tjxfiles.basics: [ BASICS.NETAPP.POWERSHELL.TOOLKIT.AUTHENTICATION ]

[ BASICS.NETAPP.POWERSHELL.TOOLKIT.AUTHENTICATION ]
Basics.NetApp.PowerShell.Toolkit.Authentication.txt

2016-07-18 by Andrew Sullivan

# AUTHENTICATE TO NETAPP SYSTEMS WITH POWERSHELL

# MULTIPLE WAYS TO AUTHENTICATE TO NETAPP SYSTEMS WITH POWERSHELL TOOLKIT.
# RANGES FROM SIMPLE ONE-TIME CONNECTION,
# TO SECURELY STORING CREDENTIALS FOR FUTURE USE.
# SAVE CREDENTIALS FOR
# NON-INTERACTIVE HOST SCRIPTS
# SCHEDULED TASKS
# TRIGGERED WITH ANOTHER SCRIPT.

# CONNECTING TO A SINGLE CONTROLLER

# STANDARD METHOD OF CONNECTING TO A CLUSTERED DATA ONTAP CONTROLLER
Connect-NcController
# 7-MODE EQUIVALENT AND WORKS IDENTICALLY
Connect-NaController
# SAME CREDENTIAL RULES APPLY FOR
Invoke-NcSsh
Invoke-NaSsh

# MOST COMMON CONTROLLER CONNECTION METHOD IS BY HOSTNAME

# THIS WILL ATTEMPT TO CONNECT TO THE SPECIFIED CONTROLLER USING STORED CREDENTIALS, OR IF NONE
# ARE FOUND, WILL PROMPT FOR CREDENTIALS. IT WILL ALSO DEFAULT TO HTTPS, WITH A FALLBACK TO HTTP
Connect-NcController $myController

# CONNECT TO THE SPECIFIED CONTROLLER USING STORED CREDENTIALS
or if none are found, will prompt for credentials. it will also default to HTTPS, with a fallback to HTTP
Connect-NcController $myController
If you are connecting to an SVM’s management interface this will work as expected, though some cmdlets won’t work because of the limited scope. If you want to connect to an SVM by tunneling through the cluster management interface, use the -Vserver parameter.

Connect-NcController $clusterMgmtLif -Vserver $SvmName

# THERE ARE A NUMBER OF PARAMETERS WHICH CHANGE THE DEFAULT BEHAVIOR.

# FORCE PROMPT FOR CREDENTIALS
Connect-NcController $myController -Credential (Get-Credential)
# USE HTTPS OR FAIL TO CONNECT
Connect-NcController $myController -HTTPS
# USE HTTP OR FAIL
Connect-NcController $myController -HTTP
# FORCE PROMPT FOR CREDENTIALS
Connect-NcController $myController -Credential (Get-Credential)
# USE HTTPS OR FAIL TO CONNECT
Connect-NcController $myController -HTTPS
# USE HTTP OR FAIL
Connect-NcController $myController -HTTP

# CONNECTING TO MULTIPLE CONTROLLERS

# AFTER CONNECTING TO A CLUSTER USE THE
# Connect-NcController cmdlet
# THE CONNECTION IS STORED IN THE VARIABLE
# $global:CurrentNcController
# AND IS THE DEFAULT USED FOR ALL CONNECTIONS.

# DO NOT SAVE THE CONNECTION

# DO NOT SAVE THE CONNECTION TO $global:CurrentNcController
# THIS IS USEFUL WHEN CONNECTING TO MULTIPLE CLUSTERS/SVMS AND
# WANT TO BE SPECIFIC WHICH ONE TO EXECUTE EACH COMMAND AGAINST.

# CONNECT TO THE FIRST CLUSTER/SVM
$favoriteSvm = Connect-NcController $clusterMgmtIP -Vserver Favorite -Credential $credential -Transient

# CONNECT TO THE SECOND CLUSTER/SVM
$hatedSvm = Connect-NcController $clusterMgmtIP -Vserver Hated -Credential $credential -Transient

# EXECUTE CMDLETS AGAINST ONE OR THE OTHER
Get-NcVol -Controller $favoriteSvm | Set-NcVolSize -NewSize +20% -Controller $favoriteSvm
Get-NcVol -Controller $hatedSvm | Set-NcVol -Offline -Controller $hatedSvm | Remove-NcVol -Confirm:$false -Controller $hatedSvm

# CONNECT TO THE FIRST CLUSTER/SVM
$favoriteSvm = Connect-NcController $clusterMgmtIP -Vserver Favorite -Credential $credential -Transient

# CONNECT TO THE SECOND CLUSTER/SVM
$hatedSvm = Connect-NcController $clusterMgmtIP -Vserver Hated -Credential $credential -Transient

# EXECUTE CMDLETS AGAINST ONE OR THE OTHER
Get-NcVol -Controller $favoriteSvm | Set-NcVolSize -NewSize +20% -Controller $favoriteSvm
Get-NcVol -Controller $hatedSvm | Set-NcVol -Offline -Controller $hatedSvm | Remove-NcVol -Confirm:$false -Controller $hatedSvm

# MULTIPLE VALUES IN $global:CurrentNcController ARRAY

# SOMETIMES HELPFUL TO CONNECT TO MULTIPLE CLUSTERS OR SVMS SIMULTANEOUSLY.
# THIS WILL CAUSE EACH CMDLET TO EXECUTE AGAINST ALL VALUES IN THE
# $GLOBAL:CURRENTNCCONTROLLER ARRAY IN SUCCESSION.

# CONNECT TO THE FIRST CLUSTER/SVM
Connect-NcController $clusterMgmtIP -Vserver Favorite -Credential $credential

# CONNECT TO THE SECOND (OR MORE) CLUSTER/SVM
Connect-NcController $clusterMgmtIP -Vserver SecondFavorite -Credential $credential -Add

# EXECUTE TASKS AGAINST BOTH CLUSTERS/SVMS
Get-NcVol ???

# EXECUTE A TASK AGAINST ONE OR THE OTHER
Get-NcVol -Controller $global:CurrentNcController[0]
Get-NcSnapshot -Controller $global:CurrentNcController[1]

# CONNECT TO THE FIRST CLUSTER/SVM
Connect-NcController $clusterMgmtIP -Vserver Favorite -Credential $credential

# CONNECT TO THE SECOND (OR MORE) CLUSTER/SVM
Connect-NcController $clusterMgmtIP -Vserver SecondFavorite -Credential $credential -Add

# EXECUTE TASKS AGAINST BOTH CLUSTERS/SVMS
Get-NcVol

# EXECUTE A TASK AGAINST ONE OR THE OTHER
Get-NcVol -Controller $global:CurrentNcController[0]
Get-NcSnapshot -Controller $global:CurrentNcController[1]

# PROVIDING CREDENTIALS

# Connect-NcController
# CHECKS FOR STORED CREDENTIALS
# IF NONE ARE FOUND, FALLSBACK TO PROMPTING

# USE A VARIABLE IN YOUR SCRIPT

# STORE THE CREDENTIAL IN A VARIABLE FOR RE-USE
$credential = Get-Credential
Connect-NcController $myFavoriteController -Credential $credential
# DO SOMETHING USING THIS CONTROLLER

Connect-NcController $myHatedController -Credential $credential
# THE FIRST CONTROLLER WILL AUTOMATICALLY BE DISCONNECTED.
# NOW DO SOMETHING WITH THE SECOND CONTROLLER.

# STORE THE CREDENTIAL IN A VARIABLE FOR RE-USE
$credential = Get-Credential
Connect-NcController $myFavoriteController -Credential $credential
# DO SOMETHING USING THIS CONTROLLER

Connect-NcController $myHatedController -Credential $credential
# THE FIRST CONTROLLER WILL AUTOMATICALLY BE DISCONNECTED.
# NOW DO SOMETHING WITH THE SECOND CONTROLLER.

# ADD-NCCREDENTIAL

# STORE THE CREDENTIAL USING THE POWERSHELL TOOLKIT
Add-NcCredential -Controller $myController -Credential (Get-Credential)

# AT THIS POINT, $MYCONTROLLER CAN BE CONNECTED TO
# NOW AND IN THE FUTURE, BY THE CURRENT SYSTEM USER,
# WITHOUT HAVING TO PROVIDE CREDENTIALS AGAIN.
# THEY ARE STORED SECURELY ON THE SYSTEM,
# AND, BY DEFAULT, ARE ONLY ACCESSIBLE TO THE USER WHO EXECUTED THE ADD-NCCREDENTIAL CMDLET.

# TO MAKE THE STORED CREDENTIALS AVAILABLE TO ANYONE ON THE SYSTEM, USE
# -SystemScope
# NOTE THAT ANY USER ON THE SYSTEM WOULD BE ABLE TO CONNECT TO THE SYSTEM WITH THE
# STORED CREDENTIAL, SO BE CAREFUL WHEN USING THIS PARAMETER.
Add-NcCredential -Controller $myController -SystemScope -Credential (Get-Credential)

# STORE THE CREDENTIAL USING THE POWERSHELL TOOLKIT
Add-NcCredential -Controller $myController -Credential (Get-Credential)

# NOW $MYCONTROLLER VARIABLE
# CAN BE CONNECTED TO NOW AND IN THE FUTURE, BY THE CURRENT SYSTEM USER
# WITHOUT HAVING TO PROVIDE CREDENTIALS AGAIN. THEY ARE STORED SECURELY ON THE SYSTEM,
# AND, BY DEFAULT, ARE ONLY ACCESSIBLE TO THE USER WHO EXECUTED THE ADD-NCCREDENTIAL CMDLET.

# TO MAKE THE STORED CREDENTIALS AVAILABLE TO ANYONE ON THE SYSTEM, USE
# # -SystemScope
# NOTE THAT ANY USER ON THE SYSTEM WOULD BE ABLE TO CONNECT TO THE SYSTEM WITH THE
# STORED CREDENTIAL, SO BE CAREFUL WHEN USING THIS PARAMETER.
Add-NcCredential -Controller $myController -SystemScope -Credential (Get-Credential)

# EXPORT-CLIXML

# STORE CREDS SECURELY, THEN RETRIEVE THEM.
# ONLY THE CREATOR OF THE CREDENTIAL OBJECT WILL BE ABLE TO READ IT
$credential | Export-Clixml ./credential.xml

# RETRIEVE THEM FOR USE
Connect-NcController $controller -Credential (Import-Clixml ./credential.xml)

# STORE THE CREDS IN A SECURE MANNER, THEN RETRIEVE THEM. NOTE THAT ONLY THE USER
# WHO CREATED THE CREDENTIAL OBJECT WILL BE ABLE TO READ IT
$credential | Export-Clixml ./credential.xml

# RETRIEVE THEM FOR USE
Connect-NcController $controller -Credential (Import-Clixml ./credential.xml)

# USING PLAIN TEXT

# NOTE THAT THIS IS BY FAR THE LEAST SECURE METHOD
$username = 'admin'
$password = 'P@s$w0rd'
$ssPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username,$ssPassword
Connect-NcController $myController -Credential $credential

# NOTE THAT THIS IS BY FAR THE LEAST SECURE METHOD
$username = 'admin'
$password = 'P@s$w0rd'
$ssPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username,$ssPassword
Connect-NcController $myController -Credential $credential

tjxfiles.basics

PAGES

[ BASICS.NETAPP.POWERSHELL.TOOLKIT.AUTHENTICATION ]

No comments:

Post a Comment

Blog Archive