Can you add secondary servers using the na_ontap_security_key_manager module? | NetApp | Page 1

#Can you add secondary servers using the na_ontap_security_key_manager module?

1 messages · Page 1 of 1 (latest)

rain girder Jun 5, 2025, 1:52 PM

In newer versions of OnTap (I believe 9.12+), you are able to have a primary external key manager server, and multiple secondary servers. Is there a way to configure this using the na_ontap_security_key_manager module? If you list multiple servers, it tries to set them all up as primaries, which we don't want. I don't see anything in the Ansible documentation, but I was hoping there was some secret way to do it that I'm missing.

rain girder Jun 5, 2025, 8:06 PM

Assuming that we will not be able to configure secondary servers using na_ontap_security_key_manager, could someone please clue me in on how to do it using na_ontap_restit (or, if restcli if restit is not possible)? I just cannot seem to get the correct syntax to get it to work. The CLI command would be:

security key-manager external modify-server -key-server 1.1.1.10:5696 -secondary-key-servers 1.1.1.11,1.1.1.12,1.1.1.13

I've tried various iterations of this code below, but can't get anything to work correctly. What am I missing?

    netapp.ontap.na_ontap_restit:
      <<: *input
      api: security/key-managers
      query:
        uuid: "{{ key_manager_uuid }}"
      body:
        secondary_key_servers: 
          - "{{ secondary_kmip_servers }}"
      method: PATCH```