2016-02-27 10:36 PM
I'm having trouble enabling deduplication (volume efficiency) though the Java API, although I suspect it's the same problem no matter what language you're using. Essentially I'm running into this when I try to run "sis-enable":
Insufficient privileges: user 'vsadmin' does not have write access to this resource
When I look at the vsadmin role, sure enough it doesn't have volume efficiency enabled. The bad part is, I can't modify the security attributes for a built in role, and I can't run this at the cluster level from the API. This has been discussed on another post 2 years ago:
1) Create a new user and role just for this function... this isn't really going to work for me because of other security issues
2) Use 'system-cli' to get around the problem, but I can't seem to get this to work at all. I decided to back off to the simplest command I can find:
NaElement request = new NaElement("system-cli");
NaElement args = new NaElement("args");
response = server.invokeElem(request);
And what I get back is:
Anyone with an idea of how to enable deduplication through the API without having to create a new role / user?
In case it matters, I'm running CDOT 8.3.1 with manageontap-5.4
2016-03-03 09:39 AM
The output from the command is in the "cli-output" element, not "cli-result-value".
2016-03-03 10:07 AM
Here's the full output if the last was confusing:
Can you post an example request just to get the system version? That might help me form a query for managing the deduplication process.
2016-03-03 10:23 AM
I did some more testing and I believe this is because vsadmin doesn't have permission to access system-cli by default.
2016-03-03 10:54 AM
Yep...vsadmin can't use sis-enable or system-cli apis without modifying permissions.
You can enable the volume efficiency permissions for vsadmin using this ClusterShell command:
security login role modify -vserver mySVM -role vsadmin -cmddirname "volume efficiency" -access all
The default access level is "none" if you want to reset it.
2016-03-03 11:08 AM
You can't modify a pre-defined role.
security login role modify -vserver myvserver -role vsadmin -cmddirname "volume efficiency" -access all
Error: command failed: Cannot modify pre-defined roles.
And it isn't practical for me to add another role / account. Which is how I ended up with system-cli, which doesn't work for me.