Hello, Just a little question, in case I missed something... We are securing our admin accesses to Netapp Clusters using 2FA (password + sshKey) and thinking about deploying MAV (Multi Admin Validation) ! But how to handle admin accounts used by ActiveIQ and WorflowAutomation ? AFAIK there is no way to restrict the IP address used by a specific login ?! Regards, GS.
... View more
Symptom: When using the ansible netapp.ontap.na_ontap_command module and gracefully shutting down all nodes at once on the Netapp does it automatically answer the prompts for each controller to Yes and proceed to shut them down?? Otherwise if not how do I answer the Y for each controller in the ansible playbook? Thanks
... View more
Hello, I am trying to create a custom role to limit the rights of a domain-based service account we use exclusively to run PowerShell scripts. The role resides in the main cluster SVM and I've only given it rights to change the replication throttle setting as shown below. I assigned the role to the service account with the applications ssh and ontapi. When testing, it immediately generated this error: "Insufficient privileges: user '<username>' does not have read access to this resource". Apparently I need to give at least read only access to a certain command to allow it to log on in the first place. Does anyone know what that would be? Role Name: script Command / Directory: vserver options Access Level: all Query: -option-name replication.throttle.outgoing.max_kbs
... View more
Hi We have a node panic that occures every weekend at the same time. We don't have support so I can't create a case. But at least I would like to search myself for a possible cause. I've found a tool ONTAP - Panic Message Analyzer- NetApp Support Site - Bugs Online - PMA but it needs a "panic message". Where can I find it and what logs should I look to for more details? Regards, Alexey
... View more
Hi everyone. I am sitting in a very awkward situation. I upgraded a storage system from ONTAP 9.7 to ONTAP 9.11, in steps. During the last upgrade from 9.10 to 9.11, ASUP "break" on the one node. The last automated ASUP sent was a waring on ONTAP 9.10 that the software is near its EOS date. Before the upgrade ASUP was working fine, AND ASUP is working fine on the second node. Error: Failed to transmit smtp asup 2711, curl error: Timeout was reached) SO - No problem on the SMTP server No network coms error - I can log in via both nodes management ports (residing HOME on e0M) Both nodes cannot ping the SMTP server. (I assume that they can ping the default gateway as I am able to log into the MGMT ports?) Support suggested the normal thing - check SMTP server, etc etc. NO solution yet. Fact is - this was working PRIOR to the upgrade. Any ideas? Then on HTTP/S The Customer make use of firewalls and a proxy - I assume I should create a HTTP proxy for the management vfiler? The documentation is not very clear on this. I already applied for firwall access to the NA support IP, and is in the process to apply for wiferwall access to the PROXY server as well. Is this the correct way of doing it? Create HTTP proxy service on vserver (Customer use port 80) Change ASUP transport to HTTP regards Kobus
... View more