#┊・manageability

The only thing I really miss out of system manager v3?
The ability to tweak aggregates when creating them to fit what you want before creation

worth putting in the #1062049235681415168 channel.

I think I will, that and disk assignment have taken a step back from v3

venting
I propose a new feature in ONTAP: cluster -enforce-comments true This FORCES any ONTAP objects with a -comment field to be populated.
-comment becomes a required field for default (non-identifiable) users.
Non-default users (Identifiable) can leave this field blank, but a default string will be populated:
<current user> doesn't care about their co-workers sanity. Lack of compassion executed on <date>

No more mystery lag relationships, volumes, luns, shares etc..

i do feel better now

Might do well to drop this in #1062049235681415168!

Hi @all
I have a query regarding NMSDK but I am not sure if this the right channel for my query. Please feel free to suggest the other channel if this is not.
I would like to know whether NMDSK has support for the python 3.11.x? If yes, which version of NMSDK.
Any help will be really appreciated.

Thanks!

The last version of the NMSDK that was released was 9.8P5. Per the IMT for the NMSDK it was only qualified up to Python 3.6.8. It may work but wasn't qualified beyond 3.6.8

Thank you @hard star.

Is it me or there is no way to address the root aggregates using REST API (or ansible)? Trying to rename those with ansible after renaming the nodes in a cluster...

hi @gray pebble this came up in another channel yesterday #1129068364736774254 message

Thanks... successfully hijacked that thread, but... that REST API looks more of a fashion statement than anything remotely usable... GREAT, now NetApp has REST too... yay!

Yeah we just hired an intern to sort it out. Easy days. /sarcasm

To be fair, all feedback you have is great and highl appreciated, but that all being said, its a complex beast coding all the necassary API's, different use cases, requirments, all at the same time of trying to manage the ZAPI (legacy) interface, managing new feature releases etc. Like hitting a target on a moving train. So welcome the feedback, but at the same time I want to acknowledge that its complex beast to work on.

So keep the feedback coming of course, in a structured, constructive manner, and folks will see it.

Is it just me, or are the ONTAP developers not talking to the application developers? Lately great features have been introduced in ONTAP like, Multi Admin Verification which would be a great feature to lock you system down if a hacker were to gain access and try to delete snapshots or volumes... But if you are using SnapCenter it will fail because it needs to be able to delete snapshots which is catched by MAV... SnapLock is another example of an old feature made great because you can now just enable it without creating special aggregates etc. but again, if you are using SnapCenter, it does not support creating snapshots where the SnapLock option is set... I guess you could script something here, but again it seems like someone at the SnapCenter team didn't get the memo of the new ONTAP features? 🙂 My last example is the support for NVMe which is now being pushed by NetApp yet the facts are that SnapCenter doesn't support it, and neither does ONTAP toole for vSphere... (I'm told NVMe over FC works, but not TCP)... but again... it would be nice if things worked a little better together, or maybe the ONTAP guys should get a well deserved vacation and let the application guys catch up? 🙂

NetApp's portfolio is a big and broad ship and we know that new feature takeup by customers can take a while - so new product features tend to be delivered before integration with other products. Now, the integration not being there can impact the takeup, but this has been a long standing practice NetApp follows.

any good articles about ONTAP one?

https://www.netapp.com/blog/ontap-one/ from @hexed urchin and https://blog.iops.ca/2023/05/16/ontap-one-for-all-and-all-for-one/ from @nocturne osprey

aye, legend. Thanks

is there a dedicated ansible channel on discord? I just found out, that the newest ansible collection finally creates SVM-DR with identity-preserve true, which saves me a lot of work 🙂

Sure is! Check out the Developer Hub category. You may need to add it and you can do that with the Channels and Roles option at the top left. Or go straight to the Ansible channel #1062048885847117935

also check the "Channels & Roles" link at the top. Some channels are apparently hidden by default

ah! that's it, thank you!

We base those defaults on role selections, so if you choose “developer/Devnet” in the onboarding, they’ll show up for you. We’ve still got some fine tuning we could do on that

I also hang out here on occation if you have questions. ONTAP One is my baby.

Does installing all the bundles take long if a customer has the former core bundle? How much time does it usually take?

ONTAP One is a single license key, so one ansible task in a playbook and you are finished

Thanks 🙏

So just enter the whole content of the NLF as a extra variable and this is it?

There's a topic in the Ansible channel about this - https://discord.com/channels/855068651522490400/1067845396942049340

why didn't anybody tell me before INSIGHT how valuable and useful this discord is? It could have saved me hours of time....

We’re still in the early years. Wait til there’s 10k members in here and it becomes the hub of all NetApp community!

The biggest problem with discord is that it's enterprise-hostile - there is no way for my security team to allow me access to the NetApp channels and not everything else. They think I have access to only NetApp today :). We had this ability with Slack (and have it with Reddit) but not Discord.

you can always just use Discord on your phone though

Slack isn't friendly for proper some of the other features used here in discord. Such as the #┊・onair-chat, easy announcements, some of the other fancy visibility features. Etc.

Using Discord is really, really annoying when you want to paste in a screen shot. For a while, I had to save the screen shot, email it to my personal address, and then attach it to a discord post.

huh? I never experienced that. You just copy a screenshot to the clipboard and paste it here. Has been working for me since forever 🤷‍♂️

but then again I'm on desktop, maybe on the phone it's different

Yea I wanna know more about that too. I'll paste screenshots into a private DM to myself just to grab them on my phone.

I was commented on running discord on a phone. My phone is personal so I can't see, say, nabox on my phone. So if I wanted to post a nabox screenshot here, I couldn't easily do it if I couldn't view discord on my work browser. I had a long fight to get discord approved for my use.

And we’re happy you’re here. For what it’s worth we had a lot of those discussions internally as well

Has anybody detailed knowledge about the BlueXP REST API and specifically around troubleshooting?

Recommendations for a reporting tool that can report capacities and maybe even other details of a NetApp storage system, and present it in an email (not a link to an URL) or PDF... I have of cause looked at AIQUM which does links back to the server... NABox with Grafana also does links by default, yet there are reporting plugins, the one I tried broke NAbox 😉 Maybe a "data link" to Excel could be used... not sure if that is even possible... Usage of this is reporting to customers who have remote backup data on our systems... They are normally interested in used space, snapshot space, snapshots (age, size, snaplock expire) and of cause history of growth...

AIQUM kan produce reports in CSV, XLS, and PDF and send them via e-mail

IBM now owns Ansible and Terraform - Will they combine them into one IBM Terrible?

TerraBad

Hi, what is simplicity365 all about?

who tested dark mode for System Manager for 9.14.1? username and password are black type on a gray background... with OS (Windows 11) determined darkmode

@maiden portal ^

Probably a blind person. Or Batman 😆😆. I'll have someone raise a bug on that.

thats a sign 😉 not to use systemmanager. ❤️

I mostly use it for the real-time graphs

looks fine to me 🤷‍♂️
(Firefox 127 on Win10)

@fervent sapphire Can you post your Win11 config here? (browser version, how win11 was configured for dark mode, what Win11 version, etc , etc, etc) Also ONTAP release (including the P)

You didn't use dark reader on top of that did you?

I sent Chris the info in a DM. I frankly don't know what "dark reader" is. The VD is using "dark mode" from a Mac which probably is using something similar. I don't remember at the moment. I don't use a lot of energy on GUI details. I'm happy if I can find things every time Windows decides it needs to "revolutionize the experience"

Hello everyone,
I am still using an old NetApp 2240 for achives and so on via NetApp OnCommand System Manager 3.1.3
The problem is that I can no longer view the graphics since the flash player was stopped
Do you still use this kind of model ? Do you have the package to be installed

i'm not sure that having the install package would help with flash player.

There are some packages out that you can get that have a portable version of a browser and flash installed.
I have not used them in a while, but it worked the last time I did need it (for an ibm system)
https://archive.org/details/basilisk-portable-with-flash
That is one that seems to be pretty popular.

And, as always, use at your own risk, scan it, etc.

https://flash.pm/browser/
is the one I was told about a few days ago, never touched it so can't comment on it

I don't want to create a post for a simple yes no.

Does Ontap 's TOTP function support ONLY local accounts? Or can they be domain enabled accounts?

yes 😂 (you wanted a simple yes/no answer 🙈 )

more to the point though, TR4647 makes this pretty explicit

Yeah I know I read that, but I wanted to be 100% positive

Me to colleagues:
I want to put 2fa on the admin account.
Them: pearl clutching intensifies

We don't use local accounts for anything

But I'd kill for a decent 2fa on domain accounts hitting the cli

Public key is possible for 2FA with domain accounts. That's not decent?

Public key should work for admin and second factor

Along with password

you can also use SAML which is, for example, possible out of the box with Azure AD (aka. Entra ID). At least if you prefer the System Manager 🙂

The thing is, in an emergency you need a local account that does not depend on the availability of network services. Hence password/public key since the info is all on the Netapp (provided the private key is in the same locality as the user doing the ssh)

Always have an account that does not depend on the network!

yeah, totally agree, not having any local accounts is a recipe for desaster... it creates dangerous chicken-and-egg type problems unless you are very careful with what you store where

Not when using numerous accounts (tiered // gated access) and they refuse to give your other ID's email addresses

Getting my colleagues to grasp this is difficult

I just discovered that NetApp has discontinued The OnCommand plug-in for SCOM. 😢 it was really useful integrating alarms into SCOM and ServiceNOW, what do people use today?

Hello All, i started to practice with netapp device lately, im searching for some what automation, there is a command that i would like run for every vservers on the device, the list of commands are more than 300, how can i automate this commands? i tried with bash, seems like something blocking it. could you give any suggestions please?

Ansible would probably be your best bet if you're comfortable with it

https://docs.ansible.com/ansible/latest/collections/netapp/ontap/index.html

We also have an #1062048885847117935 channel where you can post questions. We also have a #1063542843899125790 and Terraform providers.

Can we talk rs232 servers?

I've got a whole crap-load of gear that all have rs232 connections back to a digi connect 16pt (https://www.digi.com/products/networking/infrastructure-management/console-servers/digi-connect-it-16-48), I don't like the management features of this thing and want something more secure or able to be locked down a bit more.

Anyone have working examples of other devices that don't feel like devices flapping in the breeze?

few things come to mind.
We've almost always used either Raritan (Dominion), Lantronix (EDS) or Vertiv(avocent)

However, there are a lot of really nice ones, just depends on what you want to spend.

Opengear, ZPE and Perle all make really nice units but they are not cheap

opengear has some units that are 96 port and 10gb
ZPE has a newer unit with 96 ports but have no idea how it performs, but they're pretty amzing units usually

The ZPE 96port is actually 1U, which is pretty nice

Before I joined NetApp, I managed a network support lab.
I didn’t care for the Digi terminal servers and over time replaced them all with Lantronix. I don’t recall the latest model out now, but at the time it was the EDS32PR. We used them everywhere and I had 25 or 30 in just my one lab.

+1 for lantronix

We have quite a few customers who use Perle systems and are very happy with them

our own lab has an old Digi CM-32 but being a lab environment, it also has rather lax security, and I've heard people complain about the config GUI freezing (although I never experienced that myself)

I'm managing that lab now, current model of the Lantonix we're using is EDS3032PR. Those are great, and some of our other labs are using Raritans. Not sure of the model on those but they seem to work well too.

Definitely didn't like the Digi ones. My big complaint with them was they used a nonstandard pinout on the RJ45 connectors. The pinout of the ports on the Lantronix means you can just slap RJ45 plugs on either end of flat 8 conductor telephone cable and be good to go

There's also lower port density models of those Lantronix if you don't need 32 ports, but I've never looked into those much since I need as much density as I can get

https://www.ebay.com/itm/405431845908

Amazing what you can pick these up for secondhand

there's also an open-source serial terminal server called freetserv although it doesn't feature a nice UI and is pretty bare-bones

cyclades for the win

looks like they're branded Avocent for the last 19 years

My issue is cable length limitations.

I don't want to end up with 20 of these damned things to manage, but with the 115200 or w/e baud length limits I don't have many options without throwing a million of them all over the place.

We have these right now, and security is exactly why I'm asking this.
I can't in good conscience use this thing for much longer considering it's console access but with super lax security.

what cable length are you referring to?
How far you needing to go with the cable to an end point/managed device

I patched the console for the site's main PA firewalls across from the data center into my lab for the network guys to have console access over a weekend upgrade. We set it up with SSH instead of "regular" telnet since it was kind of critical. The Lantronix stuff at least seems to have good security options, configurable per-port.

https://novatel.com/support/known-solutions/maximum-cable-length-vs-data-rate

I have run into issues going too long

My ops team was only measuring from serial to patch panel and not the whole run

Going too long absolutely will overload your SP and cause massive response issues

Total length was 30ft or so

I have nodes spanning an entire row in a datacenter (12 racks or so) in a HAC configuration.

But I've also got SGrid nodes splashed around the datacenter

I think these were 19200 and probably 150' of cable? They might've been 115200, but I really don't remember. Most of it was all cat6. I don't think I used any of the flat/rollover cable. Was probably 7 or 8 years ago now

that's one of the things with ones like the Perle, they use serial to ethernet, so length should not be an issue

we typically used cat5 cable and had them running well over 150' between cages/etc

I appreciate the input.

@dreamy hull were you using the smaller "device servers" or the larger "console servers" from them with success?

not sure of the model, but they were SCR and SCG units

https://techcommunity.microsoft.com/blog/Windows-ITPro-blog/windows-app-to-replace-remote-desktop-app-for-windows/4390893

Head's up!

They’ve already done it on iPad. Took me forever to find it by name because why would I search for Windows when it’s been Remote Desktop for 15+ years.

Not sure if this is the best channel for this question but seems like the most logical place.

What tools are out there these days for re-ACLing file shares as part of a domain migration?

https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/How_to_take_ownership_of_files_and_folders_from_Windows_to_modify_permissions
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/How_to_fix_NTFS_permissions_using_SeTcbPrivilege
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/How_to_Configure_and_apply_file_security_on_NTFS_files_and_folders_using_the_CLI

steps we have to do exactly what you're asking, which we do more often than i care to do.

Process

1. Create an NTFS Security Descriptor for the VServer, the SD needs to be pulled from the security tab in Windows Explorer or somewhere that is easy to copy it from, and set the owner to whatever domain account needs permission
2. Create the NTFS DACL on the VServer using the above SD and set the rights as well as where to apply the new permissions
3. Create the policy to use the above settings
4. Create a task for the policy to be pushed. This requires the path to be execute on (export path, not NFS, but volume export), type of permissions(propogate), and the SD from above as well as an index number (random or whatever you want)
5. Apply the policy
6. Run job show to view the process, verify in process, failed or success
7. Expand the mask for the volume to verify permissions got pushed, you can also do this via Windows Explorer.

I have used the Netapp tools but that is not really what I am looking for.

I want software that can take the current sid and map to the new sid based on SID history, I know Quest had something in the paste.

The amount of shares we have and various nested permissions make the built tools very un-practical

you doing any replication of data, domain, users, etc?

ADMT if you are doing a migration - https://www.microsoft.com/en-us/download/details.aspx?id=56570
Quest still has their AD Migration tool as well
https://www.quest.com/products/on-demand-migration/active-directory.aspx

I haven't used them, but Copyright2 and ForensIT both have migration tools as well

No data is staying on the Netapp's we argueable should of done the re-acl work when we did consolidations into Netapp but here we are...

We have used the MS AD Migration tool in the past, and it worked pretty well

We recently switched our NetApp ds4246 from 120v to 208v. The fans on the power supplies now stay screaming loud. Any way to manage this or should we just switch back to 120v?

Did you flip all power supplies to the same voltage?

They should settle down after air 30 seconds

And are they attached to ONTAP or is it a home lab?

It might be ONTAP is smart enough to adjust the fans but without ONTAP maybe not?

And if you update ONTAP to 9.16 or higher, ONTAP will no longer to be able to see or control environmentals on that shelf

did you hot swap the voltage, or power down the shelves and then swap?

man, the US datacenter power situation is so confusing 🙂 how many different line voltages do you guys have? 110V, 230V and 208V? And you can just flip a switch and the whole datacenter runs at a different voltage? This is really wild

Dude. We, stupid Americans, have PDUs that plug into a 200+V power supply and have plugs that provide 100-120V (NEMA 5-15R) and 200–240V for everything else.

I wish we just had one voltage but some think it’s ok to run some data centers fully on 120V. Note those guys are finding out they can’t even put small gpu server in because it would literally consume 2x 120v PDUs. With no chance for redundancy and’s little overhead for other equipment (L5-20 -> 120v @ 20 amps, us derates PDUs by 20% so you only get 16Amps to use)

Data centers should be high line voltage period. Everything in there should be high line voltage.
Of course there are plenty of stupid little gizmos that require low line power so we’re stuck

The answer is kind of a mixed bag. First a technician tried swapping each power supply 1 at a time. The power supply threw all orange lights. Then they powered down the entire shelf and switched to 208v. This is a homelab so we don't have ONTAP. The 208v has been running for a while now and is still quite loud. We are thinking we will just switch them back to 120v.

aye, if you don't have ONTAP you can't control the fans. There might be something out there you can swap, noctua or something, but not sure that would even be worth it

10-4. No problem. We will just put them back on 120v. Thanks!

My new supply lines are metering 248V, so it’s up to the UPS to line-level it all out smooth