Comments (7)
RogelioCodes
commented on September 3, 2024
I have since updated my module to the latest collection(netapp.ontap:21.17.3)
I now get an error saying:
"msg": "na_ontap_security_certificates only supports REST, and requires ONTAP 9.6 or later. - HTTPSConnectionPool(host='test01', port=443): Max retries exceeded with url: /api/cluster?fields=version (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:618)'),))"
from netapp.ontap.
lonico
commented on September 3, 2024
The initial issue was fixed in 21.16.0. The error message was wrongly generated when REST was not available. It was not an issue with na_ontap_security_certificates but a utility function it depends on.
So most likely, you experienced the same SSL issue.
This first part of the message is easy to interpret. Since we cannot reach your system, we cannot confirm it supports REST.
The second part is more difficult:
SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:618)'),))
This is not something that comes from our module, and I don’t think it comes from ONTAP, so I’d suspect a networking issue. The first thing that comes to mind is a proxy issue. Are you using a proxy by any chance?
from netapp.ontap.
lonico
commented on September 3, 2024
A bit of googling also suggests to check the version of OpenSSL. Could you try this with python 2.7:
from urllib2 import urlopen
urlopen('https://www.howsmyssl.com/a/check').read()
from netapp.ontap.
RogelioCodes
commented on September 3, 2024
A bit of googling also suggests to check the version of OpenSSL. Could you try this with python 2.7:
from urllib2 import urlopen urlopen('https://www.howsmyssl.com/a/check').read()
heres what i get:
$ python test5.py
Traceback (most recent call last):
File "test5.py", line 2, in <module>
urlopen('https://www.howsmyssl.com/a/check').read()
File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python2.7/urllib2.py", line 437, in open
response = meth(req, response)
File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.7/urllib2.py", line 475, in error
return self._call_chain(*args)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 403: Forbidden
from netapp.ontap.
RogelioCodes
commented on September 3, 2024
The initial issue was fixed in 21.16.0. The error message was wrongly generated when REST was not available. It was not an issue with na_ontap_security_certificates but a utility function it depends on.
So most likely, you experienced the same SSL issue.
This first part of the message is easy to interpret. Since we cannot reach your system, we cannot confirm it supports REST.
The second part is more difficult: SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:618)'),))
This is not something that comes from our module, and I don’t think it comes from ONTAP, so I’d suspect a networking issue. The first thing that comes to mind is a proxy issue. Are you using a proxy by any chance?
Hello, I actually think I have an idea of whats happening. We’re updating an expiring signed certificate, which requires the deletion of an existing certificate, which stops the ssl service. If the service stops every time a certificate is deleted, how am I supposed to install the new one. The SSL service is down after deleting.
from netapp.ontap.
lonico
commented on September 3, 2024
So the new issue is that you cannot use certificate authentication after deleting the certificate. But how do you renew a certificate?
A few options:
- You could install the new certificate with a new name. We support both a
nameand acommon_name. Since this a different certificate, it seems a new name would help. name is not supported by ONTAP 9.6 or 9.7, but was added in 9.8. once the new certificate is installed, the old one can be safely deleted. - if you want to delete the certificate first, you can install the new one using username/password authentication. Though it defeats the purpose of using SSL authentication.
from netapp.ontap.
lonico
commented on September 3, 2024
I'm closing this issue, as the original problem (NULL error message) was addressed in 21.16.0.
Usage issues can be tracked in Slack, as we already have a parallel conversation in #configurationmgmt.
from netapp.ontap.
Related Issues (20)
- Current version pushed to Ansible Galaxy has typo in `/netapp/ontap/plugins/modules/na_ontap_s3_users.py` HOT 33
- na_ontap_igroup_initiator fail after second run HOT 3
- Metrocluster Switchover -Simulate true HOT 2
- na_ontap_s3_service module or na_ontap_svm module needs to return access key and secret key HOT 3
- "owning_resource" in na_ontap_rest_info HOT 2
- na_ontap_interface feature_flags not working HOT 2
- It is not possible to set the audit file rotation to a schedule HOT 6
- Error in na_ontap_nfs HOT 2
- SVM Provisioning with 'workgroup' requires ZAPI instead of REST HOT 1
- Missing Modules After Install netapp.ontap Collection HOT 1
- na_ontap_cifs_server - support for multichannel and max-connections HOT 2
- na_ontap_cifs - add support for offline_files property HOT 4
- deleting qtrees with many files has no success. HOT 4
- Autonomous Ransomware Protection change status HOT 1
- Trying to break the snapmirror throws error if primary cluster is not available HOT 3
- Add snapshot locking to na_ontap_volume & na_ontap_snapshot_policy HOT 1
- Installing multiple intermediate certificates in na_ontap_security_certificates
- Add support for activity_tracking HOT 1
- Snapmirror-Resync fails on different Ontap-versions HOT 1
- na_ontap_broadcast_domain doesnt correctly modifying a broadcast domain's ports using REST HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netapp.ontap.