tseed
/
redhat_cloudforms_azure_arm_ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
redhat_cloudforms_azure_arm.../ansible-netapp-qtree-provison/README.md

2.1 KiB
Executable File
Raw Blame History

What is this playbook?

It provisions a qtree on an existing volume shared over samba, it will then apply ACL by powershell to replicate the manual steps taken by the UoN storage team.

The playbook was tested on a development build of a netapp single node cluster with an svm connected to a domain.

This playbook is functional but unfinished requiring input validation for cloudforms parameterisation, better error condition reporting and customised UoN branded HTML customer notification email templates.

Time was called when the UoN development netapp svm test account roles were unable to grant sufficient permissions to run this playbook, previously the native ansible modules targeted the netapp cluster manager. This playbook should run against the netapp cluster manager with the included API calls with the exception of the DACL cli API endpoints, these could be changed to run against the cluster manager IP OR the ansible netapp module reinstated, included in the play are the original native ansible module cli commands that would replace the DACL API calls for whomever picks up this task.

The README_DACL.md contains the commands used over ssh to apply the DACL, these could be also be run over ssh by ansible as an alternative to API calls or the ansible netapp cli module.

The playbook demonstrates

Checks cloudforms environment and changes the name of the service to include the request ID to uniquely identify what has been ordered.

Check the AD users/groups provided for the share permissions are valid.

Builds a list of users/groups who will have access to the samba share.

Builds a list of users is nested groups and looks up from AD their associated email address to be used in access notification emails.

Creates a qtree on the target volume.

Creates a quota for the qtree.

Toggles volume quotas off then on to ensure the qtree level quota takes effect.

Creates DACL policy for a service account that will later change folder ACL over the samba share.

Runs powershell via a windows host to change the folder ACL presented over samba.