Over the course of this blog series, we’ve shown various techniques, using Microsoft PowerShell, as well as with partner modules (like VMware’s PowerCLI and Microsoft Azure’s Az module), for what we did to power off the Cohesity Mobile EBC during the course of its run across the United States and Canada. Now that we’ve gotten to the stage where other infrastructure has been shut down, I should mention that we also shut down many of our support virtual machines in our VMware environment with VMware’s PowerCLI module. Information on how to tell virtual machines to power off gracefully is readily available through many online resources.
Before we get into actually powering off the Cohesity nodes, I’ll make a mention that many of the next procedures are not available through RESTful APIs within the Cohesity platform. There are plenty of reasons for their unavailability—as an example, from a security standpoint, you wouldn’t want the ability to stop cluster services and the ability to issue shutdown commands of the nodes available through those layers. In most cases, this was accomplished by using Linux CLI on the nodes themselves, which initially made using PowerShell a little tricky to make this happen.
If you’ve experimented with remote execution within PowerShell, you know a subset of services that one can use exists on Windows devices called WinRM. This allows for connectivity to remote Windows devices and the ability to use PowerShell to remotely execute commands on the node. However, since Cohesity nodes are running Linux under the hood, this was not an option. Then we found that PowerShell Core allowed using other protocols for remote execution. For instance, you can specify the usage of SSH to use remote PowerShell execution!
To ensure you don’t have to clear text usernames or passwords, you can obtain the SSH key from the Cohesity cluster and store that on the device you want to perform SSH connections to. In the truck, we had a virtual machine we used for monitoring the power settings for the Cohesity nodes that were running Linux. We had to do this because the IPMI board did not have any RESTful endpoints to connect to and we had to use an executable in Linux to perform the checks for power information. So, we already had a device to relay commands, so I installed PowerShell Core on this Linux endpoint and used it as my remote execution point for running Cohesity CLI commands.
Once I had established my SSH key for this jumpbox to the master script node, I just issued the following command to the Linux VM:
Yeah, I know using the root account isn’t exactly secure here, but bear with me on the details. What we have done here is used the PowerShell Core cmdlet New-PSSession to connect to my jumpbox. The use of the -UserName parameter tells the cmdlet that we are going to accomplish this via SSH. So, as long as my SSH keypair matched up for the node, I now have an active remote session to this Linux device for PowerShell execution.
In the next blog post, we’ll go into what sort of remote execution capabilities we can perform through this remote session and how to interact with the Cohesity CLI.
If you want more information about Cohesity and it’s integration capabilities and SDKs, feel free to visit https://developer.cohesity.com for more information.