Proxy v2 and C-mode

gasparuben · ‎2013-03-09

hi there,

I am reading the documentation and I have a simple question. The set-up on the doc is using a C-mode cluster. I can see in the configuration file:

/u01/app/oracle/product/11.2.0/dbhome_1/config/rman_ntap_nfs_sdb.conf

FILER=10.63.164.18:rmanuser18/1R1w1q1x0R0z0S0r0J1H

FILERPASS_ENCRYPTED=YES

VOLUMES=10.63.164.18:mml_11g_oradata

VALIDATE_VOLUMES=DATA

SNAME=

SNAP_TYPE=

PROTOCOL=nfs

DB_LUN=

DB_MOUNTPOINT=10.63.164.18:mml_11g_oradata&colon;/mml_11g_oradata

...

I dont understand how the lif used to serve data, will be used later on to take/restore snapshots. How is the proxy retrieving the management IP ?

I would also like how is the rmanuser18 configured on a C-mode cluster, which minimum privileges should have?

Thanks a lot!

Ruben

doug_clendening · ‎2013-03-09

The rman account just needs "ontapi".

The proxy communicates through the IP specified in config file. It doesn't retrieve the management IP. The firewall policy on the lif specified in the conf file needs to "mgmt" otherwise the proxy can't talk to vserver.

gasparuben · ‎2013-03-10

Thanks Doug. This is interesting. I thought we need to pass always by cluster management IP to do that kind of operations. Strange there is no default firewall policy at least on Ontap 8.1.1 to achieve this.

I imagine just https and ssh should be open.

gasparuben · ‎2013-05-14

Please could you provide the configuration of the rmanuser18, which role has assigned? You connect to the data lif via ZAPI?

I was talking with Netapp support and the supporter just commented that one can not take snapshots using a data lif, due the fact that the lif can be migrated to any physical port of any controller.

Thanks for your time!

nkarthik · ‎2013-05-14

In my setup it's like below and it works.

XXXX::> security login show -vserver vs2_dnfs_rac

Vserver: vs2_dnfs_rac

Authentication Acct

UserName Application Method Role Name Locked

---------------- ----------- -------------- ---------------- ------

rmanuser18 ontapi password vsadmin no

vsadmin ontapi password vsadmin no

vsadmin ssh password vsadmin no

3 entries were displayed.

XXXX::> network interface show

show show-routing-group show-zones

XXXX::> network interface show -vserver vs2_dnfs_rac

Logical Status Network Current Current Is

Vserver Interface Admin/Oper Address/Mask Node Port Home

----------- ---------- ---------- ------------------ ------------- ------- ----

vs2_dnfs_rac

vs2_dnfs_rac_data1

up/up 172.1.6.200/24 TESO-04 e2a-2006

true

vs2_dnfs_rac_data2

up/up 172.1.7.200/24 TESO-04 e2a-2010

true

vs2_priv_oem_perf_1

up/up 172.1.11.22/24 TESO-01 e2a-3011

true

vs2_priv_oem_perf_2

up/up 172.1.11.23/24 TESO-02 e2a-3011

true

vs2_priv_oem_perf_3

up/up 172.1.11.24/24 TESO-03 e2a-3011

true

vs2_public_access

up/up 10.63.164.18/24 TESO-02 e2a-1164

true

6 entries were displayed.

XXXX::>