This post is more than 5 years old
2 Posts
0
3097
January 21st, 2008 08:00
Usermapper setup in replicated environment
Hello,
I have a quick configuration question regarding usermapper and its setup. I have two Celerra systems. One that will be at our primary site and another at a DR site. I run a CIFS only environment. I have created a VDM and mounted my file systems under it. I have set up replication between the two for the VDM and the file systems, but I am unclear on the recommended way to have the usermapper service running.
Should the primary site be setup as primary and the DR setup as secondary or vice versa?
Thanks,
Bruce
I have a quick configuration question regarding usermapper and its setup. I have two Celerra systems. One that will be at our primary site and another at a DR site. I run a CIFS only environment. I have created a VDM and mounted my file systems under it. I have set up replication between the two for the VDM and the file systems, but I am unclear on the recommended way to have the usermapper service running.
Should the primary site be setup as primary and the DR setup as secondary or vice versa?
Thanks,
Bruce
0 events found
No Events found!
dave511
5 Posts
0
January 31st, 2008 04:00
Only the primary Usermapper server issues UID and GID mappings. These are NOT pushed to the secondary Usermapper server. Instead, if a user requests access to the secondary Usermapper server and he/she does not have a mapping, the secondary contacts the primary, which then issues the mapping back to the secondary Usermapper server, where it is stored as well for the future. If the primary Usermapper server is contacted first, it will issue a mapping directly but not update the Secondary with the new mapping.
What does this mean for DR?
If the primary site fails and you need to failover to DR, then you will be using the site with the Secondary Usermapper. As all UID mappings are cached in what is called the ¿secmap¿ at the root of the VDM, the mappings in ¿secmap¿ are replicated between sites. This means all users that have accessed the NAS previously will have a mapping in ¿secmap¿ and will be allowed access. New users will not be able to gain access as the primary Usermapper server is down and the secondary Usermapper cannot issue mappings.
If you failover to the primary where the primary Usermapper resides, then the ¿secmap¿ cache is still referenced first for users and you are still able to allocate UID's to new users.
Should you failover to the DR site, either for DR or planned maintenance, and there will be a short outage, existing users will still be able to access the data. New users will be denied access until the site with the primary Usermapper server is back online.
If the primary Usermapper server is going to be down for an extended period, ie, loss of primary site, then the primary Usermapper database should be imported into the secondary Usermapper and the secondary Usermapper server converted into the Primary. This should be done with the assistance of EMC, via a logged call.
bbi4
2 Posts
0
January 31st, 2008 06:00
Bruce
dynamox
11 Legend
•
20.4K Posts
•
87.4K Points
0
January 31st, 2008 06:00
can usermapper database on primary server be backed-up/exported from time to time to a safe location and then in an event of primary usermapper server being gone (fire/flood) it could be used to get secondary online and turned into primary ?
Thanks
Rainer_EMC
6 Operator
•
8.6K Posts
0
January 31st, 2008 06:00
because of that if there is enough bandwith and latency to the DR site we recommend to setup the usermapper at the DR site as primary.
If not you set the primary site's user mapper to primary and live with the work of eventually having to export and re-import the user mapper database
dave511
5 Posts
0
February 7th, 2008 07:00
I am pretty sure this is documented in a KB article somewhere but I cannot find the reference.
I use a control station script that I have written, which backs up the neccessary files and then copies them to the control station at the DR site on a daily basis.
The commands to backup the usermapper are:
/nas/bin/server_usermapper server_2 -Export -user /home/nasadmin/usrmapbackup.passwd
/nas/bin/server_usermapper server_2 -Export -group /home/nasadmin/usrmapbackup.group
/bin/cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.cfg /home/nasadmin/usrmap.cfg
/bin/cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.settings /home/nasadmin/usrmap.settings
These are the files that you need to rebuild the secondary usermapper as primary. You can call the files anything that makes sense to you and put them where you like. I use /home/nasadmin. I am assuming the usermapper is running on data mover 2. I think you can run usermapper on the control station itself but not sure about the implications of doing so.
Dr.diSousa
1 Rookie
•
97 Posts
0
July 2nd, 2010 02:00
Updating this thread.
I think, in the case of having two Celerras (Main and Disaster Recovery (DR)), the usermapper in main must be Secondary, and the usermapper in DR must be primary.
In this way, Main Celerra will always consult the usermapper in secondary site, that's where the data resides. In case of a disaster, the usermapper in Secondary site will have all the data up to date.
Note: In the case of a fresh installation, In a installation where usermapper in primary has been "customized", you must import usermapper from primary site in secondary site first....
Regards,
Dario
But I'm having this issue when trying to assign Prmary usermapper to secondary site:
2010-07-02 11:08:50: RPC: 5: CLIENT::CLIENT3(MAC19) 0xdc2adb04: Port acquisition failed for Rpc service 536870919 version 3 on host 10.0.3.169
2010-07-02 11:08:50: USRMAP: 3: 10.0.3.169 master unreachable
2010-07-02 11:08:50: USRMAP: 3: Usermapper service not started
2010-07-02 11:08:50: ADMIN: 3: Command failed: usrmapsvc enable master=10.0.3.169
2010-07-02 11:08:53: USRMAP: 6: 4: The Usermapper database has been deleted.
Any idea?
Dr.diSousa
1 Rookie
•
97 Posts
0
July 2nd, 2010 03:00
Hi again!
Issue solved.... customer gave me the Control Station IP, not the DM2 IP from remote site.
Using the correct DM2 worked fine.
Regards,
Dario
IPM
DHoffman2
2 Intern
•
306 Posts
0
July 2nd, 2010 10:00
So, let me add to this....
We have a Celerra in CORP. that I replicate VDM's and File Systems to an offsite DR Celerra. I want to be clear in understanding this so bear with me....
We are a CIFS only environment, and we have Windows Domain Controllers, DNS and WINS servers at the DR site as part of our overall strategy. In the event of a disaster where we would need to perform a FAILOVER, shouldnt all domain users be able to access their CIFS shares and thus their data?
Rainer_EMC
6 Operator
•
8.6K Posts
0
July 2nd, 2010 11:00
I don't understand - once you are failed over your CIFS servers would be running on the DR site and no longer on the CORP site. also your CORP site file systems would be readonly
server_usermapper I think
Rainer_EMC
6 Operator
•
8.6K Posts
0
July 2nd, 2010 11:00
that's fine - all mappings get stored in the secmap which lives in the VDM rootfs just like the CiFS servers
so it gets replicated continuously and failed over when you failover the VDM
DHoffman2
2 Intern
•
306 Posts
0
July 2nd, 2010 11:00
Rainer,
Again, to be clear, they would only have to access data at the CORP Celerra, not the DR.
Secondly, you mention the Primary/Secondary Usermapper. What method do you use to verify that?
Oh, and I should mention we are using V2 Replication...
Rainer_EMC
6 Operator
•
8.6K Posts
0
July 2nd, 2010 11:00
yes, for any users/groups that were already "used" once by the Celerra the mappings will be in the secmap that is replicated as part of the VDM anyway
only if you were to use new users/groups after the DR failover you need to worry about fixing user mapping
it is best practice though to make one side's usermapper primary and all the others secondary though
Rainer
DHoffman2
2 Intern
•
306 Posts
0
July 2nd, 2010 11:00
Sorry,
I have a tendency to make things confusing
What I was trying to convey, is that at no time have our users "accessed" resources from the DR site. Nor would they unless there is a declared disaster.
umichklewis_ac7b91
300 Posts
0
July 8th, 2010 14:00
I have a similar situation here - can the usermapper relationships (primary on the DR; secondary on the MAIN) be changed while the systems are live? Is there any downtime or a reboot required?
Thanks!
Karl
AaronJAnderson
5 Posts
0
March 22nd, 2011 12:00
I do not have this file...
/bin/cp /nas/rootfs/slot_2/.etc/usrmapper/usrmap.cfg /home/nasadmin/usrmap.cfg
Can anyone tell me why?