4 Replies Latest reply: May 14, 2013 1:02 PM by nkarthik RSS

Proxy v2 and C-mode

gasparuben
Currently Being Moderated

hi there,

I am reading the documentation and I have a simple question. The set-up on the doc is using a C-mode cluster. I can see in the configuration file:

 

/u01/app/oracle/product/11.2.0/dbhome_1/config/rman_ntap_nfs_sdb.conf

FILER=10.63.164.18:rmanuser18/1R1w1q1x0R0z0S0r0J1H

FILERPASS_ENCRYPTED=YES

VOLUMES=10.63.164.18:mml_11g_oradata

VALIDATE_VOLUMES=DATA

SNAME=

SNAP_TYPE=

PROTOCOL=nfs

DB_LUN=

DB_MOUNTPOINT=10.63.164.18:mml_11g_oradata:/mml_11g_oradata

...

 

I dont understand how the lif used to serve data, will be used later on to take/restore snapshots. How is the proxy retrieving the management IP ?

I would also like how is the rmanuser18 configured on a C-mode cluster, which minimum privileges should have?

 

Thanks a lot!

Ruben

  • Re: Proxy v2 and C-mode
    doug.clendening
    Currently Being Moderated

    The rman account just needs "ontapi".

     

    The proxy communicates through the IP specified in config file.  It doesn't retrieve the management IP.  The firewall policy on the lif specified in the conf file needs to "mgmt" otherwise the proxy can't talk to vserver.

    • Re: Proxy v2 and C-mode
      gasparuben
      Currently Being Moderated

      Thanks Doug. This is interesting. I thought we need to pass always by cluster management IP to do that kind of operations. Strange there is no default firewall policy at least on Ontap 8.1.1 to achieve this.

       

      I imagine just https and ssh should be open.

    • Re: Proxy v2 and C-mode
      gasparuben
      Currently Being Moderated

      Please could you provide the configuration of the rmanuser18, which role has assigned? You connect to the data lif via ZAPI?

      I was talking with Netapp support and the supporter just commented that one can not take snapshots using a data lif, due the fact that the lif can be migrated to any physical port of any controller.

       

      Thanks for your time!

      • Re: Proxy v2 and C-mode
        nkarthik
        Currently Being Moderated

        In my setup it's like below and it works.

         

        XXXX::> security login show -vserver vs2_dnfs_rac

         

         

        Vserver: vs2_dnfs_rac

                                     Authentication                  Acct

        UserName         Application Method         Role Name        Locked

        ---------------- ----------- -------------- ---------------- ------

        rmanuser18       ontapi      password       vsadmin          no

        vsadmin          ontapi      password       vsadmin          no

        vsadmin          ssh         password       vsadmin          no

        3 entries were displayed.

         

         

        XXXX::> network interface show

            show               show-routing-group show-zones

        XXXX::> network interface show -vserver vs2_dnfs_rac

                    Logical    Status     Network            Current       Current Is

        Vserver     Interface  Admin/Oper Address/Mask       Node          Port    Home

        ----------- ---------- ---------- ------------------ ------------- ------- ----

        vs2_dnfs_rac

                    vs2_dnfs_rac_data1

                                 up/up    172.1.6.200/24     TESO-04       e2a-2006

                                                                                   true

                    vs2_dnfs_rac_data2

                                 up/up    172.1.7.200/24     TESO-04       e2a-2010

                                                                                   true

                    vs2_priv_oem_perf_1

                                 up/up    172.1.11.22/24     TESO-01       e2a-3011

                                                                                   true

                    vs2_priv_oem_perf_2

                                 up/up    172.1.11.23/24     TESO-02       e2a-3011

                                                                                   true

                    vs2_priv_oem_perf_3

                                 up/up    172.1.11.24/24     TESO-03       e2a-3011

                                                                                   true

                    vs2_public_access

                                 up/up    10.63.164.18/24    TESO-02       e2a-1164

                                                                                   true

        6 entries were displayed.

         

         

        XXXX::>

More Like This

  • Retrieving data ...