Subscribe
Accepted Solution

workflow to traverse all vservers in a cdot environment

Hi all, IHAC that wants a workflow that will update user's on every vfiler in an environment.

If I look in the vserver table of cmstorage, I can see all the vservers (admin, node, and data).

If I want to update the appropriate data vserver, do I need to set up a credential for each, or should I be able to update the vserver attributes through the admin vserver?

Anyone done anything like this and have an example I can play with?

Thanks

Re: workflow to traverse all vservers in a cdot environment

Hi Stephen,

You mention vfilers and vservers together. Do you mean 7-mode or Clustered-mode?

For both 7 and Clustered modes you can use the vFiler0 or Storage Controller's credentials to manage a vFiler/Vserver.

When you create a workflow, use the Repeat loop (hover mouse over the left side of a row and you get a drop down with Repeat Row in it). Within the repeat row, use a Finder that searches for every vFiler or Vserver (depending on mode) to run the command on.

Depending on what you want to do, create a local user? update local user? the customer would need to create a command to perform the action itself, as there are no built-in user modification commands. Use the Powershell SDK help for information on calling the commands, and if there are problems or the commands don't work with vfilers as some don't, you can use "Invoke-NaSSH" or "Invoke-NcSSH" to run a command as if it were typed in. ie. "vfiler run myvfiler useradmin user add xxx -g yyy" etc.

Take a look a in-built commands to get an idea on how to create them.

For users you should be able to do something like this:

<<declare parameters for $array, $VfilerName, $user, $password, $group here>>

Connect-WFAController -Array $arrray -Vfiler $VfilerName

New-NaUser $user $password

Invoke-NaSSH 'vfiler run ' + $VfilerName + " useradmin user modify " + $user + " -g " + $group

Note that the New-NaUser cannot set groups within Vfilers, only vfiler0, so in the above setting the group is split out, and New-NaUser is used to set the users password. It does not require vfiler credentials to connect.

Hope that's useful!

Michael.

Re: workflow to traverse all vservers in a cdot environment

Not quite sure how to do this with loops. It seems like you would need a nested loop for the following logic:

for every cluster

     for every vserver

          for every user

               do something

          end

     end

end

Is there a way to accomplish this with looping?

Re: workflow to traverse all vservers in a cdot environment

Hi Stephen:

There are couple of features in the upcoming release towards end of this year via which you should be able to achieve

     for every cluster

          for every vserver

               do something

          end

     end

However only 1 level of hierarchy will be possible via the workflow designer.

To achieve the next hierarchy you can create the last loop in the command.

You should be able to directly query the DB and iterate thru the user list.

Ease of scripting is another feature which will help to accomplish the same.

To achive it now, you can write command, which can directly access the DB

and iterate thru the objects. But unfortunately, you cannot take advantage

of the other constructs present in the workflow designer.

See some samples here on how DB can be accessed directly via command:

https://communities.netapp.com/docs/DOC-30478#comment-19050

Let us know if you have any more questions.

-Abhi