ONTAP: Use Ansible to Provision S3 Storage

A great way to gain understanding of Ansible (or any language for that matter) is seeing code examples. The Ansible documentation links below also have code examples.

Table of Contents

  1. References
  2. s3_playbook
    1. What it does
    2. Vars File
    3. Playbook
    4. Running the Playbook
  3. Using Roles
    1. Folder Structure
    2. provision_s3 role: main.yml files
      1. meta > main.yml file
      2. tasks > main.yml file
      3. vars > main.yml file
    3. Example Playbook Using the provision_s3 Role
    4. Running the Playbook

1. References

References to the NetApp ONTAP Ansible modules used in this post:

2. s3_playbook

2.1. What it does

Creates an S3 Bucket

2.2. Vars File

s3_vars.yml

netapp_hostname: cluster1.yourcompany.com
netapp_username: admin
vserver: svm1_cluster1
bucket_name: bucket1
statements:
  - sid: 1
    resources: bucket1
    actions: 
      - GetObject
      - ListBucket
    effect: allow
    principals: sm_s3_user
  - sid: 2
    resources: bucket1
    actions:
      - PutObject
      - DeleteObject
    effect: deny
    principals: sm_s3_user

2.3. Playbook

s3_playbook.yml

---
- hosts: localhost
  gather_facts: false
  name: Provision S3 Storage
  collections:
    - netapp.ontap

  module_defaults:
    group/netapp.ontap.netapp_ontap:
      hostname: "{{ netapp_hostname }}"
      username: "{{ netapp_username }}"
      password: "{{ netapp_password }}"
      vserver: "{{ vserver }}"
      https: true
      validate_certs: false
      use_rest: auto
  vars_prompt:
    - name: "netapp_password"
      prompt: "Enter the NetApp Admin Password"
      private: true
      confirm: true
  vars_files:
    - ./s3_vars.yml

  tasks:
    - name: Create S3 Bucket
      na_ontap_s3_buckets:
        state: present
        name: "{{ bucket_name }}"
        policy:
          statements: "{{ statements }}"

2.4. Running the Playbook

ansible@ansible:~$ ansible-playbook s3_playbook.yml


3. Using Roles

For reuse-ability, using roles is the recommended way of doing things:

Ansible - Roles (tutorialspoint.com) 

"Roles provide a framework for fully independent, or interdependent collections of variables, tasks, files, templates, and modules.

"In Ansible, the role is the primary mechanism for breaking a playbook into multiple files. This simplifies writing complex playbooks, and it makes them easier to reuse. The breaking of playbook allows you to logically break the playbook into reusable components."

3.1. Folder Structure

In the roles folder, we create our role folder (our role) called - provision_s3 - and 3 folders inside that folder - meta, tasks, vars. Each of the 3 sub-folders has a main.yml file.

  • roles
    • provision_s3
      • meta
        • main.yml
      • tasks
        • main.yml
      • vars
        • main.yml

3.2 provision_s3 role: main.yml files

3.2.1. meta > main.yml file

collections:
  - netapp.ontap

3.2.2. tasks > main.yml file

---
- name: Create S3 Bucket
  na_ontap_s3_buckets:
    state: present
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"
    vserver: "{{ vserver }}"
    https: true
    validate_certs: false
    use_rest: auto
    name: "{{ bucket_name }}"
    policy:
      statements: "{{ statements }}"

3.2.3. vars > main.yml file

netapp_hostname: cluster1.yourcompany.com
netapp_username: admin
vserver: svm1_cluster1

3.3. Example Playbook Using the provision s3 Role

provision_s3.yml

- hosts: localhost
  gather_facts: false

  vars_prompt:
    - name: "netapp_password"
      prompt: "Enter the NetApp Admin Password"
      private: true
      confirm: true
  
  roles:
    - role: provision_s3
      bucket_name: bucket2
      statements:
        - sid: 1
          resources: bucket2
          actions: 
            - GetObject
            - ListBucket
          effect: allow
          principals: sm_s3_user

3.4. Running the Playbook

ansible@ansible:~$ ansible-playbook provision_s3.yml

Comments