na_ontap_command does not work - connection refused

[guliaka]

Summary

netapp.ontap.na_ontap_command does not work

Component Name

netapp.ontap.na_ontap_command

Ansible Version

[root@vm-its-dckr2 netapp1]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Sep  9 2021, 07:49:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]

ONTAP Collection Version

latest

ONTAP Version

tst-netappcl1::> version
NetApp Release 9.9.1: Sun Jun 13 06:06:29 UTC 2021

Playbook

- name: Create SVM
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Set vserver name
      set_fact:
        vserv: "tst03-svm"
        na_host: "my-test-na-host"
        na_user: "na-uname"
        na_user_pass: "na-u-pass"

    - name: 1 - Create SVM 
      netapp.ontap.na_ontap_svm:
        state: present
        name: "{{ vserv }}"
        # root_volume: vol1
        # root_volume_aggregate: tst_netapp1_01_FC_1
        # root_volume_security_style: mixed
        use_rest: always
        ignore_rest_unsupported_options: yes
        hostname: "{{ na_host }}"
        username: "{{ na_user }}"
        password: "{{ na_user_pass }}"
        validate_certs: false
      register: svm1

    - debug:
        var: svm1

    - name: Install root CA certs
      netapp.ontap.na_ontap_security_certificates:
        name: "GettyRoot"
        common_name: "GettyRoot"
        type: server_ca
        svm: "{{ vserv }}"
        public_certificate: |
          -----BEGIN CERTIFICATE-----
          <--cert here ---->
          -----END CERTIFICATE-----
        state: present
        hostname: "{{ na_host }}"
        username: "{{ na_user }}"
        password: "{{ na_user_pass }}"
        validate_certs: false

    - name: Install intermediary CA certs
      netapp.ontap.na_ontap_security_certificates:
        name: "GettyHermes"
        common_name: "GettyHermes"
        svm: "{{ vserv }}"
        public_certificate: |
          -----BEGIN CERTIFICATE-----
          <--cert here ---->
          -----END CERTIFICATE-----
        type: server_ca
        state: present
        hostname: "{{ na_host }}"
        username: "{{ na_user }}"
        password: "{{ na_user_pass }}"
        validate_certs: false

    - name: set ldaps
      netapp.ontap.na_ontap_command:
        hostname: "{{ na_host }}"
        username: "{{ na_user }}"
        password: "{{ na_user_pass }}"
        validate_certs: false
        command: ['vserver', 'cifs', 'security', 'modify', '-vserver', '{{ vserv }}', '-use-ldaps-for-ad-ldap', 'true' ]

Steps to Reproduce

run playbook

Expected Results

-use-ldaps-for-ad-ldap true

Actual Results

ASK [set ldaps] **************************************************************************************************************************************
task path: /root/roles/netapp1/tasks/create-smb-svm.yml:115
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372 `" && echo ansible-tmp-1652227689.682762-1629848-143364956986372="` echo /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372 `" ) && sleep 0'
Using module_utils file ansible_collections/netapp/ontap/plugins/module_utils
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/_text.py
Using module_utils file ansible_collections
Using module_utils file ansible_collections/netapp/ontap/plugins
Using module_utils file ansible_collections/netapp/ontap
Using module_utils file ansible_collections/netapp
Using module_utils file ansible_collections/netapp/ontap/plugins/module_utils/netapp
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/basic.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/six/__init__.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/ansible_release.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/file.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/__init__.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/text/converters.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/text/__init__.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/text/formatters.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/process.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/pycompat24.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/sys_info.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/_utils.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/compat/__init__.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/_json_compat.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/parameters.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/validation.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/parsing/convert_bool.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/_collections_compat.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/compat/selectors.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/parsing/__init__.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/distro/__init__.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/distro/_distro.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/common/collections.py
Using module_utils file /usr/lib/python3.6/site-packages/ansible/module_utils/compat/_selectors2.py
Using module file /root/.ansible/collections/ansible_collections/netapp/ontap/plugins/modules/na_ontap_command.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-1629714w_yemu8m/tmpooe3xvx5 TO /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372/AnsiballZ_na_ontap_command.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372/ /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372/AnsiballZ_na_ontap_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372/AnsiballZ_na_ontap_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1652227689.682762-1629848-143364956986372/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/lib64/python3.6/http/client.py", line 1269, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1315, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1264, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1040, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.6/http/client.py", line 978, in send
    self.connect()
  File "/usr/lib64/python3.6/http/client.py", line 950, in connect
    (self.host,self.port), self.timeout, self.source_address)
  File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
    raise err
  File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/ansible_netapp.ontap.na_ontap_command_payload_hpya_m05/ansible_netapp.ontap.na_ontap_command_payload.zip/ansible_collections/netapp/ontap/plugins/module_utils/netapp.py", line 564, in invoke_elem
    response = self._opener.open(request)
  File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
    response = self._open(req, data)
  File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
    '_open', req)
  File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
    result = func(*args)
  File "/usr/lib64/python3.6/urllib/request.py", line 1377, in http_open
    return self.do_open(http.client.HTTPConnection, req)
  File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 111] Connection refused>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/ansible_netapp.ontap.na_ontap_command_payload_hpya_m05/ansible_netapp.ontap.na_ontap_command_payload.zip/ansible_collections/netapp/ontap/plugins/modules/na_ontap_command.py", line 186, in run_command
  File "/usr/local/lib/python3.6/site-packages/netapp_lib/api/zapi/zapi.py", line 292, in invoke_successfully
    result = self.invoke_elem(na_element, enable_tunneling)
  File "/tmp/ansible_netapp.ontap.na_ontap_command_payload_hpya_m05/ansible_netapp.ontap.na_ontap_command_payload.zip/ansible_collections/netapp/ontap/plugins/module_utils/netapp.py", line 577, in invoke_elem
    raise zapi.NaApiError(msg, error)
netapp_lib.api.zapi.zapi.NaApiError: NetApp API failed. Reason - Unable to connect:(ConnectionRefusedError(111, 'Connection refused'),)
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "cert_filepath": null,
            "command": [
                "vserver",
                "cifs",
                "security",
                "modify",
                "-vserver",
                "tst02-svm",
                "-use-ldaps-for-ad-ldap",
                "true"
            ],
            "exclude_lines": "",
            "feature_flags": {},
            "hostname": "153.10.94.75",
            "http_port": null,
            "https": false,
            "include_lines": "",
            "key_filepath": null,
            "ontapi": null,
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "privilege": "admin",
            "return_dict": false,
            "use_rest": "auto",
            "username": "ansible1",
            "validate_certs": false,
            "vserver": null
        }
    },
    "msg": "Error running command ['vserver', 'cifs', 'security', 'modify', '-vserver', 'tst02-svm', '-use-ldaps-for-ad-ldap', 'true']: NetApp API failed. Reason - Unable to connect:(ConnectionRefusedError(111, 'Connection refused'),)"
}

[carchi8py]

@guliaka can you double-check you have the correct permissions listed in the documentation https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_command_module.html#ansible-collections-netapp-ontap-na-ontap-command-module

[carchi8py]

Haven't heard back from the user.