Skip to main content
NetApp Knowledge Base

How to flush netgroups cache in Clustered Data ONTAP?

  1. Last updated
  2. Save as PDF
Views:
5,414
Visibility:
Public
Votes:
1
Category:
clustered-data-ontap-8
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Answer

  • ONTAP caches netgroups data in the local cache for improved performance.
  • Due that that, changes made to the netgroup database on NISLDAP servers are not reflected immediately on the cluster.
  • They will be available only after the cache expires the next time.
  • In case the Administrator needs those changes to be reflected immediately, the cache will have to be flushed manually.
    • The following section explains how to flush the netgroups cache for NIS or LDAP name-servers.
      • Notes:
        • The following set of commands flushes multiple entries of netgroups which will force the vServer to fetch the whole data back from the Name-Services. Use these commands only when necessary
        • The command 'export-policy cache flush' must be issued from the node that owns the cache, thus; by logging in to a management LIF on each node.
        • Part of the following commands are only available with diag privileges.
           
  • Flush NIS/LDAP Netgroups Cache:
    1. From each node management lif, flush MGWD/SECD netgroups cache:  
      • ONTAP below 9.3:

                    ::> export-policy cache flush -vserver <vserver-name> -cache netgroup 

  • In ONTAP 9.3 and above caches are global:

::*> vserver services name-service cache netgroups ip-to-netgroup delete -vserver <vserver-name> -host <client-IP-address> -netgrp <netgroup>

  • To flush the entire ip to netgroup cache on the vserver

                        ::*> vserver services name-service cache netgroups ip-to-netgroup delete-all -vserver <vserver-name>

 2. Flush NBLADE netgroups cache:

::> vserver export-policy access-cache flush -vserver <vserver name> -policy <Export Policy Name> -node <node name> -address <clientIPAddress>

Note: The flags -address and -vserver can be removed in-case of a requirement to flush all.

  • If Error: As name service caching is enabled, Netgroups" caches no longer exist. is seen after running the above command, delete the corresponding name service cache entries:
    • ::*> vserver services name-service cache netgroups ip-to-netgroup delete-all 
    • ::*> vserver services name-service cache netgroups members delete-all 

Additional Information

TR-4379 - Name Services Best Practices Guide​ - Section 5.8 "Netgroup Best Practices", "Which Caches Need to Be Flushed to Clear Out Netgroups?" on page 32.

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.