Active IQ Unified Manager Discussions

After upgrading WFA 5.0 to 5.1 the Set_quota (perl) modules stopped working

Jeremy-B
5,231 Views

Previously running WFA 5.0 everything worked great, after upgrading to 5.1 the Set_quota perl modules stopped worked. WFA is running on Windows Server 2016 .  The powershell modules are working fine, this seems to only be related to perl scripts. The workflow errors out with the array cannot be found.  When I test the perl code manually I receive below error:

 

12:01:57.386 INFO [Set quota] ### Command 'Set quota' in 'PERL' ###
12:02:02.292 INFO [Set quota] Connecting to cluster: ‘cluster name’
12:02:02.479 INFO [Set quota] Credentials successfully provided for ‘cluster name’
12:02:02.667 INFO [Set quota] Credentials successfully provided for ‘cluster name’
12:02:02.936 INFO [Set quota] Trying to connect to ‘cluster name’ using HTTPS on port 443 with timeout 60000
12:02:03.120 INFO [Set quota] Error while connecting HTTPSin NaServer::verify_server_certificate: server certificate verification failed: the certificate chain could be built up using the untrusted certificates but the root could not be found locally
12:02:03.292 INFO [Set quota] Trying to connect to ‘cluster name’ using HTTP on port 80 with timeout 60000
12:02:04.745 INFO [Set quota] Error while connecting HTTPSin Zapi::invoke, cannot connect to socket
12:02:04.792 ERROR [Set quota] Failed executing command. Exception:
Unable to connect to array

7 REPLIES 7

mbeattie
5,193 Views

Hi,

 

I "suspect" the problem might be that during the upgrade to WFA5.1 the "ontap.pem" file is removed and hence the PERL scripts are no longer functioning. This may also be an issue with the "ldap.truststore" for LDAPs authentication. Try restoring a backup of those files. The bug number for the above issues is #1296692.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Jeremy-B
5,158 Views

Hi Matt,

 

Thanks for the reply, do you have any further details on where "ontap.pem" and "ldap.truststore" would be located or where they should be restored to? I've searched and haven't been able to find any details on these files or bug #1296692. Thanks for any further help you can provide!

 

Jeremy

mbeattie
5,131 Views

Hi Jeremy,

 

By default the .pem and .truststore files are located in the JBoss keystore directory. EG

C:\Program Files\NetApp\WFA\jboss\standalone\configuration\keystore\ontap.pem

The LDAP truststore will only be present if you've configured WFA with LDAP authentication.

Try restoring those files from backup.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Jeremy-B
5,101 Views

Hi Matt,

 

Unfortunately I do not have a backup\previous version of that folder from before the 5.1 upgrade, do you know of any other workarounds to fix the issue (e.g. generating new .pem files, etc..)? Thanks again for the help

 

Jeremy

mbeattie
5,072 Views

Hi Jeremy,

 

Have  you tried removing and re-adding WFA credentials? I think this will re-create your ontap.pem file. Alternately I'd advise logging a support case and referencing that bug number.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Jeremy-B
5,028 Views

Hi,

 

I'm not really sure what it means to remove\re-add the WFA credentials, as that doesn't seem to be an option. I did remove the LDAP servers and re-add, that didn't seem to do anything (still no

"ldap.truststore" file). Under the "Credentials" section in the settings I removed the Filer that I'm trying to use the Quota workflow against, and re-added it (using the filer credentials) and this created a new 

"ontap.pem" file. Unfortunately the workflow is still failing with the original error. I'll get a support case opened to try to get this issue resolved, thanks for your assistance.

 

Jeremy

MartinBoere
4,960 Views

Hi,

 

Please  test the authentication's to the clusters / reenter the credentials to all clusters.

Then the SSL certificates to all of the clusters will be imported in the ontap.pem that is required for perl.

 

regards

Public