Solved: Re: ocum 6.1 with harvest 1.3 issue

lanox · ‎2016-12-12

Hi

I am running OCUM 6.1 (is it supported with harvest 1.3).

I am getting errors bellow

[2016-12-13 16:27:07] [DEBUG  ] [connect] Reverse hostname lookup successful.  Using HTTP/1.1 for communication.
[2016-12-13 16:27:07] [WARNING] [sysinfo] system-about API failed with reason: Server returned HTTP Error:
[2016-12-13 16:27:07] [WARNING] [main] system-info update failed; will try again in 10 seconds.

I have created username netapp-harvest in OCUM and can login with it.

also when I do curl -k -v https://192.168.1.20/

* Rebuilt URL to: https://192.168.1.20
* Hostname was NOT found in DNS cache
*   Trying 192.168.1.20...
* Connected to 192.168.1.20 (192.168.1.20) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS alert, Server hello (2):
* error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
* Closing connection 0
curl: (35) error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

this is my netapp-harvest.conf

this is 2 node cluster running 8.2.3 Ontap

[xxxx01]
hostname       = 192.168.1.11 (node 1) 
group          = SS

[xxxx01]
hostname       = 192.168.1.12 (node 2)
group          = SS

[xxxx21]
hostname          = 192.168.1.20
group             = uniman
host_type         = OCUM
data_update_freq  = 900
normalized_xfer   = gb_per_sec

lanox · ‎2016-12-13

@madden thanks mate,

I though that would be the problem, I was just hoping that there would be a workaround, so that I didn't have to update at this stage. Maybe its for better that I do update. :).

one the other note.

I am getting this error message as well from actucall nodes them selfs

[2016-12-13 19:39:56] [WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: in Zapi::invoke failed to connect SSL ; Recommend to verify TLS is enabled (7-mode: options tls.enable) and/or setup ssl again (7-mode: secureadmin setup ssl)

I was following the Netapp Harvest guide, and I do not have secureadmin command as I am using 8.2.3 ontap clusterd mode, also I can confirm when I run options tls.enable I get nothing.

Also I am just little confuesd do I need to have OCUM running to start collecting some statistics ? or does Harvest use OCUM to get all the info/performance stats.

Thanks heaps and awesome tool.

View solution in original post

lanox · ‎2016-12-13

@madden if you could help would be much appreciated

madden · ‎2016-12-13

Hi @lanox

I think you are hitting this issue: https://community.netapp.com/t5/OnCommand-Storage-Management-Software-Discussions/NetApp-Harvest-OCUM-server-not-reachable/m-p/120922

So essentially your client is purposfully not able to negociate a secure session with OCUM because it is out of date. Solution is to upgrade to a newer release of OCUM, or downgrade your SSL client libraries on your poller host.

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

lanox · ‎2016-12-13

@madden thanks mate,

I though that would be the problem, I was just hoping that there would be a workaround, so that I didn't have to update at this stage. Maybe its for better that I do update. :).

one the other note.

I am getting this error message as well from actucall nodes them selfs

[2016-12-13 19:39:56] [WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: in Zapi::invoke failed to connect SSL ; Recommend to verify TLS is enabled (7-mode: options tls.enable) and/or setup ssl again (7-mode: secureadmin setup ssl)

I was following the Netapp Harvest guide, and I do not have secureadmin command as I am using 8.2.3 ontap clusterd mode, also I can confirm when I run options tls.enable I get nothing.

Also I am just little confuesd do I need to have OCUM running to start collecting some statistics ? or does Harvest use OCUM to get all the info/performance stats.

Thanks heaps and awesome tool.

madden · ‎2016-12-13

Hi @lanox

Sorry, on my response I only looked at the OCUM error message you had.

For the ONTAP system I see you have this:

[xxxx01]
hostname       = 192.168.1.11 (node 1) 
group          = SS

[xxxx01]
hostname       = 192.168.1.12 (node 2)
group          = SS

With Clustered Data ONTAP you should add the cluster LIF and it will fetch all counters for the entire cluster. So if you cluster is named 'xxxx01' then you could update the hostname to be the IP of your cluster mgt LIF, and then only have one of these entries.

Hope this helps!

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

lanox · ‎2016-12-13

thanks @madden will give that a try.

On the other note and hopefully last question, I did little search and there is few posts asking about influxdb etc, is this on you cards to do at all ??

madden · ‎2016-12-13

Hi @lanox

The Graphite function library is very powerful and I haven't seen another Time-series Database that comes close. Because of those functions we can make really compelling graphs in Grafana. The downsides of Graphite are that it is complex at large scale (lets say 500k metrics/min or more) and it's fragile (pain to setup, pain to update).

For me the benefits are greater than the downsides and I have no plans to introduce support native support with dashboards for another TSDB. But, Harvest sends data in the Graphite newline seperated format which pretty much all TSDBs will accept. I have some customers that use other TSDBs, typically because they already had another TSDB in place and didn't want multiple metric DBs but did want NetApp metrics. Those customers are fine to create their own dashboards and this is a working solution for them.

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

lanox · ‎2016-12-14

@madden thanks mate, you are very helpfull.

Do I need to have OCUM running before I can collect any performance from LIF ?

even after changing ip to cluster managment ip I am still getting this ..

sysinfo] Update of system-info cache DOT Version failed with reason: in Zapi::invoke, cannot connect to socket

here is my config.

##
#### Global section for installation wide settings
##
[global]
grafana_api_key   = xxxxx
grafana_url       = http://xx.xx.xx.xx:3000

##
#### Default section to set defaults for any user created poller section
##
[default]

#====== Graphite server setup defaults ========================================
graphite_enabled  = 1
graphite_server   = xx.xx.xx.xx
graphite_port     = 2003
graphite_proto    = tcp
normalized_xfer   = mb_per_sec
normalized_time   = millisec
graphite_root     =  default
graphite_meta_metrics_root  = default

#====== Polled host setup defaults ============================================
host_port = 443
host_enabled = 1
template = default
data_update_freq = 60
ntap_autosupport = 0
latency_io_reqd = 10
auth_type = password
username = netapp-harvest
password = netapp-harvest


[xxxx01]
hostname       = xxx.xxx.xxx.xxx
group          = sanbomb

however I do not have OCUM runnin yet as I need to patch it to 6.4 or later, which I am working on.

Thanks

lanox · ‎2016-12-14

@madden I followed the guide and created rold netapp-harvest-role and also created user with ontapi, but I get Authorization failed still.

I tried using my admin account and it works fine, however I do not wish to use admin account, did I miss something ?

thanks @madden

madden · ‎2016-12-15

Hi @lanox

I have never heard of issues with the RBAC user so my guess is you have a copy/paste error. I know the PDF docs sometimes have incorrect end-of-line characters. I would remove your role and user and try again. These should be OK to copy/paste (no line formatting issue) to ensure it is ok:

security login role create -role netapp-harvest-role -access readonly -cmddirname "version"
security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster identity show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "system node show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "statistics"
security login role create -role netapp-harvest-role -access readonly -cmddirname "lun show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "network interface show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "qos workload show"

And then create the user.

ONTAP 8.2 and earlier:

security login create -username netapp-harvest -application ontapi -role netapp- harvest-role -authmethod password

ONTAP 8.3 and later:

security login create -user-or-group-name netapp-harvest -application ontapi -role netapp-harvest-role -authmethod password

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

lanox · ‎2016-12-15

@madden

Okay never mind it started working no idea, why it didnt work originally.

Thanks so much @madden much appreciated on prompt replys.

ocum 6.1 with harvest 1.3 issue

Get ready to power on