Software Development Kit (SDK) and API Discussions

Readonly ontapi access

gasparuben

hi,

I have built a command to retrieve online stats for either a 7-mode or C-mode cluster.

I wanted to use a read-only account of the second one, so I set up (connecting to the cluster-mgmt lif):

cluster01::> security login show

                                         Authentication                  Acct

Vserver     UserName         Application Method         Role Name        Locked

----------- ---------------- ----------- -------------- ---------------- ------

cluster01   cerndb_rman      http        password       readonly         no

cluster01   cerndb_rman      ontapi      password       readonly         no

cluster01   cerndb_rman      ssh         password       readonly         no

But when I try to query some data I get:

-RDBMS>-BD2:/ORA/dbs01/syscontrol/projects/dfm/bin$ ./smetrics -i 3 -n 2 dbnasb402:/backup/dbs05/BD2

Mon May 13 12:18:18 CEST 2013 : RunTime.CleanUpOlderThanDays: on </ORA/dbs01/syscontrol/local/logs/dfm> removed older than <30>.

Mon May 13 12:18:18 CEST 2013 : RunTime.RunStr running find /ORA/dbs01/syscontrol/local/logs/dfm   -name \*  -mtime +30 -exec rm -rf {} \;

Mon May 13 12:18:18 CEST 2013 : RunTime.CleanUpOlderThanDays: done.

Mon May 13 12:18:18 CEST 2013 : Main: BEGIN args - controller: <dbnasXX> volume_name: </backup/dbs05/BD2>

Mon May 13 12:18:18 CEST 2013 : RunTime.RetrievePasswordForUser: password found for <password_db>

Mon May 13 12:18:18 CEST 2013 : RunTime.GetClusterMgmtNode : nas: <dbnasXXX> matched in <dbnasXXX>

Mon May 13 12:18:18 CEST 2013 : RunTime.GetClusterMgmtNode : nas: <dbnasXXX> matched in <dbnasX>

Mon May 13 12:18:18 CEST 2013 : RunTime.GetIPFromCName: try to get ip from <dbnasb-cluster-mgmt>

Mon May 13 12:18:18 CEST 2013 : RunTime.RunStr running ping -c 1 dbnasb-cluster-mgmt

Mon May 13 12:18:18 CEST 2013 : RunTime.GetIPFromCName: IP <10.16.129.17> for <dbnasXXX-cluster-mgmt>

Mon May 13 12:18:18 CEST 2013 : RunTime_Zapi.GetVolInfoCmode : working with volume: </backup/dbs05/BD2>

Mon May 13 12:18:18 CEST 2013 : RunTime_Zapi.GetVolInfoCmode: query looks like:

<volume-get-iter>

        <max-records>10</max-records>

        <query>

                <volume-attributes>

                        <volume-id-attributes>

                                <junction-path>/backup/dbs05/BD2</junction-path>

                        </volume-id-attributes>

                </volume-attributes>

        </query>

        <desired-attributes>

                <volume-autosize-attributes></volume-autosize-attributes>

                <volume-id-attributes></volume-id-attributes>

                <volume-space-attributes></volume-space-attributes>

        </desired-attributes>

</volume-get-iter>

Mon May 13 12:18:20 CEST 2013 : RunTime.GetVolInfoCmode : Authorization failed, err number: 13002, status: failed

I then added:

cluster01::> security login show

                                         Authentication                  Acct

Vserver     UserName         Application Method         Role Name        Locked

----------- ---------------- ----------- -------------- ---------------- ------

cluster01   toto      http        password       readonly         no

cluster01   toto      ontapi      password       readonly         no

cluster01   toto      ssh         password       readonly         no

dbvs        toto      http        password       vsadmin-readonly no

dbvs        toto      ontapi      password       vsadmin-readonly no

dbvs        toto      ssh         password       vsadmin-readonly no

But still same error.

Thanks a lot for your help!,

Ruben

1 REPLY 1

gasparuben

I believe this is quite standard, but on my cluster running Ontap 8.1.2 the readonly role comes defined as:

cluster01::> security login role show -vserver cluster01 -role readonly

           Role          Command/                                      Access

Vserver    Name          Directory                               Query Level

---------- ------------- --------- ----------------------------------- --------

cluster01  readonly      DEFAULT                                       readonly

cluster01  readonly      security                                      none

cluster01  readonly      security login password                       all

cluster01  readonly      set                                           all

4 entries were displayed.

Thanks,

Ruben

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public