I needed to refresh my knowledge, and specifically to
answer the question:
Q: In ONTAP 9.1, do I need authentication to peer
clusters and vservers?
A: Not if you modify the cluster peer policy from default
settings.
Perhaps a bit of a
pointless blog since this is basic stuff, but if your memory's like mine,
recollection is always useful.
Cluster and
Vserver Peering Walkthrough - without Authentication
I have two clusters - C91A and C91B. C91A has 2 nodes.
C91B has 1 node.
Do 1-3 on both
clusters.
1) Check if Snapmirror or SnapVault is licensed::>
license
show -package SnapMirror|SnapVault
2) Check we've got Intercluster LIFs::>
net
int show -role intercluster
Outputs from lab:
C91A::>
network interface show -role intercluster -fields address
vserver
lif address
-------
------- ----------
C91A n1_icl1 10.9.1.121
C91A n2_icl1 10.9.1.122
C91B::>
network interface show -role intercluster -fields address
vserver
lif address
-------
--- --------
C91B icl 10.9.1.2
3) Modify Cluster Peer Policy to enable unauthenticated
access::>
cluster
peer policy modify -is-unauthenticated-access-permitted true
On cluster A - C91A::>
4) Create Cluster Peering::>
cluster
peer create -peeer-addrs PEERIP(s) -no-authentication true
Outputs from lab:
cluster
peer create -peer-addrs 10.9.1.2 -no-authentication true
On cluster B - C91B::>
5) Create Cluster Peering::>
cluster
peer create -peeer-addrs PEERIP(s) -no-authentication true
Outputs from lab:
cluster
peer create -peer-addrs 10.9.1.121,10.9.1.122 -no-authentication true
On both
clusters::>
6) Verify cluster peering::>
cluster
peer show
Outputs from lab:
C91A::>
cluster peer show
Peer
Cluster Name Cluster Serial
Number Availability Authentication
-------------------------
--------------------- -------------- --------------
C91B 1-80-000011 Available absent
C91B::>
cluster peer show
Peer
Cluster Name Cluster Serial
Number Availability Authentication
-------------------------
--------------------- -------------- --------------
C91A 1-80-000008 Available absent
Note: It may take a
minute or two for the Availability to change from Partial to Available
Now for Vserver
Peering
On both
clusters::>
1) Vserver Creates::>
vserver
create ...
Outputs from
lab::>
C91A::>
vserver create -vserver c91a_svm1 -rootvolume rootvol
-rootvolume-security-style unix -aggregate n1_data1
C91B::>
vserver create -vserver c91b_svm1 -rootvolume rootvol
-rootvolume-security-style unix -aggregate aggr1
On cluster A - C91A::>
2) Create peer::>
vserver
peer create -vserver VSERVER -peercluster PEER_CLUSTER -peer-vserver
PEER_VSERVER -applications snapmirror
Outputs from
lab::>
C91A::>
vserver peer create -vserver c91a_svm1 -peer-cluster C91B -peer-vserver
c91b_svm1 -applications snapmirror
On cluster B -
C91B::>
3) Accept peer::>
vserver
peer accept -vserver PEER_VSERVER -peer-vserver VSERVER
Outputs from
lab::>
C91B::>
vserver peer accept -vserver c91b_svm1 -peer-vserver c91a_svm1
On both
clusters::>
4) Verify vserver peering::>
vserver
peer show
Outputs from
lab::>
C91A::>
vserver peer show
Peer Peer Peering Remote
Vserver Vserver
State Peer Cluster Applications Vserver
-----------
----------- ------------ ----------------- -------------- ---------
c91a_svm1 c91b_svm1
peered C91B snapmirror c91b_svm1
C91B::>
vserver peer show
Peer Peer Peering Remote
Vserver Vserver
State Peer Cluster Applications Vserver
-----------
----------- ------------ ----------------- -------------- ---------
c91b_svm1 c91a_svm1
peered C91A snapmirror c91a_svm1
The End!
Comments
Post a Comment