na_ontap_firewall_policy - NetApp ONTAP Manage a firewall policy
- Manage a firewall policy for an Ontap Cluster
The below requirements are needed on the host that executes this module.
- A physical or virtual clustered Data ONTAP system. The modules were developed with Clustered Data ONTAP 9.3
- Ansible 2.6
- netapp-lib (2017.10.30). Install using ‘pip install netapp-lib’
- To enable http on the cluster you must run the following commands ‘set -privilege advanced;’ ‘system services web modify -http-enabled true;’
Parameter |
Choices/Defaults |
Comments |
allow_list
|
|
A list of IPs and masks to use
|
enable
|
Choices:
enable ←
- disable
|
enabled firewall
|
hostname
required |
|
The hostname or IP address of the ONTAP instance.
|
http_port
int |
|
Override the default port (80 or 443) with this port
|
https
bool |
|
Enable and disable https
|
logging
|
Choices:
- enable
disable ←
|
enable logging
|
node
required |
|
The node to run the firewall configuration on
|
password
required |
|
Password for the specified user.
aliases: pass
|
policy
required |
|
A policy name for the firewall policy
|
service
required |
Choices:
- http
- https
- ntp
- rsh
- snmp
- ssh
- telnet
|
The service to apply the policy to
|
state
|
Choices:
present ←
- absent
|
Whether to set up a fire policy or not
|
username
required |
|
aliases: user
|
validate_certs
bool |
|
If set to False , the SSL certificates will not be validated.
This should only set to False used on personally controlled sites using self-signed certificates.
|
vserver
required |
|
The Vserver to apply the policy to.
|
Note
- The modules prefixed with na_ontap are built to support the ONTAP storage platform.
- name: create firewall Policy
na_ontap_firewall_policy:
state: present
allow_list: [1.2.3.4/24,1.3.3.4/24]
policy: pizza
service: http
vserver: ci_dev
hostname: "{{ netapp hostname }}"
username: "{{ netapp username }}"
password: "{{ netapp password }}"
node: laurentn-vsim1
- name: Modify firewall Policy
na_ontap_firewall_policy:
state: present
allow_list: [1.2.3.4/24,1.3.3.4/24]
policy: pizza
service: http
vserver: ci_dev
hostname: "{{ netapp hostname }}"
username: "{{ netapp username }}"
password: "{{ netapp password }}"
node: laurentn-vsim1
- name: Destory firewall Policy
na_ontap_firewall_policy:
state: absent
policy: pizza
service: http
vserver: ci_dev
hostname: "{{ netapp hostname }}"
username: "{{ netapp username }}"
password: "{{ netapp password }}"
node: laurentn-vsim1
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.