Tag Archives: Oracle

HOWTO Secure iSCSI Luns Between Oracle Enterprise Linux 7 and NetApp Storage with Mutual CHAP

01 Monday Sep 2014

Posted by in iSCSI, Linux, Oracle, Security

Leave a comment

Tags

, , ,

This post demonstrates how to enable Bidirectional or Mutual CHAP on iSCSI luns between Oracle Enterprise Linux 7 and NetApp storage. The aggregate, lun and disk sizes are small in this HOWTO to keep it simple.

1) If not already installed, install the iSCSI initiator on your server.
> yum install iscsi-initiator*

2) Display your server’s new iSCSI initiator or iqn nodename.
> cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1988-12.com.oracle:77ff4f784c55

3) On the NetApp filer, create the volume that will hold the iscsi luns. This command assumes you have aggregate aggr1 already created.  If not, use an aggregate that has enough room for your volume.
netapp> vol create MCHAPVOL aggr1 10g

4) Create the lun in the volume.
netapp> lun create -s 5g -t linux /vol/MCHAPVOL/OEL7_iSCSI_MCHAP_01

5) Create an igroup and add the Linux iscsi nodename or iqn from step 2 above to the new igroup.
netapp> igroup create -i -t linux ISCSI_MCHAP_OEL7
netapp> igroup add ISCSI_MCHAP_OEL7 iqn.1988-12.com.oracle:77ff4f784c55
netapp> igroup set ISCSI_MCHAP_OEL7 report_scsi_name yes
netapp> igroup show ISCSI_MCHAP_OEL7

ISCSI_MCHAP_OEL7 (iSCSI) (ostype: linux):
iqn.1988-12.com.oracle:77ff4f784c55 (not logged in)

6) Map the lun to the igroup and give it lun ID 01.
netapp> lun map /vol/MCHAPVOL/OEL7_iSCSI_MCHAP_01 ISCSI_MCHAP_OEL7 01

7) Obtain the NetApp target nodename.
netapp> iscsi nodename
iSCSI target nodename: iqn.1992-08.com.netapp:sn.4055372815

8) Set the CHAP secret on the NetApp controller.
netapp> iscsi security add -i iqn.1988-12.com.oracle:77ff4f784c55 -s chap -p OEL7 -n iqn.1988-12.com.oracle:77ff4f784c55 -o NETAPPMCHAP -m iqn.1992-08.com.netapp:sn.4055372815

netapp> iscsi security show
Default sec is None
init: iqn.1986-03.com.sun:01:e00000000000.52bcad1c auth: CHAP Local Inbound password: **** Inbound username: iqn.1986-03.com.sun:01:e000000000bound password: **** Outbound username: iqn.1992-08.com.netapp:sn.4055372815
init: iqn.1988-12.com.oracle:77ff4f784c55 auth: CHAP Local Inbound password: **** Inbound username: iqn.1988-12.com.oracle:77ff4f784c55 Outbou** Outbound username: iqn.1992-08.com.netapp:sn.4055372815

9) On the server, edit your /etc/iscsi/iscsi.conf file and set the parameters below.
> vi /etc/iscsi/iscsid.conf
node.startup = automatic
node.session.auth.authmethod = CHAP
node.session.auth.username = iqn.1988-12.com.oracle:77ff4f784c55
node.session.auth.password = OEL7
node.session.auth.username_in = iqn.1992-08.com.netapp:sn.4055372815
node.session.auth.password_in = NETAPPMCHAP
discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.username = iqn.1988-12.com.oracle:77ff4f784c55
discovery.sendtargets.auth.password = OEL7
discovery.sendtargets.auth.username_in = iqn.1992-08.com.netapp:sn.4055372815
discovery.sendtargets.auth.password_in = NETAPPMCHAP
> wq!

10) On the server, restart the service and discover your iSCSI target (your storage system).
> service iscsi restart
Redirecting to /bin/systemctl restart  iscsi.service

a) Verify the target.
> iscsiadm -m discovery -t st -p 10.10.10.141
10.10.10.141:3260,1000 iqn.1992-08.com.netapp:sn.4055372815

> iscsiadm -m node  (this should display the same as above)
10.10.10.141:3260,1000 iqn.1992-08.com.netapp:sn.4055372815

11) On the server, manually login to the iSCSI target (your storage array). Note there are two dashes “- -” in front of targetname and login.
> iscsiadm -m node –targetname “iqn.1992-08.com.netapp:sn.4055372815” –login
Logging in to [iface: default, target: iqn.1992-08.com.netapp:sn.4055372815, portal: 10.10.10.141,3260] (multiple)
Login to [iface: default, target: iqn.1992-08.com.netapp:sn.4055372815, portal: 10.10.10.141,3260] successful.

a) On the NetApp storage console you should see the iSCSI session:
[netapp:iscsi.notice:notice]: ISCSI: New session from initiator iqn.1988-12.com.oracle:77ff4f784c55 at IP addr 10.10.10.201

b) Verify the iSCSI session on the filer:
netapp> iscsi session show
Session 4
Initiator Information
Initiator Name: iqn.1988-12.com.oracle:77ff4f784c55
ISID: 00:02:3d:06:00:00
Initiator Alias: localhost.localdomain

12) From the server , check your session.
> iscsiadm -m session -P 1
Target: iqn.1992-08.com.netapp:sn.4055372815 (non-flash)
Current Portal: 10.10.10.141:3260,1000
Persistent Portal: 10.10.10.141:3260,1000
**********
Interface:
**********
Iface Name: default
Iface Transport: tcp
Iface Initiatorname: iqn.1988-12.com.oracle:77ff4f784c55
Iface IPaddress: 10.10.10.201
Iface HWaddress: <empty>
Iface Netdev: <empty>
SID: 6
iSCSI Connection State: LOGGED IN
iSCSI Session State: LOGGED_IN
Internal iscsid Session State: NO CHANGE

13) From the server, check the NetApp iSCSI details. Note there are two dashes “- -” in front of mode, targetname and portal.
> iscsiadm –mode node –targetname “iqn.1992-08.com.netapp:sn.4055372815″ –portal 10.10.10.141:3260
# BEGIN RECORD 6.2.0.873-21
node.name = iqn.1992-08.com.netapp:sn.4055372815
node.tpgt = 1000
node.startup = automatic
node.leading_login = No
iface.hwaddress = <empty>
iface.ipaddress = <empty>
iface.iscsi_ifacename = default
iface.net_ifacename = <empty>
iface.transport_name = tcp
iface.initiatorname = <empty>
iface.state = <empty>
iface.vlan_id = 0
iface.vlan_priority = 0
iface.vlan_state = <empty>
iface.iface_num = 0
iface.mtu = 0
iface.port = 0
iface.bootproto = <empty>
iface.subnet_mask = <empty>
iface.gateway = <empty>
iface.dhcp_alt_client_id_state = <empty>
iface.dhcp_alt_client_id = <empty>
iface.dhcp_dns = <empty>
iface.dhcp_learn_iqn = <empty>
iface.dhcp_req_vendor_id_state = <empty>
iface.dhcp_vendor_id_state = <empty>
iface.dhcp_vendor_id = <empty>
iface.dhcp_slp_da = <empty>
iface.fragmentation = <empty>
iface.gratuitous_arp = <empty>
iface.incoming_forwarding = <empty>
iface.tos_state = <empty>
iface.tos = 0
iface.ttl = 0
iface.delayed_ack = <empty>
iface.tcp_nagle = <empty>
iface.tcp_wsf_state = <empty>
iface.tcp_wsf = 0
iface.tcp_timer_scale = 0
iface.tcp_timestamp = <empty>
iface.redirect = <empty>
iface.def_task_mgmt_timeout = 0
iface.header_digest = <empty>
iface.data_digest = <empty>
iface.immediate_data = <empty>
iface.initial_r2t = <empty>
iface.data_seq_inorder = <empty>
iface.data_pdu_inorder = <empty>
iface.erl = 0
iface.max_receive_data_len = 0
iface.first_burst_len = 0
iface.max_outstanding_r2t = 0
iface.max_burst_len = 0
iface.chap_auth = <empty>
iface.bidi_chap = <empty>
iface.strict_login_compliance = <empty>
iface.discovery_auth = <empty>
iface.discovery_logout = <empty>
node.discovery_address = 10.10.10.141
node.discovery_port = 3260
node.discovery_type = send_targets
node.session.initial_cmdsn = 0
node.session.initial_login_retry_max = 8
node.session.xmit_thread_priority = -20
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.nr_sessions = 1
node.session.auth.authmethod = CHAP
node.session.auth.username = iqn.1988-12.com.oracle:77ff4f784c55
node.session.auth.password = ********
node.session.auth.username_in = iqn.1992-08.com.netapp:sn.4055372815
node.session.auth.password_in = ********
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.err_timeo.host_reset_timeout = 60
node.session.iscsi.FastAbort = Yes
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 2
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.conn[0].address = 10.10.10.141
node.conn[0].port = 3260
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.HeaderDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
# END RECORD

14) From the server, find and format the new lun (new disk). Your fdisk commands are in bold red below.
> cat /var/log/messages | grep “unknown partition table”
localhost kernel: sdb: unknown partition table

> fdisk /dev/sdb

Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x195fbc72.

The device presents a logical sector size that is smaller than
the physical sector size. Aligning to a physical sector (or optimal
I/O) size boundary is recommended, or performance may be impacted.

Command (m for help): w

> fdisk /dev/sdb
Command (m for help): n
Partition type:
p   primary (0 primary, 0 extended, 4 free)
e   extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-10485759, default 2048): <press enter>
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-10485759, default 10485759): <press enter>
Using default value 10485759
Partition 1 of type Linux and of size 5 GiB is set

Command (m for help): p
Disk /dev/sdb: 5368 MB, 5368709120 bytes, 10485760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 65536 bytes
Disk label type: dos
Disk identifier: 0xa1c2729d

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    10485759     5241856   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

15) On the server, create the Linux file system on the new partition.
> mkfs -t ext4 /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
Discarding device blocks: done
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=16 blocks
327680 inodes, 1310464 blocks
65523 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

16) Verify the partition.
> blkid /dev/sdb1
/dev/sdb1: UUID=”eb7fa074-50d8-47d1-83aa-7b69568020e4″ TYPE=”ext4″

17) Create the mount point and manually mount the directory.
> mkdir /newiscsilun
> mount /dev/sdb1 /newiscsilun
> df -h | grep newiscsilun
/dev/sdb1  4.8G   20M  4.6G   1% /newiscsilun

18) Add the new mount point to /etc/fstab.
> vi /etc/fstab
/dev/sdb1 /newiscsilun ext4 _netdev 0 0
> wq!

Note: the _netdev option is important so that it doesn’t try mounting the target before the network is available.

19) Test that it survives a reboot by rebooting the server. With the _netdev set, iscsi starts and your CHAP logins should take place before it attempts to mount. After the reboot, login and verify its mounted.

> df -h | grep newiscsilun
/dev/sdb1  4.8G   20M  4.6G   1% /newiscsilun

20) On the server you can check session stats.
> iscsiadm -m session -s
Stats for session [sid: 6, target: iqn.1992-08.com.netapp:sn.4055372815, portal: 10.10.10.141,3260]
iSCSI SNMP:
txdata_octets: 137976652
rxdata_octets: 3841684
noptx_pdus: 0
scsicmd_pdus: 1127
tmfcmd_pdus: 0
login_pdus: 0
text_pdus: 0
dataout_pdus: 1827
logout_pdus: 0
snack_pdus: 0
noprx_pdus: 0
scsirsp_pdus: 1127
tmfrsp_pdus: 0
textrsp_pdus: 0
datain_pdus: 793
logoutrsp_pdus: 0
r2t_pdus: 1827
async_pdus: 0
rjt_pdus: 0
digest_err: 0
timeout_err: 0
iSCSI Extended:
tx_sendpage_failures: 0
rx_discontiguous_hdr: 0
eh_abort_cnt: 0

21) As root, change permissions on /etc/iscsi/iscsid.conf. I’m not sure why they haven’t fixed this clear text CHAP password in a file issue so just make sure only root can read/write the file.
> chmod 600 /etc/iscsi/iscsid.conf

22) On the NetApp storage you can verify the Lun and the server’s session.
netapp>  lun show -v /vol/MCHAPVOL/OEL7_iSCSI_MCHAP_01
/vol/MCHAPVOL/OEL7_iSCSI_MCHAP_01      5g (5368709120)    (r/w, online, mapped)
Serial#: BQVJ3]DxwBc-
Share: none
Space Reservation: enabled
Multiprotocol Type: linux
Maps: ISCSI_MCHAP_OEL7=1
Occupied Size:  134.0m (140546048)
Creation Time: Sat Aug 30 12:14:47 EST 2014
Cluster Shared Volume Information: 0x0

netapp> iscsi session show -v
Session 6
Initiator Information
Initiator Name: iqn.1988-12.com.oracle:77ff4f784c55
ISID: 00:02:3d:01:00:00
Initiator Alias: localhost.localdomain

Session Parameters
SessionType=Normal
TargetPortalGroupTag=1000
MaxConnections=1
ErrorRecoveryLevel=0
AuthMethod=CHAP
HeaderDigest=None
DataDigest=None
ImmediateData=Yes
InitialR2T=No
FirstBurstLength=65536
MaxBurstLength=65536
Initiator MaxRecvDataSegmentLength=65536
Target MaxRecvDataSegmentLength=65536
DefaultTime2Wait=2
DefaultTime2Retain=0
MaxOutstandingR2T=1
DataPDUInOrder=Yes
DataSequenceInOrder=Yes
Command Window Size: 64

Connection Information
Connection 0
Remote Endpoint: 10.10.10.201:41613
Local Endpoint: 10.10.10.141:3260
Local Interface: e0a
TCP recv window size: 131400

Command Information
No commands active

No commands active

HOWTO create a local yum repository for Oracle Linux 5.10

13 Tuesday May 2014

Posted by in Linux, Oracle

Leave a comment

Tags

,

1) Choose a location for the contents of Oracle Linux DVD. It could be local disk, an NFS mount point or an iSCSI, fiber channel or FCOE lun. Whatever it is, make sure its mounted, has a filesystem and is available to receive files.

2) I used an NFS mount from a NetApp filer. Make sure you add the mount point to /etc/fstab if you want it to survive a reboot. The directory I created is called oracle_linux_files. You can name it whatever you want.

3) Insert the Oracle Linux DVD into the server and mount it. Copy the contents and install the createrepo rpm.

> mount /dev/cdrom /media

> cd /media/

> cp -rp “OL5.10 x86_64 dvd 20131002” /oracle_linux_files/

> cd /oracle_linux_files/

> mv “OL5.10 x86_64 dvd 20131002” OL5.10_x86_64_dvd_20131002

> cd OL5.10_x86_64_dvd_20131002/Server/

> ls -l | grep createrepo  (to find the rpm)

> rpm -ivf createrepo-0.4.11-3.el5.noarch.rpm

4) Create the local yum repo.

> cd /oracle_linux_files/OL5.10_x86_64_dvd_20131002/

> createrepo .

5) Create yum repository definition file /etc/yum.repos.d/localnfs.repo:

> cd /etc/yum.repos.d/

> vi localnfs.repo and add the following:

[localnfs.repo]
name=localnfs.repo
baseurl=file:///oracle_linux_files/OL5.10_x86_64_dvd_20131002/
enabled=1
gpgcheck=0

> wq!

6) Move the existing repo file.

> mkdir -p /etc/yum.repos.d/archive

> mv /etc/yum.repos.d/public-yum-el5.repo etc/yum.repos.d/archive/

7) Test the new yum configuration.

> yum clean all

> yum list

8) You can now install rpm’s via Gnome Add/Remove Software GUI or yum from the cli.

HOWTO Secure iSCSI Luns Between Oracle Solaris 11 and NetApp Storage Using Bidirectional CHAP

09 Thursday Jan 2014

Posted by in iSCSI, NetApp, Oracle, Security, Solaris

Leave a comment

Tags

, , , ,

This post demonstrates how to secure iSCSI luns between Oracle Solaris 11 and NetApp storage. Solaris calls it Bidirectional CHAP rather than Mutual CHAP. The aggregate, lun and disk sizes are small in this HOWTO to keep it simple. Research the relationship between Solaris EFI, Solaris VTOC and lun size as well as UFS vs ZFS to make sure you choose the proper type for your environment. This was done with Solaris 11 (11/11) x86. All steps except the fdisk step near the end are the same for SPARC systems.

1) Check for the iSCSI packages. They should be installed by default.
> pkginfo | grep iSCSI
system    SUNWiscsir    Sun iSCSI Device Driver (root)
system    SUNWiscsiu    Sun iSCSI Management Utilities (usr)

2) Make sure the iSCSI service is running on your Solaris host.
> svcs | grep iscsi
online  6:41:58 svc:/network/iscsi/initiator:default

If not, start it.
> svcadm enable svc:/network/iscsi/initiator:default

3) Get your local iSCSI Initiator Node Name or iqn name on the Solaris host.
> iscsiadm list initiator-node | grep iqn
Initiator node name: iqn.1986-03.com.sun:01:e00000000000.52bcad1c

4) Make sure the iscsi service is running on the NetApp.
netapp> iscsi status

5) Create the volume that will hold the iscsi luns. This command assumes you have aggregate aggr1 already created. If not use an aggregate that has enough room for your volume.
netapp> vol create MCHAPVOL aggr1 10g

6) Create a lun on the volume.
netapp> lun create -s 5g -t solaris_efi /vol/MCHAPVOL/SOL11_iSCSI_MCHAP_01

7) Create an igroup and add the Solaris iscsi node name or iqn from step 3 above to it.
netapp> igroup create -i -t solaris ISCSI_MCHAP_SOL11
netapp> igroup add ISCSI_MCHAP_SOL11 iqn.1986-03.com.sun:01:e00000000000.52bcad1c
netapp> igroup show

ISCSI_MCHAP_SOL11 (iSCSI) (ostype: solaris):
iqn.1986-03.com.sun:01:e00000000000.52bcad1c (not logged in)

8) Map the lun to the igroup and give it lun ID 01.
netapp> lun map /vol/MCHAPVOL/SOL11_iSCSI_MCHAP_01 ISCSI_MCHAP_SOL11 01

Note: Solaris EFI is for larger than 2 TB luns and Solaris VTOC for smaller disks. This lun is small just to demonstrate the configuration.

9) Obtain the NetApp target nodename.
netapp> iscsi nodename
iqn.1992-08.com.netapp:sn.4055372815

10) On the Solaris host, configure the target (NetApp controller) to be statically discovered. Note that there are two dashes “- -” in front of –static and –sendtargets. For some reason it displays as one dash in some browsers.
> iscsiadm modify discovery –static enable
> iscsiadm modify discovery –sendtargets enable
> iscsiadm add discovery-address 10.10.10.141:3260
> iscsiadm add static-config iqn.1992-08.com.netapp:sn.4055372815,10.10.10.141:3260
> iscsiadm list static-config
Static Configuration Target: iqn.1992-08.com.netapp:sn.4055372815,10.10.10.141:3260

11) Check your discovery methods. Make sure Static and Send Targets are enabled.
> iscsiadm list discovery
Discovery:
Static: enabled
Send Targets: enabled
iSNS: disabled

12) Enable Bidirectional CHAP on the Solaris host for the target NetApp controller.
> iscsiadm modify target-param –authentication CHAP iqn.1992-08.com.netapp:sn.4055372815
> iscsiadm modify target-param -B enable iqn.1992-08.com.netapp:sn.4055372815

13) Set the target device secret key that identifies the target NetApp controller. Note Solaris supports a minimum of 12 and a maximum of 16 character CHAP secrets. Also, there are two dashes “- -” in front of –CHAP-secret. You can make up your own secrets.
> iscsiadm modify target-param –CHAP-secret iqn.1992-08.com.netapp:sn.4055372815
Enter secret: NETAPPBICHAP
Re-enter secret: NETAPPBICHAP

14) Set the Solaris host initiator name and CHAP secret. Remember, there are two dashes “- -” in front of –CHAP-secret. You can make up your own secrets.
> iscsiadm modify initiator-node –authentication CHAP
> iscsiadm modify initiator-node –CHAP-name iqn.1986-03.com.sun:01:e00000000000.52bcad1c
> iscsiadm modify initiator-node –CHAP-secret
Enter secret: BIDIRCHAPSOL11
Re-enter secret: BIDIRCHAPSOL11

15) Verify your target parameters. Make sure Bidirectional Authentication is enabled and Authentication type is CHAP.
> iscsiadm list target-param -v iqn.1992-08.com.netapp:sn.4055372815
Target: iqn.1992-08.com.netapp:sn.4055372815
Alias: –
Bi-directional Authentication: enabled
Authentication Type: CHAP
CHAP Name: iqn.1992-08.com.netapp:sn.4055372815
Login Parameters (Default/Configured):
Data Sequence In Order: yes/-
Data PDU In Order: yes/-
Default Time To Retain: 20/-
Default Time To Wait: 2/-
Error Recovery Level: 0/-
First Burst Length: 65536/-
Immediate Data: yes/-
Initial Ready To Transfer (R2T): yes/-
Max Burst Length: 262144/-
Max Outstanding R2T: 1/-
Max Receive Data Segment Length: 8192/-
Max Connections: 65535/-
Header Digest: NONE/-
Data Digest: NONE/-
Tunable Parameters (Default/Configured):
Session Login Response Time: 60/-
Maximum Connection Retry Time: 180/-
Login Retry Time Interval: 60/-
Configured Sessions: 1

16) Set the Bidirectional CHAP secrets on the NetApp controller.
netapp> iscsi security add -i iqn.1986-03.com.sun:01:e00000000000.52bcad1c -s chap -p BIDIRCHAPSOL11 -n iqn.1986-03.com.sun:01:e00000000000.52bcad1c -o NETAPPBICHAP -m iqn.1992-08.com.netapp:sn.4055372815

a) View the iSCSI security configuration.
netapp> iscsi security show
init: iqn.1986-03.com.sun:01:e00000000000.52bcad1c auth: CHAP Local Inbound password: **** Inbound username: iqn.1986-03.com.sun:01:e00000000000.52bcad1c Outbound password: **** Outbound username: iqn.1992-08.com.netapp:sn.4055372815

17) On the Solaris host, reconfigure the /dev namespace to recognize the iSCSI disk (lun) you just connected.
> devfsadm -i iscsi or devfsadm -Cv -i iscsi

18) Login to server and format the disk. Note – the fdisk command below can be skipped on SPARC systems. Your input is in bold red in the next sequence.
> format
Searching for disks…done

AVAILABLE DISK SELECTIONS:
0. c4t0d0 <VMware-Virtual disk-1.0 cyl 1824 alt 2 hd 255 sec 63>
/pci@0,0/pci15ad,1976@10/sd@0,0
1. c5t2d0 <NETAPP-LUN-7350 cyl 2558 alt 2 hd 128 sec 32>
/iscsi/disk@0000iqn.1992-08.com.netapp%3Asn.8416793903E8,1
Specify disk (enter its number): 1
selecting c5t2d0
[disk formatted]
No Solaris fdisk partition found.

FORMAT MENU:
disk       – select a disk
type       – select (define) a disk type
partition  – select (define) a partition table
current    – describe the current disk
format     – format and analyze the disk
fdisk      – run the fdisk program
repair     – repair a defective sector
label      – write label to the disk
analyze    – surface analysis
defect     – defect list management
backup     – search for backup labels
verify     – read and display labels
save       – save new disk/partition definitions
inquiry    – show disk ID
volname    – set 8-character volume name
!<cmd>     – execute <cmd>, then return
quit
format> fdisk   (skip this command if you are on a SPARC system)
No fdisk table exists. The default partition for the disk is:

a 100% “SOLARIS System” partition

Type “y” to accept the default partition,  otherwise type “n” to edit the
partition table.
y

format> p

PARTITION MENU:
0      – change `0′ partition
1      – change `1′ partition
2      – change `2′ partition
3      – change `3′ partition
4      – change `4′ partition
5      – change `5′ partition
6      – change `6′ partition
7      – change `7′ partition
select – select a predefined table
modify – modify a predefined partition table
name   – name the current table
print  – display the current table
label  – write partition map and label to the disk
!<cmd> – execute <cmd>, then return
quit
partition> p
Current partition table (default):
Total disk cylinders available: 2557 + 2 (reserved cylinders)

Part      Tag    Flag     Cylinders        Size            Blocks
0 unassigned    wm       0               0         (0/0/0)           0
1 unassigned    wm       0               0         (0/0/0)           0
2     backup    wu       0 – 2556        4.99GB    (2557/0/0) 10473472
3 unassigned    wm       0               0         (0/0/0)           0
4 unassigned    wm       0               0         (0/0/0)           0
5 unassigned    wm       0               0         (0/0/0)           0
6 unassigned    wm       0               0         (0/0/0)           0
7 unassigned    wm       0               0         (0/0/0)           0
8       boot    wu       0 –    0        2.00MB    (1/0/0)        4096
9 unassigned    wm       0               0         (0/0/0)           0

partition> 0
Part      Tag    Flag     Cylinders        Size            Blocks
0 unassigned    wm       0               0         (0/0/0)           0

Enter partition id tag[unassigned]: <press enter>
Enter partition permission flags[wm]: <press enter>
Enter new starting cyl[0]: <press enter>
Enter partition size[0b, 0c, 0e, 0.00mb, 0.00gb]: 4.99gb

partition> l     (This is a lower case “L” not a numeral one or 1. This step labels the disk.)
Ready to label disk, continue? y

partition> q

format> q

19) Create the file system. You can choose either UFS or ZFS. Both options are shown below.

a) If you will use UFS:
> newfs -Tv /dev/rdsk/c5t2d0s0
newfs: construct a new file system /dev/rdsk/c5t2d0s0: (y/n)? y
mkfs -F ufs /dev/rdsk/c5t2d0s0 10465280 32 128 8192 8192 -1 1 250 1048576 t 0 -1 8 128 y
/dev/rdsk/c5t2d0s0:     10465280 sectors in 2555 cylinders of 128 tracks, 32 sectors
5110.0MB in 18 cyl groups (149 c/g, 298.00MB/g, 320 i/g)
super-block backups (for fsck -F ufs -o b=#) at: 32, 610368, 1220704, 1831040, 2441376,
3051712, 3662048, 4272384, 4882720, 5493056,
6103392, 6713728, 7324064, 7934400, 8544736, 9155072, 9765408, 10375744

> fsck /dev/rdsk/c5t2d0s0
> mkdir /old_ufs_filesystem
> mount /dev/dsk/c5t2d0s0 /old_ufs_filesystem
> vi /etc/vfstab and add the line below to the bottom of the file. This will mount it when the system boots.
/dev/dsk/c5t2d0s0 /dev/rdsk/c5t2d0s0 /old_ufs_filesystem  ufs  2 yes –
> wq! (to exit the vi session)

b) Check the new mount.
> df -h | grep old_ufs_filesystem
/dev/dsk/c5t2d0s0      5.0G  5.0M 4.9G 1% /old_ufs_filesystem

20) If you will use ZFS:
a) Create a pool.
> zpool create -f netappluns c5t2d0s0

b) Create the filesystem.
> zfs create netappluns/fs

c) List the new filesystem.
> zfs list -r netappluns
NAME           USED  AVAIL  REFER  MOUNTPOINT
netappluns     124K  4.89G    32K  /netappluns
netappluns/fs   31K  4.89G    31K  /netappluns/fs

d) Use the legacy display method.
> df -h | grep netappluns
netappluns       4.9G    32K   4.9G   1%    /netappluns
netappluns/fs    4.9G    31K   4.9G   1%    /netappluns/fs

21) You are done. Hope this helps.

HOWTO Secure iSCSI Luns Between Oracle Solaris 10 and NetApp Storage Using Bidirectional CHAP

27 Friday Dec 2013

Posted by in iSCSI, NetApp, Oracle, Security, Solaris

Leave a comment

Tags

, , , ,

This post demonstrates how to secure iSCSI luns between Oracle Solaris 10 and NetApp storage. Solaris calls it Bidirectional CHAP rather than Mutual CHAP. The aggregate, lun and disk sizes are small in this HOWTO to keep it simple. Research the relationship between Solaris EFI, Solaris VTOC and lun size as well as UFS vs ZFS to make sure you choose the proper type for your environment. This was done with Solaris 10 x86. All steps except the fdisk step near the end are the same for SPARC systems.

1) You need to be running at least the Solaris 10 1/06 release. To verify, check your release file.
> cat /etc/release
Oracle Solaris 10 8/11 s10x_u10wos_17b X86

2) Check for the iSCSI packages.
> pkginfo | grep iSCSI
system    SUNWiscsir    Sun iSCSI Device Driver (root)
system    SUNWiscsiu    Sun iSCSI Management Utilities (usr)

a) For reference the iSCSI target packages are listed below. You don’t need them for this HOWTO.
SUNWiscsitgtr    Sun iSCSI Target (Root)
SUNWiscsitgtu    Sun iSCSI Target (Usr)

3) If not installed, mount the Solaris 10 DVD and install the packages. Note the SPARC path will be different: sol_10_811_sparc
If the DVD doesn’t mount automatically:
> mount -F hsfs /dev/rdsk/c0t2d0s2 /mnt
> cd /mnt/sol_10_811_x86/Solaris_10/Product
If it does:
> cd /cdrom/sol_10_811_x86/Solaris_10/Product
>/usr/sbin/pkgadd -d SUNWiscsir
>/usr/sbin/pkgadd -d SUNWiscsiu

4) Make sure the iSCSI service is running on your Solaris host.
> svcs | grep iscsi
online  6:41:58 svc:/network/iscsi/initiator:default

If not, start it.
> svcadm enable svc:/network/iscsi/initiator:default

5) Get your local iSCSI Initiator Node Name or iqn name on the Solaris host.
> iscsiadm list initiator-node | grep iqn
Initiator node name: iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9

6) Make sure the iscsi service is running on the NetApp.
netapp> iscsi status
If not, start it (You need a license for iscsi. Check with the license command.)
netapp> iscsi start

7) Create the volume that will hold the iscsi luns. This command assumes you have aggregate aggr1 already created. If not use an aggregate that has enough room for your volume.
netapp> vol create MCHAPVOL aggr1 10g

8) Create a lun on the volume.
netapp> lun create -s 5g -t solaris_efi /vol/MCHAPVOL/SOL10_iSCSI_MCHAP_01

9) Create an igroup and add the Solaris iscsi node name or iqn from step 5 above to it.
netapp> igroup create -i -t solaris ISCSI_MCHAP_SOL10
netapp> igroup add ISCSI_MCHAP_SOL10 iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9
netapp> igroup show

ISCSI_MCHAP_SOL10 (iSCSI) (ostype: solaris):
iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9 (not logged in)

10) Map the lun to the igroup and give it lun ID 01.
netapp> lun map /vol/MCHAPVOL/SOL10_iSCSI_MCHAP_01 ISCSI_MCHAP_SOL10 01

Note: Solaris EFI is for larger than 2 TB luns and Solaris VTOC for smaller disks. This lun is small just to demonstrate the configuration.

11) Obtain the NetApp target nodename.
netapp> iscsi nodename
iqn.1992-08.com.netapp:sn.84167939

12) On the Solaris host, configure the target (NetApp controller) to be statically discovered. Note that there are two dashes “- -” in front of –static and –sendtargets. For some reason it displays as one dash in some browsers.
> iscsiadm modify discovery –static enable
> iscsiadm modify discovery –sendtargets enable
> iscsiadm add discovery-address 10.10.10.11:3260
> iscsiadm add static-config iqn.1992-08.com.netapp:sn.84167939,10.10.10.11:3260
> iscsiadm list static-config
Static Configuration Target: iqn.1992-08.com.netapp:sn.84167939,10.10.10.11:3260

13) Check your discovery methods. Make sure Statis and Send Targets are enabled.
> iscsiadm list discovery
Discovery:
Static: enabled
Send Targets: enabled
iSNS: disabled

14) Enable Bidirectional CHAP on the Solaris host for the target NetApp controller. There are two dashes “- -” in front of –authentication.
> iscsiadm modify target-param –authentication CHAP iqn.1992-08.com.netapp:sn.84167939
> iscsiadm modify target-param -B enable iqn.1992-08.com.netapp:sn.84167939

15) Set the target device secret key that identifies the target NetApp controller. Note Solaris supports a minimum of 12 and a maximum of 16 character CHAP secrets. Also, there are two dashes “- -” in front of –CHAP-secret. You can make up your own secrets.
> iscsiadm modify target-param –CHAP-secret iqn.1992-08.com.netapp:sn.84167939
Enter secret: NETAPPBICHAP
Re-enter secret: NETAPPBICHAP

16) Set the Solaris host initiator name and CHAP secret. Remember, there are two dashes “- -” in front of –authentication, –CHAP-name and –CHAP-secret. You can make up your own secrets.
> iscsiadm modify initiator-node –authentication CHAP
> iscsiadm modify initiator-node –CHAP-name iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9
> iscsiadm modify initiator-node –CHAP-secret
Enter secret: BIDIRCHAPSOL10
Re-enter secret: BIDIRCHAPSOL10

17) Verify your target parameters. Make sure Bidirectional Authentication is enabled and Authentication type is CHAP.
> iscsiadm list target-param -v iqn.1992-08.com.netapp:sn.84167939
Target: iqn.1992-08.com.netapp:sn.84167939
Alias: –
Bi-directional Authentication: enabled
Authentication Type: CHAP
CHAP Name: iqn.1992-08.com.netapp:sn.84167939
Login Parameters (Default/Configured):
Data Sequence In Order: yes/-
Data PDU In Order: yes/-
Default Time To Retain: 20/-
Default Time To Wait: 2/-
Error Recovery Level: 0/-
First Burst Length: 65536/-
Immediate Data: yes/-
Initial Ready To Transfer (R2T): yes/-
Max Burst Length: 262144/-
Max Outstanding R2T: 1/-
Max Receive Data Segment Length: 8192/-
Max Connections: 1/-
Header Digest: NONE/-
Data Digest: NONE/-
Tunable Parameters (Default/Configured):
Session Login Response Time: 60/-
Maximum Connection Retry Time: 180/-
Login Retry Time Interval: 60/-
Configured Sessions: 1

18) Set the Bidirectional CHAP secrets on the NetApp controller.
netapp> iscsi security add -i iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9 -s chap -p BIDIRCHAPSOL10 -n iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9 -o NETAPPBICHAP -m iqn.1992-08.com.netapp:sn.84167939

a) View the iSCSI security configuration.
netapp> iscsi security show
init: iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9 auth: CHAP Inbound password: **** Inbound username: iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9 Outbound password: **** Outbound username: iqn.1992-08.com.netapp:sn.84167939

19) On the Solaris host, reconfigure the /dev namespace to recognize the iSCSI disk (lun) you just connected.
> devfsadm -i iscsi or devfsadm -Cv -i iscsi

20) Verify CHAP configuration on the server. Restart the server and you should see the iSCSI session on the NetApp console.
> reboot

a) As the server boots, on the NetApp console you should see the following message:
[iscsi.notice:notice]: ISCSI: New session from initiator iqn.1986-03.com.sun:01:ea2fccf7ffff.52b894f9 at IP addr 10.10.10.188

21) Login to server and format the disk. Note – the fdisk command below can be skipped on SPARC systems. Your input is in bold red in the next sequence.
> format
AVAILABLE DISK SELECTIONS:
0. c1t0d0 <DEFAULT cyl 1563 alt 2 hd 255 sec 63>
/pci@0,0/pci15ad,1976@10/sd@0,0
1. c2t2d0 <DEFAULT cyl 2557 alt 2 hd 128 sec 32>
/iscsi/disk@0000iqn.1992-08.com.netapp%3Asn.8416793903E8,1Specify disk (enter its number): 1
selecting c2t2d0
[disk formatted]

FORMAT MENU:
disk       – select a disk
type       – select (define) a disk type
partition  – select (define) a partition table
current    – describe the current disk
format     – format and analyze the disk
fdisk      – run the fdisk program
repair     – repair a defective sector
label      – write label to the disk
analyze    – surface analysis
defect     – defect list management
backup     – search for backup labels
verify     – read and display labels
save       – save new disk/partition definitions
inquiry    – show vendor, product and revision
volname    – set 8-character volume name
!<cmd>     – execute <cmd>, then return
quit

format> fdisk   (Note: this command is only necessary on x86 systems. If you are on SPARC, skip to the next step.)
No fdisk table exists. The default partition for the disk is:

a 100% “SOLARIS System” partition

Type “y” to accept the default partition,  otherwise type “n” to edit the
partition table.
y

22) Partition the disk:

format> p

PARTITION MENU:
0      – change `0′ partition
1      – change `1′ partition
2      – change `2′ partition
3      – change `3′ partition
4      – change `4′ partition
5      – change `5′ partition
6      – change `6′ partition
7      – change `7′ partition
select – select a predefined table
modify – modify a predefined partition table
name   – name the current table
print  – display the current table
label  – write partition map and label to the disk
!<cmd> – execute <cmd>, then return
quit
partition> p

Current partition table (original):
Total disk cylinders available: 2556 + 2 (reserved cylinders)

Part      Tag    Flag     Cylinders        Size            Blocks
0 unassigned    wm       0               0               (0/0/0)           0
1 unassigned    wm       0               0               (0/0/0)           0
2        backup    wu        0 – 2555    4.99GB     (2556/0/0) 10469376
3 unassigned    wm       0               0               (0/0/0)           0
4 unassigned    wm       0               0               (0/0/0)           0
5 unassigned    wm       0               0               (0/0/0)           0
6 unassigned    wm       0               0               (0/0/0)           0
7 unassigned    wm       0               0               (0/0/0)           0
8            boot    wu        0 –    0       2.00MB     (1/0/0)        4096
9 unassigned    wm       0               0               (0/0/0)           0

partition> 0
Part      Tag    Flag     Cylinders        Size            Blocks
0 unassigned    wm       0               0         (0/0/0)           0

Enter partition id tag[unassigned]: <press enter>
Enter partition permission flags[wm]: <press enter?
Enter new starting cyl[0]: <press enter>
Enter partition size[0b, 0c, 0e, 0.00mb, 0.00gb]: 4.99gb

partition>    (This is a lower case “L” not a numeral one or 1. This step labels the disk.)
Ready to label disk, continue? y

partition> q

format> q

23) Create the file system. You can choose either UFS or ZFS. Both options are shown below.

a) If you will use UFS:
> newfs -Tv /dev/rdsk/c2t2d0s0
newfs: construct a new file system /dev/rdsk/c2t2d0s0: (y/n)? y
pfexec mkfs -F ufs /dev/rdsk/c2t2d0s0 10465280 32 128 8192 8192 -1 1 250 1048576 t 0 -1 8 128 y
/dev/rdsk/c2t2d0s0: 10465280 sectors in 2555 cylinders of 128 tracks, 32 sectors
5110.0MB in 18 cyl groups (149 c/g, 298.00MB/g, 320 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 610368, 1220704, 1831040, 2441376, 3051712, 3662048, 4272384, 4882720,
5493056, 6103392, 6713728, 7324064, 7934400, 8544736, 9155072, 9765408, 10375744

> fsck /dev/rdsk/c2t2d0s0
> mkdir /old_ufs_filesystem
> mount /dev/dsk/c2t2d0s0 /old_ufs_filesystem
> vi /etc/vfstab and add the line below to the bottom of the file. This will mount it when the system boots.
/dev/dsk/c2t2d0s0 /dev/rdsk/c2t2d0s0 /old_ufs_filesystem  ufs  2 yes –
> wq! (to exit the vi session)

b) Check the new mount.
> df -h | grep old_ufs_filesystem
/dev/dsk/c2t2d0s0  4.9G 5.0M 4.9G 1% /old_ufs_filesystem

24) If you will use ZFS:
a) Create a pool.
> zpool create -f netappluns c2t2d0

b) Create the filesystem.
> zfs create netappluns/fs

c) List the new filesystem.
> zfs list -r netappluns
NAME            USED  AVAIL  REFER  MOUNTPOINT
netappluns      131K  4.89G    31K  /netappluns
netappluns/fs    31K  4.89G    31K  /netappluns/fs

Use the legacy display method.
> df -h | grep netappluns
netappluns             4.9G    32K   4.9G     1%    /netappluns
netappluns/fs          4.9G    31K   4.9G     1%    /netappluns/fs

25) You are done. Hope this helps.

HOWTO Secure iSCSI Luns Between Oracle Enterprise Linux 6.5 and NetApp Storage with Mutual CHAP

14 Saturday Dec 2013

Posted by in Linux, NetApp, Oracle

Leave a comment

Tags

, , ,

This post demonstrates how to enable bidirectional or mutual CHAP on iSCSI luns between Oracle Enterprise Linux 6 update 5 and NetApp storage. The aggregate, lun and disk sizes are small in this HOWTO to keep it simple.

1) Install open-iscsi on your server.
> yum install iscsi-initiator*
> reboot (don’t argue with me, just do it!)

2) Display your server’s new iscsi initiator or iqn nodename.
> cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.1988-12.com.oracle:523325af23

3) On the NetApp filer, create the volume that will hold the iscsi luns. This command assumes you have aggregate aggr1 already created. If not, use an aggregate that has enough room for your volume.
netapp> vol create MCHAPVOL aggr1 10g

4) Create the lun in the volume.
netapp> lun create -s 5g -t linux /vol/MCHAPVOL/OEL6u5_iSCSI_MCHAP_01

5) Create an igroup and add the Oracle Enterprise Linux iscsi nodename or iqn from step 2 above to it.
netapp> igroup create -i -t linux ISCSI_MCHAP_OEL6u5
netapp> igroup add ISCSI_MCHAP_OEL6u5 iqn.1988-12.com.oracle:523325af23
netapp> igroup show ISCSI_MCHAP_OEL6u5
ISCSI_MCHAP_OEL6u5 (iSCSI) (ostype: linux):
iqn.1988-12.com.oracle:523325af23 (not logged in)

6) Map the lun to the igroup and give it lun ID 01.
netapp> lun map /vol/MCHAPVOL/OEL6u5_iSCSI_MCHAP_01 ISCSI_MCHAP_OEL6u5 01

7) Obtain the NetApp target nodename.
netapp> iscsi nodename
iqn.1992-08.com.netapp:sn.84167939

8) Set the CHAP secret on the NetApp controller.
netapp> iscsi security add -i iqn.1988-12.com.oracle:523325af23 -s chap -p MCHAPOEL6u5 -n iqn.1988-12.com.oracle:523325af23 -o NETAPPMCHAP -m iqn.1992-08.com.netapp:sn.84167939

netapp> iscsi security show
init: iqn.1988-12.com.oracle:523325af23 auth: CHAP Inbound password: **** Inbound username: iqn.1988-12.com.oracle:523325af23 Outbound password: **** Outbound username: iqn.1992-08.com.netapp:sn.84167939

9) On the server, edit your /etc/iscsi/iscsi.conf file and set the parameters below.
> vi /etc/iscsi/iscsid.conf
node.startup = automatic
node.session.auth.authmethod = CHAP
node.session.auth.username = iqn.1988-12.com.oracle:523325af23
node.session.auth.password = MCHAPOEL6u5
node.session.auth.username_in = iqn.1992-08.com.netapp:sn.84167939
node.session.auth.password_in = NETAPPMCHAP
discovery.sendtargets.auth.authmethod = CHAP
discovery.sendtargets.auth.username = iqn.1988-12.com.oracle:523325af23
discovery.sendtargets.auth.password = MCHAPOEL6u5
discovery.sendtargets.auth.username_in = iqn.1992-08.com.netapp:sn.84167939
discovery.sendtargets.auth.password_in = NETAPPMCHAP
> wq!

10) On the server, restart the service and discover your iSCSI target (your storage system).
> service iscsi restart
> iscsiadm -m discovery -t st -p 10.10.10.11
10.10.10.11:3260,1000 iqn.1992-08.com.netapp:sn.84167939

> iscsiadm -m node  (this should display the same as above)
10.10.10.11:3260,1000 iqn.1992-08.com.netapp:sn.84167939

11) On the server, manually login to the iSCSI target (your storage array). Note there are two dashes “- -” in front of –login. It always looks like one.
> iscsiadm -m node -T “iqn.1992-08.com.netapp:sn.84167939” –login
Logging in to [iface: default, target: iqn.1992-08.com.netapp:sn.84167939, portal: 10.10.10.11,3260] (multiple)
Login to [iface: default, target: iqn.1992-08.com.netapp:sn.84167939, portal: 10.10.10.11,3260] successful.

Verify the iSCSI session on the filer:
netapp> iscsi session show
Session 10
Initiator Information
Initiator Name: iqn.1988-12.com.oracle:523325af23
ISID: 00:02:3d:01:00:00
Initiator Alias: oel6u5

12) Stop and start the iscsi service on the server.
> service iscsi stop
Pause for 10 seconds and then run the next command.
> service iscsi start

13) From the server, check your session.
> iscsiadm -m session -P 1
Target: iqn.1992-08.com.netapp:sn.84167939
Current Portal: 10.10.10.11:3260,1000
Persistent Portal: 10.10.10.11:3260,1000
**********
Interface:
**********
Iface Name: default
Iface Transport: tcp
Iface Initiatorname: iqn.1988-12.com.oracle:523325af23
Iface IPaddress: 10.10.10.93
Iface HWaddress: <empty>
Iface Netdev: <empty>
SID: 2
iSCSI Connection State: LOGGED IN
iSCSI Session State: LOGGED_IN
Internal iscsid Session State: NO CHANGE

14) From the server, check the NetApp iSCSI details. Note there are two dashes “- -” in front of mode, targetname and portal. Sometimes it looks like one.
> iscsiadm -–mode node –-targetname “iqn.1992-08.com.netapp:sn.84167939″ –-portal 10.10.10.11:3260
# BEGIN RECORD 6.2.0-873.10.el6
node.name = iqn.1992-08.com.netapp:sn.84167939
node.tpgt = 1000
node.startup = automatic
node.leading_login = No
iface.hwaddress = <empty>
iface.ipaddress = <empty>
iface.iscsi_ifacename = default
<output truncated to keep the post short>

15) From the server, find and format the new lun (new disk). On the fdisk command wizard, enter the letters in bold below.
> cat /var/log/messages | grep “unknown partition table”
Dec 14 08:55:02 oel6u5 kernel: sdb: unknown partition table

> fdisk /dev/sdb

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x54ac8aa4.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won’t be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It’s strongly recommended to
switch off the mode (command ‘c’) and change display units to
sectors (command ‘u’).

Command (m for help): u
Changing display/entry units to sectors

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

> fdisk /dev/sdb
WARNING: DOS-compatible mode is deprecated. It’s strongly recommended to
switch off the mode (command ‘c’) and change display units to
sectors (command ‘u’).

Command (m for help): c
DOS Compatibility flag is not set

Command (m for help): u
Changing display/entry units to sectors

Command (m for help): n
Command action
e   extended
p   primary partition (1-4) <press the P key>
p
Partition number (1-4): 1
First sector (2048-10485759, default 2048): <press enter>
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-10485759, default 10485759): <press enter>
Using default value 10485759

Command (m for help): p

Disk /dev/sdb: 5368 MB, 5368709120 bytes
166 heads, 62 sectors/track, 1018 cylinders, total 10485760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x54ac8aa4

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    10485759     5241856   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

16) On the server, create the Linux file system on the new partition.
> mkfs -t ext4 /dev/sdb1
mke2fs 1.43-WIP (20-Jun-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310464 blocks
65523 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

17) Verify the partition.
> blkid /dev/sdb1
/dev/sdb1: UUID=”1a6e2a56-924f-4e3b-b281-ded3a3141ab4″ TYPE=”ext4″

18) Create the mount point and manually mount the directory.
> mkdir /newiscsilun
> mount /dev/sdb1 /newiscsilun
> df -h | grep newiscsilun
Filesystem Size  Used Avail Use% Mounted on
/dev/sdb1  4.8G  10M  4.6G   1% /newiscsilun

19) Add the new mount point to /etc/fstab.
> vi /etc/fstab
/dev/sdb1 /newiscsilun ext4 _netdev 0 0
> wq!

Note: the _netdev option is important so that it doesn’t try mounting the target before the network is available.

20) Test that it survives a reboot by rebooting the server. With the _netdev set, iscsi starts and your CHAP logins should take place before it attempts to mount. After the reboot, login and verify its mounted.
> reboot

When done rebooting, login and verify the lun is mounted.
> df -h | grep newiscsilun
Filesystem Size  Used Avail Use% Mounted on
/dev/sdb1  4.8G  10M  4.6G   1% /newiscsilun

21) On the server you can check session stats.
> iscsiadm -m session -s
Stats for session [sid: 1, target: iqn.1992-08.com.netapp:sn.84167939, portal: 10.10.10.11,3260]
iSCSI SNMP:
txdata_octets: 31204
rxdata_octets: 917992
noptx_pdus: 0
scsicmd_pdus: 270
tmfcmd_pdus: 0
login_pdus: 0
text_pdus: 0
dataout_pdus: 0
logout_pdus: 0
snack_pdus: 0
noprx_pdus: 0
scsirsp_pdus: 270
tmfrsp_pdus: 0
textrsp_pdus: 0
datain_pdus: 242
logoutrsp_pdus: 0
r2t_pdus: 0
async_pdus: 0
rjt_pdus: 0
digest_err: 0
timeout_err: 0
iSCSI Extended:
tx_sendpage_failures: 0
rx_discontiguous_hdr: 0
eh_abort_cnt: 0

22) As root, change permissions on /etc/iscsi/iscsid.conf. I’m not sure why they haven’t fixed this clear text CHAP password in a file issue so just make sure only root can read/write the file.
> chmod 600 /etc/iscsi/iscsid.conf

23) On the NetApp storage you can verify the Lun and the server’s session.
>  lun show -v /vol/MCHAPVOL/OEL6u5_iSCSI_MCHAP_01
/vol/MCHAPVOL/OEL6u5_iSCSI_MCHAP_01      5g (5368709120)    (r/w, online, mapped)
Serial#: hoagPJvLcRy6
Share: none
Space Reservation: enabled (not honored by containing Aggregate)
Multiprotocol Type: linux
Maps: ISCSI_MCHAP_OEL6u5=1

>  iscsi session show -v
Session 12
Initiator Information
Initiator Name: iqn.1988-12.com.oracle:523325af23
ISID: 00:02:3d:01:00:00
Initiator Alias: oel6u5

Session Parameters
SessionType=Normal
TargetPortalGroupTag=1000
MaxConnections=1
ErrorRecoveryLevel=0
AuthMethod=CHAP
HeaderDigest=None
DataDigest=None
ImmediateData=Yes
InitialR2T=No
FirstBurstLength=65536
MaxBurstLength=65536
Initiator MaxRecvDataSegmentLength=65536
Target MaxRecvDataSegmentLength=65536
DefaultTime2Wait=2
DefaultTime2Retain=0
MaxOutstandingR2T=1
DataPDUInOrder=Yes
DataSequenceInOrder=Yes
Command Window Size: 32

Connection Information
Connection 0
Remote Endpoint: 10.10.10.93:33454
Local Endpoint: 10.10.10.11:3260
Local Interface: e0a
TCP recv window size: 131400

Command Information
No commands active

Oracle Enterprise Linux 6.5 Hangs after Starting Certmonger

14 Saturday Dec 2013

Posted by in Linux, Oracle

1 Comment

Tags

,

So, you are installing Oracle Enterprise Linux 6 update 5 and you select the Desktop group of packages. When the system is finished installing and finally boots, it hangs at certmonger. The certmonger daemon monitors certificates for impending expiration, and can optionally refresh soon to be expired certificates with the help of a CA.

Why this kills the Desktop if X isn’t installed is beyond me. For some reason the dependent packages don’t get selected by yum. To fix it, perform the following steps.

1) Reboot and press the spacebar key to enter the boot menu during system start-up.
a) When the Grub menu appears, press the ‘e’ key.
b) Scroll down to the line with kernel and press the ‘e’ again.
c) At the end of the line, the last word should be ‘quiet’. Right arrow key over to the end of the line and press spacebar once to add a space after the word ‘quiet’ and press the 3 key.
d) Then press the Enter key and then the letter ‘b’ to boot the system.

2) The systems will boot into text mode. Now, add the X Window System rpm’s.
> yum update
> yum groupinstall “X Window System”

3) Reboot the system and you should have a working desktop.
> shutdown -r now

NetApp releases new versions of 7-Mode Transition Tool, SnapManager, NFS VAAI Plugin, VSC, and two new Oracle tools.

10 Thursday Oct 2013

Posted by in NetApp, Oracle

Leave a comment

Tags

,

1) 7-Mode Transition Tool v1.1
The 7-Mode Transition Tool enables copy-based transitions of Data ONTAP 7G and 7-Mode FlexVol volumes and configurations to new hardware that is running clustered Data ONTAP 8.2, with minimum client disruption and retention of storage efficiency options. Attention: You can transition only network-attached storage (NAS) environments to clustered Data ONTAP 8.2 using the 7-Mode Transition Tool.
http://support.netapp.com/NOW/download/software/ntap_7mtt/1.1/

2) NetApp NFS Plug-in for VMware VAAI v1.0.20
http://support.netapp.com/NOW/download/software/nfs_plugin_vaai/1.0.20/

3) SnapManager for Exchange v7.0
http://support.netapp.com/NOW/download/software/snapmanager_e2k/7.0/

4) Single Mailbox Recovery for Exchange v7.0
http://support.netapp.com/NOW/download/software/smbr/7.0/

5) SnapManager for SharePoint v6.1.2, v7.1.1, and v8.0
SnapManager for Microsoft SharePoint is an enterprise-strength backup, recovery, and data management solution for Microsoft SharePoint 2013, 2010 and 2007.
http://support.netapp.com/NOW/download/software/snapmanager_sharepoint/8.0/
http://support.netapp.com/NOW/download/software/snapmanager_sharepoint/7.1.1/
http://support.netapp.com/NOW/download/software/snapmanager_sharepoint/6.1.2/

6) Virtual Storage Console v4.2.1
The Virtual Storage Console for VMware vSphere software is a vSphere client plug-in that provides end-to-end virtual machine lifecycle management for VMware virtual server and desktop environments running on NetApp storage.
http://support.netapp.com/NOW/download/software/vsc_win/4.2.1/

7) NetApp Storage System Plug-in for Oracle Enterprise Manager v12.1.0.2.0
The NetApp Storage System Plug-in for Oracle Enterprise Manager delivers comprehensive availability and performance information for NetApp storage systems. By combining NetApp storage system monitoring with comprehensive management of Oracle systems, Cloud Control significantly reduces the cost and complexity of managing applications that rely on NetApp storage and Oracle technologies.
http://support.netapp.com/NOW/download/tools/ntap_storage_plugin/

8) NetApp Cloning Plug-in for Oracle Database
NetApp and Oracle have collaborated to provide the ability to quickly clone a PDB database from the Oracle Database 12c SQL command line. This integration leverages NetApp FlexClone technology which allows you to develop and test applications faster by creating instant, space efficient clones of PDBs that shorten the design cycles and improve service levels.
http://support.netapp.com/NOW/download/tools/ntap_cloning_plugin/

NetApp ONTAP 7.3.3 Simulator Installation Guide for Oracle Enterprise Linux and Oracle VirtualBox

20 Wednesday Mar 2013

Posted by in Linux, NetApp, Oracle

Leave a comment

Tags

, ,

The following document provides detailed instructions to create a simulated NetApp filer environment using Oracle Enterprise Linux 5.5, Oracle VirtualBox 3.2.10 and the NetApp ONTAP 7.3.3 Simulator.

Outline

The naming convention I use will differentiate the Linux VM by using “L” and the ONTAP Simulator by using “O” as the first character in the hostname.

OS Hostname   IP                     SIM Hostname              IP Address             

L733SIM01        10.10.10.50       O733SIM01                   10.10.10.51

L733SIM02        10.10.10.52       O733SIM02                   10.10.10.53

You can run multiple versions of the Simulator (such as 7.3.1 or 7.3.4 or even 8.0). Simply adjust the hostnames to the version number to keep things sane. It is assumed you have Active Directory and DNS already in place so you can create CIFS shares as you would for user homes and profiles in a Domain.

Hardware

This document describes the process for Installing Oracle VirtualBox, creating the Linux VM and installing the ONTAP Simulator in the VM, My system is a Dell 8300 with 3 Gigs of RAM, 3 GHz Pentium 4 CPU with Windows 7 Ultimate x32. Not exactly the fastest system these days but plenty fast for the Simulator. 25 Gigs or more of disc space is enough to run the Simulator.

Oracle Enterprise Linux 5.5 x32

http://edelivery.oracle.com/EPD/GetUserInfo/get_form?caller=LinuxWelcome

Fill in your name, email address, answer yes to the export and license and click Continue.

  1. Select Oracle Linux, x86 32 bit and click Go. Note that the 7.3.3 Sim is not x64. The ONTAP 8x Sim is x64.
  1. Select the top option and click Continue at the bottom of the page.
  1. Scroll down and click Download on the x32 DVD. Save it to your computer. When the download finishes, right-click and extract the ISO image.
  1. Browse to the download location (right-click Start | Explore), right-click the zip file and unzip in the current location. I use 7zip but whatever zip utility works for you is fine.

Oracle VirtualBox

http://www.virtualbox.org/wiki/Downloads

  1. Click the VirtualBox 3.2.10 for Windows hosts x86/amd64 link and download to your computer.
  2. Browse to the file and double-click it (you may have to right-click and select Run As Administrator).
  3. If it appears, click Yes to the User Access Control pop-up window.
  4. Click Next on the Welcome screen | accept the License and click Next.
  5. Click Next on the Custom Setup screen | click next on the Shortcuts screen.
  6. Click Yes on the Network interface notice screen and the Install to start the installation.
  7. Deselect Start Oracle VirtualBox and click Finish.
  8. Manually reboot your system.

Create the VM Profile

  1. Click Start | All Programs | Oracle VM VirtualBox | VirtualBox.
  2. Click Ignore on the Media accessibility pop-up message.
  3. In the upper left corner, click the blue New icon.
  4. Click Next on the Welcome screen.
  5. Enter the hostname L733SIM01, under OS Type select Linux and Oracle and then click Next.
  6. Set the memory to 1024 (1 Gig) and lick Next.
  7. Select Create New Hard Disk and click Next.
  8. Click Next on the Create New Disk Wizard.
  9. Select fixed-size storage. Note that this will take a while to complete. Your Simulator VM will run faster with this option although the Dynamic expanding storage option is an acceptable (and supported) choice.
  10. Enter 25 Gigs and click Next.
  11. Assess the Summary and click Finish. This will take a while so go have a cup of coffee.
  12. When done click Finish.

Customize the VM Hardware

  1. In the upper left select the Setting icon.
  2. Select the System icon. In the middle next to Boot Order, un-check Floppy.
  3. Select the Audio icon on the left. Un-check the Enable Audio checkbox.
  4. Select the Network icon. Check Enable network adapter. Next to Attached to select Not Attached (you will attach later). Below that, expand Advanced and select Intel PRO/1000 MT Server adapter.
  5. Select the Serial Ports icon. Check Enable serial port on COM1 with port mode Disconnected and click OK to commit the hardware changes.
  6. In the upper left, click Settings again. Select the Storage icon. Under IDE Controller, select the dick icon marked Empty. On the right next to CD/DVD Device (Empty) click the small Folder icon.
  7. Click Add.
  8. Browse out to the ISO image for Oracle Enterprise Linux x32 v5.5 and click Open.
  9. Highlight the ISO image and click Select.
  10. Click OK to complete the preparation. The ISO image is now attached and ready to boot.
  11. In the upper left, click Start.
  12. When the console pop-up appears, read the message so you understand how to capture and release the mouse during the installation of the OS. Click OK to proceed. Note – after Installation, you will install the Guest Additions.
  13. Click inside the VM to make sure the mouse and keyboard is captured and press Enter. Click OK on mouse capture pop-up messages.
  14. Tab over to Skip and press Enter.
  15. At the Welcome screen click Next.
  16. Select English and click Next.
  17. Select US English and click Next.
  18. Select Yes to initialize the disk and erase all data.
  19. On the drop-down menu, select Remove all partitions on selected drives and create default layout. At the bottom select Review and click Next.
  20. Select Yes to remove all partitions.
  21. View the partition summary and click Next. Note: if you want to make changes to the partitions do it here.
  22. Accept the default boot loader options and click Next.
  23. Click Edit to the right of Network Devices. On the pop-up window select Manual Configuration and enter 10.10.10.50 and 255.255.255.0 for the mask. Below, deselect IPv6 and click OK.
  24. Back on the main window, enter hostname OEL733SIM01, gateway 10.10.10.1, primary DNS 10.10.10.100 and click Next.
  25. At the bottom left deselect System clock uses UTC and click Next.
  26. Set a root password and click Next.
  27. At the bottom click Customize now and Next.
  28. Select Applications and deselect Games, Graphics, Office, Sound and Video.
  29. Select Base System, deselect Dialup Networking and click Next.
  30. Next to start the installation.
  31. The installation begins and the disk is formatted.
  32. When done click Reboot. Click OK when the mouse pop-up message appears.
  33. The system reboots and runs Firstboot to complete the configuration. Click Forward.
  34. Accept the License agreement and click Forward.
  35. Disable the Firewall and click Forward. Click Yes on the security override pop-up window.
  36. Set SELinux to disabled and click Forward. Click Yes on the SELinux reboot pop-up message.
  37. Do not enable Kdump and click Forward.
  38. Select the Network Time Protocol tab, check Enable Network Time Protocol and click Forward. Note: to keep the ONTAP Simulator and the host OS time in sync you can also add your domain controller on this screen.
  39. Create a netappadmin account and click Forward.
  40. There is no sound card so click Forward.
  41. Click Finish and OK to reboot.
  42. Login as root and prepare for the Guest Additions. After login, right-click the desktop and select Open Terminal.
  43. In the upper left under Devices, select Install Guest Additions.
  44. Click inside the xterm console and run the following commands:

# cd /media/*/

# ls

# cp -rp /media/*/ /root/

# cd /root/V*/

# ls -l (to verify that they are there).

# umount /media/VBOXADDITIONS_3.2.10_66523

  1. Mount the Oracle Enterprise Linux 5.5 ISO image again (it was disconnected in the previous step). In the lower right corner of the VM, right-click the CD/DVD icon and select Enterprise-R5-U5-Server-i386-dvd.iso.
  2. Now, disconnect it but leave it “in the DVD tray” so to speak. This is an odd step but you must do it.

# umount /media/”Enterprise Linux dvd 20100405″

3. In the lower right hardware icons, double-click the network icon. On adapter 1, select Bridged adapter and the Intel Pro/100 and click OK.  You should now be on the network (or internet).

Setup Yum to read the DVD ISO image and install development components

  1. This process makes dependency resolution a no brainer.

# mkdir -p /media/disk

# mount /dev/cdrom /media/disk

# ls -l /media/disk/

2. Setup the yum base. Edit /etc/yum.conf, adding the following section:

# vi /etc/yum.conf

3. At the end of the file, below the lines that reads “#PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d, ” add the [base] section below.

[base]

name = Oracle Enterprise Linux 5.5 DVD

baseurl=file:///media/disk/Server/

gpgcheck=0

enabled=1

# wq!

# service yum-updatesd restart

# yum repolist

4. Run the install process for the groups below. Follow the prompt because you must answer “Is this OK, [y/N]: y” to continue. You must enter y to install the software. I know, I know, it installs a few libraries you don’t need but who has time to dissect every rpm?

# yum install unifdef rpm-build

# yum groupinstall “Development Libraries”

# yum groupinstall “Development Tools”

# yum install lynx

5. Exit the DVD path and umount it.

# cd /

# umount /media/disk

# df -h (to verify)

# reboot  (don’t argue, just do it!)

Note that the ISO is still attached to the VM. To remove it completely right-click the DVD icon in the lower right and select Unmount CD/DVD Device.

Install the VirtualBox Guest Additions

1. As root, run the following commands.

# cd /root/V*

# sh ./VBoxLinuxAdditions-x86.run

2. When the installation completes reboot the VM to seat the new drivers and kernel modules.

# reboot

You now have a pass-through mouse (no more right Ctrl key to release the mouse) and better overall integration.

For reference, Guest Additions are installed to:

/opt/VBoxGuestAdditions-3.2.10


Get the NetApp Simulator

1. Login to the VM as root and launch an xterm. Create the directory where the Simulator will reside.

# cd /

# mkdir 733sim

2. Launch a browser and perform the following steps.

  1. Create a NOW account on the NetApp support site: https://now.netapp.com/eservice/public/now.do
  2. Browse to the Simulator download site: http://now.netapp.com/NOW/cgi-bin/simulator
  3. Select the 7.3.3-tarfile-v22.tgz (76.6 MB) file and download to /733sim

An alternative method would be to use lynx. Note that you have to add your NOW user/password info after the auth= statement in the command below. When run, just answer yes to all the odd messages that appear.

lynx -accept_all_cookies -auth=NOW account  user/password http://now.netapp.com/download/tools/simulator/ONTAP/7.3.3/7.3.3-tarfile-v22.tgz

Install the Simulator

  1. Login as root and open an xterm. Questions are answered with bold text below. Note: at the end of the setup script it will create the disks. Let it run for a few minutes and then press enter to get the command prompt back.  Otherwise it will just sit at “Adding 20 additional disks” forever.

# cd /733sim

# tar -zxvf 7.3.3-tarfile-v22.tgz

# cd simulator

# ./setup.sh

Script version 22 (18/Sep/2007)

Where to install to? [/sim]: /733sim/sim

Would you like to install as a cluster? [no]: no

Would you like full HTML/PDF FilerView documentation to be installed [yes]: yes

Continue with installation? [no]: yes

Creating /733sim/sim

Unpacking sim.tgz to /733sim/sim

Configured the simulators mac address to be [00:50:56:6:79:c8]

Please ensure the simulator is not running.

Your simulator has 3 disk(s). How many more would you like to add? [0]: 20

The following disk types are available in MB:

Real (Usable)

a –   43   ( 14)

b –   62   ( 30)

c –   78   ( 45)

d –  129   ( 90)

e –  535   (450)

f – 1024   (900)

If you are unsure choose the default option a

What disk size would you like to use? [a]: f

Disk adapter to put disks on? [0]: 0

Use DHCP on first boot? [yes]: no

Ask for floppy boot? [no]: no

Checking the default route…

You have a single network interface called eth0 (default route) . You will not be able to access the simulator from this Linux host. If this interface is marked DOWN in ifconfig then your simulator will crash.

Which network interface should the simulator use? [default]: <press enter>

Your system has 872MB of free memory. The smallest simulator memory you should choose is 110MB. The maximum simulator memory is 832MB.

The recommended memory is 512MB.

How much memory would you like the simulator to use? [512]: 512

Create a new log for each session? [no]: yes

Adding 20 additional disk(s).

Complete. Run /733sim/sim/runsim.sh to start the simulator.

[root@L733SIM01 simulator]#

Run the Simulator to set the initial configuration in /etc/rc

  1. As root, run the Simulator. Note that the first time you run it will take some time to complete the boot sequence. Please be patient. Answers to questions are in bold below. Also we will break out of the cifs configuration at the end since you will have to answer the questions to fit your domain.

# /733sim/sim/runsim.sh

runsim.sh script version Script version 22 (18/Sep/2007)

This session is logged in /733sim/sim/sessionlogs/log-1287856931

NetApp Release 7.3.3: Wed Feb 24 10:15:48 PST 2010

Copyright (c) 1992-2009 NetApp.

Starting boot on Sat Oct 23 18:02:12 GMT 2010

Sat Oct 23 18:04:09 GMT [iomem.init.fail:CRITICAL]: Failed to initialize acceleration card (model name X1938A-R5, serial number 5012345670, part number virgo-simulator) in slot 1.

Sat Oct 23 18:04:09 GMT [fmm.domain.card.failure:error]: PAM II in slot 1 (model name X1938A-R5, serial number 5012345670, part number virgo-simulator): Flash device failed and needs to be updated or repaired or replaced.

Sat Oct 23 18:04:24 GMT [fmmb.current.lock.disk:info]: Disk v4.16 is a local HA mailbox disk.

Sat Oct 23 18:04:24 GMT [fmmb.current.lock.disk:info]: Disk v4.17 is a local HA mailbox disk.

Sat Oct 23 18:04:24 GMT [fmmb.instStat.change:info]: normal mailbox instance on local side.

Sat Oct 23 18:04:28 GMT [raid.cksum.replay.summary:info]: Replayed 0 checksum blocks.

Sat Oct 23 18:04:28 GMT [raid.stripe.replay.summary:info]: Replayed 0 stripes.

sparse volume upgrade done. num vol 0.

Vdisk Snap Table for host:0 is initialized

Sat Oct 23 18:04:32 GMT [vol.language.unspecified:info]: Language not set on volume vol0. Using language config “C”. Use vol lang to set language.

Sat Oct 23 18:04:32 GMT [rc:notice]: The system was down for 20113981 seconds

Sat Oct 23 18:04:32 GMT [useradmin.added.deleted:info]: The role ‘compliance’ has been added.

Sat Oct 23 18:04:33 GMT [useradmin.added.deleted:info]: The group ‘Backup Operators’ has been modified.

/etc/rc is missing. Running configuration dialog.

NetApp Release 7.3.3: Wed Feb 24 10:15:48 PST 2010

System ID: 0099920376 ()

System Serial Number: 987654-32-0 ()

System Storage Configuration: Multi-Path

System ACP Connectivity: NA

Model Name: Simulator

Processors: 1

slot 0: NetApp Virtual SCSI Host Adapter v0

23 Disks:             20.7GB

2 shelves with LRC

slot 1: NetApp Virtual SCSI Host Adapter v1

slot 2: NetApp Virtual SCSI Host Adapter v2

slot 3: NetApp Virtual SCSI Host Adapter v3

slot 4: NetApp Virtual SCSI Host Adapter v4

23 Disks:             20.7GB

2 shelves with LRC

slot 5: NetApp Virtual SCSI Host Adapter v5

slot 6: NetApp Virtual SCSI Host Adapter v6

slot 7: NetApp Virtual SCSI Host Adapter v7

slot 8: NetApp Virtual SCSI Host Adapter v8

4 Tapes:            VT-100MB

VT-100MB

VT-100MB

VT-100MB

Please enter the new hostname []: O733SIM01

Do you want to enable IPv6? [n]: n

Do you want to configure virtual network interfaces? [n]: n

Please enter the IP address for Network Interface ns0 []: 10.10.10.51

Please enter the netmask for Network Interface ns0 [255.0.0.0]: 255.255.255.0

Please enter media type for ns0 {100tx-fd, auto} [auto]: <press enter>

Please enter the IP address for Network Interface ns1 []: <press enter>

Would you like to continue setup through the web interface? [n]: n

Please enter the name or IP address of the IPv4 default gateway: 10.10.10.1

The administration host is given root access to the filer’s

/etc files for system administration.  To allow /etc root access

to all NFS clients enter RETURN below.

Please enter the name or IP address of the administration host: 10.10.10.200

Please enter timezone [GMT]: EST

Where is the filer located? []: Earth

What language will be used for multi-protocol files (Type ? for list)?:?

Supported language codes are:

C               (POSIX)

ar              (Arabic)

cs              (Czech)

da              (Danish)

de              (German)

en              (English)

en_US           (English (US))

es              (Spanish)

fi              (Finnish)

fr              (French)

he              (Hebrew)

hr              (Croatian)

hu              (Hungarian)

it              (Italian)

ja              (Japanese euc-j*)

ja_v1           (Japanese euc-j)

ja_JP.PCK       (Japanese PCK(sjis)*)

ja_JP.932       (Japanese cp932*)

ja_JP.PCK_v2    (Japanese PCK(sjis))

ko              (Korean)

no              (Norwegian)

nl              (Dutch)

pl              (Polish)

pt              (Portuguese)

ro              (Romanian)

ru              (Russian)

sk              (Slovak)

sl              (Slovenian)

sv              (Swedish)

tr              (Turkish)

zh              (Simplified Chinese)

zh.GBK          (Simplified Chinese (GBK))

zh_TW           (Traditional Chinese euc-tw)

zh_TW.BIG5      (Traditional Chinese Big 5)

To use UTF-8 as the NFS character set append ‘.UTF-8’

Language codes flagged with “*” are obsolete versions of those language character sets.

What language will be used for multi-protocol files (Type ? for list)?:en_US

Setting language on volume vol0

The new language mappings will be available after reboot

Sat Oct 23 18:11:45 GMT [vol.language.changed:info]: Language on volume vol0 changed to en_US

Language set on volume vol0

Do you want to run DNS resolver? [n]: n

Do you want to run NIS client? [n]: n

The Shelf Alternate Control Path Management process provides the ability

to recover from certain SAS shelf module failures and provides a level of

availability that is higher than systems not using the Alternate Control

Path Management process.

Do you want to configure the Shelf Alternate Control Path Management interface for SAS shelves [n]: n

Setting the administrative (root) password for O733SIM01 …

New password: <enter password>

Retype new password: <enter password>

Sat Oct 23 13:12:39 EST [passwd.changed:info]: passwd for user ‘root’ changed.

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st0 automatically added for tape device WWN[0:042:424200:000000].

Sat Oct 23 13:12:39 EST [dfu.firmwareUpToDate:info]: Firmware is up-to-date on all disk drives

Sat Oct 23 13:12:39 EST [sfu.firmwareUpToDate:info]: Firmware is up-to-date on all disk shelves.

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st1 automatically added for tape device WWN[0:142:424200:000000].

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st2 automatically added for tape device WWN[0:242:424200:000000].

Sat Oct 23 13:12:39 EST [tapemc.alias.addOK:info]: Alias st3 automatically added for tape device WWN[0:342:424200:000000].

Sat Oct 23 13:12:39 EST [netif.linkUp:info]: Ethernet ns0: Link up.

Sat Oct 23 13:12:40 EST [perf.archive.start:info]: Performance archiver started. Sampling 22 objects and 195 counters.

add net default: gateway 10.10.10.1

There are 20 spare disks; you may want to use the vol or aggr command

to create new volumes or aggregates or add disks to the existing aggregate.

Sat Oct 23 13:12:42 EST [rc:info]: Registry is being upgraded to improve storing of local changes.

Sat Oct 23 13:12:42 EST [rc:info]: Registry upgrade successful.

Sat Oct 23 13:12:43 EST [mgr.boot.disk_done:info]: NetApp Release 7.3.3 boot complete. Last disk update written at Thu Mar  4 17:51:28 EST 2010

Sat Oct 23 13:12:43 EST [mgr.boot.reason_ok:notice]: System rebooted after a halt command.

This process will enable CIFS access to the filer from a Windows(R) system.

Use “?” for help at any prompt and Ctrl-C to exit without committing changes.

///

Press Ctrl+C to break out of CIFS configuration. Note that you can run the cifs setup command at any time.

  1. List out the disks to make sure you have them.

O733SIM01> vol status -r

Aggregate aggr0 (online, raid0) (zoned checksums)

Plex /aggr0/plex0 (online, normal, active)

RAID group /aggr0/plex0/rg0 (normal)

RAID Disk Device  HA  SHELF BAY CHAN Pool Type  RPM  Used (MB/blks)    Phys (MB/blks)

——— ——  ————- —- —- —- —– ————–    ————–

data      v4.16   v4    1   0   FC:B   –  FCAL  N/A  120/246784        127/261248

data      v4.17   v4    1   1   FC:B   –  FCAL  N/A  120/246784        127/261248

data      v4.18   v4    1   2   FC:B   –  FCAL  N/A  120/246784        127/261248

Spare disks

RAID Disk       Device  HA  SHELF BAY CHAN Pool Type  RPM  Used (MB/blks)    Phys (MB/blks)

———       ——  ————- —- —- —- —– ————–    ————–

Spare disks for zoned checksum traditional volumes or aggregates only

spare           v4.19   v4    1   3   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.20   v4    1   4   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.21   v4    1   5   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.22   v4    1   6   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.24   v4    1   8   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.25   v4    1   9   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.26   v4    1   10  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.27   v4    1   11  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.28   v4    1   12  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.29   v4    1   13  FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.32   v4    2   0   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.33   v4    2   1   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.34   v4    2   2   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.35   v4    2   3   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.36   v4    2   4   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.37   v4    2   5   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.38   v4    2   6   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.39   v4    2   7   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.40   v4    2   8   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

spare           v4.41   v4    2   9   FC:B   –  FCAL  N/A  1020/2089984      1027/2104448

 

2. Connect to FilerView on the Simulator. From your Windows PC (where you installed VirtualBox), launch a browser (Firefox, Chrome, Opera, etc) and enter the following url: http://10.10.10.51/na_admin

3. Click the Simulator Documentation icon to get the license keys.

4. On the Documentation page click License Keys and the list of keys will be displayed. Add them to the filer in FilerView or with the license add <license> command.