ONTAP Discussions
ONTAP Discussions
hi there,
I am reading the documentation and I have a simple question. The set-up on the doc is using a C-mode cluster. I can see in the configuration file:
/u01/app/oracle/product/11.2.0/dbhome_1/config/rman_ntap_nfs_sdb.conf
FILER=10.63.164.18:rmanuser18/1R1w1q1x0R0z0S0r0J1H
FILERPASS_ENCRYPTED=YES
VOLUMES=10.63.164.18:mml_11g_oradata
VALIDATE_VOLUMES=DATA
SNAME=
SNAP_TYPE=
PROTOCOL=nfs
DB_LUN=
DB_MOUNTPOINT=10.63.164.18:mml_11g_oradata:/mml_11g_oradata
...
I dont understand how the lif used to serve data, will be used later on to take/restore snapshots. How is the proxy retrieving the management IP ?
I would also like how is the rmanuser18 configured on a C-mode cluster, which minimum privileges should have?
Thanks a lot!
Ruben
The rman account just needs "ontapi".
The proxy communicates through the IP specified in config file. It doesn't retrieve the management IP. The firewall policy on the lif specified in the conf file needs to "mgmt" otherwise the proxy can't talk to vserver.
Thanks Doug. This is interesting. I thought we need to pass always by cluster management IP to do that kind of operations. Strange there is no default firewall policy at least on Ontap 8.1.1 to achieve this.
I imagine just https and ssh should be open.
Please could you provide the configuration of the rmanuser18, which role has assigned? You connect to the data lif via ZAPI?
I was talking with Netapp support and the supporter just commented that one can not take snapshots using a data lif, due the fact that the lif can be migrated to any physical port of any controller.
Thanks for your time!
In my setup it's like below and it works.
XXXX::> security login show -vserver vs2_dnfs_rac
Vserver: vs2_dnfs_rac
Authentication Acct
UserName Application Method Role Name Locked
---------------- ----------- -------------- ---------------- ------
rmanuser18 ontapi password vsadmin no
vsadmin ontapi password vsadmin no
vsadmin ssh password vsadmin no
3 entries were displayed.
XXXX::> network interface show
show show-routing-group show-zones
XXXX::> network interface show -vserver vs2_dnfs_rac
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home
----------- ---------- ---------- ------------------ ------------- ------- ----
vs2_dnfs_rac
vs2_dnfs_rac_data1
up/up 172.1.6.200/24 TESO-04 e2a-2006
true
vs2_dnfs_rac_data2
up/up 172.1.7.200/24 TESO-04 e2a-2010
true
vs2_priv_oem_perf_1
up/up 172.1.11.22/24 TESO-01 e2a-3011
true
vs2_priv_oem_perf_2
up/up 172.1.11.23/24 TESO-02 e2a-3011
true
vs2_priv_oem_perf_3
up/up 172.1.11.24/24 TESO-03 e2a-3011
true
vs2_public_access
up/up 10.63.164.18/24 TESO-02 e2a-1164
true
6 entries were displayed.
XXXX::>