Thursday, 31 October 2019

Scheduled Snapshot Purge Script - Part 2 of 2) Setting up a Scheduled Task

In order to setup the scheduled task.

1) Create Basic Task Wizard: Create a Basic Task
Name = Snapshot Purge
NEXT>

Image: Create Basic Task Wizard: Create a Basic Task

2) Create Basic Task Wizard: Task Trigger
When do you want the task to start? Daily
NEXT>

Image: Create Basic Task Wizard: Task Trigger

3) Create Basic Task Wizard: Daily
Choose when you want the task to start and recur.
NEXT>

Image: Create Basic Task Wizard

4) Create Basic Task Wizard: Action
What action do you want the task to perform? Start a program

Image: Create Basic Task Wizard: Action

5) Create Basic Task Wizard: Start a Program
Program/script: powershell.exe
Add arguments (optional): -Noninteractive -Noprofile -Command "&C:\scripts\snapshotdeletor.ps1"
Start in (optional): C:\scripts
NEXT>

Note: To run the script from command prompt you’d use>
powershell.exe -Noninteractive -Noprofile -Command "&C:\scripts\snapshotdeletor.ps1"

Image: Create Basic Task Wizard: Start a Program

6) Create Basic Task Wizard: Summary
Tick ‘Open the Properties dialog for this task when I click Finish’
Click FINISH

Image: Create Basic Task Wizard: Summary

7) Snapshot Purge Properties (Local Computer)
Be sure to select:
Run whether user is logged on or not
Run with highest privileges
Click OK

And enter the password for the account running the task.
Click OK

Image: Snapshot Purge Properties (Local Computer)

THE END

Scheduled Snapshot Purge Script - Part 1 of 2) The Script

Pre-requisites

1) A Windows Server upon which to run the PowerShell script (i.e. a SnapCenter Server).
2) Windows Server GPO needs to permit running scheduled tasks.
3) DataONTAP PowerShell Toolkit needs to have been installed on the server.
4) vsadmin SVM credentials (or a custom role - that can delete snapshots - with application ‘ontapi’).
5) SVM management LIF.
6) The script below saved as say C:\Scripts\SnapshotDeletor.ps1
7) A CSV saved as say C:\Scripts\SnapshotDeletor.csv
8) SVM credentials stored in the credentials cache using:
SnapshotDeletor.ps1 -SetupCredentials

Image: Example of the controlling CSV (SnapshotDeletor.CSV)

The CSV has the following columns:

- SVM Mgmt IP/FQDN
- SVM Name
- Volume
- Keep X Days Snaps
- Skip

Use ‘Y’ in the column ‘Skip’ if you want to skip a volume in the list.

The Script


######################
## SNAPSHOT DELETOR ##
######################

# 1) Setup the SVM(s) credentials
# 2) Create a CSV with 5 columns:
# SVM Mgmt IP/FQDN,SVM Name,Volume,Keep X Days Snaps,Skip
# 3) Provide path to the CSV
# (default path = C:\SCRIPTS\SNAPDELETOR.CSV)

Param(
  [Switch]$SetupCredentials,
  [String]$SVMname, # used to setup creds
  [String]$SVMmgmt, # used to setup creds
  [String]$Username, # used to setup creds
  [String]$Password, # used to setup creds
  [String]$CSVPath = "C:\SCRIPTS\SnapshotDeletor.CSV",
  [String]$LogPath = "C:\SCRIPTS\SnapshotDeletor.LOG"
)

Import-Module DataONTAP

################################
## SECTION: SETUP CREDENTIALS ##
################################

If($SetupCredentials){
  Write-Host "Enter SVM Mgmt IP/FQDN: " -N
  If($SVMmgmt){Write-Host $SVMmgmt}
  else{$SVMmgmt = Read-Host}
  Write-Host "Enter SVM Name: " -N
  If($SVMname){Write-Host $SVMname}
  else{$SVMname  = Read-Host}
  Write-Host "Enter SVM username: " -N
  If($Username){Write-Host $Username}
  else{$Username = Read-Host}
  Write-Host "Enter SVM password: " -N
  If($Password){
    Write-Host "********"
    $PwSecure = ConvertTo-SecureString -String $Password
  }else{
    $PwSecure = Read-Host -AsSecureString
  }
  $Credential = New-Object System.Management.Automation.PsCredential($Username,$PwSecure)
  Connect-NcController -Name $SVMmgmt -Credential $Credential -Vserver $SVMname
  Add-NcCredential -Name $SVMmgmt -Credential $Credential
  EXIT
}

###############################
## SECTION: DELETE SNAPSHOTS ##
###############################

$CSV = Import-CSV $CSVPath
"START OF LOG" > $LogPath
$CSV | Foreach{
  $SVMmgmt = $_."SVM Mgmt IP/FQDN"
  $SVMname = $_."SVM Name"
  $Volume  = $_."Volume"
  $Days    = $_."Keep X Days Snaps"
  If($_.Skip -eq "Y"){
    "$SVMname : $Volume : skipped!" >> $LogPath
  }Else{
    If($global:CurrentNcController){
      If($global:CurrentNcController.Name -ne $SVMmgmt){
        $global:CurrentNcController = $NULL
      }
    }
    If($global:CurrentNcController){
      If($global:CurrentNcController.Vserver -ne $SVMname){
        $global:CurrentNcController = $NULL
      }
    }
    If(!$global:CurrentNcController){
      Connect-NcController -Name $SVMmgmt -Vserver $SVMname
    }
    Get-NcSnapshot -Volume $Volume -Vserver $SVMname | where-object {$_.Created -lt (Get-Date).AddDays(-$Days)} | Foreach{
      $SnapName = $_.Name
      "$SVMname : $Volume : Removing snapshot $SnapName" >> $LogPath              
      Remove-NcSnapshot -VserverContext $SVMname -Volume $Volume -Snapshot $SnapName -confirm:$false
    }
  }
}


Tuesday, 29 October 2019

How ONTAP Handles Multiple Gateways in an SVM (+ a Brief History)


Just some links and quotations from articles that understand this better than I.

Starting in ONTAP 8.3:



“... with clustered Data ONTAP 8.3, each SVM maintains its own routing table ...”


So, we only need to consider the routing table of an SVM in ONTAP 8.3+

Prior to ONTAP 9.2, ONTAP used ip.fastpath.



IP fastpath is a mechanism that uses the network interface of an inbound request to send the response directly back to the MAC that sent the request, bypassing the routing table. By avoiding the routing table lookup, fastpath provides a quick access to data.
By default, the 'ip.fastpath' option is not configurable in Clustered Data ONTAP and is enabled by default in Clustered Data ONTAP 8.0.
Data ONTAP 8.3.1 and later allows for changing the ip.fastpath option from clustershell.
IP fastpath has been deprecated as of 9.2 and replaced by route caching*


*You need to be aware of this when upgrading from ONTAP 9.1 to ONTAP 9.2/9.3.

In ONTAP 9.2 and above, because of the change from the IP fastpath mechanism to route caching, you need to be more careful configuring your routes.
I.E. you don’t want a default route (0.0.0.0/0) to every gateway that needs to be accessible by an SVM with the same metric (not ‘route create -vserver SVM -destination 0.0.0.0/0 -gateway X.X.X.X -metric 20’ for everything.)



ONTAP 9.2 introduced a simplified and streamlined networking stack. This resulted in the elimination of two previous functionalities.
- IP Fastpath
 - Routing groups

Impacts of Fastpath Elimination
IP Fastpath was originally created to bypass routing table look-ups when responding to client requests. Responses would be returned out of the same interface to the MAC address that sent the request. This resulted in quicker responses to the client, but would cause failures in cases where asymmetric routing was required.

Note: Asymmetric routing occurs when the ingress path for a client request differs from the path used to send the client a response.

In ONTAP 9.2 and later, IP Fastpath has been replaced by route caching that will accelerate routing lookups. However, environments where no return route has been configured might see no response to client requests until a proper return route is configured.

There are no known performance differences between IP Fastpath and the newer route caching functionality.

Impacts of Routing Group Elimination
Routing groups were originally used prior to ONTAP 8.3 by administrators to configure routes leverageable by SVM LIFs. In 8.3 and later, ONTAP continued to add routes to routing groups, but they were no longer manually configurable by administrators. As of ONTAP 9.2, Routing Groups have been completely removed.

Prior to ONTAP 9.2, these routing groups would allow traffic to ingress via a LIF, and only routes available via the routing-group that contained the LIF were leveraged. This meant only routes that had a gateway in the same subnet as the LIF were used.

With the removal of routing-groups in 9.2, ONTAP is able to leverage any route within the SVM's routing table. This means it is now possible to utilize a route that has a gateway in a subnet that does not match the subnet of the LIF that received the incoming TCP traffic. The result of this change is that it is much more likely to see TCP responses egressing out a port that differs from the port where the request was initially received.

This change in behavior can be problematic in environments where asymmetric routing is not permitted. Typically, this occurs due to issues where a firewall is bypassed in one direction and the corresponding connection is terminated.


Example

The example below is fine if predominantly you want the default gateway to be 192.168.0.1. Because of asymmetric routing, traffic going to the 10.10.10.0 network, could come back via 192.168.0.1 if there is a valid route via that path, if no valid path via 192.168.0.1 or 172.16.20.1, it goes via 10.10.10.1.

cluster1::> route show -vserver SVM1
Vserver    Destination   Gateway        Metric
---------- ------------- -------------- ------
SVM1
           0.0.0.0/0     10.10.10.1     40
           0.0.0.0/0     172.16.20.1    30
           0.0.0.0/0     192.168.0.1    20


Image: SVM with multiple ‘default gateways’

Sunday, 27 October 2019

Creating SnapCenter for Exchange Resource Groups using PowerShell


 

Carrying on from the previous post.

In the previous post, I needed to create 10 resource groups. The first two I’d created using the SnapCenter WebUI as an example. For the other 8 resource groups, I’ll use the SnapCenter PowerShell cmdlets. For completeness, I list the commands for all 10 resource groups here, the first one is broken down so it is easier to read.

Add-SmResourceGroup
-ResourceGroupName 'DB1 MB1 MB2'
-PluginCode SCE
-Policies '3 days hourly FL','7 days daily FL'
-Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB1"}
-BackupServers 'MB1','MB2'
-SchedulerRunAsName 'SCAdmin'
-Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="7 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"}
-SchedulerType Windows

The 5 Resource Groups with MB1 and MB2 as Backup Servers:

Add-SmResourceGroup -ResourceGroupName 'DB1 MB1 MB2' -PluginCode SCE -Policies '3 days hourly FL','7 days daily FL' -Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB1"} -BackupServers 'MB1','MB2' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="7 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB2 MB1 MB2' -PluginCode SCE -Policies '3 days hourly FL','7 days daily FL' -Resources @{"Host"="MB2.demo.com";"Type"="Exchange Database";"Names"="MB2.demo.com\DB2"} -BackupServers 'MB1','MB2' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="7 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB3 MB1 MB2' -PluginCode SCE -Policies '3 days hourly FL','7 days daily FL' -Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB3"} -BackupServers 'MB1','MB2' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="7 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB4 MB1 MB2' -PluginCode SCE -Policies '3 days hourly FL','7 days daily FL' -Resources @{"Host"="MB2.demo.com";"Type"="Exchange Database";"Names"="MB2.demo.com\DB4"} -BackupServers 'MB1','MB2' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="7 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB5 MB1 MB2' -PluginCode SCE -Policies '3 days hourly FL','7 days daily FL' -Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB5"} -BackupServers 'MB1','MB2' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="7 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

The 5 Resource Groups with MB3 as Backup Servers:

Add-SmResourceGroup -ResourceGroupName 'DB1 MB3' -PluginCode SCE -Policies '3 days hourly FL','30 days daily FL' -Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB1"} -BackupServers 'MB3' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="30 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB2 MB3' -PluginCode SCE -Policies '3 days hourly FL','30 days daily FL' -Resources @{"Host"="MB2.demo.com";"Type"="Exchange Database";"Names"="MB2.demo.com\DB2"} -BackupServers 'MB3' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="30 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB3 MB3' -PluginCode SCE -Policies '3 days hourly FL','30 days daily FL' -Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB3"} -BackupServers 'MB3' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="30 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB4 MB3' -PluginCode SCE -Policies '3 days hourly FL','30 days daily FL' -Resources @{"Host"="MB2.demo.com";"Type"="Exchange Database";"Names"="MB2.demo.com\DB4"} -BackupServers 'MB3' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="30 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows

Add-SmResourceGroup -ResourceGroupName 'DB5 MB3' -PluginCode SCE -Policies '3 days hourly FL','30 days daily FL' -Resources @{"Host"="MB1.demo.com";"Type"="Exchange Database";"Names"="MB1.demo.com\DB5"} -BackupServers 'MB3' -SchedulerRunAsName 'SCAdmin' -Schedules @{"PolicyName"="3 days hourly FL";"ScheduleType"="Hourly";"StartTime"="10/26/2019 2:00 PM"},@{"PolicyName"="30 days daily FL";"ScheduleType"="Daily";"StartTime"="10/26/2019 2:00 PM"} -SchedulerType Windows