search

ansible-collections / netapp.ontap

Ansible collection to support NetApp ONTAP configuration.
https://galaxy.ansible.com/netapp/ontap
GNU General Public License v3.0
51 stars 34 forks source link

Add cluster webserver certificate handling #183

Closed mamoep closed 5 months ago

mamoep commented 8 months ago

Summary

There is currently no native support to change the active cluster webserver certificate. It is possible with the na_ontap_restit module but the certificate uuid is needed. The module na_ontap_security_certificates doesn't return the uuid on install.

Component Name

na_ontap_cluster

Additional Information

My current workaround:

- name: Get certificate uuid
  netapp.ontap.na_ontap_restit:
    <<: *login
    api: security/certificates
    method: GET
    query:
      fields: common_name,type,uuid,expiry_time,serial_number
      type: server
      common_name: "{{ cluster }}"
      serial_number: "{{ '%04X' % cert_details.serial_number }}" # ontap stores certificate serial in hex
  register: cert_info

- name: Change web server configuration to use new certificate
  netapp.ontap.na_ontap_restit:
    <<: *login
    api: cluster
    method: PATCH
    body:
      certificate:
        uuid: "{{ cert_info.response.records[0].uuid }}"
carchi8py commented 7 months ago

We have issue DEVOPS-6525 open for this

mamoep commented 5 months ago

Feature was added in 22.9.0 Thank you!