ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • cluster peer modify

    Modify cluster peer relationships

    Availability: This command is available to cluster administrators at the admin privilege level.

    Description

    The cluster peer modify command modifies the attributes of a peering relationship. When you modify a peer relationship and specify -peer-addrs , all of the remote addresses must respond, must be intercluster addresses, and must belong to the remote cluster that is being modified; or the modification request is denied.

    Parameters

    -cluster <text> - Peer Cluster Name

    Use this parameter to specify the peering relationship to modify by specifying the name of the peered cluster.

    [-peer-addrs <Remote InetAddress>,…​] - Remote Intercluster Addresses

    Use this parameter to specify the names or IP addresses of the logical interfaces used for intercluster communication. Separate the addresses with commas. The list of addresses you provide replaces the existing list of addresses.

    [-address-family {ipv4|ipv6}] - Address Family of Relationship

    Use this parameter to specify the address family of the names specified with the peer-addrs parameter.

    [-timeout <integer>] - Operation Timeout (seconds)

    Use this parameter to specify a timeout value for peer communications. Specify the value in seconds.

    [-auth-status-admin {no-authentication|revoked|use-authentication}] - Authentication Status Administrative

    Use this parameter to adjust the authentication in use for the peer relationship. The defined values for this field are as follows.

    • no-authentication - The cluster peer relationship uses no authentication.

    • use-authentication - The cluster peer relationship is to be authenticated. After you use this value, you will be prompted for a passphrase to be used in determining a new authentication key, just as in the authenticated cluster peer create command or you can use the option generate-passphrase to automatically generate the passphrase.

    • revoked - The cluster peer relationship is no longer to be trusted. Peering communication with this cluster peer is suspended until the two clusters set their auth-status-admin attributes either both to no-authentication or both to use-authentication .

    Changes should be reflected on both clusters involved in a peering relationship.

    [-rpc-connect-timeout <integer>] - Timeout for RPC Connect (seconds)

    Use this optional parameter to specify a timeout value for the RPC connect during peer communications. Specify the value in seconds.

    [-update-ping-timeout <integer>] - Timeout for Update Pings (seconds)

    Use this optional parameter to specify a timeout value for pings while updating remote cluster information. Specify the value in seconds. This parameter applies only to cluster peer relationships using the IPv4 protocol.

    [-ipspace <IPspace>] - IPspace for the Relationship

    Use this optional parameter to specify that cluster peering communication for this remote cluster is to be done using local intercluster LIFs that are on ports in the named IPspace.

    [-generate-passphrase <true>] - Use System-Generated passphrase

    Use this optional parameter along with -auth-status-admin option’s use-authentication to automatically generate the passphrase which can be used for cluster peer operation.

    [-encryption-protocol-proposed {none|tls-psk}] - Encryption For Inter-Cluster Communication

    Use this parameter to adjust the encryption of connections in use for the peer relationship. The defined values for this field are as follows.

    • tls-psk - Use TLS with a Pre-Shared Key.

    • none - Use no encryption.

    Examples

    This example modifies the peering relationship to use a new IP address in the remote cluster for intercluster communications and revoke authentication.

    View existing cluster peer configuration using following command :

    cluster1::> cluster peer show -instance
    Peer Cluster Name: cluster2
                  Remote Intercluster Addresses: cluster2-d2, 10.98.234.246
             Availability of the Remote Cluster: Available
                            Remote Cluster Name: cluster2
                            Active IP Addresses: 10.98.234.246, 10.98.234.243
                          Cluster Serial Number: 1-80-123456
                           Remote Cluster Nodes: cluster2-01, cluster2-02
                          Remote Cluster Health: true
                        Unreachable Local Nodes: -
                 Address Family of Relationship: ipv4
           Authentication Status Administrative: use-authentication
              Authentication Status Operational: ok
                               Last Update Time: 02/05 21:05:41
                   IPspace for the Relationship: Default
     Encryption for Inter-Cluster Communication: tls-psk

    Modify the cluster peer configuration using following command :

    cluster1::> cluster peer modify -cluster cluster2 -peer-addrs cluster2-d2,10.98.234.264 -auth-status-admin revoked
    Warning: This will discard the authentication key.
    
    Warning: You are removing authentication from the peering relationship with
      cluster "cluster2". Use the "cluster peer modify" command on
      cluster "cluster2" with the "-auth-status-admin
      no-authentication" parameter to complete authentication removal from
      the peering relationship.
    
    Do you want to continue?{y|n}:y

    The following example modifies the peering relationship to use authentication with -generate-passphrase option.

    cluster1::> cluster peer modify -cluster cluster2
      -auth-status-admin use-authentication -generate-passphrase
    
    Notice: Use the below system-generated passphrase in the "cluster peer modify"
    command in the other cluster.
    Passphrase: UCa+6lRVICXeL/gq1WrK7ShR
            Expiration Time: 6/7/2017 09:16:10 +5:30
            Peer Cluster Name: cluster2
    
    Warning: make a note of the passphrase - it cannot be displayed again.
    
    Until then, the operational authentication state of the relationship remains as "pending".
    
    cluster1::> cluster peer offer show
                                                                                   Allowed
    Peer Cluster Name     Authentication Creation            Expiration          Vserver Peers
    --------------------- -------------- ------------------- ------------------- --------------
    cluster2              ok-and-offer   6/7/2017 08:16:10   6/7/2017 09:16:10   -
    
    Modify cluster peer relationship in cluster2 with use-authentication option and use the auto-generated passphrase.
    
    cluster2::> cluster peer modify -cluster cluster2 -auth-status-admin use-authentication
    
    Notice: Use a auto-generated passphrase or choose a passphrase of 8 or more characters.
            To ensure the authenticity of the peering relationship, use a phrase or sequence
            of characters that would be hard to guess.
    
    Enter the passphrase:
    Confirm the passphrase:
    Top of Page