Generating a Pure1 REST JWT with Python

I’ve written about generating the JSON Web Token for Pure1 REST API authentication before. Mostly around PowerShell. Though of course many may not want to use PowerShell and prefer to opt for something like Python.

So here is the process.

We have a script posted on the support site here. But that actually doesn’t return the JWT, it creates a session. So it takes the next step after the JWT. But if you just want to generate the JWT so something else can authenticate it won’t do the trick. So I made some modifications and threw it on GitHub as a gist. You can get it here:

https://gist.github.com/codyhosterman/697ebfd72c4f7f7276afc3b74e3b5e40

First off let’s review how to actually authenticate:

  1. Create a private/public key pair
  2. Enter the public key into Pure1
  3. Take the provided application ID and generate a JSON web token
  4. Send the JSON web token to Pure1 for an access token

I will walk through step 1-3. Using Python on Linux to generate the JWT.

Continue reading “Generating a Pure1 REST JWT with Python”

Managing vCenter Permissions for Pure1 VM Analytics

For the un-initiated, Pure1 VM Analytics is a tool where you can deploy a collector and authenticate it with one or more vCenters. That collector then sends performance and topology data back to Pure1. We then display it in an easy-to-understand view to help you view your end-to-end environment. Identify performance bottlenecks, heavy hitters, whatever.

For this to work, the collector needs authentication to vCenter of course, but not a lot. Read Only will do. If you want it to see the entire vCenter and every object, the simplest option is to create a new user, and assign it read-only permissions to the vCenter object and propagate it down to everything:

Then select your user, choose read only and make sure to select “Propagate to Children”

Continue reading “Managing vCenter Permissions for Pure1 VM Analytics”

Pure1 REST API Authentication Made Easy

I’ve been working with the Pure1 REST for about a year now and have really enjoyed what it brings. I’ve integrated it into a few things: PowerShell. vRO. vSphere Plugin. One of the “tricky” things about it though is the authentication. Instead of a username and password it requires the use of a RSA256 public/private key pair. This is inherently more secure, but of course requires a bit more know-how when it comes to pair generation.

I simplified a fair amount of it in PowerShell, but didn’t quite get to the finish line. The generation of the key pair could be done but it came in the form of a PFX–which basically combines the public key and private key into one file. Unfortunately, Pure1 requires the them to be separated as all it needs is the public key, not your private key. While this is “better” it does leave Windows users at a bit of a disadvantage–there is no built in mechanism to generate this without installing OpenSSL directly. The process could not be done entirely in PowerShell. Or so I thought…

Continue reading “Pure1 REST API Authentication Made Easy”

Pure Storage Plugin 4.2.0 for the HTML-5 vSphere Client

Another quarter, another vSphere Plugin release from Pure! This is the release I have been really looking forward to as it sets the stage for a lot of the future work I want to build into the plugin. To recap:

  • 4.0.0 was our initial release of our plugin that only had the basic configuration support and VMFS management.
  • 4.1.0 was the 2nd release that added vVol support back into the plugin.
  • 4.2.0 enhances the plugin to add more vVol stuff into it as well as Pure1 Integration! So we are finally to the point where we are adding features into it that were never in the previous flash plugin. Yay!

So what are the new features?

  • Pure1 authentication
  • FlashArray fleet registration
  • Load meter integration
  • Pure1 tag integration
  • Intelligent provisioning
  • Full VM-undelete
Continue reading “Pure Storage Plugin 4.2.0 for the HTML-5 vSphere Client”

VM Analytics Collector Now an OVA

Hear ye, hear ye! The VM Analytics Collector now comes in a new flavor! And OVA! Yay! I understand this is more of a “about time, why didn’t you have this in the first place?” kind of a thing, and fair enough, but here we are.

Now the current OVA is somewhat a shadow of what we expect it to be, a lot of the work that went into this was to build the ground work to use this for many other things. So certainly expect this to be developed and offered in more advanced and flexible ways. But for now, it is an OVA that is locked down that contains one thing: the collector.

Image result for the collector

No, not that collector. The vCenter collector for our VM Analytics tool.

Continue reading “VM Analytics Collector Now an OVA”

Assigning Read Access to Windows Private Key

I have written about authenticating with the Pure1 REST API, and my PowerShell module in the past:

https://www.codyhosterman.com/2019/01/using-the-pure1-rest-api-part-i-powershell/

NOTE: This workaround is not really needed anymore with the default behavior of the module. See this post: https://www.codyhosterman.com/2019/12/pure1-rest-api-authentication-made-easy/

One of the issues is that if you followed my default instructions, you would need to run the PowerShell window as an admin to be able to create the connection. The answer–now that I think about it is fairly obvious: non-admin users (or admins not running in admin mode) don’t have security rights to it. Duh!

Continue reading “Assigning Read Access to Windows Private Key”

Pure Storage Plugin v3 for vRealize Orchestrator

We just released an updated plugin for vRO today that is fully certified by VMware and is available on the VMware marketplace:

Download it here.

What are the new features? Well a lot–some various bug fixes, but this is mostly about new features:

  • ActiveCluster support
  • Enhanced protection group information
  • Throughput limits
  • Volume Groups
  • Pure1 REST API integration
  • Protocol Endpoints
  • Host Personality
Continue reading “Pure Storage Plugin v3 for vRealize Orchestrator”

Pulling Performance Statistics from Pure1 with PowerShell

I have written a few posts recently on using the Pure1 with PowerShell, like below:

I made a PowerShell module you make it easy for you to use, which can be installed via install-module from the PowerShell gallery. Details here:

https://www.codyhosterman.com/scripts-and-tools/pure1-rest-api/pure1-powershell-module/

Continue reading “Pulling Performance Statistics from Pure1 with PowerShell”

Using the Pure1 PowerShell Module

Recently I wrote a blog post on how to authenticate and connect to Pure1 via PowerShell. You can find that here:

I have made authentication MUCH easier:

https://www.codyhosterman.com/2019/12/pure1-rest-api-authentication-made-easy/

But it is fairly involved, so I made it easier for you (and me) by writing a PowerShell module and posted in on the PowerShell Gallery.

https://www.powershellgallery.com/packages/Cody.PureStorage.Pure1/

Continue reading “Using the Pure1 PowerShell Module”

Using the Pure1 REST API Part I: PowerShell

In my last post, I spoke about the ins and outs of using the Pure1 REST API–but it was a fairly manual process. Which of course is not how you really want to use a REST API. So the first part of this series will be using it with one of my favorite tools: PowerShell!

I will separate this into five parts:

  1. Creating your certificate
  2. Adding your public key into Pure1
  3. Creating your JWT
  4. Authenticating with Pure1
  5. Making REST calls after authentication

UPDATE!!!! I made this much easier, you can use my module to connect to Pure1 which is on the PowerShell gallery.

You can find more information on it here:

https://www.codyhosterman.com/scripts-and-tools/pure1-rest-api/pure1-powershell-module/h

Continue reading “Using the Pure1 REST API Part I: PowerShell”