Scribd
Upload
32 views10 pages

AFF and FAS System Documentation-82

AFF_Netapp

Uploaded by

prabhs3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views10 pages

AFF and FAS System Documentation-82

AFF_Netapp

Uploaded by

prabhs3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Lettered and numbered I/O cam latch

I/O cam latch completely unlocked

6. Install the X91148A module into the target slot:


a. Align the X91148A module with the edges of the slot.
b. Slide the X91148A module into the slot until the lettered and numbered I/O cam latch begins to engage
with the I/O cam pin.
c. Push the I/O cam latch all the way up to lock the module in place.
7. Repeat the remove and install steps to replace additional modules for controller A.
8. Cable the module or modules to the data switches.
9. Reboot controller A: boot_ontap
10. Giveback the node from the partner node: storage failover giveback -ofnode
target_node_name
11. Enable automatic giveback if it was disabled: storage failover modify -node local -auto
-giveback true
12. If you added the X91148A module as a NIC module in slots 3 or 7, for networking, use the storage port
modify -node node name -port port name -mode network command for each port.
13. Repeat these steps for controller B.

808
Option 2: Adding an X91148A module as a storage module in a system with no open slots

You must remove one or more existing NIC or storage modules in your system in order to
install one or more X91148A storage modules into your fully-populated system.
• This procedure presumes you re installing the X91148A module into slots 3 and/or 7.

Steps
1. If you are adding an X91148A module as a storage module in slots 3 and/or 7 into a slot that has an
existing NIC module in it, use System Manager to permanently migrate the LIFs to different home ports, as
described in Migrating a LIF.
2. Shut down controller A:
a. Disable automatic giveback: storage failover modify -node local -auto-giveback
false
b. Take over the target node: storage failover takeover -ofnode target_node_name

The console connection shows that the node drops to the LOADER prompt when the takeover is
complete.

3. If you are not already grounded, properly ground yourself.


4. Unplug any cabling on the target I/O module.
5. Remove the target I/O module from the chassis:
a. Depress the lettered and numbered cam button.

The cam button moves away from the chassis.

b. Rotate the cam latch down until it is in a horizontal position.

The I/O module disengages from the chassis and moves about 1/2 inch out of the I/O slot.

c. Remove the I/O module from the chassis by pulling on the pull tabs on the sides of the module face.

Make sure that you keep track of which slot the I/O module was in.

809
Lettered and numbered I/O cam latch

I/O cam latch completely unlocked

6. Install the X91148A module into slot 3:


a. Align the X91148A module with the edges of the slot.
b. Slide the X91148A module into the slot until the lettered and numbered I/O cam latch begins to engage
with the I/O cam pin.
c. Push the I/O cam latch all the way up to lock the module in place.
d. If you are installing a second X91148A module for storage, repeat the remove and install steps for the
module in slot 7.
7. Reboot controller A: boot_ontap
8. Giveback the node from the partner node: storage failover giveback -ofnode
target_node_name
9. Enable automatic giveback if it was disabled: storage failover modify -node local -auto
-giveback true
10. Repeat these steps for controller B.
11. Install and cable your NS224 shelves, as described in Hot-adding an NS224 drive shelf.

810
AFF A700s System Documentation
Install and setup

Cluster configuration worksheet - AFF A700s

You can use the worksheet to gather and record your site-specific IP addresses and other information required
when configuring an ONTAP cluster.

Cluster Configuration Worksheet

Start here: Choose your installation and setup experience

You can choose from different content formats to guide you through installing and setting
up your new storage system.
• Quick steps

A printable PDF of step-by-step instructions with live links to additional content.

• Video steps

Video step-by-step instructions.

Installation and setup PDF poster - AFF A700s

You can use the PDF poster to install and set up your new system. The PDF poster provides step-by-step
instructions with live links to additional content.

AFF A700s Installation and Setup Instructions

Installation and setup video - AFF A700s

The following video shows end-to-end software configuration for systems running ONTAP 9.2.

AFF A700s Setup Video

Maintain

Boot media

Overview of boot media replacement - AFF A700s

The primary boot media stores the ONTAP boot image that the system uses when it
boots. You can restore the primary boot media image by using the ONTAP image on the
secondary boot media, or if necessary, by using a USB flash drive.
If your secondary boot media has failed or is missing the image.tgz file, you must restore the primary boot
media using a USB flash drive. The drive must be formatted to FAT32 and must have the appropriate amount
of storage to hold the image_xxx.tgz file.

• The replacement process restores the var file system from the secondary boot media or USB flash drive to

811
the primary boot media.
• You must replace the failed component with a replacement FRU component you received from your
provider.
• It is important that you apply the commands in these steps on the correct controller:
◦ The impaired controller is the controller on which you are performing maintenance.
◦ The healthy controller is the HA partner of the impaired controller.

Check onboard encryption keys - AFF A700s

Prior to shutting down the impaired controller and checking the status of the onboard
encryption keys, you must check the status of the impaired controller, disable automatic
giveback, and check the version of ONTAP that is running.
If you have a cluster with more than two nodes, it must be in quorum. If the cluster is not in quorum or a healthy
controller shows false for eligibility and health, you must correct the issue before shutting down the impaired
controller; see the Synchronize a node with the cluster.

Steps
1. Check the status of the impaired controller:
◦ If the impaired controller is at the login prompt, log in as admin.
◦ If the impaired controller is at the LOADER prompt and is part of HA configuration, log in as admin on
the healthy controller.
◦ If the impaired controller is in a standalone configuration and at LOADER prompt, contact
mysupport.netapp.com.
2. If AutoSupport is enabled, suppress automatic case creation by invoking an AutoSupport message:
system node autosupport invoke -node * -type all -message
MAINT=number_of_hours_downh

The following AutoSupport message suppresses automatic case creation for two hours: cluster1:*>
system node autosupport invoke -node * -type all -message MAINT=2h

3. Check the version of ONTAP the system is running on the impaired controller if up, or on the partner
controller if the impaired controller is down, using the version -v command:
◦ If <lno-DARE> or <1Ono-DARE> is displayed in the command output, the system does not support
NVE, proceed to shut down the controller.
◦ If <lno-DARE> is not displayed in the command output, and the system is running ONTAP 9.5, go to
Option 1: Checking NVE or NSE on systems running ONTAP 9.5 and earlier.
◦ If <lno-DARE> is not displayed in the command output, and the system is running ONTAP 9.6 or later,
go to Option 2: Checking NVE or NSE on systems running ONTAP 9.6 and later.
4. If the impaired controller is part of an HA configuration, disable automatic giveback from the healthy
controller: storage failover modify -node local -auto-giveback false or storage
failover modify -node local -auto-giveback-after-panic false

Option 1: Check NVE or NSE on systems running ONTAP 9.5 and earlier

Before shutting down the impaired controller, you need to check whether the system has
either NetApp Volume Encryption (NVE) or NetApp Storage Encryption (NSE) enabled. If

812
so, you need to verify the configuration.
Steps
1. Connect the console cable to the impaired controller.
2. Check whether NVE is configured for any volumes in the cluster: volume show -is-encrypted true

If any volumes are listed in the output, NVE is configured and you need to verify the NVE configuration. If
no volumes are listed, check whether NSE is configured.

3. Check whether NSE is configured: storage encryption disk show


◦ If the command output lists the drive details with Mode & Key ID information, NSE is configured and
you need to verify the NSE configuration.
◦ If NVE and NSE are not configured, it’s safe to shut down the impaired controller.

Verify NVE configuration

Steps
1. Display the key IDs of the authentication keys that are stored on the key management servers: security
key-manager query
◦ If the Restored column displays yes and all key managers display available, it’s safe to shut down
the impaired controller.
◦ If the Restored column displays anything other than yes, or if any key manager displays
unavailable, you need to complete some additional steps.
◦ If you see the message This command is not supported when onboard key management is enabled,
you need to complete some other additional steps.
2. If the Restored column displayed anything other than yes, or if any key manager displayed
unavailable:
a. Retrieve and restore all authentication keys and associated key IDs: security key-manager
restore -address *

If the command fails, contact NetApp Support.

mysupport.netapp.com

b. Verify that the Restored column displays yes for all authentication keys and that all key managers
display available: security key-manager query
c. Shut down the impaired controller.
3. If you saw the message This command is not supported when onboard key management is enabled,
display the keys stored in the onboard key manager: security key-manager key show -detail
a. If the Restored column displays yes manually back up the onboard key management information:
▪ Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
▪ Enter the command to display the OKM backup information: security key-manager backup
show
▪ Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.

813
▪ Return to admin mode: set -priv admin
▪ Shut down the impaired controller.
b. If the Restored column displays anything other than yes:
▪ Run the key-manager setup wizard: security key-manager setup -node
target/impaired node name

Enter the customer’s onboard key management passphrase at the prompt. If the
passphrase cannot be provided, contact mysupport.netapp.com

▪ Verify that the Restored column displays yes for all authentication key: security key-
manager key show -detail
▪ Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
▪ Enter the command to display the OKM backup information: security key-manager backup
show
▪ Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.
▪ Return to admin mode: set -priv admin
▪ You can safely shutdown the controller.

Verify NSE configuration

Steps
1. Display the key IDs of the authentication keys that are stored on the key management servers: security
key-manager query
◦ If the Restored column displays yes and all key managers display available, it’s safe to shut down
the impaired controller.
◦ If the Restored column displays anything other than yes, or if any key manager displays
unavailable, you need to complete some additional steps.
◦ If you see the message This command is not supported when onboard key management is enabled,
you need to complete some other additional steps
2. If the Restored column displayed anything other than yes, or if any key manager displayed
unavailable:
a. Retrieve and restore all authentication keys and associated key IDs: security key-manager
restore -address *

If the command fails, contact NetApp Support.

mysupport.netapp.com

b. Verify that the Restored column displays yes for all authentication keys and that all key managers
display available: security key-manager query
c. Shut down the impaired controller.
3. If you saw the message This command is not supported when onboard key management is enabled,
display the keys stored in the onboard key manager: security key-manager key show -detail

814
a. If the Restored column displays yes, manually back up the onboard key management information:
▪ Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
▪ Enter the command to display the OKM backup information: security key-manager backup
show
▪ Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.
▪ Return to admin mode: set -priv admin
▪ Shut down the impaired controller.
b. If the Restored column displays anything other than yes:
▪ Run the key-manager setup wizard: security key-manager setup -node
target/impaired node name

Enter the customer’s OKM passphrase at the prompt. If the passphrase cannot be
provided, contact mysupport.netapp.com

▪ Verify that the Restored column shows yes for all authentication keys: security key-
manager key show -detail
▪ Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
▪ Enter the command to back up the OKM information: security key-manager backup show

Make sure that OKM information is saved in your log file. This information will be
needed in disaster scenarios where OKM might need to be manually recovered.

▪ Copy the contents of the backup information to a separate file or your log. You’ll need it in disaster
scenarios where you might need to manually recover OKM.
▪ Return to admin mode: set -priv admin
▪ You can safely shut down the controller.

Option 2: Check NVE or NSE on systems running ONTAP 9.6 and later

Before shutting down the impaired controller, you need to verify whether the system has
either NetApp Volume Encryption (NVE) or NetApp Storage Encryption (NSE) enabled. If
so, you need to verify the configuration.
1. Verify whether NVE is in use for any volumes in the cluster: volume show -is-encrypted true

If any volumes are listed in the output, NVE is configured and you need to verify the NVE configuration. If
no volumes are listed, check whether NSE is configured and in use.

2. Verify whether NSE is configured and in use: storage encryption disk show
◦ If the command output lists the drive details with Mode & Key ID information, NSE is configured and
you need to verify the NSE configuration and in use.
◦ If no disks are shown, NSE is not configured.
◦ If NVE and NSE are not configured, no drives are protected with NSE keys, it’s safe to shut down the

815
impaired controller.

Verify NVE configuration

1. Display the key IDs of the authentication keys that are stored on the key management servers: security
key-manager key-query

After the ONTAP 9.6 release, you may have additional key manager types. The types are
KMIP, AKV, and GCP. The process for confirming these types is the same as confirming
external or onboard key manager types.

◦ If the Key Manager type displays external and the Restored column displays yes, it’s safe to shut
down the impaired controller.
◦ If the Key Manager type displays onboard and the Restored column displays yes, you need to
complete some additional steps.
◦ If the Key Manager type displays external and the Restored column displays anything other than
yes, you need to complete some additional steps.
◦ If the Key Manager type displays onboard and the Restored column displays anything other than
yes, you need to complete some additional steps.
2. If the Key Manager type displays onboard and the Restored column displays yes, manually back up
the OKM information:
a. Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
b. Enter the command to display the key management information: security key-manager onboard
show-backup
c. Copy the contents of the backup information to a separate file or your log file. You’ll need it in disaster
scenarios where you might need to manually recover OKM.
d. Return to admin mode: set -priv admin
e. Shut down the impaired controller.
3. If the Key Manager type displays external and the Restored column displays anything other than
yes:
a. Restore the external key management authentication keys to all nodes in the cluster: security key-
manager external restore

If the command fails, contact NetApp Support.

mysupport.netapp.com

b. Verify that the Restored column equals yes for all authentication keys: security key-manager
key-query
c. Shut down the impaired controller.
4. If the Key Manager type displays onboard and the Restored column displays anything other than yes:
a. Enter the onboard security key-manager sync command: security key-manager onboard sync

Enter the customer’s onboard key management passphrase at the prompt. If the
passphrase cannot be provided, contact NetApp Support. mysupport.netapp.com

816
b. Verify the Restored column shows yes for all authentication keys: security key-manager key-
query
c. Verify that the Key Manager type shows onboard, and then manually back up the OKM information.
d. Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
e. Enter the command to display the key management backup information: security key-manager
onboard show-backup
f. Copy the contents of the backup information to a separate file or your log file. You’ll need it in disaster
scenarios where you might need to manually recover OKM.
g. Return to admin mode: set -priv admin
h. You can safely shut down the controller.

Verify NSE configuration

1. Display the key IDs of the authentication keys that are stored on the key management servers: security
key-manager key-query -key-type NSE-AK

After the ONTAP 9.6 release, you may have additional key manager types. The types are
KMIP, AKV, and GCP. The process for confirming these types is the same as confirming
external or onboard key manager types.

◦ If the Key Manager type displays external and the Restored column displays yes, it’s safe to shut
down the impaired controller.
◦ If the Key Manager type displays onboard and the Restored column displays yes, you need to
complete some additional steps.
◦ If the Key Manager type displays external and the Restored column displays anything other than
yes, you need to complete some additional steps.
◦ If the Key Manager type displays external and the Restored column displays anything other than
yes, you need to complete some additional steps.
2. If the Key Manager type displays onboard and the Restored column displays yes, manually back up
the OKM information:
a. Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
b. Enter the command to display the key management information: security key-manager onboard
show-backup
c. Copy the contents of the backup information to a separate file or your log file. You’ll need it in disaster
scenarios where you might need to manually recover OKM.
d. Return to admin mode: set -priv admin
e. You can safely shut down the controller.
3. If the Key Manager type displays external and the Restored column displays anything other than
yes:
a. Enter the onboard security key-manager sync command: security key-manager external
sync

If the command fails, contact NetApp Support.

817

You might also like