Glutton for punishment: Using Plink to do Key Based Authentication from Windows

Occasionally, it’s good for everyone to question their own sanity. Using the Windows “cmd” command line utility for anything is one of those times. I have nothing against Windows, despite being a Linux administrator, but the command line utility is just, well, awful. It doesn’t resize well, it doesn’t line wrap well, it’s ugly, it’s just all around hard to use.

That being said, if you are a masochist you can use Plink, a utility provided by the same guy who does PuTTY, to do key based authention and remote execution of commands against a NetApp (or any host for that matter).

I’m going to assume you have installed the PuTTY suite of applications. Obviously Plink is required, but we will also need PuTTYgen for this exercise.

  1. First, get your private key. If you have already generated one (like in my previous post), then the simplest way is to show the contents (hint: cat ~/.ssh/id_rsa) and copy/paste them to a text file in a convenient location.
  2. Import the key to PuTTYgen, export it in the .ppk format. Start the utility, then click “Load” and browse to the file you created in step one. It will import the key and you will see something similar to the following:
    Click the “Save Private Key” button and pick your favorite location (make sure to remember!).
  3. Open a command prompt and enter your hell. Here is how to use Plink to execute commands via SSH from Windows:

    Whew! That’s a lot of typing! Here is what it looks like…

Stupid Bash Tricks for SSH

My last post explained how to set up SSH key based authentication for connecting to a NetApp. If you have multiple/many systems to administer this makes it easy to quickly connect to and execute commands against your systems.

However, I’m lazy. I don’t want to type ssh some_system_name or ssh some.ip.add.ress for every system. Also, on some of my systems I have to specify the private key and username to use for connecting, which further lengthens the amount of typing I have to do: ssh -i ~/.ssh/some_special_id my_account@some.netapp.lan.

I have found it to be convenient and easy to create bash aliases for these systems. It’s simple to do:

Now, whenever I type na01 version it will automatically expand the “na01” to be the full command.

To make the alias permanent, add it to .bashrc file in your home directory…

If you are feeling particularly fancy, you can configure SSH for autocomplete of the hostnames also.

SSH to a NetApp Using Key Based Authentication

EDIT 2014-03-03: An updated post for Clustered Data ONTAP is here.

I find it quite handy to use a *nix server as a management host for my NetApp systems. Using key based authentication and SSH the whole process is easy and secure. With the addition of bash aliases for the hosts, I can even quickly run commands against multiple hosts.

A couple of pre-requesites…you need to have either CIFS or NFS enabled and the root volume exported/shared. Also, you must have SSH enabled. I will refer you to the documentation on how to get these tasks done. I recommend you create a non-root user for any administrators to use for access (for accountability reasons). If you are ok with using root for everything, then don’t execute the following: useradmin user add some_username -g Administrators.

This will work with OnTAP 7 and OnTAP 8 7-mode. I haven’t had the priviledge of using a Clustered OnTAP system at this time, so I don’t know the process.

Read moreSSH to a NetApp Using Key Based Authentication

PowerCLI: Balance LUN paths for a Cluster

As I’ve been managing more and more infrastructures using fibre channel storage, I’ve found that it’s been somewhat difficult to keep the LUN paths to each host balanced. By balanced, I mean that for each LUN to each host, there is a number of paths and I want to make sure that, for example, each LUN 10 to each of the hosts is using path A as the primary and path B as the stand by. LUN 11 uses path B as the primary, LUN 12 back to path A, and so on.

It so happens that I’m using a DMX-4 for storage, and the policy we have is to use a fixed path policy. I realize that Round Robin would make this entire script moot, well, except for making sure that the PSP is correct. I also realize that PowerPath would be the ideal solution for EMC storage, but we don’t use it…that’s a story for another day.

This script is, admittedly, long…longer than I expected it to be. The original inspiration for this script came from Justin Emerson’s very functional and succinct script, however I was not satisfied with the way LUNs were balanced. His script queries the host for LUNs then sorts them by canonical name and round robins the paths based on the number of paths present for the first LUN.

This works well, so long as all the LUNs are present on all the hosts and they all have the same number of paths. I can only presume that he assumes that those cases have already been checked for, and fixed, prior to execution. I wanted to do that all in one script.

Additionally, and it’s rather petty, I wanted the LUNs to be balanced based off their LUN identifier rather than the canonical name…they don’t always follow the same order, and in the case of my hosts with two HBAs (and consequentially, two paths per LUN), I wanted all odd LUNs to use one path for the primary and all even LUNs to use the other. Justin’s script does an excellent job of ensuring that the paths are evenly distributed, as you will end up with the same number on each, but not in the pretty fashion I desired.

Also, thank you to Glenn, who helped me “powershellize” this script…my PowerShell looks and reads like Perl, and therefore doesn’t use a lot of the optimizations that PoSH brings…such as automatic parameter handling and other niceties.

So, without further ado…

Read morePowerCLI: Balance LUN paths for a Cluster

PowerCLI: Show HBA Path Status

When you have a lot of hosts, with a lot of LUNs, it can be difficult to keep abreast of the status of the paths for them. I have encountered issues where a path was unknowingly marked as dead, plus it’s generally a good idea to ensure that your storage paths are actually available.

Consequentially, I searched for a PowerCLI script that would give me a simple report of the status of each of the LUN paths to each of the HBAs on my hosts. I found John Milner’s post to be very helpful, and it gave me exactly the results that I wanted. However, it took forever to execute…almost 30 minutes for just one of my clusters (to be fair, that cluster has 12 hosts with > 100 LUNs and two paths to each).

Using his script as an example, and keeping a good bit of the formatting code, I have modified his script to use views of the host objects and cull the information from there. This makes it significantly faster…what took 28 minutes before now takes about 30 seconds.

Read morePowerCLI: Show HBA Path Status

Atlanta PowerShell User Group

Last week I had the pleasure of presenting to the Atlanta PowerShell User Group.  The presentation was available over live meeting, if you missed it the recording can be found below.  The scripts used in this presentation can also be downloaded here.  Note we had a little problem getting the audio working so fast forward to the 2:00 minute mark.

Atlanta PowerShell User Group August 2011 from Glenn Sizemore.


Perl Toolkit: Check ESX(i) host time

I had an issue recently where a single ESXi host’s clock was incorrect. The administrator had never set the clock initially, so NTP never kept it in sync cause it was too far off to begin.

Since I’ve got a large number of hosts and the idea of clicking to each one through VI Client and checking the configuration tab, I immediately turned to PowerCLI. Naturally, one of Luc‘s scripts was the top search result.

That solved my immediate need to check the hosts, but I also wanted to setup some general monitoring. Since my monitoring infrastructure is compromised, primarily, of a linux Nagios host, that means PowerCLI couldn’t help. So, I did the next best thing and ported Luc’s script to perl.

Below is the result of that porting. It can also be run from vMA for reporting via email or another mechanism.

Read morePerl Toolkit: Check ESX(i) host time

NetApp PowerGUI PowerPack, the inside story.

My NetApp fanboyism is fairly well established at this point.  I devoted almost three years to developing a PowerShell module that would teach NetApp how PowerShell worked.  To my delight a year ago at TechED they took the storage world by surprise when they shipped an official module.  I was then humbled to learn that they had found PoshONTAP, and used it as a blueprint when developing the DataONTAP PowerShell toolkit.  This experience taught me a valuable lesson.  If you believe in something… just do it… life has a funny way of sorting it all out.  I took this philosophy an started anew , and my career ski rocketed.  The affirmation of all that work was when NetApp approached me six months ago.  At first I didn’t believe it was possible, but after many grueling interviews I started to realize I could do this job.  Fast forward two months and I’m all settled in at NetApp, and LOVING it!  This place is the google of the storage/IT world.  Everywhere you look there is another brilliant engineer, but something was still missing… The PowerShell toolkit had shipped and was doing fantastic, but PowerShell still wasn’t in the forefront of developers writing the tools for a windows administrators.  I thought about what I could do, again if you believe in something just do it.  Enter PowerGUI.

A while back Kirk had approached me about writting a PowerPack for NetApp, and I always thought it was a great idea.  So… I learned, and learned fast.  Turns out a PowerPack is fairly simple to author.  About a week later I had a working demo to show around internally.  I had my position papers worked out, and had the elevator pitch ready.  I was going to hit the streets and sell PowerShell using PowerGUI as my catalysis.  Then something amazing happened, everyone I showed PowerGUI to loved it! Furthermore they instantly knew the advantage of building a tool on top of PowerShell had.  I didn’t have to sell anything the tool simply sold itself.  At MMS this year if you stopped by during a lull you would have gotten an early alpha demo of the PowerPack.  I gave my boss said demo, and his guidance was clear, SHIP IT!  Over the past month with the help of the whole team, we went through the gambit from legal to marketing, but in the end my secret project shipped yesterday.  What started out as a sales tool ended up being such a compelling user interface that we just couldn’t keep it to ourselves.

If your a PowerGUI user of just a NetApp customer check out PowerGUI, and the PowerPack, as I think it is quite compelling.


Update: There is a known bug in PowerGUI where the first two objects returned don’t display alias properties, as the DataONTAP Toolkit uses alias’s heavily many object appear to be blank. Kirk’s team know about the issue and are working to fix it.