Closed fdalrymple-hp closed 1 year ago
The issue is because of
svm: "{{ cluster_name }}"
For a cluster scoped certificate, we are expecting svm:
to be absent or to be set to null as
svm:
I'm a little surprised ONTAP did not report an error the first time and correctly installed the certificate. On my system, with a more recent version of ONTAP, the first run fails with
"Error creating or installing certificate: {'message': 'invalid operation', 'code': '3'}"
But even if ONTAP installs it successfully, it fails to query the certificate when using the cluster vserver name, hence what appears as an idempotency issue.
Anyway, we should detect that svm is set to the cluster name, and either ignore it or report a better error.
Remove svm:
or set it to null
Detect a cluster name in svm
That was it. Simply deleting that line my problem immediately went away and it recognized the prior installed certificates. Thank you.
Summary
Module works to initially install server_ca and server certificates. When running again I get an error indicating the certificate is a duplicate.
Component Name
na_ontap_security_certificates
Ansible Version
ONTAP Collection Version
ONTAP Version
Playbook
Steps to Reproduce
Fill out the below playbook with valid cert data and run against NetApp filer. First run will install the certificate as expected. Second run will error on the task.
Expected Results
I expect idempotency, the task should identify that the certificate is already installed with the static CN, name and PEM payload, and I should get an "OK" result at the end of the playbook.
Actual Results