ONTAP 9 Manuals ( CA08871-402 )

to Japanese version

Manage the ONTAP mediator service

After you have installed ONTAP Mediator service, you might want to change the user name or password. You can also uninstall the ONTAP Mediator Service.

Change the user name

About these tasks

These task is performed on the Linux host on which the ONTAP Mediator service is installed.

If you are unable to reach this command, you might need to run the command using the full path as shown in the following example:

/usr/local/bin/mediator_username

Procedure

Change the username by choosing one of the following options:

  • Run the command mediator_change_user and respond to the prompts as shown in the following example:

     [root@mediator-host ~]# mediator_change_user
     Modify the Mediator API username by entering the following values:
         Mediator API User Name: mediatoradmin
                       Password:
     New Mediator API User Name: mediator
     The account username has been modified successfully.
     [root@mediator-host ~]#
  • Run the following command:

    MEDIATOR_USERNAME=mediator MEDIATOR_PASSWORD=mediator2 MEDIATOR_NEW_USERNAME=mediatoradmin mediator_change_user

     [root@mediator-host ~]# MEDIATOR_USERNAME= mediator MEDIATOR_PASSWORD='mediator2' MEDIATOR_NEW_USERNAME= mediatoradmin mediator_change_user
     The account username has been modified successfully.
     [root@mediator-host ~]#

Change the password

About this task

This task is performed on the Linux host on which the ONTAP Mediator service is installed.

If you are unable to reach this command, you might need to run the command using the full path as shown in the following example:

/usr/local/bin/mediator_change_password

Procedure

Change the password by choosing one of the following options:

  • Run the mediator_change_password command and respond to the prompts as shown in the following example:

     [root@mediator-host ~]# mediator_change_password
     Change the Mediator API password by entering the following values:
        Mediator API User Name: mediatoradmin
                  Old Password:
                  New Password:
              Confirm Password:
     The password has been updated successfully.
     [root@mediator-host ~]#
  • Run the following command:

    MEDIATOR_USERNAME= mediatoradmin MEDIATOR_PASSWORD=mediator1 MEDIATOR_NEW_PASSWORD=mediator2 mediator_change_password

    The example shows that the password is changed from "mediator1" to "mediator2".

     [root@mediator-host ~]# MEDIATOR_USERNAME=mediatoradmin MEDIATOR_PASSWORD=mediator1 MEDIATOR_NEW_PASSWORD=mediator2 mediator_change_password
     The password has been updated successfully.
     [root@mediator-host ~]#

Stop the ONTAP Mediator service

To stop the ONTAP Mediator service, perform the following steps:

Steps
  1. Stop the ONTAP Mediator.

    systemctl stop ontap_mediator

  2. Stop SCST.

    systemctl stop mediator-scst

  3. Disable the ONTAP Mediator and SCST.

    systemctl diable ontap_mediator mediator-scst

Re-enable the ONTAP Mediator service

To re-enable the ONTAP Mediator service, perform the following steps:

Steps
  1. Enable the ONTAP Mediator and SCST.

    systemctl enable ontap_mediator mediator-scst

  2. Start SCST.

    systemctl start mediator-scst

  3. Start ONTAP Mediator.

    systemctl start ontap_mediator

Verify the ONTAP Mediator is healthy

After the ONTAP Mediator has been installed, you should verify that the ONTAP Mediator services are running.

Steps
  1. View the status of the ONTAP Mediator services:

    1. systemctl status ontap_mediator

      [root@scspr1915530002 ~]# systemctl status ontap_mediator
      
       ontap_mediator.service - ONTAP Mediator
      Loaded: loaded (/etc/systemd/system/ontap_mediator.service; enabled; vendor preset: disabled)
      Active: active (running) since Mon 2022-04-18 10:41:49 EDT; 1 weeks 0 days ago
      Process: 286710 ExecStop=/bin/kill -s INT $MAINPID (code=exited, status=0/SUCCESS)
      Main PID: 286712 (uwsgi)
      Status: "uWSGI is ready"
      Tasks: 3 (limit: 49473)
      Memory: 139.2M
      CGroup: /system.slice/ontap_mediator.service
            ├─286712 /opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi --ini /opt/netapp/lib/ontap_mediator/uwsgi/ontap_mediator.ini
            ├─286716 /opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi --ini /opt/netapp/lib/ontap_mediator/uwsgi/ontap_mediator.ini
            └─286717 /opt/netapp/lib/ontap_mediator/pyenv/bin/uwsgi --ini /opt/netapp/lib/ontap_mediator/uwsgi/ontap_mediator.ini
      
      [root@scspr1915530002 ~]#
    2. systemctl status mediator-scst

      [root@scspr1915530002 ~]# systemctl status mediator-scst
         Loaded: loaded (/etc/systemd/system/mediator-scst.service; enabled; vendor preset: disabled)
         Active: active (running) since Mon 2022-04-18 10:41:47 EDT; 1 weeks 0 days ago
        Process: 286595 ExecStart=/etc/init.d/scst start (code=exited, status=0/SUCCESS)
       Main PID: 286662 (iscsi-scstd)
          Tasks: 1 (limit: 49473)
         Memory: 1.2M
         CGroup: /system.slice/mediator-scst.service
                 └─286662 /usr/local/sbin/iscsi-scstd
      
      [root@scspr1915530002 ~]#
  2. Confirm the ports that are used by the ONTAP Mediator service:

    netstat

    [root@scspr1905507001 ~]# netstat -anlt | grep -E '3260|31784'
    
             tcp   0   0 0.0.0.0:31784   0.0.0.0:*      LISTEN
    
             tcp   0   0 0.0.0.0:3260    0.0.0.0:*      LISTEN
    
             tcp6  0   0 :::3260         :::*           LISTEN

Manually uninstall SCST to perform host maintenance

To uninstall SCST, you need the SCST tar bundle that is used for the installed version of ONTAP Mediator.

Steps
  1. Download the appropriate SCST bundle (as shown in the following table) and untar it.

    For this version …​

    Use this tar bundle…​

    ONTAP Mediator 1.7

    scst-3.7.0.tar.bz2

    ONTAP Mediator 1.6

    scst-3.7.0.tar.bz2

    ONTAP Mediator 1.5

    scst-3.6.0.tar.bz2

    ONTAP Mediator 1.4

    scst-3.6.0.tar.bz2

    ONTAP Mediator 1.3

    scst-3.5.0.tar.bz2

    ONTAP Mediator 1.1

    scst-3.4.0.tar.bz2

    ONTAP Mediator 1.0

    scst-3.3.0.tar.bz2

  2. Issue the following commands in the "scst" directory:

    1. systemctl stop mediator-scst

    2. make scstadm_uninstall

    3. make iscsi_uninstall

    4. make usr_uninstall

    5. make scst_uninstall

    6. depmod

Manually install SCST to perform host maintenance

To manually install SCST, you need the SCST tar bundle that is used for the installed version of ONTAP Mediator (see the table above).

  1. Issue the following commands in the "scst" directory:

    1. make 2release

    2. make scst_install

    3. make usr_install

    4. make iscsi_install

    5. make scstadm_install

    6. depmod

    7. cp scst/src/certs/scst_module_key.der /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/.

    8. cp scst/src/certs/scst_module_key.der /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/.

    9. patch /etc/init.d/scst < /opt/netapp/lib/ontap_mediator/systemd/scst.patch

  2. (Optional) If Secure Boot is enabled, before you reboot, perform the following steps:

    1. Determine each file name for "scst_vdisk", "scst", and "iscsi_scst" modules.

      [root@localhost ~]# modinfo -n scst_vdisk
      [root@localhost ~]# modinfo -n scst
      [root@localhost ~]# modinfo -n iscsi_scst
    2. Determine the kernel release.

      [root@localhost ~]# uname -r
    3. Sign each file with the kernel.

      [root@localhost ~]# /usr/src/kernels/<KERNEL-RELEASE>/scripts/sign-file \sha256 \
      /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.priv \
      /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der \
      _module-filename_
    4. Install the correct key with the UEFI firmware.

      Instructions for installing the UEFI key are located at:

      /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/README.module-signing

      The generated UEFI key is located at:

      /opt/netapp/lib/ontap_mediator/ontap_mediator/SCST_mod_keys/scst_module_key.der

  3. Perform a reboot.

    reboot

Uninstall the ONTAP Mediator service

Before you begin

If necessary, you can remove the ONTAP Mediator service. The Mediator must be disconnected from ONTAP before you remove the Mediator service.

About this task

This task is performed on the Linux host on which the ONTAP Mediator service is installed.

If you are unable to reach this command, you might need to run the command using the full path as shown in the following example:

/usr/local/bin/uninstall_ontap_mediator

Step
  1. Uninstall the ONTAP Mediator service:

    uninstall_ontap_mediator

     [root@mediator-host ~]# uninstall_ontap_mediator
    
     ONTAP Mediator: Self Extracting Uninstaller
    
     + Removing ONTAP Mediator. (Log: /tmp/ontap_mediator.GmRGdA/uninstall_ontap_mediator/remove.log)
     + Remove successful.
     [root@mediator-host ~]#

Regenerate a temporary self-signed certificate

About this task
  • You perform this task on the Linux host on which the ONTAP Mediator service is installed.

  • You can perform this task only if the generated self-signed certificates have become obsolete due to changes to the hostname or IP address of the host after installing the ONTAP Mediator.

  • After the temporary self-signed certificate has been replaced by a trusted third-party certificate, you do not use this task to regenerate a certificate. The absence of a self-signed certificate will cause this procedure to fail.

Step

To regenerate a new temporary self-signed certificate for the current host, perform the following step:

  1. Restart the ONTAP Mediator:

    ./make_self_signed_certs.sh overwrite

    [root@xyz000123456 ~]# cd /opt/netapp/lib/ontap_mediator/ontap_mediator/server_config
    [root@xyz000123456 server_config]# ./make_self_signed_certs.sh overwrite
    
    Adding Subject Alternative Names to the self-signed server certificate
    #
    # OpenSSL example configuration file.
    Generating self-signed certificates
    Generating RSA private key, 4096 bit long modulus (2 primes)
    ..................................................................................................................................................................++++
    ........................................................++++
    e is 65537 (0x010001)
    Generating a RSA private key
    ................................................++++
    .............................................................................................................................................++++
    writing new private key to 'ontap_mediator_server.key'
    -----
    Signature ok
    subject=C = US, ST = California, L = San Jose, O = "NetApp, Inc.", OU = ONTAP Core Software, CN = ONTAP Mediator, emailAddress = support@netapp.com
    Getting CA Private Key
Top of Page