Cloud Insights

Cloud Insight Isilon Data Collector Error 8.0.0.4 - Status Code 201

DRED-NBCU
630 Views

Trying to configure a Dell Isilon Rest collector for Isilon at code level 8.0.0.4....CI user all set-up with correct permissions on Isilon - receive error "Configuration: Data Source test failed - Authentication failed :Did not receive one or more expected auth cookies isisessid,isicsrf. Status code 201." Any help gratefully received

1 ACCEPTED SOLUTION

ostiguy
622 Views

That is an Old Timey Isilon OneFS release - its REST implementation was a little.... interesting.

 

One of the things Isilon did in those early 8.0.0.x releases was drop in some HTTP hardening stuff: I believe that some early 8.0.0.x OneFS do not have CSRF support, but then on a certain release, you must pass some CSRF hardening attributes in your requests.

 

CI is going to default to doing that CSRF stuff because most folks are on OneFS > 8.0.0.x

 

We have an "Expert" property that allows this stuff to be disabled for a given array - it may be that 8.0.0.4 needs that.

 

Finally, I would recommend saving the collector and letting it run - our "test" code is not necessarily identical to what we do at runtime for various reasons - we as a rule try to knock down the most common misconfiguration aspects with our test functionality, but we don't necessarily test for every possible situation - it may well be that given how old 8.0.0.x is, we are not testing properly for those non-CSRF releases that are > 5 years old

 

https://www.dell.com/community/en/conversations/isilon/api-auth-changes-with-recent-security-patches-anti-csrf-token/647f798ef4ccf8a8de7abd78

 

 

 

 

View solution in original post

3 REPLIES 3

ostiguy
623 Views

That is an Old Timey Isilon OneFS release - its REST implementation was a little.... interesting.

 

One of the things Isilon did in those early 8.0.0.x releases was drop in some HTTP hardening stuff: I believe that some early 8.0.0.x OneFS do not have CSRF support, but then on a certain release, you must pass some CSRF hardening attributes in your requests.

 

CI is going to default to doing that CSRF stuff because most folks are on OneFS > 8.0.0.x

 

We have an "Expert" property that allows this stuff to be disabled for a given array - it may be that 8.0.0.4 needs that.

 

Finally, I would recommend saving the collector and letting it run - our "test" code is not necessarily identical to what we do at runtime for various reasons - we as a rule try to knock down the most common misconfiguration aspects with our test functionality, but we don't necessarily test for every possible situation - it may well be that given how old 8.0.0.x is, we are not testing properly for those non-CSRF releases that are > 5 years old

 

https://www.dell.com/community/en/conversations/isilon/api-auth-changes-with-recent-security-patches-anti-csrf-token/647f798ef4ccf8a8de7abd78

 

 

 

 

DRED-NBCU
607 Views

Ostiguy, many thanks for such a prompt detailed reply...I did check here Cloud Insights Data Collector Support Matrix (netapp.com) and that suggests the isi code level is supported as per the screenshot hence why I posted...I will try saving and letting it run to see what happens then report back...we will be upgrading the isilon in question very soon as we have just acquired (Upgrade will/should fix the issue)

DRED-NBCU
443 Views

Solution worked, many thanks Ostiguy 🤗👌👍

Public