Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm trying to do discovery for E-Series in ServiceNow. ONTAPs were easy, added local SSH user on each ONTAP and gave credentials to ServiceNow, it worked (except it treats SVMs as assets), but I don't know what to do with E-Series.
I tried to install E-Series SMI-S Provider on my test server, so that I can do this: https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/reference/r_DataCollDiscoStorageviaSMISCIM.html
Does anybody please have a step-by-step manual to how to make the SMI-S provider work on a Windows system? I always do something wrong, the Installation and Configuration Guide is not very clear. I chose not to use authentication during testing. All our storages are password protected, so think I shouldn't specify any during installation and add them later with ArrayMgmtUtil. That, if run in interactive mode, asks for user and password. So I tried adding a user using cimuser -a -u <cimuser> -w <password>. It refuses to do so until there's a local user on the system, but password shorter than 8 characters, which conflicts with our password policy. Does the password for the user in SMI-S have to be the same as system password?
I got the thing partially working last night, was able to do queries using cimcli, but now I broke it again. I'd like it to:
1] run over HTTPS using custom certificate with
2] user + password and
3] reachable from outside with any tool which can talk CIM, plus
4] do a query with PowerShell. BTW, I can't find module SMISConfig mentioned in the guide.
I'd very much appreciate ideas/help from somebody who has successfully set up the E-Series SMI-S Provider and is able to pull data from it into another system.
Thanks,
Karel
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So here's another attempt, putting here all steps I tried:
1. created local user CIMtest, password in my KeePass, member of Users group (not Administrators), but ran the installation with {my_domain_account}
2. running installer: not adding any storage, adding user CIMtest with 5 char password (last 5 of above, hoping the application password has nothing to do with system password), user added successfully, adding firewall exclusions
3. checking services, cimserver running, slpd stoppe
PS C:\Users\{my_domain_account}> get-service -Name cimserver
Status Name DisplayName
------ ---- -----------
Running cimserver Pegasus CIM Object Manager
PS C:\Users\{my_domain_account}> get-service -Name slpd
Status Name DisplayName
----- ---- -----------
Stopped slpd Service Location Protocol
4. Start slpd service
PS C:\Users\{my_domain_account}> Start-Service -Name slp
PS C:\Users\{my_domain_account}> Get-Service -Name slpd
Status Name DisplayName
------ ---- -----------
Running slpd Service Location Protocol
5. Setting slp=true in cimconfig
PS C:\Users\{my_domain_account}> cimconfig -s slp=true -p
PS C:\Users\{my_domain_account}> cimconfig -g slp
Failed to get the config property.
HTTP Error (400 Bad Request): Detail = "Authorization header error".
PS C:\Users\{my_domain_account}> cimconfig -g slp
Current value: false
PS C:\Users\{my_domain_account}> Restart-Service -Name cimserver
PS C:\Users\{my_domain_account}> Get-Service -Name cimserver
Status Name DisplayName
------ ---- -----------
Running cimserver Pegasus CIM Object Manager
PS C:\Users\{my_domain_account}> cimconfig -g slp
Current value: false
PS C:\Users\{my_domain_account}> cimconfig -s slp=true
CIM_ERR_ACCESS_DENIED: Must be a privileged user to do this CIM operation.
PS C:\Users\{my_domain_account}> cimuser -l
CIM_ERR_ACCESS_DENIED: Superuser authority is required to run this CIM operation.
PS C:\Users\{my_domain_account}> cimconfig -g enableAuthentication
Current value: true
Oh… so adding the user also turned authentication on. If we didn't add a user, would it remain off by default?
6. Trying local user to RDP
a. FAIL! User not allowed to RDP.
7. Added user to Remote Desktop Users
a. allowed to log in
b. trying to list CIM users
PS C:\Users\CIMtest> cimuser -l
CIM_ERR_ACCESS_DENIED: Superuser authority is required to run this CIM operation.
8. Removed user from Remote Desktop Users and added into local Administrators group instead (I'll be contacted by security tomorrow), new RDP sesssion and try the same as above
AHA! User must be a local system administrator, wasn't mentioned in the manual:
PS C:\Users\CIMtest> cimuser -l
CIMtest
PS C:\Users\CIMtest> cimconfig -s slp=true -p
Planned value for the property slp is set to "true" in CIMServer.
PS C:\Users\CIMtest> Restart-Service -Name cimserver
PS C:\Users\CIMtest> cimconfig -g slp
Current value: true
Should I have then added myself in step 2?
9. Back in {my_domain_account} account:
a. Let's see if I can see the service
PS C:\Users\{my_domain_account}> slptool findsrvtypes
service:wbem:http
service:wbem:https
PS C:\Users\{my_domain_account}> Search-SmisProvider
AbsolutePath : /
AbsoluteUri : http://{management_station}.{company_domain}:5988/
LocalPath : /
Authority : {management_station}.{company_domain}:5988
HostNameType : Dns
IsDefaultPort : False
IsFile : False
IsLoopback : False
PathAndQuery : /
Segments : {/}
IsUnc : False
Host : {management_station}.{company_domain}
Port : 5988
Query :
Fragment :
Scheme : http
OriginalString : HTTP://{management_station}.{company_domain}:5988
DnsSafeHost : {management_station}.{company_domain}
IdnHost : {management_station}.{company_domain}
IsAbsoluteUri : True
UserEscaped : False
UserInfo :
AbsolutePath : /
AbsoluteUri : https://{management_station}.{company_domain}:5989/
LocalPath : /
Authority : {management_station}.{company_domain}:5989
HostNameType : Dns
IsDefaultPort : False
IsFile : False
IsLoopback : False
PathAndQuery : /
Segments : {/}
IsUnc : False
Host : {management_station}.{company_domain}
Port : 5989
Query :
Fragment :
Scheme : https
OriginalString : HTTPS://{management_station}.{company_domain}:5989
DnsSafeHost : {management_station}.{company_domain}
IdnHost : {management_station}.{company_domain}
IsAbsoluteUri : True
UserEscaped : False
UserInfo :
Very well, I can see published service with both slptool and Search-SmisProvider.
Command 'cimcli ns' takes long, but eventually shows namespaces. If tried in CIMtest user's account, it shows them immediately... okay, so let's try how things work in different accounts.
10. Back in CIMtest's account:
a. PS C:\Users\CIMtest> ArrayMgmtUtil -AddArray -l <management_station's_IP>:5988 -n root/netapp/santricity -u CIMtest -p {application_password} -ArrayIP <first_storage's_IP> -ArrayPass {array_password}
i. FAIL, but I’m doing it locally as CIMtest user and the [-l <CIMOM Host IP:CIMOMPort>] looks like I don't need to use it. Let's see…
b. PS C:\Users\CIMtest> ArrayMgmtUtil -AddArray -n root/netapp/santricity -u CIMtest -p {application_password} -ArrayIP <first_storage's_IP> -ArrayPass {array_password}
i. FAIL, but I'm doing it locally as CIMtest user and [-u <CIMOM User> -p <password>] looks like I don't need it either. Let's try…
c. PS C:\Users\CIMtest> ArrayMgmtUtil -AddArray -n root/netapp/santricity -ArrayIP <first_storage's_IP> -ArrayPass {array_password}
i. FAIL, heck, I have enough, let's go to interactive mode…
d. PS C:\Users\CIMtest> ArrayMgmtUtil
Enter CIMOM IP address:{management_station}
Enter CIMOM Port:5988
Enter CIMOM user name:CIMtest
Enter CIMOM user password:{application_password}
Do you want to use secure connection? [y/n]:n
Do you want to use SSL certificate? [y/n]:n
1. Add Array
2. Add Host
3. Remove Array
4. Remove Host
5. Get Snapshot Volume Repository Size
6. Set Snapshot Volume Repository Size
7. Get Snapshot Group Repository Size
8. Set Snapshot Group Repository Size
9. Exit
Enter your choice:1
Enter storage array IP address:{first_storage's_IP}
Is this storage array password protected? [y/n]:y
Enter storage array password:{array_password}
Storage array added successfully
addedSystem //{management_station}/root/netapp/santricity:NETAPP_StorageSystem.CreationClassName="NETAPP_StorageSystem",Name="{first_array_ID}"
11. Back in {my_domain_account} account, trying to add a second storage:
a. ArrayMgmtUtil -AddArray -l <management_station's_IP>:5988 -u CIMtest -p {application_password} -n root/netapp/santricity -ArrayIP {first_storage's_IP} -ArrayPass {array_password}
i. FAIL, going straight to interactive mode
b. PS C:\Users\{my_domain_account}> ArrayMgmtUtil
Enter CIMOM IP address:{management_station}
Enter CIMOM Port:5988
Enter CIMOM user name:CIMtest
Enter CIMOM user password:{application_password}
Do you want to use secure connection? [y/n]:n
Do you want to use SSL certificate? [y/n]:n
1. Add Array
2. Add Host
3. Remove Array
4. Remove Host
5. Get Snapshot Volume Repository Size
6. Set Snapshot Volume Repository Size
7. Get Snapshot Group Repository Size
8. Set Snapshot Group Repository Size
9. Exit
Enter your choice:1
Enter storage array IP address:{second_storage's_IP}
Is this storage array password protected? [y/n]:y
Enter storage array password:{array_password}
Storage array added successfully
addedSystem //{management_station}/root/netapp/santricity:NETAPP_StorageSystem.CreationClassName="NETAPP_StorageSystem",Name="{second_array_ID}"
OH! I am able to add a storage in {my_domain_account} account using the the CIMtest user and password!
12. Trying to count how many storage systems are registered with 'cimcli cci -n root/netapp/santricity NETAPP_StorageSystem' (tried first in my account)
a. takes time in my account
b. immediate response in CIMtest's account
13. Trying to see details of the storages with 'cimcli ei -n root/netapp/santricity NETAPP_StorageSystem' (tried first in CIMtest's account)
a. immediate response in CIMtest's account
b. takes time in my account
14. What if, what if, what if I add myself into the CIMOM users? (trying in CIMtest's account)
FAIL!
PS C:\Users\CIMtest> cimuser -a -u {my_domain_account} -w {my_domain_password}
Failed to add user.
CIM_ERR_FAILED: The specified user is not a valid user on the local system, user name: {my_domain_account}
OH! Domain users will always have it hard here…
15. Back in {my_domain_account} account, tring combinatons of CIMtest's account and local system password and application password. Let's see if I can register the SMIS provider with PowerShell:
PS C:\Users\{my_domain_account}> Register-SmisProvider -ConnectionUri http://{management_station}.{company_domain}:5988/
cmdlet Register-SmisProvider at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Credential => Tried CIMtest user and application password.
Register-SmisProvider : Internal Error.
At line:1 char:1
+ Register-SmisProvider -ConnectionUri http://{management_station}.{company_domain}:59 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Register-SmisProvider], CimException
+ FullyQualifiedErrorId SmisConfigProv_GenericFailure,Microsoft.Windows.StorageManagementService.Configuration.Cmdlets.RegisterSmisProviderCommand
PS C:\Users\{my_domain_account}> Register-SmisProvider -ConnectionUri http://{management_station}.{company_domain}:5988/
cmdlet Register-SmisProvider at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Credential => Tried CIMtest user and server password.
Register-SmisProvider : Access is denied.
At line:1 char:1
+ Register-SmisProvider -ConnectionUri http://{management_station}.{company_domain}:59 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (:) [Register-SmisProvider], CimException
+ FullyQualifiedErrorId : HRESULT 0x80070005,Microsoft.Windows.StorageManagementService.Configuration.Cmdlets.RegisterSmisProviderCommand
PS C:\Users\{my_domain_account}> Register-SmisProvider -ConnectionUri {management_station}.{company_domain}:5988
cmdlet Register-SmisProvider at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Credential
Register-SmisProvider : Internal Error.
At line:1 char:1
+ Register-SmisProvider -ConnectionUri {management_station}.{company_domain}:5988
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Register-SmisProvider], CimException
+ FullyQualifiedErrorId : SmisConfigProv_GenericFailure,Microsoft.Windows.StorageManagementService.Configuration.Cmdlets.RegisterSmisProviderCommand
After this I closed the lid of my laptop and went to bed.