The Tours of the Black Prompt series so far:
- NetApp Data ONTAP 7-Mode
- Command line interface (CLI) overview including
- Commands and Privilege Levels
- Command Syntax and Help
- Navigation and Editing
- Command line interface (CLI) overview including
- Clustered NetApp Data ONTAP – Part 1
- CLI overview including
- Commands, Navigation, and Privilege Levels
- Command Syntax and Help
- Command Completion
- Navigation and Editing
- CLI overview including
- Clustered NetApp Data ONTAP – Part 2
- Working with Command History
- Setting Display Preferences
- Clustered NetApp Data ONTAP – Part 3
- Field Options
- Field Filtering
- Queries and Operators
- Clustered NetApp Data ONTAP – Part 4
- Extended Queries
- Clustered NetApp Data ONTAP – Part 5
- Examples
In this entry in the series, we’ll take a brief look at the different shells available within clustered Data ONTAP.
Clustershell
Everything we’ve discussed in Part 1 through Part 5 of this series has been using the clustershell. This is the primary interface for cluster management from the command line, and it is expected that the vast majority of the administrator’s work in the CLI will be using this shell (95%+). The clustershell is what the administrator is automatically using when connecting to a cluster, regardless of whether that connection is to the cluster management interface, a node management interface, or a Storage Virtual Machine management interface. The clustershell manages objects and configurations for the entire cluster.
Nodeshell
The nodeshell is a more limited shell for commands that only effect an individual node. This shell is equivalent to the one used for Data ONTAP operating in 7-mode where each controller operated as an independent node despite being able to provide high-availability for its partner.
Nodeshell commands are accessible from the clustershell using the system node run command (or any of its abbreviated forms like node run, run, or even ru). We’ve shown several examples of this usage over the previous five parts of this series.
You can see what commands are available in the nodeshell using either “?” or the help command:
cdot_mba1::> run local -command ? ? file partner software acpadmin flexcache passwd source aggr fsecurity ping6 sp backup halt pktt stats bmc help priority storage cdpd hostname priv sysconfig cf ic qtree sysstat clone ifconfig quota timezone date ifgrp rdfile ups dcb ifstat reallocate uptime df key_manager restore version disk keymgr restore_backup vlan disk_fw_update license revert_to vmservices download logger rlm vol dump man route wcc echo maxfiles rshstat wrfile ems mt sasadmin ypcat environment ndmpcopy sasstat ypgroup fcadmin netstat sis ypmatch fcp options snap ypwhich fcstat cdot_mba1::> run local -command help ? file partner software acpadmin flexcache passwd source aggr fsecurity ping6 sp backup halt pktt stats bmc help priority storage cdpd hostname priv sysconfig cf ic qtree sysstat clone ifconfig quota timezone date ifgrp rdfile ups dcb ifstat reallocate uptime df key_manager restore version disk keymgr restore_backup vlan disk_fw_update license revert_to vmservices download logger rlm vol dump man route wcc echo maxfiles rshstat wrfile ems mt sasadmin ypcat environment ndmpcopy sasstat ypgroup fcadmin netstat sis ypmatch fcp options snap ypwhich fcstat
The help command can also be used to get more information about a specific command, or you can pass the “-?” parameter to the command:
cdot_mba1::> run local -command help acpadmin acpadmin - Storage ACP administrator functions cdot_mba1::> run local -command acpadmin -? Usage: acpadmin configure acpadmin list_all acpadmin stats
Running just a command without parameters will actually provide the same information as using the “-?” parameter:
cdot_mba1::> run local -command acpadmin Usage: acpadmin configure acpadmin list_all acpadmin stats
As you may have noticed from our examples in the earlier parts of the series, you don’t need to use the “-command” parameter at all but can just specify the command directly:
cdot_mba1::> run local acpadmin Usage: acpadmin configure acpadmin list_all acpadmin stats
This works even for the help command to show the available nodeshell commands, though you can’t use the “-?” in the same fashion as it’s evaluated for the run local context instead:
cdot_mba1::> run local help
? file partner software
acpadmin flexcache passwd source
aggr fsecurity ping6 sp
backup halt pktt stats
bmc help priority storage
cdpd hostname priv sysconfig
cf ic qtree sysstat
clone ifconfig quota timezone
date ifgrp rdfile ups
dcb ifstat reallocate uptime
df key_manager restore version
disk keymgr restore_backup vlan
disk_fw_update license revert_to vmservices
download logger rlm vol
dump man route wcc
echo maxfiles rshstat wrfile
ems mt sasadmin ypcat
environment ndmpcopy sasstat ypgroup
fcadmin netstat sis ypmatch
fcp options snap ypwhich
fcstat
cdot_mba1::> run local -?
{ [[-command] <text>, ...] Command to Run
| [ -reset [true] ] } Reset Existing Connection
The nodeshell can also be used interactively by using the run clustershell command without appending a particular nodeshell command to run.
cdot_mba1::> run local Type 'exit' or 'Ctrl-D' to return to the CLI cdot_mba1-01> ? ? file passwd software acpadmin flexcache ping source aggr fsecurity ping6 sp arp halt pktt stats backup help priority storage bmc hostname priv sysconfig cdpd ic qtree sysstat cf ifconfig quota timezone clone ifgrp rdfile traceroute coredump ifstat reallocate traceroute6 date key_manager restore ups dcb keymgr restore_backup uptime df license revert_to version disk logger rlm vlan disk_fw_update man route vmservices download maxfiles rshstat vol dump mt sasadmin wcc echo ndmpcopy sasstat wrfile ems ndp savecore ypcat environment netstat shelfchk ypgroup fcadmin options sis ypmatch fcp partner snap ypwhich fcstat cdot_mba1-01>
Notice that the prompt changes once you’ve entered the nodeshell, and uses the same format as the 7-mode prompt (nodename followed by “>”).
cluster01> priv set advanced Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel. cdot_mba1-01*>
The same privilege levels (admin, advanced, and diag) are still applicable within the nodeshell, and the same indicators are used (the presence of the “*” between the nodename and the “>” indicates that the administrator is in either advanced or diag privilege level).
You return to the clustershell by typing exit or pressing Ctrl+d.
cdot_mba1-01*> exit logout cdot_mba1::>
While in the above example we were connecting to the nodeshell of the local node (the node where the cluster management interface was currently located), the administrator can connect to any node in the cluster as needed:
cdot_mba1::> run -node cdot_mba1-02 Type 'exit' or 'Ctrl-D' to return to the CLI cdot_mba1-02>
If you are connecting via the cluster management interface, you can identify which node you are connected to by finding the current home of the interface:
cdot_mba1::*> net int show cluster_mgmt (network interface show) Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ------------- ------- ---- cdot_mba1 cluster_mgmt up/up 172.16.213.10/24 cdot_mba1-01 e0d false
But there’s also a much simpler way using a nodeshell command:
cdot_mba1::*> run local hostname cdot_mba1-01
Systemshell
The systemshell is a lower-level shell that provides access to the underlying FreeBSD layer of Data ONTAP, and is meant only for diagnostic or troubleshooting purposes. The systemshell should only be used under the guidance of NetApp technical support, particularly for production systems.
The systemshell can only be accessed from the diag privilege level.
cdot_mba1::> systemshell
Error: "systemshell" is not a recognized command
cdot_mba1::> set -priv diag
Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y
cdot_mba1::*> systemshell
(system node systemshell)
Data ONTAP/amd64 (cdot_mba1-01) (pts/2)
login: admin
Password:
Error: Account not configured to connect in this manner.
cdot_mba1::*>
The systemshell does require explicit re-authentication, and by default the admin user is not allowed access. You need to login as the diag user instead which needs to be given a password and unlocked before it is usable.
cdot_mba1::*> security login password -username diag Enter a new password: Enter it again: cdot_mba1::*> security login unlock diag cdot_mba1::*> systemshell (system node systemshell) Data ONTAP/amd64 (cdot_mba1-01) (pts/2) login: diag Password: Warning: The system shell provides access to low-level diagnostic tools that can cause irreparable damage to the system if not used properly. Use this environment only when directed to do so by support personnel. cdot_mba1-01%
cdot_mba1-01% echo $SHELL /bin/csh cdot_mba1-01% pwd /var/home/diag cdot_mba1-01% ? ?: No match. cdot_mba1-01% help help: Command not found. cdot_mba1-01% exit logout cdot_mba1::*>
Again, the systemshell is only to be used under the supervision of NetApp technical support while performing troubleshooting or diagnostic operations.
There is in fact one more shell that an administrator will interact with, and it’s used with both clustered Data ONTAP and 7-mode. The Service Processor shell runs on an independent sub-processor used only for out-of-band management, and accessible via a dedicated Ethernet interface. We’ll discuss it in detail in an upcoming post.
Data Center Digressions 