#Ansible modules connecting directly to vserver (svm) - 403:forbidden

1 messages · Page 1 of 1 (latest)

wary jetty
#

Hi, we recently bought a new Netapp environment and we are trying to automate creating CIFS shares, permissions and quota's. I have a problem using the Ansible modules and authenticating directly the vserver, this gives me 403:forbidden errors. When I copy that exact call and use Postman I'm able to get a result (with the same credentials & auth method).
The permissions I have right now:

  • Only read permissions on the cluster level
  • vsadmin on the vservers

What I tried:

Scenario 1:

  • Connect to cluster address and define vserver name & cifs share name

Error output:

msg: 'Error on modifying cifs shares: calling: protocols/cifs/shares/0d948182-d61f-11ee-95ce-d039eab1f4d0/SJEN: got {''message'': ''not authorized for that command'', ''code'': ''6''}.'

Code:

trying to set the comment to test
- name: Set CIFS share
netapp.ontap.na_ontap_cifs:
name: "SJEN"
comment: "test"
vserver: "{{ vserver_name }}"
hostname: "{{ cluster_fqdn }}"
username: "{{ ontap_user }}"
password: "{{ ontap_password }}"
validate_certs: false
register: na_info

Scenario 2:

  • Connect to the vserver directly and define vserver name & cifs share

Error output:

403: HTTP error: 403 Client Error: Forbidden for url: https://10.4.20.13/api/cluster?fields=version
403: 403 Client Error: Forbidden for url: https://10.4.20.13/api/cluster?fields=version
netapp_lib.api.zapi.zapi.NaApiError: NetApp API failed. Reason - 403:Forbidden

Code:

- name: Set CIFS share
  netapp.ontap.na_ontap_cifs:
    name: "SJEN"
    comment: "test"
    vserver: "{{ vserver_name }}"
    hostname: "{{ svm_ip }}"
    username: "{{ ontap_user }}"
    password: "{{ ontap_password }}"
    validate_certs: false
  register: na_info

When I do a GET to https://10.4.20.13/api/cluster?fields=version it just works in Postman

Any idea if I'm missing some permissions?

inner forum
#

For Scenario 1 you'll want to look at the roles, rest-roles you have set up

THe module was able to run

#
  • get api/cluster
  • get protocols/cifs/shares

But got that error when i tryed to run

  • patch protocols/cifs/shares/<UUID>
wary jetty
#

Thanks Chris, will have a look at the rest-roles and if this is set up.

wary jetty
#

Hi, it seems this module is not supported anymore and will be deprecated with future updates. After using verbosity I finally found that you have to use netapp.ontap.na_ontap_rest_info to get the information. Strange that this is not documented well on the Ansible website nor Galaxy