Tuesday, 9 May 2017

ONTAP 9.1 Cluster and Vserver Peering without Authentication

I needed to refresh my knowledge, and specifically to answer the question:

Q: In ONTAP 9.1, do I need authentication to peer clusters and vservers?
A: Not if you modify the cluster peer policy from default settings.

Perhaps a bit of a pointless blog since this is basic stuff, but if your memory's like mine, recollection is always useful.

Cluster and Vserver Peering Walkthrough - without Authentication

I have two clusters - C91A and C91B. C91A has 2 nodes. C91B has 1 node.

Do 1-3 on both clusters.

1) Check if Snapmirror or SnapVault is licensed::>


license show -package SnapMirror|SnapVault


2) Check we've got Intercluster LIFs::>


net int show -role intercluster


Outputs from lab:


C91A::> network interface show -role intercluster -fields address
vserver lif     address
------- ------- ----------
C91A    n1_icl1 10.9.1.121
C91A    n2_icl1 10.9.1.122

C91B::> network interface show -role intercluster -fields address
vserver lif address
------- --- --------
C91B    icl 10.9.1.2


3) Modify Cluster Peer Policy to enable unauthenticated access::>


cluster peer policy modify -is-unauthenticated-access-permitted true


On cluster A - C91A::>

4) Create Cluster Peering::>


cluster peer create -peeer-addrs PEERIP(s) -no-authentication true


Outputs from lab:


cluster peer create -peer-addrs 10.9.1.2 -no-authentication true


On cluster B - C91B::>

5) Create Cluster Peering::>


cluster peer create -peeer-addrs PEERIP(s) -no-authentication true


Outputs from lab:


cluster peer create -peer-addrs 10.9.1.121,10.9.1.122 -no-authentication true


On both clusters::>

6) Verify cluster peering::>


cluster peer show


Outputs from lab:


C91A::> cluster peer show
Peer Cluster Name         Cluster Serial Number Availability   Authentication
------------------------- --------------------- -------------- --------------
C91B                      1-80-000011           Available      absent

C91B::> cluster peer show
Peer Cluster Name         Cluster Serial Number Availability   Authentication
------------------------- --------------------- -------------- --------------
C91A                      1-80-000008           Available      absent


Note: It may take a minute or two for the Availability to change from Partial to Available

Now for Vserver Peering

On both clusters::>

1) Vserver Creates::>


vserver create ...


Outputs from lab::>


C91A::> vserver create -vserver c91a_svm1 -rootvolume rootvol -rootvolume-security-style unix -aggregate n1_data1
C91B::> vserver create -vserver c91b_svm1 -rootvolume rootvol -rootvolume-security-style unix -aggregate aggr1


On cluster A - C91A::>

2) Create peer::>


vserver peer create -vserver VSERVER -peercluster PEER_CLUSTER -peer-vserver PEER_VSERVER -applications snapmirror


Outputs from lab::>


C91A::> vserver peer create -vserver c91a_svm1 -peer-cluster C91B -peer-vserver c91b_svm1 -applications snapmirror


On cluster B - C91B::>

3) Accept peer::>


vserver peer accept -vserver PEER_VSERVER -peer-vserver VSERVER


Outputs from lab::>


C91B::> vserver peer accept -vserver c91b_svm1 -peer-vserver c91a_svm1


On both clusters::>

4) Verify vserver peering::>


vserver peer show


Outputs from lab::>


C91A::> vserver peer show
            Peer        Peer                           Peering        Remote
Vserver     Vserver     State        Peer Cluster      Applications   Vserver
----------- ----------- ------------ ----------------- -------------- ---------
c91a_svm1   c91b_svm1   peered       C91B              snapmirror     c91b_svm1

C91B::> vserver peer show
            Peer        Peer                           Peering        Remote
Vserver     Vserver     State        Peer Cluster      Applications   Vserver
----------- ----------- ------------ ----------------- -------------- ---------
c91b_svm1   c91a_svm1   peered       C91A              snapmirror     c91a_svm1


The End!

No comments:

Post a Comment