Data Infrastructure Insights

cluster-identity-get failed

Stormont
2,275 Views

I originally had Data Collectors setup in Cloud Insights using cluster admin credentials.  I just followed the steps at https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions in the "Permissions when adding via Cluster Management IP:"  section and the cmddirs in the role that was created all match and the ssh and ontapi access were granted, but when I switched the credentials in the collector to this new account the collectors fail and I get this when I test the connection "Configuration: Failed to execute test command on device - NetApp ONTAP zapi communication failed: cluster-identity-get failed: Insufficient privileges: user 'csuser' does not have read access to this resource."

 

Oriole::> security login role show -vserver Oriole -role csrole
           Role          Command/                                      Access
Vserver    Name          Directory                               Query Level
---------- ------------- --------- ----------------------------------- --------
Oriole     csrole        DEFAULT                                       none
                         event catalog                                 all
                         event filter                                  all
                         event notification                            all
                         event notification destination                all
                         network interface                             readonly
                         security certificate                          all
                         version                                       readonly
                         volume                                        readonly
                         volume snapshot       -snapshot cloudsecure_* all
                         vserver                                       readonly
                         vserver fpolicy                               all
12 entries were displayed.
Oriole::> security login show -role csrole

Vserver: Oriole
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
csuser         ontapi      password      csrole           no     none
csuser         ssh         password      csrole           no     none
2 entries were displayed.
1 ACCEPTED SOLUTION

ostiguy
2,257 Views

That looks like the requirements doc for Workload Security aka Cloud Secure.

 

https://docs.netapp.com/us-en/cloudinsights/task_dc_na_cdot.html#ontap-power-metrics

 

This link should be more useful for the getting Cloud Insights collecting with a least privilege user

View solution in original post

2 REPLIES 2

ostiguy
2,258 Views

That looks like the requirements doc for Workload Security aka Cloud Secure.

 

https://docs.netapp.com/us-en/cloudinsights/task_dc_na_cdot.html#ontap-power-metrics

 

This link should be more useful for the getting Cloud Insights collecting with a least privilege user

Stormont
2,246 Views

Thank you!

Public