Tours of the Black Prompt: NetApp FAS Service Processors

The Tours of the Black Prompt series so far:

Over the course of this series, we’ve focused on the command line interface available for the operating systems that run on NetApp FAS storage array controllers: Data ONTAP 7-mode and clustered Data ONTAP. In this post, we’ll focus on a CLI that is not part of the operating system: the Service Processor shell.


Service Processor Shell

NetApp FAS array controllers have had built-in out-of-band management for many years. Depending on the series, older FAS models have used either baseboard management controllers (BMC) or remote LAN management (RLM) ports for this functionality. The newer FAS models, including the 2200, 3200, 6200, and 8000 series, all use a service processor (SP) for out-of-band management. BMCs, RLMs, and SPs offer similar base functionality, but SPs provide the most capabilities and features. The SP CLI behavior described below is the same regardless of whether the controller connected to the SP is running 7-mode or clustered Data ONTAP.

Commands and Privilege Levels

Logging in via SSH (telnet is not supported) you are provided a simple administrative-level prompt:

SP>

The prompt is very minimal and only indicates that you are connected to a Service Processor (the “SP” in the prompt) at the normal administrative privilege level (the “>” in the prompt). This is of course very similar to the Data ONTAP shell prompts but without the cluster or hostname being designated.

From here, you can see the available command structure by simply typing either “?” or help followed by [Enter] :

SP> ?
 date - print date and time
 exit - exit from the SP command line interface
 events - print system events and event information
 help - print command help
 priv - show and set user mode
 sp - commands to control the SP
 rsa - commands for Remote Support Agent
 system - commands to control the system
 version - print Service Processor version
 
SP> help
 date - print date and time
 exit - exit from the SP command line interface
 events - print system events and event information
 help - print command help
 priv - show and set user mode
 sp - commands to control the SP
 rsa - commands for Remote Support Agent
 system - commands to control the system
 version - print Service Processor version

As you can see, there are far fewer commands available for the SP than there are for either version of Data ONTAP. The SP CLI is limited to functionality necessary or useful for situations that require out-of-band access.

For the vast majority of times that an administrator will be connecting to the Service Processor, they will be using it for the most basic functionality: serial console access using the system console command.

SP> system console
 Type Ctrl-D to exit.
 SP-login: admin
 Password:
 *****************************************************
 * This is a SP/RLM console session. Output from the *
 * serial console is also mirrored on this session.  *
 *****************************************************
cluster01::>

Connecting to the system console does require a secondary authentication. While the built-in admin or root user (depending on the version of Data ONTAP) are allowed to login to the SP by default, it is possible for other users to be configured for access to the SP who may or may not be allowed console access to Data ONTAP.

At this point, the SP session will be able to see all output visible to the physical serial port, as well as being able to provide any input to it. Access via system console is not restricted or limited in any way; access and capabilities are only limited by the configuration of the user.

While the SP console session and the physical serial console session do display some of the same information, they still have separate and independent shell environments. If, while an SP session is connected to the system console, there is a concurrent connection to the physical serial port, any input or output from that console session would be mirrored to the SP session. The inverse, however, is not true: any input or output initiated from the SP session will not be visible to the physical console session.

Pressing Ctrl+d from the SP session will end the system console access and return the administrator to the SP CLI prompt.

cluster1::> SP>

The SP itself can also be accessed from the physical serial port by pressing Ctrl+g. This is useful where an administrator is using either a console/terminal server for centralized out-of-band management, or when connected directly to the console (such as during initial setup). The administrator can then return to the serial console by pressing Ctrl+d.

cluster1::>

Switching console to Service Processor
Service Processor Login:
Password:
SP>

cluster1::>

Just like Data ONTAP, there are two additional privilege levels available: advanced and diag. You can change to these levels using the priv set command.

SP> priv set advanced
 Warning: These advanced commands are potentially dangerous; use them only when directed to do so by support personnel.
 
SP*>

The asterisk between the “SP” and “>” indicates that you are in either the advanced or diag privilege level.  There is unfortunately no visual distinction between these two levels, but you can run the priv command with no modifiers to display the current privilege level. This is again just like with Data ONTAP.

SP*> priv
 advanced

More commands are available within the higher privilege levels than in the normal admin level, though they are not necessarily obvious from the top-level output.

Advanced
SP*> ?
 date - print date and time
 exit - exit from the SP command line interface
 events - print system events and event information
 help - print command help
 priv - show and set user mode
 sp - commands to control the SP
 rsa - commands for Remote Support Agent
 system - commands to control the system
 version - print Service Processor version

There are several commands available in Advanced level that aren’t in the normal Admin level, with most being for the display of additional information:

  • sp log audit to display the command history of the SP
  • sp log debug to display the debug information of the SP
  • sp log messages to display the contents of the messages file for the SP
  • system battery auto_update status to display the current setting for the battery firmware automatic updates
  • system fru log show to display the history log related to FRU data

There are also several commands to modify or verify the SP configuration:

  • system battery auto_update [enable|disable] to configure the setting for the battery firmware automatic updates
  • system battery verify [URL] to compare the current battery firmware image with another image available at the specified URL
  • system nvram flash clear to erase the NVRAM flash content (only available when the system is powered on)
Diag
SP*> priv set diag
 Warning: These diagnostic commands are for use by support personnel only.
 
SP*> ?
 date - print date and time
 exit - exit from the SP command line interface
 events - print system events and event information
 gdb - commands to control GDB pass-through
 help - print command help
 priv - show and set user mode
 sp - commands to control the SP
 rsa - commands for Remote Support Agent
 system - commands to control the system
 version - print Service Processor version
 ping - send ICMP ECHO_REQUEST packets to network hosts
 ping6 - send ICMPv6 ECHO_REQUEST packets to network hosts
 traceroute - trace route to HOST
 nslookup - query the nameserver for the IP address of the given HOST optionally using a specified DNS server

The most useful commands at the diag privilege level may be the most basic for troubleshooting network connectivity:

  • ping and ping6
  • traceroute
  • nslookup

Command Syntax and Help

You can see the syntax for a given command by passing it the “-?” or “?” flag, or by using the help command:

SP> events ?
 events all - print all system events
 events info - print system event log information
 events newest - print newest system events
 events oldest - print oldest system events
 events search - search for and print system events
 
SP> events -?
 events all - print all system events
 events info - print system event log information
 events newest - print newest system events
 events oldest - print oldest system events
 events search - search for and print system events
 
SP> help events
 events all - print all system events
 events info - print system event log information
 events newest - print newest system events
 events oldest - print oldest system events
 events search - search for and print system events

The information available for the SP CLI commands is not as verbose and detailed as for Data ONTAP, and manual pages are unfortunately not available. The best source of more information for SP commands will be found in the System Administration Guide for the appropriate Data ONTAP release.

Command Completion

Tab completion is not available for the SP CLI, nor can you abbreviate commands. All commands must be fully entered in order for them to be recognized.

Navigation and Editing

Command-line editing and navigation utilizes the standard keystrokes and combination previously discussed in CLI Efficiency: Common Basics

You can navigate through your previously entered commands using the up and down arrows, or by using Ctrl+n and Ctrl+p, but there is no history command for the SP CLI. It is also worth noting that SP commands entered prior to accessing a system console session will not be displayed after returning to the SP CLI prompt.

Just like with Data ONTAP, you can enter multiple commands on the same command line by separating each command with a semi-colon. The commands will then be executed in order of entry.

SP*> priv; date
 diag
 
 Sun Nov  30 02:10:02 GMT 2014

As you’ll have noticed, the Service Processor shell has an interface similar to and consistent with the Data ONTAP 7-mode shell despite the different use cases for each.

In a future article, I’ll go into more details around SP setup, configuration and usage beyond the basics described in this post.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s