search

ansible-collections / netapp.ontap

Ansible collection to support NetApp ONTAP configuration.
https://galaxy.ansible.com/netapp/ontap
GNU General Public License v3.0
54 stars 35 forks source link

na_ontap_flexcache - Vserver scope not possible #64

Closed AwesomeNameMan closed 2 years ago

AwesomeNameMan commented 2 years ago

Summary

When I try to create a FlexCache volume with cluster-admin privileges, the task works jsut fine. Doing the same with vsadmin privileges throws an error (please view actual results).

Component Name

na_ontap_flexcache

Ansible Version

$ ansible --version

ansible [core 2.11.10]
  config file = None
  configured module search path = ['/home/awesome/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/awesome/.local/lib/python3.6/site-packages/ansible
  ansible collection location = /home/awesome/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/awesome/.local/bin/ansible
  python version = 3.6.8 (default, Nov  9 2021, 14:44:26) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 3.0.3
  libyaml = True

ONTAP Collection Version

$ ansible-galaxy collection list

# /home/awesome/.local/lib/python3.6/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    1.5.1
ansible.netcommon             2.5.0
ansible.posix                 1.3.0
ansible.utils                 2.4.3
ansible.windows               1.8.0
arista.eos                    2.2.0
awx.awx                       19.4.0
azure.azcollection            1.10.0
check_point.mgmt              2.2.0
chocolatey.chocolatey         1.1.0
cisco.aci                     2.1.0
cisco.asa                     2.1.0
cisco.intersight              1.0.18
cisco.ios                     2.6.0
cisco.iosxr                   2.6.0
cisco.meraki                  2.5.0
cisco.mso                     1.2.0
cisco.nso                     1.0.3
cisco.nxos                    2.8.2
cisco.ucs                     1.6.0
cloudscale_ch.cloud           2.2.0
community.aws                 1.5.0
community.azure               1.1.0
community.crypto              1.9.8
community.digitalocean        1.13.0
community.docker              1.10.2
community.fortios             1.0.0
community.general             3.8.3
community.google              1.0.0
community.grafana             1.3.0
community.hashi_vault         1.5.0
community.hrobot              1.2.1
community.kubernetes          1.2.1
community.kubevirt            1.0.0
community.libvirt             1.0.2
community.mongodb             1.3.2
community.mysql               2.3.2
community.network             3.0.0
community.okd                 1.1.2
community.postgresql          1.6.0
community.proxysql            1.3.0
community.rabbitmq            1.1.0
community.routeros            1.2.0
community.skydive             1.0.0
community.sops                1.2.0
community.vmware              1.17.0
community.windows             1.8.0
community.zabbix              1.5.1
containers.podman             1.9.0
cyberark.conjur               1.1.0
cyberark.pas                  1.0.13
dellemc.enterprise_sonic      1.1.0
dellemc.openmanage            3.6.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.13.0
fortinet.fortimanager         2.1.4
fortinet.fortios              2.1.3
frr.frr                       1.0.3
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.6.0
hpe.nimble                    1.1.4
ibm.qradar                    1.0.3
infinidat.infinibox           1.3.0
inspur.sm                     1.3.0
junipernetworks.junos         2.8.0
kubernetes.core               1.2.1
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.12.1
netapp.elementsw              21.7.0
netapp.ontap                  21.14.1
netapp.um_info                21.8.0
netapp_eseries.santricity     1.2.13
netbox.netbox                 3.4.0
ngine_io.cloudstack           2.2.2
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.0
openstack.cloud               1.5.3
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   1.6.6
purestorage.flasharray        1.11.0
purestorage.flashblade        1.8.1
sensu.sensu_go                1.12.0
servicenow.servicenow         1.0.6
splunk.es                     1.0.2
t_systems_mms.icinga_director 1.26.0
theforeman.foreman            2.2.0
vyos.vyos                     2.6.0
wti.remote                    1.0.3

# /home/awesome/.ansible/collections/ansible_collections
Collection   Version
------------ -------
netapp.ontap 21.17.3

ONTAP Version

awesome-cluster::> version
NetApp Release 9.10.1: Sat Jan 15 15:04:44 UTC 2022

Playbook

- name: Setting up FlexCache
  na_ontap_flexcache:
    <<: *login_flexcache_cluster
    state: present
    origin_volume: "{{ item.name }}"
    name: "{{ item.name }}"
    origin_vserver: "{{ item.svm }}"
    vserver: "{{ item.svm_cache }}"
    size: "{{ item.size_cache }}"
    size_unit: "{{ item.size_unit_cache }}"
    aggr_list: "{{ aggregates_cache | random }}"
    aggr_list_multiplier: 1
  loop: "{{ volume }}"

Steps to Reproduce

- name: Setting up FlexCache
  na_ontap_flexcache:
    <<: *login_flexcache_cluster
    state: present
    origin_volume: "{{ item.name }}"
    name: "{{ item.name }}"
    origin_vserver: "{{ item.svm }}"
    vserver: "{{ item.svm_cache }}"
    size: "{{ item.size_cache }}"
    size_unit: "{{ item.size_unit_cache }}"
    aggr_list: "{{ aggregates_cache | random }}"
    aggr_list_multiplier: 1
  loop: "{{ volume }}"

#########
# Volume #
#########

volume:
  - name: testvolume
    svm: testing
    svm_cache: testing_fc
    size_cache: 100
    size_unit_cache: gb

Expected Results

Create a FlexCache volume on the destination cluster.

Actual Results

TASK [Setting up FlexCache] *********************************************************************************************************************************
task path: /home/awesome/bwsfs-ansible/volume.yml:292
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: awesome
<127.0.0.1> EXEC /bin/sh -c 'echo ~awesome && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/awesome/.ansible/tmp `"&& mkdir "` echo /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265 `" && echo ansible-tmp-1649947228.2596056-89916-249087531981265="` echo /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265 `" ) && sleep 0'
Using module file /home/awesome/.ansible/collections/ansible_collections/netapp/ontap/plugins/modules/na_ontap_flexcache.py
<127.0.0.1> PUT /home/awesome/.ansible/tmp/ansible-local-89909rhwbp0wk/tmpznlgdse9 TO /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265/AnsiballZ_na_ontap_flexcache.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265/ /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265/AnsiballZ_na_ontap_flexcache.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.6 /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265/AnsiballZ_na_ontap_flexcache.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/awesome/.ansible/tmp/ansible-tmp-1649947228.2596056-89916-249087531981265/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.6/http/client.py", line 1269, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1315, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1264, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1040, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 978, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 1437, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
    self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/ansible_na_ontap_flexcache_payload_3kski0lo/ansible_na_ontap_flexcache_payload.zip/ansible_collections/netapp/ontap/plugins/module_utils/netapp.py", line 563, in invoke_elem
    response = self._opener.open(request)
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1392, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 0] Error>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/ansible_na_ontap_flexcache_payload_3kski0lo/ansible_na_ontap_flexcache_payload.zip/ansible_collections/netapp/ontap/plugins/modules/na_ontap_flexcache.py", line 379, in flexcache_get
  File "/home/awesome/.local/lib/python3.6/site-packages/netapp_lib/api/zapi/zapi.py", line 292, in invoke_successfully
    result = self.invoke_elem(na_element, enable_tunneling)
  File "/tmp/ansible_na_ontap_flexcache_payload_3kski0lo/ansible_na_ontap_flexcache_payload.zip/ansible_collections/netapp/ontap/plugins/module_utils/netapp.py", line 576, in invoke_elem
    raise zapi.NaApiError(msg, error)
netapp_lib.api.zapi.zapi.NaApiError: NetApp API failed. Reason - URL error:URLError(OSError(0, 'Error'),)
failed: [localhost] (item={'name': 'testvolume', 'svm': 'testing', 'svm_cache': 'testing_fc', 'size_cache': 100, 'size_unit_cache': 'gb'}) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "aggr_list": [
                "awesome_cluster_fc_aggr1"
            ],
            "aggr_list_multiplier": 1,
            "auto_provision_as": null,
            "cert_filepath": null,
            "feature_flags": {},
            "force_offline": false,
            "force_unmount": false,
            "hostname": "************",
            "http_port": null,
            "https": true,
            "junction_path": null,
            "key_filepath": null,
            "name": "testvolume",
            "ontapi": null,
            "origin_cluster": null,
            "origin_volume": "testvolume",
            "origin_vserver": "testing",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "prepopulate": null,
            "size": 100,
            "size_unit": "gb",
            "state": "present",
            "time_out": 180,
            "use_rest": "auto",
            "username": "vsadmin",
            "validate_certs": false,
            "vserver": "testing_fc"
        }
    },
    "item": {
        "name": "testvolume",
        "size_cache": 100,
        "size_unit_cache": "gb",
        "svm": "testing",
        "svm_cache": "testing_fc"
    },
    "msg": "Error fetching FlexCache info: NetApp API failed. Reason - URL error:URLError(OSError(0, 'Error'),)"
}
lonico commented 2 years ago

It looks like a connectivity issue. This issue may be better addressed in slack.

A first step would be to run the following playbook: https://github.com/ansible-collections/netapp.ontap/blob/main/playbooks/examples/support/debug_connectivity.yaml

AwesomeNameMan commented 2 years ago

Doesn't seem like a connectivity issue to me at the first glance, but we can gladly diagnose it on slack together:

TASK [Testing connectivity] *** task path: /home/awesome/bwsfs-ansible/conn.yml:31 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: awesome <127.0.0.1> EXEC /bin/sh -c 'echo ~awesome && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/awesome/.ansible/tmp"&& mkdir "echo /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849" && echo ansible-tmp-1650370836.447979-92906-83294384685849="echo /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849" ) && sleep 0' Including module_utils file ansible/init.py Including module_utils file ansible/module_utils/init.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/common/_collections_compat.py Including module_utils file ansible/module_utils/common/init.py Including module_utils file ansible/module_utils/common/_json_compat.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/init.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selectors.py Including module_utils file ansible/module_utils/compat/init.py Including module_utils file ansible/module_utils/compat/_selectors2.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/distro/init.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/init.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/init.py Including module_utils file ansible_collections/netapp/ontap/plugins/module_utils/netapp.py Including module_utils file ansible/module_utils/ansible_release.py Including module_utils file ansible_collections/init.py Including module_utils file ansible_collections/netapp/init.py Including module_utils file ansible_collections/netapp/ontap/init.py Including module_utils file ansible_collections/netapp/ontap/plugins/init.py Including module_utils file ansible_collections/netapp/ontap/plugins/module_utils/init.py Including module_utils file ansible_collections/netapp/ontap/plugins/module_utils/netapp_module.py Including module_utils file ansible_collections/netapp/ontap/plugins/module_utils/rest_user.py Including module_utils file ansible_collections/netapp/ontap/plugins/module_utils/rest_response_helpers.py Including module_utils file ansible_collections/netapp/ontap/plugins/module_utils/rest_vserver.py Using module file /home/awesome/.ansible/collections/ansible_collections/netapp/ontap/plugins/modules/na_ontap_debug.py <127.0.0.1> PUT /home/awesome/.ansible/tmp/ansible-local-9289941flpzzd/tmpm3ctbm3c TO /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849/AnsiballZ_na_ontap_debug.py <127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849/ /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849/AnsiballZ_na_ontap_debug.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.6 /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849/AnsiballZ_na_ontap_debug.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/awesome/.ansible/tmp/ansible-tmp-1650370836.447979-92906-83294384685849/ > /dev/null 2>&1 && sleep 0' ok: [localhost] => { "changed": false, "invocation": { "module_args": { "cert_filepath": null, "feature_flags": {}, "hostname": "****", "http_port": null, "https": true, "key_filepath": null, "ontapi": null, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "use_rest": "auto", "username": "vsadmin", "validate_certs": false, "vserver": null } }, "msg": [ "netapp-lib imported successfully.", "zapi connected successfully.", "ONTAP version: NetApp Release 9.10.1: Sat Jan 15 15:04:44 UTC 2022", "rest connected successfully.", "ONTAP version: NetApp Release 9.10.1: Sat Jan 15 15:04:44 UTC 2022" ] } Read vars_file './vars/testing/testingyml' META: ran handlers Read vars_file './vars/testing/testing.yml' META: ran handlers

lonico commented 2 years ago

I don't think it's a module issue. I used the latest collection version, and I could run na_ontap_flexcache as vsadmin both with ONTAP 9.8 and 9.10.1.

The test with na_ontap_debug rules out any connectivity issue related to vsadmin account.

The last time we saw such an issue, it was a proxy issue. Maybe something malformed sent to ONTAP?

This would need to be addressed with ONTAP support, as we merely report what ONTAP is sending back to us.

AwesomeNameMan commented 2 years ago

I found the cause of the error: ssl was not enabled for the vserver (although the same task is used for other vserver). This then causes the actual error to occur.

Solution: ssl modify -vserver <vserver> -server-enabled true

lonico commented 2 years ago

Great! A bit surprising na_ontap_debug did not help here.