Skip to main content
NetApp Knowledge Base

How to flush netgroups cache in Clustered Data ONTAP?

Views:
4,282
Visibility:
Public
Votes:
1
Category:
clustered-data-ontap-8
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Answer

  • ONTAP caches netgroups data in the local cache for improved performance.
  • However, because of using cache, changes made to the netgroup database on NISLDAP servers are not reflected immediately on the cluster.
  • They will be available only after the cache expires the next time.
  • In case the Administrator needs those changes to be reflected immediately, the cache will have to be flushed manually.
    • The following section explains how to flush the netgroups cache for NIS or LDAP name-servers.
      • Notes:
        • The following set of commands flushes multiple entries of netgroups which will force the vServer to fetch the whole data back from the Name-Services. Use these commands only when necessary
        • The command 'export-policy cache flush' must be issued from the node that owns the cache, thus; by logging in to a management LIF on each node.
        • Part of the following commands are only available with diag privileges.
  • Flush NIS/LDAP Netgroups Cache:
    • To manually flush the netgroups cache, run the following commands in the exact order:
      1. From each node management lif, Flush MGWD/SECD netgroups cache:  
        • For Ontap running below 9.3:

                    export-policy cache flush -vserver <vserver-name> -cache netgroup 

  • For Ontap running 9.3 and above caches are global:
  • To flush only the specific entry from the ip-to-netgroup cache

vserver services name-service cache netgroups ip-to-netgroup delete -vserver <vserver-name> -host <client-IP-address> -netgrp <netgroup>

  • To flush the entire ip to netgroup cache on the vserver

                        vserver services name-service cache netgroups ip-to-netgroup delete-all -vserver <vserver-name>

 2. Flush NBLADE netgroups cache:

diag exports nblade access-cache flush -node <node-name> -vserver <vserver-name> -policy <export-policy-name> -addres   s <client-IP-address> 

 

The flags -address and -vserver can be removed in-case of a requirement to flush all.
  • If the error: Error: As name service caching is enabled, Netgroups" caches no longer exist. is seen after executing the above command, use the following commands to delete the corresponding name service cache entries:
    • set advanced;vserver services name-service cache netgroups ip-to-netgroup delete-all  and vserver services name-service cache netgroups members delete-all 
  • For LDAP netgroups on clustered Data ONTAP version earlier than 8.3.2, run the following commands before running the above procedure:
    • If your version is 8.3.2 and up you can skip this step.
      •  Flush SECD netgroups cache:
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-ip -entry <netgroup-name>
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-host -entry <netgroup-name>
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name ldap-netgroupname-to-members -entry <netgroup-name>
The flag -entry can be removed in-case of a requirement to flush all.

 

Additional Information

TR-4379 - Name Services Best Practices Guide​ - Section 5.8 "Netgroup Best Practices", "Which Caches Need to Be Flushed to Clear Out Netgroups?" on page 32.

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.