lusty iris
im trying to run ansible commands on a ontap system i need to use the netapp.ontap.na_ontap_command this gets me :Insufficient privileges: user 'ansible' does not have read access to this resource\n", "module_stdout":
running same over ssh works fine -
haughty gyro
What permissions does the ansibleflocks user have in ONTAP?
lethal rain
That's your error right there: user 'ansibleflocks' does not have read access to this resource
so check API permissions (docs: https://docs.netapp.com/us-en/ontap-automation/rest/rbac_overview.html)
you can try with an admin user, if it still doesn't work then the error might be somewhere else (sometimes API error messages are misleading)
lusty iris
Thanks - here are the permissions, it works fine through ssh - i have given limited access for a vserver user
netapp::*> security login show -vserver vserverx
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
ansibleflocks http password file-locks no none
ansibleflocks ontapi password file-locks no none
ansibleflocks ssh password file-locks no none
netapp:*> security login role show -vserver vserverx -role file-locks
Role Command/ Access
Vserver Name Directory Query Level
vserverx
file-locks DEFAULT none
set all
version all
vserver cifs session all
vserver cifs session close all
vserver locks all
vserver locks break all
7 entries were displayed
above I'm just trying to run the version command.
The actual end result that i wanted was to be able to make a ansible
job that terminates all cifs session on a specific vserver for a custom domain user.
This can be done easily via ssh with the same user
ssh -q -i file-locks.pub ansibleflocks@vserverip " vserver cifs session close -windows-user DOMAN\{user}"
lusty iris
so i found out that it only works on a cluster user .. not vserver user, and i can run successfully as admin, - however i would like to run as a restricted user and there seems to be a mismatch, between the permissions via ssh , i still get the same permission error while trying fx to run the version command