diff options
Diffstat (limited to 'collections-debian-merged/ansible_collections/netapp/ontap/playbooks')
9 files changed, 719 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/README.md b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/README.md new file mode 100644 index 00000000..59fbcb60 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/README.md @@ -0,0 +1,37 @@ +============================================================= + + netapp.ontap + + NetApp ONTAP Collection + + Copyright (c) 2020 NetApp, Inc. All rights reserved. + Specifications subject to change without notice. + +============================================================= +# Playbook examples + +As the name indicates, these are examples, and while they are working at the time of publication, we do not support these playbooks. +We cannot guarantee they are working on other systems, or other configurations, or other versions than what we used at the time. +We will not maintain these playbooks as time passes. + +## ONTAP Firmware Updates + +By default, downloading a firmware image is enough to trigger an update. +The update happens automatically in background for the disk qualification package and for disk, shelf, and ACP firmwares. It is designed to be non disruptive. + +The SP firmware will be automatically installed, but requires a node reboot. The reboot is not done in these playbooks. + +The na_ontap_pb_upgrade_firmware playbooks are illustrating three ways to use variables in an Ansible playbook: +1. directly inside the playbook, under the `vars:` keyword +1. by importing an external file, under the `vars_file:` keyword +1. by adding `--extra-vars` to the `ansible-playbook` command line. Using `@` enables to use a file rather than providing each variable explicitly. + +``` +ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware.yml + +ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_vars_file.yml + +ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml --extra-vars=@/tmp/ansible/ontap_vars_file.yml +``` + +The advantage of using a vars_file is that you can keep important variables private. --extra-vars provides more flexibility regarding the location of the vars file.
\ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/json_query/README.md b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/json_query/README.md new file mode 100644 index 00000000..0d3321af --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/json_query/README.md @@ -0,0 +1,30 @@ +============================================================= + + netapp.ontap + + NetApp ONTAP Collection + + Copyright (c) 2020 NetApp, Inc. All rights reserved. + Specifications subject to change without notice. + +============================================================= +# Playbook examples + +As the name indicates, these are examples, and while they are working at the time of publication, we do not support these playbooks. +We cannot guarantee they are working on other systems, or other configurations, or other versions than what we used at the time. +We will not maintain these playbooks as time passes. + +## ONTAP list volumes that are online, or offline + +The na_ontap_pb_get_online_volumes playbook illustrate two ways to use json_query: +1. to flatten a complex structure and extract only the fields of interest, +2. to filter the fields of interest based on some criteria. + +The na_ontap_pb_get_online_volumes playbook illustrates three ways to use variables in an Ansible playbook: +1. directly inside the playbook, under the `vars:` keyword, +1. by importing an external file, under the `vars_files:` keyword, +1. by adding `--extra-vars` to the `ansible-playbook` command line. Using `@` enables to use a file rather than providing each variable explicitly. + +Note that `--extra-vars` has the highest precedence. `vars` has the lowest precedence. It is possible to comnbine the 3 techniques within a single playbook. + +The advantage of using a vars_file is that you can keep important variables private. --extra-vars provides more flexibility regarding the location of the vars file. diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/json_query/na_ontap_pb_get_online_volumes.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/json_query/na_ontap_pb_get_online_volumes.yml new file mode 100644 index 00000000..70c242e1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/json_query/na_ontap_pb_get_online_volumes.yml @@ -0,0 +1,76 @@ +- + name: Get list of online ONTAP volumes + hosts: localhost + gather_facts: no + collections: + - netapp.ontap + vars_files: + # This will fail silently if the vars_file is not found. Remove '/dev/null' to force an error + # if --extra_vars is used to provide values for these variables, the values from vars_file are ignored + - ['/path/to/ontap_vars_file.yml', '/dev/null'] + + vars: + # TODO: change these value until DONE, unless a vars file or --extra_vars is used. + # If --extra_vars is used to provide values for these variables, the values below are ignored. + # If vars_files is used, the values below are ignored. + ontap_admin_ip: TBD + # username/password authentication + ontap_admin_username: admin + ontap_admin_password: TBD + # SSL certificate authentication + ontap_cert_filepath: "/path/to/test.pem" + ontap_key_filepath: "/path/to//test.key" + # optional, SVM login + ontap_svm_admin_ip: TBD + ontap_svm_admin_username: vsadmin + ontap_svm_admin_password: TBD + # we recommend to use https, with a valid certificate + ontap_use_https: true + ontap_validate_certs: false + # DONE + login: &login + hostname: "{{ ontap_admin_ip }}" + username: "{{ ontap_admin_username }}" + password: "{{ ontap_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + cert_login: &cert_login + hostname: "{{ ontap_admin_ip }}" + cert_filepath: "{{ ontap_cert_filepath }}" + key_filepath: "{{ ontap_key_filepath }}" + https: true # ignored, as https is required for SSL + validate_certs: "{{ ontap_validate_certs }}" + svm_login: &svm_login + hostname: "{{ ontap_svm_admin_ip }}" + username: "{{ ontap_svm_admin_username }}" + password: "{{ ontap_svm_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + tasks: + - name: collect list of volumes, and state information + na_ontap_info: + <<: *cert_login + gather_subset: volume_info + desired_attributes: + volume-attributes: + volume-state-attributes: + state: + use_native_zapi_tags: false + register: ontap + - debug: var=ontap + tags: never + - set_fact: + volumes: "{{ ontap.ontap_info | json_query(get_attrs) }}" + vars: + get_attrs: "volume_info.*.{id: volume_id_attributes.name, svm: volume_id_attributes.owning_vserver_name, state: volume_state_attributes.state}" + - debug: var=volumes + - set_fact: + online_volumes: "{{ volumes | json_query(get_online) }}" + vars: + get_online: "[? state=='online']" + - debug: var=online_volumes + - set_fact: + offline_volumes: "{{ volumes | json_query(get_offline) }}" + vars: + get_offline: "[? state=='offline']" + - debug: var=offline_volumes diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate.yml new file mode 100644 index 00000000..a6221e84 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate.yml @@ -0,0 +1,209 @@ +# Example of installing a SSL certificate in ONTAP for authentication +# This playbook: +# 1. installs the certificate, or proceeds if the certificate is already installed, +# 2. enables SSL client authentication, +# 3. creates user account for cert authentication for ontapi and http applications, +# 4. validates that cert authentication works +# +# in test mode (using tags: -t all,testpb): +# 1b. the installation is repeated, to validate the check for idempotency (certificate already installed), +# 5. user account for cert authentication for ontapi and http applications is deleted, +# 6. if the certificate was installed in step 1, it is deleted. +# The certificate can be manually deleted using something like: +# security certificate delete -vserver trident_svm -common-name cert_user -ca cert_user -type * +# +# Prerequisites: +# you must have generated a certificate and have the certificate file (.pem) and the private key file available. +# This was tested using a self signed certificate: +# https://netapp.io/2016/11/08/certificate-based-authentication-netapp-manageability-sdk-ontap/ +- + name: Ontap Install SSL certificate and enable SSL certificate authentication + hosts: localhost + gather_facts: no + collections: + - netapp.ontap + vars: + # TODO: change these variable values from HERE to DONE: + ontap_admin_ip: 10.XXX.XXX.X19 + ontap_admin_username: admin + ontap_admin_password: XXXXXXXX + # we recommend to use https, but it requires a valid SSL certificate + ontap_use_https: true + ontap_validate_certs: false + + # parameters to set up the certificate, ontap_cert_user must match the value of CN= when generating the certificate + ontap_cert_user: cert_user + ontap_cert_name: deleteme_cert + # admin or vsadmin + ontap_cert_role: vsadmin + # admin or data SVM + vserver: trident_svm + # admin or SVM IP address (for admin, would the same as ontap_admin_ip) + ontap_svm_ip: 10.XXX.XXX.X21 + # certificate and private key files + cert_filepath: "/home/laurentn/atelier/ansible_wsl/ansible-playbooks/test.pem" + key_filepath: "/home/laurentn/atelier/ansible_wsl/ansible-playbooks/test.key" + # set this to false if the certificate is self-signed + validate_certs_for_ssl_auth: false + + # you can either copy/paste the certificate(s) from the pem file, respecting the identation: + ssl_certificate_inline: | + -----BEGIN CERTIFICATE----- + MXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxx== + -----END CERTIFICATE----- + + # or read it directly from the pem file + ssl_certificate_from_file: "{{lookup('file', cert_filepath)}}" + + # pick one: + # ssl_certificate: "{{ ssl_certificate_inline }}" + ssl_certificate: "{{ ssl_certificate_from_file }}" + + # DONE - do not change anything else (unless you really want to) + + # this will be used to authenticate using SSL certificate + cert_login: &cert_login + hostname: "{{ ontap_svm_ip }}" + cert_filepath: "{{ cert_filepath }}" + key_filepath: "{{ key_filepath }}" + https: true + validate_certs: "{{ validate_certs_for_ssl_auth }}" + + login: &login + hostname: "{{ ontap_admin_ip }}" + username: "{{ ontap_admin_username }}" + password: "{{ ontap_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + + tasks: + - name: run ontap info module to check connectivity + na_ontap_info: + <<: *login + gather_subset: ontap_system_version + register: ontap + - debug: var=ontap.ontap_info.ontap_version + + - name: use ZAPIT to install certificate + na_ontap_zapit: + <<: *login + zapi: + security-certificate-install: + cert-name: "{{ ontap_cert_name }}" + certificate: "{{ ssl_certificate }}" + type: client-ca + vserver: "{{ vserver }}" + ignore_errors: true + register: ontap + - debug: var=ontap + - fail: + msg: "Failed to install certificate: {{ ontap }}" + when: ontap.failed and ontap.reason != "duplicate entry" + - name: collect certificate data to be able to delete it later when testing + tags: never,testpb + set_fact: + certificate_authority: "{{ ontap.response.ca | default('unknown') }}" + serial_number: "{{ ontap.response.serial | default(0) }}" + certificate_installed: "{{ not ontap.failed }}" + - debug: var=certificate_authority + tags: never,testpb + - debug: var=serial_number + tags: never,testpb + - debug: var=certificate_installed + tags: never,testpb + + - name: use ZAPIT to install certificate (idempotency) + # use -t all,testpb when testing the playbook + tags: never,testpb + na_ontap_zapit: + <<: *login + zapi: + security-certificate-install: + cert-name: "{{ ontap_cert_name }}" + certificate: "{{ ssl_certificate }}" + type: client-ca + vserver: "{{ vserver }}" + ignore_errors: true + register: ontap + - debug: var=ontap + tags: never,testpb + - fail: + msg: "Failed to install certificate: {{ ontap }}" + tags: never,testpb + when: ontap.failed and ontap.reason != "duplicate entry" + + - name: use ZAPIT to enable certificate authentication + na_ontap_zapit: + <<: *login + zapi: + security-ssl-modify: + client-authentication-enabled: true + vserver: "{{ vserver }}" + register: ontap + - debug: var=ontap + tags: never,testpb + + - name: set up cert authentication for ontapi (ZAPI) and http (REST) + na_ontap_user: + <<: *login + applications: ontapi,http + authentication_method: cert + name: "{{ ontap_cert_user }}" + role_name: "{{ ontap_cert_role }}" + vserver: "{{ vserver }}" + register: ontap + - debug: var=ontap + tags: never,testpb + + - name: validate cert authentication is working for ZAPI + na_ontap_info: + <<: *cert_login + gather_subset: ontap_version + register: ontap + - debug: var=ontap + + - name: remove cert authentication for ontapi (ZAPI) and http (REST) when testing + tags: never,testpb + na_ontap_user: + <<: *login + state: absent + applications: ontapi,http + authentication_method: cert + name: "{{ ontap_cert_user }}" + role_name: "{{ ontap_cert_role }}" + vserver: "{{ vserver }}" + register: ontap + - debug: var=ontap + tags: never,testpb + + - name: use ZAPIT to delete certificate when testing + # use -t all,never when testing the playbook + tags: never,testpb,delete + na_ontap_zapit: + <<: *login + zapi: + security-certificate-delete: + certificate-authority: "{{ certificate_authority }}" + common-name: "{{ certificate_authority }}" + serial-number: "{{ serial_number }}" + type: client-ca + vserver: "{{ vserver }}" + when: certificate_installed diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate_REST.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate_REST.yml new file mode 100644 index 00000000..3aabe0be --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_install_SSL_certificate_REST.yml @@ -0,0 +1,202 @@ +# Example of installing a SSL certificate in ONTAP for authentication +# This playbook: +# 1. installs the certificate, or proceeds if the certificate is already installed, +# (this also enables SSL client authentication), +# 2. creates user account for cert authentication for ontapi and http applications, +# 3. validates that cert authentication works +# +# in test mode (using tags: -t all,testpb): +# 1b. the installation is repeated, to validate the check for idempotency (certificate already installed), +# 4. user account for cert authentication for ontapi and http applications is deleted, +# 6. if the certificate was installed in step 1, it is deleted. +# The certificate can be manually deleted using something like: +# security certificate delete -vserver trident_svm -common-name cert_user -ca cert_user -type * +# +# Prerequisites: +# you must have generated a certificate and have the certificate file (.pem) and the private key file available. +# This was tested using a self signed certificate: +# https://netapp.io/2016/11/08/certificate-based-authentication-netapp-manageability-sdk-ontap/ +- + name: Ontap Install SSL certificate and enable SSL certificate authentication + hosts: localhost + gather_facts: no + collections: + - netapp.ontap + vars: + # TODO: change these variable values from HERE to DONE: + ontap_admin_ip: 10.xxx.xxx.x19 + ontap_admin_username: admin + ontap_admin_password: xxxxxxxxx + # we recommend to use https, but it requires a valid SSL certificate + ontap_use_https: true + ontap_validate_certs: false + + # parameters to set up the certificate, ontap_cert_user must match the value of CN= when generating the certificate + ontap_cert_user: cert_user + ontap_cert_name: testme-cert + # admin or vsadmin + ontap_cert_role: vsadmin + # data SVM + svm: trident_svm + # uncomment and leave the value empty for cluster certificate + # svm: + # admin or SVM IP address (for admin, would the same as ontap_admin_ip) + ontap_svm_ip: 10.XXX.XXX.X21 + # certificate and private key files + cert_filepath: "/home/laurentn/atelier/ansible_wsl/ansible-playbooks/test.pem" + key_filepath: "/home/laurentn/atelier/ansible_wsl/ansible-playbooks/test.key" + # set this to false if the certificate is self-signed + validate_certs_for_ssl_auth: false + + # you can either copy/paste the certificate(s) from the pem file, respecting the identation: + ssl_certificate_inline: | + -----BEGIN CERTIFICATE----- + MXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxx + XXXXXXXXxxxxxxxxXXXXXXXXxxxxxxxxXXXXXXXXxx== + -----END CERTIFICATE----- + + # or read it directly from the pem file + ssl_certificate_from_file: "{{lookup('file', cert_filepath)}}" + + # pick one: + # ssl_certificate: "{{ ssl_certificate_inline }}" + ssl_certificate: "{{ ssl_certificate_from_file }}" + + # DONE - do not change anything else (unless you really want to) + + # this will be used to authenticate using SSL certificate + cert_login: &cert_login + hostname: "{{ ontap_admin_ip }}" + cert_filepath: "{{ cert_filepath }}" + key_filepath: "{{ key_filepath }}" + https: true + validate_certs: "{{ validate_certs_for_ssl_auth }}" + + login: &login + hostname: "{{ ontap_admin_ip }}" + username: "{{ ontap_admin_username }}" + password: "{{ ontap_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + + tasks: + - name: run ontap info module to check connectivity + na_ontap_info: + <<: *login + gather_subset: ontap_system_version + register: ontap + - debug: var=ontap.ontap_info.ontap_version + + - name: install certificate + na_ontap_security_certificates: + <<: *login + common_name: "{{ ontap_cert_user }}" + name: "{{ ontap_cert_name }}" + public_certificate: "{{ ssl_certificate }}" + type: client_ca + svm: "{{ svm }}" + register: result + - debug: var=result + - assert: { that: result.changed, quiet: True } + + - name: install certificate (idempotency test) + # use -t all,testpb when testing the playbook + tags: never,testpb + na_ontap_security_certificates: + <<: *login + common_name: "{{ ontap_cert_user }}" + name: "{{ ontap_cert_name }}" + public_certificate: "{{ ssl_certificate }}" + type: client_ca + svm: "{{ svm }}" + register: result + - debug: var=result + tags: never,testpb + - assert: { that: not result.changed, quiet: True } + tags: never,testpb + + - name: set up cert authentication for ontapi (ZAPI) and http (REST) + na_ontap_user: + <<: *login + applications: ontapi,http + authentication_method: cert + name: "{{ ontap_cert_user }}" + role_name: "{{ ontap_cert_role }}" + svm: "{{ svm }}" + use_rest: Always + register: result + - debug: var=result + tags: never,testpb + - assert: { that: result.changed, quiet: True } + tags: never,testpb + + - name: validate cert authentication is working for REST + na_ontap_rest_info: + <<: *cert_login + gather_subset: vserver_info + register: result + - debug: var=result + + - name: remove cert authentication for ontapi (ZAPI) and http (REST) when testing + tags: never,testpb + na_ontap_user: + <<: *login + state: absent + applications: ontapi,http + authentication_method: cert + name: "{{ ontap_cert_user }}" + role_name: "{{ ontap_cert_role }}" + svm: "{{ svm }}" + use_rest: Always + register: result + - debug: var=result + tags: never,testpb + - assert: { that: result.changed, quiet: True } + tags: never,testpb + + - name: delete certificate when testing + # use -t all,never when testing the playbook + tags: never,testpb,delete + na_ontap_security_certificates: + <<: *login + common_name: "{{ ontap_cert_user }}" + name: "{{ ontap_cert_name }}" + svm: "{{ svm }}" + state: absent + register: result + - debug: var=result + tags: never,testpb,delete + - assert: { that: result.changed, quiet: True } + tags: never,testpb,delete + + - name: delete certificate when testing (idempotemcy) + # use -t all,never when testing the playbook + tags: never,testpb,delete + na_ontap_security_certificates: + <<: *login + common_name: "{{ ontap_cert_user }}" + name: "{{ ontap_cert_name }}" + svm: "{{ svm }}" + state: absent + register: result + - debug: var=result + tags: never,testpb,delete + - assert: { that: not result.changed, quiet: True } + tags: never,testpb,delete diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware.yml new file mode 100644 index 00000000..9ec10865 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware.yml @@ -0,0 +1,46 @@ +- + name: Ontap Upgrade Firmware + hosts: localhost + gather_facts: no + collections: + - netapp.ontap + vars: + # TODO: change these variable values + ontap_firmware_url: TBD + ontap_admin_ip: TBD + ontap_admin_username: admin + ontap_admin_password: TBD + # we recommend to use https, but it requires a valid SSL certificate + ontap_use_https: true + ontap_validate_certs: false + # DONE - do not change anything else + + login: &login + hostname: "{{ ontap_admin_ip }}" + username: "{{ ontap_admin_username }}" + password: "{{ ontap_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + + tasks: + - name: run ontap info module to check connectivity + na_ontap_info: + <<: *login + gather_subset: ontap_system_version + register: ontap + - debug: var=ontap + + - name: run ontap command module to validate access permissions + na_ontap_command: + <<: *login + command: version + return_dict: false + register: ontap + - debug: var=ontap + + - name: run ontap firmware download module + na_ontap_firmware_upgrade: + <<: *login + package_url: "{{ ontap_firmware_url }}" + register: ontap + - debug: var=ontap
\ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml new file mode 100644 index 00000000..d55dec10 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml @@ -0,0 +1,47 @@ +- + name: Ontap Upgrade Firmware + hosts: localhost + gather_facts: no + collections: + - netapp.ontap + vars: + # TODO: use --extra_vars to provide values for these variables + # ontap_firmware_url: TBD + # ontap_admin_ip: TBD + # ontap_admin_username: admin + # ontap_admin_password: TBD + # we recommend to use https, but it requires a valid SSL certificate + # if these variables are defined in --extra_vars, the following values are ignored + ontap_use_https: true + ontap_validate_certs: false + # do not change anything else + + login: &login + hostname: "{{ ontap_admin_ip }}" + username: "{{ ontap_admin_username }}" + password: "{{ ontap_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + + tasks: + - name: run ontap info module to check connectivity + na_ontap_info: + <<: *login + gather_subset: ontap_system_version + register: ontap + - debug: var=ontap + + - name: run ontap command module to validate access permissions + na_ontap_command: + <<: *login + command: version + return_dict: false + register: ontap + - debug: var=ontap + + - name: run ontap firmware download module + na_ontap_firmware_upgrade: + <<: *login + package_url: "{{ ontap_firmware_url }}" + register: ontap + - debug: var=ontap
\ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_vars_file.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_vars_file.yml new file mode 100644 index 00000000..d8a68c63 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_vars_file.yml @@ -0,0 +1,45 @@ +- + name: Ontap Upgrade Firmware + hosts: localhost + gather_facts: no + collections: + - netapp.ontap + vars_files: + # TODO change this path as needed + - /tmp/ansible/ontap_vars_file.yml + vars: + # we recommend to use https, but it requires a valid SSL certificate + # if these variables are defined in the vars file, the following values are ignored + ontap_use_https: true + ontap_validate_certs: false + # DONE - do not change anything else + + login: &login + hostname: "{{ ontap_admin_ip }}" + username: "{{ ontap_admin_username }}" + password: "{{ ontap_admin_password }}" + https: "{{ ontap_use_https }}" + validate_certs: "{{ ontap_validate_certs }}" + + tasks: + - name: run ontap info module to check connectivity + na_ontap_info: + <<: *login + gather_subset: ontap_system_version + register: ontap + - debug: var=ontap + + - name: run ontap command module to validate access permissions + na_ontap_command: + <<: *login + command: version + return_dict: false + register: ontap + - debug: var=ontap + + - name: run ontap firmware download module + na_ontap_firmware_upgrade: + <<: *login + package_url: "{{ ontap_firmware_url }}" + register: ontap + - debug: var=ontap
\ No newline at end of file diff --git a/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/ontap_vars_file.yml b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/ontap_vars_file.yml new file mode 100644 index 00000000..7675e295 --- /dev/null +++ b/collections-debian-merged/ansible_collections/netapp/ontap/playbooks/examples/ontap_vars_file.yml @@ -0,0 +1,27 @@ +# TODO: change these variable values +ontap_admin_ip: TBD +# either username/passord credentials +ontap_admin_username: admin +ontap_admin_password: TBD +# or SSL certificate authentication +ontap_cert_filepath: "/home/TBD/test.pem" +ontap_key_filepath: "/home/TBD/test.key" +# we recommend to use https, but it requires a valid SSL certificate +ontap_use_https: true +ontap_validate_certs: false +# Optionally, SVM credentials +ontap_svm_admin_ip: TBD +ontap_svm_admin_username: vsadmin +ontap_svm_admin_password: TBD +# Optionally, to upgrade disk, shelf, acp firmware +ontap_firmware_url: TBD +# DONE - do not change anything else +# +# To use this file: +# option 1: use ansible-playbook command line argument --extra-vars=@<path to this file> +# for instance: +# ansible-playbook ansible_collections/netapp/ontap/playbooks/examples/na_ontap_pb_upgrade_firmware_with_extra_vars.yml --extra-vars=@/tmp/ansible/ontap_vars_file.yml +# option 2: include this file in your playbook using vars_files: +# for instance: +# vars_files: +# - <path to vars file> |