Scripting the Netapp filers can be accomplished by using either RSH or SSH. Both of these options must be enabled on the filer(s) in question using.
In either case scripts are not processed on the filers themselves. They are scheduled and run on Windows/Linux systems using their native languages (e.g. Vbscript or Powershell). These scripts simply call native OnTAP commands against a filer which then returns data in the form of text. This is important to note as although Powershell is a useful language to use OnTAP will not return native PS objects which means you are limited to text/string based manipulation.
RSH
This method is the least secure but is the quickest and easiest to set up. Users need not necessarily be filer administrators. Although there is some degree of security in the sense that access is restricted to a set user account and accessible only via a set IP address, data is not encrypted.
RSH is not natively supported in Windows 2008 [from the command line] as it is in Windows 2003.
To enable RSH on the filer use the following command:
options rsh.enable on
You must also specify user accounts and IP addresses via the FilerView web interface.
SSH
Windows 2008 does not natively support SSH either so this is accomplished using plink.
To enable SSH on the filer use the following commands:
secureadmin setup secureadmin enable ssh
Read more after the break…
Configuring SSH
- First create a local user account on the filer using the following command:
useradmin user add svc-ssh -g Administrators
- the passwords are kept in the Password spreadsheet
- The user must be a member of Administrators to be granted the Login_ssh permission on the filer
- Using Powershell (whilst running with your Admin Account) change directory to the hidden share on the filer:
cd \\filer\c$\etc\sshd\
- Create a folder with the same name as your account created in step 1 and then another folder to hold the SSH keys:
md svc-ssh md svc-ssh\.ssh
- On the script server lunch PUTTYGEN.EXE and under the “Key” menu change the type to “SSH-2 DSA key”. Leave everything else on its default setting.
- Click on the Generate button and follow the prompt
- Enter the same password from step 1 in the “Key passphrase” and “Confirm passphrase” areas (they do not HAVE to be the same as step 1 but are being kept so for simplicity)
- When complete, click on Save public key. Save it to the PuTTY folder with the name:
id_dsa.pub - Save the private key to the same place with a similar name:
id_dsa.ppk - Copy the contents of the “Public key for pasting into OpenSSH authorised_key file” area and paste it in to a new text document. You should use Wordpad to do this as Notepad does not handle the line breaks properly. Save this document as authorized_keys.
- You are now finished. You can test connection using PuTTY by selecting your private key. The first time you connect you will be prompted to accept the hosts key. You will still be prompted for a username but you should not need to enter a password as this is what the SSH keys are for.
For scripting purposes we use plink.exe to issue a command. For example:
.\plink.exe svc-ssh@filer -i "id_dsa.ppk" df -s
Scripting using plink
The basic use of plink.exe is as follows:
.\plink.exe svc-ssh@filer -i "id_dsa.ppk" df -s
Two methods can be used to script the filers depending on what you’re trying to achieve:
| Reporting | Grabbing the contents of a single command and piping it to a Powershell variable. This allows us to manipulate the string (or lines of strings) that are returned. Objects are not returned so true Powershell scripting (i.e. Object Orientated) can not be done but PS gives us some very useful string maniplation functions. |
| Maintenance | Issuing multiple commands to the filer to perform repetitive/scheduled actions. For example, deleting, renaming and taking new snapshots. |
NOTE: when calling plink.exe in Powershell the full or abbreviated path must be specified. So use either a full path, for example, D:\Utils\PuTTY\plink.exe or just .\plink.exe
Reporting
From a Powershell command prompt simply pipe the output of an SSH command in to a variable for later manipulation:
$output = .\plink.exe svc-ssh@filer -i “id_dsa.ppk” df -s
Maintenance
If multiple command need to be issued – for example, you need to delete a snapshot, rename the previous 5 snapshots, and then take a new snapshot – you should issue them all via the one SSH connection.
Commands can be concatenated using a semi-colon. Just be sure to enclose everything in quotes. For example:
.\plink.exe svc-ssh@filer -i "id_dsa.ppk" "snap delete Vol_A hourly.6; snap rename Vol_A hourly.5 hourly.4; snap rename Vol_A hourly.4 hourly.3; snap rename Vol_A hourly.3 hourly.2; snap rename Vol_A hourly.2 hourly.1; snap create Vol_A hourly.0"
Well that’s it. It’s a pretty brief post – if you have any questions please feel free to post them in the comments…
My Website
Nice post…Thank you for sharing some good things!!
Do you have any direct or indirect knowledge of Netapp’s SMI-S provider? Just wondered if it was the minimal checkbox item, or a useful management interface.
Hi Brad – thanks for your comment. Sadly I don’t get to play with Netapp much these days – I’m busy learning HP’s EVA (which is a far cry from Netapp in terms of functionality, but still up there with performance *if configured correctly*). I can’t really comment on Netapp’s SMI-S’s provider, but would love to hear some more if you can comment again…
Maybe we can continue in private….
aspirinsoftware.com — email user is bstone.