ONTAP Discussions

Problems accessing command-history.log via http

DARREN_REED
3,589 Views

Reviewing the Systems Administrators Guide for OnTAP 8.2 (https://library.netapp.com/ecm/ecm_download_file/ECMP1196798), I am working through the checklist of things to allow access to command-history.log files via HTTP.

 

This is covered on pages 42 & 43.

 

mycluster::> system services web show
External Web Services: true
Status: online
HTTP Protocol Port: 80
HTTPs Protocol Port: 443
TLSv1 Enabled: true
SSLv3 Enabled: true
SSLv2 Enabled: false

mycluster::> vserver services web show -vserver mycluster -name spi

Vserver: mycluster
Service Name: spi
Type of Vserver: admin
Version of Web Service: 1.2.0
Description of Web Service: Service Processor Infrastructure
Long Description of Web Service: This service offers HTTP/HTTPs access to applications running on the Service Processor. Log and core files from all nodes in the cluster will be exposed for Service Processor retrieval.
Service Requirements: ontapi=1.0.0, index>1.0.0
Default Authorized Roles: admin
Enabled: true
SSL Only: false


mycluster::> vserver services web access show -vserver mycluster -role admin
Vserver Type Service Name Role
-------------- -------- ---------------- ----------------
mycluster admin ontapi admin
mycluster admin spi admin
2 entries were displayed.

 

mycluster::> security login show -username admin -vserver mycluster -application service-processor

Vserver: mycluster
Authentication Acct
UserName Application Method Role Name Locked
---------------- ----------- -------------- ---------------- ------
admin service-processor
password admin no


mycluster::> security login role show -role admin
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
mycluster admin DEFAULT all

 

$ wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/mlog/
--2016-01-25 09:40:43-- https://admin:*password*@mycluster/spi/mycluster01/etc/mlog/
Resolving mycluster... 10....
Connecting to mycluster|10....|:443... connected.
WARNING: cannot verify mycluster▒s certificate, issued by ▒/CN=mycluster.cert/C=US/ST=/L=/O=/OU=/emailAddress=▒:
Self-signed certificate encountered.
WARNING: certificate common name ▒mycluster.cert▒ doesn't match requested host name ▒mycluster▒.
HTTP request sent, awaiting response... 401 Authorization Required
Reusing existing connection to mycluster:443.
HTTP request sent, awaiting response... 403 Forbidden
2016-01-25 09:40:44 ERROR 403: Forbidden.

 

 

... what am I missing?

1 ACCEPTED SOLUTION

georgevj
3,520 Views

Seems like there is an error in URL?

wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/mlog/

 

this must be wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/log/mlog/

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

View solution in original post

3 REPLIES 3

georgevj
3,562 Views

what does this command say?

 

security login show -username admin -vserver mycluster -application http

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

DARREN_REED
3,531 Views

mycluster::> security login show -username admin -vserver mycluster -application http
Vserver: mycluster
Authentication Acct
UserName Application Method Role Name Locked
---------------- ----------- -------------- ---------------- ------
admin http password admin no
 

georgevj
3,521 Views

Seems like there is an error in URL?

wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/mlog/

 

this must be wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/log/mlog/

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.
Public