Filter
Top Products
Chapter 11. DS CLI 249
11.10.4 Using DS CLI commands via a single command or script
Having translated a saved task into a DS CLI command, you may now want to use a script to
execute this task upon request. Since all tasks must be authenticated you will need to create
a userid.
Creating a user ID for use only with ESS 800
When using the DS CLI with an ESS 800, authentication is performed by using a userid and
password created with the ESS Specialist. If you have an ESS 800, but not a DS8000 or
DS6000 offline configurator, or an S-HMC, then you will not be able to create an encrypted
password file. Instead you will need to specify the password and userid in the script file itself.
This is no different than with the current ESS CLI, except that userids created using the ESS
800 Web Copy Service Server are not used (the userid used is an ESS Specialist userid).
If you have DS CLI access to a DS offline configuration tool, S-HMC or DS Storage
Management console, then you can create an encrypted password file. This will allow you to
avoid specifying the password or userid in plain text, in any script or profile.
Procedure to create an encrypted password file
User management with the DS CLI is via the mkuser command to create userids, and the
chuser command to change passwords. These commands must be issued by a userid in the
admin group. There is also rmuser to remove a userid. An example is:
mkuser -group op_copy_services -pw passw0rd -pwfile cs_admin csadmin
In this example, a userid called csadmin has been created which can be used either for CLI
authentication or to log on to the DS Storage Manager GUI. The password is
passw0rd and
the user is a member of the
op_copy_services group. This means the user cannot configure
storage or create other users, but can manage Copy Services relationships. A password file
called
passwd was created on the local host (the host on which the mkuser command was
issued).
Having created the userid called
csadmin, the password has been saved in an encrypted file
called
passwd. The file is placed in a subfolder of the security folder. If the IP address of the
S-HMC is 10.0.0.1 then you will find the password file in /opt/ibm/dscli/security/10.0.0.1, or
c:\program files\ibm\dscli\security\10.0.0.1. If you are moving this file to a different server, you
may have to create this folder.
Setting up a profile
Having created a userid, you will need to edit the profile used by the DS CLI to store the
S-HMC IP address (or fully qualified name) and other common parameters. The default
profile is located at C:\Program Files\IBM\dscli\profile\dscli.profile or
/opt/ibm/dscli/dscli.profile. An example of a
secure profile is shown in Example 11-15.
Example 11-15 Example of a dscli.profile file
#DS CLI Profile
#
# Management Console/Node IP Address(es) are specified using the hmc parameter
# hmc1 and hmc2 are equivalent to -hmc1 and -hmc2 command line options.
# hmc1 is cluster 1 of 2105 800 23953
hmc1:10.0.0.1
#hmc2:127.0.0.1
# Password filename is the name of an encrypted password file
# This file is located at /opt/ibm/dscli/security/10.0.0.1