E/EF-Series REST API Tutorial

Originally published on 6/23/14.

 

Introduction

NetApp E/EF-Series is a high performance, low cost, dense storage array, which comes either with spinning disks (E-Series) or all flash (EF-Series) for sub-millisecond latency and maximum IOPS. NetApp E/EF-Series offers an extensive API through its SYMbol RPC interface - which allows integration through C/C++ and Java. In addition to that, NetApp has recently released the NetApp SANtricity Web Services Proxy 1.0 which offers a state-of-the-art RESTful API for E/EF-Series.

 

Currently, E/EF-Series do not support REST straight out of the box (hopefully this will change soon). A separate proxy needs to be deployed on a host. Under the hood, the proxy wraps the on-box SYMbol API to REST.

 

proxy.png

 

By adding a seperate layer in between the client and SYMbol, we get a number of advantages:

  • A powerful RESTful API - JSON based (for most of the functionality that SYMBol exposes)
  • Basic Role-based user access (RBAC) - currently only read-write and read-only users are supported (rw/ro permission).
  • Secured communication via HTTPS with either self-signed or CA-signed certificates.

User access through LDAP and/or AD is currently not supported.

 

Examples

The follow section will contain a few code snippets on how to use the API through cURL. Per default, endpoint ports are 8080 for HTTP and 8443 for HTTPS. Both can be re-configured in thewsconfig.xml file. It is also possible to just allow HTTPS traffic. We use the --insecure flag in the examples to blindly accept the proxy's certificate - this is obviously not recommended for production use.

 

The complete documentation can be found at http://<hostname>:8080/docs/ and the complete REST endpoint specification at http://<hostname>:8080/docs/rest/.

 

Authentication

Authentication is possible by logging and receiving back a session id in a cookie:

 

URL="https://<hostname>:<port>/devmgr/utils/login"

curl --request POST --cookie-jar "cookies.txt" \

     --header "Host: $HOST:$PORT" --header "Accept: application/json" --header "Content-Type: application/json" \

     --data "{\"userId\":\"username\", \"password\":\"password\" }" \

     --insecure $URL

 

Now we can query the storage systems by passing in the session id from the cookies file:

 

URL="https://<hostname>:<port>/devmgr/v2/storage-systems"

curl --request GET --cookie "cookies.txt" \

     --header "Accept: application/json" \

     --insecure $URL

 

Basic Authentication (i.e., sending the username and password in the header) is disabled by default, and first needs to be activated by setting <env key="enable-basic-auth">true</env> in wsconfig.xml. Note that the proxy service needs to be restarted in order to pick up the changed value. After doing so, you can directly invoke requests to the endpoint:

 

URL="https://<hostname>:<port>/devmgr/v2/storage-systems"

curl --request GET --user "username:password" \

     --header "Accept: application/json" \

     --insecure $URL

 

Security wise, this does not necessarily pose any drawbacks, as long as HTTPS is used and the headers are encrypted.

 

Discovery

We can use the discovery call to discover E/EF-Series system on a certain IP range. This call is asynchronous, as it may take a while to iterate through the whole range:

 

URL="https://<hostname>:<port>/devmgr/v2/discovery"
curl --request POST --cookie "cookies.txt" \

     --header "Accept: application/json" --header "Content-Type: application/json" \

     --data '{"startIP":"10.10.0.1", "endIP":"10.10.0.255", "connectionTimeout": 30, "maxPortsToUse": 20}' \

     --insecure $URL

 

We can check the status of the operation and the result by calling:

 

URL="https://<hostname>:<port>/devmgr/v2/discovery"

curl --request GET --cookie "cookies.txt" \

     --header "Accept: application/json" \

     --insecure $URL

 

Adding storage systems

Controllers can be added through:

 

URL="https://<hostname>:<port>/devmgr/v2/storage-systems"
curl --request POST --cookie "cookies.txt" \

     --header "Accept: application/json" --header "Content-Type: application/json" \

     --data '{"controllerAddresses":["10.10.0.200", "10.10.0.201"]}' \

     --insecure $URL

 

The response will include details about the controllers, including their id, which can be used to query details on the controller.

 

Querying volumes

Given an id for a controller (e.g. c00e7770-f6f9-11e3-a3ac-0800200c9a66), we can query its volumes via:

 

URL="https://<hostname>:<port>/devmgr/v2/storage-systems/c00e7770-f6f9-11e3-a3ac-0800200c9a66/volumes/"

curl --request GET --cookie "cookies.txt" \

     --header "Accept: application/json" \

     --insecure $URL

 

Summary 

The NetApp SANtricity Web Services Proxy makes it easy to access E/EF-Series via REST. The proxy is required to tunnel to the SYMbol RPC API and adds another layer of security (authentication, basic RBAC, HTTPS/SSL). The full REST API definition can be found at http://<hostname>:8080/docs/rest/. Also be sure to check out the WFA E-Series Pack using SANtricity Web Services Proxy that our friend Matt Robinson has created. This pack allows to you to use E/EF-Series within WFA!

 

Comments

This is great link. Came in really handy in getting my REST API queries working through perl REST module. I do have one question. Any idea where can I pull the autosupport information ? I did look under monitoring, but not found anyting related to autosupport. I really appreciate if you can point me to the URI.

 

Thanks

 

Shynee