Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

abuzzi

1 Rookie

 • 

69 Posts

2663

August 20th, 2019 00:00

VNX: how SP push cmds over control station ? (user_db not updated)

Hello,

I have two indipendent VNX5300 (single CS and double SP each).

On one system (emc2-cs0) the SP seems unable to sends commands back to CS.

How can I restore the communication SP->CS ?

 

Below the error sequence I get on emc2-cs0 and also the correct sequence on emc1-cs0.

 

Appreciated any suggestion,

Andrea

 

Example: if I add a new administrator user this is not added to CS:

[root@emc2-cs0 log]$ naviseccli -User sysadmin -Password sysadmin -scope 0 -h SPA Security -adduser -user test999 -password test999 -scope 0 -role administrator
WARNING: You are about to add user: test999

Proceed?(y/n) y

[root@emc2-cs0 log]$ cat /etc/passwd | grep test
[root@emc2-cs0 log]$ cat /nas/site/user_db
0:1:1:::local
1:1:1:::local
2:1:1:::local
3:1:1:::local
4:1:1:::local
5:1:1:::local
8:1:1:::local
11:1:1:::local
12:1:1:::local
99:1:1:::local
81:1:1:::local
94:1:1:::local
28:1:1:::local
69:1:1:::local
48:1:1:::local
32:1:1:::local
47:1:1:::local
51:1:1:::local
98:1:1:::local
29:1:1:::local
65534:1:1:::local
74:1:1:::local
38:1:1:::local
77:1:1:::local
37:1:1:::local
68:1:1:::local
201:1:1:::local
[root@emc2-cs0 log]$
[root@emc2-cs0 log]$ naviseccli -User test999 -Password test999 -scope 0 -h SPA getagent

Agent Rev: 7.32.33 (9.2)
Name: K10
Desc:
Node: A-CKM00122601488
Physical Node: K10
Signature: 3244558
Peer Signature: 3244576
Revision: 05.32.000.5.249
SCSI Id: 0
Model: VNX5300
Model Type: Rackmount
Prom Rev: 7.20.00
SP Memory: 8192
Serial No: CKM00122601488
SP Identifier: A
Cabinet: DPE8


[root@emc2-cs0 log]$
[root@emc2-cs0 log]$ naviseccli -User sysadmin -Password sysadmin -scope 0 -h SPA Security -rmuser -user test999 -scope 0
WARNING: You are about to remove user: test999 (global)

Proceed?(y/n) y

[root@emc2-cs0 log]$ naviseccli -User test999 -Password test999 -scope 0 -h SPA getagent
Error returned from the Management Server on 10.58.11.198
Authentication failed. Possible reasons for failure are invalid security file, invalid username, password and/or scope.
[root@emc2-cs0 log]$

 

If instead I repeat the same process on the working system (emc1-cs0) then user is correctly handled:

[nasadmin@emc1-cs0 bin]$ naviseccli -User sysadmin -Password sysadmin -scope 0 -h SPA Security -adduser -user test999 -password test999 -scope 0 -role administrator
WARNING: You are about to add user: test999

Proceed?(y/n) y

[nasadmin@emc1-cs0 bin]$ cat /etc/passwd | grep test
test999:x:509:201::/home/test999:/bin/bash
[nasadmin@emc1-cs0 bin]$ cat /nas/site/user_db
0:1:1:::local
1:1:1:::local
2:1:1:::local
3:1:1:::local
4:1:1:::local
5:1:1:::local
8:1:1:::local
11:1:1:::local
12:1:1:::local
99:1:1:::local
81:1:1:::local
94:1:1:::local
28:1:1:::local
69:1:1:::local
48:1:1:::local
32:1:1:::local
47:1:1:::local
51:1:1:::local
98:1:1:::local
29:1:1:::local
65534:1:1:::local
74:1:1:::local
38:1:1:::local
77:1:1:::local
37:1:1:::local
68:1:1:::local
201:1:1:::local
508:1:1:CLARIION_DOMAIN:sysadmin:storageDomain
509:1:1:CLARIION_DOMAIN:test999:storageDomain
[nasadmin@emc1-cs0 bin]$
[nasadmin@emc1-cs0 bin]$ naviseccli -User sysadmin -Password sysadmin -scope 0 -h SPA Security -rmuser -user test999 -scope 0
WARNING: You are about to remove user: test999 (global)

Proceed?(y/n) y

[nasadmin@emc1-cs0 bin]$
[nasadmin@emc1-cs0 bin]$ cat /etc/passwd | grep test
[nasadmin@emc1-cs0 bin]$ cat /nas/site/user_db | grep test
[nasadmin@emc1-cs0 bin]$

abuzzi

1 Rookie

 • 

69 Posts

August 21st, 2019 07:00

Hello,

amazing... after issuing the below sequence I've got folder "/nas/http/domain" populated.

Now when I connect via EMC unisphere I get the File section visible.

hurrah!

Thx,

Andrea

 

[root@emc2-cs0 domain]# /nas/sbin/naviseccli -h SPA -user sysadmin -password sysadmin -scope 0 domain -messner -add -system 10.58.11.197
WARNING: This command is intended only to push a File system's IP at initialization and by appropriate personnel. Any other use of the command may result in undefined behavior, including an unusable domain.
File IP Address: 10.58.11.197
Proceed? (y/n) y

[root@emc2-cs0 domain]#
[root@emc2-cs0 domain]# /nas/http/webui/bin/update_domain_directory.pl
* About to connect() to localhost port 443
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES256-SHA
* Server certificate:
* subject: /O=VNX Control Station Administrator/CN=10.58.11.197/CN=emc2-cs0/CN=emc2-cs0
* start date: 2019-07-30 08:06:54 GMT
* expire date: 2024-08-04 08:06:54 GMT
* common name: emc2-cs0 (does not match 'localhost')
* issuer: /O=VNX Certificate Authority/CN=emc2-cs0
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> POST /cimom HTTP/1.0
> Authorization:Digest response="{059EBAAC-9D8A-4CEE-A4EB-CD7C57225952}",username=""
> Content-Length: 308
>
> % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0HTTP/1.1 200 OK
< Date: Wed, 21 Aug 2019 14:03:54 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Accept-Ranges: none
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Length: 0
< Connection: close
< Content-Type: text/plain; charset=UTF-8
0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

[root@emc2-cs0 domain]#
[root@emc2-cs0 domain]# ll /nas/http/domain
total 11
drwxr-xr-x 2 apache apache 1024 Aug 21 15:56 bak
-rw-r--r-- 1 apache apache 61 Aug 21 16:03 domain_list
-rw-r--r-- 1 apache apache 193 Aug 21 16:03 domain_master
-rw-r--r-- 1 apache apache 5945 Aug 21 16:03 domain_provider_xml
-rw------- 1 apache apache 58 Aug 21 16:03 domain_users
drwxr-xr-x 2 apache apache 1024 Aug 30 2012 ldap
-rw-r--r-- 1 apache apache 0 May 28 2018 lock_file
[root@emc2-cs0 domain]#

abuzzi

1 Rookie

 • 

69 Posts

August 21st, 2019 06:00

Hello,

I tried to follow instructions on this page:

   VNX not able to login in glogal domain or Control Station

   http://www.asgaur.com/wp/vnx-not-able-to-login-in-glogal-domain-or-control-station/

 

but when it came to "/nas/http/bin/set_passphrase" I get "Domain: command not found" back

and my CS's /nat/http/domain folder remains empty...

 

[root@emc2-cs0 domain]# /nas/http/bin/set_passphrase
/nas/http/bin/set_passphrase: line 79: Domain: command not found
Unable to set passphrase.
[root@emc2-cs0 domain]# ls -la /nas/http/domain
total 4
drwxr-xr-x 4 apache apache 1024 Aug 21 14:43 .
drwxr-xr-x 14 root root 1024 May 25 2018 ..
drwxr-xr-x 2 apache apache 1024 Aug 21 13:32 bak
drwxr-xr-x 2 apache apache 1024 Aug 30 2012 ldap
-rw-r--r-- 1 apache apache 0 May 28 2018 lock_file
[root@emc2-cs0 domain]#

 

Thank you,

Andrea

 

Was this post helpful?

View All

No Events found!

Top