Mailing List Archive

Creating a readonly user to monitor NetApp cluster via check_mk
Hello fellow toasters users ...

We're in the process of deploying a pair of new CDOT filers and
one of the things we'd like to setup with them is having check_mk
(nagios and rrd, under the hood) monitor various attributes. We have
a working instance at the moment using snmp to query the filers,
but check_mk also provides a "plugin" that claims to work with the
filer's web interface, so we'd like to examine that.

To that end, I've setup a read-only user on the filer, that I intend
will be able to access the web interface:

security login create -vserver fc1-na -user-or-group-name nul_cmk \
-application http -authentication-method password -role readonly \
-comment "check_mk monitoring"

The user shows up when I "show":

fc1-na::> security login show -vserver fc1-na -user-or-group-name nul_cmk

Vserver: fc1-na
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
nul_cmk http password readonly no none

The readonly role is unchanged from the OS default:

fc1-na::> security login role show -vserver fc1-na -role readonly
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
fc1-na readonly DEFAULT readonly
security none
security login password all
security login role show-user-capability all
set all
5 entries were displayed.

Trouble is that if I try to login to the web interface as that user,
the browser stays "stuck" at the "Loading system details..." spinner
widget. It's been there now for about two hours as I type this.
Of course, check_mk's plugin logs a timeout while trying to access
the interface.

I fully suspect that I'm missing something, of course, but I'm afraid
I haven't been able to find what that is. If someone out there has
experience creating such a user for readonly access, a pointer to where
I should be looking and/or documentation I should be reading would be
hugely appreciated. (cli is preferred because it's easier to document
what I've done that way, but if someone points me to resources in the
web interface I'm sure I'll be able to find what I need at the cli.)

Sylvain Robitaille

Systems analyst / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
Toasters mailing list