Ansible folks, there is a post on our community forum that might need one of your expertise to help address - https://community.netapp.com/t5/Software-Development-Kit-SDK-and-API-Discussions/Ansible-ONTAP-LIF-delete-not-working/td-p/436956

Hey sorry was late to join discord, I"ll look through some of the issue here and see if we have stories for them or if they have been solved.

Yep, we're here to help!

Finally made it and starting to get used to the new environment. Looks cool 😎 I am also happy about the name change to #╭・ansible🔒!

Hi everyone!

New here. Let's see how this works. I'm trying to use the na_ontap_volume_efficiency module. First, I don't know why you specify the path when using the CLI you specify the volume. "Error enabling storage efficiency for path /vol1 on vserver svm1: NetApp API failed. Reason - 13115:Invalid value specified for "path" element within "sis-enable". I verified the volume's path IS /vol1.

We're using path because this is what the API requires. Note that the CLI also accepts path in addition to volume.

Could you try with /vol/vol1 ?

vol show gives the junction path. Adding '/vol' doesn't do anything. So what's wrong with it?

                               Vserver Name: svm1
                                Volume Name: vol1
                             Aggregate Name: aggr1

List of Aggregates for FlexGroup Constituents: aggr1
List of Nodes Hosting the Volume: cluster1-01
Volume Size: 5GB
Volume Data Set ID: 1032
Volume Master Data Set ID: 2158240340
Volume State: online
Volume Style: flex
Extended Volume Style: flexvol
FlexCache Endpoint Type: none
Is Cluster-Mode Volume: true
Is Constituent Volume: false
Export Policy: svm1_export_policy
User ID: 0
Group ID: 0
Security Style: unix
UNIX Permissions: ---rwxr-xr-x
Junction Path: /vol1
Junction Path Source: RW_volume
Junction Active: true

[ansible@ansible ~]$ cat roles/na_ontap_volume_efficiency/vars/main.yml

vars file for na_ontap_volume_efficiency---

paths:
path1:
svm_name: svm1
path: /vol1
volume_efficiency_schedule: "mon-sun@0"

[ansible@ansible ~]$ cat roles/na_ontap_volume_efficiency/tasks/main.yml

tasks file for na_ontap_volume_efficiency---

path: "{{ rule['value']['path'] }}"

• name: Enable Volume Efficiency
  netapp.ontap.na_ontap_volume_efficiency:
  hostname: "{{ hostname }}"
  username: "{{ username }}"
  password: "{{ password }}"
  https: true
  validate_certs: false
  state: present
  vserver: "{{ rule['value']['svm_name'] }}"
  path: "{{ rule['value']['path'] }}"
  enable_inline_dedupe: no
  enable_inline_compression: no
  enable_compression: no
  enable_data_compaction: yes
  loop: "{{ paths|dict2items }}"
  loop_control:
  loop_var: rule
  tags:
  • create
  • enable

path is different than junction_path. But I don't really know what path is.
I created a volume vol1 with a junction_path /vol1:

vserver    volume junction-path 
---------- ------ ------------- 
ansibleSVM vol1   /vol1 

If I try to enable volume efficiency using /vol1, I get the same error as you reported. But it works using /vol/vol1. This is also how it shows

laurentn-test-create-1::> volume efficiency show vol1 -instance

                                      Vserver Name: ansibleSVM
                                       Volume Name: vol1
                                       Volume Path: /vol/vol1

I can also enable efficiency even if a junction path is not defined.

So this one is a little complicated. The REST for na_ontap_volume_efficiency was written before the rest end point for volume efficiency was created. So it using the CLI passthrough. So path is the volume path
https://docs.netapp.com/us-en/ontap-cli-98/volume-efficiency-start.html#description

I am helping a customer to convert their WFA volume provisioning workflows to Ansible. As part of the Ansible playbook, we are going out to AIQUM to pull existing volume names. Then, we increment the name with the next number. The problem is that if someone runs the playbook twice in a row, it tries to create another volume with the same name, because AIQUM only updates every 15 minutes, and it is not yet aware of the new volume that was created. The nice thing about WFA was that it had it's own database, so it was aware of what it had already done.

Does anyone have any fancy ways to deal with this? I thought about forcing AIQUM to update before running each playbook, but that would really extend the time it takes for the playbooks to run.

You should be able to use the na_ontap_rest_info module https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_rest_info_module.html#ansible-collections-netapp-ontap-na-ontap-rest-info-module

With the gather_subset: storage/volumes and fields: name and that should use the ONTAP rest api to return a list of all volume names on the system.

• name: Get ontap volumes names
  netapp.ontap.na_ontap_rest_info:
  hostname: "1.2.3.4"
  username: "testuser"
  password: "test-password"
  https: true
  fields:
  - 'name'
  validate_certs: false
  use_rest: Always
  gather_subset:
  - storage/volumes

something like that

We could modify na_ontap_volume_efficiency to accept a volume name as parameter when using REST. The ZAPI is what is expecting a path.
(I added a story for this)

I got it working -- thanks all got the great info

Hey Everyone we have release today

ONTAP Collection has been updated to 21.22.0 and is now on Galaxy and Github. (https://galaxy.ansible.com/netapp/ontap)

Cloudmanager Collection has been update to 21.19.0 and is now on Galaxy and Github.
https://galaxy.ansible.com/netapp/cloudmanager

Now that I've found this place, I'm hoping to get answers I can't find through Google. I have a couple of questions around roles, variables, and tags. When building out volumes, one generally creates export policies, then volumes, then set storage efficiencies. Is there a way to point them all to the same vars file. I figure it would be easier when building several volumes at once. Or is this not a good idea? The second is around tags. The playbook will run several roles. Can I specify from *within *the playbook which tag(s) each role is to run?

You can create a role for that. For example we have a role that ship with the collection to create a vserver (Create SVM, FCP, ISCSI, ucadapters, interface, net_routes, dns, cifs server, nfs, export policy). All the var for the role goes in to a single vars files

https://github.com/ansible-collections/netapp.ontap/tree/main/roles/na_ontap_vserver_create

NICE!! Thank's Chris 👍

Yes, the cluster role and the vserver role provide all you need to set up a cluster and a vserver.

For the second question, I did it a bit differently. I use tags to set variables (using set_fact), and then use when:

Hello, i have a stange issue with ansible and the netapp module: na_ontap_volume_efficiency.
Current version from ansible with a python 's venv to reproduce it.

Package Version

ansible 6.2.0
ansible-core 2.13.2

ontap collection version for ansible:
(venv) [testnetapp@localhost venv]$ ansible-galaxy collection list | grep ontap
netapp.ontap 21.21.0
netapp.ontap 21.21.0
(venv) [testnetapp@localhost venv]$

Error with the playbook: ERROR! couldn't resolve module/action 'na_ontap_volume_efficiency'. This often indicates a misspelling, missing collection, or incorrect module path.

Error in this line.

• name: Enable Volume efficiency to the volume
  netapp.ontap.na_ontap_efficiency_policy:

But the module is well here.
(venv) [testnetapp@localhost venv]$ ansible-galaxy collection verify netapp.ontap | grep efficiency
tests/unit/plugins/modules/test_na_ontap_volume_efficiency.py
tests/unit/plugins/modules/test_na_ontap_efficiency_policy.py
plugins/modules/pycache/na_ontap_volume_efficiency.cpython-39.pyc
plugins/modules/pycache/na_ontap_efficiency_policy.cpython-39.pyc
(venv) [testnetapp@localhost venv]$

I if comment the efficiency section no issue.
What is worng with this module and ansible, the others are fine.

Most likely your collection is not installed properly. It is seen by galaxy, but not by ansible. A simple test would be to run
ansible-doc netapp.ontap.na_ontap_efficiency_policy
It will tell you where the module is installed (first line at the top). Though most likely it will not find it. But you can compare with other modules. Or run the playbook with -vvv, it also shows where the module comes from.

Ansible-doc see it:

(venv) [testnetapp@localhost venv]$ ansible-doc netapp.ontap.na_ontap_efficiency_policy
NETAPP.ONTAP.NA_ONTAP_EFFICIENCY_POLICY (/home/testnetapp/venv/lib64/python3.9/site-packages/ansible_collections/netapp/ontap/plugin>
Create/Modify/Delete efficiency policies (sis policies)
ADDED IN: version 2.9.0 of netapp.ontap

But not ansible-playbook;

(venv) [testnetapp@localhost venv]$ ansible-playbook -vvv svmNetappNfs.yml
ansible-playbook [core 2.13.2]
config file = None
configured module search path = ['/home/testnetapp/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/testnetapp/venv/lib64/python3.9/site-packages/ansible
ansible collection location = /home/testnetapp/.ansible/collections:/usr/share/ansible/collections
executable location = /home/testnetapp/venv/bin/ansible-playbook
python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)]
jinja version = 3.1.2
libyaml = True

No config file found; using defaults
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
yaml declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
ini declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Skipping due to inventory source not existing or not being readable by the current user
toml declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

redirecting (type: modules) ansible.builtin.na_ontap_export_policy to netapp.ontap.na_ontap_export_policy
redirecting (type: modules) ansible.builtin.na_ontap_export_policy_rule to netapp.ontap.na_ontap_export_policy_rule
redirecting (type: modules) ansible.builtin.na_ontap_volume to netapp.ontap.na_ontap_volume
redirecting (type: modules) ansible.builtin.na_ontap_volume to netapp.ontap.na_ontap_volume
redirecting (type: modules) ansible.builtin.na_ontap_volume to netapp.ontap.na_ontap_volume
redirecting (type: modules) ansible.builtin.na_ontap_volume to netapp.ontap.na_ontap_volume
redirecting (type: modules) ansible.builtin.na_ontap_volume to netapp.ontap.na_ontap_volume
redirecting (type: modules) ansible.builtin.na_ontap_volume_autosize to netapp.ontap.na_ontap_volume_autosize
redirecting (type: modules) ansible.builtin.na_ontap_volume to netapp.ontap.na_ontap_volume
ERROR! couldn't resolve module/action 'na_ontap_volume_efficiency'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/home/testnetapp/venv/na_ontap_nas_create.tbe/tasks/main.yml': line 149, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

• name: Enable Volume efficiency to the volume
  ^ here

(venv) [testnetapp@localhost venv]$

Could you try to change

- name: Enable Volume efficiency to the volume
  netapp.ontap.na_ontap_efficiency_policy:```
to 

• name: Enable Volume efficiency to the volume
  na_ontap_efficiency_policy:

And see if it makes a difference?

Chris, one last question: where does the global variables file live?

I switched from

• name: Enable Volume efficiency to the volume
  na_ontap_volume_efficiency:
  ==> issue with the module

to

• name: Enable Volume efficiency to the volume
  netapp.ontap.na_ontap_efficiency_policy:
  ==> new issue with the top of the playbook!!!!

.....
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/testnetapp/.ansible/tmp/ansible-tmp-1659984244.8698285-973068-89000231937247/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"cert_filepath": null,
"feature_flags": {},
"from_name": null,
"hostname": "CHANGED_BY-ME",
"http_port": null,
"https": true,
"key_filepath": null,
"name": "CHANGED_BY-ME",
"ontapi": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"state": "present",
"use_rest": "auto",
"username": "CHANGED_BY-ME",
"validate_certs": false,
"vserver": "CHANGED_BY-ME"
}
},

"msg": "Failed to import the required Python library (requests) on localhost.localdomain's Python /home/testnetapp/venv/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"

}

Chris one last question where does the

you need the requests python libaray
pip3 install requests

You can do code blocks in Discord FYI, just makes it a bit easier. https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline-

There are also some nice code highlighting options https://gist.github.com/matthewzring/9f7bbfd102003963f9be7dbcf7d40e51

I may just be having a Monday, but I'm trying to use the na_ontap_rest_info module, and I can't get it to just give me a list of volumes on a cluster. What am I doing wrong here?

---
- hosts: localhost
  collections:
    - netapp.ontap
  gather_facts: no
  vars:
    input: &input
      hostname: "{{ hostname }}"
      username: "{{ netapp_username }}"
      password: "{{ netapp_password }}"
      https: true
      validate_certs: false
  vars_files:
    - variables.yml

  tasks:
  - name: Gather Cluster Information
    na_ontap_rest_info:
      <<: *input
      use_rest: Always
      gather_subset:
        - storage/volumes
      fields:
        - 'name'
    register: netapp_info

  - name: Output Cluster Information
    debug:
      msg: "{{ netapp_info }}"

This gives me output like the following. Shouldn't the "fields" parameter limit this to just the name of the volume?

ok: [localhost] =>
  msg:
    changed: false
    failed: false
    ontap_info:
      storage/volumes:
        _links:
          self:
            href: /api/storage/volumes?max_records=1024&fields=name
        num_records: 44
        records:
        - _links:
            self:
              href: /api/storage/volumes/09364c8f-f226-11ec-9047-00a0989ffb0e
          name: Volume_Name01
          uuid: 09364c8f-f226-11ec-9047-00a0989ffb0e
        - _links:
            self:
              href: /api/storage/volumes/0b1d0dd5-14d2-11ed-9047-00a0989ffb0e
          name: Volume_Name02
          uuid: 0b1d0dd5-14d2-11ed-9047-00a0989ffb0e
        - _links:
            self:
              href: /api/storage/volumes/100a29f0-e293-11ec-abf5-00a0989ffb0e
          name: Volume_Name03
          uuid: 100a29f0-e293-11ec-abf5-00a0989ffb0e

Thanks very much.
With requests package and use the FQCN it's working.

#  na_ontap_volume_efficiency:
  netapp.ontap.na_ontap_volume_efficiency:```

Strange that not work for only "na_ontap_volume_efficiency" although i have this.
```collections:
    - netapp.ontap```

Anyway, I'm happy with the workaround. 
Thanks.

Yes, collections should be enough. But now that you have requests, you could try again without the FQCN. Maybe Ansible was wrongly reporting the issue with requests.

I may just be having a Monday but I m

WIthout the FQCN, it's the same issue.

I think it's a bug in Ansible. In lib64/python3.x/site-packages/ansible/config/ansible_builtin_runtime.yml they have entries like ```
na_ontap_volume:
redirect: netapp.ontap.na_ontap_volume
na_ontap_volume_autosize:
redirect: netapp.ontap.na_ontap_volume_autosize
na_ontap_volume_clone:
redirect: netapp.ontap.na_ontap_volume_clone
na_ontap_vscan:
redirect: netapp.ontap.na_ontap_vscan

but not for autosize.   We'll need to talk to Red Hat.

https://github.com/ansible/ansible/blob/devel/lib/ansible/config/ansible_builtin_runtime.yml

i m new with netapp and working on creating luns with ansible, the command my netapp admin gave includes something called path while there is no option to mention path but there is flexvol_name. are they same? if not do I need to create a flexvol first before creating Lun? any guidance is appreciated.

to use netapp.ontap.na_ontap_rest_info what are the user permissions required

Yes you'll need to create or know the flexvol name before creating a LUN or LUNs inside the flexvol. The Flexvol is a elastic container of space which can have 1 or more LUNs within in. For the path it does look like the LUN module doesn't require it ( https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_lun_module.html#ansible-collections-netapp-ontap-na-ontap-lun-module ). The way a path is defined is per the below.
Path is -

/vol/<flexvol_name>/<lun_name>

So if you created
Volume: vol1
LUN: lun1
it would be -

/vol/vol1/lun1

This is something the netapp admin can see running a CLI command -

lun show -fields path

More info here - https://docs.netapp.com/us-en/ontap-cli-9111/lun-show.html

For netapp.ontap.na_ontap_rest_info ( https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_rest_info_module.html#ansible-collections-netapp-ontap-na-ontap-rest-info-module ) it doesn't explicitly mention permissions but I would expect read-only to work -

username
aliases: user

string

This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level or SVM-level API is required.
For more information, please read the documentation https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/.
Two authentication methods are supported
basic authentication, using username and password,
SSL certificate authentication, using a ssl client cert file, and optionally a private key file.
To use a certificate, the certificate must have been installed in the ONTAP cluster, and cert authentication must have been enabled.

OK

Updating to 9.10 I discovered that when using na_ontap_volume, snaplock stuff moved into this module versus its own standalone.

I'm having an issue with the ISO date formatting, without messing with trial/error, I'm looking to just setup 5d locking currently.
I think what I'm looking at is "p5d", but I'm not 100% sure.

Yes, some snaplock options need to be set on create. This cannot be changed after creation. Yes, P5D looks correct.

can na_ontap_quotas be used to set up blank quota for a volume?

Thanks for the reply. it seems first one is solved. I checked with my Netapp admin, and the user i have has all the permissions. I use "netapp.ontap.na_ontap_info:" and I get warning "TASK [get netapp info] *********************************************************
[WARNING]: The module only supports ZAPI and is deprecated, and will no longer
work with newer versions of ONTAP when ONTAPI is deprecated in CY22-Q4
[WARNING]: netapp.ontap.na_ontap_rest_info should be used instead." but it does give the details i have requested in the playbook. With the same user if i use "netapp.ontap.na_ontap_rest_info" module i get an error *
fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": {"code": "6691623", "message": "User is not authorized."}}
Hence wanted to know if there are any more permissions needed for this particular module to work.

Hi, I'm not sure if this has been discussed on this channel already, but I believe there may be an issue with the latest netapp.ontap collection specifically with the netapp.ontap.na_ontap_ldap_client module. I get a python error (verified on RHEL and Ubuntu running Python 3.6 and 3.10) when using this module. It has been working perfectly until the most recent release

Thanks for the reply it seems first one

is there a module to automate the Admin password of the cluster every quarter for example

na_ontap_user allows you to change the password

Thanks

i did see the module here but i did't see an example of password change in the link https://docs.ansible.com/ansible/latest/collections/netapp/ontap/na_ontap_user_module.html

create is misleading. It can be a modify when the resource already exists.

set_password is what you want.

thanks

Is that Irfan Vahora in the Bay Area?

If so, I need to get you badged up

Yes sir it is

Welcome!

Thanks Nick

That's better 🙂

yes it is better

i like the Badge

Alright.
Back to my snaplock turmoil.

With the Ontap 9.10 changes and most recent collection for Ontap.
It appears the user I had been utilizing with Ansible in the past is no longer authorized to create snaplock volumes.

I'm guessing this is a feature of the snaplock role now?

probably what error are you seeing when you run the playbook?

Unauthorized user.
Was testing with the snaplock system role, then a dedicated ansible role. Both errored with unauthorized user.
Finally YOLO'd the cluster admin user, that worked upsettingly enough... I don't want to use that.

Currently am fighting a new error demon.
"Error: snaplock options are not supported for non_snaplock volume, found: {'retention': {'maximum':p5d, 'minimum': 'p5d''}} "

I'm setting
Snaplock:
Type: compliance
Retention:
Maximum: p5d
Minimum: p5d

Looking at the wiki for the module I'm unsure where I'm missing how to define a snaplock volume

Further than these options

Collection vers: 21.22.0

ya there probably a missing role, not sure which one though.

For the error message just looking at the code, we have a check to error out if other options other than type are sent when not enabling snaplock compliance/compliance, i'll check to see why we have this check

https://github.com/ansible-collections/netapp.ontap/blob/7c0ef884a8c568cc8acbe861ced767d1854bd5d2/plugins/modules/na_ontap_volume.py#L2114
# verify type is the only option when not enabling snaplock compliance or enterprise
if sl_dict and (
(current is None and sl_type == 'non_snaplock') or (current and current['snaplock']['type'] == 'non_snaplock')):
msg = "Error: snaplock options are not supported for non_snaplock volume, found: %s." % sl_dict

Guys,
There is a way to create multiple users with the same characteristics based on an inventory file.

• hosts: localhost
  vars_files: /etc/ansible/variables.yml
  tasks:
  • name: Create User
    netapp.ontap.na_ontap_user:
    state: present
    name: "{{ user }}"
    applications: ssh,console,http,rsh,service_processor,ontapi
    authentication_method: password
    set_password: *******
    lock_user: True
    role_name: admin
    vserver: ontapv
    hostname: "{{ ontap }}"
    username: "admin"
    password: "*******"
    https: true
    validate_certs: false

So, create vol with SL options and then set the dates?

That worked to set the compliance flags

Going to see about how to set the dates now.

Is there any ansible module for aggregate add-disk?
I only find the aggregate create

Yes, you can increase disk_count in na_ontap_aggregate.

Thanks!

And also any module for storage pool create?

No 😦

Hi I got en error when trying to create SVM with subtype:dp_destination
Here is my code:

• name: ..... create SVM "{{ dest_svm_name }}"

  netapp.ontap.na_ontap_svm:

  hostname: "{{ inventory_hostname }}"
  username: "{{ username }}"
  password: "{{ password }}"
  https: true
  validate_certs: false

  state: present
  name: "{{ dest_svm_name }}"
  root_volume: "{{ dest_svm_root }}"
  root_volume_aggregate: "{{ dest_svm_aggr }}"
  subtype: dp_destination

And this is the error:
Cannot specify options other than Vserver name, comment and ipspace for a Vserver that is being configured as the destination for Vserver DR

Error message seems obvious. Have you tried to remove the root_volume and root_volume_aggregate?

Where can I find details for the module "netapp.ontap.na_ontap_rest_info" to use under parameters and fields. What I want is for Storage_Lun i want to filter on LUN name (parameters) and get the naa_id only (fields). Right now I am not able to get only naa_id i can set it to * and it works. I can live with that but I want to filter on name with a wild card. Dont need a solution but a link to get such details is appreciated. In earlier case (without rest module) i used a tool called ZExplorer which gave needed hints to filter. Thanks Abhi

i got the details from api guide

Yes, you need to use the ONTAP REST API documentation, as you found out: https://devnet.netapp.com/restapi.php

@sick sphinx While we don't have a specific module for storage pool, you can still use one of our two generic modules for this purpose:
na_ontap_restit allows to call any ONTAP REST API. If an API exists, this should be the preferred choice when no specialized module exists.
na_ontap_rest_cli allows to call any ONTAP CLI. This is using the REST CLI passthrough, and requires a bit of translation as explained in the docs.

They lack the logic we implement in the specialized modules, like checking a resource already exists, or maintaining idempotency.

@harsh idol ya as Laurent said https://devnet.netapp.com/restapi.php For example if you where trying to use the
gather_subset application/applications
Fields in Ansible are going to be any of the parameter list under the application/application get function that you would pass to the REST Fields parameter

thanks @jaunty girder and @jagged gyro as i mentioned i used API guide. and checked GET Storage/lun, unfortunately naa_id is not available as a parameter. But i can get it when i do a *. This does solve my problem just add a bit of complexity to then filter Lun name and naa_id as my plan is to use them further and create a datastore on esxi host.

- storage/luns or storage_luns_info or lun_info (if serial_number is present, serial_hex and naa_id are computed)

As indicated in the module documentation, naa_id is a computed field. You need to include serial_number in your query.

I am having problems with part of the netapp_ontap_vserver_delete module. A secondary question is when you run the na_ontap_rest_info module, how does one know what parameters are available for the gather_facts and fields available to print?

Here is the code and results.

• name: check REST is enabled and SVM exists
  netapp.ontap.na_ontap_rest_info:
  gather_subset:
  - svm/svms
  parameters:
  name: "{{ vserver_name }}"
  fields: ip_interfaces
  hostname: "{{ netapp_hostname }}"
  username: "{{ netapp_username }}"
  password: "{{ netapp_password }}"
  https: "{{ https }}"
  validate_certs: "{{ validate_certs }}"
  register: results

• name: Print Results
  debug:
  msg: "{{ results }}"

• name: check query succeeded
  assert:
  that: "'num_records' in results.ontap_info['svm/svms']"
  fail_msg: results.ontap_info['svm/svms']

TASK [na_ontap_vserver_delete : check REST is enabled and SVM exists] ************************************************************************************************************
ok: [localhost]

TASK [na_ontap_vserver_delete : Print Results] ************************************************************************************************************
ok: [localhost] => {
"msg": {
"changed": false,
"failed": false,
"ontap_info": {
"svm/svms": "API not found"
}
}
}

TASK [na_ontap_vserver_delete : check query succeeded] ************************************************************************************************************
fatal: [localhost]: FAILED! => {
"assertion": "'num_records' in results.ontap_info['svm/svms']",
"changed": false,
"evaluated_to": false,
"msg": "results.ontap_info['svm/svms']"
}

For the second question, you can use fields: '*' or even fields: '** to explore all the fields that are available. By default, only the key are returned. Beware that ** returns expensive properties and this puts stress on the ONTAP system. Once you know what you want it's more effective and less messy if you only specify the fields you need.
The real answer is to go through the API reference (swagger) at https://devnet.netapp.com/restapi.php

For the first issue, netapp_ontap_vserver_delete is a role, not a module. It's strange to see "API not found" for svm/svms. Which version of ONTAP are you using? The REST modules expect ONTAP 9.6 or later, and we just added a check for 9.6 in na_ontap_rest_info, but it's not released yet.

i used fields:
- '*' and then using json_query to extract the info i need.

This is what I do, I'm a big fan of json_query, and there is a good tutorial at https://jmespath.org/tutorial.html
Though once you know which fields you need, I would recommend to replace '*' with a list of fields. It lightens the load on ONTAP, it helps with documentation as the fields are explicitly listed in the play, it will raise an error if the field is not supported by the current version of ONTAP, and it reduces clutter in the logs.

Well, that sucks. Right now I'm in a lab environment with the NetApp simulator. The latest ISO file you can get for VMware is 9.5. I'll have to work around it. Thanks for the tutorial link.

The role should actually have failed if the version is < 9.7.

Is there a way of modifying the qos_policy on a qtree via Ansible, or do I need to use the restit module (it is available the rest api) - as it doesn't appear to be part of the na_ontap_qtree module at least not in the docs.

Hi Guys

Does anyone know why na_ontap_rest_cli returns "node" instead of command output ? I tried other commands and same result occurred.

- name: run ontap rest cli command
  netapp.ontap.na_ontap_rest_cli:
    hostname: "{{ cluster_fqdn }}"
    username: "{{ username }}"
    password: "{{ password }}"
    command: 'version'
    verb: 'GET'
    https: true
    validate_certs: true
    use_rest: Always
  register: rest_cli2
  environment:
- debug: var=rest_cli2```


log:

ASK [ansible_nas_r_svm : debug] ***********************************************
ok: [localhost_py3] => {
"rest_cli2": {
"changed": true,
"failed": false,
"msg": {
"num_records": 1,
"records": [
{
"node": "glchst-nd01-01"
}
]
}
}
}```

call the fields you are interested as default version just return node names

• name: run ontap rest cli command
  netapp.ontap.na_ontap_rest_cli:
  command: 'version?fields=version'
  verb: 'GET'
  use_rest: Always
  <<: *clusterlogin
  register: rest_cli2
  • debug: var=rest_cli2

"records": [
{
"node": "cluster1-01",
"version": "NetApp Release Metropolitan__9.11.1: Wed Apr 27 01:48:31 UTC 2022"
},
{
"node": "cluster1-02",
"version": "NetApp Release Metropolitan__9.11.1: Wed Apr 27 01:48:31 UTC 2022"
}

it helped, thanks @sinful hinge !

no, we don't have this at present. Would it be enough to only support a policy name? Yes, restit would be the way to do it for now.

thanks - I think for my customer the policy name only would be fine, since they want to create the policy first. I am getting them to use restit for now.

thanks @jagged gyro ,Yes I am using json query now and exporting the required details. Also in the lab I figured the rights needed for the user. Created a Role with /api Read-Only rights and a user with Application HTTP and ONTAPI.

Hi all. I messed up my simulator and had to reinstall, but for the life if me I can't figure out where the original licenses came from and can't find them. Any ideas what to do?

Hi all I messed up my simulator and had

Hi all, having an issue with Job Schedule module. Get this error.msg: |-
The task includes an option with an undefined variable. The error was: ‘dict object’ has no attribute ‘job_days_of_week’.# ansible --version
ansible [core 2.13.2]
config file = /root/CSG_Ansible/CSG-ONTAP-Setup-V2/ansible.cfg
configured module search path = [‘/root/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/local/lib/python3.10/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.5 (main, Jul 28 2022, 23:35:10) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15)]
jinja version = 3.1.2
libyaml = True

could you run the playbook with -vvv and send us the output

TASK [na_ontap_cluster_policies : CRON_Schedule_create] ***********************************************************************
fatal: [localhost]: FAILED! =>
msg: |-
The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'job_days_of_week'

The error appears to be in '/root/CSG_Ansible/CSG-ONTAP-Setup-V2/roles/na_ontap_cluster_policies/tasks/main.yml': line 16, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: CRON_Schedule_create
  ^ here

that's it. -vvv doesn't expand upon it.

this is the play.

• name: CRON_Schedule_create
  netapp.ontap.na_ontap_job_schedule:
  state: present
  name: jobName
  job_minutes: '{{ item.job_minutes }}'
  job_hours: '{{ item.job_hours }}'
  job_days_of_week: '{{ item.job_days_of_week }}'
  job_months: '{{ item.job_months }}'
  job_days_of_month: '{{ item.job_days_of_month }}'
  hostname: "{{ netapp_hostname }}"
  username: "{{ netapp_username }}"
  password: "{{ netapp_password }}"
  with_items: '{{ CRON_Schedule_create }}'
  when: CRON_Schedule_create is defined and CRON_Schedule_create != None

from the .py doc in the library.

job_days_of_week:
version_added: 2.8.0
description:
- The day(s) in the week when the job should be run.
Job Manager cron scheduling day of week.
- Zero represents Sunday. -1 represents all days of a week.
Range is [-1..6]
type: list
elements: int

Can you run the following , and return the output

carchi@carchi-mac-1 ~ $ ansible-galaxy collection list | grep ontap
netapp.ontap 21.23.0
netapp.ontap 21.15.1

[root@localhost CSG-ONTAP-Setup-V2]# ansible-galaxy collection list | grep ontap
netapp.ontap 21.21.0
netapp.ontap 21.20.0
netapp.ontap 21.22.0

got it figured out. thanks. basically I had one of the variables set wrong.

nope. was wrong. didn't fix it. same error

so interestingly enough, I went and commented out job_days_of_week and the pulled the same error for job_months, job_days_of_month and job_hours. so it might be the whole module?

• name: CRON_Schedule_create
  netapp.ontap.na_ontap_job_schedule:
  state: present
  hostname: "{{ hostname }}"
  username: "{{ username }}"
  password: "{{ password }}"
  name: '{{ item.job_name }}'
  job_minutes: '{{ item.job_minutes }}'
  job_hours: '{{ item.job_hours }}'
  job_days_of_week: '{{ item.job_days_of_week }}'
  job_days_of_month: '{{ item.job_days_of_month }}'
  job_months: '{{ item.job_months }}'
  https: true
  validate_certs: false
  use_rest: always
  with_items: '{{ CRON_Schedule_create }}'
  when: CRON_Schedule_create is defined and CRON_Schedule_create != None

the part to use_rest: always or never doesn't change the error either.

Something seem off can you run a playbook with -vvv with the following and add your hostname, username, password, https, and validate_certs variables to it and running

  na_ontap_rest_info:
    gather_subset:
    - cluster/nodes
    max_records: 1024
    use_python_keys: yes

sure. will do.

@signal drum and i recommend asking here as slack will get locked at the end of the month

I asked in both to see if I'd get responses either place...

• name: rest test
  netapp.ontap.na_ontap_rest_info:
  state: present
  hostname: '100.68.216.152'
  username: 'admin'
  password: 'XXXXXXXXXX'
  gather_subset:
  - cluster/nodes
  max_records: 1024
  use_python_keys: yes
  https: true
  validate_certs: false

ERROR! 'netapp.ontap.na_ontap_rest_info' is not a valid attribute for a Play

Ok that wrong....
I think there is something wrong with the collection you have install on your system. Either files are missing or something

I would force install it again

ansible-galalxy collection install netapp.ontap -f

And make sure ansible configuration is pointing to the one that was installed.

k thanks. I'll give that a try.

the issue has to do with job_days_of_week: '{{ item.job_days_of_week }}' Running the play with -vvv should give you the contents of item. Most likely item does not have a job_days_of_week attribute. Note that the error is reported on the play, not on the module.

I fixed it. it was the varibles.

had to have the task have a bit of logic to pass by. I added this and it worked. job_days_of_week: '{{ item.days_of_week if item.days_of_week is defined else omit }}'

I did not know you could do this. I use {{ item.days_of_week | default(omit) }} but I like the if/else.

the difference in the policy was that some used days or months and such and either entries were different or didn't have any, so if it was basically not used, it needed to be skipped, outside the task when and with_items.

Hey Ansible experts, if someone has a minute or two, we have a customer query in our Community Forum that could use your advice please, https://community.netapp.com/t5/Software-Development-Kit-SDK-and-API-Discussions/Ansible-Ontap-not-reachable-when-running-the-playbooks/td-p/437640

Answered.

Ansible expects a Linux OS when using plain SSH. This is not the case for ONTAP. We are providing a set of Ansible modules that are using ONTAP REST APIs or ZAPIs for older systems. These APIs are running over HTTPS. The collection is netapp.ontap and is available through Ansible Galaxy.

Thanks Laurent, I learnt something from your response. Appreciate it.

Hey ansible experts, anyone might be able to take a look at this? 😃
https://github.com/ansible-collections/netapp.ontap/issues/97

REST does not support workgroup. I don't know of a work-around to not use workgroup. Or you could use the na_ontap_rest_cli module to emulate the CLI command..

ok... i think i need a bit more ansible background... book recommendations?

I think a good place to start is Ansible documentations. They have a pretty good, deep, overview on how thing works and how to set thing up
https://docs.ansible.com/ansible/latest/user_guide/index.html#table-of-contents

yeah, that's not doing it for me so far

i'm fighting with parsing *rest_info into "usable" variables

Ahh ok. For our the rest_info here the documantion https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_rest_info_module.html#ansible-collections-netapp-ontap-na-ontap-rest-info-module

but ever better than that let me give you an example

Here an example playbook. to make it parseable in a playbook you need to make sure use_python_keys is set to yes

` - name: run Ontap gather facts for vserver info
na_ontap_rest_info:
gather_subset:
- cluster/nodes
max_records: 1024
use_python_keys: yes
register: node_info

- name: Print return information from the previous task
  ansible.builtin.debug:
    var: node_info.ontap_info.cluster_nodes

- name: Print return information from the previous task
  ansible.builtin.debug:
    msg: "{{ item.name}}"
  with_items: "{{node_info.ontap_info.cluster_nodes.records}}"`

The first play in this playbook register the results for rest info in a variable called node_info so that you can use it later in the playboo
TASK [run Ontap gather facts for vserver info] ******************************************************************************************** ok: [localhost]

The second play print the node_info.ontap_info.cluster_nodes

1 of the variable that was stored in node_info variable
TASK [Print return information from the previous task] ************************************************************************************ ok: [localhost] => { "node_info.ontap_info.cluster_nodes": { "_links": { "self": { "href": "/api/cluster/nodes?max_records=1024&fields=" } }, "num_records": 1, "records": [ { "_links": { "self": { "href": "/api/cluster/nodes/20f6b3d5-45fd-11ec-95ea-005056b3b297" } }, "name": "ontap910-01", "uuid": "20f6b3d5-45fd-11ec-95ea-005056b3b297" } ] } }

And the last play is a for loop that print out the name of each cluster_node that was saved (since i only have one cluster) it only loops ones

TASK [Print return information from the previous task] ************************************************************************************ ok: [localhost] => (item={'uuid': '20f6b3d5-45fd-11ec-95ea-005056b3b297', 'name': 'ontap910-01', '_links': {'self': {'href': '/api/cluster/nodes/20f6b3d5-45fd-11ec-95ea-005056b3b297'}}}) => { "msg": "ontap910-01" }

What use_python_keys: yes will do is convert the gather_subset from cluster/nodes to cluster_nodes replaces the / with a _ so that it parseable in ansible

Does that help?

You can start by reading about Ansible filters in the Ansible documentation. But for anything a bit involved, I would recommend json_query - it's one of the filters - which relies on jmespath. It's quite a steep learning curve IMHO, but worth it. And there is a good interactive tutorial at: https://jmespath.org/tutorial.html

Yeah, it's basically this json output that is hard to rangle into a simple namespace... if I want to print just the node names, i can't just easily print $your_set_fact.ontap_info.cluster_nodes.name ... i have to massage this mess of json output to get to a named field in the output. I will probably have to use json_query and other pythonisms to get to this... Even PowerShell gets this done better

I understand that. Just to give some back ground on why it done this way.

Each gather_subset calls their corresponding get function in the rest api. and each get function can return there output in slight different formats. So what we did was the follow each gather subset return the straight Json the rest get returns

For example if you had the following

- name: run Ontap gather facts for vserver info
  na_ontap_rest_info:
    gather_subset:
    - cluster/nodes
    - cluster/jobs
    max_records: 1024
    use_python_keys: yes
  register: node_info

Your ontap_info would have 2 element in it node_info.ontap_info.cluster_nodes -- this would return the Json give by this rest api https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/cluster/nodes_get
node_info.ontap_info.cluster_jobs -- this would return the json given by this rest api https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/cluster/job_collection_get

We also have two examples in https://github.com/ansible-collections/netapp.ontap/tree/main/playbooks/examples/json_query and the vserver delete role is also using json_query in the get_xxx tasks.
https://github.com/ansible-collections/netapp.ontap/tree/main/roles/na_ontap_vserver_delete

good day, I am looking to set the 'preferred-dc' in active directory config. Currently using the ontap_command module but this is not a long term solution. Is there another way currently? Can this flag be added to the netapp.ontap.na_ontap_active_directory module?

Currently there is no Active Directory support in REST, at least for the command we use today. Let me talk with the ONTAP team and see if there a different way they are doing this today.

I don't want to belabor the point to much since I doubt it's going to make any difference, but if you get a json formatted output, then "slightly different formats" doesn't make so much sense. json is a hierarchial output that would seem to be deterministically mappable to a namespace ... as in $my_setfact.ontap_info.cluster_node_info.$useful_json_structure_variables , for example... $my_setfact.ontap_info.cluster_node_info.name or .model or .controller ... without having to grok the json on an individual basis. The idea of "we give you the json" is not really the win you think it is, imho

those would seem to be links to netapp internal resources

Sorry, I meant to point to GitHub. I fixed the links.

What i mean by that is this. module support every get in the REST api (https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html) each get return data differently, some have records that return list of records, some have a single item.
We also allow users to specify the exact fields that the rest api will return. You might want name, or model. Greg might only want the UUID. Bob might only want severice_processor.type because of this the Json that is return will not have the same fields for each user, we can't assume something like name will be in every return. Yours would have name and model, but Greg and Bob won't.

If I use na_ontap_rest_cli or na_ontap_rest_info for snapmirror information , both return lagtime in this format ("lag_time": "P689DT13H57M44S","lag_time": "PT3H56M20S","lag_time": "PT55M19S") is there a way to convert these to seconds

It would interesting to see if Ansible has a filter for a duration: https://en.wikipedia.org/wiki/ISO_8601#Durations

I’m a fan of ISO 8601. I just wish the Excel devs were too 😞

eh eh

TASK [set_fact] ********************************************************************************************************************************************************************************************************************
ok: [localhost] => {"ansible_facts": {"input": "P689DT13H57M44S", "out": "59579864.0"}, "changed": false}

TASK [set_fact] ********************************************************************************************************************************************************************************************************************
ok: [localhost] => {"ansible_facts": {"input": 59579864, "out": "P689DT13H57M44S"}, "changed": false}

TASK [set_fact] ********************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "iso_duration_to_seconds - error: Unable to parse duration string 'dummy' - expecting PnnYnnMnnDTnnHnnMnnS, received: dummy"}
...ignoring

TASK [set_fact] ********************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "iso_duration_from_seconds - error: unsupported type for timedelta seconds component: str - received: dummy"}
...ignoring

Again, no one can expect the impossible, but populating existing fields seems doable, for the non-defined fields, nothing is pushed into the name space, and operations requesting undefined fields return some intelligible ENOTDEFINED message. As far as cluster and nodes go, most will be defined unless one is running a sim

Hello folks. Anyone managed to run ansible playbooks in AWS ? Our first thought was running it in a lambda container, but because of ansible requirement of /dev/shm that doesn't work, I'm looking for alternatives

Hi Guys

Just FYI. I noticed one problem with na_ontap_info and the net_interface_info subsection. When you have two interfaces in two different SVMs and they use the same name (common on SVM-DR target clusters), the module returns only one interface. When I have some time I will rewrite the code to use na_ontap_rest_info which doesn't have this problem.

Thank you @jaunty girder . how would be used for multiple clusters to get required output. i have idea on json_query but looking any easy way over here. Thank you

You would have to do a loop with hostname

I was able to run Ansible playbooks in AWS against an ONTAP FSxN instance. I created an EC2 instance to be able to reach the ONTAP network interface. I'm sure there are other ways. We running Ansible in docker images for instance.

Yes, it's a bug in the module. It should have keyed the interface info to svm_name and interface_name. It's currently only using the interface_name. I'll create a story for this.

Thank you

this might be a useable example: https://github.com/NetApp-Automation/ansible/blob/main/ontap/single_volume_used_free_total_space_report.yml

I had gone through it but my playbook have json_query for multiple clusters where this example not working

yeah, i got nothin... perhaps na_ontap_rest_info would get you better default output... but the rolling "fact gathering" module breakage isn't fun to watch...

What breakage is this?

🎉🎉 ONTAP collection 21.23.0 is now available on Galaxy (https://galaxy.ansible.com/netapp/ontap)
And release notes are on Galaxy (https://github.com/ansible-collections/netapp.ontap)

🥂

it is bit tricky for me how to convert size from bytes to GB where it is part of jsaon_query format. Need your assistance

Our team supports the modules, we don't help with playbooks. This is where the community should jump in.

@magic wave You can create custom filter and use it inside playbook. I have created a sample filter for you called to_gb

to_gb.py
class FilterModule(object):
def size_to_gb(self,volume_dict):
for i in volume_dict:
for j in (volume_dict[i]):
j['size'] = round(j['size']/1024/1024/1024,2)
j['used'] = round(j['used']/1024/1024/1024,2)
return volume_dict

def filters(self):
return {
'to_gb': self.size_to_gb
}

Use it inside playbook:
- set_fact:
volumes: "{{ volumes|default({}) | combine( {item.item: item | json_query(get_attrs)} ) | **to_gb **}}"

output
TASK [volume size and utilize list] *********************************************************************************************************************************

ok: [localhost] => {
"volumes": {
"xxx.xxx.xxx.xxx": [
{
"percent_used": 39,
"size": 22.0,
"svm": "svm1",
"used": 0.0,
"volume": "vol0"
}
]
}
}

na_ontap_gather_facts -> na_ontap_info -> na_ontap_rest_info ... these are, of course, announced changes, but they really don't help give the impression of a stable interface ... rest_info is so fundamentally different from info that it requires total rewrites

Thank you @pine harness . it helps for my script issue.

Does anyone have a playbook to create a directory on a volume?

na_ontap_gather_facts and na_ontap_info was just a rename that Redhat required. These are based off the ONTAPI (Zapi) API. Which ONTAP team will be removing from ONTAP In future version (https://mysupport.netapp.com/info/communications/ECMLP2880232.html)

Na_ontap_rest_info is based off the REST API that was introduced in 9.6 as the replacement ONTAP (ZAPI). And is based off the REST GET functions documented here. https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html

Unfortunately, the output between the 2 API are very different. So we made a choice to have these are two separate modules.

Hi Folks

I'm currently facing an issue using the netapp-ontap collection during the cluster setup process. As described previously here: https://github.com/ansible-collections/netapp.ontap/issues/98, we tried to create a cluster_mgmt interface. My customer tested the recommendation from Ionico, however we recieved instead this error message:

```"msg": "Error creating interface cluster_mgmt: calling: network/ip/interfaces: got {'message': 'failed to set field "svm" to "default"', 'code': '2'}."````

Any ideas what we did wrong?

They should not have a value for vserver.

Either omit vserver: from the playbook, or leave it empty.

We tried with removing the vserver from the playbook. However, after removing we got the error message above: failed to set svm to default

ok, a final follow-up, then I have better things to do:

1. The people that do the work get to decide how it's done. Not much will change this anywhere.
2. If "gather_facts" was documented as a protected name by RH, then the error is on NetApp, otherwise RH. This happens. Still isn't helpful
3. the *_info -> rest_info decision is the most problematic. If one sees Ansible as a 5GL, then backend complexity is supposed to be taken care of on lower levels and not passed on to users. This has consequences for everyone that used *_info and for everyone using the myriad of examples online that aren't being updated to use *_rest_info. Those "just starting" are naively being led down the path to a soon-to-be deprecated module. Time to fix the examples, articles, etc.
4. I get the fact that the Ansible devs probably have very little input into the REST api design and that the 2 api's are very different, but kicking this down the road to the 5GL users just seems not quite right.
5. *_rest_cli also suffers from most of the same problems, also seems to lack clear guidence to what is a "paramenter:" and what is "body:"

Hi shamziman,
I think you mixing some things up.

I was not asking about gather_facts or something similar. I/we were facing issues with na_ontap_interface in combination of the cluster management lif creation, when the cluster is in a vanilla state.

I totally understand that you have to to some other stuff (like wo do most of the time :)). But it seems that I am something missing or there is a flunky behaviour during setup

I would need to see the playbook, and a trace with -vvv to see what parameters are sent to the module. We don't use default internally.

Sure, will do that - I will let you know. Thanks!

I just want to respond to a few point
2. Remember this is open source, which mean not everything was added by us. Redhat contributed, reviewed and merged na_ontap_gather_fact in ansible 2.7. .(https://github.com/ansible/ansible/blob/stable-2.7/lib/ansible/modules/storage/netapp/na_ontap_gather_facts.py). Redhat also change the naming policy in 2.9 and contributed and merged that change as well. https://github.com/ansible/ansible/pull/60980 .
3,4. I understand the pain. And we agree with that to a point. For the last 2 year we've updated all 100+ modules to work as seamlessly as possible between the 2 API. But there a few modules where there are fundamental changes between ZAPI and REST that makes that impossible, to make a seamless module. And in those cases we decided to have separate modules for REST and ZAPI that are documented in our Read me

- hosts: localhost
  tasks:
   - name: Create a 2 node cluster
     netapp.ontap.na_ontap_cluster:
       state: present
       cluster_name: cluster1
       hostname: 192.168.1.1
       username: admin
       password: netapp11
       validate_certs: false
   - name: Join node
     netapp.ontap.na_ontap_cluster:
       state: present
       cluster_ip_address: 169.254.94.108
       username: admin
       password: SuperSecretPass
       hostname: 192.168.1.1
       validate_certs: false
   - name: Remove Broadcast domains
     netapp.ontap.na_ontap_broadcast_domain:
       state: absent
       name: "{{ item }}"
       hostname: 192.168.1.1
       username: admin
       password: SuperSecretPass
       validate_certs: false
       ipspace: Default
     loop:
       - Default-1
       - Default-2
       - Default-3
       - Default-4
       - Default-5
       - Default-6
       - Default-7
       - Default-8
   - name: Create management lif
     netapp.ontap.na_ontap_interface:
       state: present
       interface_name: cluster_mgmt
       home_port: e0M
       home_node: cluster1-01
       is_auto_revert: true
       service_policy: default-management
       hostname: 192.168.1.1
       username: admin
       password: SuperSecretPass
       validate_certs: false
       address: 1.2.3.4
       netmask: 255.255.255.0
       ipspace: default```

NoneType: None
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"address": "192.168.10.1",
"admin_status": null,
"cert_filepath": null,
"current_node": null,
"current_port": null,
"data_protocol": null,
"dns_domain_name": null,
"failover_group": null,
"failover_policy": null,
"failover_scope": null,
"feature_flags": {},
"firewall_policy": null,
"force_subnet_association": null,
"from_name": null,
"home_node": "cluster1-01",
"home_port": "e0M",
"hostname": "1.2.3.4",
"http_port": null,
"https": false,
"ignore_zapi_options": [
"force_subnet_association"
],
"interface_name": "cluster_mgmt",
"interface_type": null,
"ipspace": "default",
"is_auto_revert": true,
"is_dns_update_enabled": null,
"is_ipv4_link_local": null,
"key_filepath": null,
"listen_for_dns_query": null,
"netmask": "255.255.255.0",
"ontapi": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"protocols": null,
"role": null,
"service_policy": "default-management",
"state": "present",
"subnet_name": null,
"use_rest": "auto",
"username": "admin",
"validate_certs": false,
"vserver": null
}
},
"msg": "Error creating interface cluster_mgmt: calling: network/ip/interfaces: got {'message': 'failed to set field "svm" to "default"', 'code': '2'}."
}```

There are 2 issues:

1. ipspace value is misspelled, it should be Default
2. there is a bug in ONTAP. it reports the error on svm while it should have said ipspace.

hello! working on a play and finding some weirdness with the netapp.ontap.na_ontap_aggregate module. it is not able to find the aggregate associated with the from_name, and thus can't rename it to the intended name. What's also weird is the error is misleading: "msg": "Error renaming aggregate "name": no aggregate with from_name "from_name" (just replaced our internal names with respective params). Would think that should read the opposite.

Could you show us the play book

    - name: Rename cluster root aggregate A
      tags: rename_root_agg
      netapp.ontap.na_ontap_aggregate:
        state: present
        hostname: "{{ cluster_mgmt }}"
        service_state: online
        from_name: "{{ from_name }}"
        name: "{{ name }}"
        <<: *login

ignore the improper tag formatting lol

We should update the message to say: "Error renaming aggregate to "name". But that's cosmetic. We really can't find the aggregate.

Gotcha. Zapi and CLI work though.

Most likely the issue is that REST is not allowing access to "system" resources. The root aggregate is not visible.

Hm, that may be it. I'll check the permissions.

Not a permission issue. This is a design decision by the REST team.

Oh I see

So not a r/o thing our side.

No. The objective is to simplify ONTAP management. And to keep hidden some stuff that should not matter.

So "root" stuff, cluster vserver, ... have been eliminated or made invisible.

so i could still attack this programmatically with the private cli endpoint?

trying to keep things REST for future sense

Yes. But if they decided to hide it, you may wonder if it is necessary to configure it.

Good point. We may need to rework our process. Either way, thank you for your help!

This might be a workaround with 9.11.1 - the root aggregates show up with GET /storage/disks so query on the aggregates.name field and store the returned uuid. Then use PATCH /storage/aggregates/{uuid} with a body containing {"name": "newaggregatename"}

I successfully renamed the root aggreate in Swagger

...so maybe add an 'is_root_aggregate' parameter to na_ontap_aggregate to work out a rename ?

...or do it "behind the scene" if it's 9.11 ? };o)

Hi, I plan to use certificate to authenticate in ansible, instead of password. I can use my company's internal root key to sign my certificate and then be able to just install my company's root public key to the netapp cmode cluster and it works. However, I want to make it more secure, because netapp only authenticate through CN, someone else can forge a certificate with same CN and signed by root key.

When we configure type client-ca certificates to allow access to filer, netapp filer uses the common name (CN) to match the
certificate that comes in. For example, harvest server needs a certificate with common name (CN) of "harvest" for example, and a
user named "harvest" has to exist with proper role to grant access to the filer.

My question is: besides matching the CN, does
netapp have other way to restrict the certificate? Example: subject, organization.

Thanks,

has anyone upgraded from Ansible Tower to AAP and setup Execution Environments ? are there any tricks to spin up a NetApp EE ?

@sacred cloud good timing. WE just pushed out the EE yml file for our collection yesterday. It will be part of our next collection release.

To build the EE cd in to the meta directory and bun ansible-builder build and it will build the EE for you

https://github.com/ansible-collections/netapp.ontap/tree/main/meta

(venv) carchi@carchi-mac-1 meta (master) $ ls execution-environment.yml runtime.yml (venv) carchi@carchi-mac-1 meta (master) $ ansible-builder build Running command: docker build -f context/Dockerfile context Complete! The build context can be found at: /Users/carchi/code/ansible_collection_ontap/ansible_collections/netapp/ontap/meta/context (venv) carchi@carchi-mac-1 meta (master) $

@unkempt sedge do you happen to have any update on getting versioning options in the StorageGrid ansible module?

Hello all. Before I go into detail, I would like to know if there are people here familiar with the NetApp simulator on ESXi. I'm having trouble upgrading it. I upgrade to 9.7 and it looks good, but on reboot vol0 gets corrupted.

If any Ansible experts has a minute or two, we have a Community Forum question that needs your attention - https://community.netapp.com/t5/ONTAP-Discussions/Netapp-Ansible-Module-netapp-ontap-na-ontap-export-policy-rule/td-p/438320

Hey @dim hemlock you're in the #╭・ansible🔒 channel, so might not be the best place to ask your query. Try #╰・software

I should also add we do have a ONTAP Simulator section on our Community Forum that some of the ONTAP Simulator folks look at - https://community.netapp.com/t5/Simulator-Discussions/bd-p/simulator-discussions

Hello,
I’ve migrated some ansible playbooks from ZAPI to REST.

Collections used are netapp.ontap 21.23.0

Storage server is 9.11.1P1

I’am missing some information for snapshots and cifs shares when switching from na_ontap_info to na_ontap_rest_info, na_ontap_restit, and even ansible uri using bare REST API.

These informations were reported by ZAPI.

For snapshots, the missing fields are:

`- access_time

• expiry-time
• total
• busy
• cumulative-percentage-of-total-blocks
• cumulative-percentage-of-used-blocks
• percentage-of-total-blocks
• percentage-of-used-blocks`

When trying to fetch these fields, I’ve used:

- name: Get NetApp info1 netapp.ontap.na_ontap_rest_info: <<: *login use_rest: Always fields: - '*' - 'size' - 'volume' - 'create_time' - 'expiry_time' - 'state' - 'snaplock_expiry_time' #- 'busy' # Fails 😦 gather_subset: - storage/volumes/snapshots owning_resource: volume_name: "{{ item }}" svm_name: "vs_{{ target }}" with_items: "{{ ontap_info_vol }}" register: ontap_info

Though expiry_time is accepted as an attribute, it is not reported in the output.

I also tried with restit :

- name: Use ONTAP REST module netapp.ontap.na_ontap_restit: <<: *login #api: storage/volumes/2737834b-e246-11ec-b4e2-d039ea02f1ae/snapshots api: storage/volumes/2737834b-e246-11ec-b4e2-d039ea02f1ae/snapshots/54916565-97a9-4b0f-b2b9-7529c5d41e10 query: fields: volume,create_time,expiry_time,snaplock_expiry_time register: result

The field expiry_time is accepted but neither reported.

I also tried with Ansible uri :

- name: Direct API call on snapshot uri: url: "https://{{ nas_hostname }}/api/storage/volumes/2737834b-e246-11ec-b4e2-d039ea02f1ae/snapshots/54916565-97a9-4b0f-b2b9-7529c5d41e10" method: GET user: "{{ nas_username }}" password: "{{ nas_password }}" attributes: 'access_time,expiry_time,volume.name' validate_certs: false no_log: false register: result

It is also accepted by the REST API using ansible uri module. But it is also not reported.

My question is should the field value be reported as an attribute ?
Is it a WIP state ?

I've the same question for the list of above snapshot fields which were reported by ZAPI

These are :

`- access_time

• expiry-time
• total
• busy
• cumulative-percentage-of-total-blocks
• cumulative-percentage-of-used-blocks
• percentage-of-total-blocks
• percentage-of-used-blocks`

Regarding the same issue for cifs shares using REST API, I miss the following fields which were reported by ZAPI:

- browsable

- show_previous_versions

Excellent. Thanks @low osprey

So they need a play for each rule.

So something like

• name: Create ExportPolicyRule
  netapp.ontap.na_ontap_export_policy_rule:
  state: present
  name: xpression
  rule_index: 101
  vserver: vserver1
  client_match: lx034,lx035,lx1260
  ro_rule: any
  rw_rule: any
  protocol: nfs,nfs3,nfs4
  super_user_security: any
  anonymous_user_id: 65534
  allow_suid: true
  ntfs_unix_security: ignore
  hostname: 10.1.1.1
  username: "admin"
  password: "password"
  validate_certs: "false"
  https: "true"
• name: Create ExportPolicyRule
  netapp.ontap.na_ontap_export_policy_rule:
  state: present
  name: xpression
  rule_index: 102
  vserver: vserver1
  client_match: lx034,lx035,lx1260
  ro_rule: any
  rw_rule: any
  protocol: nfs,nfs3,nfs4
  super_user_security: any
  anonymous_user_id: 65534
  allow_suid: true
  ntfs_unix_security: ignore
  hostname: 10.1.1.1
  username: "admin"
  password: "password"
  validate_certs: "false"
  https: "true"

or if everything the same except the rule index then a loop

• name: Create ExportPolicyRule
  netapp.ontap.na_ontap_export_policy_rule:
  state: present
  name: xpression
  rule_index: "{{ item }}
  vserver: vserver1
  client_match: lx034,lx035,lx1260
  ro_rule: any
  rw_rule: any
  protocol: nfs,nfs3,nfs4
  super_user_security: any
  anonymous_user_id: 65534
  allow_suid: true
  ntfs_unix_security: ignore
  hostname: 10.1.1.1
  username: "admin"
  password: "password"
  validate_certs: "false"
  https: "true"
  loop:
  • 101
  • 102

there more info on loops here https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#standard-loops

I'm able to recreate this. If i curl the API it self i also get the same results. So it the REST API that doing this. So this is probably a question for #┊・ontap-api

Looking a little deeper in this. I think what happens is any fields that is NULL in ONTAP in this case - in the command below, will not be listed in the REST API at all.

`laurentncluster-2::> volume snapshot show -vserver ansibleSVM -volume carchitest hourly.2022-09-16_0305

                          Vserver: ansibleSVM
                           Volume: carchitest
                         Snapshot: hourly.2022-09-16_0305
                    Creation Time: Fri Sep 16 03:05:00 2022
                    Snapshot Busy: false
                   List of Owners: -
                    Snapshot Size: 136KB
       Percentage of Total Blocks: 0%
        Percentage of Used Blocks: 11%
                          Comment: -
                  7-Mode Snapshot: false
  Label for SnapMirror Operations: -
                   Snapshot State: -
             Constituent Snapshot: false
                      Expiry Time: -
             SnapLock Expiry Time: -

`

You can see the feilds that are - are missing in the GET json from rest
sion_uuid": "c2f66ffa-3155-4d13-8c23-f013f67628ac", "volume": { "_links": { "self": { "href": "/api/storage/volumes/f3c003cb-2974-11ed-b2f8-005056b38dae" } }, "name": "carchitest", "uuid": "f3c003cb-2974-11ed-b2f8-005056b38dae" } }, { "_links": { "self": { "href": "/api/storage/volumes/f3c003cb-2974-11ed-b2f8-005056b38dae/snapshots/c2f66ffa-3155-4d13-8c23-f013f67628ac" } }, "create_time": "2022-09-16T03:05:00-07:00", "name": "hourly.2022-09-16_0305", "provenance_volume": { "uuid": "f3c003cb-2974-11ed-b2f8-005056b38dae" }, "size": 815104, "svm": { "_links": { "self": { "href": "/api/svm/svms/86a6bfbb-1db2-11ed-b2f8-005056b38dae" } }, "name": "ansibleSVM", "uuid": "86a6bfbb-1db2-11ed-b2f8-005056b38dae" }, "uuid": "c2f66ffa-3155-4d13-8c23-f013f67628ac", "ver

Yes, this the REST behavior, fields with an empty value are not returned

The field "Percentage of Total Blocks" is not null. But it is not reported.

Wouldn't it mean that the field is just not reported by the API.

The strange thing is that it can be used as a filter while not being reported.

I'm looking at the API we call for that subset. I don't see that as a field the REST api returns. https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/storage/snapshot_collection_get

I think expiry_time falls in the bucket of fields that are not reported when empty. I don't see Percentage of Total Blocks in swagger. The ZAPI to REST mapping shows that there is no REST equivalent for this field.

I did some more tests.

I realized that the below playbook does not set the expiry_time anymore, since we upgraded collecttion or Ontap.

• name: modify SnapShot
  netapp.ontap.na_ontap_snapshot:
  <<: *login
  vserver: "vs_{{ target }}"
  volume: "{{ volumename }}"
  snapshot: "{{ snapname }}"
  expiry_time : "{{ expiry_time }}"
  state: present
  use_rest: Always
  tags:
  - snapmodify

Regarding the fields with null value, how do we know that they are null if they are not reported ?

It used to work for sure because I wrote a test suite and checked the outcome of each unit test.

The expiry_time can be used to filter output. So reporting it whichever is the value would be welcome.

Eventually, the above playbook works. I had probably not set properly the snapname.

Could you just confirm that below fields are no more reported by na_ontap_rest_info:

• for storage/volumes/snapshots

• cumulative-percentage-of-total-blocks

• cumulative-percentage-of-used-blocks

• percentage-of-total-blocks

• percentage-of-used-blocks

• for protocols/cifs/shares

• show_previous_versions

• browsable

Thx

Another topic

Running below playbook triggers a stack trace in the ansible module:

- name: Delete CIFS share netapp.ontap.na_ontap_cifs: <<: *login vserver: "vs_{{ target }}" name: "{{ nas_share_name }}" state: absent tags: - cifssharedelete

It fails with :

na_ontap_cifs.py", line 409, in <module>\n File

na_ontap_cifs.py", line 405, in main\n File

na_ontap_cifs.py", line 383, in apply\n File

na_ontap_cifs.py", line 189, in get_cifs_share\n File

na_ontap_cifs.py", line 328, in get_cifs_share_rest\nKeyError: 'unix_symlink'\n", "module_stdout": "", "msg": "MODULE FAILURE

The cifs share exists and is not deleted.

If the share does not exist, it does not fail.

https://library.netapp.com/ecm/ecm_download_file/ECMLP2882104 If you look for the ZAPI names, it tells you if they exists in REST and their mapping. I could not find browsable or show_previous_version.

Sounds like a bug. We expect unix_symlink to always be present. Wrong assumption 😦 I'll create a JIRA for this.

Which version of ONTAP is this?

for CIFS shares, I think this falls under share-properties:
share-properties NO REST EQUIVALENT Share-properties are separate fields
in the REST API. You can achieve this
functionality by setting the fields
"access_based_enumeration",
"change_notify", "encryption",
"home_directory", "oplocks",
"show_snapshot",
"continuously_available" and
"namespace_caching".

@jagged gyro , this is Ontap 9.11.1

Thx

Hi everyone

FYI - opened a new issue. Deleting qtrees is failing when using REST on ntfs style qtrees and no Unix permissions set:
https://github.com/ansible-collections/netapp.ontap/issues/106

Hi, is it possible to run playbooks with domain user account?...still geting msg: Error getting accounts...none found...
Trying to find some docu for that but no luck..

We’ll look into it ASAP. We get notified on Slack too 😀

It works with AD account except for na_ontap_command. It’s a ZAPI security limitation.

I had directed a question to @unkempt sedge about getting versioning options in the storagegrid ansible module. This started a couple months back and had been mentioned that would be in hopefully by the end of August, but with our storagegrid upgrade to 11.6 the AWS versioning module no longer functions. This is a critical step in our provisioning and I am trying to determine when it may be in the module

Thread

Is this what you are looking for

Minor Changes
na_sg_org_container - supports versioning configuration for S3 buckets available in StorageGRID 11.6+. 

Laurent, yes that is what I was looking for and missed. however when I use bucket_versioning_enabled: yes the bucket still does not have versioning enabled

I'm checking with Josh.

This is my output from Ansible Tower

This is the bucket in storage grid

Thank you for looking its like the worst case scenario because ansible says it created the bucket with versioning without error but the bucket does not have versioning enabled

Apologies Casey. You're correct there's a logic issue here in the module. As a workaround - running the play twice will enable versioning, but it's failing to enable on first create of the bucket. We should be able to release a hotfix in the next couple of days.

@unkempt sedge thank you, I do see that running it 2 times will enable versioning on the bucket.

for now rather than needing to run the entire play 2x, I just added to my playbook a second task that sets the versioning on the bucket which then makes versioning function

@wild temple it's resolved in the latest collection version - 22.11.1

Hi,
When i try to execute ansible playbook to rename root aggr get this error message "fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error renaming aggregate aggr0_bham_c9_10_01_rt: no aggregate with from_name aggr0_bham_c9_10_01_root."}"

But the 'aggr0_bham_c9_10_01_root' do exists on the netapp simulator as shown below.... can you someone assist me what's going here...

Aggregate Size Available Used% State #Vols Nodes RAID Status

aggr0_bham_c9_10_01_root
1.67GB 83.91MB 95% online 1 bham-c9-10-01 raid_dp,
normal

playbook

• hosts: localhost
  gather_facts: false
  name: NetApp System Setup
  vars:
  login: &login
  hostname: 192.168.252.50 #NetApp Cluster IP
  username: ansible #Cluster User
  password: xxxxxx # Cluster Password
  https: true
  validate_certs: false
  clustername: test-c9-10
  ntpservers: 192.168.1.100

  Variables for '02_create_aggregate.yml'

  aggrrootoldname: aggr0_bham_c9_10_01_root
  aggrrootnewname: aggr0_bham_c9_10_01_rt
  aggrdataname: aggr1_CLUSTER96_01_data
  diskcount: 26
  tasks:
  • name: Rename Root Aggregate
    na_ontap_aggregate:
    state: present
    service_state: online
    from_name: "{{ aggrrootoldname }}"
    name: "{{ aggrrootnewname }}"
    <<: *login

[sudhr@sudhr-ansible-control ~]$ ansible-playbook rename_root_aggr.yml
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.8 (default, Nov 16 2020, 16:55:22) [GCC
4.8.5 20150623 (Red Hat 4.8.5-44)]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
/usr/local/lib/python3.6/site-packages/ansible/parsing/vault/init.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.exceptions import InvalidSignature
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [NetApp System Setup] *************************************************************************************************************************************************

TASK [Rename Root Aggregate] ***********************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error renaming aggregate aggr0_bham_c9_10_01_rt: no aggregate with from_name aggr0_bham_c9_10_01_root."}

PLAY RECAP *****************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

it can be because of rest doesn't allow system resources(root aggregate) to be visible, can you add use_rest: never in your task and try.

Thank you, I will check it out.

Hello, is it me, or creating an SVM-DR isn't possible when you need to preserve your identity?

You are Genius... It worked.. thanks very much. you made my day.

Seems like NetApp is moving away from ZAPI, if we want to perform the aggregate rename via REST is there a way to allow the system resources visible through REST ?

This should be addressed in #┊・ontap-api By design, "system" resources are abstracted and not visible.

Using ZAPI is not a solution, as ZAPI support is going away

Note: NetApp ONTAPI (ZAPI) will reach end of availability (EOA) in January 2023.
For Customers using ONTAPI to automate their storage management tasks,ONTAP 9.12.1 software - which is expected to release in the fourth quarter(Q4) of calendar year 2022 - will be the final version to support ONTAPI.

https://devnet.netapp.com/restapi.php

Question about rest_info module:
Is there a way, other than ignore_errors, to skip individual clusters if they are not reachable without a playbook aborting because of it?
We have several metroclusters that we query and want to prevent automatisms from stopping when we have a site failure.

Do you perhaps mean "ignore_unreachable" ?

Oh. Didnt know that

I recommend to check out this handy page:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_error_handling.html

has anyone used Ansible to configure BGP networking?

How do I install netapp_lib on an offline system?
I downloaded the wheel from pypi.org but there appears to be dependencies

FYI. This doesnt work with the netapp modules for Offline Filer.

I have tested and it is definitely resolved in the new version. Thank you

1. if you exclusively use REST, you should not need netapp-lib. But this may not be possible.
2. you should now be able build an Ansible Execution Environment (EE) for our ONTAP collection. I have not tried it yet though. This would allow to transfer the whole container image.
3. I reproduced what David Blackwell was doing, building a self contained image based on CentOS. This should be superseded by the EE (once I know it works). The image is at: https://hub.docker.com/r/lonico/schmots1-ansible-netapp
4. The dependencies are as follows

import copy
import logging

from lxml import etree
import six
from six.moves import urllib
import xmltodict

FYI This doesnt work with the netapp

I’m trying to get the netapp.ontap ansible collection to work in ansible tower. However when I run the job I get the error netapp-lib required. The playbook runs outside tower so netapp-lib is installed how do I get tower to see it

Make sure tower is using the same python distribution. It happens often that more than one python is installed.

How do I find out what python distribution ansible tower is using

If you run our na_ontap_debug module, it will tell which version of Python is installed if netapp-lib cannot be imported: https://github.com/ansible-collections/netapp.ontap/wiki/Debugging

Tower and ansible are both using 3.8.8

same path tp python executable?

Yes everything is the same

Take that back. Tower is using python 3.8.8 and ansible is using 3.8.12

OK. So you could try to force Tower to use 3.8.12 (I don't know anything about Tower), or use python3.8.8 -m pip install netapp_lib .

Tower is a container and I believe you can’t change the version. Tower seems to be looking in correct directory but can’t find netapp-lib

Hello,

When the fix will be available ? (Ansible collection version)

Hello,

Is there a plan to have these fields reported ?

I used to expose these fields to some users.

More broadly, is the REST API covering all the informations exported so far by ZAPI ?

Hi there, I've a question. I want to remove all the volumes** with a specific prefix_name** (created from Trident) on a svm.
Could I use this module?

- name: Volume Delete
  na_ontap_volume:
    state: absent
**    name: ansibleVolume12**
    aggregate_name: ansible_aggr
    vserver: ansibleVServer
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"

Thank you very much for the requirements list, I managed to fill the requirements using local yum repo instead of pip.
I'm a bit puzzled by 1. since I tried running "na_ontap_info" module and it gave me an error saying it required netapp-lib.
Was it perhaps because I didn't specify "use_rest" ?

Hi,
Maybe I hit a BUG in the ansible module na_ontap_snapmirror version 21.23.0. I try to change the snapmirror schedule on a relationship.

cluster::> snapmirror show -fields schedule
source-path destination-path schedule

rene:vol1 rene_backup:vol1_backup -

My playbook (according the documentation):

• name: set schedule to {{ backup_schedule }}
  delegate_to: localhost
  netapp.ontap.na_ontap_snapmirror:
  state: present
  destination_path: "{{ backup_vserver_name + ':' + backup_volume_name }}"
  schedule: "{{ backup_schedule }}"

RESULT:
TASK [set schedule to d2100] **************
[WARNING]: Falling back to ZAPI because of unsupported option(s) or option value(s) in REST: ['schedule']
[WARNING]: option: destination_path is deprecated, please use destination_endpoint:path
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "msg": "Missing parameters: Source path or Destination path"}

and on the cluster the scheduler is not set:
cluster::> snapmirror show -fields schedule
source-path destination-path schedule

rene:vol1 rene_backup:vol1_backup -

TRY NO 2 playbook:

• name: set schedule to {{ backup_schedule }}
  delegate_to: localhost
  netapp.ontap.na_ontap_snapmirror:
  state: present
  destination_path: "{{ backup_vserver_name + ':' + backup_volume_name }}"
  source_path: "{{ vserver_name + ':' + volume_name }}"
  schedule: "{{ backup_schedule }}"

This time with the source path and destination path

RESULT:
TASK [set schedule to d2100] *********
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: netapp_lib.api.zapi.zapi.NaApiError: NetApp API failed. Reason - 17131:Another transfer is in progress.
[WARNING]: Falling back to ZAPI because of unsupported option(s) or option value(s) in REST: ['schedule']
[WARNING]: option: source_path is deprecated, please use source_endpoint:path
[WARNING]: option: destination_path is deprecated, please use destination_endpoint:path
fatal: [localhost -> localhost]: FAILED! => {"changed": false, "msg": "Error updating SnapMirror: NetApp API failed. Reason - 17131:Another transfer is in progress."}

and on the cluster the scheduler is now set:
cluster::> snapmirror show -fields schedule
source-path destination-path schedule

rene:vol1 rene_backup:vol1_backup d2100

Is there any way to list volumes using Ansible for a specific SVM?

Yes. with module na_ontap_rest_info.

netapp.ontap.na_ontap_rest_info:
gather_subset:
- storage/volumes
parameters:
svm.name: "{{ vserver_name }}"
register: cluster_info

cool, thanks Rene

Also might want to add the use_python_keys option. It returns the data in a cleaner format for parsing.

Hi all! I'm having to modify the comments field on our volumes via Ansible. I'm using the na_ontap_command module and it appears to be executing okay but it's not actually changing it on the storage. No errors that I can determine. Here's the (sanitized) return I get via -vvv:
changed: [localhost] => {
"changed": true,
"invocation": {
"module_args": {
"cert_filepath": null,
"command": [
"volume",
"modify",
"-vserver",
"the_correct_vserver",
"-volume",
"the_correct_volume_name",
"-comment",
"comment,comment,BACKUP=NO,DR=YES"
],
"exclude_lines": "",
"feature_flags": {},
"hostname": "ourhostname",
"http_port": null,
"https": true,
"include_lines": "",
"key_filepath": null,
"ontapi": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"privilege": "admin",
"return_dict": false,
"use_rest": "auto",
"username": "username",
"validate_certs": false,
"vserver": null
}

Am I missing something here?

I'll need to confirm with @jagged gyro but i believe this was merge in to our 21.24.0 release which would be coming out on Wednesday (https://github.com/ansible-collections/netapp.ontap#21240)

That going to be a question for #┊・ontap-api If the ZAPI to REST transition guide does not currently list it in REST. then it is currently not supported in REST (and there may be specific reason for that the api team can explain)

Yes that playbook above will remove the volume ansibleVolume12 from the vserver ansibleVServer

na_ontap_info requires netapp-lib, netapp_ontap_rest_info does not

I"m not sure what would be causing the issue, i'll need to try it my self. The only thing that suspicious is it might be tripping up on the = Sign's

Huh. Really? I hadn't thought of that but I can test the theory. It doesn't bother it if I run the volume modify command from the CLI.

I can also put the ansible play in if necessary but I think I'm okay with it. It's more challenging since you moved to Discord as I can't reach Discord from work environment. 🙂

I'm looking at the code (https://github.com/ansible-collections/netapp.ontap/blob/main/plugins/modules/na_ontap_command.py#L156) we pass the command directly to the system-cli zapi and it not returning an error, so i can't think of anything else off the top of my head (at least module wise) that would cause the command above to fail.

But again i'll need to try it to be sure

I did try modifying and removing the = and some other things to make it a string. And again, the output show that it appears correct as you see in the string above. It just doesn't make the change.

I am not getting able to replicate this issue. I ran the following playbook to print the volume comment before and after the command

tasks: - name: test netapp.ontap.na_ontap_rest_info: feature_flags: trace_apis: True gather_subset: - storage/volumes fields: - 'comment' parameters: name: "test_vol_new" use_python_keys: true - name: run ontap cli command na_ontap_command: #command: ['version'] command: [ 'volume', 'modify', '-vserver', 'ansibleSVM', '-volume', 'test_vol_new', '-comment', 'comment,comment,BACKUP=NO,DR=YES' ] return_dict: true register: ontap - debug: var=ontap - name: test netapp.ontap.na_ontap_rest_info: feature_flags: trace_apis: True gather_subset: - storage/volumes fields: - 'comment' parameters: name: "test_vol_new" use_python_keys: true

I"m going to show the output as images so it dosn't flood the channel. but the first get show there no comment

the command get issue

and then the second rest_info show that the command was set

It possible you might have a very old version of the collection (i don't think we've made any changes to command recently) but check to see what version of the collection you are using and update to the latest if it is rather old and see if that helps

The fix will be in 21.24.0. Should be published this Wednesday.

More broadly is the REST API covering

I did try modifying and removing the and

TRY NO 2 playbook

I'm trying to set up login role for a service account using the na_ontap_user_role module. but how do I use the "privileges" dictionary for non-API paths like "DEFAULT" ?

Indeed, these params are not listed in the document https://library.netapp.com/ecm/ecm_download_file/ECMLP2882104

Hi all,
with the na_ontap_rest_info module (version netapp.ontap 21.23.0) with gather_subset: storage/volumes and fields = "*", I don't get the qos policy information.
But when I specify fields ="qos" then the information is shown.
Is this working as expected?

Hey @fluid mesa, this is expected as it is one of those "Expensive properties" when requesting information using Rest API.
You can find a list of those properties here:
https://library.netapp.com/ecmdocs/ECMLP2882307/html/#/storage/volume_collection_get

many thanks for the quick answer! 👍

There 2 options you can give for fields (it documented some where in the REST API but i can't find it off the top of my head).

• -- Will not include the expensive ones
  ** -- the double star will include the expensive ones

We highly recommend you list the fields you want and not grab everything, but it is an option if you want the performance hit.

With the rest API you can also pass in commands. So something like this to pass in a command instead of an API.

DEFAULT i believe won't work though, i'll need to double check, but to make sure the module was idempotent we had to ignore DEFAULT i believe (but all other command should work).

- name: Create user role 9.11 format with commands na_ontap_user_role: state: present privileges: - path: job schedule interval query: "-days <1 -hours >12" vserver: ansibleSVM name: carchi-test-role feature_flags: trace_apis: true <<: *login911

Ok, I may be a rube and can't find it.
Is there a module to create vserver name-mappings?
If not, I'll devolve to using the command module

no we don't have a module for this. You can only read the current mappings using na_ontap_rest_info. Rather than the command module, I'd suggest to use na_ontap_restit with /name-services/name-mappings

Definitely looking to create not read.

As @jagged gyro said we currently don't have a module. I"ll add a story to create one. You can use the restit module though to do a create, it would look something like this

- name: Set name-mapping na_ontap_restit: api: name-services/name-mappings method: POST body: svm: name: index: direction: pattern: replacement:

All the fields you want to set in the in the POST will need to be in the body, for example i took the one listed as required and put them there. (https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/name-services/name_mapping_create)

And there are example you can follow in the documentation.
https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_restit_module.html#ansible-collections-netapp-ontap-na-ontap-restit-module

Thank you 🙂
This is a big help, were trying to retire all instances of SAMBA in our organization... Simply put our AIX/RHEL/UNIX team is done supporting it and we are here to pickup the slack and help.

I'm going to give them a Rundeck playbook to make everyone's life easier

We'll try to get a actual module out for this endpoint in either the Nov or Dec release. But for now the RESTIT module will work for any api we don't have a specific module for

If you don't use threads this chat remains unfollowable for everyone.

With the rest API you can also pass in

We’re anxiously awaiting them enabling forum channels for us, which will solve this problem greatly. Bear with us.

Hello,

I'am trying to offline a volume with :

• name: Offline volume
  na_ontap_volume:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  vserver: "vs_{{ target }}"
  name: "{{ nas_volume_name }}"
  junction_path: "{{ nas_volume_path }}"
  state: present
  is_online: no
  https: true
  validate_certs: false

It fails because the volume is mounted

I can't find how to unmount the volume using Ansible.

Any hint ?

name Offline volume

Another question.

I used to run the following playbook to collect export info:

• name: Get export info using ZAPI
  netapp.ontap.na_ontap_info:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  vserver: "vs_{{ target }}"
  gather_subset:
  - export_rule_info
  https: true
  validate_certs: false
  register: ontap_info

It was retporting all the exports

But I realized that it is no more reporting export info.

A null value is returned, though there are exports for the provided SVM

I know this is going to be legacy API, but I still need it for the transition from ZAPI to REST.

I'am using ONTAP 9.10.1 and Ansible Netapp collection 21.23.0

Where I think I've got most of this worked out, is there a default method to have this programmatically place the name mapping at the lowest index possible? I'm up to like index 68.

I'd need to do a GET, register the variable and do some math to get the new one?

First time here. Having trouble figuring out how I can update LS mirrors using the na_ontap_rest_cli module.

1. Is this the right module to use? If not, what?
2. Here is what I've been messing with. I don't understand the parameters.

name: Update LS mirror

netapp.ontap.na_ontap_rest_cli:

hostname: "{{ cluster }}"

username: "{{ netapp_username }}"

password: "{{ netapp_password }}"

https: true

validate_certs: false

use_rest: always

command: 'api/private/cli/snapmirror/update-ls-set'

verb: 'PATCH'

params:

  source_path: "{{ source_path }}"

Hello,
This is my first steps in ansible.
I want to enable inline compression for the flexvol using:

  tasks:

   - name: Create Volume
     netapp.ontap.na_ontap_volume:
       state: present
       name: "myol"
       aggregate_name: "aggr_data_N1"
       size: 10
       size_unit: gb
       vserver: "{{ netapp_vserver }}"
       hostname: "{{ netapp_hostname }}"
       username: "{{ netapp_username }}"
       password: "{{ netapp_password }}"
       https: True
       validate_certs: false

   - name: Enable Volume efficiency
     netapp.ontap.na_ontap_volume_efficiency:
       state: present
       path: "/myvol"
       enable_compression: "True"
       enable_inline_compression: "True"
       vserver: "{{ netapp_vserver }}"
       hostname: "{{ netapp_hostname }}"
       username: "{{ netapp_username }}"
       password: "{{ netapp_password }}"
       https: True
       validate_certs: false

[root@deploy-server ansible]# ansible-playbook teste.yml

TASK [Enable Volume efficiency] ******************************************************************************************************************************************************************
fatal: [olvm]: FAILED! => {"changed": false, "msg": "calling: private/cli/volume/efficiency: got {'message': 'API not found', 'code': '3'}."}

PLAY RECAP ***************************************************************************************************************************************************************************************
olvm         : ok=1    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

For Gets use the na_ontap_rest_info module which does have support for getting info from name-service/name-mappings. https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_rest_info_module.html#ansible-collections-netapp-ontap-na-ontap-rest-info-module

You'll want something like this (fields should be set to just the fields you want) but '*' will return all fields, but can be a performance hit to your system.
netapp.ontap.na_ontap_rest_info: hostname: "1.2.3.4" username: "testuser" password: "test-password" https: true fields: - '*' validate_certs: false use_rest: Always use_python_keys: true gather_subset: - name-service/name-mappings

We have a SnapMirror module which i believe does what your trying to do. Here the documentation for it, there some example at the bottom. (https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_snapmirror_module.html#ansible-collections-netapp-ontap-na-ontap-snapmirror-module)

What version of ONTAP are you using?

9.11.1P1

First time here Having trouble figuring

Handling File Locks

Oops I accidentally started multiple threads sorry I can't seem to delete the duplicates

No worries. I found them and deleted them.

ONTAP Ansible Collection 21.24.0 is now available on Ansible galaxy -- https://galaxy.ansible.com/netapp/ontap

With this update, we have completed the ZAPI to REST work in All existing modules that we started about a year ago.

• 117 Modules have REST support. Playbooks do not need to be rewritten for these modules (outside of a few options that no longer exist on the REST side). REST is the default and has been since REST was added to the module. If you ever need to switch back to ZAPI you can add the following parameter to your playbook use_rest: never

• 10 Modules have been replaced. These modules will continue to work, as long as ZAPI is supported by your version on ONTAP. But you will need to transition your playbook to the new REST-based modules prior to upgrading to a version of ONTAP that does not support ZAPI
• na_ontap_broadcast_domain_ports -> na_ontap_ports
• na_ontap_command -> na_ontap_rest_cli
• na_ontap_firewall_policy -> na_ontap_service_policy
• na_ontap_info -> na_ontap_rest_info
• na_ontap_ldap -> na_ontap_ldap_client
• na_ontap_motd -> na_ontap_login_messages
• na_ontap_qos_adaptive_policy_group -> na_ontap_qos_policy_group
• na_ontap_volume_snaplock -> na_ontap_volume
• na_ontap_vserver_cifs_security -> na_ontap_cifs_server
• na_ontap_zapit -> na_ontap_restit

• 5 Modules have been deprecated. These modules do not have REST equivalent API's.
• na_ontap_active_directory
• na_ontap_cg_snapshot
• na_ontap_file_directory_policy
• na_ontap_svm_options
• na_ontap_quota_policy

That's a huge payload! Congrats!

@chrome sleet

CloudManager Ansible Collection 21.20.0 is now available on Ansible galaxy -- https://galaxy.ansible.com/netapp/cloudmanager

Hi @jagged gyro , do you know when this fix will be ready ? Can I somehow check the status myself ?

I used to run the following playbook to collect export info:

• name: Get export info using ZAPI
  netapp.ontap.na_ontap_info:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ naspassword }}"
  vserver: "vs{{ target }}"
  gather_subset:
  - export_rule_info
  https: true
  validate_certs: false
  register: ontap_info
  So far, it was reporting all the exports as expected.
  But I realized that it is no more reporting export info as shown below:
  ok: [localhost] => {
  "msg": {
  "export_rule_info": null,
  "ontap_version": "211",
  "ontapi_version": "211"
  }
  }

A null value is returned, though there are exports for the provided SVM
I know this is going to be legacy API, but I still need it for the transition from ZAPI to REST.
I'am using ONTAP 9.11.1 and Ansible Netapp collection 21.23.0

Anyone got an example ansible playbook which uses the "na_ontap_rest_info" module to extract the Node names to a list variable which can be used for a loop?
I don't understand how to parse the json output and create a list out of it.

You may use json_query to parse json.

This avoids going through multiple steps.

I used to run the following playbook to

Follow up.
Got my playbook functional and working as expected.

Thanks for the help!

Side question though for the group.

What is your guys preferred authentication method for Ansible to array?
Is it worth the changeover to certificates?
How do you restrict your Ansible users privileges? Or do you just assign the Admin role and move on?

Hi laurent8106 do you know when this fix

Two examples in https://github.com/ansible-collections/netapp.ontap/tree/main/playbooks/examples/json_query

I'am testing with netapp.ontap.na_ontap_rest_cli instead of na_ontap_command

• name: Online SVM
  netapp.ontap.na_ontap_rest_cli:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ naspassword }}"
  command: ['vserver', 'start', '-vserver', 'vs{{ target }}']
  verb: 'POST'
  #verb: 'PATCH'
  https: true
  validate_certs: false
  TASK [ds-role-nas_CRUD : Online SVM] **
  fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error: {'message': 'API not found', 'code': '3'}"}
  So I used netapp.ontap.na_ontap_rest_cli.
  There is no more deprecated warning
  But the ''API not found' message pops up

I tried with verbs POST and PATCH

Any clue of what is wrong ?

Collection 21.23.0

ONTAP 9.11.1P1

Hi folks. This is a warning when deleting a volume from a FSxN instance. Does that ring a well ? Should we in mount the volume before using « absent » state ?

Yes, it can be safely ignored. The error code is None, indicating there was no error. We have a fix under review to suppress the warning.

https://tenor.com/view/the-simpsons-mr-burns-evil-laugh-evil-laugh-gif-4076853

Hi, When i try to run playbook in AWX i see this error message "ERROR! couldn't resolve module/action 'na_ontap_command" , i understand that netapp module is missing on the AWX instance.... Can someone guide me how to install this netapp module in AWX running in GKE.

Hi When i try to run playbook in AWX i

Hi, Is there an AWX NetApp execution environment available on internet that i can use/link the url in AWX execution environment ? or do i need to build this execution environment using ansible-builder ? My understanding is that netapp execution environment is bare minimum prerequisite in AWX to communicate with netapp devices, correct me if i am missing something here.

Hi there, I am creating a volume and I would like to disable .snapshot folder access:

    netapp.ontap.na_ontap_volume:
      vserver: "{{ netapp_vserver }}"
      hostname: "{{ netapp_hostname }}"
      username: "{{ netapp_username }}"
      password: "{{ netapp_password }}"
      https: True
      validate_certs: false
      state: present
      name: "teste"
      aggregate_name: "aggr_data_N2"
      size: 10
      size_unit: gb
      unix_permissions: "755"
      qos_policy_group: "value-fixed"
      volume_security_style: unix
      junction_path: "/teste"
      export_policy: "default"
      snapshot_policy: none
      snapdir_access: no # Disable snapdir access
      inline_compression: yes```

Ontap: 9.11.1P2
netapp.ontap 21.23.0

Some idea?

Hi there I am creating a volume and I

Has someone here already implemented the following request and can me help out ?

-> Delete all snapshots from a volume older than X days.

Step 1: na_ontap_rest_info with subset storage/volumes/snapshots to get all infos around the snapshots from the volume
Step 2: register today date minus X days as 'xyz'
Step 3: Loop over all snapshot and delete it if create_date older 'xyz'

Step 1 is already done. But i struggling with Step 2 and 3. Especially dealing with date/time

Has someone here already implemented the

Alright.

I have a very annoying situation.
Any time I attempt to utilize the Netapp.ontap.na_ontap_volume_efficiency module, the account I'm executing the job under suddenly fails to auth.
The entire rest of the playbook runs 💯 without a hitch.

Permissions are fine for the modules, the account is successful at authentication to the worker node with every other module but this one.

I don't know where to look next, but I dislike having to go manually enable these efficiencies afterwards.

Log output from the play -> https://pastebin.com/BfbX2CMT

It not a connection issue, looks like a bug in the module, looking in to it

"/tmp/ansible_netapp.ontap.na_ontap_volume_efficiency_payload_jgs2t5cs/ansible_netapp.ontap.na_ontap_volume_efficiency_payload.zip/ansible_collections/netapp/ontap/plugins/modules/na_ontap_volume_efficiency.py", line 313, in get_volume_efficiency\r\nKeyError: 'schedule'\r\n', b'Shared connection to EXECUTION_NODE closed.\r\n')

@lofty sage do you know what version of the collection your using?

I believe this was fixed in 21.24.0 (https://github.com/ansible-collections/netapp.ontap#bug-fixes-2) if your using an older version than try updating the collection to get the fix

21.23.0

I'll update it and give it a shot 🙂

I tried updating netapp-lib first as I noticed it was behind

(like a year)

Hello All - Did anyone create a successful snapmirror relationship to a FSxN file system using ansible? I have a playbook that could establish cluster and vserver peering but it fails to create the volume snapmirror task. Following is the task I have:

- name: Create SnapMirror relationship (create destination volume)
  netapp.ontap.na_ontap_snapmirror:
    state: present
    source_endpoint:
      # cluster: "{{ netapp_hostname }}"
      path: "{{ source_vserver + ':' + source_volume }}"
    destination_endpoint:
      # cluster: "{{ dest_netapp_hostname }}"
      path: "{{ dest_peer_vserver + ':' + source_volume + '_DR' }}"
    create_destination:
      enabled: true
    hostname: "{{ dest_netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"
    https: yes
    validate_certs: false

I received the following error:
"msg": "Error creating SnapMirror: calling: snapmirror/relationships: got {u'message': u'Operation to create a destination endpoint and create a SnapMirror relationship failed. Reason: Out of 1 endpoints, 0 endpoints have been protected and protection has failed for 1 endpoints.\n\t\t\tList of paths that failed protection and reasons for failure:\n\t\t\tFSx:volume1 : Failed to identify aggregate on which to create volume "volume1_DR". (No eligible aggregate to place the volume. Make sure that a non-root, non-taken-over, non-snaplock, non-composite aggregate with enough free space exists at the destination cluster. If aggr-list is configured for the SVM make sure that an eligible aggregate is present in that list. Verify that the number of volumes is less than the supported maximum on the nodes in the destination cluster.)\n', u'code': u'13303868'}."
I verified that the destination SVM has a non-root aggregate assigned and capacity required.
}

Hello,

When creating a new SVM with below playbook :

• name: Create SVM
  na_ontap_svm:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  state: present
  name: "vs_{{ machine }}"
  root_volume: "{{ machine }}_root"
  root_volume_aggregate: "{{ _aggr_free_max_size_name }}"
  root_volume_security_style: unix
  language: fr.utf_8
  allowed_protocols: nfs,cifs
  https: true
  validate_certs: false

I get the following warning:

TASK [ds-role-nas_CRUD : Create SVM] ********************************************************************************************************************************************************************************************************
[WARNING]: Falling back to ZAPI because of unsupported option(s) or option value(s) in REST: ['root_volume', 'root_volume_aggregate', 'root_volume_security_style']

So it does not look like ZAPI free compliant

I'am using :

• collection 21.23.0

• ONTAP 9.11.1P1

What is the proper playbook to use to be REST compliant ?

Another question about ZAPI free Ansible code:

I've the following playbook which also produces a Warning:

• name: "Run ontap cli command for name service database group"
  na_ontap_command:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  command: ['vserver', 'services', 'name-service', 'ns-switch', 'modify', '-vserver', 'vs_{{ target }}', '-database', 'group', '-sources', 'files,nis']
  return_dict: true
  https: true
  validate_certs: false

TASK [ds-role-nas_CRUD : Run ontap cli command for name service database group] *************************************************************************************************************************************************************
[WARNING]: The module only supports ZAPI and is deprecated, and will no longer work with newer versions of ONTAP when ONTAPI is deprecated in CY22-Q4
[WARNING]: netapp.ontap.na_ontap_rest_cli should be used instead.

So this is again not "ZAPI free".

The strange thing is that I have other vserver commands which are being run the same way.

But they do not produce a warning about ZAPI being deprecated in CY22-Q4.

Does it mean that some vserver commands are ZAPI free and others still use ZAPI ?

I can provide some example of such commands which do not trigger ZAPI warning

For instance, the below command does not produce ZAPI deprecated warning:

• name: "Run ontap cli command for name service database name_map"
  na_ontap_command:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  command: ['vserver', 'services', 'name-service', 'ns-switch', 'modify', '-vserver', 'vs_{{ target }}', '-database', 'namemap', '-sources', 'files']
  return_dict: true
  https: true
  validate_certs: false

How to convert the above command to netapp.ontap.na_ontap_rest_cli ?

Take a look at this #╭・ansible🔒 message Same discussion with someone else looking to create name mappings

I’ll need to double check 9.11 when I get in to the office but when we added rest to this module the 3 option listed in the error message where only supported in ZAPI and there was no REST support for thouse 3 options.

name Create SVM

name Run ontap cli command for name

Most likely ```
- name: run ontap REST API command
netapp.ontap.na_ontap_rest_cli:
command: 'vserver/services/name-service/ns-switch'
verb: 'PATCH'
params: {'vserver': 'ansibleSVM', 'database': 'namemap'}
body: {'sources': ['files']}

Since it's  a modify, it's a PATCH.  Then the parameters selecting the target go into params, and what needs to be changed goes in body.

Hello All Did anyone create a successful

Hi team, during volume provisioning if no aggregate name is provided, ONTAP is supposed to choose the best aggregate right?
But getting below error from ansible.

TASK [ONTAP Volume] *********************************************************************************************************************************************************************************

TASK [../roles/ontap/flexvol_volume : Configure Flexvol Volume] *************************************************************************************************************************************
ok: [localhost] => (item={'cluster': '10.61.87.72', 'name': 'vol_test01', 'vserver': 'svm1', 'aggregate_name': 'aggr1_cluster2_01'}) => {"ansible_loop_var": "vol", "changed": false, "vol": {"aggregate_name": "aggr1_cluster2_01", "cluster": "10.61.87.72", "name": "vol_test01", "vserver": "svm1"}}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
failed: [localhost] (item={'cluster': '10.63.102.173', 'name': 'vol_test01', 'vserver': 'svm1'}) => {"ansible_loop_var": "vol", "changed": false, "msg": "Error creating volume vol_test01: calling: storage/volumes: got {'message': 'One of "aggregates.uuid", "aggregates.name", or "style" must be provided.', 'code': '787140'}.", "vol": {"cluster": "10.63.102.173", "name": "vol_test01", "vserver": "svm1"}}

if aggregate if provided it's working fine.

TASK [ONTAP Volume] *********************************************************************************************************************************************************************************

TASK [../roles/ontap/flexvol_volume : Configure Flexvol Volume] *************************************************************************************************************************************
ok: [localhost] => (item={'cluster': '10.61.87.72', 'name': 'vol_test01', 'vserver': 'svm1', 'aggregate_name': 'aggr1_cluster2_01'}) => {"ansible_loop_var": "vol", "changed": false, "vol": {"aggregate_name": "aggr1_cluster2_01", "cluster": "10.61.87.72", "name": "vol_test01", "vserver": "svm1"}}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
failed: [localhost] (item={'cluster': '10.63.102.173', 'name': 'vol_test01', 'vserver': 'svm1'}) => {"ansible_loop_var": "vol", "changed": false, "msg": "Error creating volume vol_test01: calling: storage/volumes: got {'message': 'One of "aggregates.uuid", "aggregates.name", or "style" must be provided.', 'code': '787140'}.", "vol": {"cluster": "10.63.102.173", "name": "vol_test01", "vserver": "svm1"}}

Tested this in 9.7 and 9.9 ONTAP

Thx, I will manage to use these hints.

Thx Chris. Does that mean I cannot specify the aggregate where is created the SVM ?

Any plan to add snaplock_expiry_time to https://docs.ansible.com/ansible/latest/collections/netapp/ontap/na_ontap_snapshot_module.html#ansible-collections-netapp-ontap-na-ontap-snapshot-module ? It's there in the REST API

Any plan to add snaplock expiry time

Laurent,

I'am struggling with one:

• name: "Set preferred DC for AD domain"
  netapp.ontap.na_ontap_rest_cli:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  command: 'protocols/cifs/domains/{{ svm_uuid }}/preferred-domain-controllers'
  verb: 'POST'
  body: {'domain': '{{ nas_ad_domain }}', 'server_ip': '{{ nas_prefered_dc2 }}' } params: {'vserver': 'vs_{{ target }}', 'domain': '{{ nas_ad_domain }}'}

The response is :

TASK [ds-role-nas_CRUD : Set preferred DC for AD domain] ************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error: {'message': 'API not found', 'code': '3'}"}

I suspect that the command is not valid, though it seems the correct one as per swagger

name Set preferred DC for AD domain

Hi, I am looking for suggestions/guidance on how to parameterize netapp playbook in AWX, for example...in my current netapp playbooks it has hardcoded values like volume size, no of disks etc., So when i make REST api call to AWX to run the netapp playbook... it creates the volume size as mentioned in the playbook yaml..... My goal here is to remove the hardcoded values from the yaml file and inject the volume size during the runtime of playbook.....Is there a way to pass volume size as argument or parameter when we make the REST API call to AWX to execute the netapp playbook...

Hi I am looking for suggestionsguidance

Hi folks. Using Ansible Tower (2.9.19) with ONTAP 9.8P6. Have a simple playbook that uses the na_ontap_info module ... it works fine until we enable MFA on the ONTAP cluster. When we enable MFA on the cluster, admins are able to use the web GUI, and it looks like script that use the PowerShell Toolkit work... but Ansible stuff stops working.... we even set the "use_rest" parameter to NEVER, to try and force Ansible to use the ZAPI.

Our local NetApp support team suggested I come to this Discord channel for assistance.

Hi folks Using Ansible Tower 2 9 19 with

Can some help with certificate install using netapp ansible modules

Hello,

I used to set oplock on qtrees with ZAPI using :

• name: REST Create qtree /vol
  na_ontap_qtree:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  state: present
  name: vol
  flexvol_name: "vs_{{ machine }}root"
  export_policy: default
  security_style: unix
  # Nost REST compliant
  #oplocks: disabled
  unix_permissions: 755
  vserver: "vs{{ machine }}"
  https: true
  validate_certs: false

This is not REST compliant because the oplock is not supported anymore with REST.

Should I use rest_cli to set the oplock field on qtrees ?

Should I use rest cli to set the oplock

Looking for help in automating the conversion of Data protection DP type to XDP looking for help with a playbook

#╭・ansible🔒 Looking for help in automating the conversion of Data protection DP type to XDP looking for help with a playbook #╭・backup-and-dr

How do you guys handle the Ansible playbooks+variable files in a git environment?
Do you change the variable files, do the deployment and then Discard the changes of the variable files so the git repo content isn't replaced all the time?
I'm struggling to find a better way of handling this but I am not used to this git stuff.

Hello

I would like to set the TTL of the DNS.

With CLI, this looks like:

set diag (Required step)

vserver services name-service cache hosts settings modify -vserver vs_vtechsaleswwdsy -ttl 5m

I supposed I need to use rest_cli

with feature_flags to have the equivalent of 'set diag' used by CLI

I've managed to run the below play:

• name: Update DNS TTL
  netapp.ontap.na_ontap_rest_cli:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  command: 'vserver/services/name-service/cache/hosts/settings'
  verb: PATCH
  params: {'vserver': 'vs_{{ target }}'}
  body: {'ttl': '5m'}

It was executed without hicup

But I have not been able to check the value

Playbook to convert DP to XDP

Eventtually, I've found the way to check the DNS TTL.

• name: Get DNS TTL with restit
  netapp.ontap.na_ontap_restit:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  api: "/name-services/cache/host/settings/{{ svm_uuid }}"
  method: GET

https://discord.com/events/855068651522490400/1024723666023485582

@bitter pasture Ansible has a detailed page on variable and different way you can pass them (files, environment variables, command line). That will probably help you better than we can https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html

Matalve9870 Ansible has a detailed page

Hi guys,
Today I recognized an issue with the na_ontap_rest_info module. In 21.23.0 /protocols/vscan/scanner-pools was introduced but not working. I fixed it locally together with the other two introduced vscan subsets.
I filed a PR but the tests failed on a missing svm.name entry.
Could anyone from NetApp have a look if there are adjustments needed on the test section?
https://github.com/ansible-collections/netapp.ontap/pull/110

Hi, we're doing some work with the ontap collection, and so far I'm not seeing the modules supporting ansible-playbooks --diff option. To me this is a pretty glaring operational hole as I can't determine what an ansible change to an existing resource is actually going to do. Is there some method to get a diff style change that I am missing?

Add missing api calls to na_ontap_rest_i...

@hot gust we currently don't support diff mode, this is something i'll add a story for.

There is a workaround that i believe should work for most module but i'll need to double check

If you run the module in check mode for example, with verbose output
ansible-playbook test_na_ontap_interface_rest.yml -vvv --check

At the end of the result dictionary we have a variable called modify, which show all field that would of been modified.
}, "modify": "{'netmask': '255.255.255.0'}" }

Thanks Chris. I had been using -vvv in a few places for some checks, I might have missed that modify data among all of the output. I'll check that out and see how it works for us.

I have checked a few modules and it seems that the modify data is inconsistently supported. I see it in the output of na_ontap_volume but not in na_ontap_svm or na_ontap_nfs for example. any sort of improvement of this, (or diff ideally) would greatly help out with us being able to confidently use these modules against our existing infra

BTW, -v should be enough for most of this. -vv and -vvv are way too verbose.

fair enough. the issue i always had with -v was the output formatting was never pretty printed by default. but should be able to handle that with some of the output callback formatters

i see that you are also reporting the type of modification as well, which is nice. ``` actions:

• createor actions:
• modify```

Yes, we were told at the beginning to avoid any verbose output, as this intended for automation, not humans, but we followed this too much to the letter. Reporting actions and modify for every module would help.

Ya that what i was looking for.

I can make the change to make sure all modules show modify an change quickly for the next release (as it just showing exposing internal variables in the output. I'll make sure we get that update for the 22.0.0 November release.

Diff will take considerably longer.

that would be a great improvement to have the modify available consistently. thanks for looking at it. understood about the diff. I am sure it's not simple, given that seems to have been written for literally diffing existing config files, which is not what you are doing with these modules

anyone using ansible to upgrade ontap? I have done with dqp, shelf/disk FW but I have 22 a400 systems that I want to upgrade 9.7p18 to 9.9.1p9 via playbook and fork. 18 of these systems do not contain customer data.

Hi, please confirm on below one I see in 21.24.0 If I can use for snapmirror lag time which is giving iso format. If it is yes, please help with any example

Would it be possible to share the playbooks for DQP and shelf/disk FW? 😄

Hi please confirm on below one I see in

@magic wave you can use this playbook for the snapmirror lag time

• hosts: all
  collections:
  • netapp.ontap
    gather_facts: no
    connection: local
    vars:
    ansible_python_interpreter: /usr/bin/python3
    input: &input
    hostname: "{{ inventory_hostname }}"
    username: "{{ username }}"
    password: "{{ password }}"
    https: true
    validate_certs: false
    use_rest: Always
    tasks:
  • name: run ontap rest cli command
    netapp.ontap.na_ontap_rest_cli:
    <<: *input
    command: 'snapmirror?fields=lag_time'
    verb: 'GET'
    register: ontap_volume_info

- debug: var=ontap_volume_info.msg

• set_fact:
  list_snapmirror: "{{ list_snapmirror|default([]) + [{'source_path': item.source_path ,'destination_path': item.destination_path ,'lagTime': (item.lag_time | iso8601_duration_to_seconds) } ] }}"
  with_items: "{{ ontap_volume_info.msg.records }}"
  when:
  • ontap_volume_info is defined
  • item.lag_time is defined
• debug:
  var=list_snapmirror

"list_snapmirror": [
{
"destination_path": "vsvgnsdur01dmz:drs_volaxwprd_vmwaxwapp05_06_prd_apps_axway_shared",
"lagTime": 1982.0,
"source_path": "svmhiogen02dzp:volaxwprd_vmwaxwapp05_06_prd_apps_axway_shared"
},
{
"destination_path": "vsvgnsdur01dmz:drs_volaxwprd_vmwaxwapp05_prd_apps_axway_product",
"lagTime": 1982.0,
"source_path": "svmhiogen02dzp:volaxwprd_vmwaxwapp05_prd_apps_axway_product"
},
{
"destination_path": "vsvgnsdur01dmz:drs_volaxwprd_vmwaxwapp06_prd_apps_axway_product",
"lagTime": 1982.0,
"source_path": "svmhiogen02dzp:volaxwprd_vmwaxwapp06_prd_apps_axway_prod

Awwwweright

Top is from the filer directly

Bottom is my playbook erroring on enabling efficiencies staying the path doesn't exist

Aside from setting it manually via restAPI or just by hand.
I'm at a loss

Ontap collection is 21.24.1
I'm building the vol path off of variables within variables and nowhere else do I have the same fits in the playbook doing that except the efficiencies

Yes, it's still using some old style way of identifying volume. Could you paste the full error message?

Sure.
One moment to get the path off of the work laptop lol

Do you want the full set of args passed as well or just the error vomit?

"msg": "Error enabling storage efficiency for path /vol/legalhold_LH0053_Hunter on vserver redacted as the path provided does not exist."

Which I can assure it exists.

The error message is making this up. This may be a reason, but not necessarily the only one. The only thing I can say is that the command did not complete. Maybe because the volume is disabled???

We're actually calling the CLI under the cover. But there was no error and no success message returned. If you manually run volume efficiency on what do you see?

The step right before that literally is to create the volume

Success, using the path

Vol efficiency on -path /vol/legalhold_LH00053_Hunter -vserver redacted
Success

Even tried with trailing / in path for good measure

If you're creating the volume, and since you're using REST, you can directly turn on efficiencies in na_ontap_volume

Oh man. There's a whole glut of errors involved with that too.

One moment and I'll deliver those

"msg": "Error creating volume Apps_deletemeplease: calling: storage/volumes: got {'message': 'Field \"efficiency.policy.name\" cannot be set in this operation', 'code': '262196', 'target': 'efficiency.policy.name'}."

I'm redacting the entire play passed, 1m

fatal: [rundeckbox]: FAILED! => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "invocation": { "module_args": { "aggr_list": null, "aggr_list_multiplier": null, "aggregate_name": "ssdag1_redactedc", "atime_update": null, "auto_provision_as": null, "auto_remap_luns": null, "cert_filepath": null, "check_interval": 30, "comment": null, "compression": null, "cutover_action": null, "efficiency_policy": "daily@2-8", "encrypt": null, "export_policy": "default", "feature_flags": {}, "force_ontap_version": null, "force_restore": null, "force_unmap_luns": null, "from_name": null, "from_vserver": null, "group_id": null, "hostname": "redacted", "http_port": null, "https": true, "inline_compression": null, "is_infinite": false, "is_online": true, "junction_path": "/Apps/deletemeplease", "key_filepath": null, "language": null, "logical_space_enforcement": null, "logical_space_reporting": null, "max_files": null, "name": "Apps_deletemeplease", "nas_application_template": null, "nvfail_enabled": null, "ontapi": null, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "percent_snapshot_space": 0, "policy": "default", "preserve_lun_ids": null, "qos_adaptive_policy_group": null, "qos_policy_group": null, "size": 1, "size_change_threshold": 10, "size_unit": "gb", "sizing_method": null, "snapdir_access": null, "snaplock": null, "snapshot_auto_delete": null, "snapshot_policy": "72H_30Day_Retention", "snapshot_restore": null, "space_guarantee": "none", "space_slo": null, "state": "present", "tiering_minimum_cooling_days": null, "tiering_policy": null, "time_out": 180, "type": "RW", "unix_permissions": null, "use_rest": "auto", "user_id": null, "username": "redacted", "validate_certs": false, "volume_security_style": "ntfs", "vserver": "redacted.1", "vserver_dr_protection": null, "wait_for_completion": false } }, "msg": "Error creating volume Apps_deletemeplease: calling: storage/volumes: got {'message': 'Field \"efficiency.policy.name\" cannot be set in this operation', 'code': '262196', 'target': 'efficiency.policy.name'}." }

Using efficiency policies, definitely crashes and burns.

We'll look into this. And the error message with na_ontap_volume_efficiency, it looks over pessimistic and misleading.

Absolutely.
Feel free to PM me for any details further.
It's a heavily utilized playbook for us 🙂

I've commented out the efficiencies portion for now

Thank you @lethal jasper . It looks only work for single cluster. Much appreciate if you can able to help for multiple clusters ( loops)

Anyone out there used the REST cli module to modify a volume? I'm just updating comments. Per the docs, the api endpoint is api/private/cli/volume. I assume the param would be the param one uses for the CLI with body being the comment? So
netapp.ontap.na_ontap_rest_cli:
hostname: "{{ netapp_cluster }}"
username: "{{ netapp_user }}"
password: "{{ netapp_pw }"
command: 'api/private/cli/volume'
verb: 'PATCH'
params: {'volume':'my_test_volume'}
body: {'comment':'my,comment'}

Am I mistaken and comment should also be a param with no body? The error I get is API not found, code 3

i changed your code to command: 'volume'

that seems to work but please verify on your end

Thanks! That either doesn't match documentation or I can't read english. But I guess it just assumes the endpoint of api/private/cli?

Either way thanks! I tried a lot of other modifications but didn't try that so appreciate it

NetApp ONTAP run any CLI command using REST api/private/cli/ <-- the way I read that is it uses that API with a command you give it, i.e. volume

I agree. I read it that you needed to supply endpoint but that was obviously wrong. 🙂

Glad to be of help

@magic wave it works with multiple clusters, you just have to have your clusters in an inventory file

Anyone got a good way (using Rest) of selecting an aggregate for Volume create operations?
Like picking the aggregate with the most free space or whatever.

Hello,
i would like to create additional service-policys on ontap using ansible.
While trying this i found out that the ansible module na_ontap_service_policy does not support all services. I am missing the services data_dns_server and data_fpolicy_client. But there are some others, too.
This services are available in the Ontap-API so it was pretty easy to add them in our local module, but i would be glad if this services could be added generally in the module, so that we do not have to care about this while the next update of the collection.
Thanks.

Anyone got a good way using Rest of

Hello, can we get a -local-name option added to the netapp.ontap.na_ontap_cluster_peer module? It's implemented in the vserver_peer module, but not in cluster_peer

HI guys,
I'm currently trying to deploy a CVO in azure with the ansible module, and I get the following error:
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error acquiring token: HTTPSConnectionPool(host='netapp-cloud-account.auth0.com', port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)'))), None"}

We have a proxy in place and I assume this is the issue. Can I disable the certificate check in the module?

Let me add a story to add these DEVOPS-5611 (and check if we are missing others)

Hello can we get a local name option

Error enabling storage efficiency

Hi guys,
With the netapp.ontap.na_ontap_volume version 21.23.0 I've first to unmount a volume, before I can take it offline. How can I unmount and take a volume offline in one task? Or do I need to write a unmount task and then a offline task?
Thanks and regards
Andrej

Tried specifying junction_path: '' ?
I think the Rest API calls does the unmount-offline operation in the correct order if both parameters are in the same call

yes, I have used the following module arguments:
"module_args":
"hostname": "netapp_cluster_fqdn",
"username": "admin",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"https": true,
"validate_certs": false,
"vserver": "yyyyyyy",
"state": "present",
"name": "xxxxxxx",
"is_infinite": false,
"is_online": false,
"junction_path": ""
but still got the following error:
Error changing state of volume xxxxxxx: calling: storage/volumes/45b22207-56b6-11ed-8940-d039ea486147: got {'message': 'Volume "xxxxxxx" on SVM "yyyyyyy" must be unmounted before being taken offline or restricted. ', 'code': '524546'}.",
I got also the same error with the newest ontap collection (version 21.24.1)

Let me check the code, but you might have to do this in 2 plays.

First to with "junction_path": "" second with "is_online": false,

Yes so code wise we do is_online first, and then mount because that the order require to bring a volume online. (Of corse the order is reverse if you tying to take it offline and unmount)

# order matters here, if both is_online and mount in modify, must bring the volume online first. if 'is_online' in attributes: state, dummy = self.change_volume_state() is_online = state == 'online'
I"ll make a bug for this to handle this better for offline and unmounting.

For now you'll need to do it as 2 separate plays. First to unmount and second to offline

Hey Netapp ansible devs...I just got a warning that the "na_ontap_info" module is being deprecated at the end of 2022 (in favor of ontap_rest_info going forward). Im assuming this is an effort to move away from modules that use only Zapi? Does that mean that the "na_ontap_info" module will completely stop working at the end of the year or will it just not be updated going forward??

We are updating the message with the version coming out this week as it was a little confusing.

The modules will continue to work with Zapi past 2022, for version of ONTAP that support Zapi. The last version of ONTAP to support Zapi will be release this year (https://mysupport.netapp.com/info/communications/ECMLP2880232.html) If to upgrade to a version of ONTAP past the version list in this doc only REST will be supoport

ok sounds good - that makes sense. Thanks for the clarification.

The design decision to not include cluster-related LIFs, Volumes, Root Aggregats in the REST API now breaks my "Initial Setup" ansible workflow. 🤬

The design decision to not include

Thanks for the answer and opening a bug

Hi , i'm looking for a playbook to install from scratch a filer! it´s possible to install from scratch or do i need to run manually the wizard ?

Hi i m looking for a playbook to install

Hello

I'am using the following playbook to set quota on a qtree

• name: Create or update Quota for qtree {{ nas_quota_target }}
  na_ontap_quotas:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  volume: "{{ nas_quota_volume_name }}"
  quota_target: "{{ nas_quota_target }}"
  qtree: "{{ nas_quota_qtree_name }}"
  type: tree
  disk_limit: "{{ nas_quota_disk_limit_gb }}GB"
  set_quota_status: true
  activate_quota_on_change: reinitialize
  vserver: "vs_{{ target }}"
  state: present

If I omit the qtree field, it create a quota on "All qtrees" of the volume

If I keep the qtree field to create the quota on one qtree of the volume, it fails with following error:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error on creating quotas rule: calling: storage/quota/rules: got {'message': '"/vol/ansitest002sas_data2/data1" is an invalid value for field "qtree.name" (<qtree name>)', 'code': '2', 'target': 'qtree.name'}."}

The values used are :

nas_quota_volume_name : "ansitest002sas_data2"

nas_quota_qtree_name : "data1"

nas_quota_target : /vol/ansitest002sas_data2/data1

nas_quota_disk_limit_gb : "3GB"

The name of the qtree is set to "data1" and not '"/vol/ansitest002sas_data2/data1" as suggested by the error message.

quota_target should be data1. But there is something confusing in the interface. We should try to simplify.

Thx for the response

I confused quota_target with junction path, then.

When are "target" and "qtree_name" different?

when the target type is not qtree.

Oh, like a user?

CloudManager Ansible Collection 21.21.0 is now available on Ansible galaxy

https://galaxy.ansible.com/netapp/cloudmanager

ONTAP Ansible Collection 22.0.0 is now available on Ansible Galaxy

https://galaxy.ansible.com/netapp/ontap

hi everyone, netapp newbie here. i am looking to update (if needed) an ansible code so i can use it for creating cvo snapshots (azure). can someone please tell the prerequisites on how to make this work? the goal is to replace DR parent vserver and DR destination vservers with CVO.
this is the playbook for creating the production snapshots:

• assert:
  that:
  - production_cluster_ip is defined
  - snapshot_name is defined
  #- expiration_date is defined
  - production_vserver is defined
  - netapp_username is defined
  - netapp_password is defined

• name: Gather netapp volume information from {{ production_vserver }}
  netapp.ontap.na_ontap_info:
  hostname: "{{ production_cluster_ip }}"
  username: "{{ netapp_username }}"
  password: "{{ netapp_password }}"
  https: yes
  validate_certs: no
  gather_subset:
  - volume_info
  query:
  volume-attributes:
  volume-id-attributes:
  owning-vserver-name: "{{ production_vserver }}"
  desired_attributes:
  volume-attributes:
  volume-id-attributes:
  name:
  register: vol_info

• set_fact:
  volume_list: "{{ vol_info.ontap_info.volume_info | json_query('*.volume_id_attributes.name') | reject('search',reject_volume_filter) | list }}"

• name: List of all volumes in "{{ production_vserver }}"
  debug:
  var: volume_list

• name: Create snapshot of volumes in {{ production_vserver }}
  netapp.ontap.na_ontap_snapshot:
  hostname: "{{ production_cluster_ip }}"
  username: "{{ netapp_username }}"
  password: "{{ netapp_password }}"
  https: true
  validate_certs: false
  vserver: "{{ production_vserver }}"
  volume: "{{ item }}"
  snapshot: "{{ snapshot_name }}"
  snapmirror_label: daily
  #expiry_time: "{{ expiration_date }}"
  comment: "Snapshot created for DR Testing"
  state: present
  loop: "{{ volume_list }}"
  tags:

  • create_snapshot

• name: Update the snap mirror
  netapp.ontap.na_ontap_snapmirror:
  hostname: "{{ dr_cluster_ip }}"
  username: "{{ netapp_username }}"
  password: "{{ netapp_password }}"
  https: true
  validate_certs: false
  source_endpoint:
  path: "{{ production_vserver }}:"
  destination_endpoint:
  path: "{{ dr_parent_vserver }}:"
  state: present
  ignore_errors: true

na_ontap_cifs_local_group_member module (version 21.24.1) does not delete the group "Domain Admins" according to the documentation

- name: remove domain admin from local administrators group netapp.ontap.na_ontap_cifs_local_group_member: hostname: "{{ netapp_hostname }}" username: "{{ netapp_username }}" password: "{{ netapp_password }}" https: true validate_certs: "{{ validate_certs }}" state: absent group: BUILTIN\Administrators member: RENE_CIFS\Domain Admins vserver: "{{ vserver_name }}"

TASK [my-subrole : remove domain admin from local administrators group] *********************************************************************************************** ok: [localhost]

But the group is still here. Even if I put the member into ' ' or " ". BUG ?

`cluster::> cifs users-and-groups local-group show-members
Vserver Group Name Members

rene_cifs BUILTIN\Administrators RENE_CIFS\Administrator
RENE_CIFS\Domain Admins`

REST does not find the local group members. its working with use_rest: never

ansible documentation and examples should be updated accordingly

Hello Team, I am exploring Ansible for NetApp and was wondering if someone could help fixing below error:

TASK [Gather Hostname] *************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: netapp_lib.api.zapi.zapi.NaApiError: NetApp API failed. Reason - URL error:URLError(TimeoutError(110, 'Connection timed out'))
[WARNING]: The module only supports ZAPI and is deprecated, and will no longer work with newer versions of ONTAP when ONTAPI is deprecated in CY22-Q4
[WARNING]: netapp.ontap.na_ontap_rest_info should be used instead.
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error calling API system-get-ontapi-version: NetApp API failed. Reason - URL error:URLError(TimeoutError(110, 'Connection timed out'))"}

PLAY RECAP *************************************************************************************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

I think ONTAP hostname is not available.

Most likely some connectivity issue. I would suggest to start with na_ontap_debug: https://github.com/ansible-collections/netapp.ontap/wiki/Debugging

anyone know the storagegrid module to gather info about outstanding alerts? when i use sg_grid_info with all param , i only the following for alerts, not very descriptive for the alert that is present grid/health:
apiVersion: '3.4'
data:
alarms:
critical: 0
major: 0
minor: 0
notice: 0
alerts:
critical: 0
major: 0
minor: 1

can the module na_ontap_info be used to gather info about disk encryption similar to the output of the command below?

storage encryption disk show

im having trouble pulling/setting any disk encryption info or settings with the official modules

This gets me the fips and data key so theres that at least

  netapp.ontap.na_ontap_rest_info:
    fields:
      - key_id
    gather_subset: storage/disks

yes, i have used na_ontap_command in places where i couldnt find module solutions

yeah but the output of na_ontap_command is ugly at times and parsgin can be a pain in the butt

parsing*

i certainly cant argue with that

@jaunty girder added all known APIs as of 9.11.1 to na_ontap_rest_info, except for a few that require additional identifiers. If you see anything missing, do let us now. But this requires a version of ONTAP that supports REST, and some APIs may only be supported on more recent versions.

@short sundial what info are you trying to get that missing. You should be able to return any of the fields listed here. https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/storage/disk_collection_get (do note this is the 9.11.1 docs so some fields may not work with older version, they should list when they where added)

was trying to get the below info on a 9.9 NSE system but it was not returning those fields

key_id.data
key_id.fips

only worked with .na_ontap_rest_info

Are you using both na_ontap_info and na_ontap_rest_info?

Na_ontap_info is the old Zapi Apis based version
na_ontap_rest_info is the newer version based of REST API

As ONTAP is completing its transition from ZAPI to REST we recommend using na_ontap_rest_info. As the ONTAP team will be completely removing ZAPI from ONTAP after ONTAP 9.12.1

https://github.com/ansible-collections/netapp.ontap/wiki/Rest_Support

When I try to create iScsi with yaml, I receive the error: Error starting iscsi service Reason - 13013:Service, adapter, or operation already started

This issue was there before in na_ontap_iscsi module, but got fixed

I still get the issue today

just checked its fixed in netapp.ontap collection version 21.18.1

can I see the playbook, I can try against my vsims?

Tried this tasks against my vsims

• name: Delete iscsi service
  na_ontap_iscsi:
  vserver: "{{ svm }}"
  state: absent

  • name: create and enable iscsi service
    na_ontap_iscsi:
    vserver: "{{ svm }}"
    service_state: started

  • name: enable iscsi service idempotent check
    na_ontap_iscsi:
    vserver: "{{ svm }}"
    service_state: started
    TASK [Delete iscsi service] **********************************************
    changed: [localhost]

TASK [create and enable iscsi service] ****************************************************
changed: [localhost]

TASK [enable iscsi service idempotent check] *****************************************************
ok: [localhost]

its good

netapp.ontap.na_ontap_log_forward module does this module only take care of audit log or can we forward syslogs as well?

What channel should I ask a question about storage grid appliance API?

im using ansible but I dont feel like its really an ansible question per se

hey @short sundial I've seen a few StorageGRID questions get posted in the #╰・software channel. Maybe try there?

I will give that a shot, thanks

Hello all, New here, working to use ansible to manage our new NetApp array. Trying to use the na_ontap_quota_policy to create my quota polices. We have around 50 of them so i am using a loop and trying to pass in the name via variable (“{{ item.policy_name }}”. I am getting an error saying that “ a max of 5 quota polices are supported per Vserver” but when i go to quotas -> rules tab i can create more then 5 for the vserver. Thank you in advance for any help 😄

The error message a max of 5 quota policies are supported per Vserver is coming from the REST API. Note that this is about policies, not rules. You can surely have more than 5 rules.

Hmmmm okay, is there an ansible module to create rules then? I must just be missing it

na_ontap_quotas can be used to manage quota rules.

That’s what im currently using, Ive been on the documentation page for it and not having any luck, im just finding policy stuff

You have an example of a playbook to create a rule by chance?

There are two modules na_ontap_quotas and na_ontap_quota_policy:
https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_quotas_module.html#ansible-collections-netapp-ontap-na-ontap-quotas-module

Yep, that is where i have been, i see a lot of policy stuff on there not really rules thought

@stoic zephyr what are you trying to set in the rules? We support all the REST Required and recommend properties today.

There example in the link that Laurent included https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_quotas_module.html#examples

Trying to create new rules. On the GUI its Quotas -> then Rules tab

None of the playbooks i have got from the ansible docs have created them for me

did you tried this one, this for creating quota rules

• name: Add/Set quota
  na_ontap_quotas:
  state: present
  vserver: "{{ test_vserver }}"
  volume: "{{ test_volume }}"
  quota_target: "{{ qtree_path }}"
  type: tree
  file_limit: "2"
  disk_limit: "3"
  soft_file_limit: "2"
  soft_disk_limit: "2"
  set_quota_status: True

Anybody using ansible aws_s3 to copy files to StorageGrid? have you had any luck getting awx_s3: tags: to work?

code looks like this

• hosts: localhost
  connection: local

  tasks:

  • name: "Set timestamp of the backup"
    set_fact:
    now: "{{ ansible_date_time.date }}_{{ ansible_date_time.time }}"

  • name: transfer dump to S3 bucket
    aws_s3:
    bucket: "pgsql-infra"
    region: us-east-1
    src: "/home/j1008221/src/pgsql_backups/mytests3_s3test_{{ now }}.txt"
    object: "/pgsql_backups/mytests3_s3test_{{ now }}.txt"
    tags:
    isDelete: 1
    mode: put
    rgw: yes
    aws_access_key: "{{ mys3key }}"
    aws_secret_key: "{{ mys3secret }}"
    s3_url: "{{ mys3url }}"
    aws_ca_bundle: "{{ mycabundle }}"
    validate_certs: true

the playbook works and the tag is created but the job fails with the following error:

fatal: [localhost]: FAILED! => {"changed": false, "live_tags": {"isDelete": "1"}, "msg": "Object tags failed to apply in the expected time.", "requested_tags": {"isDelete": 1}}

hunting thru github I found something similar where S3 is just returning a value that the aws-s3 module is not expecting

any ideas?

I have tried that, it doesn’t create the policy rule unfortunately

Hej all, we are working on a clean-up playbook for an SVM-DR scenario and got the following "strange" error if we try to break the relationship: "Failed to start SVM \"SVM\" as the partner SVM is operationally up.“ 😳
We use the actual/new parameters as documented and wondering that the "new" module try to start the destination SVM..

Here our code:
- name: Break SnapMirror netapp.ontap.na_ontap_snapmirror: hostname: "{{ netapp_cluster_snapmirror }}" username: "{{ netapp_username }}" password: "{{ netapp_password }}" https: yes validate_certs: no state: absent relationship_state: broken destination_endpoint: cluster: "{{ netapp_cluster_peer_destination }}" path: "{{ vserver_name }}:" source_endpoint: cluster: "{{ netapp_cluster_peer_source }}" path: "{{ vserver_peering_source }}:" ignore_errors: yes

do we forgot something or misread the documentation ?
Thx for help

I have a question about REST support for creating SVMs and setting options:["Falling back to ZAPI because of unsupported option(s) or option value(s) in REST: ['root_volume', 'root_volume_aggregate', 'root_volume_security_style']"] Not seeing them in 9.11, Are these in 9.12?

Hej all we are working on a clean up

Hello, did you deprecate the docker image update for schmots1/netapp-ansible? I was relying on it because it was mentioned in the official NetApp documentation but currently it is 6 month old and my plays not running anymore. Appeciate your help.

Hello did you deprecate the docker image

Whenever I try to create a Snapmirror policy of type "async_mirror", it gets created as type "mirror-vault".
Am I doing something wrong or is this a known issue or something?

Also, I can't seem to figure out how to add a "copy_all_source_snapshots" rule to the policy, seems like this is a missing parameter in the netapp.ontap module

anyone know how to collect total storage used and total free space on storagegrid through restapi please?

Hello,

I have the below playbook:

• name: REST Get DNS TTL with restit
  netapp.ontap.na_ontap_restit:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  api: "/name-services/cache/host/settings"
  method: GET
  register: dns_setup

It runs without any issue on a Netapp storage with Ontap 9.11.1P1.

It fails on a Netapp storage with Ontap 9.10.1P6

Ansible collections used are 21.24.1

When it fails, the messages are :

TASK [ds-role-nas_CRUD : REST Get DNS TTL with restit] **************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "error_code": "3", "error_message": "API not found", "msg": "Error when calling '/name-services/cache/host/settings': check error_message and error_code for details.", "response": null, "status_code": 404}

When it runs fine, the messages are:

TASK [ds-role-nas_CRUD : REST Get DNS TTL with restit] **************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ds-role-nas_CRUD : REST Display dns_setup] ********************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": [
{
"changed": true,
"failed": false,
"response": {
"num_records": 4,
"records": [
{
"svm": {
"name": "",
"uuid": "4b3a511f-926e-11e8-8bac-d039ea02e536"
}
},
{
"svm": {
"name": "",
"uuid": "d8ab66fa-e39b-11e9-89b2-d039ea02e536"
}
},
{
"svm": {
"name": "*************************",
"uuid": "e1a22099-caf5-11ec-94a0-d039ea02e536"
}
},
{
"svm": {
"name": "**************************",
"uuid": "eff64cee-659b-11ed-9676-d039ea02e536"
}
}
]
},
"status_code": 200
}
]
}

On the storage for which the error is raised, I have about 150 SVM.

So it should show some entries

Is the issue caused by the difference of Netapp ontap version ?

Yes, if you check the swagger page it says the API first appeared in version 9.11.
https://docs.netapp.com/us-en/ontap-automation/reference/api_reference.html#access-the-ontap-api-documentation-page

Thx Matalve

This clarifies the point.

I have another issue with the below playbook :

• name: Create interface
  na_ontap_interface:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  state: present
  interface_name: "lif_{{ machine }}_prod1"
  home_port: a0a-{{ hostvars[machine].vlan }}
  home_node: "{{ nas_node if nas_node is defined else node_free_max_size_name }}"
  role: data
  protocols:
  - nfs
  - cifs
  admin_status: up
  is_auto_revert: true
  address: "{{ hostvars[machine].ip }}"
  netmask: "{{ hostvars[machine].netmask }}"
  vserver: "vs{{ machine }}"
  https: true
  validate_certs: false

It used to run for about 1 year without issue.

It is executed (with collection 21.24.1 and Ontap 9.10.1P6).

But, the cifs data service is not assigned to the interface.

There is no error message.

In the GUI, I have the following error documented in the KB https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Unable_to_create_LIF_allowing_SMB_as_protocol

The same playbook runs without error and with correct configuration on collection 21.24.1 and Ontap 9.11.1P1.

I have not changed this playbook for a year.

Only the ONTAP was upgraded from 9.6 to 9.10.1P6 on the storage which "triggers" the faulty configuration.

It seems to be agnostic of the ZAPI or REST interface.

So I suppose, it tries in REST first and falls back to ZAPI

What I do not understand is why it was running fine with 9.6 and silently partially fails now with 9.10.1 (NFS is ok, but CIFS server is failed)

I suspect Ansible module tries to use REST observing that ONTAP is version 9.10.1 P6, and for some reason it partially does the job.

While before, it was using ZAPI considening that ONTAP was version 9.6 and was doing completely the job.

It seems to be a regression when using Ontap 9.10.1 with the above playbook which does only partially the actions for CIFS.

Before 9.10.1P6 (and collection 21.24.1), it was running fine.

I checked the Network parameters by mounting a NFS export, which was running fine.

But CIFS cannot be started.

It seems this is an issue with REST API in ONTAP 9.10.1P6. Based on your description, it works with 9.6 because we are falling back to ZAPI. And it works with REST with 9.11P1. This makes think it is an ONTAP issue, and a work-around would be to force ZAPI when using 9.10.1P6 with use_rest: never

Also, when using REST, role and protocols are not directly supported. We kept them to preserve backward capability, and try to derive a service policy. So a better option would be to remove these two parameters and set the interface_type and service_policy.

This is actually what the linked KB article points to, an issue with the service policy. So updating the service policy (or creating a new one), and using it explicitly in the playbook would be the best solution.

Thx a lot for all these feedback

Just did a quick test with use_rest: never

It works

🙂

What is a service_policy ?

Is "default-data-files" one defined by default to serve CIFS or NFS data?

I have also the below playbook which does not update NIS configutration anymore when used against ONTAP 9.10.1.P6

• name: ZAPI set NIS servers
  na_ontap_command:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  command: ['vserver', 'services', 'name-service', 'nis-domain',
  'create', '-vserver', 'vs_{{ target }}',
  '-domain', '{{ nas_nis_domain }}',
  '-active true -nis-servers', '{{ nas_infra_servers[site].nis }}']
  return_dict: true

  register: vserver_nis_info
  

I have an other playbook which does the same action using REST, but this means I would need to jungle between REST and ZAPI depending on the action done by each playbook

In fact, this requires fetching the ONTAP version and depending on the version, either use REST or ZAPI