ONTAP Discussions

9.11.1 upgrade recreates admin account with 'amqp' application

TMADOCTHOMAS
5,366 Views

Per NetApp best practices, we disable the admin account on our clusters and replace it with a different account. However, each time we reboot a node (whether for patching or not), the admin account gets recreated with the http and ontapi applications. Last night I upgraded three of our clusters to 9.11.1 and noticed a third admin entry that gets created with the 'amqp' application. I had not heard of this before but found documentation online. Is this a new normal behavior for 9.11.1? Can anyone provide more insight? Thanks!

1 ACCEPTED SOLUTION

TMADOCTHOMAS
5,157 Views

From my NetApp case:

AMQP is a messaging protocol used for a publish/subscribe API that was introduced in ONTAP starting with 9.9.1. That is why the admin account gets created with AMQP.

Cloud Agent is an example of an application that subscribes to the ONTAP Pub/Sub API and uses AMQP over HTTPS.

View solution in original post

11 REPLIES 11

paul_stejskal
5,339 Views

I did some searching internally and couldn't find anything one way or another. I'd recommend going through the audit logs (available in Active IQ under AutoSupport, Management Logs, and audit-mlog.txt.gz or audit-log.gz for node shell, or SPI). Maybe that's a start.

Honestly for something like this, a case may be worth it if you can't figure it out. From what I can tell the Advanced Message Queuing Protocol shouldn't be in use by ONTAP from my searching.

TMADOCTHOMAS
5,338 Views

Thanks @paul_stejskal , yeah that's what I was thinking. It doesn't make sense to me. Not sure how to read the logs you referenced but I may open a case as you suggested to take a closer look.

CHRISMAKI
5,309 Views

What documentation have you found regarding this? I was searching for this last week, the only docs I came across was this ancient NetApp Connect link.

TMADOCTHOMAS
5,302 Views

That was my experience as well - I found a lot of articles on NetApp Connect, whatever that is.

CHRISMAKI
5,289 Views

NetApp Connect enables users to access on-premises data from existing enterprise collaboration, file synchronization, and share applications quickly and securely, across devices they choose to use. Enterprise information remains managed by your company and stored on premises.

 

EOA August 2015

paul_stejskal
5,261 Views

If you do open a case, please post the case # here. At least a couple people are watching this thread. There are conflicting internal references to the feature so I don't know if 9.11 changed something or not.

TMADOCTHOMAS
5,253 Views

@paul_stejskal , case #2009488658

CHRISMAKI
5,231 Views

TMADOCTHOMAS
5,192 Views

Nice find @CHRISMAKI . That likely explains what it's for, but I'm still curious why the admin account gets recreated on reboot with that application when it wasn't happening before.

TMADOCTHOMAS
5,158 Views

From my NetApp case:

AMQP is a messaging protocol used for a publish/subscribe API that was introduced in ONTAP starting with 9.9.1. That is why the admin account gets created with AMQP.

Cloud Agent is an example of an application that subscribes to the ONTAP Pub/Sub API and uses AMQP over HTTPS.

TMADOCTHOMAS
5,152 Views

So in summary it's a relatively new feature and that's why admin is just now being recreated with amqp whereas it wasn't previously.

Public