Sunday, 15 December 2013

CDOT: PowerShell Connections and Secure Credentials Manager Function - Part 1/2

Here I present a script for managing your connections and credentials to Clustered ONTAP clusters/Vservers (or SVMs) when using PowerShell. The script (posted in Part 2) is designed as a function, so save it as say “cot.ps1” and either incorporate it into an automation script, or load into your PowerShell console with:

. .\cot.ps1

Note: There is a space between the two dots!

What does it do?

Firstly, when run it will check that “Import-Module DataONTAP” is done, and if not will load it or return an error if there is a problem.

And then we have the functionality as detailed below!

Note: A help output is included in the script, and this help output is expanded upon below:

1)

cot

Returns currently connected to controllers/Vservers or NULL if no current connections.

2)

cot ?
cot help

An output of commands with a basic description; it also outputs the path to your credentials file.

Note: The credentials file is saved/created in the current working directory and is named per user (so if different users use the same management system, they don’t overwrite another user’s credentials file.) Remember, these credentials files are specific to the user logged into the Windows system, different Windows users cannot share the same credentials file!

3)

cot clear

Clears all current connections!

4)

cot cred

List all credentials in a hash-table with two columns - IP/DNS and user.

5)

cot rcred {IP/DNS}
cot rcred {IP/DNS} {USER}

Removes credentials for the specified IP/DNS, or IP/DNS and USER combination!

6)

cot {IP/DNS}
cot {IP/DNS} {USER}
cot {IP/DNS} {USER} {PASSWORD}

Connects to the Cluster/Vserver with the specified arguments. If the password is not specified, it looks for the credentials in the credentials file. If password is specified, it will write a new entry in the credentials file only if it connects successfully; and if the same combination of IP/DNS and USER is there, it will update the password.

7)

cot add {IP/DNS}
cot add {IP/DNS} {USER}   
cot add {IP/DNS} {USER} {PASSWORD}

Like the above (without add), only difference is that here it creates an additional connection as specified.

8)

cot remove {IP/DNS}
cot remove {IP/DNS} {USER}

Removes the current IP/DNS, or IP/DNS and USER combination from the current connections. In fact, there is no “-remove” currently implemented in the Data ONTAP PowerShell tool kit for Connect-NcController, only add, so what this actually does is clears all the connections, then re-add all the connections back in bar the one that was marked to be removed.

Final Word

I was starting to think that this might go down as the most pointless script anyone has ever written ever! And my motivation to keep going with it did falter a few times. The finished product might be useful though since all automation scripts require credentials in some way (that’s if not using AD authentication or similar.) And the process of connecting to controllers is pretty fundamental for any automation script, or even simply for managing your clusters via PowerShell!

It’s not been tested as much as I would like, and really no more time to invest in this project at the moment. Apologies if there are any errors or the functionality doesn’t work 100% as stated - please let me know and I will endeavour to fix.

Example

Note: In this example I’m using DNS names - it works exactly the same with IP Addresses!

In the example below:

1) We load the function
2) See if we’ve got any stored credentials (it errors since the file exists but is empty!)
3) Connect to cluster nac1 with credentials - username admin and password Test.123
4) Check what we are connected to
5) Connect to cluster nac2 with credentials - username admin and password Test.123
6) Check what we are connected to
7) Connect to cluster clust with credentials - username admin and password Test.123
8) Check what we are connected to
9) See what credentials we’ve got stored
10) Connect to cluster nac1 using just its name
11) Check what we are connected to
12) Add connection to cluster nac2 using just its name
13) Add connection to cluster clust using just its name
14) Check what we are connected to (3 clusters)
15) Remove connection to cluster clust
16) Check what we are connected to (3 clusters)

Note: The passwords which we’ve given as plain text above are encrypted in the credentials file!

. .\cot.ps1
cot
cot cred
cot nac1 admin Test.123
cot
cot nac2 admin Test.123
cot
cot clust admin Test.123
cot
cot cred
cot nac1
cot
cot add nac2
cot add clust
cot
cot remove clust
cot

Image: cot in action (yes, amazingly it does actually work)!

No comments:

Post a Comment