Exporting/Importing a Certificate with the Pure1 PowerShell Module

When deployed on Windows, the Pure1 PowerShell Module takes advantage of Windows-based certificates in the user (or specified) certificate store. On Linux or MacOS, it uses RSA private key pairs.

To relocate authentication on a Non-Windows machine to another non-Windows machine, you just copy the private key from wherever it is to the target. For Windows though you need to export the cert (which has a private key) from the certificate store, then you can copy the file to wherever.

In the latest release of the Pure1 PowerShell module (1.4.3.1) there is a new feature to do that for you–or at least simplify the process of exporting the cert with the right settings.

Let’s walk through exporting and then importing the cert. In a future post I will go into some of the other enhancements in this release in more detail.

As always the repo is here (and release notes) and it is best installed/updated via the PowerShell Gallery:

install-module PureStorage.Pure1
or
update-module PureStorage.Pure1

https://github.com/PureStorage-OpenConnect/PureStorage.Pure1

Continue reading “Exporting/Importing a Certificate with the Pure1 PowerShell Module”

Pure1 PowerShell Module 1.3.0.0, Alerts, Support Contracts, Easier authentication, Custom REST tutorial.

Just pushed out a new release of the Pure Storage Pure1 PowerShell module. Not nearly as significant of a release as 1.2.0.0, but still a couple of notable things.

As usual update with update-module PureStorage.Pure1:

The first update is simplified authentication. The first time you authenticate, you need to run New-PureOneCertificate–on Windows this will create a self-signed x509 certificate, and if run on Linux or Mac it will create an RSA key pair. By default it will store it in the user directory first logged into when running PowerShell core:

Continue reading “Pure1 PowerShell Module 1.3.0.0, Alerts, Support Contracts, Easier authentication, Custom REST tutorial.”

Generating a Pure1 REST JWT with Python

I’ve written about generating the JSON Web Token for Pure1 REST API authentication before. Mostly around PowerShell. Though of course many may not want to use PowerShell and prefer to opt for something like Python.

So here is the process.

We have a script posted on the support site here. But that actually doesn’t return the JWT, it creates a session. So it takes the next step after the JWT. But if you just want to generate the JWT so something else can authenticate it won’t do the trick. So I made some modifications and threw it on GitHub as a gist. You can get it here:

https://gist.github.com/codyhosterman/697ebfd72c4f7f7276afc3b74e3b5e40

First off let’s review how to actually authenticate:

  1. Create a private/public key pair
  2. Enter the public key into Pure1
  3. Take the provided application ID and generate a JSON web token
  4. Send the JSON web token to Pure1 for an access token

I will walk through step 1-3. Using Python on Linux to generate the JWT.

Continue reading “Generating a Pure1 REST JWT with Python”

Managing vCenter Permissions for Pure1 VM Analytics

For the un-initiated, Pure1 VM Analytics is a tool where you can deploy a collector and authenticate it with one or more vCenters. That collector then sends performance and topology data back to Pure1. We then display it in an easy-to-understand view to help you view your end-to-end environment. Identify performance bottlenecks, heavy hitters, whatever.

For this to work, the collector needs authentication to vCenter of course, but not a lot. Read Only will do. If you want it to see the entire vCenter and every object, the simplest option is to create a new user, and assign it read-only permissions to the vCenter object and propagate it down to everything:

Then select your user, choose read only and make sure to select “Propagate to Children”

Continue reading “Managing vCenter Permissions for Pure1 VM Analytics”

Pure1 REST API Authentication Made Easy

I’ve been working with the Pure1 REST for about a year now and have really enjoyed what it brings. I’ve integrated it into a few things: PowerShell. vRO. vSphere Plugin. One of the “tricky” things about it though is the authentication. Instead of a username and password it requires the use of a RSA256 public/private key pair. This is inherently more secure, but of course requires a bit more know-how when it comes to pair generation.

I simplified a fair amount of it in PowerShell, but didn’t quite get to the finish line. The generation of the key pair could be done but it came in the form of a PFX–which basically combines the public key and private key into one file. Unfortunately, Pure1 requires the them to be separated as all it needs is the public key, not your private key. While this is “better” it does leave Windows users at a bit of a disadvantage–there is no built in mechanism to generate this without installing OpenSSL directly. The process could not be done entirely in PowerShell. Or so I thought…

Continue reading “Pure1 REST API Authentication Made Easy”

Pure Storage Plugin 4.2.0 for the HTML-5 vSphere Client

Another quarter, another vSphere Plugin release from Pure! This is the release I have been really looking forward to as it sets the stage for a lot of the future work I want to build into the plugin. To recap:

  • 4.0.0 was our initial release of our plugin that only had the basic configuration support and VMFS management.
  • 4.1.0 was the 2nd release that added vVol support back into the plugin.
  • 4.2.0 enhances the plugin to add more vVol stuff into it as well as Pure1 Integration! So we are finally to the point where we are adding features into it that were never in the previous flash plugin. Yay!

So what are the new features?

  • Pure1 authentication
  • FlashArray fleet registration
  • Load meter integration
  • Pure1 tag integration
  • Intelligent provisioning
  • Full VM-undelete
Continue reading “Pure Storage Plugin 4.2.0 for the HTML-5 vSphere Client”

VM Analytics Collector Now an OVA

Hear ye, hear ye! The VM Analytics Collector now comes in a new flavor! And OVA! Yay! I understand this is more of a “about time, why didn’t you have this in the first place?” kind of a thing, and fair enough, but here we are.

Now the current OVA is somewhat a shadow of what we expect it to be, a lot of the work that went into this was to build the ground work to use this for many other things. So certainly expect this to be developed and offered in more advanced and flexible ways. But for now, it is an OVA that is locked down that contains one thing: the collector.

Image result for the collector

No, not that collector. The vCenter collector for our VM Analytics tool.

Continue reading “VM Analytics Collector Now an OVA”

Assigning Read Access to Windows Private Key

I have written about authenticating with the Pure1 REST API, and my PowerShell module in the past:

https://www.codyhosterman.com/2019/01/using-the-pure1-rest-api-part-i-powershell/

NOTE: This workaround is not really needed anymore with the default behavior of the module. See this post: https://www.codyhosterman.com/2019/12/pure1-rest-api-authentication-made-easy/

One of the issues is that if you followed my default instructions, you would need to run the PowerShell window as an admin to be able to create the connection. The answer–now that I think about it is fairly obvious: non-admin users (or admins not running in admin mode) don’t have security rights to it. Duh!

Continue reading “Assigning Read Access to Windows Private Key”

Pure Storage Plugin v3 for vRealize Orchestrator

We just released an updated plugin for vRO today that is fully certified by VMware and is available on the VMware marketplace:

Download it here.

What are the new features? Well a lot–some various bug fixes, but this is mostly about new features:

  • ActiveCluster support
  • Enhanced protection group information
  • Throughput limits
  • Volume Groups
  • Pure1 REST API integration
  • Protocol Endpoints
  • Host Personality
Continue reading “Pure Storage Plugin v3 for vRealize Orchestrator”

Pulling Performance Statistics from Pure1 with PowerShell

I have written a few posts recently on using the Pure1 with PowerShell, like below:

I made a PowerShell module you make it easy for you to use, which can be installed via install-module from the PowerShell gallery. Details here:

https://www.codyhosterman.com/scripts-and-tools/pure1-rest-api/pure1-powershell-module/

Continue reading “Pulling Performance Statistics from Pure1 with PowerShell”