Skip to main content

Prepare to install or upgrade the ONTAP Mediator service

Contributors netapp-sarajane netapp-dbagwell
PDFs

To install the ONTAP Mediator service, you must ensure all prerequisites are met, fetch the installation package and run the installer on the host. This procedure is used for an installation or an upgrade of an existing installation.

  • Beginning with ONTAP 9.7, you can use any version of ONTAP Mediator to monitor a MetroCluster IP configuration.

  • Beginning with ONTAP 9.8, you can use any version of ONTAP Mediator to monitor an SnapMirror active sync relationship.

Installation and upgrade considerations

Review the following considerations before you upgrade or install the ONTAP Mediator.

Caution ONTAP Mediator 1.8 and earlier is not compatible with Red Hat Enterprise Linux FIPS mode and will prevent it from installing successfully. You can check if FIPS mode is enabled using the fips-mode-setup --check command. You can disable FIPS mode using the fips-modesetup --disable command. Reboot after disabling FIPS mode to successfully install ONTAP Mediator 1.8 or earlier.

  • You should upgrade the ONTAP Mediator to the latest version that is available. Previous versions of ONTAP Mediator remain backwards compatible with all ONTAP versions but recent versions include security patches for all third-party elements.

  • When you upgrade to a new ONTAP Mediator version, the installer automatically upgrades to the recommended SCST version unless a higher version is available. For instructions on manually installing a higher SCST version, see Manage the Mediator service. For supported versions, see the SCST support matrix.

    Caution If an installation failure occurs, you might need to upgrade to a later version of ONTAP Mediator.

  • If you install the yum-utils package, you can use the needs-restarting command.

Host requirements

Follow these requirements when installing Red Hat Enterprise Linux (RHEL) or Rocky Linux and configuring the associated repositories.

Note

If you modify the installation or configuration process, you might need to perform additional steps.
Linux distribution requirements

  • Install RHEL or Rocky Linux according to Red Hat's best practices. Since CentOS 8.x has reached end-of-life, compatible versions of CentOS 8.x are not recommended.

  • When installing the ONTAP Mediator service, ensure the system has access to the required repository so the installation program can retrieve and install all required software dependencies.

  • To enable the yum installer to find dependent software in the RHEL repositories, register the system during installation or afterwards using a valid Red Hat subscription.

    Note

    See the Red Hat Subscription Manager documentation for further information.
Networking requirements

  • Ensure that the following ports are available and unused for ONTAP Mediator.

    • 31784: Configure this port for inbound requests because it's an HTTPS port and only accepts incoming traffic.

    • 3260: This port is bidirectional because the iSCSI protocol requires a two-way connection.

  • If using a third-party firewall, refer to Firewall requirements for ONTAP Mediator.

  • For Linux hosts without internet access, make sure the required packages are available in a local repository.

    If you are using Link Aggregation Control Protocol (LACP) in a Linux environment, configure the kernel and set the sysctl net.ipv4.conf.all.arp_ignore to 2.

OS requirements

Your OS must meet the following requirements:

  • 64-bit physical installation or virtual machine

  • 8 GB RAM

  • 1 GB disk space (used for applications installation, server logs, and the database)

  • User: Root access

The following table shows the supported OSs for each version of ONTAP Mediator.

ONTAP Mediator version

Supported Linux versions

1.9

  • Red Hat Enterprise Linux

    • Compatible: 8.4, 8.5, 8.6, 8.7, 8.9, 9.1, and 9.3 1

    • Recommended: 8.8, 8.10, 9.0, 9.2, 9.4, and 9.5

  • Rocky Linux 8 and 9

1.8

  • Red Hat Enterprise Linux: 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 8.10, 9.0, 9.1, 9.2, 9.3, and 9.4

  • Rocky Linux 8 and 9

1.7

  • Red Hat Enterprise Linux: 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 9.0, 9.1, 9.2, and 9.3

  • Rocky Linux 8 and 9

1.6

  • Red Hat Enterprise Linux: 8.4, 8.5, 8.6, 8.7, 8.8, 9.0, 9.1, 9.2

  • Rocky Linux 8 and 9

1.5

  • Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5

  • CentOS: 7.6, 7.7, 7.8, 7.9

1.4

  • Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5

  • CentOS: 7.6, 7.7, 7.8, 7.9

1.3

  • Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3

  • CentOS: 7.6, 7.7, 7.8, 7.9

1.2

  • Red Hat Enterprise Linux: 7.6, 7.7, 7.8, 7.9, 8.0, 8.1

  • CentOS: 7.6, 7.7, 7.8, 7.9

  1. Compatible means that RHEL no longer supports this version but ONTAP Mediator can still be installed.

OS required packages

The following packages are required by the ONTAP Mediator service:

Note The packages are either pre-installed or automatically installed by the ONTAP Mediator installer.

All RHEL/CentOS versions

Additional packages for RHEL 8.x / Rocky Linux 8

Additional packages for RHEL 9.x / Rocky Linux 9

  • openssl

  • openssl-devel

  • kernel-devel-$ (uname -r)

  • gcc

  • make

  • libselinux-utils

  • patch

  • bzip2

  • perl-Data-Dumper

  • perl-ExtUtils-MakeMaker

  • efibootmgr

  • mokutil

  • python3-pip

  • elfutils-libelf-devel

  • policycoreutils-python-utils

  • redhat-lsb-core

  • python39

  • python39-devel

  • python3-pip

  • elfutils-libelf-devel

  • policycoreutils-python-utils

  • python3

  • python3-devel

The Mediator installation package is a self-extracting compressed tar file that includes:

  • An RPM file containing all dependencies that cannot be obtained from the supported release's repository.

  • An install script.

A valid SSL certification is recommended.

OS upgrade considerations and kernel compatibility

  • All library packages, except the kernel, can safely be updated but might require a reboot to apply the changes within the ONTAP Mediator application. A service window is recommended when a reboot is required.

  • You should keep the OS kernel up to date. The kernel core can be upgraded to a version listed as supported in the ONTAP Mediator version matrix. A reboot is mandatory, so you should plan a maintenance window for the outage.

    • You must uninstall the SCST kernel module before rebooting and then re-install it after.

    • You must have a supported version of the SCST ready to reinstall before starting the kernel OS upgrade.

Note

  • The kernel version must match the operating system version.

  • Upgrading to a kernel beyond the supported OS release for the specific ONTAP Mediator release is not supported. (This likely indicates that the tested SCST module won't compile).

Install ONTAP Mediator when UEFI Secure Boot is enabled

ONTAP Mediator can be installed on a system with or without UEFI Secure Boot enabled.

About this task

You can choose to disable UEFI Secure Boot before installing ONTAP Mediator if it is not needed or if you are troubleshooting ONTAP Mediator installation issues. Disable the UEFI Secure Boot option from your machine settings.

Note

For detailed instructions on disabling UEFI Secure Boot, refer to the documentation for your host OS.

To install the ONTAP Mediator with UEFI Secure Boot enabled, you must register a security key before the service can start. The key is generated during the SCST installation's compile step and saved as a private-public key pair on your machine. Use the mokutil utility to add the public key as a Machine Owner Key (MOK) to your UEFI firmware, enabling the system to trust and load the signed module. Save the mokutil passphrase in a secure location as this is required when rebooting your system to activate the MOK.

Steps

  1. Check if UEFI Secure Boot is enabled on your system:

    mokutil --sb-state

    The results indicate whether UEFI Secure Boot is enabled on this system.

    If…​

    Go to…​

    UEFI secure boot is enabled

    The step where you run the mokutil utility

    UEFI secure boot is disabled

    Upgrade the host operating system and then the ONTAP Mediator
    Note

    • You are prompted to create a passphrase that you must store in a secure location. You'll need this passphrase to enable the key in the UEFI Boot Manager.

    • ONTAP Mediator 1.2.0 and earlier versions do not support this mode.

  2. If the mokutil utility is not installed, run the following command:

    yum install mokutil

  3. Add the public key to the MOK list:

    mokutil --import /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der

    Note You can leave the private key in its default location or move it to a secure location. However, the public key must be maintained in its existing location for use by the Boot Manager. For further information, see the following README.module-signing file:

    [root@hostname ~]# ls /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/ README.module-signing scst_module_key.der scst_module_key.priv

  4. Reboot the host and use your device's UEFI Boot Manager to approve the new MOK. You'll need the passphrase provided for the mokutil utility in the step where you check if UEFI Secure Boot is enabled on your system.