HPE Community
Application Integration
1752277 Members
4588 Online
108786 Solutions
New Discussion

Announcing release of HPE Nimble Storage PowerShell Toolkit version 2.1.0 & Linux Support

 
Chris_Lionetti
HPE Pro

‎02-28-2019 09:01 PM - edited ‎03-01-2019 11:29 AM

‎02-28-2019 09:01 PM - edited ‎03-01-2019 11:29 AM

Announcing release of HPE Nimble Storage PowerShell Toolkit version 2.1.0 & Linux Support

Sorry it has been a while since my last update, but this surrounds a bug found where the Nimble PowerShell Toolkit 2.1.0 has not been working properly on Linux platform. I have been working hard to determine the correct procedure to make this work, and have the process listed below. All of it surrounds the fact that in PowerShell 6.x they removed the ability to use Invoke-RestAPI commands and to ignore the certificate. As a security process, the certificate needs to be valid/trusted. Additionally the method to import the Server certificate automatically does not exist in PowerShell on Linux. So we find ourselves in a quandary.

If I am running PowerShell 5.x --> I can use either the 'IgnoreServerCertificate' or the 'ImportServerCertificate' options to connect.

If I am running PowerShell 6.x on Windows --> I can only use the 'ImportServerCertificate' options

If I am running on PowerShell 6.x on Linux --> Neither the Import or Ignore options work to initially install the certificate.

Note also that this is ONLY important the first time you connect, i.e. If you import the certificate, you will never need to use either option ever again.

The below procedure is to fix the PowerShell 6.x on Linux initial connection, and only needs to be done once.

From your Linux Machine (In this case I was using Ubuntu 18.04, but will test against CentOS next).

To make things easier, the red commands are typed into a Linux shell, while the blue commands are PowerShell,

Step 1.

Let's ensure that we have the most recent version of PowerShell 6.1.3 from the GitHub repository;

wget https://github/PowerShell/PowerShell/releases/download/v6/1/3/powershell_6.1.3-1.ubuntu.1.8.04_amd64.deb

sudo dpkg -i powershell_6.1.3-1.ubuntu.18.04_amd64.deb

sudo apt-get update

sudo apt-get install -y powershell

Step 2.

We will want to download the PowerShell Module to a server if your environment and place it on a share in a folder in unzipped format. Once the folder is shared out use the following command to copy it to a modules directory on your Linux Server.

I have found that its easier to install an SMBClient and just grab the files that it is to actually mount the share, for that I need to install the SBMClient software

sudo apt-get smbclient

cd /opt/microsoft/powershell/6/Modules

sudo mkdir HPENimblePowerShellToolkit

sudo mkdir HPENimblePowerShellToolkit/en-us

sudo mkdir HPENimblePowerShellToolkit/scripts

smbclient '//servername/sharename' -c 'lcd HPENimblePowerShellToolkit; cd HPENimblePowerShellToolkit;mget * ' -U username=domain/username%password

You will be prompted to give your hit yes to accept the copy operation a number of times on all three SMBClient Commands.

smbclient '//servername/sharename' -c 'lcd HPENimblePowerShellToolkit; cd HPENimblePowerShellToolkit/en-US;mget * ' -U username=domain/username%password

smbclient '//servername/sharename' -c 'lcd HPENimblePowerShellToolkit; cd HPENimblePowerShellToolkit/scripts;mget * ' -U username=domain/username%password

Step 3

To verify they are all in place, you can now open PowerShell, and should be able to import the module without errors.

sudo pwsh

import-module HPENimblePowerShell

exit

Step 4

Ok, now we need to manually import the certificate from the array and insert it on the Linux machine, the following command does this using the Gnutls library.

sudo apt-get install gnutls

sudo gnutls-cli --printcerts ArrayIP \ < /dev/null \ > ArrayIP.crt

sudo mkdir /usr/local/share/ca-certificates/NimbleArray -m 755

sudo chmod ArrayIP.crt 644

sudo cp ArrayIP.crt /usr/local/share/ca-certificates/NimbleArray/ArrayIP.crt

sudo update-ca-certificates

Step 5

Now that the certificates are in place, we need to modify a single line in the PowerShell module to make this work, You can do this using vi, and the line you want to modify is in the file /HPENimbleToolkit/scripts/helpers.ps1

The individual line is inside the 'Connect-NSGroup' function and is around line #85 and the line currently reads 'ValidateServerCertificate $group'

We need to change this line to read ' if ($IsLinux -ne $true) { ValidateServerCertificate $group}'

Once this is saved, you should be able to use the PowerShell command as follows;

Sudo pwsh

import-module HPENimbleToolkit -force

connect-nsGroup -group NimbleArrayIP -cred admin

You will be prompted for your password, but no longer have to worry about either importing or ignoring the certificate to properly connect. All other commands now work like expected.

I should note that if you make changes to the network configuration of the Nimble array, the Certificate may change, at which point you will need to re-run.

I have come up with modifications for the module to detect that Linux is the base OS, and to allow the ImportServerCertificate argument to work by modifying the behaviour of the command, but you will have to wait for the next release of the toolkit for that to be tested. I also need to test and possibly modify this procedure for other variants of Linux/Unix as well as test against Macs. Next on my list is CentOS.

Chris Lionetti
Reply
1 REPLY 1
JimReynolds
Frequent Visitor

‎05-05-2020 01:10 PM

‎05-05-2020 01:10 PM

Re: Announcing release of HPE Nimble Storage PowerShell Toolkit version 2.1.0 & Linux Support

Has security changed in PowerShell 7.0?  I have attempt to get this to work with PS7 on Centos 7 and have not been able to get it working.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.