Active IQ Unified Manager Discussions

WFA - Add system to OCUM/DFM

tomkai
6,087 Views

Hi,

 

i'm currently building some workflows to do a complete setup for Ontap Select. Basic deployment and setup is working. But at some point i want to resue existing commands which have finders and need the new deployed system added to OCUM. How can this be done?

I tried it with:

 

um datasource add -U 'UUUUU' -P 'XXXXX' hostname

 

But then the CLI asks interactivley to accept the certificate.

 

Host xxxxxxxyou specified has identified itself with a self-signed certificate
 
          Issuing Host : XXXXXXXXXXXXX
           Validity : From Fri May 04 16:34:56 CEST 2018 To Sat May 04 16:34:56 CEST 2019
Do you want to trust this certificate? (y/n)

 

I tried some PowerShell send keys, but this was not successfull,e.g:

 

$scriptBlock = {
$wshell = New-Object -ComObject wscript.shell
um datasource add -U 'xxx' -P 'XXXX' hostname
$wshell.SendKeys('Y')
}

Invoke-Command -ComputerName ocumhost -ScriptBlock $scriptBlock

 

 

Is there a way (CLI, powershell, Rest...) to add clusters to OCUM without interaction?

We're using OCUM 7.3

13 REPLIES 13

geringer
5,984 Views

Tomkai,

 

   I recall having a similar issue.  If you are usung the Invoke-NcSsh Ontap pwershell command, then I would suggest you look at the CommonParameters options.  I thikn the one you are interested in is -Confirm.  Let me know how this goes as I am also working on a workflow that needs a new volume discovered in OCUM, and then I am trying to annotate that volume.

 

 

 

sinhaa
5,945 Views

@tomkai @geringer

 

Unix systems allow piping a input to a prompt. You can try below. This works in automation scripts trying a remote connection too.

 

y|um datasource add -U 'UUUUU' -P 'XXXXX' hostname

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

kirana
5,881 Views

hi,

 

Another approach would be to use -t http for the parameter in the commandline for 'um datasource add'. The downside of this is that the channel would be unencrypted.

 

um datasource add -U <username> -P <password> [ -t <protocol> ][ -p <port> ] <hostname-or-ip> ...

 

mbeattie
5,855 Views

Hi,

 

There is an OCUM ZAPI named "datasource-add" which enables you to add a new datasource for connecting to a cluster and "datasource-object-discover" for cluster discovery. There is also a certified WFA command called "Refresh cluster on OnCommand Unified Manager server" written in PERL. As your coding in PowerShell you might want to download the NMSDK and use ZExplore to browse the OCUM ZAPI's in C#.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mbeattie
5,834 Views

Hi Tom,

 

I had a quick look, i haven't had a chance to test this code yet however I think the WFA command code in PowerShell would look something like this:

 

#'------------------------------------------------------------------------------
Param(
   [Parameter(Mandatory = $True, HelpMessage = "The name or IP Address of the cluster")]
   [String]$Cluster,
   [Parameter(Mandatory = $True, HelpMessage = "The name or FQDN of the OCUM Server")]
   [String]$HostName,
   [Parameter(Mandatory=$True, HelpMessage="The username of the account used to add the cluster to OCUM")]
   [String]$AdminUserName, 
   [Parameter(Mandatory=$True, HelpMessage="The password for the account used to add the cluster to OCUM")]
   [Alias("AdminPassword_Password")]
   [String]$AdminPassword
)
#'------------------------------------------------------------------------------
#'Create a ZAPI connection to the OCUM server.
#'------------------------------------------------------------------------------
$credentials = Get-WfaCredentials $HostName
$naServer    = New-WfaZapiServer -Host $HostName -Type DFM -Credentials $credentials
#'------------------------------------------------------------------------------
If($naServer -eq -1){
   Throw "Failed creating ZAPI connection to OCUM server ""$HostName"""
}
Try{
   $naElement = New-Object NetApp.Manage.naElement("datasource-add")
   $naElement.AddNewChild("hostname-or-ip", $Cluster);
   $naElement.AddNewChild("username", $AdminUserName);
   $naElement.AddNewChild("password", $AdminPassword);
   [Xml]$output = $naServer.InvokeElem($naElement)
   Get-WFALogger -Info -Message "Added cluster ""$Cluster"" to OCUM Server ""$HostName"""
}Catch{
   Get-WFALogger -Error -Message $("Failed adding cluster ""$Cluster"" to OCUM Server ""$HostName"". Error " + $_.Exception.Message)
   Throw "Failed adding cluster ""$Cluster"" to OCUM Server ""$HostName"""
}
#'------------------------------------------------------------------------------

You would need to add the admin credentials for your OCUM server to WFA (which the command then retrieves from the cache so it can authenticate to OCUM) then attempts to invoke the "datasource-add" OCUM ZAPI. If you had standard cluster admin credentials you could also add them to the WFA crdential cache and retrive them to negate the requirement to provide them as a user input.

 

Hope this helps

 

/Matt

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

tomkai
5,729 Views

Hi,

 

thx for all the input, i'll have a try with the OCUM ZAPI, sounds promising.

I'll post an update

mbeattie
5,745 Views

Hi,

 

I had a chance to test this and got it working successfully to add your clusters as an OCUM datasource. Here is the updated code:

 

#'------------------------------------------------------------------------------
Param(
   [Parameter(Mandatory = $True, HelpMessage = "The name or IP Address of the cluster")]
   [String]$Cluster,
   [Parameter(Mandatory = $True, HelpMessage = "The name or FQDN of the OCUM Server")]
   [String]$Hostname,
   [Parameter(Mandatory=$False, HelpMessage="The username of the account used to add the cluster to OCUM")]
   [String]$AdminUserName, 
   [Alias("AdminPassword_Username")]
   [Parameter(Mandatory=$False, HelpMessage="The password for the account used to add the cluster to OCUM")]
   [Alias("AdminPassword_Password")]
   [String]$AdminPassword
)
#'------------------------------------------------------------------------------
#'Disable certificate CRL check and set TLS.
#'------------------------------------------------------------------------------
[System.Net.ServicePointManager]::CheckCertificateRevocationList = $False;
Add-Type @"
   using System;
   using System.Net;
   using System.Net.Security;
   using System.Security.Cryptography.X509Certificates;
   public class ServerCertificateValidationCallback
   {
      public static void Ignore()
      {
         ServicePointManager.ServerCertificateValidationCallback += 
         delegate
         (
            Object obj, 
            X509Certificate certificate, 
            X509Chain chain, 
            SslPolicyErrors errors
         )
      {
         return true;
      };
   }
}
"@
[ServerCertificateValidationCallback]::Ignore();
[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")
#'------------------------------------------------------------------------------
#'Create a ZAPI connection to the OCUM server.
#'------------------------------------------------------------------------------
$credentials = Get-WfaCredentials $Hostname
$naServer    = New-WfaZapiServer -Host $Hostname -Type DFM -Credentials $credentials
#'------------------------------------------------------------------------------
#'Exit if the OCUM ZAPI connection failed.
#'------------------------------------------------------------------------------
If($naServer -eq -1){
   Throw "Failed creating ZAPI connection to OCUM server ""$Hostname"""
}
#'------------------------------------------------------------------------------
#'Ensure the OCUM ZAPI port defaults to 443 (if set to 8488).
#'------------------------------------------------------------------------------
If($naServer.GetType().Name -ne "NaServer"){
   Get-WFALogger -Error -Message $("The ""New-WFAZapiServer"" Function returned the object type """ + $naServer.GetType().Name + """")
   Throw "The ""New-WFAZapiServer"" Function failed"
}Else{
   Get-WFALogger -Info -Message $("Created """ + $naServer.GetType().Name + """ object")
   Get-WFALogger -Info -Message $("Port = "                          + $naServer.Port)
   Get-WFALogger -Info -Message $("ServerType = "                    + $naServer.ServerType)
   Get-WFALogger -Info -Message $("Style = "                         + $naServer.Style)
   Get-WFALogger -Info -Message $("TransportType = "                 + $naServer.TransportType)
   Get-WFALogger -Info -Message $("TimeOut = "                       + $naServer.TimeOut)
   Get-WFALogger -Info -Message $("DebugStyle = "                    + $naServer.DebugStyle)
   Get-WFALogger -Info -Message $("Snoop = "                         + $naServer.Snoop)
   Get-WFALogger -Info -Message $("ServerCertificateVerification = " + $naServer.ServerCertificateVerification)
   Get-WFALogger -Info -Message $("HostnameVerification = "          + $naServer.HostnameVerification)
   If($naServer.Port -ne 443){
      Get-WFALogger -Info -Message $("Updating port number from " + $naServer.Port + " to 443")
      $naServer.Port = 443
   }
}
#'------------------------------------------------------------------------------
#'Enumerate cluster credentials if not provided.
#'------------------------------------------------------------------------------
[Bool]$CredentialsProvided = $False
If(([String]::IsNullOrEmpty($AdminUserName)) -Or ([String]::IsNullOrEmpty($AdminPassword))){
   Get-WFALogger -Info -Message "Credentials for ""$Cluster"" were not provided. Checking WFA Credential Cache"
   Try{
      $ocumCredentials = Get-WfaCredentials $Cluster -ErrorAction Stop
   }Catch{
      Get-WFALogger -Error -Message $("Failed enumerating WFA credentials for ""$Cluster"". Error " + $_.Exception.Message)
   }
   If($ocumCredentials){
      $username = $ocumCredentials.GetNetworkCredential().Username
      $password = $ocumCredentials.GetNetworkCredential().Password
      If(([String]::IsNullOrEmpty($username)) -Or ([String]::IsNullOrEmpty($password))){
         Throw "The WFA Crednentials for ""$Cluster"" are invalid"
      }
   }Else{
      Throw "Failed enumerating WFA credentials for ""$Cluster"""
   }
}Else{
   [Bool]$CredentialsProvided = $True
}
#'------------------------------------------------------------------------------
#'Add the cluster to OCUM.
#'------------------------------------------------------------------------------
Get-WFALogger -Info -Message "Adding cluster ""$Cluster"" to OCUM Server ""$HostName"""
Try{
   $naElement = New-Object NetApp.Manage.naElement("datasource-add")
   $naElement.AddNewChild("hostname-or-ip", $Cluster);
   If($CredentialsProvided){
      $naElement.AddNewChild("username", $AdminUserName);
      $naElement.AddNewChild("password", $AdminPassword);
   }Else{
      $naElement.AddNewChild("username", $username);
      $naElement.AddNewChild("password", $password);
   }
   $results = $NaServer.InvokeElem($naElement)
   Get-WFALogger -Info -Message "Added cluster ""$Cluster"" to OCUM Server ""$HostName"""
}Catch{
   Get-WFALogger -Error -Message $("Failed adding cluster ""$Cluster"" to OCUM Server ""$HostName"". Error " + $_.Exception.Message)
   Throw "Failed adding cluster ""$Cluster"" to OCUM Server ""$HostName"""
}
#'------------------------------------------------------------------------------

Hope that helps

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

tomkai
5,724 Views

Hi Matt,

 

thx for this code. Works fine. I had nearly the same, but got stuck most propably with that certificate stuff. Now it works and i'm able to add the system to OCUM at the end of the workflow.

Do you also have an idea how can i find out if the cluster is added completly (not in discovery phase anymore)?

I tried someting with

<?xml version="1.0" encoding="UTF-8"?>
<netapp  xmlns="http://www.netapp.com/filer/admin" version="1.0">
  <cluster-iter>
    <max-records></max-records>
    <resource-filter><cluster-name>name</cluster-name></resource-filter>
    <tag></tag>
  </cluster-iter>
</netapp>

But this wont work.

 

Thankx anyway

mbeattie
5,236 Views

Hi Tom,

 

The OCUM ZAPI is 'cluster-iter' (supported API). To list all clusters call the API with max-records property:

 

<?xml version="1.0" encoding="UTF-8"?>
<netapp  xmlns="http://www.netapp.com/filer/admin" version="1.0">
  <cluster-iter>
    <max-records>10</max-records>
    <tag></tag>
  </cluster-iter>
</netapp>

Example output:

 

<?xml version='1.0' encoding='UTF-8'?><netapp xmlns="http://www.netapp.com/filer/admin" version="1.0">

    <!-- Output of cluster-iter [Execution Time: 330 ms] -->
	<results status='passed'>
		<num-records>1</num-records>
		<records>
			<cluster-info>
				<cluster-address>cluster1.testlab.local</cluster-address>
				<cluster-diagnosis-status>ok</cluster-diagnosis-status>
				<cluster-name>cluster1</cluster-name>
				<cluster-status>Normal</cluster-status>
				<cluster-version>9.1</cluster-version>
				<datasource-id>1</datasource-id>
				<last-update-time>1526605070</last-update-time>
				<licenses>
					<license>
						<description>CIFS License</description>
						<owner-name>testc1n1</owner-name>
						<owner-resource-key>c5143e82-4e8c-11e8-a4fa-005056ac74ec:type=cluster_node,uuid=3e0e628d-4e82-11e8-82a6-f1596ddbfe6d</owner-resource-key>
						<owner-type>cluster_node</owner-type>
						<package-name>cifs</package-name>
						<serial-number>1-81-0000000000000004082368511</serial-number>
					</license>
					<license>
						<description>Cluster Base License</description>
						<owner-name>cluster1</owner-name>
						<owner-resource-key>c5143e82-4e8c-11e8-a4fa-005056ac74ec:type=cluster,uuid=c5143e82-4e8c-11e8-a4fa-005056ac74ec</owner-resource-key>
						<owner-type>cluster</owner-type>
						<package-name>base</package-name>
						<serial-number>1-80-000008</serial-number>
					</license>
					<license>
						<description>NFS License</description>
						<owner-name>testc1n1</owner-name>
						<owner-resource-key>c5143e82-4e8c-11e8-a4fa-005056ac74ec:type=cluster_node,uuid=3e0e628d-4e82-11e8-82a6-f1596ddbfe6d</owner-resource-key>
						<owner-type>cluster_node</owner-type>
						<package-name>nfs</package-name>
						<serial-number>1-81-0000000000000004082368511</serial-number>
					</license>
					<license>
						<description>SnapMirror License</description>
						<owner-name>testc1n1</owner-name>
						<owner-resource-key>c5143e82-4e8c-11e8-a4fa-005056ac74ec:type=cluster_node,uuid=3e0e628d-4e82-11e8-82a6-f1596ddbfe6d</owner-resource-key>
						<owner-type>cluster_node</owner-type>
						<package-name>snapmirror</package-name>
						<serial-number>1-81-0000000000000004082368511</serial-number>
					</license>
					<license>
						<description>iSCSI License</description>
						<owner-name>testc1n1</owner-name>
						<owner-resource-key>c5143e82-4e8c-11e8-a4fa-005056ac74ec:type=cluster_node,uuid=3e0e628d-4e82-11e8-82a6-f1596ddbfe6d</owner-resource-key>
						<owner-type>cluster_node</owner-type>
						<package-name>iscsi</package-name>
						<serial-number>1-81-0000000000000004082368511</serial-number>
					</license>
				</licenses>
				<resource-key>c5143e82-4e8c-11e8-a4fa-005056ac74ec:type=cluster,uuid=c5143e82-4e8c-11e8-a4fa-005056ac74ec</resource-key>
				<serial-number>1-80-000008</serial-number>
			</cluster-info>
		</records>
	</results>
</netapp>

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa
5,706 Views

@mbeattie @tomkai

 

$naElement = New-Object NetApp.Manage.naElement("datasource-add")

IIRC this API is not officially supported  API. Is it now?

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mbeattie
5,275 Views

 

@sinhaa

 

That's correct, the "datasource-add" isn't a "officially" supported API, but then again neither is the "dfm-about" API and that's called within functions in the "WFAWrapper.psm1" (which is supported as a component of WFA). If WFA engineering choose to use unsupported API's in WFA then why not use them WFA custom commands? (which aren't supported either)

There is no WFA certified (supported) command to add a cluster to OCUM so ultimately a custom command need to be created (which isn't supported).

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa
5,257 Views

@mbeattie

 

Matt,

 

I'll give my opinion on this.

 

WFAWrapper is an internal module of WFA, it doesn't recommend/expose/ask the users to use any APIs. If the api used by the module are discontinued/broken in future the responsibility will be with WFA to fix the module. Its still internal to WFA.

 

There are always hidden/internal apis for most SW which are not available to public use, and they all have valid reasons. In my view I would not recommend any un-documented api to be used by NetApp customer. They can be removed, or modified in future without any notice.

 

And here we do have an alternative i.e. to use the CLI which is officially documented. I had given how to bypass the prompt for self-signed certificate. So using CLI would be my recommended way.

 

 

 

sinhaa

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mbeattie
5,234 Views

@sinhaa

 

Fair call, that's absolutely understandable. Certainly it is possible (and is definatley the "supported" solution) to use the SSH command as you've suggested:

 

y|um datasource add -U 'UUUUU' -P 'XXXXX' hostname

However if customers wanted to automate that process (using WFA for exampe) they will have to create a custom WFA command (regardless if they use the above method it wouldn't be supported unless released by WFA engineering as a certified command).

 

When developing automation i'd always recommend using API's in preference to SSH CLI commands (definately avoid screen scraping CLI output). Instead of having to rely on CLI output to determine success\failure of adding the datasource you can in invoke the "datasource-add" ZAPI then wait for job to complete and determine the status using:

 

  • job-iter
  • job-task-iter
  • job-wait-for-state

Ultimately API support is a NetApp OCUM\WFA engineering issue, however expecting customers to rely on a CLI and or UI as the only supported solution is a serioulsy outdated concept for modern application development (just my opinion)

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Public