Subscribe
Highlighted

Readonly ontapi access

hi,

I have built a command to retrieve online stats for either a 7-mode or C-mode cluster.

I wanted to use a read-only account of the second one, so I set up (connecting to the cluster-mgmt lif):

cluster01::> security login show

                                         Authentication                  Acct

Vserver     UserName         Application Method         Role Name        Locked

----------- ---------------- ----------- -------------- ---------------- ------

cluster01   cerndb_rman      http        password       readonly         no

cluster01   cerndb_rman      ontapi      password       readonly         no

cluster01   cerndb_rman      ssh         password       readonly         no

But when I try to query some data I get:

-RDBMS>-BD2:/ORA/dbs01/syscontrol/projects/dfm/bin$ ./smetrics -i 3 -n 2 dbnasb402:/backup/dbs05/BD2

Mon May 13 12:18:18 CEST 2013 : RunTime.CleanUpOlderThanDays: on </ORA/dbs01/syscontrol/local/logs/dfm> removed older than <30>.

Mon May 13 12:18:18 CEST 2013 : RunTime.RunStr running find /ORA/dbs01/syscontrol/local/logs/dfm   -name \*  -mtime +30 -exec rm -rf {} \;

Mon May 13 12:18:18 CEST 2013 : RunTime.CleanUpOlderThanDays: done.

Mon May 13 12:18:18 CEST 2013 : Main: BEGIN args - controller: <dbnasXX> volume_name: </backup/dbs05/BD2>

Mon May 13 12:18:18 CEST 2013 : RunTime.RetrievePasswordForUser: password found for <password_db>

Mon May 13 12:18:18 CEST 2013 : RunTime.GetClusterMgmtNode : nas: <dbnasXXX> matched in <dbnasXXX>

Mon May 13 12:18:18 CEST 2013 : RunTime.GetClusterMgmtNode : nas: <dbnasXXX> matched in <dbnasX>

Mon May 13 12:18:18 CEST 2013 : RunTime.GetIPFromCName: try to get ip from <dbnasb-cluster-mgmt>

Mon May 13 12:18:18 CEST 2013 : RunTime.RunStr running ping -c 1 dbnasb-cluster-mgmt

Mon May 13 12:18:18 CEST 2013 : RunTime.GetIPFromCName: IP <10.16.129.17> for <dbnasXXX-cluster-mgmt>

Mon May 13 12:18:18 CEST 2013 : RunTime_Zapi.GetVolInfoCmode : working with volume: </backup/dbs05/BD2>

Mon May 13 12:18:18 CEST 2013 : RunTime_Zapi.GetVolInfoCmode: query looks like:

<volume-get-iter>

        <max-records>10</max-records>

        <query>

                <volume-attributes>

                        <volume-id-attributes>

                                <junction-path>/backup/dbs05/BD2</junction-path>

                        </volume-id-attributes>

                </volume-attributes>

        </query>

        <desired-attributes>

                <volume-autosize-attributes></volume-autosize-attributes>

                <volume-id-attributes></volume-id-attributes>

                <volume-space-attributes></volume-space-attributes>

        </desired-attributes>

</volume-get-iter>

Mon May 13 12:18:20 CEST 2013 : RunTime.GetVolInfoCmode : Authorization failed, err number: 13002, status: failed

I then added:

cluster01::> security login show

                                         Authentication                  Acct

Vserver     UserName         Application Method         Role Name        Locked

----------- ---------------- ----------- -------------- ---------------- ------

cluster01   toto      http        password       readonly         no

cluster01   toto      ontapi      password       readonly         no

cluster01   toto      ssh         password       readonly         no

dbvs        toto      http        password       vsadmin-readonly no

dbvs        toto      ontapi      password       vsadmin-readonly no

dbvs        toto      ssh         password       vsadmin-readonly no

But still same error.

Thanks a lot for your help!,

Ruben

Re: Readonly ontapi access

I believe this is quite standard, but on my cluster running Ontap 8.1.2 the readonly role comes defined as:

cluster01::> security login role show -vserver cluster01 -role readonly

           Role          Command/                                      Access

Vserver    Name          Directory                               Query Level

---------- ------------- --------- ----------------------------------- --------

cluster01  readonly      DEFAULT                                       readonly

cluster01  readonly      security                                      none

cluster01  readonly      security login password                       all

cluster01  readonly      set                                           all

4 entries were displayed.

Thanks,

Ruben