Infra World: February 2019

Error1:
zsh: permission denied: isi_for_array
Fix:
>> normal you see this issue, if you dont have permission to run the command
or you are not running commands with root user
or you forgot to put sudo in fornt of the command when you are using non root user account
>> you can fix this issue by modify the sudo file to give access to all users to all commands
//Open the sudo file to add access to the Groups or Users
isi_visudo -f /etc/mcp/override/sudoers
>>click "insert" button to edit the file, add the below any entry based on your requirement
#Below Command to give access to all users
ALL ALL=(ALL) NOPASSWD: ALL
#Below Command to give access to Domain User to all CMDs
<DOMAIN>\\<USERID> ALL=(ALL) NOPASSWD: ALL
#Below Command to give access to Islon Cluster Local User to all CMDs
<USERID> ALL=(ALL) NOPASSWD: ALL
#Below Command to give access to Islon Cluster Local Group users to all CMDs
%<LocalGroupName> ALL=(ALL) NOPASSWD: ALL
>>Press Esc and enter ":wq" to write the changes to the file
Now run your command with "sudo" in front of the command, like below
Example:
IsilonCluster1-2% isi_for_array -s 'isi_hw_status | grep -i serno'
zsh: permission denied: isi_for_array
IsilonCluster1-2% sudo isi_for_array -s 'isi_hw_status | grep -i serno'
IsilonCluster1-1: SerNo: XXXXXXXXXXX
IsilonCluster1-2: SerNo: XXXXXXXXXXX

Error2:
Could not chdir to home directory /ifs/home/DOMAIN/USERID: No such file or directory
Fix:
Normally you see this error, if the user that logged in doest have a Home Directory, either you create manually.
if you are a domain user, make you "Create home directories on first login" option is checked under the domain in Active Directory
GUi > Access > Authrentication Providers > Active Directory

How to setup Full Previllages to AD Groups on Isilon Cluster ?
1. Login to the GUi > Access > Authrntication Providers > Active Directory > + Join a Domain > Fill the details > Join.
Once it is joined succussfully, and status is showing "Online", goto next step
Note: for Isilon OneFS v8.1.2.0 and above make sure "Create home directories on first login" option is check.
if it is not checked, Users after loggin into putty, maybe be able to use Tab Functionality

2. Login to Isilon Cluster CLI as root through SSH tools like Putty. and run the below commands

//Create a Role First like "StorageAdmins"
isi auth roles create --name StorageAdmins --description "Full Admin Privileges to the Cluster"

//Add AD Group to the Role
isi auth roles modify StorageAdmins --add-group=ADGroup1@Domain

//you can add more groups to the same role like below
isi auth roles modify StorageAdmins --add-group="ADGroup2@Domain"

//Add Previllages to the Role that was created earlier "StorageAdmins" (Below is list of full Previllages)
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_ANTIVIRUS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_AUDIT
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_AUTH
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_CERTIFICATE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_CLOUDPOOLS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_CLUSTER
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_DEVICES
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_ESRS_DOWNLOAD
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_EVENT
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_FILE_FILTER
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_FTP
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_HARDENING
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_HDFS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_HTTP
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_IFS_BACKUP
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_IFS_RESTORE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_IFS_WORM_DELETE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_JOB_ENGINE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_LICENSE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_LOGIN_CONSOLE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_LOGIN_PAPI
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_LOGIN_SSH
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_MONITORING
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_NDMP
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_NETWORK
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_NFS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_NS_IFS_ACCESS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_NS_TRAVERSE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_NTP
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_QUOTA
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_REMOTE_SUPPORT
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_ROLE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SMARTPOOLS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SMB
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SNAPSHOT
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SNMP
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_STATISTICS
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SWIFT
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SYNCIQ
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SYS_SHUTDOWN
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SYS_SUPPORT
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SYS_TIME
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_SYS_UPGRADE
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_VCENTER
isi auth roles modify StorageAdmins --add-priv ISI_PRIV_WORM

//Open the sudo file to add access to the Groups or Users
isi_visudo -f /etc/mcp/override/sudoers
>>click "insert" button to edit the file, add the below entry
ALL ALL=(ALL) NOPASSWD: ALL
>>Press Esc and enter ":wq" to write the changes to the file

3. Verify the access by relogin to the putty
login as: <DOMAIN>\<USERID>
Using keyboard-interactive authentication.
Password: **********

In Unity Array, In general only the primary SP has direct access to the network, if you want to download files from the peer SP there is no direct network access.You can access the peer SP, for file transfer, via an ssh tunnel via Putty.
The advantage of doing this, you dont need to copy files from peer SP to Primary SP.

On a Unity Array, each SP has an internal network interface named: eth_int
For SPA the address assigned to eth_int is: 128.221.255.100
For SPB the address assigned to eth_int is: 128.221.255.101

you can verify this by logging putty session into Unity with service account, and ping SPA & SPB like below

Create Session with Unity Mgmt IP <10.1.2.3> and using port 22

Go to: "Connection > SSH > Tunnels" Click "Local ports accept connections from other hosts" and create a tunnel for SPA (128.221.255.100) on tcp port 22 then Click Add Button