Sunday, 26 April 2020

Tech Roundup - 26th April 2020

Some stuff collated/new/learnt since Tech Roundup - 29th March 2020 with headings:
Astra, FlexPod, Industry News/Commentary, MicroSoft, MuleSoft, NetApp, Security, Veeam

Project Astra (NetApp)

[Video] Announcing Project Astra. The best way to manage the Kubernetes application lifecycle in any cloud and bring your data with you.

Application Data Management Built for Kubernetes
Project Astra unlocks the power of Kubernetes to accelerate developer agility, drive business productivity and enhance IT operational efficiencies.

Image: Project Astra by NetApp Introduction Video

FlexPod

FlexPod Datacenter with NetApp ONTAP 9.6, VMware Horizon View 7.10 and VMware vSphere 6.7 U2 with Cisco UCS Manager 4.0 for up to 6700 Seats

(IT Storage) Industry News/Commentary

CNCF Member Webinar: Enabling Cloud Native Storage for the Enterprise

NetApp utilises the power of data to bring digital humans to life

Tech companies should always start by asking WHY?
"When you’re building a product or solution then you have to start with the reason why you are building it and this has to encompass the value that it brings to the people you’re going to sell it to and the value that it’ll bring to you as the company selling it."

Backblaze Hard Drive Stats for 2019

Microsoft

Making Teams available for everyone
If you work for a business that isn’t currently licensed for Teams, we’ve got you covered with a free Office 365 E1 offer for six months.

MuleSoft

... provides integration software for connecting applications, data and devices.

[Videos] MuleSoft YouTube PlayLists:

NetApp

7-Mode Transition Tool (7MTT) Is Back!
7-Mode Transition Tool (7MTT) and Transition Data Protection (TDP) are now available. TDP support has been added to ONTAP 9.6P7 and ONTAP 9.7P2. 7MTT supports up to ONTAP 9.7.

[eBook] NetApp Data Migration e-Book

2020.04.03: Harden Your ONTAP Environment With The NetApp Ansible Security Role
ansible/nar_ontap_security_ucd_guide/

NetApp Active IQ Mobile App 6.7 is Now Available on Google Play and Apple App Store!

Image: NetApp Active IQ Mobile App

Blog.NetApp.Com

2020.04.21 - Supercharge Your Key Local Object Workloads on StorageGRID with Varnish

2020.04.16 - Modernize Your Distributed Windows Ecosystem

2020.04.13 - NetApp Named Google Cloud Technology Partner of the Year for Infrastructure

2020.04.06 - Stay Connected from Edge-to-Core-to-Cloud with NetApp HCI

2020.04.06 - Simple and Scalable Digital Pathology Analysis with NetApp AI

Cloud.NetApp.Com

2020.04.28 - [Webinar] Leveraging the Google Cloud to Modernize the Distributed Windows Ecosystem

2020.04.20 - Intro to Infrastructure Automation With Terraform and Cloud Volumes Service for Google Cloud

2020.04.14 - Run MySQL Databases in Cloud Volumes Service for Google Cloud

Security

Docker servers targeted by new Kinsing malware campaign

Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links

Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking

Veeam

[Webinar] AWS Backup Best Practices

Saturday, 18 April 2020

How to Describe All Tables in All Databases from a MySQL Server

I was curious to see if I could get an output from a lab MySQL server, listing all databases on the MySQL server, all tables in these databases, and all fields in these tables.

First get the ‘MySQL PowerShell cmdlets module’ from https://gallery.technet.microsoft.com and install. The download msi is called ‘it.wiechecki.mysql-cmdlet.msi’.

Then, copy and paste the text below into a text editor and save as say ‘DescribeAllTablesInAllDatabasesMySQL.ps1’ (doesn’t really matter what you call it.) Since this is just a curiosity, I didn’t bother with any error detection or anything like that. And run in PowerShell:

.\DescribeAllTablesInAllDatabasesMySQL.ps1

The Script


Import-Module MySqlCmdlets

## INPUT ##

$S = Read-Host "Server"
$U = Read-Host "Username"
$P = Read-Host "Password" -AsSecureString
Connect-MySQLserver -Server $S -UserName $U -Password $P
[System.Object]$DBs = Invoke-MySqlQuery -Query "show databases"
[System.Object]$Tables = @{}
[System.Object]$Describes = @{}
$DBs | Foreach{
  [String]$DBname = $_.Database
  [System.Object]$Describes.$DBname = @{}
  Invoke-MySqlQuery -Query "use $DBname"
  [System.Object]$Tables.$DBname = Invoke-MySqlQuery -Query "show tables"
  Foreach($Table in $Tables.$DBname."Tables_in_$DBname"){
    Write-Host ($DBname + "." + $Table)
    [System.Object]$Describes.$DBname.$Table = Invoke-MySqlQuery -Query "describe $Table"
  }
}

## OUTPUT ##

$CountD = 0
$CountT = 0
$CountF = 0
[System.Array]$Output = @()

$DBs | Foreach{
  [String]$DBname = $_.Database
  Foreach($Table in $Tables.$DBname."Tables_in_$DBname"){
    Foreach($Field in $Describes.$DBname.$Table.field){
      Write-Host $DBname -F GREEN -N
      Write-Host ("." + $Table) -F CYAN -N
      Write-Host ("." + $Field) -F YELLOW
      $Output += "$DBname.$Table.$Field"
      $CountF++
    }
    $CountT++
  }
  $CountD++
}

Write-Host "$CountF fields " -F YELLOW -N;Write-Host "across " -N
Write-Host "$CountT tables " -F CYAN -N;Write-Host "across " -N
Write-Host "$CountD databases " -F GREEN -N
$Output += "$CountF fields across $CountT tables across $CountD databases"
$Output > "All_Tables_in_all_Databases_described.txt"


Images

Image: Example of PowerShell Input

Image: Example of PowerShell Output

Image: Example of Text File Output

Monday, 13 April 2020

Adding H610S Nodes to 10.4.0 SolidFire Cluster: A Couple of Lessons Learned

10.4 is a fairly old version of SolidFire (10.4 was posted on 22-Oct-2018).

Recently I was involved with adding some H610S nodes to a 10.4.0 SolidFire cluster. And I learnt a couple of things which I thought I’d share.

1) RTFI the new H610S nodes to 10.4.2!

There’s a KB - kb.netapp.com - 1090191 - which mentions -
“An issue exists in the Element 10.4 RTFI process which causes the NIC firmware to not get downgraded as it should”
- and that -
“This issue is resolved in Element 10.4.1, 10.5, and 11.0”.

10.4.2 was the highest 10.4.x version available at the time of writing this. And from the SolidFire documentation -
- it says -
“Both the major and minor version numbers of the software on each node in a cluster must match for the software to be compatible.”
- so, anything 10.4.x is compatible with a 10.4.0 cluster.

Perhaps it is sensible to always use the latest x release or P release (where x is MAJOR.MINOR.x). Not seen that recommendation anywhere but it makes sense.

2) Use the API to add the new nodes to the cluster with autoInstall = false

‘autoInstall = false’ will stop the automatic re-RTFI from happening.

In the following example (this is Element 10.1.0 but it’s what I had in a lab), we use Postman and the REST API to first ListPendingNodes.

POST to https://{{MVIP}}/json-rpc/9.0
Authorization: BasicAuth: Username = admin / Password = ********
Body =
{
  "method": "ListPendingNodes",
  "params": {},
  "id": 1
}

From the output we get the “pendingNodeID” = 2

Image: POSTMAN ListPendingNodes example

Then AddNodes.

POST to https://{{MVIP}}/json-rpc/9.0
Authorization: BasicAuth: Username = admin / Password = ********
Body =
{
  "method": "AddNodes",
  "params": {
    "pendingNodes": [2],
    "autoInstall" : false
  },
  "id": 1
}

If all is well you should get a Status 200 OK.

Image: POSTMAN AddNodes example

And we see our node (Node ID 6) added to our SolidFire cluster (the drives are to be added). And it’s a lot quicker than if autoInstall was true (the default) and it went and re-RTFI-ed the node.

Image: Node added with autoInstall false

PS IMPORTANT INFORMATION:
1) Remember to give the H610S nodes a good 25 minutes for first system initialization to complete and do not power cycle. As per this KB: NetApp Storage Device H610S Installation Brief
2) It is highly recommended to log a support call and engage with SolidFire support before adding new nodes to a production SolidFire cluster.

Saturday, 4 April 2020

Check out: ExtendsClass.com (Free Online Toolbox for Developers)


I needed a free XML to JSON converter for one of my previous posts and - via an email (thanks Cyril) - I learnt about this awesome website with an abundance of free Developers/Web designers/Webmasters tools:

List of tools below.

Testers:
- Regex Tester
- XPath Tester
- JSONPath Tester
- JSON Schema validator
- XML Schema validator

Code checkers:
- PHP code checker
- Python code checker
- Ruby code checker
- JavaScript tester

HTTP API tools:
- REST client
- SOAP client
- Mock REST API
- Web Service Testing
- JSON Web Storage

Random Data Generator:
- CSV Generator
- JSON Generator

Database tools:
- SQLite browser
- SQL Formatter

Encoders:
- URL encoder and decoder
- Base64 decode/encode
- Base64 image cnoder
- HTML entity decode / encode

Converters:
- XML to JSON / JSON to XML
- JSON to CSV converter
- JSON to YAML converter
- CSV to Excel

Formatters:
- XML formatter
- JSON formatter
- CSV formatter

Compare Tools:
- JSON diff
- JSON Patch
- XML diff
- Text compare
- CSV compare
- PDF compare

Web Designers’ Tools:
- CSS Generator
- Sitemap Generator
- Robots.txt Generator
- Unzip Files
- JPEG Image compressor

Web Formatters:
- JavaScript minifier
- CSS Formatter
- HTML Formatter

AddTrust External CA Root Certificate is being Phased Out: What does it mean for ASUP over HTTPS?


Credit for this post to a customer who flagged this to me (thank you).

You may have noticed the AddTrustExternalCARoot certificate on your NetApp ONTAP cluster, is expiring on Saturday May 30th, 2020.

cluster1::> security certificate show -common-name Ad*
Vserver    Serial Number   Certificate Name             Type
---------- --------------- ---------------------------- ------------
cluster1   01              AddTrustExternalCARoot      server-ca
    Certificate Authority: AddTrust External CA Root
          Expiration Date: Sat May 30 10:48:38 2020

And if you’ve stuck AddTrust into kb.netapp.com, you’ll see that it is used by ASUP over HTTPS communication (check out KBs: KB1028719 & KB1088180). So, you might be wondering:

Question 1) Is the certificate going to be renewed?
Question 2) What happens when the certificate expires?

Answer 1) The ‘AddTrust External CA Root Certificate’ is being phased out! So, it never can be renewed (check out: https://www.xolphin.com/support/Rootcertificates/Phasing_out_Addtrust_External_CA_Root_certificate).
Answer 2) From a NetApp ASUP perspective, nothing is going to happen, ASUP over HTTPS will continue to work, and this is because a new ASUP backend certificate will be signed by an existing un-expired CA root in the current ONTAP truststore.

To answer the titular question:
AddTrust External CA Root Certificate is being Phased Out: What does it mean for ASUP over HTTPS? Nothing!

Lab Testing

The xolphin.com article above mentions the ‘AddTrust External CA Root Certificate’ is being replaced by this certificate:

I did a few tests in the lab to confirm the ‘AddTrust External CA Root Certificate’ is currently needed for ASUP (it was on 31st March 2020):

1) Verify ASUP over HTTPS is successful.
2) See what happens when I delete the ‘AddTrust External CA Root Certificate’ - ASUP over HTTPS does indeed stop (the messages aren’t sent so re-queue to try again.)
3) Install the new comodo cert and see that ASUP over HTTPS is now working again (Note: You absolutely do not need to do this - I’m just playing in a lab - your ASUP over HTTPS will merrily continue past May 30th 2020, without you doing a thing.)


cluster1::> version
NetApp Release 9.5P11: Tue Feb 25 13:56:38 UTC 2020

cluster1::> security certificate show -common-name Ad*
Vserver    Serial Number   Certificate Name          Type
---------- --------------- ------------------------- ------------
cluster1   01              AddTrustExternalCARoot    server-ca
    Certificate Authority: AddTrust External CA Root
          Expiration Date: Sat May 30 10:48:38 2020

cluster1::> autosupport invoke * -type all
The AutoSupport was successfully invoked on node "cluster1-01" (sequence number: 44).
The AutoSupport was successfully invoked on node "cluster1-02" (sequence number: 49).
2 entries were acted on.

cluster1::> autosupport history show -seq-num 44 -node *1
             Seq                                    Attempt
Node         Num   Destination Status               Count
------------ ----- ----------- -------------------- --------
cluster1-01  44
                   http        sent-successful      1

cluster1::> autosupport history show -seq-num 49 -node *2
             Seq                                    Attempt
Node         Num   Destination Status               Count
------------ ----- ----------- -------------------- --------
cluster1-02  49
                   http        sent-successful      1

cluster1::> set adv

cluster1::*> security certificate delete -common-name AddTrustExternalCARoot -vserver cluster1 -serial 01 -ca "AddTrust External CA Root" -type server-ca

Warning: Deleting the pre-installed "server-ca" certificate "AddTrustExternalCARoot" could allow any of the applications doing server authentication to fail.
Do you want to continue? {y|n}: y

cluster1::*> autosupport invoke * -type all
The AutoSupport was successfully invoked on node "cluster1-01" (sequence number: 46).
The AutoSupport was successfully invoked on node "cluster1-02" (sequence number: 50).
2 entries were acted on.

cluster1::*> autosupport history show -seq 46 -node *1;autosupport history show -seq 50 -node *2
             Seq                                    Attempt
Node         Num   Destination Status               Count
------------ ----- ----------- -------------------- --------
cluster1-01  46
                   http        re-queued            1

             Seq                                    Attempt
Node         Num   Destination Status               Count  
------------ ----- ----------- -------------------- --------
cluster1-02  50
                   http        re-queued            2

cluster1::*> security certificate install -type server-ca -vserver cluster1 -cert-name ComodoRSACertificationAuth

Please enter Certificate: Press ENTER when done
-----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----


You should keep a copy of the CA-signed digital certificate for future reference.

The installed certificate's CA and serial number for reference:
CA: COMODO RSA Certification Authority
Serial: 4CAAF9CADB636FE01FF74ED85B03869D

cluster1::*> security certificate show -cert-name ComodoRSACertificationAuth
Vserver    Serial Number   Certificate Name             Type
---------- --------------- ---------------------------- ------------
cluster1   4CAAF9CADB636FE01FF74ED85B03869D
                           ComodoRSACertificationAuth   server-ca
    Certificate Authority: COMODO RSA Certification Authority
          Expiration Date: Mon Jan 18 23:59:59 2038

cluster1::*> autosupport invoke * -type all
The AutoSupport was successfully invoked on node "cluster1-01" (sequence number: 47).
The AutoSupport was successfully invoked on node "cluster1-02" (sequence number: 52).
2 entries were acted on.

cluster1::*> autosupport history show -seq 47 -node *1;autosupport history show -seq 52 -node *2
             Seq                                    Attempt
Node         Num   Destination Status               Count  
------------ ----- ----------- -------------------- --------
cluster1-01  47
                   http        sent-successful      1

             Seq                                    Attempt
Node         Num   Destination Status               Count  
------------ ----- ----------- -------------------- --------
cluster1-02  52
                   http        sent-successful      1


THE END