I’m having difficulty getting a Veeam Backup & Replication v11 instance working with an HPE Nimble storage array to do storage-based backups. I’ve deployed some linux-based proxies, they aren’t working reliably, now I’m trying to undo it all and start over. Problem I ran into is the Nimble array I’m trying to run backups on receives replication volumes from other arrays, Veeam added those volumes to the initiator groups it created, and the Nimble GUI will not let me remove them.
In the GUI, if you were to go to Manage -> Data Access -> Initiator Groups, you’ll see groups named after your proxies, with names like VeeamAUX-veeamProxy2-Rescan, and they’ll have the IQN of your proxy along with the volume mappings. Veeam allows backups via secondary array, so it will include offline replica volumes in your initiator group mappings, however, it intelligently sets them up using ACL’s that allow only access to snapshots, to ensure what could be an online volume is not touched.
Problem is the HPE Nimble GUI doesn’t allow you to see/edit these ACL’s via the GUI, so you won’t be able to remove initiator groups that have been granted volume access via ACL if it’s a replica. So, do it via command line:
Step 1 – list your volumes so you have the correct name to use:
Nimble OS $ vol --list ----------------+---------+------+-------+---------+---------+-------+--------- Name Size Online Offline Usage Reserve % Limit % Path (MiB) Reason (MiB) ----------------+---------+------+-------+---------+---------+-------+--------- LAXDC1-VMWARE1 31457280 No Replica 4578781 0 100 default:/LAX10-AFA1-Replica
Step 2 – get the info about the volume to confirm the ACL’s exist:
Nimble OS $ vol --info LAXDC1-VMWARE1 Name: LAXDC1-VMWARE1 Serial number: iSCSI target: iqn.2007-11.com.nimblestorage:laxdc1-vmware1-v1111111111111111.00000008.11111111 Description: Owned by: afa-sea10 Size (MiB): 31457280 Pool: default State: offline Online: No Offline reason: Replica Clone: No Parent volume: N/A Base snapshot: N/A Number of connections: 0 iSCSI: 0 FC: 0 Created: Jun 29 2018 14:51:13 Last configuration change: May 27 2021 12:20:57 iSCSI Target Scope: iSCSI Volume Target Access Control List: Apply to: snapshot Initiator Group: VeeamAUX-veeamProxy2-Rescan Access Protocol: iscsi CHAP user: * Apply to: snapshot Initiator Group: VeeamAUX-veeamProxy3-Rescan Access Protocol: iscsi CHAP user: * Connected Initiators: Online Snapshots: Application identifier: Dedupe Enabled: Yes Previously Deduped: Yes Application Category: Virtual Server Encryption cipher: aes-256-xts IOPS Limit: unlimited Throughput Limit (MiB/s): unlimited
Step 3 – Now that you know the ACL’s are there, their names, and they’re snapshot-based, you can remove them:
Nimble OS $ vol --removeacl LAXDC1-VMWARE1 --apply_acl_to snapshot --initiatorgrp VeeamAUX-veeamProxy2-Rescan Nimble OS $ vol --removeacl LAXDC1-VMWARE1 --apply_acl_to snapshot --initiatorgrp VeeamAUX-veeamProxy3-Rescan
Step 4 – With the ACL’s removed, you’ll finally be able to delete the initiator groups:
Nimble OS $ initiatorgrp --delete VeeamAUX-veeamProxy2-Rescan Nimble OS $ initiatorgrp --delete VeeamAUX-veeamProxy3-Rescan