Microsoft Virtualization Discussions

Getting started with PSTK 9.11.1 and REST

StevePutre
475 Views

I have been attempting to get started with teh above version of PSTK, to get away from ZAPI and onto REST.  

 

I have set up a clean Windows environment and installed the PSTK module.

 

My test cluster is running OnTAP 9.10.1p8.  I can connect just fine to it using ZAPI; but when I try to use this version of the toolkit, I get 401 authorization error.  The user I am using has an admin role, so should have access to all APIs.

 

I have been trying to find some specific documentation/examples, but have not found any yet.

 

I hve a lot of background with PSTK and ZAPI, so I just need to know what is different using REST.  Can anyone direct me to some use examples?

 

Is 'connect-nccontroller' still used with REST? 

5 REPLIES 5

Ontapforrum
448 Views

I think you might need to create a "rest role" - Ensure that "rest-role" exists with appropriate privileges and is applied to specific user/group for http access via security login.


Please see this kb:
Calls to ONTAP 9.6+ REST API fail with 401 error or repeated password request
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Calls_to_ONTAP_9.6__REST_API_fail_with_401_error_or_repeated_password_...

 

According to NetApp documentation - You should be able to connect to storage using the existing ps cmdlet "Connect-NcController" and once connected then I think it uses 'curl command' within Powershell which invokes the GET /api/* or may be.


PowerShell Toolkit:
For existing ONTAP PowerShell Toolkit customers, the transition from ONTAPI to the ONTAP REST API will be managed internally by the tool itself. By FY22 Q4 timeframe , the ONTAP PowerShell Toolkit will prompt users for ONTAPI or ONTAP REST API usage, according to the underlying ONTAP version.

 

Related info:
https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/Custom-user-not-authorized-for-REST-API-but-it-is/m-p/435822

 

Following lab on support site will be helpful to get your started (They may be old).
https://handsonlabs.netapp.com/lab/ontap-PS-auto
https://handsonlabs.netapp.com/system/files/lab_guides/exploring_the_ontap_rest_api.pdf

 

How to access the ONTAP REST API
https://www.netapp.com/blog/transform-automation-ontap-rest-api/#powershell_toolkiit

https://docs.netapp.com/us-en/ontap-automation/rest/access_rest_api.html#network-considerations

 

StevePutre
440 Views

As an experiment, I created a new local user with the same role, but with 'password' authentication and application=http.  This local user can connect through PSTK just fine.

However my original user, which was a domain user, is still getting denied.

 

Is there some kind of limitation with PSTK that it cannot use domain logins with REST?  They work fine with ONTAPI.

StevePutre
409 Views

The domain user had the role 'admin'.  The associated rest-role is automatically defined, so the domain user should have admin rights through REST.

StevePutre
376 Views

Hi:

 

I have tried a different test, to try and find out why this login does not work.

 

I have another Ontap cluster which is running 9.8P12.  It has a domain user with admin role and http,ontapi,and ssh applications enabled.

 

Using our current PSTK v9.7.1, and performing 'connect-nccontroller <clustername>', I provide the domain username and password.  It connects no problem

 

If I use the new PSTK 9.11.1, and perform the same exact steps as above, I get a (401) Unathorized error.  It is using REST by default.

If I use the new PSTK 9.11.1, and perform 'connect-nccontroller <clustername> -ontapi', the connection does succeed using ONTAPI.

 

 This seems to indicate that PSTK 9.11.1 is having issues connecting to a cluster using a domain credential and REST.

 

Has anyone else had any success, or can provide an example of, PSTK 9.11.1 connecting to a cluster using domain credentials and REST?

Public