Monthly Archives: March 2013

A Quick Snort on NetBSD 6.0.1 HOWTO

26 Tuesday Mar 2013

Posted by in NetBSD, Security

Leave a comment

Tags

,

Yes, I know this is a default config but if you are new to Snort it gets you up and running quickly so you can actually tinker with a running system. If you haven’t installed pkgin, see my post How to install XFCE on NetBSD 6 and run the steps to install pkgin.

1) Get the software.
> pkgin avail | grep snort

oinkmaster-2.0nb1    Manage snort rule updates
snort-2.8.5.1nb2     The Open Source Network Intrusion Detection System
snort-rules-2.4      Network Intrusion Detection System (Community Rules)
snortsnarf-20050314.1nb1 Generate HTML report summaries from snort incident alerts

> pkgin install oinkmaster-2.0nb1
> pkgin install snort-2.8.5.1nb2
> pkgin install snort-rules-2.4
> pkgin install snortsnarf-20050314.1nb1
> pkgin install libpcap
> pkgin install tcpdump
> pkgin install pcre-*

2) Create var RULE_PATH files in /usr/pkg/share/snort/rules.
> touch /usr/pkg/share/snort/rules/local.rules
> touch /usr/pkg/share/snort/rules/bad-traffic.rules
> touch /usr/pkg/share/snort/rules/exploit.rules
> touch /usr/pkg/share/snort/rules/scan.rules
> touch /usr/pkg/share/snort/rules/finger.rules
> touch /usr/pkg/share/snort/rules/ftp.rules
> touch /usr/pkg/share/snort/rules/telnet.rules
> touch /usr/pkg/share/snort/rules/rpc.rules
> touch /usr/pkg/share/snort/rules/rservices.rules
> touch /usr/pkg/share/snort/rules/dos.rules
> touch /usr/pkg/share/snort/rules/ddos.rules
> touch /usr/pkg/share/snort/rules/dns.rules
> touch /usr/pkg/share/snort/rules/tftp.rules
> touch /usr/pkg/share/snort/rules/web-cgi.rules
> touch /usr/pkg/share/snort/rules/web-coldfusion.rules
> touch /usr/pkg/share/snort/rules/web-iis.rules
> touch /usr/pkg/share/snort/rules/web-frontpage.rules
> touch /usr/pkg/share/snort/rules/web-misc.rules
> touch /usr/pkg/share/snort/rules/web-client.rules
> touch /usr/pkg/share/snort/rules/web-php.rules
> touch /usr/pkg/share/snort/rules/sql.rules
> touch /usr/pkg/share/snort/rules/x11.rules
> touch /usr/pkg/share/snort/rules/icmp.rules
> touch /usr/pkg/share/snort/rules/netbios.rules
> touch /usr/pkg/share/snort/rules/misc.rules
> touch /usr/pkg/share/snort/rules/attack-responses.rules
> touch /usr/pkg/share/snort/rules/oracle.rules
> touch /usr/pkg/share/snort/rules/mysql.rules
> touch /usr/pkg/share/snort/rules/snmp.rules
> touch /usr/pkg/share/snort/rules/smtp.rules
> touch /usr/pkg/share/snort/rules/imap.rules
> touch /usr/pkg/share/snort/rules/pop2.rules
> touch /usr/pkg/share/snort/rules/pop3.rules
> touch /usr/pkg/share/snort/rules/nntp.rules
> touch /usr/pkg/share/snort/rules/other-ids.rules

3) Test config.
> /usr/pkg/bin/snort -T -i wm0 -u snort -g snort -c /usr/pkg/etc/snort/snort.conf

4) Start Snort.
> /usr/pkg/bin/snort -D -i wm0 -A fast -b -d -u snort -g snort -c /usr/pkg/etc/snort/snort.conf -l /var/log/snort

5) Monitor hits.
> tail -f /var/log/snort/alert

6) After an hour or so, run snortsnarf.pl to get an html report.
> mkdir -p /var/log/snort/report
> /usr/pkg/bin/snortsnarf.pl -d /var/log/snort/report /var/log/snort/alert
> cd /var/log/snort/report
> firefox index.html
Note: if you don’t have an X11 desktop, just scp the report folder over to a host that does and run firefox index.html from that host.

Integrating HP iLO with Microsoft AD and Certificate Services

25 Monday Mar 2013

Posted by in HP, Security

Leave a comment

Tags

,

Although HP has come a long way with iLO, it is still quite picky when it comes to AD integration and certificate management. This document is an attempt to make it easier to accomplish. Updating your firmware is the most important step. Don’t skip it.

I created a document detailing the steps. Download the pdf here: Integrating HP ILO with AD and CS

Adding a new local disk to ESXi and formatting with VMFS

20 Wednesday Mar 2013

Posted by in ESXi, VMware

1 Comment

Tags

,

Need to add a disk to an ESXi 5x server and format as VMFS? Here is how you do it from the ESXi CLI. Enable ssh on the ESXi host in vCenter and login as root via xterm or putty. This was done on an HP DL360.

1) Find your disks.

> ls /vmfs/devices/disks/
-or
> esxcfg-scsidevs -c

The new disk is: mpx.vmhba1:C0:T1:L0

2) Create a partition.

> fdisk /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0
Select: m
Select: l
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
Select: p
Partition number (1-4): 1
First cylinder (1-8920, default 1): Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-8920, default 8920): Using default value 8920

Command (m for help): p

Disk /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0: 73.3 GB, 73372631040 bytes
255 heads, 63 sectors/track, 8920 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks  Id System
/vmfs/devices/disks/mpx.vmhba1:C0:T1:L0p1             1      8920  71649868+  83  Linux

Command (m for help): w
The partition table has been altered!

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): l

0 Empty                             1c Hidden W95 FAT32 (LBA)     a5 FreeBSD
1 FAT12                              1e Hidden W95 FAT16 (LBA)     a6 OpenBSD
4 FAT16 <32M                 3c Part.Magic recovery                 a8 Darwin UFS
5 Extended                        41 PPC PReP Boot                         a9 NetBSD
6 FAT16                              42 SFS                                             ab Darwin boot
7 HPFS/NTFS                   63 GNU HURD or SysV               b7 BSDI fs
a OS/2 Boot Manager      80 Old Minix                                 b8 BSDI swap
b Win95 FAT32                 81 Minix / old Linux                    be Solaris boot
c Win95 FAT32 (LBA)      82 Linux swap                              eb BeOS fs
e Win95 FAT16 (LBA)      83 Linux                                         ee EFI GPT
f Win95 Ext’d (LBA)         84 OS/2 hidden C: drive             ef EFI (FAT-12/16/32)
11 Hidden FAT12                85 Linux extended                        f0 Linux/PA-RISC boot
12 Compaq diagnostics      86 NTFS volume set                    f2 DOS secondary
14 Hidden FAT16 <32M    87 NTFS volume set                    fd Linux raid autodetect
16 Hidden FAT16                8e Linux LVM                               fb VMFS
17 Hidden HPFS/NTFS     9f BSD/OS                                     fc VMKcore
1b Hidden Win95 FAT32   a0 Thinkpad hibernation

Hex code (type L to list codes): fb
Changed system type of partition 1 to fb (VMFS)

Command (m for help): w
The partition table has been altered!

3) Create the filesystem.

> vmkfstools -C vmfs5 -b 1m -S <new datastore name here> /vmfs/devices/disks/mpx.vmhba1:C0:T1:L0:1

VMFS5 file system creation is deprecated on a BIOS/MBR partition on device ‘mpx.vmhba1:C0:T1:L0:1’
Checking if remote hosts are using this device as a valid file system. This may take a few seconds…
Creating vmfs5 file system on “mpx.vmhba1:C0:T1:L0:1” with blockSize 1048576 and volume label “Datastore name”.
Successfully created new volume: 512bee4b-d5bd5128-568e-0015174b0172

4) Done.

Using Virtual Ethernet Adapters in Promiscuous Mode on Linux

20 Wednesday Mar 2013

Posted by in Linux, Security, VMware

Leave a comment

Tags

, ,

VMware does not allow the virtual Ethernet adapter to go into promiscuous mode unless the user has permission to make that setting change. This follows the standard Linux practice that only root can put a network interface into promiscuous mode. See this VMware KB for details.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=287

NetApp ONTAP 7.3.3 Simulator Installation Guide for Oracle Enterprise Linux and Oracle VirtualBox

20 Wednesday Mar 2013

Posted by in Linux, NetApp, Oracle

Leave a comment

Tags

, ,

The following document provides detailed instructions to create a simulated NetApp filer environment using Oracle Enterprise Linux 5.5, Oracle VirtualBox 3.2.10 and the NetApp ONTAP 7.3.3 Simulator.

Outline

The naming convention I use will differentiate the Linux VM by using “L” and the ONTAP Simulator by using “O” as the first character in the hostname.

OS Hostname   IP                     SIM Hostname              IP Address             

L733SIM01        10.10.10.50       O733SIM01                   10.10.10.51

L733SIM02        10.10.10.52       O733SIM02                   10.10.10.53

You can run multiple versions of the Simulator (such as 7.3.1 or 7.3.4 or even 8.0). Simply adjust the hostnames to the version number to keep things sane. It is assumed you have Active Directory and DNS already in place so you can create CIFS shares as you would for user homes and profiles in a Domain.

Hardware

This document describes the process for Installing Oracle VirtualBox, creating the Linux VM and installing the ONTAP Simulator in the VM, My system is a Dell 8300 with 3 Gigs of RAM, 3 GHz Pentium 4 CPU with Windows 7 Ultimate x32. Not exactly the fastest system these days but plenty fast for the Simulator. 25 Gigs or more of disc space is enough to run the Simulator.

Oracle Enterprise Linux 5.5 x32

http://edelivery.oracle.com/EPD/GetUserInfo/get_form?caller=LinuxWelcome

Fill in your name, email address, answer yes to the export and license and click Continue.

  1. Select Oracle Linux, x86 32 bit and click Go. Note that the 7.3.3 Sim is not x64. The ONTAP 8x Sim is x64.
  1. Select the top option and click Continue at the bottom of the page.
  1. Scroll down and click Download on the x32 DVD. Save it to your computer. When the download finishes, right-click and extract the ISO image.
  1. Browse to the download location (right-click Start | Explore), right-click the zip file and unzip in the current location. I use 7zip but whatever zip utility works for you is fine.

Oracle VirtualBox

http://www.virtualbox.org/wiki/Downloads

  1. Click the VirtualBox 3.2.10 for Windows hosts x86/amd64 link and download to your computer.
  2. Browse to the file and double-click it (you may have to right-click and select Run As Administrator).
  3. If it appears, click Yes to the User Access Control pop-up window.
  4. Click Next on the Welcome screen | accept the License and click Next.
  5. Click Next on the Custom Setup screen | click next on the Shortcuts screen.
  6. Click Yes on the Network interface notice screen and the Install to start the installation.
  7. Deselect Start Oracle VirtualBox and click Finish.
  8. Manually reboot your system.

Create the VM Profile

  1. Click Start | All Programs | Oracle VM VirtualBox | VirtualBox.
  2. Click Ignore on the Media accessibility pop-up message.
  3. In the upper left corner, click the blue New icon.
  4. Click Next on the Welcome screen.
  5. Enter the hostname L733SIM01, under OS Type select Linux and Oracle and then click Next.
  6. Set the memory to 1024 (1 Gig) and lick Next.
  7. Select Create New Hard Disk and click Next.
  8. Click Next on the Create New Disk Wizard.
  9. Select fixed-size storage. Note that this will take a while to complete. Your Simulator VM will run faster with this option although the Dynamic expanding storage option is an acceptable (and supported) choice.
  10. Enter 25 Gigs and click Next.
  11. Assess the Summary and click Finish. This will take a while so go have a cup of coffee.
  12. When done click Finish.

Customize the VM Hardware

  1. In the upper left select the Setting icon.
  2. Select the System icon. In the middle next to Boot Order, un-check Floppy.
  3. Select the Audio icon on the left. Un-check the Enable Audio checkbox.
  4. Select the Network icon. Check Enable network adapter. Next to Attached to select Not Attached (you will attach later). Below that, expand Advanced and select Intel PRO/1000 MT Server adapter.
  5. Select the Serial Ports icon. Check Enable serial port on COM1 with port mode Disconnected and click OK to commit the hardware changes.
  6. In the upper left, click Settings again. Select the Storage icon. Under IDE Controller, select the dick icon marked Empty. On the right next to CD/DVD Device (Empty) click the small Folder icon.
  7. Click Add.
  8. Browse out to the ISO image for Oracle Enterprise Linux x32 v5.5 and click Open.
  9. Highlight the ISO image and click Select.
  10. Click OK to complete the preparation. The ISO image is now attached and ready to boot.
  11. In the upper left, click Start.
  12. When the console pop-up appears, read the message so you understand how to capture and release the mouse during the installation of the OS. Click OK to proceed. Note – after Installation, you will install the Guest Additions.
  13. Click inside the VM to make sure the mouse and keyboard is captured and press Enter. Click OK on mouse capture pop-up messages.
  14. Tab over to Skip and press Enter.
  15. At the Welcome screen click Next.
  16. Select English and click Next.
  17. Select US English and click Next.
  18. Select Yes to initialize the disk and erase all data.
  19. On the drop-down menu, select Remove all partitions on selected drives and create default layout. At the bottom select Review and click Next.
  20. Select Yes to remove all partitions.
  21. View the partition summary and click Next. Note: if you want to make changes to the partitions do it here.
  22. Accept the default boot loader options and click Next.
  23. Click Edit to the right of Network Devices. On the pop-up window select Manual Configuration and enter 10.10.10.50 and 255.255.255.0 for the mask. Below, deselect IPv6 and click OK.
  24. Back on the main window, enter hostname OEL733SIM01, gateway 10.10.10.1, primary DNS 10.10.10.100 and click Next.
  25. At the bottom left deselect System clock uses UTC and click Next.
  26. Set a root password and click Next.
  27. At the bottom click Customize now and Next.
  28. Select Applications and deselect Games, Graphics, Office, Sound and Video.
  29. Select Base System, deselect Dialup Networking and click Next.
  30. Next to start the installation.
  31. The installation begins and the disk is formatted.
  32. When done click Reboot. Click OK when the mouse pop-up message appears.
  33. The system reboots and runs Firstboot to complete the configuration. Click Forward.
  34. Accept the License agreement and click Forward.
  35. Disable the Firewall and click Forward. Click Yes on the security override pop-up window.
  36. Set SELinux to disabled and click Forward. Click Yes on the SELinux reboot pop-up message.
  37. Do not enable Kdump and click Forward.
  38. Select the Network Time Protocol tab, check Enable Network Time Protocol and click Forward. Note: to keep the ONTAP Simulator and the host OS time in sync you can also add your domain controller on this screen.
  39. Create a netappadmin account and click Forward.
  40. There is no sound card so click Forward.
  41. Click Finish and OK to reboot.
  42. Login as root and prepare for the Guest Additions. After login, right-click the desktop and select Open Terminal.
  43. In the upper left under Devices, select Install Guest Additions.
  44. Click inside the xterm console and run the following commands:

# cd /media/*/

# ls

# cp -rp /media/*/ /root/

# cd /root/V*/

# ls -l (to verify that they are there).

# umount /media/VBOXADDITIONS_3.2.10_66523

  1. Mount the Oracle Enterprise Linux 5.5 ISO image again (it was disconnected in the previous step). In the lower right corner of the VM, right-click the CD/DVD icon and select Enterprise-R5-U5-Server-i386-dvd.iso.
  2. Now, disconnect it but leave it “in the DVD tray” so to speak. This is an odd step but you must do it.

# umount /media/”Enterprise Linux dvd 20100405″

3. In the lower right hardware icons, double-click the network icon. On adapter 1, select Bridged adapter and the Intel Pro/100 and click OK.  You should now be on the network (or internet).

Setup Yum to read the DVD ISO image and install development components

  1. This process makes dependency resolution a no brainer.

# mkdir -p /media/disk

# mount /dev/cdrom /media/disk

# ls -l /media/disk/

2. Setup the yum base. Edit /etc/yum.conf, adding the following section:

# vi /etc/yum.conf

3. At the end of the file, below the lines that reads “#PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d, ” add the [base] section below.

[base]

name = Oracle Enterprise Linux 5.5 DVD

baseurl=file:///media/disk/Server/

gpgcheck=0

enabled=1

# wq!

# service yum-updatesd restart

# yum repolist

4. Run the install process for the groups below. Follow the prompt because you must answer “Is this OK, [y/N]: y” to continue. You must enter y to install the software. I know, I know, it installs a few libraries you don’t need but who has time to dissect every rpm?

# yum install unifdef rpm-build

# yum groupinstall “Development Libraries”

# yum groupinstall “Development Tools”

# yum install lynx

5. Exit the DVD path and umount it.

# cd /

# umount /media/disk

# df -h (to verify)

# reboot  (don’t argue, just do it!)

Note that the ISO is still attached to the VM. To remove it completely right-click the DVD icon in the lower right and select Unmount CD/DVD Device.

Install the VirtualBox Guest Additions

1. As root, run the following commands.

# cd /root/V*

# sh ./VBoxLinuxAdditions-x86.run

2. When the installation completes reboot the VM to seat the new drivers and kernel modules.

# reboot

You now have a pass-through mouse (no more right Ctrl key to release the mouse) and better overall integration.

For reference, Guest Additions are installed to:

/opt/VBoxGuestAdditions-3.2.10


Get the NetApp Simulator

1. Login to the VM as root and launch an xterm. Create the directory where the Simulator will reside.

# cd /

# mkdir 733sim

2. Launch a browser and perform the following steps.

  1. Create a NOW account on the NetApp support site: https://now.netapp.com/eservice/public/now.do
  2. Browse to the Simulator download site: http://now.netapp.com/NOW/cgi-bin/simulator
  3. Select the 7.3.3-tarfile-v22.tgz (76.6 MB) file and download to /733sim

An alternative method would be to use lynx. Note that you have to add your NOW user/password info after the auth= statement in the command below. When run, just answer yes to all the odd messages that appear.

lynx -accept_all_cookies -auth=NOW account  user/password http://now.netapp.com/download/tools/simulator/ONTAP/7.3.3/7.3.3-tarfile-v22.tgz

Install the Simulator

  1. Login as root and open an xterm. Questions are answered with bold text below. Note: at the end of the setup script it will create the disks. Let it run for a few minutes and then press enter to get the command prompt back.  Otherwise it will just sit at “Adding 20 additional disks” forever.

# cd /733sim

# tar -zxvf 7.3.3-tarfile-v22.tgz

# cd simulator

# ./setup.sh

Script version 22 (18/Sep/2007)

Where to install to? [/sim]: /733sim/sim

Would you like to install as a cluster? [no]: no

Would you like full HTML/PDF FilerView documentation to be installed [yes]: yes

Continue with installation? [no]: yes

Creating /733sim/sim

Unpacking sim.tgz to /733sim/sim

Configured the simulators mac address to be [00:50:56:6:79:c8]

Please ensure the simulator is not running.

Your simulator has 3 disk(s). How many more would you like to add? [0]: 20

The following disk types are available in MB:

Real (Usable)

a –   43   ( 14)

b –   62   ( 30)

c –   78   ( 45)

d –  129   ( 90)

e –  535   (450)

f – 1024   (900)

If you are unsure choose the default option a

What disk size would you like to use? [a]: f

Disk adapter to put disks on? [0]: 0

Use DHCP on first boot? [yes]: no

Ask for floppy boot? [no]: no

Checking the default route…

You have a single network interface called eth0 (default route) . You will not be able to access the simulator from this Linux host. If this interface is marked DOWN in ifconfig then your simulator will crash.

Which network interface should the simulator use? [default]: <press enter>

Your system has 872MB of free memory. The smallest simulator memory you should choose is 110MB. The maximum simulator memory is 832MB.

The recommended memory is 512MB.

How much memory would you like the simulator to use? [512]: 512

Create a new log for each session? [no]: yes

Adding 20 additional disk(s).

Complete. Run /733sim/sim/runsim.sh to start the simulator.

[root@L733SIM01 simulator]#

Run the Simulator to set the initial configuration in /etc/rc

  1. As root, run the Simulator. Note that the first time you run it will take some time to complete the boot sequence. Please be patient. Answers to questions are in bold below. Also we will break out of the cifs configuration at the end since you will have to answer the questions to fit your domain.

# /733sim/sim/runsim.sh

runsim.sh script version Script version 22 (18/Sep/2007)

This session is logged in /733sim/sim/sessionlogs/log-1287856931

NetApp Release 7.3.3: Wed Feb 24 10:15:48 PST 2010

Copyright (c) 1992-2009 NetApp.

Starting boot on Sat Oct 23 18:02:12 GMT 2010

Sat Oct 23 18:04:09 GMT [iomem.init.fail:CRITICAL]: Failed to initialize acceleration card (model name X1938A-R5, serial number 5012345670, part number virgo-simulator) in slot 1.

Sat Oct 23 18:04:09 GMT [fmm.domain.card.failure:error]: PAM II in slot 1 (model name X1938A-R5, serial number 5012345670, part number virgo-simulator): Flash device failed and needs to be updated or repaired or replaced.

Sat Oct 23 18:04:24 GMT [fmmb.current.lock.disk:info]: Disk v4.16 is a local HA mailbox disk.

Sat Oct 23 18:04:24 GMT [fmmb.current.lock.disk:info]: Disk v4.17 is a local HA mailbox disk.

Sat Oct 23 18:04:24 GMT [fmmb.instStat.change:info]: normal mailbox instance on local side.

Sat Oct 23 18:04:28 GMT [raid.cksum.replay.summary:info]: Replayed 0 checksum blocks.

Sat Oct 23 18:04:28 GMT [raid.stripe.replay.summary:info]: Replayed 0 stripes.

sparse volume upgrade done. num vol 0.

Vdisk Snap Table for host:0 is initialized

Sat Oct 23 18:04:32 GMT [vol.language.unspecified:info]: Language not set on volume vol0. Using language config “C”. Use vol lang to set language.

Sat Oct 23 18:04:32 GMT [rc:notice]: The system was down for 20113981 seconds

Sat Oct 23 18:04:32 GMT [useradmin.added.deleted:info]: The role ‘compliance’ has been added.

Sat Oct 23 18:04:33 GMT [useradmin.added.deleted:info]: The group ‘Backup Operators’ has been modified.

/etc/rc is missing. Running configuration dialog.

NetApp Release 7.3.3: Wed Feb 24 10:15:48 PST 2010

System ID: 0099920376 ()

System Serial Number: 987654-32-0 ()

System Storage Configuration: Multi-Path

System ACP Connectivity: NA

Model Name: Simulator

Processors: 1

slot 0: NetApp Virtual SCSI Host Adapter v0

23 Disks:             20.7GB

2 shelves with LRC

slot 1: NetApp Virtual SCSI Host Adapter v1

slot 2: NetApp Virtual SCSI Host Adapter v2

slot 3: NetApp Virtual SCSI Host Adapter v3

slot 4: NetApp Virtual SCSI Host Adapter v4

23 Disks:             20.7GB

2 shelves with LRC

slot 5: NetApp Virtual SCSI Host Adapter v5

slot 6: NetApp Virtual SCSI Host Adapter v6

slot 7: NetApp Virtual SCSI Host Adapter v7

slot 8: NetApp Virtual SCSI Host Adapter v8

4 Tapes:            VT-100MB

VT-100MB

VT-100MB

VT-100MB

Please enter the new hostname []: O733SIM01

Do you want to enable IPv6? [n]: n

Do you want to configure virtual network interfaces? [n]: n

Please enter the IP address for Network Interface ns0 []: 10.10.10.51

Please enter the netmask for Network Interface ns0 [255.0.0.0]: 255.255.255.0

Please enter media type for ns0 {100tx-fd, auto} [auto]: <press enter>

Please enter the IP address for Network Interface ns1 []: <press enter>

Would you like to continue setup through the web interface? [n]: n

Please enter the name or IP address of the IPv4 default gateway: 10.10.10.1

The administration host is given root access to the filer’s

/etc files for system administration.  To allow /etc root access

to all NFS clients enter RETURN below.

Please enter the name or IP address of the administration host: 10.10.10.200

Please enter timezone [GMT]: EST

Where is the filer located? []: Earth

What language will be used for multi-protocol files (Type ? for list)?:?

Supported language codes are:

C               (POSIX)

ar              (Arabic)

cs              (Czech)

da              (Danish)

de              (German)

en              (English)

en_US           (English (US))

es              (Spanish)

fi              (Finnish)

fr              (French)

he              (Hebrew)

hr              (Croatian)

hu              (Hungarian)

it              (Italian)

ja              (Japanese euc-j*)

ja_v1           (Japanese euc-j)

ja_JP.PCK       (Japanese PCK(sjis)*)

ja_JP.932       (Japanese cp932*)

ja_JP.PCK_v2    (Japanese PCK(sjis))

ko              (Korean)

no              (Norwegian)

nl              (Dutch)

pl              (Polish)

pt              (Portuguese)

ro              (Romanian)

ru              (Russian)

sk              (Slovak)

sl              (Slovenian)

sv              (Swedish)

tr              (Turkish)

zh              (Simplified Chinese)

zh.GBK          (Simplified Chinese (GBK))

zh_TW           (Traditional Chinese euc-tw)

zh_TW.BIG5      (Traditional Chinese Big 5)

To use UTF-8 as the NFS character set append ‘.UTF-8’

Language codes flagged with “*” are obsolete versions of those language character sets.

What language will be used for multi-protocol files (Type ? for list)?:en_US

Setting language on volume vol0

The new language mappings will be available after reboot

Sat Oct 23 18:11:45 GMT [vol.language.changed:info]: Language on volume vol0 changed to en_US

Language set on volume vol0

Do you want to run DNS resolver? [n]: n

Do you want to run NIS client? [n]: n

The Shelf Alternate Control Path Management process provides the ability

to recover from certain SAS shelf module failures and provides a level of

availability that is higher than systems not using the Alternate Control

Path Management process.

Do you want to configure the Shelf Alternate Control Path Management interface for SAS shelves [n]: n

Setting the administrative (root) password for O733SIM01 …

New password: <enter password>

Retype new password: <enter password>

Sat Oct 23 13:12:39 EST [passwd.changed:info]: passwd for user ‘root’ changed.

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st0 automatically added for tape device WWN[0:042:424200:000000].

Sat Oct 23 13:12:39 EST [dfu.firmwareUpToDate:info]: Firmware is up-to-date on all disk drives

Sat Oct 23 13:12:39 EST [sfu.firmwareUpToDate:info]: Firmware is up-to-date on all disk shelves.

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st1 automatically added for tape device WWN[0:142:424200:000000].

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st2 automatically added for tape device WWN[0:242:424200:000000].

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st3 automatically added for tape device WWN[0:342:424200:000000].

Sat Oct 23 13:12:39 EST [netif.linkUp:info]: Ethernet ns0: Link up.

Sat Oct 23 13:12:40 EST [perf.archive.start:info]: Performance archiver started. Sampling 22 objects and 195 counters.

add net default: gateway 10.10.10.1

There are 20 spare disks; you may want to use the vol or aggr command

to create new volumes or aggregates or add disks to the existing aggregate.

Sat Oct 23 13:12:42 EST [rc:info]: Registry is being upgraded to improve storing of local changes.

Sat Oct 23 13:12:42 EST [rc:info]: Registry upgrade successful.

Sat Oct 23 13:12:43 EST [mgr.boot.disk_done:info]: NetApp Release 7.3.3 boot complete. Last disk update written at Thu Mar  4 17:51:28 EST 2010

Sat Oct 23 13:12:43 EST [mgr.boot.reason_ok:notice]: System rebooted after a halt command.

This process will enable CIFS access to the filer from a Windows(R) system.

Use “?” for help at any prompt and Ctrl-C to exit without committing changes.

///

Press Ctrl+C to break out of CIFS configuration. Note that you can run the cifs setup command at any time.

  1. List out the disks to make sure you have them.

O733SIM01> vol status -r

Aggregate aggr0 (online, raid0) (zoned checksums)

Plex /aggr0/plex0 (online, normal, active)

RAID group /aggr0/plex0/rg0 (normal)

RAID Disk Device  HA  SHELF BAY CHAN Pool Type  RPM  Used (MB/blks)    Phys (MB/blks)

——— ——  ————- —- —- —- —– ————–    ————–

data      v4.16   v4    1   0   FC:B   –  FCAL  N/A  120/246784        127/261248

data      v4.17   v4    1   1   FC:B   –  FCAL  N/A  120/246784        127/261248

data      v4.18   v4    1   2   FC:B   –  FCAL  N/A  120/246784        127/261248

Spare disks

RAID Disk       Device  HA  SHELF BAY CHAN Pool Type  RPM  Used (MB/blks)    Phys (MB/blks)

———       ——  ————- —- —- —- —– ————–    ————–

Spare disks for zoned checksum traditional volumes or aggregates only

spare           v4.19   v4    1   3   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.20   v4    1   4   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.21   v4    1   5   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.22   v4    1   6   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.24   v4    1   8   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.25   v4    1   9   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.26   v4    1   10  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.27   v4    1   11  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.28   v4    1   12  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.29   v4    1   13  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.32   v4    2   0   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.33   v4    2   1   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.34   v4    2   2   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.35   v4    2   3   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.36   v4    2   4   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.37   v4    2   5   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.38   v4    2   6   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.39   v4    2   7   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.40   v4    2   8   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.41   v4    2   9   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

 

2. Connect to FilerView on the Simulator. From your Windows PC (where you installed VirtualBox), launch a browser (Firefox, Chrome, Opera, etc) and enter the following url: http://10.10.10.51/na_admin

3. Click the Simulator Documentation icon to get the license keys.

4. On the Documentation page click License Keys and the list of keys will be displayed. Add them to the filer in FilerView or with the license add <license> command.

NetBSD FIOS Gateway HOWTO

20 Wednesday Mar 2013

Posted by in NetBSD

Leave a comment

Tags

What you need:

1)     Get NetBSD

  1. This process works for NetBSD 5x and 6x. I’ve updated this doc for NetBSD 6.0.1.
  2. Download the ISO image from the site nearest you: http://www.netbsd.org/mirrors/#iso
  3. Note: your CPU architecture choice determines what version of NetBSD you use.  Regular 32 bit x86 hardware from AMD and Intel use the i386cd iso file. As you can see, NetBSD runs on just about everything, including toasters http://www.embeddedarm.com/software/arm-netbsd-toaster.php
  4. A computer with two NIC’s, two CAT5 network cables and switch for your internal network.
  5. An Internet connection. This doc is based on a DHCP connection to the external Verizon FIOS network.
  6. External network = DHCP internet connection from Verizon FIOS in-home router
  7. Internal network = Local static IP connection to internal home network

2)     Minimum hardware specs:

  1. Good enough – 200 Mhz with 256 Mb of RAM, 9 Gig or larger hard drive
  2. Fast: AMD Athlon or Pentium 4, 2 Gigs of RAM, 40 Gig hard drive
  3. Note that the above PC specs are very old. NetBSD is great for repurposing Mom’s old computer.
  4. The PC I used?  A Dell GX270, Intel P4, 2 Gigs RAM, 40 Gig disk drive, two 10/100/1000 NICs (1 Intel, 1 Dlink). You can find one on Ebay.com for under $100. Note that your NIC device IDs will differ based on hardware vendor. http://shop.ebay.com/?_from=R40&_trksid=p5197.m570.l1313&_nkw=Dell+GX270&_sacat=See-All-Categories
  5. Caffeinated drink of choice.

Layout of the System and Network

1)     The list below depicts the example network and PC that I used to make this work.

Internal network: 10.10.10.0/24, mask 255.255.255.0, gateway 10.10.10.1

Internal NIC device ID: wm0

Internal IP: 10.10.10.1

Hostname: gateway

External Network: Internet connection via FIOS DHCP connection from Actiontek router provided by Verizon.

External NIC device ID: sk0

External IP: provided by DHCP

Install NetBSD

1)     Install NetBSD on you system.  Just follow the prompts. It’s easy. When asked, install all of the X packages. If you can’t figure that out, don’t worry. Installing xfce later in this doc will take care of it.

2)     When done with the installation, log in as root and perform the following.

–> /usr/bin/passwd

Changing local password for root.

New password:

Retype new password:

–> useradd -m -G wheel <your new user name>

–> passwd <your new user name>

–> echo “sshd=YES” >> /etc/rc.conf

–> echo “inetd=NO” >> /etc/rc.conf

–> /etc/rc.d/sshd restart

Enable and configure Networking Services.

1)     Since you have two NICs, you have to manually define the NIC with the static IP for the internal network.

–> vi /etc/ifconfig.wm0 and add:

up

media autoselect

10.10.10.98 netmask 255.255.255.0 media autoselect  (use the IP you want to be your internal network interface)

–> wq!

Note: you will not create /etc/ifconfig.sk0 because it’s not static. You’ll get DHCP from FIOS.

2)     Enable packet forwarding/routing and performance tweaks.

–> vi /etc/sysctl.conf and add:

net.inet.ip.forwarding=1

net.inet.ip.mtudisc=1

net.inet.tcp.recvspace=65535

net.inet.tcp.sendspace=65535

–> wq!

3)     Since you get your public IP address assignment dynamically through DHCP, enable it in /etc/rc.conf.

–> vi /etc/rc.conf

dhclient=YES

dhclient_flags=sk0   (this is the NIC that attaches to the FIOS router)

–> wq!

4)     Edit /etc/dhclient.conf so the DHCP client can query the DHCP service.

–> vi /etc/dhclient.conf and add:

send host-name “gateway”;                    <=== Put your hostname here.

send dhcp-client-identifier “gateway”;      <=== Put your host identifier here. Usually same as hostname.

request subnet-mask, broadcast-address, routers, domain-name-servers;

timeout 30;

retry 60;

select-timeout 5;

script “/sbin/dhclient-script”;

lease {

interface “sk0”;                                    <=== put your FIOS facing NIC device here.

option host-name “gateway”;               <=== put your hostname here

option subnet-mask 255.255.255.0;

#  option domain-name “my.domain”;

#  option domain-name-servers 127.0.0.1;

renew 2 2000/1/12 00:00:01;

rebind 2 2000/1/12 00:00:01;

expire 2 2000/1/12 00:00:01;

}

–> wq!

5)     Prevent dhclient from nuking your /etc/resolv.conf.

–> vi /etc/dhclient-enter-hooks  (and paste in the lines below)

make_resolv_conf() {

echo “doing nothing to resolv.conf”

}

–> wq!

6)     Edit your IP Filter rules.

–> vi /etc/ipf.conf and add:

pass in from any to any

pass out from any to any

–> wq!

Note: for a more secure setup see http://www.netbsd.org/docs/network/nsps/config_ipf.html for advanced firewall filtering rules and options. You can also Google it. You could also install Webmin and use the Ipf module.

7)     Enter your Network Address Translation (NAT) rules for the NIC facing the FIOS router.

–> vi /etc/ipnat.conf and add:

map sk0 10.10.10.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp

map sk0 10.10.10.0/24 -> 0.0.0.0/32 portmap tcp/udp 40000:60000

map sk0 10.10.10.0/24 -> 0.0.0.0/32

–> wq!

8)     Enable your NAT/firewall features and NTP for time sync.

–> vi /etc/rc.conf

ipfilter=YES      #Stateful firewall

ipnat=YES        #Network Address Translation

ipmon=YES      #Firewall logging

ntpdate=yes ntpdate_hosts=”0.pool.ntp.org”

ntpd=yes

–> wq!

–> reboot

9)     During the reboot it should discover its DHCP IP from the FIOS router. It will probably be 192.168.1.2, 3 or 4. If it doesn’t pick it up try switching the cables on the back of your PC to the other NIC and reboot. Also, if DHCP does not work, log in as root and try running the following:

–> dhclient sk0

Listening on BPF/sk0/1c:bd:b9:85:b9:03

Sending on   BPF/sk0/1c:bd:b9:85:b9:03

Sending on   Socket/fallback

DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 7

DHCPDISCOVER on sk0 to 255.255.255.255 port 67 interval 13

DHCPOFFER from 192.168.1.1

DHCPREQUEST on sk0 to 255.255.255.255 port 67

DHCPACK from 192.168.1.1

doing nothing to resolv.conf

bound to 192.168.1.3 — renewal in 36425 seconds.

Watch your NAT table with:

–> ipmon -o N

To manually load the NAT rules if you make a change:

–> ipnat -CF -f /etc/ipnat.conf

10)  Add the NetBSD package location to the root profile.

For 5x:

export PKG_PATH=”http://ftp.NetBSD.org/pub/pkgsrc/packages/NetBSD/i386/5.1_2010Q3/All&#8221;

For 6x:

export PKG_PATH=”http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/6.0/All”

–> vi /root/.shrc

# Package location on the ftp server.

export PKG_PATH=”<your path from above, either 5x or 6x>”

export PKG_PATH

–> wq!

–> reboot

Login as root and install additional packages.

–> pkg_add -uv bash-4.2nb2
–> pkg_add -uv p5-Crypt-SSLeay
–> pkg_add -uv p5-Net-SSLeay
–> pkg_add -uv less-418
–> pkg_add -uv xfce4    (or xfce4-4.6.1nb5 if xfce4 doesn’t work)
–> pkg_add -uv firefox
–> pkg_add -uv nmap htop iftop lsof
–> reboot

Reboot to seat the changes.  Login as root and start the new GUI desktop.

–> bash
–> startxfce4

You now have a nice lightweight desktop, firefox and xterms. You are welcome.

11)  Setup your clients. Clients behind the NetBSD NAT/router should be configured for DNS resolution and the proper default gateway. Note that if you have internal DNS and possibly Active Directory running in your internal network and it’s forwarding to your external FIOS DNS servers, use your local DNS server in the steps below.  If not, you can use the FIOS DNS on your internal clients.

How to Migrate a NetApp FAS2x to FAS2040

20 Wednesday Mar 2013

Posted by in NetApp

Leave a comment

Tags

Prep for Updates

1)     Make sure you have enough space on your aggregates for 7.3.3. See release notes.

2)     No hardware or firmware related errors. If so, fix them first.

3)     Check for CIFS shares, NFS exports, iSCSI/FCP luns. Make sure your HBA drivers, iSCSI initiators, SnapDrive, SnapManager, and required OS patches are available and ready to be installed/upgraded as necessary. Verify all components with the NetApp support matrix on the NOW site.

4)     Make sure you know your time zone code such as US\Pacific for Pacific Standard Time.

Assumptions

1)     This doc describes how to use an IP address on the same network as the existing unit temporarily while you transfer the data to the new filer.

2)     Your existing filer is running an ONTAP version between 7.2.2 and 7.3.3 (although it should work for others).

3)     You have already moved the ONTAP versions you need to upgrade into /etc/software on the FAS2020.

4)     You have power in the rack or close by the existing filer to power on the new unit.

5)     You have SnapMirror license for both units.

6)     If your switch ports are VLAN’d or disabled until use, coordinate with your network team to get the correct IP and temporarily enable the port you will use. For this doc we will use a simple 10 net to demonstrate the transfer. Insert your own IP addresses bases on your company VLAN or switch policies. This doc assumes that your existing filer is 10.10.10.1 and the new unit will be 10.10.10.2.

7)     The initial configuration of the FAS2040 only needs to get the unit on the network and nothing more. This process fully copies the existing FAS2020 vol0 root volume and replaces the factory FAS2040 vol0. When done, you boot the FAS2040 into the original SnapMirrored FAS2020 vol0. If you have additional aggregates and volumes on your old filer, move them in the same way at the same time as vol0.

8)     This doc only covers vol0. For systems that have multiple aggregates and volumes simply create them on the FAS2040 as you would any SnapMirror operation and replicate the data.

9)     This outline has worked on a FAS270 and FAS20xx systems.

Step 1:

1)     Rack and stack new FAS2040.

2)     Connect network cable to e0a on the back of the filer. NIC e0a will be used as the primary interface.

3)     Use Putty or HyperTerminal to connect to the console.

4)     Using the serial to RJ45 adapted that ships with the unit, connect a serial cable to the filer management port and power on the unit.

5)     Initial setup during boot:

  1. Contacting DCHP server. Press CTRL+C to skip. CTRL+C
  2. Please enter the new hostname: bogus
  3. Do you want to enable IPv6? n
  4. Do you want to configure virtual network interfaces? n
  5. Please enter the IP address for Network Interface e0a: 10.10.10.2
  6. Please enter the netmask for Network Interface e0a. 255.255.255.0
  7. Should interface e0a take over a partner IP address during failover? n
  8. Please enter media type for e0a (100tx-fd, tp-fd, 100tx, tp, auto (10/100/1000)? <press enter>
  9. Please enter flow control for e0a {none, receive, send, full} [full]? <press enter>
  10. Do you want e0a to support jumbo frames? [n]? <press enter>
  11. Continue to enter network parameter values for each network interface when prompted.
    1. Press enter to skip e0c and e0d NICs.
  12. Would you like to continue setup through the Web interface? n
  13. Please enter the name or IP address of the IPv4 default gateway. 10.10.10.1
    1. Note: rdfile /etc/rc on FAS2020 to very.
  14. Please enter the name or IP address for administrative host. <press enter for none>
  15. Please enter the IP address for (name of admin host). <press enter for none>
  16. Please enter timezone: US/Pacific
  17. Where is the filer located? <press enter>
  18. What language will be used for multiprotocol files? en_US
  19. Enter the root directory for HTTP files: <press enter>
  20. Do you want to run DNS resolver? n
  21. Do you want to run NIS client? n
  22. Press any key to continue. <press enter>
  23. Would you like to configure the BMC LAN interface? n
  24. Would you like to configure the RLM LAN interface? n
  25. Setting the root password for bogus: <press enter>
  26. Do you want to make your system available via WINS? n
  27. Do you want to configure the Shelf Alternate Control Path Management? n
  28. When setup is complete, to transfer the information you’ve entered to the storage system, enter the following command, as directed by the prompt on the screen: reboot

Responding to cifs setup prompts:

  1. Do you want to make the system visible via WINS? n

(1) Multiprotocol filer

(2) NTFS-only filer

> 1

  1. Should CIFS create default /etc/passwd and /etc/group files? y
  2. Would you like to enable NIS group caching? n
  3. When the default name of the CIFS server is listed, you see the following prompt:
    1. Would you like to change this name? n
  4. Select the style of user authentication appropriate to your environment: 3

(1) Active Directory domain authentication (Active Directory domains only)

(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)

(3) Windows Workgroup authentication using the filer’s local user accounts

(4) /etc/passwd and/or NIS/LDAP authentication

  1. What is the name of the Workgroup [WORKGROUP]? <press enter>
  2. Do you want to create the (name of filer) administrator account? y

It is recommended that you create a local administrator account.

If you answer y, respond to the following prompts:

Enter the new password for (storage system name). <press enter for no password>

Retype the password. <press enter for no password>

  1. Would you like to specify a user or group that can administer CIFS? n

Step 2:

1)     Login to the FAS2040 as root (with no password). You should now be able to hit FilerView on the FAS2040.

http://10.10.10.2/na_admin/

2)     For reference, this is how you would set the IP on FAS2040 interface e0a. If FilerView is not available, run:

> ifconfig e0a address 10.10.10.2 netmask 255.255.255.0 mediatype auto flowcontrol full up

> ifconfig -a  (verify e0b, auto-1000t-fd-up)

> ping each other; >ping 10.10.10.1

3)     Check battery voltage and status for OK. At the console:

> priv set diag

> nv

4)     Make sure NTP is set the same on the FAS2020 and FAS2040 (filer | set date/time | modify date/time)

5)     Add license for SnapMirror on FAS2040

6)     Enable SnapMirror: > snapmirror on, or in FilerView, SnapMirror | Enable/Disable | Enable

7)     Add SnapMirror remote access on the FAS2020. In FilerView, SnapMirror | remote access | add | enter the FAS2040 IP address. Repeat this step adding the FAS2040 hostname.

8)     The default aggr0 and vol0 should be on the new FAS2040. Rename the current vol0 on the FAS2040 to vol00 and reboot. Open a putty or serial session if possible on both filers to watch for console messages.

> vol rename vol0 vol00

> reboot

9)     Create vol0 on the FAS2040. Make sure aggregates and volumes are the same size or larger as the source FAS2020 filer. Also make sure the default aggregate (aggr0) is large enough for the new volume you are about to create. If needed, add disks to aggr0 on the FAS2040.

  1. In FilerView on the FAS2040, Volumes | Add | Next | volume type=Flexible | vol name=vol0, lang=English | containing aggr=agg0, space guarantee=volume | volume type=total size, volume size= <enter your size>, snap reserve=20 | commit.

10)  On the FAS2040 in FilerView, create the SnapMirrors:

  1. Note: in the following steps, if not specified, leave the default setting.
  2. Volumes | Manage | select check box next to vol0 and click Restrict.
  3. SnapMirror | Add | dest vol=vol0 | src filer=FAS2020 ip address, src location=vol0 | restart mode=always | snap-sched=every hour | commit.
  4. SnapMirror | Manage | find vol0 SnapMirror and select Advanced | initialize.
  5. Check the status in SnapMirror | Manage and check the Status column for Idle, or run >snapmirror status on the command line. If it fails to run, check the console messages. You may have manually define the filer in options snapmirror.access at the command line on the FAS2020.
  6. Continue ONLY when the transfer is done. Depending on volume size, this could take many hours or just a few minutes.

Step 3:

1)     When the SnapMirror step above completes, upgrade the FAS2020. If your filer is 7.2.x, upgrade to 7.2.6.1 first and then 7.3.3. As of October 2010, FAS2040s shipped with 7.3.3.

> software list

> software update 7261_setup_e.exe

> version, sysconfig -a/v/d, vol/aggr status, etc., to check that everything is OK.

> software list

> software update 733P5_setup_e.exe

> version, sysconfig -a/v/d, vol/aggr status, etc., to check that everything is OK.

> disk_fw_update

  1. Do you want to continue? yes

> disk_fw_update (answer yes to check status if it is running. If disks are updated you will see “Disk Drive Firmware Updated” when done. Proceed to the next step.

Step 4:

1)     After you upgrade the FAS2020 ONTAP to 7.3.3P5, refresh the SnapMirrors and complete the migration.

  1. On the FAS2040, FilerView | SnapMirror | Manage | click Advanced (on the right) for vol0 and click Update.
  2. Check the status in SnapMirror | Manage and see if the Status column says Idle, or run >snapmirror status on the command line.
  3. Quiesce and break the SnapMirrors. In FilerView on the FAS2040, click SnapMirror | Manage | for vol0, on the right click Advanced | Quiesce. Now, back in Advanced for vol0, click Break. It should be listed as Broken-off on the Manage page before you proceed.
  4. When done, disconnect the FAS2020 network cables on e0a to prevent logins or simply halt the filer.

> halt

  1. Make vol0 the root volume on the FAS2040:
    > vol options vol0 root
    > reboot
  2. Verify new root: Volumes | Manage | look for root checkmark on vol0, or run the >vol options vol0 command and look for root at the beginning of the output.
  3. Offline vol00 to make it unavailable. You can destroy is later when done.

> vol offline vol00

2)     Data is now replicated. Finish upgrading the FAS2040 ONTAP to 7.3.3P5.

> software list

> software update 733P5_setup_e.exe

> version, sysconfig -a/v/d, vol/aggr status, etc.

Note: if you received a message to run update_flash during the reboot, continue with the next steps. If not, go to step “e” below.

> halt

Loader> update_flash

Loader> boot_ONTAP

> reboot

> disk_fw_update (to check status)

  1. Do you want to continue? yes
  2. Check for backup primary kernel bug.

> version -b  (if you see the 7.2.6.1 backup primary kernel run the download command)

> download  (this is a bug fix to remove the 7.2.6.1 backup primary kernel. Don’t skip this step)

Reset the volume option fs_size_fixed.

> vol options vol0 fs_size_fixed off

> vol options vol1 fs_size_fixed off

3)     Verify vol0. Check \\filer\shares, browse shares, have a user login, etc., etc. Check NFS mounts, iSCSI/FCP luns.

4)     Rejoice. You are done.

Migrating a NetApp Traditional root vol0 to a Flexvol root vol0

20 Wednesday Mar 2013

Posted by in NetApp

Leave a comment

Tags

Before migrating, you need to create a destination aggregate and volume of the correct size. Since the new FlexVol volume will be the root volume, it must meet the minimum size requirements for root volumes, which are based on your storage system. Data ONTAP prevents you from designating as root a volume that does not meet the minimum size requirement. The table below is for Data ONTAP 7.3.3.

Storage Model              Minimum Root FlexVol volume size

FAS2020                       10 GB
FAS2040                       16 GB
FAS3040                       16 GB
FAS3140                       16 GB
FAS3170                       37 GB

1)     Enter the following command to determine the amount of space your traditional volume uses:

> df -Ah vol0

Aggregate            total                  used                  avail                capacity

vol0                      192GB              6278MB            186GB              3%
vol0/.snapshot   48GB               2494MB            45GB                5%

The total space used by the traditional volume is displayed as “used” for the volume name.

2)     Create an aggregate to contain the new FlexVol volume. In filerView, click Aggregates | Add | aggr name=aggr0 | RID Group Size=16 | Disk Selection=Auto | Disk Type=Any Type | Disk Size=click the down arrow and select the smallest disks you have | Number of Disks=3 | Commit.

3)     Create the destination volume in the new aggregate you just created. In FilerView, click Volumes | Add | Volume Type Selection=Flexible | Volume Name=vol00 | Containing Aggregate=aggr0 | Volume Size Type=Total Size, Volume Size=200 Gigs, Snapshot Reserve=20 | Commit.

IMPORTANT:

4)     Due to a rare occurrence where the kernel is cleared from your flash rendering the system unbootable after an ndmpcopy, copy the same ONTAP version you are now running into /etc/software on the filer before you start.

  1. If the /etc/software folder is not present simply run the “software list” command on the filer to create it.
  2. For example, on a 3140, make sure you have 733P5_setup_q.exe in /etc/software on the filer before you start. If the system won’t boot after the ndmpcopy with a “kernel not found” or similar error, netboot the filer and run software update 733P5_setup_q.exe to reinstall your OS. See the System Administration Guide for your ONTAP version for steps on how to create a netboot filer.
  3. Collect the IP information on your filer in case you need to netboot.

> ifconfig -a (get the IP and interface name)

> rdfile /etc/rc (get the mask and default route)

> dns info (get the DNS server’s IP and domain)

Attention: Make sure that you use the storage system command-line interface from a serial connection to run the ndmpcopy command. If you run this command from a client like Putty, your data may not migrate successfully. For more information about the ndmpcopy command, see the Data ONTAP Data Protection Online Backup and Recovery Guide.

Migrate the Volume

1)     You will use the ndmpcopy command to migrate your data to the target volume. Ensure that NDMP is configured correctly by entering the following commands:

> options ndmpd.enable on

> options ndmpd.authtype challenge

2)     Migrate the data by entering the following command at the storage system prompt:

> ndmpcopy /vol/vol0 /vol/vol00

3)     Verify copy. Look for something similar to:

ndmpcopy: filername: Log: Dump: Dump is Done

ndmpcopy: filername: Log: RESTORE: RESTORE is Done

ndmpcopy: filername: Log: RESTORE: The destination path is /vol/vol00

ndmpcopy: filername: Log: Notify: restore successful

ndmpcopy: filername: Log: Notify: dump successful

ndmpcopy: transfer successful

ndmpcopy: done

Completing the Migration

1)     After you copy your data, you need to perform some additional tasks before the migration is complete. Make the new FlexVol volume the root volume by entering the following command:

> vol options vol00 root

> reboot

Note: if the filer won’t boot with a kernel missing error and dumps to the CFE> or LOADER> prompt, netboot the filer and reinstall the OS. The following steps are based on a FAS3140.

> ifconfig e0a -addr=<filer IP> -mask=<filer mask> -gw=<filer gateway> -dns=<filer DNS server IP>

Ping your gateway and netboot filer to make sure you are up. Some switches take 30 seconds to one minute to fully establish the link. Pause for a moment if the ping fails and verify your net mask.

> netboot http://<IP of netboot filer>/path_to_kernel/netapp_7.3.3P5-x86-64

The system will boot to the 1-5 menu. Select option 1 for a normal boot. When the filer is up, login as an administrative user.

> software list

> software update 733P5_setup_q.exe

The install will complete and the filer will reboot. You should now have a properly seated kernel. To verify enter:

> version -b

The first line should read: 1:/x86_64/kernel/primary.krn: 7.3.3P5

2)     Rename and offline the existing traditional vol0 to prevent hairballs.

> vol rename vol0 vol0trad

> vol offline vol0trad

Note: you can destroy vol0trad later when you’re confident everything is stable.

3)     Rename the new Flexvol vol00 to vol0 and reboot.

> vol rename vol00 vol0

> vol options vol0 root

> reboot

4)     Verify that the new vol0 is the root vol.

> vol status vol0

Look under Options for root:

Volume       State    Status               Options

vol0            online   raid_dp, flex      root   (and whatever other default options you have)

5)     Fix FilerView.  This is a bug. See https://kb.netapp.com/support/index?page=content&id=2010752

> secureadmin disable ssl

           > secureadmin setup ssl  (answer the questions for your environment)

> secureadmin enable ssl

Launch FilerView and you should be able to login and render each page.

How to Enable SNMPv3 in ONTAP 7.3.3/8.x and DFM (OnCommand Core) 4.0/5.x

20 Wednesday Mar 2013

Posted by in NetApp, Security

Leave a comment

Tags

,

1)    On the filer:

> options snmp.enable on

> useradmin role add snmpv3role -a login-snmp

> useradmin group add snmpv3group -r snmpv3role

> useradmin user add snmpv3user -g snmpv3group

> Enter password:

> snmp traps enable

> snmp init 1

> snmp authtrap 1

> snmp traphost add <your DFM server hostname>

> snmp location <your filer location> (if spaces, put in quotes; snmp location “Area 51, Roswell New Mexico”)

2)    In the DFM browser based GUI:

a)     Control Center tab | Setup | Options | SNMP Trap Listener. Click Yes to enable and click Update.

b)    Control Center tab | Setup | Network Credentials.

i.        If you have SNMPv1 networks defined, find the network of the filer you want to change to SNMPv3 in the list at the bottom of the page and click Edit on the right.

ii.        Under Edit Network Credentials, select SNMPv3.

iii.        Under SNMPv1 Settings, clear whatever is shown in this field.

iv.        Under SNMPv3 Settings, enter the user and password you created above (snmpv3user) and click Update. DO NOT enter anything in the Privacy password field.  It is designated for future use. If you do, you will see “snmpd:error Encryption not enabled” on the filer. Harmless but annoying.

3)    At the command line on the DFM server:

a)     Click Start | Run | type cmd and press enter.

C:\> cd c:\Program Files\Network Appliance\DataFabric\DFM\bin

> dfm host list        (to get the filer’s ID and IP address)

> dfm host set <ip of filer> prefsnmpVersion=3

> dfm host get -q <ID of the filer you just changed to v3>    (to verify the snmp version)

> dfm host diag <your filer hostname>

SNMP Version in use                    SNMPv3

SNMPv1                                          Failed (this is good)

SNMP Community                         <blank> (this is good, if not blank, see notes below)

SNMPv3                                          Passed (297ms)

SNMPv3 Auth Protocol                 MD5

SNMPv3 Privacy Enabled             No  (this OK, reserved for future use of the Privacy password)

SNMPv3 Username                       root  (OK, diagnostics use root for this test, not the snmpv3user account)

SNMP sysName                             <I removed the value but it works>

SNMP sysObjectID                        <I removed the value but it works>

SNMP productID                            <I removed the value but it works>

  • Diags use the root or root equivalent user which is why this states root above.
  • If you don’t clear the read only community string in the DFM GUI it will still use SNMPv1 if the ro community string is defined on the filer. To remove it on the filer, issue a > snmp community delete ro <your ro string>
  • System Manager does not support SNMPv3. Hello NetApp?!?! To use System Manager with SNMPv3 enabled and SNMPV1 disabled, click Add, click the down-arrow and select Credentials. Enter a username in the admin group (try not to use root for security reasons) and click Add.