ONTAP Discussions

Created an SVM in CVO in Azure. Unable to ssh to SVM.

abhit
5,546 Views

Created an SVM in CVO in Azure.

Created a lif for the SVM. Lif is enabled for both data and management.

SVM is unlocked. vsadmin username and a password is set.

Ping to the SVM Lif works.

However, unable to ssh to SVM using the same Lif IP.

Any idea what is the issue?

 

We are able to ssh to the Cluster. 

Regards

Abhi

 

 

1 ACCEPTED SOLUTION

abhit
4,800 Views

The other way is to create a brand new SVM Lif.

The SVM Lif should be only used for management purpose.

If any data protocol is enabled, it will not work.

There are two ways to assign IP to the SVM Lif.

1. Get a free IP address in Azure and then assign it to SVM Lif.

2. Get an IP from the subnet automatically.

 

Regards

Abhi

View solution in original post

9 REPLIES 9

Ontapforrum
5,528 Views

Hi,

 

Just make sure the LIF(IP) you are ssh'ing are set to : (Never created SVM in Azure, but in general this is a check list)

 

role = data
data-protocol = none
firewall-policy = mgmt 
vsadmin is un-unlocked and password is correct (simply reset it if you are unsure), I think bydefault ssh as application is allowed for vsadmin but you can always verify.

::> security login show -user-or-group-name vsadmin -vserver <vserver>

 

Verify this:

::> network interface show -vserver <vserver> -fields role,data-protocol,firewall-policy,address   -address <IP_Address>

 

Thanks!

abhit
5,517 Views

data-protocol was set as CIFS, NFS.

Does it make a difference?

 

Will tet out the other commands as suggested 

 

Abhi

Ontapforrum
5,500 Views

If it's NAS Protocols, then it dose not matter. By-default, they allow management access.  Ideally, it should just work. Let us know. Try resetting the vsadmin password and give it a try.

abhit
5,444 Views

We set the vsadmin password.

Connection is not going till authentication.

It is not reaching that stage.

Before that we get a message that connection is refused.

 

Abhi

Ontapforrum
5,359 Views

some steps you can try:

1) If it's connection refused (22 is allowed on firewall):
May be there is something that is blocking, try 'wirehsark'
2) Could you share the output of:
::> network interface show -vserver <vserver> -fields role,data-protocol,firewall-policy,address -address
3) Try to create a separate SVM Mgmt LIF on e0M (role=data,data-protocol=none) and see if it works.

abhit
5,285 Views

Thanks for your replies.

This is a CVO instance. There is no e0M port in the instance.

There are 2 ports e0a and e0b.

 

As per the documentation in the https://docs.netapp.com/us-en/occm/reference_networking_azure.html

"Note that Cloud Manager creates an SVM management LIF on HA pairs, but not on single node systems in Azure.".

 For all the below steps vsadmin has been unlocked and correct credentials are used.

  • Now we created a Local CVO instance in Azure. We checked the SVM management LIF role = data,data-protocol = none, firewall-policy = mgmt. 

With this configuration, we are able to connect to the SVM. Ping works.

 

  • In the customer CVO environment, role = data, data-protocol = Cifs,NFs,Fcache, firewall-policy = mgmt. is set.

With this configuration we were unable to SSH to the SVM Lif. Ping works.

 

 

  •  Now what we want to do?

Want to create a management only Lif for the SVM in the customer environment with these options LIF role = data,data-protocol = none, firewall-policy = mgmt.

We were unable to create the management only Lif. Neither in the current management Lif, we are able to disable the protocol from Cifs,NFS, fcache to none.

How do I create a new management only Lif for SVM in CVO? How do I get a free IP address for assigning to the Lif?

If you want to suggest to network interface modify, please check in CVO if this option is enabled. We could not find it.

 

  • There were other data lifs which were automatically created in the Local CVO instance. By default the Lif settings are role = data, data-protocol = Cifs,NFs,Fcache, firewall-policy = none. We enabled mgmt role in the Lif also. Tried SSH to this Lif. It is not working. Another suggestion to correctly have the same failover-group set for this Lif as in the SVM management Lif. That was also done, however still same problem.

 

  • Coming back to hardware FAS box, we created a SVM Lif, with protocol = Cifs,NFs,Fcache, both data and mgmt is enabled for the Lif. We are able to the SVM through this Lif. Conclusion, FAS and CVO Azure SVM Lifs behavior are different.

Bottom line:

How do I create a new management only Lif for the Customers SVM in CVO?

Or, in the Customers SVM in CVO, we want to modify the protocol in Mgmt Lif  from CIfs, NFs, Fcache to None. How can we do that?

 

Regards

Abhi 

Ontapforrum
5,245 Views

Thanks Abhi for the detailed analysis and for sharing this information.  I see your point,  CVO is a different ball game, I was just suggesting based on standard (FAS/AFF) Ontap environment. 

 

Interesting point here is :  When you spun-up local CVO with only Mgmt LIF it works. However, customer environment is already set with data protocols, and it appears (correct me here), it's not allowing both data+management via SVM. I will have to do some reading on the CVO stuff,  I am new to this one but it's definitely worth knowing.

 

Let's see if there are other avenues of support ? How about support ticket or if you have access to Engineering?

 

abhit
5,191 Views

I think this is what happened with the customer's CVO.

 

They deleted the default SVM Lif which is created automatically when a CVO HA is created.

 

After that they manually created a management Lif with protocol etc. enabled. With this Lif , we are getting the connection error.

 

So in summary we have to use the default SVM Lif which is created when CVO HA is created. With this Lif we were able to connect to SVM. Otherwise you cannot create a managament Lif and connect to the SVM is our conclusion. Have to check now in the actual environment to see if this is the case.

 

Abhi

abhit
4,801 Views

The other way is to create a brand new SVM Lif.

The SVM Lif should be only used for management purpose.

If any data protocol is enabled, it will not work.

There are two ways to assign IP to the SVM Lif.

1. Get a free IP address in Azure and then assign it to SVM Lif.

2. Get an IP from the subnet automatically.

 

Regards

Abhi

Public