toasters

toasters@lists.teaparty.net

2 participants
13520 discussions

roles an capabilities in ONTAP: the missing link in security-*
by Michael Bergman 10 Jun '13

10 Jun '13

Greeting, does anyone know what the secret (undocumented) security-* capability which allows you to elevate to diag level and see those CLI commands, i.e. running 'priv set diag', is called? The man pages for 8.1.x tells us this: - - - The security-* type currently only has a few elements (5): security-passwd-change-others which is used specifically to control if a user can change another user's password without knowing their previous password. By default, only root and members of the Administrators group have this capability. security-priv-advanced which is necessary to run advanced commands that are not used for normal administration. Please talk to a NetApp Inc representative before using advanced commands. By default, only root and members of the Administrators group have this capability. security-api-vfiler Normally a client will send ONTAP APIs directly to a vfiler if it wishes the API to be executed on the vfiler. The security-apivfiler capability is necessary to send ONTAP APIs to the physical node which are to be forwarded to a vfiler for execution. By default, only root and members of the Administrators group have this capability. security-load-lclgroups which is necessary to run the useradmin domainuser load command. This command changes all group membership. By default, only root and members of the Administrators group have this capability. security-complete-user-control which is used to allow an admin to add, modify, and delete users, groups and roles with more capabilities than himself. These users typically only have access to the cli-useradmin* and associated commands, though they can give themselves greater permissions. By default, only root and members of the Administrators group have this capability. - - - So that's fine and setting security-priv-advanced gives the results I expected. But it will not allow you to execute 'priv set diag'. However, setting up a role with capability security-* will, so there's at least one more in there with a name unknown to me. I tried a few educated guesses like security-priv-diag security-priv-diagnostics security-diag security-diagnostics security-priv-* security-priv-advdiag security-priv-advanced-diag plus a some more along those lines, to no avail. I'm assuming there is something in there that has a specific name -- this assumption could be wrong of course /M -- Michael Bergman Sr Systems Analyst / Storage Architect michael.bergman a ericsson d com Engineering Hub Stockholm Phone +46 10 715xxxx Service Delivery, Engineering EMEA N SMS/MMS +46 70 548xxxx Ericsson Torshamnsg 33, 16480 Sthlm, Sweden

1 1

clustered ontap monitoring snapmirror lag?
by Blake Golliher 10 Jun '13

10 Jun '13

Hi! It looks as if the concept of a 'snapmirror lag' has been scrubbed from Clustered OnTap, at least on 8.1.2P3. 'snapmirror show' will show the state, and transferring, but there's no lag, or a start time that I can extrapolate. There's a progress, which reports what's been transferred, but no lag. The api documentation doesn't have any mention of snapmirror lag in snapmirror-info attributes-list. There's no support of snapmirror in snmp (at least so far). So does DFM (or whatever they call it now) monitor this? And how would it? Thanks for any and all suggestions. If I find where this data is, I'll put the script on github. -Blake

3 7

Fixing LUN Misalignment on Physical Machines
by Philbert Rupkins 08 Jun '13

08 Jun '13

Hello Toasters, I found a ton of information regarding fixing misalignment issues in virtual environments. However, I am interested in how to resolve misalignment on a physical machine. The only way I am aware of is to create a new LUN and perform a host based copy of the data to the new LUN. Is this my only option or are there any other methods that require less overhead/downtime? Here is the situation: Server OS = Windows 2008 Server LUN Type = Windows 2008 Partition Type = MBR (W2K3) How did we get a W2K3 MBR partition out of a Windows 2008 server? We didnt. The LUN was originally created by a W2K3 machine while using an EMC storage array. The W2K3 server was eventually retired and the LUN was presented to the W2K8 machine. The LUN was then migrated to a NetApp array using a block for block mirror of the data from the EMC LUN to the NetApp LUN. Unfortunately, the NetApp LUN was created as a windows_2008 lun type because it was going to be used by a Windows 2008 server - this is where the mistake was made. So now, we have a Windows Server 2008 box with a disk using a 2003-MBR partition type on windows_2008 lun type. Again, I'd like to fix the misalignment issue in the easiest way possible. Creating a new lun and performing a host based copy of the data is doable but requires a fair amount of overhead. Just wondering if there is a more efficient way to resolve lun alignment issues with physical machines. Thanks! -Phil

4 4

SAS port speeds
by Jeff Cleverley 07 Jun '13

07 Jun '13

Greetings, We have a stack of DS4243 shelves for a NearStore running SATA/BSAS drives. We will be getting some DS4246 with the 4TB FSAS drives. I know it is supported to put them in the same stack, my understanding is everything in the stack will drop to 3 GB/s speed. Since the HBAs run 2 ports on one chip, does that one chip control the speed for both ports A/B, or are they separate? Thanks, Jeff -- Jeff Cleverley Unix Systems Administrator 4380 Ziegler Road Fort Collins, Colorado 80525 970-288-4611

2 2

growing a vol on vFiler that is a source in Vfiler DR relationship
by Iluhes 05 Jun '13

05 Jun '13

Hello Toasters, What is the best procedure to grow a volume on the vFiler that is a source in VFiler DR setup. Is there a need to break / queues replication somehow

6 7

Performance Advisor Reporting on V-Series Initiator Ports?
by Philbert Rupkins 24 May '13

24 May '13

Hello, Anybody know if there is any way to report on a V-Series initiator ports from Performance Advisor? Looks like Performance Advisor only captures metrics for target ports on the NetApp. The best I can find is enabling the "hostadapter" metrics in a custom view. Would be nice if PA included an object for V-Series initiators out of the box along with some expanded counters. Hopefully I am just missing something. Thanks, Phil

1 0

Boot version info.
by Jeff Cleverley 24 May '13

24 May '13

Greetings, I'm replacing a 3140 with a 3270 stand-alone NearStore replacement. The current 3140 OS is 8.1.2P3 and the new head shipped with 8.1.2. Is that going to be close enough for the system to boot from the old system root disk, or does it have to be an exact match? If there is a way to modify the boot config from the command line instead of pulling the compact flash, I'd be OK with that also. Thanks, Jeff -- Jeff Cleverley Unix Systems Administrator 4380 Ziegler Road Fort Collins, Colorado 80525 970-288-4611

3 8

VM Virtual Disk Latency Versus NFS Latency on Filer
by Philbert Rupkins 22 May '13

22 May '13

Hello, This may be more of a VMWare question. From within Data Fabric Manager, I am seeing a spike in latency on a NetApp volume used as an NFS datastore. DFM shows a spike in NFS latency of 50 ms on the volume. However, a virtual machine's performance counters in vSphere show a spike in Virtual Disk latency upwards of 700ms for the same "latency event". Any idea what might account for this difference in latency reporting between the NetApp (DFM) and ESXi? I expected there to be some difference for obvious reasons but I didnt expect to see a difference of this magnitude. Thanks, Phil

3 5

Hot adding DS14MK4 trays to existing loop
by Fletcher Cocquyt 22 May '13

22 May '13

This is something I've never had reason to attempt until now. We have a 3270 cluster (8.1.2) Head 2 aggr1 consists of these two multipathed DS14MK4 trays (IDs 1,2): http://i.imgur.com/821iN35.jpg We want to hot add another DS14MK4 trays racked right above (IDs 3,4): http://imgur.com/FlMxpyz I've read the 2011 DS14MK4 guide and verified the loop speeds are all set consistently and IDs are all unique. (note: trays IDs are 1-4 from bottom to top) Can I simply: 1 - remove the top two pairs of fiber and transceivers (these go to head 1 (partner)) 2 - daisy chain up from those vacated ports to new trays (3,4) 3 - plug the fiber and tranceivers back in on the top tray? We would then grow (effectively double) this aggr1's capacity What are the risks ? (2011 guide mentions panic's are possible with loop misconfig) (we have 60 VMs running on head 2 on a separate loop and aggregate) Any other tips appreciated thanks

5 4

Oracle RAC on Netapp unstable under load
by Fletcher Cocquyt 20 May '13

20 May '13

Recently we have seen our Oracle RAC VMs reboot during netowkr and Netapp (Ontap 8.1.2 NFS) load correlated to our Friday 8pm full backup window start time. Initial strategies to prevent this include distributing RAC voting disks on different Netapp volumes, but I'd like to hear if others who have seen this have better solutions in practice? thanks, Fletcher

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

toasters