search

ansible-collections / netapp.ontap

Ansible collection to support NetApp ONTAP configuration.
https://galaxy.ansible.com/netapp/ontap
GNU General Public License v3.0
50 stars 35 forks source link

na_ontap_dns cluster vs. vserver usage #211

Open Sneedes opened 4 weeks ago

Sneedes commented 4 weeks ago

Summary

Attempting to configure the DNS servers for an ONTAP Cluster via the na_ontap_dns module. The documentation states: With REST, for cluster scoped DNS, omit this option or set it to NULL.

However, it appears that when I omit the parameter, I encounter the following error: Error getting DNS service: could not retrieve UUID of the DNS object

Unsure if this is a documentation error, usage/interpretation issue on my behalf, of the na_ontap_dns module not behaving as desired for REST/Cluster scope.

Component Name

netapp.ontap.na_ontap_dns

Ansible Version

$ ansible --version
ansible [core 2.15.12]
  config file = None
...snip...
  python version = 3.9.18 (main, Jan 24 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] 
  jinja version = 3.1.4
  libyaml = True

ONTAP Collection Version

$ ansible-galaxy collection list
Collection            Version
--------------------- -------
cyberark.pas          1.0.27 
netapp.ontap          22.11.0
servicenow.servicenow 1.0.6

ONTAP Version

lab-fas03::> version
NetApp Release 9.12.1: Tue Jan 31 19:19:43 UTC 2023

Playbook

- name: Configure DNS for the cluster
      netapp.ontap.na_ontap_dns:
        state: present
        hostname: "{{ netapp_hostname }}"
        username: "{{ netapp_username }}"
        password: "{{ netapp_password }}"
        domains: "{{ domains }}"
        nameservers: "{{ dns1 }}"
        use_rest: always
        validate_certs: false
        vserver: "{{ cluster_name }}"

### Steps to Reproduce

- name: Configure DNS for the cluster
  netapp.ontap.na_ontap_dns:
    state: present
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"
    domains: "{{ domains }}"
    nameservers: "{{ dns1 }}"
    use_rest: always
    validate_certs: false

Run while omitting the vserver parameter, and using rest.  

### Expected Results

I expected with REST, for cluster scoped DNS, I wouldn't have to provide the `vserver` parameter.  

### Actual Results

```console
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "cert_filepath": null,
            "domains": [
                "my.domain.com"
            ],
            "feature_flags": null,
            "force_ontap_version": null,
            "hostname": "123.123.123.123",
            "http_port": null,
            "https": false,
            "key_filepath": null,
            "nameservers": [
                "8.8.8.8"
            ],
            "ontapi": null,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "skip_validation": null,
            "state": "present",
            "use_rest": "always",
            "username": "admin",
            "validate_certs": false,
            "vserver": null
        }
    },
    "msg": "Error getting DNS service: could not retrieve UUID of the DNS object"
}
ghost commented 3 weeks ago

@Sneedes I just ran some tests and the DNS module for setting cluster scoped configuration is working fine with and without passing vserver parameter. From the error, it looks like the issue is with UUID of the DNS object. Could you enable the REST API tracing and share ontap_apis.log content that shows the calls being sent to REST and the responses/errors received?

Sneedes commented 3 weeks ago

Here's the contents of the ontap_apis.log, with an attempt at scrubbing some IPv4 address information from the log.

$ cat /tmp/ontap_apis.log 2024-07-02 15:10:45,580 DEBUG sending: {'method': 'GET', 'url': 'https://xxx.xxx.xxx.xxx/api/cluster', 'verify': False, 'params': {'fields': ['version']}, 'timeout': 60, 'json': None, 'headers': {'X-Dot-Client-App': 'netapp.ontap.na_ontap_dns/22.11.0'}, 'auth_args': 'redacted'} 2024-07-02 15:10:45,584 DEBUG Starting new HTTPS connection (1): xxx.xxx.xxx.xxx:443 2024-07-02 15:10:45,735 DEBUG https://xxx.xxx.xxx.xxx:443 "GET /api/cluster?fields=version HTTP/11" 200 166 2024-07-02 15:10:45,736 DEBUG 200: b'{\n "version": {\n "full": "NetApp Release 9.12.1: Tue Jan 31 19:19:43 UTC 2023",\n "generation": 9,\n "major": 12,\n "minor": 1\n },\n "_links": {\n "self": {\n "href": "/api/cluster"\n }\n }\n}' 2024-07-02 15:10:45,737 DEBUG sending: {'method': 'GET', 'url': 'https://xxx.xxx.xxx.xxx/api/name-services/dns', 'verify': False, 'params': {'fields': 'domains,servers,svm', 'scope': 'cluster'}, 'timeout': 60, 'json': None, 'headers': {'X-Dot-Client-App': 'netapp.ontap.na_ontap_dns/22.11.0'}, 'auth_args': 'redacted'} 2024-07-02 15:10:45,739 DEBUG Starting new HTTPS connection (1): xxx.xxx.xxx.xxx:443 2024-07-02 15:10:45,910 DEBUG https://xxx.xxx.xxx.xxx:443 "GET /api/name-services/dns?fields=domains%2Cservers%2Csvm&scope=cluster HTTP/11" 200 308 2024-07-02 15:10:45,911 DEBUG 200: b'{\n "records": [\n {\n "svm": {\n "uuid": "e704e832-356b-11ef-aaa4-005056afb6d9",\n "name": "lab-fas03",\n "_links": {\n "self": {\n "href": "/api/svm/svms/e704e832-356b-11ef-aaa4-005056afb6d9"\n }\n }\n },\n "domains": [\n "dcops.ibechtel.com",\n "ibechtel.com",\n "amers.ibechtel.com",\n "becpsn.com"\n ],\n "servers": [\n "one.dns.ipv4.addr",\n "two.dns.ipv4.addr"\n ],\n "scope": "cluster",\n "_links": {\n "self": {\n "href": "/api/name-services/dns/e704e832-356b-11ef-aaa4-005056afb6d9"\n }\n }\n }\n ],\n "num_records": 1,\n "_links": {\n "self": {\n "href": "/api/name-services/dns?fields=domains%2Cservers%2Csvm&scope=cluster"\n }\n }\n}' 2024-07-02 15:10:50,915 DEBUG sending: {'method': 'GET', 'url': 'https://xxx.xxx.xxx.xxx/api/cluster', 'verify': False, 'params': {'fields': ['version']}, 'timeout': 60, 'json': None, 'headers': {'X-Dot-Client-App': 'netapp.ontap.na_ontap_dns/22.11.0'}, 'auth_args': 'redacted'} 2024-07-02 15:10:50,918 DEBUG Starting new HTTPS connection (1): xxx.xxx.xxx.xxx:443 2024-07-02 15:10:51,036 DEBUG https://xxx.xxx.xxx.xxx:443 "GET /api/cluster?fields=version HTTP/11" 200 166 2024-07-02 15:10:51,037 DEBUG 200: b'{\n "version": {\n "full": "NetApp Release 9.12.1: Tue Jan 31 19:19:43 UTC 2023",\n "generation": 9,\n "major": 12,\n "minor": 1\n },\n "_links": {\n "self": {\n "href": "/api/cluster"\n }\n }\n}' 2024-07-02 15:10:51,038 DEBUG sending: {'method': 'GET', 'url': 'https://xxx.xxx.xxx.xxx/api/name-services/dns', 'verify': False, 'params': {'fields': 'domains,servers,svm', 'scope': 'cluster'}, 'timeout': 60, 'json': None, 'headers': {'X-Dot-Client-App': 'netapp.ontap.na_ontap_dns/22.11.0'}, 'auth_args': 'redacted'} 2024-07-02 15:10:51,041 DEBUG Starting new HTTPS connection (1): xxx.xxx.xxx.xxx:443 2024-07-02 15:10:51,153 DEBUG https://xxx.xxx.xxx.xxx:443 "GET /api/name-services/dns?fields=domains%2Cservers%2Csvm&scope=cluster HTTP/11" 200 308 2024-07-02 15:10:51,153 DEBUG 200: b'{\n "records": [\n {\n "svm": {\n "uuid": "e704e832-356b-11ef-aaa4-005056afb6d9",\n "name": "lab-fas03",\n "_links": {\n "self": {\n "href": "/api/svm/svms/e704e832-356b-11ef-aaa4-005056afb6d9"\n }\n }\n },\n "domains": [\n "dcops.ibechtel.com",\n "ibechtel.com",\n "amers.ibechtel.com",\n "becpsn.com"\n ],\n "servers": [\n "one.dns.ipv4.addr",\n "two.dns.ipv4.addr"\n ],\n "scope": "cluster",\n "_links": {\n "self": {\n "href": "/api/name-services/dns/e704e832-356b-11ef-aaa4-005056afb6d9"\n }\n }\n }\n ],\n "num_records": 1,\n "_links": {\n "self": {\n "href": "/api/name-services/dns?fields=domains%2Cservers%2Csvm&scope=cluster"\n }\n }\n}'

Here's a screenshot from a web browser to the same API call: image

ghost commented 3 weeks ago

@Sneedes In the GET response, uuid is missing (records[0].uuid) that caused the module to throw the warning "Error getting DNS service: could not retrieve UUID of the DNS object". Let me check and revert back.

ghost commented 3 weeks ago

@Sneedes The mentioned error is not reproducible in house. Could you please delete the current config, create a fresh DNS config again omitting the vserver parameter, with the REST API tracing enabled?

Sneedes commented 1 week ago

ONTAP information...2 node vSIM ONTAP 9.12.1 cluster. No DNS configured.

lab-fas04::> version
NetApp Release 9.12.1: Tue Jan 31 19:19:43 UTC 2023

lab-fas04::> system node show -fields node, model, uptime
node         model  uptime
------------ ------ ------------
lab-fas04-01 SIMBOX 1 days 01:31
lab-fas04-02 SIMBOX 1 days 01:24
2 entries were displayed.

lab-fas04::> vserver services dns delete

lab-fas04::> vserver services dns show
This table is currently empty.

Below is the playbook. Note that the vserver parameter is commented out. Fails consistently if I don't provide any vserver.

---
- name: Issue 211 with netapp.ontap collection
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Configure DNS for the ONTAP cluster
      netapp.ontap.na_ontap_dns:
        state: present
        hostname: 10.220.90.100
        username: admin
        password: NetAppLAB123!@#
        validate_certs: false
        use_rest: always
        domains: domain.com
        nameservers:
          - 10.231.128.5
          - 10.232.128.5
        # vserver: lab-fas04
        feature_flags:
          trace_apis: true
          trace_headers: true

Here's the playbook output: `$ ansible-playbook issue211.yml PLAY [Issue 211 with netapp.ontap collection] ****

TASK [Configure DNS for the ONTAP cluster] *** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error getting DNS service: could not retrieve UUID of the DNS object"}

PLAY RECAP *** localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 `

Here's the /tmp/ontap_apis.log:

$ cat /tmp/ontap_apis.log 2024-07-16 23:57:05,864 DEBUG sending: {'method': 'GET', 'url': 'https://10.220.90.100/api/cluster', 'verify': False, 'params': {'fields': ['version']}, 'timeout': 60, 'json': None, 'headers': {'X-Dot-Client-App': 'netapp.ontap.na_ontap_dns/22.11.0'}, 'auth_args': 'redacted'} 2024-07-16 23:57:05,867 DEBUG Starting new HTTPS connection (1): 10.220.90.100:443 2024-07-16 23:57:05,994 DEBUG https://10.220.90.100:443 "GET /api/cluster?fields=version HTTP/11" 200 166 2024-07-16 23:57:05,995 DEBUG 200: b'{\n "version": {\n "full": "NetApp Release 9.12.1: Tue Jan 31 19:19:43 UTC 2023",\n "generation": 9,\n "major": 12,\n "minor": 1\n },\n "_links": {\n "self": {\n "href": "/api/cluster"\n }\n }\n}' 2024-07-16 23:57:05,997 DEBUG sending: {'method': 'GET', 'url': 'https://10.220.90.100/api/name-services/dns', 'verify': False, 'params': {'fields': 'domains,servers,svm', 'scope': 'cluster'}, 'timeout': 60, 'json': None, 'headers': {'X-Dot-Client-App': 'netapp.ontap.na_ontap_dns/22.11.0'}, 'auth_args': 'redacted'} 2024-07-16 23:57:06,000 DEBUG Starting new HTTPS connection (1): 10.220.90.100:443 2024-07-16 23:57:06,184 DEBUG https://10.220.90.100:443 "GET /api/name-services/dns?fields=domains%2Cservers%2Csvm&scope=cluster HTTP/11" 200 285 2024-07-16 23:57:06,185 DEBUG 200: b'{\n "records": [\n {\n "svm": {\n "uuid": "f318928f-42f9-11ef-b57b-005056af6638",\n "name": "lab-fas04",\n "_links": {\n "self": {\n "href": "/api/svm/svms/f318928f-42f9-11ef-b57b-005056af6638"\n }\n }\n },\n "domains": [\n "domain.com"\n ],\n "servers": [\n "10.231.128.5",\n "10.232.128.5"\n ],\n "scope": "cluster",\n "_links": {\n "self": {\n "href": "/api/name-services/dns/f318928f-42f9-11ef-b57b-005056af6638"\n }\n }\n }\n ],\n "num_records": 1,\n "_links": {\n "self": {\n "href": "/api/name-services/dns?fields=domains%2Cservers%2Csvm&scope=cluster"\n }\n }\n}'

Sneedes commented 1 week ago

It does create the DNS configuration...but errors out in the module.

lab-fas04::> vserver services dns show
                                                    Name
Vserver         Domains                             Servers
--------------- ----------------------------------- ----------------
lab-fas04       domain.com                          10.231.128.5,
                                                    10.232.128.5
Sneedes commented 1 week ago

If I provide the vserver parameter, playbook runs as expected, is idemptotent, etc.

`$ ansible-playbook issue211.yml PLAY [Issue 211 with netapp.ontap collection] ****

TASK [Configure DNS for the ONTAP cluster] *** changed: [localhost]

PLAY RECAP *** localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

$ ansible-playbook issue211.yml PLAY [Issue 211 with netapp.ontap collection] ****

TASK [Configure DNS for the ONTAP cluster] *** changed: [localhost]

PLAY RECAP *** localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
`

`lab-fas04::> vserver services dns show -instance

                    Vserver: lab-fas04
                    Domains: domain.com
               Name Servers: 10.231.128.5, 10.232.128.5
             Timeout (secs): 2
           Maximum Attempts: 1

`

csahu9 commented 1 week ago

GET response for a cluster scoped DNS config should have uuid in the response which is missing in your case. I've dropped an email asking about this to the REST team.

csahu9 commented 5 days ago

@Sneedes I got a response from the REST team on this that in 9.12.1, DNS get endpoint was returning SVM UUID whereas it is expected to not expose the cluster SVM name in the API response. Hence modification was done to the API endpoint to handle this defect and from Ontap 9.13.1 onwards UUID will be the key field. As mentioned above, in your case UUID is missing in the GET response throwing a warning. We'll see if we can add some information/warning about this change in the module/documentation.