Loading...

Follow PS /Users/Barkz on Feedspot

Continue with Google
Continue with Facebook
or

Valid

My blog’s SSL certificate recently expired and it was a mad dash to get a new one and back to HTTPS status. I always forget all of the openssl commands so figured I’d document them here for my future reference but also thought I’d share as a quick reference for others. I use my domain name (purepowershellguy) for all of the <NAME> references.

Steps

1. Create Key and CSR files
2. Copy the CSR certificate data the service you are using to obtain the CRT.
Open up in your editor of choice and copy to use with
your certificate service (eg. digicert, network solutions).

Example:

-----BEGIN CERTIFICATE-----
Blah, blah, blah....
-----END CERTIFICATE-----

3. Create P7B file from CRT
4. Create PEM file from P7B
5. Create PFX from Key and PEM files
6. Add PFX to web server

openssl req -new -key <NAME>.key -out <NAME>.csr
openssl crl2pkcs7 -nocrl -certfile <NAME>.crt -out <NAME>.p7b
openssl pkcs7 -in <NAME>.p7b -inform PEM -out <NAME>.pem -print_certs
openssl pkcs12 -export -inkey <NAME>.key -in <NAME>.pem -name <NAME> -out <NAME>.pfx

Reminder for myself.

Cheers//barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The New-PfaCliCommand is a cmdlet we introduced for situations that the REST API is updated in a new version of Purity but the new REST endpoints are not supported in the PowerShell SDK just yet.

Example

New-PfaCLICommand -EndPoint 10.21.201.57 -Credentials $Creds `
    -CommandText "purevol list"

When using this cmdlet be sure that your firewall rules allow for Port 22 traffic. Otherwise the cmdlet will fail and the following error will be returned.

New-PfaCLICommand : A connection attempt failed because the connected party did not properly respond after a period of
time, or established connection failed because connected host has failed to respond
At line:3 charrl
+ New-PfaCLICommand -EndPoint Sarray -Credentials $cred -CommandText "? ...
+ Categorylnfo	: NotSpecified: (:) [New-PfaCLICommand], SocketException
-I- FullyQualifiedErrorld : System. Net. Sockets. SocketException, PurePowerShel 1. NewCLICommand

Side note, you’ll see in the error message the CommandText is a “?”. If you use that it will show the results of purehelp.

Cheers//barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Pure Storage PowerShell SDK supports our REST API from 1.0 — 1.13 today. If you want to know what the highest version that is supported by a FlashArray use the below URL and see the results of “version”. The SDK supports backward compatibility for previous versions of the REST API.

To view the REST API versions available on your FlashArray use the below URL.

https://{FlashArray_Name}/api/api_version
{"version": ["1.0", "1.1", "1.2", "1.3", "1.4", "1.5", "1.6", "1.7", "1.8", "1.9", "1.10", "1.11", "1.12", "1.13"]}

Below is how to use the New-PfaArray cmdlet to connect to a FlashArray. In the example you’ll see the use of -Version 1.13. As a best practice using this parameter helps to ensure backward compatibility with your existing scripts. This is important with the SDK because as we introduce new REST API updates the SDK may not be on parity with the new REST version. As you are developing your scripts using this parameter will ensure they work. If this parameter is not specified it will default to using the highest version of REST that is available and could cause issues.

PS C:\> $FlashArray = New-PfaArray -EndPoint 10.21.201.57 -Credentials (Get-Credential) -Version 1.13 -IgnoreCertificateError

To explain why this is important let’s look at the New-PfaCertificateSigningRequest cmdlet. In REST 1.11 we did not support named certificates and any operations worked without using a name. Using REST the GET/cert method retrieves attributes of a single certificate. In REST 1.12+ we support named certificates. Using the previous REST call in 1.12 (GET/cert) would fail. You would need to use GET/cert/<certname> to retrieve specific attributes for that certificate. In the current SDK 1.13 we do not support named certificates only single certificates.

Without using the -Version parameter when establishing the FlashArray connection a script would fail as it defaults to the highest version of the REST API. But if you specify as you develop scripts this would work because it is targeting that specific REST API.

So to ensure the New-PfaCertificateSigningRequest cmdlet works the New-PfaArray cmdlet would be as follows:

PS C:\> $FlashArray = New-PfaArray -EndPoint -EndPoint {FQDN/IP} -Credentials (Get-Credential) -IgnoreCertificateError -Version 1.11

I hope this helps explain why it is a best practice to use -Version parameter and how it can help safe guard your scripts.

Thanks //barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

There were a few bugs discovered in Test-WindowsBestPractices cmdlet.

  • CustomPathRecoveryTime — Was not setting the actual value from the system setting to our best practice of 20.
  • DisableDeleteNotification — The setting for this feature was not being evaluated properly.

New release 1903.7 is available from the PowerShell Gallery.

Install-Module -Name PureStoragePowerShellToolkit

Be sure to add Issues to the repo so we can address. See https://github.com/PureStorage-OpenConnect/powershell-toolkit/issues.

Thanks //barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

A few weeks back I attended the Storage Networking Industry Association (SNIA) Symposium and Storage Management Initiative (SMI) Plugfest. I spent my time at the plugfest to work with Swordfish, and I was not disappointed the most! The best thing about this plugfest was the setup of the Redfish and Swordfish emulators and Swordfish Basic Web Client.

The emulators are pretty straightforward to setup but you must follow the documentation. First use the DMTF Redfish instructions then Swordfish instructions. I use a MacBook and setup both the API emulators without issue. The below screenshots represent the Redfish/Swordfish emulator.

Redfish/Swordfish Emulator

Once the emulator is running you can view the details via a browser and for Swordfish there are the StorageServices and StorageSystems.

Example of browsing to the emulator at localhost:5000/redfish/v1

There is also Swordfish Basic Web Client which will represent a GUI for managing and viewing the details. Again be sure to read the documentation for the basic web client.

Swordfish Basic Web Client

A very cool project that was presented was from Texas Tech University for Swordfish Emulated Data Center, all container based. Full scale-out testing for Swordfish.

Swordfish Emulated Data Center (SW-EDC) : guideline video - YouTube

There is a lot of activity happening within the Scalable Storage Management (SSM) Technical Working Group as well. Working on collaborating with SANNINJA on a PowerShell Module that provides a basic wrapper on the Redfish and Swordfish APIs and cmdlets. More to come here!

Resources

Happy fishing //barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We have developed PowerShell Modules to support management and automation for the FlashArray, VMware, Windows Server, Exchange, Pure1 and soon FlashBlade. As we continue our investments adding more PowerShell modules we are taking a step back and asking “Are there too many?”

Today we have the following:

  • The new Pure1 PowerShell Module (see Cody’s blog).
  • Pure Storage PowerShell Toolkit, specific cmdlets that augment the SDK cmdlets or provide reporting and best practices checking.
  • Under development is the PowerShell FlashBlade Toolkit.
  • Pure Storage VMware PowerShell Module (see Cody’s blog)


We are internally discussing combining these different modules into a comprehensive Toolkit. We are looking for feedback on whether you agree with us about the approach. One of our big focuses at Pure Storage is “Simplicity” and we feel that having to Import/Install all these different modules is cumbersome.

I’m sure you noticed that I did not list the PowerShell SDK above. The SDK is our binary module and is 100% focused on the FlashArray management/automation. We would not be adding non-specific FlashArray APIs to the SDK. Eventually there could be a possibility the above items listed could be combined into a larger SDK, but that is some time out in the future (if ever).

We are open to feedback here as we are still discussing internally. Please post feedback into the #PowerShell slack channel. If you are not a member of our code slack team please invite yourself using https://codeinvite.purestorage.com.

We look forward to hearing your feedback!

Thanks //barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In my previous post I discussed how to achieve data mobility between on-premises and the cloud which focused on a Microsoft SQL Server production and dev/test use case. In that data mobility demonstration you most likely noticed that all of the interactions between the on-premises FlashArray and Cloud Block Store were accomplished using Windows PowerShell. In this post I will expand on the different automation techniques that can be used across on-premises and the cloud.

The Purity operating environment was designed with API first in mind. That focus applies to all of our different platform offerings; Pure1®, FlashBlade, FlashArray and our recently announced Cloud Block Store. Having a consistent API experience allows DevOps and IT teams to focus on implementing automation solutions without having to reinvent the wheel. As I always say, “if you perform the task more than 2x, then it should be automated.” With that philosophy in mind, DevOps and IT teams can focus on solving business problems vs manually repeating tasks.  

There are several different automation techniques that can be used with the FlashArray and Cloud Block Store endpoints.

REST API

All of the REST documentation for FlashArray and Cloud Block Store can be accessed directly from our web management interface. The API documentation reflects the latest Purity release and matching REST API. In the example screenshot below, Purity 5.1.5 uses the REST API 1.15.

By clicking on the REST API Guide menu item, you can access our full API documentation.

Different tools can be used to access the REST API directly. The first part of the demonstration video below shows using Postman to execute REST requests & responses. Any REST API compliant tool can be used to perform the same actions.

PowerShell SDK

Anything that can be accomplished using the REST API directly can also be done using the Pure Storage PowerShell SDK. The SDK is a binary module wrapper for our REST API. The Pure Storage PowerShell Toolkit provides some additional cmdlets that combine some of the SDK cmdlets into a single cmdlet. A good example of this is the New-FlashArrayCapacityReport which leverages 10 different SDK cmdlets to produce the report.

Both the SDK and Toolkit can be installed from the PowerShell Gallery (PSGallery) using the below. The Toolkit is open source can be accessed on Github at https://github.com/PureStorage-OpenConnect/powershell-toolkit.

Install-Module -Name PureStoragePowerShellSDK
Install-Module -Name PureStoragePowerShellToolkit

The demonstration video shows several different cmdlets being used to work with Cloud Block Store. You can see some of the tasks I performed in the screenshot below. They include connecting to a Cloud Block Store instance and showing different hosts that have been configured in Cloud Block Store.

In the screenshot below, we can see how to retrieve a specific volume, create a new volume and take a snapshot of that new volume.

If you’d like to get more information about the PowerShell SDK and Toolkit, I suggest you take a look at the Getting Started Guide available in the Microsoft Platform Guide which goes into all of the details of connecting, creating volumes, hosts and more.

Python Toolkit (aka REST Client)

The Pure Storage FlashArray REST Client is a python module that simplifies integration with the Pure Storage FlashArray REST interface. It wraps REST calls with simple APIs and abstracts the HTTP request and response handling. For specifics on API arguments, consult the REST API guide for the Purity release currently running on the target array.

This library is designed to provide a simple interface for issuing commands to a Pure Storage Flash Array using a REST API. It communicates with the array using the python requests HTTP library.

Additionally, this library can only be used to communicate with Pure FlashArrays that support one or more REST API versions between 1.0 and 1.16; currently, this includes any FlashArray running Purity 3.4.0 or later.

The below screenshot shows several different tasks being performed, (1) importing the module, (2) connecting to Cloud Block Store, and (3) retrieving hosts and a specific volume named “CloudBlockStorageVol4”.

All of the details for the Python Toolkit (aka rest-client) can be accessed on GitHub at https://github.com/PureStorage-OpenConnect/rest-client.

To wrap it up, I suggest you watch the video below where you’ll be able to see a live demo of all the topics I touched upon in this blog post:

Common Private Cloud and Public Cloud Automation for Developers - YouTube

As always, feel free to share your comments and feedback on this post and video below, and be sure to check out https://code.purestorage.com for all of our GitHub projects. We are also always open to feedback, feature requests and issues using all of the features within the respective GitHub repositories.

If you have any questions about our REST API, PowerShell, Python, Ansible and more, join our slack team by signing up at https://codeinvite.purestorage.com.

Thanks,
Barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Today Pure announced Cloud Block Store for AWS which offers a way for the Pure Storage platforms to be extended into public cloud. There are many different use cases that Cloud Block Store can be used for and the one that I focused on was around data mobility.

The data mobility use case for this demonstration involves how to asynchronously replicate an on-premises Microsoft SQL Server 2017 database running on a Pure Storage FlashArray//M20 host in Equinix to Cloud Block Store. After replicating the database volume we bring up a development instance connected to a SQL Server instance running as an Amazon EC2 instance. The entire demonstration is automated using the Pure Storage PowerShell SDK.

The following visualization defines the individual components of the demonstration.

We have an on-prem production Microsoft SQL Server instance with a database attached. The database has active insertions running against a demonstration table named CloudBlockStore. Once the active I/O is running on the database the following steps are performed as part of the on-prem automation.

On-Prem Automation Steps

(1) Take a snapshot of the volume which hosts the AdventureWorks2017 database. This will be known as the development snapshot.

(2) After creating the snapshot, we dynamically connect the on-prem FlashArray to Cloud Block Store and configure all settings to allow asynchronous replication.

(3) A protection group is created and configured with member volumes then replicated immediately to Cloud Block Store.

(4) After the replication has been initiated a new volume is created from the development snapshot and mounted to the production SQL Server instance just to show that the local snapshot is usable. New insertions are then started on that development database.

Now that the on-prem database volume has been replicated to Cloud Block Store we can begin the restore process.

Cloud Block Store Steps

(1) Using the snapshot from the replicated protection group a new volume is created which contains the development database.

(2) Once a new Pure volume has been created we mount that to the SQL Server instance running in Amazon EC2.

(3) Just as we did with the on-prem deployment we dynamically attach the database using Invoke-SqlCommand and begin writing data to the development instance.

At this point there are many different paths that can be taken such as, (1) Perform database schema changes and replicate back to the on-prem SQL Server deployment or (2) Scale out additional development EC2 instances for additional developers or testers.

Here is the demonstration video that walks through all of the different steps.

Replicate On-Prem Microsoft SQL to Cloud Block Store in AWS - YouTube

All of the PowerShell automation scripts are available on GitHub <LINK>. The cool thing about these automation scripts is that regardless of using the FlashArray or Cloud Block Store they use all of the same PowerShell cmdlets and offer a consistent automation scripting experience. These scripts can easily be used for FlashArray to FlashArray or to Cloud Block Store.

There are many more scenarios for how Cloud Block Store can be used for data mobility, disaster recovery and development. The team is very excited for the road ahead with our cloud integrations.

Read more about Pure’s cloud vision in our announcement blog. If you are interested in signing up for the Beta

Cheers — Barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

We have had a Slack team for our Pure/Code() community but joining was more word of mouth, get a Slack invite from one of our Systems Engineers or Solutions Architects.

I have updated our Pure/Code() site with a direct link to join the team. There are a number of different channels that cover our CLI, PowerShell, Pure Service Orchestrator, python, REST API, Ruby and a few others. 

–Barkz

  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Today we are announcing the Tech Preview of the Pure Storage Extension for Windows Admin Center! The Pure Storage Extension for Windows Admin Center provides the ability to manage Pure Storage FlashArray’s. We will be showcasing the extension this week at Microsoft Ignite at booth #402

Microsoft released Windows Admin Center (WAC) on September 20th. This is the next-generation graphical management for Windows Server. WAC is the replacement for Windows Server Manager and can also be hosted on Windows 10 machines. It provides Server, Failover Cluster, Computer and Hyper-Converged Management features. Full details can be read on Microsoft Windows Admin Center blog

The features that are included in the Pure Storage Extension include:

  • Connecting to multiple FlashArrays.
  • View the FlashArray details, this includes IOPs, bandwidth, latency, data reduction and space management. All the same details you get from the FlashArray Management GUI.
  • View configured host groups.
  • View Hosts — All of the connectivity information is available including  Host Names, iSCSI Qualified Name (IQNs) and World Wide Names (WWNs).
  • Manage Volumes — This includes the ability to create and destroy volumes. Once a volume is destroyed it will be placed in the Destroyed items bucket and you will need to Eradicate from the main FlashArray Management GUI.
  • Manage Initiators — This is one of the most interesting features as we are providing context to the individual servers being managed by the Windows Admin Center deployment. You can view the connected disks (volumes) to individual Windows Servers, check if MultiPath-IO (MPIO) is installed/configured and creating/mounting new volumes.

As the saying goes a picture is worth a thousand words, and I believe the same applies to demonstrations. This demo shows all of the different features available as part of the extension.

Pure Storage Extension for Windows Admin Center - YouTube

This is a Preview release that customers and partners can deploy in non-production environments. We will be moving towards General Availability (GA) sometime in early 2019. Once deployed in your environment we would love to get your feedback on usability as well as any features requests.

Be sure to check out all of the sessions at Microsoft Ignite from the Windows Admin Center team.

Cheers,
Barkz

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview