Install the ONTAP Mediator installation package
Contributors
Suggest changes
PDFs
To install or upgrade ONTAP Mediator, you must get the installation package and run the installer on the host.
About this task
-
When you install or upgrade to ONTAP Mediator 1.12 or later, you have the option to install ONTAP Mediator with iSCSI and HTTPS support, or support for HTTPS only. If you choose to install ONTAP Mediator with support for HTTPS only, the SCST package is not installed.
-
If you upgrade from ONTAP Mediator 1.11 or earlier with SCST installed, and you choose the HTTPS only option during the upgrade, the SCST package is uninstalled and the new ONTAP Mediator version does not contain the SCST package.
-
Installing ONTAP Mediator with support for HTTPS only is supported for the following use cases:
-
You plan to only use ONTAP Mediator to monitor your SnapMirror active sync clusters.
-
You plan to configure ONTAP Mediator with HTTPS to monitor a single MetroCluster IP configuration per ONTAP Mediator instance.
-
-
ONTAP Mediator must be installed with support for iSCSI and HTTPS in the following scenario:
-
You plan to configure ONTAP Mediator with iSCSI to monitor one or more MetroCluster IP configurations.
-
|
|
-
During installation or upgrade to ONTAP Mediator 1.12 or later, the installer prompts you to respond to the following:
ONTAP Mediator can be installed with iSCSI and HTTPS support, or HTTPS support only. Do you wish to install ONTAP Mediator with iSCSI and HTTPS support? Y(es)/n(o):-
Respond
Yesif you plan to use ONTAP Mediator configured with iSCSI to monitor one or more MetroCluster IP configurations. -
Respond
Noif you plan to only use ONTAP Mediator for SnapMirror active sync, or if you plan to configure ONTAP Mediator with HTTPS to monitor a single MetroCluster IP configuration per ONTAP Mediator instance.Alternatively, you can use the
--https-onlyoption in the./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -ycommand to specify HTTPS only.
-
Steps
-
Run the installer and respond to the prompts as required:
./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y[root@mediator_host ~]# ./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y
To skip signature check during installation, use this command:
./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y --skip-code-signature-checkThe installer creates the required accounts and installs the required packages. If the Mediator is already installed, it prompts you to upgrade.
Example ONTAP Mediator installation with HTTPS and iSCSI support (console output)
[root@mediator_host ~]# tar -zxvf ontap-mediator-1.12.0.tgz
ontap-mediator-1.12.0/
ontap-mediator-1.12.0/csc-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ONTAP-Mediator-production.pub
ontap-mediator-1.12.0/tsa-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/csc-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ontap-mediator-1.12.0
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig
ontap-mediator-1.12.0/ontap-mediator-1.12.0.tsr
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig.tsr
[root@mediator_host ~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
+ Unpacking the ONTAP Mediator installer
+ ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '0', args are: ''
+ Starting ONTAP Mediator install/update process: previous installation_mode is ''
ONTAP Mediator can be installed with iSCSI and HTTPS support, or support for HTTPS only.
Do you wish to install ONTAP Mediator with iSCSI and HTTPS support? Y(es)/n(o): yes
ONTAP Mediator will be installed with mode: ISCSI_HTTPS
+ Selected install package mode: ISCSI_HTTPS
+ Checking that required ports 3260 and 31784 are free
ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin).
Would you like to use the default account names: netapp + mediatoradmin? (Y(es)/n(o)): yes
Enter ONTAP Mediator user account (mediatoradmin) password:
Re-Enter ONTAP Mediator user account (mediatoradmin) password:
+ Checking if SELinux is in enforcing mode
SELinux is set to Enforcing. ONTAP Mediator server requires modifying the SELinux context of the file
/opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi from type 'lib_t' to 'bin_t'.
This is necessary to start the ONTAP Mediator service while SELinux is set to Enforcing.
Allow SELinux context change? Y(es)/n(o): yes
The installer will change the SELinux context type of
/opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi from type 'lib_t' to 'bin_t'.
+ Checking for default Linux firewall
+ Installing required packages.
Last metadata expiration check: 2:16:00 ago on Tue 24 Mar 2026 12:58:28 PM EDT.
Package openssl-1:3.5.1-7.0.1.el9_7.x86_64 is already installed.
Package openssl-devel-1:3.5.1-7.0.1.el9_7.x86_64 is already installed.
Package kernel-uek-devel-6.12.0-109.67.6.el9uek.x86_64 is already installed.
Package gcc-11.5.0-11.0.2.el9.x86_64 is already installed.
Package make-1:4.3-8.el9.x86_64 is already installed.
Package which-2.21-30.el9_6.x86_64 is already installed.
Package libselinux-utils-3.6-3.el9.x86_64 is already installed.
Package patch-2.7.6-16.el9.x86_64 is already installed.
Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed.
Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed.
Package bzip2-1.0.8-10.el9_5.x86_64 is already installed.
Package efibootmgr-16-12.0.1.el9.x86_64 is already installed.
Package mokutil-2:0.7.2-1.el9.x86_64 is already installed.
Package python3-pip-21.3.1-1.el9.noarch is already installed.
Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed.
Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed.
Package python3.12-3.12.12-4.0.1.el9_7.1.x86_64 is already installed.
Package python3.12-devel-3.12.12-4.0.1.el9_7.1.x86_64 is already installed.
Package gcc-toolset-14-14.0-2.el9.x86_64 is already installed.
Dependencies resolved.
===================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================
Installing:
efibootmgr x86_64 18-8.el10 baseos 47 k
mokutil x86_64 2:0.7.2-1.el10 baseos 48 k
patch x86_64 2.7.6-26.el10 appstream 131 k
perl-ExtUtils-MakeMaker noarch 2:7.70-513.el10 appstream 295 k
python3-devel x86_64 3.12.12-4.el10_1 appstream 329 k
python3-pip noarch 23.3.2-7.el10 appstream 3.2 M
Upgrading:
libselinux x86_64 3.9-1.el10 baseos 97 k
libselinux-utils x86_64 3.9-1.el10 baseos 122 k
libsemanage x86_64 3.9-1.el10 baseos 122 k
libsepol x86_64 3.9-1.el10 baseos 348 k
policycoreutils x86_64 3.9-1.el10 baseos 224 k
policycoreutils-python-utils noarch 3.9-1.el10 appstream 51 k
python-unversioned-command noarch 3.12.12-4.el10_1 appstream 11 k
python3 x86_64 3.12.12-4.el10_1 baseos 28 k
python3-libs x86_64 3.12.12-4.el10_1 baseos 9.4 M
python3-libselinux x86_64 3.9-1.el10 appstream 200 k
python3-libsemanage x86_64 3.9-1.el10 appstream 81 k
python3-policycoreutils noarch 3.9-1.el10 appstream 2.2 M
Installing dependencies:
annobin-docs noarch 12.99-1.el10 appstream 88 k
annobin-plugin-gcc x86_64 12.99-1.el10 appstream 998 k
dwz x86_64 0.16-1.el10 appstream 139 k
efi-filesystem noarch 6-7.el10.rocky.0.1 baseos 7.8 k
efi-srpm-macros noarch 6-7.el10.rocky.0.1 appstream 22 k
efivar-libs x86_64 39-3.el10 baseos 127 k
fonts-srpm-macros noarch 1:2.0.5-18.el10 appstream 26 k
forge-srpm-macros noarch 0.4.0-6.el10 appstream 20 k
gcc-plugin-annobin x86_64 14.3.1-2.1.el10 appstream 67 k
go-srpm-macros noarch 3.6.0-7.el10_1 appstream 27 k
kernel-srpm-macros noarch 1.0-26.el10 appstream 9.4 k
lua-srpm-macros noarch 1-15.el10 appstream 8.8 k
ocaml-srpm-macros noarch 10-4.el10 appstream 9.2 k
openblas-srpm-macros noarch 2-19.el10 appstream 7.7 k
package-notes-srpm-macros noarch 0.5-13.el10 appstream 9.2 k
perl-AutoSplit noarch 5.74-512.2.el10_0 appstream 21 k
perl-Benchmark noarch 1.25-512.2.el10_0 appstream 27 k
perl-CPAN-Meta-Requirements noarch 2.143-11.el10 appstream 35 k
perl-CPAN-Meta-YAML noarch 0.018-512.el10 appstream 26 k
perl-Devel-PPPort x86_64 3.72-512.el10 appstream 219 k
perl-ExtUtils-Command noarch 2:7.70-513.el10 appstream 14 k
perl-ExtUtils-Constant noarch 0.25-512.2.el10_0 appstream 43 k
perl-ExtUtils-Install noarch 2.22-511.el10 appstream 43 k
perl-ExtUtils-Manifest noarch 1:1.75-511.el10 appstream 34 k
perl-ExtUtils-ParseXS noarch 1:3.51-512.el10 appstream 189 k
perl-File-Compare noarch 1.100.800-512.2.el10_0 appstream 13 k
perl-File-Copy noarch 2.41-512.2.el10_0 appstream 20 k
perl-I18N-Langinfo x86_64 0.24-512.2.el10_0 appstream 25 k
perl-JSON-PP noarch 1:4.16-512.el10 appstream 66 k
perl-Test-Harness noarch 1:3.48-512.el10 appstream 282 k
perl-lib x86_64 0.65-512.2.el10_0 appstream 15 k
perl-srpm-macros noarch 1-57.el10 appstream 8.5 k
perl-version x86_64 8:0.99.32-4.el10 appstream 63 k
pyproject-srpm-macros noarch 1.16.2-1.el10 appstream 14 k
python-srpm-macros noarch 3.12-10.el10 appstream 23 k
python3-pyparsing noarch 3.1.1-7.el10 baseos 271 k
qt6-srpm-macros noarch 6.9.1-1.el10 appstream 9.6 k
redhat-rpm-config noarch 293-1.el10.rocky.0.2 appstream 78 k
rust-toolset-srpm-macros noarch 1.88.0-1.el10 appstream 12 k
systemtap-sdt-devel x86_64 5.3-3b.el10 appstream 69 k
systemtap-sdt-dtrace x86_64 5.3-3b.el10 appstream 70 k
Installing weak dependencies:
perl-CPAN-Meta noarch 2.150010-511.el10 appstream 197 k
perl-Encode-Locale noarch 1.05-31.el10 appstream 18 k
perl-Time-HiRes x86_64 4:1.9777-511.el10 appstream 58 k
perl-devel x86_64 4:5.40.2-512.2.el10_0 appstream 770 k
perl-doc noarch 5.40.2-512.2.el10_0 appstream 4.9 M
Transaction Summary
===================================================================================================================================
Install 52 Packages
Upgrade 12 Packages
Total download size: 26 M
Is this ok [y/N]: y
Downloading Packages:
(1/64): efi-filesystem-6-7.el10.rocky.0.1.noarch.rpm 206 kB/s | 7.8 kB 00:00
(2/64): efibootmgr-18-8.el10.x86_64.rpm 1.2 MB/s | 47 kB 00:00
(3/64): efivar-libs-39-3.el10.x86_64.rpm 2.8 MB/s | 127 kB 00:00
(4/64): mokutil-0.7.2-1.el10.x86_64.rpm 6.4 MB/s | 48 kB 00:00
(5/64): annobin-docs-12.99-1.el10.noarch.rpm 11 MB/s | 88 kB 00:00
(6/64): python3-pyparsing-3.1.1-7.el10.noarch.rpm 13 MB/s | 271 kB 00:00
(7/64): dwz-0.16-1.el10.x86_64.rpm 12 MB/s | 139 kB 00:00
(8/64): efi-srpm-macros-6-7.el10.rocky.0.1.noarch.rpm 2.7 MB/s | 22 kB 00:00
(9/64): fonts-srpm-macros-2.0.5-18.el10.noarch.rpm 5.1 MB/s | 26 kB 00:00
(10/64): forge-srpm-macros-0.4.0-6.el10.noarch.rpm 4.3 MB/s | 20 kB 00:00
(11/64): gcc-plugin-annobin-14.3.1-2.1.el10.x86_64.rpm 10 MB/s | 67 kB 00:00
(12/64): go-srpm-macros-3.6.0-7.el10_1.noarch.rpm 4.7 MB/s | 27 kB 00:00
(13/64): kernel-srpm-macros-1.0-26.el10.noarch.rpm 2.0 MB/s | 9.4 kB 00:00
(14/64): lua-srpm-macros-1-15.el10.noarch.rpm 2.0 MB/s | 8.8 kB 00:00
(15/64): ocaml-srpm-macros-10-4.el10.noarch.rpm 2.0 MB/s | 9.2 kB 00:00
(16/64): annobin-plugin-gcc-12.99-1.el10.x86_64.rpm 16 MB/s | 998 kB 00:00
(17/64): openblas-srpm-macros-2-19.el10.noarch.rpm 432 kB/s | 7.7 kB 00:00
(18/64): package-notes-srpm-macros-0.5-13.el10.noarch.rpm 519 kB/s | 9.2 kB 00:00
(19/64): perl-AutoSplit-5.74-512.2.el10_0.noarch.rpm 4.5 MB/s | 21 kB 00:00
(20/64): patch-2.7.6-26.el10.x86_64.rpm 14 MB/s | 131 kB 00:00
(21/64): perl-Benchmark-1.25-512.2.el10_0.noarch.rpm 3.5 MB/s | 27 kB 00:00
(22/64): perl-CPAN-Meta-Requirements-2.143-11.el10.noarch.rpm 10 MB/s | 35 kB 00:00
(23/64): perl-CPAN-Meta-YAML-0.018-512.el10.noarch.rpm 5.3 MB/s | 26 kB 00:00
(24/64): perl-CPAN-Meta-2.150010-511.el10.noarch.rpm 12 MB/s | 197 kB 00:00
(25/64): perl-Encode-Locale-1.05-31.el10.noarch.rpm 2.6 MB/s | 18 kB 00:00
(26/64): perl-ExtUtils-Command-7.70-513.el10.noarch.rpm 3.0 MB/s | 14 kB 00:00
(27/64): perl-Devel-PPPort-3.72-512.el10.x86_64.rpm 13 MB/s | 219 kB 00:00
(28/64): perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch.rpm 4.9 MB/s | 43 kB 00:00
(29/64): perl-ExtUtils-Install-2.22-511.el10.noarch.rpm 4.7 MB/s | 43 kB 00:00
(30/64): perl-ExtUtils-Manifest-1.75-511.el10.noarch.rpm 6.2 MB/s | 34 kB 00:00
(31/64): perl-File-Compare-1.100.800-512.2.el10_0.noarch.rpm 4.2 MB/s | 13 kB 00:00
(32/64): perl-ExtUtils-MakeMaker-7.70-513.el10.noarch.rpm 17 MB/s | 295 kB 00:00
(33/64): perl-ExtUtils-ParseXS-3.51-512.el10.noarch.rpm 11 MB/s | 189 kB 00:00
(34/64): perl-File-Copy-2.41-512.2.el10_0.noarch.rpm 1.7 MB/s | 20 kB 00:00
(35/64): perl-I18N-Langinfo-0.24-512.2.el10_0.x86_64.rpm 5.0 MB/s | 25 kB 00:00
(36/64): perl-JSON-PP-4.16-512.el10.noarch.rpm 9.3 MB/s | 66 kB 00:00
(37/64): perl-Time-HiRes-1.9777-511.el10.x86_64.rpm 11 MB/s | 58 kB 00:00
(38/64): perl-Test-Harness-3.48-512.el10.noarch.rpm 13 MB/s | 282 kB 00:00
(39/64): perl-lib-0.65-512.2.el10_0.x86_64.rpm 4.4 MB/s | 15 kB 00:00
(40/64): perl-srpm-macros-1-57.el10.noarch.rpm 2.7 MB/s | 8.5 kB 00:00
(41/64): perl-devel-5.40.2-512.2.el10_0.x86_64.rpm 19 MB/s | 770 kB 00:00
(42/64): perl-version-0.99.32-4.el10.x86_64.rpm 4.3 MB/s | 63 kB 00:00
(43/64): pyproject-srpm-macros-1.16.2-1.el10.noarch.rpm 4.5 MB/s | 14 kB 00:00
(44/64): python-srpm-macros-3.12-10.el10.noarch.rpm 5.1 MB/s | 23 kB 00:00
(45/64): python3-devel-3.12.12-4.el10_1.x86_64.rpm 20 MB/s | 329 kB 00:00
(46/64): qt6-srpm-macros-6.9.1-1.el10.noarch.rpm 3.0 MB/s | 9.6 kB 00:00
(47/64): redhat-rpm-config-293-1.el10.rocky.0.2.noarch.rpm 16 MB/s | 78 kB 00:00
(48/64): rust-toolset-srpm-macros-1.88.0-1.el10.noarch.rpm 3.6 MB/s | 12 kB 00:00
(49/64): systemtap-sdt-devel-5.3-3b.el10.x86_64.rpm 11 MB/s | 69 kB 00:00
(50/64): systemtap-sdt-dtrace-5.3-3b.el10.x86_64.rpm 16 MB/s | 70 kB 00:00
(51/64): libselinux-3.9-1.el10.x86_64.rpm 10 MB/s | 97 kB 00:00
(52/64): libselinux-utils-3.9-1.el10.x86_64.rpm 14 MB/s | 122 kB 00:00
(53/64): libsemanage-3.9-1.el10.x86_64.rpm 13 MB/s | 122 kB 00:00
(54/64): libsepol-3.9-1.el10.x86_64.rpm 18 MB/s | 348 kB 00:00
(55/64): python3-pip-23.3.2-7.el10.noarch.rpm 21 MB/s | 3.2 MB 00:00
(56/64): policycoreutils-3.9-1.el10.x86_64.rpm 4.3 MB/s | 224 kB 00:00
(57/64): python3-3.12.12-4.el10_1.x86_64.rpm 5.7 MB/s | 28 kB 00:00
(58/64): policycoreutils-python-utils-3.9-1.el10.noarch.rpm 6.7 MB/s | 51 kB 00:00
(59/64): perl-doc-5.40.2-512.2.el10_0.noarch.rpm 17 MB/s | 4.9 MB 00:00
(60/64): python-unversioned-command-3.12.12-4.el10_1.noarch.rpm 175 kB/s | 11 kB 00:00
(61/64): python3-libselinux-3.9-1.el10.x86_64.rpm 16 MB/s | 200 kB 00:00
(62/64): python3-libsemanage-3.9-1.el10.x86_64.rpm 7.0 MB/s | 81 kB 00:00
(63/64): python3-policycoreutils-3.9-1.el10.noarch.rpm 28 MB/s | 2.2 MB 00:00
(64/64): python3-libs-3.12.12-4.el10_1.x86_64.rpm 31 MB/s | 9.4 MB 00:00
-----------------------------------------------------------------------------------------------------------------------------------
Total 19 MB/s | 26 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : python3-libs-3.12.12-4.el10_1.x86_64 1/76
Upgrading : python-unversioned-command-3.12.12-4.el10_1.noarch 2/76
Upgrading : python3-3.12.12-4.el10_1.x86_64 3/76
Upgrading : libsepol-3.9-1.el10.x86_64 4/76
Upgrading : libselinux-3.9-1.el10.x86_64 5/76
Running scriptlet: libselinux-3.9-1.el10.x86_64 5/76
Installing : perl-version-8:0.99.32-4.el10.x86_64 6/76
Installing : perl-File-Copy-2.41-512.2.el10_0.noarch 7/76
Installing : perl-CPAN-Meta-Requirements-2.143-11.el10.noarch 8/76
Upgrading : libsemanage-3.9-1.el10.x86_64 9/76
Upgrading : python3-libselinux-3.9-1.el10.x86_64 10/76
Installing : perl-Time-HiRes-4:1.9777-511.el10.x86_64 11/76
Installing : perl-JSON-PP-1:4.16-512.el10.noarch 12/76
Installing : perl-File-Compare-1.100.800-512.2.el10_0.noarch 13/76
Installing : perl-ExtUtils-ParseXS-1:3.51-512.el10.noarch 14/76
Installing : efivar-libs-39-3.el10.x86_64 15/76
Upgrading : python3-libsemanage-3.9-1.el10.x86_64 16/76
Installing : perl-ExtUtils-Command-2:7.70-513.el10.noarch 17/76
Installing : perl-ExtUtils-Manifest-1:1.75-511.el10.noarch 18/76
Upgrading : libselinux-utils-3.9-1.el10.x86_64 19/76
Upgrading : policycoreutils-3.9-1.el10.x86_64 20/76
Running scriptlet: policycoreutils-3.9-1.el10.x86_64 20/76
Upgrading : python3-policycoreutils-3.9-1.el10.noarch 21/76
Installing : python3-pyparsing-3.1.1-7.el10.noarch 22/76
Installing : systemtap-sdt-dtrace-5.3-3b.el10.x86_64 23/76
Installing : systemtap-sdt-devel-5.3-3b.el10.x86_64 24/76
Installing : python3-pip-23.3.2-7.el10.noarch 25/76
Installing : rust-toolset-srpm-macros-1.88.0-1.el10.noarch 26/76
Installing : qt6-srpm-macros-6.9.1-1.el10.noarch 27/76
Installing : pyproject-srpm-macros-1.16.2-1.el10.noarch 28/76
Installing : perl-srpm-macros-1-57.el10.noarch 29/76
Installing : perl-lib-0.65-512.2.el10_0.x86_64 30/76
Installing : perl-doc-5.40.2-512.2.el10_0.noarch 31/76
Installing : perl-I18N-Langinfo-0.24-512.2.el10_0.x86_64 32/76
Installing : perl-Encode-Locale-1.05-31.el10.noarch 33/76
Installing : perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch 34/76
Installing : perl-Devel-PPPort-3.72-512.el10.x86_64 35/76
Installing : perl-CPAN-Meta-YAML-0.018-512.el10.noarch 36/76
Installing : perl-CPAN-Meta-2.150010-511.el10.noarch 37/76
Installing : perl-Benchmark-1.25-512.2.el10_0.noarch 38/76
Installing : perl-Test-Harness-1:3.48-512.el10.noarch 39/76
Installing : perl-AutoSplit-5.74-512.2.el10_0.noarch 40/76
Installing : package-notes-srpm-macros-0.5-13.el10.noarch 41/76
Installing : openblas-srpm-macros-2-19.el10.noarch 42/76
Installing : ocaml-srpm-macros-10-4.el10.noarch 43/76
Installing : lua-srpm-macros-1-15.el10.noarch 44/76
Installing : kernel-srpm-macros-1.0-26.el10.noarch 45/76
Installing : gcc-plugin-annobin-14.3.1-2.1.el10.x86_64 46/76
Installing : efi-srpm-macros-6-7.el10.rocky.0.1.noarch 47/76
Installing : dwz-0.16-1.el10.x86_64 48/76
Installing : annobin-docs-12.99-1.el10.noarch 49/76
Installing : annobin-plugin-gcc-12.99-1.el10.x86_64 50/76
Installing : fonts-srpm-macros-1:2.0.5-18.el10.noarch 51/76
Installing : forge-srpm-macros-0.4.0-6.el10.noarch 52/76
Installing : go-srpm-macros-3.6.0-7.el10_1.noarch 53/76
Installing : python-srpm-macros-3.12-10.el10.noarch 54/76
Installing : redhat-rpm-config-293-1.el10.rocky.0.2.noarch 55/76
Running scriptlet: redhat-rpm-config-293-1.el10.rocky.0.2.noarch 55/76
Installing : perl-ExtUtils-Install-2.22-511.el10.noarch 56/76
Installing : perl-devel-4:5.40.2-512.2.el10_0.x86_64 57/76
Installing : perl-ExtUtils-MakeMaker-2:7.70-513.el10.noarch 58/76
Installing : efi-filesystem-6-7.el10.rocky.0.1.noarch 59/76
Installing : efibootmgr-18-8.el10.x86_64 60/76
Installing : python3-devel-3.12.12-4.el10_1.x86_64 61/76
Upgrading : policycoreutils-python-utils-3.9-1.el10.noarch 62/76
Installing : mokutil-2:0.7.2-1.el10.x86_64 63/76
Installing : patch-2.7.6-26.el10.x86_64 64/76
Cleanup : policycoreutils-python-utils-3.8-1.el10.noarch 65/76
Cleanup : python3-policycoreutils-3.8-1.el10.noarch 66/76
Running scriptlet: policycoreutils-3.8-1.el10.x86_64 67/76
Cleanup : policycoreutils-3.8-1.el10.x86_64 67/76
Cleanup : python3-libsemanage-3.8.1-1.el10_0.x86_64 68/76
Cleanup : libsemanage-3.8.1-1.el10_0.x86_64 69/76
Cleanup : python3-libselinux-3.8-2.el10_0.x86_64 70/76
Cleanup : libselinux-utils-3.8-2.el10_0.x86_64 71/76
Cleanup : python3-3.12.9-2.el10_0.2.x86_64 72/76
Cleanup : libselinux-3.8-2.el10_0.x86_64 73/76
Cleanup : python-unversioned-command-3.12.9-2.el10_0.2.noarch 74/76
Cleanup : libsepol-3.8-1.el10.x86_64 75/76
Cleanup : python3-libs-3.12.9-2.el10_0.2.x86_64 76/76
Running scriptlet: python3-libs-3.12.9-2.el10_0.2.x86_64 76/76
Upgraded:
libselinux-3.9-1.el10.x86_64 libselinux-utils-3.9-1.el10.x86_64
libsemanage-3.9-1.el10.x86_64 libsepol-3.9-1.el10.x86_64
policycoreutils-3.9-1.el10.x86_64 policycoreutils-python-utils-3.9-1.el10.noarch
python-unversioned-command-3.12.12-4.el10_1.noarch python3-3.12.12-4.el10_1.x86_64
python3-libs-3.12.12-4.el10_1.x86_64 python3-libselinux-3.9-1.el10.x86_64
python3-libsemanage-3.9-1.el10.x86_64 python3-policycoreutils-3.9-1.el10.noarch
Installed:
annobin-docs-12.99-1.el10.noarch annobin-plugin-gcc-12.99-1.el10.x86_64
dwz-0.16-1.el10.x86_64 efi-filesystem-6-7.el10.rocky.0.1.noarch
efi-srpm-macros-6-7.el10.rocky.0.1.noarch efibootmgr-18-8.el10.x86_64
efivar-libs-39-3.el10.x86_64 fonts-srpm-macros-1:2.0.5-18.el10.noarch
forge-srpm-macros-0.4.0-6.el10.noarch gcc-plugin-annobin-14.3.1-2.1.el10.x86_64
go-srpm-macros-3.6.0-7.el10_1.noarch kernel-srpm-macros-1.0-26.el10.noarch
lua-srpm-macros-1-15.el10.noarch mokutil-2:0.7.2-1.el10.x86_64
ocaml-srpm-macros-10-4.el10.noarch openblas-srpm-macros-2-19.el10.noarch
package-notes-srpm-macros-0.5-13.el10.noarch patch-2.7.6-26.el10.x86_64
perl-AutoSplit-5.74-512.2.el10_0.noarch perl-Benchmark-1.25-512.2.el10_0.noarch
perl-CPAN-Meta-2.150010-511.el10.noarch perl-CPAN-Meta-Requirements-2.143-11.el10.noarch
perl-CPAN-Meta-YAML-0.018-512.el10.noarch perl-Devel-PPPort-3.72-512.el10.x86_64
perl-Encode-Locale-1.05-31.el10.noarch perl-ExtUtils-Command-2:7.70-513.el10.noarch
perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch perl-ExtUtils-Install-2.22-511.el10.noarch
perl-ExtUtils-MakeMaker-2:7.70-513.el10.noarch perl-ExtUtils-Manifest-1:1.75-511.el10.noarch
perl-ExtUtils-ParseXS-1:3.51-512.el10.noarch perl-File-Compare-1.100.800-512.2.el10_0.noarch
perl-File-Copy-2.41-512.2.el10_0.noarch perl-I18N-Langinfo-0.24-512.2.el10_0.x86_64
perl-JSON-PP-1:4.16-512.el10.noarch perl-Test-Harness-1:3.48-512.el10.noarch
perl-Time-HiRes-4:1.9777-511.el10.x86_64 perl-devel-4:5.40.2-512.2.el10_0.x86_64
perl-doc-5.40.2-512.2.el10_0.noarch perl-lib-0.65-512.2.el10_0.x86_64
perl-srpm-macros-1-57.el10.noarch perl-version-8:0.99.32-4.el10.x86_64
pyproject-srpm-macros-1.16.2-1.el10.noarch python-srpm-macros-3.12-10.el10.noarch
python3-devel-3.12.12-4.el10_1.x86_64 python3-pip-23.3.2-7.el10.noarch
python3-pyparsing-3.1.1-7.el10.noarch qt6-srpm-macros-6.9.1-1.el10.noarch
redhat-rpm-config-293-1.el10.rocky.0.2.noarch rust-toolset-srpm-macros-1.88.0-1.el10.noarch
systemtap-sdt-devel-5.3-3b.el10.x86_64 systemtap-sdt-dtrace-5.3-3b.el10.x86_64
Complete!
OS package installations finished
OS package installations finished
+ Installing ONTAP Mediator. (Log: /root/ontap_mediator.pJBcIv/ontap-mediator-1.12.0/ontap-mediator-1.12.0/install_20260324151410.log)
This step will take several minutes. Use the log file to view progress.
Sudoer config verified
ONTAP Mediator rsyslog and logging rotation enabled
+ Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260324151410.log)
+ WARNING: This system supports UEFI
Secure Boot (SB) is currently disabled on this system.
If SB is enabled in the future, SCST will not work unless the following action is taken:
Using the keys in /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys follow
instructions in /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/README.module-signing
to sign the SCST kernel module. Note that reboot will be needed.
SCST will not start automatically when Secure Boot is enabled and not configured properly.
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
+ Note: ONTAP Mediator uses a kernel module compiled specifically for the current
OS. Using 'yum update' to upgrade the kernel might cause service interruption.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host ~]#
Example ONTAP Mediator upgrade with HTTPS and iSCSI support (console output)
Upgrade from 1.11 to 1.12 (lower version to higher version): Plain Text [root@mediator_host ~]# ontap-mediator-1.11.0/ontap-mediator-1.11.0 -y ONTAP Mediator: Self Extracting Installer + Extracting the ONTAP Mediator installation/upgrade archive + Performing the ONTAP Mediator run-time code signature check Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls + Unpacking the ONTAP Mediator installer ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin). Using default account names: netapp + mediatoradmin Enter ONTAP Mediator user account (mediatoradmin) password: Re-Enter ONTAP Mediator user account (mediatoradmin) password: + Checking if SELinux is in enforcing mode + Checking for default Linux firewall + Installing required packages. Last metadata expiration check: 0:03:56 ago on Mon 20 Apr 2026 02:49:08 PM EDT. Package openssl-1:3.5.1-7.el9_7.x86_64 is already installed. Package openssl-devel-1:3.5.1-7.el9_7.x86_64 is already installed. Package kernel-devel-5.14.0-611.45.1.el9_7.x86_64 is already installed. Package kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64 is already installed. Package gcc-11.5.0-11.el9.x86_64 is already installed. Package make-1:4.3-8.el9.x86_64 is already installed. Package which-2.21-30.el9_6.x86_64 is already installed. Package libselinux-utils-3.6-3.el9.x86_64 is already installed. Package patch-2.7.6-16.el9.x86_64 is already installed. Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed. Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed. Package bzip2-1.0.8-10.el9_5.x86_64 is already installed. Package efibootmgr-16-12.el9.x86_64 is already installed. Package mokutil-2:0.7.2-1.el9.x86_64 is already installed. Package python3-pip-21.3.1-1.el9.noarch is already installed. Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed. Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed. Package python3.12-3.12.12-4.el9_7.2.x86_64 is already installed. Package python3.12-devel-3.12.12-4.el9_7.2.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! OS package installations finished + Installing ONTAP Mediator. (Log: /root/ontap_mediator.uigddi/ontap-mediator-1.11.0/ontap-mediator-1.11.0/install_20260420145003.log) This step will take several minutes. Use the log file to view progress. Sudoer config verified ONTAP Mediator rsyslog and logging rotation enabled + Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260420145003.log) + Note: ONTAP Mediator generated a self-signed server certificate for temporary use on this host. If the DNS name or IP address for the host is changed, the certificate will no longer be valid. The default certificates should be replaced with secure trusted certificates signed by a known certificate authority prior to use for production. For more information, see /opt/netapp/lib/ontap_mediator/README + Note: ONTAP Mediator uses a kernel module compiled specifically for the current OS. Using 'yum update' to upgrade the kernel might cause service interruption. For more information, see /opt/netapp/lib/ontap_mediator/README [root@mediator_host ~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0 ONTAP Mediator: Self Extracting Installer + Extracting the ONTAP Mediator installation/upgrade archive + Performing the ONTAP Mediator run-time code signature check Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls + Unpacking the ONTAP Mediator installer + ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '0', args are: '' + Starting ONTAP Mediator install/update process: previous installation_mode is '' ONTAP Mediator can be installed with iSCSI and HTTPS support, or support for HTTPS only. Do you wish to install ONTAP Mediator with iSCSI and HTTPS support? Y(es)/n(o): yes ONTAP Mediator will be installed with mode: ISCSI_HTTPS + Selected install package mode: ISCSI_HTTPS ONTAP Mediator will be upgraded from version 1.11.0 to 1.12.0. Do you wish to continue? Y(es)/n(o): yes Capturing support_bundle to save pre-upgrade configuration. API Credentials are required. Mediator API User Name: mediatoradmin Password: Running plugins, please wait... Creating tar archive... Support bundle has been generated at /opt/netapp/data/support_bundles/scs001097036-1_1776711598_BASIC.tgz Testing the DB can be upgraded Cloning database... Cloning successful. Verifying database is up-to-date... Database out-of-date.Migrations are necessary: Current revision: 0d5dcf349b27, Head revision: 758e4873c40d Performing database migrations against clone... Migrations successful. Database upgrade operation complete. + Adding python312 specific packages + Upgrading ONTAP Mediator. (Log: /root/ontap_mediator.gwaGmU/ontap-mediator-1.12.0/ontap-mediator-1.12.0/upgrade_20260420145942.log) + Note: ONTAP Mediator generated a self-signed server certificate for temporary use on this host. If the DNS name or IP address for the host is changed, the certificate will no longer be valid. The default certificates should be replaced with secure trusted certificates signed by a known certificate authority prior to use for production. For more information, see /opt/netapp/lib/ontap_mediator/README + Note: ONTAP Mediator uses a kernel module compiled specifically for the current OS. Using 'yum update' to upgrade the kernel might cause service interruption. For more information, see /opt/netapp/lib/ontap_mediator/README [root@mediator_host ~]#
Example ONTAP Mediator installation with support for HTTPS only (console output)
[root@mediator_host ~]# tar -zxvf ontap-mediator-1.12.0.tgz
ontap-mediator-1.12.0/
ontap-mediator-1.12.0/csc-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/csc-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ONTAP-Mediator-production.pub
ontap-mediator-1.12.0/ontap-mediator-1.12.0
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig
ontap-mediator-1.12.0/ontap-mediator-1.12.0.tsr
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig.tsr
[root@mediator_host ~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0 --https-only
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
Error querying OCSP responder
40E72F35407F0000:error:1E800080:HTTP routines:OSSL_HTTP_REQ_CTX_nbio:failed reading data:crypto/http/http_client.c:596:
40E72F35407F0000:error:1E800067:HTTP routines:OSSL_HTTP_REQ_CTX_exchange:error receiving:crypto/http/http_client.c:1045:server=http://ocsp.entrust.net:80
WARNING: The OCSP check failed while attempting to test the Code-Signature-Check certificate
Continue without code signature checking (only recommended if integrity has been established manually)? y(es)/N(o): yes
SKIPPING: Code signature check, manual override due to lack of OCSP response
+ Unpacking the ONTAP Mediator installer
+ ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '1', args are: ''
+ Starting ONTAP Mediator install/update process: previous installation_mode is ''
+ Selected install package mode: HTTPS_ONLY
+ Checking that required port 31784 is free
ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin).
Would you like to use the default account names: netapp + mediatoradmin? (Y(es)/n(o)): yes
Enter ONTAP Mediator user account (mediatoradmin) password:
Re-Enter ONTAP Mediator user account (mediatoradmin) password:
+ Checking if SELinux is in enforcing mode
+ Checking for default Linux firewall
+ Installing required packages.
Last metadata expiration check: 0:38:52 ago on Mon 20 Apr 2026 11:23:22 AM EDT.
Package openssl-1:3.5.1-7.el9_7.x86_64 is already installed.
Package openssl-devel-1:3.5.1-7.el9_7.x86_64 is already installed.
Package gcc-11.5.0-11.el9.x86_64 is already installed.
Package make-1:4.3-8.el9.x86_64 is already installed.
Package which-2.21-30.el9_6.x86_64 is already installed.
Package libselinux-utils-3.6-3.el9.x86_64 is already installed.
Package patch-2.7.6-16.el9.x86_64 is already installed.
Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed.
Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed.
Package bzip2-1.0.8-10.el9_5.x86_64 is already installed.
Package efibootmgr-16-12.el9.x86_64 is already installed.
Package mokutil-2:0.7.2-1.el9.x86_64 is already installed.
Package python3-pip-21.3.1-1.el9.noarch is already installed.
Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed.
Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed.
Package python3.12-3.12.12-4.el9_7.2.x86_64 is already installed.
Package python3.12-devel-3.12.12-4.el9_7.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
OS package installations finished
+ Installing ONTAP Mediator. (Log: /root/ontap_mediator.CJqNqu/ontap-mediator-1.12.0/ontap-mediator-1.12.0/install_20260420120204.log)
This step will take several minutes. Use the log file to view progress.
Sudoer config verified
ONTAP Mediator rsyslog and logging rotation enabled
+ Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260420120204.log)
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host ~]#
Example of ONTAP Mediator upgrade with support for HTTPS only (console output)
[root@mediator_host~]# ontap-mediator-1.11.0/ontap-mediator-1.11.0 -y
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
+ Unpacking the ONTAP Mediator installer
ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin).
Using default account names: netapp + mediatoradmin
Enter ONTAP Mediator user account (mediatoradmin) password:
Re-Enter ONTAP Mediator user account (mediatoradmin) password:
+ Checking if SELinux is in enforcing mode
+ Checking for default Linux firewall
+ Installing required packages.
Last metadata expiration check: 0:33:41 ago on Tue 21 Apr 2026 10:48:35 AM EDT.
Package openssl-1:3.5.1-7.el9_7.x86_64 is already installed.
Package openssl-devel-1:3.5.1-7.el9_7.x86_64 is already installed.
Package kernel-devel-5.14.0-611.45.1.el9_7.x86_64 is already installed.
Package kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64 is already installed.
Package gcc-11.5.0-11.el9.x86_64 is already installed.
Package make-1:4.3-8.el9.x86_64 is already installed.
Package which-2.21-30.el9_6.x86_64 is already installed.
Package libselinux-utils-3.6-3.el9.x86_64 is already installed.
Package patch-2.7.6-16.el9.x86_64 is already installed.
Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed.
Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed.
Package bzip2-1.0.8-10.el9_5.x86_64 is already installed.
Package efibootmgr-16-12.el9.x86_64 is already installed.
Package mokutil-2:0.7.2-1.el9.x86_64 is already installed.
Package python3-pip-21.3.1-1.el9.noarch is already installed.
Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed.
Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed.
Package python3.12-3.12.12-4.el9_7.2.x86_64 is already installed.
Package python3.12-devel-3.12.12-4.el9_7.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
OS package installations finished
+ Installing ONTAP Mediator. (Log: /root/ontap_mediator.JclgnS/ontap-mediator-1.11.0/ontap-mediator-1.11.0/install_20260421112205.log)
This step will take several minutes. Use the log file to view progress.
Sudoer config verified
ONTAP Mediator rsyslog and logging rotation enabled
+ Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260421112205.log)
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
+ Note: ONTAP Mediator uses a kernel module compiled specifically for the current
OS. Using 'yum update' to upgrade the kernel might cause service interruption.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host~]#
[root@mediator_host~]# tar -zxvf ontap-mediator-1.12.0.tgz
ontap-mediator-1.12.0/
ontap-mediator-1.12.0/csc-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/csc-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ONTAP-Mediator-production.pub
ontap-mediator-1.12.0/ontap-mediator-1.12.0
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig
ontap-mediator-1.12.0/ontap-mediator-1.12.0.tsr
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig.tsr
[root@mediator_host~]#
[root@mediator_host~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0 --https-only
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
+ Unpacking the ONTAP Mediator installer
+ ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '1', args are: ''
+ Starting ONTAP Mediator install/update process: previous installation_mode is ''
+ Selected install package mode: HTTPS_ONLY
ONTAP Mediator will be upgraded from version 1.11.0 to 1.12.0.
Do you wish to continue? Y(es)/n(o): yes
Capturing support_bundle to save pre-upgrade configuration. API Credentials are required.
Mediator API User Name: mediatoradmin
Password: Running plugins, please wait...
Creating tar archive...
Support bundle has been generated at /opt/netapp/data/support_bundles/scs001097036-1_1776785423_BASIC.tgz
Testing the DB can be upgraded
Cloning database...
Cloning successful.
Verifying database is up-to-date...
Database out-of-date.Migrations are necessary:
Current revision: 0d5dcf349b27, Head revision: 758e4873c40d
Performing database migrations against clone...
Migrations successful.
Database upgrade operation complete.
+ Adding python312 specific packages
+ Upgrading ONTAP Mediator. (Log: /root/ontap_mediator.cRy0mN/ontap-mediator-1.12.0/ontap-mediator-1.12.0/upgrade_20260421113003.log)
fapolicyd not installed or no rules.d directory found, skipping fapolicyd configuration
ONTAP Mediator rsyslog and logging rotation enabled
+ Upgrade successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/upgrade_20260421113003.log)\n
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
+ Note: ONTAP Mediator uses a kernel module compiled specifically for the current
OS. Using 'yum update' to upgrade the kernel might cause service interruption.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host ~]#
Register the security key for UEFI Secure Boot
Beginning with ONTAP Mediator 1.4, the Secure Boot mechanism is enabled on UEFI systems. When Secure Boot is enabled, you must take additional steps to register the security key after installation.
|
|
If you installed ONTAP Mediator 1.12 or later with support for HTTPS only, the SCST package is not installed and you can skip this task. |
Steps
-
Follow the instructions in the README file to sign the SCST kernel module:
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/README.module-signing -
Locate the required keys:
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys
After installation, the system output provides the README files and key location. -
Add the public key to the MOK list:
mokutil --import /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der
You can leave the private key in its default location or move it to a secure location. You must keep the public key in its existing location so the Boot Manager can use it. For more information, see the README.module-signing file:
[root@hostname ~]# ls /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/ README.module-signing scst_module_key.der scst_module_key.priv -
Reboot the host and use your device's UEFI Boot Manager to approve the new MOK. You'll need the passphrase provided for the
mokutilutility in Install ONTAP Mediator when UEFI Secure Boot is enabled.
Signing SCST kernel modules
After ONTAP Mediator is installed, if the systemctl status mediator-scst shows as failed (inactive), follow these steps to sign the SCST kernel module.
|
|
If you installed ONTAP Mediator 1.12 or later with support for HTTPS only, the SCST package is not installed and you can skip this task. |
Steps
-
During the build process a public/private key pair is generated in the
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/directory, using the following command:[root@mediator-host ~]# ls /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/ README.module-signing scst_module_key.der scst_module_key.priv [root@mediator-host ~]# -
Start the process of importing the public key into the UEFI key repository by running the following commands:
[root@mediator-host ~]# mokutil --import /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der input password: input password again:[root@mediator-host ~]# -
The mokutil software requests a temporary password to be used for this key during the import process.
-
Verify whether the import process has started with the
mokutil --list-newand then reboot the system. The bootloader starts the EFI MOK manager. -
Use the menus on the screen to turn on the SCST kernel module key. After booting, run
systemctl status mediator-scst. Once the service starts, the SCST kernel modules are signed.