Authentication with a FlashBlade uses an API token which can be generated or pulled via a user name and password. The API token cannot be retrieved through the API--only through SSH to the FlashBlade. The vRO Plugin has the ability to do this, but it means that port 22 TCP to the FlashBlade must be open from the vRO appliance in addition to port 443 TCP for the REST connection.
Retrieve a FlashBlade API Token
If you do not have a FlashBlade API token, but you do have a username and password to the FlashBlade, you can either login to the FlashBlade via SSH directly and retrieve it, or you can use the vRO Plugin to do so. To generate (or retrieve) an API token, run the workflow called Create FlashBlade Token under Library > Everpure > FlashBlade Connection Management.
Right-click on it and choose Start workflow
Enter in the FlashBlade IP or FQDN and valid credentials.
Click Submit. This will either retrieve the token for that user or create a new one and return it. You can go into the logs and copy the token from the log line showing the token:
Copy it.
Import the FlashBlade Certificate
Before adding a FlashBlade, you must import its certificate. To do so, navigate to the Import FlashBlade certificate from URL workflow under Library > Everpure > FlashBladeConnection Management. Right-click and choose Start workflow:
Enter in the FQDN of the FlashBlade management address and choose whether or not to accept an untrusted certificate. Click Submit.
Authenticate the FlashBlade
To authenticate a FlashBlade, run the workflow called Add FlashBlade Connection under Library > Everpure > FlashBlade Connection Management.
Right-click on it and choose Start workflow
Enter in the following pieces of information:
- Name. This is a friendly name and can be anything.
- IP/FQDN. Enter in whatever you entered when adding the certificate.
- REST API version. If you have added the certificate, the workflow will pull all available REST API versions and will choose the latest available on on that array. If this list does not show up (make sure autopopulate is set to yes), it means either the certificate was not loaded, or the IP/FQDN was entered incorrectly.
- API token. Enter in an API token.
If the certificate is self-signed, it will ask you to reconfirm that the certificate is valid.
If a Pure1 organization that owns that FlashBlade is registered, it will be added to it automatically. If not, it will be added the the Uncategorized organization:
To move the FlashBlade into a correct organization once that Pure1 organization has been added, run the Update FlashBlade Connection workflow and it will be automatically placed in the right organization.
Permission Requirements of a FlashBlade Connection
A FlashBlade supports a variety of permission levels:
While vRO does not require a certain level, the higher level credentials you provide, the more you can do with the plugin. If you plan on orchestrating array configuration, you will need array admin permissions. If you plan to only configure and provision storage, storage admin will suffice.