ONTAP Discussions

Proxy v2 and C-mode

gasparuben
4,394 Views

hi there,

I am reading the documentation and I have a simple question. The set-up on the doc is using a C-mode cluster. I can see in the configuration file:

 

/u01/app/oracle/product/11.2.0/dbhome_1/config/rman_ntap_nfs_sdb.conf

FILER=10.63.164.18:rmanuser18/1R1w1q1x0R0z0S0r0J1H

FILERPASS_ENCRYPTED=YES

VOLUMES=10.63.164.18:mml_11g_oradata

VALIDATE_VOLUMES=DATA

SNAME=

SNAP_TYPE=

PROTOCOL=nfs

DB_LUN=

DB_MOUNTPOINT=10.63.164.18:mml_11g_oradata:/mml_11g_oradata

...

 

I dont understand how the lif used to serve data, will be used later on to take/restore snapshots. How is the proxy retrieving the management IP ?

I would also like how is the rmanuser18 configured on a C-mode cluster, which minimum privileges should have?

 

Thanks a lot!

Ruben

4 REPLIES 4

doug_clendening
4,394 Views

The rman account just needs "ontapi".

The proxy communicates through the IP specified in config file.  It doesn't retrieve the management IP.  The firewall policy on the lif specified in the conf file needs to "mgmt" otherwise the proxy can't talk to vserver.

gasparuben
4,394 Views

Thanks Doug. This is interesting. I thought we need to pass always by cluster management IP to do that kind of operations. Strange there is no default firewall policy at least on Ontap 8.1.1 to achieve this.

I imagine just https and ssh should be open.

gasparuben
4,394 Views

Please could you provide the configuration of the rmanuser18, which role has assigned? You connect to the data lif via ZAPI?

I was talking with Netapp support and the supporter just commented that one can not take snapshots using a data lif, due the fact that the lif can be migrated to any physical port of any controller.

Thanks for your time!

nkarthik
4,394 Views

In my setup it's like below and it works.

XXXX::> security login show -vserver vs2_dnfs_rac

Vserver: vs2_dnfs_rac

                             Authentication                  Acct

UserName         Application Method         Role Name        Locked

---------------- ----------- -------------- ---------------- ------

rmanuser18       ontapi      password       vsadmin          no

vsadmin          ontapi      password       vsadmin          no

vsadmin          ssh         password       vsadmin          no

3 entries were displayed.

XXXX::> network interface show

    show               show-routing-group show-zones

XXXX::> network interface show -vserver vs2_dnfs_rac

            Logical    Status     Network            Current       Current Is

Vserver     Interface  Admin/Oper Address/Mask       Node          Port    Home

----------- ---------- ---------- ------------------ ------------- ------- ----

vs2_dnfs_rac

            vs2_dnfs_rac_data1

                         up/up    172.1.6.200/24     TESO-04       e2a-2006

                                                                           true

            vs2_dnfs_rac_data2

                         up/up    172.1.7.200/24     TESO-04       e2a-2010

                                                                           true

            vs2_priv_oem_perf_1

                         up/up    172.1.11.22/24     TESO-01       e2a-3011

                                                                           true

            vs2_priv_oem_perf_2

                         up/up    172.1.11.23/24     TESO-02       e2a-3011

                                                                           true

            vs2_priv_oem_perf_3

                         up/up    172.1.11.24/24     TESO-03       e2a-3011

                                                                           true

            vs2_public_access

                         up/up    10.63.164.18/24    TESO-02       e2a-1164

                                                                           true

6 entries were displayed.

XXXX::>

Public