In my last post, I spoke about the ins and outs of using the Pure1 REST API–but it was a fairly manual process. Which of course is not how you really want to use a REST API. So the first part of this series will be using it with one of my favorite tools: PowerShell!
I will separate this into five parts:
Creating your certificate
Adding your public key into Pure1
Creating your JWT
Authenticating with Pure1
Making REST calls after authentication
UPDATE!!!! I made this much easier, you can use my module to connect to Pure1 which is on the PowerShell gallery.
Hello there! The FlashArray and FlashBlade products from Pure have always had a REST API service built in–this REST service allows you to manage, provision, and pull raw statistics from the array.
But there are two pieces missing:
You need to iterate through each array if you want to intelligently place a volume on it (or find a volume or whatever)
They only offer raw statistics–you need to do some crunching possibly to get what you want. Create projections and forecast, find how busy an array is, etc.
Luckily this is what Pure1 does for you. Every customer has access to our Pure1 web tool. This is something we host, all of your dial-home information gets fed into it. We use that information to figure out how “busy” an array is, when it will fill up from a capacity or performance perspective and much more. We now offer a REST API for Pure1 as well, so you can do some one-stop shopping for the information you need, that the arrays cannot natively provide.
Awhile back I wrote about performing an operation introduced in Purity 4.6 called protection group copy, which I really referred to as protection group recovery, which I think is maybe a more apt title.
Anyways, this feature is available in our REST API and our CLI (not yet in our GUI in a direct format) but is not yet built into our PowerShell SDK. I have seen more than one request for information on how to do this, and it certainly can be done without our official SDK and this is through the good ol’ Invoke-RestMethod cmdlet built into PowerShell. I’ve spoken about using this many times, here and here.
Let’s walk through it specifically with protection group restore.
I wrote about some security changes in the FlashArray operating environment (called Purity) version 4.7 a month or so back. This was concerning the deprecation of SSL and TLS version 1.0, forcing all (management) connections to the FlashArray to use TLS 1.1 or 1.2 (read this here).
Our PowerShell SDK was enhanced so it would use the appropriate security connection type so users of that do not need to worry as long as they upgrade our SDK. But what about the few remaining functions that people might use that the PowerShell SDK doesn’t cover? As there are a few REST calls that are not built into the SDK (yet). Continue reading Force the Invoke-RestMethod PowerShell cmdlet to use TLS 1.2→
I have quite a few PowerShell scripts these days and I run a bunch of them quite often. All of my scripts log information to a file so I can see what happened but I decided I wanted to log them into something that could help me analyze or quickly review the data. Something better than looking at a bunch of text files. One of my favorite products, VMware Log Insight was the first thing I thought of. The ingestion REST API makes the most sense. Took a little time to figure out the best way to do it, but it’s working great now. To the details!
Continuing my recent work on learning vRealize Orchestrator and ran into some funkiness with the “Invoke REST host” workflow, that I wanted to write down so I don’t forget how I fixed/worked around it (which I suppose is the impetus for basically every post I do). Anyways, I am working on a REST-based package for the FlashArray and I was using that workflow and had some trouble. Basically, any REST call I made through it to a REST host seemed to fail.
UPDATE: This is a older post, but after working with vRO for longer and learning a lot more about it I decided I needed to re-write this post. Too much of it was not the best way to do things.
A question came up on our community about a Chrome extension called Advanced REST Client and I had never used it before, so I decided to check it out. Install it here. It will add an extension that allows you to make REST calls to, well whatever from your Chrome browser.
***UPDATE My coworker Barkz did an excellent post about this a few months back too, so check it out too***
Of course there are a billion ways to do this (I traditionally have just used Invoke-RestMethod in PowerShell) but this is another one for your tool arsenal . A quick and easy way to pull REST information from the FlashArray without having to learn another tool like PowerShell to do it.
***********UPDATE PLEASE REFER TO THE POST AT THIS LINK FOR UPDATED INFORMATION ON THIS SCRIPT***********************
The most common request I get for scripts here at Pure Storage is an UNMAP script using PowerCLI. I have a basic one here that does the trick–UNMAPs Pure Storage volumes in a vCenter. That being said it is pretty dumb–doesn’t tell you much about what happened other than what volumes it is reclaiming (or not reclaiming) and moves on. A few requests have come in recently for something a little more in-depth. Most notably the ability to see how much space has been reclaimed. This information cannot be gathered from the VMware side of things–it has to come from the FlashArray.
There are two options here–either use our REST APIs or use our PowerShell toolkit to get this information (which just wraps the REST calls). For this script I chose to use the REST API directly from within PowerShell. What this script does is:
Connects to the vCenter and FlashArray
Finds all of the datastores and counts how many are actually Pure Storage volumes (NAA comparison)
Iterates through all of the datastores
Skips it if it is not Pure
If it is, the current data reduction ratio is reported and so the is current physical written capacity on the FlashArray.
Runs UNMAP on the datastore
Reports the new data reduction and physical space after UNMAP completes and how much was reclaimed.
Repeats for the rest of the volumes.
The script reports all of this to the console window, but it always throws it in a log file through add-content. If you don’t want it to return the info to the console, simply delete the write-host lines. If you don’t want it to log, delete the add-content lines.
There are a few required parameters–vCenter information (IP, username, password), FlashArray info (IP, username, password), UNMAP block count and a log file location. These are hard-coded parameters, but that can easily be changed by altering it to a read-host.
You may also note that after each UNMAP the script sleeps for 60 seconds–I do this so I make sure the FlashArray has time to update its information right after the UNMAP. 60 seconds is VERY conservative–probably 10 or so is fine, so feel free to mess with that number if you don’t like waiting. I also have another sleep at the end of each datastore operation to give a quick chance to review the latest results before it starts spewing the next datastore information on the screen (note this update didn’t make it into the video demo below–it doesn’t wait after each datastore).
See the script in action below. Essentially I am deleting a bunch of VMs across 4 datastores and then running the UNMAP. You can see the space get reclaimed on the FlashArray.
Note: You need particular access (see a blog post about that here) to vCenter to run UNMAP. For the FlashArray only Read Only is needed (higher of course is fine too).