[global]
<略>
allow nt4 crypto = yes
reject md5 clients = no
server reject md5 schannel = no
server schannel = yes
server schannel require seal = no
<略>
ontap91::> vserver cifs create -cifs-server svm91 -domain ADOSAKANA.LOCAL
In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
"ADOSAKANA.LOCAL" domain.
Enter the user name: administrator
Enter the password:
Warning: An account by this name already exists in Active Directory at
CN=SVM91,CN=Computers,DC=adosakana,DC=local.
If there is an existing DNS entry for the name SVM91, it must be
removed. Data ONTAP cannot remove such an entry.
Use an external tool to remove it after this command completes.
Ok to reuse this account? {y|n}: y
Error: command failed: Failed to create CIFS server SVM91. Reason:
create_with_lug: RPC: Unable to receive; errno = Connection reset by
peer; netid=tcp fd=17 TO=600.0s TT=0.119s O=224b I=0b CN=113/3 VSID=-3
127.0.0.1:766.
ontap91::>
ONTAP 9.1P22 シミュレーター
ontap91::> vserver cifs create -cifs-server svm91 -domain ADOSAKANA.LOCAL
In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
"ADOSAKANA.LOCAL" domain.
Enter the user name: administrator
Enter the password:
Error: Machine account creation procedure failed
[ 56] Loaded the preliminary configuration.
[ 92] Successfully connected to ip 172.17.44.49, port 88 using
TCP
[ 107] Successfully connected to ip 172.17.44.49, port 389 using
TCP
[ 110] Unable to start TLS: Connect error
[ 110] Additional info:
[ 110] Unable to connect to LDAP (Active Directory) service on
sambaad.ADOSAKANA.LOCAL
**[ 110] FAILURE: Unable to make a connection (LDAP (Active
** Directory):ADOSAKANA.LOCAL), result: 7652
Error: command failed: Failed to create the Active Directory machine account
"SVM91". Reason: LDAP Error: Cannot establish a connection to the
server.
ontap91::>
ontap91::> vserver cifs create -cifs-server svm91 -domain ADOSAKANA.LOCAL
In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
"ADOSAKANA.LOCAL" domain.
Enter the user name: administrator
Enter the password:
Error: Machine account creation procedure failed
[ 61] Loaded the preliminary configuration.
[ 99] Successfully connected to ip 172.17.44.49, port 88 using
TCP
[ 168] Successfully connected to ip 172.17.44.49, port 389 using
TCP
[ 168] Entry for host-address: 172.17.44.49 not found in the
current source: FILES. Ignoring and trying next available
source
[ 172] Source: DNS unavailable. Entry for
host-address:172.17.44.49 not found in any of the
available sources
**[ 181] FAILURE: Unable to SASL bind to LDAP server using GSSAPI:
** Local error
[ 181] Additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more
information (Cannot determine realm for numeric host
address)
[ 181] Unable to connect to LDAP (Active Directory) service on
sambaad.ADOSAKANA.LOCAL (Error: Local error)
[ 181] Unable to make a connection (LDAP (Active
Directory):ADOSAKANA.LOCAL), result: 7643
Error: command failed: Failed to create the Active Directory machine account
"SVM91". Reason: LDAP Error: Local error occurred.
ontap91::>
ontap91::> vserver cifs create -cifs-server svm91 -domain ADOSAKANA.LOCAL
In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
"ADOSAKANA.LOCAL" domain.
Enter the user name: administrator
Enter the password:
Warning: An account by this name already exists in Active Directory at
CN=SVM91,CN=Computers,DC=adosakana,DC=local.
If there is an existing DNS entry for the name SVM91, it must be
removed. Data ONTAP cannot remove such an entry.
Use an external tool to remove it after this command completes.
Ok to reuse this account? {y|n}: y
Error: Machine account creation procedure failed
[ 13] Loaded the preliminary configuration.
[ 92] Created a machine account in the domain
[ 93] SID to name translations of Domain Users and Admins
completed successfully
[ 100] Modified account 'cn=SVM91,CN=Computers,dc=VM2,dc=ADOSAKANA
dc=LOCAL'
[ 101] Successfully connected to ip 172.17.44.49, port 88 using
TCP
[ 113] Successfully connected to ip 172.17.44.49, port 464 using
TCP
[ 242] Kerberos password set for 'SVM91$@ADOSAKANA.LOCAL' succeeded
[ 242] Set initial account password
[ 277] Successfully connected to ip 172.17.44.49, port 445 using
TCP
[ 312] Successfully connected to ip 172.17.44.49, port 88 using
TCP
[ 346] Successfully authenticated with DC
sambaad.ADOSAKANA.LOCAL
[ 366] Unable to connect to NetLogon service on
sambaad.ADOSAKANA.LOCAL (Error:
RESULT_ERROR_GENERAL_FAILURE)
**[ 366] FAILURE: Unable to make a connection
** (NetLogon:ADOSAKANA.LOCAL), result: 3
[ 366] Unable to make a NetLogon connection to
sambaad.ADOSAKANA.LOCAL using the new machine account
Error: command failed: Failed to create the Active Directory machine account
"SVM91". Reason: general failure.
ontap91::>
Manual checks that can be done using Upgrade ONTAP documentation
メッセージ
Manual validation checks need to be performed. Refer to the Upgrade Advisor Plan or the "What should I verify before I upgrade with or without Upgrade Advisor" section in the "Upgrade ONTAP" documentation for the remaining validation checks that need to be performed before update. Failing to do so can result in an update failure or an I/O disruption.
解決策
Refer to the Upgrade Advisor Plan or the "What should I verify before I upgrade with or without Upgrade Advisor" section in the "Upgrade ONTAP" documentation for the remaining validation checks that need to be performed before update.
ONTAP API to REST transition warning
メッセージ
NetApp ONTAP API has been used on this cluster for ONTAP data storage management within the last 30 days. NetApp ONTAP API is approaching end of availability.
解決策
Transition your automation tools from ONTAP API to ONTAP REST API. CPC-00410 - End of availability: ONTAPI : https://mysupport.netapp.com/info/communications/ECMLP2880232.html
Ensure that the NX-OS (cluster network switches), IOS (management network switches), and reference configuration file (RCF) software ersions are compatible with the target Data ONTAP release.
Refer to http://mysupport.netapp.com/NOW/download/software/cm_switches/ and http://mysupport.netapp.com/NOW/download/software/cm_switches_ntap/ for more details.
Name Service Configuration DNS Check
メッセージ
None of the configured DNS servers are reacjanle for the following Vservers: 名前. There might be other Vservers for DNS servers are not reachable.
解決策
Delete the DNS server, or verify that the DNS status is "up". Delete the DNS configuration for the Vservers which do not have "dns" as a configured source in the ns-switch database.
NFS mounts
メッセージ
This cluster is serving NFS clients. If NFS soft mounts are used, there is a possibility of frequent NFS timeouts and race conditions that can lead to data corruption during the upgrade
解決策
Use NFS hard mounts, if possible
CIFS status
メッセージ
CIFS is currently in use. Any unprotected sessions may be affected with possible loss of data.
解決作
Stop all unprotected CIFS workloads before performing the update. To list the unprotected CIFS workloads, run the command: vserver cifs session show -continuously-available No, Partial
ontap9121::> cluster image show-update-progress
Estimated Elapsed
Update Phase Status Duration Duration
-------------------- ----------------- --------------- ---------------
Pre-update checks completed 00:10:00 00:00:38
Details:
Pre-update Check Status Error-Action
-------------------- ----------------- --------------------------------------
AMPQ Router and OK N/A
Broker Config
Cleanup
Aggregate online OK N/A
status and parity
check
Application OK N/A
Provisioning Cleanup
Autoboot Bootargs OK N/A
Status
Backend OK N/A
Configuration Status
Boot Menu Status OK N/A
CIFS compatibility OK N/A
status check
Capacity licenses OK N/A
install status check
Check For SP/BMC OK N/A
Connectivity To
Nodes
Check LDAP fastbind OK N/A
users using
unsecure connection.
Cloud keymanager OK N/A
connectivity check
Cluster health and OK N/A
eligibility status
Cluster/management OK N/A
switch check
Compatible New OK N/A
Image Check
Current system OK N/A
version check if it
is susceptible to
possible outage
during NDU
Data ONTAP Version OK N/A
and Previous
Upgrade Status
Data aggregates HA OK N/A
policy check
Disk status check OK N/A
for failed, broken
or non-compatibility
Duplicate Initiator OK N/A
Check
Encryption key OK N/A
migration status
check
External OK N/A
key-manager with
legacy KMIP client
check
External keymanager OK N/A
key server status
check
Infinite Volume OK N/A
availibility check
Logically over OK N/A
allocated DP
volumes check
Manual checks that Warning Warning: Manual validation checks
can be done using need to be performed. Refer to the
Upgrade ONTAP Upgrade Advisor Plan or the "What
documentation should I verify before I upgrade with
or without Upgrade Advisor" section
in the "Upgrade ONTAP" documentation
for the remaining validation checks
that need to be performed before
update. Failing to do so can result
in an update failure or an I/O
disruption.
Action: Refer to the Upgrade Advisor
Plan or the "What should I verify
before I upgrade with or without
Upgrade Advisor" section in the
"Upgrade ONTAP" documentation for the
remaining validation checks that need
to be performed before update.
MetroCluster OK N/A
configuration
status check for
compatibility
Minimum number of OK N/A
aggregate disks
check
NAE Aggregate and OK N/A
NVE Volume
Encryption Check
NDMP sessions check OK N/A
NFS mounts status OK N/A
check
NVMe over Fabrics OK N/A
license check
Name Service OK N/A
Configuration DNS
Check
Name Service OK N/A
Configuration LDAP
Check
Node to SP/BMC OK N/A
connectivity check
OKM/KMIP enabled OK N/A
systems - Missing
keys check
ONTAP API to REST Warning Warning: NetApp ONTAP API has been
transition warning used on this cluster for ONTAP data
storage management within the last 30
days. NetApp ONTAP API is approaching
end of availability.
Action: Transition your automation
tools from ONTAP API to ONTAP REST
API. For more details, refer to
CPC-00410 - End of availability:
ONTAPI
https://mysupport.netapp.com/info/
communications/ECMLP2880232.html
ONTAP Image OK N/A
Capability Status
OpenSSL 3.0.x OK N/A
upgrade validation
check
Openssh 7.2 upgrade OK N/A
validation check
Pre-Update OK N/A
Configuration
Verification
RDB Replica Health OK N/A
Check
Replicated database OK N/A
schema consistency
check
Running Jobs Status OK N/A
SAN and NVMe LIF OK N/A
Online Check
SAN compatibility OK N/A
for manual
configurability
check
SAN kernel agent OK N/A
status check
Secure Purge OK N/A
operation Check
Shelves and Sensors OK N/A
check
SnapLock Version OK N/A
Check
SnapMirror OK N/A
Synchronous
relationship status
check
SnapMirror OK N/A
compatibility
status check
Supported platform OK N/A
check
Target ONTAP OK N/A
release support for
FiberBridge 6500N
check
Upgrade Version OK N/A
Compatibility Status
Verify all bgp OK N/A
peer-groups are in
the up state
Verify that e0M is OK N/A
home to no LIFs
with high speed
services.
Volume Conversion OK N/A
In Progress Check
Volume move OK N/A
progress status
check
Volume online OK N/A
status check
iSCSI target portal OK N/A
groups status check
Overall Status Warning Warning
61 entries were displayed.
ontap9121::>
「set diag」コマンドでdiagモードに移行したあとで「system node systemshell -node localhost -command ls /」を実行してどうなるかを確認する。
::> set diag
Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y
::*> system node systemshell -node localhost -command ls /
(system node systemshell)
Error: command failed: Error: Account currently locked. Contact the storage
administrator to unlock it.
::*>
ONTAPシミュレータ 9.12.1以降は上記の様な「Error」となると思われる。
5) diagアカウントのロックを解除
上記のエラーはdiagアカウントがロック状態であることが原因であるため、ロックを解除する。
「security login show -user-or-group-name diag」を実行して現在の状態を確認(ONTAPバージョンによっては “security login show -username diag”)
::*> security login show -user-or-group-name diag
Vserver: Default
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
diag console password admin yes none
::*>
「Acct Lock: yes」であるためロックされていることを確認できる。
「security login unlock -username diag」を実行する
::*> security login unlock -username diag
Error: command failed: The admin password is not set. Use the "security login
password" command to set the password, then try the command again.
::*>
::*> security login password -username admin
Enter your current password: <初期設定前であればエンターキー入力>
Enter a new password: <新しいパスワード>
Enter it again: <新しいパスワード>
::*> security login unlock -username diag
::*>
ロック解除に成功した場合、なにも表示されないため、確認のために「security login show -user-or-group-name diag」を実行する
::*> security login show -user-or-group-name diag
Vserver: Default
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
diag console password admin no none
::*>
6) 現状のディスク構成を確認
現状のディスク構成を確認するために「system node systemshell -node local -command “ls -l /sim/dev/,disks”」を実行する。
実行後「system node systemshell -node local -command “ls -l /sim/dev/,disks”」を実行し、ファイルが削除されたことも確認します。
::*> system node systemshell -node local -command "cd /sim/dev/,disks; sudo rm *"
::*> system node systemshell -node local -command "ls -l /sim/dev/,disks"
total 0
::*>
ontap9121::> storage aggregate add-disks -aggregate aggr0_ontap9121_01 -diskcount 1
Warning: Aggregate "aggr0_ontap9121_01" is a root aggregate. Adding disks to
the root aggregate is not recommended. Once added, disks cannot be
removed without re-initializing the node.
Do you want to continue? {y|n}: y
Info: Disks would be added to aggregate "aggr0_ontap9121_01" on node
"ontap9121-01" in the following manner:
First Plex
RAID Group rg0, 4 disks (block checksum, raid_dp)
Usable Physical
Position Disk Type Size Size
---------- ------------------------- ---------- -------- --------
data NET-1.11 FCAL 8.79GB 8.82GB
Aggregate capacity available for volume use would be increased by 7.91GB.
Do you want to continue? {y|n}: y
ontap9121::> storage aggregate show
Aggregate Size Available Used% State #Vols Nodes RAID Status
--------- -------- --------- ----- ------- ------ ---------------- ------------
aggr0_ontap9121_01
15.03GB 7.88GB 48% online 1 ontap9121-01 raid_dp,
normal
ontap9121::> df -A -h
Aggregate total used avail capacity
aggr0_ontap9121_01 15GB 7320MB 8069MB 48%
aggr0_ontap9121_01/.snapshot 810MB 0B 810MB 0%
2 entries were displayed.
ontap9121::>
ONTAP 9.5P5シミュレータ環境をONTAP 9.7にアップデートした場合には問題なかったのに、運用中のONTAP 9.5P10環境をアップデートしようとしたところ、firmwareアップロードの段階で「THe request body must have content type multipart/form-data with a field named file」というエラーとなった。
netappcluster::> set diag
Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y
netappcluster::*> system services web file-uploads config show
Node Size
----------------- ------------
netappcluster-01 2GB
netappcluster-02 2GB
2 entries were displayed.
netappcluster::*>
次に変更を実施
netappcluster::*> system services web file-uploads config modify -node * -size 4GB
Warning: Files already uploaded or are being uploaded will be lost. Starting a
file upload before the resize operation is finished will cause the
uploaded file to be unavailable.
Do you want to continue? {y|n}: y
[Job 14002] Job is queued: Web File Upload Resize Node Job.
[Job 14003] Job is queued: Web File Upload Resize Node Job.
2 entries were modified.
netappcluster::*>
すぐに反映されないので、上記で出力されたジョブIDのステータスを確認する。
netappcluster::*> job show -id 14002
Owning
Job ID Name Vserver Node State
------ -------------------- ---------- -------------- ----------
14002 Web File Upload Resize Node Job netappcluster netappcluster-01 Success
Description: Web File Upload Resize Node Job
netappcluster::*> job show -id 14003
Owning
Job ID Name Vserver Node State
------ -------------------- ---------- -------------- ----------
14003 Web File Upload Resize Node Job netappcluster netappcluster-02 Success
Description: Web File Upload Resize Node Job
netappcluster::*>
「Success」が含まれていれば変更が完了している。(変更途中は Running )
ただ、変更が終わったあとの設定表記は4GBとならずに「0B」となるが、これで正常とのこと
netappcluster::*> system services web file-uploads config show
Node Size
----------------- ------------
netappcluster-01 0B
netappcluster-02 0B
2 entries were displayed.
netappcluster::*>