud Block Store supports the 'system' service type"
+ )
+ if "." in module.params["name"]:
+ if module.params["name"].split(".")[1][0].lower() == "f":
+ if not HAS_PYPURECLIENT:
+ module.fail_json(msg="pypureclient module is required")
+ array = get_array(module)
+ interface = _get_fc_interface(module, array)
+ if not interface:
+ module.fail_json(msg="Invalid network interface specified.")
+ else:
+ update_fc_interface(module, array, interface, api_version)
+ else:
+ interface = _get_interface(module, array)
+ if not interface:
+ module.fail_json(msg="Invalid network interface specified.")
+ else:
+ update_interface(module, array, interface)
+ else:
+ interface = _get_interface(module, array)
+ if not interface:
+ module.fail_json(msg="Invalid network interface specified.")
+ else:
+ update_interface(module, array, interface)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ntp.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ntp.py
new file mode 100644
index 000000000..e2a5c8f18
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ntp.py
@@ -0,0 +1,151 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_ntp
+version_added: '1.0.0'
+short_description: Configure Pure Storage FlashArray NTP settings
+description:
+- Set or erase NTP configuration for Pure Storage FlashArrays.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create or delete NTP servers configuration
+ type: str
+ default: present
+ choices: [ absent, present ]
+ ntp_servers:
+ type: list
+ elements: str
+ description:
+ - A list of up to 4 alternate NTP servers. These may include IPv4,
+ IPv6 or FQDNs. Invalid IP addresses will cause the module to fail.
+ No validation is performed for FQDNs.
+ - If more than 4 servers are provided, only the first 4 unique
+ nameservers will be used.
+ - if no servers are given a default of I(0.pool.ntp.org) will be used.
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng NTP server entries
+ purestorage.flasharray.purefa_ntp:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set array NTP servers
+ purestorage.flasharray.purefa_ntp:
+ state: present
+ ntp_servers:
+ - "0.pool.ntp.org"
+ - "1.pool.ntp.org"
+ - "2.pool.ntp.org"
+ - "3.pool.ntp.org"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def _is_cbs(array, is_cbs=False):
+ """Is the selected array a Cloud Block Store"""
+ model = array.get(controllers=True)[0]["model"]
+ is_cbs = bool("CBS" in model)
+ return is_cbs
+
+
+def remove(duplicate):
+ final_list = []
+ for num in duplicate:
+ if num not in final_list:
+ final_list.append(num)
+ return final_list
+
+
+def delete_ntp(module, array):
+ """Delete NTP Servers"""
+ if array.get(ntpserver=True)["ntpserver"] != []:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(ntpserver=[])
+ except Exception:
+ module.fail_json(msg="Deletion of NTP servers failed")
+ else:
+ changed = False
+ module.exit_json(changed=changed)
+
+
+def create_ntp(module, array):
+ """Set NTP Servers"""
+ changed = True
+ if not module.check_mode:
+ if not module.params["ntp_servers"]:
+ module.params["ntp_servers"] = ["0.pool.ntp.org"]
+ try:
+ array.set(ntpserver=module.params["ntp_servers"][0:4])
+ except Exception:
+ module.fail_json(msg="Update of NTP servers failed")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ ntp_servers=dict(type="list", elements="str"),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ )
+ )
+
+ required_if = [["state", "present", ["ntp_servers"]]]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ array = get_system(module)
+ if _is_cbs(array):
+ module.warn("NTP settings are not necessary for a CBS array - ignoring...")
+ module.exit_json(changed=False)
+
+ if module.params["state"] == "absent":
+ delete_ntp(module, array)
+ else:
+ module.params["ntp_servers"] = remove(module.params["ntp_servers"])
+ if sorted(array.get(ntpserver=True)["ntpserver"]) != sorted(
+ module.params["ntp_servers"][0:4]
+ ):
+ create_ntp(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_offload.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_offload.py
new file mode 100644
index 000000000..1265911fe
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_offload.py
@@ -0,0 +1,443 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_offload
+version_added: '1.0.0'
+short_description: Create, modify and delete NFS, S3 or Azure offload targets
+description:
+- Create, modify and delete NFS, S3 or Azure offload targets.
+- Only supported on Purity v5.2.0 or higher.
+- You must have a correctly configured offload network for offload to work.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Define state of offload
+ default: present
+ choices: [ absent, present ]
+ type: str
+ name:
+ description:
+ - The name of the offload target
+ required: true
+ type: str
+ protocol:
+ description:
+ - Define which protocol the offload engine uses
+ default: nfs
+ choices: [ nfs, s3, azure, gcp ]
+ type: str
+ address:
+ description:
+ - The IP or FQDN address of the NFS server
+ type: str
+ share:
+ description:
+ - NFS export on the NFS server
+ type: str
+ options:
+ description:
+ - Additonal mount options for the NFS share
+ - Supported mount options include I(port), I(rsize),
+ I(wsize), I(nfsvers), and I(tcp) or I(udp)
+ required: false
+ default: ""
+ type: str
+ access_key:
+ description:
+ - Access Key ID of the offload target
+ type: str
+ container:
+ description:
+ - Name of the blob container of the Azure target
+ default: offload
+ type: str
+ bucket:
+ description:
+ - Name of the bucket for the S3 or GCP target
+ type: str
+ account:
+ description:
+ - Name of the Azure blob storage account
+ type: str
+ secret:
+ description:
+ - Secret Access Key for the offload target
+ type: str
+ initialize:
+ description:
+ - Define whether to initialize the offload bucket
+ type: bool
+ default: true
+ placement:
+ description:
+ - AWS S3 placement strategy
+ type: str
+ choices: ['retention-based', 'aws-standard-class']
+ default: retention-based
+
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create NFS offload target
+ purestorage.flasharray.purefa_offload:
+ name: nfs-offload
+ protocol: nfs
+ address: 10.21.200.4
+ share: "/offload_target"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create S3 offload target
+ purestorage.flasharray.purefa_offload:
+ name: s3-offload
+ protocol: s3
+ access_key: "3794fb12c6204e19195f"
+ bucket: offload-bucket
+ secret: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+ placement: aws-standard-class
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create Azure offload target
+ purestorage.flasharray.purefa_offload:
+ name: azure-offload
+ protocol: azure
+ secret: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+ container: offload-container
+ account: user1
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete offload target
+ purestorage.flasharray.purefa_offload:
+ name: nfs-offload
+ protocol: nfs
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+"""
+
+RETURN = r"""
+"""
+
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+HAS_PACKAGING = True
+try:
+ from packaging import version
+except ImportError:
+ HAS_PACKAGING = False
+
+import re
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "1.16"
+REGEX_TARGET_NAME = re.compile(r"^[a-zA-Z0-9\-]*$")
+P53_API_VERSION = "1.17"
+GCP_API_VERSION = "2.3"
+MULTIOFFLOAD_API_VERSION = "2.11"
+MULTIOFFLOAD_LIMIT = 5
+
+
+def get_target(module, array):
+ """Return target or None"""
+ try:
+ return array.get_offload(module.params["name"])
+ except Exception:
+ return None
+
+
+def create_offload(module, array):
+ """Create offload target"""
+ changed = True
+ api_version = array._list_available_rest_versions()
+ # First check if the offload network inteface is there and enabled
+ try:
+ if not array.get_network_interface("@offload.data")["enabled"]:
+ module.fail_json(
+ msg="Offload Network interface not enabled. Please resolve."
+ )
+ except Exception:
+ module.fail_json(
+ msg="Offload Network interface not correctly configured. Please resolve."
+ )
+ if not module.check_mode:
+ if module.params["protocol"] == "nfs":
+ try:
+ array.connect_nfs_offload(
+ module.params["name"],
+ mount_point=module.params["share"],
+ address=module.params["address"],
+ mount_options=module.params["options"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create NFS offload {0}. "
+ "Please perform diagnostic checks.".format(module.params["name"])
+ )
+ if module.params["protocol"] == "s3":
+ if P53_API_VERSION in api_version:
+ try:
+ array.connect_s3_offload(
+ module.params["name"],
+ access_key_id=module.params["access_key"],
+ secret_access_key=module.params["secret"],
+ bucket=module.params["bucket"],
+ placement_strategy=module.params["placement"],
+ initialize=module.params["initialize"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create S3 offload {0}. "
+ "Please perform diagnostic checks.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ try:
+ array.connect_s3_offload(
+ module.params["name"],
+ access_key_id=module.params["access_key"],
+ secret_access_key=module.params["secret"],
+ bucket=module.params["bucket"],
+ initialize=module.params["initialize"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create S3 offload {0}. "
+ "Please perform diagnostic checks.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["protocol"] == "azure" and P53_API_VERSION in api_version:
+ try:
+ array.connect_azure_offload(
+ module.params["name"],
+ container_name=module.params["container"],
+ secret_access_key=module.params["secret"],
+ account_name=module.params[".bucket"],
+ initialize=module.params["initialize"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create Azure offload {0}. "
+ "Please perform diagnostic checks.".format(module.params["name"])
+ )
+ if module.params["protocol"] == "gcp" and GCP_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ bucket = flasharray.OffloadGoogleCloud(
+ access_key_id=module.params["access_key"],
+ bucket=module.params["bucket"],
+ secret_access_key=module.params["secret"],
+ )
+ offload = flasharray.OffloadPost(google_cloud=bucket)
+ res = arrayv6.post_offloads(
+ offload=offload,
+ initialize=module.params["initialize"],
+ names=[module.params["name"]],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create GCP offload {0}. Error: {1}"
+ "Please perform diagnostic checks.".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def update_offload(module, array):
+ """Update offload target"""
+ changed = False
+ module.exit_json(changed=changed)
+
+
+def delete_offload(module, array):
+ """Delete offload target"""
+ changed = True
+ api_version = array._list_available_rest_versions()
+ if not module.check_mode:
+ if module.params["protocol"] == "nfs":
+ try:
+ array.disconnect_nfs_offload(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete NFS offload {0}.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["protocol"] == "s3":
+ try:
+ array.disconnect_s3_offload(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete S3 offload {0}.".format(module.params["name"])
+ )
+ if module.params["protocol"] == "azure" and P53_API_VERSION in api_version:
+ try:
+ array.disconnect_azure_offload(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete Azure offload {0}.".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ protocol=dict(
+ type="str", default="nfs", choices=["nfs", "s3", "azure", "gcp"]
+ ),
+ placement=dict(
+ type="str",
+ default="retention-based",
+ choices=["retention-based", "aws-standard-class"],
+ ),
+ name=dict(type="str", required=True),
+ initialize=dict(default=True, type="bool"),
+ access_key=dict(type="str", no_log=False),
+ secret=dict(type="str", no_log=True),
+ bucket=dict(type="str"),
+ container=dict(type="str", default="offload"),
+ account=dict(type="str"),
+ share=dict(type="str"),
+ address=dict(type="str"),
+ options=dict(type="str", default=""),
+ )
+ )
+
+ required_if = []
+
+ if argument_spec["state"] == "present":
+ required_if = [
+ ("protocol", "nfs", ["address", "share"]),
+ ("protocol", "s3", ["access_key", "secret", "bucket"]),
+ ["protocol", "gcp", ["access_key", "secret", "bucket"]],
+ ("protocol", "azure", ["account", "secret"]),
+ ]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+
+ if not HAS_PACKAGING:
+ module.fail_json(msg="packagingsdk is required for this module")
+ if not HAS_PURESTORAGE and module.params["protocol"] == "gcp":
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+
+ if (
+ not re.match(r"^[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9]$", module.params["name"])
+ or len(module.params["name"]) > 56
+ ):
+ module.fail_json(
+ msg="Target name invalid. "
+ "Target name must be between 1 and 56 characters (alphanumeric and -) in length "
+ "and begin and end with a letter or number. The name must include at least one letter."
+ )
+ if module.params["protocol"] in ["s3", "gcp"]:
+ if (
+ not re.match(r"^[a-z0-9][a-z0-9.\-]*[a-z0-9]$", module.params["bucket"])
+ or len(module.params["bucket"]) > 63
+ ):
+ module.fail_json(
+ msg="Bucket name invalid. "
+ "Bucket name must be between 3 and 63 characters "
+ "(lowercase, alphanumeric, dash or period) in length "
+ "and begin and end with a letter or number."
+ )
+
+ apps = array.list_apps()
+ app_version = 0
+ all_good = False
+ for app in range(0, len(apps)):
+ if apps[app]["name"] == "offload":
+ if (
+ apps[app]["enabled"]
+ and apps[app]["status"] == "healthy"
+ and version.parse(apps[app]["version"]) >= version.parse("5.2.0")
+ ):
+ all_good = True
+ app_version = apps[app]["version"]
+ break
+
+ if not all_good:
+ module.fail_json(
+ msg="Correct Offload app not installed or incorrectly configured"
+ )
+ else:
+ if version.parse(array.get()["version"]) != version.parse(app_version):
+ module.fail_json(
+ msg="Offload app version must match Purity version. Please upgrade."
+ )
+
+ target = get_target(module, array)
+ if module.params["state"] == "present" and not target:
+ offloads = array.list_offload()
+ target_count = len(offloads)
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ MULTIOFFLOAD_LIMIT = 1
+ if target_count >= MULTIOFFLOAD_LIMIT:
+ module.fail_json(
+ msg="Cannot add offload target {0}. Offload Target Limit of {1} would be exceeded.".format(
+ module.params["name"], MULTIOFFLOAD_LIMIT
+ )
+ )
+ # TODO: (SD) Remove this check when multi-protocol offloads are supported
+ if offloads[0].protocol != module.params["protocol"]:
+ module.fail_json(msg="Currently all offloads must be of the same type.")
+ create_offload(module, array)
+ elif module.params["state"] == "present" and target:
+ update_offload(module, array)
+ elif module.params["state"] == "absent" and target:
+ delete_offload(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pg.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pg.py
new file mode 100644
index 000000000..3fa51ebbb
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pg.py
@@ -0,0 +1,909 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2017, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_pg
+version_added: '1.0.0'
+short_description: Manage protection groups on Pure Storage FlashArrays
+description:
+- Create, delete or modify protection groups on Pure Storage FlashArrays.
+- If a protection group exists and you try to add non-valid types, eg. a host
+ to a volume protection group the module will ignore the invalid types.
+- Protection Groups on Offload targets are supported.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the protection group.
+ type: str
+ aliases: [ pgroup ]
+ required: true
+ state:
+ description:
+ - Define whether the protection group should exist or not.
+ type: str
+ default: present
+ choices: [ absent, present ]
+ volume:
+ description:
+ - List of existing volumes to add to protection group.
+ - Note that volume are case-sensitive however FlashArray volume names are unique
+ and ignore case - you cannot have I(volumea) and I(volumeA)
+ type: list
+ elements: str
+ host:
+ description:
+ - List of existing hosts to add to protection group.
+ - Note that hostnames are case-sensitive however FlashArray hostnames are unique
+ and ignore case - you cannot have I(hosta) and I(hostA)
+ type: list
+ elements: str
+ hostgroup:
+ description:
+ - List of existing hostgroups to add to protection group.
+ - Note that hostgroups are case-sensitive however FlashArray hostgroup names are unique
+ and ignore case - you cannot have I(groupa) and I(groupA)
+ type: list
+ elements: str
+ eradicate:
+ description:
+ - Define whether to eradicate the protection group on delete and leave in trash.
+ type : bool
+ default: false
+ enabled:
+ description:
+ - Define whether to enabled snapshots for the protection group.
+ type : bool
+ default: true
+ target:
+ description:
+ - List of remote arrays or offload target for replication protection group
+ to connect to.
+ - Note that all replicated protection groups are asynchronous.
+ - Target arrays or offload targets must already be connected to the source array.
+ - Maximum number of targets per Portection Group is 4, assuming your
+ configuration suppors this.
+ type: list
+ elements: str
+ rename:
+ description:
+ - Rename a protection group
+ - If the source protection group is in a Pod or Volume Group 'container'
+ you only need to provide the new protection group name in the same 'container'
+ type: str
+ safe_mode:
+ description:
+ - Enables SafeMode restrictions on the protection group
+ - B(Once set disabling this can only be performed by Pure Technical Support)
+ type: bool
+ default: false
+ version_added: '1.13.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new local protection group
+ purestorage.flasharray.purefa_pg:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create new protection group called bar in pod called foo
+ purestorage.flasharray.purefa_pg:
+ name: "foo::bar"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create new replicated protection group
+ purestorage.flasharray.purefa_pg:
+ name: foo
+ target:
+ - arrayb
+ - arrayc
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create new replicated protection group to offload target and remote array
+ purestorage.flasharray.purefa_pg:
+ name: foo
+ target:
+ - offload
+ - arrayc
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create new protection group with snapshots disabled
+ purestorage.flasharray.purefa_pg:
+ name: foo
+ enabled: false
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete protection group
+ purestorage.flasharray.purefa_pg:
+ name: foo
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Eradicate protection group foo on offload target where source array is arrayA
+ purestorage.flasharray.purefa_pg:
+ name: "arrayA:foo"
+ target: offload
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Rename protection group foo in pod arrayA to bar
+ purestorage.flasharray.purefa_pg:
+ name: "arrayA::foo"
+ rename: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create protection group for hostgroups
+ purestorage.flasharray.purefa_pg:
+ name: bar
+ hostgroup:
+ - hg1
+ - hg2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create protection group for hosts
+ purestorage.flasharray.purefa_pg:
+ name: bar
+ host:
+ - host1
+ - host2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create replicated protection group for volumes
+ purestorage.flasharray.purefa_pg:
+ name: bar
+ volume:
+ - vol1
+ - vol2
+ target: arrayb
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+
+OFFLOAD_API_VERSION = "1.16"
+P53_API_VERSION = "1.17"
+AC_PG_API_VERSION = "1.13"
+RETENTION_LOCK_VERSION = "2.13"
+
+
+def get_pod(module, array):
+ """Get ActiveCluster Pod"""
+ pod_name = module.params["name"].split("::")[0]
+ try:
+ return array.get_pod(pod=pod_name)
+ except Exception:
+ return None
+
+
+def get_targets(array):
+ """Get Offload Targets"""
+ targets = []
+ try:
+ target_details = array.list_offload()
+ except Exception:
+ return None
+
+ for targetcnt in range(0, len(target_details)):
+ if target_details[targetcnt]["status"] in ["connected", "partially_connected"]:
+ targets.append(target_details[targetcnt]["name"])
+ return targets
+
+
+def get_arrays(array):
+ """Get Connected Arrays"""
+ arrays = []
+ array_details = array.list_array_connections()
+ api_version = array._list_available_rest_versions()
+ for arraycnt in range(0, len(array_details)):
+ if P53_API_VERSION in api_version:
+ if array_details[arraycnt]["status"] in [
+ "connected",
+ "partially_connected",
+ ]:
+ arrays.append(array_details[arraycnt]["array_name"])
+ else:
+ if array_details[arraycnt]["connected"]:
+ arrays.append(array_details[arraycnt]["array_name"])
+ return arrays
+
+
+def get_pending_pgroup(module, array):
+ """Get Protection Group"""
+ pgroup = None
+ if ":" in module.params["name"]:
+ if "::" not in module.params["name"]:
+ for pgrp in array.list_pgroups(pending=True, on="*"):
+ if pgrp["name"].casefold() == module.params["name"].casefold():
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups(pending=True):
+ if (
+ pgrp["name"].casefold() == module.params["name"].casefold()
+ and pgrp["time_remaining"]
+ ):
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups(pending=True):
+ if (
+ pgrp["name"].casefold() == module.params["name"].casefold()
+ and pgrp["time_remaining"]
+ ):
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def get_pgroup(module, array):
+ """Get Protection Group"""
+ pgroup = None
+ if ":" in module.params["name"]:
+ if "::" not in module.params["name"]:
+ for pgrp in array.list_pgroups(on="*"):
+ if pgrp["name"].casefold() == module.params["name"].casefold():
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups():
+ if pgrp["name"].casefold() == module.params["name"].casefold():
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups():
+ if pgrp["name"].casefold() == module.params["name"].casefold():
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def get_pgroup_sched(module, array):
+ """Get Protection Group Schedule"""
+ pgroup = None
+
+ for pgrp in array.list_pgroups(schedule=True):
+ if pgrp["name"].casefold() == module.params["name"].casefold():
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def check_pg_on_offload(module, array):
+ """Check if PG already exists on offload target"""
+ array_name = array.get()["array_name"]
+ remote_pg = array_name + ":" + module.params["name"]
+ targets = get_targets(array)
+ for target in targets:
+ remote_pgs = array.list_pgroups(pending=True, on=target)
+ for rpg in range(0, len(remote_pgs)):
+ if remote_pg == remote_pgs[rpg]["name"]:
+ return target
+ return None
+
+
+def make_pgroup(module, array):
+ """Create Protection Group"""
+ changed = True
+ if module.params["target"]:
+ api_version = array._list_available_rest_versions()
+ connected_targets = []
+ connected_arrays = get_arrays(array)
+ if OFFLOAD_API_VERSION in api_version:
+ connected_targets = get_targets(array)
+ offload_name = check_pg_on_offload(module, array)
+ if offload_name and offload_name in module.params["target"][0:4]:
+ module.fail_json(
+ msg="Protection Group {0} already exists on offload target {1}.".format(
+ module.params["name"], offload_name
+ )
+ )
+
+ connected_arrays = connected_arrays + connected_targets
+ if connected_arrays == []:
+ module.fail_json(msg="No connected targets on source array.")
+ if set(module.params["target"][0:4]).issubset(connected_arrays):
+ if not module.check_mode:
+ try:
+ array.create_pgroup(
+ module.params["name"], targetlist=module.params["target"][0:4]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Creation of replicated pgroup {0} failed. {1}".format(
+ module.params["name"], module.params["target"][0:4]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Check all selected targets are connected to the source array."
+ )
+ else:
+ if not module.check_mode:
+ try:
+ array.create_pgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Creation of pgroup {0} failed.".format(module.params["name"])
+ )
+ try:
+ if module.params["target"]:
+ array.set_pgroup(
+ module.params["name"],
+ replicate_enabled=module.params["enabled"],
+ )
+ else:
+ array.set_pgroup(
+ module.params["name"], snap_enabled=module.params["enabled"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Enabling pgroup {0} failed.".format(module.params["name"])
+ )
+ if module.params["volume"]:
+ try:
+ array.set_pgroup(
+ module.params["name"], vollist=module.params["volume"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Adding volumes to pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["host"]:
+ try:
+ array.set_pgroup(
+ module.params["name"], hostlist=module.params["host"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Adding hosts to pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["hostgroup"]:
+ try:
+ array.set_pgroup(
+ module.params["name"], hgrouplist=module.params["hostgroup"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Adding hostgroups to pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["safe_mode"]:
+ arrayv6 = get_array(module)
+ try:
+ arrayv6.patch_protection_groups(
+ names=[module.params["name"]],
+ protection_group=flasharray.ProtectionGroup(
+ retention_lock="ratcheted"
+ ),
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to set SafeMode on pgroup {0}".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def rename_exists(module, array):
+ """Determine if rename target already exists"""
+ exists = False
+ new_name = module.params["rename"]
+ if ":" in module.params["name"]:
+ container = module.params["name"].split(":")[0]
+ new_name = container + ":" + module.params["rename"]
+ if "::" in module.params["name"]:
+ new_name = container + "::" + module.params["rename"]
+ for pgroup in array.list_pgroups(pending=True):
+ if pgroup["name"].casefold() == new_name.casefold():
+ exists = True
+ break
+ return exists
+
+
+def update_pgroup(module, array):
+ """Update Protection Group"""
+ changed = renamed = False
+ api_version = array._list_available_rest_versions()
+ if module.params["target"]:
+ connected_targets = []
+ connected_arrays = get_arrays(array)
+
+ if OFFLOAD_API_VERSION in api_version:
+ connected_targets = get_targets(array)
+ connected_arrays = connected_arrays + connected_targets
+ if connected_arrays == []:
+ module.fail_json(msg="No targets connected to source array.")
+ current_connects = array.get_pgroup(module.params["name"])["targets"]
+ current_targets = []
+
+ if current_connects:
+ for targetcnt in range(0, len(current_connects)):
+ current_targets.append(current_connects[targetcnt]["name"])
+
+ if set(module.params["target"][0:4]) != set(current_targets):
+ if not set(module.params["target"][0:4]).issubset(connected_arrays):
+ module.fail_json(
+ msg="Check all selected targets are connected to the source array."
+ )
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_pgroup(
+ module.params["name"],
+ targetlist=module.params["target"][0:4],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Changing targets for pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+
+ if (
+ module.params["target"]
+ and module.params["enabled"]
+ != get_pgroup_sched(module, array)["replicate_enabled"]
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_pgroup(
+ module.params["name"], replicate_enabled=module.params["enabled"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Changing enabled status of pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ elif (
+ not module.params["target"]
+ and module.params["enabled"] != get_pgroup_sched(module, array)["snap_enabled"]
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_pgroup(
+ module.params["name"], snap_enabled=module.params["enabled"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Changing enabled status of pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+
+ if (
+ module.params["volume"]
+ and get_pgroup(module, array)["hosts"] is None
+ and get_pgroup(module, array)["hgroups"] is None
+ ):
+ if get_pgroup(module, array)["volumes"] is None:
+ if not module.check_mode:
+ changed = True
+ try:
+ array.set_pgroup(
+ module.params["name"], vollist=module.params["volume"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Adding volumes to pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ cased_vols = list(module.params["volume"])
+ cased_pgvols = list(get_pgroup(module, array)["volumes"])
+ if not all(x in cased_pgvols for x in cased_vols):
+ if not module.check_mode:
+ changed = True
+ try:
+ array.set_pgroup(
+ module.params["name"], addvollist=module.params["volume"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Changing volumes in pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+
+ if (
+ module.params["host"]
+ and get_pgroup(module, array)["volumes"] is None
+ and get_pgroup(module, array)["hgroups"] is None
+ ):
+ if get_pgroup(module, array)["hosts"] is None:
+ if not module.check_mode:
+ changed = True
+ try:
+ array.set_pgroup(
+ module.params["name"], hostlist=module.params["host"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Adding hosts to pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ cased_hosts = list(module.params["host"])
+ cased_pghosts = list(get_pgroup(module, array)["hosts"])
+ if not all(x in cased_pghosts for x in cased_hosts):
+ if not module.check_mode:
+ changed = True
+ try:
+ array.set_pgroup(
+ module.params["name"], addhostlist=module.params["host"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Changing hosts in pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+
+ if (
+ module.params["hostgroup"]
+ and get_pgroup(module, array)["hosts"] is None
+ and get_pgroup(module, array)["volumes"] is None
+ ):
+ if get_pgroup(module, array)["hgroups"] is None:
+ if not module.check_mode:
+ changed = True
+ try:
+ array.set_pgroup(
+ module.params["name"], hgrouplist=module.params["hostgroup"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Adding hostgroups to pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ cased_hostg = list(module.params["hostgroup"])
+ cased_pghostg = list(get_pgroup(module, array)["hgroups"])
+ if not all(x in cased_pghostg for x in cased_hostg):
+ if not module.check_mode:
+ changed = True
+ try:
+ array.set_pgroup(
+ module.params["name"],
+ addhgrouplist=module.params["hostgroup"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Changing hostgroups in pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["rename"]:
+ if not rename_exists(module, array):
+ if ":" in module.params["name"]:
+ container = module.params["name"].split(":")[0]
+ if "::" in module.params["name"]:
+ rename = container + "::" + module.params["rename"]
+ else:
+ rename = container + ":" + module.params["rename"]
+ else:
+ rename = module.params["rename"]
+ renamed = True
+ if not module.check_mode:
+ try:
+ array.rename_pgroup(module.params["name"], rename)
+ module.params["name"] = rename
+ except Exception:
+ module.fail_json(msg="Rename to {0} failed.".format(rename))
+ else:
+ module.warn(
+ "Rename failed. Protection group {0} already exists in container. Continuing with other changes...".format(
+ module.params["rename"]
+ )
+ )
+ if RETENTION_LOCK_VERSION in api_version:
+ arrayv6 = get_array(module)
+ current_pg = list(
+ arrayv6.get_protection_groups(names=[module.params["name"]]).items
+ )[0]
+ if current_pg.retention_lock == "unlocked" and module.params["safe_mode"]:
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.patch_protection_groups(
+ names=[module.params["name"]],
+ protection_group=flasharray.ProtectionGroup(
+ retention_lock="ratcheted"
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to set SafeMode on protection group {0}. Error: {1}".format(
+ module.params["name"],
+ res.errors[0].message,
+ )
+ )
+ if current_pg.retention_lock == "ratcheted" and not module.params["safe_mode"]:
+ module.warn(
+ "Disabling SafeMode on protection group {0} can only be performed by Pure Technical Support".format(
+ module.params["name"]
+ )
+ )
+ changed = changed or renamed
+ module.exit_json(changed=changed)
+
+
+def eradicate_pgroup(module, array):
+ """Eradicate Protection Group"""
+ changed = True
+ if not module.check_mode:
+ if ":" in module.params["name"]:
+ if "::" not in module.params["name"]:
+ try:
+ target = "".join(module.params["target"])
+ array.destroy_pgroup(
+ module.params["name"], on=target, eradicate=True
+ )
+ except Exception:
+ module.fail_json(
+ msg="Eradicating pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ try:
+ array.destroy_pgroup(module.params["name"], eradicate=True)
+ except Exception:
+ module.fail_json(
+ msg="Eradicating pgroup {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ try:
+ array.destroy_pgroup(module.params["name"], eradicate=True)
+ except Exception:
+ module.fail_json(
+ msg="Eradicating pgroup {0} failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_pgroup(module, array):
+ """Delete Protection Group"""
+ changed = True
+ if not module.check_mode:
+ if ":" in module.params["name"]:
+ if "::" not in module.params["name"]:
+ try:
+ target = "".join(module.params["target"])
+ array.destroy_pgroup(module.params["name"], on=target)
+ except Exception:
+ module.fail_json(
+ msg="Deleting pgroup {0} failed.".format(module.params["name"])
+ )
+ else:
+ try:
+ array.destroy_pgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Deleting pgroup {0} failed.".format(module.params["name"])
+ )
+ else:
+ try:
+ array.destroy_pgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Deleting pgroup {0} failed.".format(module.params["name"])
+ )
+ if module.params["eradicate"]:
+ eradicate_pgroup(module, array)
+
+ module.exit_json(changed=changed)
+
+
+def recover_pgroup(module, array):
+ """Recover deleted protection group"""
+ changed = True
+ if not module.check_mode:
+ if ":" in module.params["name"]:
+ if "::" not in module.params["name"]:
+ try:
+ target = "".join(module.params["target"])
+ array.recover_pgroup(module.params["name"], on=target)
+ except Exception:
+ module.fail_json(
+ msg="Recover pgroup {0} failed.".format(module.params["name"])
+ )
+ else:
+ try:
+ array.recover_pgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Recover pgroup {0} failed.".format(module.params["name"])
+ )
+ else:
+ try:
+ array.recover_pgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="ecover pgroup {0} failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True, aliases=["pgroup"]),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ volume=dict(type="list", elements="str"),
+ host=dict(type="list", elements="str"),
+ hostgroup=dict(type="list", elements="str"),
+ target=dict(type="list", elements="str"),
+ safe_mode=dict(type="bool", default=False),
+ eradicate=dict(type="bool", default=False),
+ enabled=dict(type="bool", default=True),
+ rename=dict(type="str"),
+ )
+ )
+
+ mutually_exclusive = [["volume", "host", "hostgroup"]]
+ module = AnsibleModule(
+ argument_spec, mutually_exclusive=mutually_exclusive, supports_check_mode=True
+ )
+ if not HAS_PURESTORAGE and module.params["safe_mode"]:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'safe_mode' parameter"
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+ pattern = re.compile("^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$")
+ if module.params["rename"]:
+ if not pattern.match(module.params["rename"]):
+ module.fail_json(
+ msg="Rename value {0} does not conform to naming convention".format(
+ module.params["rename"]
+ )
+ )
+ if not pattern.match(module.params["name"].split(":")[-1]):
+ module.fail_json(
+ msg="Protection Group name {0} does not conform to naming convention".format(
+ module.params["name"]
+ )
+ )
+ api_version = array._list_available_rest_versions()
+ if module.params["safe_mode"] and RETENTION_LOCK_VERSION not in api_version:
+ module.fail_json(
+ msg="API version does not support setting SafeMode on a protection group."
+ )
+ if ":" in module.params["name"] and OFFLOAD_API_VERSION not in api_version:
+ module.fail_json(msg="API version does not support offload protection groups.")
+ if "::" in module.params["name"] and AC_PG_API_VERSION not in api_version:
+ module.fail_json(
+ msg="API version does not support ActiveCluster protection groups."
+ )
+ if ":" in module.params["name"]:
+ if "::" in module.params["name"]:
+ pgname = module.params["name"].split("::")[1]
+ else:
+ pgname = module.params["name"].split(":")[1]
+ if not pattern.match(pgname):
+ module.fail_json(
+ msg="Protection Group name {0} does not conform to naming convention".format(
+ pgname
+ )
+ )
+ else:
+ if not pattern.match(module.params["name"]):
+ module.fail_json(
+ msg="Protection Group name {0} does not conform to naming convention".format(
+ module.params["name"]
+ )
+ )
+
+ pgroup = get_pgroup(module, array)
+ xpgroup = get_pending_pgroup(module, array)
+ if "::" in module.params["name"]:
+ if not get_pod(module, array):
+ module.fail_json(
+ msg="Pod {0} does not exist.".format(
+ module.params["name"].split("::")[0]
+ )
+ )
+
+ if module.params["host"]:
+ try:
+ for hst in module.params["host"]:
+ array.get_host(hst)
+ except Exception:
+ module.fail_json(msg="Host {0} not found".format(hst))
+
+ if module.params["hostgroup"]:
+ try:
+ for hstg in module.params["hostgroup"]:
+ array.get_hgroup(hstg)
+ except Exception:
+ module.fail_json(msg="Hostgroup {0} not found".format(hstg))
+
+ if pgroup and state == "present":
+ update_pgroup(module, array)
+ elif pgroup and state == "absent":
+ delete_pgroup(module, array)
+ elif xpgroup and state == "absent" and module.params["eradicate"]:
+ eradicate_pgroup(module, array)
+ elif (
+ not pgroup
+ and not xpgroup
+ and state == "present"
+ and not module.params["rename"]
+ ):
+ make_pgroup(module, array)
+ elif not pgroup and state == "present" and module.params["rename"]:
+ module.exit_json(changed=False)
+ elif xpgroup and state == "present":
+ recover_pgroup(module, array)
+ elif pgroup is None and state == "absent":
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsched.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsched.py
new file mode 100644
index 000000000..dc0a488d4
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsched.py
@@ -0,0 +1,527 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_pgsched
+short_description: Manage protection groups replication schedules on Pure Storage FlashArrays
+version_added: '1.0.0'
+description:
+- Modify or delete protection groups replication schedules on Pure Storage FlashArrays.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the protection group.
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether to set or delete the protection group schedule.
+ type: str
+ default: present
+ choices: [ absent, present ]
+ schedule:
+ description:
+ - Which schedule to change.
+ type: str
+ choices: ['replication', 'snapshot']
+ required: true
+ enabled:
+ description:
+ - Enable the schedule being configured.
+ type: bool
+ default: true
+ replicate_at:
+ description:
+ - Specifies the preferred time as HH:MM:SS, using 24-hour clock, at which to generate snapshots.
+ type: int
+ blackout_start:
+ description:
+ - Specifies the time at which to suspend replication.
+ - Provide a time in 12-hour AM/PM format, eg. 11AM
+ type: str
+ blackout_end:
+ description:
+ - Specifies the time at which to restart replication.
+ - Provide a time in 12-hour AM/PM format, eg. 5PM
+ type: str
+ replicate_frequency:
+ description:
+ - Specifies the replication frequency in seconds.
+ - Range 900 - 34560000 (FA-405, //M10, //X10i and Cloud Block Store).
+ - Range 300 - 34560000 (all other arrays).
+ type: int
+ snap_at:
+ description:
+ - Specifies the preferred time as HH:MM:SS, using 24-hour clock, at which to generate snapshots.
+ - Only valid if I(snap_frequency) is an exact multiple of 86400, ie 1 day.
+ type: int
+ snap_frequency:
+ description:
+ - Specifies the snapshot frequency in seconds.
+ - Range available 300 - 34560000.
+ type: int
+ days:
+ description:
+ - Specifies the number of days to keep the I(per_day) snapshots beyond the
+ I(all_for) period before they are eradicated
+ - Max retention period is 4000 days
+ type: int
+ all_for:
+ description:
+ - Specifies the length of time, in seconds, to keep the snapshots on the
+ source array before they are eradicated.
+ - Range available 1 - 34560000.
+ type: int
+ per_day:
+ description:
+ - Specifies the number of I(per_day) snapshots to keep beyond the I(all_for) period.
+ - Maximum number is 1440
+ type: int
+ target_all_for:
+ description:
+ - Specifies the length of time, in seconds, to keep the replicated snapshots on the targets.
+ - Range is 1 - 34560000 seconds.
+ type: int
+ target_per_day:
+ description:
+ - Specifies the number of I(per_day) replicated snapshots to keep beyond the I(target_all_for) period.
+ - Maximum number is 1440
+ type: int
+ target_days:
+ description:
+ - Specifies the number of days to keep the I(target_per_day) replicated snapshots
+ beyond the I(target_all_for) period before they are eradicated.
+ - Max retention period is 4000 days
+ type: int
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Update protection group snapshot schedule
+ purestorage.flasharray.purefa_pgsched:
+ name: foo
+ schedule: snapshot
+ enabled: true
+ snap_frequency: 86400
+ snap_at: 15:30:00
+ per_day: 5
+ all_for: 5
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update protection group replication schedule
+ purestorage.flasharray.purefa_pgsched:
+ name: foo
+ schedule: replication
+ enabled: true
+ replicate_frequency: 86400
+ replicate_at: 15:30:00
+ target_per_day: 5
+ target_all_for: 5
+ blackout_start: 2AM
+ blackout_end: 5AM
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete protection group snapshot schedule
+ purestorage.flasharray.purefa_pgsched:
+ name: foo
+ schedule: snapshot
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete protection group replication schedule
+ purestorage.flasharray.purefa_pgsched:
+ name: foo
+ schedule: replication
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def get_pending_pgroup(module, array):
+ """Get Protection Group"""
+ pgroup = None
+ if ":" in module.params["name"]:
+ for pgrp in array.list_pgroups(pending=True, on="*"):
+ if pgrp["name"] == module.params["name"] and pgrp["time_remaining"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups(pending=True):
+ if pgrp["name"] == module.params["name"] and pgrp["time_remaining"]:
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def get_pgroup(module, array):
+ """Get Protection Group"""
+ pgroup = None
+ if ":" in module.params["name"]:
+ if "::" not in module.params["name"]:
+ for pgrp in array.list_pgroups(on="*"):
+ if pgrp["name"] == module.params["name"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups():
+ if pgrp["name"] == module.params["name"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups():
+ if pgrp["name"] == module.params["name"]:
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def _convert_to_minutes(hour):
+ if hour[-2:] == "AM" and hour[:2] == "12":
+ return 0
+ elif hour[-2:] == "AM":
+ return int(hour[:-2]) * 3600
+ elif hour[-2:] == "PM" and hour[:2] == "12":
+ return 43200
+ return (int(hour[:-2]) + 12) * 3600
+
+
+def update_schedule(module, array):
+ """Update Protection Group Schedule"""
+ changed = False
+ try:
+ schedule = array.get_pgroup(module.params["name"], schedule=True)
+ retention = array.get_pgroup(module.params["name"], retention=True)
+ if not schedule["replicate_blackout"]:
+ schedule["replicate_blackout"] = [{"start": 0, "end": 0}]
+ except Exception:
+ module.fail_json(
+ msg="Failed to get current schedule for pgroup {0}.".format(
+ module.params["name"]
+ )
+ )
+ current_repl = {
+ "replicate_frequency": schedule["replicate_frequency"],
+ "replicate_enabled": schedule["replicate_enabled"],
+ "target_days": retention["target_days"],
+ "replicate_at": schedule["replicate_at"],
+ "target_per_day": retention["target_per_day"],
+ "target_all_for": retention["target_all_for"],
+ "blackout_start": schedule["replicate_blackout"][0]["start"],
+ "blackout_end": schedule["replicate_blackout"][0]["end"],
+ }
+ current_snap = {
+ "days": retention["days"],
+ "snap_frequency": schedule["snap_frequency"],
+ "snap_enabled": schedule["snap_enabled"],
+ "snap_at": schedule["snap_at"],
+ "per_day": retention["per_day"],
+ "all_for": retention["all_for"],
+ }
+ if module.params["schedule"] == "snapshot":
+ if not module.params["snap_frequency"]:
+ snap_frequency = current_snap["snap_frequency"]
+ else:
+ if not 300 <= module.params["snap_frequency"] <= 34560000:
+ module.fail_json(
+ msg="Snap Frequency support is out of range (300 to 34560000)"
+ )
+ else:
+ snap_frequency = module.params["snap_frequency"]
+
+ if not module.params["snap_at"]:
+ snap_at = current_snap["snap_at"]
+ else:
+ snap_at = module.params["snap_at"]
+
+ if not module.params["days"]:
+ if isinstance(module.params["days"], int):
+ days = module.params["days"]
+ else:
+ days = current_snap["days"]
+ else:
+ if module.params["days"] > 4000:
+ module.fail_json(msg="Maximum value for days is 4000")
+ else:
+ days = module.params["days"]
+
+ if module.params["per_day"] is None:
+ per_day = current_snap["per_day"]
+ else:
+ if module.params["per_day"] > 1440:
+ module.fail_json(msg="Maximum value for per_day is 1440")
+ else:
+ per_day = module.params["per_day"]
+
+ if not module.params["all_for"]:
+ all_for = current_snap["all_for"]
+ else:
+ if module.params["all_for"] > 34560000:
+ module.fail_json(msg="Maximum all_for value is 34560000")
+ else:
+ all_for = module.params["all_for"]
+ new_snap = {
+ "days": days,
+ "snap_frequency": snap_frequency,
+ "snap_enabled": module.params["enabled"],
+ "snap_at": snap_at,
+ "per_day": per_day,
+ "all_for": all_for,
+ }
+ if current_snap != new_snap:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_pgroup(
+ module.params["name"], snap_enabled=module.params["enabled"]
+ )
+ array.set_pgroup(
+ module.params["name"],
+ snap_frequency=snap_frequency,
+ snap_at=snap_at,
+ )
+ array.set_pgroup(
+ module.params["name"],
+ days=days,
+ per_day=per_day,
+ all_for=all_for,
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to change snapshot schedule for pgroup {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ if not module.params["replicate_frequency"]:
+ replicate_frequency = current_repl["replicate_frequency"]
+ else:
+ model = array.get(controllers=True)[0]["model"]
+ if "405" in model or "10" in model or "CBS" in model:
+ if not 900 <= module.params["replicate_frequency"] <= 34560000:
+ module.fail_json(
+ msg="Replication Frequency support is out of range (900 to 34560000)"
+ )
+ else:
+ replicate_frequency = module.params["replicate_frequency"]
+ else:
+ if not 300 <= module.params["replicate_frequency"] <= 34560000:
+ module.fail_json(
+ msg="Replication Frequency support is out of range (300 to 34560000)"
+ )
+ else:
+ replicate_frequency = module.params["replicate_frequency"]
+
+ if not module.params["replicate_at"]:
+ replicate_at = current_repl["replicate_at"]
+ else:
+ replicate_at = module.params["replicate_at"]
+
+ if not module.params["target_days"]:
+ if isinstance(module.params["target_days"], int):
+ target_days = module.params["target_days"]
+ else:
+ target_days = current_repl["target_days"]
+ else:
+ if module.params["target_days"] > 4000:
+ module.fail_json(msg="Maximum value for target_days is 4000")
+ else:
+ target_days = module.params["target_days"]
+
+ if not module.params["target_per_day"]:
+ if isinstance(module.params["target_per_day"], int):
+ target_per_day = module.params["target_per_day"]
+ else:
+ target_per_day = current_repl["target_per_day"]
+ else:
+ if module.params["target_per_day"] > 1440:
+ module.fail_json(msg="Maximum value for target_per_day is 1440")
+ else:
+ target_per_day = module.params["target_per_day"]
+
+ if not module.params["target_all_for"]:
+ target_all_for = current_repl["target_all_for"]
+ else:
+ if module.params["target_all_for"] > 34560000:
+ module.fail_json(msg="Maximum target_all_for value is 34560000")
+ else:
+ target_all_for = module.params["target_all_for"]
+ if not module.params["blackout_end"]:
+ blackout_end = current_repl["blackout_start"]
+ else:
+ blackout_end = _convert_to_minutes(module.params["blackout_end"])
+ if not module.params["blackout_start"]:
+ blackout_start = current_repl["blackout_start"]
+ else:
+ blackout_start = _convert_to_minutes(module.params["blackout_start"])
+
+ new_repl = {
+ "replicate_frequency": replicate_frequency,
+ "replicate_enabled": module.params["enabled"],
+ "target_days": target_days,
+ "replicate_at": replicate_at,
+ "target_per_day": target_per_day,
+ "target_all_for": target_all_for,
+ "blackout_start": blackout_start,
+ "blackout_end": blackout_end,
+ }
+ if current_repl != new_repl:
+ changed = True
+ if not module.check_mode:
+ blackout = {"start": blackout_start, "end": blackout_end}
+ try:
+ array.set_pgroup(
+ module.params["name"],
+ replicate_enabled=module.params["enabled"],
+ )
+ array.set_pgroup(
+ module.params["name"],
+ replicate_frequency=replicate_frequency,
+ replicate_at=replicate_at,
+ )
+ if blackout_start == 0:
+ array.set_pgroup(module.params["name"], replicate_blackout=None)
+ else:
+ array.set_pgroup(
+ module.params["name"], replicate_blackout=blackout
+ )
+ array.set_pgroup(
+ module.params["name"],
+ target_days=target_days,
+ target_per_day=target_per_day,
+ target_all_for=target_all_for,
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to change replication schedule for pgroup {0}.".format(
+ module.params["name"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def delete_schedule(module, array):
+ """Delete, ie. disable, Protection Group Schedules"""
+ changed = False
+ try:
+ current_state = array.get_pgroup(module.params["name"], schedule=True)
+ if module.params["schedule"] == "replication":
+ if current_state["replicate_enabled"]:
+ changed = True
+ if not module.check_mode:
+ array.set_pgroup(module.params["name"], replicate_enabled=False)
+ array.set_pgroup(
+ module.params["name"],
+ target_days=0,
+ target_per_day=0,
+ target_all_for=1,
+ )
+ array.set_pgroup(
+ module.params["name"],
+ replicate_frequency=14400,
+ replicate_blackout=None,
+ )
+ else:
+ if current_state["snap_enabled"]:
+ changed = True
+ if not module.check_mode:
+ array.set_pgroup(module.params["name"], snap_enabled=False)
+ array.set_pgroup(
+ module.params["name"], days=0, per_day=0, all_for=1
+ )
+ array.set_pgroup(module.params["name"], snap_frequency=300)
+ except Exception:
+ module.fail_json(
+ msg="Deleting pgroup {0} {1} schedule failed.".format(
+ module.params["name"], module.params["schedule"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ schedule=dict(
+ type="str", required=True, choices=["replication", "snapshot"]
+ ),
+ blackout_start=dict(type="str"),
+ blackout_end=dict(type="str"),
+ snap_at=dict(type="int"),
+ replicate_at=dict(type="int"),
+ replicate_frequency=dict(type="int"),
+ snap_frequency=dict(type="int"),
+ all_for=dict(type="int"),
+ days=dict(type="int"),
+ per_day=dict(type="int"),
+ target_all_for=dict(type="int"),
+ target_per_day=dict(type="int"),
+ target_days=dict(type="int"),
+ enabled=dict(type="bool", default=True),
+ )
+ )
+
+ required_together = [["blackout_start", "blackout_end"]]
+
+ module = AnsibleModule(
+ argument_spec, required_together=required_together, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+
+ pgroup = get_pgroup(module, array)
+ if module.params["snap_at"] and module.params["snap_frequency"]:
+ if not module.params["snap_frequency"] % 86400 == 0:
+ module.fail_json(
+ msg="snap_at not valid unless snapshot frequency is measured in days, ie. a multiple of 86400"
+ )
+ if pgroup and state == "present":
+ update_schedule(module, array)
+ elif pgroup and state == "absent":
+ delete_schedule(module, array)
+ elif pgroup is None:
+ module.fail_json(
+ msg="Specified protection group {0} does not exist.".format(
+ module.params["name"]
+ )
+ )
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsnap.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsnap.py
new file mode 100644
index 000000000..822b0491f
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pgsnap.py
@@ -0,0 +1,481 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2017, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_pgsnap
+version_added: '1.0.0'
+short_description: Manage protection group snapshots on Pure Storage FlashArrays
+description:
+- Create or delete protection group snapshots on Pure Storage FlashArray.
+- Recovery of replicated snapshots on the replica target array is enabled.
+- Support for ActiveCluster and Volume Group protection groups is supported.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the source protection group.
+ type: str
+ required: true
+ suffix:
+ description:
+ - Suffix of snapshot name.
+ - Special case. If I(latest) the module will select the latest snapshot created in the group
+ type: str
+ state:
+ description:
+ - Define whether the protection group snapshot should exist or not.
+ Copy (added in 2.7) will create a full read/write clone of the
+ snapshot.
+ type: str
+ choices: [ absent, present, copy ]
+ default: present
+ eradicate:
+ description:
+ - Define whether to eradicate the snapshot on delete or leave in trash.
+ type: bool
+ default: false
+ restore:
+ description:
+ - Restore a specific volume from a protection group snapshot.
+ - The protection group name is not required. Only provide the name of the
+ volume to be restored.
+ type: str
+ overwrite:
+ description:
+ - Define whether to overwrite the target volume if it already exists.
+ type: bool
+ default: false
+ target:
+ description:
+ - Volume to restore a specified volume to.
+ - If not supplied this will default to the volume defined in I(restore)
+ type: str
+ offload:
+ description:
+ - Name of offload target on which the snapshot exists.
+ - This is only applicable for deletion and erasure of snapshots
+ type: str
+ now:
+ description:
+ - Whether to initiate a snapshot of the protection group immeadiately
+ type: bool
+ default: false
+ apply_retention:
+ description:
+ - Apply retention schedule settings to the snapshot
+ type: bool
+ default: false
+ remote:
+ description:
+ - Force immeadiate snapshot to remote targets
+ type: bool
+ default: false
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create protection group snapshot foo.ansible
+ purestorage.flasharray.purefa_pgsnap:
+ name: foo
+ suffix: ansible
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Delete and eradicate protection group snapshot named foo.snap
+ purestorage.flasharray.purefa_pgsnap:
+ name: foo
+ suffix: snap
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Restore volume data from local protection group snapshot named foo.snap to volume data2
+ purestorage.flasharray.purefa_pgsnap:
+ name: foo
+ suffix: snap
+ restore: data
+ target: data2
+ overwrite: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: copy
+
+- name: Restore remote protection group snapshot arrayA:pgname.snap.data to local copy
+ purestorage.flasharray.purefa_pgsnap:
+ name: arrayA:pgname
+ suffix: snap
+ restore: data
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: copy
+
+- name: Restore AC pod protection group snapshot pod1::pgname.snap.data to pdo1::data2
+ purestorage.flasharray.purefa_pgsnap:
+ name: pod1::pgname
+ suffix: snap
+ restore: data
+ target: pod1::data2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: copy
+
+- name: Create snapshot of existing pgroup foo with suffix and force immeadiate copy to remote targets
+ purestorage.flasharray.purefa_pgsnap:
+ name: pgname
+ suffix: force
+ now: true
+ apply_retention: true
+ remote: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete and eradicate snapshot named foo.snap on offload target bar from arrayA
+ purestorage.flasharray.purefa_pgsnap:
+ name: "arrayA:foo"
+ suffix: snap
+ offload: bar
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+"""
+
+RETURN = r"""
+"""
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+from datetime import datetime
+
+OFFLOAD_API = "1.16"
+POD_SNAPSHOT = "2.4"
+
+
+def _check_offload(module, array):
+ try:
+ offload = array.get_offload(module.params["offload"])
+ if offload["status"] == "connected":
+ return True
+ return False
+ except Exception:
+ return None
+
+
+def get_pgroup(module, array):
+ """Return Protection Group or None"""
+ try:
+ return array.get_pgroup(module.params["name"])
+ except Exception:
+ return None
+
+
+def get_pgroupvolume(module, array):
+ """Return Protection Group Volume or None"""
+ try:
+ pgroup = array.get_pgroup(module.params["name"])
+ if "::" in module.params["name"]:
+ restore_volume = (
+ module.params["name"].split("::")[0] + "::" + module.params["restore"]
+ )
+ else:
+ restore_volume = module.params["restore"]
+ for volume in pgroup["volumes"]:
+ if volume == restore_volume:
+ return volume
+ except Exception:
+ return None
+
+
+def get_rpgsnapshot(module, array):
+ """Return iReplicated Snapshot or None"""
+ try:
+ snapname = (
+ module.params["name"]
+ + "."
+ + module.params["suffix"]
+ + "."
+ + module.params["restore"]
+ )
+ for snap in array.list_volumes(snap=True):
+ if snap["name"] == snapname:
+ return snapname
+ except Exception:
+ return None
+
+
+def get_offload_snapshot(module, array):
+ """Return Snapshot (active or deleted) or None"""
+ try:
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ for snap in array.get_pgroup(
+ module.params["name"], snap=True, on=module.params["offload"]
+ ):
+ if snap["name"] == snapname:
+ return snapname
+ except Exception:
+ return None
+
+
+def get_pgsnapshot(module, array):
+ """Return Snapshot (active or deleted) or None"""
+ try:
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ for snap in array.get_pgroup(module.params["name"], pending=True, snap=True):
+ if snap["name"] == snapname:
+ return snapname
+ except Exception:
+ return None
+
+
+def create_pgsnapshot(module, array):
+ """Create Protection Group Snapshot"""
+ changed = True
+ if not module.check_mode:
+ try:
+ if (
+ module.params["now"]
+ and array.get_pgroup(module.params["name"])["targets"] is not None
+ ):
+ array.create_pgroup_snapshot(
+ source=module.params["name"],
+ suffix=module.params["suffix"],
+ snap=True,
+ apply_retention=module.params["apply_retention"],
+ replicate_now=module.params["remote"],
+ )
+ else:
+ array.create_pgroup_snapshot(
+ source=module.params["name"],
+ suffix=module.params["suffix"],
+ snap=True,
+ apply_retention=module.params["apply_retention"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Snapshot of pgroup {0} failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def restore_pgsnapvolume(module, array):
+ """Restore a Protection Group Snapshot Volume"""
+ api_version = array._list_available_rest_versions()
+ changed = True
+ if module.params["suffix"] == "latest":
+ all_snaps = array.get_pgroup(
+ module.params["name"], snap=True, transfer=True
+ ).reverse()
+ for snap in all_snaps:
+ if not snap["completed"]:
+ latest_snap = snap["name"]
+ break
+ try:
+ module.params["suffix"] = latest_snap.split(".")[1]
+ except NameError:
+ module.fail_json(msg="There is no completed snapshot available.")
+ if ":" in module.params["name"] and "::" not in module.params["name"]:
+ if get_rpgsnapshot(module, array) is None:
+ module.fail_json(
+ msg="Selected restore snapshot {0} does not exist in the Protection Group".format(
+ module.params["restore"]
+ )
+ )
+ else:
+ if get_pgroupvolume(module, array) is None:
+ module.fail_json(
+ msg="Selected restore volume {0} does not exist in the Protection Group".format(
+ module.params["restore"]
+ )
+ )
+ volume = (
+ module.params["name"]
+ + "."
+ + module.params["suffix"]
+ + "."
+ + module.params["restore"]
+ )
+ if "::" in module.params["target"]:
+ target_pod_name = module.params["target"].split(":")[0]
+ if "::" in module.params["name"]:
+ source_pod_name = module.params["name"].split(":")[0]
+ else:
+ source_pod_name = ""
+ if source_pod_name != target_pod_name:
+ if (
+ len(array.get_pod(target_pod_name, mediator=True)["arrays"]) > 1
+ and POD_SNAPSHOT not in api_version
+ ):
+ module.fail_json(msg="Volume cannot be restored to a stretched pod")
+ if not module.check_mode:
+ try:
+ array.copy_volume(
+ volume, module.params["target"], overwrite=module.params["overwrite"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to restore {0} from pgroup {1}".format(
+ volume, module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_offload_snapshot(module, array):
+ """Delete Offloaded Protection Group Snapshot"""
+ changed = False
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ if ":" in module.params["name"] and module.params["offload"]:
+ if _check_offload(module, array):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.destroy_pgroup(snapname, on=module.params["offload"])
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_pgroup(
+ snapname, on=module.params["offload"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to eradicate offloaded snapshot {0} on target {1}".format(
+ snapname, module.params["offload"]
+ )
+ )
+ except Exception:
+ pass
+ else:
+ module.fail_json(
+ msg="Offload target {0} does not exist or not connected".format(
+ module.params["offload"]
+ )
+ )
+ else:
+ module.fail_json(msg="Protection Group name not in the correct format")
+
+ module.exit_json(changed=changed)
+
+
+def delete_pgsnapshot(module, array):
+ """Delete Protection Group Snapshot"""
+ changed = True
+ if not module.check_mode:
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ try:
+ array.destroy_pgroup(snapname)
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_pgroup(snapname)
+ except Exception:
+ module.fail_json(
+ msg="Failed to eradicate pgroup {0}".format(snapname)
+ )
+ except Exception:
+ module.fail_json(msg="Failed to delete pgroup {0}".format(snapname))
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ suffix=dict(type="str"),
+ restore=dict(type="str"),
+ offload=dict(type="str"),
+ overwrite=dict(type="bool", default=False),
+ target=dict(type="str"),
+ eradicate=dict(type="bool", default=False),
+ now=dict(type="bool", default=False),
+ apply_retention=dict(type="bool", default=False),
+ remote=dict(type="bool", default=False),
+ state=dict(
+ type="str", default="present", choices=["absent", "present", "copy"]
+ ),
+ )
+ )
+
+ required_if = [("state", "copy", ["suffix", "restore"])]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+ pattern = re.compile("^(?=.*[a-zA-Z-])[a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?$")
+ state = module.params["state"]
+ if state == "present":
+ if module.params["suffix"] is None:
+ suffix = "snap-" + str(
+ (datetime.utcnow() - datetime(1970, 1, 1, 0, 0, 0, 0)).total_seconds()
+ )
+ module.params["suffix"] = suffix.replace(".", "")
+ else:
+ if not pattern.match(module.params["suffix"]):
+ module.fail_json(
+ msg="Suffix name {0} does not conform to suffix name rules".format(
+ module.params["suffix"]
+ )
+ )
+
+ if not module.params["target"] and module.params["restore"]:
+ module.params["target"] = module.params["restore"]
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if OFFLOAD_API not in api_version and module.params["offload"]:
+ module.fail_json(
+ msg="Minimum version {0} required for offload support".format(OFFLOAD_API)
+ )
+ pgroup = get_pgroup(module, array)
+ if pgroup is None:
+ module.fail_json(
+ msg="Protection Group {0} does not exist.".format(module.params["name"])
+ )
+ pgsnap = get_pgsnapshot(module, array)
+ if state != "absent" and module.params["offload"]:
+ module.fail_json(
+ msg="offload parameter not supported for state {0}".format(state)
+ )
+ elif state == "copy":
+ restore_pgsnapvolume(module, array)
+ elif state == "present" and not pgsnap:
+ create_pgsnapshot(module, array)
+ elif state == "present" and pgsnap:
+ module.exit_json(changed=False)
+ elif (
+ state == "absent"
+ and module.params["offload"]
+ and get_offload_snapshot(module, array)
+ ):
+ delete_offload_snapshot(module, array)
+ elif state == "absent" and pgsnap:
+ delete_pgsnapshot(module, array)
+ elif state == "absent" and not pgsnap:
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_phonehome.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_phonehome.py
new file mode 100644
index 000000000..b428b3e33
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_phonehome.py
@@ -0,0 +1,106 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_phonehome
+version_added: '1.0.0'
+short_description: Enable or Disable Pure Storage FlashArray Phonehome
+description:
+- Enablke or Disable Phonehome for a Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Define state of phonehome
+ type: str
+ default: present
+ choices: [ present, absent ]
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Enable Phonehome
+ purestorage.flasharray.purefa_phonehome:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable Phonehome
+ purestorage.flasharray.purefa_phonehome:
+ state: disable
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def enable_ph(module, array):
+ """Enable Remote Assist"""
+ changed = False
+ if array.get_phonehome()["phonehome"] != "enabled":
+ try:
+ if not module.check_mode:
+ array.enable_phonehome()
+ changed = True
+ except Exception:
+ module.fail_json(msg="Enabling Phonehome failed")
+ module.exit_json(changed=changed)
+
+
+def disable_ph(module, array):
+ """Disable Remote Assist"""
+ changed = False
+ if array.get_phonehome()["phonehome"] == "enabled":
+ try:
+ if not module.check_mode:
+ array.disable_phonehome()
+ changed = True
+ except Exception:
+ module.fail_json(msg="Disabling Remote Assist failed")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+
+ if module.params["state"] == "present":
+ enable_ph(module, array)
+ else:
+ disable_ph(module, array)
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod.py
new file mode 100644
index 000000000..75c4eb6c9
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod.py
@@ -0,0 +1,664 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_pod
+short_description: Manage AC pods in Pure Storage FlashArrays
+version_added: '1.0.0'
+description:
+- Manage AC pods in a Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the pod.
+ type: str
+ required: true
+ stretch:
+ description:
+ - The name of the array to stretch to/unstretch from. Must be synchromously replicated.
+ - To unstretch an array use state I(absent)
+ - You can only specify a remote array, ie you cannot unstretch a pod from the
+ current array and then restretch back to the current array.
+ - To restretch a pod you must perform this from the remaining array the pod
+ resides on.
+ type: str
+ failover:
+ description:
+ - The name of the array given priority to stay online if arrays loose
+ contact with eachother.
+ - Oprions are either array in the cluster, or I(auto)
+ type: list
+ elements: str
+ state:
+ description:
+ - Define whether the pod should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ eradicate:
+ description:
+ - Define whether to eradicate the pod on delete or leave in trash.
+ type: bool
+ default: false
+ target:
+ description:
+ - Name of clone target pod.
+ type: str
+ mediator:
+ description:
+ - Name of the mediator to use for a pod
+ type: str
+ default: purestorage
+ promote:
+ description:
+ - Promote/demote any pod not in a stretched relationship. .
+ - Demoting a pod will render it read-only.
+ required: false
+ type: bool
+ quiesce:
+ description:
+ - Quiesce/Skip quiesce when I(promote) is false and demoting an ActiveDR pod.
+ - Quiesce will ensure all local data has been replicated before demotion.
+ - Skipping quiesce looses all pending data to be replicated to the remote pod.
+ - Can only demote the pod if it is in a Acrive DR replica link relationship.
+ - This will default to True
+ required: false
+ type: bool
+ undo:
+ description:
+ - Use the I(undo-remote) pod when I(promote) is true and promoting an ActiveDR pod.
+ - This will default to True
+ required: false
+ type: bool
+ quota:
+ description:
+ - Logical quota limit of the pod in K, M, G, T or P units, or bytes.
+ type: str
+ version_added: '1.18.0'
+ ignore_usage:
+ description:
+ - Flag used to override checks for quota management
+ operations.
+ - If set to true, pod usage is not checked against the
+ quota_limits that are set.
+ - If set to false, the actual logical bytes in use are prevented
+ from exceeding the limits set on the pod.
+ - Client operations might be impacted.
+ - If the limit exceeds the quota, the operation is not allowed.
+ default: false
+ type: bool
+ version_added: '1.18.0'
+
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new pod named foo
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Delete and eradicate pod named foo
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Set failover array for pod named foo
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ failover:
+ - array1
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set mediator for pod named foo
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ mediator: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Stretch a pod named foo to array2
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ stretch: array2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Unstretch a pod named foo from array2
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ stretch: array2
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create clone of pod foo named bar
+ purestorage.flasharray.purefa_pod:
+ name: foo
+ target: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+
+POD_API_VERSION = "1.13"
+POD_QUOTA_VERSION = "2.23"
+
+
+def human_to_bytes(size):
+ """Given a human-readable byte string (e.g. 2G, 30M),
+ return the number of bytes. Will return 0 if the argument has
+ unexpected form.
+ """
+ bytes = size[:-1]
+ unit = size[-1].upper()
+ if bytes.isdigit():
+ bytes = int(bytes)
+ if unit == "P":
+ bytes *= 1125899906842624
+ elif unit == "T":
+ bytes *= 1099511627776
+ elif unit == "G":
+ bytes *= 1073741824
+ elif unit == "M":
+ bytes *= 1048576
+ elif unit == "K":
+ bytes *= 1024
+ else:
+ bytes = 0
+ else:
+ bytes = 0
+ return bytes
+
+
+def get_pod(module, array):
+ """Return Pod or None"""
+ try:
+ return array.get_pod(module.params["name"])
+ except Exception:
+ return None
+
+
+def get_undo_pod(module, array):
+ """Return Undo Pod or None"""
+ try:
+ return array.get_pod(module.params["name"] + ".undo-demote", pending_only=True)
+ except Exception:
+ return None
+
+
+def get_target(module, array):
+ """Return Pod or None"""
+ try:
+ return array.get_pod(module.params["target"])
+ except Exception:
+ return None
+
+
+def get_destroyed_pod(module, array):
+ """Return Destroyed Volume or None"""
+ try:
+ return bool(
+ array.get_pod(module.params["name"], pending=True)["time_remaining"] != ""
+ )
+ except Exception:
+ return False
+
+
+def get_destroyed_target(module, array):
+ """Return Destroyed Volume or None"""
+ try:
+ return bool(
+ array.get_pod(module.params["target"], pending=True)["time_remaining"] != ""
+ )
+ except Exception:
+ return False
+
+
+def check_arrays(module, array):
+ """Check if array name provided are sync-replicated"""
+ good_arrays = []
+ good_arrays.append(array.get()["array_name"])
+ connected_arrays = array.list_array_connections()
+ for arr in range(0, len(connected_arrays)):
+ if connected_arrays[arr]["type"] == "sync-replication":
+ good_arrays.append(connected_arrays[arr]["array_name"])
+ if module.params["failover"] is not None:
+ if module.params["failover"] == ["auto"]:
+ failover_array = []
+ else:
+ failover_array = module.params["failover"]
+ if failover_array != []:
+ for arr in range(0, len(failover_array)):
+ if failover_array[arr] not in good_arrays:
+ module.fail_json(
+ msg="Failover array {0} is not valid.".format(
+ failover_array[arr]
+ )
+ )
+ if module.params["stretch"] is not None:
+ if module.params["stretch"] not in good_arrays:
+ module.fail_json(
+ msg="Stretch: Array {0} is not connected.".format(
+ module.params["stretch"]
+ )
+ )
+ return None
+
+
+def create_pod(module, array):
+ """Create Pod"""
+ changed = True
+ if module.params["target"]:
+ module.fail_json(msg="Cannot clone non-existant pod.")
+ if not module.check_mode:
+ try:
+ if module.params["failover"]:
+ array.create_pod(
+ module.params["name"], failover_list=module.params["failover"]
+ )
+ else:
+ array.create_pod(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Pod {0} creation failed.".format(module.params["name"])
+ )
+ if module.params["mediator"] != "purestorage":
+ try:
+ array.set_pod(module.params["name"], mediator=module.params["mediator"])
+ except Exception:
+ module.warn(
+ "Failed to communicate with mediator {0}, using default value".format(
+ module.params["mediator"]
+ )
+ )
+ if module.params["stretch"]:
+ current_array = array.get()["array_name"]
+ if module.params["stretch"] != current_array:
+ try:
+ array.add_pod(module.params["name"], module.params["rrays"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to stretch pod {0} to array {1}.".format(
+ module.params["name"], module.params["stretch"]
+ )
+ )
+ if module.params["quota"]:
+ arrayv6 = get_array(module)
+ res = arrayv6.patch_pods(
+ names=[module.params["name"]],
+ pod=flasharray.PodPatch(
+ quota_limit=human_to_bytes(module.params["quota"])
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to apply quota to pod {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def clone_pod(module, array):
+ """Create Pod Clone"""
+ changed = False
+ if get_target(module, array) is None:
+ if not get_destroyed_target(module, array):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.clone_pod(module.params["name"], module.params["target"])
+ except Exception:
+ module.fail_json(
+ msg="Clone pod {0} to pod {1} failed.".format(
+ module.params["name"], module.params["target"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Target pod {0} already exists but deleted.".format(
+ module.params["target"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def update_pod(module, array):
+ """Update Pod configuration"""
+ changed = False
+ current_config = array.get_pod(module.params["name"], failover_preference=True)
+ if module.params["failover"]:
+ current_failover = current_config["failover_preference"]
+ if current_failover == [] or sorted(module.params["failover"]) != sorted(
+ current_failover
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ if module.params["failover"] == ["auto"]:
+ if current_failover != []:
+ array.set_pod(module.params["name"], failover_preference=[])
+ else:
+ array.set_pod(
+ module.params["name"],
+ failover_preference=module.params["failover"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to set failover preference for pod {0}.".format(
+ module.params["name"]
+ )
+ )
+ current_config = array.get_pod(module.params["name"], mediator=True)
+ if current_config["mediator"] != module.params["mediator"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_pod(module.params["name"], mediator=module.params["mediator"])
+ except Exception:
+ module.warn(
+ "Failed to communicate with mediator {0}. Setting unchanged.".format(
+ module.params["mediator"]
+ )
+ )
+ if module.params["promote"] is not None:
+ if len(current_config["arrays"]) > 1:
+ module.fail_json(
+ msg="Promotion/Demotion not permitted. Pod {0} is stretched".format(
+ module.params["name"]
+ )
+ )
+ else:
+ if (
+ current_config["promotion_status"] == "demoted"
+ and module.params["promote"]
+ ):
+ try:
+ if module.params["undo"] is None:
+ module.params["undo"] = True
+ if current_config["promotion_status"] == "quiescing":
+ module.fail_json(
+ msg="Cannot promote pod {0} as it is still quiesing".format(
+ module.params["name"]
+ )
+ )
+ elif module.params["undo"]:
+ changed = True
+ if not module.check_mode:
+ if get_undo_pod(module, array):
+ array.promote_pod(
+ module.params["name"],
+ promote_from=module.params["name"] + ".undo-demote",
+ )
+ else:
+ array.promote_pod(module.params["name"])
+ module.warn(
+ "undo-demote pod remaining for {0}. Consider eradicating this.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ array.promote_pod(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to promote pod {0}.".format(module.params["name"])
+ )
+ elif (
+ current_config["promotion_status"] != "demoted"
+ and not module.params["promote"]
+ ):
+ try:
+ if get_undo_pod(module, array):
+ module.fail_json(
+ msg="Cannot demote pod {0} due to associated undo-demote pod not being eradicated".format(
+ module.params["name"]
+ )
+ )
+ if module.params["quiesce"] is None:
+ module.params["quiesce"] = True
+ if current_config["link_target_count"] == 0:
+ changed = True
+ if not module.check_mode:
+ array.demote_pod(module.params["name"])
+ elif not module.params["quiesce"]:
+ changed = True
+ if not module.check_mode:
+ array.demote_pod(module.params["name"], skip_quiesce=True)
+ else:
+ changed = True
+ if not module.check_mode:
+ array.demote_pod(module.params["name"], quiesce=True)
+ except Exception:
+ module.fail_json(
+ msg="Failed to demote pod {0}.".format(module.params["name"])
+ )
+ if module.params["quota"]:
+ arrayv6 = get_array(module)
+ current_pod = list(arrayv6.get_pods(names=[module.params["name"]]).items)[0]
+ quota = human_to_bytes(module.params["quota"])
+ if current_pod.quota_limit != quota:
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.patch_pods(
+ names=[module.params["name"]],
+ pod=flasharray.PodPatch(
+ quota_limit=quota, ignore_usage=module.params["ignore_usage"]
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update quota on pod {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def stretch_pod(module, array):
+ """Stretch/unstretch Pod configuration"""
+ changed = False
+ current_config = array.get_pod(module.params["name"], failover_preference=True)
+ if module.params["stretch"]:
+ current_arrays = []
+ for arr in range(0, len(current_config["arrays"])):
+ current_arrays.append(current_config["arrays"][arr]["name"])
+ if (
+ module.params["stretch"] not in current_arrays
+ and module.params["state"] == "present"
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.add_pod(module.params["name"], module.params["stretch"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to stretch pod {0} to array {1}.".format(
+ module.params["name"], module.params["stretch"]
+ )
+ )
+
+ if (
+ module.params["stretch"] in current_arrays
+ and module.params["state"] == "absent"
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.remove_pod(module.params["name"], module.params["stretch"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to unstretch pod {0} from array {1}.".format(
+ module.params["name"], module.params["stretch"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def delete_pod(module, array):
+ """Delete Pod"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.destroy_pod(module.params["name"])
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_pod(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Eradicate pod {0} failed.".format(module.params["name"])
+ )
+ except Exception:
+ module.fail_json(msg="Delete pod {0} failed.".format(module.params["name"]))
+ module.exit_json(changed=changed)
+
+
+def eradicate_pod(module, array):
+ """Eradicate Deleted Pod"""
+ changed = True
+ if not module.check_mode:
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_pod(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Eradication of pod {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def recover_pod(module, array):
+ """Recover Deleted Pod"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.recover_pod(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Recovery of pod {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ stretch=dict(type="str"),
+ target=dict(type="str"),
+ mediator=dict(type="str", default="purestorage"),
+ failover=dict(type="list", elements="str"),
+ promote=dict(type="bool"),
+ undo=dict(type="bool"),
+ quiesce=dict(type="bool"),
+ eradicate=dict(type="bool", default=False),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ quota=dict(type="str"),
+ ignore_usage=dict(type="bool", default=False),
+ )
+ )
+
+ mutually_exclusive = [
+ ["stretch", "failover"],
+ ["stretch", "eradicate"],
+ ["stretch", "mediator"],
+ ["target", "mediator"],
+ ["target", "stretch"],
+ ["target", "failover"],
+ ["target", "eradicate"],
+ ]
+
+ module = AnsibleModule(
+ argument_spec, mutually_exclusive=mutually_exclusive, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+
+ api_version = array._list_available_rest_versions()
+ if POD_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(POD_API_VERSION)
+ )
+
+ if module.params["quota"] and POD_QUOTA_VERSION in api_version:
+ if not HAS_PURESTORAGE:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'count' parameter"
+ )
+ pod = get_pod(module, array)
+ destroyed = ""
+ if not pod:
+ destroyed = get_destroyed_pod(module, array)
+ if module.params["failover"] or module.params["failover"] != "auto":
+ check_arrays(module, array)
+
+ if state == "present" and not pod:
+ create_pod(module, array)
+ elif pod and module.params["stretch"]:
+ stretch_pod(module, array)
+ elif state == "present" and pod and module.params["target"]:
+ clone_pod(module, array)
+ elif state == "present" and pod and module.params["target"]:
+ clone_pod(module, array)
+ elif state == "present" and pod:
+ update_pod(module, array)
+ elif state == "absent" and pod and not module.params["stretch"]:
+ delete_pod(module, array)
+ elif state == "present" and destroyed:
+ recover_pod(module, array)
+ elif state == "absent" and destroyed:
+ eradicate_pod(module, array)
+ elif state == "absent" and not pod:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod_replica.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod_replica.py
new file mode 100644
index 000000000..87ace4eb3
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_pod_replica.py
@@ -0,0 +1,279 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+
+DOCUMENTATION = """
+---
+module: purefa_pod_replica
+short_description: Manage ActiveDR pod replica links between Pure Storage FlashArrays
+version_added: '1.0.0'
+description:
+ - This module manages ActiveDR pod replica links between Pure Storage FlashArrays.
+author: Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - ActiveDR source pod name
+ required: true
+ type: str
+ state:
+ description:
+ - Creates or modifies a pod replica link
+ required: false
+ default: present
+ type: str
+ choices: [ "present", "absent" ]
+ target_array:
+ description:
+ - Remote array name to create replica on.
+ required: false
+ type: str
+ target_pod:
+ description:
+ - Name of target pod
+ - Must not be the same as the local pod.
+ type: str
+ required: false
+ pause:
+ description:
+ - Pause/unpause a pod replica link
+ required: false
+ type: bool
+extends_documentation_fragment:
+ - purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = """
+- name: Create new pod replica link from foo to bar on arrayB
+ purestorage.flasharray.purefa_pod_replica:
+ name: foo
+ target_array: arrayB
+ target_pod: bar
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Pause an pod replica link
+ purestorage.flasharray.purefa_pod_replica:
+ name: foo
+ pause: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete and eradicate pod replica link
+ purestorage.flasharray.purefa_pod_replica:
+ name: foo
+ state: absent
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = """
+"""
+
+MIN_REQUIRED_API_VERSION = "1.19"
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def get_local_pod(module, array):
+ """Return Pod or None"""
+ try:
+ return array.get_pod(module.params["name"])
+ except Exception:
+ return None
+
+
+def get_local_rl(module, array):
+ """Return Pod Replica Link or None"""
+ try:
+ rlinks = array.list_pod_replica_links()
+ for link in range(0, len(rlinks)):
+ if rlinks[link]["local_pod_name"] == module.params["name"]:
+ return rlinks[link]
+ return None
+ except Exception:
+ return None
+
+
+def _get_arrays(array):
+ """Get Connected Arrays"""
+ arrays = []
+ array_details = array.list_array_connections()
+ for arraycnt in range(0, len(array_details)):
+ arrays.append(array_details[arraycnt]["array_name"])
+ return arrays
+
+
+def update_rl(module, array, local_rl):
+ """Create Pod Replica Link"""
+ changed = False
+ if module.params["pause"] is not None:
+ if local_rl["status"] != "paused" and module.params["pause"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.pause_pod_replica_link(
+ local_pod_name=module.params["name"],
+ remote_pod_name=local_rl["remote_pod_name"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to pause replica link {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif local_rl["status"] == "paused" and not module.params["pause"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.resume_pod_replica_link(
+ local_pod_name=module.params["name"],
+ remote_pod_name=local_rl["remote_pod_name"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to resume replica link {0}.".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_rl(module, array):
+ """Create Pod Replica Link"""
+ changed = True
+ if not module.params["target_pod"]:
+ module.fail_json(msg="target_pod required to create a new replica link.")
+ if not module.params["target_array"]:
+ module.fail_json(msg="target_array required to create a new replica link.")
+ try:
+ connected_arrays = array.list_array_connections()
+ if connected_arrays == []:
+ module.fail_json(msg="No connected arrays.")
+ else:
+ good_array = False
+ for conn_array in range(0, len(connected_arrays)):
+ if connected_arrays[conn_array]["array_name"] == module.params[
+ "target_array"
+ ] and connected_arrays[conn_array]["status"] in [
+ "connected",
+ "connecting",
+ "partially_connected",
+ ]:
+ good_array = True
+ break
+ if not good_array:
+ module.fail_json(
+ msg="Target array {0} is not connected to the source array.".format(
+ module.params["target_array"]
+ )
+ )
+ else:
+ if not module.check_mode:
+ try:
+ array.create_pod_replica_link(
+ local_pod_name=module.params["name"],
+ remote_name=module.params["target_array"],
+ remote_pod_name=module.params["target_pod"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create replica link {0} to target array {1}".format(
+ module.params["name"], module.params["target_array"]
+ )
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create replica link for pod {0}.".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_rl(module, array, local_rl):
+ """Delete Pod Replica Link"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_pod_replica_link(
+ module.params["name"], remote_pod_name=local_rl["remote_pod_name"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete replica link for pod {0}.".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ target_pod=dict(type="str"),
+ target_array=dict(type="str"),
+ pause=dict(type="bool"),
+ state=dict(default="present", choices=["present", "absent"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(msg="Purity v6.0.0 or higher required.")
+
+ local_pod = get_local_pod(module, array)
+ local_replica_link = get_local_rl(module, array)
+
+ if not local_pod:
+ module.fail_json(
+ msg="Selected local pod {0} does not exist.".format(module.params["name"])
+ )
+
+ if len(local_pod["arrays"]) > 1:
+ module.fail_json(
+ msg="Local Pod {0} is already stretched.".format(module.params["name"])
+ )
+
+ if local_replica_link:
+ if local_replica_link["status"] == "unhealthy":
+ module.fail_json(msg="Replca Link unhealthy - please check remote array")
+ if state == "present" and not local_replica_link:
+ create_rl(module, array)
+ elif state == "present" and local_replica_link:
+ update_rl(module, array, local_replica_link)
+ elif state == "absent" and local_replica_link:
+ delete_rl(module, array, local_replica_link)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_policy.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_policy.py
new file mode 100644
index 000000000..37017e4df
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_policy.py
@@ -0,0 +1,1606 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_policy
+version_added: '1.5.0'
+short_description: Manage FlashArray File System Policies
+description:
+- Manage FlashArray file system policies for NFS, SMB and snapshot
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the policy
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the policy should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ policy:
+ description:
+ - The type of policy to use
+ choices: [ nfs, smb, snapshot, quota ]
+ required: true
+ type: str
+ enabled:
+ description:
+ - Define if policy is enabled or not
+ type: bool
+ default: true
+ smb_anon_allowed:
+ description:
+ - Specifies whether access to information is allowed for anonymous users
+ type: bool
+ default: false
+ client:
+ description:
+ - Specifies which SMB or NFS clients are given access
+ - Accepted notation, IP, IP mask, or hostname
+ type: str
+ smb_encrypt:
+ description:
+ - Specifies whether the remote client is required to use SMB encryption
+ type: bool
+ default: false
+ nfs_access:
+ description:
+ - Specifies access control for the export
+ choices: [ root-squash, no-root-squash, all-squash ]
+ type: str
+ default: no-root-squash
+ nfs_permission:
+ description:
+ - Specifies which read-write client access permissions are allowed for the export
+ choices: [ ro, rw ]
+ default: rw
+ type: str
+ user_mapping:
+ description:
+ - Defines if user mapping is enabled
+ type: bool
+ version_added: 1.14.0
+ snap_at:
+ description:
+ - Specifies the number of hours since midnight at which to take a snapshot
+ or the hour including AM/PM
+ - Can only be set on the rule with the smallest I(snap_every) value.
+ - Cannot be set if the I(snap_every) value is not measured in days.
+ - Can only be set for at most one rule in the same policy.
+ type: str
+ snap_every:
+ description:
+ - Specifies the interval between snapshots, in minutes.
+ - The value for all rules must be multiples of one another.
+ - Must be unique for each rule in the same policy.
+ - Value must be between 5 and 525600.
+ type: int
+ snap_keep_for:
+ description:
+ - Specifies the period that snapshots are retained before they are eradicated, in minutes.
+ - Cannot be less than the I(snap_every) value of the rule.
+ - Value must be unique for each rule in the same policy.
+ - Value must be between 5 and 525600.
+ type: int
+ snap_client_name:
+ description:
+ - The customizable portion of the client visible snapshot name.
+ type: str
+ snap_suffix:
+ description:
+ - The snapshot suffix name
+ - The suffix value can only be set for one rule in the same policy
+ - The suffix value can only be set on a rule with the same ``keep_for`` value and ``every`` value
+ - The suffix value can only be set on the rule with the largest ``keep_for`` value
+ - If not specified, defaults to a monotonically increasing number generated by the system.
+ type: str
+ version_added: 1.10.0
+ rename:
+ description:
+ - New name of policy
+ type: str
+ directory:
+ description:
+ - Directories to have the quota rule applied to.
+ type: list
+ elements: str
+ version_added: 1.9.0
+ quota_limit:
+ description:
+ - Logical space limit of the share in M, G, T or P units. See examples.
+ - If size is not set at filesystem creation time the filesystem size becomes unlimited.
+ - This value cannot be set to 0.
+ type: str
+ version_added: 1.9.0
+ quota_notifications:
+ description:
+ - Targets to notify when usage approaches the quota limit.
+ - The list of notification targets is a comma-separated string
+ - If not specified, notification targets are not assigned.
+ type: list
+ elements: str
+ choices: [ user, group ]
+ version_added: 1.9.0
+ quota_enforced:
+ description:
+ - Defines if the directory quota is enforced.
+ default: true
+ type: bool
+ ignore_usage:
+ description:
+ - Flag used to override checks for quota management
+ operations.
+ - If set to true, directory usage is not checked against the
+ quota_limits that are set.
+ - If set to false, the actual logical bytes in use are prevented
+ from exceeding the limits set on the directory.
+ - Client operations might be impacted.
+ - If the limit exceeds the quota, the client operation is not allowed.
+ default: false
+ type: bool
+ version_added: 1.9.0
+ anonuid:
+ description:
+ - The ID to which any users whose UID is affected by I(access) of
+ I(root-squash) or I(all-squash) will be mapped to.
+ - Clear using "".
+ type: str
+ default: "65534"
+ version_added: 1.14.0
+ anongid:
+ description:
+ - The ID to which any users whose GID is affected by I(access) of
+ I(root-squash) or I(all-squash) will be mapped to.
+ - This is ignored when I(user_mapping) is enabled.
+ - Clear using "".
+ type: str
+ default: "65534"
+ version_added: 1.14.0
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create an NFS policy with initial rule
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: nfs
+ nfs_access: root-squash
+ nfs_permission: ro
+ client: client1
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create an empty NFS policy with no rules
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: nfs
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create an empty snapshot policy with no rules
+ purestorage.flasharray.purefa_policy:
+ name: snap1
+ policy: snapshot
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create an empty snapshot policy with single directory member
+ purestorage.flasharray.purefa_policy:
+ name: snap1
+ policy: snapshot
+ directory: "foo:bar"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable a policy
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: nfs
+ enabled: false
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add rule to existing NFS export policy
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: nfs
+ nfs_access: root-squash
+ nfs_permission: ro
+ client: client2
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add rule to existing SMB export policy
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: smb
+ smb_encrypt: true
+ smb_anon_allowed: false
+ client: client1
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add non-suffix rule to existing snapshot export policy
+ purestorage.flasharray.purefa_policy:
+ name: snap1
+ policy: snapshot
+ snap_client_name: foo
+ snap_every: 15
+ snap_keep_for: 1440
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Add suffix rule to existing snapshot export policy
+ purestorage.flasharray.purefa_policy:
+ name: snap1
+ policy: snapshot
+ snap_client_name: foo
+ snap_suffix: bar
+ snap_every: 1440
+ snap_keep_for: 1440
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete policy rule for a client
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: nfs
+ client: client2
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete policy
+ purestorage.flasharray.purefa_policy:
+ name: export1
+ policy: nfs
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create directory quota policy for directory bar
+ purestorage.flasharray.purefa_policy:
+ name: foo
+ directory:
+ - "foo:root"
+ - "bar:bin"
+ policy: quota
+ quota_limit: 10G
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete directory quota policy foo
+ purestorage.flasharray.purefa_policy:
+ name: foo
+ policy: quota
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create empty directory quota policy foo
+ purestorage.flasharray.purefa_policy:
+ name: foo
+ policy: quota
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Detach directory "foo:bar" from quota policy quota1
+ purestorage.flasharray.purefa_policy:
+ name: quota1
+ directory:
+ - "foo:bar"
+ state: absent
+ policy: quota
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Remove quota rule from quota policy foo
+ purestorage.flasharray.purefa_policy:
+ name: foo
+ policy: quota
+ quota_limit: 10G
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+HAS_PACKAGING = True
+try:
+ from packaging import version
+except ImportError:
+ HAS_PACKAGING = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.3"
+MIN_QUOTA_API_VERSION = "2.7"
+MIN_SUFFIX_API_VERSION = "2.9"
+USER_MAP_VERSION = "2.15"
+ALL_SQUASH_VERSION = "2.16"
+
+
+def _human_to_bytes(size):
+ """Given a human-readable byte string (e.g. 2G, 30M),
+ return the number of bytes. Will return 0 if the argument has
+ unexpected form.
+ """
+ bytes = size[:-1]
+ unit = size[-1].upper()
+ if bytes.isdigit():
+ bytes = int(bytes)
+ if unit == "P":
+ bytes *= 1125899906842624
+ elif unit == "T":
+ bytes *= 1099511627776
+ elif unit == "G":
+ bytes *= 1073741824
+ elif unit == "M":
+ bytes *= 1048576
+ elif unit == "K":
+ bytes *= 1024
+ else:
+ bytes = 0
+ else:
+ bytes = 0
+ return bytes
+
+
+def _convert_to_millisecs(hour):
+ if hour[-2:].upper() == "AM" and hour[:2] == "12":
+ return 0
+ elif hour[-2:].upper() == "AM":
+ return int(hour[:-2]) * 3600000
+ elif hour[-2:].upper() == "PM" and hour[:2] == "12":
+ return 43200000
+ return (int(hour[:-2]) + 12) * 3600000
+
+
+def rename_policy(module, array):
+ """Rename a file system policy"""
+ changed = False
+ target_exists = bool(
+ array.get_policies(names=[module.params["rename"]]).status_code == 200
+ )
+ if target_exists:
+ module.fail_json(
+ msg="Rename failed - Target policy {0} already exists".format(
+ module.params["rename"]
+ )
+ )
+ if not module.check_mode:
+ changed = True
+ if module.params["policy"] == "nfs":
+ res = array.patch_policies_nfs(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(name=module.params["rename"]),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to rename NFS policy {0} to {1}".format(
+ module.params["name"], module.params["rename"]
+ )
+ )
+ elif module.params["policy"] == "smb":
+ res = array.patch_policies_smb(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(name=module.params["rename"]),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to rename SMB policy {0} to {1}".format(
+ module.params["name"], module.params["rename"]
+ )
+ )
+ elif module.params["policy"] == "snapshot":
+ res = array.patch_policies_snapshot(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(name=module.params["rename"]),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to rename snapshot policy {0} to {1}".format(
+ module.params["name"], module.params["rename"]
+ )
+ )
+ else:
+ res = array.patch_policies_quota(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(name=module.params["rename"]),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to rename quota policy {0} to {1}".format(
+ module.params["name"], module.params["rename"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_policy(module, array):
+ """Delete a file system policy or rule within a policy"""
+ changed = True
+ if not module.check_mode:
+ changed = False
+ if module.params["policy"] == "nfs":
+ if not module.params["client"]:
+ res = array.delete_policies_nfs(names=[module.params["name"]])
+ if res.status_code == 200:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Deletion of NFS policy {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ else:
+ rules = list(
+ array.get_policies_nfs_client_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ rule_name = ""
+ for rule in range(0, len(rules)):
+ if rules[rule].client == module.params["client"]:
+ rule_name = rules[rule].name
+ break
+ if rule_name:
+ deleted = bool(
+ array.delete_policies_nfs_client_rules(
+ policy_names=[module.params["name"]], names=[rule_name]
+ ).status_code
+ == 200
+ )
+ if deleted:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Failed to delete client {0} from NFS policy {1}. Error: {2}".format(
+ module.params["client"],
+ module.params["name"],
+ deleted.errors[0].message,
+ )
+ )
+ elif module.params["policy"] == "smb":
+ if not module.params["client"]:
+ res = array.delete_policies_smb(names=[module.params["name"]])
+ if res.status_code == 200:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Deletion of SMB policy {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ else:
+ rules = list(
+ array.get_policies_smb_client_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ rule_name = ""
+ for rule in range(0, len(rules)):
+ if rules[rule].client == module.params["client"]:
+ rule_name = rules[rule].name
+ break
+ if rule_name:
+ deleted = bool(
+ array.delete_policies_smb_client_rules(
+ policy_names=[module.params["name"]], names=[rule_name]
+ ).status_code
+ == 200
+ )
+ if deleted:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Failed to delete client {0} from SMB policy {1}. Error: {2}".format(
+ module.params["client"],
+ module.params["name"],
+ deleted.errors[0].message,
+ )
+ )
+ elif module.params["policy"] == "snapshot":
+ if not module.params["snap_client_name"] and not module.params["directory"]:
+ res = array.delete_policies_snapshot(names=[module.params["name"]])
+ if res.status_code == 200:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Deletion of Snapshot policy {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ if module.params["directory"]:
+ dirs = []
+ old_dirs = []
+ current_dirs = list(
+ array.get_directories_policies_snapshot(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if current_dirs:
+ for current_dir in range(0, len(current_dirs)):
+ dirs.append(current_dirs[current_dir].member.name)
+ for old_dir in range(0, len(module.params["directory"])):
+ if module.params["directory"][old_dir] in dirs:
+ old_dirs.append(module.params["directory"][old_dir])
+ else:
+ old_dirs = module.params["directory"]
+ if old_dirs:
+ changed = True
+ for rem_dir in range(0, len(old_dirs)):
+ if not module.check_mode:
+ directory_removed = (
+ array.delete_directories_policies_snapshot(
+ member_names=[old_dirs[rem_dir]],
+ policy_names=module.params["name"],
+ )
+ )
+ if directory_removed.status_code != 200:
+ module.fail_json(
+ msg="Failed to remove directory from Snapshot policy {0}. Error: {1}".format(
+ module.params["name"],
+ directory_removed.errors[0].message,
+ )
+ )
+ if module.params["snap_client_name"]:
+ rules = list(
+ array.get_policies_snapshot_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ rule_name = ""
+ for rule in range(0, len(rules)):
+ if rules[rule].client_name == module.params["snap_client_name"]:
+ rule_name = rules[rule].name
+ break
+ if rule_name:
+ deleted = bool(
+ array.delete_policies_snapshot_rules(
+ policy_names=[module.params["name"]], names=[rule_name]
+ ).status_code
+ == 200
+ )
+ if deleted:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Failed to delete client {0} from Snapshot policy {1}. Error: {2}".format(
+ module.params["snap_client_name"],
+ module.params["name"],
+ deleted.errors[0].message,
+ )
+ )
+ else:
+ if module.params["quota_limit"]:
+ quota_limit = _human_to_bytes(module.params["quota_limit"])
+ rules = list(
+ array.get_policies_quota_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ for rule in range(0, len(rules)):
+ if rules[rule].quota_limit == quota_limit:
+ if (
+ module.params["quota_enforced"] == rules[rule].enforced
+ and ",".join(module.params["quota_notifications"])
+ == rules[rule].notifications
+ ):
+ res = array.delete_policies_quota_rules(
+ policy_names=[module.params["name"]],
+ names=[rules[rule].name],
+ )
+ if res.status_code == 200:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Deletion of Quota rule failed. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ if module.params["directory"]:
+ members = list(
+ array.get_policies_quota_members(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if members:
+ for member in range(0, len(members)):
+ if members[member].member.name in module.params["directory"]:
+ res = array.delete_policies_quota_members(
+ policy_names=[module.params["name"]],
+ member_names=[members[member].member.name],
+ member_types="directories",
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Deletion of Quota member {0} from policy {1}. Error: {2}".format(
+ members[member].member.name,
+ module.params["name"],
+ res.errors[0].message,
+ )
+ )
+ else:
+ changed = True
+ if not module.params["quota_limit"] and not module.params["directory"]:
+ members = list(
+ array.get_policies_quota_members(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if members:
+ member_names = []
+ for member in range(0, len(members)):
+ member_names.append(members[member].member.name)
+ res = array.delete_policies_quota_members(
+ policy_names=[module.params["name"]],
+ member_names=member_names,
+ member_types="directories",
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Deletion of Quota members {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ res = array.delete_policies_quota(names=[module.params["name"]])
+ if res.status_code == 200:
+ changed = True
+ else:
+ module.fail_json(
+ msg="Deletion of Quota policy {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_policy(module, array, all_squash):
+ """Create a file system export"""
+ changed = True
+ if not module.check_mode:
+ changed = False
+ if module.params["policy"] == "nfs":
+ created = array.post_policies_nfs(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPost(enabled=module.params["enabled"]),
+ )
+
+ if created.status_code == 200:
+ policy = flasharray.PolicyNfsPost(
+ user_mapping_enabled=module.params["user_mapping"],
+ )
+ res = array.patch_policies_nfs(
+ names=[module.params["name"]], policy=policy
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to set NFS policy {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ if module.params["client"]:
+ if all_squash:
+ rules = flasharray.PolicyrulenfsclientpostRules(
+ access=module.params["nfs_access"],
+ anongid=module.params["anongid"],
+ anonuid=module.params["anonuid"],
+ client=module.params["client"],
+ permission=module.params["nfs_permission"],
+ )
+ else:
+ rules = flasharray.PolicyrulenfsclientpostRules(
+ access=module.params["nfs_access"],
+ client=module.params["client"],
+ permission=module.params["nfs_permission"],
+ )
+ rule = flasharray.PolicyRuleNfsClientPost(rules=[rules])
+ rule_created = array.post_policies_nfs_client_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create rule for NFS policy {0}. Error: {1}".format(
+ module.params["name"], rule_created.errors[0].message
+ )
+ )
+ changed = True
+ else:
+ module.fail_json(
+ msg="Failed to create NFS policy {0}. Error: {1}".format(
+ module.params["name"], created.errors[0].message
+ )
+ )
+ elif module.params["policy"] == "smb":
+ created = array.post_policies_smb(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPost(enabled=module.params["enabled"]),
+ )
+ if created.status_code == 200:
+ changed = True
+ if module.params["client"]:
+ rules = flasharray.PolicyrulesmbclientpostRules(
+ anonymous_access_allowed=module.params["smb_anon_allowed"],
+ client=module.params["client"],
+ smb_encryption_required=module.params["smb_encrypt"],
+ )
+ rule = flasharray.PolicyRuleSmbClientPost(rules=[rules])
+ rule_created = array.post_policies_smb_client_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create rule for SMB policy {0}. Error: {1}".format(
+ module.params["name"], rule_created.errors[0].message
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Failed to create SMB policy {0}. Error: {1}".format(
+ module.params["name"], created.errors[0].message
+ )
+ )
+ elif module.params["policy"] == "snapshot":
+ if HAS_PACKAGING:
+ suffix_enabled = version.parse(
+ array.get_rest_version()
+ ) >= version.parse(MIN_SUFFIX_API_VERSION)
+ else:
+ suffix_enabled = False
+ created = array.post_policies_snapshot(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPost(enabled=module.params["enabled"]),
+ )
+ if created.status_code == 200:
+ changed = True
+ if module.params["snap_client_name"]:
+ if module.params["snap_keep_for"] < module.params["snap_every"]:
+ module.fail_json(
+ msg="Retention period (snap_keep_for) cannot be less than snapshot interval (snap_every)."
+ )
+ if module.params["snap_at"]:
+ if not module.params["snap_every"] % 1440 == 0:
+ module.fail_json(
+ msg="snap_at time can only be set if snap_every is multiple of 1440"
+ )
+ if suffix_enabled:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ at=_convert_to_millisecs(module.params["snap_at"]),
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ suffix=module.params["snap_suffix"],
+ )
+ else:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ at=_convert_to_millisecs(module.params["snap_at"]),
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ )
+ else:
+ if suffix_enabled:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ suffix=module.params["snap_suffix"],
+ )
+ else:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ )
+ rule = flasharray.PolicyRuleSnapshotPost(rules=[rules])
+ rule_created = array.post_policies_snapshot_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create rule for Snapshot policy {0}. Error: {1}".format(
+ module.params["name"], rule_created.errors[0].message
+ )
+ )
+ if module.params["directory"]:
+ policies = flasharray.DirectoryPolicyPost(
+ policies=[
+ flasharray.DirectorypolicypostPolicies(
+ policy=flasharray.Reference(name=module.params["name"])
+ )
+ ]
+ )
+ directory_added = array.post_directories_policies_snapshot(
+ member_names=module.params["directory"], policies=policies
+ )
+ if directory_added.status_code != 200:
+ module.fail_json(
+ msg="Failed to add directory for Snapshot policy {0}. Error: {1}".format(
+ module.params["name"],
+ directory_added.errors[0].message,
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Failed to create Snapshot policy {0}. Error: {1}".format(
+ module.params["name"], created.errors[0].message
+ )
+ )
+ else:
+ created = array.post_policies_quota(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPost(enabled=module.params["enabled"]),
+ )
+ if created.status_code == 200:
+ changed = True
+ if module.params["quota_limit"]:
+ quota = _human_to_bytes(module.params["quota_limit"])
+ rules = flasharray.PolicyrulequotapostRules(
+ enforced=module.params["quota_enforced"],
+ quota_limit=quota,
+ notifications=",".join(module.params["quota_notifications"]),
+ )
+ rule = flasharray.PolicyRuleQuotaPost(rules=[rules])
+ quota_created = array.post_policies_quota_rules(
+ policy_names=[module.params["name"]],
+ rules=rule,
+ ignore_usage=module.params["ignore_usage"],
+ )
+ if quota_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create rule for Quota policy {0}. Error: {1}".format(
+ module.params["name"], quota_created.errors[0].message
+ )
+ )
+ if module.params["directory"]:
+ members = []
+ for mem in range(0, len(module.params["directory"])):
+ members.append(
+ flasharray.PolicymemberpostMembers(
+ member=flasharray.ReferenceWithType(
+ name=module.params["directory"][mem],
+ resource_type="directories",
+ )
+ )
+ )
+ member = flasharray.PolicyMemberPost(members=members)
+ members_created = array.post_policies_quota_members(
+ policy_names=[module.params["name"]],
+ members=member,
+ ignore_usage=module.params["ignore_usage"],
+ )
+ if members_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to add members to Quota policy {0}. Error: {1}".format(
+ module.params["name"],
+ members_created.errors[0].message,
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Failed to create Quota policy {0}. Error: {1}".format(
+ module.params["name"], created.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def update_policy(module, array, api_version, all_squash):
+ """Update an existing policy including add/remove rules"""
+ changed = (
+ changed_dir
+ ) = (
+ changed_rule
+ ) = changed_enable = changed_quota = changed_member = changed_user_map = False
+ if module.params["policy"] == "nfs":
+ try:
+ current_enabled = list(
+ array.get_policies_nfs(names=[module.params["name"]]).items
+ )[0].enabled
+ if USER_MAP_VERSION in api_version:
+ current_user_map = list(
+ array.get_policies_nfs(names=[module.params["name"]]).items
+ )[0].user_mapping_enabled
+ except Exception:
+ module.fail_json(
+ msg="Incorrect policy type specified for existing policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if (
+ module.params["user_mapping"]
+ and current_user_map != module.params["user_mapping"]
+ ):
+ changed_user_map = True
+ if not module.check_mode:
+ res = array.patch_policies_nfs(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyNfsPatch(
+ user_mapping_enabled=module.params["user_mapping"]
+ ),
+ )
+ if res.status_code != 200:
+ module.exit_json(
+ msg="Failed to enable/disable User Mapping for NFS policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if current_enabled != module.params["enabled"]:
+ changed_enable = True
+ if not module.check_mode:
+ res = array.patch_policies_nfs(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(enabled=module.params["enabled"]),
+ )
+ if res.status_code != 200:
+ module.exit_json(
+ msg="Failed to enable/disable NFS policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if module.params["client"]:
+ rules = list(
+ array.get_policies_nfs_client_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ rule_name = ""
+ for rule in range(0, len(rules)):
+ if rules[rule].client == module.params["client"]:
+ rule_name = rules[rule].name
+ break
+ if not rule_name:
+ if all_squash:
+ rules = flasharray.PolicyrulenfsclientpostRules(
+ permission=module.params["nfs_permission"],
+ client=module.params["client"],
+ anongid=module.params["anongid"],
+ anonuid=module.params["anonuid"],
+ access=module.params["nfs_access"],
+ )
+ else:
+ rules = flasharray.PolicyrulenfsclientpostRules(
+ permission=module.params["nfs_permission"],
+ client=module.params["client"],
+ access=module.params["nfs_access"],
+ )
+ rule = flasharray.PolicyRuleNfsClientPost(rules=[rules])
+ changed_rule = True
+ if not module.check_mode:
+ rule_created = array.post_policies_nfs_client_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create new rule for NFS policy {0}. Error: {1}".format(
+ module.params["name"],
+ rule_created.errors[0].message,
+ )
+ )
+ else:
+ if all_squash:
+ rules = flasharray.PolicyrulenfsclientpostRules(
+ permission=module.params["nfs_permission"],
+ anongid=module.params["anongid"],
+ anonuid=module.params["anonuid"],
+ client=module.params["client"],
+ access=module.params["nfs_access"],
+ )
+ else:
+ rules = flasharray.PolicyrulenfsclientpostRules(
+ permission=module.params["nfs_permission"],
+ client=module.params["client"],
+ access=module.params["nfs_access"],
+ )
+ rule = flasharray.PolicyRuleNfsClientPost(rules=[rules])
+ changed_rule = True
+ if not module.check_mode:
+ rule_created = array.post_policies_nfs_client_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create new rule for SMB policy {0}. Error: {1}".format(
+ module.params["name"], rule_created.errors[0].message
+ )
+ )
+ elif module.params["policy"] == "smb":
+ try:
+ current_enabled = list(
+ array.get_policies_smb(names=[module.params["name"]]).items
+ )[0].enabled
+ except Exception:
+ module.fail_json(
+ msg="Incorrect policy type specified for existing policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if current_enabled != module.params["enabled"]:
+ changed_enable = True
+ if not module.check_mode:
+ res = array.patch_policies_smb(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(enabled=module.params["enabled"]),
+ )
+ if res.status_code != 200:
+ module.exit_json(
+ msg="Failed to enable/disable SMB policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if module.params["client"]:
+ rules = list(
+ array.get_policies_smb_client_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ rule_name = ""
+ for rule in range(0, len(rules)):
+ if rules[rule].client == module.params["client"]:
+ rule_name = rules[rule].name
+ break
+ if not rule_name:
+ rules = flasharray.PolicyrulesmbclientpostRules(
+ anonymous_access_allowed=module.params["smb_anon_allowed"],
+ client=module.params["client"],
+ smb_encryption_required=module.params["smb_encrypt"],
+ )
+ rule = flasharray.PolicyRuleSmbClientPost(rules=[rules])
+ changed_rule = True
+ if not module.check_mode:
+ rule_created = array.post_policies_smb_client_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create new rule for SMB policy {0}. Error: {1}".format(
+ module.params["name"],
+ rule_created.errors[0].message,
+ )
+ )
+ else:
+ rules = flasharray.PolicyrulesmbclientpostRules(
+ anonymous_access_allowed=module.params["smb_anon_allowed"],
+ client=module.params["client"],
+ smb_encryption_required=module.params["smb_encrypt"],
+ )
+ rule = flasharray.PolicyRuleSmbClientPost(rules=[rules])
+ changed_rule = True
+ if not module.check_mode:
+ rule_created = array.post_policies_smb_client_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to create new rule for SMB policy {0}. Error: {1}".format(
+ module.params["name"], rule_created.errors[0].message
+ )
+ )
+ elif module.params["policy"] == "snapshot":
+ if HAS_PACKAGING:
+ suffix_enabled = version.parse(array.get_rest_version()) >= version.parse(
+ MIN_SUFFIX_API_VERSION
+ )
+ else:
+ suffix_enabled = False
+ try:
+ current_enabled = list(
+ array.get_policies_snapshot(names=[module.params["name"]]).items
+ )[0].enabled
+ except Exception:
+ module.fail_json(
+ msg="Incorrect policy type specified for existing policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if current_enabled != module.params["enabled"]:
+ changed_enable = True
+ if not module.check_mode:
+ res = array.patch_policies_snapshot(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(enabled=module.params["enabled"]),
+ )
+ if res.status_code != 200:
+ module.exit_json(
+ msg="Failed to enable/disable snapshot policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if module.params["directory"]:
+ dirs = []
+ new_dirs = []
+ current_dirs = list(
+ array.get_directories_policies_snapshot(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if current_dirs:
+ for current_dir in range(0, len(current_dirs)):
+ dirs.append(current_dirs[current_dir].member.name)
+ for new_dir in range(0, len(module.params["directory"])):
+ if module.params["directory"][new_dir] not in dirs:
+ changed_dir = True
+ new_dirs.append(module.params["directory"][new_dir])
+ else:
+ new_dirs = module.params["directory"]
+ if new_dirs:
+ policies = flasharray.DirectoryPolicyPost(
+ policies=[
+ flasharray.DirectorypolicypostPolicies(
+ policy=flasharray.Reference(name=module.params["name"])
+ )
+ ]
+ )
+ changed_dir = True
+ for add_dir in range(0, len(new_dirs)):
+ if not module.check_mode:
+ directory_added = array.post_directories_policies_snapshot(
+ member_names=[new_dirs[add_dir]], policies=policies
+ )
+ if directory_added.status_code != 200:
+ module.fail_json(
+ msg="Failed to add new directory to Snapshot policy {0}. Error: {1}".format(
+ module.params["name"],
+ directory_added.errors[0].message,
+ )
+ )
+ if module.params["snap_client_name"]:
+ if module.params["snap_at"]:
+ if not module.params["snap_every"] % 1440 == 0:
+ module.fail_json(
+ msg="snap_at time can only be set if snap_every is multiple of 1440"
+ )
+ if module.params["snap_keep_for"] < module.params["snap_every"]:
+ module.fail_json(
+ msg="Retention period (snap_keep_for) cannot be less than snapshot interval (snap_every)."
+ )
+ if (
+ module.params["snap_keep_for"] != module.params["snap_every"]
+ and module.params["snap_suffix"]
+ ):
+ module.fail_json(
+ msg="Suffix (snap_suufix) can only be applied when `snap_keep_for` and `snap_every` are equal."
+ )
+ rules = list(
+ array.get_policies_snapshot_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if rules:
+ rule_name = ""
+ for rule in range(0, len(rules)):
+ if rules[rule].client_name == module.params["snap_client_name"]:
+ rule_name = rules[rule].name
+ break
+ if not rule_name:
+ if module.params["snap_keep_for"] < module.params["snap_every"]:
+ module.fail_json(
+ msg="Retention period (snap_keep_for) cannot be less than snapshot interval (snap_every)."
+ )
+ if module.params["snap_at"]:
+ if not module.params["snap_every"] % 1440 == 0:
+ module.fail_json(
+ msg="snap_at time can only be set if snap_every is multiple of 1440"
+ )
+ if suffix_enabled:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ at=_convert_to_millisecs(module.params["snap_at"]),
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ suffix=module.params["snap_suffix"],
+ )
+ else:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ at=_convert_to_millisecs(module.params["snap_at"]),
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ )
+ else:
+ if suffix_enabled:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ suffix=module.params["snap_suffix"],
+ )
+ else:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ )
+ rule = flasharray.PolicyRuleSnapshotPost(rules=[rules])
+ changed_rule = True
+ if not module.check_mode:
+ rule_created = array.post_policies_snapshot_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ err_no = len(rule_created.errors) - 1
+ module.fail_json(
+ msg="Failed to create new rule for Snapshot policy {0}. Error: {1}".format(
+ module.params["name"],
+ rule_created.errors[err_no].message,
+ )
+ )
+ else:
+ if module.params["snap_keep_for"] < module.params["snap_every"]:
+ module.fail_json(
+ msg="Retention period (snap_keep_for) cannot be less than snapshot interval (snap_every)."
+ )
+ if module.params["snap_at"]:
+ if not module.params["snap_every"] % 1440 == 0:
+ module.fail_json(
+ msg="snap_at time can only be set if snap_every is multiple of 1440"
+ )
+ if suffix_enabled:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ at=_convert_to_millisecs(module.params["snap_at"]),
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ suffix=module.params["snap_suffix"],
+ )
+ else:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ at=_convert_to_millisecs(module.params["snap_at"]),
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ )
+ else:
+ if suffix_enabled:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ suffix=module.params["snap_suffix"],
+ )
+ else:
+ rules = flasharray.PolicyrulesnapshotpostRules(
+ client_name=module.params["snap_client_name"],
+ every=module.params["snap_every"] * 60000,
+ keep_for=module.params["snap_keep_for"] * 60000,
+ )
+ rule = flasharray.PolicyRuleSnapshotPost(rules=[rules])
+ changed_rule = True
+ if not module.check_mode:
+ rule_created = array.post_policies_snapshot_rules(
+ policy_names=[module.params["name"]], rules=rule
+ )
+ if rule_created.status_code != 200:
+ err_no = len(rule_created.errors) - 1
+ module.fail_json(
+ msg="Failed to create new rule for Snapshot policy {0}. Error: {1}".format(
+ module.params["name"],
+ rule_created.errors[err_no].message,
+ )
+ )
+ else:
+ current_enabled = list(
+ array.get_policies_quota(names=[module.params["name"]]).items
+ )[0].enabled
+ if current_enabled != module.params["enabled"]:
+ changed_quota = True
+ if not module.check_mode:
+ res = array.patch_policies_quota(
+ names=[module.params["name"]],
+ policy=flasharray.PolicyPatch(enabled=module.params["enabled"]),
+ )
+ if res.status_code != 200:
+ module.exit_json(
+ msg="Failed to enable/disable snapshot policy {0}".format(
+ module.params["name"]
+ )
+ )
+ if module.params["directory"]:
+ current_members = list(
+ array.get_policies_quota_members(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if current_members:
+ if module.params["state"] == "absent":
+ for member in range(0, len(current_members)):
+ if (
+ current_members[member].member.name
+ in module.params["directory"]
+ ):
+ changed_member = True
+ if not module.check_mode:
+ res = array.delete_policies_quota_members(
+ policy_names=[module.params["name"]],
+ member_names=[current_members[member].member.name],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete rule {0} from quota policy {1}. Error: {2}".format(
+ current_members[member].member.name,
+ module.params["name"],
+ rule_created.errors[0].message,
+ )
+ )
+ else:
+ members = []
+ cmembers = []
+ for cmem in range(0, len(current_members)):
+ cmembers.append(current_members[cmem].member.name)
+ mem_diff = list(set(module.params["directory"]) - set(cmembers))
+ if mem_diff:
+ for mem in range(0, len(mem_diff)):
+ members.append(
+ flasharray.PolicymemberpostMembers(
+ member=flasharray.ReferenceWithType(
+ name=mem_diff[mem],
+ resource_type="directories",
+ )
+ )
+ )
+ member = flasharray.PolicyMemberPost(members=members)
+ changed_member = True
+ if not module.check_mode:
+ members_created = array.post_policies_quota_members(
+ policy_names=[module.params["name"]],
+ members=member,
+ ignore_usage=module.params["ignore_usage"],
+ )
+ if members_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to update members for Quota policy {0}. Error: {1}".format(
+ module.params["name"],
+ members_created.errors[0].message,
+ )
+ )
+ else:
+ members = []
+ for mem in range(0, len(module.params["directory"])):
+ members.append(
+ flasharray.PolicymemberpostMembers(
+ member=flasharray.ReferenceWithType(
+ name=module.params["directory"][mem],
+ resource_type="directories",
+ )
+ )
+ )
+ member = flasharray.PolicyMemberPost(members=members)
+ changed_member = True
+ if not module.check_mode:
+ members_created = array.post_policies_quota_members(
+ policy_names=[module.params["name"]],
+ members=member,
+ ignore_usage=module.params["ignore_usage"],
+ )
+ if members_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to update members for Quota policy {0}. Error: {1}".format(
+ module.params["name"],
+ members_created.errors[0].message,
+ )
+ )
+ if module.params["quota_limit"]:
+ quota = _human_to_bytes(module.params["quota_limit"])
+ current_rules = list(
+ array.get_policies_quota_rules(
+ policy_names=[module.params["name"]]
+ ).items
+ )
+ if current_rules:
+ one_enforced = False
+ for check_rule in range(0, len(current_rules)):
+ if current_rules[check_rule].enforced:
+ one_enforced = True
+ for rule in range(0, len(current_rules)):
+ rule_exists = False
+ if not module.params["quota_notifications"]:
+ current_notifications = "none"
+ else:
+ current_notifications = ",".join(
+ module.params["quota_notifications"]
+ )
+ if bool(
+ (current_rules[rule].quota_limit == quota)
+ and (
+ current_rules[rule].enforced
+ == module.params["quota_enforced"]
+ )
+ and (current_rules[rule].notifications == current_notifications)
+ ):
+ rule_exists = True
+ break
+
+ if not rule_exists:
+ if module.params["quota_enforced"] and one_enforced:
+ module.fail_json(
+ msg="Only one enforced rule can be defined per policy"
+ )
+ rules = flasharray.PolicyrulequotapostRules(
+ enforced=module.params["quota_enforced"],
+ quota_limit=quota,
+ notifications=",".join(module.params["quota_notifications"]),
+ )
+ rule = flasharray.PolicyRuleQuotaPost(rules=[rules])
+ changed_quota = True
+ if not module.check_mode:
+ quota_created = array.post_policies_quota_rules(
+ policy_names=[module.params["name"]],
+ rules=rule,
+ ignore_usage=module.params["ignore_usage"],
+ )
+ if quota_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to add new rule to Quota policy {0}. Error: {1}".format(
+ module.params["name"],
+ quota_created.errors[0].message,
+ )
+ )
+ else:
+ rules = flasharray.PolicyrulequotapostRules(
+ enforced=module.params["quota_enforced"],
+ quota_limit=quota,
+ notifications=",".join(module.params["quota_notifications"]),
+ )
+ rule = flasharray.PolicyRuleQuotaPost(rules=[rules])
+ changed_quota = True
+ if not module.check_mode:
+ quota_created = array.post_policies_quota_rules(
+ policy_names=[module.params["name"]],
+ rules=rule,
+ ignore_usage=module.params["ignore_usage"],
+ )
+ if quota_created.status_code != 200:
+ module.fail_json(
+ msg="Failed to add rule to Quota policy {0}. Error: {1}".format(
+ module.params["name"], quota_created.errors[0].message
+ )
+ )
+
+ if (
+ changed_rule
+ or changed_enable
+ or changed_quota
+ or changed_member
+ or changed_dir
+ or changed_user_map
+ ):
+ changed = True
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ nfs_access=dict(
+ type="str",
+ default="no-root-squash",
+ choices=["root-squash", "no-root-squash", "all-squash"],
+ ),
+ nfs_permission=dict(type="str", default="rw", choices=["rw", "ro"]),
+ policy=dict(
+ type="str", required=True, choices=["nfs", "smb", "snapshot", "quota"]
+ ),
+ name=dict(type="str", required=True),
+ rename=dict(type="str"),
+ client=dict(type="str"),
+ enabled=dict(type="bool", default=True),
+ snap_at=dict(type="str"),
+ snap_every=dict(type="int"),
+ snap_keep_for=dict(type="int"),
+ snap_client_name=dict(type="str"),
+ snap_suffix=dict(type="str"),
+ smb_anon_allowed=dict(type="bool", default=False),
+ smb_encrypt=dict(type="bool", default=False),
+ ignore_usage=dict(type="bool", default=False),
+ quota_enforced=dict(type="bool", default=True),
+ quota_limit=dict(type="str"),
+ anongid=dict(type="str", default="65534"),
+ anonuid=dict(type="str", default="65534"),
+ quota_notifications=dict(
+ type="list", elements="str", choices=["user", "group"]
+ ),
+ user_mapping=dict(type="bool"),
+ directory=dict(type="list", elements="str"),
+ )
+ )
+
+ required_together = [["snap_keep_for", "snap_every"]]
+ module = AnsibleModule(
+ argument_spec, required_together=required_together, supports_check_mode=True
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ if module.params["policy"] == "quota" and MIN_QUOTA_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supportedi for directory quotas. "
+ "Minimum version required: {0}".format(MIN_QUOTA_API_VERSION)
+ )
+ array = get_array(module)
+ state = module.params["state"]
+ if module.params["quota_notifications"]:
+ module.params["quota_notifications"].sort(reverse=True)
+ quota_notifications = []
+ [
+ quota_notifications.append(x)
+ for x in module.params["quota_notifications"]
+ if x not in quota_notifications
+ ]
+ module.params["quota_notifications"] = quota_notifications
+ else:
+ module.params["quota_notifications"] = []
+
+ if (
+ module.params["nfs_access"] == "all-squash"
+ and ALL_SQUASH_VERSION not in api_version
+ ):
+ module.fail_json(
+ msg="all-squash is not supported in this version of Purity//FA"
+ )
+
+ all_squash = ALL_SQUASH_VERSION in api_version
+ exists = bool(array.get_policies(names=[module.params["name"]]).status_code == 200)
+
+ if state == "present" and not exists:
+ create_policy(module, array, all_squash)
+ elif state == "present" and exists and module.params["rename"]:
+ rename_policy(module, array)
+ elif state == "present" and exists:
+ update_policy(module, array, api_version, all_squash)
+ elif state == "absent" and exists:
+ delete_policy(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_proxy.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_proxy.py
new file mode 100644
index 000000000..37dd7ac6a
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_proxy.py
@@ -0,0 +1,131 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_proxy
+version_added: '1.0.0'
+author:
+ - Pure Storage ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+short_description: Configure FlashArray phonehome HTTPs proxy settings
+description:
+- Set or erase configuration for the HTTPS phonehome proxy settings.
+options:
+ state:
+ description:
+ - Set or delete proxy configuration
+ default: present
+ type: str
+ choices: [ absent, present ]
+ host:
+ description:
+ - The proxy host name.
+ type: str
+ port:
+ description:
+ - The proxy TCP/IP port number.
+ type: int
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng proxy settings
+ purestorage.flasharray.purefa_proxy:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set proxy settings
+ purestorage.flasharray.purefa_proxy:
+ host: purestorage.com
+ port: 8080
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def delete_proxy(module, array):
+ """Delete proxy settings"""
+ changed = False
+ current_proxy = array.get(proxy=True)["proxy"]
+ if current_proxy != "":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(proxy="")
+ except Exception:
+ module.fail_json(msg="Delete proxy settigs failed")
+ module.exit_json(changed=changed)
+
+
+def create_proxy(module, array):
+ """Set proxy settings"""
+ changed = False
+ current_proxy = array.get(proxy=True)
+ if current_proxy is not None:
+ new_proxy = (
+ "https://" + module.params["host"] + ":" + str(module.params["port"])
+ )
+ if new_proxy != current_proxy["proxy"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(proxy=new_proxy)
+ except Exception:
+ module.fail_json(msg="Set phone home proxy failed.")
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ host=dict(type="str"),
+ port=dict(type="int"),
+ )
+ )
+
+ required_together = [["host", "port"]]
+
+ module = AnsibleModule(
+ argument_spec, required_together=required_together, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+
+ if state == "absent":
+ delete_proxy(module, array)
+ elif state == "present":
+ create_proxy(module, array)
+ else:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ra.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ra.py
new file mode 100644
index 000000000..4899b0797
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_ra.py
@@ -0,0 +1,121 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_ra
+version_added: '1.0.0'
+short_description: Enable or Disable Pure Storage FlashArray Remote Assist
+description:
+- Enablke or Disable Remote Assist for a Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Define state of remote assist
+ - When set to I(enable) the RA port can be exposed using the
+ I(debug) module.
+ type: str
+ default: enable
+ choices: [ enable, disable ]
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Enable Remote Assist port
+ purestorage.flasharray.purefa_ra:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ register: result
+
+ debug:
+ msg: "Remote Assist: {{ result['ra_facts'] }}"
+
+- name: Disable Remote Assist port
+ purestorage.flasharray.purefa_ra:
+ state: disable
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def enable_ra(module, array):
+ """Enable Remote Assist"""
+ changed = False
+ ra_facts = {}
+ if not array.get_remote_assist_status()["status"] in ["connected", "enabled"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ ra_data = array.enable_remote_assist()
+ ra_facts["fa_ra"] = {"name": ra_data["name"], "port": ra_data["port"]}
+ except Exception:
+ module.fail_json(msg="Enabling Remote Assist failed")
+ else:
+ if not module.check_mode:
+ try:
+ ra_data = array.get_remote_assist_status()
+ ra_facts["fa_ra"] = {"name": ra_data["name"], "port": ra_data["port"]}
+ except Exception:
+ module.fail_json(msg="Getting Remote Assist failed")
+ module.exit_json(changed=changed, ra_info=ra_facts)
+
+
+def disable_ra(module, array):
+ """Disable Remote Assist"""
+ changed = False
+ if array.get_remote_assist_status()["status"] in ["connected", "enabled"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.disable_remote_assist()
+ except Exception:
+ module.fail_json(msg="Disabling Remote Assist failed")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="enable", choices=["enable", "disable"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+
+ if module.params["state"] == "enable":
+ enable_ra(module, array)
+ else:
+ disable_ra(module, array)
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_saml.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_saml.py
new file mode 100644
index 000000000..9d5fc7443
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_saml.py
@@ -0,0 +1,340 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2022, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_saml
+version_added: '1.12.0'
+short_description: Manage FlashArray SAML2 service and identity providers
+description:
+- Enable or disable FlashArray SAML2 providers
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of the SAML2 identity provider (IdP)
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the API client should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ url:
+ description:
+ - The URL of the identity provider
+ type: str
+ array_url:
+ description:
+ - The URL of the FlashArray
+ type: str
+ metadata_url:
+ description:
+ - The URL of the identity provider metadata
+ type: str
+ enabled:
+ description:
+ - Defines the enabled state of the identity provider
+ default: false
+ type: bool
+ encrypt_asserts:
+ description:
+ - If set to true, SAML assertions will be encrypted by the identity provider
+ default: false
+ type: bool
+ sign_request:
+ description:
+ - If set to true, SAML requests will be signed by the service provider.
+ default: false
+ type: bool
+ x509_cert:
+ description:
+ - The X509 certificate that the service provider uses to verify the SAML
+ response signature from the identity provider
+ type: str
+ decryption_credential:
+ description:
+ - The credential used by the service provider to decrypt encrypted SAML assertions from the identity provider
+ type: str
+ signing_credential:
+ description:
+ - The credential used by the service provider to sign SAML requests
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create (disabled) SAML2 SSO with only metadata URL
+ purestorage.flasharray.purefa_saml:
+ name: myIDP
+ array_url: "https://10.10.10.2"
+ metadata_url: "https://myidp.acme.com/adfs/ls"
+ x509_cert: "{{lookup('file', 'x509_cert_file') }}"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Enable SAML2 SSO
+ purestorage.flasharray.purefa_saml:
+ name: myISO
+ enabled: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete SAML2 SSO
+ purestorage.flasharray.purefa_saml:
+ state: absent
+ name: myIDP
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient.flasharray import (
+ Saml2Sso,
+ Saml2SsoPost,
+ Saml2SsoSp,
+ Saml2SsoIdp,
+ ReferenceNoId,
+ )
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.11"
+
+
+def delete_saml(module, array):
+ """Delete SSO SAML2 IdP"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_sso_saml2_idps(names=[module.params["name"]])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete SAML2 IdP {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def update_saml(module, array):
+ """Update SSO SAML2 IdP"""
+ changed = False
+ current_idp = list(array.get_sso_saml2_idps(names=[module.params["name"]]).items)[0]
+ old_idp = {
+ "array_url": current_idp.array_url,
+ "enabled": current_idp.enabled,
+ "sp_sign_cred": getattr(current_idp.sp.signing_credential, "name", None),
+ "sp_decrypt_cred": getattr(current_idp.sp.decryption_credential, "name", None),
+ "id_metadata": current_idp.idp.metadata_url,
+ "id_url": getattr(current_idp.idp, "url", None),
+ "id_sign_enabled": current_idp.idp.sign_request_enabled,
+ "id_encrypt_enabled": current_idp.idp.encrypt_assertion_enabled,
+ "id_cert": current_idp.idp.verification_certificate,
+ }
+ if module.params["url"]:
+ new_url = module.params["url"]
+ else:
+ new_url = old_idp["id_url"]
+ if module.params["array_url"]:
+ new_array_url = module.params["array_url"]
+ else:
+ new_array_url = old_idp["array_url"]
+ if module.params["enabled"] != old_idp["enabled"]:
+ new_enabled = module.params["enabled"]
+ else:
+ new_enabled = old_idp["enabled"]
+ if module.params["sign_request"] != old_idp["id_sign_enabled"]:
+ new_sign = module.params["sign_request"]
+ else:
+ new_sign = old_idp["id_sign_enabled"]
+ if module.params["encrypt_asserts"] != old_idp["id_encrypt_enabled"]:
+ new_encrypt = module.params["encrypt_asserts"]
+ else:
+ new_encrypt = old_idp["id_encrypt_enabled"]
+ if module.params["signing_credential"]:
+ new_sign_cred = module.params["signing_credential"]
+ else:
+ new_sign_cred = old_idp["sp_sign_cred"]
+ if module.params["decryption_credential"]:
+ new_decrypt_cred = module.params["decryption_credential"]
+ else:
+ new_decrypt_cred = old_idp["sp_decrypt_cred"]
+ if module.params["metadata_url"]:
+ new_meta_url = module.params["metadata_url"]
+ else:
+ new_meta_url = old_idp["id_metadata"]
+ if module.params["x509_cert"]:
+ new_cert = module.params["x509_cert"]
+ else:
+ new_cert = old_idp["id_cert"]
+ new_idp = {
+ "array_url": new_array_url,
+ "enabled": new_enabled,
+ "sp_sign_cred": new_sign_cred,
+ "sp_decrypt_cred": new_decrypt_cred,
+ "id_metadata": new_meta_url,
+ "id_sign_enabled": new_sign,
+ "id_encrypt_enabled": new_encrypt,
+ "id_url": new_url,
+ "id_cert": new_cert,
+ }
+ if old_idp != new_idp:
+ changed = True
+ if not module.check_mode:
+ sp = Saml2SsoSp(
+ decryption_credential=ReferenceNoId(name=new_idp["sp_decrypt_cred"]),
+ signing_credential=ReferenceNoId(name=new_idp["sp_sign_cred"]),
+ )
+ idp = Saml2SsoIdp(
+ url=new_idp["id_url"],
+ metadata_url=new_idp["id_metadata"],
+ sign_request_enabled=new_idp["id_sign_enabled"],
+ encrypt_assertion_enabled=new_idp["id_encrypt_enabled"],
+ verification_certificate=new_idp["id_cert"],
+ )
+ res = array.patch_sso_saml2_idps(
+ idp=Saml2Sso(
+ array_url=new_idp["array_url"],
+ idp=idp,
+ sp=sp,
+ enabled=new_idp["enabled"],
+ ),
+ names=[module.params["name"]],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update SAML2 IdP {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def create_saml(module, array):
+ """Create SAML2 IdP"""
+ changed = True
+ if not module.check_mode:
+ sp = Saml2SsoSp(
+ decryption_credential=ReferenceNoId(
+ name=module.params["decryption_credential"]
+ ),
+ signing_credential=ReferenceNoId(name=module.params["signing_credential"]),
+ )
+ idp = Saml2SsoIdp(
+ url=module.params["url"],
+ metadata_url=module.params["metadata_url"],
+ sign_request_enabled=module.params["sign_request"],
+ encrypt_assertion_enabled=module.params["encrypt_asserts"],
+ verification_certificate=module.params["x509_cert"],
+ )
+ if not module.check_mode:
+ res = array.post_sso_saml2_idps(
+ idp=Saml2SsoPost(array_url=module.params["array_url"], idp=idp, sp=sp),
+ names=[module.params["name"]],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create SAML2 Identity Provider {0}. Error message: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ if module.params["enabled"]:
+ res = array.patch_sso_saml2_idps(
+ idp=Saml2Sso(enabled=module.params["enabled"]),
+ names=[module.params["name"]],
+ )
+ if res.status_code != 200:
+ array.delete_sso_saml2_idps(names=[module.params["name"]])
+ module.fail_json(
+ msg="Failed to create SAML2 Identity Provider {0}. Error message: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ name=dict(type="str", required=True),
+ url=dict(type="str"),
+ array_url=dict(type="str"),
+ metadata_url=dict(type="str"),
+ x509_cert=dict(type="str", no_log=True),
+ signing_credential=dict(type="str"),
+ decryption_credential=dict(type="str"),
+ enabled=dict(type="bool", default=False),
+ encrypt_asserts=dict(type="bool", default=False),
+ sign_request=dict(type="bool", default=False),
+ )
+ )
+
+ required_if = [
+ ["encrypt_asserts", True, ["decryption_credential"]],
+ ["sign_request", True, ["signing_credential"]],
+ ]
+
+ module = AnsibleModule(
+ argument_spec, supports_check_mode=True, required_if=required_if
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array = get_array(module)
+ state = module.params["state"]
+
+ try:
+ list(array.get_sso_saml2_idps(names=[module.params["name"]]).items)[0]
+ exists = True
+ except AttributeError:
+ exists = False
+ if not exists and state == "present":
+ create_saml(module, array)
+ elif exists and state == "present":
+ update_saml(module, array)
+ elif exists and state == "absent":
+ delete_saml(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_smis.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_smis.py
new file mode 100644
index 000000000..f752cb950
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_smis.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_smis
+version_added: '1.0.0'
+short_description: Enable or disable FlashArray SMI-S features
+description:
+- Enable or disable FlashArray SMI-S Provider and/or SLP
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ slp:
+ description:
+ - Enable/Disable Service Locator Protocol
+ - Ports used are TCP 427 and UDP 427
+ type: bool
+ default: true
+ smis:
+ description:
+ - Enable/Disable SMI-S Provider
+ - Port used is TCP 5989
+ type: bool
+ default: true
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Enable SMI-S and SLP
+ purestorage.flasharray.purefa_smis:
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable SMI-S and SLP
+ purestorage.flasharray.purefa_smis:
+ smis: false
+ slp: false
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.2"
+
+
+def update_smis(module, array):
+ """Update SMI-S features"""
+ changed = smis_changed = False
+ try:
+ current = list(array.get_smi_s().items)[0]
+ except Exception:
+ module.fail_json(msg="Failed to get current SMI-S settings.")
+ slp_enabled = current.slp_enabled
+ wbem_enabled = current.wbem_https_enabled
+ if slp_enabled != module.params["slp"]:
+ slp_enabled = module.params["slp"]
+ smis_changed = True
+ if wbem_enabled != module.params["smis"]:
+ wbem_enabled = module.params["smis"]
+ smis_changed = True
+ if smis_changed:
+ smi_s = flasharray.Smis(
+ slp_enabled=slp_enabled, wbem_https_enabled=wbem_enabled
+ )
+ changed = True
+ if not module.check_mode:
+ try:
+ array.patch_smi_s(smi_s=smi_s)
+ except Exception:
+ module.fail_json(msg="Failed to change SMI-S settings.")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ smis=dict(type="bool", default=True),
+ slp=dict(type="bool", default=True),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array = get_array(module)
+
+ update_smis(module, array)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_smtp.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_smtp.py
new file mode 100644
index 000000000..d2c1a5e2b
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_smtp.py
@@ -0,0 +1,161 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_smtp
+version_added: '1.0.0'
+author:
+ - Pure Storage ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+short_description: Configure FlashArray SMTP settings
+description:
+- Set or erase configuration for the SMTP settings.
+- If username/password are set this will always force a change as there is
+ no way to see if the password is differnet from the current SMTP configuration.
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Set or delete SMTP configuration
+ default: present
+ type: str
+ choices: [ absent, present ]
+ password:
+ description:
+ - The SMTP password.
+ type: str
+ user:
+ description:
+ - The SMTP username.
+ type: str
+ relay_host:
+ description:
+ - IPv4 or IPv6 address or FQDN. A port number may be appended.
+ type: str
+ sender_domain:
+ description:
+ - Domain name.
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng SMTP settings
+ purestorage.flasharray.purefa_smtp:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Set SMTP settings
+ purestorage.flasharray.purefa_smtp:
+ sender_domain: purestorage.com
+ password: account_password
+ user: smtp_account
+ relay_host: 10.2.56.78:2345
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def delete_smtp(module, array):
+ """Delete SMTP settings"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_smtp(sender_domain="", user_name="", password="", relay_host="")
+ except Exception:
+ module.fail_json(msg="Delete SMTP settigs failed")
+ module.exit_json(changed=changed)
+
+
+def create_smtp(module, array):
+ """Set SMTP settings"""
+ changed = changed_sender = changed_relay = changed_creds = False
+ current_smtp = array.get_smtp()
+ if (
+ module.params["sender_domain"]
+ and current_smtp["sender_domain"] != module.params["sender_domain"]
+ ):
+ changed_sender = True
+ if not module.check_mode:
+ try:
+ array.set_smtp(sender_domain=module.params["sender_domain"])
+ except Exception:
+ module.fail_json(msg="Set SMTP sender domain failed.")
+ if (
+ module.params["relay_host"]
+ and current_smtp["relay_host"] != module.params["relay_host"]
+ ):
+ changed_relay = True
+ if not module.check_mode:
+ try:
+ array.set_smtp(relay_host=module.params["relay_host"])
+ except Exception:
+ module.fail_json(msg="Set SMTP relay host failed.")
+ if module.params["user"]:
+ changed_creds = True
+ if not module.check_mode:
+ try:
+ array.set_smtp(
+ user_name=module.params["user"], password=module.params["password"]
+ )
+ except Exception:
+ module.fail_json(msg="Set SMTP username/password failed.")
+ changed = bool(changed_sender or changed_relay or changed_creds)
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ sender_domain=dict(type="str"),
+ password=dict(type="str", no_log=True),
+ user=dict(type="str"),
+ relay_host=dict(type="str"),
+ )
+ )
+
+ required_together = [["user", "password"]]
+
+ module = AnsibleModule(
+ argument_spec, required_together=required_together, supports_check_mode=True
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+
+ if state == "absent":
+ delete_smtp(module, array)
+ elif state == "present":
+ create_smtp(module, array)
+ else:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snap.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snap.py
new file mode 100644
index 000000000..db567a398
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snap.py
@@ -0,0 +1,640 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2017, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_snap
+version_added: '1.0.0'
+short_description: Manage volume snapshots on Pure Storage FlashArrays
+description:
+- Create or delete volumes and volume snapshots on Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the source volume.
+ type: str
+ required: true
+ suffix:
+ description:
+ - Suffix of snapshot name.
+ - Not used during creation if I(offload) is provided.
+ type: str
+ target:
+ description:
+ - Name of target volume if creating from snapshot.
+ - Name of new snapshot suffix if renaming a snapshot
+ type: str
+ overwrite:
+ description:
+ - Define whether to overwrite existing volume when creating from snapshot.
+ type: bool
+ default: false
+ offload:
+ description:
+ - Only valid for Purity//FA 6.1 or higher
+ - Name of offload target for the snapshot.
+ - Target can be either another FlashArray or an Offload Target
+ - This is only applicable for creation, deletion and eradication of snapshots
+ - I(state) of I(copy) is not supported.
+ - I(suffix) is not supported for offload snapshots.
+ type: str
+ state:
+ description:
+ - Define whether the volume snapshot should exist or not.
+ choices: [ absent, copy, present, rename ]
+ type: str
+ default: present
+ eradicate:
+ description:
+ - Define whether to eradicate the snapshot on delete or leave in trash.
+ type: bool
+ default: false
+ ignore_repl:
+ description:
+ - Only valid for Purity//FA 6.1 or higher
+ - If set to true, allow destruction/eradication of snapshots in use by replication.
+ - If set to false, allow destruction/eradication of snapshots not in use by replication
+ type: bool
+ default: false
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create snapshot foo.ansible
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ suffix: ansible
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Create R/W clone foo_clone from snapshot foo.snap
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ suffix: snap
+ target: foo_clone
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: copy
+
+- name: Create R/W clone foo_clone from remote mnapshot arrayB:foo.snap
+ purestorage.flasharray.purefa_snap:
+ name: arrayB:foo
+ suffix: snap
+ target: foo_clone
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: copy
+
+- name: Overwrite existing volume foo_clone with snapshot foo.snap
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ suffix: snap
+ target: foo_clone
+ overwrite: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: copy
+
+- name: Delete and eradicate snapshot named foo.snap
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ suffix: snap
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Rename snapshot foo.fred to foo.dave
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ suffix: fred
+ target: dave
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: rename
+
+- name: Create a remote volume snapshot on offload device arrayB
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ offload: arrayB
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete and eradicate a volume snapshot foo.1 on offload device arrayB
+ purestorage.flasharray.purefa_snap:
+ name: foo
+ suffix: 1
+ offload: arrayB
+ eradicate: true
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PUREERROR = True
+try:
+ from purestorage import PureHTTPError
+except ImportError:
+ HAS_PUREERROR = False
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+from datetime import datetime
+
+GET_SEND_API = "2.4"
+
+
+def _check_offload(module, array):
+ try:
+ offload = list(array.get_offloads(names=[module.params["offload"]]).items)[0]
+ if offload.status == "connected":
+ return True
+ return False
+ except Exception:
+ return False
+
+
+def _check_target(module, array):
+ try:
+ target = list(
+ array.get_array_connections(names=[module.params["offload"]]).items
+ )[0]
+ if target.status == "connected":
+ return True
+ return False
+ except Exception:
+ return False
+
+
+def _check_offload_snapshot(module, array):
+ """Return Remote Snapshot (active or deleted) or None"""
+ source_array = list(array.get_arrays().items)[0].name
+ snapname = (
+ source_array + ":" + module.params["name"] + "." + module.params["suffix"]
+ )
+ if _check_offload(module, array):
+ res = array.get_remote_volume_snapshots(
+ on=module.params["offload"], names=[snapname], destroyed=False
+ )
+ else:
+ res = array.get_volume_snapshots(names=[snapname], destroyed=False)
+ if res.status_code != 200:
+ return None
+ return list(res.items)[0]
+
+
+def get_volume(module, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(module.params["name"])
+ except Exception:
+ return None
+
+
+def get_target(module, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(module.params["target"])
+ except Exception:
+ return None
+
+
+def get_deleted_snapshot(module, array, arrayv6):
+ """Return Deleted Snapshot"""
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ if module.params["offload"]:
+ source_array = list(arrayv6.get_arrays().items)[0].name
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ full_snapname = source_array + ":" + snapname
+ if _check_offload(module, arrayv6):
+ res = arrayv6.get_remote_volume_snapshots(
+ on=module.params["offload"], names=[full_snapname], destroyed=True
+ )
+ else:
+ res = arrayv6.get_volume_snapshots(names=[snapname], destroyed=True)
+ if res.status_code == 200:
+ return list(res.items)[0].destroyed
+ else:
+ return False
+ else:
+ try:
+ return bool(
+ array.get_volume(snapname, snap=True, pending=True)[0]["time_remaining"]
+ != ""
+ )
+ except Exception:
+ return False
+
+
+def get_snapshot(module, array):
+ """Return Snapshot or None"""
+ try:
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ for snaps in array.get_volume(module.params["name"], snap=True, pending=False):
+ if snaps["name"] == snapname:
+ return True
+ except Exception:
+ return False
+
+
+def create_snapshot(module, array, arrayv6):
+ """Create Snapshot"""
+ changed = False
+ if module.params["offload"]:
+ module.params["suffix"] = None
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.post_remote_volume_snapshots(
+ source_names=[module.params["name"]], on=module.params["offload"]
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to create remote snapshot for volume {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ else:
+ remote_snap = list(res.items)[0].name
+ module.params["suffix"] = remote_snap.split(".")[1]
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_snapshot(
+ module.params["name"], suffix=module.params["suffix"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create snapshot for volume {0}".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed, suffix=module.params["suffix"])
+
+
+def create_from_snapshot(module, array):
+ """Create Volume from Snapshot"""
+ source = module.params["name"] + "." + module.params["suffix"]
+ tgt = get_target(module, array)
+ if tgt is None:
+ changed = True
+ if not module.check_mode:
+ array.copy_volume(source, module.params["target"])
+ elif tgt is not None and module.params["overwrite"]:
+ changed = True
+ if not module.check_mode:
+ array.copy_volume(
+ source, module.params["target"], overwrite=module.params["overwrite"]
+ )
+ elif tgt is not None and not module.params["overwrite"]:
+ changed = False
+ module.exit_json(changed=changed)
+
+
+def recover_snapshot(module, array, arrayv6):
+ """Recover Snapshot"""
+ changed = False
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ if module.params["offload"] and _check_offload(module, arrayv6):
+ source_array = list(array.get_arrays().items)[0].name
+ snapname = source_array + module.params["name"] + "." + module.params["suffix"]
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.patch_remote_volume_snapshots(
+ names=[snapname],
+ on=module.params["offload"],
+ remote_volume_snapshot=flasharray.DestroyedPatchPost(destroyed=False),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to recover remote snapshot {0}".format(snapname)
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.recover_volume(snapname)
+ except Exception:
+ module.fail_json(msg="Recovery of snapshot {0} failed".format(snapname))
+ module.exit_json(changed=changed)
+
+
+def update_snapshot(module, array):
+ """Update Snapshot - basically just rename..."""
+ changed = True
+ if not module.check_mode:
+ current_name = module.params["name"] + "." + module.params["suffix"]
+ new_name = module.params["name"] + "." + module.params["target"]
+ res = array.patch_volume_snapshots(
+ names=[current_name],
+ volume_snapshot=flasharray.VolumeSnapshotPatch(name=new_name),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to rename {0} to {1}. Error: {2}".format(
+ current_name, new_name, res.errors[0].message
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_snapshot(module, array, arrayv6):
+ """Delete Snapshot"""
+ changed = False
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ if module.params["offload"] and _check_offload(module, arrayv6):
+ source_array = list(arrayv6.get_arrays().items)[0].name
+ full_snapname = source_array + ":" + snapname
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.patch_remote_volume_snapshots(
+ names=[full_snapname],
+ on=module.params["offload"],
+ volume_snapshot=flasharray.VolumeSnapshotPatch(destroyed=True),
+ replication_snapshot=module.params["ignore_repl"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ if module.params["eradicate"]:
+ res = arrayv6.delete_remote_volume_snapshots(
+ names=[full_snapname],
+ on=module.params["offload"],
+ replication_snapshot=module.params["ignore_repl"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to eradicate remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ elif module.params["offload"] and _check_target(module, arrayv6):
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.patch_volume_snapshots(
+ names=[snapname],
+ volume_snapshot=flasharray.DestroyedPatchPost(destroyed=True),
+ replication_snapshot=module.params["ignore_repl"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ if module.params["eradicate"]:
+ res = arrayv6.delete_volume_snapshots(
+ names=[snapname], replication_snapshot=module.params["ignore_repl"]
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to eradicate remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ api_version = array._list_available_rest_versions()
+ if GET_SEND_API in api_version:
+ module.warn("here")
+ res = arrayv6.patch_volume_snapshots(
+ names=[snapname],
+ volume_snapshot=flasharray.DestroyedPatchPost(destroyed=True),
+ replication_snapshot=module.params["ignore_repl"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to delete remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ if module.params["eradicate"]:
+ res = arrayv6.delete_volume_snapshots(
+ names=[snapname],
+ replication_snapshot=module.params["ignore_repl"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to eradicate remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ else:
+ try:
+ array.destroy_volume(snapname)
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_volume(snapname)
+ except PureHTTPError as err:
+ module.fail_json(
+ msg="Error eradicating snapshot. Error: {0}".format(
+ err.text
+ )
+ )
+ except PureHTTPError as err:
+ module.fail_json(
+ msg="Error deleting snapshot. Error: {0}".format(err.text)
+ )
+ module.exit_json(changed=changed)
+
+
+def eradicate_snapshot(module, array, arrayv6):
+ """Eradicate snapshot"""
+ changed = True
+ snapname = module.params["name"] + "." + module.params["suffix"]
+ if not module.check_mode:
+ if module.params["offload"] and _check_offload(module, arrayv6):
+ source_array = list(arrayv6.get_arrays().items)[0].name
+ full_snapname = source_array + ":" + snapname
+ res = arrayv6.delete_remote_volume_snapshots(
+ names=[full_snapname],
+ on=module.params["offload"],
+ replication_snapshot=module.params["ignore_repl"],
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to eradicate remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ elif module.params["offload"] and _check_target(module, arrayv6):
+ res = arrayv6.delete_volume_snapshots(
+ names=[snapname], replication_snapshot=module.params["ignore_repl"]
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to eradicate remote snapshot {0}. Error: {1}".format(
+ snapname, res.errors[0].message
+ )
+ )
+ else:
+ try:
+ array.eradicate_volume(snapname)
+ except Exception:
+ changed = False
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ suffix=dict(type="str"),
+ target=dict(type="str"),
+ offload=dict(type="str"),
+ ignore_repl=dict(type="bool", default=False),
+ overwrite=dict(type="bool", default=False),
+ eradicate=dict(type="bool", default=False),
+ state=dict(
+ type="str",
+ default="present",
+ choices=["absent", "copy", "present", "rename"],
+ ),
+ )
+ )
+
+ required_if = [("state", "copy", ["target", "suffix"])]
+
+ module = AnsibleModule(
+ argument_spec, required_if=required_if, supports_check_mode=True
+ )
+ if not HAS_PUREERROR:
+ module.fail_json(msg="purestorage sdk is required for this module")
+ pattern1 = re.compile(
+ "^(?=.*[a-zA-Z-])[a-zA-Z0-9]([a-zA-Z0-9-]{0,63}[a-zA-Z0-9])?$"
+ )
+ pattern2 = re.compile("^([1-9])([0-9]{0,63}[0-9])?$")
+
+ state = module.params["state"]
+ if module.params["suffix"] is None:
+ suffix = "snap-" + str(
+ (datetime.utcnow() - datetime(1970, 1, 1, 0, 0, 0, 0)).total_seconds()
+ )
+ module.params["suffix"] = suffix.replace(".", "")
+ else:
+ if not module.params["offload"]:
+ if not (
+ pattern1.match(module.params["suffix"])
+ or pattern2.match(module.params["suffix"])
+ ) and state not in [
+ "absent",
+ "rename",
+ ]:
+ module.fail_json(
+ msg="Suffix name {0} does not conform to suffix name rules".format(
+ module.params["suffix"]
+ )
+ )
+ if state == "rename" and module.params["target"] is not None:
+ if not pattern1.match(module.params["target"]):
+ module.fail_json(
+ msg="Suffix target {0} does not conform to suffix name rules".format(
+ module.params["target"]
+ )
+ )
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if GET_SEND_API not in api_version:
+ arrayv6 = None
+ if module.params["offload"]:
+ module.fail_json(
+ msg="Purity 6.1, or higher, is required to support single volume offload snapshots"
+ )
+ if state == "rename":
+ module.fail_json(
+ msg="Purity 6.1, or higher, is required to support snapshot rename"
+ )
+ else:
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+ arrayv6 = get_array(module)
+ if module.params["offload"]:
+ if not _check_offload(module, arrayv6) and not _check_target(
+ module, arrayv6
+ ):
+ module.fail_json(
+ msg="Selected offload {0} not connected.".format(
+ module.params["offload"]
+ )
+ )
+ if (
+ state == "copy"
+ and module.params["offload"]
+ and not _check_target(module, arrayv6)
+ ):
+ module.fail_json(
+ msg="Snapshot copy is not supported when an offload target is defined"
+ )
+ destroyed = False
+ array_snap = False
+ offload_snap = False
+ volume = get_volume(module, array)
+ if module.params["offload"] and not _check_target(module, arrayv6):
+ offload_snap = _check_offload_snapshot(module, arrayv6)
+ if offload_snap is None:
+ offload_snap = False
+ else:
+ offload_snap = not offload_snap.destroyed
+ else:
+ array_snap = get_snapshot(module, array)
+ snap = array_snap or offload_snap
+
+ if not snap:
+ destroyed = get_deleted_snapshot(module, array, arrayv6)
+ if state == "present" and volume and not destroyed:
+ create_snapshot(module, array, arrayv6)
+ elif state == "present" and destroyed:
+ recover_snapshot(module, array, arrayv6)
+ elif state == "rename" and volume and snap:
+ update_snapshot(module, arrayv6)
+ elif state == "copy" and snap:
+ create_from_snapshot(module, array)
+ elif state == "absent" and snap and not destroyed:
+ delete_snapshot(module, array, arrayv6)
+ elif state == "absent" and destroyed and module.params["eradicate"]:
+ eradicate_snapshot(module, array, arrayv6)
+ elif state == "absent" and not snap:
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp.py
new file mode 100644
index 000000000..b422f4835
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp.py
@@ -0,0 +1,425 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_snmp
+version_added: '1.0.0'
+short_description: Configure FlashArray SNMP Managers
+description:
+- Manage SNMP managers on a Pure Storage FlashArray.
+- Changing of a named SNMP managers version is not supported.
+- This module is not idempotent and will always modify an
+ existing SNMP manager due to hidden parameters that cannot
+ be compared to the play parameters.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Name of SNMP Manager
+ required: true
+ type: str
+ state:
+ description:
+ - Create or delete SNMP manager
+ type: str
+ default: present
+ choices: [ absent, present ]
+ auth_passphrase:
+ type: str
+ description:
+ - SNMPv3 only. Passphrase of 8 - 32 characters.
+ auth_protocol:
+ type: str
+ description:
+ - SNMP v3 only. Hash algorithm to use
+ choices: [ MD5, SHA ]
+ community:
+ type: str
+ description:
+ - SNMP v2c only. Manager community ID. Between 1 and 32 characters long.
+ host:
+ type: str
+ description:
+ - IPv4 or IPv6 address or FQDN to send trap messages to.
+ user:
+ type: str
+ description:
+ - SNMP v3 only. User ID recognized by the specified SNMP manager.
+ Must be between 1 and 32 characters.
+ version:
+ type: str
+ description:
+ - Version of SNMP protocol to use for the manager.
+ choices: [ v2c, v3 ]
+ default: v2c
+ notification:
+ type: str
+ description:
+ - Action to perform on event.
+ default: trap
+ choices: [ inform, trap ]
+ privacy_passphrase:
+ type: str
+ description:
+ - SNMPv3 only. Passphrase to encrypt SNMP messages.
+ Must be between 8 and 63 non-space ASCII characters.
+ privacy_protocol:
+ type: str
+ description:
+ - SNMP v3 only. Encryption protocol to use
+ choices: [ AES, DES ]
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng SNMP manager
+ purestorage.flasharray.purefa_snmp:
+ name: manager1
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Create v2c SNMP manager
+ puretorage.flasharray.purefa_snmp:
+ name: manager1
+ community: public
+ host: 10.21.22.23
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Create v3 SNMP manager
+ puretorage.flasharray.purefa_snmp:
+ name: manager2
+ version: v3
+ auth_protocol: MD5
+ auth_passphrase: password
+ host: 10.21.22.23
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Update existing SNMP manager
+ purestorage.flasharray.purefa_snmp:
+ name: manager1
+ community: private
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def update_manager(module, array):
+ """Update SNMP Manager"""
+ changed = False
+ try:
+ mgr = array.get_snmp_manager(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to get configuration for SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ if mgr["version"] != module.params["version"]:
+ module.fail_json(msg="Changing an SNMP managers version is not supported.")
+ elif module.params["version"] == "v2c":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_snmp_manager(
+ module.params["name"],
+ community=module.params["community"],
+ notification=module.params["notification"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ if module.params["auth_protocol"] and module.params["privacy_protocol"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_snmp_manager(
+ module.params["name"],
+ auth_passphrase=module.params["auth_passphrase"],
+ auth_protocol=module.params["auth_protocol"],
+ privacy_passphrase=module.params["privacy_passphrase"],
+ privacy_protocol=module.params["privacy_protocol"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif module.params["auth_protocol"] and not module.params["privacy_protocol"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ auth_passphrase=module.params["auth_passphrase"],
+ auth_protocol=module.params["auth_protocol"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif not module.params["auth_protocol"] and module.params["privacy_protocol"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ privacy_passphrase=module.params["privacy_passphrase"],
+ privacy_protocol=module.params["privacy_protocol"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif (
+ not module.params["auth_protocol"] and not module.params["privacy_protocol"]
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Invalid parameters selected in update. Please raise issue in Ansible GitHub"
+ )
+
+ module.exit_json(changed=changed)
+
+
+def delete_manager(module, array):
+ """Delete SNMP Manager"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_snmp_manager(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Delete SNMP manager {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def create_manager(module, array):
+ """Create SNMP Manager"""
+ changed = True
+ if not module.check_mode:
+ if module.params["version"] == "v2c":
+ try:
+ array.create_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ community=module.params["community"],
+ notification=module.params["notification"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ if module.params["auth_protocol"] and module.params["privacy_protocol"]:
+ try:
+ array.create_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ auth_passphrase=module.params["auth_passphrase"],
+ auth_protocol=module.params["auth_protocol"],
+ privacy_passphrase=module.params["privacy_passphrase"],
+ privacy_protocol=module.params["privacy_protocol"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif (
+ module.params["auth_protocol"] and not module.params["privacy_protocol"]
+ ):
+ try:
+ array.create_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ auth_passphrase=module.params["auth_passphrase"],
+ auth_protocol=module.params["auth_protocol"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif (
+ not module.params["auth_protocol"] and module.params["privacy_protocol"]
+ ):
+ try:
+ array.create_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ privacy_passphrase=module.params["privacy_passphrase"],
+ privacy_protocol=module.params["privacy_protocol"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ elif (
+ not module.params["auth_protocol"]
+ and not module.params["privacy_protocol"]
+ ):
+ try:
+ array.create_snmp_manager(
+ module.params["name"],
+ version=module.params["version"],
+ notification=module.params["notification"],
+ user=module.params["user"],
+ host=module.params["host"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create SNMP manager {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Invalid parameters selected in create. Please raise issue in Ansible GitHub"
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ host=dict(type="str"),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ user=dict(type="str"),
+ notification=dict(type="str", choices=["inform", "trap"], default="trap"),
+ auth_passphrase=dict(type="str", no_log=True),
+ auth_protocol=dict(type="str", choices=["MD5", "SHA"]),
+ privacy_passphrase=dict(type="str", no_log=True),
+ privacy_protocol=dict(type="str", choices=["AES", "DES"]),
+ version=dict(type="str", default="v2c", choices=["v2c", "v3"]),
+ community=dict(type="str"),
+ )
+ )
+
+ required_together = [
+ ["auth_passphrase", "auth_protocol"],
+ ["privacy_passphrase", "privacy_protocol"],
+ ]
+ required_if = [
+ ["version", "v2c", ["community", "host"]],
+ ["version", "v3", ["host", "user"]],
+ ]
+
+ module = AnsibleModule(
+ argument_spec,
+ required_together=required_together,
+ required_if=required_if,
+ supports_check_mode=True,
+ )
+
+ state = module.params["state"]
+ array = get_system(module)
+ mgr_configured = False
+ mgrs = array.list_snmp_managers()
+ for mgr in range(0, len(mgrs)):
+ if mgrs[mgr]["name"] == module.params["name"]:
+ mgr_configured = True
+ break
+ if module.params["version"] == "v3":
+ if module.params["auth_passphrase"] and (
+ 8 > len(module.params["auth_passphrase"]) > 32
+ ):
+ module.fail_json(msg="auth_password must be between 8 and 32 characters")
+ if (
+ module.params["privacy_passphrase"]
+ and 8 > len(module.params["privacy_passphrase"]) > 63
+ ):
+ module.fail_json(msg="privacy_password must be between 8 and 63 characters")
+ if state == "absent" and mgr_configured:
+ delete_manager(module, array)
+ elif mgr_configured and state == "present":
+ update_manager(module, array)
+ elif not mgr_configured and state == "present":
+ create_manager(module, array)
+ else:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp_agent.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp_agent.py
new file mode 100644
index 000000000..b9dc8ca94
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_snmp_agent.py
@@ -0,0 +1,267 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_snmp_agent
+version_added: '1.16.0'
+short_description: Configure the FlashArray SNMP Agent
+description:
+- Manage the I(localhost) SNMP Agent on a Pure Storage FlashArray.
+- This module is not idempotent and will always modify the SNMP Agent
+ due to hidden parameters that cannot be compared to the task parameters.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ type: str
+ description:
+ - Used to set or clear the SNMP v2c community string or the SNMP v3
+ auth and privacy protocols.
+ choices: [ absent, present ]
+ default: present
+ user:
+ type: str
+ description:
+ - SNMP v3 only. User ID which must be between 1 and 32 characters.
+ version:
+ type: str
+ description:
+ - Version of SNMP protocol to use for the manager.
+ choices: [ v2c, v3 ]
+ default: v2c
+ community:
+ type: str
+ description:
+ - SNMP v2c only. Manager community ID under which Purity//FA is to
+ communicate with the specified managers.
+ - To remove the string set I(state) to I(absent) with I(version)
+ set to I(v2c)
+ auth_passphrase:
+ type: str
+ description:
+ - SNMP v3 only. Passphrade used by Purity//FA to authenticate the
+ array wit hthe specified managers.
+ - Must be between 8 and 63 non-space ASCII characters.
+ auth_protocol:
+ type: str
+ description:
+ - SNMP v3 only. Encryption protocol to use
+ - To remove the privacy and auth protocols set I(state) to
+ I(absent) with I(version) set to I(v3)
+ choices: [ MD5, SHA ]
+ privacy_passphrase:
+ type: str
+ description:
+ - SNMP v3 only. Passphrase to encrypt SNMP messages.
+ Must be between 8 and 63 non-space ASCII characters.
+ privacy_protocol:
+ type: str
+ description:
+ - SNMP v3 only. Encryption protocol to use
+ - To remove the privacy and auth protocols set I(state) to
+ I(absent) with I(version) set to I(v3)
+ choices: [ AES, DES ]
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Clear SNMP agent v2c community string
+ purestorage.flasharray.purefa_snmp_agent:
+ version: v2c
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Clear SNMP agent v3 auth and privacy protocols
+ purestorage.flasharray.purefa_snmp_agent:
+ version: v3
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Update v2c SNMP agent
+ puretorage.flasharray.purefa_snmp_agent:
+ version: v2c
+ community: public
+ host: 10.21.22.23
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+- name: Update v3 SNMP manager
+ puretorage.flasharray.purefa_snmp_agent:
+ version: v3
+ auth_protocol: MD5
+ auth_passphrase: password
+ host: 10.21.22.23
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.1"
+
+
+def update_agent(module, array, agent):
+ """Update SNMP Agent"""
+ changed = False
+ if module.params["version"] == "v2c":
+ changed = True
+ if not module.check_mode:
+ if module.params["state"] == "delete":
+ community = ""
+ elif module.params["state"] == "present" and module.params["community"]:
+ community = module.params["community"]
+ else:
+ community = ""
+ res = array.patch_snmp_agents(
+ snmp_agent=flasharray.SnmpAgentPatch(
+ name="localhost",
+ version="v2c",
+ v2c=flasharray.SnmpV2c(community=community),
+ )
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update SNMP agent.Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ if module.params["state"] == "delete":
+ changed = True
+ v3 = flasharray.SnmpV3Patch(
+ auth_protocol="",
+ privacy_protocol="",
+ user=module.params["user"],
+ )
+ elif module.params["auth_protocol"] and module.params["privacy_protocol"]:
+ changed = True
+ v3 = flasharray.SnmpV3Patch(
+ auth_passphrase=module.params["auth_passphrase"],
+ auth_protocol=module.params["auth_protocol"],
+ privacy_passphrase=module.params["privacy_passphrase"],
+ privacy_protocol=module.params["privacy_protocol"],
+ user=module.params["user"],
+ )
+ elif module.params["auth_protocol"] and not module.params["privacy_protocol"]:
+ changed = True
+ v3 = flasharray.SnmpV3Patch(
+ auth_passphrase=module.params["auth_passphrase"],
+ auth_protocol=module.params["auth_protocol"],
+ user=module.params["user"],
+ )
+ elif not module.params["auth_protocol"] and module.params["privacy_protocol"]:
+ changed = True
+ v3 = flasharray.SnmpV3Patch(
+ privacy_passphrase=module.params["privacy_passphrase"],
+ privacy_protocol=module.params["privacy_protocol"],
+ user=module.params["user"],
+ )
+ elif (
+ not module.params["auth_protocol"] and not module.params["privacy_protocol"]
+ ):
+ changed = True
+ v3 = flasharray.SnmpV3Patch(user=module.params["user"])
+
+ if not module.check_mode:
+ res = array.patch_snmp_agents(
+ snmp_agent=flasharray.SnmpAgentPatch(
+ name="localhost",
+ version=module.params["version"],
+ v3=v3,
+ )
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to update SNMP agent.Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ user=dict(type="str"),
+ auth_passphrase=dict(type="str", no_log=True),
+ auth_protocol=dict(type="str", choices=["MD5", "SHA"]),
+ privacy_passphrase=dict(type="str", no_log=True),
+ privacy_protocol=dict(type="str", choices=["AES", "DES"]),
+ version=dict(type="str", default="v2c", choices=["v2c", "v3"]),
+ community=dict(type="str"),
+ )
+ )
+
+ required_together = [
+ ["auth_passphrase", "auth_protocol"],
+ ["privacy_passphrase", "privacy_protocol"],
+ ]
+ required_if = [
+ ["version", "v3", ["user"]],
+ ]
+
+ module = AnsibleModule(
+ argument_spec,
+ required_together=required_together,
+ required_if=required_if,
+ supports_check_mode=True,
+ )
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ array = get_array(module)
+
+ agent = list(array.get_snmp_agents().items)
+ if module.params["version"] == "v3":
+ if module.params["auth_passphrase"] and (
+ 8 > len(module.params["auth_passphrase"]) > 32
+ ):
+ module.fail_json(msg="auth_password must be between 8 and 32 characters")
+ if (
+ module.params["privacy_passphrase"]
+ and 8 > len(module.params["privacy_passphrase"]) > 63
+ ):
+ module.fail_json(msg="privacy_password must be between 8 and 63 characters")
+ update_agent(module, array, agent)
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_sso.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_sso.py
new file mode 100644
index 000000000..c1199215f
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_sso.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["deprecated"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_sso
+version_added: '1.9.0'
+deprecated:
+ removed_in: '2.0.0'
+ why: Superceeded by M(purestorage.flasharray.purefa_admin)
+ alternative: Use M(purestorage.flasharray.purefa_admin) instead.
+short_description: Configure Pure Storage FlashArray Single Sign-On
+description:
+- Enable or disable Single Sign-On (SSO) to give LDAP users the ability
+ to navigate seamlessly from Pure1 Manage to the current array through a
+ single login.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Enable or disable the array Signle Sign-On from Pure1 Manage
+ default: present
+ type: str
+ choices: [ present, absent ]
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Enable SSO
+ purestorage.flasharray.purefa_sso:
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable SSO
+ purestorage.flasharray.purefa_sso:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient.flasharray import AdminSettings
+except ImportError:
+ HAS_PURESTORAGE = False
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+SSO_API_VERSION = "2.2"
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ state = module.params["state"]
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ changed = False
+ if SSO_API_VERSION in api_version:
+ array = get_array(module)
+ current_sso = list(array.get_admins_settings().items)[0].single_sign_on_enabled
+ if (state == "present" and not current_sso) or (
+ state == "absent" and current_sso
+ ):
+ changed = True
+ if not module.check_mode:
+ res = array.patch_admins_settings(
+ admin_settings=AdminSettings(
+ single_sign_on_enabled=bool(state == "present")
+ )
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to change Single Sign-On status. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ module.fail_json(msg="Purity version does not support Single Sign-On")
+ module.exit_json(changed=changed)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_subnet.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_subnet.py
new file mode 100644
index 000000000..efce8db9e
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_subnet.py
@@ -0,0 +1,327 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+
+DOCUMENTATION = """
+---
+module: purefa_subnet
+version_added: '1.0.0'
+short_description: Manage network subnets in a Pure Storage FlashArray
+description:
+ - This module manages the network subnets on a Pure Storage FlashArray.
+author: Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Subnet name.
+ required: true
+ type: str
+ state:
+ description:
+ - Create or delete subnet.
+ required: false
+ default: present
+ choices: [ "present", "absent" ]
+ type: str
+ enabled:
+ description:
+ - whether the subnet should be enabled or not
+ default: true
+ type: bool
+ prefix:
+ description:
+ - Set the IPv4 or IPv6 address to be associated with the subnet.
+ required: false
+ type: str
+ gateway:
+ description:
+ - IPv4 or IPv6 address of subnet gateway.
+ required: false
+ type: str
+ mtu:
+ description:
+ - MTU size of the subnet. Range is 568 to 9000.
+ required: false
+ default: 1500
+ type: int
+ vlan:
+ description:
+ - VLAN ID. Range is 0 to 4094.
+ required: false
+ type: int
+extends_documentation_fragment:
+ - purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = """
+- name: Create subnet subnet100
+ purestorage.flasharray.purefa_subnet:
+ name: subnet100
+ vlan: 100
+ gateway: 10.21.200.1
+ prefix: "10.21.200.0/24"
+ mtu: 9000
+ state: present
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Disable subnet subnet100
+ purestorage.flasharray.purefa_subnet:
+ name: subnet100
+ enabled: false
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Delete subnet subnet100
+ purestorage.flasharray.purefa_subnet:
+ name: subnet100
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40"""
+
+RETURN = """
+"""
+
+try:
+ from netaddr import IPNetwork
+
+ HAS_NETADDR = True
+except ImportError:
+ HAS_NETADDR = False
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def _get_subnet(module, array):
+ """Return subnet or None"""
+ subnet = {}
+ try:
+ subnet = array.get_subnet(module.params["name"])
+ except Exception:
+ return None
+ return subnet
+
+
+def update_subnet(module, array, subnet):
+ """Modify subnet settings"""
+ changed = False
+ current_state = {
+ "mtu": subnet["mtu"],
+ "vlan": subnet["vlan"],
+ "prefix": subnet["prefix"],
+ "gateway": subnet["gateway"],
+ }
+ if not module.params["prefix"]:
+ prefix = subnet["prefix"]
+ else:
+ if module.params["gateway"] and module.params["gateway"] not in IPNetwork(
+ module.params["prefix"]
+ ):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ elif (
+ not module.params["gateway"]
+ and subnet["gateway"]
+ and subnet["gateway"] not in IPNetwork(module.params["prefix"])
+ ):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ prefix = module.params["prefix"]
+ if not module.params["vlan"]:
+ vlan = subnet["vlan"]
+ else:
+ if not 0 <= module.params["vlan"] <= 4094:
+ module.fail_json(
+ msg="VLAN {0} is out of range (0 to 4094)".format(module.params["vlan"])
+ )
+ else:
+ vlan = module.params["vlan"]
+ if not module.params["mtu"]:
+ mtu = subnet["mtu"]
+ else:
+ if not 568 <= module.params["mtu"] <= 9000:
+ module.fail_json(
+ msg="MTU {0} is out of range (568 to 9000)".format(module.params["mtu"])
+ )
+ else:
+ mtu = module.params["mtu"]
+ if not module.params["gateway"]:
+ gateway = subnet["gateway"]
+ else:
+ if module.params["gateway"] not in IPNetwork(prefix):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ gateway = module.params["gateway"]
+ new_state = {"prefix": prefix, "mtu": mtu, "gateway": gateway, "vlan": vlan}
+ if new_state != current_state:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_subnet(
+ subnet["name"],
+ prefix=new_state["prefix"],
+ mtu=new_state["mtu"],
+ vlan=new_state["vlan"],
+ gateway=new_state["gateway"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to change settings for subnet {0}.".format(
+ subnet["name"]
+ )
+ )
+ if subnet["enabled"] != module.params["enabled"]:
+ if module.params["enabled"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.enable_subnet(subnet["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to enable subnet {0}.".format(subnet["name"])
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.disable_subnet(subnet["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to disable subnet {0}.".format(subnet["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def create_subnet(module, array):
+ """Create subnet"""
+ changed = True
+ if not module.params["prefix"]:
+ module.fail_json(msg="Prefix required when creating subnet.")
+ else:
+ if module.params["gateway"] and module.params["gateway"] not in IPNetwork(
+ module.params["prefix"]
+ ):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ prefix = module.params["prefix"]
+ if module.params["vlan"]:
+ if not 0 <= module.params["vlan"] <= 4094:
+ module.fail_json(
+ msg="VLAN {0} is out of range (0 to 4094)".format(module.params["vlan"])
+ )
+ else:
+ vlan = module.params["vlan"]
+ else:
+ vlan = 0
+ if module.params["mtu"]:
+ if not 568 <= module.params["mtu"] <= 9000:
+ module.fail_json(
+ msg="MTU {0} is out of range (568 to 9000)".format(module.params["mtu"])
+ )
+ else:
+ mtu = module.params["mtu"]
+ if module.params["gateway"]:
+ if module.params["gateway"] not in IPNetwork(prefix):
+ module.fail_json(msg="Gateway and subnet are not compatible.")
+ gateway = module.params["gateway"]
+ else:
+ gateway = ""
+ if not module.check_mode:
+ try:
+ array.create_subnet(
+ module.params["name"],
+ prefix=prefix,
+ mtu=mtu,
+ vlan=vlan,
+ gateway=gateway,
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create subnet {0}.".format(module.params["name"])
+ )
+ if module.params["enabled"]:
+ if not module.check_mode:
+ try:
+ array.enable_subnet(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to enable subnet {0}.".format(module.params["name"])
+ )
+ else:
+ if not module.check_mode:
+ try:
+ array.disable_subnet(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to disable subnet {0}.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_subnet(module, array):
+ """Delete subnet"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_subnet(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to delete subnet {0}".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ prefix=dict(type="str"),
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ gateway=dict(type="str"),
+ enabled=dict(type="bool", default=True),
+ mtu=dict(type="int", default=1500),
+ vlan=dict(type="int"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ if not HAS_NETADDR:
+ module.fail_json(msg="netaddr module is required")
+ pattern = re.compile(r"[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$")
+ if not pattern.match(module.params["name"]):
+ module.fail_json(
+ msg="name must be between 1 and 63 characters in length and begin and end "
+ "with a letter or number. The name must include at least one letter or '-'."
+ )
+ state = module.params["state"]
+ array = get_system(module)
+ subnet = _get_subnet(module, array)
+ if state == "present" and not subnet:
+ create_subnet(module, array)
+ if state == "present" and subnet:
+ update_subnet(module, array, subnet)
+ elif state == "absent" and subnet:
+ delete_subnet(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog.py
new file mode 100644
index 000000000..adb385ca4
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog.py
@@ -0,0 +1,218 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_syslog
+version_added: '1.0.0'
+short_description: Configure Pure Storage FlashArray syslog settings
+description:
+- Configure syslog configuration for Pure Storage FlashArrays.
+- Add or delete an individual syslog server to the existing
+ list of serves.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create or delete syslog servers configuration
+ default: present
+ type: str
+ choices: [ absent, present ]
+ protocol:
+ description:
+ - Protocol which server uses
+ required: true
+ type: str
+ choices: [ tcp, tls, udp ]
+ port:
+ description:
+ - Port at which the server is listening. If no port is specified
+ the system will use 514
+ type: str
+ address:
+ description:
+ - Syslog server address.
+ This field supports IPv4, IPv6 or FQDN.
+ An invalid IP addresses will cause the module to fail.
+ No validation is performed for FQDNs.
+ type: str
+ required: true
+ name:
+ description:
+ - A user-specified name.
+ The name must be locally unique and cannot be changed.
+ - Only applicable with FlashArrays running Purity//FA 6.0 or higher.
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Delete exisitng syslog server entries
+ purestorage.flasharray.purefa_syslog:
+ address: syslog1.com
+ protocol: tcp
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Set array syslog servers
+ purestorage.flasharray.purefa_syslog:
+ state: present
+ address: syslog1.com
+ protocol: udp
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+
+SYSLOG_NAME_API = "2.4"
+
+
+def delete_syslog(module, array):
+ """Delete Syslog Server"""
+ changed = False
+ noport_address = module.params["protocol"] + "://" + module.params["address"]
+
+ if module.params["port"]:
+ full_address = noport_address + ":" + module.params["port"]
+ else:
+ full_address = noport_address
+
+ address_list = array.get(syslogserver=True)["syslogserver"]
+
+ if address_list:
+ for address in range(0, len(address_list)):
+ if address_list[address] == full_address:
+ del address_list[address]
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(syslogserver=address_list)
+ break
+ except Exception:
+ module.fail_json(
+ msg="Failed to remove syslog server: {0}".format(
+ full_address
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def add_syslog(module, array, arrayv6):
+ """Add Syslog Server"""
+ changed = False
+ noport_address = module.params["protocol"] + "://" + module.params["address"]
+
+ if module.params["port"]:
+ full_address = noport_address + ":" + module.params["port"]
+ else:
+ full_address = noport_address
+
+ address_list = array.get(syslogserver=True)["syslogserver"]
+ exists = False
+
+ if address_list:
+ for address in range(0, len(address_list)):
+ if address_list[address] == full_address:
+ exists = True
+ break
+ if not exists:
+ if arrayv6 and module.params["name"]:
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.post_syslog_servers(
+ names=[module.params["name"]],
+ syslog_server=flasharray.SyslogServer(
+ name=module.params["name"], uri=full_address
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Adding syslog server {0} failed. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ address_list.append(full_address)
+ array.set(syslogserver=address_list)
+ except Exception:
+ module.fail_json(
+ msg="Failed to add syslog server: {0}".format(full_address)
+ )
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ address=dict(type="str", required=True),
+ protocol=dict(type="str", choices=["tcp", "tls", "udp"], required=True),
+ port=dict(type="str"),
+ name=dict(type="str"),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+
+ if module.params["name"] and not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ api_version = array._list_available_rest_versions()
+
+ if SYSLOG_NAME_API in api_version and module.params["name"]:
+ arrayv6 = get_array(module)
+ else:
+ arrayv6 = None
+
+ if module.params["state"] == "absent":
+ delete_syslog(module, array)
+ else:
+ add_syslog(module, array, arrayv6)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog_settings.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog_settings.py
new file mode 100644
index 000000000..fce6dffa3
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_syslog_settings.py
@@ -0,0 +1,171 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2021, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_syslog_settings
+version_added: '1.10.0'
+short_description: Manage FlashArray syslog servers settings
+description:
+- Manage FlashArray syslog servers settings
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ severity:
+ description:
+ - Logging severity threshold for which events will be forwarded to the
+ configured syslog servers.
+ default: info
+ choices: [ debug, info, notice ]
+ type: str
+ ca_certificate:
+ type: str
+ description:
+ - The text of the CA certificate for condifured syslog servers.
+ - Includes the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines
+ - Does not exceed 3000 characters in length
+ - To delete the existing CA certifcate use the special string `DELETE`
+ tls_audit:
+ type: bool
+ default: true
+ description:
+ - If messages that are necessary in order to audit TLS negotiations
+ performed by the array are forwared to the syslog servers.
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Change syslog servers settings
+ purestorage.flasharray.purefa_syslog_servers:
+ tls_audit: false
+ severity: debug
+ ca_certificate: "{{lookup('file', 'example.crt') }}"
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Delete existing CA certifcate for syslog servers settings
+ purestorage.flasharray.purefa_syslog_servers:
+ ca_certificate: DELETE
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ get_array,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "2.9"
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ severity=dict(
+ type="str",
+ default="info",
+ choices=["info", "debug", "notice"],
+ ),
+ tls_audit=dict(type="bool", default=True),
+ ca_certificate=dict(type="str", no_log=True),
+ )
+ )
+
+ module = AnsibleModule(
+ argument_spec,
+ supports_check_mode=True,
+ )
+
+ if not HAS_PURESTORAGE:
+ module.fail_json(msg="py-pure-client sdk is required for this module")
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="Purity//FA version not supported. Minimum version required: 6.2.0"
+ )
+
+ array = get_array(module)
+ changed = cert_change = False
+ if module.params["ca_certificate"] and len(module.params["ca_certificate"]) > 3000:
+ module.fail_json(msg="Certificate exceeds 3000 characters")
+ current = list(array.get_syslog_servers_settings().items)[0]
+ try:
+ if current.ca_certificate:
+ pass
+ except AttributeError:
+ current.ca_certificate = None
+ if current.tls_audit_enabled != module.params["tls_audit"]:
+ changed = True
+ new_tls = module.params["tls_audit"]
+ else:
+ new_tls = current.tls_audit_enabled
+ if current.logging_severity != module.params["severity"]:
+ changed = True
+ new_sev = module.params["severity"]
+ else:
+ new_sev = current.logging_severity
+ if module.params["ca_certificate"]:
+ if module.params["ca_certificate"].upper() == "DELETE":
+ if current.ca_certificate:
+ cert_change = changed = True
+ new_cert = ""
+ elif current.ca_certificate != module.params["ca_certificate"]:
+ cert_change = changed = True
+ new_cert = module.params["ca_certificate"]
+ if changed and not module.check_mode:
+ if cert_change:
+ res = array.patch_syslog_servers_settings(
+ syslog_server_settings=flasharray.SyslogServerSettings(
+ ca_certificate=new_cert,
+ tls_audit_enabled=new_tls,
+ logging_severity=new_sev,
+ )
+ )
+ else:
+ res = array.patch_syslog_servers_settings(
+ syslog_server_settings=flasharray.SyslogServerSettings(
+ tls_audit_enabled=new_tls, logging_severity=new_sev
+ )
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Changing syslog settings failed. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_timeout.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_timeout.py
new file mode 100644
index 000000000..e5d041fa3
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_timeout.py
@@ -0,0 +1,116 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_timeout
+version_added: '1.0.0'
+short_description: Configure Pure Storage FlashArray GUI idle timeout
+description:
+- Configure GUI idle timeout for Pure Storage FlashArrays.
+- This does not affect existing GUI sessions.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Set or disable the GUI idle timeout
+ default: present
+ type: str
+ choices: [ present, absent ]
+ timeout:
+ description:
+ - Minutes for idle timeout.
+ type: int
+ default: 30
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Set GUI idle timeout to 25 minutes
+ purestorage.flasharray.purefa_timeout:
+ timeout: 25
+ state: present
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable idle timeout
+ purestorage.flasharray.purefa_timeout:
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def set_timeout(module, array):
+ """Set GUI idle timeout"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(idle_timeout=module.params["timeout"])
+ except Exception:
+ module.fail_json(msg="Failed to set GUI idle timeout")
+
+ module.exit_json(changed=changed)
+
+
+def disable_timeout(module, array):
+ """Disable idle timeout"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set(idle_timeout=0)
+ except Exception:
+ module.fail_json(msg="Failed to disable GUI idle timeout")
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ timeout=dict(type="int", default=30),
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ if 5 < module.params["timeout"] > 180 and module.params["timeout"] != 0:
+ module.fail_json(msg="Timeout value must be between 5 and 180 minutes")
+ array = get_system(module)
+ current_timeout = array.get(idle_timeout=True)["idle_timeout"]
+ if state == "present" and current_timeout != module.params["timeout"]:
+ set_timeout(module, array)
+ elif state == "absent" and current_timeout != 0:
+ disable_timeout(module, array)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_token.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_token.py
new file mode 100644
index 000000000..fa66fe308
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_token.py
@@ -0,0 +1,225 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_token
+version_added: '1.0.0'
+short_description: Create or delete an API token for an existing admin user
+description:
+- Create or delete an API token for an existing admin user.
+- Uses username/password to create/delete the API token.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create or delete API token
+ type: str
+ default: present
+ choices: [ present, absent ]
+ recreate:
+ description:
+ - Recreates the API token, overwriting the existing API token if present
+ type: bool
+ default: false
+ username:
+ description:
+ - Username of the admin user to create API token for
+ type: str
+ password:
+ description:
+ - Password of the admin user to create API token for.
+ type: str
+ fa_url:
+ description:
+ - FlashArray management IPv4 address or Hostname.
+ type: str
+ timeout:
+ description:
+ - The duration of API token validity.
+ - Valid values are weeks (w), days(d), hours(h), minutes(m) and seconds(s).
+ type: str
+"""
+
+EXAMPLES = r"""
+- name: Create API token with no expiration
+ purefa_token:
+ username: pureuser
+ password: secret
+ state: present
+ fa_url: 10.10.10.2
+- name: Create API token with 23 days expiration
+ purefa_token:
+ username: pureuser
+ password: secret
+ state: present
+ timeout: 23d
+ fa_url: 10.10.10.2
+- name: Delete API token
+ purefa_token:
+ username: pureuser
+ password: secret
+ state: absent
+ fa_url: 10.10.10.2
+"""
+
+RETURN = r"""
+purefa_token:
+ description: API token for user
+ returned: changed
+ type: str
+ sample: e649f439-49be-3806-f774-a35cbbc4c2d2
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+)
+from os import environ
+import platform
+
+VERSION = 1.0
+USER_AGENT_BASE = "Ansible_token"
+TIMEOUT_API_VERSION = "2.2"
+
+HAS_PURESTORAGE = True
+try:
+ from purestorage import purestorage
+except ImportError:
+ HAS_PURESTORAGE = False
+
+
+def _convert_time_to_millisecs(timeout):
+ if timeout[-1:].lower() not in ["w", "d", "h", "m", "s"]:
+ return 0
+ try:
+ if timeout[-1:].lower() == "w":
+ return int(timeout[:-1]) * 7 * 86400000
+ elif timeout[-1:].lower() == "d":
+ return int(timeout[:-1]) * 86400000
+ elif timeout[-1:].lower() == "h":
+ return int(timeout[:-1]) * 3600000
+ elif timeout[-1:].lower() == "m":
+ return int(timeout[:-1]) * 60000
+ except Exception:
+ return 0
+
+
+def get_session(module):
+ """Return System Object or Fail"""
+ user_agent = "%(base)s %(class)s/%(version)s (%(platform)s)" % {
+ "base": USER_AGENT_BASE,
+ "class": __name__,
+ "version": VERSION,
+ "platform": platform.platform(),
+ }
+
+ array_name = module.params["fa_url"]
+ username = module.params["username"]
+ password = module.params["password"]
+
+ if HAS_PURESTORAGE:
+ if array_name and username and password:
+ system = purestorage.FlashArray(
+ array_name, username=username, password=password, user_agent=user_agent
+ )
+ elif environ.get("PUREFA_URL"):
+ if environ.get("PUREFA_USERNAME") and environ.get("PUREFA_PASSWORD"):
+ url = environ.get("PUREFA_URL")
+ username = environ.get("PUREFA_USERNAME")
+ password = environ.get("PUREFA_PASSWORD")
+ system = purestorage.FlashArray(
+ url, username=username, password=password, user_agent=user_agent
+ )
+ else:
+ module.fail_json(
+ msg="You must set PUREFA_URL and PUREFA_USERNAME, PUREFA_PASSWORD "
+ "environment variables or the fa_url, username and password "
+ "module arguments"
+ )
+ try:
+ system.get()
+ except Exception:
+ module.fail_json(
+ msg="Pure Storage FlashArray authentication failed. Check your credentials"
+ )
+ else:
+ module.fail_json(msg="purestorage SDK is not installed.")
+ return system
+
+
+def main():
+ argument_spec = dict(
+ fa_url=dict(required=False),
+ username=dict(type="str", required=False),
+ password=dict(no_log=True, required=False),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ recreate=dict(type="bool", default=False),
+ timeout=dict(type="str"),
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=False)
+ array = get_session(module)
+ changed = False
+
+ if module.params["username"]:
+ username = module.params["username"]
+ else:
+ username = environ.get("PUREFA_USERNAME")
+ state = module.params["state"]
+ recreate = module.params["recreate"]
+
+ result = array.get_api_token(admin=username)
+ api_version = array._list_available_rest_versions()
+ if state == "present" and result["api_token"] is None:
+ result = array.create_api_token(admin=username)
+ changed = True
+ elif state == "present" and recreate:
+ result = array.delete_api_token(admin=username)
+ result = array.create_api_token(admin=username)
+ changed = True
+ elif state == "absent" and result["api_token"]:
+ result = array.delete_api_token(admin=username)
+ changed = True
+
+ api_token = result["api_token"]
+
+ if (
+ TIMEOUT_API_VERSION in api_version
+ and module.params["timeout"]
+ and state == "present"
+ ):
+ module.params["api_token"] = api_token
+ array6 = get_array(module)
+ ttl = _convert_time_to_millisecs(module.params["timeout"])
+ if ttl != 0:
+ changed = True
+ array6.delete_admins_api_tokens(names=[username])
+ res = array6.post_admins_api_tokens(names=[username], timeout=ttl)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to set token lifetime. Error: {0}".format(
+ res.errors[0].message
+ )
+ )
+ else:
+ api_token = list(res.items)[0].api_token.token
+ module.exit_json(changed=changed, purefa_token=api_token)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_user.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_user.py
new file mode 100644
index 000000000..8544c5393
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_user.py
@@ -0,0 +1,278 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_user
+version_added: '1.0.0'
+short_description: Create, modify or delete FlashArray local user account
+description:
+- Create, modify or delete local users on a Pure Stoage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Create, delete or update local user account
+ default: present
+ type: str
+ choices: [ absent, present ]
+ name:
+ description:
+ - The name of the local user account
+ type: str
+ required: true
+ role:
+ description:
+ - Sets the local user's access level to the array
+ type: str
+ choices: [ readonly, ops_admin, storage_admin, array_admin ]
+ password:
+ description:
+ - Password for the local user.
+ type: str
+ old_password:
+ description:
+ - If changing an existing password, you must provide the old password for security
+ type: str
+ api:
+ description:
+ - Define whether to create an API token for this user
+ - Token can be exposed using the I(debug) module
+ type: bool
+ default: false
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new user ansible with API token
+ purestorage.flasharray.purefa_user:
+ name: ansible
+ password: apassword
+ role: storage_admin
+ api: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ register: result
+
+ debug:
+ msg: "API Token: {{ result['user_info']['user_api'] }}"
+
+- name: Change role type for existing user
+ purestorage.flasharray.purefa_user:
+ name: ansible
+ role: array_admin
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Change password type for existing user (NOT IDEMPOTENT)
+ purestorage.flasharray.purefa_user:
+ name: ansible
+ password: anewpassword
+ old_password: apassword
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Change API token for existing user
+ purestorage.flasharray.purefa_user:
+ name: ansible
+ api: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ register: result
+
+ debug:
+ msg: "API Token: {{ result['user_info']['user_api'] }}"
+"""
+
+RETURN = r"""
+"""
+
+
+import re
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "1.14"
+
+
+def get_user(module, array):
+ """Return Local User Account or None"""
+ user = None
+ users = array.list_admins()
+ for acct in range(0, len(users)):
+ if users[acct]["name"] == module.params["name"]:
+ user = users[acct]
+ return user
+
+
+def create_user(module, array):
+ """Create or Update Local User Account"""
+ changed = api_changed = role_changed = passwd_changed = False
+ user = get_user(module, array)
+ role = module.params["role"]
+ user_token = {}
+ if not user:
+ changed = True
+ if not module.check_mode:
+ try:
+ if not role:
+ role = "readonly"
+ array.create_admin(
+ module.params["name"], role=role, password=module.params["password"]
+ )
+ if module.params["api"]:
+ try:
+ user_token["user_api"] = array.create_api_token(
+ module.params["name"]
+ )["api_token"]
+ except Exception:
+ array.delete_user(module.params["name"])
+ module.fail_json(
+ msg="Local User {0}: Creation failed".format(
+ module.params["name"]
+ )
+ )
+ except Exception:
+ module.fail_json(
+ msg="Local User {0}: Creation failed".format(module.params["name"])
+ )
+ else:
+ if module.params["password"] and not module.params["old_password"]:
+ module.exit_json(changed=changed)
+ if module.params["password"] and module.params["old_password"]:
+ if module.params["old_password"] and (
+ module.params["password"] != module.params["old_password"]
+ ):
+ passwd_changed = True
+ if not module.check_mode:
+ try:
+ array.set_admin(
+ module.params["name"],
+ password=module.params["password"],
+ old_password=module.params["old_password"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Local User {0}: Password reset failed. "
+ "Check old password.".format(module.params["name"])
+ )
+ else:
+ module.fail_json(
+ msg="Local User Account {0}: Password change failed - "
+ "Check both old and new passwords".format(module.params["name"])
+ )
+ if module.params["api"]:
+ try:
+ if not array.get_api_token(module.params["name"])["api_token"] is None:
+ if not module.check_mode:
+ array.delete_api_token(module.params["name"])
+ api_changed = True
+ if not module.check_mode:
+ user_token["user_api"] = array.create_api_token(
+ module.params["name"]
+ )["api_token"]
+ except Exception:
+ module.fail_json(
+ msg="Local User {0}: API token change failed".format(
+ module.params["name"]
+ )
+ )
+ if module.params["role"] and module.params["role"] != user["role"]:
+ if module.params["name"] != "pureuser":
+ role_changed = True
+ if not module.check_mode:
+ try:
+ array.set_admin(
+ module.params["name"], role=module.params["role"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Local User {0}: Role changed failed".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.warn("Role for 'pureuser' cannot be modified.")
+ changed = bool(passwd_changed or role_changed or api_changed)
+ module.exit_json(changed=changed, user_info=user_token)
+
+
+def delete_user(module, array):
+ """Delete Local User Account"""
+ changed = False
+ if get_user(module, array):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.delete_admin(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Object Store Account {0}: Deletion failed".format(
+ module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(required=True, type="str"),
+ role=dict(
+ type="str",
+ choices=["readonly", "ops_admin", "storage_admin", "array_admin"],
+ ),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ password=dict(type="str", no_log=True),
+ old_password=dict(type="str", no_log=True),
+ api=dict(type="bool", default=False),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ pattern = re.compile("^[a-z0-9]([a-z0-9-]{0,30}[a-z0-9])?$")
+ if not pattern.match(module.params["name"]):
+ module.fail_json(
+ msg="name must contain a minimum of 1 and a maximum of 32 characters "
+ "(alphanumeric or `-`). All letters must be lowercase."
+ )
+
+ if state == "absent":
+ delete_user(module, array)
+ elif state == "present":
+ create_user(module, array)
+ else:
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vg.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vg.py
new file mode 100644
index 000000000..febb0d5a2
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vg.py
@@ -0,0 +1,685 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2017, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_vg
+version_added: '1.0.0'
+short_description: Manage volume groups on Pure Storage FlashArrays
+description:
+- Create, delete or modify volume groups on Pure Storage FlashArrays.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the volume group.
+ - Multi-volume-group support available from Purity//FA 6.0.0
+ B(***NOTE***) Manual deletion or eradication of individual volume groups created
+ using multi-volume-group will cause idempotency to fail
+ - Multi-volume-group support only exists for volume group creation
+ type: str
+ required: true
+ state:
+ description:
+ - Define whether the volume group should exist or not.
+ type: str
+ default: present
+ choices: [ absent, present ]
+ eradicate:
+ description:
+ - Define whether to eradicate the volume group on delete and leave in trash.
+ type : bool
+ default: false
+ bw_qos:
+ description:
+ - Bandwidth limit for vgroup in M or G units.
+ M will set MB/s
+ G will set GB/s
+ To clear an existing QoS setting use 0 (zero)
+ type: str
+ iops_qos:
+ description:
+ - IOPs limit for vgroup - use value or K or M
+ K will mean 1000
+ M will mean 1000000
+ To clear an existing IOPs setting use 0 (zero)
+ type: str
+ count:
+ description:
+ - Number of volume groups to be created in a multiple volume group creation
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: int
+ start:
+ description:
+ - Number at which to start the multiple volume group creation index
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: int
+ default: 0
+ digits:
+ description:
+ - Number of digits to use for multiple volume group count. This
+ will pad the index number with zeros where necessary
+ - Only supported from Purity//FA v6.0.0 and higher
+ - Range is between 1 and 10
+ type: int
+ default: 1
+ suffix:
+ description:
+ - Suffix string, if required, for multiple volume group create
+ - Volume group names will be formed as I(<name>#I<suffix>), where
+ I(#) is a placeholder for the volume index
+ See associated descriptions
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: str
+ priority_operator:
+ description:
+ - DMM Priority Adjustment operator
+ type: str
+ choices: [ +, '-' ]
+ default: +
+ version_added: '1.13.0'
+ priority_value:
+ description:
+ - DMM Priority Adjustment value
+ type: int
+ choices: [ 0, 10 ]
+ default: 0
+ version_added: '1.13.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new volune group
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ bw_qos: 50M
+ iops_qos: 100
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Create 10 volune groups of pattern foo#bar with QoS
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ suffix: bar
+ count: 10
+ start: 10
+ digits: 3
+ bw_qos: 50M
+ iops_qos: 100
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update volune group QoS limits
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ bw_qos: 0
+ iops_qos: 5555
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Update volune group DMM Priority Adjustment (Purity//FA 6.1.2+)
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ priority_operator: '-'
+ priority_value: 10
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Destroy volume group
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Recover deleted volune group - no changes are made to the volume group on recovery
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Destroy and Eradicate volume group
+ purestorage.flasharray.purefa_vg:
+ name: foo
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+"""
+
+RETURN = r"""
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+
+VGROUP_API_VERSION = "1.13"
+VG_IOPS_VERSION = "1.17"
+MULTI_VG_VERSION = "2.2"
+PRIORITY_API_VERSION = "2.11"
+
+
+def human_to_bytes(size):
+ """Given a human-readable byte string (e.g. 2G, 30M),
+ return the number of bytes. Will return 0 if the argument has
+ unexpected form.
+ """
+ bytes = size[:-1]
+ unit = size[-1].upper()
+ if bytes.isdigit():
+ bytes = int(bytes)
+ if unit == "P":
+ bytes *= 1125899906842624
+ elif unit == "T":
+ bytes *= 1099511627776
+ elif unit == "G":
+ bytes *= 1073741824
+ elif unit == "M":
+ bytes *= 1048576
+ elif unit == "K":
+ bytes *= 1024
+ else:
+ bytes = 0
+ else:
+ bytes = 0
+ return bytes
+
+
+def human_to_real(iops):
+ """Given a human-readable IOPs string (e.g. 2K, 30M),
+ return the real number. Will return 0 if the argument has
+ unexpected form.
+ """
+ digit = iops[:-1]
+ unit = iops[-1].upper()
+ if unit.isdigit():
+ digit = iops
+ elif digit.isdigit():
+ digit = int(digit)
+ if unit == "M":
+ digit *= 1000000
+ elif unit == "K":
+ digit *= 1000
+ else:
+ digit = 0
+ else:
+ digit = 0
+ return digit
+
+
+def get_multi_vgroups(module, destroyed=False):
+ """Return True is all volume groups exist or None"""
+ names = []
+ array = get_array(module)
+ for vg_num in range(
+ module.params["start"], module.params["count"] + module.params["start"]
+ ):
+ names.append(
+ module.params["name"]
+ + str(vg_num).zfill(module.params["digits"])
+ + module.params["suffix"]
+ )
+ return bool(
+ array.get_volume_groups(names=names, destroyed=destroyed).status_code == 200
+ )
+
+
+def get_pending_vgroup(module, array):
+ """Get Deleted Volume Group"""
+ vgroup = None
+ for vgrp in array.list_vgroups(pending=True):
+ if vgrp["name"] == module.params["name"] and vgrp["time_remaining"]:
+ vgroup = vgrp
+ break
+
+ return vgroup
+
+
+def get_vgroup(module, array):
+ """Get Volume Group"""
+ vgroup = None
+ for vgrp in array.list_vgroups():
+ if vgrp["name"] == module.params["name"]:
+ vgroup = vgrp
+ break
+
+ return vgroup
+
+
+def make_vgroup(module, array):
+ """Create Volume Group"""
+ changed = True
+ api_version = array._list_available_rest_versions()
+ if (
+ module.params["bw_qos"]
+ or module.params["iops_qos"]
+ and VG_IOPS_VERSION in api_version
+ ):
+ if module.params["bw_qos"] and not module.params["iops_qos"]:
+ if int(human_to_bytes(module.params["bw_qos"])) in range(
+ 1048576, 549755813888
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_vgroup(
+ module.params["name"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+ elif module.params["iops_qos"] and not module.params["bw_qos"]:
+ if int(human_to_real(module.params["iops_qos"])) in range(100, 100000000):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_vgroup(
+ module.params["name"], iops_limit=module.params["iops_qos"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="IOPs QoS value {0} out of range.".format(
+ module.params["iops_qos"]
+ )
+ )
+ else:
+ bw_qos_size = int(human_to_bytes(module.params["bw_qos"]))
+ if int(human_to_real(module.params["iops_qos"])) in range(
+ 100, 100000000
+ ) and bw_qos_size in range(1048576, 549755813888):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_vgroup(
+ module.params["name"],
+ iops_limit=module.params["iops_qos"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(msg="IOPs or Bandwidth QoS value out of range.")
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.create_vgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="creation of volume group {0} failed.".format(
+ module.params["name"]
+ )
+ )
+ if PRIORITY_API_VERSION in api_version:
+ array = get_array(module)
+ volume_group = flasharray.VolumeGroup(
+ priority_adjustment=flasharray.PriorityAdjustment(
+ priority_adjustment_operator=module.params["priority_operator"],
+ priority_adjustment_value=module.params["priority_value"],
+ ),
+ )
+ if not module.check_mode:
+ res = array.patch_volume_groups(
+ names=[module.params["name"]], volume_group=volume_group
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to set priority adjustment for volume group {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def make_multi_vgroups(module, array):
+ """Create multiple Volume Groups"""
+ changed = True
+ bw_qos_size = iops_qos_size = 0
+ names = []
+ api_version = array._list_available_rest_versions()
+ array = get_array(module)
+ for vg_num in range(
+ module.params["start"], module.params["count"] + module.params["start"]
+ ):
+ names.append(
+ module.params["name"]
+ + str(vg_num).zfill(module.params["digits"])
+ + module.params["suffix"]
+ )
+ if module.params["bw_qos"]:
+ bw_qos = int(human_to_bytes(module.params["bw_qos"]))
+ if bw_qos in range(1048576, 549755813888):
+ bw_qos_size = bw_qos
+ else:
+ module.fail_json(msg="Bandwidth QoS value out of range.")
+ if module.params["iops_qos"]:
+ iops_qos = int(human_to_real(module.params["iops_qos"]))
+ if iops_qos in range(100, 100000000):
+ iops_qos_size = iops_qos
+ else:
+ module.fail_json(msg="IOPs QoS value out of range.")
+ if bw_qos_size != 0 and iops_qos_size != 0:
+ volume_group = flasharray.VolumeGroupPost(
+ qos=flasharray.Qos(bandwidth_limit=bw_qos_size, iops_limit=iops_qos_size)
+ )
+ elif bw_qos_size == 0 and iops_qos_size == 0:
+ volume_group = flasharray.VolumeGroupPost()
+ elif bw_qos_size == 0 and iops_qos_size != 0:
+ volume_group = flasharray.VolumeGroupPost(
+ qos=flasharray.Qos(iops_limit=iops_qos_size)
+ )
+ elif bw_qos_size != 0 and iops_qos_size == 0:
+ volume_group = flasharray.VolumeGroupPost(
+ qos=flasharray.Qos(bandwidth_limit=bw_qos_size)
+ )
+ if not module.check_mode:
+ res = array.post_volume_groups(names=names, volume_group=volume_group)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Multi-Vgroup {0}#{1} creation failed: {2}".format(
+ module.params["name"],
+ module.params["suffix"],
+ res.errors[0].message,
+ )
+ )
+ if PRIORITY_API_VERSION in api_version:
+ volume_group = flasharray.VolumeGroup(
+ priority_adjustment=flasharray.PriorityAdjustment(
+ priority_adjustment_operator=module.params["priority_operator"],
+ priority_adjustment_value=module.params["priority_value"],
+ ),
+ )
+ res = array.patch_volume_groups(names=names, volume_group=volume_group)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to set priority adjustments for multi-vgroup {0}#{1}. Error: {2}".format(
+ module.params["name"],
+ module.params["suffix"],
+ res.errors[0].message,
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def update_vgroup(module, array):
+ """Update Volume Group"""
+ changed = False
+ api_version = array._list_available_rest_versions()
+ if PRIORITY_API_VERSION in api_version:
+ arrayv6 = get_array(module)
+ vg_prio = list(arrayv6.get_volume_groups(names=[module.params["name"]]).items)[
+ 0
+ ].priority_adjustment
+ if (
+ module.params["priority_operator"]
+ and vg_prio.priority_adjustment_operator
+ != module.params["priority_operator"]
+ ):
+ changed = True
+ new_operator = module.params["priority_operator"]
+ else:
+ new_operator = vg_prio.priority_adjustment_operator
+ if vg_prio.priority_adjustment_value != module.params["priority_value"]:
+ changed = True
+ new_value = module.params["priority_value"]
+ else:
+ new_value = vg_prio.priority_adjustment_value
+ if changed and not module.check_mode:
+ volume_group = flasharray.VolumeGroup(
+ priority_adjustment=flasharray.PriorityAdjustment(
+ priority_adjustment_operator=new_operator,
+ priority_adjustment_value=new_value,
+ )
+ )
+ res = arrayv6.patch_volume_groups(
+ names=[module.params["name"]], volume_group=volume_group
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to changfe DMM Priority for volume group {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ if VG_IOPS_VERSION in api_version:
+ try:
+ vg_qos = array.get_vgroup(module.params["name"], qos=True)
+ except Exception:
+ module.fail_json(
+ msg="Failed to get QoS settings for vgroup {0}.".format(
+ module.params["name"]
+ )
+ )
+ if VG_IOPS_VERSION in api_version:
+ if vg_qos["bandwidth_limit"] is None:
+ vg_qos["bandwidth_limit"] = 0
+ if vg_qos["iops_limit"] is None:
+ vg_qos["iops_limit"] = 0
+ if module.params["bw_qos"] and VG_IOPS_VERSION in api_version:
+ if human_to_bytes(module.params["bw_qos"]) != vg_qos["bandwidth_limit"]:
+ if module.params["bw_qos"] == "0":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_vgroup(module.params["name"], bandwidth_limit="")
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} Bandwidth QoS removal failed.".format(
+ module.params["name"]
+ )
+ )
+ elif int(human_to_bytes(module.params["bw_qos"])) in range(
+ 1048576, 549755813888
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_vgroup(
+ module.params["name"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} Bandwidth QoS change failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+ if module.params["iops_qos"] and VG_IOPS_VERSION in api_version:
+ if human_to_real(module.params["iops_qos"]) != vg_qos["iops_limit"]:
+ if module.params["iops_qos"] == "0":
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_vgroup(module.params["name"], iops_limit="")
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} IOPs QoS removal failed.".format(
+ module.params["name"]
+ )
+ )
+ elif int(human_to_real(module.params["iops_qos"])) in range(100, 100000000):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_vgroup(
+ module.params["name"], iops_limit=module.params["iops_qos"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Vgroup {0} IOPs QoS change failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def recover_vgroup(module, array):
+ """Recover Volume Group"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.recover_vgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Recovery of volume group {0} failed.".format(module.params["name"])
+ )
+
+ module.exit_json(changed=changed)
+
+
+def eradicate_vgroup(module, array):
+ """Eradicate Volume Group"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.eradicate_vgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Eradicating vgroup {0} failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_vgroup(module, array):
+ """Delete Volume Group"""
+ changed = True
+ if not module.check_mode:
+ try:
+ array.destroy_vgroup(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Deleting vgroup {0} failed.".format(module.params["name"])
+ )
+ if module.params["eradicate"]:
+ eradicate_vgroup(module, array)
+
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ bw_qos=dict(type="str"),
+ iops_qos=dict(type="str"),
+ count=dict(type="int"),
+ start=dict(type="int", default=0),
+ digits=dict(type="int", default=1),
+ suffix=dict(type="str"),
+ priority_operator=dict(type="str", choices=["+", "-"], default="+"),
+ priority_value=dict(type="int", choices=[0, 10], default=0),
+ eradicate=dict(type="bool", default=False),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+ if VGROUP_API_VERSION not in api_version:
+ module.fail_json(msg="API version does not support volume groups.")
+
+ vgroup = get_vgroup(module, array)
+ xvgroup = get_pending_vgroup(module, array)
+
+ if module.params["count"]:
+ if not HAS_PURESTORAGE:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'count' parameter"
+ )
+ if MULTI_VG_VERSION not in api_version:
+ module.fail_json(
+ msg="'count' parameter is not supported until Purity//FA 6.0.0 or higher"
+ )
+ if module.params["digits"] and module.params["digits"] not in range(1, 10):
+ module.fail_json(msg="'digits' must be in the range of 1 to 10")
+ if module.params["start"] < 0:
+ module.fail_json(msg="'start' must be a positive number")
+ vgroup = get_multi_vgroups(module)
+ if state == "present" and not vgroup:
+ make_multi_vgroups(module, array)
+ elif state == "absent" and not vgroup:
+ module.exit_json(changed=False)
+ else:
+ module.warn("Method not yet supported for multi-vgroup")
+ else:
+ if xvgroup and state == "present":
+ recover_vgroup(module, array)
+ elif vgroup and state == "absent":
+ delete_vgroup(module, array)
+ elif xvgroup and state == "absent" and module.params["eradicate"]:
+ eradicate_vgroup(module, array)
+ elif not vgroup and not xvgroup and state == "present":
+ make_vgroup(module, array)
+ elif vgroup and state == "present":
+ update_vgroup(module, array)
+ elif vgroup is None and state == "absent":
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vlan.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vlan.py
new file mode 100644
index 000000000..e804e334d
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vlan.py
@@ -0,0 +1,267 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+
+DOCUMENTATION = """
+---
+module: purefa_vlan
+version_added: '1.0.0'
+short_description: Manage network VLAN interfaces in a Pure Storage FlashArray
+description:
+ - This module manages the VLAN network interfaces on a Pure Storage FlashArray.
+author: Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - Interface name, including controller indentifier.
+ - VLANs are only supported on iSCSI, NVMe-RoCE and file
+ physical interfaces
+ required: true
+ type: str
+ state:
+ description:
+ - State of existing interface (on/off).
+ required: false
+ default: present
+ choices: [ "present", "absent" ]
+ type: str
+ enabled:
+ description:
+ - Define if VLAN interface is enabled or not.
+ required: false
+ default: true
+ type: bool
+ address:
+ description:
+ - IPv4 or IPv6 address of interface.
+ required: false
+ type: str
+ subnet:
+ description:
+ - Name of subnet interface associated with.
+ required: true
+ type: str
+extends_documentation_fragment:
+ - purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = """
+- name: Configure and enable VLAN interface ct0.eth8 for subnet test
+ purestorage.flasharray.purefa_vlan:
+ name: ct0.eth8
+ subnet: test
+ address: 10.21.200.18
+ state: present
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Disable VLAN interface for subnet test on ct1.eth2
+ purestorage.flasharray.purefa_vlan:
+ name: ct1.eth2
+ subnet: test
+ enabled: false
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40
+
+- name: Delete VLAN inteface for subnet test on ct0.eth4
+ purestorage.flasharray.purefa_vlan:
+ name: ct0.eth4
+ subnet: test
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: c6033033-fe69-2515-a9e8-966bb7fe4b40"""
+
+RETURN = """
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+def _get_subnet(module, array):
+ """Return subnet or None"""
+ subnet = {}
+ try:
+ subnet = array.get_subnet(module.params["subnet"])
+ except Exception:
+ return None
+ return subnet
+
+
+def _get_interface(module, array):
+ """Return Interface or None"""
+ interface = {}
+ if "ct" in module.params["name"]:
+ try:
+ interfaces = array.list_network_interfaces()
+ except Exception:
+ return None
+ for ints in range(0, len(interfaces)):
+ if interfaces[ints]["name"] == module.params["name"]:
+ interface = interfaces[ints]
+ break
+ return interface
+
+
+def _get_vif(array, interface, subnet):
+ """Return VLAN Interface or None"""
+ vif_info = {}
+ vif_name = interface["name"] + "." + str(subnet["vlan"])
+ try:
+ interfaces = array.list_network_interfaces()
+ except Exception:
+ return None
+ for ints in range(0, len(interfaces)):
+ if interfaces[ints]["name"] == vif_name:
+ vif_info = interfaces[ints]
+ break
+ return vif_info
+
+
+def create_vif(module, array, interface, subnet):
+ """Create VLAN Interface"""
+ changed = True
+ if not module.check_mode:
+ vif_name = interface["name"] + "." + str(subnet["vlan"])
+ if module.params["address"]:
+ try:
+ array.create_vlan_interface(
+ vif_name, module.params["subnet"], address=module.params["address"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to create VLAN interface {0}.".format(vif_name)
+ )
+ else:
+ try:
+ array.create_vlan_interface(vif_name, module.params["subnet"])
+ except Exception:
+ module.fail_json(
+ msg="Failed to create VLAN interface {0}.".format(vif_name)
+ )
+ if not module.params["enabled"]:
+ try:
+ array.set_network_interface(vif_name, enabled=False)
+ except Exception:
+ module.fail_json(
+ msg="Failed to disable VLAN interface {0} on creation.".format(
+ vif_name
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def update_vif(module, array, interface, subnet):
+ """Modify VLAN Interface settings"""
+ changed = False
+ vif_info = _get_vif(array, interface, subnet)
+ vif_name = vif_info["name"]
+ if module.params["address"]:
+ if module.params["address"] != vif_info["address"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_network_interface(
+ vif_name, address=module.params["address"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to change IP address for VLAN interface {0}.".format(
+ subnet
+ )
+ )
+
+ if module.params["enabled"] != vif_info["enabled"]:
+ if module.params["enabled"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_network_interface(vif_name, enabled=True)
+ except Exception:
+ module.fail_json(
+ msg="Failed to enable VLAN interface {0}.".format(vif_name)
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_network_interface(vif_name, enabled=False)
+ except Exception:
+ module.fail_json(
+ msg="Failed to disable VLAN interface {0}.".format(vif_name)
+ )
+
+ module.exit_json(changed=changed)
+
+
+def delete_vif(module, array, subnet):
+ """Delete VLAN Interface"""
+ changed = True
+ if not module.check_mode:
+ vif_name = module.params["name"] + "." + str(subnet["vlan"])
+ try:
+ array.delete_vlan_interface(vif_name)
+ except Exception:
+ module.fail_json(msg="Failed to delete VLAN inerface {0}".format(vif_name))
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ subnet=dict(type="str", required=True),
+ enabled=dict(type="bool", default=True),
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ address=dict(type="str"),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ array = get_system(module)
+ subnet = _get_subnet(module, array)
+ interface = _get_interface(module, array)
+ if not subnet:
+ module.fail_json(msg="Invalid subnet specified.")
+ if not interface:
+ module.fail_json(msg="Invalid interface specified.")
+ if ("iscsi" or "nvme-roce" or "nvme-tcp" or "file") not in interface["services"]:
+ module.fail_json(
+ msg="Invalid interface specified - must have service type of iSCSI, NVMe-RoCE, NVMe-TCP or file enabled."
+ )
+ if subnet["vlan"]:
+ vif_name = module.params["name"] + "." + str(subnet["vlan"])
+ vif = bool(vif_name in subnet["interfaces"])
+
+ if state == "present" and not vif:
+ create_vif(module, array, interface, subnet)
+ elif state == "present" and vif:
+ update_vif(module, array, interface, subnet)
+ elif state == "absent" and vif:
+ delete_vif(module, array, subnet)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vnc.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vnc.py
new file mode 100644
index 000000000..48e154c77
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_vnc.py
@@ -0,0 +1,161 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_vnc
+version_added: '1.0.0'
+short_description: Enable or Disable VNC port for installed apps
+description:
+- Enablke or Disable VNC access for installed apps
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ state:
+ description:
+ - Define state of VNC
+ type: str
+ default: present
+ choices: [ present, absent ]
+ name:
+ description:
+ - Name od app
+ type: str
+ required: true
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Enable VNC for application test
+ purestorage.flasharray.purefa_vnc:
+ name: test
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Disable VNC for application test
+ purestorage.flasharray.purefa_vnc:
+ name: test
+ state: absent
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+vnc:
+ description: VNC port information for application
+ type: dict
+ returned: success
+ contains:
+ status:
+ description: Status of application
+ type: str
+ sample: 'healthy'
+ index:
+ description: Application index number
+ type: int
+ version:
+ description: Application version installed
+ type: str
+ sample: '5.2.1'
+ vnc:
+ description: IP address and port number for VNC connection
+ type: dict
+ sample: ['10.21.200.34:5900']
+ name:
+ description: Application name
+ type: str
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+MIN_REQUIRED_API_VERSION = "1.17"
+
+
+def enable_vnc(module, array, app):
+ """Enable VNC port"""
+ changed = False
+ vnc_fact = []
+ if not app["vnc_enabled"]:
+ try:
+ if not module.check_mode:
+ array.enable_app_vnc(module.params["name"])
+ vnc_fact = array.get_app_node(module.params["name"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Enabling VNC for {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed, vnc=vnc_fact)
+
+
+def disable_vnc(module, array, app):
+ """Disable VNC port"""
+ changed = False
+ if app["vnc_enabled"]:
+ try:
+ if not module.check_mode:
+ array.disable_app_vnc(module.params["name"])
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Disabling VNC for {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ state=dict(type="str", default="present", choices=["present", "absent"]),
+ name=dict(type="str", required=True),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if MIN_REQUIRED_API_VERSION not in api_version:
+ module.fail_json(
+ msg="FlashArray REST version not supported. "
+ "Minimum version required: {0}".format(MIN_REQUIRED_API_VERSION)
+ )
+ try:
+ app = array.get_app(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Selected application {0} does not exist".format(module.params["name"])
+ )
+ if not app["enabled"]:
+ module.fail_json(
+ msg="Application {0} is not enabled".format(module.params["name"])
+ )
+ if module.params["state"] == "present":
+ enable_vnc(module, array, app)
+ else:
+ disable_vnc(module, array, app)
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume.py
new file mode 100644
index 000000000..c3c92f6d4
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume.py
@@ -0,0 +1,1726 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_volume
+version_added: '1.0.0'
+short_description: Manage volumes on Pure Storage FlashArrays
+description:
+- Create, delete or extend the capacity of a volume on Pure Storage FlashArray.
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the volume.
+ - Volume could be created in a POD with this syntax POD_NAME::VOLUME_NAME.
+ - Volume could be created in a volume group with this syntax VG_NAME/VOLUME_NAME.
+ - Multi-volume support available from Purity//FA 6.0.0
+ B(***NOTE***) Manual deletion or eradication of individual volumes created
+ using multi-volume will cause idempotency to fail
+ - Multi-volume support only exists for volume creation
+ type: str
+ required: true
+ target:
+ description:
+ - The name of the target volume, if copying.
+ type: str
+ state:
+ description:
+ - Define whether the volume should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+ eradicate:
+ description:
+ - Define whether to eradicate the volume on delete or leave in trash.
+ type: bool
+ default: false
+ overwrite:
+ description:
+ - Define whether to overwrite a target volume if it already exisits.
+ type: bool
+ default: false
+ size:
+ description:
+ - Volume size in M, G, T or P units.
+ type: str
+ count:
+ description:
+ - Number of volumes to be created in a multiple volume creation
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: int
+ start:
+ description:
+ - Number at which to start the multiple volume creation index
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: int
+ default: 0
+ digits:
+ description:
+ - Number of digits to use for multiple volume count. This
+ will pad the index number with zeros where necessary
+ - Only supported from Purity//FA v6.0.0 and higher
+ - Range is between 1 and 10
+ type: int
+ default: 1
+ suffix:
+ description:
+ - Suffix string, if required, for multiple volume create
+ - Volume names will be formed as I(<name>#I<suffix>), where
+ I(#) is a placeholder for the volume index
+ See associated descriptions
+ - Only supported from Purity//FA v6.0.0 and higher
+ type: str
+ bw_qos:
+ description:
+ - Bandwidth limit for volume in M or G units.
+ M will set MB/s
+ G will set GB/s
+ To clear an existing QoS setting use 0 (zero)
+ type: str
+ aliases: [ qos ]
+ iops_qos:
+ description:
+ - IOPs limit for volume - use value or K or M
+ K will mean 1000
+ M will mean 1000000
+ To clear an existing IOPs setting use 0 (zero)
+ type: str
+ move:
+ description:
+ - Move a volume in and out of a pod or vgroup
+ - Provide the name of pod or vgroup to move the volume to
+ - Pod and Vgroup names must be unique in the array
+ - To move to the local array, specify C(local)
+ - This is not idempotent - use C(ignore_errors) in the play
+ type: str
+ rename:
+ description:
+ - Value to rename the specified volume to.
+ - Rename only applies to the container the current volumes is in.
+ - There is no requirement to specify the pod or vgroup name as this is implied.
+ type: str
+ pgroup:
+ description:
+ - Name of exisitng, not deleted, protection group to add volume to
+ - Only application for volume(s) creation
+ - Superceeded from Purity//FA 6.3.4 by I(add_to_pgs)
+ type: str
+ version_added: 1.8.0
+ priority_operator:
+ description:
+ - DMM Priority Adjustment operator
+ type: str
+ choices: [ '=', '+', '-' ]
+ version_added: '1.13.0'
+ priority_value:
+ description:
+ - DMM Priority Adjustment value
+ type: int
+ choices: [ -10, 0, 10 ]
+ version_added: '1.13.0'
+ with_default_protection:
+ description:
+ - Whether to add the default container protection groups to
+ those specified in I(add_to_pgs) as the inital protection
+ of a new volume.
+ type: bool
+ default: true
+ version_added: '1.14.0'
+ add_to_pgs:
+ description:
+ - A new volume will be added to the specified protection groups
+ on creation
+ type: list
+ elements: str
+ version_added: '1.14.0'
+ promotion_state:
+ description:
+ - Promote or demote the volume so that the volume starts or
+ stops accepting write requests.
+ type: str
+ choices: [ promoted, demoted ]
+ version_added: '1.16.0'
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new volume named foo with a QoS limit
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ size: 1T
+ bw_qos: 58M
+ iops_qos: 23K
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Create new volume named foo with a DMM priority (Purity//FA 6.1.2+)
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ size: 1T
+ priority_operator: +
+ priorty_value: 10
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Create new volume named foo in pod bar in protection group pg1
+ purestorage.flasharray.purefa_volume:
+ name: bar::foo
+ prgoup: pg1
+ size: 1T
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Create 10 volumes with index starting at 10 but padded with 3 digits
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ size: 1T
+ suffix: bar
+ count: 10
+ start: 10
+ digits: 3
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Extend the size of an existing volume named foo
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ size: 2T
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Delete and eradicate volume named foo
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ eradicate: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Create clone of volume bar named foo
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ target: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Overwrite volume bar with volume foo
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ target: bar
+ overwrite: true
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Clear volume QoS from volume foo
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ bw_qos: 0
+ iops_qos: 0
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+
+- name: Move local volume foo from local array to pod bar
+ purestorage.flasharray.purefa_volume:
+ name: foo
+ move: bar
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Move volume foo in pod bar to local array
+ purestorage.flasharray.purefa_volume:
+ name: bar::foo
+ move: local
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Move volume foo in pod bar to vgroup fin
+ purestorage.flasharray.purefa_volume:
+ name: bar::foo
+ move: fin
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+"""
+
+RETURN = r"""
+volume:
+ description: A dictionary describing the changed volume. Only some
+ attributes below will be returned with various actions.
+ type: dict
+ returned: success
+ contains:
+ source:
+ description: Volume name of source volume used for volume copy
+ type: str
+ serial:
+ description: Volume serial number
+ type: str
+ sample: '361019ECACE43D83000120A4'
+ nvme_nguid:
+ description: Volume NVMe namespace globally unique identifier
+ type: str
+ sample: 'eui.00cd6b99ef25864724a937c5000be684'
+ page83_naa:
+ description: Volume NAA canonical name
+ type: str
+ sample: 'naa.624a9370361019ecace43db3000120a4'
+ created:
+ description: Volume creation time
+ type: str
+ sample: '2019-03-13T22:49:24Z'
+ name:
+ description: Volume name
+ type: str
+ size:
+ description: Volume size in bytes
+ type: int
+ bandwidth_limit:
+ description: Volume bandwidth limit in bytes/sec
+ type: int
+ iops_limit:
+ description: Volume IOPs limit
+ type: int
+ priority_operator:
+ description: DMM Priority Adjustment operator
+ type: str
+ priority_value:
+ description: DMM Priority Adjustment value
+ type: int
+"""
+
+HAS_PURESTORAGE = True
+try:
+ from pypureclient import flasharray
+except ImportError:
+ HAS_PURESTORAGE = False
+
+import re
+import time
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_array,
+ get_system,
+ purefa_argument_spec,
+)
+
+
+QOS_API_VERSION = "1.14"
+VGROUPS_API_VERSION = "1.13"
+POD_API_VERSION = "1.13"
+AC_QOS_VERSION = "1.16"
+OFFLOAD_API_VERSION = "1.16"
+IOPS_API_VERSION = "1.17"
+MULTI_VOLUME_VERSION = "2.2"
+PROMOTE_API_VERSION = "1.19"
+PURE_OUI = "naa.624a9370"
+PRIORITY_API_VERSION = "2.11"
+DEFAULT_API_VERSION = "2.16"
+VOLUME_PROMOTION_API_VERSION = "2.2"
+
+
+def _create_nguid(serial):
+ nguid = "eui.00" + serial[0:14] + "24a937" + serial[-10:]
+ return nguid
+
+
+def get_pod(module, array):
+ """Get ActiveCluster Pod"""
+ pod_name = module.params["pgroup"].split("::")[0]
+ try:
+ return array.get_pod(pod=pod_name)
+ except Exception:
+ return None
+
+
+def get_pending_pgroup(module, array):
+ """Get Protection Group"""
+ pgroup = None
+ if ":" in module.params["pgroup"]:
+ if "::" not in module.params["pgroup"]:
+ for pgrp in array.list_pgroups(pending=True, on="*"):
+ if pgrp["name"] == module.params["pgroup"] and pgrp["time_remaining"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups(pending=True):
+ if pgrp["name"] == module.params["pgroup"] and pgrp["time_remaining"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups(pending=True):
+ if pgrp["name"] == module.params["pgroup"] and pgrp["time_remaining"]:
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def get_pgroup(module, array):
+ """Get Protection Group"""
+ pgroup = None
+ if ":" in module.params["pgroup"]:
+ if "::" not in module.params["pgroup"]:
+ for pgrp in array.list_pgroups(on="*"):
+ if pgrp["name"] == module.params["pgroup"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups():
+ if pgrp["name"] == module.params["pgroup"]:
+ pgroup = pgrp
+ break
+ else:
+ for pgrp in array.list_pgroups():
+ if pgrp["name"] == module.params["pgroup"]:
+ pgroup = pgrp
+ break
+
+ return pgroup
+
+
+def human_to_bytes(size):
+ """Given a human-readable byte string (e.g. 2G, 30M),
+ return the number of bytes. Will return 0 if the argument has
+ unexpected form.
+ """
+ bytes = size[:-1]
+ unit = size[-1].upper()
+ if bytes.isdigit():
+ bytes = int(bytes)
+ if unit == "P":
+ bytes *= 1125899906842624
+ elif unit == "T":
+ bytes *= 1099511627776
+ elif unit == "G":
+ bytes *= 1073741824
+ elif unit == "M":
+ bytes *= 1048576
+ elif unit == "K":
+ bytes *= 1024
+ else:
+ bytes = 0
+ else:
+ bytes = 0
+ return bytes
+
+
+def human_to_real(iops):
+ """Given a human-readable IOPs string (e.g. 2K, 30M),
+ return the real number. Will return 0 if the argument has
+ unexpected form.
+ """
+ digit = iops[:-1]
+ unit = iops[-1].upper()
+ if unit.isdigit():
+ digit = iops
+ elif digit.isdigit():
+ digit = int(digit)
+ if unit == "M":
+ digit *= 1000000
+ elif unit == "K":
+ digit *= 1000
+ else:
+ digit = 0
+ else:
+ digit = 0
+ return digit
+
+
+def get_multi_volumes(module, destroyed=False):
+ """Return True is all volumes exist or None"""
+ names = []
+ array = get_array(module)
+ for vol_num in range(
+ module.params["start"], module.params["count"] + module.params["start"]
+ ):
+ names.append(
+ module.params["name"]
+ + str(vol_num).zfill(module.params["digits"])
+ + module.params["suffix"]
+ )
+ return bool(array.get_volumes(names=names, destroyed=destroyed).status_code == 200)
+
+
+def get_volume(module, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(module.params["name"])
+ except Exception:
+ return None
+
+
+def get_endpoint(name, array):
+ """Return Endpoint or None"""
+ try:
+ return array.get_volume(name, pending=True, protocol_endpoint=True)
+ except Exception:
+ return None
+
+
+def get_destroyed_volume(vol, array):
+ """Return Destroyed Volume or None"""
+ try:
+ return bool(array.get_volume(vol, pending=True)["time_remaining"] != "")
+ except Exception:
+ return False
+
+
+def get_destroyed_endpoint(vol, array):
+ """Return Destroyed Endpoint or None"""
+ try:
+ return bool(
+ array.get_volume(vol, protocol_endpoint=True, pending=True)[
+ "time_remaining"
+ ]
+ != ""
+ )
+ except Exception:
+ return False
+
+
+def get_target(module, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(module.params["target"])
+ except Exception:
+ return None
+
+
+def check_vgroup(module, array):
+ """Check is the requested VG to create volume in exists"""
+ vg_exists = False
+ api_version = array._list_available_rest_versions()
+ if VGROUPS_API_VERSION in api_version:
+ vg_name = module.params["name"].split("/")[0]
+ try:
+ vgs = array.list_vgroups()
+ except Exception:
+ module.fail_json(msg="Failed to get volume groups list. Check array.")
+ for vgroup in range(0, len(vgs)):
+ if vg_name == vgs[vgroup]["name"]:
+ vg_exists = True
+ break
+ else:
+ module.fail_json(
+ msg="VG volumes are not supported. Please upgrade your FlashArray."
+ )
+ return vg_exists
+
+
+def check_pod(module, array):
+ """Check is the requested pod to create volume in exists"""
+ pod_exists = False
+ api_version = array._list_available_rest_versions()
+ if POD_API_VERSION in api_version:
+ pod_name = module.params["name"].split("::")[0]
+ try:
+ pods = array.list_pods()
+ except Exception:
+ module.fail_json(msg="Failed to get pod list. Check array.")
+ for pod in range(0, len(pods)):
+ if pod_name == pods[pod]["name"]:
+ pod_exists = True
+ break
+ else:
+ module.fail_json(
+ msg="Pod volumes are not supported. Please upgrade your FlashArray."
+ )
+ return pod_exists
+
+
+def create_volume(module, array):
+ """Create Volume"""
+ volfact = []
+ changed = False
+ api_version = array._list_available_rest_versions()
+ if "/" in module.params["name"] and not check_vgroup(module, array):
+ module.fail_json(
+ msg="Failed to create volume {0}. Volume Group does not exist.".format(
+ module.params["name"]
+ )
+ )
+ if "::" in module.params["name"]:
+ if not check_pod(module, array):
+ module.fail_json(
+ msg="Failed to create volume {0}. Pod does not exist".format(
+ module.params["name"]
+ )
+ )
+ pod_name = module.params["name"].split("::")[0]
+ if PROMOTE_API_VERSION in api_version:
+ if array.get_pod(pod_name)["promotion_status"] == "demoted":
+ module.fail_json(msg="Volume cannot be created in a demoted pod")
+ if module.params["bw_qos"] or module.params["iops_qos"]:
+ if AC_QOS_VERSION not in api_version:
+ module.warn(
+ "Pods cannot cannot contain volumes with QoS settings. Ignoring..."
+ )
+ module.params["bw_qos"] = module.params["iops_qos"] = None
+ if not module.params["size"]:
+ module.fail_json(msg="Size for a new volume must be specified")
+ if module.params["bw_qos"] or module.params["iops_qos"]:
+ if module.params["bw_qos"] and QOS_API_VERSION in api_version:
+ if module.params["iops_qos"] and IOPS_API_VERSION in api_version:
+ if module.params["bw_qos"] and not module.params["iops_qos"]:
+ if int(human_to_bytes(module.params["bw_qos"])) in range(
+ 1048576, 549755813888
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.create_volume(
+ module.params["name"],
+ module.params["size"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ volfact["page83_naa"] = (
+ PURE_OUI + volfact["serial"].lower()
+ )
+ volfact["nvme_nguid"] = _create_nguid(
+ volfact["serial"].lower()
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+ elif module.params["iops_qos"] and not module.params["bw_qos"]:
+ if (
+ 100000000
+ >= int(human_to_real(module.params["iops_qos"]))
+ >= 100
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.create_volume(
+ module.params["name"],
+ module.params["size"],
+ iops_limit=module.params["iops_qos"],
+ )
+ volfact["page83_naa"] = (
+ PURE_OUI + volfact["serial"].lower()
+ )
+ volfact["nvme_nguid"] = _create_nguid(
+ volfact["serial"].lower()
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="IOPs QoS value {0} out of range.".format(
+ module.params["iops_qos"]
+ )
+ )
+ else:
+ bw_qos_size = int(human_to_bytes(module.params["bw_qos"]))
+ if int(human_to_real(module.params["iops_qos"])) in range(
+ 100, 100000000
+ ) and bw_qos_size in range(1048576, 549755813888):
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.create_volume(
+ module.params["name"],
+ module.params["size"],
+ iops_limit=module.params["iops_qos"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ volfact["page83_naa"] = (
+ PURE_OUI + volfact["serial"].lower()
+ )
+ volfact["nvme_nguid"] = _create_nguid(
+ volfact["serial"].lower()
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="IOPs or Bandwidth QoS value out of range."
+ )
+ else:
+ if module.params["bw_qos"]:
+ if int(human_to_bytes(module.params["bw_qos"])) in range(
+ 1048576, 549755813888
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.create_volume(
+ module.params["name"],
+ module.params["size"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ volfact["page83_naa"] = (
+ PURE_OUI + volfact["serial"].lower()
+ )
+ volfact["nvme_nguid"] = _create_nguid(
+ volfact["serial"].lower()
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.create_volume(
+ module.params["name"], module.params["size"]
+ )
+ volfact["page83_naa"] = PURE_OUI + volfact["serial"].lower()
+ volfact["nvme_nguid"] = _create_nguid(
+ volfact["serial"].lower()
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} creation failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.create_volume(
+ module.params["name"], module.params["size"]
+ )
+ volfact["page83_naa"] = PURE_OUI + volfact["serial"].lower()
+ volfact["nvme_nguid"] = _create_nguid(volfact["serial"].lower())
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} creation failed.".format(module.params["name"])
+ )
+ if VOLUME_PROMOTION_API_VERSION in api_version and module.params["promotion_state"]:
+ arrayv6 = get_array(module)
+ volume = flasharray.VolumePatch(
+ requested_promotion_state=module.params["promotion_state"]
+ )
+ changed = True
+ if not module.check_mode:
+ res = arrayv6.patch_volumes(names=[module.params["name"]], volume=volume)
+ if res.status_code != 200:
+ arrayv6.patch_volumes(
+ names=[module.params["name"]],
+ volume=flasharray.VolumePatch(destroyed=True),
+ )
+ arrayv6.delete_volumes(names=[module.params["name"]])
+ module.fail_json(
+ msg="Failed to set Promotion State for volume {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ volfact["promotion_state"] = module.params["promotion_state"]
+ if PRIORITY_API_VERSION in api_version and module.params["priority_operator"]:
+ arrayv6 = get_array(module)
+ volume = flasharray.VolumePatch(
+ priority_adjustment=flasharray.PriorityAdjustment(
+ priority_adjustment_operator=module.params["priority_operator"],
+ priority_adjustment_value=module.params["priority_value"],
+ )
+ )
+ res = arrayv6.patch_volumes(names=[module.params["name"]], volume=volume)
+ if res.status_code != 200:
+ arrayv6.patch_volumes(
+ names=[module.params["name"]],
+ volume=flasharray.VolumePatch(destroyed=True),
+ )
+ arrayv6.delete_volumes(names=[module.params["name"]])
+ module.fail_json(
+ msg="Failed to set DMM Priority Adjustment on volume {0}. Error: {1}".format(
+ module.params["name"], res.errors[0].message
+ )
+ )
+ else:
+ volfact["priority_operator"] = module.params["priority_operator"]
+ volfact["priority_value"] = module.params["priority_value"]
+ if module.params["pgroup"] and DEFAULT_API_VERSION not in api_version:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.set_pgroup(
+ module.params["pgroup"], addvollist=[module.params["name"]]
+ )
+ except Exception:
+ module.warn_json(
+ "Failed to add {0} to protection group {1}.".format(
+ module.params["name"], module.params["pgroup"]
+ )
+ )
+
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def create_multi_volume(module, array, single=False):
+ """Create Volume"""
+ volfact = {}
+ changed = True
+ api_version = array._list_available_rest_versions()
+ bw_qos_size = iops_qos_size = 0
+ names = []
+ if "/" in module.params["name"] and not check_vgroup(module, array):
+ module.fail_json(
+ msg="Multi-volume create failed. Volume Group {0} does not exist.".format(
+ module.params["name"].split("/")[0]
+ )
+ )
+ if "::" in module.params["name"]:
+ if not check_pod(module, array):
+ module.fail_json(
+ msg="Multi-volume create failed. Pod {0} does not exist".format(
+ module.params["name"].split(":")[0]
+ )
+ )
+ pod_name = module.params["name"].split("::")[0]
+ if PROMOTE_API_VERSION in api_version:
+ if array.get_pod(pod_name)["promotion_status"] == "demoted":
+ module.fail_json(msg="Volume cannot be created in a demoted pod")
+ array = get_array(module)
+ if not single:
+ for vol_num in range(
+ module.params["start"], module.params["count"] + module.params["start"]
+ ):
+ names.append(
+ module.params["name"]
+ + str(vol_num).zfill(module.params["digits"])
+ + module.params["suffix"]
+ )
+ else:
+ names.append(module.params["name"])
+ if module.params["bw_qos"]:
+ bw_qos = int(human_to_bytes(module.params["bw_qos"]))
+ if bw_qos in range(1048576, 549755813888):
+ bw_qos_size = bw_qos
+ else:
+ module.fail_json(msg="Bandwidth QoS value out of range.")
+ if module.params["iops_qos"]:
+ iops_qos = int(human_to_real(module.params["iops_qos"]))
+ if iops_qos in range(100, 100000000):
+ iops_qos_size = iops_qos
+ else:
+ module.fail_json(msg="IOPs QoS value out of range.")
+ if bw_qos_size != 0 and iops_qos_size != 0:
+ vols = flasharray.VolumePost(
+ provisioned=human_to_bytes(module.params["size"]),
+ qos=flasharray.Qos(bandwidth_limit=bw_qos_size, iops_limit=iops_qos_size),
+ subtype="regular",
+ )
+ elif bw_qos_size == 0 and iops_qos_size == 0:
+ vols = flasharray.VolumePost(
+ provisioned=human_to_bytes(module.params["size"]), subtype="regular"
+ )
+ elif bw_qos_size == 0 and iops_qos_size != 0:
+ vols = flasharray.VolumePost(
+ provisioned=human_to_bytes(module.params["size"]),
+ qos=flasharray.Qos(iops_limit=iops_qos_size),
+ subtype="regular",
+ )
+ elif bw_qos_size != 0 and iops_qos_size == 0:
+ vols = flasharray.VolumePost(
+ provisioned=human_to_bytes(module.params["size"]),
+ qos=flasharray.Qos(bandwidth_limit=bw_qos_size),
+ subtype="regular",
+ )
+ if not module.check_mode:
+ if DEFAULT_API_VERSION in api_version:
+ if module.params["add_to_pgs"]:
+ add_to_pgs = []
+ for add_pg in range(0, len(module.params["add_to_pgs"])):
+ add_to_pgs.append(
+ flasharray.FixedReference(
+ name=module.params["add_to_pgs"][add_pg]
+ )
+ )
+ res = array.post_volumes(
+ names=names,
+ volume=vols,
+ with_default_protection=module.params["with_default_protection"],
+ add_to_protection_groups=add_to_pgs,
+ )
+ else:
+ res = array.post_volumes(
+ names=names,
+ volume=vols,
+ with_default_protection=module.params["with_default_protection"],
+ )
+ else:
+ res = array.post_volumes(names=names, volume=vols)
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Multi-Volume {0}#{1} creation failed: {2}".format(
+ module.params["name"],
+ module.params["suffix"],
+ res.errors[0].message,
+ )
+ )
+ else:
+ if (
+ VOLUME_PROMOTION_API_VERSION in api_version
+ and module.params["promotion_state"]
+ ):
+ volume = flasharray.VolumePatch(
+ requested_promotion_state=module.params["promotion_state"]
+ )
+ prom_res = array.patch_volumes(names=names, volume=volume)
+ if prom_res.status_code != 200:
+ array.patch_volumes(
+ names=names,
+ volume=flasharray.VolumePatch(destroyed=True),
+ )
+ array.delete_volumes(names=names)
+ module.warn(
+ "Failed to set promotion status on volumes. Error: {0}".format(
+ prom_res.errors[0].message
+ )
+ )
+ if (
+ PRIORITY_API_VERSION in api_version
+ and module.params["priority_operator"]
+ ):
+ volume = flasharray.VolumePatch(
+ priority_adjustment=flasharray.PriorityAdjustment(
+ priority_adjustment_operator=module.params["priority_operator"],
+ priority_adjustment_value=module.params["priority_value"],
+ )
+ )
+ prio_res = array.patch_volumes(names=names, volume=volume)
+ if prio_res.status_code != 200:
+ array.patch_volumes(
+ names=names,
+ volume=flasharray.VolumePatch(destroyed=True),
+ )
+ array.delete_volumes(names=names)
+ module.fail_json(
+ msg="Failed to set DMM Priority Adjustment on volumes. Error: {0}".format(
+ prio_res.errors[0].message
+ )
+ )
+ prio_temp = list(prio_res.items)
+ temp = list(res.items)
+ for count in range(0, len(temp)):
+ vol_name = temp[count].name
+ volfact[vol_name] = {
+ "size": temp[count].provisioned,
+ "serial": temp[count].serial,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(temp[count].created / 1000)
+ ),
+ "page83_naa": PURE_OUI + temp[count].serial.lower(),
+ "nvme_nguid": _create_nguid(temp[count].serial.lower()),
+ }
+ if bw_qos_size != 0:
+ volfact[vol_name]["bandwidth_limit"] = temp[
+ count
+ ].qos.bandwidth_limit
+ if iops_qos_size != 0:
+ volfact[vol_name]["iops_limit"] = temp[count].qos.iops_limit
+ if (
+ VOLUME_PROMOTION_API_VERSION in api_version
+ and module.params["promotion_state"]
+ ):
+ volfact[vol_name]["promotion_status"] = prio_temp[
+ count
+ ].promotion_status
+ if (
+ PRIORITY_API_VERSION in api_version
+ and module.params["priority_operator"]
+ ):
+ volfact[vol_name]["priority_operator"] = prio_temp[
+ count
+ ].priority_adjustment.priority_adjustment_operator
+ volfact[vol_name]["priority_value"] = prio_temp[
+ count
+ ].priority_adjustment.priority_adjustment_value
+
+ if module.params["pgroup"] and DEFAULT_API_VERSION not in api_version:
+ if not module.check_mode:
+ res = array.post_protection_groups_volumes(
+ group_names=[module.params["pgroup"]], member_names=names
+ )
+ if res.status_code != 200:
+ module.warn(
+ "Failed to add {0} to protection group {1}.".format(
+ module.params["name"], module.params["pgroup"]
+ )
+ )
+
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def copy_from_volume(module, array):
+ """Create Volume Clone"""
+ volfact = []
+ changed = False
+ tgt = get_target(module, array)
+ api_version = array._list_available_rest_versions()
+ arrayv6 = get_array(module)
+ if tgt is None:
+ changed = True
+ if not module.check_mode:
+ if DEFAULT_API_VERSION in api_version:
+ if module.params["add_to_pgs"]:
+ add_to_pgs = []
+ for add_pg in range(0, len(module.params["add_to_pgs"])):
+ add_to_pgs.append(
+ flasharray.FixedReference(
+ name=module.params["add_to_pgs"][add_pg]
+ )
+ )
+ res = arrayv6.post_volumes(
+ with_default_protection=module.params[
+ "with_default_protection"
+ ],
+ add_to_protection_groups=add_to_pgs,
+ names=[module.params["target"]],
+ volume=flasharray.VolumePost(
+ source=flasharray.Reference(name=module.params["name"])
+ ),
+ )
+ else:
+ res = arrayv6.post_volumes(
+ with_default_protection=module.params[
+ "with_default_protection"
+ ],
+ names=[module.params["target"]],
+ volume=flasharray.VolumePost(
+ source=flasharray.Reference(name=module.params["name"])
+ ),
+ )
+
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to copy volume {0} to {1}. Error: {2}".format(
+ module.params["name"],
+ module.params["target"],
+ res.errors[0].message,
+ )
+ )
+ vol_data = list(res.items)
+ volfact = {
+ "size": vol_data[0].provisioned,
+ "serial": vol_data[0].serial,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(vol_data[0].created / 1000)
+ ),
+ "page83_naa": PURE_OUI + vol_data[0].serial.lower(),
+ "nvme_nguid": _create_nguid(vol_data[0].serial.lower()),
+ }
+ else:
+ try:
+ volfact = array.copy_volume(
+ module.params["name"], module.params["target"]
+ )
+ volfact["page83_naa"] = PURE_OUI + volfact["serial"].lower()
+ volfact["nvme_nguid"] = _create_nguid(volfact["serial"].lower())
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Copy volume {0} to volume {1} failed.".format(
+ module.params["name"], module.params["target"]
+ )
+ )
+ elif tgt is not None and module.params["overwrite"]:
+ changed = True
+ if not module.check_mode:
+ if DEFAULT_API_VERSION not in api_version:
+ try:
+ volfact = array.copy_volume(
+ module.params["name"],
+ module.params["target"],
+ overwrite=module.params["overwrite"],
+ )
+ volfact["page83_naa"] = PURE_OUI + volfact["serial"].lower()
+ volfact["nvme_nguid"] = _create_nguid(volfact["serial"].lower())
+ changed = True
+ except Exception:
+ module.fail_json(
+ msg="Copy volume {0} to volume {1} failed.".format(
+ module.params["name"], module.params["target"]
+ )
+ )
+ else:
+ res = arrayv6.post_volumes(
+ overwrite=module.params["overwrite"],
+ names=[module.params["target"]],
+ volume=flasharray.VolumePost(
+ source=flasharray.Reference(name=module.params["name"])
+ ),
+ )
+ if res.status_code != 200:
+ module.fail_json(
+ msg="Failed to copy volume {0} to {1}. Error: {2}".format(
+ module.params["name"],
+ module.params["target"],
+ res.errors[0].message,
+ )
+ )
+ vol_data = list(res.items)
+ volfact = {
+ "size": vol_data[0].provisioned,
+ "serial": vol_data[0].serial,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(vol_data[0].created / 1000)
+ ),
+ "page83_naa": PURE_OUI + vol_data[0].serial.lower(),
+ "nvme_nguid": _create_nguid(vol_data[0].serial.lower()),
+ }
+
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def update_volume(module, array):
+ """Update Volume size and/or QoS"""
+ volfact = {}
+ changed = False
+ arrayv6 = None
+ api_version = array._list_available_rest_versions()
+ if MULTI_VOLUME_VERSION in api_version:
+ arrayv6 = get_array(module)
+ vol = array.get_volume(module.params["name"])
+ vol_qos = array.get_volume(module.params["name"], qos=True)
+ if QOS_API_VERSION in api_version:
+ if vol_qos["bandwidth_limit"] is None:
+ vol_qos["bandwidth_limit"] = 0
+ if IOPS_API_VERSION in api_version:
+ if vol_qos["iops_limit"] is None:
+ vol_qos["iops_limit"] = 0
+ if "::" in module.params["name"]:
+ if module.params["bw_qos"] or module.params["iops_qos"]:
+ if AC_QOS_VERSION not in api_version:
+ module.warn(
+ "Pods cannot cannot contain volumes with QoS settings. Ignoring..."
+ )
+ module.params["bw_qos"] = module.params["iops_qos"] = None
+ if module.params["size"]:
+ if human_to_bytes(module.params["size"]) != vol["size"]:
+ if human_to_bytes(module.params["size"]) > vol["size"]:
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.extend_volume(
+ module.params["name"], module.params["size"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} resize failed.".format(
+ module.params["name"]
+ )
+ )
+ if module.params["bw_qos"] and QOS_API_VERSION in api_version:
+ if int(human_to_bytes(module.params["bw_qos"])) != int(
+ vol_qos["bandwidth_limit"]
+ ):
+ if module.params["bw_qos"] == "0":
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.set_volume(
+ module.params["name"], bandwidth_limit=""
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} Bandwidth QoS removal failed.".format(
+ module.params["name"]
+ )
+ )
+ elif int(human_to_bytes(module.params["bw_qos"])) in range(
+ 1048576, 549755813888
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.set_volume(
+ module.params["name"],
+ bandwidth_limit=module.params["bw_qos"],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} Bandwidth QoS change failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+ if module.params["iops_qos"] and IOPS_API_VERSION in api_version:
+ if int(human_to_real(module.params["iops_qos"])) != int(vol_qos["iops_limit"]):
+ if module.params["iops_qos"] == "0":
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.set_volume(module.params["name"], iops_limit="")
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} IOPs QoS removal failed.".format(
+ module.params["name"]
+ )
+ )
+ elif int(human_to_real(module.params["iops_qos"])) in range(100, 100000000):
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.set_volume(
+ module.params["name"], iops_limit=module.params["iops_qos"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Volume {0} IOPs QoS change failed.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Bandwidth QoS value {0} out of range.".format(
+ module.params["bw_qos"]
+ )
+ )
+ if VOLUME_PROMOTION_API_VERSION in api_version and module.params["promotion_state"]:
+ vol6 = list(arrayv6.get_volumes(names=[module.params["name"]]).items)[0]
+ if module.params["promotion_state"] != vol6.promotion_status:
+ volume_patch = flasharray.VolumePatch(
+ requested_promotion_state=module.params["promotion_state"]
+ )
+ changed = True
+ if not module.check_mode:
+ prom_res = arrayv6.patch_volumes(
+ names=[module.params["name"]], volume=volume_patch
+ )
+ if prom_res.status_code != 200:
+ module.fail_json(
+ msg="Failed to change promotion status for volume {0}.".format(
+ module.params["name"]
+ )
+ )
+ else:
+ if not volfact:
+ volfact = array.get_volume(module.params["name"])
+ volfact["promotion_status"] = module.params["promotion_state"]
+ if PRIORITY_API_VERSION in api_version and module.params["priority_operator"]:
+ volv6 = list(arrayv6.get_volumes(names=[module.params["name"]]).items)[0]
+ change_prio = False
+ if (
+ module.params["priority_operator"]
+ != volv6.priority_adjustment.priority_adjustment_operator
+ ):
+ change_prio = True
+ newop = module.params["priority_operator"]
+ else:
+ newop = volv6.priority_adjustment.priority_adjustment_operator
+ if (
+ module.params["priority_value"]
+ and module.params["priority_value"]
+ != volv6.priority_adjustment.priority_adjustment_value
+ ):
+ change_prio = True
+ newval = module.params["priority_value"]
+ elif (
+ not module.params["priority_value"]
+ and volv6.priority_adjustment.priority_adjustment_value != 0
+ ):
+ change_prio = True
+ newval = 0
+ else:
+ newval = volv6.priority_adjustment.priority_adjustment_value
+ volumepatch = flasharray.VolumePatch(
+ priority_adjustment=flasharray.PriorityAdjustment(
+ priority_adjustment_operator=newop,
+ priority_adjustment_value=newval,
+ )
+ )
+ if change_prio and not module.check_mode:
+ changed = True
+ prio_res = arrayv6.patch_volumes(
+ names=[module.params["name"]], volume=volumepatch
+ )
+ if prio_res.status_code != 200:
+ module.fail_json(
+ msg="Failed to change DMM Priority Adjustment for {0}. Error: {1}".format(
+ module.params["name"], prio_res.errors[0].message
+ )
+ )
+ else:
+ if not volfact:
+ volfact = array.get_volume(module.params["name"])
+ volfact["priority_operator"] = module.params["priority_operator"]
+ volfact["priority_value"] = module.params["priority_value"]
+ if MULTI_VOLUME_VERSION in api_version:
+ volume_data = list(arrayv6.get_volumes(names=[module.params["name"]]).items)[0]
+ updatefacts = {
+ "name": volume_data.name,
+ "size": volume_data.provisioned,
+ "serial": volume_data.serial,
+ "created": time.strftime(
+ "%Y-%m-%d %H:%M:%S", time.localtime(volume_data.created / 1000)
+ ),
+ "page83_naa": PURE_OUI + volume_data.serial.lower(),
+ "nvme_nguid": _create_nguid(volume_data.serial.lower()),
+ }
+ else:
+ updatefacts = array.get_volume(module.params["name"])
+ vol_fact = {**volfact, **updatefacts}
+ module.exit_json(changed=changed, volume=vol_fact)
+
+
+def rename_volume(module, array):
+ """Rename volume within a container, ie pod, vgroup or local array"""
+ volfact = []
+ changed = False
+ pod_name = ""
+ vgroup_name = ""
+ target_name = module.params["rename"]
+ target_exists = False
+ if "::" in module.params["name"]:
+ pod_name = module.params["name"].split("::")[0]
+ target_name = pod_name + "::" + module.params["rename"]
+ try:
+ array.get_volume(target_name, pending=True)
+ target_exists = True
+ except Exception:
+ target_exists = False
+ elif "/" in module.params["name"]:
+ vgroup_name = module.params["name"].split("/")[0]
+ target_name = vgroup_name + "/" + module.params["rename"]
+ try:
+ array.get_volume(target_name, pending=True)
+ target_exists = True
+ except Exception:
+ target_exists = False
+ else:
+ try:
+ array.get_volume(target_name, pending=True)
+ target_exists = True
+ except Exception:
+ target_exists = False
+ if target_exists and get_endpoint(target_name, array):
+ module.fail_json(
+ msg="Target volume {0} is a protocol-endpoinnt".format(target_name)
+ )
+ if not target_exists:
+ if get_destroyed_endpoint(target_name, array):
+ module.fail_json(
+ msg="Target volume {0} is a destroyed protocol-endpoinnt".format(
+ target_name
+ )
+ )
+ else:
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.rename_volume(
+ module.params["name"], module.params["rename"]
+ )
+ except Exception:
+ module.fail_json(
+ msg="Rename volume {0} to {1} failed.".format(
+ module.params["name"], module.params["rename"]
+ )
+ )
+ else:
+ module.fail_json(msg="Target volume {0} already exists.".format(target_name))
+
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def move_volume(module, array):
+ """Move volume between pods, vgroups or local array"""
+ volfact = []
+ changed = vgroup_exists = target_exists = pod_exists = False
+ api_version = array._list_available_rest_versions()
+ pod_name = ""
+ vgroup_name = ""
+ volume_name = module.params["name"]
+ if "::" in module.params["name"]:
+ volume_name = module.params["name"].split("::")[1]
+ pod_name = module.params["name"].split("::")[0]
+ if "/" in module.params["name"]:
+ volume_name = module.params["name"].split("/")[1]
+ vgroup_name = module.params["name"].split("/")[0]
+ if module.params["move"] == "local":
+ target_location = ""
+ if "::" not in module.params["name"]:
+ if "/" not in module.params["name"]:
+ module.fail_json(
+ msg="Source and destination [local] cannot be the same."
+ )
+ try:
+ target_exists = array.get_volume(volume_name, pending=True)
+ except Exception:
+ target_exists = False
+ if target_exists:
+ module.fail_json(msg="Target volume {0} already exists".format(volume_name))
+ else:
+ try:
+ pod_exists = array.get_pod(module.params["move"])
+ if len(pod_exists["arrays"]) > 1:
+ module.fail_json(msg="Volume cannot be moved into a stretched pod")
+ if pod_exists["link_target_count"] != 0:
+ module.fail_json(msg="Volume cannot be moved into a linked source pod")
+ if PROMOTE_API_VERSION in api_version:
+ if pod_exists["promotion_status"] == "demoted":
+ module.fail_json(msg="Volume cannot be moved into a demoted pod")
+ pod_exists = bool(pod_exists)
+ except Exception:
+ pod_exists = False
+ if pod_exists:
+ try:
+ target_exists = bool(
+ array.get_volume(
+ module.params["move"] + "::" + volume_name, pending=True
+ )
+ )
+ except Exception:
+ target_exists = False
+ try:
+ vgroup_exists = bool(array.get_vgroup(module.params["move"]))
+ except Exception:
+ vgroup_exists = False
+ if vgroup_exists:
+ try:
+ target_exists = bool(
+ array.get_volume(
+ module.params["move"] + "/" + volume_name, pending=True
+ )
+ )
+ except Exception:
+ target_exists = False
+ if target_exists:
+ module.fail_json(msg="Volume of same name already exists in move location")
+ if pod_exists and vgroup_exists:
+ module.fail_json(
+ msg="Move location {0} matches both a pod and a vgroup. Please rename one of these.".format(
+ module.params["move"]
+ )
+ )
+ if not pod_exists and not vgroup_exists:
+ module.fail_json(
+ msg="Move location {0} does not exist.".format(module.params["move"])
+ )
+ if "::" in module.params["name"]:
+ pod = array.get_pod(module.params["move"])
+ if len(pod["arrays"]) > 1:
+ module.fail_json(msg="Volume cannot be moved out of a stretched pod")
+ if pod["linked_target_count"] != 0:
+ module.fail_json(
+ msg="Volume cannot be moved out of a linked source pod"
+ )
+ if PROMOTE_API_VERSION in api_version:
+ if pod["promotion_status"] == "demoted":
+ module.fail_json(msg="Volume cannot be moved out of a demoted pod")
+ if "/" in module.params["name"]:
+ if (
+ vgroup_name == module.params["move"]
+ or pod_name == module.params["move"]
+ ):
+ module.fail_json(msg="Source and destination cannot be the same")
+ target_location = module.params["move"]
+ if get_endpoint(target_location, array):
+ module.fail_json(
+ msg="Target volume {0} is a protocol-endpoinnt".format(target_location)
+ )
+ changed = True
+ if not module.check_mode:
+ try:
+ volfact = array.move_volume(module.params["name"], target_location)
+ except Exception:
+ if target_location == "":
+ target_location = "[local]"
+ module.fail_json(
+ msg="Move of volume {0} to {1} failed.".format(
+ module.params["name"], target_location
+ )
+ )
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def delete_volume(module, array):
+ """Delete Volume"""
+ changed = True
+ volfact = []
+ if not module.check_mode:
+ try:
+ array.destroy_volume(module.params["name"])
+ if module.params["eradicate"]:
+ try:
+ volfact = array.eradicate_volume(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Eradicate volume {0} failed.".format(module.params["name"])
+ )
+ except Exception:
+ module.fail_json(
+ msg="Delete volume {0} failed.".format(module.params["name"])
+ )
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def eradicate_volume(module, array):
+ """Eradicate Deleted Volume"""
+ changed = True
+ volfact = []
+ if not module.check_mode:
+ if module.params["eradicate"]:
+ try:
+ array.eradicate_volume(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Eradication of volume {0} failed".format(module.params["name"])
+ )
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def recover_volume(module, array):
+ """Recover Deleted Volume"""
+ changed = True
+ volfact = []
+ if not module.check_mode:
+ try:
+ array.recover_volume(module.params["name"])
+ except Exception:
+ module.fail_json(
+ msg="Recovery of volume {0} failed".format(module.params["name"])
+ )
+ volfact = array.get_volume(module.params["name"])
+ volfact["page83_naa"] = PURE_OUI + volfact["serial"].lower()
+ volfact["nvme_nguid"] = _create_nguid(volfact["serial"].lower())
+ module.exit_json(changed=changed, volume=volfact)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ target=dict(type="str"),
+ move=dict(type="str"),
+ rename=dict(type="str"),
+ overwrite=dict(type="bool", default=False),
+ eradicate=dict(type="bool", default=False),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ bw_qos=dict(type="str", aliases=["qos"]),
+ iops_qos=dict(type="str"),
+ pgroup=dict(type="str"),
+ count=dict(type="int"),
+ start=dict(type="int", default=0),
+ digits=dict(type="int", default=1),
+ suffix=dict(type="str"),
+ priority_operator=dict(type="str", choices=["+", "-", "="]),
+ priority_value=dict(type="int", choices=[-10, 0, 10]),
+ size=dict(type="str"),
+ with_default_protection=dict(type="bool", default=True),
+ add_to_pgs=dict(type="list", elements="str"),
+ promotion_state=dict(type="str", choices=["promoted", "demoted"]),
+ )
+ )
+
+ mutually_exclusive = [
+ ["size", "target"],
+ ["move", "rename", "target", "eradicate"],
+ ["rename", "move", "target", "eradicate"],
+ ]
+ required_together = [["priority_operator", "priority_value"]]
+
+ module = AnsibleModule(
+ argument_spec,
+ mutually_exclusive=mutually_exclusive,
+ required_together=required_together,
+ supports_check_mode=True,
+ )
+
+ size = module.params["size"]
+ bw_qos = module.params["bw_qos"]
+ iops_qos = module.params["iops_qos"]
+ state = module.params["state"]
+ destroyed = False
+ array = get_system(module)
+ volume = get_volume(module, array)
+ api_version = array._list_available_rest_versions()
+ endpoint = get_endpoint(module.params["name"], array)
+
+ if endpoint:
+ module.fail_json(
+ msg="Volume {0} is an endpoint. Use purefa_endpoint module.".format(
+ module.params["name"]
+ )
+ )
+
+ if module.params["pgroup"]:
+ pattern = re.compile("^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$")
+ if ":" in module.params["pgroup"] and OFFLOAD_API_VERSION not in api_version:
+ module.fail_json(
+ msg="API version does not support offload protection groups."
+ )
+ if "::" in module.params["pgroup"] and POD_API_VERSION not in api_version:
+ module.fail_json(
+ msg="API version does not support ActiveCluster protection groups."
+ )
+ if ":" in module.params["pgroup"]:
+ if "::" in module.params["pgroup"]:
+ pgname = module.params["pgroup"].split("::")[1]
+ else:
+ pgname = module.params["pgroup"].split(":")[1]
+ if not pattern.match(pgname):
+ module.fail_json(
+ msg="Protection Group name {0} does not conform to naming convention".format(
+ pgname
+ )
+ )
+ else:
+ if not pattern.match(module.params["pgroup"]):
+ module.fail_json(
+ msg="Protection Group name {0} does not conform to naming convention".format(
+ pgname
+ )
+ )
+ pgroup = get_pgroup(module, array)
+ xpgroup = get_pending_pgroup(module, array)
+ if "::" in module.params["pgroup"]:
+ if not get_pod(module, array):
+ module.fail_json(
+ msg="Pod {0} does not exist.".format(
+ module.params["pgroup"].split("::")[0]
+ )
+ )
+ if not pgroup:
+ if xpgroup:
+ module.fail_json(
+ msg="Protection Group {0} is currently deleted. Please restore to use.".format(
+ module.params["pgroup"]
+ )
+ )
+ else:
+ module.fail_json(
+ msg="Protection Group {0} does not exist.".format(
+ module.params["pgroup"]
+ )
+ )
+
+ if not volume:
+ destroyed = get_destroyed_volume(module.params["name"], array)
+ target = get_target(module, array)
+ if module.params["count"]:
+ if not HAS_PURESTORAGE:
+ module.fail_json(
+ msg="py-pure-client sdk is required to support 'count' parameter"
+ )
+ if MULTI_VOLUME_VERSION not in api_version:
+ module.fail_json(
+ msg="'count' parameter is not supported until Purity//FA 6.0.0 or higher"
+ )
+ if module.params["digits"] and module.params["digits"] not in range(1, 10):
+ module.fail_json(msg="'digits' must be in the range of 1 to 10")
+ if module.params["start"] < 0:
+ module.fail_json(msg="'start' must be a positive number")
+ volume = get_multi_volumes(module)
+ if state == "present" and not volume and size:
+ create_multi_volume(module, array)
+ elif state == "present" and not volume and not size:
+ module.fail_json(msg="Size must be specified to create a new volume")
+ elif state == "absent" and not volume:
+ module.exit_json(changed=False)
+ else:
+ module.warn("Method not yet supported for multi-volume")
+ else:
+ if state == "present" and not volume and not destroyed and size:
+ if DEFAULT_API_VERSION in api_version:
+ create_multi_volume(module, array, True)
+ else:
+ create_volume(module, array)
+ elif (
+ state == "present"
+ and volume
+ and (size or bw_qos or iops_qos or module.params["promotion_state"])
+ ):
+ update_volume(module, array)
+ elif state == "present" and not volume and module.params["move"]:
+ module.fail_json(
+ msg="Volume {0} cannot be moved - does not exist (maybe deleted)".format(
+ module.params["name"]
+ )
+ )
+ elif state == "present" and volume and module.params["move"]:
+ move_volume(module, array)
+ elif state == "present" and volume and module.params["rename"]:
+ rename_volume(module, array)
+ elif (
+ state == "present"
+ and destroyed
+ and not module.params["move"]
+ and not module.params["rename"]
+ ):
+ recover_volume(module, array)
+ elif state == "present" and destroyed and module.params["move"]:
+ module.fail_json(
+ msg="Volume {0} exists, but in destroyed state".format(
+ module.params["name"]
+ )
+ )
+ elif state == "present" and volume and target:
+ copy_from_volume(module, array)
+ elif state == "present" and volume and not target:
+ copy_from_volume(module, array)
+ elif state == "absent" and volume:
+ delete_volume(module, array)
+ elif state == "absent" and destroyed:
+ eradicate_volume(module, array)
+ elif state == "present":
+ if not volume and not size:
+ module.fail_json(msg="Size must be specified to create a new volume")
+ elif state == "absent" and not volume:
+ module.exit_json(changed=False)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume_tags.py b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume_tags.py
new file mode 100644
index 000000000..e9c7fdb7c
--- /dev/null
+++ b/ansible_collections/purestorage/flasharray/plugins/modules/purefa_volume_tags.py
@@ -0,0 +1,295 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2020, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "community",
+}
+
+DOCUMENTATION = r"""
+---
+module: purefa_volume_tags
+version_added: '1.0.0'
+short_description: Manage volume tags on Pure Storage FlashArrays
+description:
+- Manage volume tags for volumes on Pure Storage FlashArray.
+- Requires a minimum of Purity 6.0.0
+author:
+- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
+options:
+ name:
+ description:
+ - The name of the volume.
+ type: str
+ required: true
+ namespace:
+ description:
+ - The name of tag namespace
+ default: default
+ type: str
+ copyable:
+ description:
+ - Define whether the volume tags are inherited on volume copies.
+ default: true
+ type: bool
+ kvp:
+ description:
+ - List of key value pairs to assign to the volume.
+ - Seperate the key from the value using a colon (:) only.
+ - All items in list will use I(namespace) and I(copyable) settings.
+ - Maximum of 5 tags per volume
+ - See examples for exact formatting requirements
+ type: list
+ elements: str
+ required: true
+ state:
+ description:
+ - Define whether the volume tag(s) should exist or not.
+ default: present
+ choices: [ absent, present ]
+ type: str
+extends_documentation_fragment:
+- purestorage.flasharray.purestorage.fa
+"""
+
+EXAMPLES = r"""
+- name: Create new tags in namespace test for volume foo
+ purestorage.flasharray.purefa_volume_tags:
+ name: foo
+ namespace: test
+ copyable: false
+ kvp:
+ - 'key1:value1'
+ - 'key2:value2'
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+- name: Remove an existing tag in namespace test for volume foo
+ purestorage.flasharray.purefa_volume_tags:
+ name: foo
+ namespace: test
+ kvp:
+ - 'key1:value1'
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: absent
+
+- name: Update an existing tag in namespace test for volume foo
+ purestorage.flasharray.purefa_volume_tags:
+ name: foo
+ namespace: test
+ kvp:
+ - 'key1:value2'
+ fa_url: 10.10.10.2
+ api_token: e31060a7-21fc-e277-6240-25983c6c4592
+ state: present
+"""
+
+RETURN = r"""
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import (
+ get_system,
+ purefa_argument_spec,
+)
+
+
+TAGS_API_VERSION = "1.19"
+
+
+def get_volume(module, array):
+ """Return Volume or None"""
+ try:
+ return array.get_volume(module.params["name"], pending=True)
+ except Exception:
+ return None
+
+
+def get_endpoint(name, array):
+ """Return Endpoint or None"""
+ try:
+ return array.get_volume(name, pending=True, protocol_endpoint=True)
+ except Exception:
+ return None
+
+
+def create_tag(module, array):
+ """Create Volume Tag"""
+ changed = True
+ if not module.check_mode:
+ for tag in range(0, len(module.params["kvp"])):
+ try:
+ array.add_tag_to_volume(
+ module.params["name"],
+ copyable=module.params["copyable"],
+ namespace=module.params["namespace"],
+ key=module.params["kvp"][tag].split(":")[0],
+ value=module.params["kvp"][tag].split(":")[1],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to add tag KVP {0} to volume {1}".format(
+ module.params["kvp"][tag], module.params["name"]
+ )
+ )
+
+ module.exit_json(changed=changed)
+
+
+def update_tag(module, array, current_tags):
+ """Update Volume Tag"""
+ changed = False
+ for tag in range(0, len(module.params["kvp"])):
+ tag_exists = False
+ for current_tag in range(0, len(current_tags)):
+ if (
+ module.params["kvp"][tag].split(":")[0]
+ == current_tags[current_tag]["key"]
+ and module.params["namespace"] == current_tags[current_tag]["namespace"]
+ ):
+ tag_exists = True
+ if (
+ module.params["kvp"][tag].split(":")[1]
+ != current_tags[current_tag]["value"]
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.add_tag_to_volume(
+ module.params["name"],
+ namespace=module.params["namespace"],
+ key=module.params["kvp"][tag].split(":")[0],
+ value=module.params["kvp"][tag].split(":")[1],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to update tag '{0}' from volume {1}".format(
+ module.params["kvp"][tag].split(":")[0],
+ module.params["name"],
+ )
+ )
+
+ if not tag_exists:
+ changed = True
+ if not module.check_mode:
+ try:
+ array.add_tag_to_volume(
+ module.params["name"],
+ namespace=module.params["namespace"],
+ key=module.params["kvp"][tag].split(":")[0],
+ value=module.params["kvp"][tag].split(":")[1],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to add tag KVP {0} to volume {1}".format(
+ module.params["kvp"][tag].split(":")[0],
+ module.params["name"],
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def delete_tag(module, array, current_tags):
+ """Delete Tag"""
+ changed = False
+ for tag in range(0, len(module.params["kvp"])):
+ for current_tag in range(0, len(current_tags)):
+ if (
+ module.params["kvp"][tag].split(":")[0]
+ == current_tags[current_tag]["key"]
+ and module.params["namespace"] == current_tags[current_tag]["namespace"]
+ ):
+ changed = True
+ if not module.check_mode:
+ try:
+ array.remove_tag_from_volume(
+ module.params["name"],
+ namespace=module.params["namespace"],
+ key=module.params["kvp"][tag].split(":")[0],
+ )
+ except Exception:
+ module.fail_json(
+ msg="Failed to remove tag KVP '{0}' from volume {1}".format(
+ module.params["kvp"][tag], module.params["name"]
+ )
+ )
+ module.exit_json(changed=changed)
+
+
+def main():
+ argument_spec = purefa_argument_spec()
+ argument_spec.update(
+ dict(
+ name=dict(type="str", required=True),
+ copyable=dict(type="bool", default=True),
+ namespace=dict(type="str", default="default"),
+ state=dict(type="str", default="present", choices=["absent", "present"]),
+ kvp=dict(type="list", elements="str", required=True),
+ )
+ )
+
+ module = AnsibleModule(argument_spec, supports_check_mode=True)
+
+ state = module.params["state"]
+ if module.params["kvp"] is not None:
+ module.params["kvp"] = sorted(module.params["kvp"][0:5])
+ else:
+ module.fail_json(msg="No KVPs specified. Minimum of 1 is required.")
+ array = get_system(module)
+ api_version = array._list_available_rest_versions()
+
+ if TAGS_API_VERSION not in api_version:
+ module.fail_json(
+ msg="Volume tags are not supported. Purity 6.0.0, or higher, is required."
+ )
+
+ volume = get_volume(module, array)
+ endpoint = get_endpoint(module.params["name"], array)
+
+ if not volume:
+ module.fail_json(msg="Volume {0} does not exist.".format(module.params["name"]))
+ if endpoint:
+ module.fail_json(
+ msg="Volume {0} is an endpoint. Tags not allowed.".format(
+ module.params["name"]
+ )
+ )
+ if "." in module.params["name"]:
+ current_tags = array.get_volume(
+ module.params["name"],
+ snap=True,
+ pending=True,
+ tags=True,
+ namespace=module.params["namespace"],
+ )
+ else:
+ current_tags = array.get_volume(
+ module.params["name"],
+ pending=True,
+ tags=True,
+ namespace=module.params["namespace"],
+ )
+
+ if state == "present" and not current_tags:
+ create_tag(module, array)
+ elif state == "absent" and not current_tags:
+ module.exit_json(changed=False)
+ elif state == "present" and current_tags:
+ update_tag(module, array, current_tags)
+ elif state == "absent" and current_tags:
+ delete_tag(module, array, current_tags)
+
+ module.exit_json(changed=False)
+
+
+if __name__ == "__main__":
+ main()