Subscribe

Volume Deduplication API Fail

I'm having trouble enabling deduplication (volume efficiency) though the Java API, although I suspect it's the same problem no matter what language you're using.  Essentially I'm running into this when I try to run "sis-enable":

 

Insufficient privileges: user 'vsadmin' does not have write access to this resource

 

When I look at the vsadmin role, sure enough it doesn't have volume efficiency enabled.  The bad part is, I can't modify the security attributes for a built in role, and I can't run this at the cluster level from the API.  This has been discussed on another post 2 years ago:

 

http://community.netapp.com/t5/Data-ONTAP-Discussions/How-to-grant-VServer-Admin-privs-to-enable-SIS-on-a-volume/m-p/60433/highlight/true#M14227

 

1) Create a new user and role just for this function... this isn't really going to work for me because of other security issues

2) Use 'system-cli' to get around the problem, but I can't seem to get this to work at all.  I decided to back off to the simplest command I can find:

 

NaElement request = new NaElement("system-cli");

NaElement args = new NaElement("args");

args.addNewChild("arg", "version");

request.addChildElem(args);

response = server.invokeElem(request);

 

And what I get back is:

<cli-result-value>0</cli-result-value>

 

... nothing

 

Anyone with an idea of how to enable deduplication through the API without having to create a new role / user?

In case it matters, I'm running CDOT 8.3.1 with manageontap-5.4

 

Re: Volume Deduplication API Fail

The output from the command is in the "cli-output" element, not "cli-result-value".

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Volume Deduplication API Fail

Here's the full output if the last was confusing:

 

<results status='passed'>

  <cli-output/>

  <cli-result-value>0</cli-result-value>

</results>

 

 

Can you post an example request just to get the system version?  That might help me form a query for managing the deduplication process.

Re: Volume Deduplication API Fail

I did some more testing and I believe this is because vsadmin doesn't have permission to access system-cli by default.

 

2016-03-03 13_20_14-Windows PowerShell ISE.png

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Volume Deduplication API Fail

Yes, that is my original problem.  So my workaround is to use system-cli but I can't get that to work either, even for a simple 'version' call.

Re: Volume Deduplication API Fail

Yep...vsadmin can't use sis-enable or system-cli apis without modifying permissions.

 

You can enable the volume efficiency permissions for vsadmin using this ClusterShell command:

 

security login role modify -vserver mySVM -role vsadmin -cmddirname "volume efficiency" -access all

 

The default access level is "none" if you want to reset it.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Volume Deduplication API Fail

You can't modify a pre-defined role.

 

---

security login role modify -vserver myvserver -role vsadmin -cmddirname "volume efficiency" -access all

 

Error: command failed: Cannot modify pre-defined roles.

 

---

 

And it isn't practical for me to add another role / account.  Which is how I ended up with system-cli, which doesn't work for me.