- Notes, cautions, and warnings
- Introduction
- Revision history
- PowerFlex Manager CLI
- Logging in to CLI
- Alerts commands
- Alert template commands
- PowerFlex CLI version
- Directory service commands
- Dispatch destination commands
- Dispatch policies commands
- Dispatch sources commands
- Event commands
- File commands
- File DNS server commands
- File FTP server commands
- File interface commands
- File interface route commands
- File NDMP server commands
- File NIS server commands
- File system commands
- File tree quotas commands
- File user quotas commands
- Group commands
- Login banner commands
- NFS export commands
- NFS server commands
- PowerFlex file services commands
- PowerFlex file node protection policy commands
- PowerFlex file nodes snapshot rules commands
- Roles commands
- SMB server commands
- SMB shares commands
- SMTP service commands
- PowerFlex storage node commands
- SupportAssist configuration commands
- Syslogs commands
- User management commands
- PowerFlex SCLI
- SCLI basics
- Acceleration pool commands
- Device commands
- abort_remove_sds_device
- activate_sds_device
- add_sds_device
- clear_sds_device_error
- modify_sds_device_capacity
- query_all_device_latency_meters
- query_device_latency_meters
- query_device_test
- query_sds_device_info
- remove_sds_device
- rename_device
- set_sds_device_external_acceleration_type
- set_sds_device_led
- set_sds_device_media_type
- start_device_test
- set_sds_device_path
- Fault set commands
- General CLI commands
- acknowledge_scanner_error_counters
- add_trusted_ca
- extract_root_ca
- list_trusted_ca
- set_license
- query_license
- query_disconnections
- query_remote_syslog
- query_oscillating_failure_counter_parameters
- remove_trusted_ca
- reset_oscillating_failure_counters
- set_cli_login_banner_acceptance_mode
- set_cli_login_banner_preemptive_acceptance
- set_login_banner
- set_oscillating_failure_counter_parameters
- set_remote_read_only_limit_state
- set_syslog_facility
- start_remote_syslog
- stop_remote_syslog
- test_remote_system_connectivity
- add_network_set
- modify_network_set
- query_network_set
- Protection domain commands
- activate_protection_domain
- add_protection_domain
- disable_fgl_metadata_cache
- enable_fgl_metadata_cache
- inactivate_protection_domain
- query_port_flapping_status
- query_port_flapping_unsupported_components
- query_protection_domain
- remove_protection_domain
- rename_protection_domain
- set_default_fgl_metadata_cache_size
- Remote system commands
- Replication commands
- abort_replication_consistency_group_snapshots_create
- activate_replication_consistency_group
- activate_replication_consistency_group_mappings
- add_replication_consistency_group
- add_replication_pair
- add_replication_peer_system
- add_sdr
- add_sdr_ip
- clear_broken_replication_consistency_group_alerts
- create_replication_consistency_group_snapshots
- enter_sdr_maintenance_mode
- exit_sdr_maintenance_mode
- failover_replication_consistency_group
- failover_test_start_replication_consistency_group
- failover_test_stop_replication_consistency_group
- freeze_apply_replication_consistency_group
- inactivate_replication_consistency_group_mappings
- modify_replication_consistency_group_rpo
- modify_replication_consistency_group_target_volume_access_mode
- modify_replication_peer_system_ip
- modify_replication_peer_system_port
- modify_sdr_ip_role
- modify_sdr_port
- pause_pair_initial_copy
- pause_replication_consistency_group
- print_recreate_replication_consistency_group_script
- query_all_replicated_volumes
- query_all_replication_consistency_groups
- query_all_replication_journal_capacity
- query_all_replication_pairs
- query_all_replication_peer_system
- query_all_sdr
- query_replication_consistency_group
- query_replication_pair
- query_replication_peer_system
- query_replication_peer_system_destination_volume_candidates
- query_replication_peer_system_protection_domains
- query_sdr
- query_sync_now_replication_consistency_group
- query_replication_destination_sdc_candidates
- query_replication_destination_storage_pool_candidates
- remove_replication_consistency_group
- remove_replication_pair
- remove_replication_peer_system
- remove_sdr
- remove_sdr_ip
- rename_replication_consistency_group
- rename_replication_peer_system
- rename_sdr
- resume_pair_initial_copy
- resume_replication_consistency_group
- restore_replication_consistency_group
- reverse_replication_consistency_group
- set_pair_initial_copy_queue_position
- set_replication_consistency_group_consistent
- set_replication_consistency_group_inconsistent
- set_replication_journal_capacity
- set_remote_replication_journal_capacity
- switchover_replication_consistency_group
- sync_now_replication_consistency_group
- terminate_replication_consistency_group
- unfreeze_apply_replication_consistency_group
- Return messages
- SDS device name changed
- Success
- No resources
- Timeout
- Already exists
- Communication error
- Wrong reconfiguration mode
- SDS add device “open” error
- SDS add device I/O error
- SDS add device size problem
- SDS actively attach to this MDM
- SDS already attached to this MDM
- SDS active attach to other MDM
- SDS already attached to other MDM
- SDS not found
- Volume not found
- SDC not found
- Volume already mapped to SDC
- Volume already mapped to all SDCs
- Volume not mapped to SDC
- Volume mapped to all SDCs
- Too many mappings
- Invalid volume ID
- Invalid SDS ID
- Invalid SDC ID
- Host not found
- Duplicate host name
- Address and port in use
- Too many SDSs in Protection Domain
- Too many SDSs
- Too many volumes in protection domain
- Too many volumes
- SDS name in use
- Volume name in use
- Duplicate SDS device name
- Duplicate SDC IP address
- SDS not under removal
- SDS being removed
- Volume mapped
- Use MDM IP address
- Command only in cluster
- Command only in single mode
- Command error when cluster degraded
- Too many devices
- SDS device not found
- License too long
- License error
- Unknown license version
- License not set
- Configuration exceeds new license
- License capacity exceeded
- License expired
- Installation ID mismatch
- Customer ID mismatch
- Unsupported license version
- Volume decrease not supported
- SDS device being removed
- Cannot remove last SDS device
- Device not under removal
- SDS already adding device
- Invalid device ID
- Too many protection domains
- Protection domain name in use
- Protection domain not found
- Protection domain has SDSs
- Not enough SDSs in storage pool
- Remove in progress
- No network test results
- Network test in progress
- SDS device already active
- SDS device wrong test mode
- SDS device wrong test state
- SDS device test in progress
- Volume allocation “busy” error
- Capacity highly unbalanced
- Volume creation failed
- Invalid password
- No permissions
- Too many storage pools in protection domain
- Storage pool already exists
- Storage pool not found
- Storage pool has devices
- Storage pool name already exists
- Invalid storage pool ID
- Protection domain has storage pools
- SDC has mappings
- Too many volumes in V-Tree
- Too many snapshots in V-Tree
- No volume to delete
- Too many devices in storage pool
- Volume not found for consistency group
- Too many IP addresses
- Cannot remove last SDS IP address
- SDS IP address not found
- Volume size too large
- Capacity too low for snapshot
- IP address belongs to other SDS
- Invalid port
- LIA package not installed
- LIA multiple packages installed
- LIA command failed
- LIA invalid password
- LIA operation not permitted
- LIA file is too large
- LIA wrong ID
- LIA disk does not exist
- SDS IP address not found
- Bad threshold value
- Storage pool has volumes
- Protection Domain and Storage Pool mismatch
- SDS IP address already exists
- IP role already set
- Cluster ID mismatch
- Device already exists
- Volume size is illegal
- SDC must be disconnected
- Invalid percentage
- Wrong receive group
- Mismatched SW ID
- Invalid license issuer
- Number of parallel messages is too low
- Number of parallel messages is too high
- Network test size is too high
- Network test length too long
- Network test must limit either time or size
- Not enough SDSs in protection domain for test
- Not allowed in Storage Pool with devices
- License capacity mismatch
- Exceeds system capacity limitations
- SDC mapped to too many volumes
- Not enough devices in storage pool for removal
- Invalid network limits
- A device is currently being removed
- A device is already active
- RAM cache wrong state
- More than one mapping not allowed
- At least one SDS failed
- A device is in incorrect test state
- A device test is in progress
- Enterprise features not enabled
- Volume already mapped to an SDC
- SDS already exists and is being removed
- Invalid spare percentage
- Invalid background device scanner bandwidth limit
- Zero padding with background device scanner data comparison mode
- IP address already assigned to another SDS
- Capacity too low for thin volumes
- Too many Storage Pools in the system
- Remote access to the MDM is blocked
- Cannot add a partitioned device
- Cannot add a mounted device
- Device header mismatch
- Device has user content
- Missing storage device media type
- Invalid media type
- Media type mismatch
- Invalid external acceleration type
- External acceleration type mismatch
- Metadata feature cannot be configured on the acceleration device
- Metadata feature is not enabled on the storage pool
- Metadata feature is already enabled on the storage pool
- Metadata feature is not enabled on the devices
- Metadata is already enabled on devices
- Insufficient capacity for accelerating metadata
- NVMe host and SDC commands
- Understanding the effect of network latency on NVMe over TCP latency counters
- add_sdc
- remove_host
- rename_host
- check_sdc_authentication_status
- generate_sdc_password
- query_all_approved_sdc
- query_host
- query_all_hosts
- query_potential_nvme_hosts
- query_all_sdc
- query_restricted_sdc_mode
- query_sdc
- query_sdc_volume_limits
- reset_sdc_sds_connections
- set_restricted_sdc_mode
- set_sdc_authentication
- set_sdc_volume_limits
- set_approved_sdc_ips
- add_nvme_host
- modify_nvme_host_max_paths
- modify_nvme_host_max_sys_ports
- modify_nvme_host_os_full_type
- set_manual_nvme_host_connectivity
- reset_manual_nvme_host_connectivity
- set_manual_nvme_mapping_connectivity
- reset_manual_nvme_mapping_connectivity
- rebalance_nvme_host_connectivity
- query_nvme_discovery_info
- clear_nvme_reservation
- add_host_group
- assign_host_to_host_group
- query_all_host_groups
- query_host_group
- modify_host_group
- rename_host_group
- remove_host_from_host_group
- remove_host_group
- set_auto_update_sdc_with_mdm_ip_addresses
- restart_connections_to_realign_net_path
- SDC operations
- Add an external SDC to an existing PowerFlex system
- Performing SDC operations
- Update the SDC driver with IP address changes
- Detecting new volumes
- Query volumes using drv_cfg
- Query tgt objects using drv_cfg
- Query GUID using drv_cfg
- Query MDMs using drv_cfg
- Loading a configuration file using drv_cfg
- Adding an MDM using drv_cfg
- Modifying an MDM IP address using drv_cfg
- Permanent device loss state
- Run the SDC driver on Red Hat Enterprise Linux or SUSE Enterprise Linux Enterprise Server with multipath enabled
- SDC authentication
- Manual SDC configuration/verification
- SDS commands
- abort_remove_sds
- add_sds
- add_sds_ip
- disable_sds_rmcache
- enter_maintenance_mode
- exit_maintenance_mode
- enable_sds_rmcache
- enter_protected_maintenance_mode
- exit_protected_maintenance_mode
- modify_sds_ip_role
- modify_sds_port
- query_all_sds
- query_sds_connectivity_status
- query_sds
- query_sds_connectivity_status
- query_sds_network_test_results
- query_sdc_to_sds_disconnections
- remove_sds
- remove_sds_ip
- rename_sds
- set_drl_properties
- set_fgl_metadata_cache_size
- set_sds_network_limits
- set_sds_rmcache_size
- show_certificate
- start_sds_network_test
- update_sds_original_paths
- set_sds_device_path
- SDT commands
- Snapshot commands
- Storage pool commands
- add_storage_pool
- disable_background_device_scanner
- disable_persistent_checksum
- enable_background_device_scanner
- enable_persistent_checksum
- modify_compression_method
- modify_persistent_checksum
- modify_zero_padding_policy
- query_inaccessible_user_address_space
- query_storage_pool
- remove_storage_pool
- rename_storage_pool
- reset_scanner_error_counters
- set_capacity_alerts_threshold
- set_rebalance_mode
- set_rebalance_policy
- set_rebuild_mode
- set_rebuild_policy
- set_rebuild_rebalance_parallelism
- set_rmcache_usage
- set_rmcache_write_handling_mode
- set_storage_pool_external_acceleration_type
- set_storage_pool_media_type
- set_checksum_mode
- set_protected_maintenance_mode_policy
- test_inaccessible_data
- System commands
- abort_upgrade
- add_certificate
- add_standby_mdm
- allow_commands_during_upgrade
- create_mdm_cluster
- finalize_upgrade
- generate_certificate
- generate_mdm_certificate
- generate_mdm_csr_file
- modify_cluster_virtual_ips
- modify_management_ip
- modify_spare_policy
- modify_virtual_ip_interfaces
- query_all
- query_cluster
- query_performance_parameters
- query_properties
- query_remote_read_only_limit_state
- query_system_limits
- query_upgrade
- refresh_mdm_cluster_capabilities
- remove_standby_mdm
- rename_mdm
- rename_system
- query_all_system_networks
- query_system_network
- add_system_network
- rename_system_network
- remove_system_network
- replace_cluster_mdm
- replace_mdm_security_files
- set_component_authentication_properties
- set_management_client_communication
- set_performance_parameters
- start_upgrade
- switch_cluster_mode
- switch_mdm_ownership
- generate_mdm_mno_csr
- replace_mdm_mno_certificate
- query_all_network_sets
- query_network_set
- modify_network_set
- rename_network_set
- remove_network_set
- Volume commands
- add_volume
- clear_scsi2_reservation
- clear_scsi3_reservation
- map_volume_to_host
- unmap_volume_from_host
- modify_volume_capacity
- overwrite_volume_content
- query_all_volumes
- query_volume
- query_volume_sdc_meters
- query_volume_sdt_meters
- remove_volume
- rename_volume
- set_volume_rmcache_usage
- set_volume_mapping_access_mode
- set_volume_access_mode_limit
- query_auto_provisioned_destination_volume_suffix
- modify_auto_provisioned_destination_volume_suffix
- add_snapshot_policy
- add_source_volume_to_snapshot_policy
- align_snapshot_policy_to_current_time
- lock_auto_snapshot
- modify_snapshot_policy
- pause_snapshot_policy
- query_all_snapshot_policies
- query_snapshot_policy
- remove_snapshot_policy
- remove_source_volume_from_snapshot_policy
- rename_snapshot_policy
- resume_snapshot_policy
- unlock_auto_snapshot
- V-Tree commands
Dell PowerFlex Manager 4.6.x CLI Reference Guide
SDC authentication
This feature ensures secured connectivity between the SDC and the storage cluster over the data path by applying Challenge-Handshake Authentication Protocol (CHAP) based authentication of the SDC to the MDM for access to the system in general and to mapped volumes in particular. This prevents the SDC from accessing the cluster if it is not admitted as well as unauthorized volumes. Once enabled, the SDC internally performs mutual CHAP authentication with the SDSs and the SDRs with no manual intervention.
Prerequisites
- For each SDC, a CHAP authentication password is generated by the MDM.
- All SDCs must be configured with their generated passwords
- Run the --check_sdc_authentication_status command, to check the status of the SDCs and whether they are ready to authenticate
About this task
NOTE:Using CHAP authentication with SDC also means that an SDC can only perform I/O operations on volumes explicitly mapped to it. The SDS blocks SDC I/O operations on unmapped volumes. CHAP authentication is also used internally for I/O authentication to the SDS and SDR, however it is always enabled and not controlled by the user.
Steps
-
Get the shared generated password for SDC from the MDM using the command:
scli --generate_sdc_password --(sdc_id <ID> | sdc_name <NAME) | sdc_guid <GUID> | sdc_ip <IP>) [--reason <REASON>]
Use the reason parameter to verify that the SDC password is being reset and not changed by accident. The reason is stored in the MDM events log.
NOTE:SDCs not configured with a password are disconnected after the feature is enabled in step 3.NOTE:You must comply with organization password protection policy rules when performing this operation.Copy the password that was generated in <SDC_PASSWORD_STRING>, used in the next step. -
On the SDC, run the following command:
- Linux:
/opt/emc/scaleio/sdc/bin/drv_cfg --set_mdm_password --ip <MDM_IP> --password <SDC_PASSWORD_STRING> --file/etc/emc/scaleio/drv_cfg.txt
NOTE:The file option is required for password persistency, for cases such as service scini restart or SDC reboot. Open the file to verify the <SDC_PASSWORD_STRING> is logged at the end of the MDM line. - ESXi:
-
cat /etc/vmware/esx.conf | grep scini | grep options
A string is returned representing all the ESXi configuration parameters currently set. Copy the string with the enclosing quotation marks and paste in a text editor for editing. - At the end of the string, add the following text, within the quotation marks:
IoctlMdmPasswordStr=<MDM_IP>-<MDM_PASSWORD>
where:- <MDM_IP> is the MDM IP address.
- <MDM_PASSWORD> is the MDM password.
For example:"IoctlIniGuidStr=cd069ce3-bf2a-5dea-b50a-1a5ebc8ef3de IoctlMdmIPStr=192.169.217.165,172.17.217.165,192.169.217.166,172.17.217.166,192.169.217.167,172.17.217.167 IoctlMdmPasswordStr=192.169.217.165-AQAAAAAAAADu/10fXW3BS1wPBDgnkR06tdneGoUK7VQ"
- Run the following command with the string that is appended to the end:
esxcli system module parameters set -m scini -p <STRING>
For example:esxcli system module parameters set -m scini -p "IoctlIniGuidStr=cd069ce3-bf2a-5dea-b50a-1a5ebc8ef3de IoctlMdmIPStr=192.169.217.165,172.17.217.165,192.169.217.166,172.17.217.166,192.169.217.167,172.17.217.167 IoctlMdmPasswordStr=192.169.217.165-AQAAAAAAAADu/10fXW3BS1wPBDgnkR06tdneGoUK7VQ"
-
- Linux:
-
To check SDC readiness for all SDCs in the system, before enabling SDC authentication, run the following command:
NOTE:It is important to complete the previous steps for all SDCs before running the command.
scli --check_sdc_authentication_status [--run_test] [--file_name <FILENAME>]
Where:
- --run_test runs a connectivity test to check whether the SDCs can successfully authenticate using CHAP
- --filename <FILENAME> is the full file name and path for the generated report.
The command sends a report that includes the SDCs authentication password status.
NOTE:When running this command, the SDCs are disconnected for a short period from the MDM. This does not interrupt running I/Os or have any impact on MDM/SDC activity. It is recommended to run the command when the system is in a healthy state and not during rebalancing or rebuilding operations. -
To enable SDC authentication, run the following command:
scli --set_sdc_authentication --enable
-
To disable SDC authentication, run the following command:
scli --set_sdc_authentication --disable
- Reboot the ESXi for the configuration to take effect. For more information, see the Gracefully shut down or reboot a node topic in Dell PowerFlex 4.6.x Administration Guide.
Results
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\