#Authentication failed with REST on NAbox

Hi All,
When attempting to add clsuter (ONTAP 9.12.1) to Nabox with REST API, authentication failed. (case 1)
However, when using ZAPI for authentication, there is no problem. (case 2)

In case 1, "harvest.yml" is configured as below.

Defaults:
collectors:
# - Zapi
# - ZapiPerf
# - Rest
# - Ems
- Rest
- RestPerf
- Ems

In case2, "harvest.yml" is configured as default.

Do you have any ideas to solve this problem?

I’m not sure I understand the question. NAbox doesn’t offer the choice of either Zapi or rest for authentication, it’s always zapi.

I don’t understand the second part either. What default ?

@civic marsh Can you check if permissions are properly set for Rest Collector https://netapp.github.io/harvest/23.11/prepare-cdot-clusters/#prepare-ontap-cdot-cluster
If you still face issues after following above guide, Please share Harvest logs to us via ng-harvest-files@netapp.com
https://netapp.github.io/harvest/23.11/help/log-collection/#nabox

@chrome saddle Thank you.
I mean, when disabiling ZAPI in harvest.yaml like above, it seems that a cluster tried to authenticate with REST API and the authentication failed.
I understand the default harvest.yaml is like below and ZAPI is used for authentications, and it works well.

Defaults:
collectors:
- Zapi
- ZapiPerf
- Rest
- Ems

So far, no problems at all. However, I am concerned about whether REST API authentication works well when upgrading to ONTAP 9.13.1 or later.

@zealous cedar Thank you. I created the role and user for NAbox according to the document below.
https://nabox.org/documentation/configuration/

I understand that the role for ZAPI is different from the role for REST API. The role for the REST API must be created with the command “security login rest-role create”.

When upgrading to ONTAP 9.13.1 or later and ZAPI is not available, I think that I have to create a user for REST API again. To avoid this, I want to use REST APIs in ONTAP 9.12.1, including authentication.

It’s not recommended to edit harvest configuration manually but I think I understand. This is a Harvest question and I thought you were having issues add in the cluster in NAbox. I’ll let @zealous cedar comment on ZAPI

@civic marsh You can setup your access to either Zapi or Rest with steps documented @ https://netapp.github.io/harvest/23.11/prepare-cdot-clusters/#prepare-ontap-cdot-cluster either via System manager or CLI. Let me know if you have tried these steps to set up the relevant role/user.

@zealous cedar Thank you. I found that some permissions ware missing, so I'll fix them and try again.

Hello,
I have got the same issue. We are on Ontap 9.13.1 with most of our Netapp systems and at the moment it is working well. But as Netapp claims ZAPI is deprecated and will no longer be in the code some day I created the harvest2 user with REST-only permissions on a newly installed system.
But when trying to add this system to NABox it is not working and in the Ontap event log there is:
security.invalid.login: Failed to authenticate login attempt to Vserver: My-Netapp, username: harvest2, application: ontapi.

What is correct completely correct as the user does not have ontapi permission. But why is NaBox not using REST for logging in?

This would mean we will not be able to add systems with newer ontap releases into NaBox?

NAbox currently uses ZAPI to determine the cluster name

And that's a good point