Skip to main content

NetApp ONTAP Discovery

The Infracast NetApp plugin uses the ONTAP REST API (v9.6+) to enumerate storage cluster configuration including storage virtual machines (SVMs), aggregates, volumes, and snapshots. Authentication is via a dedicated ONTAP user account with read-only API access.

How It Works

  1. Infracast connects to the ONTAP cluster management LIF over HTTPS
  2. Cluster identity information is collected (cluster name, ONTAP version, serial, nodes)
  3. Storage Virtual Machines (SVMs) are enumerated
  4. For each SVM, volumes and their associated snapshots are discovered
  5. Aggregates (physical storage pools) are enumerated at the cluster level

Prerequisites

  • HTTPS access (TCP/443) from the Infracast collector to the ONTAP cluster management LIF
  • ONTAP 9.6 or later (REST API required)
  • A cluster-level read-only account for Infracast

Creating a Read-Only ONTAP Account

Via ONTAP CLI (SSH to the cluster management interface):

# SSH to the cluster
ssh admin@cluster-mgmt.example.com

# Create a read-only role limited to REST API GET requests
security login role create -role infracast-ro -cmddirname DEFAULT \
  -access readonly -vserver cluster01

# Create the user
security login create -username infracast -role infracast-ro \
  -application http -authmethod password -vserver cluster01
# (enter password when prompted)

# Verify
security login show -username infracast

Via ONTAP System Manager (GUI):

  1. Navigate to Cluster → Settings → Users and Roles
  2. Click Add under Roles, name it infracast-ro, set all permissions to Read-Only
  3. Click Add under Users, create infracast, assign the infracast-ro role, enable HTTP access
tip

Limit the account to http application access only. Infracast does not require SSH (CLI) or ONTAP API (ZAPI) access — REST API only.

Registering the Credential in Infracast

infracast creds add \
  --plugin netapp-ontap \
  --name "netapp-cluster01" \
  --type basic-auth \
  --host "cluster-mgmt.example.com" \
  --username "infracast" \
  --password-file /run/secrets/netapp-password

Configuring the Discovery Job

infracast.yaml
discovery:
  jobs:
    - name: netapp-ontap
      plugin: netapp-ontap
      credential: netapp-cluster01
      schedule: "0 */6 * * *"   # every 6 hours
      config:
        host: "cluster-mgmt.example.com"
        username: "infracast"
        # verify_tls: set to "true" with a valid management cert
        verify_tls: "false"
        # Optional: limit snapshot discovery to reduce API calls on large clusters
        max_snapshots_per_volume: 10

What Gets Discovered

Resource TypeDescription
netapp.ontap.clusterONTAP cluster (name, version, UUID, node count, location)
netapp.ontap.svmStorage Virtual Machine (name, UUID, state, type, IP space, root volume)
netapp.ontap.aggregateAggregate (name, UUID, node, state, disk count, size, space used %)
netapp.ontap.volumeVolume (name, UUID, SVM, size, used space, state, type, security style, junction path)
netapp.ontap.snapshotVolume snapshot (name, UUID, creation time, size, parent volume)

Edges link volumes to their parent SVMs, snapshots to their parent volumes, and SVMs to the cluster.

Troubleshooting

401 Unauthorized

Symptom: Error: ONTAP API error: 401 Unauthorized

Checks:

  1. Verify the username and password are correct
  2. Confirm the user has http application access: security login show -username infracast
  3. Verify the cluster management LIF is reachable: 
    curl -sk -u infracast:password https://cluster-mgmt.example.com/api/cluster | jq '.name'

TLS certificate error

Symptom: Error: x509: certificate signed by unknown authority

Fix: ONTAP clusters often use self-signed certificates. Either:

  • Set verify_tls: "false" for trusted internal networks
  • Install a CA-signed certificate on the cluster management LIF (Security → Certificates)

Missing volumes

Symptom: Some volumes are not appearing

Cause: Volumes on DP (data protection) type SVMs or infinite volumes may be excluded.

Check: Verify the SVM type is data:

curl -sk -u infracast:pass \
  "https://cluster-mgmt.example.com/api/svm/svms?fields=name,subtype" | jq '.records[]'

Too many snapshots slow down discovery

Symptom: Discovery completes successfully but takes a very long time

Fix: Limit per-volume snapshot collection:

config:
  max_snapshots_per_volume: 5   # reduce from default 10

Or disable snapshot discovery entirely if not needed:

config:
  max_snapshots_per_volume: 0