Today I will be talking a bit about how to install and configure the “Ontap Mediator” application that is used as an alternate way to validate the health status of a cluster collection. To set up the role of this application I will use as reference the NetApp portal documentation:
ONTAP Mediator provides an alternate health path to the peer cluster, with the intercluster LIFs providing the other health path. With the Mediator’s health information, clusters can differentiate between intercluster LIF failure and site failure. When the site goes down, Mediator passes on the health information to the peer cluster on demand, facilitating the peer cluster to fail over. With the Mediator-provided information and the intercluster LIF health check information, ONTAP determines whether to perform an auto failover, if it is failover incapable, continue or stop.
This application can be used in “MetroCluster” scenarios as well as with “SnapMirror Business Continuity” (SM-BC) technology. As of ONTAP 9.8, SnapMirror Business Continuity (SM-BC) can be used to protect applications with LUNs, allowing applications to migrate transparently, ensuring business continuity in the event of a disaster. SM-BC uses “SnapMirror Synchronous” technology that allows data to be replicated to the target as soon as it is written to the source volume.
In this lab I will show you the Mediator application with the purpose of being able to perform in the future a lab on SM-BC in a VMware environment. The following image shows the role of Ontap Mediator within the SM-BC technology architecture.
As you can see the “Mediator” is constantly evaluating the Datacenter status to identify possible failures and to be able to react by migrating access to the volumes to the Datacenter that is up and running. It may be useful to understand some of the basics of SM-BC recovery and restoration.
A manual operation to change the access roles to volumes in an SM-BC relationship. The primary becomes the secondary and the secondary becomes the primary. The ALUA status report is also modified according to the status of the relationship.
Automatic unplanned recovery (AUFO):
An automatic operation to perform a failover to the mirror copy. The operation requires the assistance of the Ontap Mediator to detect that the primary copy is not available.
Here are the requirements to install the application. To view the content, just click on the “+” icon.
For this lab I am going to use Red Hat Enterprise Linux 8.1 running on a vSphere VM. The first thing to do is to download the application installation package. This is done by accessing the NetApp support portal as shown in the following image.
Link to Ontap Mediator:
After downloading the installation package, copy the “ONTAP-MEDIATOR-1.3” file to the server to be used for this purpose. Then proceed to change the installation file to executable mode with the command chmod +x.
[root@NTAPMED-01V ~]# ls anaconda-ks.cfg ONTAP-MEDIATOR-1.3 [root@NTAPMED-01V ~]# chmod +x ONTAP-MEDIATOR-1.3 [root@NTAPMED-01V ~]#
Next, proceed to install the application dependencies with the yum install command as shown below.
[root@NTAPMED-01V ~]# yum install openssl openssl-devel kernel-devel gcc libselinux-utils make redhat-lsb-core patch bzip2 python36 python36-devel perl-Data-Dumper perl-ExtUtils-MakeMaker python3-pip elfutils-libelf-devel policycoreutils-python-utils -y Last metadata expiration check: 0:13:59 ago on Tue 29 Jun 2021 10:01:36 PM AST. Package openssl-1:1.1.1g-15.el8_3.x86_64 is already installed. Package libselinux-utils-2.9-5.el8.x86_64 is already installed. Dependencies resolved. ............... Installed: Really long Output Complete! [root@NTAPMED-01V ~]#
Once all dependencies are installed, you can start running the application installation file. To do this use the command ./ONTAP-MEDIATOR-1.3.
Note: This command must be executed in the location where the installation file was stored.
[root@NTAPMED-01V ~]# ./ONTAP-MEDIATOR-1.3 ONTAP Mediator: Self Extracting Installer ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin). Would you like to use the default account names: netapp + mediatoradmin? (Y(es)/n(o)): Yes Enter ONTAP Mediator user account (mediatoradmin) password: XXXXXX Re-Enter ONTAP Mediator user account (mediatoradmin) password: XXXXX Checking if SELinux is in enforcing mode SELinux is set to Enforcing. ONTAP Mediator server requires modifying the SELinux context of the file /opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi from type 'lib_t' to 'bin_t'. This is neccessary to start the ONTAP Mediator service while SELinux is set to Enforcing. Allow SELinux context change? Y(es)/n(o): Yes The installer will change the SELinux context type of /opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi from type 'lib_t' to 'bin_t'. Checking for default Linux firewall Linux firewall is running. Open ports 31784 and 3260? Y(es)/n(o): Yes success success success ############################################################### Preparing for installation of ONTAP Mediator packages. Do you wish to continue? Y(es)/n(o):
The installer will ask several questions about the password of the users used by the ONTAP Mediator service and the TCP ports that will be opened in the local “Firewall” of the server. Once everything is properly specified the installer will validate that all the application prerequisites are installed.
Do you wish to continue? Y(es)/n(o): Y + Installing required packages. Updating Subscription Management repositories. Really long Output Dependencies resolved. Nothing to do. Complete! OS package installations finished + Installing ONTAP Mediator. (Log: /tmp/ontap_mediator.7atkl8/ontap-mediator/install_20210709162016.log) This step will take several minutes. Use the log file to view progress. #includedir /etc/sudoers.d Sudo include verified ONTAP Mediator logging enabled + Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20210709162016.log) + Note: ONTAP Mediator uses a kernel module compiled specifically for the current system OS. Using 'yum update' to upgrade the kernel may cause a service interruption. For more information, see /opt/netapp/lib/ontap_mediator/README [root@NTAPMED-01V ~]#
After installing the application it is important to validate that the services of the Ontap Mediator are activated and functional. To validate the services use the command <systemctl status ontap_mediator mediator-scst>.
[root@NTAPMED-01V ~]# systemctl status ontap_mediator mediator-scst ● ontap_mediator.service - ONTAP Mediator Loaded: loaded (/etc/systemd/system/ontap_mediator.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-07-09 14:21:31 AST; 11min ago Process: 1296 ExecStop=/bin/kill -s INT $MAINPID (code=exited, status=0/SUCCESS) Main PID: 1298 (uwsgi) Status: "uWSGI is ready" Tasks: 3 (limit: 23832) Memory: 61.4M Started ONTAP Mediator. ● mediator-scst.service Loaded: loaded (/etc/systemd/system/mediator-scst.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-07-09 14:21:30 AST; 11min ago Process: 1164 ExecStart=/etc/init.d/scst start (code=exited, status=0/SUCCESS) Main PID: 1250 (iscsi-scstd) Tasks: 1 (limit: 23832) Memory: 3.3M Started mediator-scst.service. [root@NTAPMED-01V ~]#
Additionally, it is important to ensure that the services are using the correct tcp ports. With the command <netstat -anlt | grep -E ‘3260|31784’> you can validate that ports 3260 and 31784 are in “LISTEN” mode.
[root@NTAPMED-01V ~]# netstat -anlt | grep -E '3260|31784' tcp 0 0 0.0.0.0:3260 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:31784 0.0.0.0:* LISTEN tcp6 0 0 :::3260 :::* LISTEN [root@NTAPMED-01V ~]#
With the command firewall-cmd –list-all you can validate that the rules for ports 31784/tcp and 3260/tcp are properly configured in the server’s local firewall.
[root@NTAPMED-01V ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: cockpit dhcpv6-client ssh ports: 31784/tcp 3260/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@NTAPMED-01V ~]#
Once the installation process has been successfully completed, add the Ontap Mediator to the configuration of the clusters where you have selected to use the “SnapMirror Business Continuity” (SM-BC) technology. To add the configuration, go to [Protection] => [Overview] => [Mediator] => [Configure]. Then you have to add the configuration as shown in the following images. It is important to mention that the certificate to be added in this configuration is the one of the CA located in:
Note: It is important to mention that for this configuration to work there must be a “cluster peer” and “vserver peer” relationship previously established.
Through the Ontap console you can also validate that the Ontap Mediator configuration is working correctly. With the <snapmirror mediator show> command you can validate that the Connection Status is “connected” and the Quorum Status is “true”.
Note: This command must be used in both clusters to validate that the connection is correctly established.
OnPrem-HQ::> snapmirror mediator show Mediator Address Peer Cluster Connection Status Quorum Status ---------------- ---------------- ----------------- ------------- 192.168.6.16 OnPrem-DR connected true OnPrem-HQ::*>
OnPrem-DR::> snapmirror mediator show Mediator Address Peer Cluster Connection Status Quorum Status ---------------- ---------------- ----------------- ------------- 192.168.6.16 OnPrem-HQ connected true OnPrem-DR::>
Here is how to add the Ontap Mediator to the cluster through Ontap’s console. To see the content, just click on the “+” icon.
Additionally I show you how to replace the SSL certificate of the Ontap Mediator service with one generated from a Microsoft Certificate Authority. To see the content, just click on the “+” icon.
In this lab I showed you how to install and configure Ontap Mediator. In the future I will use this service to do a lab on “SnapMirror Business Continuity” (SM-BC) together with VMware. I hope you liked this lab. If you have any doubts or questions about it, leave them in the comments. Regards.