ONTAP Discussions

Redirect AutoSupports to IIS server. (Dark Site)

OldGreyBeard
2,197 Views

Hi All

 

Dark site here so no automatic upload of AUSP.

So I was using the retransmit folder, saving each auto support as the filler name then copying it down. using the below command, Leaving the original in the retransmit folder and overwriting when the next AUSP was run.  

System node autosupport invoke -node “My-Nodename” -type all -message “pk_LogTest” -uri file:///mroot/etc/log/retransmit/MY-Nodename.7z

Painful but work-able.

 

Then in activeIQ I started seeing all kinds of weirdness (on which I opened a ticket) After much digging and inspection is seems that the AUSP was truncating itself.

The fix was do do extra work to delete the original AUSP before re-running this cleaned ActiveIQ up immediately.

Problem here is I have a LOT of controllers and the extra commands make an already painful process just unbearable.

 

Support suggested I can run AUSP but send it out to a Web server.

I have an IIS web server here which I have used before both for NetApp Backups and to send Disk FW and SP updates to the controllers. So I know connectivity is good.

 

But I cant get it to work..!!

I've tried and likely a few others but all fail

System node autosupport invoke -node “My-Nodename” -type all -message “pk_LogTest” -uri file:///AUSP/MY-Nodename.7z

System node autosupport invoke -node “My-Nodename” -type all -message “pk_LogTest” -uri http://192.168.1.1 /AUSP/MY-Nodename.7z

System node autosupport invoke -node “My-Nodename” -type all -message “pk_LogTest” -uri http://192.168.1.1 /MY-Nodename.7z

 

I've had a really good look round the web without much luck. Also had a play with IIS settings but none too sure where I am there at all.

Any thoughts out there on this as its driving me crazy and taking 2 days to collect one round of AutoSupports.

Am I the only one in this sort of position..

 

The only thing I had considered was to set up some sort of CRON job to empty anything in the retransmit folder every 24 hours but I wouldn't know where to start or even if you can do that.

 

Kr

P.

4 REPLIES 4

paul_stejskal
2,183 Views

It's not a web server but a proxy that you want. Try installing a proxy on the Windows server and then see if it works. It doesn't have to be fancy, just redirect HTTPS.

OldGreyBeard
2,174 Views

Many thanks for your thoughts but unfortunatly our clients restrictions limits the software we can run and use.

I dont see proxy bundled inside windows...

Why are the easiest jobs always the hardest  🙂

paul_stejskal
2,166 Views

There may be a way, but Google will have to answer. 😞

 

TMACMD
2,164 Views

Um...I work a LOT with dark sites.

We tend to do this:

  1. Disable ASUP (system node autosupport modify -node * -support disable -enable -state disable)
  2. Use the EMS system to setup alerting (https://docs.netapp.com/us-en/ontap/error-messages/index.html)
  3. And/or use Actvie IQ Unified Manger to setup alerting
  4. And/or setup log forwarding (can forward log files, see STIG link below)
  5. And/or setup SNMP alerts
  6. Enable FIPS mode

You can also look here: https://public.cyber.mil/announcement/stig-update-disa-has-released-the-netapp-ontap-dsc-9-x-stig/

That gives some examples of how to harden ONTAP. Be careful. READ each one. It is dated. I have issue with a couple: (1) modifying the CLI limit to 1 inhibits the ability to run Config Advisor, OneCollect, NetAppDocs. and (2) one section tells you to disable the HTTPS service which effectively SHUTS OFF the GUI.

 

Public