From 14cb11d34f1c4858136eeb8b44e639da7251b5a1 Mon Sep 17 00:00:00 2001 From: Kavya Agarwal Date: Tue, 14 Apr 2026 01:21:04 +0530 Subject: [PATCH] feat: add Ansible playbook for CIFS share provisioning workflow Add ansible/cifs_provision.yml playbook that creates a FlexVol with NTFS security style, creates a CIFS share, sets share ACL, and verifies the share. Update group_vars example with CIFS-specific defaults and README with usage docs. --- ansible/README.md | 22 +++++++ ansible/cifs_provision.yml | 95 ++++++++++++++++++++++++++++ ansible/group_vars/ontap.yml.example | 13 +++- 3 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 ansible/cifs_provision.yml diff --git a/ansible/README.md b/ansible/README.md index b5d9194..31a71b0 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -93,6 +93,27 @@ ansible-playbook -i inventory/hosts.yml nfs_provision.yml \ -e client_match=10.0.0.0/8 ``` +### CIFS Share Provisioning + +Create a FlexVol volume with NTFS security style, create a CIFS share, set the +share ACL, and verify the result. + +```bash +ansible-playbook -i inventory/hosts.yml cifs_provision.yml \ + -e volume_name=cifs_test_env +``` + +Override variables on the command line: + +```bash +ansible-playbook -i inventory/hosts.yml cifs_provision.yml \ + -e volume_name=cifs_demo \ + -e share_name=demo_share \ + -e aggregate_name=aggr1 \ + -e acl_user=Everyone \ + -e acl_permission=full_control +``` + --- ## File Overview @@ -104,6 +125,7 @@ ansible-playbook -i inventory/hosts.yml nfs_provision.yml \ | `group_vars/ontap.yml.example` | Connection and default variable template | | `cluster_info.yml` | Get cluster version + node list | | `nfs_provision.yml` | Create NFS volume with export policy | +| `cifs_provision.yml` | Create CIFS share with volume and ACL | ## Design Decisions diff --git a/ansible/cifs_provision.yml b/ansible/cifs_provision.yml new file mode 100644 index 0000000..561380a --- /dev/null +++ b/ansible/cifs_provision.yml @@ -0,0 +1,95 @@ +--- +# cifs_provision.yml — Create a CIFS (SMB) share with volume and ACL. +# +# Equivalent to: orchestrio run yaml-workflows/workflows/cifs_provision.yaml +# +# Usage: +# ansible-playbook -i inventory/hosts.yml cifs_provision.yml +# +# Override variables on the command line: +# ansible-playbook -i inventory/hosts.yml cifs_provision.yml \ +# -e volume_name=cifs_demo -e share_name=demo_share -e aggregate_name=aggr1 +# +- name: Provision CIFS share on ONTAP + hosts: ontap + gather_facts: false + connection: local + + tasks: + # -- Step 1: Create FlexVol with NTFS security style ---------------- + - name: Create volume '{{ volume_name }}' with NTFS security style + netapp.ontap.na_ontap_volume: + hostname: "{{ ontap_hostname }}" + username: "{{ ontap_username }}" + password: "{{ ontap_password }}" + https: "{{ ontap_https }}" + validate_certs: "{{ ontap_validate_certs }}" + use_rest: always + state: present + name: "{{ volume_name }}" + vserver: "{{ svm_name }}" + aggregate_name: "{{ aggregate_name }}" + size: "{{ volume_size }}" + size_unit: "{{ volume_size_unit }}" + junction_path: "/{{ volume_name }}" + volume_security_style: ntfs + wait_for_completion: true + no_log: false + + # -- Step 2: Create CIFS share on the volume ------------------------ + - name: Create CIFS share '{{ share_name }}' + netapp.ontap.na_ontap_cifs: + hostname: "{{ ontap_hostname }}" + username: "{{ ontap_username }}" + password: "{{ ontap_password }}" + https: "{{ ontap_https }}" + validate_certs: "{{ ontap_validate_certs }}" + use_rest: always + state: present + share_name: "{{ share_name }}" + path: "/{{ volume_name }}" + vserver: "{{ svm_name }}" + comment: "{{ share_comment }}" + no_log: false + + # -- Step 3: Set share ACL ------------------------------------------ + - name: Set ACL — '{{ acl_user }}' → {{ acl_permission }} + netapp.ontap.na_ontap_cifs_acl: + hostname: "{{ ontap_hostname }}" + username: "{{ ontap_username }}" + password: "{{ ontap_password }}" + https: "{{ ontap_https }}" + validate_certs: "{{ ontap_validate_certs }}" + use_rest: always + state: present + share_name: "{{ share_name }}" + vserver: "{{ svm_name }}" + user_or_group: "{{ acl_user }}" + permission: "{{ acl_permission }}" + no_log: false + + # -- Step 4: Verify share exists ------------------------------------ + - name: Verify CIFS share '{{ share_name }}' + netapp.ontap.na_ontap_rest_info: + hostname: "{{ ontap_hostname }}" + username: "{{ ontap_username }}" + password: "{{ ontap_password }}" + https: "{{ ontap_https }}" + validate_certs: "{{ ontap_validate_certs }}" + use_rest: always + gather_subset: + - protocols/cifs/shares + parameters: + name: "{{ share_name }}" + svm.name: "{{ svm_name }}" + fields: "name,path,acls" + register: share_info + no_log: false + + # -- Summary -------------------------------------------------------- + - name: Print summary + ansible.builtin.debug: + msg: >- + Done — CIFS share '{{ share_name }}' created on volume '{{ volume_name }}' + ({{ volume_size }}{{ volume_size_unit }}) on SVM '{{ svm_name }}', + path: /{{ volume_name }}, ACL: {{ acl_user }} → {{ acl_permission }} diff --git a/ansible/group_vars/ontap.yml.example b/ansible/group_vars/ontap.yml.example index c2a0e14..e7a7a82 100644 --- a/ansible/group_vars/ontap.yml.example +++ b/ansible/group_vars/ontap.yml.example @@ -11,10 +11,19 @@ ontap_password: "CHANGEME" ontap_https: true ontap_validate_certs: false # set true when using CA-signed certificates -# NFS provisioning defaults (used by nfs_provision.yml) +# Shared provisioning defaults svm_name: vs0 -volume_name: vol_nfs_test_01 volume_size: 100 volume_size_unit: mb aggregate_name: aggr1 + +# NFS provisioning defaults (used by nfs_provision.yml) +volume_name: vol_nfs_test_01 client_match: "0.0.0.0/0" + +# CIFS provisioning defaults (used by cifs_provision.yml) +# volume_name: vol_cifs_test_01 # uncomment to override for CIFS +share_name: cifs_share_test +share_comment: "Provisioned by orchestrio" +acl_user: Everyone +acl_permission: full_control