简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。
安装 ONTAP 调解器安装包
贡献者
建议更改
PDF
要安装或升级 ONTAP Mediator,必须获取安装包并在主机上运行安装程序。
关于此任务
-
安装或升级到 ONTAP Mediator 1.12 或更高版本时,您可以选择安装支持 iSCSI 和 HTTPS 的 ONTAP Mediator,或仅支持 HTTPS。如果您选择安装仅支持 HTTPS 的 ONTAP Mediator,则不会安装 SCST 包。
-
如果您从安装了 SCST 的 ONTAP Mediator 1.11 或更早版本升级,并且在升级期间选择了 HTTPS only 选项,则会卸载 SCST 包,并且新的 ONTAP Mediator 版本不包含 SCST 包。
-
仅对以下用例支持安装支持 HTTPS 的 ONTAP Mediator:
-
您计划仅使用 ONTAP Mediator 来监控您的 SnapMirror 活动同步集群。
-
您计划使用 HTTPS 配置 ONTAP Mediator,以监控每个 ONTAP Mediator 实例的单个 MetroCluster IP 配置。
-
-
在以下情况下,必须安装支持 iSCSI 和 HTTPS 的 ONTAP Mediator:
-
您计划使用 iSCSI 配置 ONTAP Mediator 以监视一个或多个 MetroCluster IP 配置。
-
|
|
-
在安装或升级到 ONTAP Mediator 1.12 或更高版本期间,安装程序会提示您响应以下内容:
ONTAP Mediator can be installed with iSCSI and HTTPS support, or HTTPS support only. Do you wish to install ONTAP Mediator with iSCSI and HTTPS support? Y(es)/n(o):-
如果您计划使用配置了 iSCSI 的 ONTAP Mediator 来监控一个或多个 MetroCluster IP 配置,请进行响应
Yes。 -
如果您计划仅使用 ONTAP Mediator 进行 SnapMirror 活动同步,或者您计划使用 HTTPS 配置 ONTAP Mediator 以监控每个 ONTAP Mediator 实例的单个 MetroCluster IP 配置,请进行响应
No。或者,您可以在
./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y命令中使用--https-only选项来仅指定 HTTPS。
-
步骤
-
运行安装程序并根据需要响应提示:
./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y[root@mediator_host ~]# ./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y
要在安装过程中跳过签名检查,请使用以下命令:
./ontap-mediator-1.12.0/ontap-mediator-1.12.0 -y --skip-code-signature-check安装程序会创建所需的帐户并安装所需的软件包。如果 Mediator 已安装,则会提示您进行升级。
支持 HTTPS 和 iSCSI 的 ONTAP Mediator 安装示例(控制台输出)
[root@mediator_host ~]# tar -zxvf ontap-mediator-1.12.0.tgz
ontap-mediator-1.12.0/
ontap-mediator-1.12.0/csc-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ONTAP-Mediator-production.pub
ontap-mediator-1.12.0/tsa-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/csc-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ontap-mediator-1.12.0
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig
ontap-mediator-1.12.0/ontap-mediator-1.12.0.tsr
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig.tsr
[root@mediator_host ~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
+ Unpacking the ONTAP Mediator installer
+ ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '0', args are: ''
+ Starting ONTAP Mediator install/update process: previous installation_mode is ''
ONTAP Mediator can be installed with iSCSI and HTTPS support, or support for HTTPS only.
Do you wish to install ONTAP Mediator with iSCSI and HTTPS support? Y(es)/n(o): yes
ONTAP Mediator will be installed with mode: ISCSI_HTTPS
+ Selected install package mode: ISCSI_HTTPS
+ Checking that required ports 3260 and 31784 are free
ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin).
Would you like to use the default account names: netapp + mediatoradmin? (Y(es)/n(o)): yes
Enter ONTAP Mediator user account (mediatoradmin) password:
Re-Enter ONTAP Mediator user account (mediatoradmin) password:
+ Checking if SELinux is in enforcing mode
SELinux is set to Enforcing. ONTAP Mediator server requires modifying the SELinux context of the file
/opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi from type 'lib_t' to 'bin_t'.
This is necessary to start the ONTAP Mediator service while SELinux is set to Enforcing.
Allow SELinux context change? Y(es)/n(o): yes
The installer will change the SELinux context type of
/opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi from type 'lib_t' to 'bin_t'.
+ Checking for default Linux firewall
+ Installing required packages.
Last metadata expiration check: 2:16:00 ago on Tue 24 Mar 2026 12:58:28 PM EDT.
Package openssl-1:3.5.1-7.0.1.el9_7.x86_64 is already installed.
Package openssl-devel-1:3.5.1-7.0.1.el9_7.x86_64 is already installed.
Package kernel-uek-devel-6.12.0-109.67.6.el9uek.x86_64 is already installed.
Package gcc-11.5.0-11.0.2.el9.x86_64 is already installed.
Package make-1:4.3-8.el9.x86_64 is already installed.
Package which-2.21-30.el9_6.x86_64 is already installed.
Package libselinux-utils-3.6-3.el9.x86_64 is already installed.
Package patch-2.7.6-16.el9.x86_64 is already installed.
Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed.
Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed.
Package bzip2-1.0.8-10.el9_5.x86_64 is already installed.
Package efibootmgr-16-12.0.1.el9.x86_64 is already installed.
Package mokutil-2:0.7.2-1.el9.x86_64 is already installed.
Package python3-pip-21.3.1-1.el9.noarch is already installed.
Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed.
Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed.
Package python3.12-3.12.12-4.0.1.el9_7.1.x86_64 is already installed.
Package python3.12-devel-3.12.12-4.0.1.el9_7.1.x86_64 is already installed.
Package gcc-toolset-14-14.0-2.el9.x86_64 is already installed.
Dependencies resolved.
===================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================
Installing:
efibootmgr x86_64 18-8.el10 baseos 47 k
mokutil x86_64 2:0.7.2-1.el10 baseos 48 k
patch x86_64 2.7.6-26.el10 appstream 131 k
perl-ExtUtils-MakeMaker noarch 2:7.70-513.el10 appstream 295 k
python3-devel x86_64 3.12.12-4.el10_1 appstream 329 k
python3-pip noarch 23.3.2-7.el10 appstream 3.2 M
Upgrading:
libselinux x86_64 3.9-1.el10 baseos 97 k
libselinux-utils x86_64 3.9-1.el10 baseos 122 k
libsemanage x86_64 3.9-1.el10 baseos 122 k
libsepol x86_64 3.9-1.el10 baseos 348 k
policycoreutils x86_64 3.9-1.el10 baseos 224 k
policycoreutils-python-utils noarch 3.9-1.el10 appstream 51 k
python-unversioned-command noarch 3.12.12-4.el10_1 appstream 11 k
python3 x86_64 3.12.12-4.el10_1 baseos 28 k
python3-libs x86_64 3.12.12-4.el10_1 baseos 9.4 M
python3-libselinux x86_64 3.9-1.el10 appstream 200 k
python3-libsemanage x86_64 3.9-1.el10 appstream 81 k
python3-policycoreutils noarch 3.9-1.el10 appstream 2.2 M
Installing dependencies:
annobin-docs noarch 12.99-1.el10 appstream 88 k
annobin-plugin-gcc x86_64 12.99-1.el10 appstream 998 k
dwz x86_64 0.16-1.el10 appstream 139 k
efi-filesystem noarch 6-7.el10.rocky.0.1 baseos 7.8 k
efi-srpm-macros noarch 6-7.el10.rocky.0.1 appstream 22 k
efivar-libs x86_64 39-3.el10 baseos 127 k
fonts-srpm-macros noarch 1:2.0.5-18.el10 appstream 26 k
forge-srpm-macros noarch 0.4.0-6.el10 appstream 20 k
gcc-plugin-annobin x86_64 14.3.1-2.1.el10 appstream 67 k
go-srpm-macros noarch 3.6.0-7.el10_1 appstream 27 k
kernel-srpm-macros noarch 1.0-26.el10 appstream 9.4 k
lua-srpm-macros noarch 1-15.el10 appstream 8.8 k
ocaml-srpm-macros noarch 10-4.el10 appstream 9.2 k
openblas-srpm-macros noarch 2-19.el10 appstream 7.7 k
package-notes-srpm-macros noarch 0.5-13.el10 appstream 9.2 k
perl-AutoSplit noarch 5.74-512.2.el10_0 appstream 21 k
perl-Benchmark noarch 1.25-512.2.el10_0 appstream 27 k
perl-CPAN-Meta-Requirements noarch 2.143-11.el10 appstream 35 k
perl-CPAN-Meta-YAML noarch 0.018-512.el10 appstream 26 k
perl-Devel-PPPort x86_64 3.72-512.el10 appstream 219 k
perl-ExtUtils-Command noarch 2:7.70-513.el10 appstream 14 k
perl-ExtUtils-Constant noarch 0.25-512.2.el10_0 appstream 43 k
perl-ExtUtils-Install noarch 2.22-511.el10 appstream 43 k
perl-ExtUtils-Manifest noarch 1:1.75-511.el10 appstream 34 k
perl-ExtUtils-ParseXS noarch 1:3.51-512.el10 appstream 189 k
perl-File-Compare noarch 1.100.800-512.2.el10_0 appstream 13 k
perl-File-Copy noarch 2.41-512.2.el10_0 appstream 20 k
perl-I18N-Langinfo x86_64 0.24-512.2.el10_0 appstream 25 k
perl-JSON-PP noarch 1:4.16-512.el10 appstream 66 k
perl-Test-Harness noarch 1:3.48-512.el10 appstream 282 k
perl-lib x86_64 0.65-512.2.el10_0 appstream 15 k
perl-srpm-macros noarch 1-57.el10 appstream 8.5 k
perl-version x86_64 8:0.99.32-4.el10 appstream 63 k
pyproject-srpm-macros noarch 1.16.2-1.el10 appstream 14 k
python-srpm-macros noarch 3.12-10.el10 appstream 23 k
python3-pyparsing noarch 3.1.1-7.el10 baseos 271 k
qt6-srpm-macros noarch 6.9.1-1.el10 appstream 9.6 k
redhat-rpm-config noarch 293-1.el10.rocky.0.2 appstream 78 k
rust-toolset-srpm-macros noarch 1.88.0-1.el10 appstream 12 k
systemtap-sdt-devel x86_64 5.3-3b.el10 appstream 69 k
systemtap-sdt-dtrace x86_64 5.3-3b.el10 appstream 70 k
Installing weak dependencies:
perl-CPAN-Meta noarch 2.150010-511.el10 appstream 197 k
perl-Encode-Locale noarch 1.05-31.el10 appstream 18 k
perl-Time-HiRes x86_64 4:1.9777-511.el10 appstream 58 k
perl-devel x86_64 4:5.40.2-512.2.el10_0 appstream 770 k
perl-doc noarch 5.40.2-512.2.el10_0 appstream 4.9 M
Transaction Summary
===================================================================================================================================
Install 52 Packages
Upgrade 12 Packages
Total download size: 26 M
Is this ok [y/N]: y
Downloading Packages:
(1/64): efi-filesystem-6-7.el10.rocky.0.1.noarch.rpm 206 kB/s | 7.8 kB 00:00
(2/64): efibootmgr-18-8.el10.x86_64.rpm 1.2 MB/s | 47 kB 00:00
(3/64): efivar-libs-39-3.el10.x86_64.rpm 2.8 MB/s | 127 kB 00:00
(4/64): mokutil-0.7.2-1.el10.x86_64.rpm 6.4 MB/s | 48 kB 00:00
(5/64): annobin-docs-12.99-1.el10.noarch.rpm 11 MB/s | 88 kB 00:00
(6/64): python3-pyparsing-3.1.1-7.el10.noarch.rpm 13 MB/s | 271 kB 00:00
(7/64): dwz-0.16-1.el10.x86_64.rpm 12 MB/s | 139 kB 00:00
(8/64): efi-srpm-macros-6-7.el10.rocky.0.1.noarch.rpm 2.7 MB/s | 22 kB 00:00
(9/64): fonts-srpm-macros-2.0.5-18.el10.noarch.rpm 5.1 MB/s | 26 kB 00:00
(10/64): forge-srpm-macros-0.4.0-6.el10.noarch.rpm 4.3 MB/s | 20 kB 00:00
(11/64): gcc-plugin-annobin-14.3.1-2.1.el10.x86_64.rpm 10 MB/s | 67 kB 00:00
(12/64): go-srpm-macros-3.6.0-7.el10_1.noarch.rpm 4.7 MB/s | 27 kB 00:00
(13/64): kernel-srpm-macros-1.0-26.el10.noarch.rpm 2.0 MB/s | 9.4 kB 00:00
(14/64): lua-srpm-macros-1-15.el10.noarch.rpm 2.0 MB/s | 8.8 kB 00:00
(15/64): ocaml-srpm-macros-10-4.el10.noarch.rpm 2.0 MB/s | 9.2 kB 00:00
(16/64): annobin-plugin-gcc-12.99-1.el10.x86_64.rpm 16 MB/s | 998 kB 00:00
(17/64): openblas-srpm-macros-2-19.el10.noarch.rpm 432 kB/s | 7.7 kB 00:00
(18/64): package-notes-srpm-macros-0.5-13.el10.noarch.rpm 519 kB/s | 9.2 kB 00:00
(19/64): perl-AutoSplit-5.74-512.2.el10_0.noarch.rpm 4.5 MB/s | 21 kB 00:00
(20/64): patch-2.7.6-26.el10.x86_64.rpm 14 MB/s | 131 kB 00:00
(21/64): perl-Benchmark-1.25-512.2.el10_0.noarch.rpm 3.5 MB/s | 27 kB 00:00
(22/64): perl-CPAN-Meta-Requirements-2.143-11.el10.noarch.rpm 10 MB/s | 35 kB 00:00
(23/64): perl-CPAN-Meta-YAML-0.018-512.el10.noarch.rpm 5.3 MB/s | 26 kB 00:00
(24/64): perl-CPAN-Meta-2.150010-511.el10.noarch.rpm 12 MB/s | 197 kB 00:00
(25/64): perl-Encode-Locale-1.05-31.el10.noarch.rpm 2.6 MB/s | 18 kB 00:00
(26/64): perl-ExtUtils-Command-7.70-513.el10.noarch.rpm 3.0 MB/s | 14 kB 00:00
(27/64): perl-Devel-PPPort-3.72-512.el10.x86_64.rpm 13 MB/s | 219 kB 00:00
(28/64): perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch.rpm 4.9 MB/s | 43 kB 00:00
(29/64): perl-ExtUtils-Install-2.22-511.el10.noarch.rpm 4.7 MB/s | 43 kB 00:00
(30/64): perl-ExtUtils-Manifest-1.75-511.el10.noarch.rpm 6.2 MB/s | 34 kB 00:00
(31/64): perl-File-Compare-1.100.800-512.2.el10_0.noarch.rpm 4.2 MB/s | 13 kB 00:00
(32/64): perl-ExtUtils-MakeMaker-7.70-513.el10.noarch.rpm 17 MB/s | 295 kB 00:00
(33/64): perl-ExtUtils-ParseXS-3.51-512.el10.noarch.rpm 11 MB/s | 189 kB 00:00
(34/64): perl-File-Copy-2.41-512.2.el10_0.noarch.rpm 1.7 MB/s | 20 kB 00:00
(35/64): perl-I18N-Langinfo-0.24-512.2.el10_0.x86_64.rpm 5.0 MB/s | 25 kB 00:00
(36/64): perl-JSON-PP-4.16-512.el10.noarch.rpm 9.3 MB/s | 66 kB 00:00
(37/64): perl-Time-HiRes-1.9777-511.el10.x86_64.rpm 11 MB/s | 58 kB 00:00
(38/64): perl-Test-Harness-3.48-512.el10.noarch.rpm 13 MB/s | 282 kB 00:00
(39/64): perl-lib-0.65-512.2.el10_0.x86_64.rpm 4.4 MB/s | 15 kB 00:00
(40/64): perl-srpm-macros-1-57.el10.noarch.rpm 2.7 MB/s | 8.5 kB 00:00
(41/64): perl-devel-5.40.2-512.2.el10_0.x86_64.rpm 19 MB/s | 770 kB 00:00
(42/64): perl-version-0.99.32-4.el10.x86_64.rpm 4.3 MB/s | 63 kB 00:00
(43/64): pyproject-srpm-macros-1.16.2-1.el10.noarch.rpm 4.5 MB/s | 14 kB 00:00
(44/64): python-srpm-macros-3.12-10.el10.noarch.rpm 5.1 MB/s | 23 kB 00:00
(45/64): python3-devel-3.12.12-4.el10_1.x86_64.rpm 20 MB/s | 329 kB 00:00
(46/64): qt6-srpm-macros-6.9.1-1.el10.noarch.rpm 3.0 MB/s | 9.6 kB 00:00
(47/64): redhat-rpm-config-293-1.el10.rocky.0.2.noarch.rpm 16 MB/s | 78 kB 00:00
(48/64): rust-toolset-srpm-macros-1.88.0-1.el10.noarch.rpm 3.6 MB/s | 12 kB 00:00
(49/64): systemtap-sdt-devel-5.3-3b.el10.x86_64.rpm 11 MB/s | 69 kB 00:00
(50/64): systemtap-sdt-dtrace-5.3-3b.el10.x86_64.rpm 16 MB/s | 70 kB 00:00
(51/64): libselinux-3.9-1.el10.x86_64.rpm 10 MB/s | 97 kB 00:00
(52/64): libselinux-utils-3.9-1.el10.x86_64.rpm 14 MB/s | 122 kB 00:00
(53/64): libsemanage-3.9-1.el10.x86_64.rpm 13 MB/s | 122 kB 00:00
(54/64): libsepol-3.9-1.el10.x86_64.rpm 18 MB/s | 348 kB 00:00
(55/64): python3-pip-23.3.2-7.el10.noarch.rpm 21 MB/s | 3.2 MB 00:00
(56/64): policycoreutils-3.9-1.el10.x86_64.rpm 4.3 MB/s | 224 kB 00:00
(57/64): python3-3.12.12-4.el10_1.x86_64.rpm 5.7 MB/s | 28 kB 00:00
(58/64): policycoreutils-python-utils-3.9-1.el10.noarch.rpm 6.7 MB/s | 51 kB 00:00
(59/64): perl-doc-5.40.2-512.2.el10_0.noarch.rpm 17 MB/s | 4.9 MB 00:00
(60/64): python-unversioned-command-3.12.12-4.el10_1.noarch.rpm 175 kB/s | 11 kB 00:00
(61/64): python3-libselinux-3.9-1.el10.x86_64.rpm 16 MB/s | 200 kB 00:00
(62/64): python3-libsemanage-3.9-1.el10.x86_64.rpm 7.0 MB/s | 81 kB 00:00
(63/64): python3-policycoreutils-3.9-1.el10.noarch.rpm 28 MB/s | 2.2 MB 00:00
(64/64): python3-libs-3.12.12-4.el10_1.x86_64.rpm 31 MB/s | 9.4 MB 00:00
-----------------------------------------------------------------------------------------------------------------------------------
Total 19 MB/s | 26 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : python3-libs-3.12.12-4.el10_1.x86_64 1/76
Upgrading : python-unversioned-command-3.12.12-4.el10_1.noarch 2/76
Upgrading : python3-3.12.12-4.el10_1.x86_64 3/76
Upgrading : libsepol-3.9-1.el10.x86_64 4/76
Upgrading : libselinux-3.9-1.el10.x86_64 5/76
Running scriptlet: libselinux-3.9-1.el10.x86_64 5/76
Installing : perl-version-8:0.99.32-4.el10.x86_64 6/76
Installing : perl-File-Copy-2.41-512.2.el10_0.noarch 7/76
Installing : perl-CPAN-Meta-Requirements-2.143-11.el10.noarch 8/76
Upgrading : libsemanage-3.9-1.el10.x86_64 9/76
Upgrading : python3-libselinux-3.9-1.el10.x86_64 10/76
Installing : perl-Time-HiRes-4:1.9777-511.el10.x86_64 11/76
Installing : perl-JSON-PP-1:4.16-512.el10.noarch 12/76
Installing : perl-File-Compare-1.100.800-512.2.el10_0.noarch 13/76
Installing : perl-ExtUtils-ParseXS-1:3.51-512.el10.noarch 14/76
Installing : efivar-libs-39-3.el10.x86_64 15/76
Upgrading : python3-libsemanage-3.9-1.el10.x86_64 16/76
Installing : perl-ExtUtils-Command-2:7.70-513.el10.noarch 17/76
Installing : perl-ExtUtils-Manifest-1:1.75-511.el10.noarch 18/76
Upgrading : libselinux-utils-3.9-1.el10.x86_64 19/76
Upgrading : policycoreutils-3.9-1.el10.x86_64 20/76
Running scriptlet: policycoreutils-3.9-1.el10.x86_64 20/76
Upgrading : python3-policycoreutils-3.9-1.el10.noarch 21/76
Installing : python3-pyparsing-3.1.1-7.el10.noarch 22/76
Installing : systemtap-sdt-dtrace-5.3-3b.el10.x86_64 23/76
Installing : systemtap-sdt-devel-5.3-3b.el10.x86_64 24/76
Installing : python3-pip-23.3.2-7.el10.noarch 25/76
Installing : rust-toolset-srpm-macros-1.88.0-1.el10.noarch 26/76
Installing : qt6-srpm-macros-6.9.1-1.el10.noarch 27/76
Installing : pyproject-srpm-macros-1.16.2-1.el10.noarch 28/76
Installing : perl-srpm-macros-1-57.el10.noarch 29/76
Installing : perl-lib-0.65-512.2.el10_0.x86_64 30/76
Installing : perl-doc-5.40.2-512.2.el10_0.noarch 31/76
Installing : perl-I18N-Langinfo-0.24-512.2.el10_0.x86_64 32/76
Installing : perl-Encode-Locale-1.05-31.el10.noarch 33/76
Installing : perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch 34/76
Installing : perl-Devel-PPPort-3.72-512.el10.x86_64 35/76
Installing : perl-CPAN-Meta-YAML-0.018-512.el10.noarch 36/76
Installing : perl-CPAN-Meta-2.150010-511.el10.noarch 37/76
Installing : perl-Benchmark-1.25-512.2.el10_0.noarch 38/76
Installing : perl-Test-Harness-1:3.48-512.el10.noarch 39/76
Installing : perl-AutoSplit-5.74-512.2.el10_0.noarch 40/76
Installing : package-notes-srpm-macros-0.5-13.el10.noarch 41/76
Installing : openblas-srpm-macros-2-19.el10.noarch 42/76
Installing : ocaml-srpm-macros-10-4.el10.noarch 43/76
Installing : lua-srpm-macros-1-15.el10.noarch 44/76
Installing : kernel-srpm-macros-1.0-26.el10.noarch 45/76
Installing : gcc-plugin-annobin-14.3.1-2.1.el10.x86_64 46/76
Installing : efi-srpm-macros-6-7.el10.rocky.0.1.noarch 47/76
Installing : dwz-0.16-1.el10.x86_64 48/76
Installing : annobin-docs-12.99-1.el10.noarch 49/76
Installing : annobin-plugin-gcc-12.99-1.el10.x86_64 50/76
Installing : fonts-srpm-macros-1:2.0.5-18.el10.noarch 51/76
Installing : forge-srpm-macros-0.4.0-6.el10.noarch 52/76
Installing : go-srpm-macros-3.6.0-7.el10_1.noarch 53/76
Installing : python-srpm-macros-3.12-10.el10.noarch 54/76
Installing : redhat-rpm-config-293-1.el10.rocky.0.2.noarch 55/76
Running scriptlet: redhat-rpm-config-293-1.el10.rocky.0.2.noarch 55/76
Installing : perl-ExtUtils-Install-2.22-511.el10.noarch 56/76
Installing : perl-devel-4:5.40.2-512.2.el10_0.x86_64 57/76
Installing : perl-ExtUtils-MakeMaker-2:7.70-513.el10.noarch 58/76
Installing : efi-filesystem-6-7.el10.rocky.0.1.noarch 59/76
Installing : efibootmgr-18-8.el10.x86_64 60/76
Installing : python3-devel-3.12.12-4.el10_1.x86_64 61/76
Upgrading : policycoreutils-python-utils-3.9-1.el10.noarch 62/76
Installing : mokutil-2:0.7.2-1.el10.x86_64 63/76
Installing : patch-2.7.6-26.el10.x86_64 64/76
Cleanup : policycoreutils-python-utils-3.8-1.el10.noarch 65/76
Cleanup : python3-policycoreutils-3.8-1.el10.noarch 66/76
Running scriptlet: policycoreutils-3.8-1.el10.x86_64 67/76
Cleanup : policycoreutils-3.8-1.el10.x86_64 67/76
Cleanup : python3-libsemanage-3.8.1-1.el10_0.x86_64 68/76
Cleanup : libsemanage-3.8.1-1.el10_0.x86_64 69/76
Cleanup : python3-libselinux-3.8-2.el10_0.x86_64 70/76
Cleanup : libselinux-utils-3.8-2.el10_0.x86_64 71/76
Cleanup : python3-3.12.9-2.el10_0.2.x86_64 72/76
Cleanup : libselinux-3.8-2.el10_0.x86_64 73/76
Cleanup : python-unversioned-command-3.12.9-2.el10_0.2.noarch 74/76
Cleanup : libsepol-3.8-1.el10.x86_64 75/76
Cleanup : python3-libs-3.12.9-2.el10_0.2.x86_64 76/76
Running scriptlet: python3-libs-3.12.9-2.el10_0.2.x86_64 76/76
Upgraded:
libselinux-3.9-1.el10.x86_64 libselinux-utils-3.9-1.el10.x86_64
libsemanage-3.9-1.el10.x86_64 libsepol-3.9-1.el10.x86_64
policycoreutils-3.9-1.el10.x86_64 policycoreutils-python-utils-3.9-1.el10.noarch
python-unversioned-command-3.12.12-4.el10_1.noarch python3-3.12.12-4.el10_1.x86_64
python3-libs-3.12.12-4.el10_1.x86_64 python3-libselinux-3.9-1.el10.x86_64
python3-libsemanage-3.9-1.el10.x86_64 python3-policycoreutils-3.9-1.el10.noarch
Installed:
annobin-docs-12.99-1.el10.noarch annobin-plugin-gcc-12.99-1.el10.x86_64
dwz-0.16-1.el10.x86_64 efi-filesystem-6-7.el10.rocky.0.1.noarch
efi-srpm-macros-6-7.el10.rocky.0.1.noarch efibootmgr-18-8.el10.x86_64
efivar-libs-39-3.el10.x86_64 fonts-srpm-macros-1:2.0.5-18.el10.noarch
forge-srpm-macros-0.4.0-6.el10.noarch gcc-plugin-annobin-14.3.1-2.1.el10.x86_64
go-srpm-macros-3.6.0-7.el10_1.noarch kernel-srpm-macros-1.0-26.el10.noarch
lua-srpm-macros-1-15.el10.noarch mokutil-2:0.7.2-1.el10.x86_64
ocaml-srpm-macros-10-4.el10.noarch openblas-srpm-macros-2-19.el10.noarch
package-notes-srpm-macros-0.5-13.el10.noarch patch-2.7.6-26.el10.x86_64
perl-AutoSplit-5.74-512.2.el10_0.noarch perl-Benchmark-1.25-512.2.el10_0.noarch
perl-CPAN-Meta-2.150010-511.el10.noarch perl-CPAN-Meta-Requirements-2.143-11.el10.noarch
perl-CPAN-Meta-YAML-0.018-512.el10.noarch perl-Devel-PPPort-3.72-512.el10.x86_64
perl-Encode-Locale-1.05-31.el10.noarch perl-ExtUtils-Command-2:7.70-513.el10.noarch
perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch perl-ExtUtils-Install-2.22-511.el10.noarch
perl-ExtUtils-MakeMaker-2:7.70-513.el10.noarch perl-ExtUtils-Manifest-1:1.75-511.el10.noarch
perl-ExtUtils-ParseXS-1:3.51-512.el10.noarch perl-File-Compare-1.100.800-512.2.el10_0.noarch
perl-File-Copy-2.41-512.2.el10_0.noarch perl-I18N-Langinfo-0.24-512.2.el10_0.x86_64
perl-JSON-PP-1:4.16-512.el10.noarch perl-Test-Harness-1:3.48-512.el10.noarch
perl-Time-HiRes-4:1.9777-511.el10.x86_64 perl-devel-4:5.40.2-512.2.el10_0.x86_64
perl-doc-5.40.2-512.2.el10_0.noarch perl-lib-0.65-512.2.el10_0.x86_64
perl-srpm-macros-1-57.el10.noarch perl-version-8:0.99.32-4.el10.x86_64
pyproject-srpm-macros-1.16.2-1.el10.noarch python-srpm-macros-3.12-10.el10.noarch
python3-devel-3.12.12-4.el10_1.x86_64 python3-pip-23.3.2-7.el10.noarch
python3-pyparsing-3.1.1-7.el10.noarch qt6-srpm-macros-6.9.1-1.el10.noarch
redhat-rpm-config-293-1.el10.rocky.0.2.noarch rust-toolset-srpm-macros-1.88.0-1.el10.noarch
systemtap-sdt-devel-5.3-3b.el10.x86_64 systemtap-sdt-dtrace-5.3-3b.el10.x86_64
Complete!
OS package installations finished
OS package installations finished
+ Installing ONTAP Mediator. (Log: /root/ontap_mediator.pJBcIv/ontap-mediator-1.12.0/ontap-mediator-1.12.0/install_20260324151410.log)
This step will take several minutes. Use the log file to view progress.
Sudoer config verified
ONTAP Mediator rsyslog and logging rotation enabled
+ Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260324151410.log)
+ WARNING: This system supports UEFI
Secure Boot (SB) is currently disabled on this system.
If SB is enabled in the future, SCST will not work unless the following action is taken:
Using the keys in /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys follow
instructions in /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/README.module-signing
to sign the SCST kernel module. Note that reboot will be needed.
SCST will not start automatically when Secure Boot is enabled and not configured properly.
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
+ Note: ONTAP Mediator uses a kernel module compiled specifically for the current
OS. Using 'yum update' to upgrade the kernel might cause service interruption.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host ~]#
支持 HTTPS 和 iSCSI 的 ONTAP Mediator 升级示例(控制台输出)
Upgrade from 1.11 to 1.12 (lower version to higher version): Plain Text [root@mediator_host ~]# ontap-mediator-1.11.0/ontap-mediator-1.11.0 -y ONTAP Mediator: Self Extracting Installer + Extracting the ONTAP Mediator installation/upgrade archive + Performing the ONTAP Mediator run-time code signature check Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls + Unpacking the ONTAP Mediator installer ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin). Using default account names: netapp + mediatoradmin Enter ONTAP Mediator user account (mediatoradmin) password: Re-Enter ONTAP Mediator user account (mediatoradmin) password: + Checking if SELinux is in enforcing mode + Checking for default Linux firewall + Installing required packages. Last metadata expiration check: 0:03:56 ago on Mon 20 Apr 2026 02:49:08 PM EDT. Package openssl-1:3.5.1-7.el9_7.x86_64 is already installed. Package openssl-devel-1:3.5.1-7.el9_7.x86_64 is already installed. Package kernel-devel-5.14.0-611.45.1.el9_7.x86_64 is already installed. Package kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64 is already installed. Package gcc-11.5.0-11.el9.x86_64 is already installed. Package make-1:4.3-8.el9.x86_64 is already installed. Package which-2.21-30.el9_6.x86_64 is already installed. Package libselinux-utils-3.6-3.el9.x86_64 is already installed. Package patch-2.7.6-16.el9.x86_64 is already installed. Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed. Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed. Package bzip2-1.0.8-10.el9_5.x86_64 is already installed. Package efibootmgr-16-12.el9.x86_64 is already installed. Package mokutil-2:0.7.2-1.el9.x86_64 is already installed. Package python3-pip-21.3.1-1.el9.noarch is already installed. Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed. Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed. Package python3.12-3.12.12-4.el9_7.2.x86_64 is already installed. Package python3.12-devel-3.12.12-4.el9_7.2.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! OS package installations finished + Installing ONTAP Mediator. (Log: /root/ontap_mediator.uigddi/ontap-mediator-1.11.0/ontap-mediator-1.11.0/install_20260420145003.log) This step will take several minutes. Use the log file to view progress. Sudoer config verified ONTAP Mediator rsyslog and logging rotation enabled + Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260420145003.log) + Note: ONTAP Mediator generated a self-signed server certificate for temporary use on this host. If the DNS name or IP address for the host is changed, the certificate will no longer be valid. The default certificates should be replaced with secure trusted certificates signed by a known certificate authority prior to use for production. For more information, see /opt/netapp/lib/ontap_mediator/README + Note: ONTAP Mediator uses a kernel module compiled specifically for the current OS. Using 'yum update' to upgrade the kernel might cause service interruption. For more information, see /opt/netapp/lib/ontap_mediator/README [root@mediator_host ~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0 ONTAP Mediator: Self Extracting Installer + Extracting the ONTAP Mediator installation/upgrade archive + Performing the ONTAP Mediator run-time code signature check Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls + Unpacking the ONTAP Mediator installer + ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '0', args are: '' + Starting ONTAP Mediator install/update process: previous installation_mode is '' ONTAP Mediator can be installed with iSCSI and HTTPS support, or support for HTTPS only. Do you wish to install ONTAP Mediator with iSCSI and HTTPS support? Y(es)/n(o): yes ONTAP Mediator will be installed with mode: ISCSI_HTTPS + Selected install package mode: ISCSI_HTTPS ONTAP Mediator will be upgraded from version 1.11.0 to 1.12.0. Do you wish to continue? Y(es)/n(o): yes Capturing support_bundle to save pre-upgrade configuration. API Credentials are required. Mediator API User Name: mediatoradmin Password: Running plugins, please wait... Creating tar archive... Support bundle has been generated at /opt/netapp/data/support_bundles/scs001097036-1_1776711598_BASIC.tgz Testing the DB can be upgraded Cloning database... Cloning successful. Verifying database is up-to-date... Database out-of-date.Migrations are necessary: Current revision: 0d5dcf349b27, Head revision: 758e4873c40d Performing database migrations against clone... Migrations successful. Database upgrade operation complete. + Adding python312 specific packages + Upgrading ONTAP Mediator. (Log: /root/ontap_mediator.gwaGmU/ontap-mediator-1.12.0/ontap-mediator-1.12.0/upgrade_20260420145942.log) + Note: ONTAP Mediator generated a self-signed server certificate for temporary use on this host. If the DNS name or IP address for the host is changed, the certificate will no longer be valid. The default certificates should be replaced with secure trusted certificates signed by a known certificate authority prior to use for production. For more information, see /opt/netapp/lib/ontap_mediator/README + Note: ONTAP Mediator uses a kernel module compiled specifically for the current OS. Using 'yum update' to upgrade the kernel might cause service interruption. For more information, see /opt/netapp/lib/ontap_mediator/README [root@mediator_host ~]#
仅支持 HTTPS 的 ONTAP Mediator 安装示例(控制台输出)
[root@mediator_host ~]# tar -zxvf ontap-mediator-1.12.0.tgz
ontap-mediator-1.12.0/
ontap-mediator-1.12.0/csc-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/csc-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ONTAP-Mediator-production.pub
ontap-mediator-1.12.0/ontap-mediator-1.12.0
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig
ontap-mediator-1.12.0/ontap-mediator-1.12.0.tsr
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig.tsr
[root@mediator_host ~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0 --https-only
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
Error querying OCSP responder
40E72F35407F0000:error:1E800080:HTTP routines:OSSL_HTTP_REQ_CTX_nbio:failed reading data:crypto/http/http_client.c:596:
40E72F35407F0000:error:1E800067:HTTP routines:OSSL_HTTP_REQ_CTX_exchange:error receiving:crypto/http/http_client.c:1045:server=http://ocsp.entrust.net:80
WARNING: The OCSP check failed while attempting to test the Code-Signature-Check certificate
Continue without code signature checking (only recommended if integrity has been established manually)? y(es)/N(o): yes
SKIPPING: Code signature check, manual override due to lack of OCSP response
+ Unpacking the ONTAP Mediator installer
+ ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '1', args are: ''
+ Starting ONTAP Mediator install/update process: previous installation_mode is ''
+ Selected install package mode: HTTPS_ONLY
+ Checking that required port 31784 is free
ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin).
Would you like to use the default account names: netapp + mediatoradmin? (Y(es)/n(o)): yes
Enter ONTAP Mediator user account (mediatoradmin) password:
Re-Enter ONTAP Mediator user account (mediatoradmin) password:
+ Checking if SELinux is in enforcing mode
+ Checking for default Linux firewall
+ Installing required packages.
Last metadata expiration check: 0:38:52 ago on Mon 20 Apr 2026 11:23:22 AM EDT.
Package openssl-1:3.5.1-7.el9_7.x86_64 is already installed.
Package openssl-devel-1:3.5.1-7.el9_7.x86_64 is already installed.
Package gcc-11.5.0-11.el9.x86_64 is already installed.
Package make-1:4.3-8.el9.x86_64 is already installed.
Package which-2.21-30.el9_6.x86_64 is already installed.
Package libselinux-utils-3.6-3.el9.x86_64 is already installed.
Package patch-2.7.6-16.el9.x86_64 is already installed.
Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed.
Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed.
Package bzip2-1.0.8-10.el9_5.x86_64 is already installed.
Package efibootmgr-16-12.el9.x86_64 is already installed.
Package mokutil-2:0.7.2-1.el9.x86_64 is already installed.
Package python3-pip-21.3.1-1.el9.noarch is already installed.
Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed.
Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed.
Package python3.12-3.12.12-4.el9_7.2.x86_64 is already installed.
Package python3.12-devel-3.12.12-4.el9_7.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
OS package installations finished
+ Installing ONTAP Mediator. (Log: /root/ontap_mediator.CJqNqu/ontap-mediator-1.12.0/ontap-mediator-1.12.0/install_20260420120204.log)
This step will take several minutes. Use the log file to view progress.
Sudoer config verified
ONTAP Mediator rsyslog and logging rotation enabled
+ Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260420120204.log)
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host ~]#
仅支持 HTTPS 的 ONTAP Mediator 升级示例(控制台输出)
[root@mediator_host~]# ontap-mediator-1.11.0/ontap-mediator-1.11.0 -y
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
+ Unpacking the ONTAP Mediator installer
ONTAP Mediator requires two user accounts. One for the service (netapp), and one for use by ONTAP to the mediator API (mediatoradmin).
Using default account names: netapp + mediatoradmin
Enter ONTAP Mediator user account (mediatoradmin) password:
Re-Enter ONTAP Mediator user account (mediatoradmin) password:
+ Checking if SELinux is in enforcing mode
+ Checking for default Linux firewall
+ Installing required packages.
Last metadata expiration check: 0:33:41 ago on Tue 21 Apr 2026 10:48:35 AM EDT.
Package openssl-1:3.5.1-7.el9_7.x86_64 is already installed.
Package openssl-devel-1:3.5.1-7.el9_7.x86_64 is already installed.
Package kernel-devel-5.14.0-611.45.1.el9_7.x86_64 is already installed.
Package kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64 is already installed.
Package gcc-11.5.0-11.el9.x86_64 is already installed.
Package make-1:4.3-8.el9.x86_64 is already installed.
Package which-2.21-30.el9_6.x86_64 is already installed.
Package libselinux-utils-3.6-3.el9.x86_64 is already installed.
Package patch-2.7.6-16.el9.x86_64 is already installed.
Package perl-Data-Dumper-2.174-462.el9.x86_64 is already installed.
Package perl-ExtUtils-MakeMaker-2:7.60-3.el9.noarch is already installed.
Package bzip2-1.0.8-10.el9_5.x86_64 is already installed.
Package efibootmgr-16-12.el9.x86_64 is already installed.
Package mokutil-2:0.7.2-1.el9.x86_64 is already installed.
Package python3-pip-21.3.1-1.el9.noarch is already installed.
Package elfutils-libelf-devel-0.193-1.el9.x86_64 is already installed.
Package policycoreutils-python-utils-3.6-3.el9.noarch is already installed.
Package python3.12-3.12.12-4.el9_7.2.x86_64 is already installed.
Package python3.12-devel-3.12.12-4.el9_7.2.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
OS package installations finished
+ Installing ONTAP Mediator. (Log: /root/ontap_mediator.JclgnS/ontap-mediator-1.11.0/ontap-mediator-1.11.0/install_20260421112205.log)
This step will take several minutes. Use the log file to view progress.
Sudoer config verified
ONTAP Mediator rsyslog and logging rotation enabled
+ Install successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/install_20260421112205.log)
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
+ Note: ONTAP Mediator uses a kernel module compiled specifically for the current
OS. Using 'yum update' to upgrade the kernel might cause service interruption.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host~]#
[root@mediator_host~]# tar -zxvf ontap-mediator-1.12.0.tgz
ontap-mediator-1.12.0/
ontap-mediator-1.12.0/csc-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/csc-prod-ONTAP-Mediator.pem
ontap-mediator-1.12.0/tsa-prod-chain-ONTAP-Mediator.pem
ontap-mediator-1.12.0/ONTAP-Mediator-production.pub
ontap-mediator-1.12.0/ontap-mediator-1.12.0
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig
ontap-mediator-1.12.0/ontap-mediator-1.12.0.tsr
ontap-mediator-1.12.0/ontap-mediator-1.12.0.sig.tsr
[root@mediator_host~]#
[root@mediator_host~]# ontap-mediator-1.12.0/ontap-mediator-1.12.0 --https-only
ONTAP Mediator: Self Extracting Installer
+ Extracting the ONTAP Mediator installation/upgrade archive
+ Performing the ONTAP Mediator run-time code signature check
Using openssl from the path: /usr/bin/openssl configured for CApath:/etc/pki/tls
+ Unpacking the ONTAP Mediator installer
+ ONTAP_MEDIATOR_INSTALL_HTTPS_ONLY is set to '1', args are: ''
+ Starting ONTAP Mediator install/update process: previous installation_mode is ''
+ Selected install package mode: HTTPS_ONLY
ONTAP Mediator will be upgraded from version 1.11.0 to 1.12.0.
Do you wish to continue? Y(es)/n(o): yes
Capturing support_bundle to save pre-upgrade configuration. API Credentials are required.
Mediator API User Name: mediatoradmin
Password: Running plugins, please wait...
Creating tar archive...
Support bundle has been generated at /opt/netapp/data/support_bundles/scs001097036-1_1776785423_BASIC.tgz
Testing the DB can be upgraded
Cloning database...
Cloning successful.
Verifying database is up-to-date...
Database out-of-date.Migrations are necessary:
Current revision: 0d5dcf349b27, Head revision: 758e4873c40d
Performing database migrations against clone...
Migrations successful.
Database upgrade operation complete.
+ Adding python312 specific packages
+ Upgrading ONTAP Mediator. (Log: /root/ontap_mediator.cRy0mN/ontap-mediator-1.12.0/ontap-mediator-1.12.0/upgrade_20260421113003.log)
fapolicyd not installed or no rules.d directory found, skipping fapolicyd configuration
ONTAP Mediator rsyslog and logging rotation enabled
+ Upgrade successful. (Moving log to /opt/netapp/lib/ontap_mediator/log/upgrade_20260421113003.log)\n
+ Note: ONTAP Mediator generated a self-signed server certificate for temporary use on
this host. If the DNS name or IP address for the host is changed, the certificate
will no longer be valid. The default certificates should be replaced with secure
trusted certificates signed by a known certificate authority prior to use for production.
For more information, see /opt/netapp/lib/ontap_mediator/README
+ Note: ONTAP Mediator uses a kernel module compiled specifically for the current
OS. Using 'yum update' to upgrade the kernel might cause service interruption.
For more information, see /opt/netapp/lib/ontap_mediator/README
[root@mediator_host ~]#
注册 UEFI 安全启动的安全密钥
从ONTAP Mediator 1.4 开始,UEFI 系统上启用了安全启动机制。启用安全启动后,安装完成后必须采取额外步骤来注册安全密钥。
|
|
如果您安装了仅支持 HTTPS 的 ONTAP Mediator 1.12 或更高版本,则未安装 SCST 包,您可以跳过此任务。 |
步骤
-
按照 README 文件中的说明对 SCST 内核模块进行签名:
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/README.module-signing -
找到所需的密钥:
/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys
安装完成后,系统输出会提供 README 文件和密钥位置。 -
将公共密钥添加到MOK列表:
mokutil --import /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der
您可以将私钥保留在默认位置,也可以将其移动到安全位置。您必须将公钥保存在现有位置,以便启动管理器可以使用它。更多信息请参见 README.module-signing 文件:
[root@hostname ~]# ls /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/ README.module-signing scst_module_key.der scst_module_key.priv -
重启主机,并使用设备的 UEFI 启动管理器批准新的 MOK。您需要使用提供的密码短语。 `mokutil`实用性"启用UEFI安全启动时安装ONTAP调解器"。
对 SCST 内核模块进行签名
安装ONTAP Mediator 后,如果 systemctl 状态 `mediator-scst`显示为失败(非活动状态),请按照以下步骤对 SCST 内核模块进行签名。
|
|
如果您安装了仅支持 HTTPS 的 ONTAP Mediator 1.12 或更高版本,则未安装 SCST 包,您可以跳过此任务。 |
步骤
-
在构建过程中,会生成一对公钥/私钥。 `/opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/`使用以下命令进入目录:
[root@mediator-host ~]# ls /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/ README.module-signing scst_module_key.der scst_module_key.priv [root@mediator-host ~]# -
运行以下命令,开始将公钥导入UEFI密钥库的过程:
[root@mediator-host ~]# mokutil --import /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der input password: input password again:[root@mediator-host ~]# -
mokutil 软件在导入过程中会请求为此密钥设置一个临时密码。
-
确认导入过程是否已开始 `mokutil --list-new`然后重启系统。引导加载程序启动 EFI MOK 管理器。
-
使用屏幕上的菜单打开 SCST 内核模块密钥。启动后,运行
systemctl status mediator-scst。服务启动后,SCST 内核模块将被签名。