Category: SAN/NAS/Storage

Mar 15

Manually set IP, Subnet and Gateway addresses on VNX Control Station

How to change the Control Station IP Address and Subnet Mask

Log in to the Control Station as root.

Change the IP address and network mask by using this command syntax:

Note: /sbin/ifconfig -a revealed eth3 to be my cs0 interface.

 

# /sbin/ifconfig eth3 <ipaddr> netmask <netmask>

e.g. /sbin/ifconfig eth3 172.24.101.100 netmask 255.255.255.0

 

This changes the immediate configuration, but does not persist across restarts.

Edit the network scripts file, /etc/sysconfig/network-scripts/ifcfg-eth3, by using a text editor (that means vi)

DEVICE=eth3

IPADDR=172.24.101.100
NETMASK=255.255.255.0
NETWORK=172.24.101.0
BROADCAST=172.24.101.255
ONBOOT=yes

Edit the local hosts file, /etc/hosts

Look for lines with the old IP address.

Replace the old IP address with your new IP address.

Save the file and exit.

If you are changing the Control Station IP address, but remaining on the same network, then the SP IP addresses for an integrated model need not be modified. However, if you are changing to a different network, the SP IP addresses must be modified to be on the same physical network as the Control Station for the Integrated model. Use the clariion_mgmt -modify -network command to update the IP addresses on the SP, as it will also update the files and Celerra database with the modified IP addresses.

How to change the Control Station default gateway

Log in to the Control Station as root using SSH. Add a default route by typing:

 

# /sbin/route add default gw 172.24.101.254

 

This changes the immediate configuration, but does not persist across restarts.

Edit the network configuration file, /etc/sysconfig/network-scripts/ifcfg-eth3, by using a text editor.

Add the new gateway IP address for the entries similar to:

DEVICE=eth3
IPADDR=172.24.101.25
NETMASK=255.255.255.0
NETWORK=172.24.101.0
BROADCAST=172.24.101.255
ONBOOT=yes
GATEWAY=172.24.101.254

Save the file and exit.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Mar 02

Download the full Firefox stand-alone installer

There’s nothing more frustrating than downloading an installer that assumes that you’re going to have internet access on the machine that you subsequently intend to run the installer on (called a stub installer).

For example, downloading firefox so that you can get to your enterprise storage arrays java based admin interface without the agony presented by internet explorer’s tendency to throw its toys out the pram over the certificate and the settings are locked down by IE policy, this policy, that policy and the other policy that all exist to make the environment so much more “secure” but actually just don’t allow anything, anywhere, ever.  It’s secure!, it’s been signed off as being suitably unusable to prevent exposing ourselves to any kind of imaginary threat!  Aren’t we clever?.  No.  Rant over.

It’s secure!, it’s been signed off as being suitably unusable to prevent exposing ourselves to any kind of imaginary threat!

I’ve probably digressed, I can’t tell.  I’m too angry.  And you are too probably, if you’ve ended up here.  Installers that assume an internet connection are completely useless in the enterprise environment (best read in the voice of Clarkson).

Whats even more frustrating is that the stub installer is the only apparent option, judging by mozillas website.  Well it isn’t the only option – you can still download the full-fat, stand-alone installer from their ftp site – but ftp is blocked by your firewall!

No bother, just replace ftp:// with http:// at the beginning of the URL, or even better just click here for the 64 bit version (or here for the 32 bit version).

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Feb 09

Enable NFSv4 on VNX

To enable NFSv4 on your up-to-date (post VNX OE for File v7.1) VNX Unified storage system and configure a datamover to mount a filesystem to allow for NFSv4 access with a MIXED access policy, the following steps serve as a concise guide.  NFSv4 cannot be done via Unisphere.

Log onto control station as nasadmin user via SSH using PuTTY.

START NFSv4 Server on VNX
server_nfs server_2 -v4 -service -start

SET DOMAIN NAME to nfsv4.domain (change as required)
server_param server_2 -facility nfsv4 -modify domain -value nfsv4.domain

LIST NFSv4 DOMAIN INFO
server_param server_2 -facility nfsv4 -info domain

LIST NFSv4 INFO
server_param server_2 -facility nfsv4 -list

MOUNT NFS_TEST_2 on server_2 for NFSv4 access
server_mount server_2 -option accesspolicy=MIXED NFS_TEST_2 /NFS_TEST_2

TRANSLATE existing, mounted NFS filesystem from NATIVE access policy to MIXED access policy
nas_fs -translate NFS_TEST_2 -access_policy start -to MIXED -from NATIVE

DISPLAY NFSv4 CLIENT CONNECTIONS
server_nfs server_2 -v4 -client -list

NFSv4 requires UNICODE enabled on DM. Check…
server_cifs server_2 | grep I18N
I18N mode = UNICODE

DISPLAY NFSv4 STATUS
server_nfs server_2 -v4

It’s highly likely that if you require NFS v4, then you’ll also need to authenticate access, using a UNIX based Kerberos DC.  The following notes cover the configuration steps involved.  Please note that this section below is still a work in progress and you should refer to the official EMC documentation for a complete set of instructions with examples.

SECURE NFS (using UNIX Kerberos Authentication)

CONFIGURE THE KERBEROS REALM
server_kerberos server_2 -add realm=<realm-name>,kdc=<fqdn_kdc_name>,kadmin=<kadmin_server>,domain=<domain_name>,defaultrealm
Note realm,kdc, kadmin,domain should all be entered as fqdn’s

VERIFY THE RESULTS
server_kerberos server_2 -list

SET THE SECURE NFS SERVICE INSTANCE
server_nfs <datamovername> -secnfs
Note server_2 is set already during VNX installation.

CHANGE THE SECURE NFS SERVICE INSTANCE
server_nfs <newdatamovername> -secnfs -principal -delete nfs@server_2
Note This is only required if you change the default datamover hostname from server_2 to e.g. Ingbe245
server_nfs <newdatamovername> -secnfs -principal -create nfs@<server>
Note <server> is type of the realm, and needs to be entered twice, once with short name, e.g. Ingbe245 and once more with fqdn

STOP AND START THE NFS SERVICE
server_nfs server_2 -secnfs -service -stop
server_nfs Ingbe245 -secnfs -service -start

DETERMINE IF KEYTAB FILE EXISTS ON DATAMOVER
Copy /.etc/krb.keytab file (if it exists) to the Kerberos KDC.

CREATE NFS KERBEROS SERVICE PRINCIPALS
Note. The kadmin steps are performed on the Kerberos KDC, not the VNX
kadmin: addprinc=randkey nfs/Ingbe245
kadmin: addprinc=randkey nfs/Ingbe245.fqdn.local

VERIFY THAT THE PRINCPALS HAVE BEEN ADDED
kadmin: listprincs

GENERATE SECURITY KEYS
kadmin: ktadd -k <keytab_file_path> nfs/ <name>
<keytab_file_path> = location of key file
<name>=name of previously created service principal e.g. nfs/Ingbe245

COPY KEYTAB FILE
Copy the krb5.keytab file from Kerberos KDC to the Data Mover by using FTP and the server_file command.
Note. EMC Common Anti-Virus Agent (CAVA) is also configured using the server_file command to place and displace the viruschecker.conf file.  There are notes on that here but to save you the trouble, the command for your convenience is…

server_file server_2 -get krb5.keytab krb5.keytab

server_file server_2 -put krb5.keytab krb5.keytab
VIEW THE KEYTAB FILE
server_kerberos Inbe245 -keytab

MAP USER PRINCPAL NAMES TO UIDs
VERIFY THE TYPE OF MAPPING SERVICE USED BY SECURE NFS
server_nfs <datamovername> -secnfs -mapper -info

USE AUTOMATIC MAPPING
server_nfs <datamover_name> -secnfs -mapper -set -source auto

MONITOR INBOUND CONNECTIONS FROM NFSV4 CLIENTS
server_nfs server_2 -v4 -client -list

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Jan 30

Obtaining disk serial numbers from VNX

Most things VNX can be exported using Unisphere’s little export icon in the top right hand corner of most if not all dialogs.  Disk information would be found under System, Hardware, Disks.  You’ll see there is a part number column, but no serial number column in Unisphere for the disks.

To obtain the serial number of the HDD’s in your array, download and install naviseccli on your laptop/storage management server and use the following command…

naviseccli –h <sp-ip-address> -User sysadmin –Password ********* -Scope 0 getdisk –serial

If a security file containing the credentials is already present on the storage management server, then you won’t need to specify the username and password in plain text as shown above.

 

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Nov 28

Change Cisco MDS Admin password

Step 1 Use the show user-accounts command to verify that your user name has network-admin privileges.

switch# show user-account
user:admin
this user account has no expiry date
roles:network-admin

Step 2 If your user name has network-admin privileges, issue the username command to assign a new administrator password.

switch# config t
switch(config)# username admin password <new password>
switch(config)# exit
switch#
 

Step 3 Save the software configuration.

switch# copy running-config startup-config
Full cisco documentation here (includes password recovery for lost passwords)
Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Nov 25

How to cable up VNX SP Ports (Dual Fabric topology)

So your VNX has two SP’s and you have two fabric switches.  You already know you have to connect each SP to each fabric for resilience, but you’re still a bit confused.  Fear not.  Use this as a guide.  It can be used no matter how many front-end port modules and SFP’s you have so that you get it right first time for all your designated Storage Ports, Mirrorview Ports, Sancopy Ports required for your project.  The FC Switch Ports you choose are not set in stone, but keep it the same on each side at least.

 What’s important is that the correct SP port, goes to the correct switch.

When you know you’ve got it right, you can get verify the WWN in Unisphere corresponds with the WWN logged in on the FLOGI database on the switch to check before you create the requisite fcaliases etc.

cablingvnx

It’s much easier to build it right first time than sort it out afterwards.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Sep 07

Inject Everyone/Full Control ACE into NTFS Folder

Download SetACL.exe from here

Open a command line as Adminstrator (right click cmd.exe, run as admin)

setacl -on “C:\Private No Entry” -ot file -actn ace -ace “n:Everyone;p:full” -rec cont_obj -ignoreerr

The “Private No Entry” folder should now have Everyone, Full Control Permissions.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Jun 22

RecoverPoint Journal LUN sizing

The Journal size is a question of the required protection window (a Business requirement) and the incoming write rate of the production application.  Whilst the Recovery Point Objective might be known, the incoming write rate of a newly deployed app may not be, making sizing of journal LUNs a bit “finger in the air”.  EMC provide a guideline value of 20% in this instance, but it has no real foundation.

The basic calculation is ( protection window in seconds * write rate in seconds ) / 0.7
The division by 0.7 is because roughly 70% of the journal is used for replication images.

For example, if the business requires 1 day of images and the average write rate by the application is 1MB/s you will need a minimum of about 125GB journal to support it.  RecoverPoint supports automatic journal LUN creation during configuration of a Consistency Group if you don’t have enough information to manually size the journal LUN up front.

During a recent deployment of RecoverPoint to support replication of LUNs to remote storage, solely for the purposes of failover, EMCs response was as follows.  Please note that in this scenario, there was no requirement for the “killer functionality” of RecoverPoint, namely point in time recovery using the journaled changes in Consistency Groups.  That’s not to say it won’t become a requirement later on however.

The Raid group in question would definitely be adequate to start replication, but whether it is enough to meet the business requirements, we cannot say.

Sizing aside, remember that it is very important to use a dedicated Storage Pool/RAID Group of physical disks that is entirely separate to ones used for your data LUNs and RecoverPoint Repository LUN.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Jan 13

Cisco MDS Cheat Sheet

A more complete set of commands for use on MDS switches, with a useful set of commands at the top for exporting useful information (by logging session output of PuTTY terminal).  Note that using a ? after any command will show possible commands.

Export useful information

show switchname (display hostname on network)

show flogi database (shows wwn of fc connected hosts logged in to the switch ports)

—————————————————————————
INTERFACE VSAN FCID PORT NAME NODE NAME
—————————————————————————
fc1/1      60      0xad04d1       50:05:07:61:13:61:a6:33 51:01:07:63:11:20:a6:33
fc1/2      60     0xad0012       50:05:07:63:12:13:51:37 50:01:07:61:12:03:55:37

show interface description (shows description field for each physical port)

show interface brief (shows ports in errDisabled state)

——————————————————————————-
Interface Description
——————————————————————————-
fc1/1         L5500_CyberfellaTD1_1_A
fc1/2        L5500_CyberfellaTD2_1_A

show vsan (display vsans configured)

show zone vsan 10 (display zones in vsan)

show zoneset vsan 10 (display zoneset, zonenames and wwns in zones)

show fcalias vsan 10 (display human friendly alias for each wwn in all zones in vsan 10)

ENABLE A NEW PORT

Before you can create your zones, the device connected to the fc switch will need to flog in so you can see its wwn.  Before it can do that, the port itself will need to be opened/enabled.

conf t

interface fc1/21       (where 21 is the port number)

no shutdown           (obviously!)

exit

more here

ZONING

If you have to do some CISCO zoning at the command line here are a few of my favorite commands;

original cisco doc here

To create an alias:

conf t
fcalias name {alias_name} vsan {vsan number}
member pwwn {wwid}
exit

To create a zone:
conf t
zone name {zone _name} vsan {vsan_number}
member {alias_name}
member {alias_name}
.
.
exit

To add it to the zoneset:
conf t
zoneset name {zoneset_name} vsan {vsan_number}
member {zone_name}
.
.
exit

To activate the zone/zoneset:
conf t
zoneset activate name {zoneset_name} vsan {vsan_number}
exit

Save the configuration
copy running-config startup-config

Displaying Zone Information

You can view any zone information by using the show command. If you request information for a specific object (for example, a specific zone, zone set, VSAN, alias, or even a keyword like brief or active), only information for the specified object is displayed. If you do not request specific information, all available information is displayed. Table 4-1 lists the show commands and the information they display.

Table 4-1 show zone and show zoneset Commands

show Command
Description
show zone

Displays zone information for all VSANs.

show zone vsan 1

Displays zone information for a specific VSAN.

show zoneset vsan 1

Displays information for the configured zone set.

show zoneset vsan 2-3

Displays configured zone set information for a range of VSANs.

show zone name Zone1

Displays members of a zone.

show fcalias vsan 1

Displays fcalias configuration.

show zone member pwwn 21:00:00:20:37:9c:48:e5

Displays membership status.

show zone statistics

Displays zone statistics.

show zone statistics read-only-zoning

Displays read-only zoning statistics.

show zoneset active

Displays active zone sets.

show zoneset brief

Displays brief descriptions of zone sets.

show zone active

Displays active zones.

show zone status

Displays zone status.

show zone

Displays zone statistics.

show running

Displays the interface-based zones.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?
Dec 04

Deleting Windows data where the path length exceeds 260 characters

After migrating Windows data, it can be a royal pain cleaning up the source data using del *.* /s /q /f, especially when the path length exceeds 260 (or thereabouts) characters.  You can manually shorten the folder names and keep trying, but this may be time consuming, tiring and ultimately futile.

The simplest way I’ve found to reliably delete data, irrespective of path length, is to use robocopy.

  1. cd into the directory that you want to empty
  2. create a new empty subdirectory called empty
  3. rename all other adjacent folders 1, 2, 3, 4 etc if possible
  4. robocopy empty 1 /mir /r:1 /w:1
  5. repeat for each adjacent folder, 2, 3, 4 etc.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail
comment?