Académique Documents
Professionnel Documents
Culture Documents
Authentication
This document explains how Certificate Based Authentication (CBA) can be used with NMSDK to connect to the vserver.
CBA for NMSDK (NetApp Manageability Software Development Kit) ) is supported as of Clustered Data ONTAP 8.2.
This means your scripts do not need to use the username/password to call the Perl APIs on the vserver.
The NetApp Manageability SDK provides resources to develop applications that monitor and manage NetApp storage systems. SDK Help
provides information about core APIs, which provide infrastructure to invoke Data ONTAP APIs, DataFabric Manager APIs for the
OnCommand Core Package, and Web services APIs for DataFabric Manager on a server.
Here I will explain you how you can use a self-signed client certificate to login to your admin vserver.
1. The following Perl packages need to be installed (as user root) on the Linux management server in order to access the Perl API's:
[root@sbuxmng01
[root@sbuxmng01
[root@sbuxmng01
[root@sbuxmng01
~]
~]
~]
~]
$
$
$
$
yum
yum
yum
yum
install
install
install
install
perl-libwww-perl
perl-XML-Parser
openssl-devel
perl-Net-SSLeay
[nlhsn1@sbocm01~] $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 keyout
sbuxmng01.key -out sbuxmng01.pem
Generating a 1024 bit RSA private key
........................................++++++
...................++++++
writing new private key to 'sbuxmng01.key'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [XX]:NL
State or Province Name (full name) []:Zuid Holland
Locality Name (eg, city) [Default City]:Den Haag
Organization Name (eg, company) [Default Company Ltd]:T-Systems
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:admin
Email Address []:
3. Install the certificate in your admin vserver (running Clustered Data ONTAP 8.2 or later ).
Paste the certificate created in the above step (including the BEGIN and END lines) and press enter.
Type
-----------client-ca
client-ca
server
7. You should create a security login with the client name (i.e. admin) that you specified in the certificate:
8. Now you are ready to call the API's from the management server providing the certificate and key file:
[nlhsn1@sbuxmng01 Perl] $ cd
/home/nlhsn1/netapp-manageability-sdk-5.3/src/sample/Data_ONTAP/Perl
[nlhsn1@sbuxmng01 Perl] $ ./apitest.pl -C ~/sbuxmng01.pem -K ~/sbuxmng01.key
sbnlhsn101 system-get-version
OUTPUT:
<results status="passed">
<build-timestamp>1403125873</build-timestamp>
<is-clustered>true</is-clustered>
<version>NetApp Release 8.3X16: Wed Jun 18 23:11:13 PDT 2014</version>
<version-tuple>
<system-version-tuple>
<generation>8</generation>
<major>3</major>
<minor>0</minor>
</system-version-tuple>
</version-tuple>
</results>
9. The following Perl script (getversion.pl) demonstrates how to get the Data ONTAP version of a system node using CBA:
#!/usr/bin/perl
require 5.6.1;
use lib '/home/nlhsn1/netapp-manageability-sdk-5.3/lib/perl/NetApp';
use strict;
use warnings;
use NaServer;
use NaElement;
my $cert = '/home/nlhsn1/sbuxmng01.pem';
my $key = '/home/nlhsn1/sbuxmng01.key';
my $s = new NaServer('sbnlhsn101-01', 1 , 21);
$s->set_server_type('FILER');
$s->set_transport_type('HTTPS');
$s->set_port(443);
$s->set_style('CERTIFICATE');
# disable certification verification (since we are using a self-signed certificate).
$s->set_server_cert_verification(0);
$s->set_client_cert_and_key ($cert, $key);
# Obtain the Data ONTAP version.
my $api = new NaElement('system-get-version');
my $xo = $s->invoke_elem($api);
if ($xo->results_status() eq 'failed') {
print 'Error:\n';
print $xo->sprintf();
exit 1;
}
print 'Received:\n';
print $xo->sprintf();
[nlhsn1@sbuxmng01 ~] $ ./getversion.pl
Received:\n<results status="passed">
<build-timestamp>1403125873</build-timestamp>
<is-clustered>true</is-clustered>
<version>NetApp Release 8.3X16: Wed Jun 18 23:11:13 PDT 2014</version>
<version-tuple>
<system-version-tuple>
<generation>8</generation>
<major>3</major>
<minor>0</minor>
</system-version-tuple>
</version-tuple>
</results>