Hi, I've installed the Splunk Add-on for NetApp Data ONTAP to collect data from each of our devices. Unfortunately it's not working. I may be missing something obvious, but I thought I'd ask anyway. The server is running Splunk 6.6.0, the Splunk Add-on for NetApp Data ONTAP is version 2.15 and the OS is Oracle Linux Server release 6.9.
I'm getting the following error in /opt/splunk/var/log/splunk/ta_ontap_conf_service.log.
2017-05-20 12:41:36,323 ERROR [TAOntapConfService] [_validate_ontap_server] Could not interact with ontap on host=https://10.180.139.235, error: [OntapClient] Client Side Code Error 13001: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676) None 2017-05-20 12:41:36,335 INFO [TAOntapConfService] [_validate_ontap_server] successfully updated stanza=uigen:-272584:625 credential_validation=False connection_validation=False per_target_credential_validation=['Invalid'] per_target_connection_validation=['Invalid']
Pulling the SSL cert from a device looks to be in order:
$ echo | openssl s_client -showcerts -connect XXX.XXX.XXX.XXX:443 2>/dev/null | openssl x509 -inform pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/emailAddressfirstname.lastname@example.org Validity Not Before: Jul 16 11:05:36 2015 GMT Not After : Jul 12 11:05:36 2030 GMT Subject: CN=IBM#42342342, C=US, ST=CA, L=Sunnyvale, O=yourcompany, OU=yourunit/emailAddressemail@example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: some HEX values Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption some more HEX values
there has been a new version 2.1.6 released on Friday and they changed some SSL settings.
I have seen customers created new certificates with weird parameters (512 or 1024 bit RSA!).
It looks like the TA is now officially supported by Splunk Enterprise 6.6.x.
One additional hint:
Try to connect to you NetApp server using cURL:
curl -ivvvk https://my_netapp_server
It will show you the negotiated algorithms...
If there is something like "SSL connection using DES-CBC3-SHA" shown, than you might check the SSL settings on both ends.
This is 56 bit and so 1990!
This URL might give some more details regarding the algorithms and ciphers in use:
Thanks for the information. Version 2.1.6 corrected the issues that I was having. I can now add my 7-mode filers.
I am getting the same error with 6.6.1 and Splunk_TA_ontap 2.15. I can successfully poll my C-mode filers but I cannot poll any of my 7-mode controllers. (SSLV3_ALERT_HANDSHAKE_FAILURE)
I logged a case with Splunk Support to see what the say.
Hi, archspangler , is there anything update? I need to deploy Ontap Add-on 2.1.5 on splunk 6.4, and the device release version is netapp 8.2 with 7-mode, any ideas please? Thx
Hi Steve, I've installed this App and Add-On successfully, I was wondering if you are following this document: http://docs.splunk.com/Documentation/NetApp/2.1.5/DeployNetapp/WhataSplunkAppforNetAppDataONTAPdeplo...
In my deployment, we had to install in the HF the Add-On, and the App + Add On in the indexer.
Also, which mode is the NetApp running?