NetApp ONTAP Data Management Software Data Collector

04/08/2021 Contributors Download PDF of this page

This data collector acquires inventory and performance data from storage systems running ONTAP using read-only API calls from an ONTAP account. This data collector also creates a record in the cluster application registry to accelerate support.

Terminology

Cloud Insights acquires inventory and performance data from the ONTAP data collector. For each asset type acquired, the most common terminology used for the asset is shown. When viewing or troubleshooting this data collector, keep the following terminology in mind:

Vendor/Model Term	Cloud Insights Term
Disk	Disk
Raid Group	Disk Group
Cluster	Storage
Node	Storage Node
Aggregate	Storage Pool
LUN	Volume
Volume	Internal Volume

Vendor/Model Term

Cloud Insights Term

Disk

Raid Group

Disk Group

Cluster

Storage

Node

Storage Node

Aggregate

Storage Pool

LUN

Volume

Internal Volume

Requirements

The following are requirements to configure and use this data collector:

You must have access to an Administrator account configured for read-only API calls.
Account details include username and password.
Port requirements: 80 or 443
Account permissions:
- Read only role name to ontapi application to the default Vserver
- You may require additional optional write permissions. See the Note About Permissions below.
ONTAP License requirements:
- FCP license and mapped/masked volumes required for fibre-channel discovery

Configuration

Field	Description
NetApp Management IP	IP address or fully-qualified domain name of the NetApp cluster
User Name	User name for NetApp cluster
Password	Password for NetApp cluster

Field

Description

NetApp Management IP

IP address or fully-qualified domain name of the NetApp cluster

User Name

User name for NetApp cluster

Password

Password for NetApp cluster

Advanced configuration

Field	Description
Connection type	Choose HTTP (default port 80) or HTTPS (default port 443). The default is HTTPS
Override Communication Port	Specify a different port if you do not want to use the default
Inventory Poll Interval (min)	Default is 60 minutes.
For TLS for HTTPS	Only allow TLS as protocol when using HTTPS
Automatically Lookup Netgroups	Enable the automatic netgroup lookups for export policy rules
Netgroup Expansion	Netgroup Expansion Strategy. Choose file or shell. The default is shell.
HTTP read timeout seconds	Default is 30
Force responses as UTF-8	Forces data collector code to interpret responses from the CLI as being in UTF-8
Performance Poll Interval (sec)	Default is 900 seconds.
Advanced Counter Data Collection	Enable ONTAP integration. Select this to include ONTAP Advanced Counter data in polls. Choose the desired counters from the list.

Field

Description

Connection type

Choose HTTP (default port 80) or HTTPS (default port 443). The default is HTTPS

Override Communication Port

Specify a different port if you do not want to use the default

Inventory Poll Interval (min)

Default is 60 minutes.

For TLS for HTTPS

Only allow TLS as protocol when using HTTPS

Automatically Lookup Netgroups

Enable the automatic netgroup lookups for export policy rules

Netgroup Expansion

Netgroup Expansion Strategy. Choose file or shell. The default is shell.

HTTP read timeout seconds

Default is 30

Force responses as UTF-8

Forces data collector code to interpret responses from the CLI as being in UTF-8

Performance Poll Interval (sec)

Default is 900 seconds.

Advanced Counter Data Collection

Enable ONTAP integration. Select this to include ONTAP Advanced Counter data in polls. Choose the desired counters from the list.

A Note About Permissions

Since a number of Cloud Insights' ONTAP dashboards rely on advanced ONTAP counters, you must enable Advanced Counter Data Collection in the data collector Advanced Configuration section.

You should also ensure that write permission to the ONTAP API is enabled. This typically requires an account at the cluster level with the necessary permissions.

To create a local account for Cloud Insights at the cluster level, log in to ONTAP with the Cluster management Administrator username/password, and execute the following commands on the ONTAP server:

Create a read-only role using the following two commands.

security login role create -role oci_readonly -cmddirname DEFAULT -access readonly
security login role create -role oci_readonly -cmddirname security -access readonly
security login role create -role oci_readonly -access all -cmddirname “cluster application-record create”

Create the read-only user using the following command. Once you have executed the create command, you will be prompted to enter a password for this user.
```
security login create -username oci_user -application ontapi -authentication-method password -role oci_readonly
```

If AD/LDAP account is used, the command should be

security login create -user-or-group-name DOMAIN\aduser/adgroup -application ontapi -authentication-method domain -role oci_readonly

The resulting role and user login will look something like this:

Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ------------------ --------
cluster1 oci_readonly DEFAULT read only
cluster1 oci_readonly security readonly

cluster1::security login> show
Vserver: cluster1
Authentication Acct
UserName    Application   Method      Role Name      Locked
---------   -------      ----------- -------------- --------
ci_user     ontapi      password    oci_readonly   no

Troubleshooting

Some things to try if you encounter problems with this data collector:

Inventory

Problem:	Try this:
Receive 401 HTTP response or 13003 ZAPI error code and ZAPI returns “Insufficient privileges” or “not authorized for this command”	Check username and password, and user privileges/permissions.
Cluster version is < 8.1	Cluster minimum supported version is 8.1. Upgrade to minimum supported version.
ZAPI returns "cluster role is not cluster_mgmt LIF"	AU needs to talk to cluster management IP. Check the IP and change to a different IP if necessary
Error: “7 Mode filers are not supported”	This can happen if you use this data collector to discover 7 mode filer. Change IP to point to cdot cluster instead.
ZAPI command fails after retry	AU has communication problem with the cluster. Check network, port number, and IP address. User should also try to run a command from command line from the AU machine.
AU failed to connect to ZAPI via HTTP	Check whether ZAPI port accepts plaintext. If AU tries to send plaintext to an SSL socket, the communication fails.
Communication fails with SSLException	AU is attempting to send SSL to a plaintext port on a filer. Check whether the ZAPI port accepts SSL, or use a different port.
Additional Connection errors: ZAPI response has error code 13001, “database is not open” ZAPI error code is 60 and response contains “API did not finish on time” ZAPI response contains “initialize_session() returned NULL environment” ZAPI error code is 14007 and response contains “Node is not healthy”	Check network, port number, and IP address. User should also try to run a command from command line from the AU machine.

Problem:

Try this:

Receive 401 HTTP response or 13003 ZAPI error code and ZAPI returns “Insufficient privileges” or “not authorized for this command”

Check username and password, and user privileges/permissions.

Cluster version is < 8.1

Cluster minimum supported version is 8.1. Upgrade to minimum supported version.

ZAPI returns "cluster role is not cluster_mgmt LIF"

AU needs to talk to cluster management IP. Check the IP and change to a different IP if necessary

Error: “7 Mode filers are not supported”

This can happen if you use this data collector to discover 7 mode filer. Change IP to point to cdot cluster instead.

ZAPI command fails after retry

AU has communication problem with the cluster. Check network, port number, and IP address. User should also try to run a command from command line from the AU machine.

AU failed to connect to ZAPI via HTTP

Check whether ZAPI port accepts plaintext. If AU tries to send plaintext to an SSL socket, the communication fails.

Communication fails with SSLException

AU is attempting to send SSL to a plaintext port on a filer. Check whether the ZAPI port accepts SSL, or use a different port.

Additional Connection errors:

ZAPI response has error code 13001, “database is not open”

ZAPI error code is 60 and response contains “API did not finish on time”

ZAPI response contains “initialize_session() returned NULL environment”

ZAPI error code is 14007 and response contains “Node is not healthy”

Check network, port number, and IP address. User should also try to run a command from command line from the AU machine.

Performance

Problem:	Try this:
“Failed to collect performance from ZAPI” error	This is usually due to perf stat not running. Try the following command on each node: > system node systemshell -node -command “spmctl -h cmd –stop; spmctl -h cmd –exec”*

Problem:

Try this:

“Failed to collect performance from ZAPI” error

This is usually due to perf stat not running. Try the following command on each node:

> system node systemshell -node * -command “spmctl -h cmd –stop; spmctl -h cmd –exec”

Additional information may be found from the Support page or in the Data Collector Support Matrix.