Creating a New User with the Privileges Required for Monitoring the NetApp Unified Storage

As mentioned earlier, to run the API commands provided by the NMSDK and collect metrics, the eG agent requires the following privileges: login-http-admin,api-aggr-check-spare-low,api-aggr-list-info,api-aggr-mediascrub-list-info,api-aggr-scrub-list-info,api-cifs-status,api-clone-list-status,api-disk-list-info,api-fcp-adapter-list-info,api-fcp-adapter-stats-list-info,api-fcp-service-status,api-file-get-file-info,api-file-read-file,api-iscsi-connection-list-info,api-iscsi-initiator-list-info,api-iscsi-service-status,api-iscsi-session-list-info,api-iscsi-stats-list-info,api-lun-config-check-alua-conflicts-info,api-lun-config-check-cfmode-info,api-lun-config-check-info,api-lun-config-check-single-image-info,api-lun-list-info,api-nfs-status,api-perf-object-get-instances-iter*,api-perf-object-instance-list-info,api-quota-report-iter*,api-snapshot-list-info,api-vfiler-list-info,api-volume-list-info-iter*

To create a new user with the aforesaid privileges, do the following:

  1. Login to the system hosting the remote agent.
  2. Connect to the storage controller’s console via SSH (say, using puTTy.exe ).
  3. Run the following command at the console to create a new role:

    useradmin role add <Name_of_new_role> -c "<A_brief_description_of_new_role>" -a <Comma-separated_list_of_privileges_to_be_granted_to_the_new_role>

    For instance, to create a role named eG_role with all the privileges required for monitoring NetApp Unified Storage, the command will be as follows:

    useradmin role add eG_Role -c "role for eG user" -a login-http-admin,api-aggr-check-spare-low,api-aggr-list-info,api-aggr-mediascrub-list-info,api-aggr-scrub-list-info,api-cifs-status,api-clone-list-status,api-disk-list-info,api-fcp-adapter-list-info,api-fcp-adapter-stats-list-info,api-fcp-service-status,api-file-get-file-info,api-file-read-file,api-iscsi-connection-list-info,api-iscsi-initiator-list-info,api-iscsi-service-status,api-iscsi-session-list-info,api-iscsi-stats-list-info,api-lun-config-check-alua-conflicts-info,api-lun-config-check-cfmode-info,api-lun-config-check-info,api-lun-config-check-single-image-info,api-lun-list-info,api-nfs-status,api-perf-object-get-instances-iter*,api-perf-object-instance-list-info,api-quota-report-iter*,api-snapshot-list-info,api-vfiler-list-info,api-volume-list-info-iter*

  4. Once the role is created successfully, proceed to create a new user group and assign the newly created role to it. The command for this will be:

    useradmin group add <Name_of_new_group> -c "<A_brief_description_of_new_group>" -r <Name_of_new_role>

    For instance, to create a group named eG_Group and to assign the eG_Role to it, the command will be as follows:

    useradmin group add eG_Group -c "Group for eG user" -r eG_Role

  5. Then, create a new user and add that user to the newly created group. The command for the same is as follows:

    useradmin user add Mname_of_new_user> -c "<A_brief_description_of_new_user>" -g <Name_of_new_group>

    For instance, to create a user named eG_User and to add that user to the eG_Group that you created previously, the command will be as follows:

    useradmin user add eG_User -c "User for eG to monitor NetApp" -g eG_Group

    This command, upon execution, will request for the password of the new user. The password is case-sensitive, and should be atleast 8 characters long. Itmust contain atleast 2 alphabets and 1 digit.

    New password:
    Reype new password:

  6. Then, confirm the new user’s password by retyping it.