I have several COT installations, and I am trying to use PS scripts to report and manage them. I've found an issue with some commands, which in the HELP file use the -Controller [$nccontroller] option; get-ncvolcontainer and get-ncaggr are two such examples. If I run them with a volume name or aggregate name only, they work. (I've previously authenticated the clusters).
If however, I run them and provide an nccontroller name, I get a NoAuthException error. Not sure why this happens; I can of course 'select' and 'where' but I was trying to avoid getting three hundred volumes collected every time I ran the command.
The point I am trying to make and/learn is that the PS constructs are inconsistent. Here is an example:
I have three clusters I am working with, CluA, CluB, CluC.
I run a script which calls a Get-Credential for each, and stores it in a separate global:varA, :varB, :varC.
I can then run a get-ncdiagnosisstatus, and all clusters report back.
If I pre-authenticate to only two of the three clusters, i.e. A,B, and supply no credentials for C, then the commands errors out. Or if I enter the credential variable of only one cluster, it also fails. It is either all or none.
I fail to understand how this works. The entire idea of the cluster-credentials is that I don't have to keep re-entering them.
Your prior answer, sort of works. It works as long as I only want to run the command against a single cluster. If I want to run it against all clusters, it appears the only way to do it is by setting up credential variables; but if I try to use the credential variable with the get-ncdiagnosisstatus command, it fails. In other words, if I were to run 'get-ncdiagnosisstatus -controller $global:varA' no go.
Now more than likely I am very confused; I started life as a procedural language coder, so mehaps that is my confusion. I need to be able to enter my credentials once and use them in scripts for all clusters, or for one cluster.
And the final question is, where is it picking up all or none? It is getting it somewhere, but I can't figure out where.
You can see your store contents with "Get-NcCredential".
Permanently storing credentials (they are encrypted and stored in in your user profile) makes life easier, because there is no need to pass a "-Credential" parameter anymore to the "Connect-NcController" cmdlet, e.g.
$cluA = Connect-NcController -Name clusterA
will NOT aks for credentials, because it finds a matching credential for "clusterA" in its local credential store.
However, without using "Connect-NcController", you'll probably have problems 😉
As long as I respond with credentials to all three, I can run the 'get-ncdiagnosisStatus' by itself to get the clusters I have connected to, and their status. If I do ESC one of the credentials it stops working. If I try to pass it the -Controller $nccredA it fails. If I pass it the -Controller NcController parameter, as shown in the examples, it fails.
Of course I can pipe it and filter out what I want, but some times, I do not need to authenticate to all of the clusters, I may only be interested on concentrating on one cluster. That is what I can't figure out how to do. The same with the other commands I mentioned. As long as I have credentials to all of the clusters, I can pipe and select the data I want. But why go to all of the clusters, if I only need one?
OK, I still don't understand the usecase of your script, however, the difference is you use Connect-NcController with the -Add parameter. I didn't see that before.
Using -Add means the
variable contains not just 1 cluster connection, but a list of multiple connections.
In this case, all subsequent cmdlets by default go to ALL of the (currently connected) clusters, which is working fine for you, right?
To be able to talk to only ONE of these clusters instead of ALL (asuming you are still in the SAME powershell session), you need to have a variable for each *single* connection (not each "Credential" object, but each "Connected Controller").
So it appears, what I was initally afraid of is indeed the case. With multiple clusters, unless I 'connect-nccontroller -add', each cluster, I cannot have a unified view of my entire environment. Without the -add, the last connect-nccontroller is the authoritative for all cmdlets.
I'm going to have to play to see what I can do.
Mark You are absolutely correct. It does work exactly the way you said.