NetApp ACP status showing “Partial connectivity ” after IOM6 firmware upgrade

Had an issue this week on a pair of FAS8080s running 8.2.2P1 Cluster-Mode. During firmware upgrade for IOM6 module from version 0208 to 0209, I ran into ACP (Alternate Control Path) Connectivity Status showing “Partial Connectivity”.

I followed the recommended action plan:
1. Disable the ACP feature in ONTAP:
>options acp.enabled off
2. Reseat the IOM module with the unresponsive ACP processor.
3. Reenable the ACP feature:
>options acp.enabled on

That however, did not resolve the issue and we had to replace the module in order to correct. I did not disable ACP prior to replacement.

After replacement, ACP shows status “Additional Connectivity”:

ACP status then shows “Full Connectivity” with module status as “inactive (upgrading firmware)”:

After firmware upgrade from 02.08 to 02.09, the module reboots:

It reports 02.09 firmware and status “inactive (initializing)”:

And concludes with status “active”:

I didn’t expect to resolve this via HW replacement because it hadn’t been reporting an ACP issue prior to the IOM6 firmware upgrade. But that’s what resolved it.

Enabling tracking quotas in NetApp Cluster-Mode

Tracking quotas are like regular quotas but without any quota limits enforced. Tracking quotas enable you to generate disk and file capacity reports, and when used in conjunction with quotas they are helpful because you can resize quota values without having to reinitialize (turning them off and on to activate).

I recently used tracking quotas on volumes dedicated for user home directories in order to automated a chargeback report of user directory folder sizes using the Data ONTAP PowerShell Toolkit. But more on that later. First we need to get tracking quotas enabled.

We begin by creating a quota policy:

::> quota policy create -vserver vserver_name -policy-name quotatrackingpolicy

Create tracking quota rule(s) (this can be qtrees or volumes, I prefer using volumes):

::> quota policy rule create -vserver vserver_name -policy-name quotatrackingpolicy -volume uservol1 -type tree -target "" 

::> quota policy rule create -vserver vserver_name -policy-name quotatrackingpolicy -volume uservol2 -type tree -target "" 

::> quota policy rule create -vserver vserver_name -policy-name quotatrackingpolicy -volume uservol3 -type tree -target "" 

Configure the vserver to use the policy you created:

::> vserver modify -vserver vserver_name -quota-policy quotatrackingpolicy

Enable the quotas on the volume(s):

::> quota modify -vserver vserver_name -volume uservol1 -state on
[Job 4992] Job is queued: "quota on" performed for quota policy "quotatrackingpolicy" on volume "uservol1" in Vserver "vserver_name".

::> quota modify -vserver vserver_name -volume uservol1 -state on
[Job 4993] Job is queued: "quota on" performed for quota policy "quotatrackingpolicy" on volume "uservol2" in Vserver "vserver_name".

::> quota modify -vserver vserver_name -volume uservol1 -state on
[Job 4994] Job is queued: "quota on" performed for quota policy "quotatrackingpolicy" on volume "uservol3" in Vserver "vserver_name".

Test volume quota report:

::> quota report -volume uservol1 -vserver vserver_name
Vserver: vserver_name  
                                    ----Disk----  ----Files-----   Quota
Volume   Tree      Type    ID        Used  Limit    Used   Limit   Specifier  
-------  --------  ------  -------  -----  -----  ------  ------   ---------
uservol1    user  *  0B    -       0       -   *  
uservol1    user  BUILTINAdministrators  78.74GB  -  163733  -  
uservol1    user  root  0B  -      2       -  
uservol1    user  ADDOMAINuser1  495.3MB  -  13087  -   *  
uservol1    user  ADDOMAINuser2  3.88GB  -  49889  -   *  
uservol1    user  ADDOMAINuser3  38.03MB  -  301  -   *  
uservol1    user  ADDOMAINuser4 3.33GB  -  9079  -   *  
uservol1    user  ADDOMAINuser5  3.18GB  -  37629  -   *  
uservol1    user  ADDOMAINuser6  612.0MB  -  4815  -   *  
uservol1    user  ADDOMAINuser7  83.76MB  -  989  -   *  
uservol1    user  ADDOMAINuser8  260.4MB  -  5378  -   *  
11 entries were displayed.  
::> 

For more information, visit here: https://library.netapp.com/ecmdocs/ECMP1196906/html/GUID-573A3145-DFF4-4D1D-9E25-DE2347528BBC.html
And here:
https://kb.netapp.com/support/index?page=content&id=1013248&locale=en_US.

Use PowerShell to get Active Directory Office Phone Number

Happy Friday Everyone. I am horrible with remembering phone numbers so this is a good little one-liner to know.

Obviously, this relies on (1) OfficePhone being populated in AD (2) knowing the last name of the person you are trying to call. But it’s faster than several mouse clicks in Outlook Address Book, if you’re already in PowerShell, which I tend to be.

Get-ADUser -filter 'Surname -like "Lastname"' -Properties Officephone | Select Name, Officephone  

Disable SSLv2 and SSLv3 in Data ONTAP 7-mode for CVE-2016-0800 and CVE-2014-3566

NetApp KB1015015 provides information and procedures for disabling SSLv2 and SSLv3 in Data ONTAP operating in 7-Mode and clustered Data ONTAP versions 8.1 though 8.3 for CVE-2016-0800 and CVE-2014-3566.

The procedure is 2-steps: (1) enable tls (disabled by default and must be enabled prior to disabling SSL) and (2) disable SSLv2 and v3.

The following simple PowerShell script will automate performing this procedure on multiple number of 7-mode systems.

It relies on either either specifying filername or providing a .csv list of filernames it can authenticate against.

.CSV file should be formatted as:

#requires -Version 2 -Modules dataontap
<#  
        .SYNOPSIS           
        Simple script which automates disabling SSLv2 and SSLv3 in Data ONTAP 7-Mode for CVE-2016-0800 and CVE-2014-3566.

        .DESCRIPTION
        Uses Set-NaOption to enable tls and disable SSLv2 and v3.

        .PARAMETER filer
        Specifies the name of the NetApp filer. Optional.

        .NOTES
        (1) Script will prompt for credentials. Uses same cred for multiple filers.
        (2) If no parameter is specified it will prompt for .csv list of filers. 
        .CSV should be formatted as:
        name
        filer1
        filer2

        .EXAMPLE
        C:PS> netapp-disable-ssl-7mode.pst 

        .EXAMPLE
        C:PS> netapp-disable-ssl-7mode.pst filer1

        Author: David Maldonado
        Date: 09/01/2016
        Version: 1.0 - Initial Script - for 7mode
#>

param( [string[]] $filerinput)  
If ($filerinput -eq $NULL)  
{ 
    function Get-FileName($initialDirectory)
    {   
        $NULL = [System.Reflection.Assembly]::LoadWithPartialName('System.windows.forms')

        $OpenFileDialog = New-Object -TypeName System.Windows.Forms.OpenFileDialog
        $OpenFileDialog.initialDirectory = $initialDirectory
        $OpenFileDialog.filter = 'All files (*.*)| *.*'
        $NULL = $OpenFileDialog.ShowDialog()
        $OpenFileDialog.filename
    } 
    Write-Host -Object 'No controller specified, please provide source .csv file.' -BackgroundColor Yellow -ForegroundColor Blue 
    $filers = Import-Csv (Get-FileName -initialDirectory 'c:') 
}
Else  
{
    $filers = $filerinput 

    $filerresults = @() 
    $filerhash = foreach ($filer in $filers)
    {
        $filerresult  = New-Object -TypeName PSObject
        $filerresult  | Add-Member -MemberType NoteProperty -Name 'name' -Value $filer
        $filerresults += $filerresult
    }

    $filers = $filerresults | Select-Object -Property *
}

Import-Module -Name DataONTAP  
$mycreds = (Get-Credential)
function Disable-7MSSL  
{
    Connect-NaController -Name $filer.name -Credential $mycreds

    Set-NaOption -OptionName tls.enable -OptionValue on
    if (((Get-NaOption -OptionNames tls.enable).value) -eq 'on') 
    {
        Set-NaOption -OptionName ssl.v2.enable -OptionValue off
        Set-NaOption -OptionName ssl.v3.enable -OptionValue off
    }
}

Foreach ($filer in $filers)  
{
    Disable-7MSSL
}

Fenix Web Server | simple static web server

I needed to stage software for an upgrade over the weekend. During the upgrade, you load the new files over HTTP. In the past, I just looked for an available web server I could use to do this. Or, if none existed, I would install IIS or Apache, leave it running until the next time I needed it, and it would become one of those multi-purpose “SAN” servers that’s a http, ftp, monitoring, log gathering, perfstat running, many-headed hydra of a server that’s both really important and not important enough to wake me up at 2am about.

But I am learning..and I started looking for a lightweight web server that’s preferably ad-hoc (stop and start the server only when I needed it), preferably open source, and simple to use; I just want to load my files into a folder and grab those files during an install.

The solution I found is called Fenix: http://fenixwebserver.com/

It’s available for Windows and Mac. It’s open source. As of this post, the project’s currently on version 2.0.0. It’s very simple to use. Out of the box, there is no default web server it creates. You add web servers using an intuitive interface, although there are command-line options should you want to go that route.

I created a folder called HTTP-Root, and placed my system files in there. You give the server a name to identify it, the path, and the port.

You can create mutiple sites side by side. For my purposes I only needed one. From the application window, you start your server.

And that’s all there is to it. I used it for the upgrade and stopped it when I was finished. Worked like a champ. Was just what I was looking for. Definitely recommend.

>software get http://ipaddress/814P9_q_image.zip
software: copying to /etc/software/814P9_q_image.zip  
software: 100% file read from location.  
software: /etc/software/814P9_q_image.zip has been copied.  
>software install 814P9_q_image.zip               
software: You can cancel this operation by hitting Ctrl-C in the next 6 seconds.  
software: Depending on system load, it may take many minutes  
software: to complete this operation. Until it finishes, you will  
software: not be able to use the console.  
software: installing software, this could take a few minutes...  
software: installation of 814P9_q_image.zip completed.  
Sat Aug 27 18:24:25 MDT [: cmds.software.installDone:info]: Software: Installation of 814P9_q_image.zip was completed.  
Please type "download" to load the new software,  
and "reboot" subsequently for the changes to take effect.  
>download