mdn/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Init: mediaserver

Browse Source
This commit is contained in:
Martin Eichner
2023-02-08 12:13:28 +01:00
parent 848bc9739c
commit f7c23d4ba9
31914 changed files with 6175775 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/README.md Normal file
View File

@@ -0,0 +1,37 @@
=============================================================
netapp.ontap
NetApp ONTAP Collection
Copyright (c) 2020 NetApp, Inc. All rights reserved.
Specifications subject to change without notice.
=============================================================
# Playbook examples
As the name indicates, these are examples, and while they are working at the time of publication, we do not support these playbooks.
We cannot guarantee they are working on other systems, or other configurations, or other versions than what we used at the time.
We will not maintain these playbooks as time passes.
## ONTAP Firmware Updates
By default, downloading a firmware image is enough to trigger an update.
The update happens automatically in background for the disk qualification package and for disk, shelf, and ACP firmwares. It is designed to be non disruptive.
The SP firmware will be automatically installed, but requires a node reboot. The reboot is not done in these playbooks.
The na_ontap_pb_upgrade_firmware playbooks are illustrating three ways to use variables in an Ansible playbook:
1. directly inside the playbook, under the `vars:` keyword
1. by importing an external file, under the `vars_file:` keyword
1. by adding `--extra-vars` to the `ansible-playbook` command line. Using `@` enables to use a file rather than providing each variable explicitly.
```
ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware.yml
ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_vars_file.yml
ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml --extra-vars=@/tmp/ansible/ontap_vars_file.yml
```
The advantage of using a vars_file is that you can keep important variables private. --extra-vars provides more flexibility regarding the location of the vars file.

77
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/filter/test_na_filter_iso8601.yaml Normal file
View File

@@ -0,0 +1,77 @@
-
name: test netapp.ontap ISO8601 filters
gather_facts: false
hosts: localhost
vars:
iso_duration: 'P689DT13H57M44S'
iso_duration_weeks: 'P98W'
seconds_duration: 59579864
tasks:
- name: convert duration in ISO 8601 format to seconds
set_fact:
input: "{{ iso_duration }}"
out: "{{ iso_duration | netapp.ontap.iso8601_duration_to_seconds }}"
- name: validate results
assert:
that: out | int == seconds_duration
quiet: true
- name: convert seconds to duration in ISO 8601 format
set_fact:
input: "{{ seconds_duration }}"
out: "{{ seconds_duration | netapp.ontap.iso8601_duration_from_seconds }}"
- name: validate results
assert:
that: out == iso_duration
quiet: true
- name: convert seconds to duration in ISO 8601 format, using format specifier
set_fact:
input: "{{ seconds_duration }}"
out: "{{ seconds_duration | netapp.ontap.iso8601_duration_from_seconds(format='P%P') }}"
- name: validate results
assert:
that: out == iso_duration
quiet: true
- name: convert seconds to duration in ISO 8601 format, using format specifier for weeks
set_fact:
input: "{{ seconds_duration }}"
out: "{{ seconds_duration | netapp.ontap.iso8601_duration_from_seconds(format='P%p') }}"
- name: validate results
assert:
that: out == iso_duration_weeks
quiet: true
- name: input error, input does not match ISO format
set_fact:
out: "{{ 'dummy' | netapp.ontap.iso8601_duration_to_seconds }}"
ignore_errors: true
register: results
- name: validate error message
assert:
that: results.msg == error
quiet: true
vars:
error: "iso8601_duration_to_seconds - error: Unable to parse duration string 'dummy' - expecting PnnYnnMnnDTnnHnnMnnS, received: dummy"
- name: input error, input does not match int or float format
set_fact:
out: "{{ 'dummy' | netapp.ontap.iso8601_duration_from_seconds }}"
ignore_errors: true
register: results
- name: validate error message
assert:
that: results.msg == error
quiet: true
vars:
error: "iso8601_duration_from_seconds - error: unsupported type for timedelta seconds component: str - received: dummy"

30
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/json_query/README.md Normal file
View File

@@ -0,0 +1,30 @@
=============================================================
netapp.ontap
NetApp ONTAP Collection
Copyright (c) 2020 NetApp, Inc. All rights reserved.
Specifications subject to change without notice.
=============================================================
# Playbook examples
As the name indicates, these are examples, and while they are working at the time of publication, we do not support these playbooks.
We cannot guarantee they are working on other systems, or other configurations, or other versions than what we used at the time.
We will not maintain these playbooks as time passes.
## ONTAP list volumes that are online, or offline
The na_ontap_pb_get_online_volumes playbook illustrate two ways to use json_query:
1. to flatten a complex structure and extract only the fields of interest,
2. to filter the fields of interest based on some criteria.
The na_ontap_pb_get_online_volumes playbook illustrates three ways to use variables in an Ansible playbook:
1. directly inside the playbook, under the `vars:` keyword,
1. by importing an external file, under the `vars_files:` keyword,
1. by adding `--extra-vars` to the `ansible-playbook` command line. Using `@` enables to use a file rather than providing each variable explicitly.
Note that `--extra-vars` has the highest precedence. `vars` has the lowest precedence. It is possible to comnbine the 3 techniques within a single playbook.
The advantage of using a vars_file is that you can keep important variables private. --extra-vars provides more flexibility regarding the location of the vars file.

76
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/json_query/na_ontap_pb_get_online_volumes.yml Normal file
View File

@@ -0,0 +1,76 @@
-
name: Get list of online ONTAP volumes
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars_files:
# This will fail silently if the vars_file is not found. Remove '/dev/null' to force an error
# if --extra_vars is used to provide values for these variables, the values from vars_file are ignored
- ['/path/to/ontap_vars_file.yml', '/dev/null']
vars:
# TODO: change these value until DONE, unless a vars file or --extra_vars is used.
# If --extra_vars is used to provide values for these variables, the values below are ignored.
# If vars_files is used, the values below are ignored.
ontap_admin_ip: TBD
# username/password authentication
ontap_admin_username: admin
ontap_admin_password: TBD
# SSL certificate authentication
ontap_cert_filepath: "/path/to/test.pem"
ontap_key_filepath: "/path/to//test.key"
# optional, SVM login
ontap_svm_admin_ip: TBD
ontap_svm_admin_username: vsadmin
ontap_svm_admin_password: TBD
# we recommend to use https, with a valid certificate
ontap_use_https: true
ontap_validate_certs: false
# DONE
login: &login
hostname: "{{ ontap_admin_ip }}"
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
cert_login: &cert_login
hostname: "{{ ontap_admin_ip }}"
cert_filepath: "{{ ontap_cert_filepath }}"
key_filepath: "{{ ontap_key_filepath }}"
https: true # ignored, as https is required for SSL
validate_certs: "{{ ontap_validate_certs }}"
svm_login: &svm_login
hostname: "{{ ontap_svm_admin_ip }}"
username: "{{ ontap_svm_admin_username }}"
password: "{{ ontap_svm_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- name: collect list of volumes, and state information
na_ontap_info:
<<: *cert_login
gather_subset: volume_info
desired_attributes:
volume-attributes:
volume-state-attributes:
state:
use_native_zapi_tags: false
register: ontap
- debug: var=ontap
tags: never
- set_fact:
volumes: "{{ ontap.ontap_info | json_query(get_attrs) }}"
vars:
get_attrs: "volume_info.*.{id: volume_id_attributes.name, svm: volume_id_attributes.owning_vserver_name, state: volume_state_attributes.state}"
- debug: var=volumes
- set_fact:
online_volumes: "{{ volumes | json_query(get_online) }}"
vars:
get_online: "[? state=='online']"
- debug: var=online_volumes
- set_fact:
offline_volumes: "{{ volumes | json_query(get_offline) }}"
vars:
get_offline: "[? state=='offline']"
- debug: var=offline_volumes

85
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/json_query/na_ontap_pb_get_online_volumes_loop.yml Normal file
View File

@@ -0,0 +1,85 @@
-
name: Get list of online ONTAP volumes
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars_files:
# This will fail silently if the vars_file is not found. Remove '/dev/null' to force an error
# if --extra_vars is used to provide values for these variables, the values from vars_file are ignored
- ['/path/to/ontap_vars_file.yml', '/dev/null']
vars:
# TODO: change these value until DONE, unless a vars file or --extra_vars is used.
# If --extra_vars is used to provide values for these variables, the values below are ignored.
# If vars_files is used, the values below are ignored.
# cluster or vsserver IP addresses
ontap_admin_ips:
- ip1
- ip2
# username/password authentication
ontap_admin_username: admin
ontap_admin_password: netapp1!
# SSL certificate authentication
ontap_cert_filepath: "/path/to/test.pem"
ontap_key_filepath: "/path/to//test.key"
# optional, SVM login
ontap_svm_admin_username: vsadmin
ontap_svm_admin_password: TBD
# we recommend to use https, with a valid certificate
ontap_use_https: true
ontap_validate_certs: false
# DONE
login: &login
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
cert_login: &cert_login
cert_filepath: "{{ ontap_cert_filepath }}"
key_filepath: "{{ ontap_key_filepath }}"
https: true # ignored, as https is required for SSL
validate_certs: "{{ ontap_validate_certs }}"
svm_login: &svm_login
username: "{{ ontap_svm_admin_username }}"
password: "{{ ontap_svm_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- debug: var=ontap
tags: never
- debug: var=ontap.results
tags: xnever
- name: collect list of volumes, and state information
na_ontap_info:
hostname: "{{ item }}"
<<: *login
gather_subset: volume_info
desired_attributes:
volume-attributes:
volume-state-attributes:
state:
use_native_zapi_tags: false
register: ontap
loop: "{{ ontap_admin_ips }}"
loop_control:
label: "{{ item }}"
- set_fact:
volumes: "{{ volumes|default({}) | combine( {item.item: item.ontap_info | json_query(get_attrs)} ) }}"
vars:
get_attrs: "volume_info.*.{id: volume_id_attributes.name, svm: volume_id_attributes.owning_vserver_name, state: volume_state_attributes.state}"
loop: "{{ ontap.results }}"
- debug: var=volumes
- pause:
- set_fact:
online_volumes: "{{ online_volumes|default({}) | combine( {item.key: item.value | json_query(get_online)} ) }}"
vars:
get_online: "[? state=='online']"
loop: "{{ volumes | dict2items }}"
- debug: var=online_volumes
- set_fact:
offline_volumes: "{{ offline_volumes|default({}) | combine( {item.key: item.value | json_query(get_offline)} ) }}"
vars:
get_offline: "[? state=='offline']"
loop: "{{ volumes | dict2items }}"
- debug: var=offline_volumes

209
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate.yml Normal file
View File

@@ -0,0 +1,209 @@
# Example of installing a SSL certificate in ONTAP for authentication
# This playbook:
# 1. installs the certificate, or proceeds if the certificate is already installed,
# 2. enables SSL client authentication,
# 3. creates user account for cert authentication for ontapi and http applications,
# 4. validates that cert authentication works
#
# in test mode (using tags: -t all,testpb):
# 1b. the installation is repeated, to validate the check for idempotency (certificate already installed),
# 5. user account for cert authentication for ontapi and http applications is deleted,
# 6. if the certificate was installed in step 1, it is deleted.
# The certificate can be manually deleted using something like:
# security certificate delete -vserver trident_svm -common-name cert_user -ca cert_user -type *
#
# Prerequisites:
# you must have generated a certificate and have the certificate file (.pem) and the private key file available.
# This was tested using a self signed certificate:
# https://netapp.io/2016/11/08/certificate-based-authentication-netapp-manageability-sdk-ontap/
-
name: Ontap Install SSL certificate and enable SSL certificate authentication
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars:
# TODO: change these variable values from HERE to DONE:
ontap_admin_ip: 10.XXX.XXX.X19
ontap_admin_username: admin
ontap_admin_password: XXXXXXXX
# we recommend to use https, but it requires a valid SSL certificate
ontap_use_https: true
ontap_validate_certs: false
# parameters to set up the certificate, ontap_cert_user must match the value of CN= when generating the certificate
ontap_cert_user: cert_user
ontap_cert_name: deleteme_cert
# admin or vsadmin
ontap_cert_role: vsadmin
# admin or data SVM
vserver: trident_svm
# admin or SVM IP address (for admin, would the same as ontap_admin_ip)
ontap_svm_ip: 10.XXX.XXX.X21
# certificate and private key files
cert_filepath: "/home/laurentn/atelier/ansible_wsl/ansible-playbooks/test.pem"
key_filepath: "/home/laurentn/atelier/ansible_wsl/ansible-playbooks/test.key"
# set this to false if the certificate is self-signed
validate_certs_for_ssl_auth: false
# you can either copy/paste the certificate(s) from the pem file, respecting the identation:
ssl_certificate_inline: |
-----BEGIN CERTIFICATE-----
MXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxx==
-----END CERTIFICATE-----
# or read it directly from the pem file
ssl_certificate_from_file: "{{lookup('file', cert_filepath)}}"
# pick one:
# ssl_certificate: "{{ ssl_certificate_inline }}"
ssl_certificate: "{{ ssl_certificate_from_file }}"
# DONE - do not change anything else (unless you really want to)
# this will be used to authenticate using SSL certificate
cert_login: &cert_login
hostname: "{{ ontap_svm_ip }}"
cert_filepath: "{{ cert_filepath }}"
key_filepath: "{{ key_filepath }}"
https: true
validate_certs: "{{ validate_certs_for_ssl_auth }}"
login: &login
hostname: "{{ ontap_admin_ip }}"
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- name: run ontap info module to check connectivity
na_ontap_info:
<<: *login
gather_subset: ontap_system_version
register: ontap
- debug: var=ontap.ontap_info.ontap_version
- name: use ZAPIT to install certificate
na_ontap_zapit:
<<: *login
zapi:
security-certificate-install:
cert-name: "{{ ontap_cert_name }}"
certificate: "{{ ssl_certificate }}"
type: client-ca
vserver: "{{ vserver }}"
ignore_errors: true
register: ontap
- debug: var=ontap
- fail:
msg: "Failed to install certificate: {{ ontap }}"
when: ontap.failed and ontap.reason != "duplicate entry"
- name: collect certificate data to be able to delete it later when testing
tags: never,testpb
set_fact:
certificate_authority: "{{ ontap.response.ca | default('unknown') }}"
serial_number: "{{ ontap.response.serial | default(0) }}"
certificate_installed: "{{ not ontap.failed }}"
- debug: var=certificate_authority
tags: never,testpb
- debug: var=serial_number
tags: never,testpb
- debug: var=certificate_installed
tags: never,testpb
- name: use ZAPIT to install certificate (idempotency)
# use -t all,testpb when testing the playbook
tags: never,testpb
na_ontap_zapit:
<<: *login
zapi:
security-certificate-install:
cert-name: "{{ ontap_cert_name }}"
certificate: "{{ ssl_certificate }}"
type: client-ca
vserver: "{{ vserver }}"
ignore_errors: true
register: ontap
- debug: var=ontap
tags: never,testpb
- fail:
msg: "Failed to install certificate: {{ ontap }}"
tags: never,testpb
when: ontap.failed and ontap.reason != "duplicate entry"
- name: use ZAPIT to enable certificate authentication
na_ontap_zapit:
<<: *login
zapi:
security-ssl-modify:
client-authentication-enabled: true
vserver: "{{ vserver }}"
register: ontap
- debug: var=ontap
tags: never,testpb
- name: set up cert authentication for ontapi (ZAPI) and http (REST)
na_ontap_user:
<<: *login
applications: ontapi,http
authentication_method: cert
name: "{{ ontap_cert_user }}"
role_name: "{{ ontap_cert_role }}"
vserver: "{{ vserver }}"
register: ontap
- debug: var=ontap
tags: never,testpb
- name: validate cert authentication is working for ZAPI
na_ontap_info:
<<: *cert_login
gather_subset: ontap_version
register: ontap
- debug: var=ontap
- name: remove cert authentication for ontapi (ZAPI) and http (REST) when testing
tags: never,testpb
na_ontap_user:
<<: *login
state: absent
applications: ontapi,http
authentication_method: cert
name: "{{ ontap_cert_user }}"
role_name: "{{ ontap_cert_role }}"
vserver: "{{ vserver }}"
register: ontap
- debug: var=ontap
tags: never,testpb
- name: use ZAPIT to delete certificate when testing
# use -t all,never when testing the playbook
tags: never,testpb,delete
na_ontap_zapit:
<<: *login
zapi:
security-certificate-delete:
certificate-authority: "{{ certificate_authority }}"
common-name: "{{ certificate_authority }}"
serial-number: "{{ serial_number }}"
type: client-ca
vserver: "{{ vserver }}"
when: certificate_installed

202
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate_REST.yml Normal file
View File

@@ -0,0 +1,202 @@
# Example of installing a SSL certificate in ONTAP for authentication
# This playbook:
# 1. installs the certificate, or proceeds if the certificate is already installed,
# (this also enables SSL client authentication),
# 2. creates user account for cert authentication for ontapi and http applications,
# 3. validates that cert authentication works
#
# in test mode (using tags: -t all,testpb):
# 1b. the installation is repeated, to validate the check for idempotency (certificate already installed),
# 4. user account for cert authentication for ontapi and http applications is deleted,
# 6. if the certificate was installed in step 1, it is deleted.
# The certificate can be manually deleted using something like:
# security certificate delete -vserver trident_svm -common-name cert_user -ca cert_user -type *
#
# Prerequisites:
# you must have generated a certificate and have the certificate file (.pem) and the private key file available.
# This was tested using a self signed certificate:
# https://netapp.io/2016/11/08/certificate-based-authentication-netapp-manageability-sdk-ontap/
-
name: Ontap Install SSL certificate and enable SSL certificate authentication
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars:
# TODO: change these variable values from HERE to DONE:
ontap_admin_ip: 10.xxx.xxx.x19
ontap_admin_username: admin
ontap_admin_password: xxxxxxxxx
# we recommend to use https, but it requires a valid SSL certificate
ontap_use_https: true
ontap_validate_certs: false
# parameters to set up the certificate, ontap_cert_user must match the value of CN= when generating the certificate
ontap_cert_user: cert_user
ontap_cert_name: testme-cert
# data SVM, name and set role to vsadmin
svm: ansibleSVM
ontap_cert_role: vsadmin
# uncomment and leave the value empty for cluster certificate, set role to admin
# svm:
# ontap_cert_role: admin
# admin or SVM IP address (for admin, would the same as ontap_admin_ip)
ontap_svm_ip: 10.XXX.XXX.X21
# certificate and private key files
cert_filepath: "/home/laurentn/atelier/wsl/ansible/ansible_collections/ansible_collection_ontap/test.pem"
key_filepath: "/home/laurentn/atelier/wsl/ansible/ansible_collections/ansible_collection_ontap/test.key"
# set this to false if the certificate is self-signed
validate_certs_for_ssl_auth: false
# you can either copy/paste the certificate(s) from the pem file, respecting the identation:
ssl_certificate_inline: |
-----BEGIN CERTIFICATE-----
MXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx
XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxx==
-----END CERTIFICATE-----
# or read it directly from the pem file
ssl_certificate_from_file: "{{lookup('file', cert_filepath)}}"
# pick one:
# ssl_certificate: "{{ ssl_certificate_inline }}"
ssl_certificate: "{{ ssl_certificate_from_file }}"
# DONE - do not change anything else (unless you really want to)
# this will be used to authenticate using SSL certificate
cert_login: &cert_login
hostname: "{{ ontap_admin_ip }}"
cert_filepath: "{{ cert_filepath }}"
key_filepath: "{{ key_filepath }}"
https: true
validate_certs: "{{ validate_certs_for_ssl_auth }}"
login: &login
hostname: "{{ ontap_admin_ip }}"
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- name: run ontap info module to check connectivity
na_ontap_info:
<<: *login
gather_subset: ontap_system_version
register: ontap
- debug: var=ontap.ontap_info.ontap_version
- name: install certificate
na_ontap_security_certificates:
<<: *login
common_name: "{{ ontap_cert_user }}"
name: "{{ ontap_cert_name }}"
public_certificate: "{{ ssl_certificate }}"
type: client_ca
svm: "{{ svm }}"
register: result
- debug: var=result
- assert: {that: result.changed, quiet: true}
- name: install certificate (idempotency test)
# use -t all,testpb when testing the playbook
tags: never,testpb
na_ontap_security_certificates:
<<: *login
common_name: "{{ ontap_cert_user }}"
name: "{{ ontap_cert_name }}"
public_certificate: "{{ ssl_certificate }}"
type: client_ca
svm: "{{ svm }}"
register: result
- debug: var=result
tags: never,testpb
- assert: {that: not result.changed, quiet: true}
tags: never,testpb
- name: set up cert authentication for ontapi (ZAPI) and http (REST)
na_ontap_user:
<<: *login
applications: ontapi,http
authentication_method: cert
name: "{{ ontap_cert_user }}"
role_name: "{{ ontap_cert_role }}"
svm: "{{ svm }}"
use_rest: Always
register: result
- debug: var=result
tags: never,testpb
- assert: {that: result.changed, quiet: true}
tags: never,testpb
- name: validate cert authentication is working for REST
na_ontap_rest_info:
<<: *cert_login
gather_subset: vserver_info
register: result
- debug: var=result
- name: remove cert authentication for ontapi (ZAPI) and http (REST) when testing
tags: never,testpb
na_ontap_user:
<<: *login
state: absent
applications: ontapi,http
authentication_method: cert
name: "{{ ontap_cert_user }}"
role_name: "{{ ontap_cert_role }}"
svm: "{{ svm }}"
use_rest: Always
register: result
- debug: var=result
tags: never,testpb
- assert: {that: result.changed, quiet: true}
tags: never,testpb
- name: delete certificate when testing
# use -t all,never when testing the playbook
tags: never,testpb,delete
na_ontap_security_certificates:
<<: *login
common_name: "{{ ontap_cert_user }}"
name: "{{ ontap_cert_name }}"
svm: "{{ svm }}"
state: absent
register: result
- debug: var=result
tags: never,testpb,delete
- assert: {that: result.changed, quiet: true}
tags: never,testpb,delete
- name: delete certificate when testing (idempotemcy)
# use -t all,never when testing the playbook
tags: never,testpb,delete
na_ontap_security_certificates:
<<: *login
common_name: "{{ ontap_cert_user }}"
name: "{{ ontap_cert_name }}"
svm: "{{ svm }}"
state: absent
register: result
- debug: var=result
tags: never,testpb,delete
- assert: {that: not result.changed, quiet: true}
tags: never,testpb,delete

46
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware.yml Normal file
View File

@@ -0,0 +1,46 @@
-
name: Ontap Upgrade Firmware
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars:
# TODO: change these variable values
ontap_firmware_url: TBD
ontap_admin_ip: TBD
ontap_admin_username: admin
ontap_admin_password: TBD
# we recommend to use https, but it requires a valid SSL certificate
ontap_use_https: true
ontap_validate_certs: false
# DONE - do not change anything else
login: &login
hostname: "{{ ontap_admin_ip }}"
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- name: run ontap info module to check connectivity
na_ontap_info:
<<: *login
gather_subset: ontap_system_version
register: ontap
- debug: var=ontap
- name: run ontap command module to validate access permissions
na_ontap_command:
<<: *login
command: version
return_dict: false
register: ontap
- debug: var=ontap
- name: run ontap firmware download module
na_ontap_firmware_upgrade:
<<: *login
package_url: "{{ ontap_firmware_url }}"
register: ontap
- debug: var=ontap

47
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml Normal file
View File

@@ -0,0 +1,47 @@
-
name: Ontap Upgrade Firmware
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars:
# TODO: use --extra_vars to provide values for these variables
# ontap_firmware_url: TBD
# ontap_admin_ip: TBD
# ontap_admin_username: admin
# ontap_admin_password: TBD
# we recommend to use https, but it requires a valid SSL certificate
# if these variables are defined in --extra_vars, the following values are ignored
ontap_use_https: true
ontap_validate_certs: false
# do not change anything else
login: &login
hostname: "{{ ontap_admin_ip }}"
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- name: run ontap info module to check connectivity
na_ontap_info:
<<: *login
gather_subset: ontap_system_version
register: ontap
- debug: var=ontap
- name: run ontap command module to validate access permissions
na_ontap_command:
<<: *login
command: version
return_dict: false
register: ontap
- debug: var=ontap
- name: run ontap firmware download module
na_ontap_firmware_upgrade:
<<: *login
package_url: "{{ ontap_firmware_url }}"
register: ontap
- debug: var=ontap

45
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_vars_file.yml Normal file
View File

@@ -0,0 +1,45 @@
-
name: Ontap Upgrade Firmware
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars_files:
# TODO change this path as needed
- /tmp/ansible/ontap_vars_file.yml
vars:
# we recommend to use https, but it requires a valid SSL certificate
# if these variables are defined in the vars file, the following values are ignored
ontap_use_https: true
ontap_validate_certs: false
# DONE - do not change anything else
login: &login
hostname: "{{ ontap_admin_ip }}"
username: "{{ ontap_admin_username }}"
password: "{{ ontap_admin_password }}"
https: "{{ ontap_use_https }}"
validate_certs: "{{ ontap_validate_certs }}"
tasks:
- name: run ontap info module to check connectivity
na_ontap_info:
<<: *login
gather_subset: ontap_system_version
register: ontap
- debug: var=ontap
- name: run ontap command module to validate access permissions
na_ontap_command:
<<: *login
command: version
return_dict: false
register: ontap
- debug: var=ontap
- name: run ontap firmware download module
na_ontap_firmware_upgrade:
<<: *login
package_url: "{{ ontap_firmware_url }}"
register: ontap
- debug: var=ontap

27
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/ontap_vars_file.yml Normal file
View File

@@ -0,0 +1,27 @@
# TODO: change these variable values
ontap_admin_ip: TBD
# either username/passord credentials
ontap_admin_username: admin
ontap_admin_password: TBD
# or SSL certificate authentication
ontap_cert_filepath: "/home/TBD/test.pem"
ontap_key_filepath: "/home/TBD/test.key"
# we recommend to use https, but it requires a valid SSL certificate
ontap_use_https: true
ontap_validate_certs: false
# Optionally, SVM credentials
ontap_svm_admin_ip: TBD
ontap_svm_admin_username: vsadmin
ontap_svm_admin_password: TBD
# Optionally, to upgrade disk, shelf, acp firmware
ontap_firmware_url: TBD
# DONE - do not change anything else
#
# To use this file:
# option 1: use ansible-playbook command line argument --extra-vars=@<path to this file>
# for instance:
# ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml --extra-vars=@/tmp/ansible/ontap_vars_file.yml
# option 2: include this file in your playbook using vars_files:
# for instance:
# vars_files:
# - <path to vars file>

160
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/rest_apis/volumes.yml Normal file
View File

@@ -0,0 +1,160 @@
-
name: Ontap REST API
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
vars:
admin_ip: XXX.XXX.XXX.XXX
admin_username: XXXXXXXX
admin_password: XXXXXXXX
svm_name: ansibleSVM
login: &login
hostname: "{{ admin_ip }}"
username: "{{ admin_username }}"
password: "{{ admin_password }}"
https: true
validate_certs: false
feature_flags:
trace_apis: true
tasks:
- name: run ontap REST API command as cluster admin - get version
na_ontap_restit:
<<: *login
api: cluster/software
query:
fields: version
register: result
- assert: {that: result.status_code==200, quiet: true}
- name: run ontap REST API command as cluster admin - get list of SVMs
na_ontap_restit:
<<: *login
api: svm/svms
register: result
- assert: {that: result.status_code==200, quiet: true}
- name: run ontap REST API command as cluster admin - get list of aggregates for this SVM
na_ontap_restit:
<<: *login
api: svm/svms
query:
fields: aggregates,cifs,nfs,uuid
query_fields: name
query: "{{ svm_name }}"
hal_linking: true
register: result
- name: run ontap REST API command as cluster admin - delete volume
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
query: # query based DELETE does not require a UUID
name: deleteme_ln1
svm.name: "{{ svm_name }}"
method: DELETE
wait_for_completion: true
register: result
- name: run ontap REST API command as cluster admin - create volume
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
body:
name: deleteme_ln1
aggregates.name:
- aggr1
svm.name: "{{ svm_name }}"
method: POST
wait_for_completion: true
register: result
- assert: {that: result.response.job_response=='success', quiet: true}
- name: run ontap REST API command as cluster admin - create volume - already exists!
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
body:
name: deleteme_ln1
aggregates.name:
- aggr1
svm.name: "{{ svm_name }}"
method: POST
wait_for_completion: true
ignore_errors: true
register: result
- assert:
that: msg in result.error_message
quiet: true
vars:
msg: 'Duplicate volume name'
- name: run ontap REST API command as cluster admin - patch volume (rename)
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
query: # query based DELETE does not require a UUID
name: deleteme_ln1
svm.name: "{{ svm_name }}"
body:
name: deleteme_ln2
method: PATCH
wait_for_completion: true
register: result
- name: run ontap REST API command as cluster admin - delete volume
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
query: # query based DELETE does not require a UUID
name: deleteme_ln2
svm.name: "{{ svm_name }}"
method: DELETE
wait_for_completion: true
register: result
- name: run ontap REST API command as cluster admin - create volume (vserver tunneling)
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
body:
name: deleteme_ln1
aggregates.name:
- aggr1
vserver_name: "{{ svm_name }}"
method: POST
wait_for_completion: true
register: result
- name: run ontap REST API command as cluster admin - patch volume (rename) (vserver tunneling)
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
query: # query based DELETE does not require a UUID
name: deleteme_*
vserver_name: "{{ svm_name }}"
body:
name: deleteme_ln2
method: PATCH
wait_for_completion: true
register: result
- name: run ontap REST API command as cluster admin - delete volume (vserver tunneling)
tags: create
na_ontap_restit:
<<: *login
api: storage/volumes
query: # query based DELETE does not require a UUID
name: deleteme_ln2
vserver_name: "{{ svm_name }}"
method: DELETE
wait_for_completion: true
register: result

42
lib/python3.10/site-packages/ansible_collections/netapp/ontap/playbooks/examples/support/debug_connectivity.yaml Normal file
View File

@@ -0,0 +1,42 @@
-
name: ONTAP connect
hosts: localhost
gather_facts: false
collections:
- netapp.ontap
tasks:
- name: debug connectivity using admin management interface or vsadmin interface
# use this to validate ZAPI and REST connectivity
# - with admin management interface, use admin or a user with admin privileges
# - with vsadmin management interface, use vsadmin or a user with vsadmin privileges
# for better formatting, you may use:
# export ANSIBLE_STDOUT_CALLBACK=minimal
# run this as:
# ansible-playbook -v ansible_collections/netapp/ontap/playbooks/examples/support/debug_connectivity.yaml
# after updating the values for hostname, username, and password
tags:
- admin
- vsadmin
na_ontap_debug:
hostname: "ip address of management interface, or of vserver interface"
username: "xxxx"
password: "yyyy"
https: true
validate_certs: false
- name: debug connectivity using admin interface, validate vserver configuration
# use this to validate ZAPI and REST connectivity, and check vserver is reachable
# with admin management interface, use admin or a user with admin privileges
# run this as
# ansible-playbook -v ansible_collections/netapp/ontap/playbooks/examples/support/debug_connectivity.yaml -t admin_and_vserver
tags:
- never
- admin_and_vserver
na_ontap_debug:
hostname: "ip_address_of_management_interface"
username: "xxxx"
password: "yyyy"
vserver: "svm name"
https: true
validate_certs: false