Home » HP Manuals » Storage Devices » HP 3PAR StoreServ 7400 2-node » Manual Viewer

HP 3PAR StoreServ 7400 2-node HP 3PAR Command Line Interface Administrator& - Page 39

Optional. Issue the, Software_Group

View all HP 3PAR StoreServ 7400 2-node manuals

Add to My Manuals
Save this manual to your list of manuals

Page 39 highlights

2. Configure the group-to-domain mapping parameters, as follows: • Issue the setauthparam domain-name-attr command, where is the name of an attribute that holds the potential domain name. A common parameter to specify as the is name. • (Optional.) Issue the setauthparam domain-name-prefix command, where is the start point of the domain name search within the information returned from the domain-name-attr parameter described above. An example parameter to specify as the is SystemDomain=. 3. Issue the checkpassword command to verify that the users have the roles you assigned for the desired groups and the group-to-domain mapping is correct. Use a member of a specific group to verify the role. Example using only the domain-name-attr parameter: system cli% setauthparam domain-name-attr name The example above corresponds to the first bullet in Step 2. As shown, name is the attribute used as the basis of the domain name search. system1 cli% checkpassword 3PARuser ... + search result: memberOf: CN=Software,CN=Users,DC=3par,DC=com + search result: memberOf: CN=Eng,CN=Users,DC=3par,DC=com + search result: memberOf: CN=Golfers,CN=Users,DC=3par,DC=com + mapping rule: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com + rule match: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com + mapping rule: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com + rule match: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com + searching LDAP using: search base: CN=Software Group,CN=Users,DC=3par,DC=com filter: (objectClass=group) for attributes: name + search result DN: CN=Software Group,CN=Users,DC=3par,DC=com + search result: name: Software Group + group "CN=Software Group,CN=Users,DC=3par,DC=com" has potential domain Software_Group (transformed from "Software Group") + searching LDAP using: search base: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com filter: (objectClass=group) for attributes: name + search result DN: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com + search result: name: Engineering + group "CN=Eng,CN=Users,DC=hq,DC=3par,DC=com" has potential domain Engineering + domain match: Engineering mapped to browse + domain match: Software_Group mapped to edit user 3PARuser is authenticated and authorized The example above corresponds to Step 3 and displays the following: • 3PARuser is found to be a member of the Software group with Edit rights. The Software group is mapped to the Software_Group domain. 3PARuser is assigned Edit rights within the Software domain. • 3PARuser is also found to be a member of the Eng group with Browse rights. The Eng group is mapped to the Engineering domain. 3PARuser is assigned Browse rights within the Eng domain. Configuring LDAP Connections on Systems Using Domains 39

Section	Page
HP 3PAR Command Line Interface Administrator’s Manual	1
Contents	3
1 Installing the HP 3PAR Command Line Interface	12
About the HP 3PAR Command Line Interface	12
Supported Platforms	12
System Requirements	12
Disk Space Requirements	12
Installation	12
Before Installation	13
Graphical Installation on Windows	13
Command-Line Installation on Solaris and Linux	13
Setting the Path to the CLI on Solaris and Linux	13
Troubleshooting the Installation	14
Removing the HP 3PAR CLI	14
On Windows	14
On Solaris and Linux	14
Scripting Considerations	14
2 Managing User Accounts and Connections	16
Learning About User Accounts	16
Default User Accounts	17
Authenticating and Authorizing CLI Users	17
Viewing User Roles and Rights	17
Creating Users	18
Viewing Users	19
Removing Users	20
Adding Users to a Domain	20
Removing Users From a Domain	20
Setting a User’s Default Domain	20
Removing a User’s Default Domain	20
Setting a User’s Current Domain	21
Removing a User’s Current Domain	21
Viewing User Connections	21
Removing User Connections	21
Configuring LDAP Connections	21
Active Directory LDAP Configuration with SASL Binding	22
Configuring Connection Parameters	23
Configuring Binding Parameters	24
Configuring Account Location Parameters	24
Configuring Group-to-Role Mapping Parameters	26
Active Directory LDAP Configuration with Simple Binding Over SSL	27
Configuring Connection Parameters	28
Configuring Binding Parameters	29
Configuring the CA Certificate	29
Configuring Account Location Parameters	30
Configuring Group-To-Role Mapping Parameters	32
OpenLDAP Configuration with Simple Binding Over SSL	33
Configuring Connection Parameters	34
Configuring Binding Parameters	34
Configuring Group Location Parameters	35
Configuring Group-To-Role Mapping Parameters	35
Configuring LDAP Connections on Systems Using Domains	38
3 Running the HP 3PAR Command Line Interface	41
Global Options and Environment Variables	41
General Control and Help Commands	43
Commands with Column Help	43
Using SSL	44
Setting the TPDSOCKSSL Environment Variable on Solaris and Linux	44
Setting the TPDSOCKSSL Environment Variable on Windows	44
Using the -sockssl Option	44
Setting the CLI Client Network Port	44
Setting the TPDSYSNAME Environment Variable	45
Setting the TPDSYSNAME Environment Variable on Solaris and Linux	45
Setting the TPDSYSNAME Environment Variable on Windows	45
Using the -sys Option	45
Using the System Name	45
Setting Your Name and Password	46
Using the setpassword Command	46
Setting the TPDPWFILE Environment Variable	46
Using the -pwf Option	46
Using the -password Option	47
Setting a Password for Multiple HP 3PAR Storage Arrays	47
Caching Client Bytecode	47
Setting the TPDCACHEDIR Environment Variable on Solaris and Linux	47
Setting the TPDCACHEDIR Environment Variable on Windows	47
Startup Files	48
Setting the TPDSTARTFILE Environment Variable on Solaris and Linux	48
Setting the TPDSTARTFILE Environment Variable on Windows	48
Comma Separated Values	48
Setting the TPDCSVTABLE Environment Variable on Solaris and Linux	49
Setting the TPDCSVTABLE Environment Variable on Windows	49
Using the -csvtable Option	49
Listing Domains	49
Setting the TPDLISTDOM Environment Variable on Solaris and Linux	50
Setting the TPDLISTDOM Environment Variable on Windows	50
Using the -listdom Option	50
Table Headers and Totals	50
Setting the Environment Variable on Solaris and Linux	50
Setting the Environment Variable on Windows	51
Using the -nohdtot Option	51
Using the -hafter Option	51
Forcing Commands	51
Setting the TPDFORCE Environment Variable on Solaris and Linux	51
Setting the TPDFORCE Environment Variable on Windows	51
Stand-alone Commands	52
SSH	52
Benefits of Using SSH	52
CLI User Name Restrictions Using SSH	53
New Users	53
Existing Users	53
Accessing the CLI Using SSH	53
CLI Scripting Through SSH	54
4 Managing HP 3PAR Virtual Domains	58
Overview	58
Default Domains	58
Creating a Domain	58
Viewing Domains	59
Modifying a Domain	59
Changing a Domain Name	59
Adding Comments to a Domain	59
Removing a Domain	59
Managing Domain Objects	60
Moving Domain Objects to Another Domain	60
Removing the Domain Association from a Domain Object	60
Managing Virtual Domain Autonomic Groups	60
Creating Virtual Domain Sets	61
Adding Virtual Domains to Virtual Domain Sets	61
Modifying Virtual Domain Sets	61
Removing Virtual Domain Sets	61
Viewing Virtual Domain Sets	61
5 Managing Ports and Hosts	63
Overview	63
Modifying Port Parameters	63
FC Port Settings	64
iSCSI Port Settings	65
Port Target, Initiator, and Peer Modes	65
Active and Inactive Hosts	66
Managing Hosts	66
Host Management CLI Commands	66
Creating Hosts	67
Creating a Host with a Fibre Channel Path	67
Creating a Host with an iSCSI Path	67
Creating a Host without Assigning a Path	67
Modifying Hosts	68
Changing a Host Name	68
Adding Fibre Channel Path WWNs	68
Adding iSCSI Path iSCSI Names	68
Removing Fibre Channel Path WWNs	68
Removing iSCSI Path iSCSI Names	69
Configuring iSCSI CHAP Authentication Information	69
Removing iSCSI CHAP Authentication Information	69
Moving, Removing, and Disconnecting Hosts	69
Removing Host Paths	70
Managing Host Autonomic Groups	71
Creating Host Sets	71
Adding Hosts to Host Sets	71
Modifying Host Sets	71
Removing Host Sets	71
Managing Host Personas	72
The Host Explorer Software Agent	73
Hosts and Virtual Domains	73
Creating a Domain-Specific Host	74
Modifying a Domain-Specific Host	74
Changing a Host Domain	74
Using Persistent Ports for Nondisruptive Online Software Upgrades	74
6 Managing CPGs and Virtual Volumes	78
Overview	78
Common Provisioning Groups	78
Growth Increment Considerations for Common Provisioning Groups	78
System Guidelines for Creating Common Provisioning Groups	79
Common Provisioning Group CLI Commands	79
Creating a Common Provisioning Group	80
Modifying a Common Provisioning Group	80
Setting Snapshot Space Usage Warnings	80
Setting a Common Provisioning Group’s Autogrow Size	80
Consolidating Common Provisioning Group Space	81
Removing a Common Provisioning Group	81
Virtual Volume Types	81
Fully Provisioned Virtual Volumes	82
Thinly Provisioned Virtual Volumes	82
Virtual Volume CLI Commands	82
Creating Virtual Volumes	83
Creating Fully Provisioned Virtual Volumes	83
Creating Thinly Provisioned Virtual Volumes	83
Modifying Virtual Volumes	84
Growing Virtual Volumes	84
Converting Virtual Volumes Online	84
Converting Fully Provisioned Virtual Volumes to Thinly Provisioned Virtual Volumes	85
Converting Thinly Provisioned Virtual Volumes to Fully Provisioned Virtual Volumes	85
Reducing Volume Size with HP 3PAR Thin Conversion Software	85
Manually Converting a Fully Provisioned Virtual Volume to a Thinly Provisioned Virtual Volume	86
Reducing Volume Size with HP 3PAR Thin Persistence Software	86
Managing Virtual Volume Autonomic Groups	87
Creating Virtual Volume Sets	87
Adding Virtual Volumes to Virtual Volume Sets	87
Modifying Virtual Volume Sets	87
Removing Virtual Volume Sets	87
Freeing Virtual Volume Snapshot Space	88
Setting Expiration Times for Virtual Volumes	88
Setting Retention Times for Virtual Volumes	88
Removing Virtual Volumes	89
Validating and Repairing Virtual Volumes	90
Exporting Virtual Volumes	90
Creating VLUN Templates	90
Creating a Host Sees or Host Set VLUN Template	90
Creating a Port Presents VLUN Template	91
Creating a Matched Set VLUN Template	91
Unexporting Virtual Volumes	91
Removing a Host Sees or Host Set VLUN Template	91
Removing a Port Presents VLUN Template	92
Removing a Matched Set VLUN Template	92
Virtual Domains, CPGs, and Virtual Volumes	92
Creating a Common Provisioning Group in a Domain	92
Creating Virtual Volumes in a Virtual Domain	93
Modifying Virtual Volumes in Domains	93
Growing Virtual Volumes in Domains	94
Freeing Virtual Volume Snapshot Space in Domains	94
Exporting Virtual Volumes in Domains	94
Creating VLUN Templates in the All Domain	94
Creating VLUN Templates in a Specific Domain	94
Moving a Common Provisioning Group to a Domain	94
7 Managing Virtual Volume Copies	95
Virtual Copies	95
Creating a Virtual Copy	95
Promoting a Virtual Copy	96
Modifying a Virtual Copy	96
Removing a Virtual Copy	97
Creating a Group of Virtual Copies	97
Physical Copies	97
Creating an Offline Physical Copy	98
Creating an Online Physical Copy	98
Creating a Group of Physical Copies	99
Resynchronizing a Physical Copy	99
Resynchronizing a Group of Physical Copies	99
Promoting a Physical Copy	100
Creating an Online Copy	100
Snapshots and Domains	100
Moving Snapshots	101
8 Creating and Applying Templates	102
Overview	102
Creating Templates	102
Applying Templates	102
Creating Virtual Volumes and Logical Disks Using a Template	103
Creating a Common Provisioning Group Using a Template	103
Modifying Templates	103
Viewing Template Parameters	103
Adding and Replacing Template Parameters	103
Removing Template Parameters	104
Removing Templates	104
9 Monitoring System and Physical Disk Capacity	105
Overview	105
System Capacity	105
Determining Total System Capacity	105
Determining System Capacity by Physical Disk Type	106
Physical Disk Capacity	106
Determining Total Physical Disk Capacity	106
Determining Physical Disk Capacity by Disk Type	107
Determining the Capacity of a Specific Physical Disk	107
Spare Chunklets	107
Viewing Spare Chunklets	108
Logical Disks and Chunklet Initialization	109
Recovering Failed RAID Sets	109
Viewing Hardware Inventory	109
10 Data Encryption	111
Supported Configurations	112
Data Encryption Licensing	112
Restrictions	113
Using Self-encrypting Disks	113
Taking Ownership	113
Using the controlencryption command	114
Enabling Encryption	114
Backing up the Authentication Key File	115
Restoring the Key File	115
Rekeying the Authentication Key	115
Showing Data Encryption Status	115
Replacing a Failed Disk Drive	116
Upgrading an SED with New Firmware	116
Dismissing an Existing SED	117
Data Encryption Commands	117
11 Managing Events and Alerts	118
Overview	118
Checking the Status of a System	118
Monitoring and Managing Alerts	118
Viewing Alerts	118
Setting an Alert State	118
Removing an Alert	118
Setting System Alerts	118
Setting the Raw Space Threshold Alert	119
Monitoring and Managing the Event Log	119
Viewing the Event Log	120
Removing the Event Log	120
Stopped Logical Disks and Missing Physical Disks	120
Preserved Data	120
12 Viewing Statistics and Histograms	121
Overview	121
Viewing Statistics	121
Viewing Statistics for Physical Disks	121
Viewing Port Statistics	121
Viewing VLUN Statistics	122
Viewing Virtual Volume Statistics	122
Viewing Statistics for Data Cache Memory	122
Viewing Statistics for CPU Usage	122
Viewing Statistical Reports Using the On-node System Reporter	123
Viewing Statistical Report for Region I/O Density	123
Viewing Statistical Reports for Used Capacity (Space Reports)	123
Viewing Statistical Reports for Performance	123
Viewing Statistical Histogram Reports for Performance	124
Viewing Histograms	124
Viewing Histograms for Chunklets	124
Viewing Histograms for Logical Disks	124
Viewing Histograms for Physical Disks	124
Viewing Histograms for Ports	125
Viewing Histograms for VLUNs	125
Viewing Histograms for Virtual Volumes	125
13 Managing Tasks	126
Overview	126
Task Manager	126
Task IDs	126
Task Manager Commands	126
Starting a Task	127
Displaying Task Information	127
Setting the Priority of a Running Task	128
Waiting for a Task	129
Removing a Task	130
Canceling a Task	130
Task Types	130
background_command	132
compact_cpg	132
compact_lds	132
promote_sv	132
remote_copy_sync	132
scheduled_task	133
snapspace_accounting	133
startao	133
system_task	134
tune_vv	134
tune_vv_restart	134
tunevv_rollback	135
tune_sys	136
tune_sd	136
vv_copy	137
System Scheduler	137
System Scheduler Commands	137
Displaying Scheduled Tasks	138
Scheduling Tasks	138
Modifying a Scheduled Task	139
Suspending and Resuming Scheduled Tasks	139
Removing Scheduled Tasks	139
14 Adaptive Optimization	140
Adaptive Optimization Conversion	141
Creating an Adaptive Optimization Configuration	142
Displaying an Adaptive Optimization Setting	144
Modifying an Adaptive Optimization Configuration	144
Removing an Adaptive Optimization Configuration	146
15 HP Priority Optimization	147
Requirements	147
Virtual Volume Sets	147
Applying Quality of Service Rules	151
Mode of Operation	152
QoS Rule Minimum and Maximum	152
QoS Rule Actions	153
Overlapping QoS rules	153
Minimum QoS Settings	153
QoS on Copied Volumes	153
QoS Metrics	154
Using HP 3PAR Priority Optimization	154
Creating a New QoS Rule	154
Creating a New QoS Rule with the HP 3PAR CLI	154
Creating a New QoS Rule with the HP 3PAR MC	155
Viewing a QoS Rule	158
Modifying a QoS Rule	158
Removing a QoS Rule	159
Managing QoS Rules	160
Assembling VVs into VVsets	160
Determining the Values for IOPS and Bandwidth for a System	160
Handling Tier-1 Applications	161
Implementing the System Rule	161
Overprovisioning the System	161
QoS Influence on the Host Side	161
Maximum Number of QoS Rules per VV	162
QoS on a Subset of VVset Volumes	162
Application Interoperability	162
Databases	162
Microsoft Exchange	162
Virtualization Software	163
Reporting	164
Event Management	166
16 Using the HP 3PAR SNMP Infrastructure	167
Overview	167
The HP 3PAR SNMP Agent	167
Locating the HP 3PAR MIB	167
alertNotify Traps	167
Registering an SNMP Manager	167
Viewing Registered Managers	168
Removing a Manager	168
Agent Community Strings	168
Testing SNMP Managers	168
Creating SNMPv3 Users	168
Viewing SNMPv3 Users	169
Removing SNMPv3 Users	169
Modifying SNMP Versions	169
17 Using mySnapshot	170
Overview	170
About mySnapshot	170
Setting Administrative Rights	170
Replacing Virtual Volume Snapshots	170
Replacing a Read-Only Snapshot	171
Replacing a Read-Write Snapshot	171
18 Performance Tuning	173
Analyzing and Tuning a System	173
Displaying Virtual Volume Space Distribution	174
Tuning and Modifying Virtual Volumes	174
Changing Virtual Volume Layouts	174
Thinly-Provisioned Virtual Volumes	175
Fully-Provisioned Virtual Volumes	175
Changing Virtual Volume RAID Levels	175
Thinly-Provisioned Virtual Volumes	175
Fully-Provisioned Virtual Volumes	175
Changing Virtual Volume Fault-Tolerance Levels	176
Thinly-Provisioned Virtual Volumes	176
Fully-Provisioned Virtual Volumes	176
Changing Virtual Volume Parameters	176
Thinly-Provisioned Virtual Volumes	176
Fully-Provisioned Virtual Volumes	176
Troubleshooting Modifying Virtual Volumes	177
Rolling Back a Volume Modification Task	177
Restarting a Volume Modification Task	177
Tuning Physical Disks	177
Compacting Logical Disks	178
Compacting Common Provisioning Groups	179
19 Support and Other Resources	180
Contacting HP	180
HP 3PAR documentation	180
Typographic conventions	183
HP 3PAR branding information	183
20 Documentation feedback	184
A Mapping Roles and Rights	185
3PAR AO Role	185
3PAR RM Role	185
Basic Edit Role	186
Browse Role	188
Create Role	188
Edit Role	189
Service Role	191
Super Role	192
B Mapping Rights and CLI Commands	197
Mapping Rights and CLI Commands	197

Match case Limit results 1 per page

Configure the group-to-domain mapping parameters, as follows:

•

Issue the

setauthparam domain-name-attr <attribute>

command, where

is the name of an attribute that holds the potential domain name. A

common parameter to specify as the

name

•

(Optional.) Issue the

setauthparam domain-name-prefix <prefix>

command,

where <prefix> is the start point of the domain name search within the information returned

from the

domain-name-attr <attribute>

parameter described above. An example

parameter to specify as the

SystemDomain=

Issue the

checkpassword

command to verify that the users have the roles you assigned for

the desired groups and the group-to-domain mapping is correct. Use a member of a specific

group to verify the role.

Example using only the domain-name-attr parameter:

system cli% setauthparam domain-name-attr name

The example above corresponds to the first bullet in

Step 2

. As shown,

name

is the attribute used

as the basis of the domain name search.

system1 cli% checkpassword 3PARuser

...

+ search result:

memberOf: CN=Software,CN=Users,DC=3par,DC=com

+ search result:

memberOf: CN=Eng,CN=Users,DC=3par,DC=com

+ search result:

memberOf: CN=Golfers,CN=Users,DC=3par,DC=com

+ mapping rule: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com

+ rule match: edit mapped to by CN=Software,CN=Users,DC=3par,DC=com

+ mapping rule: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com

+ rule match: browse mapped to by CN=Eng,CN=Users,DC=3par,DC=com

+ searching LDAP using:

search base:

CN=Software Group,CN=Users,DC=3par,DC=com

filter:

(objectClass=group)

for attributes: name

+ search result DN: CN=Software Group,CN=Users,DC=3par,DC=com

+ search result:

name: Software Group

+ group "CN=Software Group,CN=Users,DC=3par,DC=com" has potential domain Software_Group

(transformed from "Software Group")

+ searching LDAP using:

search base:

CN=Eng,CN=Users,DC=hq,DC=3par,DC=com

filter:

(objectClass=group)

for attributes: name

+ search result DN: CN=Eng,CN=Users,DC=hq,DC=3par,DC=com

+ search result:

name: Engineering

+ group "CN=Eng,CN=Users,DC=hq,DC=3par,DC=com" has potential domain Engineering

+ domain match: Engineering mapped to browse

+ domain match: Software_Group mapped to edit

user 3PARuser is authenticated and authorized

The example above corresponds to

Step 3

and displays the following:

•

3PARuser is found to be a member of the

Software

group with Edit rights. The

Software

group is mapped to the

Software_Group

domain. 3PARuser is assigned Edit rights within

the

Software

domain.

•

3PARuser is also found to be a member of the

Eng

group with Browse rights. The

Eng

group

is mapped to the

Engineering

domain. 3PARuser is assigned Browse rights within the

Eng

domain.

Configuring LDAP Connections on Systems Using Domains