toasters May 2015

toasters@lists.teaparty.net

27 participants
22 discussions

NetApp API authentication
by Edward Rolison 01 Mar '16

01 Mar '16

Having started to review some of our filer automation scripts, I'm starting to look in a bit more detail at the API. My first conclusion is - the perl SDK doesn't actually seem to do anything much - it seems to be a reimplementation of LWP and and XML Parser. Given I have LWP and XML::Twig installed, and am making API calls just fine, is there anything I'm missing here? Aside from that though - authentication types. I currently use ssh public-private key pairs, in a trusted account on a management station to enable 'doing stuff' with filers. It _looks_ like my only option with the API is to create a designated service account, and assign permissions... and then embed a username and password in a script somewhere. That just doesn't sit well with me - I like what ssh-agent will do in 'unlocking' key files, and I don't like embedding (potentially privileged) usernames and passwords ... anywhere. Does anyone have a better solution than a couple of designated API users (privileged and read only) with a file somewhere embedding their username and password? Does anyone have a better approach?

5 5

API calls to replicate a 'df'
by Edward Rolison 03 Jul '15

03 Jul '15

I'm currently fiddling with a project using the ONTAPI (perf stats monitoring sort of thing). What I'm wanting to do is reproduce the information from 'df' and 'df -s'. Doing well so far, because the api 'volume-list-info' seems to have most of the information I want. There's just one thing missing - how much of the 'snap reserve' I'm actually using. I can't seem to find it in either that, or the 'snapshot' counters. I would ideally be able to do this without having to do a per-volume calculation, because one of the things I'm hoping to do is support a lightweight proxy client that 'just' fetches source XML for processing on a server. Or is there a way I can calculate this from the size/used/available in the volume-list-info? Thanks, Ed

4 6

CDOT failover groups in 8.2.1P6
by Mark Flint 02 Jul '15

02 Jul '15

Does anyone know if you can re-order the entries within a failover group? My understanding of this is that it’s an automagically created list, but I’d be real happy to find out I’m misunderstanding the docs :) ~Mark mark.flint(a)sanger.ac.uk

9 17

cluster mode 8.2.3 / 8.3 dynamic home directory change
by Tomlinson, Thomas 30 Jun '15

30 Jun '15

Hi Toasters, I just stumbled upon a change in 8.2.3/8.3 with respect to the dynamic home shares and curious to get other folks views on it. Currently we make extensive use of the traditional static 7mode home directory share, cifs.homedir (\\filername\cifs.homedir<file:///\\filername\cifs.homedir>). This is further referenced behind DFS as a single link name with multiple targets. It works great, allows for all users to have a static username defined in AD, allows migration of filers without massive user updates, DR, etc. So life is good, or as good as it can be managing windows home directories. We're now slowly staring to lifecycle 7mode clusters to cmode, which has had a few hiccups, but I expected that . Prior to 8.2.3, you can replicate 7mode home directory functionality perfectly, even making up whatever static name you want. Fast forward to just recently when I was configuring a small cluster at a remote location. 8.2.3, sure slap that on. Configure the dynamic home directories, sure,errr.... no. A seemingly innocent entry in the release notes for 8.2.3 states that static names are no longer acceptable. A previously configured static share is brought forward and continues to function but you can no longer create new ones. Any new dynamic home share has to have the username in it (%w or %u). Needless to say this is a major change to our environment. Automation changes, massive AD updates (close to a nightmare with our IT organization) and a complete invalidation of our DFS namespace structure for home directories. Is anyone else similarly affected by this? I'm struggling to understand what twisted logic guided this coding decision. Thomas Tomlinson Thomas.tomlinson(a)supervalu.com<mailto:Thomas.tomlinson@supervalu.com> Desk: 208-685-8404 Cel: 208-991-3704

6 8

cDOT Transition Mirror
by Martin 29 May '15

29 May '15

Currently I have some Filers running 7.3.7P1 7-mode mirroring with VSM to 8.2.3P1 7-mode Filers for DR. I know in the event of failing over to the 8.2.3P1 Filers a failback would involve using something other than VSM (Robocopy, RSYNC) as we wouldn't be able to reverse the snapmirror from 8.2.3P1-->7.3.7P1. The 8.2.3P1 7-mode Filers are going to 8.3P1 cDOT but some of the 7.3.7P1 7-mode Filers are not due for replacement. I was considering using the transitional snapmirror (TDP) to mirror from the 7.3.7P1 7-mode Filers to the new cDOT Filers. I realise this is one way but this isn't any worse than the current situation. Has anyone used this configuration or see any issues with this? I'm trying to avoid having to provision a 7-mode DR Filer just for a couple of minor remote Filers. Thanks Martin -- View this message in context: http://network-appliance-toasters.10978.n7.nabble.com/cDOT-Transition-Mirro… Sent from the Network Appliance - Toasters mailing list archive at Nabble.com.

2 2

7-mode snapmirror question
by Basil 26 May '15

26 May '15

Hi folks, I have a 3170 running 7.3 snapmirroring volumes shared on vfiler0 to a 3250 running 8.2.1 7-mode. I want to start replicating a volume that needs to be owned by a vfiler on the 3170. Can I do that with the snapmirror service running on vfiler0? Or do I need to create a /etc/snapmirror.conf and all the other setup required inside the vfiler?

2 1

FAS8040: SP and e0M configuration
by Momonth 24 May '15

24 May '15

Hi All, I never used e0M on FAS32xx as it was limited to 100Mb, but decided to give a try on FAS8040. So, I've configured SP via DHCP (10.193.12.0/24), it's up and running and I can login onto it: na102::> sp show -node na102labnode-1a -instance Node: na102labnode-1a Type of Device: SP Status: online Is Network Configured: true Public IP Address: 10.193.12.31 MAC Address: 00:a0:98:68:00:18 Firmware Version: 3.1P1 Part Number: unknown Serial Number: unknown Device Revision: Not Applicable Is Firmware Autoupdate Enabled: true However having assigned an IP to e0M (from cluster management interface) doesn't make the e0M "ping-able". Here is my config (the same 10.193.12.0/24 is used): na102::> network interface show -vserver na102 -lif na102labnode-1a_mgmt1 -instance Vserver Name: na102 Logical Interface Name: na102labnode-1a_mgmt1 Role: node-mgmt Data Protocol: - Home Node: na102labnode-1a Home Port: e0M Current Node: na102labnode-1a Current Port: e0M Operational Status: up Extended Status: - Is Home: true Network Address: 10.193.12.44 Netmask: 255.255.255.0 Bits in the Netmask: 24 IPv4 Link Local: - Subnet Name: - Administrative Status: up Failover Policy: local-only Firewall Policy: mgmt Auto Revert: true Fully Qualified DNS Zone Name: none DNS Query Listen Enable: false Failover Group Name: Default FCP WWPN: - Address family: ipv4 Comment: - IPspace of LIF: Default It feels like e0M needs default gateway? How do I set it up then? Or Am I missing the whole idea here? Thanks, Vladimir

4 6

Linux OnCommand AD integration: group authentication
by Robb W. 22 May '15

22 May '15

Hi All, I have set up a couple of OnCommand servers to integrate with Windows AD for authentication. I used this NetApp Knowledge-base entry as my starting point: 1011398: How to configure OnCommand Unified Manager (Operations Manager) on Linux for authentication with Microsoft Active Directory The OnCommand servers are versions 5.2.1 (for 7-mode) and 6.2rc1 (for CDOT) respectively. Authentication of individual users accounts is working perfectly on both systems. But I cannot seem to get group based authentication to work ... On version 5.2.1 doing a "ldap find" returns this error: > linux:~ 22.05 15:07:00$ dfm ldap find Storage-Admin-Groupname > > Error: Searched under 'OU= ... ,' but didn't find administrator or group 'Storage-Admin-Groupname.' > > If 'Storage-Admin-Groupname' exists, one or more of these settings may be wrong: > ldapBaseDN, ldapUID, ldapGID, ldapUGID, ldapMember. > Templates can set all but ldapBaseDN to values that are probably compatible with your server. If I go ahead and add the group anyway, I get: > linux:~ 22.05 15:53:07$ dfm user add Storage-Admin-Groupname > > Warning: Storage-Admin-Groupname does not exist in the administrator database(s), so login is disabled for this administrator. > Added administrator Storage-Admin-Groupname. Doing a test operation via the version 6.2 Web UI returns a similar error. (Not surprisingly, since both systems are using the same settings.) Any tips on why this might not work, or suggestions on how to fix it? I assume that doing "dfm find group" like this should work? The (obfuscated) dfm options are as follows: ldapBaseDN OU=AdminUsers,OU=GlobalResources,OU=xxx,DC=yyy,DC=zzz,DC=xyz ldapBindDN oc-auth-account ldapBindPass ******** ldapEnabled Yes ldapGID memberOf ldapMember member ldapUGID CN ldapUID sAMAccountName ldapVersion 3 Thanks in advance for you help! Cheers, Robb.

2 1

Vol 100% - which VM?
by Fletcher Cocquyt 19 May '15

19 May '15

Never seen this before FAS3250 ONTAP 8.1.2 at 2am the volume hosting 110 VMs fills up and starts alerting Get the call and delete several snapshots to take it to 83%, reboot the 110 VMs ;( I have lots of tools (splunk, inmon etc) they are not able to show why this volume filled up ideas?

5 5

ONTAPI - perf-object-get-instances multiple
by Edward Rolison 15 May '15

15 May '15

I've been experimenting with ONTAPI for some monitoring. I've found it seems to support sending multiple API requests in a single POST - which is useful, because then I can fetch an XML bundle that contains 'system-get-info', 'clock-get-clock' and then 'perf-object-get-instances' for multiple objects. There's just one slight problem - when I do this, I get back a bunch of 'instance-data' elements, which aren't actually named as to which objects they're from - just which instance name. Has anyone else come up with a good solution to this? Are the counter names globally unique, and thus mappable back to their parent object? Or am I just going to have to accept making multiple requests, and fetch my perf counters separately?

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

toasters May 2015