Hello fellow toasters users ...
We're in the process of deploying a pair of new CDOT filers and one of the things we'd like to setup with them is having check_mk (nagios and rrd, under the hood) monitor various attributes. We have a working instance at the moment using snmp to query the filers, but check_mk also provides a "plugin" that claims to work with the filer's web interface, so we'd like to examine that.
To that end, I've setup a read-only user on the filer, that I intend will be able to access the web interface:
security login create -vserver fc1-na -user-or-group-name nul_cmk \ -application http -authentication-method password -role readonly \ -comment "check_mk monitoring"
The user shows up when I "show":
fc1-na::> security login show -vserver fc1-na -user-or-group-name nul_cmk
Vserver: fc1-na Second User/Group Authentication Acct Authentication Name Application Method Role Name Locked Method -------------- ----------- ------------- ---------------- ------ -------------- nul_cmk http password readonly no none
The readonly role is unchanged from the OS default:
fc1-na::> security login role show -vserver fc1-na -role readonly Role Command/ Access Vserver Name Directory Query Level ---------- ------------- --------- ----------------------------------- -------- fc1-na readonly DEFAULT readonly security none security login password all security login role show-user-capability all set all 5 entries were displayed.
Trouble is that if I try to login to the web interface as that user, the browser stays "stuck" at the "Loading system details..." spinner widget. It's been there now for about two hours as I type this. Of course, check_mk's plugin logs a timeout while trying to access the interface.
I fully suspect that I'm missing something, of course, but I'm afraid I haven't been able to find what that is. If someone out there has experience creating such a user for readonly access, a pointer to where I should be looking and/or documentation I should be reading would be hugely appreciated. (cli is preferred because it's easier to document what I've done that way, but if someone points me to resources in the web interface I'm sure I'll be able to find what I need at the cli.)