[BUG]: dellemc.powerscale.networkpool fails as Unauthorized

[bugmanch]

Error description
Role dellemc.powerscale.networkpool fails with following error message:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unable to get network pool pool0 failed with error: HTTP Error 401: Unauthorized "}

Environment details
Occurs on:

• Ansible v. 2.16.11 and 2.17.5
• Python 3.10.12 and 3.12.3
• dellemc.powerscale 3.5 (was working with version 1.5)
• OneFS 9.7.1.2

Code example

    - name: Get Management IP Pool
      dellemc.powerscale.networkpool:
        onefs_host: "{{ pscale_host }}"
        api_user: "root"
        api_password: "{{ pscale_password }}"
        verify_ssl: false

        groupnet_name: "groupnet0"
        subnet_name: "subnet0"
        pool_name: "pool0"
        state: "present"

[anupamaloke]

@bugmanch, I just tried the below playbook and I was able to successfully get the details. Could you please check your username and password details or make sure that the user has the right privileges to gather the network pool details?

---
- hosts: powerscale
  gather_facts: no

  vars:
    onefs_creds: &onefs_creds
      onefs_host: "{{ inventory_hostname }}"
      api_user: "{{ user }}"
      api_password: "{{ password }}"
      verify_ssl: False

  tasks:
    - name: get network pool details
      dellemc.powerscale.info:
        <<: *onefs_creds
        gather_subset:
          - network_pools
      register: result
      delegate_to: localhost

    - name: get details about the first network pool
      dellemc.powerscale.networkpool:
        <<: *onefs_creds
        groupnet_name: "{{ result.NetworkPools[0].id.split('.')[0] }}"
        subnet_name: "{{ result.NetworkPools[0].id.split('.')[1] }}"
        pool_name: "{{ result.NetworkPools[0].id.split('.')[2] }}"
        state: present
      register: result
      delegate_to: localhost
      when:
        - result.NetworkPools | length > 0

    - name: print network pool details
      ansible.builtin.debug:
        var: result

Execution:

(virtualenv) [user@W11HQSX2T3 powerscale]$ ansible-navigator run network_pool.yml -i hosts

PLAY [powerscale] **************************************************************

TASK [get network pool details] ************************************************
ok: [192.168.10.20 -> localhost]

TASK [get details about the first network pool] ********************************
ok: [192.168.10.20 -> localhost]

TASK [print network pool details] **********************************************
ok: [192.168.10.20] => {
    "result": {
        "changed": false,
        "diff": null,
        "failed": false,
        "network_pool": {
            "pools": [
                {
                    "access_zone": "System",
                    "addr_family": "ipv4",
                    "aggregation_mode": "lacp",
                    "alloc_method": "static",
                    "description": "pool name description",
                    "firewall_policy": "default_pools_policy",
                    "groupnet": "groupnet0",
                    "id": "groupnet0.subnet0.pool0",
                    "ifaces": [
                        {
                            "iface": "ext-2",
                            "lnn": 1
                        },
                        {
                            "iface": "ext-2",
                            "lnn": 2
                        },
                        {
                            "iface": "ext-2",
                            "lnn": 3
                        }
                    ],
                    "ipv6_perform_dad": false,
                    "name": "pool0",
                    "nfsv3_rroce_only": false,
                    "ranges": [
                        {
                            "high": "192.168.10.22",
                            "low": "192.168.10.20"
                        }
                    ],
                    "rebalance_policy": "auto",
                    "rules": [],
                    "sc_auto_unsuspend_delay": 0,
                    "sc_connect_policy": "round_robin",
                    "sc_dns_zone": "",
                    "sc_dns_zone_aliases": [
                        "Test1",
                        "Test"
                    ],
                    "sc_failover_policy": "round_robin",
                    "sc_subnet": "",
                    "sc_suspended_nodes": [],
                    "sc_ttl": 0,
                    "static_routes": [],
                    "subnet": "subnet0"
                }
            ]
        }
    }
}

PLAY RECAP *********************************************************************
192.168.10.20              : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[bugmanch]

Here is what I get in my environment

All other commands works fine, just networkpools command issuing an Unaothoorized error:

$ cat test_ippool.yml
---
- hosts: localhost
  gather_facts: no

  vars:
    onefs_creds: &onefs_creds
      onefs_host: "192.168.1.61"
      api_user: "root"
      api_password: "{{ root_password }}"
      verify_ssl: False

  tasks:
    - name: get network pool details
      dellemc.powerscale.info:
        <<: *onefs_creds
        gather_subset:
          - network_pools
      register: result
      delegate_to: localhost

    - name: get details about the first network pool
      dellemc.powerscale.networkpool:
        <<: *onefs_creds
        groupnet_name: "{{ result.NetworkPools[0].id.split('.')[0] }}"
        subnet_name: "{{ result.NetworkPools[0].id.split('.')[1] }}"
        pool_name: "{{ result.NetworkPools[0].id.split('.')[2] }}"
        state: present
      register: result
      delegate_to: localhost
      when:
        - result.NetworkPools | length > 0

    - name: print network pool details
      ansible.builtin.debug:
        var: result

Execution:

$ ansible-playbook -vvv test_ippool.yml
ansible-playbook [core 2.17.5]
...
  python version = 3.12.3 (main, Sep 11 2024, 14:17:37) [GCC 13.2.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
...

PLAYBOOK: test_ippool.yml ******************************************************************************************************************************************************
1 plays in test_ippool.yml

PLAY [localhost] ***************************************************************************************************************************************************************

TASK [get network pool details] ************************************************************************************************************************************************
....

ok: [localhost] => {
    "AccessZones": [],
    "Attributes": [],
    "Clients": [],
    "ClusterIdentity": {},
    "ClusterOwner": {},
    "EmailSettings": {},
    "Groups": [],
    "LdapProviders": [],
    "NTPServers": {},
    "NetworkGroupnets": [],
    "NetworkInterfaces": [],
    "NetworkPools": [
        {
            "id": "groupnet0.subnet0.pool0",
            "name": "pool0"
        },
        {
            "id": "groupnet0.vlan12.grandson",
            "name": "grandson"
        }
    ],
    "NetworkRules": [],
    "NetworkSubnets": [],
    "NfsAliases": [],
    "NfsDefaultSettings": {},
    "NfsExports": [],
    "NfsGlobalSettings": {},
    "NfsZoneSettings": {},
    "NodePools": [],
    "Nodes": [],
    "Providers": [],
    "ServerCertificate": [],
    "SmbGlobalSettings": {},
    "SmbOpenFiles": [],
    "SmbShares": [],
    "SnmpSettings": {},
    "StoragePoolTiers": [],
    "SynciqGlobalSettings": {},
    "SynciqPerformanceRules": [],
    "SynciqPolicies": [],
    "SynciqReports": [],
    "SynciqTargetClusterCertificate": [],
    "SynciqTargetReports": [],
    "UserMappingRules": [],
    "Users": [],
    "alert_categories": [],
    "alert_channels": [],
    "alert_rules": [],
    "alert_settings": {},
    "changed": false,
    "event_groups": [],
    "file_system": [],
    "invocation": {
        "module_args": {
            "access_zone": "System",
            "api_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "api_user": "root",
            "filters": null,
            "gather_subset": [
                "network_pools"
            ],
            "include_all_access_zones": null,
            "onefs_host": "192.168.1.61",
            "port_no": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "query_parameters": null,
            "scope": "effective",
            "verify_ssl": false
        }
    },
    "roles": {},
    "s3Buckets": {},
    "smart_quota": [],
    "support_assist_settings": {}
}

TASK [get details about the first network pool] ********************************************************************************************************************************
...
The full traceback is:
  File "/tmp/ansible_dellemc.powerscale.networkpool_payload_zc7d9fse/ansible_dellemc.powerscale.networkpool_payload.zip/ansible_collections/dellemc/powerscale/plugins/modules/networkpool.py", line 498, in get_network_pool
    details = utils.get_network_pool_details(
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_dellemc.powerscale.networkpool_payload_zc7d9fse/ansible_dellemc.powerscale.networkpool_payload.zip/ansible_collections/dellemc/powerscale/plugins/module_utils/storage/dell/utils.py", line 558, in get_network_pool_details
    session_status_response = nwpool.invoke_request(headers={"Content-Type": "application/json"}, uri=session_url, method="GET")
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_dellemc.powerscale.networkpool_payload_zc7d9fse/ansible_dellemc.powerscale.networkpool_payload.zip/ansible_collections/dellemc/powerscale/plugins/module_utils/storage/dell/nwpool_utils.py", line 146, in invoke_request
    raise err
  File "/tmp/ansible_dellemc.powerscale.networkpool_payload_zc7d9fse/ansible_dellemc.powerscale.networkpool_payload.zip/ansible_collections/dellemc/powerscale/plugins/module_utils/storage/dell/nwpool_utils.py", line 143, in invoke_request
    resp = open_url(url, data=data, **url_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_dellemc.powerscale.networkpool_payload_zc7d9fse/ansible_dellemc.powerscale.networkpool_payload.zip/ansible/module_utils/urls.py", line 995, in open_url
    return Request().open(method, url, data=data, headers=headers, use_proxy=use_proxy,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/tmp/ansible_dellemc.powerscale.networkpool_payload_zc7d9fse/ansible_dellemc.powerscale.networkpool_payload.zip/ansible/module_utils/urls.py", line 899, in open
    r = urllib.request.urlopen(request, None, timeout)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 215, in urlopen
    return opener.open(url, data, timeout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 521, in open
    response = meth(req, response)
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 630, in http_response
    response = self.parent.error(
               ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 559, in error
    return self._call_chain(*args)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 492, in _call_chain
    result = func(*args)
             ^^^^^^^^^^^
  File "/usr/lib/python3.12/urllib/request.py", line 639, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_zone": null,
            "additional_pool_params": null,
            "api_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "api_user": "root",
            "description": null,
            "groupnet_name": "groupnet0",
            "new_pool_name": null,
            "onefs_host": "192.168.1.61",
            "pool_name": "pool0",
            "port_no": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "sc_params": null,
            "state": "present",
            "subnet_name": "subnet0",
            "verify_ssl": false
        }
    },
    "msg": "Unable to get network pool pool0 failed with error: HTTP Error 401: Unauthorized "
}

PLAY RECAP *********************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

[nikolisg7]

Does a direct API query for e.g. /platform/network/groupnets/groupnet0/subnets/subnet0/pools/pool0 using curl or ansible uri and the same credentials work?

[bugmanch]

Thanks! That helped me to find out the cause of the issue!
OneFS REST API Basic Auth was disabled on my cluster.

The following OneFS command helped solve the situation:
isi_gconfig -t web-config auth_basic=true

As per: https://developer.dell.com/apis/4088/versions/9.7.0/docs/Getting%20Started/3make_your_first_call.md

So:

• Either pls add in the plugin documentation that auth_basic shall be set to true on the target Powerscale cluster
• Or this module should be patched so it doesn't require Basic Auth (many other modules already works flawlessly without Basic Auth)
  Thanks!