“Unexpected Error”. If you have been using the NetApp Ansible modules and seen this error, you know it can be frustrating as it doesn’t give any useful information.  This error is 99.9% of the time one of the following four issues, and I will do my best to explain how to fix them.

  1. Unreachable host
    • If the module is unable to reach an ONTAP cluster you will see the Unexpected Error message. You need to check that your ONTAP cluster is powered on.  If it is on, be sure you have the right FQDN or IP address for the ‘hostname:’ entry. Try pinging, or SSH’ing to the cluster. If a firewall is blocking 80(for HTTP) or 443(for HTTPS) that will also cause the error message.
  2. Using HTTP without enabling it on the ONTAP cluster
    • By default, all the ONTAP modules communicate using HTTP. However, ONTAP clusters disable HTTP by default.  If you want to run modules using HTTP, the following commands will be sure that HTTP is enabled on the ONTAP cluster.  Note these commands must be run from the cluster, so you will need to login to the system somehow.
      • cluster::>set -priv advanced
      • cluster::*>system service web modify -http-enable true
    • Or you can use HTTPS by adding ‘https: true’ to all your ONTAP tasks in That would look like this for the na_gather_facts module for example
- name: Facts
    hostname: cluster.local
    username: admin
    password: netapp123
    https: true
  1. Using HTTPS with a self-signed certificate
    • When ONTAP creates the cluster for the first time a self-signed TLS certificate is created.This is used by probably more than 95% of users.  However, Ansible runs on python, and back in version 2.7.5 the python community decided that no TLS self-signed certificates should ever be validated.  So, to avoid the error, you also need to set “validate_certs: false” on all your tasks you are using “https: true” on.  This isn’t needed if you are loading your own certificate or if you copy the self-signed certificate off the ONTAP cluster and load it in your Ansible systems CA directory.
  2. Improper user rights
    • This can happen if you are trying to run against a Vserver management IP as many of the modules are written to be run against the Cluster management IP as a Cluster admin.However, this can also happen when you are using a custom account and using the ‘na_ontap_command’ module.  Normally all your user needs is ‘ontapi’, ‘http’, and ‘https’ rights to be able to use the Ansible modules.  However, for the command module, ‘console’ rights are also required.  You can add them like this
      • cluster::>security login create -user-or-group-name <username> -application console
        • replace <username> with your username


I hope this helps you troubleshoot “Unexpected Error” issues and puts you on the right path to automating ONTAP with Ansible. There are more tips, tricks, and tutorials for Ansible here at www.netapp.ioso be sure to read them.  Also, if you want to ask questions, we have a Slack workspace.  If you aren’t part of that you can get an invite at www.netapp.io/slack.  Myself and other Ansible module developers are in the #configurationmgmt channel. Look forward to seeing you there.

About David Blackwell

David is a twenty year IT veteran who has been an admin for just about every aspect of a DataCenter at one time or another. When not working, or tinkering with new software at home, David spends most of his free time with his six year old son and his lovely wife.

Pin It on Pinterest