Tours of the Black Prompt: Clustered NetApp Data ONTAP – Part 6

The Tours of the Black Prompt series so far:

In this entry in the series, we’ll take a brief look at the different shells available within clustered Data ONTAP.

Clustershell

Everything we’ve discussed in Part 1 through Part 5 of this series has been using the clustershell. This is the primary interface for cluster management from the command line, and it is expected that the vast majority of the administrator’s work in the CLI will be using this shell (95%+). The clustershell is what the administrator is automatically using when connecting to a cluster, regardless of whether that connection is to the cluster management interface, a node management interface, or a Storage Virtual Machine management interface. The clustershell manages objects and configurations for the entire cluster.

Nodeshell

The nodeshell is a more limited shell for commands that only effect an individual node. This shell is equivalent to the one used for Data ONTAP operating in 7-mode where each controller operated as an independent node despite being able to provide high-availability for its partner.

Nodeshell commands are accessible from the clustershell using the system node run command (or any of its abbreviated forms like node run, run, or even ru). We’ve shown several examples of this usage over the previous five parts of this series.

You can see what commands are available in the nodeshell using either “?” or the help command:

cdot_mba1::> run local -command ?
 ?                   file                partner             software           
 acpadmin            flexcache           passwd              source             
 aggr                fsecurity           ping6               sp                 
 backup              halt                pktt                stats              
 bmc                 help                priority            storage            
 cdpd                hostname            priv                sysconfig          
 cf                  ic                  qtree               sysstat            
 clone               ifconfig            quota               timezone           
 date                ifgrp               rdfile              ups                
 dcb                 ifstat              reallocate          uptime             
 df                  key_manager         restore             version            
 disk                keymgr              restore_backup      vlan               
 disk_fw_update      license             revert_to           vmservices         
 download            logger              rlm                 vol                
 dump                man                 route               wcc                
 echo                maxfiles            rshstat             wrfile             
 ems                 mt                  sasadmin            ypcat              
 environment         ndmpcopy            sasstat             ypgroup            
 fcadmin             netstat             sis                 ypmatch            
 fcp                 options             snap                ypwhich            
 fcstat             
 
 cdot_mba1::> run local -command help
 
 ?                   file                partner             software           
 acpadmin            flexcache           passwd              source             
 aggr                fsecurity           ping6               sp                 
 backup              halt                pktt                stats              
 bmc                 help                priority            storage            
 cdpd                hostname            priv                sysconfig          
 cf                  ic                  qtree               sysstat            
 clone               ifconfig            quota               timezone           
 date                ifgrp               rdfile              ups                
 dcb                 ifstat              reallocate          uptime             
 df                  key_manager         restore             version            
 disk                keymgr              restore_backup      vlan               
 disk_fw_update      license             revert_to           vmservices         
 download            logger              rlm                 vol                
 dump                man                 route               wcc                
 echo                maxfiles            rshstat             wrfile             
 ems                 mt                  sasadmin            ypcat              
 environment         ndmpcopy            sasstat             ypgroup            
 fcadmin             netstat             sis                 ypmatch            
 fcp                 options             snap                ypwhich            
 fcstat             

The help command can also be used to get more information about a specific command, or you can pass the “-?” parameter to the command:

cdot_mba1::> run local -command help acpadmin
 
 acpadmin             - Storage ACP administrator functions

cdot_mba1::> run local -command acpadmin -?
 Usage: acpadmin configure
        acpadmin list_all
        acpadmin stats

Running just a command without parameters will actually provide the same information as using the “-?” parameter:

cdot_mba1::> run local -command acpadmin
 Usage: acpadmin configure
        acpadmin list_all
        acpadmin stats

As you may have noticed from our examples in the earlier parts of the series, you don’t need to use the “-command” parameter at all but can just specify the command directly:

cdot_mba1::> run local acpadmin
 Usage: acpadmin configure
        acpadmin list_all
        acpadmin stats

This works even for the help command to show the available nodeshell commands, though you can’t use the “-?” in the same fashion as it’s evaluated for the run local context instead:

cdot_mba1::> run local help   
 
 ?                   file                partner             software           
 acpadmin            flexcache           passwd              source             
 aggr                fsecurity           ping6               sp                 
 backup              halt                pktt                stats              
 bmc                 help                priority            storage            
 cdpd                hostname            priv                sysconfig          
 cf                  ic                  qtree               sysstat            
 clone               ifconfig            quota               timezone           
 date                ifgrp               rdfile              ups                
 dcb                 ifstat              reallocate          uptime             
 df                  key_manager         restore             version            
 disk                keymgr              restore_backup      vlan               
 disk_fw_update      license             revert_to           vmservices         
 download            logger              rlm                 vol                
 dump                man                 route               wcc                
 echo                maxfiles            rshstat             wrfile             
 ems                 mt                  sasadmin            ypcat              
 environment         ndmpcopy            sasstat             ypgroup            
 fcadmin             netstat             sis                 ypmatch            
 fcp                 options             snap                ypwhich            
 fcstat             
 
 cdot_mba1::> run local -?
   { [[-command] <text>, ...]  Command to Run
   | [ -reset [true] ] }       Reset Existing Connection

The nodeshell can also be used interactively by using the run clustershell command without appending a particular nodeshell command to run.

cdot_mba1::> run local                     
 Type 'exit' or 'Ctrl-D' to return to the CLI
 cdot_mba1-01> ?
 ?                   file                passwd              software           
 acpadmin            flexcache           ping                source             
 aggr                fsecurity           ping6               sp                 
 arp                 halt                pktt                stats              
 backup              help                priority            storage            
 bmc                 hostname            priv                sysconfig          
 cdpd                ic                  qtree               sysstat            
 cf                  ifconfig            quota               timezone           
 clone               ifgrp               rdfile              traceroute         
 coredump            ifstat              reallocate          traceroute6        
 date                key_manager         restore             ups                
 dcb                 keymgr              restore_backup      uptime             
 df                  license             revert_to           version            
 disk                logger              rlm                 vlan               
 disk_fw_update      man                 route               vmservices         
 download            maxfiles            rshstat             vol                
 dump                mt                  sasadmin            wcc                
 echo                ndmpcopy            sasstat             wrfile             
 ems                 ndp                 savecore            ypcat              
 environment         netstat             shelfchk            ypgroup            
 fcadmin             options             sis                 ypmatch            
 fcp                 partner             snap                ypwhich            
 fcstat             
 cdot_mba1-01>

Notice that the prompt changes once you’ve entered the nodeshell, and uses the same format as the 7-mode prompt (nodename followed by “>”).

 cluster01> priv set advanced
 Warning: These advanced commands are potentially dangerous; use
          them only when directed to do so by NetApp
          personnel.
 cdot_mba1-01*>

The same privilege levels (admin, advanced, and diag) are still applicable within the nodeshell, and the same indicators are used (the presence of the “*” between the nodename and the “>” indicates that the administrator is in either advanced or diag privilege level).

You return to the clustershell by typing exit or pressing Ctrl+d.

cdot_mba1-01*> exit
 logout
 
 cdot_mba1::>

While in the above example we were connecting to the nodeshell of the local node (the node where the cluster management interface was currently located), the administrator can connect to any node in the cluster as needed:

cdot_mba1::> run -node cdot_mba1-02
 Type 'exit' or 'Ctrl-D' to return to the CLI
cdot_mba1-02>

If you are connecting via the cluster management interface, you can identify which node you are connected to by finding the current home of the interface:

cdot_mba1::*> net int show cluster_mgmt
   (network interface show)
             Logical    Status     Network            Current       Current Is
 Vserver     Interface  Admin/Oper Address/Mask       Node          Port    Home
 ----------- ---------- ---------- ------------------ ------------- ------- ----
 cdot_mba1
             cluster_mgmt up/up    172.16.213.10/24   cdot_mba1-01  e0d     false

But there’s also a much simpler way using a nodeshell command:

cdot_mba1::*> run local hostname
 
 cdot_mba1-01
One final note: just as with the 7-mode shell, tab completion will not work for nodeshell commands, even when run from the clustershell rather than interactively.

Systemshell

The systemshell is a lower-level shell that provides access to the underlying FreeBSD layer of Data ONTAP, and is meant only for diagnostic or troubleshooting purposes. The systemshell should only be used under the guidance of NetApp technical support, particularly for production systems.

The systemshell can only be accessed from the diag privilege level.

cdot_mba1::> systemshell
 
 Error: "systemshell" is not a recognized command
 
 cdot_mba1::> set -priv diag
 
 Warning: These diagnostic commands are for use by NetApp personnel only.
 Do you want to continue? {y|n}: y
 
 cdot_mba1::*> systemshell
   (system node systemshell)
 
 Data ONTAP/amd64 (cdot_mba1-01) (pts/2)
 
 login: admin
 Password:
 Error: Account not configured to connect in this manner.
 
 
 cdot_mba1::*>

The systemshell does require explicit re-authentication, and by default the admin user is not allowed access. You need to login as the diag user instead which needs to be given a password and unlocked before it is usable.

cdot_mba1::*> security login password -username diag 
 
 Enter a new password:
 Enter it again:
 
cdot_mba1::*> security login unlock diag
 
cdot_mba1::*> systemshell
   (system node systemshell)
 
 Data ONTAP/amd64 (cdot_mba1-01) (pts/2)
 
 login: diag
 Password:
 
 
 Warning:  The system shell provides access to low-level
 diagnostic tools that can cause irreparable damage to
 the system if not used properly.  Use this environment
 only when directed to do so by support personnel.
 
 cdot_mba1-01%
The systemshell does not provide the same level of friendliness as the other shells, as the “?” and “help” options are not supported, and neither is tab completion.
cdot_mba1-01% echo $SHELL
 /bin/csh
cdot_mba1-01% pwd
 /var/home/diag
cdot_mba1-01% ?
 ?: No match.
cdot_mba1-01% help
 help: Command not found.
cdot_mba1-01% exit
 logout
 
 cdot_mba1::*>

Again, the systemshell is only to be used under the supervision of NetApp technical support while performing troubleshooting or diagnostic operations.


There is in fact one more shell that an administrator will interact with, and it’s used with both clustered Data ONTAP and 7-mode. The Service Processor shell runs on an independent sub-processor used only for out-of-band management, and accessible via a dedicated Ethernet interface. We’ll discuss it in detail in an upcoming post.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s