Re: Netapp Zero Touch Provisioning

rohancmr · ‎2018-10-26

We are trying to setup zero touch provisiong for Netapp CDOT systems.

Does Netapp support any option to boot OnTap non-interactively, (may be using netboot) and configure interfaces, user account, and cluster ?

AlexDawson · ‎2018-10-27

No - that functionality is not available.

Storage systems operate across a continum of time, serving out data stored over time, managed and converted through a known set of tasks, not at a point in time, so the switch paragdim where ZTP is common doesn't really follow.

There is netboot functionality (requiring a specific image), but it is for restoring systems with failed and/or replaced boot devices. Even factory configuration is performed by serial port connected automation of scripted commands. If you have enough systems, that may be worthwhile investigating.

rohancmr · ‎2018-10-28

Thank you for the response, AlexDawson.

We have close to 50 Netapp storages that needs to be configured.

AlexandruMihai · ‎2023-03-21

@AlexDawson Anything changed in last years?

We are looking at some way of auto-configuring the DOT system up to the point it's reachable via ssh/api so that automation can take over from there.
Thanks

AlexDawson · ‎2023-03-26

Hi there! Blast from the past.

My original comments about ZTP paradigm for switches vs storage are overtaken by ansible, which uses the idea of idempotent states - so you tell ansible you want a netapp device configured a certain way, and it does what is needed to make that happen.

However, you need to be able to configure it, as you've noted.

So, where to go from there - new out of box nodes will present a cluster create/join on the CLI. This is also accessible via local subnet https API username admin and no password until the cluster is setup if dhcp is enabled on the subnet. So you should be able to use the cluster create API unauthenticated if you're on the same subnet.

Edit: As of 9.7, SSH to this LIF is apparently also supported, which would enable you to use "expect" scripts with ansible.

Hope this helps! Let me know - I haven't done it personally.

M_Herrmanny · ‎2024-03-06

@AlexDawsonWrite your contribution that there is a Cluster Create API. Could you tell me if there is also an example configuration file for it and if there is, where to find it. Thanks a lot

PengZ · ‎2024-08-23

@AlexDawson When I used DHCP to assign IP to mgmt_auto LIF, ssh is enabled but I can not log in using admin account, I have to run security login create -user-or-group-name admin -application ssh -authentication-method password -role admin from console to allow admin to ssh. Is there a way to avoid console access to enable admin ssh access?

PengZ · ‎2024-09-30

Figured out, I picked up cluster IPs when I tried to set it up. I need to find the cluster IPs as M_Herrmanny mentioned.

M_Herrmanny · ‎2024-04-16

Hello rohancmr,

I have solved this as follows.

I execute the following command via the console.

curl --user admin: -X POST "https://<dhcp_ip>/api/cluster?keep_precluster_config=true" -H "accept: application/hal+json" -d '{"name":"<cluster-name>","management_interface":{"ip":{"address":"<cluster_mgmt_ip>","netmask":"<netmask>","gateway":"<gateway>"}},"password":"<password>","nodes":[{"cluster_interface":{"ip":{"address":"<cluster_interlif_ip_node_a"}},"name":"<node_a_name>","management_interface":{"ip":{"address":"<node_a_mgnt_ip>"}}},{"cluster_interface":{"ip":{"address":"<cluster_interlif_ip_node_b"}},"name":"<node_b_name>","management_interface":{"ip":{"address":"<node_b_mgnt_ip"}}}]}' --insecure

Since I work with Ansible, I use na_ontap_rest_info to read out the first cluster interlif in advance and then pass it to the above command via a variable.

- name: REST info module Cluster Info Cluster Interface new2

netapp.ontap.na_ontap_rest_info:

hostname: "{{ dhcp_node_a }}"

password: ""

gather_subset:

- cluster_node_info

fields:

- 'cluster_interfaces'

register: cluster_node_info_new2

I have created the body as a template in Ansible and then call it via the
ansible.builtin.shell. The command is then executed there, whereby the file is called up after the -d.

curl --user admin: -X POST 'https://{{ dhcp_ip_node_a }}/api/cluster?keep_precluster_config=true' -H 'accept: application/hal+json' -d @./files.json --insecure"

I can then configure the cluster and perform all other steps with Ansibel. The DHCP IP of Node A is read from the DHCP using the attached MAC of Node A and inserted. This means that only the MAC address of Node A needs to be scanned for a complete cluster installation.

Good luck with setting up the clusters.