Connection error: HTTPSConnectionPool(host='192.168.X.X', port=443

Hello All,

I’m using the NetApp simulator along with trying to test out Ansible playbooks. I don’t have a custom SSL certificate; I just use the self-signed one.

If I put the following within the playbook or a variable, I still receive the error below:

https_option: false

validate_certs_option: false

fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "None: Connection error: HTTPSConnectionPool(host='192.168.X.X', port=443): Max retries exceeded with url: /api/cluster?fields=version (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate

It doesn’t matter what I do; the ansible script I run still wants to check the SSL certificate.

[admin@RHEL9-AWX ~]$ pip --version
pip 21.2.3 from /usr/lib/python3.9/site-packages/pip (python 3.9)

[admin@RHEL9-AWX ~]$ ansible --version
ansible [core 2.14.9]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/admin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/admin/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.18 (main, Jan  4 2024, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

---
collections:
- name: netapp.ontap
  version: '21.6.0'
- name: ansible.utils

How do I get past this dang annoying issue? This is the only item preventing me from running the playbook.

Hello.

Could you tell us a playbook you wrote to help us understand the problem?

@akira6592 Would you want just a snippet of the beginning of the playbook where the section called out the https and cert validation? I ask because the playbook is long.

@akira6592 Here is the beginning of the playbook where the problem is occurring:

---
- hosts: localhost
  gather_facts: false
  name: NetApp SVM Setup
  vars_files:
  - variables-1.yml
  vars:
    login: &login
     hostname: "{{ clusterip }}"
     username: "{{ user }}"
     password: "{{ pass }}"
     validate_certs: false
  tasks:
  - name: Create SVM
    na_ontap_svm:
      state: present
      name: "{{ svmname }}"
      root_volume: "{{ rootvolname }}"
      root_volume_aggregate: "{{ rootvolaggr }}"
      root_volume_security_style: "{{ rootvolsecurity }}"
      aggr_list: "{{ allowedaggrs }}"
      allowed_protocols: "{{ allowedprotocols }}"
      hostname: "{{ clusterip }}"
      username: "{{ user }}"
      password: "{{ pass }}"

These variables no longer apply since I don’t have them within the playbook any longer as variables, but they are what I originally used below:

# Cluster Login
clusterip: '{{ hostname }}'
user: '{{ user }}'
pass: '{{ pass }}'
https_option: true
validate_certs_option: true

---
- hosts: localhost
  gather_facts: false
  name: NetApp SVM Setup
  vars_files:
  - variables.yml
  vars:
    login: &login
     hostname: "{{ clusterip }}"
     username: "{{ user }}"
     password: "{{ pass }}"
     https: "{{ https_option }}"
     validate_certs: "{{ validate_certs_option }}"

Is the YAML anchor &login used in playbook as alias?

It seems the snippet does not apply validate_certs: false .

@akira6592 The anchor is not used as an alias. What do you mean it doesn’t apply

validate_certs: false?

@marshit

If not applied(used) anywhere, then the validate_certs option in the na_ontap_svm module would default true.

Therefore, it is necessary to explicitly specify validate_certs: false as an option in the module.

  - name: Create SVM
    na_ontap_svm:
      state: present
      name: "{{ svmname }}"
      root_volume: "{{ rootvolname }}"
      root_volume_aggregate: "{{ rootvolaggr }}"
      root_volume_security_style: "{{ rootvolsecurity }}"
      aggr_list: "{{ allowedaggrs }}"
      allowed_protocols: "{{ allowedprotocols }}"
      hostname: "{{ clusterip }}"
      username: "{{ user }}"
      password: "{{ pass }}"
      validate_certs: false    # here

@akira6592 I understand what you mean a little better, so I’m now using the &login variable.

---
- hosts: localhost
  gather_facts: false
  name: NetApp SVM Setup
  vars_files:
  - variables-1.yml
  vars:
    login: &login
     hostname: "{{ clusterip }}"
     username: "{{ user }}"
     password: "{{ pass }}"
     https: "{{ https_option }}"
     validate_certs: "{{ validate_certs_option }}"
     use_rest: always

  tasks:
  - name: Create SVM
    na_ontap_svm:
      state: present
      name: "{{ svmname }}"
      root_volume: "{{ rootvolname }}"
      root_volume_aggregate: "{{ rootvolaggr }}"
      root_volume_security_style: "{{ rootvolsecurity }}"
      aggr_list: "{{ allowedaggrs }}"
      allowed_protocols: "{{ allowedprotocols }}"
      <<: *login
  - name: Start NFS
    na_ontap_nfs:
      state: present
      service_state: started
      vserver: "{{ svmname }}"
      nfsv3: enabled
      <<: *login

@akira6592 I’m past the SSL error now, but for some odd reason I now receive this error - [WARNING]: Collection netapp.ontap does not support Ansible version

2

2.12.5.post0

Which is strange because per the requirements for 22.9.0 of NetApp module (ontap.netapp) I’m at python 3.9 and ansible 2.15.x and I still seem to not be able to run all playbooks, only certain modules will work.

The below requirements are needed on the host that executes this module.

• Ansible 2.9 or later - 2.12 or later is recommended.
• Python3 - 3.9 or later is recommended.
• When using ZAPI, netapp-lib 2018.11.13 or later (install using ‘pip install netapp-lib’), netapp-lib 2020.3.12 is strongly recommended as it provides better error reporting for connection issues
• a physical or virtual clustered Data ONTAP system, the modules support Data ONTAP 9.1 and onward, REST support requires ONTAP 9.6 or later.

I’m only able to run most playbooks if I specifically put version 21.6.0 within my requirements.yml file. I don’t really understand why that is happening.

@marshit

FYI. You can also use Module default grouup without using YAML anchor and alias.

For netapp.ontap collection, the group name is netapp_ontap (netapp.ontap.netapp_ontap).

---
- hosts: localhost
  gather_facts: false
  name: NetApp SVM Setup
  vars_files:
  - variables-1.yml

  module_defaults:
    group/netapp.ontap.netapp_ontap:
      hostname: "{{ clusterip }}"
      username: "{{ user }}"
      password: "{{ pass }}"
      https: "{{ https_option }}"
      validate_certs: "{{ validate_certs_option }}"
      use_ssrest: always

  tasks:
  - name: Create SVM
    na_ontap_svm:
      state: present
      name: "{{ svmname }}"
      root_volume: "{{ rootvolname }}"
      root_volume_aggregate: "{{ rootvolaggr }}"
      root_volume_security_style: "{{ rootvolsecurity }}"
      aggr_list: "{{ allowedaggrs }}"
      allowed_protocols: "{{ allowedprotocols }}"

  - name: Start NFS
    na_ontap_nfs:
      state: present
      service_state: started
      vserver: "{{ svmname }}"
      nfsv3: enabled

Please select your preferred method

@akira6592 I tried that but I still keep getting this error now:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: netapp_lib.api.zapi.zapi.NaApiError: NetApp API failed. Reason - Unable to connect:(ConnectionRefusedError(111, 'Connection refused'),)
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/usr/lib64/python3.8/urllib/request.py\", line 1354, in do_open\n    h.request(req.get_method(), req.selector, req.data, headers,\n  File \"/usr/lib64/python3.8/http/client.py\", line 1256, in request\n    self._send_request(method, url, body, headers, encode_chunked)\n  File \"/usr/lib64/python3.8/http/client.py\", line 1302, in _send_request\n    self.endheaders(body, encode_chunked=encode_chunked)\n  File \"/usr/lib64/python3.8/http/client.py\", line 1251, in endheaders\n    self._send_output(message_body, encode_chunked=encode_chunked)\n  File \"/usr/lib64/python3.8/http/client.py\", line 1011, in _send_output\n    self.send(msg)\n  File \"/usr/l…

I can access the system just fine and SSH directly to the appliance. I wonder if I need to change my bindep.txt file to everything 3.9?

findutils [compile platform:centos-8 platform:rhel-8]
gcc [compile platform:centos-8 platform:rhel-8]
make [compile platform:centos-8 platform:rhel-8]
python38-devel [compile platform:centos-8 platform:rhel-8]
python38-cffi [platform:centos-8 platform:rhel-8]
python38-cryptography [platform:centos-8 platform:rhel-8]
python38-pycparser [platform:centos-8 platform:rhel-8]

@marshit

The error message seems to be omitted.

self.send(msg)\n  File \"/usr/l…

Anyway, a Python 3.9 or higher environment will have less trouble.

I changed these options to tue/false and it seemd to have got me past the connection error:

 https: "{{ https_option }}"
 validate_certs: "{{ validate_certs_option }}"

This is interesting because I’m pretty sure I changed that before, but maybe at that point there was some other issue.

I also made sure of my requirements.yml file had version 22.9.0 of netapp.ontap. I think this ticket can be closed.

@marshit Thank you for reporting.
I am glad you were able to resolve the issue.