I have FAS 2140 2 node HA, and thinking about converting them to multiple vfilers. Currently the environment is mainly for CIFS shares, with multiple volumes and also qtrees.
My questions is, once I create multiple vfilers, where will these existing volumes/data be located? will they stay on vfiler0? and if it is true that I can size the rest of vfilers in any figure I want as long as they don't exceed total capacity?
Thanks for your advice in advance!
I have done a lot of PS engagements like this where we move existing workloads into vFilers. Basically you need a vfiler root volume to create the vfiler...then you assign the volume from vfiler0 to the vfiler itself (no migration, just a move of the volume) but you need to delete all cifs shares and nfs exports first...then recreate them in the vfiler. And then join the vfiler to the domain. There are a lot of things to check and recreate from vfiler0 into the vfiler but worth getting some PS hours if you haven't done it before. Below is a list of considerations from the vFiler labs I created/taught at Insight for MultiStore. A good check list to start with below..
It is possible to migrate an existing physical controller to a vFiler unit. There are many considerations to plan for moving a physical controller into a vFiler. There will be downtime to migrate to a vFiler, but if you plan (and pre-write commands or scripts) for all the considerations below, the downtime can be short. In many cases you may take vfiler0 and create more than one vFiler, and that can be extrapolated from the list below.
There are a lot of small things to migrate from vfiler0 into the vFiler and these considerations also apply when migrating from one physical controller to another physical controller. Below is a checklist of topics without ONTAP commands (anyone doing this work should know the commands or where to find them). A pre-written plan to execute on-site is the key to success when migrating to a vFiler from a physical controller.
• A vFiler needs its own small root volume
• Create a root volume for the vFiler
• iSCSI Nodename and LUN Mappings
• Rename the vfiler0 iscsi nodename and reassign the iscsi nodename on the vFiler to match former vfiler0 for no client change (you can leave it different but need to make changes on the clients if you do).
• Create iGroups in the vFiler
• Map LUNs to iGroups
• Need a new hostname (either for vfiler0 or vFiler depending on which keeps the original hostname). For no host change, often vfiler0 is renamed and the vFiler assumes the name of vfiler0.
• Do you need to create a separate network from the default-ipspace?
• IP and Interface, DNS, NIS, LDAP
• You need a new IP (often put a new management IP on vfiler0 and move existing interfaces on vfiler0 to the vFiler).
• Domain Membership, FilerSID, Recreate shares and exports
• We need to rejoin the domain from vFiler using the same netbios name we had in vfiler0, then rejoin with vfiler0 with a new netbios name. Typically vfiler0 rejoins the domain with a new name to free the computer account first.
• SnapMirror Relationships
• Need to manually setup additional volumes and then create the dr vfiler manually ,then resync it. Use vfiler0 for the relationship, so this typically involves a new IP address since the new vFiler typically assumes the physical filer address and you have a new hostname and IP for vfiler0 which will be the source of the mirror for vfiler dr. You could use the vfiler IP for snapmirror, but not if using vfiler dr.
• If Operations Manager use vfiler0 for relationships and update snapmirror.access.
• NDMP Backups
• If any backups are set to run against vfiler0 and it’s ip changes, change the backup software to authenticate to vfiler0’s new IP/name. NDMP works for copying but does not work for backup to tape from a vFiler. NDMP backups for the data will need to re-authenticate to vfiler0.
• SnapVault Relationships
• Operations Manager uses vfiler0 (hosting filer) for SnapVault relationships. Modify / restart vaults from vFiler0 between source and target instead of direct vfiler to vfiler.
• Set snapvault.access and ndmpd.preferred_interfaces on vfiler0.
• If any vscanners are set to run against vfiler0 and its ip changes, change the vscan software to authenticate to vfiler0’s new IP/name. Unless you want to vscan from the vFiler (most often vscan is centralized for all vFilers at vfiler0).
• Netbios Aliasing
• If any netbios aliases are used by vfiler0, they need to be moved to the vFiler. NOTE: this might be an issue if you leave resources on vfiler0 that also need the alias. The same alias can’t be in more than one filer (virtual or physical). If all resources move to the vFiler, we can move it from vfiler0, but if not, users may be impacted.
• AutoHome directories
• If any autohome directories are setup for any volumes moving from vfiler0 to the vFiler, they must be removed from vfiler0 and setup again in the vFiler.
• Local User Accounts
• Create local user accounts in vfiler0 in the vFiler. There is a method to export and import registry entries for users.
• Local Groups
• Check for local groups from the windows mmc and/or /etc/lclgroups.cfg. Make entries in the new vfiler for any groups needed in the vfiler.
• Domain User Accounts
• Always check to see if domain user accounts are used in vfiler0 so they can be added to the vFiler.
• Match SNMP settings if any snmp monitors are used (OpsManager, etc.)
• If any quotas are set on volumes moving from vfiler0 to the vFiler, the /etc/quotas entries need to be removed from /etc/quotas on vfiler0 and created in /etc/quotas on the vFiler, then “quota on volname” in the vFiler for the volume.
• User Mappings
• Copy usermap.cfg entries needed in vfiler1 from vfiler0 (modify / copy / delete as needed for each vfiler)
• CIFS, NFS, iSCSI Options
• List all options from vfiler0 and match on the vFiler
• Fpolicy settings
• Need to run fpolicy setup in the vFiler
• /etc/symlink.translations (move from the physical controller to the vFiler).
• SSH, RSH setup
• Both of these need to be enabled and configured in the vFiler.
• Volume Names
• Volume names must be the same on the source and destination for migrate, dr and data motion.
Your detailed check list is very helpful. We could not find the list any where else.
We currently use 2-nodes filers for corporate shares, and as a dedicated CIFS server. so, we are debating on if we have the need to convert them to vfilers. Of cause, we can gain some benefits by doing that. However, since the purpose of these two filers is pretty straightforward, without any development filers, to convert the production to vfilers might be chanllenging.
We are also planning on setup corporate user home directories on NetApp filer. Maybe we will have the need to convert to vfiler then, since filers can therefore serve two purposes.
What would you suggest?
If you will never need separate containers and can use the same NetBios name of each physical vFiler0, it may be more disruptive that it is worth. In the old days I would say yes for vFiler migrate and data motion for ndo migration to new kit when you upgrade. However the next life cycle of NetApp will likely be clustered ontap for you so I would recommended taking that time to transition to vservers (SVMs) on cDot later instead of vfilers now. Unless you need a vFiler feature or Ipspace separation.
Sent from my iPhone 5
Thanks for messages. I have a few more concret questions, mostly about IP's assignment.
Currently we have several vlan's already created on hosting storage(vfiler0), they are respectively for CIFS shares(vlan-cifs), the replication(vlan-rep), and backup(vlan-bak). Now since we are planning on creating vfiler's, these vlan's should be all moved to vfiler1(for nas app1), so vfiler1 will be the one to function the same as we originally planned on the hosting storage. We will also create vfiler2(for nas app2). My design/questions is following:
1) When I create vfiler1, is following command looks good to you:
vfiler create vfiler1 -s ipspace1 -i vlan-cifs-ip -i vlan-rep-ip -i vlan-bak-ip /vol/vfiler1_root /vol/vol11 /vol/vol12...ohter vol's
2) The only IP on eoM will be staying on vfiler0
3) Do I need to assign a dedicated physical port and an IP for vfiler2?
Is following command good to you:
vfiler create vfiler2 -s ipsapce2 -i (aliasname for vlan-cifs-ip) or (dedicated IP) /vol/vfiler2_root /vol/vol21 /vol/vol22... other vol's
4) How do I create the (aliasname for vlan-cifs-ip) for vfiler2?
Hoping to hear you again.
You have to use an actual IP Address for the command with –i. You can then make host entries though later but the vFiler needs to know what IP to bind to. The same IP could be used in 2 vFilers if on separate IPspaces. If sharing an IPspace, you can share the same physical interface using aliases…works great.
I know that actual IP's would have to be used, the following is just illustrated command. Using multiple "-i"'s is the way to migrate all my vlan's to vfiler1 from the hosting storage?
vfiler create vfiler1 -s ipspace1 -i vlan-cifs-ip -i vlan-rep-ip -i vlan-bak-ip /vol/vfiler1_root /vol/vol11 /vol/vol12...
If the same IP is used by 2 vfiler's by two different IPSPACE's, then DNS name would be the only way to reference two vfilers, we can not use IP to distinguash two different vfiler's, right?
Correct. Remove the ip from vFiler0. Add to the vFiler. The. Ifconfig again. Adding with -i doesn't do the ifconfig it is to bind the vFiler to the ip after ifconfig. Most don't use duplicate ips unless separate environments and rare edge cases for that.
Sent from my iPhone 5
I have used the following command, and looks vfiler1 created:
vfiler create vfiler1 -s ipspace1 -i ip1 -i ip2 /vol/vfiler1_root /vol/vfiler1_vol1
However, when I do run the following on vfiler0, getting error:
/vol/vfiler1_root/etc/messages: No such file or directory
Would you please let me know what I am missing? Any thing special to do to create /vol/vfiler1_root?
Vfiler root exists in the first volume specified. Vfiler status –a will show you the root volume. The issue here is not all files are in a vfiler. Messages are all logged into vfiler0/etc/messages (not the vfiler) and you see a vfiler prefixing the message…so things like that don’t have a separate vfiler instance. The “rc” file is another that only resides in vfiler0 so that is why we put “vfiler run vfilername route add default” in the vfiler0 etc. Hosts, hosts.equiv, resolv.conf, etc. do reside in vfiler root though.
Thanks for being patient.
The following is the output of vfiler status -a. Understand that /etc/rc only exist on vfiler0, but it has not been changed at all. two IP's, X.7 and X.8 are the same configuration in /etc/rc. What and on where should I do to have X.7 and X.8 be used on vfiler1
Could you please show me what these 2 IP's configuration should look like in /etc/rc?
IP address: x.x.x.7 [unconfigured]
IP address: x.x.x.8 [unconfigured]
Path: /vol/vfiler1_root [/etc]
Protocols allowed: 7
Protocols disallowed: 0
I have an interface group(vlan tagging) vlan100 with IP x.x.x.7 already on pfiler. Planning on creating vfiler1 and vfiler2 with 2 IP's respectively x.x.x.7 and x.x.x.8, both will be configured on the same vlan100( can I achieve that?). x.x.x.7 will be moved to vfiler1. Both vfiler's will be using the same ipspace "ips"
Following are illustrated commands/steps
pfiler>vfiler create vfiler1 -s ips -i x.x.x7 /vol/vfiler1_root /vol/vol1
pfiler>vfiler create vfiler2 -s ips -i x.x.x8 /vol/vfiler2_root /vol/vol2
in vfiler0/etc/rc, add the following, and also could be run manually first:
ifconfig vlan100 alias x.x.x.7
ifconfig vlan100 alias x.x.x.8
vfiler run vfiler1 route add default x.x.x.1 1
Please correct me if anything wrong, and let me know the following questions:
1. how outside traffics know which vfiler's should go to by sharing the same vlan100?
2. do I need to run the "route add" to vfiler2 in /etc/rc, like "vfiler run vfiler2 route add default x.x.x.1 1"?
3. what's in ipspace "ips" in this example?
Thank you and this should be my last question.