The plugins from Check NetApp-REST connect to the NetApp devices with a user and password to retrieve the status and performance data. Here we explain how to create this user on a NetApp device with RESTful API (>= Ontap 9.6).
Keep the users name short (not longer than 15 characters) in order to avoid problems with third-party tools (e.g. Windows domain user, LDAP).
To make your live easy avoid shell-active characters like backslash or exclamation mark in the password. E.g. jGyi8CHP_83d will make you less headache than 0815!nagios\123.
To get a monitoring-user you can ask your NetApp-partner on how to create a read-only user with sufficient but not too high privileges, refer to your product-documentation or you can use the following type-script to create it.
The creation-process of a read-only user may differ between Ontap versions. Please contact your NetApp Partner if you are unsure.
Create a role first and then a user.
The creation of the role for RESTful API users ist different from how to create them for ZAPI users.
The following rest-role is an exact copy of the built-in readonly role with one additional api-path for the Certificate check. Replace the example-name sim97 with the one of your filer.
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api -access readonly
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/cluster -access readonly
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security -access none
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security/audit/destinations -access readonly
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security/authentication/password -access all
sim97::security login rest-role> create -role monitoring -vserver sim97 -api /api/security/certificates -access readonly
Check Result
sim97::security login rest-role> show monitoring
Role Access
Vserver Name API Level
---------- ------------- ------------------- ------
sim97 monitoring /api readonly
/api/cluster readonly
/api/security none
/api/security/audit/destinations
readonly
/api/security/authentication/password
all
/api/security/certificates
readonly
6 entries were displayed.
sim97::security login> create monitoring -role monitoring -comment "system-monitoring user, readonly" -application ontapi -authentication-method password
sim97::security login> create monitoring -role monitoring -application http -authentication-method password
Check Result
sim97::security login> show monitoring
Vserver: sim97
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
monitoring http password monitoring no none
monitoring ontapi password monitoring no none
2 entries were displayed.