Florian, On upgrade you will see newly created custom policies. From my understanding service policies will replace both roles and firewall policies. However at this point (and I could be slightly incorrect) both the firewall policy and service policy will apply. I've done numerous upgrades and have not had to pre create these policies. You may however want/need to clean these policies up later. EG: custom-data-29990 data-core: 0.0.0.0/0 data-cifs: 0.0.0.0/0 management-portmap: 0.0.0.0/0
default-data-blocks data-core: 0.0.0.0/0 data-iscsi: 0.0.0.0/0
default-data-files data-core: 0.0.0.0/0 data-cifs: 0.0.0.0/0
default-management data-core: 0.0.0.0/0 management-ssh: 0.0.0.0/0 management-https: 0.0.0.0/0
This is yet another gripe on netapp making yet another option for lifs. If Netapp is listening, remove complexity dont add more. What did service policies offer vs roles and firewall policies?
As with any upgrade, you should have a test environment to see exactly what is happening (maybe an old FAS2554?).
Thanks! Douglas
On Tue, Nov 17, 2020 at 5:55 AM Florian Schmid via Toasters < toasters@teaparty.net> wrote:
---------- Forwarded message ---------- From: Florian Schmid fschmid@ubimet.com To: toasters toasters@teaparty.net Cc: Bcc: Date: Tue, 17 Nov 2020 10:52:28 +0000 (UTC) Subject: Netapp upgrade from 9.5P10 to 9.7P7 - lif service policy Hi,
I have to upgrade our netapp cluster from 9.5P10 to 9.7P8 and I read in the release notes about the "new" lif service policy. I also read, that lif roles, like we are using them for now, are deprecated in 9.6.
My question is now, do I need to add a service policy to every lif before upgrading to 9.7 or can I do this later? Do I need to do this or does netapp it automatically, when upgrading to a release, which doesn't support it anymore?
Thank you very much in advance.
BR Florian
---------- Forwarded message ---------- From: Florian Schmid via Toasters toasters@teaparty.net To: toasters toasters@teaparty.net Cc: Bcc: Date: Tue, 17 Nov 2020 10:52:34 GMT Subject: _______________________________________________ Toasters mailing list Toasters@teaparty.net https://www.teaparty.net/mailman/listinfo/toasters
Hi Douglas,
thank you very much for your great answer.
Yes, I have read this about the firewall policies, too. At least, they have removed the portmap service, that is now enabled by default for lifs, which are supporting nfs services.
We have only NFS service.
Unfortunately, we don't have a dev system to test, but the past updates went always smooth...
BR Florian
Von: "Douglas Siggins" siggins@gmail.com An: "Florian Schmid" fschmid@ubimet.com CC: "toasters" toasters@teaparty.net Gesendet: Dienstag, 17. November 2020 17:43:39 Betreff: Re:
Florian, On upgrade you will see newly created custom policies. From my understanding service policies will replace both roles and firewall policies. However at this point (and I could be slightly incorrect) both the firewall policy and service policy will apply. I've done numerous upgrades and have not had to pre create these policies. You may however want/need to clean these policies up later. EG: custom-data-29990 data-core: [ http://0.0.0.0/0 | 0.0.0.0/0 ] data-cifs: [ http://0.0.0.0/0 | 0.0.0.0/0 ] management-portmap: [ http://0.0.0.0/0 | 0.0.0.0/0 ]
default-data-blocks data-core: [ http://0.0.0.0/0 | 0.0.0.0/0 ] data-iscsi: [ http://0.0.0.0/0 | 0.0.0.0/0 ]
default-data-files data-core: [ http://0.0.0.0/0 | 0.0.0.0/0 ] data-cifs: [ http://0.0.0.0/0 | 0.0.0.0/0 ]
default-management data-core: [ http://0.0.0.0/0 | 0.0.0.0/0 ] management-ssh: [ http://0.0.0.0/0 | 0.0.0.0/0 ] management-https: [ http://0.0.0.0/0 | 0.0.0.0/0 ]
This is yet another gripe on netapp making yet another option for lifs. If Netapp is listening, remove complexity dont add more. What did service policies offer vs roles and firewall policies?
As with any upgrade, you should have a test environment to see exactly what is happening (maybe an old FAS2554?).
Thanks! Douglas
On Tue, Nov 17, 2020 at 5:55 AM Florian Schmid via Toasters < [ mailto:toasters@teaparty.net | toasters@teaparty.net ] > wrote:
---------- Forwarded message ---------- From: Florian Schmid < [ mailto:fschmid@ubimet.com | fschmid@ubimet.com ] > To: toasters < [ mailto:toasters@teaparty.net | toasters@teaparty.net ] > Cc: Bcc: Date: Tue, 17 Nov 2020 10:52:28 +0000 (UTC) Subject: Netapp upgrade from 9.5P10 to 9.7P7 - lif service policy Hi,
I have to upgrade our netapp cluster from 9.5P10 to 9.7P8 and I read in the release notes about the "new" lif service policy. I also read, that lif roles, like we are using them for now, are deprecated in 9.6.
My question is now, do I need to add a service policy to every lif before upgrading to 9.7 or can I do this later? Do I need to do this or does netapp it automatically, when upgrading to a release, which doesn't support it anymore?
Thank you very much in advance.
BR Florian
---------- Forwarded message ---------- From: Florian Schmid via Toasters < [ mailto:toasters@teaparty.net | toasters@teaparty.net ] > To: toasters < [ mailto:toasters@teaparty.net | toasters@teaparty.net ] > Cc: Bcc: Date: Tue, 17 Nov 2020 10:52:34 GMT Subject: _______________________________________________ Toasters mailing list [ mailto:Toasters@teaparty.net | Toasters@teaparty.net ] [ https://www.teaparty.net/mailman/listinfo/toasters | https://www.teaparty.net/mailman/listinfo/toasters ]
-
Douglas Siggins -
Florian Schmid