ONTAP Discussions
ONTAP Discussions
Reviewing the Systems Administrators Guide for OnTAP 8.2 (https://library.netapp.com/ecm/ecm_download_file/ECMP1196798), I am working through the checklist of things to allow access to command-history.log files via HTTP.
This is covered on pages 42 & 43.
mycluster::> system services web show
External Web Services: true
Status: online
HTTP Protocol Port: 80
HTTPs Protocol Port: 443
TLSv1 Enabled: true
SSLv3 Enabled: true
SSLv2 Enabled: false
mycluster::> vserver services web show -vserver mycluster -name spi
Vserver: mycluster
Service Name: spi
Type of Vserver: admin
Version of Web Service: 1.2.0
Description of Web Service: Service Processor Infrastructure
Long Description of Web Service: This service offers HTTP/HTTPs access to applications running on the Service Processor. Log and core files from all nodes in the cluster will be exposed for Service Processor retrieval.
Service Requirements: ontapi=1.0.0, index>1.0.0
Default Authorized Roles: admin
Enabled: true
SSL Only: false
mycluster::> vserver services web access show -vserver mycluster -role admin
Vserver Type Service Name Role
-------------- -------- ---------------- ----------------
mycluster admin ontapi admin
mycluster admin spi admin
2 entries were displayed.
mycluster::> security login show -username admin -vserver mycluster -application service-processor
Vserver: mycluster
Authentication Acct
UserName Application Method Role Name Locked
---------------- ----------- -------------- ---------------- ------
admin service-processor
password admin no
mycluster::> security login role show -role admin
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
mycluster admin DEFAULT all
$ wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/mlog/
--2016-01-25 09:40:43-- https://admin:*password*@mycluster/spi/mycluster01/etc/mlog/
Resolving mycluster... 10....
Connecting to mycluster|10....|:443... connected.
WARNING: cannot verify mycluster▒s certificate, issued by ▒/CN=mycluster.cert/C=US/ST=/L=/O=/OU=/emailAddress=▒:
Self-signed certificate encountered.
WARNING: certificate common name ▒mycluster.cert▒ doesn't match requested host name ▒mycluster▒.
HTTP request sent, awaiting response... 401 Authorization Required
Reusing existing connection to mycluster:443.
HTTP request sent, awaiting response... 403 Forbidden
2016-01-25 09:40:44 ERROR 403: Forbidden.
... what am I missing?
Solved! See The Solution
Seems like there is an error in URL?
wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/mlog/
this must be wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/log/mlog/
what does this command say?
security login show -username admin -vserver mycluster -application http
mycluster::> security login show -username admin -vserver mycluster -application http
Vserver: mycluster
Authentication Acct
UserName Application Method Role Name Locked
---------------- ----------- -------------- ---------------- ------
admin http password admin no
Seems like there is an error in URL?
wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/mlog/
this must be wget --no-check-certificate https://admin:*@mycluster/spi/myclusterc01/etc/log/mlog/