#Change IP in cli (wrong IP during install)

Used the wrong IP during deployment of the OVA. Logged into box through vcenter console, get "RTNETLINK answers: Operation not permitted" when I try "ip addr del" or "ipaddr add"

What is process for changing it?

doh, it's in the faq.

Easiest is to update ova settings and reboot

vi'd the file per the faq and it seems to have worked. I've graduated to certificate errors!

got it on first two clusters I tried to add. using IP or host name

client certificates for the Cluster SVM are not expired.

(removed hostname, obv)

The error when using an IP is "hdoesn't contain any IP SANs"

Glad to see you took my advice. 🙂

LOL, your advice was in response to me saying I was gonna do it. 🙂

Is this error I'm getting an issue with the cluster's certificate, or is it because I have no certificate for the nabox?

from the havrest log:

time=2024-07-23T19:14:58.146Z level=ERROR source=ontapInfo.go:55 msg="REST info collection for version failed. Trying ZAPI" error="tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match [fqdn]

think I'll verify the security role commands from the configuration steps.

hmm. harvest2-role has all the cmdir read-only access it needs, including "version"

anything weird about ontap 9.12.1?

nc could connect to all the ports, so not a firewall issue.

If you choose to enable secured TLS, then you need the ONTAP certificate to be signed by a common root up the chain. Root CA must be installed in SSL settings in NAbox.

Now, when negociating TLS, the remote certificate has a suite of acceptable IPs and Names. If none matches the one you used to add the cluster, you'll get that error.

Reading the error, it seems the certificate installed in ontap doesn't list any IP or name in its SAN?

What was the certificate generated with ?

What you can do is load ONTAP system manager in a browser, and inspect the certificate info, SAN appear here

LOL, I was thinking iscsi or NVMeoE