Removing Veeam-added Nimble iSCSI Initiator Groups

I’m having difficulty getting a Veeam Backup & Replication v11 instance working with an HPE Nimble storage array to do storage-based backups. I’ve deployed some linux-based proxies, they aren’t working reliably, now I’m trying to undo it all and start over. Problem I ran into is the Nimble array I’m trying to run backups on receives replication volumes from other arrays, Veeam added those volumes to the initiator groups it created, and the Nimble GUI will not let me remove them.

In the GUI, if you were to go to Manage -> Data Access -> Initiator Groups, you’ll see groups named after your proxies, with names like VeeamAUX-veeamProxy2-Rescan, and they’ll have the IQN of your proxy along with the volume mappings. Veeam allows backups via secondary array, so it will include offline replica volumes in your initiator group mappings, however, it intelligently sets them up using ACL’s that allow only access to snapshots, to ensure what could be an online volume is not touched.

Problem is the HPE Nimble GUI doesn’t allow you to see/edit these ACL’s via the GUI, so you won’t be able to remove initiator groups that have been granted volume access via ACL if it’s a replica. So, do it via command line:

Step 1 – list your volumes so you have the correct name to use:

Nimble OS $ vol --list
 Name             Size      Online Offline Usage     Reserve % Limit % Path
                  (MiB)            Reason  (MiB)
 LAXDC1-VMWARE1    31457280 No     Replica   4578781         0     100 default:/LAX10-AFA1-Replica

Step 2 – get the info about the volume to confirm the ACL’s exist:

Nimble OS $ vol --info LAXDC1-VMWARE1
 Serial number:
 iSCSI target:
 Owned by: afa-sea10
 Size (MiB): 31457280
 Pool: default
 State: offline
 Online: No
 Offline reason: Replica
 Clone: No
 Parent volume: N/A
 Base snapshot: N/A
 Number of connections: 0
         iSCSI: 0
         FC: 0
 Created: Jun 29 2018 14:51:13
 Last configuration change: May 27 2021 12:20:57
 iSCSI Target Scope: iSCSI Volume Target
 Access Control List:
         Apply to: snapshot
         Initiator Group: VeeamAUX-veeamProxy2-Rescan
         Access Protocol: iscsi
         CHAP user: *
         Apply to: snapshot
         Initiator Group: VeeamAUX-veeamProxy3-Rescan
         Access Protocol: iscsi
         CHAP user: *
 Connected Initiators:
 Online Snapshots:
 Application identifier:
 Dedupe Enabled: Yes
 Previously Deduped: Yes
 Application Category: Virtual Server
 Encryption cipher: aes-256-xts
 IOPS Limit: unlimited
 Throughput Limit (MiB/s): unlimited

Step 3 – Now that you know the ACL’s are there, their names, and they’re snapshot-based, you can remove them:

Nimble OS $ vol --removeacl LAXDC1-VMWARE1 --apply_acl_to snapshot --initiatorgrp VeeamAUX-veeamProxy2-Rescan
Nimble OS $ vol --removeacl LAXDC1-VMWARE1 --apply_acl_to snapshot --initiatorgrp VeeamAUX-veeamProxy3-Rescan

Step 4 – With the ACL’s removed, you’ll finally be able to delete the initiator groups:

Nimble OS $ initiatorgrp --delete VeeamAUX-veeamProxy2-Rescan
Nimble OS $ initiatorgrp --delete VeeamAUX-veeamProxy3-Rescan

Leave a Reply

Your email address will not be published. Required fields are marked *