正在配置 LIF

您必须确定用于在数据和磁带资源之间建立数据连接的 LIF 、以及管理SVM 和备份应用程序之间的控制连接。识别出 LIF 后、必须验证是否为 LIF 设置了防火墙和故障转移策略、并指定首选接口角色。

步骤

  1. 使用network interface show带有 -role 参数的命令标识集群间、集群管理和节点管理 LIF 。
    示例
    以下命令显示集群间 LIF :
    cluster1::> network interface show -role intercluster
    
                Logical           Status     Network            Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------        ---------- ------------------ ------------- ------- ----
    cluster1    IC1               up/up      192.0.2.65/24      cluster1-1    e0a     true
    cluster1    IC2               up/up      192.0.2.68/24      cluster1-2    e0b     true
    以下命令显示 cluster - management lif :
    cluster1::> network interface show -role cluster-mgmt
    
                Logical           Status     Network            Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------        ---------- ------------------ ------------- ------- ----
    cluster1    cluster_mgmt      up/up      192.0.2.60/24      cluster1-2    e0M     true
    以下命令显示节点管理 LIF :
    cluster1::> network interface show -role node-mgmt
    
                Logical           Status     Network            Current       Current Is
    Vserver     Interface         Admin/Oper Address/Mask       Node          Port    Home
    ----------- ----------        ---------- ------------------ ------------  ------  ------ 
    cluster1    cluster1-1_mgmt1  up/up      192.0.2.69/24      cluster1-1    e0M     true
                cluster1-2_mgmt1  up/up      192.0.2.70/24      cluster1-2    e0M     true
  2. 确保在集群间、集群管理(集群管理)和节点管理(节点管理) LIF 上为 NDMP 启用了防火墙策略:
    1. 使用system services firewall policy show命令验证是否为 NDMP 启用了防火墙策略。
      示例

      以下命令显示用于集群管理 LIF 的防火墙策略:

      cluster1::> system services firewall policy show -policy cluster
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -----------------
      cluster     cluster      dns        0.0.0.0/0
                               http       0.0.0.0/0
                               https      0.0.0.0/0
                               ndmp       0.0.0.0/0
                               ndmps      0.0.0.0/0
                               ntp        0.0.0.0/0
                               rsh        0.0.0.0/0
                               snmp       0.0.0.0/0
                               ssh        0.0.0.0/0
                               telnet     0.0.0.0/0
      10 entries were displayed.

      以下命令显示集群间 LIF 的防火墙策略:

      cluster1::> system services firewall policy show -policy intercluster
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -------------------
      cluster1    intercluster dns        -
                               http       -
                               https      -
                               ndmp       0.0.0.0/0, ::/0
                               ndmps      -
                               ntp        -
                               rsh        -
                               ssh        -
                               telnet     -
      9 entries were displayed.

      以下命令显示节点管理 LIF 的防火墙策略:

      cluster1::> system services firewall policy show -policy mgmt
      
      Vserver     Policy       Service    Allowed
      -------     ------------ ---------- -------------------
      cluster1-1  mgmt         dns        0.0.0.0/0, ::/0
                               http       0.0.0.0/0, ::/0
                               https      0.0.0.0/0, ::/0
                               ndmp       0.0.0.0/0, ::/0
                               ndmps      0.0.0.0/0, ::/0
                               ntp        0.0.0.0/0, ::/0
                               rsh        -
                               snmp       0.0.0.0/0, ::/0
                               ssh        0.0.0.0/0, ::/0
                               telnet     -
      10 entries were displayed.
    2. 如果未启用防火墙策略,请使用system services firewall policy modify带有 -service 参数的命令启用防火墙策略。
      示例
      以下命令可为集群间 LIF 启用防火墙策略:
      cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
      
  3. 确保为所有 LIF 正确设置了故障转移策略:
    1. 使用network interface show -failover命令验证集群管理 LIF 的故障转移策略是否设置为广播域范围,以及集群间和节点管理 LIF 的策略是否设置为仅本地。
      示例
      以下命令显示用于集群管理、集群间和节点管理 LIF 的故障转移策略:
      cluster1::> network interface show -failover
      
                 Logical            Home              Failover              Failover
      Vserver    Interface          Node:Port         Policy                Group
      ---------- -----------------  ----------------- --------------------  --------
      cluster    cluster1_clus1     cluster1-1:e0a    local-only            cluster
                                                           Failover Targets:
                         	                                 .......
      
      cluster1   cluster_mgmt       cluster1-1:e0m    broadcast-domain-wide Default
                                                           Failover Targets: 
                                                           .......
                 IC1                 cluster1-1:e0a    local-only           Default
                                                           Failover Targets:
                 IC2                 cluster1-1:e0b    local-only           Default
                                                           Failover Targets:
                                                           ....... 
      cluster1-1 cluster1-1_mgmt1   cluster1-1:e0m    local-only            Default
                                                           Failover Targets: 
                                                           ......
      cluster1-2 cluster1-2_mgmt1   cluster1-2:e0m    local-only            Default
                                                           Failover Targets: 
                                                           ......
    2. 如果未正确设置故障转移策略,请使用network interface modify带有 -failover-policy 参数的命令修改故障转移策略。
      示例
      cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
       
  4. 使用vserver services ndmp modify带有 preferre-interface-role 参数的命令指定数据连接所需的 LIF 。
    示例
    cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
  5. 使用vserver services ndmp show命令验证是否为集群设置了首选接口角色。
    示例
    cluster1::> vserver services ndmp show -vserver cluster1
    
                                 Vserver: cluster1
                            NDMP Version: 4
                            .......
                            .......
                Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt