Tip

How to manage EMC, NetApp arrays with Perl scripting

Because EMC Symmetrix DMX arrays and NetApp arrays are heavily text- and command-line-oriented, managing them via Perl scripting makes a lot of sense. In fact, I managed several hundred NetApp filers and

    Requires Free Membership to View

large EMC Symmetrix DMX environments, all via Perl. I like Perl because it doesn't involve compiling, like with a traditional programming language, yet it has the fire power to do heavy lifting if the task calls for it.

Perl (or any scripting language, for that matter, though Perl has benefits over others) can be leveraged to automate and manage your network-attached storage (NAS) or storage area network (SAN) environment. In fact, you'll probably be quite surprised by how small of a script is needed to manage the storage environment. For instance, I managed a global NetApp SnapMirror environment with a script that was only 20 to 25 lines of code. It throttled data replication during business hours and unthrottled on nights and weekends.

Here are a few other examples of using Perl for managing storage environments.

NetApp security audits

In Perl, you can have a large text file completely loaded in memory as one long string. That's accomplished by redefining the input record separator to the undefined value via this command:

local ( $/ );

Once you have the output or file in a string, you can run a global search of a regular expression. Perl's regular expression function provides a means to do pattern matching and is extremely powerful; it's capable of matching any conceivable text combination.

I've used this extensively to manage my NetApp environments. For example, I needed to do security audits on a large number of filers for one of my clients. Most of the security functions on the filer are configured by "options"; in a NetApp environment, an option acts as a repository for configuration information for a filer and daemons that are available to turn on or off. Through the Perl script, I read in the options for a filer as a single string, via this simple one-line Perl command:

my $filerA = `ssh filerA options`;

Once I had the filer's entire configuration in a single string, I could do a regular expression against the string to find specific values indicating that security settings were correct. If I didn't find the value, I would create a report logging all security settings that were violated.

With the above command, Secure Shell (SSH) will obviously have to be enabled and configured on the filer. (The same can be accomplished by using Remote Shell, or RSH.) The command allows you to run a single matching regular expression or a global matching regular expression against the string to match any configuration of the filer. If it doesn't match (thereby confirming correct security settings), you can program Perl to print something either to the screen or to a file to use for a report of what's wrong with the settings. The following command would match a specific option within the string $filerA:

if ($filerA =~ /ssh1\.enable\s+off/) {}

The characters between the forward slashes constitute the regular expression. The regular expression in the above line would match the following:

ssh1.enable off

You can run as many regular expressions against this string as you need to check all security configurations. Once you have the correct regular expression, you can run it against a large number of filers to check their settings. I inherited the environment, and I scripted this and ran it across hundreds of filers to audit them. Even if you don't inherit the environment, security policies change, and if you need to audit a large environment, automating things makes the task much simpler. But, a word of caution when automating processes: Spend plenty of time ensuring that your regular expressions really do match. If you are wrong with one of your filers, you will be wrong with all of them.

When conducting quality analysis, I generally try to match a regular expression first and tell Perl to print something to the screen to make sure it matched. For example:

if ($filerA =~ /ssh1\.enable\s+off/) {

print "SSH1 is set to OFF\n";}

This confirms that the string actually matched the regular expression. Once that works, you can set the opposite to make sure that is also correct. For example:

if ($filerA !~ /ssh1\.enable\s+off/) {

print "SSH1 is NOT set to off\n";}

This basically states that if the ssh1 option is not set to "off," that should be reported. If this works, you can format the output to a file in a format that you desire, such as a comma-delimited format. The security team at the client I was working with wanted a comma-delimited file because they fed that into another program to analyze the entire environment.

Parsing XML for Symmetrix DMX environment

With an EMC Symmetrix DMX array, I find using XML to manage the environment is a very robust method because the Symmetrix Command Line Interface (SYMCLI) output sometimes is too long to display on the screen and I have to run several commands to get the information I want. For example, the Symmetrix device group output will not show the full device group name unless I do a verbose output (a device group is a logical collection of devices for management). But, rather than go through screens and screens of information to get the full names of the device groups, I can dump the output to a file and parse the file to get the information I want. To create XML output for a DMX environment, export the following environment variable (this command will obviously differ in a Windows environment):

export SYMCLI_OUTPUT_MODE=xml

Once that environment variable is set, you'll notice all your SYMCLI commands output to the screen in XML format. You can run Cron jobs to dump the DMX output into an XML file after every LUN presentation to get a view of what the DMX array looks like. You can use the XML file to build symconfigure scripts for LUN presentation or to build reports about your storage systems. With an XML parser such as Smart, Twig, Parser or Simple, you can get a list of the devices on the DMX array and run queries on device characteristics.

Finally, to reset the environment to normal output mode for future EMC Symmetrix DMX work, reset the Perl environment variable SYMCLI_OUTPUT_MODE with the following command:

unset SYMCLI_OUTPUT_MODE

About the author

Seiji Shintaku is a principal consultant for RTP Technology. Before joining RTP Technology, he was global NetApp engineer for Lehman Brothers, Celerra and DMX engineer for Credit Suisse First Boston, principal consultant for IBM, and global Windows engineer for Morgan Stanley. RTP Technology is a VAR for storage-related products and professional services for NetApp, EMC, F5, Quantum, VMware and Brocade. He can be reached at sshintaku@rtptech.com.

This was first published in August 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.