Active IQ Unified Manager (AIQUM) EMS 订阅无法正常工作
适用于
- Active IQ Unified Manager (AIQUM)
- ONTAP 9
问题
Active IQ Unified Manager (AIQUM) 中的 EMS (事件管理系统)订阅功能未按预期运行。在 OVA 部署上的 AIQUM 中,集群操作状态显示为
failed AIQUM--> ocum-error.log:
2025-05-29 10:22:01,923 ERROR [t1user] [default task-2318] [service.ems.SubscribeEmsDataAccessService|validateAndSave] [c.n.d.o.o.s.z.OntapEmsZapiService] EMS Configuration Check failed with error Authentication to Storage System ClusterB.mycompany.com.cn as user null failed. Response code: 4032025-05-29 10:24:03,864 ERROR [t1user] [default task-2317] [service.ems.SubscribeEmsDataAccessService|validateAndSave] [c.n.dfm.impl.ems.EMSConfigureUtil] Failed to Configure EMS for Cluster ClusterB2025-05-29 12:00:54,033 ERROR [oncommand] [collection-completion-sync-3] [c.n.d.o.o.s.z.OntapEmsZapiService] EMS Configuration Check failed with error Authentication to Storage System ClusterB.mycompany.com.cn as user null failed. Response code: 4032025-05-29 12:00:54,045 ERROR [oncommand] [collection-completion-sync-3] [c.n.dfm.impl.ems.EMSConfigureUtil] Failed to Configure EMS for Cluster ClusterBAIQUM--> zapi-outbound.log:
2025-05-29 10:38:20,936 DEBUG [default task-2335] [service.ems.SubscribeEmsDataAccessService|validateAndSave] apiFamily should be specified when using TargetType.FILER - invoking ZAPIs with @scope tags will fail2025-05-29 10:38:20,944 DEBUG [default task-2335] [service.ems.SubscribeEmsDataAccessService|validateAndSave] Executing ZAPI request ems-destination-get to ClusterB.mycompany.com.cn:<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE netapp SYSTEM 'file:/etc/netapp_filer.dtd'><netapp xmlns="http://www.netapp.com/filer/admin" version="1.0" originator_id="AIQ_UM:t1user"><ems-destination-get><name>aiq.mycompany.com.cn</name></ems-destination-get></netapp>2025-05-29 10:45:54,005 DEBUG [collection-completion-sync-0] apiFamily should be specified when using TargetType.FILER - invoking ZAPIs with @scope tags will failONTAP--> AUDIT-MLOG-TXT.GZ:
00000017.0017d75c 01893289 Thu May 29 2025 10:38:20 +08:00 [kern_audit:info:10802] 8503e80000011dea :: ClusterB:ontapi :: 1.1.1.2:50380 :: ClusterB:aiquser :: POST /servlets/netapp.servlets.admin.XMLrequest_filer HTTP/1.1 :: Error: 403 Forbidden原因
此问题是由于用户权限不足造成的。
用于 EMS 订阅的"
t1user"帐户缺乏所需的群集管理权限,并且没有 ontapi 应用程序用于向存储系统进行身份验证。ONTAP Cluster B-->USERPROFILE.XML:
Vserver User Name or Group Name Application Authentication Method Role Name Whether Ns-switch Group Second Authentication Method LDAP Fastbind Authentication
ClusterB admin amqp password admin no none no
ClusterB admin console password admin no none no
ClusterB admin http password admin no none no
ClusterB admin ontapi password admin no none no
ClusterB admin service-processor password admin no none no
ClusterB admin ssh password admin no none no
ClusterB aiquser console password readonly no none no
ClusterB aiquser http password admin no none no
ClusterB aiquser ontapi password admin no none no
ClusterB aiquser ssh password admin no none no
ClusterB autosupport console password autosupport no none no
ClusterB clus-agent-0hnc http password readonly no none no
vs1 t1user ssh password itsc_admin no totp no
vs1 vsadmin http password vsadmin no none no
vs1 vsadmin ontapi password vsadmin no none no
vs1 vsadmin ssh password vsadmin no none no
vs2 vsadmin http password vsadmin no none no
vs2 vsadmin ontapi password vsadmin no none no
vs2 vsadmin ssh password vsadmin no none no
vs3 vsadmin http password vsadmin no none no
vs3 vsadmin ontapi password vsadmin no none no
vs3 vsadmin ssh password vsadmin no none no
vs4 t1user ssh password itsc-admin no totp no
vs4 vsadmin http password vsadmin no none no
vs4 vsadmin ontapi password vsadmin no none no
vs4 vsadmin ssh password vsadmin no none no合作伙伴备注
partnerNotes_text
追加信息
追加信息_text
内部参考
内部参考_text