Skip to main content
NetApp Knowledgebase

How to flush netgroups cache in Clustered Data ONTAP?

Views:
772
Visibility:
Public
Votes:
1
Category:
clustered-data-ontap-8
Specialty:
nfs
Last Updated:

Applies to

Clustered Data ONTAP 8

Answer

  • ONTAP caches netgroups data in the local cache for improved performance.
  • However, because of using cache, changes made to the netgroup database on NISLDAP servers are not reflected immediately on the cluster.
  • They will be available only after the cache expires the next time.
  • In case the Administrator needs those changes to be reflected immediately, the cache will have to be flushed manually.
    • The following section explains how to flush the netgroups cache for NIS or LDAP name-servers.
      • Notes:
        • The following set of commands flushes multiple entries of netgroups which will force the vServer to fetch the whole data back from the Name-Services. Use these commands only when necessary
        • The command 'export-policy cache flush' must be issued from the node that owns the cache, thus; by logging in to a management LIF on each node.
        • Part of the following commands are only available with diag privileges.
  • Flush NIS/LDAP Netgroups Cache:
    • To manually flush the netgroups cache, run the following commands in the exact order:
      1. From each node management lif, Flush MGWD/SECD netgroups cache:  
        export-policy cache flush -vserver <vserver-name> -cache netgroup
      2. Flush NBLADE netgroups cache:
      3. diag exports nblade access-cache flush -node <node-name> -vserver <vserver-name> -policy <export-policy-name> -address <client-IP-address> 

 

The flags -address and -vserver can be removed in-case of a requirement to flush all.
  • If the error: Error: As name service caching is enabled, Netgroups" caches no longer exist. is seen after executing the above command, use the following commands to delete the corresponding name service cache entries:
    • set advanced;vserver services name-service cache netgroups ip-to-netgroup delete-all  and vserver services name-service cache netgroups members delete-all 
  • For LDAP netgroups on clustered Data ONTAP version earlier than 8.3.2, run the following commands before running the above procedure:
    • If your version is 8.3.2 and up you can skip this step.
      •  Flush SECD netgroups cache:
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-ip -entry <netgroup-name>
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-host -entry <netgroup-name>
        diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name ldap-netgroupname-to-members -entry <netgroup-name>
The flag -entry can be removed in-case of a requirement to flush all.

 

Additional Information​​​​​​​