Dell PowerVault ME5 Series Storage System CLI Reference Guide

Using a script to access the CLI

Basic command-line semantics provide prompts for user input, and response time is indeterminate. Scripts need to use an “expect”-type mechanism to scan output for prompts. It is recommended and more efficient to use the HTTP interface to access the API.

Two login methods are supported:

• HTTPS authentication using an SHA256 hash to return a session key that is sent for each request. The session key is valid has a 30-minute inactivity timeout. Use of SHA256 is now recommended instead of MD5, which is deprecated.

  To log in to the HTTPS API, the username and password must be joined with an underscore as a separator (username_password). The username and password is then sent through an SHA256 hash. The SHA256 hash is represented in lower case hexadecimal format. This string is appended to the login function for the API, https://IP-address/api/login/hash. For example:

  https://10.0.0.2/api/login/<SHA256-hash>

  NOTE: The SHA256 method is not compatible with LDAP user accounts. For LDAP, use HTTPS basic authentication instead.
• HTTPS basic authentication using the Authorization header. If this login method is used, the username and password must be joined with a ‘:’ (username:password) and then encoded in Base64. For example:

  Authorization: Basic base64-string

  Use the following URL for basic authentication:

  https://IP-address/api/login 
  		  

For both methods, the response that is returned is in XML and the content contains an OBJECT element. Within the OBJECT element, a PROPERTY element with the name attribute of response contains the session key. These XML API elements are described in Using XML API output.

The following example shows how to construct a Perl script to communicate with the XML API using HTTPS:

# export HTTPS_CA_FILE=path-to-certificate

# Include required libraries
 use LWP::UserAgent;
 use XML::LibXML;
use HTTP::Request::Common;
use IO::Socket::SSL qw( SSL_VERIFY_NONE );
# For SHA-256 Authentication
use Digest::SHA qw(sha256_hex);

use constant use_basic_auth => 1;

my $user = "manage";
my $password = "Abcd_1234";
my $ip = "YourIPAddress";
my $protocol = "https";

# Create a user agent for sending requests
my $user_agent = LWP::UserAgent->new();

# Skip certificate verification
$user_agent->ssl_opts(
  SSL_verify_mode => SSL_VERIFY_NONE,
  verify_hostname => 0
);

my $request;
if( use_basic_auth ) {
  # Login with HTTP basic authentication
  my $auth_url = "$protocol://$ip/api/login/";
  $request = HTTP::Request->new( GET=>$auth_url );
  $request->authorization_basic( $user, $password );
} else {
  # Login with SHA-256 hash
  my $auth_data = "$user\_$password";
  my $sha256_hash = sha256_hex( $auth_data );
  my $auth_url = "$protocol://$ip/api/login/$sha256_hash";
  $request = HTTP::Request->new( GET => $auth_url );
}

# Request return data be XML format
$request->header( 'dataType'=>'ipa' );

# Make the request
$response = $user_agent->request( $request );

# Parse the returned XML and retrieve the returned session key
my $parser = XML::LibXML->new();
my $document = $parser->parse_string( $response->content );

my $root = $document->getDocumentElement;
my @objects = $root->getElementsByTagName( 'OBJECT' );
my @properties = $objects[0]->getElementsByTagName( 'PROPERTY' );

my $sessionKey;
foreach my $property ( @properties ) {
  my $name = $property->getAttribute( 'name' );
  if( $name eq 'response' ) {
    $sessionKey = $property->textContent;
  }
}

# Using the session key, request the system configuration
$url = "$protocol://$ip/api/show/configuration/";
$request = HTTP::Request->new( GET=>$url );
$request->header( 'sessionKey'=>$sessionKey );
$request->header( 'dataType'=>'ipa' );

$response = $user_agent->request( $request );

print$response->content;

The last several lines of the Perl code above show how to get the entire configuration information from the CLI and print the output using the ipa option for XML output. The output can easily be redirected to a file for archiving. Alternatively, the dataType in the request header can be set to json for JSON output, or to console for standard CLI text output. Console output should not be used for parsing, but can be useful for tabular reports obtained directly from the CLI commands.

The following example shows how to construct a Python script to access the XML API via HTTPS.

import base64
import sys
import urllib.request
import xml.dom.minidom
import ssl

username = 'manage'
password = 'Abcd_1234'
# For the following, the protocol (HTTP or HTTPS) must be specified; for example,
# https://10.235.221.121
if sys.argv[1]:
  ip = sys.argv[1]
else:
  sys.exit(1)

temp_string = bytes(username + ':' + password, "utf-8")
encodedBytes = base64.b64encode(temp_string)
auth_string = str(encodedBytes, "utf-8")
print("Base64 = " + auth_string + "\n")

url = ip + '/api/login/'
req = urllib.request.Request(url)
req.add_header('Authorization', 'Basic ' + auth_string)

print(req.get_full_url())
print(req.get_header('Authorization'))

# Skip certificate verification
context = ssl._create_unverified_context()
response = urllib.request.urlopen(req, context=context)
xmlDoc = xml.dom.minidom.parseString(response.read())
loginObjs = xmlDoc.getElementsByTagName('OBJECT')
loginProps = xmlDoc.getElementsByTagName('PROPERTY')
sessionKey = ''

for lProp in loginProps:
  name = lProp.getAttribute('name')
  print("Property = " + name)
  if name == 'response':
    sessionKey = lProp.firstChild.data

print("Session Key = " + sessionKey + "\n" )

url = ip + '/api/show/disks'
req = urllib.request.Request(url)
req.add_header('sessionKey', sessionKey)
req.add_header('dataType', 'console')
response = urllib.request.urlopen(req, context=context)
print(response.read().decode('utf-8'))

The following example shows how to construct a Python script to communicate with the JSON API via HTTPS and return the response in JSON format.

import sys
import requests
import json
import hashlib
# NOTE: This is to suppress the insecure connection warning for certificate
# verification.
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

USE_BASIC_AUTH = 1
url = "https://<YourIPAddress>"
username = "manage"
password = "Abcd_1234"

if USE_BASIC_AUTH:
  # HTTP basic authentication
  headers = {'datatype':'json'}
  r = requests.get(url + '/api/login', auth=(username, password), headers=headers, verify=False)
else:
  # SHA-256 authentication
  auth_bytes = bytes(username + '_' + password, 'utf-8')
  auth_string = hashlib.sha256(auth_bytes).hexdigest()
  headers = {'datatype':'json'}
  r = requests.get(url + '/api/login/' + auth_string, headers=headers, verify=False )

# Extract session key from response
response = json.loads(r.content.decode('utf-8'))
sessionKey = response['status'][0]['response']

# Obtain the health of the system
headers = {'sessionKey': sessionKey, 'datatype':'json'}
r = requests.get(url+'/api/show/system', headers=headers, verify=False)

print(r.content.decode('utf-8'))
response = json.loads(r.content)
print("Health = " + response['system'][0]['health'])