The community is undergoing maintenance and is in Read-Only mode. Click to learn more.

Ask The Experts

unable to connect NetApp Harvest to FAS2650

axsys

hi all,

 

We are having issues connecting NetApp Harvest to a cluster on one of our remote sites.  This site has a relatively new pair of FAS2650 filers.... we have already implemented Harvest successfully elsewhere.

 

We already ran these commands as taken from NetApp Harvest documtation, on the target filer.....

security login role create -role netapp-harvest-role -access readonly -cmddirname "version"

security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster identity show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "system node show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "statistics"

security login role create -role netapp-harvest-role -access readonly -cmddirname "lun show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "network interface show"

security login role create -role netapp-harvest-role -access readonly -cmddirname "qos workload show"

security certificate install -type client-ca -vserver vserver_name

 

-----BEGIN CERTIFICATE-----

certificate was pasted here....

-----END CERTIFICATE-----

 

security ssl modify -client-enabled true -vserver vserver_name

security login create -user-or-group-name netapp-harvest -application ontapi -role netapp-harvest-role -authmethod cert

 

We then recieved these messages/errors:

[2018-11-27 17:23:39] [NORMAL ] WORKER STARTED [Version: 1.4] [Conf: netapp-harvest.conf] [Poller: filer_name]

[2018-11-27 17:23:39] [NORMAL ] [main] Poller will monitor a [FILER] at [ip_address:443]

[2018-11-27 17:23:39] [NORMAL ] [main] Poller will use [ssl_cert] authentication with ssl_cert [netapp-harvest.pem] and ssl_key [netapp-harvest.key]

[2018-11-27 17:23:39] [WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: Server returned HTTP Error:

[2018-11-27 17:23:39] [WARNING] [main] system-info update failed; will try again in 10 seconds.

 

Curl output:

[root@ ~]# curl  -H "Accept: application/json" "https://IP_address"--insecure -v

* About to connect() to IP_address port 443 (#0)

*   Trying IP_address...

* Connected to IP_address (IP_address) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* skipping SSL peer certificate verification

* NSS error -12156 (SSL_ERROR_WEAK_SERVER_CERT_KEY)

* The server certificate included a public key that was too weak.

* Closing connection 0

curl: (35) The server certificate included a public key that was too weak.

 

Any advice/suggestions would be very much appreciated!  thanks....

1 REPLY 1

vachagan_gratian

Hi Axsys,

 

I am not familiar with authentication algorithms, from what I found on the web it seems like your client and server are trying to exchange public keys of different lengths (512 bit vs 1024 bit).

 

Did you try to use login/password as authentication instead of certificate?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public