Sunday, 25 May 2014

Setting up the Data ONTAP PowerShell Toolkit for Ease of Use with COT.PS1 and CDOT

Sort of carrying on from the previous post...

If you’re an avid reader of this blog, you might remember the following posts from December 2013:


Note: At the time of writing, the posted version is 6.0. Unfortunately, I don’t have time to update the post every time I amend something. Currently I’m using v6.2 which has a bug fix and an addition. If by some miracle you’re actually interested in cot.ps1, drop me an email and I’ll send you the latest.
r6.1: A bug fix - noticed if cot add fails, leaves Current-NcConnections in limbo, so now we clear all connections if connect fails!
r6.2: Added cot {IP/DNS} {USER} PROMPT or P to get prompt for password + cot creds added (alongside cot cred since I kept typing creds).

COT.PS1 handles the Import-Module DataONTAP as well as lots of other stuff. To invoke the function automatically every time PowerShell loads, read below.

When you open PowerShell, by default it puts you in:

C:\Users\USERNAME>

Place cot.ps1 in the folder C:\Users\USERNAME - this will be our working directory.

By default there’s no PowerShell profile, its default location is here:

C:\Users\USERNAME\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

Ensure the folder in Documents (displayed as “My Documents”) called ‘WindowsPowerShell’ exists, then run the following commands from the PowerShell PS C:\Users\USERNAME> prompt:

$profile
test-path $profile
New-Item -path $profile -itemtype file -force
notepad $profile

In Notepad, enter the following line (there is a space in between the two dots), then save and close it:

. .\cot.ps1

Close and reopen PowerShell, and cot.ps1 should automatically have been loaded!
From the PS C:\Users\USERNAME> prompt run:

cot help

- which should display something like the below:

cot = Returns currently connected to controllers.
cot ? = List of commands and description.
cot help = List of commands and description.
cot clear = Clears current connections.
cot cred(s) = List credentials - IP/DNS and user.
Note: Current users credential file path = C:\Users\naadmin\PS_creds_naadmin.txt
cot rcred {IP/DNS} = Removes credentials for specified IP/DNS.
cot rcred {IP/DNS} {USER} = Removes credentials for specified pair.
cot {IP/DNS} = Connects with specified arg (or fails to).
cot {IP/DNS} {USER} = Connects with specified args (or fails to).
cot {IP/DNS} {USER} {PASSWORD} = Connects with specified args (or fails to).
cot {IP/DNS} {USER} PROMPT = As above but prompts for password (also P works.)
cot add {IP/DNS} = Creates an additional connection as specified.
cot add {IP/DNS} {USER} = Creates an additional connection as specified.
cot add {IP/DNS} {USER} {PASSWORD} = Creates an additional connection as specified.
cot add {IP/DNS} {USER} PROMPT = As above but prompts for password (also P works.)
cot remove {IP/DNS} = Removes the specified connection.
cot remove {IP/DNS} {USER} = Removes the specified connection.

Creating a Read Only Domain User Account for Use with PowerShell

Note:  You can’t use AD authentication over RPC as with 7-Mode and PowerShell, the credentials need to be specified!

To create a read-only domain login account on the cluster - assuming that there’s either a vserver cifs or vserver active-directory setup done to the domain containing your AD user account.

Create a domain tunnel and a login for the AD user account as below:

NACLU1::> domain-tunnel create -vserver NASVM1
NACLU1::> security login create LAB\naadmin -application ontapi -authmethod domain -role readonly

Now test connecting to a cluster in PowerShell.

PS C:\Users\naadmin> cot NACLU1 LAB\naadmin ********

Creating a Read Only Domain User Account for Use with SSH

Ontapi is all that’s required for normal PowerShell commands, but to use invoke-ncssh and standard clustershell commands, a login needs to be created with ssh application access.

NACLU1::> security login create LAB\naadmin -application ssh -authmethod domain -role readonly

Testing

In the following example I connect to 5 clusters at once (the credentials were previously cached using cot DNS USER PASSWORD):

PS C:\Users\naadmin> cot NACLU1
PS C:\Users\naadmin> cot add NACLU2
PS C:\Users\naadmin> cot add NACLU3
PS C:\Users\naadmin> cot add NACLU4
PS C:\Users\naadmin> cot add NACLU5

Run one simple command and it will bring back information from every cluster. For example, try:

PS C:\Users\naadmin> get-ncvol
PS C:\Users\naadmin> invoke-ncssh vserver show -fields language

Shutting Down Multiple Clusters with One Command

In a lab environment, you might want once command that shuts down every cluster and every node in every cluster. If we connect using an admin user, this one command shuts down the entire lab:

PS C:\Users\naadmin> invoke-ncssh halt -node *

No comments:

Post a Comment