Solved: Re: Harvest tries to use ssl certs to login to OCUM

cprivitere · ‎2016-10-21

Hi there, while waiting for the new Harvest that supports OnTap 9 and OCUM 7, I'm at least getting the basic setup in place and ran into the following issue.

First, here's my config file:

##
## Configuration file for NetApp Harvest
##
## Create a section header and then populate with key/value parameters
## for each system to monitor. Lines can be commented out by preceding them
## with a hash symbol ('#'). Values in all capitals should be replaced with
## your values, all other values can be left as-is to use defaults
##
## There are two reserved section names:
## [global] - Global key/value pairs for installation
## [default] - Any key/value pairs specified here will be the default
## value for a poller should it not be listed in a poller section.
##
##
## Global reserved section
##
[global]
grafana_api_key = *****
grafana_url = https://localhost
grafana_dl_tag =
##
## Default reserved section
##
[default]
#====== Graphite server setup defaults ========================================
graphite_enabled = 1
graphite_server = localhost
graphite_port = 2003
graphite_proto = tcp
normalized_xfer = mb_per_sec
normalized_time = millisec
graphite_root = default
graphite_meta_metrics_root = default
#====== Polled host setup defaults ============================================
host_type = FILER
host_port = 443
host_enabled = 1
template = default
data_update_freq = 60
ntap_autosupport = 0
latency_io_reqd = 10
auth_type = ssl_cert
username = netapp-harvest
password = *****
ssl_cert = netapp-harvest.pem
ssl_key = netapp-harvest.key

##
## Monitored host examples - Use one section like the below for each monitored host
##
#====== 7DOT (node) or cDOT (cluster LIF) for performance info ================
#
[nascla]
hostname = nascla
site = verona
#====== OnCommand Unified Manager (OCUM) for cDOT capacity info ===============
#
[oncommand]
hostname = oncommand
site = verona
host_type = OCUM
data_update_freq = 900
normalized_xfer = gb_per_sec

And here's the trace from starting up the OCUM worker:

./netapp-worker -poller oncommand -v
[2016-10-21 16:16:19] [NORMAL ] WORKER STARTED [Version: 1.2.2] [Conf: netapp-harvest.conf] [Poller: oncommand]
[2016-10-21 16:16:19] [WARNING] Started in foreground mode; messages to STDERR are redirected to the logfile and are not visible on the console.
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [19] is Section [global]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [20] in Section [global] has Key/Value pair [grafana_api_key]=[*****=]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [21] in Section [global] has Key/Value pair [grafana_url]=[https://localhost]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [22] in Section [global] has Key/Value pair [grafana_dl_tag]=[]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [28] is Section [default]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [30] in Section [default] has Key/Value pair [graphite_enabled]=[1]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [31] in Section [default] has Key/Value pair [graphite_server]=[localhost]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [32] in Section [default] has Key/Value pair [graphite_port]=[2003]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [33] in Section [default] has Key/Value pair [graphite_proto]=[tcp]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [34] in Section [default] has Key/Value pair [normalized_xfer]=[mb_per_sec]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [35] in Section [default] has Key/Value pair [normalized_time]=[millisec]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [36] in Section [default] has Key/Value pair [graphite_root]=[default]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [37] in Section [default] has Key/Value pair [graphite_meta_metrics_root]=[default]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [40] in Section [default] has Key/Value pair [host_type]=[FILER]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [41] in Section [default] has Key/Value pair [host_port]=[443]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [42] in Section [default] has Key/Value pair [host_enabled]=[1]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [43] in Section [default] has Key/Value pair [template]=[default]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [44] in Section [default] has Key/Value pair [data_update_freq]=[60]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [45] in Section [default] has Key/Value pair [ntap_autosupport]=[0]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [46] in Section [default] has Key/Value pair [latency_io_reqd]=[10]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [47] in Section [default] has Key/Value pair [auth_type]=[ssl_cert]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [48] in Section [default] has Key/Value pair [username]=[netapp-harvest]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [49] in Section [default] has Key/Value pair [password]=[**********]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [50] in Section [default] has Key/Value pair [ssl_cert]=[netapp-harvest.pem]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [51] in Section [default] has Key/Value pair [ssl_key]=[netapp-harvest.key]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [60] is Section [nascla]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [61] in Section [nascla] has Key/Value pair [hostname]=[nascla]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [62] in Section [nascla] has Key/Value pair [site]=[verona]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [66] is Section [oncommand]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [67] in Section [oncommand] has Key/Value pair [hostname]=[oncommand]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [68] in Section [oncommand] has Key/Value pair [site]=[verona]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [69] in Section [oncommand] has Key/Value pair [host_type]=[OCUM]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [70] in Section [oncommand] has Key/Value pair [data_update_freq]=[900]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [71] in Section [oncommand] has Key/Value pair [normalized_xfer]=[gb_per_sec]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [72] in Section [oncommand] has Key/Value pair [username]=[netapp-harvest]
[2016-10-21 16:16:19] [DEBUG ] [conf] Line [73] in Section [oncommand] has Key/Value pair [password]=[**********]
[2016-10-21 16:16:19] [NORMAL ] [main] Poller will monitor a [OCUM] at [oncommand:443]
[2016-10-21 16:16:19] [NORMAL ] [main] Poller will use [ssl_cert] authentication with ssl_cert [netapp-harvest.pem] and ssl_key [netapp-harvest.key]
[2016-10-21 16:16:19] [DEBUG ] [connect] Resolved hostname [oncommand] to IP address [10.142.48.238]
[2016-10-21 16:16:19] [DEBUG ] [connect] Reverse hostname lookup successful. Using HTTP/1.1 for communication.
[2016-10-21 16:16:19] [DEBUG ] [sysinfo] Updating system-info cache
[2016-10-21 16:16:20] [WARNING] [sysinfo] system-about API failed with reason: Authorization failed
[2016-10-21 16:16:20] [WARNING] [main] system-info update failed; will try again in 10 seconds.

As you can see, the netapp-worker thread is trying to use the ssl keys to try to log into the OCUM. That's not something you can do with OCUM (or if it is, I can't find a way to set it up and the Harvest Admin Guide doesn't mention it at all, even though it totally mentions using ssl certs for the OnTap login, which is something I'd like to keep).

Anyone have an idea on how to sort this out?

BONUS QUESTION

What drives the decision to use Harvest instead of the built-in posting to Graphite feature that OPM has nowadays? I got the impression from Insight that Harvest was the way to go, is that accurate?

madden · ‎2016-10-24

Hi @cprivitere

The [default] section sets the defaults for any pollers you create. The credentials stuff you have is this:

auth_type = ssl_cert
username = netapp-harvest
password = *****
ssl_cert = netapp-harvest.pem
ssl_key = netapp-harvest.key

So by default all pollers will use ssl_cert auth with ssl_cert and ssl_key as mentioned.

If you have a poller that needs something different, like OCUM that doesn't support ssl_cert, then you need to set it explicilty in that poller:

[oncommand]
hostname = oncommand
site = verona
auth_type = password
host_type = OCUM
data_update_freq = 900
normalized_xfer = gb_per_sec

With the above it will use password authentication and the username and password defined in the [default] section.

Regarding OPM external data provider vs. Harvest you can pick one. For simplicity (no other server or software needed) and support from the support centre then OPM is the way to go. But if you want much more counter details, 1 min granularity, roll-up of counters for easier analysis, and many default dashboards then Harvest is the way to go. It really depends on your use case....

Hope this helps!

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

View solution in original post

madden · ‎2016-10-24

Hi @cprivitere

The [default] section sets the defaults for any pollers you create. The credentials stuff you have is this:

auth_type = ssl_cert
username = netapp-harvest
password = *****
ssl_cert = netapp-harvest.pem
ssl_key = netapp-harvest.key

So by default all pollers will use ssl_cert auth with ssl_cert and ssl_key as mentioned.

If you have a poller that needs something different, like OCUM that doesn't support ssl_cert, then you need to set it explicilty in that poller:

[oncommand]
hostname = oncommand
site = verona
auth_type = password
host_type = OCUM
data_update_freq = 900
normalized_xfer = gb_per_sec

With the above it will use password authentication and the username and password defined in the [default] section.

Regarding OPM external data provider vs. Harvest you can pick one. For simplicity (no other server or software needed) and support from the support centre then OPM is the way to go. But if you want much more counter details, 1 min granularity, roll-up of counters for easier analysis, and many default dashboards then Harvest is the way to go. It really depends on your use case....

Hope this helps!

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

cprivitere · ‎2016-10-31

That did it, thank you Chris. You'll probably want to updated that section in the NetApp_Harvest_IAG_1.2.2.pdf guide so that others who are following it verbatim don't run into the same issue...or at least see that variable documented somewhere.

cprivitere · ‎2016-11-01

@madden wrote:
Hi @cprivitere

Regarding OPM external data provider vs. Harvest you can pick one. For simplicity (no other server or software needed) and support from the support centre then OPM is the way to go. But if you want much more counter details, 1 min granularity, roll-up of counters for easier analysis, and many default dashboards then Harvest is the way to go. It really depends on your use case....

@madden what I'm trying to get nailed down and don't see documented, is, if you follow the Graphite Grafana Quick Start 1.4 guide, whether you get different metrics or details available whether you use the OPM External Data Provider or Harvest to populate your Graphite. If they're the same then yeah of course I'd go with the supported option. But I can't find any details on what the differences are to me.

madden · ‎2016-11-01

Hi @cprivitere

For Harvest perf vs. OPM 'external data provider' I had this blog post that might help you decide which is best for you. Sorry, I should have shared this link the first time you asked the question!

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!