I’ve written about generating the JSON Web Token for Pure1 REST API authentication before. Mostly around PowerShell. Though of course many may not want to use PowerShell and prefer to opt for something like Python.
So here is the process.
We have a script posted on the support site here. But that actually doesn’t return the JWT, it creates a session. So it takes the next step after the JWT. But if you just want to generate the JWT so something else can authenticate it won’t do the trick. So I made some modifications and threw it on GitHub as a gist. You can get it here:
In my last post, I spoke about the ins and outs of using the Pure1 REST API–but it was a fairly manual process. Which of course is not how you really want to use a REST API. So the first part of this series will be using it with one of my favorite tools: PowerShell!
I will separate this into five parts:
Creating your certificate
Adding your public key into Pure1
Creating your JWT
Authenticating with Pure1
Making REST calls after authentication
UPDATE!!!! I made this much easier, you can use my module to connect to Pure1 which is on the PowerShell gallery.
Core to most scripting with the FlashArray is figuring out what volume is on what FlashArray. Then you proceed to do what you need with it (snapshot, report metrics, whatever).
Traditionally how this was done, at least from a VMware perspective was via the NAA (network address authority). You take this number, which is how ESXi uniquely addresses a volume and slice it up to find the array serial and the volume serial. By matching the section with a particular array serial, you have identified what array owns it. Then you can make the calls to that array.
Details on how this worked are beyond the scope of this post, but you can see this here:
Awhile back I wrote about performing an operation introduced in Purity 4.6 called protection group copy, which I really referred to as protection group recovery, which I think is maybe a more apt title.
Anyways, this feature is available in our REST API and our CLI (not yet in our GUI in a direct format) but is not yet built into our PowerShell SDK. I have seen more than one request for information on how to do this, and it certainly can be done without our official SDK and this is through the good ol’ Invoke-RestMethod cmdlet built into PowerShell. I’ve spoken about using this many times, here and here.
Let’s walk through it specifically with protection group restore.
I wrote about some security changes in the FlashArray operating environment (called Purity) version 4.7 a month or so back. This was concerning the deprecation of SSL and TLS version 1.0, forcing all (management) connections to the FlashArray to use TLS 1.1 or 1.2 (read this here).
Our PowerShell SDK was enhanced so it would use the appropriate security connection type so users of that do not need to worry as long as they upgrade our SDK. But what about the few remaining functions that people might use that the PowerShell SDK doesn’t cover? As there are a few REST calls that are not built into the SDK (yet). Continue reading “Force the Invoke-RestMethod PowerShell cmdlet to use TLS 1.2”
I have quite a few PowerShell scripts these days and I run a bunch of them quite often. All of my scripts log information to a file so I can see what happened but I decided I wanted to log them into something that could help me analyze or quickly review the data. Something better than looking at a bunch of text files. One of my favorite products, VMware Log Insight was the first thing I thought of. The ingestion REST API makes the most sense. Took a little time to figure out the best way to do it, but it’s working great now. To the details!
I want to say this is the culmination of my last almost two years of creating vRealize integration for Pure Storage, but that isn’t the right word. It is a milestone, because there is still so much more cool stuff to be done. Especially with vRealize Automation. In many ways it is just the beginning! But I can now demonstrate Pure Storage FlashArray integration with the whole vRealize stack: Log Insight, Operations, Orchestrator and Automation.
Continuing my recent work on learning vRealize Orchestrator and ran into some funkiness with the “Invoke REST host” workflow, that I wanted to write down so I don’t forget how I fixed/worked around it (which I suppose is the impetus for basically every post I do). Anyways, I am working on a REST-based package for the FlashArray and I was using that workflow and had some trouble. Basically, any REST call I made through it to a REST host seemed to fail.
UPDATE: This is a older post, but after working with vRO for longer and learning a lot more about it I decided I needed to re-write this post. Too much of it was not the best way to do things.