Skip to main content

Maintain the host OS for ONTAP Mediator

Contributors netapp-sarajane netapp-thomi
PDFs

Maintain the host OS for ONTAP Mediator regularly for optimal performance.

Reboot the host

Reboot the host only when clusters are healthy. Clusters cannot respond to failures while ONTAP Mediator is offline. Schedule a service window before rebooting.

ONTAP Mediator automatically resumes during a reboot and re-enters previously configured relationships with ONTAP clusters.

Host package updates

Update any library or yum package except the kernel. Reboot the host if required for changes to take effect. Schedule a service window before rebooting the host.

If you install the yum-utils package, use the needs-restarting command to detect if any package changes require a reboot.

Reboot after updating ONTAP Mediator dependencies because changes do not take immediate effect.

Host OS minor kernel upgrades

SCST must be compiled for the kernel that is being used. To update the OS, a maintenance window is required.

Steps

Perform the following steps to upgrade the host OS kernel.

Note Before upgrading the kernel, check that the OS and ONTAP Mediator version are compatible. For supported versions, see the OS support matrix.

  1. Stop ONTAP Mediator.

  2. Uninstall the SCST package, see Perform host maintenance. (SCST doesn't provide an upgrade mechanism.)

  3. Upgrade the OS, and reboot.

  4. Re-install the SCST package.

  5. Re-enable ONTAP Mediator.

Perform host maintenance

Upgrading the VM kernel can cause compatibility issues with SCST modules. Manually uninstall and reinstall SCST.

Step 1: Uninstall SCST

To uninstall SCST, use the tar bundle for your ONTAP Mediator version.

Steps

  1. Download the appropriate SCST bundle (as shown in the following table) and extract it.

    For this version …​

    Use this tar bundle…​

    ONTAP Mediator 1.10

    scst-3.9.tar.gz

    ONTAP Mediator 1.9.1

    scst-3.8.0.tar.bz2

    ONTAP Mediator 1.9

    scst-3.8.0.tar.bz2

    ONTAP Mediator 1.8

    scst-3.8.0.tar.bz2

    ONTAP Mediator 1.7

    scst-3.7.0.tar.bz2

    ONTAP Mediator 1.6

    scst-3.7.0.tar.bz2

    ONTAP Mediator 1.5

    scst-3.6.0.tar.bz2

    ONTAP Mediator 1.4

    scst-3.6.0.tar.bz2

    ONTAP Mediator 1.3

    scst-3.5.0.tar.bz2

    ONTAP Mediator 1.1

    scst-3.4.0.tar.bz2

    ONTAP Mediator 1.0

    scst-3.3.0.tar.bz2

    1. Access the open source package from the SCST sourceforge downloads.

    2. Select Download released versions.

    3. Extract the bundle to your VM.

  2. Run the following uninstall commands in the scst directory:

    1. systemctl stop mediator-scst

    2. make scstadm_uninstall

    3. make iscsi_uninstall

    4. make usr_uninstall

    5. make scst_uninstall

    6. depmod

Step 2: Install SCST

To manually install SCST, you need the SCST tar bundle that is used for the installed version of ONTAP Mediator (see the SCST table).

Note Perform this step before you install the ONTAP Mediator. If the SCST version you're using is newer than the version bundled with the ONTAP Mediator installer, the installer skips this step.

  1. Run the following install commands in the scst directory:

    1. make 2release

    2. make scst_install

    3. make usr_install

    4. make iscsi_install

    5. make scstadm_install

    6. depmod

      Note

      If you're performing a first-time installation and want to pre-install ONTAP Mediator, run the following command before continuing with the next step:

      mkdir -p /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys

    7. cp scst/src/certs/scst_module_key.der /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/

    8. patch /etc/init.d/scst < /opt/netapp/lib/ontap_mediator/systemd/scst.patch

      Note If you pre-install SCST before ONTAP Mediator during a first-time installation, skip this step. The installer applies relevant SCST patches.

  2. Optionally, if Secure Boot is enabled, before you reboot, perform the following steps:

    1. Determine each file name for the scst_vdisk, scst, and iscsi_scst modules:

      [root@localhost ~]# modinfo -n scst_vdisk
[root@localhost ~]# modinfo -n scst
[root@localhost ~]# modinfo -n iscsi_scst

    2. Determine the kernel release:

      [root@localhost ~]# uname -r

    3. Sign each module file with the kernel:

      [root@localhost ~]# /usr/src/kernels/<KERNEL-RELEASE>/scripts/sign-file \sha256 \
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.priv \
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der \
_module-filename_

    4. Install the UEFI key with the firmware.

      Instructions for installing the UEFI key are located at:

      /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/README.module-signing

      The generated UEFI key is located at:

      /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der

  3. Reboot the system:

    reboot

Host changes to the hostname or IP

About this task

  • Perform this task on the Linux host where you installed ONTAP Mediator.

  • Perform this task only if the self-signed certificates are obsolete because the hostname or IP address changed after installing ONTAP Mediator.

  • After the temporary self-signed certificate has been replaced by a trusted third-party certificate, you do not use this task to regenerate a certificate. If you do not have a self-signed certificate, you cannot use this procedure.

Step

Create a temporary self-signed certificate for the current host:

  1. Restart ONTAP Mediator:

    ./make_self_signed_certs.sh overwrite

    [root@xyz000123456 ~]# cd /opt/netapp/lib/ontap_mediator/ontap_mediator/server_config
[root@xyz000123456 server_config]# ./make_self_signed_certs.sh overwrite

Adding Subject Alternative Names to the self-signed server certificate
#
# OpenSSL example configuration file.
Generating self-signed certificates
Generating RSA private key, 4096 bit long modulus (2 primes)
..................................................................................................................................................................++++
........................................................++++
e is 65537 (0x010001)
Generating a RSA private key
................................................++++
.............................................................................................................................................++++
writing new private key to 'ontap_mediator_server.key'
-----
Signature ok
subject=C = US, ST = California, L = San Jose, O = "NetApp, Inc.", OU = ONTAP Core Software, CN = ONTAP Mediator, emailAddress = support@netapp.com
Getting CA Private Key

[root@xyz000123456 server_config]# systemctl restart ontap_mediator