Unsolved
This post is more than 5 years old
54 Posts
0
1938
VPLEX Curl Authentication w/o Password?
Hi all-
We're writing some bash scripts to do certain queries against VPLEX using Curl/REST and we're wondering an easy way to pass shared certificates for authentication besides sending Username/Password's across the wire (Even though it is secure w/ SSL, etc). Also we would rather not have the Username/Password in our scripts.
Is there a way in Curl to do this against VPLEX, and where would I find and/or generate keys to do this?
The authentication portion of the Bash script looks like the following. Been thinking about using Gkeyring in Linux to secure the password portion, but wondering about shared keys on the VPLEX management host and how that could be better.
curl -k -s -H "Username:$VUser" -H "Password:$VPass" -H "Accept: application/json;format=1;prettyprint=0" -o $TMP0 \
"https://$VP/vplex/cluster-contexts"
grep -q "User authentication failed" $TMP0
Any suggestions welcome!
-Brian
Ayrton_Senna1
62 Posts
1
December 5th, 2016 12:00
Pure shell method, because REST and CURL are bit cumbersome as far as im concerned.
I will show a little example on how to collect device summary info and save it in our local machine.
I recommend setting up ssh key pairs between VPlex mgmt server and your local machine. This avoids the need to write password in your script. You still need to place the password in a login script on vplex mgmt server ( it is ok to do so because people can not open this file unless they actually get into vplex).
1)setup ssh key between your machine(lets call host1) and admin account of vplex (vplex001)
2)Save a script similar to the following on vplex server , create a directory called dir1 in vplex and save this script as example.ksh and chmod +x
#!/bin/bash -x
expect << EOF
spawn vplexcli
# Look for login prompt
expect -re "Name:"
# Send login
send "admin\r"
# Look for password prompt
expect -re "Password:"
# Send password - your password if different
send "dummypassword\r"
expect -re "VPlexcli:/> "
send "ls /clusters/**/devices\r"
set timeout 60
expect -re "VPlexcli:/> "
expect eof
send "exit\r"
EOF
3)Now on your host1 create a simple script to gather & run the example.ksh saved on vplex001 and save output locally in your machine
###From your host1##
#!/bin/bash -x
ssh -tt admin@vplex001 ./dir1/example.ksh >> output_of_the_script.txt
exit 0
4) Done, you can pretty much collect any sort of info by modifying last part in step 2.
5)You need to figure out how to setup the ssh key pair. For this you need root password of vplex mgmt server. Support folks can help you with that. Once you know the root password you can setup the ssh key yourself (just like any other linux machine)
This way, your password is safe inside VPLEX. No one can access it unless they have access to your machine or knows the login details of vplex.
boydbria
54 Posts
0
December 6th, 2016 05:00
This is helpful for sure, thank you. Only issue we have w/ our current scripts though is that they are doing RESTApi calls but we may convert to pure shell as you're suggesting. Seems as though RESTAPI calls against Vplex take hours sometimes to finish up.