Filer Configuration

The plugins from Check NetApp-REST connect to the NetApp devices with a user and password to retrieve the status and performance data. Here we explain how to create this user on a NetApp device with RESTful API (>= Ontap 9.6).

Keep the users name short (not longer than 15 characters) in order to avoid problems with third-party tools (e.g. Windows domain user, LDAP).

To make your live easy avoid shell-active characters like backslash or exclamation mark in the password. E.g. jGyi8CHP_83d will make you less headache than 0815!nagios\123.

NetApp Filer

To get a monitoring-user you can ask your NetApp-partner on how to create a read-only user with sufficient but not too high privileges, refer to your product-documentation or you can use the following type-script to create it.

Typescript Monitoring User

Create a role first and then a user.

The creation of the role for RESTful API users ist different from how to create them for ZAPI users.

Create role

The following rest-role is an exact copy of the built-in readonly role with one additional api-path for the Certificate check. Replace the example-name sim97 with the one of your filer.

sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api -access readonly
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/cluster -access readonly
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security -access none
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security/audit/destinations -access readonly
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security/authentication/password -access all
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security/certificates -access readonly

Check Result

sim97::security login rest-role> show monitoring                                                                        
               Role                                    Access
Vserver        Name            API                     Level
----------     -------------   -------------------     ------
sim97          monitoring      /api                    readonly
                               /api/cluster            readonly
                               /api/security           none
                               /api/security/audit/destinations     
                                                       readonly
                               /api/security/authentication/password     
                                                       all
                               /api/security/certificates     
                                                       readonly
6 entries were displayed.
Create user

The creation-process of the user is the same for all Ontap cdot-versions we are aware of.

sim97::security login> create monitoring -role monitoring -comment "system-monitoring user, readonly" -application ontapi -authentication-method password 
sim97::security login> create monitoring -role monitoring -application http -authentication-method password 

Check Result

sim97::security login> show monitoring                                                                      
Vserver: sim97
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
monitoring     http        password      monitoring       no     none
monitoring     ontapi      password      monitoring       no     none
2 entries were displayed.