SUMMARY

Dear maintainers,

This is important for your collections!

• In accordance with the Community decision, we have created the news-for-maintainers repository for announcements of changes impacting collection maintainers (see the examples) instead of Issue 45 that will be closed soon.

  • To keep yourself well-informed and, therefore, things in your collection working, please subscribe to the repository by using the Watch button in the upper right corner on the repository's home page.
  • If you do not want to get notifications about related discussions, please subscribe only to Issues.
  • Please read the brief guidelines on how the repository should be used.
  • Please avoid unnecessary discussions in issues, use the Discussions feature. Every comment posted will notify a lot of folks!

• Also we would like to remind you about the Bullhorn contributor newsletter which has recently started to be released weekly. To learn what it looks like, see the past releases. Please subscribe and talk to the Community via Bullhorn!

• Join us in #ansible-social (for news reporting & chat), #ansible-community (for discussing collection & maintainer topics), and other channels on Matrix/IRC.

• Help the Community and the Steering Committee to make right decisions by taking part in discussing and voting on the Community Topics that impact the whole project and the collections in particular. Your opinion there will be much appreciated!

Thank you!

SUMMARY

Is it possible to add a feature for getting information about s3 access keys that is associated with the root account and possible other accounts?

You can get there in the GUI by impersonating an account -> Users -> root -> Access keys.

We are using federated accounts that has root access to acquire the necessary tokens.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

netapp.storagegrid.na_sg_org_info

ADDITIONAL INFORMATION

At the moment we store access keys within the root user. We would like to gitops the procedure of creating buckets and s3 keys. Example play below.

  - name: Create StorageGRID Tenants
    netapp.storagegrid.na_sg_grid_account:
      api_url: "{{ grid_admin_base_url }}"
      auth_token: "{{ auth.json.data }}"
      root_access_group: "{{ sg_root_access_group }}"
      state: present
      name: "{{ item.name }}"
      protocol: s3
      management: true
      use_own_identity_source: false
      allow_platform_services: true
      quota_size: 0
    no_log: true
    register: account
    loop: "{{ sg_tenants }}"

  - name: Get tenant Authorization token
    ansible.builtin.uri:
      url: "{{ grid_admin_base_url }}/api/v3/authorize"
      method: POST
      body:
        accountId: "{{ item.resp.id }}"
        username: "{{ sg_username.user_input | default(sg_user) }}"
        password: "{{ sg_password.user_input }}"
      body_format: json
      validate_certs: true
    register: auth
    loop: "{{ account.results })"

     ### Possible scenario ###
  - name: Gather StorageGRID Org info s3 access keys
    netapp.storagegrid.na_sg_org_info:
      api_url: "{{ grid_admin_base_url }}"
      auth_token: "{{ item.json.data }}"
      gather_subset:
        - org_users_current_root_user_s3_access_keys_info
    register: sg_s3keys
    loop: "{{ auth.results }}"

  - name: Create a s3 key for our users
    netapp.storagegrid.na_sg_org_user_s3_key:
      access_key: "{{ item[0].resp.accessKey }}"
      api_url: "{{ grid_admin_base_url }}"
      auth_token: "{{ item[1].json.data }}"
      state: present
      unique_user_name: "{{ sg_unique_user_name }}"
    register: sg_s3keys
    with_nested: 
      - "{{ sg_s3keys.results }}"
      - "{{ auth.results }}"

SUMMARY

netapp.storagegrid.na_sg_grid_account missing a new parameter allowSelectObjectContent

ISSUE TYPE

• Bug Report

COMPONENT NAME

netapp.storagegrid.na_sg_grid_account

ANSIBLE VERSION

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/sfinx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/sfinx/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/sfinx/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/sfinx/.local/bin/ansible
  python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0]
  jinja version = 3.0.3
  libyaml = True

COLLECTION VERSION

Collection         Version
------------------ -------
netapp.storagegrid 21.11.1

OS / ENVIRONMENT

Applicable to 11.6.0.7

STEPS TO REPRODUCE

Parameter allowSelectObjectContent not specified in body request for POST /grid/accounts and as a result it will be set to default false

SUMMARY

An Ansible module called na_sg_grid_gateway.py uploads a load balancer endpoint certificate to an incorrect load balancer endpoint if there are multiple endpoints that use the same port.

ISSUE TYPE

• Bug Report

COMPONENT NAME

na_sg_grid_gateway

ANSIBLE VERSION

ansible [core 2.11.6]
  config file = /Users/Ville.Harmaala/.ansible.cfg
  configured module search path = ['/Users/Ville.Harmaala/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/4.8.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/Ville.Harmaala/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.0 (default, Oct 13 2021, 06:45:00) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.2
  libyaml = True

COLLECTION VERSION

# /Users/Ville.Harmaala/.ansible/collections/ansible_collections
Collection         Version
------------------ -------
netapp.storagegrid 21.8.0

CONFIGURATION

ANSIBLE_PIPELINING(/Users/Ville.Harmaala/.ansible.cfg) = True
CALLBACKS_ENABLED(/Users/Ville.Harmaala/.ansible.cfg) = ['profile_tasks']
DEFAULT_MANAGED_STR(/Users/Ville.Harmaala/.ansible.cfg) = Ansible managed: modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
DEFAULT_ROLES_PATH(/Users/Ville.Harmaala/.ansible.cfg) = ['<snip>']
HOST_KEY_CHECKING(/Users/Ville.Harmaala/.ansible.cfg) = False
RETRY_FILES_ENABLED(/Users/Ville.Harmaala/.ansible.cfg) = False

OS / ENVIRONMENT

StorageGRID version: 11.5.0.1-20210615.1852.af39a66
Number of load balancer endpoints: 5
Load balancer endpoint port: 10443

STEPS TO REPRODUCE

1. Create two load balancer endpoints called foo and bar
2. Configure both load balancer endpoints to use port 10443
3. Upload a load balancer endpoint certificate to the endpoint called foo by using the Ansible module called na_sg_grid_gateway.py

# Authorize
- name: Get grid authorization token
  uri:
    url: "{{ grid_admin_base_url }}/api/v3/authorize"
    method: POST
    body: {
      "username": "{{ grid_username }}",
      "password": "{{ grid_password }}",
      "cookie": false,
      "csrfToken": false
    }
    body_format: json
  register: auth
  
# Deploy a certificate
- name: Deploy load balancer endpoint certificate
  na_sg_grid_gateway:
    api_url: "{{ grid_admin_base_url }}"
    auth_token: "{{ auth.json.data }}"
    state: present
    display_name: "foo"
    port: 10443
    secure: true
    enable_ipv4: true
    enable_ipv6: true
    default_service_type: "s3"
    server_certificate: "<snip>"
    private_key: "<snip>"
    ca_bundle: "<snip>"
  no_log: true  # hide cert, chain and privkey

EXPECTED RESULTS

The certificate is uploaded to the load balancer endpoint called foo.

ACTUAL RESULTS

The certificate is actually deployed to the load balancer endpoint called bar.

changed: [localhost] => {
    "changed": true,
    "invocation": {
        "module_args": {
            "api_url": "<snip>",
            "auth_token": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "ca_bundle": "<snip>",
            "default_service_type": "s3",
            "display_name": "foo,
            "enable_ipv4": true,
            "enable_ipv6": true,
            "port": 10443,
            "private_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "secure": true,
            "server_certificate": "<snip>"
            "state": "present",
            "validate_certs": false
        }
    },
    "msg": "Load Balancer Gateway Port Updated",
    "resp": {
        "accountId": "0",
        "certSource": "plaintext",
        "defaultServiceType": "s3",
        "displayName": "bar",
        "enableIPv4": true,
        "enableIPv6": true,
        "id": "51f0fffd-9264-4b48-baa7-33e21cdd8e3c",
        "pinTargets": {
            "haGroups": [
                "dc22631c-7d36-41a7-bad2-9fdfe472a747"
            ],
            "nodeInterfaces": []
        },
        "plaintextCertData": {
            "caBundleEncoded": "<snip>",
            "metadata": {
                "caBundleDetails": [
                    {
                        "fingerPrints": {
                            "SHA-1": "<snip>",
                            "SHA-256": "<snip>"
                        },
                        "issuer": "/C=US/O=Internet Security Research Group/CN=ISRG Root X1",
                        "notAfter": "2025-09-15T16:00:00.000Z",
                        "notBefore": "2020-09-04T00:00:00.000Z",
                        "serialNumber": "<snip>"
                        "subject": "/C=US/O=Let's Encrypt/CN=R3"
                    },
                    {
                        "fingerPrints": {
                            "SHA-1": "<snip>",
                            "SHA-256": "<snip>"
                        },
                        "issuer": "/O=Digital Signature Trust Co./CN=DST Root CA X3",
                        "notAfter": "2024-09-30T18:14:03.000Z",
                        "notBefore": "2021-01-20T19:14:03.000Z",
                        "serialNumber": "<snip>",
                        "subject": "/C=US/O=Internet Security Research Group/CN=ISRG Root X1"
                    }
                ],
                "serverCertificateDetails": {
                    "fingerPrints": {
                        "SHA-1": "<snip>",
                        "SHA-256": "<snip>"
                    },
                    "issuer": "/C=US/O=Let's Encrypt/CN=R3",
                    "notAfter": "2022-03-02T11:35:53.000Z",
                    "notBefore": "2021-12-02T11:35:54.000Z",
                    "serialNumber": "<snip>"
                    "subject": "/CN=<snip>",
                    "subjectAltNames": [
                        "DNS:<snip>"
                    ]
                }
            },
            "serverCertificateEncoded": "<snip>"
        },
        "port": 10443,
        "secure": true
    }
}

Seems like the module works like this:

• Get list of all gateway port configurations (i.e. load balancer endpoint configurations)
• Get only a list of used ports (literally ports, gets only 10443 because it is the only port that is used in the test scenario, i.e. the list that the module creates consists of a single element)
• If port already exists then get gateway ID and get the gateway port server configs (a foor loop enumerates the list that consists of a single element, runs a single iteration because of it and only gets the ID of the first load balancer endpoint out of the two endpoints that the alphabetically sorted JSON data includes)
• The first load balancer endpoint in terms of an alphabetical order is bar, so the module only takes it into account and ignores the rest of the endpoints, such as foo, despite the Ansible task above requires otherwise.

Dear maintainers,

According to the Collection requirements, collections included in the ansible package MUST run the ansible-test sanity command from the latest stable ansible-core branch.

It has been recently announced via the news-for-maintainers repository that the ansible-core stable-2.13 branch is available for testing.

• Please add the stable-2.13 branch to your test matrix in the .github/workflows directory, at least, in the sanity jobs section. Any questions, just mention me here.

• If you have integration and/or unit tests, please consider adding the branch to the corresponding sections too.

• If you're not subscribed to the news-for-maintainers repository, please do it to avoid CI related issues in the future.

• If the issue is not relevant to your collection, please close it.

Thank you!

Based on the community decision to use true/false for boolean values in documentation and examples, we ask that you evaluate booleans in this collection and consider changing any that do not use true/false (lowercase).

See documentation block format for more info (specifically, option defaults).

If you have already implemented this or decide not to, feel free to close this issue.

P.S. This is auto-generated issue, please raise any concerns here

SUMMARY

Calls of the HA-group module are skipped when running them in check-mode.

ISSUE TYPE

• Bug Report

COMPONENT NAME

netapp.storagegrid.na_sg_grid_ha_group module

ANSIBLE VERSION

ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['{{ MY_HOME_DIR }}/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = {{ MY_HOME_DIR }}/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 2.10.3
  libyaml = True

COLLECTION VERSION

# /usr/lib/python3.8/site-packages/ansible_collections
Collection         Version
------------------ -------
netapp.storagegrid 21.16.0

But collection Version 21.11.1 is also present on the system and configured to use.

CONFIGURATION

no output

OS / ENVIRONMENT

Red Hat Enterprise Linux release 8.6 (Ootpa)

STEPS TO REPRODUCE

---
- hosts: localhost
  gather_facts: false
  vars:
    grid_fqdn: mygrid.company.com
    grid_username: root
    grid_password: ********
  tasks:
    - name: Grid authorization token holen
      uri:
        url: "https://{{ grid_fqdn }}/api/v3/authorize"
        method: POST
        body: {
          "username": "{{ grid_username }}",
          "password": "{{ grid_password }}",
          "cookie": false,
          "csrfToken": false
        }
        body_format: json
        validate_certs: false
      register: _grid_auth_token
      check_mode: false
      no_log: true
    - name: Manage HA-Groups
      netapp.storagegrid.na_sg_grid_ha_group:
        api_url: "https://{{ grid_fqdn }}"
        auth_token: "{{ _grid_auth_token.json.data }}"
        gateway_cidr: "192.168.2.1/24"
        interfaces:
          - interface: eth2
            node: node1
        name: myhagroup
        virtual_ips:
          - 192.168.2.10
        validate_certs: false
    - name: Grid authorization token ungeueltig machen
      uri:
        url: "https://{{ grid_fqdn }}/api/v3/authorize"
        method: DELETE
        headers:
          X-Csrf-Token: "{{ _grid_auth_token.json.data }}"
        status_code: 204
        validate_certs: false
      check_mode: false
      no_log: true
...

ansible-playbook playbooks/test.yml --check -vvvv

EXPECTED RESULTS

For the second task output "ok" or "changed" depending if the HA-group already exists with the mentioned settings or not.

ACTUAL RESULTS

ansible-playbook [core 2.12.2]
  config file = {{ MY_HOME_DIR }}/storage_ansible/ansible.cfg
  configured module search path = ['{{ MY_HOME_DIR }}/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = {{ MY_HOME_DIR }}/storage_ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 2.10.3
  libyaml = True
Using {{ MY_HOME_DIR }}/storage_ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing {{ MY_HOME_DIR }}/storage_ansible/inventories/inventory.yml as it did not pass its verify_file() method
script declined parsing {{ MY_HOME_DIR }}/storage_ansible/inventories/inventory.yml as it did not pass its verify_file() method
Parsed {{ MY_HOME_DIR }}/storage_ansible/inventories/inventory.yml inventory source with yaml plugin
Loading collection netapp.storagegrid from {{ MY_HOME_DIR }}/storage_ansible/collections/ansible_collections/netapp/storagegrid
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading collection community.general from {{ MY_HOME_DIR }}/storage_ansible/collections/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading callback plugin community.general.yaml of type stdout, v2.0 from {{ MY_HOME_DIR }}/storage_ansible/collections/ansible_collections/community/general/plugins/callback/yaml.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test.yml *****************************************************************************************************
Positional arguments: playbooks/test.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
check: True
inventory: ('{{ MY_HOME_DIR }}/storage_ansible/inventories/inventory.yml',)
forks: 5
1 plays in playbooks/test.yml

PLAY [localhost] *******************************************************************************************************
META: ran handlers

TASK [Grid authorization token holen] **********************************************************************************
task path: {{ MY_HOME_DIR }}/storage_ansible/playbooks/test.yml:9
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: {{ MY_LOGIN_NAME }}
<127.0.0.1> EXEC /bin/sh -c 'echo ~{{ MY_LOGIN_NAME }} && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo {{ MY_HOME_DIR }}/.ansible/tmp `"&& mkdir "` echo {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832 `" && echo ansible-tmp-1668681153.3082294-2081575-225046606505832="` echo {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832 `" ) && sleep 0'
Using module file /usr/lib/python3.8/site-packages/ansible/modules/uri.py
<127.0.0.1> PUT {{ MY_HOME_DIR }}/.ansible/tmp/ansible-local-2081570eqlboveg/tmpaj846t97 TO {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832/AnsiballZ_uri.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832/ {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832/AnsiballZ_uri.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.8 {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832/AnsiballZ_uri.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681153.3082294-2081575-225046606505832/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => changed=false
  censored: 'the output has been hidden due to the fact that ''no_log: true'' was specified for this result'

TASK [Manage HA-Groups] ************************************************************************************************
task path: {{ MY_HOME_DIR }}/storage_ansible/playbooks/test.yml:24
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: {{ MY_LOGIN_NAME }}
<127.0.0.1> EXEC /bin/sh -c 'echo ~{{ MY_LOGIN_NAME }} && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo {{ MY_HOME_DIR }}/.ansible/tmp `"&& mkdir "` echo {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719 `" && echo ansible-tmp-1668681154.1492493-2081591-262145993509719="` echo {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719 `" ) && sleep 0'
Using module file {{ MY_HOME_DIR }}/storage_ansible/collections/ansible_collections/netapp/storagegrid/plugins/modules/na_sg_grid_ha_group.py
<127.0.0.1> PUT {{ MY_HOME_DIR }}/.ansible/tmp/ansible-local-2081570eqlboveg/tmpqy7eymyg TO {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719/AnsiballZ_na_sg_grid_ha_group.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719/ {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719/AnsiballZ_na_sg_grid_ha_group.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.8 {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719/AnsiballZ_na_sg_grid_ha_group.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.1492493-2081591-262145993509719/ > /dev/null 2>&1 && sleep 0'
skipping: [localhost] => changed=false
  invocation:
    module_args:
      api_url: https://mygrid.company.com
      auth_token: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      description: null
      gateway_cidr: 192.168.2.1/24
      ha_group_id: null
      interfaces:
      - interface: eth2
        node: node1
      name: myhagroup
      state: present
      validate_certs: false
      virtual_ips:
      - 192.168.2.10
  msg: remote module (netapp.storagegrid.na_sg_grid_ha_group) does not support check mode

TASK [Grid authorization token ungeueltig machen] **********************************************************************
task path: {{ MY_HOME_DIR }}/storage_ansible/playbooks/test.yml:36
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: {{ MY_LOGIN_NAME }}
<127.0.0.1> EXEC /bin/sh -c 'echo ~{{ MY_LOGIN_NAME }} && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo {{ MY_HOME_DIR }}/.ansible/tmp `"&& mkdir "` echo {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677 `" && echo ansible-tmp-1668681154.8389733-2081607-53893666566677="` echo {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677 `" ) && sleep 0'
Using module file /usr/lib/python3.8/site-packages/ansible/modules/uri.py
<127.0.0.1> PUT {{ MY_HOME_DIR }}/.ansible/tmp/ansible-local-2081570eqlboveg/tmpjnsujv80 TO {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677/AnsiballZ_uri.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677/ {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677/AnsiballZ_uri.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3.8 {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677/AnsiballZ_uri.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r {{ MY_HOME_DIR }}/.ansible/tmp/ansible-tmp-1668681154.8389733-2081607-53893666566677/ > /dev/null 2>&1 && sleep 0'
ok: [localhost] => changed=false
  censored: 'the output has been hidden due to the fact that ''no_log: true'' was specified for this result'
META: ran handlers
META: ran handlers

PLAY RECAP *************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

It looks like this collection is effectively unmaintained. According to the current community guidelines for collections, we will consider removing it in a future version of the Ansible community package. Please see Unmaintained collection: netapp.storagegrid for more information.

At least one month after this announcement appears here and on Bullhorn, the Ansible Community Steering Committee will vote on whether this collection is considered unmaintained and will be removed, or whether it will be kept. If it will be removed, this will happen earliest in Ansible 11. Please note that people can still manually install the collection with ansible-galaxy collection install netapp.storagegrid even when it has been removed from Ansible.

SUMMARY

It would be great if new modules for the following (configuration) options could be provided:

• ILM
  • rules
  • policys
  • storage pool
  • ereasure coding
• endpoint domain names (for virtual host style) (GUI: Configuration -> Domain names)
• gather recovery-package (GUI: Maintenance -> Recovery package)
• proxy-settings (GUI: Configuration -> Proxy settings)
• grid-options (GUI: Configuration -> Grid options)
• mail-setup (GUI: Alert -> Email setup / Support -> Legacy email setup)

Additional it would be fine to add that subsets for that options in the info module, in case they are missing.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

New netapp.storagegrid.na_sg_grid_*-modules
netapp.storagegrid.na_sg_grid_info module

ADDITIONAL INFORMATION

We are trying to completly configure our storagegrid with ansible, so not only creating buckets and managing users but also creating ILM-rules, configuring DNS-Servers and so on. On some items we are successful, but on some we are not able to this with the existing ansible-modules.
The options mention above we have to configure divergent from the default, so it would be nice if we could handle these options with ansible. To delete configured items we need the information about existing items in the info-module

SUMMARY

Would it be possible to add subsets for

• Load balancer (gateway) enpoints
• HA-groups

to the netapp.storagegrid.na_sg_grid_info module.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

netapp.storagegrid.na_sg_grid_info module

ADDITIONAL INFORMATION

For managing (deleting) Load balancer (gateway) endpoints and HA-groups we need to gather information about the existing endpoints and HA-groups.

Mainly the name and id of the endpoints and HA-groups is need, but it would be great if you could add also the following information:

Load balancer endpoints:

• name
• id
• port
• client_type / service_type (s3 or swift)
• network_protokoll (http or https)
• binding-mode
• node + interface
• ha-group
• (certifacte)

HA-groups:

• name
• id
• description
• nodes + interfaces
• priority-order
• subnet
• gateway
• virtual-ips

As Compliance Mode is deprecated starting in StorageGRID 11.5 it would be helpful if the function could be updated/introduced to create buckets with object lock enabled.

SUMMARY

It would be nice to get an module which upgrades StorageGrid clusters including prechecks and automatically update whole cluster.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

• name: Update StorageGRID
  netapp.storagegrid.na_sg_grid_software_update:
  api_url: "https://1.2.3.4/"
  auth_token: "storagegrid-auth-token"
  package_url: 'https://internal-server.domain.local/file.upgrade'
  hotfix: auto
  upgrade: auto
  nodes:
  - adminnode
  - node1
  - node2
  - node3
  validate_certs: false

ADDITIONAL INFORMATION

SUMMARY

Enable the ansible modules for managing gird- and tenant-groups to create read-only-groups.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

netapp.storagegrid.na_sg_grid_group module
netapp.storagegrid.na_sg_org_group module

ADDITIONAL INFORMATION

We are using groups/users that only should have read-only permissions. To manage that groups per ansible we need the option in the modules to configure them read-only.
At the moment the access mode (read-write or read-only) cannot be mentioned in the ansible-modules but in the GUI. All groups created using ansible are create with read-write permission.
An additional parameter for the modules would solve the problem.

Ansible Contributor Summit

We are happy to announce that the registration for the Ansible Contributor Summit is open!

Why

• This is a great opportunity for interested people to meet, discuss related topics, share their stories and opinions, get the latest important updates and just to hang out together.

• There will be different announcements & presentations by Community, Core, Cloud, Network, and other teams.

• Current contributors will be happy to share their stories and experience with newcomers.

• There will be links to interactive self-passed instruqt scenarios shared during the event that help newcomers learn different aspects of development.

Where/when

Online on Matrix and Youtube. Tuesday, April 12, 2022, 12:00 - 20:00 UTC.

How to join

• Add the event to your calendar. Use the ical URL (for example, in Google Calendar "Add other calendars" > "Import from URL") instead of importing the .ics file so that any updates to the event will be reflected in your calendar.

• Check out the Summit page:

  • Add you name to attendees.
  • Suggest summit topics that would be interesting to you to hear about.
  • Vote on and propose changes to topics suggested by others.
  • If you want to be a presenter, please contact the Ansible Community team via [email protected].

We are looking forward to seeing you!:)

Hello,

Since this collection has had no releases to Ansible Automation Hub in the past 2 years, the Ansible Partner Engineering team has elected to remove this content from the Ansible Certified Content program.

This is both due to the lack of timely release (none in over a year) , and because the collection has not been tested and released on newer versions of ansible-core (2.14 and 2.15).

The finalized date for this is Feb 29, 2024. If there is a release before then that passes certification standards, the collection will remain part of the certified content program. Otherwise, it will be removed on this date and no longer available to customers through Ansible Automation Hub.

You can always recertify the collection again if it meets the requirements. Reach out to [email protected] for more details and for future certification questions.

SUMMARY

We want to use the collection "netapp.storagegrid" to create and modify Traffic Classification Policies

ISSUE TYPE

• Feature Idea

COMPONENT NAME

netapp.storagegrid

ADDITIONAL INFORMATION

Traffic Classification Policies were added in StorageGRID version 11.4

SUMMARY

Modifying na_sg_org_group does not update s3_policy when managing management_policy simultaneously.

ISSUE TYPE

• Bug Report

COMPONENT NAME

na_sg_org_group

ANSIBLE VERSION

  config file = /vol1/homes/lkr/s3-tenant-management/ansible.cfg
  configured module search path = ['/vol1/homes/lkr/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /vol1/homes/lkr/ansible_2.10/lib/python3.6/site-packages/ansible
  executable location = /vol1/homes/lkr/ansible_2.10/bin/ansible
  python version = 3.6.12 (default, Sep 15 2020, 12:49:50) [GCC 4.8.5 20150623 (Red Hat 4.8.5-37)]

COLLECTION VERSION

------------------ -------
netapp.storagegrid 21.8.0

CONFIGURATION

DEFAULT_CALLBACK_WHITELIST(/vol1/homes/lkr/s3-tenant-management/ansible.cfg) = ['profile_tasks']
HOST_KEY_CHECKING(/vol1/homes/lkr/s3-tenant-management/ansible.cfg) = False

OS / ENVIRONMENT

not relevant

STEPS TO REPRODUCE

Create a group including any management_policy and s3_policy setting. Then change the s3_policy. See example:

---
- hosts: localhost
  collections:
    - netapp.storagegrid
  gather_facts: no
  tasks:
  - name: Include needed variables
    include_vars:
      dir: "vars/"

  - name: Get user authorization token
    uri:
      url: "{{ grid_admin_base_url }}/api/v3/authorize"
      method: POST
      body: {
        "accountId": "{{ tenant_account_id }}",
        "username": "{{ tenant_username }}",
        "password": "{{ tenant_password }}",
        "cookie": false,
        "csrfToken": false
      }
      body_format: json
      validate_certs: false
    register: auth
    check_mode: False

  - name: Manage Group
    na_sg_org_group:
      api_url: "{{ grid_admin_base_url }}"
      auth_token: "{{ auth.json.data }}"
      validate_certs: false
      state: "present"
      display_name: "test-group"
      unique_name: "group/test-group"
      management_policy:
        manage_all_containers: false
      s3_policy: "{{ item }}"
    loop:
      - {"Statement":[{"Effect":"Deny","Action":"s3:*","Resource":"arn:aws:s3:::*"}]}
      - {"Statement":[{"Effect":"Allow","Action":"s3:*","Resource":"arn:aws:s3:::*"}]}

EXPECTED RESULTS

Group is modified with new S3 policy.

ACTUAL RESULTS

Ansible reports the group as unchanged.

TASK [Manage Group] ********************************************************************************************************************************************************
changed: [localhost] => (item={'Statement': [{'Effect': 'Deny', 'Action': 's3:*', 'Resource': 'arn:aws:s3:::*'}]})
ok: [localhost] => (item={'Statement': [{'Effect': 'Allow', 'Action': 's3:*', 'Resource': 'arn:aws:s3:::*'}]})

First "changed" is creating the group, second should be "changed" as well.

This does not happen when management_policy is not managed.

SUMMARY

In File "na_sg_grid_account.py" the example "name:" and "state:" mismatches. Example will delete tenant.

ISSUE TYPE

• Documentation Report

COMPONENT NAME

https://github.com/ansible-collections/netapp.storagegrid/blob/main/plugins/modules/na_sg_grid_account.py

ANSIBLE VERSION

AWX 19.2.1

SUMMARY

Improve the flexibility of na_sg_grid_gateway by configuring its ha_group parameter to accept IDs of HA groups.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

na_sg_grid_gateway

ADDITIONAL INFORMATION

The na_sg_grid_gateway.py module requires the ha_groups parameter to define the names of HA groups instead of their IDs. It would be straightforward to write an Ansible role that determines the names, IDs and HA groups of load balancer endpoints on its own without hard coding anything if the module accepted the IDs of HA groups. This would also match the behavior of the /private/gateway-configs operation.

Currently, running a GET request against /private/gateway-configs returns the names and IDs of load balancer endpoints and the IDs of their HA groups, and running a GET request against /private/ha-groups returns the names and IDs of HA groups. While these two operations return all the necessary information, it still requires some further work to combine the information and convert the IDs of HA groups to the corresponding names within the JSON object returned by /private/gateway-configs operation. The conversion has proven to be somewhat tricky if it must be done programmatically and without hard coding the names of HA groups.

In other words, /private/gateway-configs lacks the names of HA groups and /private/ha-groups lacks the ID of the load balancer endpoint to which an HA group is bound. Nodes > <node_name> > Load Balancer in the Grid Manager apparently presents the binding.

The following snippet demonstrates uploading a renewed certificate to multiple load balancer endpoints. Previous tasks of an Ansible role have already defined the following variables:

• auth.json.data - a Grid Management API token
• grid_admin_base_url - the URL of a primary admin node
• endpoint_cert - a base64 encoded server certificate
• endpoint_chain - a base64 encoded CA bundle
• endpoint_privkey - a base64 encoded certificate private key

- name: Get load balancer endpoint configurations
  uri:
    url: "{{ grid_admin_base_url }}/api/v3/private/gateway-configs"
    method: GET
    headers:
      accept: application/json
      Authorization: Bearer {{ auth.json.data }}
    validate_certs: false  # skip validation to renew expired certificates
  register: gateways

# Create a nested list of display names, IDs and HA groups
# [["displayName1", "id1", ["haGroups1"]], ["displayName2", "id2", ["haGroups2"]]]
- name: Map display name to ID and HA groups
  set_fact:
    gateways: "{{ gateways | json_query(query) }}"
  vars:
    query: "json.data[*].[displayName, id, pinTargets.haGroups]"
    
- name: Deploy load balancer endpoint certificate
  netapp.storagegrid.na_sg_grid_gateway:
    api_url: "{{ grid_admin_base_url }}"
    auth_token: "{{ auth.json.data }}"
    validate_certs: false  # skip validation to renew expired certificates
    state: present
    display_name: "{{ item[0] }}"  # see the structure of the nested list above
    gateway_id: "{{ item[1] }}"  # see the structure of the nested list above
    port: 10443
    secure: true  # only serve HTTPS traffic
    enable_ipv4: true
    enable_ipv6: true
    binding_mode: ha-groups
    ha_groups: "{{ item[2] }}"   # see the structure of the nested list above
    default_service_type: "s3"
    server_certificate: "{{ endpoint_cert['content'] | b64decode }}"
    private_key: "{{ endpoint_privkey['content'] | b64decode }}"
    ca_bundle: "{{ endpoint_chain['content'] | b64decode }}"
  no_log: true  # hide cert, chain and privkey
  loop: "{{ gateways }}"

Hi.

Will it be possible to include description field in the netapp.storagegrid.na_sg_grid_account module

It is part of the /grid/accounts API but cannot find it in ansile module

Thanks !