Netapp cDOT instructions for creating an SVM and adding it into DPX


Step By Step

1.       Each SVM that is intended for use with DPX Block backup must be configured as follows:

Open Netapp Oncommand and go to Storage > SVM > Create

  • Name your SVM
  • Choose an IP Space your SVM will use or select an existing
  • Ensure NFS and ISCSI are enabled
  • Security style must be mixed or UNIX
  • Choose an Aggregate and fill out all DNS settings
  • <Submit & Continue>
  • Make sure that NFS/ISCSI LIFs are applied to the SVM with routable IP addresses and dedicated ports (Create additional LIFs for each Protocol on the 2nd Cluster node after the creation of the SVM under Storage > Network > Network Interfaces)
  • <Submit & Continue>
  • Make sure the vsadmin user is unlocked and you set the password
  • Set up a Management LIF for the SVM
          a) Create a custom DPX export policy with the following attributes set:
Oncommand System Manager > Storage > SVMs > [SVM Name] > SVM Settings > Export Policy > Create
  • Name the policy, for example: DPX_EXPORT_POLICY
  • <Add Export Rules>
  • Client specification
  • Read/Write
  • Superuser all
* A screenshot of a custom export policy via NetApp On-Command Manager is below. The policy name is vs_dpx_export _policy.

Command line example steps below:
  • vserver export-policy create -vserver SVM_Name –policyname DPX_EXPORT_POLICY
  • vserver export-policy rule create -vserver SVM_Name –policyname DPX_EXPORT_POLICY -ruleindex 1 -protocol any -clientmatch –rorule any -rwrule any -anon 65534 -superuser any

2.       Create a Volume with the following attributes:
          Oncommand System Manager > Storage > Volumes > [Drop Down: SVM Name] > Create

  • Choose a Volume name
  • Choose an Aggregate
  • Storage Type NAS
  • <Create>
  • Edit Volume
  • Set Security style to either mixed or UNIX. NTFS security style should not be selected
  • Read/Write/Execute permissions must be 0777
Command line example steps below:
  • volume create -volume vol_name -policy DPX_Export_Policy -security-style unix -junction-path "/vol_name" -unix-permissions 0777 -aggregate Aggr_Name -size 500GB

* A screenshot of a NetApp CDOT volume created using the above attributes via NetApp On-Command Manager is below. The volume in this example is SS_newNFS_Vol.

* Example of Volume Permissions:

3.       Change/Verify the correct Export Policy is applied:

Oncommand System Manager > Storage > Namespace > [Drop Down: SVM Name]
  • Select your Volume > Verify DPX_EXPORT_POLICY is applied or use “Change Export Policy” Button to change
  • Verify the Volume is mounted at root of SVM namespace “/”

4.       Verify the SVM can be accessed

Check Volume Access:
  • The following command checks read/write access for an NFSv3 client with the IP address to the volume home2 on vserver vs1. The command output shows that the volume uses the export policy exp-home-dir and that access is denied.
vserver export-policy check-access -vserver vs1 -client-ip -volume home2 -authentication-method sys -protocol nfs3 -access-type read-write
                                      Policy    Policy     Rule
Path                    Policy        Owner     Owner Type Index  Access
----------------------- ------------- --------- ---------- ------ ----------
/                       default       vs1_root  volume          1 read
/eng                    default       vs1_root  volume          1 read
/eng/home2              exp-home-dir  home2     volume          1 denied
3 entries were displayed.
*Example output shown

5.       Add SVM into DPX

  • From the DPX GUI, go to Configure > Enterprise > right click > Add Node
  • Make sure you use STORAGE_CTL as access method
  • A vsadmin type user should be used to add the Node
  • Resolvable Node name can be the NFS address or the MGMT IP
  • TEST the settings before applying to make sure the connection settings are correct


6.       Troubleshooting

      a) Qtree Permissions

Once you’ve run a backup to this SVM and it fails during transfer, please make sure the Qtree permissions were inherited correctly and the  export policy used is correct

  • Run “volume qtree show -vserver [SVM name] -volume [Volume Name] -qtree [qtree Name] -fields unix-permissions” to find the permission
For example, volume qtree show -vserver SVM-CS-tst01_g -volume wxk_iSCSI1 -qtree wxk_qtreeiSCSI1 -fields unix-permissions

The output should look like this:
vserver                 volume                   qtree                               unix-permissions
--------------          ----------               ---------------                     ----------------
SVM-CS-tst01_g          wxk_iSCSI1               wxk_qtreeiSCSI1                     ---rwxr-xr-x


      b) SSL Certificate

Check to see that the SVM's option: SSL Server Authentication Enabled, is set to true and that an SSL Certificate is assigned.       
  • ssl show -vserver svm-name
  • security certificate show -instance -vserver svm-name
  • Example: security ssl modify -vserver svm-name -ca name.cert -serial 5A5A5A5A –server-enabled true

       c) Aggregate assigned?

Check if any aggregate is assigned to the vServer:
  • Run “vserver show –vserver <NameOfVserver> –fields aggr-list” to check if any aggregate is assigned.
  • If not, run “vserver modify –vserver <NameOfVserver> -aggr-list <NamesOfAggregatesSeparatedByComma>” to add aggregate(s).


       d) Check to see if the Firewall is enabled
 If you cannot add the SVM into your DPX Enterprise, please check if there’s a Firewall Policy enabled on the LIF you’re trying to add:
  • system services firewall policy show
  • You can modify the firewall policy used by an SVM by using the ‘network interface modify’ command.
  • To modify an existing firewall policy use the 'system services firewall policy modify -policy...' command

        e) Access Permissions

  If the volume is not created properly, an error message similar to the following displays in the DPX Job Report:

  Message: Task 10 NDMP_LOG: id(1,744), type(NDMP_LOG_ERROR), text(Backup Err: [Failed to create file [/vol/c_ewh_Prod3/[cEHPROD3]EH-
  PROD3@{2249A237}/BEXIMAGE.RAW] due to file/access permission.

  • Review Volume Permissions from Step 2 of this Guide
Comments (0)
Add a comment