#Should I use rest cli to set the oplock

Yes. Im just looking through at the transition guide.
And you'll need to to use rest_cli to set it.

I see oplocks under /protocols/cifs/shares I wonder if that would be one way to do it. Or whether it's unrelated.

Thx for your responses

I'll try with restit through /protocols/cifs/shares and fallback to rest_cli

I'am observing an other strange behaviour.

The use case is :

I create a volume and a qtree.

Then I create a share. All using potentially ZAPI (former automation).

It goes fine

Then I update the playbook to create a qtree with netapp.ontap.na_ontap_restit.

The qtree is created with a given path

Then I try to create a share. But the playbook tells me the qtree path does not exist.

It exists because I copied it and searched for it in the UI which has highlighted it.

So the share create (REST compliant) does not see the qtree path.

• name: Create share with dict
  netapp.ontap.na_ontap_cifs:
  state: present
  comment: "Ansible managed"
  share_name: "{{ nas_share.name }}"
  path: "{{ nas_share.nas_path }}"
  vserver: "vs_{{ target }}"
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false

TASK [ds-role-nas_CRUD : Create share with dict] ********************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error on creating cifs shares: calling: protocols/cifs/shares: got {'message': 'The specified path "/vol/ansitest002sas_volR423/CXRR423rel" does not exist in the namespace belonging to SVM "vs_ansitest002sas".', 'code': '655551', 'target': 'path'}."}

The path /vol/ansitest002sas_volR423/CXRR423rel is visible (copy/search in Netapp GUI highlights it)

The above playbook fails when I create the qtree with :

• name: REST Create qtree
  netapp.ontap.na_ontap_restit:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  api: '/storage/qtrees'
  method: POST
  body:
  svm.name: "vs_{{ target }}"
  volume.name: "{{ nas_qtree_volume_name }}"
  name: "{{ nas_qtree_name }} "
  export_policy.name: "{{ nas_qtree_export_name | default(omit) }}"
  security_style: "{{ nas_qtree_security_style }}"
  unix_permissions: "{{ '755' if nas_qtree_security_style == 'unix' else omit }}"

The playbook is successfull when I create the same qtree with :

• name: ZAPI Create Qtree
  na_ontap_qtree:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  state: present
  name: "{{ nas_qtree_name }}"
  flexvol_name: "{{ nas_qtree_volume_name }}"
  export_policy: "{{ nas_qtree_export_name | default(omit) }}"
  security_style: "{{ nas_qtree_security_style }}"
  #Not REST compliant
  oplocks: "{{ nas_qtree_oplock | default('disabled') }}"
  unix_permissions: "{{ '755' if nas_qtree_security_style == 'unix' else omit }}"
  vserver: "vs_{{ target }}"

My conclusion (external view) is that creating the qtree with REST makes its path not visible when I try to create a share on this same qtree.

In the GUI, the path is visible whether the qtree is created with ZAPI or REST

This specific is being returned by ONTAP (the part in the message:)

I wonder if the rest_info module can see it.

why are you not using na_ontap_qtree to create the qtree with REST?

I've used na_ontap_qtree with ZAPI for 8 months

And now I've converting automation from ZAPI to REST

na_ontap_qtree emits a WARNING stating that oplock is not supported

So I tried with na_ontap_restit

But it's not any better

How can I set the oplock with REST ?

2 options:

1. use na_ontap_qtree and omit the oplocks option - using REST
   2a: set the oplocks option when creating the share.
   2b: if this is not enough, use rest_cli only to set the oplocks option, then create the share

We know the ONTAP team put a lot of consideration into what to support and what to drop, in an effort to simplify ONTAP configuration. So if an option is not supported, we can assume it's not really needed. This is why I wonder if 2a is good enough.

If the assumption is wrong, you can document your use case. REST CLI is a workaround to fill in the gaps.

2b is the closest to what I implemented so far.

But I should probably set the oplock with the share in fact

So 2a is probably better

Thx a lot

I'am facing an other warning with allow_suid on exports.

When I update rules, it says that this option requires ZAPI.

This exemple extracted from the documentation is not Netapp REST compliant

• name: Create ExportPolicyRule
  netapp.ontap.na_ontap_export_policy_rule:
  state: present
  name: default123
  rule_index: 100
  vserver: ci_dev
  client_match: 0.0.0.0/0,1.1.1.0/24
  ro_rule: krb5,krb5i
  rw_rule: any
  protocol: nfs,nfs3
  super_user_security: any
  anonymous_user_id: 65534
  allow_suid: true
  ntfs_unix_security: ignore
  hostname: "{{ netapp_hostname }}"
  username: "{{ netapp_username }}"
  password: "{{ netapp_password }}"

Because it set allow_suid

The message exposed is :

[WARNING]: Falling back to ZAPI because of unsupported option(s) or option value(s) in REST: ['allow_suid']

I belleve it lacks some compatibily with the REST interface

This cannot be overlooked

Or at least not as long as you plan to remove ZAPI

Regarding yesterday's question about oplock setting on qtree, I've succesfully ended with rest_cli:

• name: Adjust oplock on qtree
  netapp.ontap.na_ontap_rest_cli:
  hostname: "{{ nas_hostname }}"
  username: "{{ nas_username }}"
  password: "{{ nas_password }}"
  https: true
  validate_certs: false
  command: 'volume/qtree/oplock'
  verb: 'POST'
  body: { 'oplock-mode': 'enable', 'vserver': 'vs_{{ target }}', 'volume': "{{ nas_qtree_volume_name }}", 'qtree': "{{ nas_qtree_name }}" }

This works

IMHO, you should remove completely restit and rest_cli by plugging all the internal stuff which lies behing to rest_info.

Otherwise, this makes the API and collection diffcult to use.

restit, and rest_cli exist because we do not support every parameter from each REST endpoint. We only support the most common/popular options. We also do not support every single rest POST/PATCH.

The rest_cli module exist also because not every ZAPI option exist in REST. If you feel an option is missing from the REST Api that needed, that more of a question for the #┊・ontap-api team. As they have more control over what option are carried over from ZAPI to REST and which one the ONTAP team has decided should not be carried over.

Thx for your response.

This brings a lot of confusion to have rest_info, restit, rest_cli.

It means that each interface has to be tried to find the correct one

Hiding parameters, should be done through ONTAP versions

Hopefully, I've finished the migration to REST

But I probably need an ONTAP upgrade now

I don't have a clear view of whether the rest_XXX module will fail or not based on ONTAP version

And then, we have the RW module which add some more complexity because you need to test with the native module and fallback to restid and rest_cli

Currently, I have to keep both ZAPI and REST automation

Until the NAS are upgraded

Anyway, I'am out of the wood

🙂

There are some more notices such as the fact that some options are available with CLI and not with the REST API

That seems akward

Why having some choice in CLI and not in REST API

With this design, it would mean you would have 3 different CLI as well

each has a different purpose

⦁ na_ontap_rest_info -- Is for getting info from ONTAP. It support all GET from 9.6 to 9.11.1. This returns data in a format that can registered in an Ansible playbook
⦁ na_ontap_restit -- Allow you to run any GET/POST/PATCH/DELETE of any REST end Point -- this should really only be used if a existing module dosn't support a REST option. (If A REST option is missing and you can requested it here https://github.com/ansible-collections/netapp.ontap/issues/new/choose and we can review it and add it to the correct module)
⦁ na_ontap_rest_cli -- Allow you to use the private CLI passthrough with the REST API which allows you to use CLI command to REST. And is documented in the REST API under Using the private CLI passthrough with the ONTAP REST API section https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html

While they do overlap, they are very different in what they are used for.

Hum, I would say that I don't buy this. Other storage vendors do it with a single API and a CLI on top of this single API.

I requested some fields to be added with :

https://forms.office.com/Pages/ResponsePage.aspx?id=oBEJS5uSFUeUS8A3RRZbOtlEKM3rNwBHjLH8dubcgOVURVM2UzIzTkQzSzdTU0pQRVFFRENZWlAxNi4u

Netapp goal it to move to a single API. Right now we have 2. ZAPI (the old one). And REST ( The new one). The goal with REST is to simplify the options

Yes

Again anything with adding fields to REST should go to the #┊・ontap-api they control that, not the ansible team.

Yes, sure.

Thx again for you help. Without this channel, I would be stuck

That's handy info and should almost be a pinned post

Is there a way to pin it to the main channel: If i pin it from here it will only get pinned to the thread

I thought you could. I can pin to main channel in places where I'm admin

Ya i can only pin to the thread.

That didn't pin it to the main channel though

Huh. Bummer. I feel like you all have to answer this a lot. Heck I ask it a lot.

I wonder if you pasted it out of thread and then could pin it to channel or if it's something about this discord setup?

I think one of the issue is Redhat limits us on what we can put in the title for the documentation page https://docs.ansible.com/ansible/devel/collections/netapp/ontap/index.html#plugins-in-netapp-ontap

So we have very short description that meet their requirements, but all sound very similar
na_ontap_rest_cli module – NetApp ONTAP run any CLI command using REST api/private/cli/

na_ontap_rest_info module – NetApp ONTAP information gatherer using REST APIs

na_ontap_restit module – NetApp ONTAP Run any REST API on ONTAP

But we can add this to a wiki page