Subscribe

OnCommand WFA Workflow to update or delete export rule cdot

IHAC that is new to cDOT (8.3.x) and WFA. They are looking to create RBAC process to allow certain users to either add or delete export rules to an existing export policy on select SVMs. I'm not sure how to create. Does anyone already have this created in WFA and that can share with me please?

 

Thanks.

Re: OnCommand WFA Workflow to update or delete export rule cdot

Hi,

 

Hope this helps https://community.netapp.com/t5/OnCommand-Storage-Management-Software-Articles-and-Resources/Video-Applying-Role-Based-Access-Control-RBAC-to-your-wor...

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: OnCommand WFA Workflow to update or delete export rule cdot

Thank. This is part of what I need. I still need the workflow to add or delete export rules. Do you have that? Again, the need is to be able to update what workstations can access an export. I don't need to create new export policies or volumes; I just need to update the existing ones.

 

Thanks.

Re: OnCommand WFA Workflow to update or delete export rule cdot

1. There is a Create Export Rule command in WFA which is precanned. This will help you in adding. You have to develop a command to delete the same.

 

"Creates an Export rule configuration. If the specified policy does not exist, the "Create CM export rule" command will create the export policy in the given cluster/Storage Virtual Machine and then create the export rules in the new policy with the specified parameters."

 

2. In the playground DB you need to add the list of workstations. In the user inputs you need to take care which workstation will be able to access what kind of exports.

This will have to taken care via SQL queries.

 

Regards
Abhi

 

 

 

Re: OnCommand WFA Workflow to update or delete export rule cdot

[ Edited ]

Hi Lucas,

 

Here is the WFA command code to remove a client from an export policy.

Rather than use the playground mysql database as suggested...

 

I'd recommend you simply query the rule index matching the client (much simpler)

 

Hope this helps

 

/Matt

 

Param(
   [Parameter(Mandatory=$True, HelpMessage="The cluster name or IP Address")]
   [String]$ClusterName,
   [Parameter(Mandatory=$True, HelpMessage="The vserver name")]
   [String]$VserverName,
   [Parameter(Mandatory=$True, HelpMessage="The NFS export policy name")]
   [String]$PolicyName,
   [Parameter(Mandatory=$False, HelpMessage="The NFS export policy rule index number")]
   [Int]$RuleIndex,  
   [Parameter(Mandatory=$True, HelpMessage="The IP address or FQDN of the NFS client")]
   [String]$ClientMatch,
   [Parameter(Mandatory=$False, HelpMessage="The maximum number of ZAPI retry attempts")]
   [Int]$ZapiRetryCount   
)
#'------------------------------------------------------------------------------
#'Connect to cluster
#'------------------------------------------------------------------------------
Connect-WFACluster $ClusterName
#'------------------------------------------------------------------------------
#'Check if the Export Policy exists on the vserver.
#'------------------------------------------------------------------------------
Get-WFALogger -Info -Message "Enumerating export policy ""$PolicyName"" on vserver ""$VserverName"""
[String]$command = "Get-NcExportPolicy -VserverContext $VserverName -Name $PolicyName -ErrorAction Stop"
Try{
   $policy = Invoke-Expression -Command $command -ErrorAction Stop
   Get-WFALogger -Info -Message "Executed Command`: $command"
}Catch{
   Get-WFALogger -Error -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
   Throw "Failed enumerating export policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
#'Raise an error if the export policy does not exist.
#'------------------------------------------------------------------------------
If(-Not($policy)){
   Throw "The export policy ""$PolicyName"" does not exist on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
#'Enumerate the index number of the client in the export policy rules.
#'------------------------------------------------------------------------------
$query = Get-NcExportRule -Template
$query.ClientMatch = $ClientMatch
$query.PolicyName  = $PolicyName
$query.Vserver     = $VserverName
Try{
   $exportRules = Get-NcExportRule -Query $query -ErrorAction Stop
}Catch{
   Get-WFALogger -Error -Message $("Failed enumerating export policy rules for policy ""$PolicyName"" on vserver ""$VserverName"". Error " + $_.Exception.Message)
   Throw "Failed enumerating export policy rules for policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
#'Raise an error if the export policy rules don't exist.
#'------------------------------------------------------------------------------
If(-Not($exportRules)){
   Throw "Failed enumerating an export policy rule matching client ""$ClientMatch"" in export policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
#'Enuemrate and set the rule index number if not provided or raise an error.
#'------------------------------------------------------------------------------
If(-Not($RuleIndex)){
   $RuleIndex = $exportRules.RuleIndex
   If($RuleIndex -eq $Null -Or $RuleIndex -eq ""){
      Throw "Failed enumerating an export policy rule matching client ""$ClientMatch"" in export policy ""$PolicyName"" on vserver ""$VserverName"""
   }
}
#'------------------------------------------------------------------------------
#'Create the command to remove the export policy rule.
#'------------------------------------------------------------------------------
[String]$command = "Remove-NcExportRule -Policy $PolicyName "
If($RuleIndex){
   [String]$command += "-Index $RuleIndex "
}
If($ZapiRetryCount){
   [String]$command += "-ZapiRetryCount $ZapiRetryCount "
}
[String]$command += "-VserverContext $VserverName -Confirm:`$False -ErrorAction Stop"
#'------------------------------------------------------------------------------
#'Execute the command to remove the export policy rule.
#'------------------------------------------------------------------------------
Try{
   Invoke-Expression -Command $command -ErrorAction Stop
   Get-WFALogger -Info -Message "Executed Command`: $command"
   Get-WFALogger -Info -Message "Removed export policy rule for ""$ClientMatch"" in export policy ""$PolicyName"" on vserver ""$VserverName"""
}Catch{
   Get-WFALogger -Error -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
   Throw "Failed removing export policy rule for ""$ClientMatch"" in export policy ""$PolicyName"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.