adlytaibi.sgws_config

sgws_config

This guide is for setting up a NetApp StorageGRID using a series of roles and modules. Here are the things you can do:

Grid Tasks:

• Get permission to obtain a grid token
• Install secure SSL certificates for API management
• Install secure SSL certificates for storage management
• Set up an identity provider
• Create admin groups for the grid (local or federated)
• Create admin users for the grid
• Create a new tenant

Tenant Tasks:

• Get permission to obtain a tenant token (using a new or existing account ID)
• Set up an identity provider for the tenant
• Create groups for the tenant (local or federated)
• Create users for the tenant
• Generate S3 access keys for the tenant
• Create a bucket for the tenant

Important Notes:

• You must set up an identity provider before creating federated groups.
• You can create both federated and local groups at the same time.
• Local users within a federated group will not be considered.

Requirements

• Install Ansible.
• Get the Galaxy role.

Role Variables

You can adjust the variables for this role in roles/sgws_config/vars/main.yml. Use ansible-vault to secure passwords and credentials. Check other variable files in roles/sgws_config/vars/ for specific tasks.

Before installing SSL certificates for API management, make sure you have three files: mgmt_cert.pem, mgmt_cert.key, and chain.pem in roles/sgws_config/files. For storage management, you will need stor_cert.pem, stor_cert.key, and chain.pem. There are also helper scripts available (see below).

You can enable or disable tasks in roles/adlytaibi.sgws_config/tasks/main.yml by commenting or uncommenting lines. The SSL certificate tasks are disabled by default for preparation reasons.

Dependencies

No additional dependencies are required.

How to Use

If you'd rather watch a video, check out this tutorial.

Example Playbook

Here’s a basic command to run the playbook:

# ansible-playbook --vault-password-file ~/.passwd ~/.ansible/roles/adlytaibi.sgws_config/sgws_config.yml

Using ansible-vault

You can set your own password for creating a vault. Create the file ~/.passwd to store your password:

# echo -n NetApp123 > ~/.passwd

Encrypt any value with this password like so:

# echo -n netapp01 | ansible-vault encrypt --vault-password-file ~/.passwd > vault.txt
# cat vault.txt

If you want to check the encrypted values:

# cat vault.txt | ansible-vault decrypt --vault-password-file ~/.passwd

Helper Scripts

In the ~/.ansible/roles/adlytaibi.sgws_config/files/scripts directory, you'll find configuration files for SSL. Update them to fit your setup, then create a private key and CSR by running:

# cd ~/.ansible/roles/adlytaibi.sgws_config/files
# scripts/mgmt_sign
# scripts/stor_sign

After signing the SSL certificates, rename and move them into ~/.ansible/roles/adlytaibi.sgws_config/files as needed. Run the bundle script to convert and prepare the chain bundle.

License

GPL

Author Information

• Adly Taibi