feat: add Ansible playbook for CIFS share provisioning workflow

ansible/README.md

@@ -93,6 +93,27 @@ ansible-playbook -i inventory/hosts.yml nfs_provision.yml \
     -e client_match=10.0.0.0/8
 ```
 
+### CIFS Share Provisioning
+
+Create a FlexVol volume with NTFS security style, create a CIFS share, set the
+share ACL, and verify the result.
+
+```bash
+ansible-playbook -i inventory/hosts.yml cifs_provision.yml \
+    -e volume_name=cifs_test_env
+```
+
+Override variables on the command line:
+
+```bash
+ansible-playbook -i inventory/hosts.yml cifs_provision.yml \
+    -e volume_name=cifs_demo \
+    -e share_name=demo_share \
+    -e aggregate_name=aggr1 \
+    -e acl_user=Everyone \
+    -e acl_permission=full_control
+```
+
 ---
 
 ## File Overview
@@ -104,6 +125,7 @@ ansible-playbook -i inventory/hosts.yml nfs_provision.yml \
 | `group_vars/ontap.yml.example` | Connection and default variable template |
 | `cluster_info.yml` | Get cluster version + node list |
 | `nfs_provision.yml` | Create NFS volume with export policy |
+| `cifs_provision.yml` | Create CIFS share with volume and ACL |
 
 ## Design Decisions
 

ansible/cifs_provision.yml

@@ -0,0 +1,95 @@
+---
+# cifs_provision.yml — Create a CIFS (SMB) share with volume and ACL.
+#
+# Equivalent to:  orchestrio run yaml-workflows/workflows/cifs_provision.yaml
+#
+# Usage:
+#   ansible-playbook -i inventory/hosts.yml cifs_provision.yml
+#
+# Override variables on the command line:
+#   ansible-playbook -i inventory/hosts.yml cifs_provision.yml \
+#       -e volume_name=cifs_demo -e share_name=demo_share -e aggregate_name=aggr1
+#
+- name: Provision CIFS share on ONTAP
+  hosts: ontap
+  gather_facts: false
+  connection: local
+
+  tasks:
+    # -- Step 1: Create FlexVol with NTFS security style ----------------
+    - name: Create volume '{{ volume_name }}' with NTFS security style
+      netapp.ontap.na_ontap_volume:
+        hostname: "{{ ontap_hostname }}"
+        username: "{{ ontap_username }}"
+        password: "{{ ontap_password }}"
+        https: "{{ ontap_https }}"
+        validate_certs: "{{ ontap_validate_certs }}"
+        use_rest: always
+        state: present
+        name: "{{ volume_name }}"
+        vserver: "{{ svm_name }}"
+        aggregate_name: "{{ aggregate_name }}"
+        size: "{{ volume_size }}"
+        size_unit: "{{ volume_size_unit }}"
+        junction_path: "/{{ volume_name }}"
+        volume_security_style: ntfs
+        wait_for_completion: true
+      no_log: false
+
+    # -- Step 2: Create CIFS share on the volume ------------------------
+    - name: Create CIFS share '{{ share_name }}'
+      netapp.ontap.na_ontap_cifs:
+        hostname: "{{ ontap_hostname }}"
+        username: "{{ ontap_username }}"
+        password: "{{ ontap_password }}"
+        https: "{{ ontap_https }}"
+        validate_certs: "{{ ontap_validate_certs }}"
+        use_rest: always
+        state: present
+        share_name: "{{ share_name }}"
+        path: "/{{ volume_name }}"
+        vserver: "{{ svm_name }}"
+        comment: "{{ share_comment }}"
+      no_log: false
+
+    # -- Step 3: Set share ACL ------------------------------------------
+    - name: Set ACL — '{{ acl_user }}' → {{ acl_permission }}
+      netapp.ontap.na_ontap_cifs_acl:
+        hostname: "{{ ontap_hostname }}"
+        username: "{{ ontap_username }}"
+        password: "{{ ontap_password }}"
+        https: "{{ ontap_https }}"
+        validate_certs: "{{ ontap_validate_certs }}"
+        use_rest: always
+        state: present
+        share_name: "{{ share_name }}"
+        vserver: "{{ svm_name }}"
+        user_or_group: "{{ acl_user }}"
+        permission: "{{ acl_permission }}"
+      no_log: false
+
+    # -- Step 4: Verify share exists ------------------------------------
+    - name: Verify CIFS share '{{ share_name }}'
+      netapp.ontap.na_ontap_rest_info:
+        hostname: "{{ ontap_hostname }}"
+        username: "{{ ontap_username }}"
+        password: "{{ ontap_password }}"
+        https: "{{ ontap_https }}"
+        validate_certs: "{{ ontap_validate_certs }}"
+        use_rest: always
+        gather_subset:
+          - protocols/cifs/shares
+        parameters:
+          name: "{{ share_name }}"
+          svm.name: "{{ svm_name }}"
+          fields: "name,path,acls"
+      register: share_info
+      no_log: false
+
+    # -- Summary --------------------------------------------------------
+    - name: Print summary
+      ansible.builtin.debug:
+        msg: >-
+          Done — CIFS share '{{ share_name }}' created on volume '{{ volume_name }}'
+          ({{ volume_size }}{{ volume_size_unit }}) on SVM '{{ svm_name }}',
+          path: /{{ volume_name }}, ACL: {{ acl_user }} → {{ acl_permission }}

ansible/group_vars/ontap.yml.example

@@ -11,10 +11,19 @@ ontap_password: "CHANGEME"
 ontap_https: true
 ontap_validate_certs: false   # set true when using CA-signed certificates
 
-# NFS provisioning defaults (used by nfs_provision.yml)
+# Shared provisioning defaults
 svm_name: vs0
-volume_name: vol_nfs_test_01
 volume_size: 100
 volume_size_unit: mb
 aggregate_name: aggr1
+
+# NFS provisioning defaults (used by nfs_provision.yml)
+volume_name: vol_nfs_test_01
 client_match: "0.0.0.0/0"
+
+# CIFS provisioning defaults (used by cifs_provision.yml)
+# volume_name: vol_cifs_test_01         # uncomment to override for CIFS
+share_name: cifs_share_test
+share_comment: "Provisioned by orchestrio"
+acl_user: Everyone
+acl_permission: full_control