Thank you Mark, but that is not the point.

The point I am trying to make and/learn is that the PS constructs are inconsistent.  Here is an example:

I have three clusters I am working with, CluA, CluB, CluC.

I run a script which calls a Get-Credential for each, and stores it in a separate global:varA, :varB, :varC.

I can then run a get-ncdiagnosisstatus, and all clusters report back.

If I pre-authenticate to only two of the three clusters, i.e. A,B, and supply no credentials for C, then the commands errors out.  Or if I enter the credential variable of only one cluster, it also fails.  It is either all or none.

I fail to understand how this works.  The entire idea of the cluster-credentials is that I don't have to keep re-entering them.

Your prior answer, sort of works.  It works as long as I only want to run the command against a single cluster.  If I want to run it against all clusters, it appears the only way to do it is by setting up credential variables;  but if I try to use the credential variable with the get-ncdiagnosisstatus command, it fails.  In other words, if I were to run 'get-ncdiagnosisstatus -controller $global:varA' no go.

Now more than likely I am very confused;  I started life as a procedural language coder, so mehaps that is my confusion.  I need to be able to enter my credentials once and use them in scripts for all clusters, or for one cluster.

And the final question is, where is it picking up all or none?  It is getting it somewhere, but I can't figure out where.

Hi Tas,

I don't really understand your problem 😉 can you give an example snippet of your script?

I don't see what you mean by "preauthenticate".

Are you using the Connect-NcController cmdlet to connect to each controller, or not?

For me this works:

# Ask for credentials

$credA = Get-Credential -Message "Enter password for clusterA" -UserName admin

$credB = Get-Credential -Message "Enter password for clusterB" -UserName admin

$credC = Get-Credential -Message "Enter password for clusterC" -UserName admin

# Authenticate and connect

$cluA = Connect-NcController -Credential $credA - Name clusterA

$cluB = Connect-NcController -Credential $credB -Name clusterB

$cluC = Connect-NcController -Credential $credC -Name clusterC

Note that the "Connect-NcController" Cmdlet is important to authenticate and connect to each cluster.

It returns an object of type [NetApp.Ontapi.Filer.C.NcController], which (if successfull) is a "authenticated and connected" cluster. You can see the object properties now with e.g.

$cluA | get-member

^^ it has a couple of properties, including "Credentials" - so this object INCLUDES the connection details AND the credentials used for the  connection.

So, in short, this objects stores an"authenticated connection to clusterA".

After that, no matter what other cmdlet you use, you can use the "-Controller" parameter to refer to a (previously CONNECTED) cluster, e.g.:

Get-NcAggr -Controller $cluA

Get-NcAggr -Controller $cluB

Get-NcAggr -Controller $cluC

Get-NcDiagnosisStatus -Contoller $cluA

Get-NcDiagnosisStatus -Contoller $cluB

Get-NcDiagnosisStatus -Contoller $cluC

At least, this is how it works for me. Hope this helps.

P.S.: instead of requesting the credentails from the user every time you run your script, you could also SAFELY STORE credentials in your local credential store like this:

Add-NcCredential -Name clusterA -Credential $credA

You can see your store contents with "Get-NcCredential".

Permanently storing credentials (they are encrypted and stored in in your user profile) makes life easier, because there is no need to pass a "-Credential" parameter anymore to the "Connect-NcController" cmdlet, e.g.

$cluA = Connect-NcController -Name clusterA

will NOT aks for credentials, because it finds a matching credential for "clusterA" in its local credential store.

However, without using "Connect-NcController", you'll probably have problems 😉

Hope this helps!

Hello Mark:

I think I am doing exactly what you are saying.

I have a script, g_auth, which gets credentials as:

$global:nccredA = ( Get-Credential -Message "Enter Credentials for Cluster A" )

$global:nccredB = ( Get-Credential -Message "Enter Credentials for Cluster B" )

$global:nccredC = ( Get-Credential -Message "Enter Credentials for Cluster C" )

then,

Connect-NcController -add -name $cluAmgmt  -Credential $nccredA

Connect-NcController -add -name $cluBmgmt  -Credential $nccredB

Connect-NcController -add -name $cluCmgmt  -Credential $nccredC

As long as I respond with credentials to all three, I can run the 'get-ncdiagnosisStatus' by itself to get the clusters I have connected to, and their status.  If I do ESC one of the credentials it stops working.  If I try to pass it the -Controller $nccredA it fails. If I pass it the -Controller NcController parameter, as shown in the examples, it fails.

Of course I can pipe it and filter out what I want, but some times, I do not need to authenticate to all of the clusters, I may only be interested on concentrating on one cluster.  That is what I can't figure out how to do.  The same with the other commands I mentioned.  As long as I have credentials to all of the clusters, I can pipe and select the data I want.  But why go to all of the clusters, if I only need one?

Tas

Mark

Thank you for your patience.  I think I see what I was doing wrong.  The computer is simply doing what I told it to and not what I really wanted it to do.  😉

I'm going to play with this.

TasP

So it appears, what I was initally afraid of is indeed the case.  With multiple clusters, unless I 'connect-nccontroller -add', each cluster, I cannot have a unified view of my entire environment.  Without the -add, the last connect-nccontroller is the authoritative for all cmdlets.

I'm going to have to play to see what I can do.

Mark
You are absolutely correct.  It does work exactly the way you said. 

Thank you very much for your help.

TasP