Setting up an easy TFTP Server

Configuration management of network switches is usually done with TFTP (Trivial File Transfer Protocol) or SCP (Secure CoPy, a copy mechanism running of SSH). This short post will show how to easily set up a TFTP server that can be used to transfer files to or from network devices supporting TFTP.

One of the easiest TFTP servers I have found to setup and use is made and distributed by SolarWinds. The Free software is located HERE.

Download the software. Install it. It only takes a few seconds. This software *is not* a Windows Service like many others I have seen. My use cases typically need it on rare occasions and I do not need the service running in the background. Just run the application when it is needed.

One important item to note: If you are using the Windows Firewall, you will either need to disable it or allow port 69 UDP through. That is the port TFTP communicates on.

After the software is installed (and you have made any changes to Windows Firewall), start the software. It will start-up a small window indicating the base path to the TFTP file directory in the lower left corner. If the Server started correctly and bound to port 69, it will be indicated in the main window and at the lower right corner:

TFTP1

To change the configuration of the TFTP Server, click File -> Configure. This will pop open the configuration for the TFTP server. Here you can start or stop the server, allow/not allow the TFTP server in the Windows System Tray, modify time-outs and point to where the CHROOT-ed storage is. On the other tabs, you can also manipulate the IP address bindings for TFTP, whether clients can send files, receive files or both and you can set restrictions on what IP addresses are allowed to send/receive (or just allow all). You can also change the default language of the Application if you wish.

TFTP3TFTP4

TFTP5

As files are sent or received, they will be logged on the main window. To stop the server, either use the configuration tool or simply kill the application.

Advertisements

Configuring a NetApp Branded CN1610 ClusterNet Switch (FASTPATH 1.2.0.7 / RCF 1.2)

NetApp has lots Knowledge Base articles to help configure these switches. I wanted to put a blog post together that arranges all info in one place that is easy to read. As delivered, the switch login is “admin” with an empty password (just hit enter!)

First, we need to get the switch on the network. Connect to the serial port (9800/N/8/1).

Login with username admin followed by “enter” twice (no password yet).

Enter privileged mode by typing “enable” followed by “enter” twice (no password yet).

Setup the “Service” port:

serviceport ip

Example:

(CN1610) #serviceport ip 192.168.99.10 255.255.255.0 192.168.99.1

Verify the service port:

(CN1610) #show serviceport
Interface Status............................... Up
IP Address..................................... 192.168.99.10
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 192.168.99.1
IPv6 Administrative Mode....................... Enabled
IPv6 Prefix is ................................ <masked>
Configured IPv4 Protocol....................... None
Configured IPv6 Protocol....................... None
IPv6 AutoConfig Mode........................... Disabled
Burned In MAC Address.......................... <masked>

Ping the Gateway:

(CN1610) #ping 192.168.99.1

More than likely, you will need to update the FASTPATH code. To do that you need a SCP or TFTP server(see another post about this).

It is best to copy the current running firmware to the backup on the switch (although, if needed, the software can be downloaded from the NetApp Support Page for the CN1610:

(CN1610) #copy active backup

You will need to confirm by pressing “y” and nothing else. Once that finishes, copy the image from your TFTP server to the active image:

(CN1610) #copy tftp:///image.stk active

The current images are 1.2.0.7 (with RCF 1.2) and 1.1.0.8 (with RCF 1.1)  located at on this NetApp Support Page . Always verify version information with the NetApp Interoperability Matrix Tool (IMT).

Verify the boot image:

(CN1610) #show bootvar

Image Descriptions

 active :
 backup :


 Images currently available on Flash

 ---- ---------- ---------- ----------------- -----------------
 unit     active     backup    current-active       next-active
 ---- ---------- ---------- ----------------- -----------------

    1    1.2.0.7    1.1.0.8           1.1.0.8           1.2.0.7

Reboot the switch:

(CN1610) #reload

When the switch finishes rebooting, create a “running-config.scr” file:

(CN1610) #show running-config running-config.scr

Place a backup copy off the switch and on the TFTP server. I like to add more to the off-switch name to make it easy to identify:

(CN1610) #copy nvram:script running-config.scr tftp:///switch01-running-config.scr

Copy the appropriate RCF to your switch:

(CN1610) #copy tftp:///CN1610_CS_RCF_v1.2.scr nvram:script CN1610_RCF_v1.2.scr

Verify it made it on the switch:

(CN1610) #script list

Configuration Script Name        Size(Bytes)
-------------------------------- -----------
CN1610_CS_RCF_v1.0.scr                  2149
CN1610_CS_RCF_v1.1.scr                  2169
CN1610_CS_RCF_v1.2.scr                  2225
running-config.scr                      3648

Validate the script:

(CN1610) #script validate CN1610_RCF_v1.2.scr

That will print each line and validate the script. If any commands are wrong or do not apply to the current FASTPATH version, the validation will indicate the line number where the issue(s) occurred.

Apply the script:

(CN1610) #script apply CN1610_RCF_v1.2.scr

This will also print out each line in the script and notify that it was successful. Save the in memory running.

(CN1610) #write mem

Check out the running configuration:

(CN1610) #show running-config

Set the passwords for standard and privilege mode:

(CN1610) #password

If this is a new switch, there is no password; just hit enter. If you already assigned a password, enter the password at the prompt. Followup with the new password and then confirm the new password.

Enter enable mode and set the password:

(CN1610) #enable

(The Enable password should be empty so press enter. If not enter current password)

(CN1610) #enable password

If this is a new switch, there is no enable password; just hit enter. If you already assigned an enable password, enter the password at the prompt. Followup with the new password and then confirm the new password.)

Save the running configuration:

(CN1610) #write mem

Reboot the switch:

(CN1610) #reload

Here are the commands to customize your configuration. All lines beginning with the “!” will be ignored by the switch. It is safe to copy/paste those lines without worry of error. Modify to fit your site as needed:

 

!Set the switch Hostname:
 hostname "clusterswitch01"
!Setup and configure the Serviceport for external IP access:
 serviceport protocol none
 serviceport ip 192.168.99.10 255.255.255.0 192.168.99.1
!Setup SSH version 2, generating RSA/DSA keys
 ip ssh protocol 2
 configure
   crypto key generate dsa
   crypto key generate rsa
 exit
!Enable the SSH Server
 ip ssh server enable
!Setup and configure the date and time
!set today's date
 configure 
   clock set 08/08/2016
!Set today's Time in UTC!
   clock set 09:30:00
!Set the clock Timezone and Summer time
   clock summer-time recurring USA offset 60 zone "EDT"
   clock timezone -5 minutes 0 zone "EST"
!Setup NTP to client mode
   sntp client mode unicast
   sntp client port 123
   sntp server "ntp1.example.com"
   sntp server "ntp2.example.com"
!Setup DNS
   ip domain name "my.example.com"
   ip name server 192.168.99.200 192.168.99.202
   ip domain lookup
!Setup Logging and email
!Persistent logging to NOTICE(4)
   logging persistent 4
!Send logs to email
   logging email
!Non-urgent email logging configuration really
!    indicates a digest email notification. The 
!    frequency of the email digest is determined
!    with the "Email Alert Notification Period". 
!    Since this email type is not necessarily an 
!    alert type email, consider setting the 
!    frequency to the highest interval of 1440 
!    minutes (every 24 hours). In other words, the
!    non-urgent digest style combines all the 
!    non-urgent switch events in a single email.
   logging email logtime 1440
!Send Severity type WARNING(2) to email
   logging email 3
!This command sets the lowest severity level at which log messages are
!    emailed immediately in a single email message.
!Setting to ERROR(2) 
   logging email urgent 2
!Where is this email coming from?
   logging email from-addr clusterswitch01@example.com
!Where to send URGENT emails?
   logging email message-type urgent to-addr pager@example.com
!where to send non-urgent emails?
   logging email message-type non-urgent to-addr pager@example.com
!Subjects for Urget and Non-Urgent emails
   logging email message-type urgent subject "Urgent NetAppCluster in Site XY Cluster-Interconnect Switch 01 Notification"
   logging email message-type non-urgent subject "NetAppCluster in Site XY Cluster-Interconnect Switch 01 Error Log Digest"
!What is the name or IP of my mailserver
   mail-server "smtp.example.com"
   exit
  !Log all CLI commands
   logging cli-command
!Turn off paginiation for Console
   line console
   length 0
   exit
!Turn off paginiation for SSH
   line ssh
   length 0
   exit
 exit

Now that you have the configuration in place, save it and upload it to your TFTP server:

(clusterswitch01) #write mem

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Config file 'startup-config' created successfully .


Configuration Saved!

(clusterswitch01) #show running-config running-config.scr

Config script created successfully.

(clusterswitch01) #copy nvram:script running-config.scr tftp://tftpserver/clusterswitch01.scr

Mode........................................... TFTP
Set Server IP.................................. 192.168.99.9
Path........................................... ./
Filename....................................... clusterswitch01.scr
Data Type...................................... Config Script
Source Filename................................ running-config.scr

Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y

File transfer operation completed successfully.

Reference Links (warning, some links are only accessible to NetApp and Partners)

Unable to locate how to enable SSH for the CN1610 switches – 2018779
Unable to ping CN1610; however, ‘show network’ displays the correct IP address
OEM: How to configure the 10Gb NetApp CN1610 clustered Data ONTAP switch
How to configure e-mail alerts for CN1610 and CN1601
How to configure NTP services on the cluster interconnect switch CN1610
How to transfer firmware or script files to a NetApp CN1610 firmware using SCP
INTERNAL: How to disable SSH V1 on CN1610 cluster switches
How to configure SNMP Community String in Cluster Interconnect Switch CN1601/CN1610
How to disable telnet on a NetApp CN1610 switch
INTERNAL: How to configure TACACS

 

OnCommand Unified Manager and OnCommand Performance Manager -> Fully Integrated? Mostly.

Working at a customer site on residency just outside of Baltimore, MD. We have installed and implemented OnCommand Unified Manager 6.4RC1(OCUM) and OnCommand Performance Manager 2.1RC1(OCPM) utilizing the Full Integration feature found in these two products at this release and moving forward. The vApp/ESXi versions were used here, but I suspect using other variants will likely produce similar results.

After the installation, it was determined that the email address for the “admin” account needed to change. Figured I would just go into the GUI and modify the admin email address.

After doing this, anything that was OCUM related got the update. This was also verified on the maintenance console of OCUM:

root@OCUM:/home/diag# mysql -e " select id,name,emailAddress from ocum.authorizationunit;"
+------+--------------+----------------------+
| id   | name         | emailAddress         |
+------+--------------+----------------------+
|    1 | admin        | goodemail99@cust.com |
|    2 | ocpm         | nowhere@cust.com     |
|    3 | Cloud-Admins | NULL                 |
|    4 | RAD-NetOps   | NULL                 |
|    6 | RAD-Archive  | NULL                 |
|    7 | tmccar14     | tmac@netapp.com      |
|  100 | cliadmin     | cliadmin@netapp.com  |
| 1001 | tmac         | NULL                 |
+------+--------------+----------------------+

When we looked on OCPM for something similar, we found this:

root@OCPM:/home/diag# mysql -e " select id,name,emailAddress from ocf.authorizationunit;"
+------+-------+-------------------+
| id   | name  | emailAddress      |
+------+-------+-------------------+
|    1 | admin | bademail@cust.com |
| 1002 | tmac  | NULL              |
+------+-------+-------------------+

Currently, the only way to *fix* this is by enabling the diagnostic user and logging into the maintenance console. (I will not be enabling how to do that here, consult NetApp Tech Support if you really need to do this!). After you are on the maintenance console, I was instructed to use this command to fix the database:

root@OCPM:/home/diag# mysql -e "update ocf.authorizationunit set emailAddress='goodemail99@cust.com' where id=1;"

Re-running the command above showed the updated info:

root@OCPM:/home/diag# mysql -e " select id,name,emailAddress from ocf.authorizationunit;"
+------+-------+----------------------+
| id   | name  | emailAddress         |
+------+-------+----------------------+
| 1    | admin | goodemail99@cust.com |
| 1002 | tmac  | NULL                 |
+------+-------+----------------------+


A bug has been opened to learn about this behavior. Hopefully, they will be able to fix this minor little issue soon.

Full Integration of OnCommand Unified Manager and Performance Manager

NetApp has recently released a “full integration” of the two core Clustered Data ONTAP monitoring products, OnCommand Unified Manager (vsphere version link) and OnCommand Performance Manager (vsphere version link).

ocumWhat does this mean?

Historically, when using these two products, you would need to setup each individually and mange each individually. With the “full integration” release, you still perform a basic setup on both. If using HTTPS Certificates generated by your own Certificate Authority, generate the signing requests, get and install the certificates and then, following the documentation, configure the “full integration” on the maintenance console of the performance manager. After a few minutes, you are presented with an updated single management pane through the OnCommand Unified Manger. Nearly all configuration options that apply to one, will apply to the other as needed. In fact, the GUI to OnCommand Performance Manager is now gone as a stand alone product (hitting the OCPM IP address with a browser no longer works) when full integration is used.

Partial Integration is what the application used in prior releases and is still a viable option. The preferred method moving forward is the Full Integration.

 

 

 

Power Supplies causing other issues? Really!

ds4246-2tb-2

 

So, I have recently been involved in a couple of cases regarding power supplies. Back in October I was asked to come to a site during a maintenance windows to see about fixing a problem that won’t seem to go away.

Case #1:

This first case had the following symptoms:

  • The IOM3-B module appeared quasi-online. It was there, but not quite.
    • Firmware updates did not work. Resetting/re-seating did not do much.
  • The DS4246 shelf would not allow the shelf ID to be set.
  • I am sure there were other un-diagnosed issues, but these two were most obvious

NetApp was baffled. I asked for and received a whole new shelf, two Power Supply modules and two IOM3 modules to basically have everything on hand to fix whatever the problem could be. This had been festering for a few weeks. The customer and NetApp Support simply wanted this fixed.

During our outage, the first thing we did was eliminate the shelf. We moved all disks, Power Supplies and IOMs over to the new shelf and powered it on. The Shelf ID LED would not come on….at all. Mmm? Ok. Swap the IOM3’s for the new ones. Still nothing! Swap the Power Supplies. Ah HA! The Shelf ID light came on.

To further isolate, we ended up shuffling the Power Supplies around further finding that there was one bad Power Supply that was causing significant problems. When it was in *any* shelf, problems followed. Remove the Power Supply and the problems disappear.

After looking at older ASUP’s it is likely we might have been able to deduce a bad power supply, but the details were in a less commonly used section of the environment output.

Case #2:

This second case had the following symptoms:

  • Upon performing A-side / B-side power testing, according to the netapp environment command, both power supplies were now unknown!
  • Some / most of the drives powered down
  • after power-cycling the shelf (both power supplies) NONE of the drives would power up!

Here we tried a few things, power-cycling a few times, resetting the IOM6 modules. For this case, we removed ONE power supply (PSU #4, lower right from the back of the shelf perspective). As soon as that ONE power supply was removed, the drives started powering on.

This was very odd. Fortunately for me, after I got this rectified and that power supply replaced, my NetApp case owner just happened to be an Electrical Engineer! He was able to dive into the many AutoSupport (ASUP) messages and further determine that power supply #1 in the same shelf was also on the fritz and it should be replaced also.

He was able to deduce that voltages and amperage’s were not quite right and strongly recommended to replace that power supply #1…which we did.

The takeaway

Never discount the power supplies. Also, be careful when you pull them out if you suspect them. In my case number two, we did the A-side test and all appeared OK when power was restored. After the B-side test, that is when everything went nuts so I figured that was the place to start. In hind sight, I would also use the environmental commands to verify amperage and voltage among other items before pulling a power supply.