ansible playbook to delete the expired certificates | NetApp | Page 1

half kiln May 5, 2025, 11:14 AM

#

Can anybody help with a ansible playbook to delete the expired certificates?

wise valley May 5, 2025, 11:40 AM

#

`- hosts: all_clusters
collections:
- netapp.ontap
become: false
connection: local
name: ONTAP remove expired certificates
module_defaults:
group/netapp.ontap.netapp_ontap:
hostname: "{{ inventory_hostname }}"
username: "{{ username }}"
password: "{{ password }}"
https: true
validate_certs: true
vars:
username: "{{ lookup('env', 'ANSIBLE_NET_USERNAME') }}"
password: "{{ lookup('env', 'ANSIBLE_NET_PASSWORD') }}"
tasks:

name: Get Certificate info
netapp.ontap.na_ontap_rest_info:
gather_subset:
- security/certificates
fields:
- ca
- common_name
- expiry_time
- name
- serial_number
- type
- uuid
use_python_keys: true
parameters:
scope: cluster
type: "server|server-ca|client-ca"
register: certs
name: Delete expired certificates from ONTAP
netapp.ontap.na_ontap_security_certificates:
state: absent
type: "{{ item.type }}"
name: "{{ item.name }}"
loop: "{{ certs.ontap_info.security_certificates.records }}"
loop_control:
label: "NAME: {{ item.name }} EXPIRY: {{ item.expiry_time }}"
when: item.expiry_time < ansible_date_time.iso8601`

#

This will look for all server, server-ca and client-ca certificates on the cluster level.

half kiln May 5, 2025, 11:56 AM

#

thanks a lot @wise valley

half kiln May 6, 2025, 7:01 AM

#

i am getting this error

wise valley May 6, 2025, 7:20 AM

#

Please ensure you use a recent version of the netapp.ontap ansible collection. Support for this was added in v21.19

#

https://github.com/ansible-collections/netapp.ontap/blob/main/CHANGELOG.rst#v21-19-0

half kiln May 7, 2025, 8:16 AM

#

had to to 1 simple change -> loop: "{{ certs.ontap_info['security/certificates'].records }}"

wise valley May 7, 2025, 8:49 AM

#

That's what use_python_keys: true was for

#ansible playbook to delete the expired certificates