Prepare to install or upgrade the ONTAP Mediator service

Contributors

PDFs

To install the ONTAP Mediator service, you must ensure all prerequisites are met, fetch the installation package and run the installer on the host. This procedure is used for an installation or an upgrade of an existing installation.

Beginning with ONTAP 9.7, you can use any version of ONTAP Mediator to monitor a MetroCluster IP configuration.
Beginning with ONTAP 9.8, you can use any version of ONTAP Mediator to monitor an SnapMirror active sync relationship.

Installation and upgrade considerations

Review the following considerations before you upgrade or install the ONTAP Mediator.

ONTAP Mediator 1.8 and earlier is not compatible with Red Hat Enterprise Linux FIPS mode and will prevent it from installing successfully. You can check if FIPS mode is enabled using the fips-mode-setup --check command. You can disable FIPS mode using the fips-modesetup --disable command. Reboot after disabling FIPS mode to successfully install ONTAP Mediator 1.8 or earlier.

You should upgrade the ONTAP Mediator to the latest version that is available. Previous versions of ONTAP Mediator remain backwards compatible with all ONTAP versions but recent versions include security patches for all third-party elements.
When you upgrade to a new ONTAP Mediator version, the installer automatically upgrades to the recommended SCST version unless a higher version is available. For instructions on manually installing a higher SCST version, see Manage the Mediator service. For supported versions, see the SCST support matrix.

If an installation failure occurs, you might need to upgrade to a later version of ONTAP Mediator.
If you install the yum-utils package, you can use the needs-restarting command.

OS requirements

Your operating system must meet the following requirements:

64-bit physical installation or virtual machine
8 GB RAM
1 GB disk space (used for applications installation, server logs, and the database)
User: Root access

The following table shows the supported operating systems for each version of ONTAP Mediator.

ONTAP Mediator version	Supported Linux versions
1.9	Red Hat Enterprise Linux Compatible: 8.4, 8.5, 8.6, 8.7, 8.9, 9.1, and 9.3 ¹ Recommended: 8.8, 8.10, 9.0, 9.2, and 9.4 Rocky Linux 8 and 9
1.8	Red Hat Enterprise Linux: 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 8.10, 9.0, 9.1, 9.2, 9.3, and 9.4 Rocky Linux 8 and 9
1.7	Red Hat Enterprise Linux: 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 9.0, 9.1, 9.2, and 9.3 Rocky Linux 8 and 9
1.6	Red Hat Enterprise Linux: 8.4, 8.5, 8.6, 8.7, 8.8, 9.0, 9.1, 9.2 Rocky Linux 8 and 9
1.5	Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5 CentOS: 7.6, 7.7, 7.8, 7.9
1.4	Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5 CentOS: 7.6, 7.7, 7.8, 7.9
1.3	Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3 CentOS: 7.6, 7.7, 7.8, 7.9
1.2	Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1 CentOS: 7.6, 7.7, 7.8, 7.9

Compatible means that RHEL no longer supports this version but ONTAP Mediator can still be installed.

OS upgrade considerations and kernel compatibility

All library packages, except the kernel, can safely be updated but might require a reboot to apply the changes within the ONTAP Mediator application. A service window is recommended when a reboot is required.
You should keep the OS kernel up to date. The kernel core can be upgraded to a version listed as supported in the ONTAP Mediator version matrix. A reboot is mandatory, so you should plan a maintenance window for the outage.
- You must uninstall the SCST kernel module before rebooting and then re-install it after.
- You must have a supported version of the SCST ready to reinstall before starting the kernel OS upgrade.

The kernel version must match the operating system version.
Upgrading to a kernel beyond the supported OS release for the specific ONTAP Mediator release is not supported. (This likely indicates that the tested SCST module won't compile).

Register a security key when UEFI Secure Boot is enabled

To install the ONTAP Mediator with UEFI Secure Boot enabled, you must register a security key before the service can start. The key is generated during the SCST installation's compile step and saved as a private-public key pair on your machine. Use the mokutil utility to add the public key as a Machine Owner Key (MOK) to your UEFI firmware, enabling the system to trust and load the signed module. Save the mokutil passphrase in a secure location as this is required when rebooting your system to activate the MOK.

To determine if the system is UEFI-enabled and Secure Boot is turned on, perform the following steps:

Steps

If mokutil is not installed, run the following command:

yum install mokutil

Check if UEFI Secure Boot is enabled on your system:

mokutil --sb-state

The results indicate whether UEFI Secure Boot is enabled on this system.

You are prompted to create a passphrase that you must store in a secure location. You'll need this passphrase to enable the key in the UEFI Boot Manager.
ONTAP Mediator 1.2.0 and earlier versions do not support this mode.

Add the public key to the MOK list:

mokutil --import /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der

You can leave the private key in its default location or move it to a secure location. However, the public key must be maintained in its existing location for use by the Boot Manager. For further information, see the following README.module-signing file:

[root@hostname ~]# ls /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/ README.module-signing scst_module_key.der scst_module_key.priv

Reboot the host and use your device's UEFI Boot Manager to approve the new MOK. You'll need the passphrase provided for the mokutil in step 2.

Disable UEFI Secure Boot

You can also choose to disable UEFI Secure Boot before installing ONTAP Mediator.