HP Lefthand OS 10.0 upgrade issue with certain management group password strings

A few weeks ago HP released the new Lefthand OS 10.0 for their StoreVirtual products. I’ve since upgraded my VSA clusters successfully,  however, when attempting this on a test P4300 cluster I ran into some weird issues.

During the upgrade (which now has a nice progress window) the first node in the cluster would upgrade OK but upon rebooting would not reconnect to the CMC. When trying to log into the direct console on the upgraded node it would not accept my Management Group (MG) password. I had no other option but to forcibly cancel the upgrade and I rebuilt the failed node.

After attempting a subsequent upgrade, the same problem occurred. This time I noticed in the status bar in the CMC that it was failing to log into the newly upgraded node and said the username and password was incorrect! As a result I logged a job with HP.

The response I received was rather interesting…as it turns out they have had several incidences similar and are related to MG passwords containing the characters ‘~‘ or ‘$‘.

So, this got me thinking…if the password is corrupted by the upgrade, what happens if I try logging in with a partial password? I tried several combinations on my test cluster until VIOLA, I could log in with the first part of the password leading up until the special character!

To clarify this, lets say our MG password was abc123$def, after the upgrade the CMC will fail to reconnect. You should be able to log into the node using abc123, i.e. we’ve dropped the $ symbol and anything after that. I’m not sure what happens if your password begins with those characters…could be interesting as the CMC does not allow a blank password!

I would imagine HP will release a patch for this in the coming weeks, in the meantime you could change your MG passwords prior to the upgrade 🙂
Read more of this post

HP LeftHand CMC 10.0 Changes

HP’s Lefthand / P4000/ StoreVirtual product has had a major version upgrade with it’s announcement of Lefthand OS 10.0. This release will be the first to drop the SAN/iQ moniker in favor of the company name that created the product before HP’s aquisition a few years ago.

The release of this software upgrade was slated for the 4th December if I’m not mistaken but interestingly their FTP site now has the updated patches/upgrades as of the 26th of November.

I had the chance to download the new files (with some difficulty, I get the feeling their FTP site is taking a hammering at the moment!) and have since installed the new version of their Centralised Management Console or CMC.

Going into this upgrade I had high hopes for its new support for an internet proxy for the downloading of patches, something that has really let the product down previously in my opinion. In any case, the new version now allows you to specify a SOCKS proxy…yay!

Now, the bad news…

It does not allow you to specify any authentication for the proxy…argh!!!! In our environment this is a real pain from a security perspective and as such is not going to help. For now it will be back to downloading the media from an alternative location and copying it to the CMC. This in itself can prove to be tedious, particularly when the CMC decides that the downloaded media is corrupt and needs to re-download it! Oh well…baby steps eh 😛

CMC 10.0 Proxy Setting

On a more positive note, the new version now supports ActiveDirectory integrated authentication. So far I can’t see where this is configured but I’m guessing you’ll need to have your nodes upgraded to version 10 first…i’ll post an update on this shortly.

Further to this there is now an additional SAN status page panel showing all active tasks which should prove to be extremely useful, something that was lacking previously, especially when managing multiple clusters from a single CMC by more than one administrator. Again I’ll post more on this when I see it in action. In the meantime here’s a shot of the Active Tasks pane, not very exciting but gives you an idea.

CMC 10.0 Active Tasks

So that seems to be about it for now, I’d be keen to hear from any others that have found more new features that I’ve missed. Once I’ve fully downloaded all of the new patches I’ll upgrade one of my test VSA clusters and post about that, hopefully I’ll then be able to integrate the cluster security into AD 🙂

Thanks for reading!