For a more up to date post about native Pure Storage FlashArray modules in Ansible go here.

Last week I got a question from a prospect asking about managing a Pure Storage FlashArray using Ansible Playbooks. Now I know that Ansible is becoming one of the go-to configuration management toolsets but I had no actual hands-on experience.

What to do?

Well, why not learn Ansible and work out how to create Playbooks that anyone can use to manage their Pure Storage FlashArray.

Two days later I have a basic grasp of Ansible and have a bunch of simple playbooks that do the basic provisioning tasks for a FlashArray.

This blog post will talk about how to write an Ansible Playbook for a Pure Storage FlashArray, the things you need to be aware of and give an example Playbook to create a volume and attach it to a host. I won’t be covering using Inventory files or how to protect your authentication data in Ansible Vault.

The first thing to know about creating a Playbook is that you have to have Ansible installed on a local server, in my case I went with an Ubuntu 14.04 host and installed Ansible 2.2. Secondly, you need to know that we will be using the core Ansible URI module which will communicate with the FlashArray’s RestAPI interface. There are no additional things to be installed from the Pure Storage perspective.

The Pure Storage FlashArray RestAPI interface requires authentication to create a session and in your Playbook you must first create the session and hold onto that information so that it can be used by all your subsequent requests to the FlashArray. The authentication is performed using RestAPI tokens that are unique for each registered user on the FlashArray, whether that be the local pureuser account or any account accessed via Active Directory or LDAP. To get the API token you can either get it through the GUI, use the array CLI to issue the token, or, given what this blog post is about, use Ansible to get your token.

Here’s a simple Playbook that gets the API token for the pureuser account:

Running this in Ansible using the ansible-playbook command:

will produce the following output:


There’s your API token you are going to use from now on in your Playbooks.

Notice that in the Playbook above I provided some hard-coded variables that you will need to modify for your own array. The most interesting of these is api_version. This should be the highest version of API that your array supports and this will be variable depending on the version of Purity your FlashArray is running.  How do you find this out? Let’s use an Ansible Playbook to get that information as well…

The output from running this playbook with:

shows that this particular array can support any API version up to 1.8, the latest that shipped with our 4.8.3 version of Purity:


OK – so we have an API version to use and an API token. Now we can actually do some provisioning on the FlashArray.

At the start of this post we said we were going to create a volume and attach it to a host. So let’s do that…

We are going to create a 10GB volume, called ansible-vol and attach it to a host called ansible-host. This host will connect to the FlashArray using iSCSI and the iSCSI IQN for the host is

We could pass all of this information as hard-coded variables in the playbook, but I’m going to make the following playbook a little more generic and allow variables to be passed from the ansible-playbook command line using the –e switch.

The most important thing to take away from this playbook is the first task. This is where we open the RestAPI session we are going to use to perform all of our FlashArray configuration. We keep this session information and use it in every subsequent task to ensure we are using the open session.

If you don’t use the session information then you will get a 401 UNAUTHORIZED error from the FlashArray. The critical line in each task is HEADER_cookie.

IMPORTANT NOTE: The session will only be valid for 30 minutes, so if you have really complex, long-running playbooks then you may need to recreate a session after the previous one times out.

Also in the playbook will be some tasks at the beginning and end to show the host and volume have been created and attached to each other…

To run this playbook and pass all the external variables you would execute:

which will produce the following:


And that is how to use Ansible Playbooks to manage your Pure Storage FlashArray.

There is actually a Pure Storage GitHub repository available with some very simple examples of different tasks you would normally use on a FlashArray. You can find it here:

Please feel free to do a pull request and add your own playbooks to this repository. All contributions gratefully accepted, particularly if you are a much more talented Ansible person than myself.

Any contributions featuring Ansible Vault and using Inventory files would be awesome!