Lenovo created playbooks that can be used with DM Series (ONTAP) storage systems to help with:
- Provisioning
- Configuring
- Ansible >= 2.9
- Requests >= 2.20
- netapp-lib >= 2018.11.13
- python3 >= 3.6.8
- ONTAP collection >= 21.16.0
- Install Ansible
yum install ansible
- Install the ONTAP Ansible collection from Ansible Galaxy
ansible-galaxy collection install netapp.ontap
- Install the Community Crypto Ansible collection from Ansible Galaxy (Required only when using certificate playbook)
ansible-galaxy collection install community.crypto
- Install the netapp-lib Python library
pip3 install netapp-lib
Normal:
ansible-playbook <playbook>.yml
Recommended (for better ouput formatting):
ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook <playbook>.yml
To pre-define certain variables, use:
ansible-playbook <playbook>.yml --extra-vars "<var>=<value> <var2>=<value2>"
- Certificate
- Fibre Channel (FCP)
- iSCSI
- NFS
- NVMe
- Security Hardening
- SnapMirror
- SnapShot
- Volume Create
Playbook to install self signed or signed SSL certificate to a cluster
Playbook to configure and provision an FC target (to be ready for initiator to connect to)
Includes creation of:
- SVM (FC enabled)
- Data LIFs
- LUN
- Initiator Group
Playbook to configure and provision an iSCSI target (to be ready for initiator to connect to)
Includes creation of:
- SVM (iSCSI enabled)
- Data LIFs
- LUN
- Initiator Group
Playbook to configure and provision an NFS target (to be ready for initiator to connect to) (Intended for use in clusters with available spare disks to create data aggregates from)
Includes creation of:
- SVM (NFS enabled)
- Data aggregates (local tiers)
- Data LIFs
- Volume
- Export Policy Intended for use in clusters with available spare disks to create data aggregates from
Playbook to configure and provision an NVMe target (NVMe-FC/NVMe-TCP) (to be ready for initiator to connect to) (Intended for use in clusters with available spare disks to create data aggregates from)
Includes creation of:
- SVM (NVMe-FC or NVMe-TCP enabled)
- Data aggregates (local tiers)
- Data LIFs (FC or Ethernet)
- NVMe subsystem
- Namespace
Playbook to configure recommended security settings for a cluster, including:
- Login banner
- Minimum number of digits for password: 1
- Minimum number of special characters for password: 1
- Minimum number of lower case letters for password: 1
- Minimum number of upper case letters for password: 1
- Number of unique passwords before allowing re-use: 5
- Number of days for password change delay: 1
- TLS and cipher settings
- Initial password change enforcement (Enabled)
Also to recommend the following: - Aggregate encryption
- Volume encryption
- vserver auditing
- Using signed certificates
- NTP server configuration
Playbook to configure a SnapMirror relationship between two clusters
Includes creation of:
- SVM peering
- SnapMirror relationship
Playbook to create a snapshot for a volume
Includes creation of:
- Snapshot
Playbook to provision a LUN, volume or namespace and also to setup to be ready to be consumed by initiator(s) (Intended for use in clusters with SVM, aggregates, etc. already created)
Includes creation of:
- LUN
- Volume
- Namespace
- (security_hardening.yml) The initial password change will be enforced after running the playbook even if the password has already been changed from default. After running the playbook, SSH using the cluster management IP address to be prompted to change the password
- (security_hardening.yml) Volume encryption checks even if you don't have encryption license/encrypted build. In this case, this suggestion can be ignored
- (certificate.yml) Community Crypto Ansible collection is only required for the certificate playbook
- Upon playbook execution, the following error message is observed:
"fatal: [localhost]: FAILED! => {"changed": false, "msg": "the python NetApp-Lib module is required"}"
Fix: Run pip3 install netapp-lib
- ONTAP Ansible Module documentation: https://docs.ansible.com/ansible/devel/collections/netapp/ontap/