Symantec™ FileStore Command-Line Administrator's Guide
5.5 Service Pack 1 Symantec FileStore Command-Line Administrator’s Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Product version: 5.5 SP1 Document version: 5.5SP1.0 Legal Notice Copyright © 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Symantec AntiVirus are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount of service for any size organization
■ Telephone and/or web-based support that provides rapid response and up-to-the-minute information
■ Upgrade assurance that delivers automatic software upgrades protection
■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis
■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Contacting Technical Support Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available:
■ Product release level ■ Hardware information
■ Available memory, disk space, and NIC information
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes
Licensing and registration If your Symantec product requires registration or a license key, access our technical support web page at the following URL: www.symantec.com/business/support/ Customer service Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs or manuals Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan [email protected]
Europe, Middle-East, and Africa [email protected]
North America and Latin America [email protected]
Additional enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following:
Managed Services These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats.
Consulting Services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring, and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources.
Education Services Education Services provide a full array of technical training, security education, security certification, and awareness communication programs.
To access more information about enterprise services, please visit our web site at the following URL: www.symantec.com/business/services/ Select your country or language from the site index. Contents
Technical Support ...... 4
Chapter 1 Introducing Symantec FileStore ...... 15 About FileStore ...... 15 About FileStore features ...... 16 Simple installation ...... 16 Active/Active Scalable NFS ...... 17 Active/Active CIFS ...... 17 NFS Lock Management (NLM) ...... 17 Administration ...... 17 Storage tiering ...... 18 High-performance data replication ...... 18 Integrated content scanning using Symantec AntiVirus for FileStore ...... 18 About the core strengths of FileStore ...... 19 FileStore key benefits and other applications ...... 20 High performance scaling and seamless growth ...... 20 High availability ...... 21 Consolidating and reducing costs of storage ...... 21 Enabling scale-out compute clusters and heterogeneous sharing of data ...... 22 FileStore on the Web ...... 23 Using the FileStore product documentation ...... 23
Chapter 2 Creating users based on roles ...... 25 About user roles and privileges ...... 25 About the naming requirements for adding new users ...... 26 About using the FileStore command-line interface ...... 27 Logging in to the FileStore CLI ...... 27 About accessing the online man pages ...... 33 About creating Master, System Administrator, and Storage Administrator users ...... 34 Creating Master, System Administrator, and Storage Administrator users ...... 36 About the support user ...... 38 8 Contents
Configuring the support user account ...... 39 Displaying the command history ...... 40
Chapter 3 Displaying and adding nodes to a cluster ...... 43 About the cluster commands ...... 43 Displaying the nodes in the cluster ...... 44 About adding a new node to the cluster ...... 47 Installing the FileStore software onto a new node ...... 47 Adding a node to the cluster ...... 48 Deleting a node from the cluster ...... 49 Shutting down the cluster nodes ...... 51 Rebooting the nodes in the cluster ...... 51 Chapter 4 Configuring Symantec FileStore network settings ...... 53 About network mode commands ...... 54 Displaying the network configuration and statistics ...... 55 About bonding Ethernet interfaces ...... 56 Bonding Ethernet interfaces ...... 58 About DNS ...... 59 Configuring DNS settings ...... 61 About IP commands ...... 63 About configuring IP addresses ...... 63 Configuring IP addresses ...... 65 About configuring Ethernet interfaces ...... 69 Configuring Ethernet interfaces ...... 70 About configuring routing tables ...... 72 Configuring routing tables ...... 74 About LDAP ...... 77 Before configuring LDAP settings ...... 77 About configuring LDAP server settings ...... 78 Configuring LDAP server settings ...... 80 About administering FileStore cluster's LDAP client ...... 84 Administering the FileStore cluster's LDAP client ...... 85 About NIS ...... 86 Configuring the NIS-related commands ...... 87 About NSS ...... 89 Configuring NSS lookup order ...... 89 About VLAN ...... 90 Configuring VLAN ...... 91 Contents 9
Chapter 5 Configuring your NFS server ...... 93 About NFS server commands ...... 93 Accessing the NFS server ...... 94 Displaying NFS statistics ...... 96 Displaying file systems and snapshots that can be exported ...... 97
Chapter 6 Configuring storage ...... 99 About storage provisioning and management ...... 100 About configuring storage pools ...... 101 Configuring storage pools ...... 103 About configuring disks ...... 106 Configuring disks ...... 107 About displaying information for all disk devices ...... 109 Displaying information for all disk devices associated with nodes in a cluster ...... 110 Increasing the storage capacity of a LUN ...... 112 Printing WWN information ...... 113 Initiating FileStore host discovery of LUNs ...... 114 About I/O fencing ...... 115 Configuring I/O fencing ...... 117 About quotas for file systems ...... 120 Using quota commands for enabling, disabling, and displaying file system quotas ...... 122 Using quota commands for setting and displaying file system quotas ...... 124 About quotas for CIFS home directories ...... 129 Using quotas for CIFS home directories ...... 131 About iSCSI ...... 138 Configuring the iSCSI initiator ...... 140 Configuring the iSCSI initiator name ...... 141 Configuring the iSCSI device ...... 142 Configuring discovery on iSCSI ...... 143 About configuring the iSCSI targets ...... 146 Configuring the iSCSI targets ...... 148
Chapter 7 Creating and maintaining file systems ...... 153 About creating and maintaining file systems ...... 154 Listing all file systems and associated information ...... 156 About creating file systems ...... 156 Creating a file system ...... 157 Adding or removing a mirror to a file system ...... 160 10 Contents
Configuring FastResync for a file system ...... 162 Disabling the FastResync option for a file system ...... 163 Increasing the size of a file system ...... 163 Decreasing the size of a file system ...... 165 Checking and repairing a file system ...... 166 Changing the status of a file system ...... 167 Destroying a file system ...... 169 About snapshots ...... 169 Configuring snapshots ...... 171 About snapshot schedules ...... 175 Configuring snapshot schedules ...... 177
Chapter 8 Creating and maintaining NFS shares ...... 181 About NFS file sharing ...... 181 Displaying exported file systems ...... 182 Adding an NFS share ...... 183 Sharing file systems using CIFS and NFS protocols ...... 187 Unexporting a file system or deleting NFS options ...... 190
Chapter 9 Using Symantec FileStore as a CIFS server ...... 193 About configuring FileStore for CIFS ...... 194 About configuring CIFS for standalone mode ...... 196 Configuring CIFS server status for standalone mode ...... 197 About configuring CIFS for NT domain mode ...... 200 Configuring CIFS for the NT domain mode ...... 201 About leaving an NT domain ...... 204 Changing NT domain settings ...... 204 Changing security settings ...... 206 Changing security settings after the CIFS server is stopped ...... 206 About configuring CIFS for AD domain mode ...... 206 Configuring CIFS for the AD domain mode ...... 208 Using multi-domain controller support in CIFS ...... 210 About leaving an AD domain ...... 211 Changing domain settings for AD domain mode ...... 212 Removing the AD interface ...... 215 About setting NTLM ...... 215 Setting NTLM ...... 217 About setting trusted domains ...... 218 Setting AD trusted domains ...... 218 About storing account information ...... 219 Storing user and group accounts ...... 221 About reconfiguring the CIFS service ...... 222 Contents 11
Reconfiguring the CIFS service ...... 223 About managing CIFS shares ...... 225 Setting share properties ...... 226 Sharing file systems using CIFS and NFS protocols ...... 230 About mapping user names for CIFS/NFS sharing ...... 233 About FileStore cluster and load balancing ...... 234 Splitting a share ...... 235 About managing home directories ...... 237 Setting the home directory file systems ...... 238 Enabling quotas on home directory file systems ...... 239 Setting up home directories and use of quotas ...... 240 Displaying home directory usage information ...... 243 Deleting home directories and disabling creation of home directories ...... 243 About managing local users and groups ...... 244 Creating a local CIFS user ...... 246 About configuring local groups ...... 248 Configuring a local group ...... 249
Chapter 10 Using FTP ...... 251 About FTP ...... 251 Displaying FTP server ...... 252 About FTP server commands ...... 253 Using the FTP server commands ...... 253 About FTP set commands ...... 254 Using the set commands ...... 257 About FTP session commands ...... 260 Using the FTP session commands ...... 261 Using the logupload command ...... 263
Chapter 11 Configuring event notifications ...... 265 About configuring event notifications ...... 265 About severity levels and filters ...... 266 About email groups ...... 267 Configuring an email group ...... 269 About syslog event logging ...... 274 Configuring a syslog server ...... 275 Displaying events ...... 276 About SNMP notifications ...... 277 Configuring an SNMP management server ...... 278 Configuring events for event reporting ...... 281 Exporting events in syslog format to a given URL ...... 282 12 Contents
Chapter 12 Configuring backup ...... 285 About backup ...... 285 Configuring backups using NetBackup or other third-party backup applications ...... 286 About NetBackup ...... 287 Adding a NetBackup master server to work with FileStore ...... 289 Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation ...... 290 Configuring the virtual name of NetBackup ...... 291 About Network Data Management Protocol ...... 292 About NDMP supported configurations ...... 293 About the NDMP policies ...... 295 Configuring the NDMP policies ...... 296 Displaying all NDMP policies ...... 301 About retrieving the NDMP data ...... 301 Retrieving the NDMP data ...... 303 Restoring the default NDMP policies ...... 305 About backup configurations ...... 305 Configuring backup ...... 306 Chapter 13 Configuring Symantec FileStore Dynamic Storage Tiering ...... 309 About FileStore Dynamic Storage Tiering (DST) ...... 310 How FileStore uses Dynamic Storage Tiering ...... 313 About policies ...... 313 About adding tiers to file systems ...... 314 Adding tiers to a file system ...... 314 Removing a tier from a file system ...... 316 About configuring a mirror on the tier of a file system ...... 317 Configuring a mirror to a tier of a file system ...... 317 Listing all of the files on the specified tier ...... 319 Displaying a list of DST file systems ...... 320 Displaying the tier location of a specified file ...... 320 About configuring the policy of each tiered file system ...... 320 Configuring the policy of each tiered file system ...... 322 Relocating a file or directory of a tiered file system ...... 326 About configuring schedules for all tiered file systems ...... 326 Configuring schedules for all tiered file systems ...... 327 Displaying files that will be moved and/or pruned by running a policy ...... 328 Contents 13
Chapter 14 Configuring system information ...... 331 About system commands ...... 331 About setting the clock commands ...... 332 Setting the clock commands ...... 333 About configuring the locally saved configuration files ...... 336 Configuring the locally saved configuration files ...... 337 Using the more command ...... 340 About coordinating cluster nodes to work with NTP servers ...... 340 Coordinating cluster nodes to work with NTP servers ...... 341 Displaying the system statistics ...... 342 Using the swap command ...... 343 About the option commands ...... 344 Using the option commands ...... 347
Chapter 15 Upgrading Symantec FileStore ...... 353 About upgrading drivers ...... 353 Displaying the current version of FileStore ...... 355 About installing patches ...... 356 Installing patches ...... 357
Chapter 16 Using Symantec AntiVirus for FileStore ...... 361 About Symantec AntiVirus for FileStore ...... 362 About Symantec AntiVirus for FileStore licensing ...... 363 About Symantec AntiVirus for FileStore commands ...... 363 Displaying Symantec AntiVirus for FileStore configurations ...... 364 About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster ...... 365 Configuring Symantec AntiVirus for FileStore on the cluster's nodes ...... 366 About configuring Auto-Protect on FileStore file systems ...... 367 Configuring Auto-Protect on FileStore file systems ...... 368 About excluding file extensions ...... 368 Configuring file extensions for the Symantec AntiVirus for FileStore configuration file ...... 369 About Symantec AntiVirus for FileStore LiveUpdate ...... 370 Using Symantec AntiVirus for FileStore with LiveUpdate ...... 372 About using Symantec AntiVirus for FileStore quarantine commands ...... 376 Using Symantec AntiVirus for FileStore quarantine commands ...... 377 About using Symantec AntiVirus for FileStore serial number commands ...... 379 14 Contents
Adding or displaying Symantec AntiVirus for FileStore serial numbers ...... 380 Setting the Symantec AntiVirus for FileStore action policy ...... 380 About using Symantec AntiVirus for FileStore manual scan commands ...... 381 Using Symantec AntiVirus for FileStore manual scan commands ...... 382 About scheduling a Symantec AntiVirus for FileStore scan job ...... 383 Scheduling a Symantec AntiVirus for FileStore scan job ...... 385
Chapter 17 Troubleshooting ...... 389 About troubleshooting commands ...... 390 Retrieving and sending debugging information ...... 391 Updating FileStore GUI-related operations ...... 392 About the iostat command ...... 393 Generating CPU and device utilization reports ...... 394 Displaying license information for the cluster ...... 395 About excluding the PCI ID prior to the FileStore installation ...... 396 Excluding the PCI IDs from the cluster ...... 397 Testing network connectivity ...... 399 About the services command ...... 399 Using the services command ...... 401 Using the support login ...... 402 About network traffic details ...... 403 Exporting and displaying the network traffic details ...... 404 Accessing processor activity ...... 405 Using the traceroute command ...... 406
Glossary ...... 409
Index ...... 413 Chapter 1
Introducing Symantec FileStore
This chapter includes the following topics:
■ About FileStore
■ About FileStore features
■ About the core strengths of FileStore
■ FileStore key benefits and other applications
■ FileStore on the Web
■ Using the FileStore product documentation
About FileStore FileStore was formerly known as Storage Foundation Scalable File Server. FileStore is a highly-scalable and highly-available clustered Network Attached Storage (NAS) software appliance. Based on Storage Foundation Cluster File System technology, FileStore is a complete solution for multi-protocol file serving. FileStore provides an open storage gateway model, including a highly- available and scalable Network File System (NFS), CIFS, and FTP file serving platform and an easy-to-use administrative interface. The product includes the following key features:
■ Backup operations using both NDMP and/or the built-in NetBackup client
■ Active/Active CIFS, including integration with Active Directory operations
■ Simple administration through a single GUI and/or CLI interface 16 Introducing Symantec FileStore About FileStore features
■ Active/Active shared data NFS sharing including shared read/write and LDAP/NIS support
■ Simple administration of Fibre Channel Host Bus Adapters (HBAs), file systems, disks, snapshots, and Dynamic Storage Tiering (DST)
■ SNMP, syslog, and email notification
■ High-speed asynchronous/episodic replication for content distribution and data mining
■ Multi-protocol sharing of file systems in a simple highly-scalable and highly-available manner
■ Support for single-node FileStore clusters
■ Create a snapshot schedule that stores the values by minutes, hour, day-of-the-month, month, and day-of-the-week along with the name of the file system
■ Seamless upgrade and patch management
■ Support information
■ Online man pages The components of FileStore include a security-hardened, custom-install SLES 10 SP2 operating system, core Storage Foundation services including Cluster File System, and the FileStore software platform. These components are provided on a single DVD or DVD ISO image.
About FileStore features FileStore is designed to provide a full-suite of NAS features, in addition to class-leading performance and scalability. A partial list of these features is discussed in the following sections.
Simple installation A single node in the cluster is booted from a DVD containing the operating system image, core Storage Foundation, and FileStore modules. While the node boots, the other nodes are defined using IP addresses. After you install FileStore and the first node is up and running, the rest of the cluster nodes are automatically installed with all necessary components. The key services are then automatically started to allow the cluster to begin discovering storage and creating file shares. Introducing Symantec FileStore 17 About FileStore features
Active/Active Scalable NFS With FileStore, all nodes in the cluster can serve the same NFS shares as both read and write. This creates very high aggregated throughput rates, because you can use sum of the bandwidth of all nodes. Cache-coherency is maintained throughout the cluster.
Active/Active CIFS CIFS is active on all nodes within the FileStore cluster. The specific shares are read/write on the node they reside on, but can failover to any other node in the cluster. FileStore supports CIFS home directory shares.
NFS Lock Management (NLM) The NFS Lock Management (NLM) module allows a customer to use NFS advisory client locking in parallel with core SFCFS global lock management. The module consists of failing over the locks among FileStore nodes as well as forwarding all NFS client lock requests to a single NFS lock master. The result is that no data corruption occurs if a user or application needs to use NFS client locking with an FileStore cluster.
Administration FileStore contains a role-based administration model consisting of the following key roles:
■ Storage
■ Master
■ System These roles are consistent with the operational roles in many data centers. For each role, the administrator uses a simple menu-driven text interface. This interface provides a single point of administration for the entire cluster. A user logs in as one of those roles on one of the nodes in the cluster and runs commands that perform the same tasks on all nodes in the cluster. You do not need to have any knowledge of the Veritas Storage Foundation technology to install or administer an FileStore cluster. If you are currently familiar with core SFCFS or Storage Foundation in general, you will be familiar with the basic management concepts. 18 Introducing Symantec FileStore About FileStore features
Storage tiering FileStore's built-in Dynamic Storage Tiering (DST) feature can reduce the cost of storage by moving data to lower cost storage. FileStore storage tiering also facilitates the moving of data between different drive architectures. DST lets you do the following:
■ Create each file in its optimal storage tier, based on pre-defined rules and policies.
■ Relocate files between storage tiers automatically as optimal storage changes, to take advantage of storage economies.
■ Prune files on secondary tiers automatically as files age and are no longer needed.
■ Retain original file access paths to minimize operational disruption, for applications, backup procedures, and other custom scripts.
■ Handle millions of files that are typical in large data centers.
■ Automate these features quickly and accurately.
High-performance data replication Included as a standard feature in the Enterprise Edition of FileStore and optional on the Standard Edition, FileStore Replication provides for high-performance content distribution across multiple clusters. FileStore Replication is asynchronous (sometimes called episodic) and provides for file-based replication between clusters, together with the advantage of being able to only transfer blocks within specific files that have changed since the last update. With FileStore Replication, the destination file system can be on-line for reads, and updates to that destination can be as frequent as every five minutes. FileStore Replication is ideal for content distribution, or for creating hot-standby replicas of a production environment.
Integrated content scanning using Symantec AntiVirus for FileStore New to FileStore is the ability for customers to use Symantec AntiVirus for FileStore. Leveraging content-scanning and anti-virus technology similar to that found in the Symantec Endpoint Protection range of products, this feature allows for scheduled and real-time (on-demand) scanning of files and other data contained within the FileStore cluster. When conducted in real-time, this content-scanning can be used with multiple file access protocols, including CIFS, NFS, and FTP. Files can be automatically quarantined and regular virus definition updates can be obtained by way of the standard Symantec LiveUpdate service. This feature is Introducing Symantec FileStore 19 About the core strengths of FileStore
available to customers using Symantec Endpoint Protection in their IT environments. Symantec AntiVirus for FileStore is available through the FileStore CLI or the FileStore Management Console (GUI). See the Symantec FileStore Command-Line Administrator’s Guide or the Symantec FileStore Web GUI Administrator’s Guide for more information on this feature.
About the core strengths of FileStore FileStore leverages all the capabilities and strengths of the Storage Foundation family of products. FileStore contains all the key features of Storage Foundation Cluster File System 5.0 MP3 including:
■ Dynamic Multipathing (DMP)
■ Cluster Volume Manager
■ Cluster File System (CFS)
■ Veritas Cluster Server (VCS)
■ Dynamic Storage Tiering (DST)
■ I/O Fencing DMP provides load balancing policies and tight integration with array vendors to provide in-depth failure detection and path failover logic. DMP is compatible with more hardware than any other similar product, and is a standard component within the FileStore product. Cluster Volume Manager provides a cluster-wide consistent virtualization layer that leverages all the strengths of Veritas Volume Manager (VxVM) including online re-layout and resizing of volumes, and online array migrations. You can mirror your underlying FileStore file systems across separate physical frames to ensure maximum availability on the storage tier. This technique seamlessly adds or removes new storage, whether single drives or entire arrays. Cluster File System complies with the Portable Operating System Interface (POSIX) standard. It also provides full cache consistency and global lock management at a file or sub-file level. CFS lets all nodes in the cluster perform metadata or data transactions. This allows linear scalability in terms of NFS operations per second. VCS monitors communication, and failover for all nodes in the cluster and their associated critical resources. This includes virtual IP addressing failover for all client connections regardless of the client protocol. 20 Introducing Symantec FileStore FileStore key benefits and other applications
DST dynamically and transparently moves files to different storage tiers to respond to changing business needs. DST is used in Symantec FileStore as FileStore Storage Tiering. I/O fencing further helps to guarantee data integrity in the event of a multiple network failure by using the FileStore storage to ensure that cluster membership can be determined correctly. This virtually eliminates the chance of a cluster split-brain from occurring.
FileStore key benefits and other applications FileStore can be used with any application that requires the sharing of files using the NFS v3, CIFS, or FTP protocol. Use-cases such as home directories or decision support applications that require sequential shared access, Web pages, and applications are all ideal for FileStore. FileStore is also applicable when you want general purpose, high-throughput scale-out processing for your data, together with enterprise-class highly available cluster functionality.
High performance scaling and seamless growth FileStore lets you scale storage and processing independently and seamlessly, online. Because an application may need to scale either storage or processing, or both, this capability gives you a lot of flexibility. FileStore automates the installation of new nodes into the running cluster, configures those nodes, and adds the nodes' capacity into the processing tier. FileStore can scale from 1 to 16 nodes with near linear performance scaling. You can add processing one node at a time, rather than buying a large, expensive independent appliance. A storage administrator can configure a new array or even add new LUNs from an existing array into the FileStore cluster. FileStore can then scan the storage, automatically see the new LUNs and place them under FileStore control for use in the cluster. All of this is performed online. At the storage end, resizing of existing file systems can be performed online with no interruption of service. A simple command is used to both add space to an existing file system and to also reduce (dynamically shrink) the amount of free space in a specified file system. The product provides nearly linear scaling in terms of NFS operations per second and total I/O throughput. Figure 1-1 depicts this scaling capability. Introducing Symantec FileStore 21 FileStore key benefits and other applications
Figure 1-1 Example of near-linear performance scaling with FileStore
When using 16-node clusters, extremely high throughput performance numbers can be obtained. This is due to the benefits of near linear FileStore cluster scalability.
High availability FileStore has an “always on" file service that provides zero interruption of file services for company critical data. The loss of single or even multiple nodes does not interrupt I/O operations on the client tier. This is in contrast to the traditional NFS active/passive failover paradigm. Further, with FileStore's modular N-to-N approach to clustered NAS, any node can act as a failover for any other node. The FileStore architecture provides transparent failover for other key services such as NFS lock state, CIFS and FTP daemons, reporting, logging, and backup/restore operations. The console service that provides access to the centralized menu-driven interface is automatically failed over to another node. The installation service is also highly available and can seamlessly recover from the initially installed node failing during the installation of the remaining nodes in the cluster. The use of Veritas Cluster Server technology and software within FileStore is key to the ability of FileStore to provide best-of-breed high availability, in addition to class-leading scale-out performance.
Consolidating and reducing costs of storage The value of consolidating several independent islands of NFS or NAS appliances into fewer, larger shared pools has many cost benefits. 22 Introducing Symantec FileStore FileStore key benefits and other applications
A typical enterprise uses 30-40% of its storage. This low storage utilization rate results in excessive spending on new storage when there is more than adequate free space in the data center. With FileStore, you can group storage assets into fewer, larger shared pools. This increases the use of backend LUNs and overall storage. FileStore also has built-in, pre-configured heterogeneous storage tiering. This lets you use different types of storage in a primary and secondary tier configuration. Using simple policies, data can be transparently moved from the primary storage tier to the secondary tier. This is ideal when mixing drive types and architectures such as high-speed SAS drives with cheaper storage, such as SATA-based drives. Furthermore, data can be stored initially on the secondary tier and then promoted to the primary tier dynamically based on a pattern of I/O. This creates an optimal scenario when you use Solid State Disks (SSDs) because there will often be a significant change between the amount of SSD storage available, and amount of other storage availability, such as SATA drives. Data and files that are promoted to the primary tier are transferred back to the secondary tier in accordance with the configured access time policy. All of this results in substantially increased efficiency, and it can save you money because you make better use of the storage you already have.
Enabling scale-out compute clusters and heterogeneous sharing of data The trend toward scale-out, or grid computing continues to gain pace. There are significant performance and cost advantages of moving applications away from large UNIX Symmetrical Multi-Processing (SMP) or mainframe environments and towards a farm of commodity computer servers running a distributed application. One of the key inhibitors to scale-out computing is the requirement to provide a shared storage infrastructure for the compute nodes, and enable you to share heterogeneously as well as scale up as performance requires. FileStore solves both of these issues by providing a highly scalable and shared storage platform at the storage tier and by facilitating heterogeneous sharing on the compute tier. FileStore can provide the performance and availability you need for a large-scale NFS compute and storage tier. It provides enough throughput and seamless failover for this type of architecture – whether a few dozen compute nodes, or scaling to several hundred nodes. Introducing Symantec FileStore 23 FileStore on the Web
FileStore on the Web For comprehensive, up-to-date information about FileStore, visit the Symantec Web site: http://www.symantec.com/business/support/overview.jsp?pid=55079
Using the FileStore product documentation FileStore product documentation is available in PDF format on the FileStore installation DVD in the /docs directory:
■ Symantec FileStore Web GUI Administrator’s Guide (sfs_admin_gui.pdf)
■ Symantec FileStore Command-Line Administrator’s Guide (sfs_admin.pdf)
■ Symantec FileStore Installation Guide (sfs_install.pdf)
■ Symantec FileStore Replication Guide (sfs_replication.pdf)
■ Symantec FileStore Release Notes (sfs_relnotes.pdf) Find additional information at this location: http://www.symantec.com/business/support/overview.jsp?pid=55079 24 Introducing Symantec FileStore Using the FileStore product documentation Chapter 2
Creating users based on roles
This chapter includes the following topics:
■ About user roles and privileges
■ About the naming requirements for adding new users
■ About using the FileStore command-line interface
■ Logging in to the FileStore CLI
■ About accessing the online man pages
■ About creating Master, System Administrator, and Storage Administrator users
■ Creating Master, System Administrator, and Storage Administrator users
■ About the support user
■ Configuring the support user account
■ Displaying the command history
About user roles and privileges Your privileges within Symantec FileStore (FileStore) are based on what user role (Master, System Administrator, or Storage Administrator) you have been assigned. The following table provides an overview of the user roles within FileStore. 26 Creating users based on roles About the naming requirements for adding new users
Table 2-1 User roles within FileStore
User role Description
Master Masters are responsible for adding or deleting users, displaying users, and managing passwords. Only the Masters can add or delete other administrators.
System System Administrators are responsible for configuring and Administrator maintaining the file system, NFS sharing, networking, clustering, setting the current date/time, and creating reports.
Storage Storage Administrators are responsible for provisioning storage and Administrator exporting and reviewing reports.
The Support account is reserved for Technical Support use only, and it cannot be created by administrators. See “Using the support login” on page 402.
About the naming requirements for adding new users The following table provides the naming requirements for adding new FileStore users.
Table 2-2 Naming requirements for adding new users
Guideline Description
Starts with Letter or an underscore (_) Must begin with an alphabetic character and the rest of the string should be from the following POSIX portable character set: ([A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]).
Length Can be up to 31 characters. If user names are greater than 31 characters, you will receive the error, "Invalid user name."
Case Command names are case sensitive: username and USERNAME are the same. However, user-provided variables are case-sensitive.
Can contain Hyphens (-) and underscores (_) are allowed.
Valid syntax Valid user names include:
■ Name: ■ a.b ■ a_b ■ ______- Creating users based on roles 27 About using the FileStore command-line interface
See “Creating Master, System Administrator, and Storage Administrator users” on page 36.
About using the FileStore command-line interface You can enter FileStore commands on the system console or from any host that can access FileStore through a session using Secure Socket Shell (SSH) . FileStore provides the following features to help you when you enter commands on the command line:
■ Command-line help by typing a command and then a question mark (?)
■ Command-line manual (man) pages by typing man and the name of the command you are trying to find
Table 2-3 Conventions used in the FileStore online command-line man pages
Symbol Description
| (pipe) Indicates you must choose one of elements on either side of the pipe.
[ ] (brackets) Indicates that the element inside the brackets is optional.
{ } (braces) Indicates that the element inside the braces is part of a group.
< > Indicates a variable for which you need to supply a value. Variables are indicated in italics in the man pages.
Logging in to the FileStore CLI When you first log in to the FileStore CLI, use the default username/password of master/master. After you have logged in successfully, change your password. See “Creating Master, System Administrator, and Storage Administrator users” on page 36. By default, the initial password for any user is the same as the username. For example, if you logged in as user1, your default password would also be user1. To use any of the CLI commands, first log in by using the user role you have been assigned. Then enter the correct mode. These two steps must be performed before you can use any of the commands. 28 Creating users based on roles Logging in to the FileStore CLI
To log in to the FileStore CLI 1 Log in to FileStore using the appropriate user role, System Admin, Storage Admin, or Master. 2 Enter the name of the mode you want to enter.
For example, to enter the admin mode, you would enter the following:
admin
You can tell you are in the admin mode because you will see the following:
Admin>
The following tables describe all the available modes, commands associated with that mode, and what roles to use depending on which operation you are performing.
Table 2-4 Admin mode commands
Admin mode commands System Storage Master Admin Admin
passwd X X X
show X X X
supportuser X
user X
Table 2-5 Antivirus mode commands
Antivirus mode commands System Storage Master Admin Admin
autoprotect X X
excludeextension X X
job X X
liveupdate X X
quarantine X X
scanaction X X
scan X X
service X X Creating users based on roles 29 Logging in to the FileStore CLI
Table 2-5 Antivirus mode commands (continued)
Antivirus mode commands System Storage Master Admin Admin
show X X
Table 2-6 Backup mode commands
Backup mode commands System Storage Master Admin Admin
ndmp X X
netbackup X X
show X X
start X X
status X X
stop X X
virtual-ip X X
virtual-name X X
Table 2-7 CIFS mode commands
CIFS mode commands System Storage Master Admin Admin
homedir X X
local X X
server X X
set X X
share X X
show X X
split X X 30 Creating users based on roles Logging in to the FileStore CLI
Table 2-8 Cluster mode commands
Cluster mode commands System Storage Master Admin Admin
add X X
delete X X
reboot X X
show X X
shutdown X X
Table 2-9 FTP mode commands
FTP mode commands System Storage Master Admin Admin
logupload X X
server X X
session X X
set X X
show X X
Table 2-10 History mode commands
History mode commands System Storage Master Admin Admin
history X X X
Table 2-11 Network mode commands
Network mode commands System Storage Master Admin Admin
bond X X
dns X X
ip X X
ldap X X
nis X X Creating users based on roles 31 Logging in to the FileStore CLI
Table 2-11 Network mode commands (continued)
Network mode commands System Storage Master Admin Admin
nsswitch X X
ping X X
show X X
vlan X X
Table 2-12 NFS mode commands
NFS mode commands System Storage Master Admin Admin
server X X
share X X
show fs X X
stat X X
Table 2-13 Report mode commands
Report mode commands System Storage Master Admin Admin
email X X
event X X
exportevents X X X
showevents X X X
snmp X X
syslog X X
Table 2-14 Storage mode commands
Storage mode commands System Storage Master Admin Admin
disk grow X X
disk list X X X 32 Creating users based on roles Logging in to the FileStore CLI
Table 2-14 Storage mode commands (continued)
Storage mode commands System Storage Master Admin Admin
fencing X X
fs X X
hba X X
iscsi X X X
pool X X
quota X X
scanbus X X
snapshot X X
tier X X
Table 2-15 Support mode commands
Support mode commands System Storage Master Admin Admin
debuginfo X
gui X
iostat X
license X
pciexclusion X
services X
tethereal X
top X
traceroute X Creating users based on roles 33 About accessing the online man pages
Table 2-16 System mode commands
System mode commands System Storage Master Admin Admin
clock X X
config X X
more X X
ntp X X
option X X
stat X X
swap X X
Table 2-17 Upgrade mode commands
Upgrade mode commands System Storage Master Admin Admin
patch X X
show X X
About accessing the online man pages
You access the online man pages by typing man name_of_command at the command line.
The example shows the result of entering the Network> man ldap command.
Network> man ldap NAME ldap - configure LDAP client for authentication
SYNOPSIS ldap enable ldap disable ldap show [users|groups|netgroups] ldap set {server|port|basedn|binddn|ssl|rootbinddn|users-basedn| groups-basedn|netgroups-basedn|password-hash} value ldap get {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash} 34 Creating users based on roles About creating Master, System Administrator, and Storage Administrator users
You can also type a question mark (?) at the prompt for a list of all the commands that are available for the command mode that you are in. For example, if you are within the admin mode, if you type a question mark (?), you will see a list of the available commands for the admin mode.
sfs> admin ? Entering admin mode... sfs.Admin>
exit --return to the previous menus logout --logout of the current CLI session man --display on-line reference manuals passwd --change the administrator password show --show the administrator details supportuser --enable or disable the support user user --add or delete an administrator
To exit the command mode, enter the following: exit. For example:
sfs.Admin> exit sfs>
To exit the system console, enter the following: logout. For example:
sfs> logout
About creating Master, System Administrator, and Storage Administrator users
The admin> user commands add or delete a user, display user settings, and rename the password.
Note: By default, the password of the new user is the same as the username. Creating users based on roles 35 About creating Master, System Administrator, and Storage Administrator users
Table 2-18 Creating users
Command Definition user add Creates the different levels of administrator. You must have master privilege. A user can be a Master user who has all the permissions, including add and deleting users. A Storage Administrator has access to only storage commands and is responsible for upgrading the cluster and applying the patches. A System Administrator is responsible for configuring the NFS server and exporting the file system, adding and deleting new nodes to the cluster, and configuring other network parameters such as DNS and NIS. See “Creating Master, System Administrator, and Storage Administrator users” on page 36. passwd Creates a password. Passwords should be eight characters or less. If you enter a password that exceeds eight characters, the password is truncated, and you need to specify the truncated password when re-entering the password. For example, if you entered "elephants" as the password, the password is truncated to "elephant," and you will need to re-enter "elephant" instead of "elephants" for the system to accept your password. By default, the initial password for any user is the same as the username. For example, if you logged in as user1, your default password would also be user1.
You will not be prompted to supply the old password. See “Creating Master, System Administrator, and Storage Administrator users” on page 36. show Displays a list of current users, or you can specify a particular username and display both the username and its associated privilege. See “Creating Master, System Administrator, and Storage Administrator users” on page 36. user delete Deletes a user. See “Creating Master, System Administrator, and Storage Administrator users” on page 36. 36 Creating users based on roles Creating Master, System Administrator, and Storage Administrator users
Creating Master, System Administrator, and Storage Administrator users
To create the different levels of administrator, you must have master privilege. To create a Master user
◆ To create a Master user, enter the following:
Admin> user add username master
For example:
Admin> user add master1 master Creating Master: master1 Success: User master1 created successfully
To create a System Administrator user
◆ To create a System Administrator user, enter the following:
Admin> user add username system-admin
For example:
Admin> user add systemadmin1 system-admin Creating System Admin: systemadmin1 Success: User systemadmin1 created successfully
To create a Storage Administrator user
◆ To create a Storage Administrator user, enter the following:
Admin> user add username storage-admin
For example:
Admin> user add storageadmin1 storage-admin Creating Storage Admin: storageadmin1 Success: User storageadmin1 created successfully Creating users based on roles 37 Creating Master, System Administrator, and Storage Administrator users
To change a user's password 1 To change the password for the current user, enter the following command:
Admin> passwd
You will be prompted to enter the new password for the current user. 2 To change the password for a user other than the current user, enter the following command:
Admin> passwd [username]
You will be prompted to enter the new password for the user. To display a list of current users 1 To display the current user, enter the following:
Admin> show [username]
2 To display a list of all the current users, enter the following:
Admin> show
For example:
Admin> show List of Users ------master user1 user2
To display the details of the administrator with the username master, enter the following:
Admin> show master Username : master Privileges : Master Admin> 38 Creating users based on roles About the support user
To delete a user from FileStore 1 If you want to display the list of all the current users prior to deleting a user, enter the following:
Admin> show
2 To delete a user from FileStore, enter the following:
Admin> user delete username
For example:
Admin> user delete user1 Deleting User: user1 Success: User user1 deleted successfully
About the support user
The supportuser commands are used to enable, disable, or view the status of the support user. Only an administrator logged in as master has the privilege to enable, disable, change the password, or check the status of the support user.
You log into the system console and enter the Admin> mode to access the commands. See “About using the FileStore command-line interface” on page 27.
Table 2-19 Support user commands
Command Definition
supportuser Enables the support user for the tracing and debugging of any node. enable The enable command lets the support user login remotely.
See “Configuring the support user account” on page 39.
supportuser Changes the support user password. The password can be changed at password any time. See “Configuring the support user account” on page 39.
supportuser status Checks the status of the support user (whether it is enabled or disabled). Note: You must have master privilege to use this command.
See “Configuring the support user account” on page 39. Creating users based on roles 39 Configuring the support user account
Table 2-19 Support user commands (continued)
Command Definition
supportuser Disables the support user without permanently removing it from the disable system. By default, the support user is in disable mode when FileStore is installed. See “Configuring the support user account” on page 39.
Configuring the support user account To enable the support user account
◆ If you want to enable the support user, enter the following:
Admin> supportuser enable
For example:
Admin> supportuser enable Enabling support user. support user enabled. Admin>
To change the support user password
◆ If you want to change the support user password, enter the following:
Admin> supportuser password
For example:
Admin> supportuser password
Changing password for support. New password: Re-enter new password:
Password changed Admin> 40 Creating users based on roles Displaying the command history
To check the support user status
◆ If you want to check the status of the support user, enter the following:
Admin> supportuser status
For example:
Admin> supportuser status support user status : Enabled Admin>
To disable the support user account
◆ If you want to disable the support user, enter the following:
Admin> supportuser disable
For example:
Admin> supportuser disable Disabling support user. support user disabled. Admin>
Displaying the command history
The history command displays the commands that you have executed. You can also view commands executed by another user. You must be logged in to the system to view the command history. See “About using the FileStore command-line interface” on page 27. Creating users based on roles 41 Displaying the command history
To display command history
◆ To display the command history, enter the following:
SFS> history [username] [number_of_lines]
username Displays the command history for a particular user.
number_of_lines Displays the number of lines of history you want to view.
For example:
SFS> history master 7 Username : master Privileges : Master Time Status Message Command 02-12-2009 11:09 Success NFS> server status (server status) 02-12-2009 11:10 Success NFS> server start (server start ) 02-12-2009 11:19 Success NFS> server stop (server stop ) 02-12-2009 11:28 Success NFS> fs show (show fs ) 02-12-2009 15:00 SUCCESS Disk list stats completed (disk list ) 02-12-2009 15:31 Success Network shows success (show ) 02-12-2009 15:49 Success Network shows success (show ) SFS>
The information displayed from using the history command is:
Time Displays the time stamp as MM-DD-YYYY HH:MM
Status Displays the status of the command as Success, Error, or Warning.
Message Displays the command description.
Command Displays the actual commands that were executed by you or another user. 42 Creating users based on roles Displaying the command history Chapter 3
Displaying and adding nodes to a cluster
This chapter includes the following topics:
■ About the cluster commands
■ Displaying the nodes in the cluster
■ About adding a new node to the cluster
■ Installing the FileStore software onto a new node
■ Adding a node to the cluster
■ Deleting a node from the cluster
■ Shutting down the cluster nodes
■ Rebooting the nodes in the cluster
About the cluster commands This chapter discusses the FileStore cluster commands. You use these commands to add or delete nodes to your cluster. The cluster commands are defined in Table 3-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter Cluster> mode. See “About using the FileStore command-line interface” on page 27. 44 Displaying and adding nodes to a cluster Displaying the nodes in the cluster
Table 3-1 Cluster mode commands
Commands Definition
cluster> show Displays the nodes in the FileStore cluster, their states, CPU load, and network load during the past 15 minutes. See “Displaying the nodes in the cluster” on page 44.
network> ip addr Installs the FileStore software onto the new node. add See “Installing the FileStore software onto a new node” on page 47.
cluster> add Adds a new node to the FileStore cluster. See “Adding a node to the cluster” on page 48.
cluster> delete Deletes a node from the FileStore cluster. See “Deleting a node from the cluster” on page 49.
cluster> shutdown Shuts down one or all of the nodes in the FileStore cluster. See “Shutting down the cluster nodes” on page 51.
cluster> reboot Reboots a single node or all of the nodes in the FileStore cluster. Use the nodename(s) that is displayed in the show command.
See “Rebooting the nodes in the cluster” on page 51.
Displaying the nodes in the cluster You can display all the nodes in the cluster, their states, CPU load, and network load during the past 15 minutes.
If you use the currentload option, you can display the CPU and network loads collected from now to the next five seconds. Displaying and adding nodes to a cluster 45 Displaying the nodes in the cluster
To display a list of nodes in the cluster 1 To display a list of nodes that are part of a cluster, and the systems that are available to add to the cluster, enter the following:
Cluster> show
For nodes already in the cluster, the following is displayed:
Node State CPU(15 min) pubeth0(15 min) pubeth1(15 min) % rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s) ------sfs_1 RUNNING 1.35 0.00 0.00 0.00 0.00 sfs_2 RUNNING 1.96 0.00 0.00 0.00 0.00
For the nodes not yet added to the cluster, they are displayed with unique identifiers.
Node ---- 4dd5a565-de6c-4904-aa27-3645cf557119 bafd13c1-536a-411a-b3ab-3e3253006209
State ----- INSTALLED 5.0SP2 (172.16.113.118) INSTALLING-Stage-4-of-4 46 Displaying and adding nodes to a cluster Displaying the nodes in the cluster
2 To display the CPU and network loads collected from now to the next five seconds, enter the following:
Cluster> show [currentload]
Example output:
Node State CPU(5 sec) pubeth0(5 sec) pubeth1(5 sec) % rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s) ------sfs_1 RUNNING 0.26 0.01 0.00 0.01 0.00 sfs_2 RUNNING 0.87 0.01 0.00 0.01 0.00 sfs_3 RUNNING 10.78 27.83 12.54 0.01 0.00
Node Displays the node name if the node has already been added to the cluster. Displays the unique identifier for the node if it has not been added to the cluster. Example:
node_1
or
35557d4c-6c05-4718-8691-a2224b621920
State Displays the state of the node or the installation state of the system along with an IP address of the system if it is installed. Example:
INSTALLED (172.16.113.118) RUNNING FAULTED EXITED LEAVING UNKNOWN
CPU Indicates the CPU load
pubeth0 Indicates the network load for the Public Interface 0
pubeth1 Indicates the network load for the Public Interface 1
If a system is physically removed from the cluster, or if you power off the system, you will not see the unique identifier for the system, installation state, and IP address for the system when you issue the cluster> show Displaying and adding nodes to a cluster 47 About adding a new node to the cluster
command. If you power the system back on, you will see the unique identifier for the system, the installation state, and the IP address for the system. You can then use the IP address to add the node back to the cluster. See “About adding a new node to the cluster” on page 47.
About adding a new node to the cluster After you have installed the first node of the cluster, you need to complete two separate procedures to install additional nodes and add them to the cluster. Procedures to install and add additional nodes:
■ You first need to install the FileStore software binaries on the node.
■ You then add the node to your existing cluster. After the FileStore software has been installed, the node enters the INSTALLED state. It can then be added to the cluster and become operational.
Note: Before proceeding, make sure that all of the nodes are physically connected to the private and public networks. This allows the software installation to run concurrently on each node.
See the Symantec FileStore Installation Guide for more information.
Installing the FileStore software onto a new node To install the FileStore software onto the new node 1 Log in to the master account through the FileStore console and access the network mode. To log in to the FileStore console:
■ Use ssh master@consoleipaddr where consoleipaddr is the console IP address.
■ For the password, enter the default password for the master account, master. You can change the password later by using the Admin> password command. 2 If the nodes have not been preconfigured, you need to preconfigure them. To preconfigure nodes: 48 Displaying and adding nodes to a cluster Adding a node to the cluster
■ Obtain the IP address ranges, as described in the Symantec FileStore Installation Guide, for the public network interfaces of the nodes to be installed.
■ Add each IP address using the following command: Network> ip addr add ipaddr netmask type IP is a protocol that allows addresses to be attached to an Ethernet interface. Each Ethernet interface must have at least one address to use the protocol. Several different addresses can be attached to one Ethernet interface. Add the ipaddr and the netmask. And type is the type of IP address (virtual or physical). 3 Power up and press F12 for each new node to initiate a network boot. The FileStore software is automatically installed on all of the nodes.
4 Enter Cluster> show to display the status of the node installation as it progresses.
Cluster> show
The following is an example of the status messages that appear.
INSTALLING (Stage 1 of 4: Installing Linux) INSTALLING (Stage 2 of 4: Copying SFS installation sources) INSTALLING (Stage 3 of 4: First Boot) INSTALLING (Stage 4 of 4: Installing SFS)
Installed/Installing Nodes
Node ---- 4dd5a565-de6c-4904-aa27-3645cf557119
State ----- INSTALLED 5.0SP2 (172.16.113.118)
Adding a node to the cluster After the FileStore software is installed on a new node, the node is assigned a temporary IP address. The address is displayed in the State field in the output for Cluster> show. Displaying and adding nodes to a cluster 49 Deleting a node from the cluster
The temporary IP address is 172.16.113.118. The temporary IP address is only used to add the node to the cluster. Only the nodes in the INSTALLED state can be added to the cluster. See “Installing the FileStore software onto a new node” on page 47.
Note: This command is not supported in a single-node cluster.
The coordinator disks must be visible on the newly added node as a prerequisite for I/O fencing to be configured successfully. Without the coordinator disks, I/O fencing will not load properly and the node will not be able to obtain cluster membership. See “About I/O fencing” on page 115. To add the new node to the cluster
1 Log in to FileStore using the master user role.
2 Enter the cluster mode. 3 To add the new node to the cluster, enter the following:
Cluster> add nodeip
where nodeip is the IP address assigned to the INSTALLED node. For example:
Cluster> add 172.16.113.118 Checking ssh communication with 172.16.113.118 ...done Configuring the new node .....done Adding node to the cluster...... done Node added to the cluster New node's name is: sfs_1
Deleting a node from the cluster This command deletes a node from the cluster. Use the nodename that is displayed in the Cluster> show command.
Note: This command is not supported in a single-node cluster.
If the deleted node was in the RUNNING state prior to deletion, that node would be assigned an IP address that can be used to add the node back to the cluster. 50 Displaying and adding nodes to a cluster Deleting a node from the cluster
See “About adding a new node to the cluster” on page 47. If the deleted node was not in the RUNNING state prior to deletion, reboot the deleted node to assign it an IP address which can be used to add the node back into the cluster. You must first reinstall the operating system FileStore software (using the PXE installation) onto the node before adding it to the cluster. Refer to Symantec FileStore Installation Guide. After the node is deleted from the cluster, that node's IP address is free for use by the cluster for new nodes. The state of each node can be:
■ RUNNING
■ FAULTED
■ EXITED
■ LEAVING
■ UNKNOWN To delete a node from the cluster 1 To show the current state of all nodes in the cluster, enter the following:
Cluster> show
2 To delete a node from a cluster, enter the following:
Cluster> delete nodename
where nodename is the nodename that appeared in the listing from the show command. For example:
Cluster> delete sfs_1 Stopping Cluster processes on sfs_1 ...... done deleting sfs_1's configuration from the cluster .....done Node sfs_1 deleted from the cluster
If you try to delete a node that is unreachable, you will receive the following warning message:
This SFS node is not reachable, you have to re-install the SFS software via PXE boot after deleting it. Do you want to delete it now? (y/n) Displaying and adding nodes to a cluster 51 Shutting down the cluster nodes
Shutting down the cluster nodes You can shut down a single node or all of the nodes in the cluster. Use the nodename(s) that is displayed in the Cluster> show command. To shut down a node or all the nodes in a cluster 1 To shut down a node, enter the following:
Cluster> shutdown nodename
nodename indicates the name of the node you want to shut down. For example:
Cluster> shutdown sfs_1 Stopping Cluster processes on sfs_1 ...... done Sent shutdown command to sfs_1
2 To shut down all of the nodes in the cluster, enter the following:
Cluster> shutdown all
Use all as the nodename if you want to shut down all of the nodes in the cluster. For example:
Cluster> shutdown all Stopping Cluster processes on all ...done Sent shutdown command to sfs_1 Sent shutdown command to sfs_2
Rebooting the nodes in the cluster You can reboot a single node or all of the nodes in the cluster. Use the nodename(s) that is displayed in the Cluster> show command. 52 Displaying and adding nodes to a cluster Rebooting the nodes in the cluster
To reboot a node 1 To reboot a node, enter the following:
Cluster> reboot nodename
nodename indicates the name of the node you want to reboot. For example:
Cluster> reboot sfs_1 Stopping Cluster processes on sfs_1 ...... done Sent reboot command to sfs_1
2 To reboot all of the nodes in the cluster, enter the following:
Cluster> reboot all
Use all as the nodename if you want to reboot all of the nodes in the cluster. For example:
Cluster> reboot all Stopping Cluster processes on all ...done Sent reboot command to sfs_1 Sent reboot command to sfs_2 Chapter 4
Configuring Symantec FileStore network settings
This chapter includes the following topics:
■ About network mode commands
■ Displaying the network configuration and statistics
■ About bonding Ethernet interfaces
■ Bonding Ethernet interfaces
■ About DNS
■ Configuring DNS settings
■ About IP commands
■ About configuring IP addresses
■ Configuring IP addresses
■ About configuring Ethernet interfaces
■ Configuring Ethernet interfaces
■ About configuring routing tables
■ Configuring routing tables
■ About LDAP
■ Before configuring LDAP settings
■ About configuring LDAP server settings 54 Configuring Symantec FileStore network settings About network mode commands
■ Configuring LDAP server settings
■ About administering FileStore cluster's LDAP client
■ Administering the FileStore cluster's LDAP client
■ About NIS
■ Configuring the NIS-related commands
■ About NSS
■ Configuring NSS lookup order
■ About VLAN
■ Configuring VLAN
About network mode commands FileStore network-mode commands let you specify and check the status of network parameters for the FileStore cluster.
Note: Before you use FileStore network mode commands, you must have a general understanding of IP addresses and networking. If you are not familiar with the terms or output, contact your Network Administrator for help.
As shown in Table 4-1, network node commands are organized into functional groups or submodes. To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter Network> mode. See “About using the FileStore command-line interface” on page 27.
Table 4-1 Network submodes
Network Function submode
Bond Creates a logical association between two or more Ethernet interfaces. See “About bonding Ethernet interfaces” on page 56.
DNS Identifies enterprise DNS servers for FileStore use. See “About DNS” on page 59. Configuring Symantec FileStore network settings 55 Displaying the network configuration and statistics
Table 4-1 Network submodes (continued)
Network Function submode
IP Manages the FileStore cluster IP addresses. See “About IP commands” on page 63.
LDAP Identifies the LDAP servers thatFileStore can use. See “About LDAP” on page 77.
NIS Identifies the NIS server that FileStore can use. See “About NIS” on page 86.
NSS Provides a single configuration location to identify the services (such as NIS or LDAP) for network information such as hosts, groups, or passwords. See “About NSS” on page 89.
VLAN Views, adds, or deletes VLAN interfaces. See “About VLAN” on page 90.
Displaying the network configuration and statistics
You can use the Network> show command to display the current cluster configuration and related statistics of the cluster network configuration. 56 Configuring Symantec FileStore network settings About bonding Ethernet interfaces
To display the network configuration and statistics
◆ To display the cluster's network configuration and statistics, enter the following:
Network> show Interface Statistics ------sfs_1 ------Interfaces MTU Metric RX-OK RX-DROP RX-ERR RX-FRAME lo 16436 1 13766 0 0 0 priveth0 1500 1 452390 0 0 0 priveth1 1500 1 325940 0 0 0 pubeth0 1500 1 25806318 0 0 0 pubeth1 1500 1 25755262 0 0 0
TX-OK TX-DROP TX-ERR TX-CAR Flag 13766 0 0 0 LRU 953273 0 0 0 BMR 506641 0 0 0 BMRU 152817 0 0 0 BMRU 673 0 0 0 BMRU
Routing Table ------sfs_1 ------Destination Gateway Genmask Flags MSS Window irtt Iface 172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0
See “Configuring routing tables” on page 74.
About bonding Ethernet interfaces Bond commands associate each set of two or more Ethernet interfaces with one IP address. This association improves network performance on each FileStore cluster node by increasing the potential bandwidth available on an IP address beyond the limits of a single Ethernet interface and by providing redundancy for Configuring Symantec FileStore network settings 57 About bonding Ethernet interfaces
higher availability. For example, you can bond two 1-gigabit Ethernet interfaces together to provide up to 2 gigabits per second of throughput to a single IP address. Moreover, if one of the interfaces fails, communication continues using the single Ethernet interface. Bond commands let you create, remove, and display a cluster's bonds. When you create or delete a bond, it affects the corresponding Ethernet interfaces on the FileStore cluster nodes. Every node in the cluster has pubeth0 and pubeth1 interfaces. You can only bond public Ethernet interfaces.
Note: When you create or remove a bond, all of the SSH connections with Ethernet interfaces may be dropped. When the operation is complete, you must restore the ssh connections.
Table 4-2 Bond commands
Command Definition
show Displays a bond and the algorithm used to distribute traffic among the bonded interfaces. See “Bonding Ethernet interfaces” on page 58.
create Creates a bond between sets of two or more correspondingly named Ethernet interfaces on all FileStore cluster nodes. See “Bonding Ethernet interfaces” on page 58.
remove Removes a bond between two or more correspondingly named Ethernet interfaces on all FileStore cluster nodes. The bond show command displays the names. See “Bonding Ethernet interfaces” on page 58. 58 Configuring Symantec FileStore network settings Bonding Ethernet interfaces
Bonding Ethernet interfaces To display a bond
◆ To display a bond and the algorithm used to distribute traffic among the bonded interfaces, enter the following:
Network> bond show
In this example, DEVICES refers to Ethernet interfaces.
BONDNAME MODE DEVICES ------bond0 1 pubeth1 pubeth2
To create a bond
◆ To create a bond between sets of two or more Ethernet interfaces on all FileStore cluster nodes, enter the following:
Network> bond create interfacelist mode
interfacelist Specifies a comma-separated list of public Ethernet interfaces to bond. Bonds are created on correspondingly named sets of Ethernet interfaces on each cluster node.
mode Specifies how the bonded Ethernet interfaces divide the traffic.
For example:
Network> bond create pubeth1,pubeth2 broadcast 100% [#] Bonding interfaces. Please wait... bond created, the bond name is: bond0
You can specify a mode either as a number or a character string, as follows:
0 balance-rr This mode provides fault tolerance and load balancing. It transmits packets in order from the first available slave through the last.
1 active-backup Only one slave in the bond is active. If the active slave fails, a different slave becomes active. To avoid confusing the switch, the bond's MAC address is externally visible on only one port (network adapter). Configuring Symantec FileStore network settings 59 About DNS
2 balance-xor Transmits based on the selected transmit hash policy. The default policy is a simple. This mode provides load balancing and fault tolerance. You can use the xmit_hash_policy option to select alternate transmit policies.
3 broadcast Transmits everything on all slave interfaces and provides fault tolerance.
4 802.3ad Creates aggregation groups with the same speed and duplex settings. It uses all slaves in the active aggregator based on the 802.3ad specification.
5 balance-tlb Provides channel bonding that does not require special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. The current slave receives incoming traffic. If the receiving slave fails, another slave takes over its MAC address.
6 balance-alb Includes balance-tlb plus Receive Load Balancing (RLB) for IPV4 traffic. This mode does not require any special switch support. ARP negotiation load balances the receive.
To remove a bond
◆ To remove a bond from all of the nodes in a cluster, enter the following:
Network> bond remove bondname
where bondname is the name of the bond configuration. For example:
Network> bond remove bond0 100% [#] Removing Bond bond0. Please wait... bond removed : bond0
About DNS The Domain Name System (DNS) service translates between numeric IP addresses and their associated host names. The DNS commands let you view or change an FileStore cluster 's DNS settings. You can configure an FileStore cluster's DNS lookup service to use up to three 60 Configuring Symantec FileStore network settings About DNS
DNS servers. You must enable the FileStore cluster's DNS name service before you specify the DNS servers it is to use for lookups.
Table 4-3 DNS commands
Command Definition
dns show Displays the current settings of an FileStore cluster's DNS lookup service. See “Configuring DNS settings” on page 61.
dns enable Enables FileStore to perform DNS lookups. When DNS is enabled, the FileStore cluster's DNS service uses the data center's DNS server(s) to determine the IP addresses of network entities such as SNMP, NTP, LDAP, and NIS servers with which the cluster must communicate. See “Configuring DNS settings” on page 61.
dns disable Disables DNS lookups. If the DNS services are already disabled, the command does not respond. See “Configuring DNS settings” on page 61.
dns set Specifies the IP addresses of DNS name servers to be used by the nameservers FileStore DNS lookup service. The order of the IP addresses is the order in which the name servers are to be used.
Enter the IP addresses of the name servers. The order of the IP addresses is the order in which the name servers are to be used. See “Configuring DNS settings” on page 61.
dns clear Removes the IP addresses of DNS name servers from the cluster's DNS nameservers lookup service database. See “Configuring DNS settings” on page 61.
dns set Enter the domain name that the FileStore cluster will be in. For the domainname required information, contact your Network Administrator. This command clears any previously set domain name. Before you use this procedure, you must enable the DNS server. See “Configuring DNS settings” on page 61.
dns clear Removes the DNS domain name. domainname See “Configuring DNS settings” on page 61. Configuring Symantec FileStore network settings 61 Configuring DNS settings
Configuring DNS settings To display DNS settings
◆ To display DNS settings, enter the following:
Network> dns show DNS Status : Disabled nameserver : 172.16.113.118 domain : symantec.com
To enable DNS settings
◆ To enable DNS settings to allow FileStore hosts to do lookups and verify the results, enter the following commands:
Network> dns enable Network> Network> dns show DNS Status : Enabled domain : cluster1.com nameserver : 10.216.50.132
To disable DNS settings
◆ To disable DNS settings, enter the following:
Network> dns disable Network> Network> dns show DNS Status : Disabled Old Settings ------domain : cluster1.com nameserver : 10.216.50.132 62 Configuring Symantec FileStore network settings Configuring DNS settings
To specify IP addresses of DNS name servers
◆ To specify the IP addresses of DNS name servers to be used by the FileStore DNS service and verify the results, enter the following commands:
Network> dns set nameservers nameserver1 [nameserver2] [nameserver3]
For example:
Network> dns set nameservers 10.216.50.199 10.216.50.200 Network> Network> dns show DNS Status : Enabled nameserver : 10.216.50.199 nameserver : 10.216.50.200
To remove name servers list used by DNS
◆ To remove the name servers list used by DNS and verify the results, enter the following commands:
Network> dns clear nameservers Network> Network> dns show DNS Status : Enabled
To set the domain name for the DNS server
◆ To set the domain name for the DNS server, enter the following:
Network> dns set domainname domainname
where domainname is the domain name for the DNS server. For example:
Network> dns set domainname example.com Network> Network> dns show DNS Status : Enabled domain : example.com nameserver : 10.216.50.132 Configuring Symantec FileStore network settings 63 About IP commands
To remove domain name used by DNS
◆ To remove the domain name used by DNS, enter the following:
Network> dns clear domainname Network> Network> dsn show DNS Status : Enabled nameserver : 10.216.50.132
About IP commands Internet Protocol (IP) commands configure your routing tables, Ethernet interfaces, and IP addresses, and display the settings. The following sections describe how to configure the IP commands:
■ See “About configuring IP addresses” on page 63.
■ See “About configuring Ethernet interfaces” on page 69.
■ See “About configuring routing tables” on page 72.
About configuring IP addresses Each Ethernet interface must have a physical IP address associated with it. These are usually supplied when the FileStore software is installed. Each Ethernet interface also requires one or more virtual IP addresses to communicate with other cluster nodes and with the rest of the enterprise network.
Note: The operating system requires physical IP addresses. You should only add the physical IP addresses when the cluster's hardware configuration changes.
Table 4-4 lists the commands you can use to configure your IP addresses.
Table 4-4 IP commands
Command Definition
ip addr show Displays the IP addresses, the devices (Ethernet interfaces) they are assigned to, and their attributes. Note: Any Ethernet interfaces excluded during the initial FileStore installation will not be displayed.
See “Configuring IP addresses” on page 65. 64 Configuring Symantec FileStore network settings About configuring IP addresses
Table 4-4 IP commands (continued)
Command Definition
ip addr add Adds a virtual or physical IP address to the FileStore cluster. FileStore assigns the newly added IP address to an Ethernet interface or one of its nodes. Virtual IP addresses are used for communication among cluster nodes and with clients on the enterprise network. By default, this command does not use VLAN Ethernet interfaces unless they are specified in the device option. FileStore determines the node to which the IP address will be assigned. After you add a virtual IP address, it takes a few seconds for it to come online. If you enter an IP address that is already used in the cluster, an error message is displayed. You cannot enter an invalid IP address (one that is not four bytes or has a byte value greater than 255). Note: An IP address that does not go online may indicate a problem with the FileStore cluster. For help, use the Support> services command, or contact Symantec Technical Support.
See “Using the services command” on page 401. See “Configuring IP addresses” on page 65.
ip addr online Brings an IP address online on any running node in the cluster. The IP address does not need to be in the offline mode for this command to work. You can use this command to switch the IP address from an online node to another specified node. You can change an IP address to the online mode if it is in the OFFLINE/FAULTED state. This command also displays any faults for the IP address on the specified node. If the command succeeds you do not receive a response at the prompt. Note: An IP address that does not go online may indicate a problem with the FileStore cluster. For help, use the Support> services command, or contact Symantec Technical Support.
See “Using the services command” on page 401. See “Configuring IP addresses” on page 65.
ip addr modify Modifies an IP protocol address used by the cluster. You can change both the physical IP addresses and virtual IP addresses. If you change the virtual IP address it terminates the NFS connection on oldipaddr. See “Configuring IP addresses” on page 65. Configuring Symantec FileStore network settings 65 Configuring IP addresses
Table 4-4 IP commands (continued)
Command Definition
ip addr del Deletes an IP protocol address from the cluster. You can only delete physical IP addresses if they are not being used by any interface of the cluster. You can also delete virtual IP addresses, except for the console IP address. When you add or delete an IP address from the cluster, the cluster automatically evens out the number of virtual IP addresses on each node. See “Configuring IP addresses” on page 65.
Configuring IP addresses To configure your IP addresses, perform the following commands. To display all the IP addresses for the cluster
◆ To display all of a cluster's IP addresses, enter the following:
Network> ip addr show IP Netmask Device Node Type Status ------10.182.107.53 255.255.240.0 pubeth0 sfs_1 Physical 10.182.107.54 255.255.240.0 pubeth1 sfs_1 Physical 10.182.107.55 255.255.240.0 pubeth0 sfs_2 Physical 10.182.107.56 255.255.240.0 pubeth1 sfs_2 Physical 10.182.107.65 255.255.240.0 pubeth0 sfs_1 Virtual ONLINE (Con IP) 10.182.107.201 255.255.240.0 pubeth0 sfs_2 Virtual ONLINE 10.182.107.202 255.255.240.0 pubeth0 sfs_1 Virtual ONLINE 10.182.107.203 255.255.240.0 pubeth1 sfs_2 Virtual ONLINE 10.182.107.204 255.255.240.0 pubeth1 sfs_1 Virtual ONLINE
The output headings are:
IP Displays the IP addresses for the cluster.
Netmask Displays the netmask for the IP address.
Device Displays the names of the Ethernet interfaces for the IP address.
Node Displays the node names associated with the interface.
Type Displays the type of the IP address: physical or virtual. 66 Configuring Symantec FileStore network settings Configuring IP addresses
Status Displays the status of the IP addresses:
■ ONLINE ■ ONLINE (console IP) ■ OFFLINE ■ FAULTED
A virtual IP can be in the FAULTED state if it is already being used. It can also be in the FAULTED state if the corresponding device is not working on all nodes in the cluster (for example, a disconnected cable). Configuring Symantec FileStore network settings 67 Configuring IP addresses
To add an IP address to a cluster
◆ To add an IP address to a cluster, enter the following:
Network> ip addr add ipaddr netmask type [device]
ipaddr Specifies the IP address to add to the cluster. Do not use physical IP addresses to access the FileStore cluster. In case of failure, the IP addresses cannot move between nodes. A failure could be either a node failure, an Ethernet interface failure, or storage failure.
netmask Specifies the netmask for the IP address.
type Specifies the IP type, either virtual or physical.
device Only use this option if you entered virtual for the type.
For example, to add a virtual IP address on a normal device, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0 SFS ip addr Success V-288-0 ip addr add successful. Network>
For example, to add a virtual IP address on a bond device, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0 SFS ip addr Success V-288-0 ip addr add successful. Network>
For example, to add a virtual IP address on a VLAN device created over a normal device with VLAN ID 3, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0.3 SFS ip addr Success V-288-0 ip addr add successful. Network>
For example, to add a virtual IP address on a VLAN device created over a bond device with VLAN ID 3, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0.3 SFS ip addr Success V-288-0 ip addr add successful. Network> 68 Configuring Symantec FileStore network settings Configuring IP addresses
To change an IP address to the online mode on a specified node
◆ To change an IP address to the online mode on a specified node, enter the following:
Network> ip addr online ipaddr nodename
ipaddr Specifies the IP address that needs to be brought online.
nodename Specifies the nodename on which the IP address needs to be brought online. If you do not want to enter a specific nodename, enter any with the IP address.
For example:
Network> ip addr online 10.10.10.15 node5_2 Network> ip addr show IP Netmask Device Node Type Status ------10.216.114.212 255.255.248.0 pubeth0 node5_1 Physical 10.216.114.213 255.255.248.0 pubeth1 node5_1 Physical 10.216.114.214 255.255.248.0 pubeth0 node5_2 Physical 10.216.114.215 255.255.248.0 pubeth1 node5_2 Physical 10.216.114.217 255.255.248.0 pubeth0 node5_1 Virtual ONLINE (Con IP) 10.10.10.10 255.255.248.0 pubeth0 node5_1 Virtual ONLINE 10.10.10.11 255.255.248.0 pubeth1 node5_1 Virtual ONLINE 10.10.10.12 255.255.248.0 pubeth0 node5_2 Virtual ONLINE 10.10.10.13 255.255.248.0 pubeth1 node5_2 Virtual ONLINE 10.10.10.15 255.255.248.0 pubeth0 node5_2 Virtual ONLINE Configuring Symantec FileStore network settings 69 About configuring Ethernet interfaces
To modify an IP address
◆ To modify an IP address, enter the following:
Network> ip addr modify oldipaddr newipaddr netmask
oldipaddr Specifies the old IP address to be modified.
newipaddr Specifies what the new IP address will be.
netmask Specifies the netmask for the new IP address.
A valid netmask has a "1" on the far right, with all "1's" to the left in bitwise form. If the specified oldipaddr is not assigned to the cluster, an error message is displayed. If you enter an invalid IP address (one that is not four bytes or has a byte value greater than 255), an error message is displayed. If the new IP address is already being used, an error message is displayed. For example:
Network> ip addr modify 10.10.10.15 10.10.10.16 255.255.240.0 SFS ip addr Success V-288-0 ip addr modify successful.
To remove an IP address from the cluster
◆ To remove an IP address from the cluster, enter the following:
Network> ip addr del ipaddr
where ipaddr is the IP address to remove from the cluster. For example:
Network> ip addr del 10.10.10.15 SFS ip addr Success V-288-0 ip addr del successful. Network>
About configuring Ethernet interfaces You can display and change the public Ethernet interfaces (pubeth0 and pubeth1) whether a link is up or down, and the Ethernet interface's Maximum Transmission Unit (MTU) value. 70 Configuring Symantec FileStore network settings Configuring Ethernet interfaces
Table 4-5 Ethernet interface commands
Command Definition
ip link show Displays each Ethernet interface's (device) status, if it connected to each node in the cluster, the speed, and MTU. Note: Any Ethernet interfaces excluded during the initial FileStore installation will not be displayed.
See “Configuring Ethernet interfaces” on page 70.
ip link set Changes the network Ethernet interface's attributes or states. See “Configuring Ethernet interfaces” on page 70.
Configuring Ethernet interfaces To display current Ethernet interfaces and states
◆ To display current configurations, enter the following:
Network> ip link show [nodename] [device]
nodename Specifies which node of the cluster to display the attributes. Enter all to display all IP links.
device Specifies which Ethernet interface on the node to display the attributes.
For example:
Network> ip link show sfs_1 pubeth0
Nodename Device Status MTU Detect Speed ------sfs_1 pubeth0 UP 1500 yes 100Mb/s
To display all configurations, enter the following:
Nodename Device Status MTU Detect Speed ------sfs_1 pubeth0 UP 1500 yes 100Mb/s sfs_1 pubeth1 UP 1500 yes 100Mb/s sfs_2 pubeth0 UP 1500 yes 100Mb/s sfs_2 pubeth1 UP 1500 yes 100Mb/s Configuring Symantec FileStore network settings 71 Configuring Ethernet interfaces
To change an Ethernet interface
◆ To change an Ethernet interface's configuration, enter the following:
Network> ip link set nodename device operation [argument]
nodename Specifies which node of the cluster to configure. If the node specified is not part of the cluster, then an error message is displayed. To configure all nodes at once, use the all option in the nodename field.
device Specifies the Ethernet interface to configure. If you enter an Ethernet interface that cannot be configured, an error message is displayed.
operation Enter one of the following operations:
■ up - Brings the Ethernet interface online. ■ down - Brings the Ethernet interface offline. ■ mtu MTU - Changes the Ethernet interface's Maximum Transmission Unit (MTU) to the value that is specified in the argument field. ■ detect- Displays whether the Ethernet interface is physically connected or not. ■ speed- Displays the device speed.
argument The argument field is used only when you enter mtu in the operation field. Setting the incorrect MTU value causes the console IP to become unavailable. The argument field specifies what the MTU of the specified Ethernet interface on the specified node should be changed to. The MTU value must be an unsigned integer between 46 and 9216. If you enter the argument field, but do not enter an MTU in the operation field, the argument is ignored.
For example:
Network> ip link set all pubeth0 mtu 1600
sfs_1 : mtu updated on pubeth0 sfs_2 : mtu updated on pubeth0 72 Configuring Symantec FileStore network settings About configuring routing tables
Network> ip link show
Nodename Device Status MTU Detect Speed ------sfs_1 pubeth0 UP 1600 yes 100Mb/s sfs_1 pubeth1 UP 1500 yes 100Mb/s sfs_2 pubeth0 UP 1600 yes 100Mb/s sfs_2 pubeth1 UP 1500 yes 100Mb/s
About configuring routing tables Sometimes an FileStore cluster must communicate with network services (for example, LDAP) using specific gateways in the public network. In these cases, you must define routing table entries. These entries consist of the following:
■ The target network node's IP address and accompanying netmask.
■ Gateway’s IP address.
■ Optionally, a specific Ethernet interface via which to communicate with the target. This is useful, for example, if the demands of multiple remote clients are likely to exceed a single gateway’s throughput capacity.
You add or remove routing table entries using the Network> mode ip route command. Table 4-6 lists the commands used to configure the routing tables of the nodes in the cluster.
Table 4-6 Routing table commands
Command Definition
route show Displays the routing table of the nodes in the cluster. You can enter a specific nodename or use all to display the routing tables for all nodes in the cluster. See “Configuring routing tables” on page 74. Configuring Symantec FileStore network settings 73 About configuring routing tables
Table 4-6 Routing table commands (continued)
Command Definition route add Adds a new route for the cluster. The routing table contains information about paths to other networked nodes. You can make routing table changes on each node of the cluster. Use all for the nodename to add the route to all of the nodes in the cluster. Use a netmask value of 255.255.255.255 for the netmask to add a host route to ipaddr. Use a value of 0.0.0.0 for the gateway to add a route that does not use any gateway. The dev device is an optional argument.
Use any of the public Ethernet interfaces for the device (pubeth0, pubeth1, or any). See “Configuring routing tables” on page 74. route del Deletes a route used by the cluster. Use all for nodename to delete the route from all of the nodes in the cluster. The combination of ipaddr and netmask specifies the network or host for which the route is deleted. Use a value of 255.255.255.255 for the netmask to delete a host route to ipaddr. See “Configuring routing tables” on page 74. 74 Configuring Symantec FileStore network settings Configuring routing tables
Configuring routing tables To display the routing tables of the nodes in the cluster
◆ To display the routing tables of the nodes in the cluster, enter the following:
Network> ip route show [nodename]
where nodename is the node whose routing tables you want to display. To see the routing table for all of the nodes in the cluster, enter all. For example:
Network> ip route show all
sfs_1 ------Destination Gateway Genmask Flags MSS Window irtt Iface 172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0
sfs_2 ------Destination Gateway Genmask Flags MSS Window irtt Iface 172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0
Destination Displays the destination network or destination host for which the route is defined.
Gateway Displays a network node equipped for interfacing with another network.
Genmask Displays the netmask. Configuring Symantec FileStore network settings 75 Configuring routing tables
Flags The flags are as follows: U - Route is up H - Target is a host G - Use gateway
MSS Displays maximum segment size. The default is 0. You cannot modify this attribute.
Window Displays the maximum amount of data the system accepts in a single burst from the remote host. The default is 0. You cannot modify this attribute. irtt Displays the initial round trip time with which TCP connections start. The default is 0. You cannot modify this attribute.
Iface Displays the interface. On UNIX systems, the device name lo refers to the loopback interface.
To add to the route table
◆ To add a route entry to the routing table of nodes in the cluster, enter the following:
Network> ip route add nodename ipaddr netmask via gateway [dev device]
nodename Specifies the node to whose routing table the route is to be added. To add a route path to all the nodes, use all in the nodename field. If you enter a node that is not a part of the cluster, an error message is displayed.
ipaddr Specifies the destination of the IP address. If you enter an invalid IP address, then a message notifies you before you fill in other fields.
netmask Specifies the netmask associated with the IP address that is entered for the ipaddr field. Use a netmask value of 255.255.255.255 for the netmask to add a host route to ipaddr.
via This is a required field. You must type in the word. 76 Configuring Symantec FileStore network settings Configuring routing tables
gateway Specifies the gateway IP address used for the route. If you enter an invalid gateway IP address, then an error message is displayed. To add a route that does not use a gateway, enter a value of 0.0.0.0.
dev Specifies the route device option. You must type in the word.
dev device Specifies which Ethernet interface on the node the route path is added to. This variable is optional. You can specify the following values:
■ any - Default ■ pubeth0 - Public Ethernet interface ■ pubeth1 - Public Ethernet interface
The Ethernet interface field is required only when you specify dev in the dev field.
If you omit the dev and device fields, FileStore uses a default Ethernet interface.
For example:
Network> ip route add sfs_1 10.10.10.10 255.255.255.255 via 0.0.0.0 dev pubeth0 sfs_1: Route added successfully Configuring Symantec FileStore network settings 77 About LDAP
To delete route entries from the routing tables of nodes in the cluster
◆ To delete route entries from the routing tables of nodes in the cluster, enter the following:
Network> ip route del nodename ipaddr netmask
nodename Specifies the route entry from which the node is deleted. To delete the route entry from all nodes, use the all option in this field.
ipaddr Specifies the destination IP address of the route entry to be deleted. If you enter an invalid IP address a message notifies you before you enter other fields.
netmask Specifies the IP address to be used.
For example:
Network> ip route del sfs_1 10.216.128.0 255.255.255.255 sfs_1: Route deleted successfully
About LDAP The Lightweight Directory Access Protocol (LDAP) is the protocol used to communicate with LDAP servers. The LDAP servers are the entities that perform the service. In FileStore the most common use of LDAP is user authentication. For sites that use an LDAP server for access or authentication, FileStore provides a simple LDAP client configuration interface.
Before configuring LDAP settings Before you configure FileStore LDAP settings, obtain the following LDAP configuration information from your system administrator:
■ IP address or host name of the LDAP server. You also need the port number of the LDAP server.
■ Base (or root) distinguished name (DN), for example, cn=employees,c=us. LDAP database searches start here. 78 Configuring Symantec FileStore network settings About configuring LDAP server settings
■ Bind distinguished name (DN) and password, for example, ou=engineering,c=us. This allows read access to portions of the LDAP database to search for information.
■ Base DN for users, for example, ou=users,dc=com. This allows access to the LDAP directory to search for and authenticate users.
■ Base DN for groups, for example, ou=groups,dc=com. This allows access to the LDAP database, to search for groups.
■ Root bind DN and password. This allows write access to the LDAP database, to modify information, such as changing a user's password.
■ Secure Sockets Layer (SSL). Configures an FileStore cluster to use the Secure Sockets Layer (SSL) protocol to communicate with the LDAP server.
■ Password hash algorithm, for example md5, if a specific password encryption method is used with your LDAP server. The following sections describe how to configure LDAP:
■ See “Configuring LDAP server settings” on page 80.
■ See “Administering the FileStore cluster's LDAP client” on page 85.
About configuring LDAP server settings Table 4-7 lists the LDAP commands used to configure the LDAP server settings.
Table 4-7 LDAP commands
Command Definition
set basedn Sets the base DN value for the LDAP server. Note: Setting the base DN for the LDAP server is required.
See “Configuring LDAP server settings” on page 80.
set server Sets the hostname or IP address for the LDAP server. See “Configuring LDAP server settings” on page 80.
set port Sets the port number for the LDAP server. See “Configuring LDAP server settings” on page 80. Configuring Symantec FileStore network settings 79 About configuring LDAP server settings
Table 4-7 LDAP commands (continued)
Command Definition set ssl Configures an FileStore cluster to use the Secure Sockets Layer (SSL) protocol to communicate with the LDAP server. If your LDAP server does not use SSL for authentication, sets this value to off (the default value). Consult your system administrator for confirmation. If your LDAP server supports SSL, you must set SSL to on. This setting is mandatory. The certificates that are required for SSL are auto-negotiated with the LDAP server when the session is established. See “Configuring LDAP server settings” on page 80. set binddn Sets the bind Distinguished Name (DN) and its password for the LDAP server. This DN is used to bind with the LDAP server for read access. For LDAP authentication, most attributes need read access. Note: Use the LDAP server password. Contact your Network Administrator for assistance.
See “Configuring LDAP server settings” on page 80. set rootbinddn Sets the LDAP root bind DN and its password. This DN is used to bind with the LDAP server for write access to the LDAP directory. This setting is not required for authentication. To change some attributes of an LDAP entry, the root bind DN is required. For example, if a root user wants to change a user's password, the root user must have administrative privileges to write to the LDAP directory. Note: Use the LDAP server password. Contact your Network Administrator for assistance.
See “Configuring LDAP server settings” on page 80. set users-basedn Sets the LDAP users, groups, and netgroups base Distinguished Name (DN). PAM/NSS uses this DN to search LDAP groups. set groups-basedn Note: You must set the LDAP users, groups, and netgroups base DN. set See “Configuring LDAP server settings” on page 80. netgroups-basedn 80 Configuring Symantec FileStore network settings Configuring LDAP server settings
Table 4-7 LDAP commands (continued)
Command Definition
set password-hash Sets the LDAP password hash algorithm used when you set or change the LDAP user's password. The password is encrypted with the configured hash algorithm before it is sent to the LDAP server and stored in the LDAP directory. Note: Setting the LDAP password hash algorithm is optional.
See “Configuring LDAP server settings” on page 80.
get Displays the configured LDAP settings. See “Configuring LDAP server settings” on page 80.
clear Clears a configured setting. See “Configuring LDAP server settings” on page 80.
Configuring LDAP server settings You can set the LDAP base Distinguished Name (base DN). LDAP records are structured in a hierarchical tree. You access records through a particular path, in this case, a Distinguished Name, or DN. The base DN indicates where in the LDAP directory hierarchy you want to start your search.
Note: For FileStore to access an LDAP directory service, you must specify the LDAP server DNS name or IP address.
To set the base DN for the LDAP server
◆ To set the base DN for the LDAP server, enter the following:
Network> ldap set basedn value
where value is the LDAP base DN in the following format:
dc=yourorg,dc=com
For example:
Network> ldap set basedn dc=example,dc=com OK Completed Configuring Symantec FileStore network settings 81 Configuring LDAP server settings
To set the LDAP server hostname or IP address
◆ To set the LDAP server hostname or IP address, enter the following:
Network> ldap set server value
where value is the LDAP server hostname or IP address. For example:
Network> ldap set server ldap-server.example.com OK Completed
For example, if you enter an IP address for the value you get the following message:
Network> ldap set server 10.10.10.10 OK Completed
To set the LDAP server port number
◆ To set the LDAP server port number, enter the following:
Network> ldap set port value
where value is the LDAP server port number. For example:
Network> ldap set port 555 OK Completed
To set FileStore to use LDAP over SSL
◆ To set FileStore to use LDAP over SSL, enter the following:
Network> ldap set ssl {on|off}
For example:
Network> ldap set ssl on OK Completed 82 Configuring Symantec FileStore network settings Configuring LDAP server settings
To set the bind DN for the LDAP server
◆ To set the bind DN for the LDAP server, enter the following:
Network> ldap set binddn value
where value is the LDAP bind DN in the following format:
cn=binduser,dc=yourorg,dc=com
The value setting is mandatory. You are prompted to supply a password. You must use your LDAP server password. For example:
Network> ldap set binddn cn Enter password for 'cn': *** OK Completed
To set the root bind DN for the LDAP server
◆ To set the root bind DN for the LDAP server, enter the following:
Network> ldap set rootbinddn value
where value is the LDAP root bind DN in the following format:
cn=admin,dc=yourorg,dc=com
You are prompted to supply a password. You must use your LDAP server password. For example:
Network> ldap set rootbinddn dc Enter password for 'dc': *** OK Completed Configuring Symantec FileStore network settings 83 Configuring LDAP server settings
To set the LDAP users, groups, or netgroups base DN
◆ To set the LDAP users, groups, or netgroups base DN, enter the following:
Network> ldap set users-basedn value
Network> ldap set groups-basedn value
Network> ldap set netgroups-basedn value
users-basedn value Specifies the value for the users-basedn. For example:
ou=users,dc=example,dc=com (default)
groups-basedn Specifies the value for the groups-basedn. For example: value ou=groups,dc=example,dc=com (default)
netgroups-basedn Specifies the value for the netgroups-basedn. For example: value ou=netgroups,dc=example,dc=com (default)
For example:
Network> ldap set users-basedn ou=Users,dc=example,dc=com OK Completed
To set the password hash algorithm
◆ To set the password hash algorithm, enter the following:
Network> ldap set password-hash {clear|crypt|md5}
For example:
Network> ldap set password-hash clear OK Completed 84 Configuring Symantec FileStore network settings About administering FileStore cluster's LDAP client
To display the LDAP configured settings
◆ To display the LDAP configured settings, enter the following:
Network> ldap get {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash}
For example:
Network> ldap get server LDAP server: ldap-server.example.com OK Completed
To clear the LDAP setting
◆ To clear the previously configured LDAP setting, enter the following:
Network> ldap clear {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash}
For example:
Network> ldap clear binddn OK Completed
About administering FileStore cluster's LDAP client You can display the Lightweight Directory Access Protocol (LDAP) client configurations. LDAP clients use the LDAPv3 protocol to communicate with the server.
Table 4-8 LDAP client commands
Command Definition
ldap show Displays the FileStore cluster's LDAP client configuration. See “Administering the FileStore cluster's LDAP client” on page 85.
ldap enable Enables the LDAP client configuration. See “Administering the FileStore cluster's LDAP client” on page 85.
ldap disable Disables the LDAP client configuration. This command stops FileStore from querying the LDAP service. See “Administering the FileStore cluster's LDAP client” on page 85. Configuring Symantec FileStore network settings 85 Administering the FileStore cluster's LDAP client
Administering the FileStore cluster's LDAP client To display LDAP client configuration
◆ To display LDAP client configuration, enter the following:
Network> ldap show [users|groups|netgroups]
users Displays the LDAP users that are available in the Name Service Switch (NSS) database.
groups Displays the LDAP groups that are available in the NSS database.
netgroups Displays the LDAP netgroups that are available in the NSS database.
If you do not include one of the optional variables, the command displays all the configured settings for the LDAP client. For example:
Network> ldap show LDAP client is enabled. ======LDAP server: ldap_server LDAP port: 389 (default) LDAP base DN: dc=example,dc=com LDAP over SSL: on LDAP bind DN: cn=binduser,dc=example,dc=com LDAP root bind DN: cn=admin,dc=example,dc=com LDAP password hash: md5 LDAP users base DN: ou=Users,dc=example,dc=com LDAP groups base DN: ou=Groups,dc=example,dc=com LDAP netgroups base DN: ou=Netgroups,dc=example,dc=com OK Completed Network>
LDAP clients use the LDAPv3 protocol for communicating with the server. Enabling the LDAP client configures the Pluggable Authentication Module (PAM) files to use LDAP. PAM is the standard authentication framework for Linux. 86 Configuring Symantec FileStore network settings About NIS
To enable LDAP client configuration
◆ To enable LDAP client configuration, enter the following:
Network> ldap enable
For example:
Network> ldap enable Network>
LDAP clients use the LDAPv3 protocol for communicating with the server. This command configures the PAM configuration files so that they do not use LDAP. To disable LDAP client configuration
◆ To disable LDAP client configuration, enter the following:
Network> ldap disable
For example:
Network> ldap disable Network>
About NIS FileStore supports Network Information Service (NIS), implemented in a NIS server, as an authentication authority. You can use NIS to authenticate computers. If your environment uses NIS, enable the NIS-based authentication on the FileStore cluster.
Table 4-9 NIS commands
Command Definition
nis show Displays the NIS server name, domain name, the NIS users, groups, and netgroups that are available in the NIS database. See “Configuring the NIS-related commands” on page 87.
nis set Sets the NIS domain name in the FileStore cluster. domainname See “Configuring the NIS-related commands” on page 87.
nis set servername Sets the NIS server name in the FileStore cluster. See “Configuring the NIS-related commands” on page 87. Configuring Symantec FileStore network settings 87 Configuring the NIS-related commands
Table 4-9 NIS commands (continued)
Command Definition
nis enable Enables the NIS clients in the FileStore cluster. You must set the NIS domain name and NIS server name before you can enable NIS. See “Configuring the NIS-related commands” on page 87.
nis disable Disables the NIS clients in the FileStore cluster. See “Configuring the NIS-related commands” on page 87.
Configuring the NIS-related commands To display NIS-related settings
◆ To display NIS-related settings, enter the following:
Network> nis show [users|groups|netgroups]
users Displays the NIS users that are available in the FileStore cluster's NIS database.
groups Displays the NIS groups that are available in the FileStore cluster's NIS database.
netgroups Displays the NIS netgroups that are available in the FileStore cluster's NIS database.
For example:
Network> nis show NIS Status : Disabled domain : NIS Server :
To set the NIS domain name on all nodes in the cluster
◆ To set the NIS domain name on the cluster nodes, enter the following:
Network> nis set domainname [domainname]
where domainname is the domain name. For example:
Network> nis domainname domain_1 Setting domainname: "domain_1" 88 Configuring Symantec FileStore network settings Configuring the NIS-related commands
To set NIS server name on all nodes in the cluster
◆ To set the NIS server name on all cluster nodes, enter the following:
Network> nis set servername servername
where servername is the NIS server name. You can use the server's name or IP address. For example:
Network> nis servername 10.10.10.10 Setting NIS Server "10.10.10.10"
To enable NIS clients
◆ To enable NIS clients, enter the following:
Network> nis enable
For example:
Network> nis enable Enabling NIS Client on all the nodes..... Done. Please enable NIS in nsswitch settings for required services.
To view the new settings, enter the following:
Network> nis show NIS Status : Enabled domain : domain_1 NIS Server : 10.10.10.10
To disable NIS clients
◆ To disable NIS clients, enter the following:
Network> nis disable
For example:
Network> nis disable Disabling NIS Client on all nodes Please disable NIS in nsswitch settings for required services. Configuring Symantec FileStore network settings 89 About NSS
About NSS Name Service Switch (NSS) is an FileStore cluster service which provides a single configuration location to identify the services (such as NIS or LDAP) for network information such as hosts, groups, or passwords. For example, host information may be on an NIS server. Group information may be in an LDAP database. The NSS configuration specifies which network services the FileStore cluster should use to authenticate hosts, users, groups, and netgroups. The configuration also specifies the order in which multiple services should be queried.
Table 4-10 NSS commands
Command Definition
nsswitch show Displays the NSS configuration. See “Configuring NSS lookup order” on page 89.
nsswitch conf Configures the order of the NSS services. See “Configuring NSS lookup order” on page 89.
Configuring NSS lookup order To display the NSS configuration
◆ To display the NSS configuration, enter the following:
Network> nsswitch show group: files nis winbind ldap hosts: files nis dns netgroup: nis passwd: files nis winbind ldap shadow: files winbind Network>
To configure the NSS lookup order
◆ To configure the NSS lookup order, enter the following:
Network> nsswitch conf {group|hosts|netgroups|passed|shadow} value1 [[value2]] [[value3]] [[value4]]
group Selects the group file. 90 Configuring Symantec FileStore network settings About VLAN
hosts Selects the hosts file.
netgroups Selects the netgroups file.
passed Selects the password.
shadow Selects the shadow file.
value Specifies the following NSS lookup order with the following values:
■ value1 (required)- { files/nis/winbind/ldap } ■ value2 (optional) - { files/nis/winbind/ldap } ■ value3 (optional) - { files/nis/winbind/ldap } ■ value4 (optional) - { files/nis/winbind/ldap }
To select DNS, you must use the following command:
Network> nsswitch conf hosts
nsswitch conf hosts
value1 : Choose the type (files) (files) value2 : Type the type (files/nis/dns) [] value3 : Type the type (files/nis/dns) []
For example:
Network> nsswitch conf shadow files ldap Network> nsswitch show group: files nis winbind ldap hosts: files nis dns netgroup: nis passwd: files nis winbind ldap shadow: files ldap
About VLAN The virtual LAN (VLAN) feature lets you create VLAN interfaces on the FileStore nodes and administer them as any other VLAN interfaces. The VLAN interfaces are created using Linux support for VLAN interfaces.
The Network> vlan commands view, add, or delete VLAN interfaces. Configuring Symantec FileStore network settings 91 Configuring VLAN
Table 4-11 VLAN commands
Command Definition
vlan show Displays the VLAN interfaces. See “Configuring VLAN” on page 91.
vlan add Adds a VLAN interface. See “Configuring VLAN” on page 91.
vlan del Deletes a VLAN interface. See “Configuring VLAN” on page 91.
Configuring VLAN To display the VLAN interfaces
◆ To display the VLAN interfaces, enter the following:
Network> vlan show
For example:
VLAN DEVICE VLAN id ------pubeth0.2 pubeth0 2 92 Configuring Symantec FileStore network settings Configuring VLAN
To add a VLAN interface
◆ To add a VLAN interface, enter the following:
Network> vlan add device vlan_id
device Specifies the VLAN interface on which the VLAN interfaces will be added.
vlan_id Specifies the VLAN ID which the new VLAN interface uses. Valid values range from 1 to 4095.
For example:
Network> vlan add pubeth1 2 Network> vlan show
VLAN DEVICE VLAN id ------pubeth0.2 pubeth0 2 pubeth1.2 pubeth1 2
To delete a VLAN interface
◆ To delete a VLAN interface, enter the following:
Network> vlan del vlan_device
where the vlan_device name combines the interface on which the VLAN is based and the VLAN ID separated by '.'. For example:
Network> vlan del pubeth0.2 Network> vlan show
VLAN DEVICE VLAN id ------pubeth1.2 pubeth1 2 Chapter 5
Configuring your NFS server
This chapter includes the following topics:
■ About NFS server commands
■ Accessing the NFS server
■ Displaying NFS statistics
■ Displaying file systems and snapshots that can be exported
About NFS server commands The clustered NFS Server provides file access services to UNIX and Linux client computers via the Network File System (NFS) protocol. You use the NFS commands to start and stop your NFS server. See Table 5-1 on page 93.
Note: For the NFS> share commands, see the section referenced below.
See “About NFS file sharing” on page 181. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter NFS> mode. See “About using the FileStore command-line interface” on page 27.
Table 5-1 NFS mode commands
Command Definition
server status Displays the status of the NFS server. See “Accessing the NFS server” on page 94. 94 Configuring your NFS server Accessing the NFS server
Table 5-1 NFS mode commands (continued)
Command Definition
server start Starts the NFS server. See “Accessing the NFS server” on page 94.
server stop Stops the NFS server. See “Accessing the NFS server” on page 94.
stat Prints the NFS statistics. See “Displaying NFS statistics” on page 96.
show fs Displays all of the online file systems and snapshots that can be exported. See “Displaying file systems and snapshots that can be exported” on page 97.
Accessing the NFS server To check on the NFS server status
◆ Prior to starting the NFS server, check on the status of the server by entering:
NFS> server status
For example:
NFS> server status NFS Status on sfs_1 : OFFLINE NFS Status on sfs_2 : OFFLINE
The states (ONLINE, OFFLINE, and FAULTED) correspond to each FileStore node identified by the node name. The states of the node may vary depending on the situation for that particular node.
The possible states of the NFS> server status command are:
ONLINE Indicates that the node can serve NFS protocols to the client.
OFFLINE Indicates the NFS services on that node are down.
FAULTED Indicates something is wrong with the NFS service on the node.
You can run the NFS> server start command to restart the NFS services, and only the nodes where NFS services have problems, will be restarted. Configuring your NFS server 95 Accessing the NFS server
To start the NFS server
◆ To start the NFS server, enter the following:
NFS> server start
You can use the NFS> server start command to clear an OFFLINE state from the NFS> server status output by only restarting the services that are offline. You can run the NFS> server start command multiple times without it affecting the already-started NFS server. For example:
NFS> server start ..Success.
Run the NFS> server status command again to confirm the change.
NFS> server status NFS Status on sfs_1 : ONLINE NFS Status on sfs_2 : ONLINE
To stop the NFS server
◆ To stop the NFS server, enter the following:
NFS> server stop
For example:
NFS> server stop ..Success.
You will receive an error if you try to stop an already stopped NFS server. 96 Configuring your NFS server Displaying NFS statistics
Displaying NFS statistics To display statistics for all the nodes in the cluster on the NFS server
◆ To display NFS statistics, enter the following:
NFS> stat [nodename]
where nodename specifies the node name for which you are trying to obtain the statistical information. If the nodename is not specified, statistics for all the nodes in the cluster are displayed. For example:
NFS> stat sfs_01 sfs_01 ------Server rpc stats: calls badcalls badauth badclnt xdrcall 52517 0 0 0 0
Server nfs v2: null getattr setattr root lookup readlink 10 100% 0 0% 0 0% 0 0% 0 0% 0 0% read wrcache write create remove rename 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% link symlink mkdir rmdir readdir fsstat 0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
Server nfs v3: null getattr setattr lookup access readlink 11 0% 17973 35% 0 0% 5951 11% 6997 13% 1034 2% read write create mkdir symlink mknod 4138 8% 4137 8% 3251 6% 1255 2% 1034 2% 0 0% remove rmdir rename link readdir readdirplus 0 0% 1 0% 0 0% 0 0% 0 0% 1361 2% fsstat fsinfo pathconf commit 0 0% 2 0% 0 0% 3067 6% Configuring your NFS server 97 Displaying file systems and snapshots that can be exported
Displaying file systems and snapshots that can be exported To display a file system and snapshots that can be exported
◆ To display online file systems and the snapshots that can be exported, enter the following:
NFS> show fs
For example:
NFS> show fs FS/Snapshot ======fs1 98 Configuring your NFS server Displaying file systems and snapshots that can be exported Chapter 6
Configuring storage
This chapter includes the following topics:
■ About storage provisioning and management
■ About configuring storage pools
■ Configuring storage pools
■ About configuring disks
■ Configuring disks
■ About displaying information for all disk devices
■ Displaying information for all disk devices associated with nodes in a cluster
■ Increasing the storage capacity of a LUN
■ Printing WWN information
■ Initiating FileStore host discovery of LUNs
■ About I/O fencing
■ Configuring I/O fencing
■ About quotas for file systems
■ Using quota commands for enabling, disabling, and displaying file system quotas
■ Using quota commands for setting and displaying file system quotas
■ About quotas for CIFS home directories
■ Using quotas for CIFS home directories
■ About iSCSI 100 Configuring storage About storage provisioning and management
■ About configuring the iSCSI targets
■ Configuring the iSCSI targets
About storage provisioning and management Storage provisioning in FileStore focuses on the storage pool, which is comprised of a set of disks. The file system commands accept a set of pools as an argument. For example, creating a file system takes one or more pools, and creates a file system over some or all of the pools. A mirrored file system takes multiple pools as an argument and creates a file system such that each copy of the data resides on a different pool. To provision FileStore storage, verify that the Logical Unit Numbers (LUNS) or meta-LUNS in your physical storage arrays have been zoned for use with the FileStore cluster. The storage array administrator normally allocates and zones this physical storage.
Use the FileStore Storage> pool commands to create storage pools using disks (the named LUNS). Each disk can only belong to one storage pool. If you try to add a disk that is already in use, an error message is displayed.
With these storage pools, use the Storage> fs commands to create file systems with different layouts (for example mirrored, striped, striped-mirror). The storage commands are defined in Table 6-1. To access the commands, log into the administrative console (master, system-admin, or storage-admin) and enter the Storage> mode. See “About using the FileStore command-line interface” on page 27.
Table 6-1 Storage mode commands
Command Definition
pool Configures storage pools. See “About configuring storage pools” on page 101.
pool adddisk, pool Configures the disk(s) in the pool. mvdisk, pool See “About configuring disks” on page 106. rmdisk
hba Prints the World Wide Name (WWN) information for all of the nodes in the cluster.
See “Printing WWN information” on page 113. Configuring storage 101 About configuring storage pools
Table 6-1 Storage mode commands (continued)
Command Definition
scanbus Scans all of the SCSI devices connected to all of the nodes in the cluster. See “Initiating FileStore host discovery of LUNs ” on page 114.
fencing Protects the data integrity if the split-brain condition occurs. See “About I/O fencing” on page 115.
disk list Lists all of the available disks, and identifies which ones you want to assign to which pools. See “About displaying information for all disk devices” on page 109.
disk grow Grows a selected disk if it is resized on the storage array. See “Increasing the storage capacity of a LUN” on page 112.
quota Sets a limit on disk quota to restrict certain aspects of the file system usage. See “About quotas for file systems” on page 120.
iscsi Links data storage facilities. See “About iSCSI” on page 138.
About configuring storage pools A storage pool is a group of disks from which FileStore allocates capacity when you create or expand file systems. During the initial configuration, you use the Storage> commands to create storage pools, to “discover” disks, and to assign them to pools. Disk discovery and pool assignment are done once. FileStore propagates disk information to all cluster nodes. You must first create storage pools that can be used to build file systems on. Disks and pools can be specified in the same command provided the disks are part of an existing storage pool. The pool and disk specified first are allocated space before other pools and disks. If the specified disk is larger than the space allocated, the reminder of the space is still utilized when another file system is created spanning the same disk. 102 Configuring storage About configuring storage pools
Table 6-2 Configure storage pool commands
Command Definition
pool create Creates storage pools. You can build file systems on top of them. Note: Disks being used for the pool create command must support SCSI-3 PGR registrations if I/O fencing is enabled.
Note: The minimum size of disks required for creating a pool or adding a disk to the pool is 10 MB.
See “Configuring storage pools” on page 103.
pool list Lists all of the available disks, and identifies which ones you want to assign to which pools. A storage pool is a collection of disks from shared storage; the pool is used as the source for adding file system capacity as needed. Note: Your output for the pool list command depends upon which node console is running.
See “Configuring storage pools” on page 103.
pool rename Renames a pool. See “Configuring storage pools” on page 103.
pool destroy Destroys storage pools used to create file systems. Destroying a pool does not delete the data on the disks that make up the storage pool. See “Configuring storage pools” on page 103.
pool free Lists the free space in each of the pools. Free space information includes:
■ Disk name ■ Free space ■ Total space ■ Use %
See “Configuring storage pools” on page 103. Configuring storage 103 Configuring storage pools
Configuring storage pools To create the storage pool used to create a file system 1 List all of the available disks, and identify which ones you want to assign to which pools.
Storage> disk list Disk sfs_01 ======disk1 OK
2 To create a storage pool, enter the following:
Storage> pool create pool_name disk1[,disk2,...]
pool_name Specifies what the created storage pool will be named. The storage pool name should be a string.
disk1, disk2,... Specifies the disks to include in the storage pool. If the specified disk does not exist, an error message is displayed. Use the Storage> disk list command to view the available disks. Each disk can only belong to one storage pool. If you try to add a disk that is already in use, an error message is displayed. To specify additional disks to be part of the storage pool, use a comma with no space in between.
For example:
Storage> pool create pool1 Disk_0,Disk_1 SFS pool Success V-288-1015 Pool pool1 created successfully 100% [#] Creating pool pool1 104 Configuring storage Configuring storage pools
To list your pools
◆ To list your pools, enter the following:
Storage> pool list
For example:
Storage> pool list Pool List of disks ------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_3 pool3 Disk_4 Disk_5
To rename a pool
◆ To rename a pool, enter the following:
Storage> pool rename old_name new_name
old_name Specifies the name for the existing pool that will be changed. If the old name is not the name of an existing pool, an error message is displayed.
new_name Specifies the new name for the pool. If the specified new name for the pool is already being used by another pool, an error message is displayed.
For example:
Storage> pool rename pool1 p01 SFS pool Success V-288-0 Disk(s) Pool rename successful. Configuring storage 105 Configuring storage pools
To destroy a storage pool
◆ To destroy a storage pool, enter the following:
Storage> pool destroy pool_name
where pool_name specifies the storage pool to delete. If the specified pool_name is not an existing storage pool, an error message is displayed. For example:
Storage> pool destroy pool1 SFS pool Success V-288-988 Pool pool1 is destroyed.
Because you cannot destroy an Unallocated storage pool, you need to remove the disk from the storage pool using the Storage> pool rmdisk command prior to trying to destroy the storage pool. See “Configuring disks” on page 107. If you want to move the disk from the unallocated pool to another existing pool, you can use the Storage> pool mvdisk command. See “Configuring disks” on page 107. To list free space for pools
◆ To list free space for your pool, enter the following:
Storage> pool free [pool_name]
where pool_name specifies the pool for which you want to display free space information. If a specified pool does not exist, an error message is displayed. If pool_name is omitted, the free space for every pool is displayed, but information for specific disks is not displayed. For example:
storage> pool free Pool Free Space Total Space Use% ======pool_1 0 KB 165.49M 100% pool_2 0 KB 165.49M 100% pool_3 57.46M 165.49M 65% 106 Configuring storage About configuring disks
About configuring disks Disks and pools can be specified in the same command provided the disks are part of an existing storage pool. The pool and disk that are specified first are allocated space before other pools and disks. If the specified disk is larger than the space allocated, the remainder of the space is still utilized when another file system is created spanning the same disk.
Table 6-3 Configure disks commands
Command Definition
pool adddisk You can add a new disk to an existing pool. A disk can belong to only one pool. The minimum size of disks required for creating a pool or adding a disk to the pool is 10 MB. Note: Disks being used for the pool adddisk command must support SCSI-3 PGR registrations if I/O fencing is enabled.
See “Configuring disks” on page 107.
pool mvdisk You can move disks from one storage pool to another. Note: You cannot move a disk from one storage pool to another if the disk has data on it.
See “Configuring disks” on page 107.
pool rmdisk You can remove a disk from a pool. Note: You cannot remove a disk from a pool if the disk has data on it.
See “Configuring disks” on page 107. If a specified disk does not exist, an error message is displayed. If one of the disks does not exist, then none of the disks are removed. A pool cannot exist if there are no disks assigned to it. If a disk specified to be removed is the only disk for that pool, the pool is removed as well as the assigned disk. If the specified disk to be removed is being used by a file system, then that disk will not be removed. Configuring storage 107 Configuring disks
Configuring disks To add a disk
◆ To add a new disk to an existing pool, enter the following:
Storage> pool adddisk pool_name disk1[,disk2,...]
pool_name Specifies the pool to be added to the disk. If the specified pool name is not an existing pool, an error message is displayed.
disk1,disk2,... Specifies the disks to be added to the pool. To add additional disks, use a comma with no spaces between. A disk can only be added to one pool, so if the entered disk is already in the pool, an error message is displayed.
For example:
Storage> pool adddisk pool2 Disk_2 SFS pool Success V-288-0 Disk(s) Disk_2 are added to pool2 successfully. 108 Configuring storage Configuring disks
To move disks from one pool to another
◆ To move a disk from one pool to another, or from an unallocated pool to an existing pool, enter the following:
Storage> pool mvdisk src_pool dest_pool disk1[,disk2,...]
src_pool Specifies the source pool to move the disks from. If the specified source pool does not exist, an error message is displayed.
dest_pool Specifies the destination pool to move the disks to. If the specified destination pool does not exist, a new pool is created with the specified name. The disk is moved to that pool.
disk1,disk2,... Specifies the disks to be moved. To specify multiple disks to be moved, use a comma with no space in between. If a specified disk is not part of the source pool or does not exist, an error message is displayed. If one of the disks to be moved does not exist, all of the specified disks to be moved will not be moved. If all of the disks for the pool are moved, the pool is removed (deleted from the system), since there are no disks associated with the pool.
For example:
Storage> pool mvdisk p01 pool2 Disk_0 SFS pool Success V-288-0 Disk(s) moved successfully. Configuring storage 109 About displaying information for all disk devices
To remove a disk 1 To remove a disk from a pool, enter the following:
Storage> pool rmdisk disk1[,disk2,...]
where disk1,disk2 specifies the disk(s) to be removed from the pool. An unallocated pool is a reserved pool for holding disks that are removed from other pools. For example:
Storage> pool list Pool Name List of disks ------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_5 pool3 Disk_3 Disk_4 Unallocated Disk_6
Storage> pool rmdisk Disk_6 SFS pool Success V-288-987 Disk(s) Disk_6 are removed successfully. Storage> pool list Pool Name List of disks ------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_5 pool3 Disk_3 Disk_4
The Disk_6 disk no longer appears in the output. 2 To remove additional disks, use a comma with no spaces in between. For example:
Storage> pool rmdisk disk1,disk2
About displaying information for all disk devices
The Storage> disk list command displays the aggregated information of the disk devices connected to all of the nodes in the cluster. 110 Configuring storage Displaying information for all disk devices associated with nodes in a cluster
Table 6-4 Disk devices commands
Command Definition
disk list stats Displays a list of disks and nodes in tabular form. Each row (default) corresponds to a disk, and each column corresponds to a node.
■ If an OK appears in the table, it indicates that the disk that corresponds to that row is accessible by the node that corresponds to that column. ■ If an ERR appears in the table, it indicates that the disk that corresponds to that row is inaccessible by the node that corresponds to that column. This list does not include the internal disks of each node. See “Displaying information for all disk devices associated with nodes in a cluster” on page 110.
disk list detail Displays the disk information, including a list of disks and their properties. If the console server is unable to access any disk, but if any other node in the cluster is able to access that disk, then that disk is shown as "---." See “Displaying information for all disk devices associated with nodes in a cluster” on page 110.
disk list paths Displays the list of multiple paths of disks connected to all of the nodes in the cluster. It also shows the status of each path on each node in the cluster. See “Displaying information for all disk devices associated with nodes in a cluster” on page 110.
disk list types Displays the enclosure name, array name, and array type for a particular disk that is present on all of the nodes in the cluster. See “Displaying information for all disk devices associated with nodes in a cluster” on page 110.
Displaying information for all disk devices associated with nodes in a cluster Depending on which command variable you use, the column headings will differ.
Disk Indicates the disk name.
Serial Number Indicates the serial number for the disk. Configuring storage 111 Displaying information for all disk devices associated with nodes in a cluster
Enclosure Indicates the type of storage enclosure.
Size Indicates the size of the disk.
Use% Indicates the percentage of the disk that is being used.
ID ID column consists of the following four fields. A ":" separates these fields.
■ VendorID - Specifies the name of the storage vendor, for example, NETAPP, HITACHI, IBM, EMC, HP, and so on. ■ ProductID - Specifies the ProductID based on vendor. Each vendor manufactures different products. For example, HITACHI has HDS5700, HDS5800, and HDS9200 products. These products have ProductIDs such as DF350, DF400, and DF500. ■ TargetID - Specifies the TargetID. Each port of an array is a target. Two different arrays or two ports of the same array have different TargetIDs. TargetIDs start from 0. ■ LunID - Specifies the ID of the LUN. This should not be confused with the LUN serial number. LUN serial numbers uniquely identify a LUN in a target. Whereas a LunID uniquely identifies a LUN in an initiator group (or host group). Two LUNS in the same initiator group cannot have the same LunID. For example, if a LUN is assigned to two clusters, then the LunID of that LUN can be different in different clusters, but the serial number is the same.
Enclosure Name of the enclosure to distinguish between arrays having the same array name.
Array Name Indicates the name of the storage array.
Array Type Indicates the type of storage array and can contain any one of the three values: Disk for JBODs, Active-Active, and Active-Passive.
To display a list of disks and nodes in tabular form
◆ To display a list of disks and nodes in tabular form, enter the following:
Storage> disk list stats
Disk sfs_1 sfs_2 ======disk1 OK OK 112 Configuring storage Increasing the storage capacity of a LUN
To display the disk information
◆ To display the disk information, enter the following:
Storage> disk list detail
Disk Pool Enclosure Size Use% ======disk1 p2 OTHER_DISKS 10.00G 0.0%
ID Serial Number ======VMware%2C:VMware%20Virtual%20S:0:0 -
To display the disk list paths
◆ To display the disks multiple paths, enter the following:
Storage> disk list paths
Disk Paths sfs_1 sfs_2 ======disk1 Path 1 enabled,active enabled,active
To display information for all disk devices associated with nodes in a cluster
◆ To display information for all of the disk devices connected to all of the nodes in a cluster, enter the following:
Storage> disk list types
Disk Enclosure Array Name Array Type ======Disk_0 Disk Disk Disk Disk_1 Disk Disk Disk Disk_3 Disk Disk Disk Disk_4 Disk Disk Disk Disk_5 Disk Disk Disk
Increasing the storage capacity of a LUN
The Storage> disk grow command lets you increase the storage capacity of a previously created LUN on a storage array disk. Configuring storage 113 Printing WWN information
Warning: When increasing the storage capacity of a disk, make sure that the storage array does not reformat it. This will destroy the data. For help, contact your Storage Administrator.
To increase the storage capacity of a LUN 1 Increase the storage capacity of the disk on your storage array. Contact your Storage Administrator for assistance.
2 Run the FileStore Storage> scanbus command to make sure that the disk is connected to the FileStore cluster. See “Initiating FileStore host discovery of LUNs ” on page 114. 3 To increase the storage capacity of the LUN, enter the following:
Storage> disk grow disk_name
where disk_name is the name of the disk. For example:
Storage> disk grow Disk_0 SFS disk SUCCESS V-288-0 disk grow Disk_0 completed successfully
Printing WWN information
The Storage> hba (host bus adapter) command prints World Wide Name (WWN) information for all of the nodes in the cluster. If you want to find the WWN information for a particular node, specify the node name. 114 Configuring storage Initiating FileStore host discovery of LUNs
To print WWN information
◆ To print the WWN information, enter the following:
Storage> hba [host_name]
where you can use the host_name variable if you want to find WWN information for a particular node. Example output:
Storage> hba Node Host Initiator HBA WWNs ======sfs_1 21:00:00:e0:8b:9d:85:27, 21:01:00:e0:8b:bd:85:27 sfs_2 21:00:00:e0:8b:9d:65:1c, 21:01:00:e0:8b:bd:65:1c sfs_3 21:00:00:e0:8b:9d:88:27, 21:01:00:e0:8b:bd:88:27
There are two WWN on each row that represent the two HBAs for each node.
Initiating FileStore host discovery of LUNs
The Storage> scanbus command scans all of the SCSI devices connected to all of the nodes in the cluster. When you add new storage to your devices, you must scan for new SCSI devices. You only need to issue the command once and all of the nodes discover the newly added disks. And the command updates the device configurations without interrupting the existing I/O activity. The scan does not inform you if there is a change in the storage configuration. You can see the latest storage configuration using the Storage> disk list command. You do not need to reboot after scanbus has completed. To scan SCSI devices
◆ To scan the SCSI devices connected to all of the nodes in the cluster, enter the following:
Storage> scanbus
For example:
Storage> scanbus 100% [#] Scanning the bus for disks Configuring storage 115 About I/O fencing
About I/O fencing In the FileStore cluster, one method of communication between the nodes is conducted through heartbeats over private links. If two nodes cannot verify each other's state because they cannot communicate, then neither node can distinguish if the failed communication is because of a failed link or a failed partner node. The network breaks into two networks that cannot communicate with each other but do communicate with the central storage. This condition is referred to as the "split-brain" condition. I/O fencing (also referred to as disk fencing) protects data integrity if the split-brain condition occurs. I/O fencing determines which nodes are to retain access to the shared storage and which nodes are to be removed from the cluster, to prevent possible data corruption. To protect the data on the shared disks, each system in the cluster must be configured to use I/O fencing by making use of special purpose disks called coordinator disks. They are standard disks or LUNs that are set aside for use by the I/O fencing driver. You can specify three (or an odd number greater than three) disks as coordinator disks. The coordinator disks act as a global lock device during a cluster reconfiguration. This lock mechanism determines which node is allowed to fence off data drives from other nodes. A system must eject a peer from the coordinator disks before it can fence the peer from the data drives. Racing for control of coordinator disks is how fencing helps prevent split-brain. Coordinator disks cannot be used for any other purpose. You cannot store data on them, or include them in a disk group for user data.
To use the I/O fencing feature, you need to create a separate coordinator disk group, which will contain the three coordinator disks. Your minimum configuration must be a two-node cluster with FileStore software installed and have more than five shared disks. See Table 6-5 on page 115.
Table 6-5 I/O fencing commands
Command Definition
fencing status Checks the status of I/O fencing. It shows whether the coordinator disk group is currently enabled or disabled. It also shows the status of the individual coordinator disks. See “Configuring I/O fencing” on page 117. 116 Configuring storage About I/O fencing
Table 6-5 I/O fencing commands (continued)
Command Definition
fencing on Checks if the coordinator disk group has three disks. If not, you will need to add disks to the coordinator disk pool until three are present. The minimum LUN size is 10MB. See “Configuring I/O fencing” on page 117.
fencing replace Replaces a coordinator disk with another disk. The command first checks the whether the replacement disks is in failed state or not. If its in the failed state, then an error appears. After the command verifies that the replacement disk is not in a failed state, it checks whether the replacement disk is already being used by an existing pool (storage or coordinator). If it is not being used by any pool, the original disk is replaced. See “Configuring I/O fencing” on page 117.
fencing off Disables I/O fencing on all of the nodes. This command does not free up the coordinator disks. See “Configuring I/O fencing” on page 117.
fencing destroy Destroys the coordinator pool if I/O fencing is disabled. This command is not supported on a single-node setup. See “Configuring I/O fencing” on page 117. Configuring storage 117 Configuring I/O fencing
Configuring I/O fencing To check the status of I/O fencing
◆ To check the status of I/O fencing, enter the following:
Storage> fencing status
In the following example, I/O fencing is configured on the three disks Disk_0,Disk_1 and Disk_4 and the column header Coord Flag On indicates that the coordinator disk group is in an imported state and these disks are in good condition. If you check the Storage> disk list output, it will be in the OK state.
IO Fencing Status ======Disabled
Disk Name Coord Flag On ======Disk_0 Yes Disk_1 Yes Disk_2 Yes 118 Configuring storage Configuring I/O fencing
To add disks to coordinator disk group
◆ To add disks to the coordinator disk group, enter the following:
Storage> fencing on [disk1,disk2,disk3]
The three disks are optional arguments and are required only if the coordinator pool does not contain any disks. You may still provide three disks for fencing with the coordinator pool already containing three disks. This will however remove the three disks previously used for fencing from the coordinator pool and configure I/O fencing on the new disks. For example:
Storage> fencing on SFS fencing Success V-288-0 IO Fencing feature now Enabled 100% [#] Enabling fencing
Storage> fencing status IO Fencing Status ======Enabled
Disk Name Coord Flag On ======Disk_0 Yes Disk_1 Yes Disk_2 Yes Configuring storage 119 Configuring I/O fencing
To replace an existing coordinator disk
◆ To replace the existing coordinator disk, enter the following:
Storage> fencing replace src_disk dest_disk
where src_disk is the source disk and dest_disk is the destination disk. For example:
Storage> fencing replace Disk_2 Disk_3 SFS fencing Success V-288-0 Replaced disk Disk_2 with Disk_3 successfully. 100% [#] Replacing disk Disk_2 with Disk_3 Storage> fencing status IO Fencing Status ======Enabled
Disk Name Coord Flag On ======Disk_0 Yes Disk_1 Yes Disk_3 Yes
To disable I/O fencing
◆ To disable I/O fencing, enter the following:
Storage> fencing off
For example, to disable fencing if it's already enabled:
Storage> fencing off SFS fencing Success V-288-0 IO Fencing feature now Disabled 100% [#] Disabling fencing
To destroy the coordinator pool
◆ To destroy the coordinator pool, enter the following:
Storage> fencing destroy 120 Configuring storage About quotas for file systems
About quotas for file systems
You use Storage > quota commands for configuring disk quotas on file systems for users and groups. Users and groups visible through different sources of name service lookup (nsswitch), local users, LDAP, NIS, and Windows users can be configured for files systems or CIFS home directory quotas. There are two types of disk quotas:
■ Usage quota (numspace) - limits the amount of disk space that can be used on a file system
■ Inode quota (numfiles) - limits the number of files and directories that can be created on a file system In addition to setting a limit on disk quotas, you can also define a warning level, or soft quota, whereby users are informed that they are nearing their limit, which is less than the effective limit, or hard quota. Hard quota limits can be set so that a user is strictly not allowed to cross quota limits. A soft quota limit must be less than a hard quota limit for any type of quota.
Table 6-6 File system quota commands
Command Definition
quota fs enable Enables the quota on a specified file system. If the file system name is not specified, the quota is enabled for all of the online file systems.
See “Using quota commands for enabling, disabling, and displaying file system quotas” on page 122.
quota fs disable Disables the quota on a specified file system. If a file system name is not specified, the quota is disabled on all of the online file systems. See “Using quota commands for enabling, disabling, and displaying file system quotas” on page 122.
quota fs status Displays the quota status of the specified file system. If a file system name is not specified, the command displays the quota status for all of the online file systems. This command only displays whether or not the quota is enabled. See “Using quota commands for enabling, disabling, and displaying file system quotas” on page 122. Configuring storage 121 About quotas for file systems
Table 6-6 File system quota commands (continued)
Command Definition quota fs set Sets the quota for the user name or group name on the specified file system. If a file system name is not specified, the quota for the user name or group name applies to all of the online file systems. This command does not set the quota for the CIFS home directories. See “Using quota commands for setting and displaying file system quotas” on page 124. quota fs setall Sets the quota value for all the users and groups for whom the quota has already been set with set commands. Other users and groups (for whom the quota has not been set previously) will not be affected. See “Using quota commands for setting and displaying file system quotas” on page 124. quota fs show Displays the quota set on a single file system or all of the online file systems by the user names or the group names. See “Using quota commands for setting and displaying file system quotas” on page 124. quota fs setdefault Changes the default value used for setting future quotas. Existing user/group quotas are not changed. If a file system name is not specified, then the default is set for all of the online file systems except the CIFS home directories. See “Using quota commands for setting and displaying file system quotas” on page 124. quota fs Displays the default values for a specified file system or for all of the showdefault online file systems. See “Using quota commands for setting and displaying file system quotas” on page 124. 122 Configuring storage Using quota commands for enabling, disabling, and displaying file system quotas
Using quota commands for enabling, disabling, and displaying file system quotas To enable a file system quota
◆ To enable a file system quota, enter the following:
Storage> quota fs enable [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to enable a quota (user and group) for file system fs1:
Storage> quota fs enable fs1 OK Completed
To disable a file system quota
◆ To disable a file system quota, enter the following:
Storage> quota fs disable [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to disable the user quota for file system fs1:
Storage> quota fs disable fs1 userquota OK Completed Configuring storage 123 Using quota commands for enabling, disabling, and displaying file system quotas
To display the status of a file system quota
◆ To display the status of a file system quota, enter the following:
Storage> quota fs status [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to display the status of a file system quota (enabled or disabled):
Storage> quota fs status FS name User Quota Group Quota ======fsmirror Disabled Disabled quotafs Enabled Enabled striped1 Enabled Enabled fs1 Disabled Enabled OK Completed 124 Configuring storage Using quota commands for setting and displaying file system quotas
Using quota commands for setting and displaying file system quotas To set the quota value
◆ To set the quota value for a file system, enter the following:
Storage> quota fs set [{userquota | groupquota}] user_or_group_names [hardlimit | softlimit] [numfiles | numspace] [value] [fs_name]
For example, to set the user quota (hardlimit and numfiles) of user qtuser on file system fs1:
Storage> quota fs set userquota qtuser hardlimit numfiles 957 fs1 OK Completed
Storage> quota fs show fs1 userquota qtuser User Quota Details for filesystem fs1: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======qtuser 0 0 0 0 0 957 OK Completed
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
user_or_group_name Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numfiles Inode quota for the file system.
numspace Usage quota for the file system. Configuring storage 125 Using quota commands for setting and displaying file system quotas
value Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota. fs_name File system name you want to set the quota for.
To set all quota values
◆ To set all of the quota values, enter the following:
Storage> quota fs setall [{userquota | groupquota}] [hardlimit | softlimit] [numfiles | numspace] [value] [fs_name]
For example, to set all existing user quotas to default values:
Storage> quota fs show fs1 User Quota Details for filesystem fs1: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======a1 0 0 10G 0 1000 10000 qtuser 0 0 0 0 0 957 qtuser2 0 1000K 0 0 0 0
Storage> quota fs setall userquota OK Completed Storage> quota fs show fs1 User Quota Details for filesystem fs1: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======a1 0 0 10G 0 1000 1000 qtuser 0 0 0 0 0 1000 qtuser2 0 1000K 0 0 0 1000
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user. 126 Configuring storage Using quota commands for setting and displaying file system quotas
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numfiles Inode quota for the file system.
numspace Usage quota for the file system.
value Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota. Configuring storage 127 Using quota commands for setting and displaying file system quotas
To display the file system settings
◆ To display the file system settings, enter the following:
Storage> quota fs show [fs_name] [{userquota | groupquota}] [user_or_group_names]
For example, to display quota values for the file system:
Storage> quota fs show User Quota Details for filesystem quotafs: User Name Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======quotauser 10M 1M 20M 1 5 1000 quotauser 9M 1M 10M 1 0 0 qtuser 10M 10M 20M 9 5 1000 qtuser2 19M 5M 20M 1 0 1000
User Quota Details for filesystem fs1: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======a1 0 0 10G 0 1000 1000 qtuser 0 0 0 0 0 1000 qtuser2 0 1000K 0 0 0 1000
User Quota Details for filesystem longfilesystemnameforqt: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======qtuser 0 0 0 0 901 1000 OK Completed
fs_name File system name you want to set the quota for. userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user. groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group. 128 Configuring storage Using quota commands for setting and displaying file system quotas
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
To set the default quota values
◆ To set the default quota values, enter the following:
Storage> quota fs setdefault [{userquota | groupquota}] hardlimit | softlimit numfiles | numspace [value] [fs_name]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numfiles Inode quota for the file system.
numspace Usage quota for the file system.
value Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
fs_name File system name you want to set the quota for.
For example, to set the default group quota value:
Storage> quota fs setdefault groupquota hardlimit numspace 1T OK Completed Configuring storage 129 About quotas for CIFS home directories
To display the default values
◆ To display the default values, enter the following:
Storage> quota fs showdefault [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to display the default quota values:
Storage> quota fs showdefault Default Quota values: ======Title User/Group Soft Hard Soft Hard Quota Space Space Files Files ======Default Quota User Quota - - - 1000 Default Quota Group Quota - 1T - -
Per FS default Quota values: ======FS User/Group Soft Hard Soft Hard Name Quota Space Space Files Files ======fs1 User Quota - - - 1000 OK Completed
About quotas for CIFS home directories
You use Storage> quota cifshomedir commands to configure quotas for CIFS home directories. Users and groups visible through different sources of name service lookup (nsswitch), local users, LDAP, NIS, and Windows users can be configured for CIFS home directory quotas. Values are entered in a configuration file only. The actual application of the quota is done with the set and setall commands using the default values provided. 130 Configuring storage About quotas for CIFS home directories
Table 6-7 CIFS home directory quota commands
Command Definition
quota cifshomedir Changes the default value that will be used for setting future quotas setdefault on the CIFS home directories. Existing user/group quotas are not effected. See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Displays the default values for the CIFS home directories. showdefault See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Sets the quota value for the users or groups for the CIFS home set directories. See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Sets the quota value for all users and groups for whom the quota has setall already been set with set commands.
See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Displays the quota set on the CIFS home directories per username or show groupname. See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Enables the quota of the CIFS home directories. enable See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Disables the quota of the CIFS home directories. disable See “Using quotas for CIFS home directories” on page 131.
quota cifshomedir Displays the status of the quota of the CIFS home directories. This status command only displays whether or not the quota is enabled. See “Using quotas for CIFS home directories” on page 131. Configuring storage 131 Using quotas for CIFS home directories
Using quotas for CIFS home directories To set the default value used for quota limits for CIFS home directories
◆ To set the default value used for quota limits for CIFS home directories, enter the following:
Storage> quota cifshomedir setdefault userquota | groupquota hardlimit | softlimit numfiles | numspace [value]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numfiles Inode quota for the file system.
numspace Usage quota for the file system.
value Quota value for the users or groups on a file system. If a value is not specified, then the default value set from the setdefault command is used to configure the quota limit.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs show command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
For example, to set the default CIFS home directory user quota value:
Storage> quota cifshomedir setdefault userquota hardlimit numspace 2T OK Completed 132 Configuring storage Using quotas for CIFS home directories
To display default quota values for CIFS home directories
◆ To display the default quota values of the CIFS home directories, enter the following:
Storage> quota cifshomedir showdefault [userquota | groupquota]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to display the default CIFS home directory quota values:
Storage> quota cifshomedir showdefault
CIFS homedir default Quota values: ======User/Group Quota Soft Space Hard Space Soft Files Hard Files ======User Quota - 2T - - Group Quota - - - - OK Completed Configuring storage 133 Using quotas for CIFS home directories
To set a quota for CIFS home directories
◆ To set a quota for the user or group for CIFS home directories, enter the following:
Storage> quota cifshomedir set userquota | groupquota user_or_group_names [hardlimit | softlimit] [numfiles | numspace] [value]
For example, to set the user quota (hardlimit and numfiles) of user qtuser on CIFS home directories:
Storage> quota cifshomedir set userquota qtuser hardlimit numfiles 6549 OK Completed
Storage> quota cifshomedir show User Quota Details for CIFS homedirectories:
User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======qtuser 0 20M 100M 0 1000 6549 OK Completed
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user. groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group. user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command. hardlimit Hard quota limit. softlimit Soft quota limit. numfiles Inode quota for the file system. numspace Usage quota for the file system. 134 Configuring storage Using quotas for CIFS home directories
value Quota value for the CIFS home directories. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
To set the quota value for all users and groups
◆ To set the quota value for all users and groups for whom the quota has already been set with the set commands, enter the following:
Storage> quota cifshomedir setall userquota | groupquota [hardlimit | softlimit] [numfiles | numspace] [value]
Other users and groups (for whom quota has not been set previously) will not be affected. For example, to set all existing user quotas for CIFS home directories:
Storage> quota cifshomedir show Name Space Soft Hard Files Soft Hard Used Space Space Used Files Files ======qtuser 0 20M 100M 0 1000 6549 OK Completed
Storage> quota cifshomedir setall userquota softlimit numfiles 198 OK Completed
Storage> quota cifshomedir show User Quota Details for CIFS homedirectories:
User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======qtuser 0 20M 100M 0 198 6549 OK Completed Configuring storage 135 Using quotas for CIFS home directories
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user. groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group. hardlimit Hard quota limit. softlimit Soft quota limit. numfiles Inode quota for the file system. numspace Usage quota for the file system. value Quota value for CIFS home directories for whom the quota has already been set with set commands. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota. 136 Configuring storage Using quotas for CIFS home directories
To display the quotas for CIFS home directories
◆ To display the quotas for the CIFS home directories, enter the following:
Storage> quota cifshomedir show [userquota | groupquota] [user_or_group_names]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
For example, to display CIFS home directory quota values:
Storage> quota cifshomedir show
User Quota Details for CIFS homedirectories: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======qtuser 0 20M 100M 0 198 6549 OK Completed Configuring storage 137 Using quotas for CIFS home directories
To enable the quota for CIFS home directories
◆ To enable the quota for CIFS home directories, enter the following:
Storage> quota cifshomedir enable [userquota | groupquota]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to enable quotas (user and group quotas) for CIFS home directories:
Storage> quota cifshomedir enable OK Completed
To disable the quota for CIFS home directories
◆ To disable the quota for the CIFS home directories, enter the following:
Storage> quota cifshomedir disable [userquota | groupquota]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to disable the group quota for CIFS home directories:
Storage> quota cifshomedir disable groupquota OK Completed 138 Configuring storage About iSCSI
To display the status of the quota for CIFS home directories
◆ To display the quota status of the CIFS home directories, enter the following:
Storage> quota cifshomedir status [userquota | groupquota]
Displays only if the quota is enabled or disabled.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of files that can be created by all the users in the group.
For example, to display the status of a CIFS home directory quota (enabled or disabled):
Storage> quota cifshomedir status FS name User Quota Group Quota ======CIFS homedirectories Enabled Disabled OK Completed
About iSCSI The Internet Small Computer System Interface (iSCSI) is an Internet protocol-based storage networking standard that links data storage facilities. By carrying SCSI commands over IP networks, iSCSI facilitates data transfers over Intranets and manages storage over long distances. The iSCSI feature allows FileStore servers to use iSCSI disks as shared storage.
Table 6-8 iSCSI commands
Command Definition
iscsi status Displays the status of the iSCSI initiator service. See “Configuring the iSCSI initiator” on page 140.
iscsi start Starts the iSCSI initiator service. See “Configuring the iSCSI initiator” on page 140. Configuring storage 139 About iSCSI
Table 6-8 iSCSI commands (continued)
Command Definition iscsi stop Stops the iSCSI initiator service. See “Configuring the iSCSI initiator” on page 140. iscsi device add Adds a device for use with the iSCSI initiator. iSCSI initiator connections use this device to connect to the target. If there are any existing targets, then the iSCSI initiator initiates a connection to all targets by way of device.
See “Configuring the iSCSI initiator” on page 140. iscsi device del Deletes a device from the iSCSI configuration. Any existing connections by way of the device to targets is terminated. If device is the last device in the iSCSI initiator configuration, and there are existing targets, then the device cannot be deleted from the configuration. See “Configuring the iSCSI initiator” on page 140. iscsi device list Lists the devices used by the iSCSI initiator. See “Configuring the iSCSI initiator” on page 140. iscsi discovery add Adds a discovery address to the iSCSI initiator configuration. If no TCP port is specified with the discovery-address, then the default port 3260 is used. Any targets discovered at discovery-address are automatically logged in. See “Configuring the iSCSI initiator” on page 140. iscsi discovery del Deletes a discovery address from the iSCSI initiator configuration. Any targets discovered using discovery-address are also deleted from the configuration. See “Configuring the iSCSI initiator” on page 140. iscsi discovery Performs discovery of changes in targets or LUNs at rediscover discovery-address. Any LUNs or targets that have been removed at discovery-address will be automatically removed from the configuration. New LUNs or targets discovered at discovery-address will be automatically added and logged into.
See “Configuring the iSCSI initiator” on page 140. iscsi discovery list Lists the discovery address present in the iSCSI initiator configuration. See “Configuring the iSCSI initiator” on page 140. 140 Configuring storage About iSCSI
Table 6-8 iSCSI commands (continued)
Command Definition
iscsi initiator Sets the prefix used to generate initiator names. Initiator names are name setprefix generated as initiator-name-prefix followed by the node number of the node. See “Configuring the iSCSI initiator name” on page 141.
iscsi initiator Lists the initiator names for all nodes in the cluster. name list See “Configuring the iSCSI device” on page 142.
Configuring the iSCSI initiator To display the iSCSI initiator service
◆ To display the status of the iSCSI initiator server, enter the following:
Storage> iscsi status
For example:
iSCSI Initiator Status on sfs_1 : ONLINE iSCSI Initiator Status on sfs_2 : ONLINE
To start the iSCSI initiator service
◆ To start the iSCSI initiator service, enter the following:
Storage> iscsi start
For example:
Storage> iscsi start Storage> iscsi status iSCSI Initiator Status on sfs_1 : ONLINE iSCSI Initiator Status on sfs_2 : ONLINE Configuring storage 141 About iSCSI
To stop the iSCSI initiator service
◆ To stop the iSCSI initiator service, enter the following:
Storage> iscsi stop
For example:
Storage> iscsi stop Storage> iscsi status iSCSI Initiator Status on sfs_1 : OFFLINE iSCSI Initiator Status on sfs_2 : OFFLINE
Configuring the iSCSI initiator name To display the iSCSI initiator names
◆ To display the iSCSI initiator names, enter the following:
Storage> iscsi initiator name list
For example:
Storage> iscsi initiator name list Node Initiator Name ------sfs_1 iqn.2009-05.com.test:test.1 sfs_2 iqn.2009-05.com.test:test.2
To configure the iSCSI initiator name
◆ To configure the iSCSI initiator name, enter the following:
Storage> iscsi initiator name setprefix initiatorname-prefix
where initiatorname-prefix is a name that conforms to the naming rules for initiator and target names as specified in RFC3721. Initiator names for nodes in the cluster are generated by appending the node number to this prefix. For example:
Storage> iscsi initiator name setprefix iqn.2009-05.com.test:test Storage> 142 Configuring storage About iSCSI
Configuring the iSCSI device The iSCSI initiator contains a list of devices from which connections are made to targets. To display the list of devices
◆ To display the list of devices, enter the following:
Storage> iscsi device list
For example:
Storage> iscsi device list Device ------pubeth0 pubeth1
To add an iSCSI device
◆ To add an iSCSI device, enter the following:
Storage> iscsi device add device
where device is the device where the operation takes place. For example:
Storage> iscsi device add pubeth1 Storage> Storage> iscsi device list Device ------pubeth0 pubeth1 Configuring storage 143 About iSCSI
To delete an iSCSI device
◆ To delete an iSCSI device, enter the following:
Storage> iscsi device delete device
where device is the device where the operation takes place. For example:
Storage> iscsi device add pubeth1 Storage> Storage> iscsi device list Device ------pubeth0
Configuring discovery on iSCSI The iSCSI initiator contains a list of discovery addresses. To display the iSCSI discovery addresses
◆ To display the iSCSI discovery addresses, enter the following:
Storage> iscsi discovery list
For example:
Storage> iscsi discovery list Discovery Address ------192.168.2.14:3260 192.168.2.15:3260 144 Configuring storage About iSCSI
To add a discovery address to the iSCSI initiator
◆ To add a discovery address to the iSCSI initiator, enter the following:
Storage> iscsi discovery add discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery add 192.168.2.15:3260 Discovery CHAP credentials for sfs_1: Outgoing CHAP Username : root Outgoing CHAP Password : ******** Incoming CHAP Username : Authentication succeeded.
Discovered Targets ------iqn.2001-04.com.example:storage.disk2.sys3.xyz iqn.2001-04.com.example:storage.disk3.sys3.xyz iqn.2001-04.com.example:storage.disk4.sys3.xyz iqn.2001-04.com.example:storage.disk5.sys3.xyz
Logging into target iqn.2001-04.com.example:storage.disk2.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk3.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk4.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk5.sys3.xyz
Storage> iscsi discovery list
Discovery Address ------192.168.2.14:3260 192.168.2.15:3260 Configuring storage 145 About iSCSI
To delete an iSCSI discovery address
◆ To delete the targets discovered using this discovery address, enter the following:
Storage> iscsi discovery del discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery del 192.168.2.15:3260 Storage> Storage> iscsi discovery list
Discovery Address ------192.168.2.14:3260
To rediscover an iSCSI discovery address
◆ To rediscover an iSCSI discovery address, enter the following:
Storage> iscsi discovery rediscover discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery rediscover 192.168.2.15:3260 Deleted targets ------iqn.2001-04.com.example:storage.disk5.sys3.xyz
New targets ------iqn.2001-04.com.example:storage.disk6.sys3.new.xyz
Logging into target iqn.2001-04.com.example:storage.disk6.sys3.new.xyz 146 Configuring storage About configuring the iSCSI targets
About configuring the iSCSI targets iSCSI target commands allow you to view or manipulate targets discovered using the iscsi discovery add command, or statically added targets using the iscsi target add command. The iscsi target list command lists all the targets visible to the iSCSI initiator. To get detailed information about a target, use the iscsi target listdetail targetname command.
Table 6-9 iSCSI target commands
Command Definition
iscsi target add Adds a static target-portal combination to the iSCSI initiator configuration. The portal-address cannot be the same as any discovery-address present in the iSCSI initiator configuration. Connections to portal-address are made for target-name, but no discovery is done for any other targets available at portal-address. If no portal tag is specified with portal-address, the default portal tag of 1 is used.
See “Configuring the iSCSI targets” on page 148.
iscsi target del Deletes a target target-name from the iSCSI initiator configuration. Any existing connections to target-name are terminated. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target that was discovered at a discovery-address once deleted from an iSCSI initiator configuration will again be visible to an iSCSI initiator if re-discovery is done either through isci discovery rediscover or scanbus commands.
See “Configuring the iSCSI targets” on page 148.
iscsi target login Allows login to a target target-name from an iSCSI initiator. Connections to target-name are made from all devices present in an iSCSI initiator configuration. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target once logged out by the iSCSI initiator is not logged in until iscsi target login is requested. See “Configuring the iSCSI targets” on page 148. Configuring storage 147 About configuring the iSCSI targets
Table 6-9 iSCSI target commands (continued)
Command Definition iscsi target logout Allows logout from connections to target-name from the iSCSI initiator. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target once logged out by the iSCSI initiator is not logged in until iscsi target login is requested.
See “Configuring the iSCSI targets” on page 148. iscsi target list Lists the targets visible to the iSCSI initiator. See “Configuring the iSCSI targets” on page 148. iscsi target Lists detailed information about the target. listdetail See “Configuring the iSCSI targets” on page 148. 148 Configuring storage Configuring the iSCSI targets
Configuring the iSCSI targets To display the iSCSI targets
◆ To display the iSCSI targets, enter the following:
Storage> iscsi target list
For example:
Storage> iscsi target list Target ------iqn.2001-04.com.example:storage.disk2.sys3.xyz iqn.2001-04.com.example:storage.disk4.sys3.xyz iqn.2001-04.com.example:storage.disk5.sys3.xyz iqn.2001-04.com.example:storage.disk3.sys3.xyz iqn.2001-04.com.example2:storage.disk2.sys3.xyz iqn.2001-04.com.example2:storage.disk3.sys3.xyz iqn.2001-04.com.example2:storage.disk4.sys3.xyz iqn.2001-04.com.example2:storage.disk5.sys3.xyz
Discovery Address State Disk ------192.168.2.14:3260 ONLINE disk_0 192.168.2.14:3260 ONLINE disk_2 192.168.2.14:3260 ONLINE disk_3 192.168.2.14:3260 ONLINE disk_1 192.168.2.15:3260 ONLINE disk_4 192.168.2.15:3260 ONLINE disk_5 192.168.2.15:3260 ONLINE disk_6 192.168.2.15:3260 ONLINE disk_7 Configuring storage 149 Configuring the iSCSI targets
To display the iSCSI target details
◆ To display the iSCSI target details, enter the following:
Storage> iscsi target listdetail target
where target is the name of the node you want to display the details for. For example:
Storage> iscsi target listdetail iqn.2001-04.com.example: storage.disk2.sys3.xyz
Discovery Address : 192.168.2.14:3260 Connections ======Portal Address sfs_1 sfs_2 ------192.168.2.14:3260,1 2 2
To add an iSCSI target
◆ To add an iSCSI target, enter the following:
Storage> iscsi target add target-name portal-address
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target add iqn.2001-04.com.example: storage.disk2.sys1.xyz 192.168.2.14:3260
Logging into target iqn.2001-04.com.example: storage.disk2.sys1.xyz Storage> iscsi target listdetail iqn.2001-04.com.example: storage.disk2.sys1.xyz
Connections ======Portal Address sfs55_01 sfs55_02 ------192.168.2.14:3260,1 1 1 150 Configuring storage Configuring the iSCSI targets
To delete an iSCSI target
◆ To delete an iSCSI target, enter the following:
Storage> iscsi target del target-name {discovery-address|portal-address}
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target del iqn.2001-04.com.example: storage.disk2.sys3.xyz
To login to an iSCSI target
◆ To login to an iSCSI target, enter the following:
Storage> iscsi target login target-name {discovery-address | portal-address}
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target login iqn.2001-04.com.example: storage.disk2.sys3.xyz Configuring storage 151 Configuring the iSCSI targets
To logout from an iSCSI target
◆ To logout from an iSCSI target, enter the following:
Storage> iscsi target logout target-name {discovery-address | portal-address}
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target logout iqn.2001-04.com.example: storage.disk2.sys3.xyz 152 Configuring storage Configuring the iSCSI targets Chapter 7
Creating and maintaining file systems
This chapter includes the following topics:
■ About creating and maintaining file systems
■ Listing all file systems and associated information
■ About creating file systems
■ Creating a file system
■ Adding or removing a mirror to a file system
■ Configuring FastResync for a file system
■ Disabling the FastResync option for a file system
■ Increasing the size of a file system
■ Decreasing the size of a file system
■ Checking and repairing a file system
■ Changing the status of a file system
■ Destroying a file system
■ About snapshots
■ Configuring snapshots
■ About snapshot schedules
■ Configuring snapshot schedules 154 Creating and maintaining file systems About creating and maintaining file systems
About creating and maintaining file systems This chapter discusses the FileStore file system commands. You use these commands to configure your file system.
For more information on the fs commands, see Table 7-1. File systems consist of both metadata and file system data. Metadata contains information such as the last modification date, creation time, permissions, and so on. The total amount of space required for the metadata depends on the number of files in the file system. A file system with many small files requires more space to store metadata. A file system with fewer larger files requires less space for handling the metadata. When you create a file system, you need to set aside some space for handling the metadata. The space required is generally proportional to the size of the file system. For this reason, after you create the file system with the Storage> fs list command the output includes non-zero percentages. The space set aside for handling metadata may increase or decrease as needed. For example, a file system on a 1 GB volume takes approximately 35 MB (about 3%) initially for storing metadata. In contrast, a file system of 10 MB requires approximately 3.3 MB (30%) initially for storing the metadata. To access the commands, log into the administrative console (as a master, system-admin, or storage-admin) and enter Storage> mode. See “About using the FileStore command-line interface” on page 27.
Table 7-1 Storage mode commands
Command Definition
fs list Lists all file systems and associated information. See “Listing all file systems and associated information” on page 156.
fs create Creates a file system. See “About creating file systems” on page 156.
fs addmirror Adds a mirror to a file system. See “Adding or removing a mirror to a file system” on page 160.
fs rmmirror Removes a mirror from a file system. See “Adding or removing a mirror to a file system” on page 160.
fs setfastresync Keeps the mirrors in the file system in a consistent state. See “Configuring FastResync for a file system” on page 162. Creating and maintaining file systems 155 About creating and maintaining file systems
Table 7-1 Storage mode commands (continued)
Command Definition fs unsetfastresync Disables the FastResync option for a file system. See “Disabling the FastResync option for a file system” on page 163. fs growto Increases the size of a file system to a specified size. See “Increasing the size of a file system” on page 163. fs growby Increases the size of a file system by a specified size. See “Increasing the size of a file system” on page 163. fs shrinkto Decreases the size of a file system to a specified size. See “Decreasing the size of a file system” on page 165. fs shrinkby Decreases the size of a file system by a specified size. See “Decreasing the size of a file system” on page 165. fs fsck Checks and repair a file system. See “Checking and repairing a file system” on page 166. fs online Mounts (places online) a file system. See “Changing the status of a file system” on page 167. fs offline Unmounts (places offline) a file system. See “Changing the status of a file system” on page 167. fs destroy Destroys a file system. See “Destroying a file system” on page 169. snapshot Copies a set of files and directories as they were at a particular point in the past. See “About snapshots” on page 169. snapshot schedule Creates or remove a snapshot. See “About snapshot schedules” on page 175. 156 Creating and maintaining file systems Listing all file systems and associated information
Listing all file systems and associated information To list all file systems and associated information
◆ To list all file systems and associated information, enter the following:
Storage> fs list [fs_name]
where fs_name is optional. If you enter a file system that does not exist, an error message is displayed. If you do not enter a specified file system, a list of file systems is displayed. For example:
Storage> fs list fs1 General Info: ======Block Size: 1024 Bytes
Primary Tier ======Size: 5.00G Use%: 11% Layout: simple Mirrors: - Columns: - Stripe Unit: 0.00 K FastResync: Disabled
Mirror 1: List of pools: p2 List of disks: sda
About creating file systems
The Storage> fs commands manage file system operations. Creating and maintaining file systems 157 Creating a file system
Table 7-2 Create file systems commands
Command Definition
fs create simple Creates a simple file system of a specified size. You can specify a block size for the file system. The default block size is determined based on the size of the file system when the file system is created. For example, 1 KB is the default block size for up to a 2 TB file system size. There are other default block sizes, 2 KB, 4 KB, and 8 KB for different ranges of file system sizes. If you create a 1 TB file system, and then increase it to 3 TB, the file system block size remains at 1KB. See “Creating a file system ” on page 157.
fs create mirrored Creates a mirrored file system with a specified number of mirrors, a list of pools, and online status. Each mirror uses the disks from the corresponding pools as listed. See “Creating a file system ” on page 157.
fs create Creates a mirrored-stripe file system with a specified number of mirrored-stripe columns, mirrors, pools, and protection options. See “Creating a file system ” on page 157.
fs create Creates a striped-mirror file system with a specified number of mirrors striped-mirror and stripes. See “Creating a file system ” on page 157.
fs create striped Creates a striped file system. A striped file system is a file system that stores its data across multiple disks rather than storing the data on one disk. See “Creating a file system ” on page 157.
Creating a file system To create a simple file system of a specified size
◆ To create a simple file system with a specified size, enter the following:
Storage> fs create simple fs_name size pool1[,disk1,...] [blksize=bytes]
For example:
Storage> fs create simple fs2 10m sda 100% [#] Creating simple filesystem 158 Creating and maintaining file systems Creating a file system
To create a mirrored file system
◆ To create a mirrored file system, enter the following:
Storage> fs create mirrored fs_name size nmirrors pool1[,disk1,...] [protection=disk|pool] [blksize=bytes]
For example:
Storage> fs create mirrored fs1 100M 2 pool1,pool2 100% [#] Creating mirrored filesystem
To create a mirrored-stripe file system
◆ To create a mirrored-stripe file system, enter the following:
Storage> fs create mirrored-stripe fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes] [blksize=bytes]
To create a striped-mirror file system
◆ To create a striped-mirror file system, enter the following:
Storage> fs create striped-mirror fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes] [blksize=bytes]
To create a striped file system
◆ To create a striped file system, enter the following:
Storage> fs create striped fs_name size ncolumns pool1[,disk1,...] [stripeunit=kilobytes] [blksize=bytes]
fs_name Specifies the name of the file system being created. The file system name should be a string. If you enter a file that already exists, you receive an error message and the file system is not created. Creating and maintaining file systems 159 Creating a file system
size Specifies the size of a file system. To create a file system, you need at least 10 MB of space. Available units are the following:
■ MB ■ GB ■ TB
You can enter the units with either uppercase (10M) or lowercase (10m) letters. To see how much space is available on a pool, use the Storage> pool free command.
See “About configuring storage pools” on page 101. nmirrors Specifies the number of mirrors the file system has. You must enter a positive integer. ncolumns Specifies the number of columns for the striped file system. The number of columns represents the number of disks to stripe the information across. If the number of columns exceeds the number of disks for the entered pools, an error message is displayed. This message indicates that there is not enough space to create the striped file system. pool1[,disk1,...] Specifies the pool(s) or disk(s) for the file system. If you specify a pool or disk that does not exist, you receive an error message. Specify more than one pool or disk by separating the name with a comma; however, do not include a space between the comma and the name. To find a list of pools and disks, use the Storage> pool list command. To find a list of disks, use the Storage> disk list command. The disk must be part of the pool or an error message is displayed. protection If you do not specify a protection option, the default is "disk." The available options for this field are:
■ disk - Creates mirrors on separate disks. ■ pool - Creates mirrors in separate pools. If there is not enough space to create the mirrors, an error message is displayed, and the file system is not created. 160 Creating and maintaining file systems Adding or removing a mirror to a file system
stripeunit=kilobytes Specifies a stripe width (in kilobytes). Possible values are the following:
■ 128 ■ 256 ■ 512 (default) ■ 1024 ■ 2048
blksize=bytes Specifies the block size for the file system. Possible values of bytes are the following:
■ 1024 (default) ■ 2048 ■ 4096 ■ 8192
Adding or removing a mirror to a file system A mirrored file system is one that has copies of itself on other disks or pools. To add a mirror to a file system
◆ To add a mirror to a file system, enter the following:
Storage> fs addmirror fs_name pool1[,disk1,...] [protection=disk|pool]
fs_name Specifies which file system to add the mirror. If the specified file system does not exist, an error message is displayed. Creating and maintaining file systems 161 Adding or removing a mirror to a file system
pool1[,disk1,...] Specifies the pool(s) or disk(s) to use for the file system. If the specified pool or disk does not exist, an error message is displayed, and the file system is not created. You can specify more than one pool or disk by separating the name with a comma, but do not include a space between the comma and the name. To find a list of existing pools and disks, use the Storage> pool list command.
See “About configuring storage pools” on page 101. To find a list of the existing disks, use the Storage> disk list command. See “About displaying information for all disk devices” on page 109. The disk needs to be part of the pool or an error message is displayed. protection The default value for the protection field is "disk." Available options are:
■ disk - Creates mirrors on separate disks. ■ pool - Uses pools from any available pool.
For example:
Storage> fs addmirror fs1 pool3,pool4 Storage> 162 Creating and maintaining file systems Configuring FastResync for a file system
To remove a mirror from a file system
◆ To remove a mirror from a file system, enter the following:
Storage> fs rmmirror fs_name [pool_or_disk_name]
fs_name Specifies the file system from which to remove the mirror. If you specify a file system that does not exist, an error message is displayed.
pool_or_disk_name Specifies the pool or disk name to remove from the mirrored file system that is spanning on the specified pools/disks. If a pool name is the same as the disk name, then the mirror present on the pool is deleted.
For a striped-mirror file system, if any of the disks are bad, the Storage> fs rmmirror command disables the mirrors on the disks that have failed. If no disks have failed, FileStore chooses a mirror to remove. For example:
Storage> fs rmmirror fs1 AMS_WMS0_0
Configuring FastResync for a file system If the power fails or a switch fails mirrors in a file system may not be in a consistent state.
The Storage> fs setfastresync (Fast Mirror Resynchronization (FastResync)) command keeps the mirrors in the file system in a consistent state.
Note: You must have at least two mirrors on the file system to enable FastResync. The setfastresync command is enabled by default. Creating and maintaining file systems 163 Disabling the FastResync option for a file system
To enable the FastResync option
◆ To enable FastResync, enter the following:
Storage> fs setfastresync fs_name [pool_or_disk_name]
fs_name Specifies the name of the file system for which to enable FastResync. If you specify a file system that does not exist, an error message is displayed. If the FastResync on the specified file system already has FastResync enabled, an error message is displayed, and no action is taken.
pool_or_disk_name Specifies the pool or disk name to remove from the mirrored file system that is spanning the specified pool or disk. If you specify a pool or disk that is not part of the mirrored file system, an error message is displayed, and no action is taken.
For example, to enable for a file system, enter the following :
Storage> fs setfastresync fs6
Disabling the FastResync option for a file system You can disable the FastResync option for a file system. To disable the FastResync option
◆ To disable the FastResync option, enter the following:
Storage> fs unsetfastresync fs_name
where fs_name specifies the name of the file system for which to disable FastResync. If you specify a file system does not exist, an error message is displayed. For example:
Storage> fs unsetfastresync fs6
Increasing the size of a file system To increase the size of a file system it must be online. If the file system is not online, an error message is displayed, and no action is taken. 164 Creating and maintaining file systems Increasing the size of a file system
To increase the size of a file system to a specified size
◆ To increase the size of a file system to a specified size, enter the following:
Storage> fs growto {primary|secondary} fs_name new_length [pool1[,disk1,...]] [protection=disk|pool]
For example:
Storage> fs growto primary fs1 1G
To increase the size of a file system by a specified size
◆ To increase the size of a file system by a specified size, enter the following:
Storage> fs growby {primary|secondary} fs_name length_change [pool1[,disk1,...]] [protection=disk|pool]
For example:
Storage> fs growby primary fs1 50M
primary|secondary Specifies the primary or secondary tier.
fs_name Specifies the file system whose size will be increased. If you specify a file system that does not exist, an error message is displayed.
new_length Expands the file system to a specified size. The size specified must be a positive number, and it must be bigger than the size of the existing file system. If the new file system is not larger than the size of the existing file system, an error message is displayed, and no action is taken. This variable is used with the Storage> fs growto command.
length_change Expands the file system to a specified size. The size specified must be a positive number, and it must be bigger than the size of the existing file system. If the new file system is not larger than the size of the existing file system, an error message is displayed, and no action is taken. This variable is used with the Storage> fs growby command. Creating and maintaining file systems 165 Decreasing the size of a file system
pool1[,disk1,...] Specifies the pool(s) or disk(s) to use for the file system. If you specify a pool or disk that does not exist, an error message is displayed, and the file system is not resized. You can specify more than one pool or disk by separating the name with a comma; however, do not include a space between the comma and the name. To find a list of existing pools and disks, use the Storage> pool list command.
See “About configuring storage pools” on page 101. To find a list of the existing disks, use the Storage> disk list command. See “About displaying information for all disk devices” on page 109. The disk needs to be part of the pool or an error message is displayed.
protection The default value for the protection field is "disk." Available options are:
■ disk - New disks required for increasing the size of the file system must come from the same pool. ■ pool - Pools are used from any available pool.
Decreasing the size of a file system You can decrease the size of the file system. To decrease the size of the file system, it must be online. If the file system is not online, an error message is displayed, and no action is taken. To decrease the size of a file system to a specified size
◆ To decrease the size of a file system, enter the following:
Storage> fs shrinkto {primary|secondary} fs_name new_length
For example:
Storage> fs shrinkto primary fs1 10M 166 Creating and maintaining file systems Checking and repairing a file system
To decrease the size of a file system by a specified size
◆ To decrease the size of a file system, enter the following:
Storage> fs shrinkby {primary|secondary} fs_name length_change
For example:
Storage> fs shrinkby primary fs1 10M
primary|secondary Specifies the primary or secondary tier.
fs_name Specifies the file system whose size will decrease. If you specify a file system that does not exist, an error message is displayed.
new_length Specifies the size to decrease the file system to. The size specified must be a positive number, and it must be smaller than the size of the existing file system. If the new file system size is not smaller than the size of the existing file system, an error message is displayed, and no action is taken.
length_change Decreases the file system by a specified size. The size specified must be a positive number, and it must be smaller than the size of the existing file system. If the new file system size is not smaller than the size of the existing file system, an error message is displayed, and no action is taken.
Checking and repairing a file system
The Storage> fs fsck command lets you check and repair a file system.
Warning: Using the Storage> fs fsck command on an online file system can damage the data on the file system. Only use the Storage> fs fsck command on a file system that is offline. Creating and maintaining file systems 167 Changing the status of a file system
To check and repair a file system
◆ To check and repair a file system, enter the following:
Storage> fs fsck fs_name
where fs_name specifies the file system for which to check and repair. For example:
Storage> fs fsck fs1 SFS fs ERROR V-288-693 fs1 must be offline to perform fsck.
Changing the status of a file system
The Storage> fs online or Storage> fs offline command lets you mount (online) or unmount (offline) a file system. You cannot access an offline file system from a client. 168 Creating and maintaining file systems Changing the status of a file system
To change the status of a file system
◆ To change the status of a file system, enter one of the following, depending on which status you are using:
Storage> fs online fs_name Storage> fs offline fs_name
where fs_name specifies the name of the file system that you want to mount (online) or unmount (offline). If you specify a file system that does not exist, an error message is displayed. For example, to bring a file system online:
Storage> fs list FS STATUS SIZE LAYOUT MIRRORS COLUMNS USE% ======fs1 online 5.00G simple - - 10% fs2 offline 10.00M simple - - -
NFS CIFS SECONDARY SHARED SHARED TIER ======no no no no no no
Storage> fs online fs2 100% [#] Online filesystem Storage> fs list FS STATUS SIZE LAYOUT MIRRORS COLUMNS USE% ======fs1 online 5.00G simple - - 10% fs2 online 10.00M simple - - 100%
NFS CIFS SECONDARY SHARED SHARED TIER ======no no no no no no
For example, to place a file system offline:
Storage> fs offline fs1 100% [#] Offline filesystem Creating and maintaining file systems 169 Destroying a file system
Destroying a file system
The Storage> fs destroy command unmounts a file system and releases its storage back to the storage pool. You can only destroy an unshared file system. If a file system is shared by using the NFS> share add command, you must delete the share before you can destroy the file system. To destroy a file system
◆ To destroy a file system, enter the following:
Storage> fs destroy fs_name
where fs_name specifies the name of the file system that you want to destroy. For example:
Storage> fs destroy fs1 100% [#] Destroy filesystem
About snapshots A snapshot is a virtual image of the entire file system. You can create snapshots of a parent file system on demand. Physically, it contains only data that corresponds to changes made in the parent, and so consumes significantly less space than a detachable full mirror. Snapshots are used to recover from data corruption. If files, or an entire file system, are deleted or become corrupted, you can replace them from the latest uncorrupted snapshot. You can mount a snapshot and export it as if it were a complete file system. Users can then recover their own deleted or corrupted files. You can limit the space consumed by snapshots by setting a quota on them. If the total space consumed by snapshots remains above the quota, FileStore rejects attempts to create additional ones.
You can create a snapshot by either using the snapshot create command or by creating a schedule that calls the snapshot create command depending on the values entered for the number of hours or minutes after which this command should run. This method automatically creates the snapshot by storing the following values in the crontab: minutes, hour, day-of-month, month, and day-of-week. 170 Creating and maintaining file systems About snapshots
Table 7-3 Snapshot commands
Command Definition
snapshot create A storage snapshot is a copy of a set of files and directories as they were at a particular point in the past. FileStore supports file system level snapshots. FileStore limits the space a snapshot can use. Snapshots use free space in the file system from which they were taken. See “Configuring snapshots” on page 171.
snapshot list Lists all the snapshots for the specified file system. If you do not specify a file system, snapshots of all the file systems are displayed. See “Configuring snapshots” on page 171.
snapshot destroy Deletes a snapshot. See “Configuring snapshots” on page 171.
snapshot online Mounts a snapshot. See “Configuring snapshots” on page 171.
snapshot offline Unmounts a snapshot. See “Configuring snapshots” on page 171.
snapshot quota list Displays snapshot information for all the file systems. See “Configuring snapshots” on page 171.
snapshot quota on Enables the creation of snapshots on the given file system when the space used by all of the snapshots of that file system exceeds a given capacity. The space used by the snapshots is not restricted. See “Configuring snapshots” on page 171.
snapshot quota off Disables the creation of snapshots on the given file system when the space used by all of the snapshots of that file system exceeds a given capacity. The space used by the snapshots is not restricted. See “Configuring snapshots” on page 171.
snapshot restore Restore the given file system by a given snapshot. See “Configuring snapshots” on page 171. Creating and maintaining file systems 171 Configuring snapshots
Configuring snapshots To create a snapshot
◆ To create a snapshot, enter the following:
Storage> snapshot create snapshot_name fs_name [removable]
snapshot_name Specifies the name for the snapshot.
fs_name Specifies the name for the file system.
removable Valid values are:
■ yes ■ no
If the removable attribute is yes, and the file system is offline, the snapshot is removed automatically if the file system runs out of space. The default value is removable=no.
For example:
Storage> snapshot create snapshot1 fs1 100% [#] Create snapshot 172 Creating and maintaining file systems Configuring snapshots
To list snapshots
◆ To list snapshots, enter the following:
Storage> snapshot list [fs_name] [schedule_name]
fs_name Displays all of the snapshots of the specified file system. If you do not specify a file system, snapshots of all of the file systems are displayed.
schedule_name Displays the schedule name. If you do not specify a schedule name, then snapshots created under fs_name are displayed.
For example:
Storage> snapshot list Snapshot FS Status ======schedule2_26_Feb_2009_00_15_01 fs2 offline schedule2_26_Feb_2009_00_10_01 fs2 offline presnap_schedule2_25_Feb_2009_18_00_02 fs2 offline
ctime mtime Removable Preserved ======2009.Feb.26.00:15:04 2009.Feb.26.00:15:04 no No 2009.Feb.26.00:10:03 2009.Feb.26.00:10:03 no No 2009.Feb.25.18:00:04 2009.Feb.25.18:00:04 no Yes
Snapshot Displays the name of the created snapshots.
FS Displays the file systems that correspond to each created snapshots.
Status Displays whether or not the snapshot is mounted (that is, online or offline).
ctime Displays the time the snapshot was created.
mtime Displays the time the snapshot was modified.
Removable Determines if the snapshot should be automatically removes in case the underlying file system runs out of space. You entered either yes or no in the snapshot create snapshot_name fs_name [removable]
Preserved Determines if the snapshot is preserved when all of the automated snapshots are destroyed. Creating and maintaining file systems 173 Configuring snapshots
To destroy a snapshot
◆ To destroy a snapshot, enter the following:
Storage> snapshot destroy snapshot_name fs_name
snapshot_name Specifies the name of the snapshot to be destroyed.
fs_name Specifies the name of the file system to be destroyed.
For example:
Storage> snapshot destroy snapshot1 fs1 100% [#] Destroy snapshot
To mount or unmount snapshots
◆ To mount or unmount snapshots, enter one of the following commands, depending on which operation you want to perform:
Storage> snapshot online|offline snapshot_name fs_name
snapshot_name Specifies the name of the snapshot.
fs_name Specifies the name of the file system.
For example, to bring a snapshot online, enter the following:
Storage> snapshot online snapshot1 fs1 100% [#] Online snapshot
For example, to place snapshot offline, enter the following:
Storage> snapshot offline snapshot fs1 100% [#] Offline snapshot
To display snapshot quotas
◆ To display snapshot quotas, enter the following:
Storage> snapshot quota list FS Quota Capacity Limit ======fs1 on 1G fs2 off 0 fs3 off 0 174 Creating and maintaining file systems Configuring snapshots
To enable or disable a quota limit
◆ To enable or disable a quota limit, enter the following:
Storage> snapshot quota on fs_name [capacity_limit]
Storage> snapshot quota off [fs_name]
on Enables the quota limit, which disallows creation of snapshots on the given file system when the space used by all the snapshots of that file system exceeds a given capacity limit. The space used b the snapshots is not restricted.
fs_name Specifies the name of the file system.
capacity_limit You can specify a capacity limit on the number of blocks used by all the snapshots for a specified file system. Enter a number that needs to be followed by K, M, G, or T (for kilo, mega, giga, or terabyte).
off Disables the quota capacity limit for the specified file system.
For example, to enable the snapshot quota, enter the following:
Storage> snapshot quota on fs1 1024K Storage> snapshot quota list FS Quota Capacity Limit ======fs1 ON 1024K
For example, to disable the snapshot quota, enter the following:
Storage> snapshot quota off fs1 Creating and maintaining file systems 175 About snapshot schedules
To restore a snapshot
◆ To restore a snapshot, enter the following:
Storage> snapshot restore snapshot_name fs_name
snapshot_name Specifies the name of the snapshot to be destroyed.
fs_name Specifies the name of the file system to be destroyed.
For example:
Storage> snapshot restore snapshot0 fs0 SFS snapshot WARNING V-288-0 Snapshot created after snapshot0 will be deleted SFS snapshot WARNING V-288-0 Are you sure to restore file system fs0 with snapshot ssss? (yes/no) yes SFS snapshot SUCCESS V-288-0 File System fs0 restored successfully by snapshot snapshot0.
About snapshot schedules
The Storage> snapshot schedule commands let you automatically create or remove a snapshot that stores the values for minutes, hour, day-of-the-month, month, and day-of-the-week in the crontab along with the name of the file system. To distinguish the automated snapshots, a time stamp corresponding to their time of creation is appended to the schedule name. For example, if a snapshot is created using the name schedule1 on February 27, 2009 at 11:00 AM, the name becomes: schedule1_Feb_27_2009_11_00_01_IST. The crontab interprets the numeric values in a different manner when compared to the manner in which FileStore interprets the same values. For example, snapshot schedule create schedule1 fs1 30 2 * * * automatically creates a snapshot every day at 2:30 AM, and does not create snapshots every two and a half hours. If you wanted to create a snapshot every two and a half hours with at most 50 snapshots per schedule name, then run snapshot schedule create schedule1 fs1 50 */30 */2 * * *, where the value */2 implies that the schedule runs every two hours. You can also specify a step value for the other parameters, such as day-of-month or month and day-of-week, as well and can use a range along with a step value. Specifying a range in addition to the numeric_value implies the number of times the crontab skips for a given parameter. For example, to create a snapshot every two and a half hours with no 176 Creating and maintaining file systems About snapshot schedules
restrictions on the maximum number of snapshots per schedule name, run the following command:snapshot schedule create schedule1 fs1 0 0-59/30 0-23/2 * * * as crontab interprets a step value and a step and range combination in a similar manner.
Table 7-4 Snapshot schedule commands
Command Definition
snapshot schedule Creates a schedule to automatically create a snapshot of a particular create file system. See “Configuring snapshot schedules” on page 177.
snapshot schedule Modifies the snapshot schedule of a particular filesystem. modify See “Configuring snapshot schedules” on page 177.
snapshot schedule Creates a schedule to destroy all of the automated snapshots. This destroyall excludes the preserved and online snapshots. See “Configuring snapshot schedules” on page 177.
snapshot schedule Preserves a limited number of snapshots corresponding to an existing preserve schedule and specific file system name. These snapshots are not removed as part of the snapshot schedule autoremove command.
See “Configuring snapshot schedules” on page 177.
snapshot schedule Displays all schedules that have been set for automatically creating show snapshots.
See “Configuring snapshot schedules” on page 177.
snapshot schedule Deletes the schedule set for automatically creating snapshots for a delete particular file system or for a particular schedule. See “Configuring snapshot schedules” on page 177. Creating and maintaining file systems 177 Configuring snapshot schedules
Configuring snapshot schedules To create a snapshot schedule
◆ To create a snapshot schedule, enter the following:
Storage> snapshot schedule create schedule_name fs_name max_snapshot_limit minute [hour] [day_of_the_month] [month] [day_of_the_week]
For example, to create a schedule for an automated snapshot creation of a given file system every 3 hours on a daily basis, enter the following:
Storage> snapshot schedule create schedule1 fs1 * 3 * * * Storage>
When an automated snapshot is created, the entire date value is appended, including the time zone.
schedule_name Specifies the name of the schedule corresponding to the automatically created snapshot. The schedule_name cannot contain an underscore ('_') as part of its value. For example, sch_1 is not allowed.
fs_name Specifies the name of the file system. The file system name should be a string.
max_snapshot_limit Specifies the number of snapshots that can be created for a given file system and schedule name. This field only accepts numeric input. Entering 0 implies the snapshots can be created on a given file system and schedule name without any restriction. Any other value would imply that only x number of snapshots can be created for a given file system and schedule name. If the number of snapshots corresponding to the schedule name is equal to or greater than the value of this field, then snapshots that are more than an hour old are automatically destroyed until the number of snapshots is less than the maximum snapshot limit value. The range allowed for this parameter is 0-999.
minute This parameter may contain either an asterisk, (*), which implies "every minute," or a numeric value between 0-59. You can enter */(0-59), a range such as 23-43, or just the *.
hour This parameter may contain either an asterisk, (*), which implies "run every hour," or a number value between 0-23. You can enter */(0-23), a range such as 12-21, or just the *. 178 Creating and maintaining file systems Configuring snapshot schedules
day_of_the_month This parameter may contain either an asterisk, (*), which implies "run every day of the month," or a number value between 1-31. You can enter */(1-31), a range such ass 3-22, or just the *.
month This parameter may contain either an asterisk, (*), which implies "run every month," or a number value between 1-12. You can enter */(1-12), a range such as 1-5, or just the *. You can also enter the first three letters of any month (must use lowercase letters).
day_of_the_week This parameter may contain either an asterisk (*), which implies "run every day of the week," or a numeric value between 0-6. Crontab interprets 0 as Sunday. You can also enter the first three letters of the week (must use lowercase letters).
To modify a snapshot schedule
◆ To modify a snapshot schedule, enter the following:
Storage> snapshot schedule modify schedule_name fs_name max_snapshot_limit minute [hour] [day_of_the_month] [month] [day_of_the_week]
For example, to modify the existing schedule so that a snapshot is created every 2 hours on the first day of the week, enter the following:
Storage> snapshot schedule modify schedule1 fs1 *2**1 Creating and maintaining file systems 179 Configuring snapshot schedules
To remove all snapshots
◆ To automatically remove all of the snapshots created under a given schedule and file system name (excluding the preserved and online snapshots), enter the following:
Storage> snapshot schedule destroyall schedule_name fs_name
Example 1: If you try to destroy all automated snapshots when two of the automated snapshots are still mounted, FileStore returns an appropriate error, and other automated snapshots under the given schedule and file system are destroyed.
Storage> snapshot schedule destroyall schedule1 fs1 SFS snapshot ERROR V-288-1074 Cannot destroy snapshot(s) schedule1_7_Dec_2009_17_58_02_UTC schedule1_7_Dec_2009_16_58_02_UTC in online state.
Example 2: If you try to destory all automated snapshots (which are are in an offline state), the operation completes successfully.
Storage> snapshot schedule destroyall schedule2 fs1 100% [#] Destroy automated snapshots
To preserve snapshots
◆ To preserve a number of snapshots corresponding to an existing schedule and specific file system name, enter the following:
Storage> snapshot schedule preserve schedule_name fs_name snapshot_name
For example, to preserve a snapshot created according to a given schedule and file system name, enter the following:
Storage> snapshot schedule preserve schedule fs1 schedule1_Feb_27_16_42_IST 180 Creating and maintaining file systems Configuring snapshot schedules
To display a snapshot schedule
◆ To display all of the schedules for automated snapshots, enter the following:
Storage> snapshot schedule show [fs_name] [schedule_name]
fs_name Displays all of the schedules of the specified file system. If no file system is specified, schedules of all of the file systems are displayed.
schedule_name Displays the schedule name. If no schedule name is specified, then all of the schedules created under fs_name are displayed.
For example, to display all of the schedules for creating or removing snapshots to an existing file system, enter the following:
Storage> snapshot schedule show fs2 FS Schedule Name Max Snapshot Minute Hour Day Month WeekDay ======fs2 schedule2 0 0 2 * * * fs2 schedule2 10 5 * * * * fs2 schedule1 20 30 16 * * 5
To delete a snapshot schedule
◆ To delete a snapshot schedule, enter the following:
Storage> snapshot schedule delete fs_name [schedule_name]
For example:
Storage> snapshot schedule delete fs1 Chapter 8
Creating and maintaining NFS shares
This chapter includes the following topics:
■ About NFS file sharing
■ Displaying exported file systems
■ Adding an NFS share
■ Sharing file systems using CIFS and NFS protocols
■ Unexporting a file system or deleting NFS options
About NFS file sharing The Network File System (NFS) protocol enables files hosted by an NFS server to be accessed by multiple UNIX and Linux client systems. Using NFS, a local system can mount and use a disk partition or file system from a remote system (an NFS server), as if it were local. The FileStore NFS server exports a disk partition or file system, with selected permissions and options, and makes it available to NFS clients. The selected permissions and options can also be updated, to restrict or expand the permitted use. To remove sharing, unexport the NFS file system. The FileStore NFS service is clustered. The NFS clients continuously retry during a failover transition. Even if the TCP connection is broken for a short time, the failover is transparent to NFS clients, and NFS clients regain access transparently as soon as the failover is complete. 182 Creating and maintaining NFS shares Displaying exported file systems
However, depending on client configuration and the nature of the failure, a client operation may time out, resulting in an error message such as: NFS server not responding, still trying.
You use NFS commands to export or unexport your file systems. The NFS> share commands are defined in Table 8-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the NFS> mode. See “About using the FileStore command-line interface” on page 27.
Table 8-1 NFS mode commands
Command Definition
share show Display exported file systems. See “Displaying exported file systems” on page 182.
share add Export a file system. See “Adding an NFS share ” on page 183.
share delete Unexport a file system. See “Unexporting a file system or deleting NFS options” on page 190.
Displaying exported file systems You can display the exported file systems and the NFS options that are specified when the file system was exported. Creating and maintaining NFS shares 183 Adding an NFS share
To display exported file systems
◆ To display exported file systems, enter the following:
NFS> share show
For example:
NFS> share show /vx/fs2 * (sync) /vx/fs3 * (secure,ro,no_root_squash)
The command output displays two columns.
Left-hand column Displays the file system that was exported. For example:
/vx/fs2
Right-hand Displays the system that the file system is exported to, and the column NFS options with which the file system was exported. For example:
* (secure,ro,no_root_squash)
Adding an NFS share You can export an NFS share with the specified NFS options that can then be accessed by one or more client systems. The new NFS options are updated after the command is run. If you add a file system that has already been exported with a different NFS option (rw, ro, async, or secure, for example), FileStore provides a warning message saying that the file system has already been exported. FileStore updates (overwrite) the old NFS options with the new NFS options. File system options appear in parentheses. File system options are exactly the same as those given at the time of exporting the file system.
If a client was not specified when the NFS> share add command was used, then * is displayed as the system to be exported to, indicating that all clients can access the file system. 184 Creating and maintaining NFS shares Adding an NFS share
File systems that have been exported to different clients appear as different entries. File systems that are exported to
/vx/fs2 * (ro)
/vx/fs2 1.1.1.1 (rw)
When sharing a file system, FileStore does not check whether the client exists or not. If you add a share for an unknown client, then an entry appears in the NFS> show command output. If the file system does not exist, you will not be able to export to any client. FileStore gives the following error:
SFS nfs ERROR V-288-0 File system file_system_name is offline or does not exist
You cannot export a non-existent file system. The NFS> show fs command displays the list of exportable file systems. Valid NFS options include the following:
rw Grants read and write permission to the file system. Hosts mounting this file system will be able to make changes to the file system.
ro (Default) Grants read-only permission to the file system. Hosts mounting this file system will not be able to change it.
sync (Default) Grants synchronous write access to the file system. Forces the server to perform a disk write before the request is considered complete.
async Grants asynchronous write access to the file system. Allows the server to write data to the disk when appropriate.
secure (Default) Grants secure access to the file system. Requires that clients originate from a secure port. A secure port is between 1-1024.
insecure Grants insecure access to the file system. Permits client requests to originate from unprivileged ports (those above 1024). Creating and maintaining NFS shares 185 Adding an NFS share
secure_locks Requires authorization of all locking requests. (Default) insecure_locks Some NFS clients do not send credentials with lock requests, and therefore work incorrectly with secure_locks, in which case you can only lock world-readable files. If you have such clients, either replace them with better ones, or use the insecure_locks option. root_squash Prevents the root user on an NFS client from having root (Default) privileges on an NFS mount. This effectively "squashes" the power of the remote root user to the lowest local user, preventing remote root users from acting as though they were the root user on the local system. no_root_squash Disables the root_squash option. Allows root users on the NFS client to have root privileges on the NFS server. wdelay (Default) Causes the NFS server to delay writing to the disk if another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead. no_wdelay Disables the wdelay option. subtree_check Verifies that the requested file is in an exported subdirectory. If (Default) this option is turned off, the only verification is that the file is in an exported file system. no_subtree_check Sometimes subtree checking can produce problems when a requested file is renamed while the client has the file open. If many such situations are anticipated, it might be better to set no_subtree_check. One such situation might be the export of the /home file system. Most other situations are best handled with subtree_check.
For example, you could issue the following commands:
NFS> share add rw,async fs2
NFS> share add rw,sync,secure,root_squash fs3 10.10.10.10
Note: With root_squash, the root user can access the share, but with 'nobody' permissions. 186 Creating and maintaining NFS shares Adding an NFS share
To export a file system 1 To see your exportable online file systems and snapshots, enter the following:
NFS> show fs
For example:
NFS> show fs FS/Snapshot ======fs2 fs3
2 To see your NFS share options, enter the following:
NFS> share show
For example:
NFS> share show /vx/fs2 * (sync) /vx/fs3 * (secure,ro,no_root_squash)
3 To export a file system, enter the following command:
NFS> share add nfsoptions filesystem [client]
nfsoptions Comma-separated list of export options from the set.
filesystem Specifies the name of the file system you want to export.
client Clients may be specified in the following ways:
■ Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address. ■ Netgroups - netgroups may be given as @group. Only the host part of each netgroup member is considered for checking membership. If the client is not given, then the specified file system can be mounted or accessed by any client. To re-export new options to an existing share, the new options will be updated after the command is run.
Example using NFS options: Creating and maintaining NFS shares 187 Sharing file systems using CIFS and NFS protocols
NFS> share add sync fs4 Exporting *:/vx/fs4 with options sync ..Success.
Sharing file systems using CIFS and NFS protocols FileStore provides support for multi-protocol file sharing where the same file system can be exported to both Windows and UNIX users using the CIFS and NFS protocols. The result is an efficient use of storage by sharing a single data set across multi-application platforms. Figure 8-1 shows how the file system sharing for the two protocols works. 188 Creating and maintaining NFS shares Sharing file systems using CIFS and NFS protocols
Figure 8-1 Exporting and/or sharing CIFS and NFS file systems
Shared Storage
File System FS1
2-node FileStore cluster Data access by Data access by CIFS protocol NFS protocol
Windows user UNIX user
Note: When a share is exported over both NFS and CIFS protocols, the applications running on the NFS and CIFS clients may attempt to concurrently read or write the same file. This may lead to unexpected results since the locking models used by these protocols are different. For example, an application reads stale data. For this reason, FileStore warns you when the share export is requested over NFS or CIFS and the same share has already been exported over CIFS or NFS, when at least one of these exports allows write access. Creating and maintaining NFS shares 189 Sharing file systems using CIFS and NFS protocols
To export a file system to Windows and UNIX users 1 To export a file system to Windows and UNIX users with read-only and read-write permission respectively, go to CIFS mode and enter the following commands:
CIFS> show Name Value ------netbios name mycluster ntlm auth yes allow trusted domains no homedirfs quota 0 idmap backend rid:10000-20000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER CIFS> share add fs1 share1 ro Exporting CIFS filesystem : share1... CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,ro
2 Enter the NFS mode and enter the following commands:
CIFS> exit > nfs Entering share mode... NFS> share add rw fs1 SFS nfs WARNING V-288-0 Filesystem (fs1) is already shared over CIFS with 'ro' permission. Do you want to proceed (y/n): y Exporting *:/vx/fs1 with options rw ..Success. NFS> share show /vx/fs1 * (rw) NFS> 190 Creating and maintaining NFS shares Unexporting a file system or deleting NFS options
Unexporting a file system or deleting NFS options You can unexport the file system of the exported file system.
Note: You will receive an error message if you try to remove a file system that does not exist.
To unexport a file system or delete NFS options 1 To see your existing exported file systems, enter the following command:
NFS> share show
Only the file systems that are displayed can be unexported. For example:
NFS> share show /vx/fs2 * (sync) /vx/fs3 * (secure,ro,no_root_squash)
2 To delete a file system from the export path, enter the following command:
NFS> share delete filesystem [client]
For example:
NFS> share delete fs3 Removing export path *:/vx/fs3 ..Success.
filesystem Specifies the name of the file system you want to delete. Where filesystem can be a string of characters, but the following characters are not allowed: / \ ( ) < >. For example:
NFS> share delete "*:/vx/example"
You cannot include single or double quotes that do not enclose characters. You cannot use one single quote or one double quote, as in the following example:
NFS> share delete ' "filesystem Creating and maintaining NFS shares 191 Unexporting a file system or deleting NFS options
client Clients may be specified in the following ways:
■ Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address. ■ Netgroups - netgroups may be given as @group. Only the host part of each netgroup member is considered for checking membership. If client is included, the file system is removed from the export path that was directed at the client. If a file system is being exported to a specific client, the NFS> share delete command must specify the client to remove that export path. If the client is not specified, then the specified file system can be mounted or accessed by any client. 192 Creating and maintaining NFS shares Unexporting a file system or deleting NFS options Chapter 9
Using Symantec FileStore as a CIFS server
This chapter includes the following topics:
■ About configuring FileStore for CIFS
■ About configuring CIFS for standalone mode
■ Configuring CIFS server status for standalone mode
■ About configuring CIFS for NT domain mode
■ Configuring CIFS for the NT domain mode
■ About leaving an NT domain
■ Changing NT domain settings
■ Changing security settings
■ Changing security settings after the CIFS server is stopped
■ About configuring CIFS for AD domain mode
■ Configuring CIFS for the AD domain mode
■ Using multi-domain controller support in CIFS
■ About leaving an AD domain
■ Changing domain settings for AD domain mode
■ Removing the AD interface
■ About setting NTLM 194 Using Symantec FileStore as a CIFS server About configuring FileStore for CIFS
■ Setting NTLM
■ About setting trusted domains
■ Setting AD trusted domains
■ About storing account information
■ Storing user and group accounts
■ About reconfiguring the CIFS service
■ Reconfiguring the CIFS service
■ About managing CIFS shares
■ Setting share properties
■ Sharing file systems using CIFS and NFS protocols
■ About mapping user names for CIFS/NFS sharing
■ About FileStore cluster and load balancing
■ Splitting a share
■ About managing home directories
■ Setting the home directory file systems
■ Enabling quotas on home directory file systems
■ Setting up home directories and use of quotas
■ Displaying home directory usage information
■ Deleting home directories and disabling creation of home directories
■ About managing local users and groups
■ Creating a local CIFS user
■ About configuring local groups
■ Configuring a local group
About configuring FileStore for CIFS The Common Internet File System (CIFS), also known as the Server Message Block (SMB), is a network file sharing protocol that is widely used on Microsoft and other operating systems. This chapter describes the initial configuration of the Using Symantec FileStore as a CIFS server 195 About configuring FileStore for CIFS
FileStore CIFS service on three operating modes, and how to reconfigure the FileStore CIFS service when, some CIFS settings are changed. FileStore can be integrated into a network that consists of machines running the following:
■ Windows 2000 Server
■ Windows XP
■ Windows Server 2003
■ Older Windows NT
■ Windows 9.x operating systems You can control and manage the network resources by using Active Directory or NT workgroup domain controllers. Before you use FileStore with CIFS, you must have administrator-level knowledge of the Microsoft operating systems, Microsoft services, and Microsoft protocols (including Active Directory and NT services and protocols). You can find more information about them at: www.microsoft.com. To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter CIFS> mode. See “About using the FileStore command-line interface” on page 27. When serving the CIFS clients, FileStore can be configured to operate in one of the modes described in Table 9-1.
Table 9-1 CIFS modes
Mode Definition
Standalone Information about the user and group accounts is stored locally on FileStore. FileStore also authenticates users locally using the Linux password and group files. This mode of operation is provided for FileStore testing and may be appropriate in other cases, for example, when FileStore is used in a small network and is not a member of a Windows security domain. In this mode of operation, you must create the local users and groups; they can access the shared resources subject to authorization control.
NT Domain FileStore becomes a member of an NT4 security domain. The domain controller (DC) stores user and group account information, and the Microsoft NTLM or NTLMv2 protocol authenticates. 196 Using Symantec FileStore as a CIFS server About configuring CIFS for standalone mode
Table 9-1 CIFS modes (continued)
Mode Definition
Active Directory FileStore becomes a member of an AD security domain and is configured to use the services of the AD domain controller, such as DNS, LDAP, and NTP. Kerberos, NTLMv2, or NTLM authenticate users.
When FileStore operates in the NT or AD domain mode, it acts as a domain member server and not as the domain controller.
About configuring CIFS for standalone mode If you do not have an AD server or NT domain controller, you can use FileStore as a standalone server. FileStore is used in standalone mode when testing FileStore functionality and when it is not a member of a domain. Before you configure the CIFS service for the standalone mode, do the following:
■ Make sure that the CIFS server is not running.
■ Set security to user.
■ Start the CIFS server. To make sure that the configuration has changed, do the following:
■ Check the server status.
■ Display the server settings.
Table 9-2 Configure CIFS for standalone mode commands
Command Definition
server status Checks the status of the server. See “Configuring CIFS server status for standalone mode” on page 197.
server stop Stops the server if it is running. See “Configuring CIFS server status for standalone mode” on page 197.
show Checks the security setting. See “Configuring CIFS server status for standalone mode” on page 197. Using Symantec FileStore as a CIFS server 197 Configuring CIFS server status for standalone mode
Table 9-2 Configure CIFS for standalone mode commands (continued)
Command Definition
set security user Sets security to user. This is the default value. In standalone mode you do not need to set the domaincontroller, domainuser, or domain.
See “Configuring CIFS server status for standalone mode” on page 197.
server start Starts the service in standalone mode. See “Configuring CIFS server status for standalone mode” on page 197.
Configuring CIFS server status for standalone mode To check the CIFS server status 1 To check the status of the server, enter the following:
CIFS> server status
Be default, security is set to user, the required setting for standalone mode. The following example shows that security was previously set to ads. For example:
CIFS> server status CIFS Status on sfs_1 : ONLINE CIFS Status on sfs_2 : ONLINE
Security : ads Domain membership status : Disabled Domain : SYMANTECDOMAIN.COM Domain Controller : symantecdomain_ad Domain User : administrator
2 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success. 198 Using Symantec FileStore as a CIFS server Configuring CIFS server status for standalone mode
To check the security setting 1 Check the current settings before setting security, enter the following:
CIFS> show
For example:
Name Value ------netbios name mycluster ntlm auth yes allow trusted domains no homedirfs quota 0 idmap backend rid:10000-20000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER
2 To set security to user, enter the following:
CIFS> set security user Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 199 Configuring CIFS server status for standalone mode
To start the CIFS service in standalone mode 1 To start the service in standalone mode, enter the following:
CIFS: server start Starting CIFS Server.....Success.
2 To display the new settings, enter the following:
CIFS> show
For example:
Name Value ------netbios name mycluster ntlm auth yes allow trusted domains no homedirfs quota 0 idmap backend rid:10000-20000 workgroup SYMANTECDOMAIN security user Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER
3 To make sure that the server is running in standalone mode, enter the following:
CIFS> server status
For example:
CIFS> server status CIFS Status on sfs_1 : ONLINE CIFS Status on sfs_2 : ONLINE Security : user
The CIFS service is now running in standalone mode. See “About managing local users and groups” on page 244. See “About managing CIFS shares” on page 225. 200 Using Symantec FileStore as a CIFS server About configuring CIFS for NT domain mode
About configuring CIFS for NT domain mode Before you configure the CIFS service for the NT domain mode, do the following:
■ Make sure that an NT domain has already been configured.
■ Make sure that FileStore can communicate with the domain controller (DC) over the network.
■ Make sure that the CIFS server is stopped.
■ Set the domain user, domain, and domain controller.
■ Set the security to domain.
■ Start the CIFS server. To make sure that the configuration has changed, do the following:
■ Check the server status.
■ Display the server settings.
Table 9-3 Configure CIFS for NT domain mode commands
Command Definition
set domainuser Sets the name of the domain user. The credentials of the domain user will be used at the domain controller while joining the domain. Therefore the domain user should be an existing NT domain user who has permission to perform the join domain operation.
See “Configuring CIFS for the NT domain mode” on page 201.
set domain Sets the name for the NT domain that you would like FileStore to join and become a member. See “Configuring CIFS for the NT domain mode” on page 201.
set Sets the domain controller server names. You can pass a domaincontroller comma-separated list of primary and backup domain controller server names. Note: If security is set to domain, you can use both the AD server and the Windows NT 4.0 domain controller as domain controllers. However, if you use the Windows NT 4.0 domain controller, you can only use the netbios name of the domain controller to set the domaincontroller parameter.
See “Configuring CIFS for the NT domain mode” on page 201. Using Symantec FileStore as a CIFS server 201 Configuring CIFS for the NT domain mode
Table 9-3 Configure CIFS for NT domain mode commands (continued)
Command Definition
set security Before you set the security for the domain, you must set the domaincontroller, domainuser, and domain.
See “Configuring CIFS for the NT domain mode” on page 201.
server start The server joins the NT domain only when the server is started after issuing the CIFS> set security command.
See “Configuring CIFS for the NT domain mode” on page 201.
Configuring CIFS for the NT domain mode To set the domain user name for NT mode 1 To verify that the CIFS server is stopped, enter the following:
CIFS> server status
2 If the server is running, stop the server. enter the following:
CIFS> server stop
3 To set the user name, enter the following:
CIFS> set domainuser username
where username is an existing NT domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server. 202 Using Symantec FileStore as a CIFS server Configuring CIFS for the NT domain mode
To set the domain for the NT domain node
◆ To set the domain, enter the following:
CIFS> set domain domainname
where domainname is the name of the domain that FileStore will join. For example:
CIFS> set domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server.
To set the domain controller server names for the NT domain mode
◆ To set the domain controller server names, enter the following:
CIFS> set domaincontroller servernames
where servernames is a comma-separated list of primary and backup domain controller server names. The server name is the netbios name if it is a Windows NT 4.0 domain controller. For example, if the domain controller is a Windows NT 4.0 domain controller, enter the server name SYMSERVER:
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
To set security to domain for the NT domain mode
◆ To set security to domain, enter the following:
CIFS> set security security
Enter domain for security.
CIFS> set security domain Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 203 Configuring CIFS for the NT domain mode
To start the CIFS server for the NT domain mode 1 To start the CIFS server, enter the following:
CIFS> server start
You are prompted for a domainuser password by:
CIFS> server start Trying to become a member in domain SYMANTECDOMAIN.COM ... Enter password for user 'administrator':
When you enter the correct password, the following messages appear:
Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server.....Success.
2 To find the current settings for the domain name, domain controller name, and domain user name, enter the following:
CIFS> show
3 To make sure that the service is running as a member of the NT domain, enter the following:
CIFS> server status
For example:
CIFS> server status CIFS Status on sfs_1 : ONLINE CIFS Status on sfs_2 : ONLINE
Security : domain Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator
The CIFS service is now running in the NT domain mode. You can export the shares, and domain users can access the shares subject to authentication and authorization control. 204 Using Symantec FileStore as a CIFS server About leaving an NT domain
About leaving an NT domain There is no FileStore command that lets you leave an NT domain. It happens automatically when the security or domain settings change, and then starts or stops the CIFS server. Thus, FileStore provides the domain leave operation depending on existing security and domain settings and new administrative commands. However, the leave operation requires the credentials of the old domain’s user. See “Changing NT domain settings” on page 204.
Table 9-4 Change NT domain settings commands
Command Definition
set domain Sets the domain. When you change any of the domain settings and you restart the CIFS server, the CIFS server leaves the old domain. Thus, when a change is made to either one or more of the domain, domain controller, or domain user settings, and the next time the CIFS server is started, the CIFS server first attempts to leave the existing join, and then joins the NT domain with the new settings. See “Changing NT domain settings” on page 204.
set security user Sets the security user. When you change the security setting, and you start or stop the CIFS server, the CIFS server leaves the existing NT domain. For example, if you change the security setting from domain to user and you stop or restart the CIFS server, it leaves the NT domain. See “Changing security settings” on page 206. If the CIFS server is already stopped, and you change the security to a value other than domain, FileStore leaves the domain. This method of leaving the domain is provided so that if a CIFS server is already stopped, and may not be restarted soon, you have a way to leave an existing join to the NT domain. See “Changing security settings after the CIFS server is stopped” on page 206.
Changing NT domain settings Each case assumes that the FileStore cluster is part of an NT domain. Using Symantec FileStore as a CIFS server 205 Changing NT domain settings
To verify if cluster is part of NT domain
◆ To verify if your cluster is part of the NT domain, enter the following:
CIFS> server status CIFS Status on sfs_1 : ONLINE CIFS Status on sfs_2 : ONLINE
Security : domain Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator
To change domain settings 1 To stop the CIFS server, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To change the domain, enter the following:
CIFS> set domain newdomain.com Global option updated. Note: Restart the CIFS server.
where newdomain.com is the new domain name. When you start the CIFS server, the CIFS server tries to leave the existing domain. This requires the old domainuser to enter their password. After the password is supplied, and the domain leave operation succeeds, the CIFS server joins an NT domain with the new settings. 3 To start the CIFS server, enter the following:
CIFS> server start Disabling membership in existing domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Left domain SYMANTECDOMAIN.COM
Trying to become a member in domain NEWDOMAIN.COM Enter password for user 'administrator': 206 Using Symantec FileStore as a CIFS server Changing security settings
Changing security settings To change security settings
◆ To set the security to user, enter the following:
CIFS> set security user Global option updated. Note: Restart the CIFS server.
To stop the CIFS server:
CIFS> server stop Disabling membership in existing domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Stopping CIFS Server.....Success. Left domain SYMANTECDOMAIN.COM
Changing security settings after the CIFS server is stopped To change security settings for a CIFS server that has been stopped
◆ To set security to a value other than domain, enter the following:
CIFS> set security user Disabling membership in existing domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Left domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server.
If the server is stopped, then changing the security mode will disable the membership of the existing domain.
About configuring CIFS for AD domain mode This section assumes that an Active Directory domain has already been configured and that FileStore can communicate with the AD domain controller (DC) over the network. The AD domain controller is also referred to as the AD server. Before you configure the CIFS service for the AD domain mode, do the following: Using Symantec FileStore as a CIFS server 207 About configuring CIFS for AD domain mode
■ Make sure that the FileStore and AD server clocks are reasonably synchronized with each other. The most commonly allowed maximum value of clock difference would be 5 minutes, but it depends on the AD server settings. One of the ways to ensure this, is by configuring FileStore to use the NTP service running on the AD server. You can change the clock settings on the AD server by modifying Kerberos Policy, which is a part of the Domain Security Policy.
■ Make sure that FileStore is configured to use a DNS service that has entries for the AD domain controller and FileStore nodes. You can also use the DNS service running on the AD domain controller.
■ Make sure that the CIFS server is not running.
■ Set the AD domain user, AD domain, and domain controller.
■ Set security to ads.
■ Start the CIFS server.
■ Check the server status.
■ Display the server settings.
Table 9-5 Configure CIFS for AD domain mode commands
Command Definition
set domainuser Sets the name of the domain user. The domain user's credentials will be used at the domain controller while joining the domain. Therefore, the domain user should be an existing AD user who has the permission to perform the join domain operation. See “Configuring CIFS for the AD domain mode” on page 208.
set domain Sets the name of the domain for the AD domain mode that FileStore will join. See “Configuring CIFS for the AD domain mode” on page 208.
set Sets the domain controller server name. domaincontroller See “Configuring CIFS for the AD domain mode” on page 208.
set security Sets security for the domain. You must first set the domaincontroller, domainuser, and domain.
See “Configuring CIFS for the AD domain mode” on page 208. 208 Using Symantec FileStore as a CIFS server Configuring CIFS for the AD domain mode
Table 9-5 Configure CIFS for AD domain mode commands (continued)
Command Definition
server start Starts the server. The CIFS server joins the Active Directory domain only when the server is started after issuing the CIFS> set security command.
See “Configuring CIFS for the AD domain mode” on page 208.
Configuring CIFS for the AD domain mode To set the domain user for AD domain mode 1 To verify that the CIFS server is stopped, enter the following:
CIFS> server status
2 If the server is running, stop the server. enter the following:
CIFS> server stop
3 To set the domain user, enter the following:
CIFS> set domainuser username
where username is the name of an existing AD domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
To set the domain for AD domain mode
◆ To set the domain for AD domain mode, enter the following:
CIFS> set domain domainname
where domainname is the name of the domain. For example:
CIFS> set domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 209 Configuring CIFS for the AD domain mode
To set the domain controller for AD domain mode
◆ To set the domain controller, enter the following:
CIFS> set domaincontroller servername
where servername is the server's IP address or DNS name. For example, if the server SYMSERVER has an IP address of 172.16.113.118, you can specify one of the following:
CIFS> set domaincontroller 172.16.113.118 Global option updated. Note: Restart the CIFS server.
or
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
To set security to ads
◆ To set security to ads, enter the following:
CIFS> set security security
Enter ads for security.
CIFS> set security ads Global option updated. Note: Restart the CIFS server. 210 Using Symantec FileStore as a CIFS server Using multi-domain controller support in CIFS
To start the CIFS server 1 To start the CIFS server, enter the following:
CIFS> server start
The skew of the system clock with respect to Domain controller is: -17 seconds
Time on Domain controller : Thu Dec 4 05:21:47 2008 Time on this system : Thu Dec 4 05:22:04 PST 2008
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain SYMANTECDOMAIN.COM ...
Enter password for user 'administrator':
After you enter the correct password for the user administrator belonging to AD domain SYMANTECDOMAIN.COM, the following message appears:
Joined domain SFSQA.COM OK Starting CIFS Server.....Success.
2 To make sure that the service is running, enter the following:
CIFS> server status CIFS Status on sfs_1 : ONLINE CIFS Status on sfs_2 : ONLINE
Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator
The CIFS server is now running in the AD domain mode. You can export the shares, and the domain users can access the shares subject to the AD authentication and authorization control.
Using multi-domain controller support in CIFS FileStore allows you to set a comma-separated list of primary and backup domain controllers for the given domain. Using Symantec FileStore as a CIFS server 211 About leaving an AD domain
For example:
CIFS> set domaincontroller SYMSERVER1,SYMSERVER2,SYMSERVER3 Global option updated. Note: Restart the CIFS server.
You will need to stop and start the CIF server. See “Reconfiguring the CIFS service” on page 223. To display the list of domain controllers
◆ To display the list of domain controllers, enter the following:
CIFS> show
Name Value ------netbios name sfs ntlm auth yes allow trusted domains no homedirfs quota 0 idmap backend rid: 10000-20000 workgroup SYMANTEC security ads Domain SYMANTEC.COM Domain user administrator Domain Controller SYMSERVER1 SYMSERVER2 SYMSERVER3
If the primary domain controller goes down, the CIFS server tries the next domain controller in the list until it receives a response. You should always point FileStore to the trusted domain controllers to avoid any security issues. FileStore will not perform list reduction or reordering, instead it will use the list as it is. So, avoid entering the redundant name for the same domain controller.
About leaving an AD domain There is no FileStore command that lets you leave an AD domain. It happens automatically as a part of change in security or domain settings, and then starts or stops the CIFS server. Thus, FileStore provides the domain leave operation depending on existing security and domain settings and new administrative commands. However, the leave operation requires the credentials of the old domain’s user. All of the cases for a domain leave operation have been documented in Table 9-6. 212 Using Symantec FileStore as a CIFS server Changing domain settings for AD domain mode
Table 9-6 Change AD domain mode settings commands
Command Definition
set domain Sets the domain. When you change any of the domain settings and you restart the CIFS server, the CIFS server leaves the old domain. Thus, when a change is made to either one or more of domain, domain controller, or domain user settings, and the next time the CIFS server is started, the CIFS server first attempts to leave the existing join and then joins the AD domain with the new settings. See “Changing domain settings for AD domain mode” on page 212.
set security user Sets the security user. If you change the security setting from ads to user and you stop or restart the CIFS server, it leaves the AD domain. When you change the security setting, and you stop or restart the CIFS server, the CIFS server leaves the existing AD domain. For example, the CIFS server leaves the existing AD domain if the existing security is ads, and the new security is changed to user, and the CIFS server is either stopped, or started again. See “Changing domain settings for AD domain mode” on page 212. If the CIFS server is already stopped, changing the security to a value other than ads causes FileStore to leave the domain. Both the methods mentioned earlier require either stopping or starting the CIFS server. This method of leaving the domain is provided so that if a CIFS server is already stopped, and may not be restarted in near future, you should have some way of leaving an existing join to AD domain. See “Changing domain settings for AD domain mode” on page 212.
Changing domain settings for AD domain mode Each case assumes that the FileStore cluster is part of an AD domain. Using Symantec FileStore as a CIFS server 213 Changing domain settings for AD domain mode
To verify cluster is part of an AD domain
◆ To verify that you cluster is part of an AD domain, enter the following:
CIFS> server status CIFS Status on SFS_1 : ONLINE CIFS Status on SFS_2 : ONLINE
Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : symantecdomain_ad Domain User : administrator 214 Using Symantec FileStore as a CIFS server Changing domain settings for AD domain mode
To change domain settings for AD domain mode 1 To stop the CIFS server, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To change the domain, enter the following:
CIFS> set domain newdomain.com
When you start the CIFS server, it tries to leave the existing domain. This requires the old domainuser to enter its password. After the password is supplied, and the domain leave operation succeeds, the CIFS server joins an AD domain with the new settings. 3 To start the CIFS server, enter the following:
CIFS> server start Disabling membership in existing AD domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Left domain SYMANTECDOMAIN.COM
The skew of the system clock with respect to Domain controller is: -18 seconds
Time on this system: Thu Dec 4 05:21:47 2008 Time on this system : Thu Dec 4 05:22:04 PST 2008
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain NEWDOMAIN.COM...
Enter password for user 'administrator': Using Symantec FileStore as a CIFS server 215 Removing the AD interface
To change the security settings for the AD domain mode
◆ To set the security to user, enter the following:
CIFS> set security user Global option updated. Note: Restart the CIFS server.
To stop the CIFS server:
CIFS> server stop Disabling membership in existing AD domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Stopping CIFS Server.....Success. Left AD domain SYMANTECDOMAIN.COM
Changing security settings with stopped server on the AD domain mode
◆ To set security to a value other than ads, enter the following:
CIFS> set security user Disabling membership in existing AD domain SYMANTECDOMAIN.COM
Enter password for user 'administrator': Left AD domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server.
Removing the AD interface You can remove the FileStore cluster from the AD domain by using the Active Directory interface. To remove the FileStore cluster 1 Open the interface Active Directory Users and Computers. 2 In the domain hierarchy tree, click on Computers. 3 In the details pane, right-click the computer entry corresponding to FileStore (this can be identified by the FileStore cluster name) and click Delete.
About setting NTLM When you use FileStore in NT or AD domain mode, there is an optional configuration step that can be done. You can disable the use of Microsoft NTLM (NT LAN Manager) protocol for authenticating users. 216 Using Symantec FileStore as a CIFS server About setting NTLM
When FileStore CIFS service is running in the standalone mode (with security set to user) some versions of the Windows clients require NTLM authentication to be enabled. You can do this by setting CIFS> set ntlm_auth to yes. When NTLM is disabled and you use FileStore in the NT domain mode, the only protocol available for user authentication is Microsoft NTLMv2. When NTLM is disabled and you use FileStore in AD domain mode, the available authentication protocols is Kerberos and NTLMv2. The one used depends on the capabilities of both the FileStore clients, and domain controller. If no special action is taken, FileStore allows the NTLM protocol to be used. For any specific CIFS connection, all the participants, that is the client machine, FileStore and domain controller select the protocol that they all support and that provides the highest security. In the AD domain mode, Kerberos provides the highest security. In the NT domain mode, NTLMv2 provides the highest security.
Table 9-7 Set NTLM commands
Command Definition
set ntlm_auth no Disables NTLM. See “Setting NTLM” on page 217.
set ntlm_auth yes Enables NTLM. See “Setting NTLM” on page 217. Using Symantec FileStore as a CIFS server 217 Setting NTLM
Setting NTLM To disable NTLM 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To disable NTLM, enter the following:
CIFS> set ntlm_auth no
For example:
CIFS> set ntlm_auth no Global option updated. Note: Restart the CIFS server.
3 To start the CIFS service, enter the following:
CIFS> server start Starting CIFS Server.....Success.
To enable NTLM 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To enable the NTLM protocol, enter the following:
CIFS> set ntlm_auth yes
For example:
CIFS> set ntlm_auth yes Global option updated. Note: Restart the CIFS server.
3 To start the CIFS service, enter the following:
CIFS> server start Starting CIFS Server.....Success. 218 Using Symantec FileStore as a CIFS server About setting trusted domains
About setting trusted domains The Microsoft Active Directory supports the concept of trusted domains. When you authenticate users, you can configure domain controllers in one domain to trust the domain controllers in another domain. This establishes the trust relation between the two domains. When FileStore is a member in an AD domain, both FileStore and DC are involved in authenticating the clients. You can configure FileStore to support or not support trusted domains.
Table 9-8 Set trusted domains commands
Command Definition
set Enables the use of trusted domains in the AD domain mode. allow_trusted_domains Note: Depending on the value you specify for idmap_backend yes it may or it may not be possible to enable AD trusted domains.
See “Setting AD trusted domains” on page 218.
set Disables the use of trusted domains in the AD domain mode. allow_trusted_domains See “Setting AD trusted domains” on page 218. no
Setting AD trusted domains To enable AD trusted domains 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To enable trusted domains, enter the following:
CIFS> set allow_trusted_domains yes
For example:
CIFS> set allow_trusted_domains yes Global option updated. Note: Restart the CIFS server.
3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success. Using Symantec FileStore as a CIFS server 219 About storing account information
To disable trusted domains 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To disable trusted domains, enter the following:
CIFS> set allow_trusted_domains no
For example:
CIFS> set allow_trusted_domains no Global option updated. Note: Restart the CIFS server.
3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success.
About storing account information FileStore maps between the domain users and groups (their identifiers) and local representation of these users and groups. Information about these mappings can be stored locally on FileStore or remotely using the DC directory service. FileStore uses the idmap_backend configuration option to decide where this information is stored. This option can be set to one of the following:
rid Stores the user and group information locally.
ldap Stores the user and group information in the LDAP directory service.
The rid value can be used in any of the following modes of operation:
■ standalone
■ NT domain
■ AD domain
It is the default value for idmap_backend in all of these operational modes. The ldap value can be used if the AD domain mode is used. 220 Using Symantec FileStore as a CIFS server About storing account information
Table 9-9 Store account information commands
Command Definition
set idmap_backend Configures FileStore to store information about users and groups rid locally. Note: This command requires that the allow_trusted_domains variable be set to no, as the command is not compatible with trusted domains.
See “Storing user and group accounts” on page 221.
set idmap_backend Configures FileStore to store information about users and groups in ldap a remote LDAP service. You can only use this command when FileStore is operating in the AD domain mode. The LDAP service can run on the domain controller or it can be external to the domain controller. Note: For FileStore to use the LDAP service, the LDAP service must include both RFC 2307 and Samba schema extensions.
When the idmap_backend command is set to ldap you can enable or disable trusted domains. If idmap_backend is set to ldap, you must first configure the FileStore LDAP options using the Network> ldap commands.
See “About LDAP” on page 77. See “Storing user and group accounts” on page 221. Using Symantec FileStore as a CIFS server 221 Storing user and group accounts
Storing user and group accounts To set idmap_backend to rid 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To store information about user and group accounts locally, enter the following:
CIFS> set idmap_backend rid [uid_range]
where the uid_range represents the range of identifiers which are used by FileStore when mapping domain users and groups to local users and groups. The default range is 10000-20000. 3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success.
To set idmap_backend to LDAP 1 To make sure that you have first configured LDAP, enter the following:
Network> ldap
2 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
3 To use the remote LDAP store for information about the user and group accounts, enter the following:
CIFS> set idmap_backend ldap
4 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success. 222 Using Symantec FileStore as a CIFS server About reconfiguring the CIFS service
About reconfiguring the CIFS service Sometime after you have configured the CIFS service, and used it for awhile, you need to change some of the settings. For example, you may want to allow the use of trusted domains or you need to move FileStore from one security domain to another. To carry out these changes, set the new settings and then start the CIFS server. As a general rule, you should stop the CIFS service before making the changes. An example where FileStore is moved to a new security domain (while the mode of operation stays unchanged as, AD domain) is referenced in the section below. See “Reconfiguring the CIFS service” on page 223. This example deals with reconfiguring CIFS. So make sure that if any of the other AD services like DNS or NTP are being used by FileStore, that FileStore has already been configured to use these services from the AD server belonging to the new domain. Make sure that the DNS service, NTP service and, if used as an ID mapping store, also the LDAP service, are configured as required for the new domain. To reconfigure the CIFS service, do the following:
■ Make sure that the server is not running.
■ Set the domain user, domain, and domain controller.
■ Start the CIFS server.
Table 9-10 Reconfigure the CIFS service commands
Command Definition
set domainuser Changes the configuration option to reflect the values appropriate for the new domain. See “Reconfiguring the CIFS service” on page 223.
set domain Changes the configuration option to reflect the values appropriate for the new domain. See “Reconfiguring the CIFS service” on page 223.
set Changes the configuration option to reflect the values appropriate domaincontroller for the new domain. See “Reconfiguring the CIFS service” on page 223. Using Symantec FileStore as a CIFS server 223 Reconfiguring the CIFS service
Table 9-10 Reconfigure the CIFS service commands (continued)
Command Definition
server start Starts the server and causes it to leave the old domain and join the new Active Directory domain. You can only issue this command after you enter the CIFS> set security command.
See “Reconfiguring the CIFS service” on page 223.
Reconfiguring the CIFS service To set the user name for the AD 1 To verify that the CIFS server is stopped, enter the following:
CIFS> server status
2 If the server is running, stop the server, and enter the following:
CIFS> server stop
3 To set the user name for the AD, enter the following:
CIFS> set domainuser username
where username is the name of an existing AD domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
To set the AD domain
◆ To set the AD domain, enter the following:
CIFS> set domain domainname
where domainname is the name of the domain. This command also sets the system workgroup. For example:
CIFS> set domain NEWDOMAIN.COM Global option updated. Note: Restart the CIFS server. 224 Using Symantec FileStore as a CIFS server Reconfiguring the CIFS service
To set the AD server
◆ To set the AD server, enter the following:
CIFS> set domaincontroller servername
where servername is the AD server IP address or DNS name. For example, if the AD server SYMSERVER has an IP address of 172.16.113.118, you can specify on of the following:
CIFS> set domaincontroller 172.16.113.118 Global option updated. Note: Restart the CIFS server.
or
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
If you use the AD server name, you must configure FileStore to use a DNS server which can resolve this name. Using Symantec FileStore as a CIFS server 225 About managing CIFS shares
To start the CIFS server 1 To start the CIFS server, enter the following:
CIFS> server start
The skew of the system clock with respect to Domain controller is: 3 seconds
Time on Domain controller : Fri May 30 06:00:03 2008 Time on this system : Fri May 30 06:00:00 PDT 2008
If the above clock skew is greater than that allowed by the server, then the system won’t be able to join the AD domain
Enter password for user 'administrator':
Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server..
2 To make sure that the service is running, enter the following:
CIFS> server status
3 To find the current settings, enter the following:
CIFS> show
About managing CIFS shares You can export the FileStore file systems to the clients as CIFS shares. When a share is created, it is given a name. The name is different from the file system name. Clients use the share name when they import the share. You create and export a share with one command. The same command binds the share to a file system, and you can also use it to specify share properties. In addition to exporting file systems as CIFS share, you can use FileStore to store the users' home directories. Each of these home directories is called a home directory share. Shares which are used to export ordinary file systems (that is, file systems which are not used for home directories), are called ordinary shares to distinguish them from the home directory shares. 226 Using Symantec FileStore as a CIFS server Setting share properties
Table 9-11 Manage the CIFS shares commands
Command Definition
share show Displays information on one or all exported shares. The information is displayed for a specific share includes the name of the file system which is being exported and the values of the share options. See “Setting share properties” on page 226.
share add Exports a file system with the given sharename or re-export new options to an existing share. The new options are updated after this command is run. This CIFS command, which creates and exports a share, takes as input the name of the file system which is being exported, the share name, and optional attributes. You can use the same command for a share that is already exported. You can do this if it is required to modify the attributes of the exported share. A file system used for storing users home directories cannot be exported as a CIFS share, and a file system that is exported as a CIFS share cannot be used for storing users' home directories. See “Setting share properties” on page 226.
share delete Stops the associated file system from being exported. Any files and directories which may have been created in this file system remain intact; they are not deleted as a result of this operation. See “Setting share properties” on page 226.
Setting share properties To export a file system
◆ To export a file system, enter the following:
CIFS> share add filesystem sharename [cifsoptions]
filesystem An FileStore file system that you want to export as a CIFS share. The given file system must not be currently used for storing the home directory shares.
sharename The name for the newly exported share. Names of the FileStore shares are case sensitive and can consist of the following characters: lower and upper case letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-", cannot be used as the first character in a share name). Using Symantec FileStore as a CIFS server 227 Setting share properties
cifsoptions A comma-separated list of export options. This part of the command is optional. If it is not given, FileStore uses the default value. (Example: ro,rw,guest,noguest,oplocks,nooplocks,owner=ownername, group=groupname,ip=virtualip). The default values are: ro, noguest, oplocks, owner=root, group=root
For example, an existing file system called FSA being exported as a share called ABC:
CIFS> share add FSA ABC rw,guest,owner=john,group=abcdev
There is a share option which specifies if the files in the share will be read-only or if both read and write access will be possible, subject to the authentication and authorization checks when a specific access is attempted. This share option can be given one of these values: ro Grants read-only permission to the exported share. Files cannot be created or modified. This is the default value. rw Grants read and write permission to the exported share.
Another configuration option specifies if a user trying to establish a CIFS connection with the share must always provide the user name and password, or if they can connect without it. In this case, only restricted access to the share will be allowed. The same kind of access is allowed to “anonymous” or “guest” user accounts. This share option can have one of the following values: guest FileStore allows restricted access to the share when no user name or password is provided. noguest FileStore always requires the user name and password for all of the connections to this share. This is the default value.
FileStore supports the CIFS opportunistic locks. You can enable or disable them for a specific share. The opportunistic locks improve performance for some workloads, and there is a share configuration option which can be given one of the following values: oplocks FileStore supports opportunistic locks on the files in this share. This is the default value. 228 Using Symantec FileStore as a CIFS server Setting share properties
nooplocks No opportunistic locks will be used for this share. Disable the oplocks when:
■ 1) A file system is exported over both CIFS and NFS protocols. ■ 2) Either CIFS or NFS protocol has read and write access.
There are more share configuration options that can be used to specify the user and group who own the share. If you do not specify these options for a share, FileStore uses the default values for these options, which are the privileged or “root” FileStore user and group. You may want to change the default values to allow a specific user or group to be the share owner.
owner By default, the FileStore root owns the root directory of the exported share. This lets CIFS clients create folders and files in the share. However, there are some operations which require owner privileges; for example, changing the owner itself, and changing permissions of the top-level folder (that is, the root directory in UNIX terms). To enable these operations, you can set the owner option to a specific user name, and this user can perform the privileged operations.
group By default, the FileStore root is the primary group owner of the root directory of the exported share. This lets CIFS clients create folders and files in the share. However, there are some operations which require the group privileges; for example, changing the group itself, and changing permissions of the top level folder (that is, the root directory in UNIX terms). To enable these operations you can set the group option to a specific group name and this group can perform the privileged operations.
ip FileStore lets you specify a virtual IP address. This address must be part of the FileStore cluster, and is used by the system to serve the share internally.
After a file system is exported as a CIFS share, you can decide to change one or more share options. This is done using the same share add command, giving the name of an existing share and the name of the file system exported with this share. FileStore will realize the given share has already been exported and that it is only required to change the values of the share options. For example, to export the file system fs1 with name share1, enter the following:
CIFS> share add fs1 share1 "owner=administrator,group=domain users,rw" Exporting CIFS filesystem : share1 ... CIFS> share show Using Symantec FileStore as a CIFS server 229 Setting share properties
ShareName FileSystem ShareOptions share1 fs1 owner=administrator,group=domain users,rw
To display share properties 1 To display the information about all of the exported shares, enter the following:
CIFS> share show
For example:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root
2 To display the information about one specific share, enter the following:
CIFS> share show sharename
For example:
CIFS> share show share1 ShareName VIP Address share1 10.10.10.10
To delete a CIFS share 1 To delete a share, enter the following:
CIFS> share delete sharename
where sharename is the name of the share you want to delete. For example:
CIFS> share delete share1 Unexporting CIFS filesystem : share1 ..
2 To confirm the share is no longer exported, enter the following:
CIFS> share show ShareName FileSystem ShareOptions 230 Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
Sharing file systems using CIFS and NFS protocols FileStore provides support for multi-protocol file sharing, where the same file system can be exported to both Windows and UNIX users using the CIFS and NFS (Network File System) protocols. The result is an efficient use of storage by sharing a single data set across multi-application platforms. Figure 9-1 shows how file system sharing for the two protocols works.
Figure 9-1 Exporting files systems
Shared Storage
File System FS1
2-node FileStore cluster Data access by Data access by CIFS protocol NFS protocol
Windows user UNIX user
It is recommended that you disable the oplocks option when the following occurs:
■ A file system is exported over both the CIFS and NFS protocols.
■ Either the CIFS and NFS protocol is set with read and write permission. Using Symantec FileStore as a CIFS server 231 Sharing file systems using CIFS and NFS protocols
See “Setting share properties” on page 226.
Note: When a share is exported over both NFS and CIFS protocols, the applications running on the NFS and CIFS clients may attempt to concurrently read or write the same file. This may lead to unexpected results since the locking models used by these protocols are different. For example, an application reads stale data. For this reason, FileStore warns you when the share export is requested over NFS or CIFS and the same share has already been exported over CIFS or NFS, when at least one of these exports allows write access. 232 Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
To export a file system to Windows and UNIX users
1 Go to the NFS mode and enter the following commands:
NFS> share add ro fs1 Exporting *:/vx/fs1 with options ro ..Success. NFS> share show /vx/fs1 * (ro) NFS> exit
2 To export a file system to Windows and UNIX users with read-only permission, go to CIFS mode, and enter the following commands:
CIFS> show Name Value ------netbios name mycluster ntlm auth yes allow trusted domains no homedirfs quota 0 idmap backend rid:10000-20000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER CIFS> share add fs1 share1 rw SFS cifs WARNING V-288-0 Filesystem (fs1) is already shared over NFS with 'ro' permission. Do you want to proceed (y/n): y Exporting CIFS filesystem : share1 .. CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,rw
When the file system in CIFS is set to homedirfs, the FileStore software assumes that the file system is exported to CIFS users in read and write mode. FileStore does not allow you to export the same file system as an CIFS share and a home directory file system (homedirfs). For example, if the file system fs1 is already exported as a CIFS share, then you cannot set it as homedirfs. Using Symantec FileStore as a CIFS server 233 About mapping user names for CIFS/NFS sharing
To export a file system set as homedirfs
◆ To request that a file system be used for home directories, you need to export the file system. Go to the CIFS mode and enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,rw CIFS> set homedirfs fs1 SFS cifs ERROR V-288-615 Filesystem (fs1) is already exported by another CIFS share.
About mapping user names for CIFS/NFS sharing The CIFS server uses user name mapping to translate login names sent by a Windows client to local or remote UNIX user names. The CIFS server uses file lookup for mapping, and this mapping is unidirectional. You can map a CIFS user to an NFS user, but the reverse operation is not possible. This functionality can be used for the following purposes:
■ CIFS and NFS sharing by mapping CIFS users to NFS users
■ File sharing among CIFS users by mapping multiple CIFS users to a single UNIX user User name mapping is stored in a configuration file. When user name mapping takes place is dependent on the current security configurations. If security is set to user, mapping is done prior to authentication, and a password must be provided for the mapped user name. For example, if there is a mapping between the users CIFSuser1 and NFSuser1. If CIFSuser1 wants to connect to the FileStore server, then CIFSuser1 needs to provide a password for NFSuser1. In this case, NFSuser1 must be the CIFS local user.
If security is set to either ads or domain, user name mapping is done after authentication with the domain controller. This means, the actual password must be supplied for the login user CIFSuser1 in the example cited above. In this case, NFSuser1 may not be the CIFS local user. For example, to map a CIFS user to an NFS user:
CIFS> mapuser add CIFSuser1 SYMANTECDOMAIN.COM NFSuser1
For example, to show the mapping between a CIFS user and an NFS user: 234 Using Symantec FileStore as a CIFS server About FileStore cluster and load balancing
CIFS> mapuser show CIFSUserName DomainName NFSUserName CIFSuser1 SYMANTECDOMAIN NFSuser1
For example, to remove the mapping between a CIFS user and an NFS user:
CIFS> mapuser remove CIFSuser1 SYMANTECDOMAIN.COM
Note: When setting quotas on home directories and using user name mapping, make sure to set the quota on the home directory using the user name to which the original name is mapped.
About FileStore cluster and load balancing CIFS users can access an exported share on any of the FileStore nodes. All of the nodes can concurrently perform file operations. All of the file systems are mounted on every node. The exported shares are also exported from every node. However, there is a restriction: only one node at a time can perform file operations on a single share. The decision which node is currently allowed to perform the file operations for a specific share is made by the FileStore software and is transparent to the CIFS users. When a CIFS share is accessed by a node that is not the owner of that share, FileStore transparently redirects the access to the node that is the owner of that share. So all of the processing for a CIFS share is performed by the node that is designated as the owner of that share. If the FileStore work load is found to be too high on a node that owns a share, you can "split" the share by using the CIFS> split command. By splitting a share:
■ Each share's top-level directories is treated as a single share. Each top-level directory becomes like a root of a new share and only one node at a time can perform the file operations on this new share.
■ The ownership of different top-level directories is assigned to different nodes in the FileStore cluster, balancing the CIFS-related workload.
Caution: You cannot specify which node owns the split share. If the node getting the ownership already has a heavy load, the new load distribution may worsen your situation.
Use the CIFS> share show command to view which virtual IP is assigned to a share. Using Symantec FileStore as a CIFS server 235 Splitting a share
Use the Network> ip addr show command to view which node is assigned a virtual IP. This shows which node is the current owner of the exported shares.
Splitting a share
You can split an exported share with the split command. This changes the way a CIFS-related workload is allocated to the FileStore nodes.
The purpose of the split command is to have multiple nodes serving a large share. Although the command can balance the subdirectory share in a round-robin fashion, the split is not based on the actual load. Restrictions for split command include the following:
■ You cannot split a sharename more than once.
■ You cannot delete the subdirectory share of a split share.
■ You cannot undo the effects of the split command. 236 Using Symantec FileStore as a CIFS server Splitting a share
To split a share 1 To split a share, enter the following:
CIFS> split sharename [DirName]
sharename The name of the share you want to split. It distributes the top-level directories of a file system across the FileStore nodes.
DirName You must first split the share before you can enter a directory name. After you have split the share, enter CIFS> share show split share name for a list of directories.
The name of the new top-level share directory in the split share. This optional variable adds a top-level directory to a file system, whose corresponding share may or may not have been split.
For example:
CIFS> split share1 Splitting share splitshare : ...... Success.
2 To display the list of all of the CIFS shares, enter the following command. The output, the asterisk and the word split indicate that a share is split.
CIFS> share show ShareName FileSystem ShareOptions share1* fs3 split,rw share2 fs2 rw,guest share3 fs3 ro,oplocks
3 To display the details of a share name, enter the following:
CIFS> share show share1 DirName VIP Address Finan 172.16.113.116 HR 172.16.113.117 Mark 172.16.113.118 Prod 172.16.113.119 Using Symantec FileStore as a CIFS server 237 About managing home directories
4 To create a new top-level directory in a split share, enter the following command. To create a new top-level directory called newdir in an already split share called share1, enter the following:
CIFS> split share1 newdir Creating directory: newdir Success: Directory 'newdir' created
About managing home directories You can use FileStore to store the home directories of CIFS users. The home directory share name is identical to the FileStore user name. When FileStore receives a new CIFS connection request, it checks if the requested share is one of the ordinary exported shares. If it is not, FileStore checks if the requested share name is the name of an existing FileStore user (either local user or domain user, depending on the current mode of operation). If a match is found, it means that the received connection request is for a home directory share. You can access your home directory share the same way you access the file system ordinary shares. A user can connect only to his or her own home directory.
Table 9-12 Home directory commands
Command Definition
set homedirfs Specifies one or more file systems to be used for home directories.
See “Setting the home directory file systems” on page 238.
homedir quota Enables use of quotas on home directory file systems. See “Enabling quotas on home directory file systems” on page 239.
homedir set Manually creates a home directory. See “Setting up home directories and use of quotas” on page 240.
homedir setall Sets the quota for all of the users. The command also modifies the value of the global quota. See “Setting up home directories and use of quotas” on page 240.
homedir show Displays information about home directories. See “Displaying home directory usage information” on page 243. 238 Using Symantec FileStore as a CIFS server Setting the home directory file systems
Table 9-12 Home directory commands (continued)
Command Definition
homedir delete Deletes a home directory share. See “Deleting home directories and disabling creation of home directories” on page 243.
homedir deleteall Deletes the home directories. See “Deleting home directories and disabling creation of home directories” on page 243.
Setting the home directory file systems Home directory shares are stored in one or more file systems. A single home directory can exist only in one of these file systems, but a number of home directories can exist in a single home directory file system. The file systems which are to be used for home directories are specified using the CIFS> set homedirfs command. Snapshots can also be set as home directory file systems. To specify one or more file systems as the home directories 1 To reserve one or more file systems for home directories, enter the following:
CIFS> set homedirfs [filesystemlist]
where filesystemlist is a comma-separated list of names of the file systems which are used for the home directories. For example:
CIFS> set homedirfs fs1,fs2,fs3 Global option updated. Note: Restart the CIFS server.
2 If you want to remove the file systems you previously set up, enter the command again, without any file systems:
CIFS> set homedirfs
3 To find which file systems (if any) are currently used for home directories, enter the following:
CIFS> show Using Symantec FileStore as a CIFS server 239 Enabling quotas on home directory file systems
After you select one or more of the file systems to be used in this way, you cannot export the same file systems as ordinary CIFS shares. If you want to change the current selection, for example, to add an additional file system to the list of home directory file systems or to specify that no file system should be used for home directories, you have to use the same CIFS> set homedirfs command. In each case you must enter the entire new list of home directory file systems, which may be an empty list when no home directory file systems are required. FileStore treats home directories differently from ordinary shares. The differences are as follows:
■ An ordinary share is used to export a file system, while a number of home directories can be stored in a single file system.
■ The file systems used for home directories cannot be exported as ordinary shares.
■ The CIFS> split command can be used for an ordinary share but not for a home directory share.
■ Exporting a home directory share is done differently than exporting ordinary share. Also, removing these two kinds of shares is done differently.
■ The configuration options you specify for an ordinary share (such as read-only or use of opportunistic locks) are different from the ones you specify for a home directory share.
Enabling quotas on home directory file systems
You can use the CIFS> homedir quota command to enable or disable the use of quotas and check if the quotas are enabled or disabled.
Note: When quotas on home directory file systems are disabled, the CIFS> homedir show command does not show values for quotas. 240 Using Symantec FileStore as a CIFS server Setting up home directories and use of quotas
To enable use of quotas on home directory file systems
◆ To enable the use of quotas, enter the following:
homedir quota quotaoption
where quotaoption is the variable you want to enter for the command. To enable the use of quotas, enter the following:
CIFS> homedir quota on
To disable the use of quotas, enter the following:
CIFS> homedir quota off
To check the status of quotas, enter the following:
CIFS> homedir quota status
Setting up home directories and use of quotas
You can manually create a home directory with the CIFS> homedir set command, or FileStore can create it automatically when it accesses the home directory for the first time.
The homedir set command lets you specify or change a quota value for the given home directory. The other method is automatic, but does not let you specify a quota value at the time of creation.
You can specify a global quota value by using the CIFS> homedir setall quota command. Once the global quota value is specified, the value applies to the automatically created homedir. For example, if you set the global quota value to CIFS> homedir setall 100M and you then create a new homedir in Windows, then the 100M quota value is assigned to that homedir. Using Symantec FileStore as a CIFS server 241 Setting up home directories and use of quotas
To manually create a home directory 1 To manually create a home directory, enter the following:
CIFS> homedir set username [domainname] [quota]
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example:
CIFS> homedir set "test user" SYMANTECDOMAIN 100M
domainname The domain for the new home directory.
quota The storage space quota to be used for this home directory. The allowed values for quota are: 0 - Enter zero if there is no quota for this home directory. N - Enter a number greater than zero optionally followed by: k, K, m, M, g, G, t, or T (for kilo, mega, giga, or terabyte). If you do not enter a letter, the value is in bytes.
2 To find the current settings for a home directory, including the quota, enter the following:
CIFS> homedir show [username] [domainname]
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example:
CIFS> homedir show "test user" SYMANTECDOMAIN 100M UserName DomainName Filesystem Usage Quota test user SYMANTECDOMAIN /vx/fs3 0 100M
domainname The Active Directory/Windows NT domain name or specify local for the FileStore local user local. 242 Using Symantec FileStore as a CIFS server Setting up home directories and use of quotas
3 To find the current settings for all home directories, including quotas, enter the following:
CIFS> homedir show
When you connect to your home directory for the first time, and if the home directory has not already been created, FileStore selects one of the available home directory file systems and creates the home directory there. The file system is selected in a way that tries to keep the number of home directories balanced across all available home directory file systems. The automatic creation of a home directory does not require any commands, and is transparent to both the users and the FileStore administrators. The quota limits the amount of disk space you can allocate for the files in a home directory. You can set the same quota value for all home directories using the CIFS> homedir setall command. To set the quota value for all of the home directories
◆ To set the quota value which will be applied to all home directories, enter the following:
CIFS> homedir setall quota
where quota is the number you want to set.
quota 0 - Enter zero if there is no quota for this home directory.
N - Enter a number greater than zero optionally followed by: k, K, m, M, g, G, t, or T (for kilo, mega, giga, or terabyte). If you do not enter a letter, the value is in bytes.
For example:
CIFS> homedir setall 6M Setting quota for CIFS local user: usr1 Setting quota for CIFS local user: usr2 Setting quota for SFSQA domain user: administrator Setting quota for SFSQA domain user: smith Done
FileStore CIFS currently uses soft quotas for home directories. This means that the storage space quota can be exceeded, but only for a period of time. This period is seven days and it cannot be changed. After this period has expired, if the allocated space is still over the limit, any new request to allocate space for files in the same home directory fails. Using Symantec FileStore as a CIFS server 243 Displaying home directory usage information
Displaying home directory usage information
You can display information about home directories using the CIFS> homedir show command.
Note: Information about home directory quotas is up-to-date only when you enable the use of quotas for the home directory file systems.
To display information about home directories 1 To display information about a specific user's home directory, enter the following:
CIFS> homedir show [username] [domainname]
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example:
CIFS> homedir show "test user" SYMANTECDOMAIN 100M UserName DomainName Filesystem Usage Quota test user SYMANTECDOMAIN /vx/fs3 0 100M
domainname The domain where the home directory is located.
2 To display information about all home directories, enter the following:
CIFS> homedir show
Deleting home directories and disabling creation of home directories You can delete a home directory share. This also deletes the files and sub-directories in the share. After a home directory is deleted, if you try to access the same home directory again, a new home directory will automatically be created. If you have an open file when the home directory is deleted, and you try to save the file, a warning appears:
Warning: Make sure the path or filename is correct. 244 Using Symantec FileStore as a CIFS server About managing local users and groups
Save dialog?
Click on the Save button which saves the file to a new home directory. To delete a home directory share
◆ To delete the home directory of a specific user, enter the following:
CIFS> homedir delete username [domainname] Do you want to delete homedir for username(y/n):
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. Respond with y(es) or n(o) to confirm the deletion.
domainname The domain it is located in.
You can delete all of the home directory shares with the CIFS> homedir deleteall command. This also deletes all files and subdirectories in these shares. After you delete the existing home directories, you can again create the home directories manually or automatically. To delete the home directories
◆ To delete all home directories, enter the following:
CIFS> homedir deleteall Do you want to delete all home directories (y/n):
Respond with y(es) or n(o) to confirm the deletion. After you delete the home directories, you can stop FileStore serving home directories by using the CIFS> set homedirfs command. To disable creation of home directories
◆ To specify that there are no home directory file systems, enter the following:
CIFS> set homedirfs
After these steps, FileStore does not serve home directories.
About managing local users and groups When FileStore is operating in the standalone mode, only the local users and groups of users can establish CIFS connections and access the home directories and ordinary shares. The FileStore local files store the information about these user and group accounts. Local procedures authenticate and authorize these users Using Symantec FileStore as a CIFS server 245 About managing local users and groups
and groups based on the use of names and passwords. You can manage the local users and groups as described in the rest of this topic. Accounts for local users can be created, deleted, and information about them can be displayed using the CIFS> local user commands.
Table 9-13 Manage local users and groups commands
Command Definition local user add Adds a new user to CIFS. You can add the user to a local group, by entering the group name in the optional grouplist variable. Before you add the user to a grouplist, you must create the grouplist. When you create a local user, FileStore assigns a default password to the new account. The default password is the same as the user name. For example, if you enter usr1 for the user name, the default password is also usr1. See “Creating a local CIFS user” on page 246. local password The default password for a newly-created account is the same as the user name. You can change the default password using the CIFS> local password command.
The maximum password length is eight characters. See “Creating a local CIFS user” on page 246. local user delete Deletes local user accounts. See “Creating a local CIFS user” on page 246. local user show Displays the user ID and lists the groups to which the user belongs. If you do not enter an optional username, the command lists all CIFS existing users. See “Creating a local CIFS user” on page 246. local user Adds a user to one or more groups. For existing users, this command members changes a user's group membership. See “Creating a local CIFS user” on page 246. 246 Using Symantec FileStore as a CIFS server Creating a local CIFS user
Creating a local CIFS user To create the new local CIFS user
◆ To create a local CIFS user, enter the following:
CIFS> local user add username [grouplist]
where username is the name of the user. The grouplist is a comma-separated list of group names. For example:
CIFS> local user add usr1 grp1,grp2 Adding USER : usr1 Success: User usr1 created successfully
To set the local user password
◆ To set the local password, enter the following:
CIFS> local password username
where username is the name of the user whose password you are changing.
For example, to reset the local user password for usr1, enter the following:
CIFS> local password usr1 Changing password for usr1 New password:***** Re-enter new password:***** Password changed for user: 'usr1' Using Symantec FileStore as a CIFS server 247 Creating a local CIFS user
To display the local CIFS user(s) 1 To display local CIFS users, enter the following:
CIFS> local user show [username]
where username is the name of the user. For example, to list all local users:
CIFS> local user show List of Users ------usr1 usr2 usr3
2 To display one local user, enter the following:
CIFS> local user show usr1 Username : usr1 UID : 1000 Groups : grp1
To delete the local CIFS user
◆ To delete a local CIFS user, enter the following:
CIFS> local user delete username
where username is the name of the local user you want to delete. For example:
CIFS> local user delete usr1 Deleting User: usr1 Success: User usr1 deleted successfully 248 Using Symantec FileStore as a CIFS server About configuring local groups
To change a user's group membership
◆ To change a user's group membership, enter the following:
CIFS> local user members username grouplist
where username is the local user name being added to the grouplist. Group names in the grouplist must be separated by commas. For example:
CIFS> local user members usr3 grp1,grp2 Success: usr3's group modified successfully
About configuring local groups A local user can be a member of one or more local groups. This group membership is used in the standalone mode to determine if the given user can perform some file operations on an exported share. You can create, delete, and display information about local groups using the CIFS> local group command.
Table 9-14 Configure local groups commands
Command Definition
local group add Creates a local CIFS group. See “Configuring a local group” on page 249.
local group show Displays the list of available local groups you created. See “Configuring a local group” on page 249.
local group delete Deletes a local CIFS group. See “Configuring a local group” on page 249. Using Symantec FileStore as a CIFS server 249 Configuring a local group
Configuring a local group To create a local group
◆ To create a local group, enter the following:
CIFS> local group add groupname
where groupname is the name of the local group. For example:
CIFS> local group add grp1 Adding GROUP: grp1 Success: Group grp1 created successfully
To list all local groups
◆ To list all existing local groups, enter the following:
CIFS> local group show [groupname]
where groupname lists all of the users that belong to that specific group. For example:
CIFS> local group show List of groups ------grp1 grp2 grp3
For example:
CIFS> local group show grp1 GroupName UsersList ------grp1 usr1, usr2, usr3, urs4 250 Using Symantec FileStore as a CIFS server Configuring a local group
To delete the local CIFS groups
◆ To delete the local CIFS group, enter the following:
CIFS> local group delete groupname
where groupname is the name of the local CIFS group. For example:
CIFS> local group delete grp1 Deleting Group: grp1 Success: Group grp1 deleted successfully Chapter 10
Using FTP
This chapter includes the following topics:
■ About FTP
■ Displaying FTP server
■ About FTP server commands
■ Using the FTP server commands
■ About FTP set commands
■ Using the set commands
■ About FTP session commands
■ Using the FTP session commands
■ Using the logupload command
About FTP The File Transfer Protocol (FTP) server feature allows clients to access files on the FileStore servers using the FTP protocol. The FTP service provides secure/non-secure access via FTP to files in the FileStore servers. The FTP service runs on all of the nodes in the cluster and provides simultaneous read/write access to the files. The FTP service also provides configurable anonymous access to the filer. The FTP commands are used to configure the FTP server. By default, the FTP server is not running. You can start the FTP server using the FTP> server start command. The FTP server starts on the standard FTP port 21. FTP mode commands are listed in Table 10-1. 252 Using FTP Displaying FTP server
To access the commands, log into the administrative console (master, system-admin, or storage-admin) and enter FTP> mode. See “About using the FileStore command-line interface” on page 27.
Table 10-1 FTP mode commands
Command Definition
show Displays the FTP server settings. See “Displaying FTP server” on page 252.
server Starts, stops, and displays the status of the FTP server. See “About FTP server commands” on page 253.
set Configures the FTP server. See “About FTP set commands” on page 254.
session Displays and terminates the FTP sessions. See “About FTP session commands” on page 260.
logupload Uploads the FTP logs to a URL. See “Using the logupload command” on page 263.
Displaying FTP server To display the FTP settings
◆ To display the FTP settings, enter the following:
FTP> show
Parameter Current Value ------max_connections 2000 anonymous_logon no anonymous_write no allow_non_ssl yes anonymous_login_dir /vx/ passive_port_range 30000:40000 idle_timeout 15 minutes Using FTP 253 About FTP server commands
About FTP server commands
The FTP> server commands start, stop, and display the status of the FTP server.
Note: All configuration changes made using the FTP> set commands come into effect only when the FTP server is restarted.
Table 10-2 FTP server commands
Command Definition
server status Displays the status of the FTP server. See “Using the FTP server commands” on page 253.
server start Starts the FTP server on all nodes. If the FTP server is already started, the FileStore software clears any faults and tries to start the FTP server. See “Using the FTP server commands” on page 253.
server stop Stops the FTP server and terminates any existing FTP sessions. By default, the FTP server is not running. See “Using the FTP server commands” on page 253.
Using the FTP server commands To display the FTP server status
◆ To display the FTP server status, enter
FTP> server status
FTP Status on sfs_1 : OFFLINE FTP Status on sfs_2 : OFFLINE 254 Using FTP About FTP set commands
To start the FTP server
◆ To start the FTP server, enter the following:
FTP> server start FTP>
To check server status, enter the following:
FTP> server status FTP Status on sfs_1 : ONLINE FTP Status on sfs_2 : ONLINE
To stop the FTP server
◆ To stop the FTP server, enter the following:
FTP> server stop FTP>
To check the server status, enter the following:
FTP> server status
FTP Status on sfs_1 : OFFLINE FTP Status on sfs_2 : OFFLINE
About FTP set commands
The FTP> set commands let you set various configurable options for the FTP server.
Table 10-3 FTP set commands
Command Definition
set anonymous_logon Tells the FTP server whether or not to allow anonymous logons. Enter yes to allow anonymous users to log on to the FTP server. Enter no (default) to not allow anonymous logons. For the changes to take effect you will need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257. Using FTP 255 About FTP set commands
Table 10-3 FTP set commands (continued)
Command Definition set anonymous_login_dir Specifies the login directory for anonymous users. The default value of this parameter is /vx/. Valid values of this parameter start with /vx/. Make sure that the anonymous user (UID:40 GID:49 UNAME:ftp) has the appropriate permissions to read files in login_directory. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257. set anonymous_write Specifies whether or not anonymous users have the [write] value in their login_directory. Enter yes to allow anonymous users to modify contents of their login_directory. Enter no (default) to not allow anonymous users to modify the contents of their login_directory. Make sure that the anonymous user (UID:40 GID:49 UNAME:ftp) has the appropriate permissions to modify files in their login_directory. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257. set allow_non_ssl Specifies whether or not to allow non-secure (plain-text) logins into the FTP server. Enter yes (default) to allow non-secure (plain-text) logins to succeed. Enter no to allow non-secure (plain-text) logins to fail. For the changes to take effect you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257. set max_connections Specifies the maximum number of simultaneous FTP clients allowed. Valid values for this parameter range from 1-9999. The default value is 2000. It affects the entire cluster. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257. 256 Using FTP About FTP set commands
Table 10-3 FTP set commands (continued)
Command Definition
set passive_port_range Specifies the range of port numbers to listen on for passive FTP transfers. The port_range defines a range specified as startingport:endingport. A port_range of 30000:40000 specifies that port numbers starting from 30000 to 40000 can be used for passive FTP. Valid values for port numbers range from 30000 to 50000. The default value of this option is 30000:40000. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257.
set idle_timeout Specifies the amount of time in minutes after which an idle connection is disconnected. Valid values for time_in_minutes range from 1 to 600 (default value is 15 minutes). For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the set commands” on page 257. Using FTP 257 Using the set commands
Using the set commands To set anonymous logons
◆ To enable anonymous logons, enter the following:
FTP> set anonymous_logon yes|no
yes Allows anonymous users to log on to the FTP server.
no (default) Does not allow anonymous logons.
You need to stop and then start the server for the new setting to take affect. For example:
FTP> set anonymous_logon yes FTP> show
Parameter Current Value New Value ------max_connections 2000 anonymous_logon no yes anonymous_write no allow_non_ssl yes anonymous_login_dir /vx/ passive_port_range 30000:40000 idle_timeout 15 minutes
FTP> server stop FTP> server start FTP> show
Parameter Current Value ------max_connections 2000 anonymous_logon yes anonymous_write no allow_non_ssl yes anonymous_login_dir /vx/ passive_port_range 30000:40000 idle_timeout 15 minutes 258 Using FTP Using the set commands
To set anonymous logins
◆ To set anonymous logins, enter the following:
FTP> set anonymous_login_dir login_directory
where the login_directory is the login directory of the anonymous users on the FTP server. To set anonymous write access
◆ To set anonymous write access, enter the following:
FTP> set anonymous_write yes|no
yes Allows anonymous users to modify the contents of their login_directory.
no (default) Does not allow anonymous users to modify the contents of their login_directory.
For example:
FTP> set anonymous_write yes FTP>
To set non-secure logins
◆ To set non-secure login access to the FTP server, enter the following:
FTP> set allow_non_ssl yes|no
yes (default) Allows non-secure (plain-text) logins to succeed.
no Allows non-secure (plain-text) logins to fail.
For example:
FTP> set allow_non_ssl no FTP> Using FTP 259 Using the set commands
To set maximum connections
◆ To set the maximum number of allowed simultaneous FTP clients, enter the following:
FTP> set max_connections connections_number
where connections_number is the number of concurrent FTP connections allowed on the FTP server. For example:
FTP> set max_connections 3000 FTP>
To set range of port numbers
◆ To set the range of port numbers to listen on for passive FTP transfers, enter the following:
FTP> set passive_port_range port_range
where port_range is the range of port numbers to listen on for passive FTP transfers. For example:
FTP> set passive_port_range 35000:45000 FTP>
To set idle timeout
◆ To set the amount of time a connection can stay idle before disconnecting, enter the following:
FTP> set idle_timeout time_in_minutes
where time_in_minutes is the amount of time you want the connection to stay idle before disconnecting. For example:
FTP> set idle_timeout 30 FTP> 260 Using FTP About FTP session commands
To implement set command changes
1 To view all of the FTP> set command changes, enter the following:
FTP> show Parameter Current Value New Value ------max_connections 2000 3000 anonymous_logon no yes anonymous_write no yes allow_non_ssl yes no anonymous_login_dir /vx/ passive_port_range 30000:40000 35000:45000 idle_timeout 15 minutes 30 minutes
2 To implement the new changes, enter the following:
FTP> server stop FTP> server start
3 To view the new command settings, enter the following:
FTP> show Parameter Current Value ------max_connections 3000 anonymous_logon yes anonymous_write yes allow_non_ssl no anonymous_login_dir /vx/ passive_port_range 35000:45000 idle_timeout 30 minutes
About FTP session commands
The FTP> session commands allow you to view or terminate the FTP sessions that are currently active. Using FTP 261 Using the FTP session commands
Table 10-4 FTP session Commands
Command Definition
session show Displays the number of current FTP sessions to each node. See “Using the FTP session commands” on page 261.
session showdetail Displays the details of each session that matches the filter_options criteria. If no filter_options are specified, all sessions are displayed. If multiple filter options are provided then sessions matching all of the filter options are displayed. Filter options can be combined by using ','. The details displayed include: Session ID, User, Client IP, Server IP, State (UL for uploading; DL for downloading, or IDLE), and File (the name of the files that appear are either being uploaded or downloaded). If an '?' appears under User, the session is not yet authenticated. See “Using the FTP session commands” on page 261.
session terminate Terminates the session entered for the session_id variable. What you enter is the same session displayed under Session ID with the FTP> session showdetail command.
See “Using the FTP session commands” on page 261.
Using the FTP session commands To display the current FTP sessions
◆ To display the current FTP sessions, enter the following:
FTP> session show Max Sessions : 2000
Nodename Current Sessions ------sfs_1 4 sfs_2 2 262 Using FTP Using the FTP session commands
To display the FTP session details
◆ To display the details in the FTP sessions, enter the following:
FTP> session showdetail [filter_options]
where filter_options display the details of the sessions under specific headings. Filter options can be combined by using ','. If multiple filter options are used, sessions matching all of the filter options are displayed. For example, to display all of the session details, enter the following:
FTP> session showdetail Session ID User Client IP Server IP State File ------sfs_1.1111 user1 10.209.105.219 10.209.105.111 IDLE sfs_1.1112 user2 10.209.106.11 10.209.105.111 IDLE sfs_2.1113 user3 10.209.107.21 10.209.105.112 IDLE sfs_1.1117 user4 10.209.105.219 10.209.105.111 DL file123 sfs_2.1118 user1 10.209.105.219 10.209.105.111 UL file345 sfs_1.1121 user5 10.209.111.219 10.209.105.112 IDLE
For example, to display the details of the current FTP sessions to the Server IP (10.209.105.112), originating from the Client IP (10.209.107.21), enter the following:
FTP> session showdetail server_ip=10.209.105.112,client_ip=10.209.107.21 Session ID User Client IP Server IP State File ------sfs_2.1113 user3 10.209.107.21 10.209.105.112 IDLE
To terminate an FTP session
◆ To terminate one of the FTP sessions displayed in the FTP> session showdetail command, enter the following:
FTP> session terminate session_id
where session_id is the unique identifier for each FTP session displayed in the FTP> session showdetail output.
FTP> session terminate sfs_2.1113 Session sfs_2.1113 terminated Using FTP 263 Using the logupload command
Using the logupload command
The FTP> logupload command allows you to upload the FTP server logs to a specified URL. To upload the FTP server logs
◆ To upload the FTP server logs to a specified URL, enter the following:
FTP> logupload url [nodename]
url The URL where the FTP logs will be uploaded. The URL supports both FTP and SCP (secure copy protocol). If a nodename is specified, only the logs from that node are uploaded. The default name for the uploaded file is ftp_log.tar.gz.
nodename The node on which the operation occurs. Enter the value all for the operation to occur on all of the nodes in the cluster.
password Use the password you already set up on the node to which you are uploading the logs.
For example, to upload the logs from all of the nodes to an SCP-based URL:
FTP> logupload scp://user@host:/path/to/directory all Password: Collecting FTP logs, please wait..... Uploading the logs to scp://root@host:/path/to/directory, please wait...done
For example, to upload the logs from sfs_1 to an FTP-based URL:
FTP> logupload ftp://user@host:/path/to/directory sfs_1 Password: Collecting FTP logs, please wait..... Uploading the logs to ftp://root@host:/path/to/directory, please wait...done 264 Using FTP Using the logupload command Chapter 11
Configuring event notifications
This chapter includes the following topics:
■ About configuring event notifications
■ About severity levels and filters
■ About email groups
■ Configuring an email group
■ About syslog event logging
■ Configuring a syslog server
■ Displaying events
■ About SNMP notifications
■ Configuring an SNMP management server
■ Configuring events for event reporting
■ Exporting events in syslog format to a given URL
About configuring event notifications Event notifications link applications that generate messages (the "events") to applications that monitor the associated conditions and respond when triggered by the events.
This chapter discusses the FileStore report commands. The Report commands are defined in Table 11-1. 266 Configuring event notifications About severity levels and filters
To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter Report> mode. See “About using the FileStore command-line interface” on page 27.
Table 11-1 Report mode commands
Command Definition
email Configures an email group. See “Configuring an email group” on page 269.
syslog Configures a syslog server. See “Configuring a syslog server” on page 275.
showevents Displays events. See “Displaying events” on page 276.
snmp Configures an SNMP management server. See “Configuring an SNMP management server” on page 278.
event Configures events for event reporting. See “Configuring events for event reporting” on page 281.
exportevents Exports events in syslog format to a given URL. See “Exporting events in syslog format to a given URL” on page 282.
About severity levels and filters Each group can have its own severity definition. You can define the lowest level of the severity that will trigger all other severities higher than it. The following table describes the valid FileStore severity levels.
Table 11-2 Severity levels
Valid value Description
emerg Indicates that the system is unusable
alert Indicates that immediate action is required
crit Indicates a critical condition
err Indicates an error condition Configuring event notifications 267 About email groups
Table 11-2 Severity levels (continued)
Valid value Description
warning Indicates a warning condition
notice Indicates a normal but significant condition
info Indicates an informational message
debug Indicates a debugging message
Valid filters include:
■ network - if an alert is for a networking event, then selecting the "network" filter triggers that alert. If you select the "network" filter only, and an alert is for a storage-related event, the "network" alert will not be sent.
■ storage - is for storage-related events, for example, file systems, snapshots, disks, and pools
■ all
About email groups
The email commands configure the email notifications of events. These commands support the following:
■ Adding email groups.
■ Adding filters to the group.
■ Adding email addresses to the email group.
■ Adding event severity to the group.
■ Configuring an external email server for sending the event notification emails.
Table 11-3 Email group commands
Command Definition
email show Displays an existing email group or details for the email group. See “Configuring an email group” on page 269. 268 Configuring event notifications About email groups
Table 11-3 Email group commands (continued)
Command Definition
email add group Uses email groups to group multiple email addresses into one entity; the email group is used as the destination of the FileStore email notification. Email notification properties can be configured for each email group. When an email group is added initially, it has the all default filter. When a group is added initially, the default severity is info. See “Configuring an email group” on page 269.
email add Adds an email address to a group. email-address See “Configuring an email group” on page 269.
email add severity Adds a severity level to an email group. See “Configuring an email group” on page 269.
email add filter Adds a filter to a group. See “Configuring an email group” on page 269.
email del Deletes an email address. email-address See “Configuring an email group” on page 269.
email del filter Deletes a filter from a specified group. See “Configuring an email group” on page 269.
email del group Deletes an email group. See “Configuring an email group” on page 269.
email del severity Deletes a severity from a specified group. See “Configuring an email group” on page 269.
email get Displays the details of the configured email server. Obtain the following information:
■ Name of the configured email server ■ Email user's name ■ Email user's password
See “Configuring an email group” on page 269.
email set Displays details for the configured email server and the email user. See “Configuring an email group” on page 269. Configuring event notifications 269 Configuring an email group
Table 11-3 Email group commands (continued)
Command Definition
email set Deletes the configured email server by specifying the command without any options to delete the email server. See “Configuring an email group” on page 269.
Configuring an email group To display an existing email group or details for the email group
◆ To display an existing email group or details for the email group, enter the following:
Report> email show [group]
group is optional, and it specifies the group for which to display details. If the specified group does not exist, an error message is displayed. For example:
Report> email show root Group Name: root Severity of the events: info,debug Filter of the events: all,storage Email addresses in the group: adminuser@localhost OK Completed
To add an email group
◆ To add an email group, enter the following:
Report> email add group group
where group specifies the name of the added group and can only contain the following characters:
■ Alpha characters
■ Numbers
■ Hyphens
■ Underscores Entering invalid characters results in an error message. If the entered group already exists, then no error message is displayed. 270 Configuring event notifications Configuring an email group
For example:
Report> email add group alert-grp OK Completed
To add an email address to a group
◆ To add an email address to a group, enter the following:
Report> email add email-address group email-address
For example:
Report> email add email-address alert-grp symantecexample.com OK Completed
group Specifies the group to which the email address is being added. If the email group specified does not exist, then an error message is displayed.
email-address Specifies the email address to be added to the group. If the email address is not a valid email address, for example, [email protected], a message is displayed. If the email address has already been added to the specified group, a message is displayed. Configuring event notifications 271 Configuring an email group
To add a severity level to an email group
◆ To add a severity level to an email group, enter the following:
Report> email add severity group severity
For example:
Report> email add severity alert-grp alert OK Completed
group Specifies the email group for which to add the severity. If the email group specified does not exist, an error message is displayed.
severity Indicates the severity level to add to the email group. See “About severity levels and filters” on page 266. Entering an invalid severity results in an error message, prompting you to enter a valid severity. Only one severity level is allowed at one time. You can have two different groups with the same severity levels and filters. Each group can have its own severity definition. You can define the lowest level of the severity that will trigger all other severities higher than it. 272 Configuring event notifications Configuring an email group
To add a filter to a group
◆ To add a filter to a group, enter the following:
Report> email add filter group filter
group Specifies the email group for which to apply the filter. If the specified email group does not exist, an error message is displayed.
filter Specifies the filter for which to apply to the group. See “About severity levels and filters” on page 266. The default filter is all. A group can have more than one filter, but there may not be any duplicate filters for the group.
For example:
Report> email add filter root storage OK Completed
To delete an email address from a specified group
◆ To delete an email address, enter the following:
Report> email del email-address group email-address
group Specifies the group from which to delete the email address. If the entered group does not exist, an error message is displayed.
email-address Specifies the email address from which to delete from the group. If the email address entered does not exist for the group, an error message is displayed.
For example, to delete an existing email address from the email group, enter the following:
Report> email del email-address root testuser@localhost Configuring event notifications 273 Configuring an email group
To delete a filter from a specified group
◆ To delete a filter from a specified group, enter the following:
Report> email del filter group filter
group Specifies the group to remove the filter from. If the entered email group does not exist, an error message is displayed.
filter Specifies the filter to be removed from the group. See “About severity levels and filters” on page 266. The default filter is all. If the specified filter is not in the specified group, an error message is displayed.
To delete an email group
◆ To delete an email group, enter the following:
Report> email del group group
group specifies the name of the email group to be deleted. If the email group specified does not exist, an error message is displayed. To delete a severity from a specified group
◆ To delete a severity from a specified group, enter the following:
Report> email del severity group severity
group Specifies the name of the email group from which the severity is to be deleted. If the specified email group does not exist, an error message is displayed.
severity Specifies the severity to delete from the specified group. See “About severity levels and filters” on page 266. A severity cannot be deleted from a group if it does not exist for that group. If this occurs, an error message is displayed. 274 Configuring event notifications About syslog event logging
To display the details of the configured email server
◆ To display the details of the configured email server, enter the following:
Report> email get E-Mail Server: smtp.symantec.com E-Mail Username: adminuser E-mail User's Password: ******** OK Completed
To set the details of the email server
◆ To set the details of the email server, enter the following:
Report> email set [email-server] [email-user]
email-server Specifies the external email server for which you want to display the details for. For example, you would specify the following command:
Report> email set smtp.symantecexample.com
email-user Specifies the email user for which you want to display details for. For example, you would specify the following command:
For example:
Report> email set smtp.symantec.com adminuser Enter password for user 'adminuser': ********
To delete the configured email server
◆ To delete the configured email server, enter the following command without any options:
Report> email set
About syslog event logging Reporting of events by writing a message to the system log file is one of the options for administrators to report any significant occurrence in the system or in an application. In FileStore, options include specifying the syslog messages for the event reporting, selecting the types of events to report, and selecting the severity of the occurrences to report. Configuring event notifications 275 Configuring a syslog server
For the syslog messages, options can be selected to report about storage, networks, or all. See “About severity levels and filters” on page 266.
Table 11-4 Syslog commands
Commands Definition
syslog show Displays the list of syslog servers. See “Configuring a syslog server” on page 275.
syslog add Adds a syslog server See “Configuring a syslog server” on page 275.
syslog set severity Sets the severity for the syslog server. See “Configuring a syslog server” on page 275.
syslog set filter Sets the syslog server filter. See “Configuring a syslog server” on page 275.
syslog get filter Displays the values of the configured syslog server. See “Configuring a syslog server” on page 275.
syslog delete Deletes a syslog server. See “Configuring a syslog server” on page 275.
Configuring a syslog server To display the list of syslog servers
◆ To display the list of syslog servers, enter the following:
Report> syslog show
To add a syslog server
◆ To add a syslog server, enter the following:
Report> syslog add syslog-server-ipaddr
syslog-server-ipaddr specifies the hostname or the IP address of the external syslog server. 276 Configuring event notifications Displaying events
To set the severity of the syslog server
◆ To set the severity of the syslog server, enter the following:
Report> syslog set severity value
For example:
Report> syslog set severity warning
value for severity indicates the severity for the syslog server. See “About severity levels and filters” on page 266. To set the filter of the syslog server
◆ To set the filter of the syslog server, enter the following:
Report> syslog set filter value
value for filter indicates the filter for the syslog server. See “About severity levels and filters” on page 266. To display the values of the configured syslog server
◆ To display the values of the configured syslog server, enter the following:
Report> syslog get filter|severity
To delete a syslog server
◆ To delete a syslog server, enter the following:
Report> syslog delete syslog-server-ipaddr
syslog-server-ipaddr specifies the hostname or the IP address of the syslog server.
Displaying events To display events
◆ To display events, enter the following:
Report> showevents [number_of_events]
number of events specifies the number of events that you want to display. If you leave number_of_events blank, or if you enter 0, FileStore displays all of the events. Configuring event notifications 277 About SNMP notifications
About SNMP notifications Simple Network Management Protocol (SNMP) is a network protocol to simplify the management of remote network-attached devices such as servers and routers. SNMP is an open standard system management interface. Information from the Management Information Base (MIB) can also be exported. SNMP messages enable the reporting of a serious condition to a management station. The management station is then responsible for initiating further interactions with the managed node to determine the nature and extent of the problem. In FileStore, options include specifying the SNMP messages for the event reporting, selecting the types of events to report, and selecting the severity of the occurrences to report. The SNMP server must be specified during configuration. See “About severity levels and filters” on page 266.
Table 11-5 SNMP commands
Command Definition
snmp add Adds an SNMP management server. See “Configuring an SNMP management server” on page 278.
snmp show Displays the current list of SNMP management servers. See “Configuring an SNMP management server” on page 278.
snmp delete Deletes an already configured SNMP management server. See “Configuring an SNMP management server” on page 278.
snmp set severity Sets the severity for SNMP notifications. See “Configuring an SNMP management server” on page 278.
snmp set filter Sets the filter for SNMP notifications. See “Configuring an SNMP management server” on page 278.
snmp get Displays the values of the configured SNMP notifications. filter|severity See “Configuring an SNMP management server” on page 278.
snmp exportmib Uploads the SNMP Management Information Base (MIB) file to the given URL. The URLs support FTP and SCP. If the url specifies a remote directory, the default filename is sfsfs_mib.txt. See “Configuring an SNMP management server” on page 278. 278 Configuring event notifications Configuring an SNMP management server
Configuring an SNMP management server To add an SNMP management server
◆ To add an SNMP management server, enter the following:
Report> snmp add snmp-mgmtserver-ipaddr
snmp-mgmtserver-ipaddr specifies the host name or the IP address of the SNMP management server. For example, if using the IP address, enter the following:
Report> snmp add 10.10.10.10 OK Completed
For example, if using the host name, enter the following:
Report> snmp add mgmtserv1.symantec.com OK Completed
To display the current list of SNMP management servers
◆ To display the current list of SNMP management servers, enter the following:
Report> snmp show Configured SNMP management servers: 10.10.10.10,mgmtserv1.symantec.com OK Completed Configuring event notifications 279 Configuring an SNMP management server
To delete an already configured SNMP server
◆ To delete an already configured SNMP server, enter the following:
Report> snmp delete snmp-mgmtserver-ipaddr
specifies the host name or the IP address of the SNMP management server. For example:
Report> snmp delete 10.10.10.10 OK Completed
If you input an incorrect value for snmp-mgmtserver-ipaddr you will get an error message. For example:
Report> snmp delete mgmtserv22.symantec.com SFS snmp delete ERROR V-288-26 Cannot delete SNMP management server, it doesn't exist.
To set the severity for SNMP notifications
◆ To set the severity for SNMP notifications, enter the following:
Report> snmp set severity value
where value for indicates the severity level of the notification. For example:
Report> snmp set severity warning OK Completed
See “About severity levels and filters” on page 266. Notifications are sent for events having the same or higher severity. 280 Configuring event notifications Configuring an SNMP management server
To set the filter for SNMP notifications
◆ To set the filter for SNMP notifications, enter the following:
Report> snmp set filter value
For example:
Report> snmp set filter network OK Completed
value for filter indicates the filter for the notification. See “About severity levels and filters” on page 266. Notifications are sent for events matching the given filter. To display the values of the configured SNMP notifications
◆ To display the values of the configured SNMP notifications, enter the following:
Report> snmp get filter|severity
For example:
Report> snmp get severity Severity of the events: warning OK Completed Report> snmp get filter Filter for the events: network OK Completed
To export the SNMP MIB file to a given URL
◆ To export the SNMP MIB file to a given URL, enter the following:
Report> snmp exportmib url
url specifies the location the SNMP MIB file is exported to. For example:
Report> snmp exportmib scp://[email protected]:/tmp/sfsfs_mib.txt Password: ***** OK Completed
If the url specifies a remote directory, the default filename is sfsfs_mib.txt. Configuring event notifications 281 Configuring events for event reporting
Configuring events for event reporting
The event commands configure the settings for the event reporting. To set the time interval or the number of duplicate events sent for notifications
◆ To set the time interval or the number of duplicate events sent for notifications, enter the following:
Report> event set dup-frequency number
For the event set dup-frequency command, number indicates the time interval for which only one event of duplicate events is sent for notifications. For example:
Report> event set dup-frequency 120 OK Completed
For the event set dup-number command, number indicates the number of duplicate events to ignore during notifications.
Report> event set dup-number number
For example:
Report> event set dup-number 10 OK Completed 282 Configuring event notifications Exporting events in syslog format to a given URL
To display the time interval or the number of duplicate events sent for notifications
◆ To display the time interval, enter the following:
Report> event get dup-frequency
For example:
Report> event get dup-frequency Duplicate events frequency (in seconds): 120 OK Completed
To set the number of duplicate events sent for notifications, enter the following:
Report> event get dup-number
For example:
Report> event get dup-number Duplicate number of events: 10 OK Completed
Exporting events in syslog format to a given URL You can export events in syslog format to a given URL. You can export audit events in syslog format to a given URL. Supported URLs for upload include:
■ FTP
■ SCP To export events in syslog format to a given URL
◆ To export events in syslog format to a given URL, enter the following:
Report> exportevents url
url specifies the location to which the events in syslog format are exported to. For example: scp://[email protected]:/exportevents/event.1. If the URL specifies a remote directory, the default filename is sfsfs_event.log. Configuring event notifications 283 Exporting events in syslog format to a given URL
To export audit events in syslog format to a given URL
◆ To export audit events in syslog format to a given URL, enter the following:
Report> exportevents url [audit]
url specifies the location to which the audit events in syslog format are exported to. For example: scp://[email protected]:/exportauditevents/auditevent.1. If the URL specifies a remote directory, the default filename is sfsfs_audit.log. 284 Configuring event notifications Exporting events in syslog format to a given URL Chapter 12
Configuring backup
This chapter includes the following topics:
■ About backup
■ Configuring backups using NetBackup or other third-party backup applications
■ About NetBackup
■ Adding a NetBackup master server to work with FileStore
■ Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation
■ Configuring the virtual name of NetBackup
■ About Network Data Management Protocol
■ About backup configurations
■ Configuring backup
About backup
The Backup commands are defined in Table 12-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the Backup> mode. See “About using the FileStore command-line interface” on page 27. 286 Configuring backup Configuring backups using NetBackup or other third-party backup applications
Table 12-1 Backup mode commands
Command Definition
netbackup Configures the local NetBackup installation of FileStore to use an external NetBackup master server, Enterprise Media Manager (EMM) server, or media server. See “About NetBackup” on page 287.
virtual-ip Configures the NetBackup and NDMP data server installation on FileStore nodes to use ipaddr as its virtual IP address.
See “Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation” on page 290.
virtual-name Configures the NetBackup installation on FileStore nodes to use name as its hostname. See “Configuring the virtual name of NetBackup” on page 291.
ndmp Transfers data between the data server and the tape server under the control of a client. The Network Data Management Protocol (NDMP) is used for data backup and recovery. See “About Network Data Management Protocol” on page 292.
show Displays settings of the configured servers. See “About backup configurations” on page 305.
status Displays status of configured servers. See “About backup configurations” on page 305.
start Starts the configured servers. See “About backup configurations” on page 305.
stop Stops the configured servers. See “About backup configurations” on page 305.
Configuring backups using NetBackup or other third-party backup applications You can backup FileStore using the Veritas NetBackup 6.5 client capability, or other third-party backup applications that use the standard NFS mount to backup over the network. The FileStore ISO image includes the Netbackup 6.5 FileStore client code. Configuring backup 287 About NetBackup
For information about the Veritas NetBackup 6.5 client capability, refer to the Veritas NetBackup 6.5 product documentation set.
The Backup> netbackup commands configure the local NetBackup installation of FileStore to use an external NetBackup master server, Enterprise Media Manager (EMM) server, or media server. When NetBackup is installed on FileStore, it acts as a NetBackup client to perform IP-based backups of FileStore file systems.
Note: A new public IP address, not an IP address that is currently used, is required for configuring the NetBackup client. Use the Backup> virtual-ip and Backup> virtual-name commands to configure the NetBackup client.
About NetBackup FileStore includes built-in client software for Symantec’s NetBackup data protection suite. If NetBackup is the enterprise’s data protection suite of choice, file systems hosted by FileStore can be backed up to a NetBackup media server. To configure the built-in NetBackup client, you need the names and IP addresses of the NetBackup master and media servers. Backups are scheduled from those servers, using NetBackup’s administrative console. Consolidating storage reduces the administrative overhead of backing up and restoring many separate file systems. With a 256 TB maximum file system size, FileStore makes it possible to collapse file storage into fewer administrative units, thus reducing the number of backup interfaces and operations necessary. All critical file data can be backed up and restored through the NetBackup client software included with FileStore (separately licensed NetBackup master and media servers running on separate computers are required), or through any backup management software that supports NAS systems as data sources. 288 Configuring backup About NetBackup
Table 12-2 Netbackup commands
Command Definition
netbackup Provides a functioning external NetBackup master server to work with master-server FileStore. FileStore only includes the NetBackup client code on the FileStore nodes. If you want to use NetBackup to back up your FileStore file systems, you must add an external NetBackup master server. For NetBackup clients to be compliant with the NetBackup End-User License Agreement (EULA), you must have purchased and entered valid license keys on the external NetBackup master server prior to configuring NetBackup to work with FileStore. For more information on entering NetBackup license keys on the NetBackup master server, refer to the Veritas NetBackup Installation Guide, Release 6.5. See “Adding a NetBackup master server to work with FileStore ” on page 289.
netbackup Adds an external NetBackup Enterprise Media Manager (EMM) server emm-server (which can be the same as the NetBackup master server) to work with FileStore. Note: If you want to use NetBackup to backup FileStore file systems, you must add an external NetBackup EMM server.
See “Adding a NetBackup master server to work with FileStore ” on page 289.
netbackup Adds an external NetBackup media server (if the NetBackup media media-server add server is not co-located with the NetBackup master server). Note: Adding an external NetBackup media server is optional. If you do not add one, then FileStore uses the NetBackup master server as the NetBackup media server.
See “Adding a NetBackup master server to work with FileStore ” on page 289.
netbackup Deletes an already configured NetBackup media server. media-server See “Adding a NetBackup master server to work with FileStore ” delete on page 289. Configuring backup 289 Adding a NetBackup master server to work with FileStore
Adding a NetBackup master server to work with FileStore To add an external NetBackup master server
◆ To add an external NetBackup master server, enter the following:
Backup> netbackup master-server server
where server is the hostname of the NetBackup master server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup master-server nbumaster.symantecexample.com Ok Completed
To add a NetBackup EMM server
◆ To add the external NetBackup EMM server, enter the following:
Backup> netbackup emm-server server
where server is the hostname of the NetBackup EMM server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup emm-server nbumedia.symantecexample.com OK Completed
To add a NetBackup media server
◆ To add an NetBackup media server, enter the following:
Backup> netbackup media-server add server
where server is the hostname of the NetBackup media server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup media-server add nbumedia.symantecexample.com OK Completed 290 Configuring backup Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation
To delete an already configured NetBackup media server
◆ To delete an already configured NetBackup media server, enter the following:
Backup> netbackup media-server delete server
where server is the hostname of the NetBackup media server you want to delete. For example:
Backup> netbackup media-server delete nbumedia.symantecexample.com OK Completed
Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation You can configure or change the virtual IP address used by NetBackup and the NDMP data server installation on FileStore nodes. This is a highly available virtual IP address in the cluster. For information about the Veritas NetBackup 6.5 client capability, refer to the Veritas NetBackup 6.5 product documentation set.
Note: If you are using NetBackup and the NDMP data server installation on FileStore nodes, configure the virtual IP address using the Backup> virtual-ip command so that it is different from all of the virtual IP addresses, including the console server IP address and the physical IP addresses used to install FileStore. Configuring backup 291 Configuring the virtual name of NetBackup
To configure or change the virtual IP address used by NetBackup and NDMP data server installation
◆ To configure or change the virtual IP address used by NetBackup and the NDMP data server installation on FileStore nodes, enter the following:
Backup> virtual-ip ipaddr [device]
ipaddr The virtual IP address to be used with the NetBackup and the NDMP data server installation on the FileStore nodes. Make sure that ipaddr can be resolved back to the hostname that is configured by using the Backup> virtual-name command.
device The Ethernet interface for the virtual IP address.
For example:
Backup> virtual-ip 10.10.10.10 pubeth1 OK Completed
See “Configuring the virtual name of NetBackup” on page 291.
Configuring the virtual name of NetBackup To configure or change the NetBackup hostname
◆ To configure the NetBackup installation on FileStore nodes to use name as its hostname, enter the following:
Backup> virtual-name name
where name is the hostname to be used by the NetBackup installation on FileStore nodes.
Backup> virtual-name nbuclient.symantecexample.com
Make sure that name can be resolved through DNS, and its IP address can be resolved back to name through the DNS reverse lookup. Also, make sure that name resolves to an IP address configured by using the Backup> virtual-ip command. For example:
Backup> virtual-name nbuclient.symantecexample.com OK Completed
See “Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation” on page 290. 292 Configuring backup About Network Data Management Protocol
About Network Data Management Protocol The Network Data Management Protocol (NDMP) is an open protocol for transferring data between the data server and the tape server under the control of a client. NDMP is used for data backup and recovery. NDMP is based on a client-server architecture. The Data Management Application is the client and the data and tape services are the servers. The Data Management Application initiates the backup session. A single control connection from the Data Management Application to each of the data and tape services and a data connection between the tape and the data services creates a backup session.
Note: The information in this section assumes you have the correct backup infrastructure in place that will support the NDMP environment.
NDMP provides the following services:
■ Defines a mechanism and protocol for controlling backup, recovery, and other transfers of data between the data server and the tape server.
■ Separates the network attached Data Management Application, Data Servers, and Tape Servers participating in archival, recovery, or data migration operations.
■ Provides low-level control of tape devices and SCSI media changers.
Table 12-3 NDMP terminology
Terminology Definition
host The host computer system that executes the NDMP server application. Data is backed up from the NDMP host to either a local tape drive or to a backup device on a remote NDMP host.
service The virtual state machine on the NDMP host that is controlled using the NDMP protocol. This term is used independently of implementation. There are three types of NDMP services: data service, tape service, and SCSI service.
server An instance of one or more distinct NDMP services controlled by a single NDMP control connection. Thus a Data/Tape/SCSI Server is an NDMP server providing data, tape, and SCSI services.
session The configuration of one client and two NDMP services to perform a data management operation such as a backup or a recovery. Configuring backup 293 About Network Data Management Protocol
Table 12-3 NDMP terminology (continued)
Terminology Definition
client The application that controls the NDMP server. Backup and restore are initiated by the NDMP client. In NDMP version 4, the client is the Data Management Application.
Data Management An application that controls the NDMP session. In NDMP there is a Application master-slave relationship. The Data Management Application is the session master; the NDMP services are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" is used instead of the Data Management Application.
The Backup> ndmp commands configure the default policies that will be used during the NDMP backup and restore sessions. In FileStore, NDMP supports the following commands:
■ setenv commands. The set environment commands let you configure the variables that make up the NDMP backup policies for your environment.
■ getenv commands. The get environment commands display what you have set up with the setenv commands or the default values of all of the NDMP environment variables.
■ showenv command. The show environment command displays all of the NDMP policies.
■ restoredefaultenv command. The restore default environment command restores the NDMP policies back to their default values.
About NDMP supported configurations FileStore currently supports the three-way NDMP backup. The data and tape services reside on different nodes on a network. The Data Management Application has two control connections, one to each of the data and tape services. There is also a data connection between the data and the tape services. Data travels from the disk on an NDMP host to a tape device on another NDMP host. Backup data is sent over the local network. The tape drives must be in NDMP-type storage units. 294 Configuring backup About Network Data Management Protocol
Figure 12-1 Illustration of three-way NDMP FileStore backup
NFS clients NBU / TSM / EMC Control Legato with Control Flow NDMP Flow
Data Flow
NBU Media FileStore – Cluster Server with – NDMP Server NDMP
Tape Library
Primary Storage Array
The NDMP commands configure the default policies that are used during the NDMP backup or restore sessions. The Data Management Application (client) initiating the connection for NDMP backup and restore operations to the NDMP data/tape server can override these default policies by setting the same policy name as environment variable and using any suitable value of that environment variable. The FileStore NDMP server supports MD5 and text authentication. The Data Management Application that initiates the connection to the server uses master for the username and for the password for the NDMP backup session authentication. The password can be changed using the Admin> passwd command. See “Creating Master, System Administrator, and Storage Administrator users” on page 36. Configuring backup 295 About Network Data Management Protocol
About the NDMP policies
The Backup> ndmp commands configure the default policies which will be used during the NDMP backup/restore sessions. The DMA (NDMP client) initiating the connection for the NDMP backup/restore operation to the FileStore NDMP data server can override these default policies by setting the same policy name as environment variable and using any suitable value of that environment variable.
Table 12-4 NDMP set commands
Command Definition
ndmp setenv Defines how new data is recorded over old data. There are overwrite_policy three options available to configure this command: See “Configuring the NDMP policies” on page 296.
ndmp setenv failure_resilient Continues the backup and restore session even if an error condition occurs. During a backup or restore session, if a file or directory cannot be backed up or restored, setting value to yes lets the session continue with the remaining specified files and directories in the list. A log message is sent to the Data Management Application about the error. Refer to the Data Management Application documentation for the location of the NDMP logs. Some conditions, such as an I/O error, will not let the command continue the backup and restore session.
See “Configuring the NDMP policies” on page 296.
ndmp setenv restore_dst Configures the dynamic storage tiering (DST) restore policy. Note: During the restore session, the DST policy only applies to the file system, but it does not become effective until you run it through the storage tier policy commands.
See “Configuring the NDMP policies” on page 296.
ndmp setenv Configures the NDMP recursive restore policy to restore recursive_restore the contents of a directory each time you restore. See “Configuring the NDMP policies” on page 296.
ndmp setenv Contains the file system backup information for the backup update_dumpdates command. In the FileStore NDMP environment, the dumpdates file is /etc/ndmp.dumpdates.
See “Configuring the NDMP policies” on page 296. 296 Configuring backup About Network Data Management Protocol
Table 12-4 NDMP set commands (continued)
Command Definition
ndmp setenv send_history States whether or not you want the file history of the backed up data to be sent to the Data Management Application. See “Configuring the NDMP policies” on page 296.
ndmp setenv use_snapshot Lets you bring back previous versions of the files for review or to be used. A snapshot is a virtual copy of a set of files and directories taken at a particular point in time. The NDMP use snapshot policy enables the backup of a point-in-time image of a set of files and directories instead of a continuous changing set of files and directories. See “Configuring the NDMP policies” on page 296.
ndmp setenv backup_method Enables the configuration of the NDMP backup method policy. This policy enables an incremental backup. See “Configuring the NDMP policies” on page 296.
ndmp setenv Configures the masquerade as a third-party policy. masquerade_as_thirdparty See “Configuring the NDMP policies” on page 296.
Configuring the NDMP policies
Caution: No checks are made when overwriting the directory with the file or vice versa. The destination path being overwritten is removed recursively. Configuring backup 297 About Network Data Management Protocol
To configure the overwrite policy
◆ To configure the overwrite policy, enter the following:
Backup> ndmp setenv overwrite_policy value
where the variables for value are listed in the following table.
no_overwrite Checks if the file or directory to be restored already exists. If it does, the command responds with an error message. A log message is returned to the Data Management Application. Refer to the Data Management Application documentation for the location of the NDMP log messages. The file or directory is not overwritten.
rename_old Checks if the file or directory already exists. If it does, it is (default) renamed with the suffix .#ndmp_old and a new file or directory is created.
overwrite_always If the file or directory already exists, it will be overwritten. It is recommended that while doing a restore from incremental backups, the value is set to overwrite_always.
No checks are made when overwriting a directory with files. The destination path being overwritten is removed recursively.
For example:
Backup> ndmp setenv overwrite_policy rename_old Ok Completed
To configure the failure resilient policy
◆ To configure the failure resilient policy, enter the following:
Backup> ndmp setenv failure_resilient value
where the variables for value are yes or no.
yes (default) The backup and restore session continues even if an error condition is encountered. However some conditions, such as the I/O error, will cause the backup and restore session to stop.
no The backup and restore session terminates immediately when it encounters any error condition. 298 Configuring backup About Network Data Management Protocol
To configure the restore DST policy
◆ To configure the restore DST policy, enter the following:
Backup> ndmp setenv restore_dst value
where the variables for value are yes or no.
yes (default) During the backup session, if the specified directory set up for backup is a directory in the file system mount point, then the DST policy will be backed up. During the restore session, if the DST policy exists in the backup stream, the DST policy that was backed up will be applied to the restore destination path if that path is a mount point (full file system restore). The DST policy will not be restored if the secondary tier does not exist on the destination path. If the DST policy could not be restored, a log message is returned to the Data Management Application (refer to the Data Management Application documentation for the location of the NDMP logs). During the restore, the DST policy will only be applied to the file system, but it will not be effective until you run it through the Storage> tier policy commands.
no The DST policy is not applied even if all of the other conditions are met.
To configure the recursive restore policy
◆ To configure the recursive restore policy, enter the following:
Backup> ndmp setenv recursive_restore value
where the variables for value are yes or no.
yes (default) If the name list (names of the files and directories to be restored from the backup) specifies a directory, the contents of that directory will be restored recursively.
no Restores the directory, but not the contents of the directory. Configuring backup 299 About Network Data Management Protocol
To configure the update dumpdates policy
◆ To configure the update dumpdates policy, enter the following:
Backup> ndmp setenv update_dumpdates value
where the variables for value are yes or no.
yes (default) Updates the dumpdates files by the FileStore NDMP data server with the details of the current backup which includes the time at which the backup was taken, the directory that was backed up, and the level of the backup. This information can be later used for the next backup session for the incremental and differential backups.
no The dumpdates files will not be updated.
To configure the send history policy
◆ To configure the send history policy, enter the following:
Backup> ndmp setenv send_history value
where the variables for value are yes or no.
yes (default) Sends the history of the backed up data to the Data Management Application. The history includes information for every file and directory that was backed up, such as name, stat, positioning data (used for DAR restore), and inode information.
no The file history information will not be sent to the Data Management Application.
To configure the use snapshot policy
◆ To configure the use snapshot policy, enter the following:
Backup> ndmp setenv use_snapshot value
where the variables for value are yes or no.
yes (default) The backup session will first take the snapshot of the file system which is being backed up. The snapshot will also be taken if any directory of the file system is being backed up. The snapshot taken uses the same storage space as that of the main file system.
no The backup session takes the backup of only the live file system. 300 Configuring backup About Network Data Management Protocol
To configure the backup method policy
◆ To configure the backup method policy, enter the following:
Backup> ndmp setenv backup_method value
where the variables for value are fcl or mtime.
FCL (default) File Change Log. FCL can be used to directly get the list of modified files in the file system and they can then be backed up. However, since FCL is finite in size, it is possible that not all of the changes could be recorded in the FCL. In that case, use the mtime backup method.
mtime Time of last modification. By checking the mtimes of the files in the file system, the time of last backup can be stored reliably somewhere in the file system, and the time can be used to find all of the modified files since last backup. The location where the 'time of last backup' is stored is /etc/ndmp.dumpdates. The filename is mentioned when you configure the update_dumpdates command.
For example:
Backup> ndmp setenv backup_method mtime OK Completed
To configure the masquerade as a third-party policy
◆ To configure the masquerade as a third-party policy, enter the following:
Backup> ndmp setenv masquerade_as_thirdparty value
where the variables for value are yes or no.
yes The FileStore NDMP server masquerades as a third-party compatible device for certain NDMP backup applications.
no (default) The FileStore NDMP server does not masquerade as a third-party compatible device.
For example:
Backup> ndmp setenv masquerade_as_thirdparty yes OK Completed Backup> Configuring backup 301 About Network Data Management Protocol
Displaying all NDMP policies To display all of the NDMP policies
◆ To display the NDMP policies, enter the following:
Backup> ndmp showenv
For example:
Backup> ndmp showenv Overwrite policy: Rename old Failure Resilient: yes Restore DST policies: yes Recursive restore: yes Update dumpdates: yes Send history: yes Use snapshot: yes Backup method: fcl Masquerade as thirdparty: yes OK Completed
About retrieving the NDMP data
Table 12-5 NDMP get commands
Command Definition
ndmp getenv Defines how new data is recorded over old data. To retrieve overwrite_policy the settings for the policy that you set up, use the ndmp getenv overwrite_policy command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv Enables the continuation of the backup and restore session failure_resilient even if an error condition occurs because a file or directory cannot be backed up or restored. To retrieve the settings for the policy that you set up, use the ndmp getenv failure_resilient command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv restore_dst Configures the dynamic storage tiering (DST) restore policy. To retrieve the settings for the policy that you set up, use the ndmp getenv restore_dst command.
See “Retrieving the NDMP data” on page 303. 302 Configuring backup About Network Data Management Protocol
Table 12-5 NDMP get commands (continued)
Command Definition
ndmp getenv Enables the configuration of the restore session to restore recursive_restore the contents of a directory. To retrieve the settings for the policy that you set up, use the ndmp getenv recursive_restore command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv Enables the configuration of the dumpdates file. To retrieve update_dumpdates the settings for the policy that you set up, use the ndmp getenv update_dumpdates command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv send_history States whether or not you want the file history of the backed up data to be sent to the Data Management Application. To retrieve the settings for the policy that you set up, use the ndmp getenv send_history command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv use_snapshot Enables how much of the files and directories you want to copy during the back up session. To retrieve the settings for the policy that you set up, use the ndmp getenv use_snapshot command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv backup_method Enables the configuration of the method to back up the file system. To retrieve the settings for the policy that you set up, use the ndmp getenv backup_method command.
See “Retrieving the NDMP data” on page 303.
ndmp getenv Configures the NDMP server to masquerade as a third-party masquerade_as_thirdparty compatible device for certain NDMP backup applications. See “Retrieving the NDMP data” on page 303. Configuring backup 303 About Network Data Management Protocol
Retrieving the NDMP data To retrieve the overwrite backup data
◆ To retrieve the overwrite backup data, enter the following:
Backup> ndmp getenv overwrite_policy
For example:
Backup> ndmp getenv overwrite_policy Overwrite policy: Rename old OK Completed
To retrieve the failure resilient backup data
◆ To retrieve the failure resilient data, enter the following:
Backup> ndmp getenv failure_resilient
For example:
Backup> ndmp getenv failure_resilient Failure Resilient: yes OK Completed
To retrieve the restore DST data
◆ To retrieve the restore DST data, enter the following:
Backup> ndmp getenv restore_dst
For example:
Backup> ndmp getenv restore_dst Restore DST policies: no OK Completed
To retrieve the recursive restore data
◆ To retrieve the recursive restore data, enter the following:
Backup> ndmp getenv recursive_restore
For example:
Backup> ndmp getenv recursive_restore Recursive restore: yes OK Completed 304 Configuring backup About Network Data Management Protocol
To retrieve the update dumpdates data
◆ To retrieve the update dumpdates data, enter the following:
Backup> ndmp getenv update_dumpdates
For example:
Backup> ndmp getenv update_dumpdates Update dumpdates: yes OK Completed
To retrieve the send history data
◆ To retrieve the send history data, enter the following:
Backup> ndmp getenv send_history
For example:
Backup> ndmp getenv send_history Send history: no OK Completed
To retrieve the NDMP use snapshot data
◆ To retrieve the send history data, enter the following:
Backup> ndmp getenv use_snapshot
For example:
Backup> ndmp getenv use_snapshot Use snapshot: yes OK Completed
To retrieve the NDMP backup method
◆ To retrieve the configured backup method policy, enter the following:
Backup> ndmp getenv backup_method
For example:
Backup> ndmp getenv backup_method Backup Method: fcl OK Completed Configuring backup 305 About backup configurations
To retrieve the masquerade as a third-party policy
◆ To retrieve the configured masquerade as a third-party policy, enter the following:
Backup> ndmp getenv masquerade_as_thirdparty
For example:
Backup> ndmp getenv masquerade_as_thirdparty Masquerade as thirdparty: yes OK Completed Backup>
Restoring the default NDMP policies To restore the NDMP policies to default values
◆ To restore the NDMP policies to default values, enter the following:
Backup> ndmp restoredefaultenv
About backup configurations
Table 12-6 Backup configuration commands
Command Definition
show Displays the NetBackup configured settings. If the settings were configured while backup and restore services were running, then they may not be currently in use by the FileStore nodes. To display all of the configured settings, first run the backup> stop command, then run the backup> start command.
See “Configuring backup” on page 306.
status Displays if the NetBackup and the NDMP data server has started or stopped on the FileStore nodes. If the NetBackup and the NDMP data server has currently started and is running, then Backup> status displays any on-going backup or restore jobs. See “Configuring the virtual name of NetBackup” on page 291. See “Configuring backup” on page 306. 306 Configuring backup Configuring backup
Table 12-6 Backup configuration commands (continued)
Command Definition
start Starts processes that handle backup and restore. You can also change the status of a virtual IP address to online after it has been configured using the Backup> virtual-ip command. This applies to any currently active node in the cluster that handles backup and restore jobs. The Backup> start command does nothing if the backup and restore processes are already running. See “Configuring backup” on page 306.
stop Enables the processes that handle backup and restore. You can also change the status of a virtual IP address to offline after it has been configured using the Backup> virtual-ip command.
The Backup> stop command does nothing if backup jobs are running that involve FileStore file systems. See “Configuring backup” on page 306.
Configuring backup To display NetBackup configurations
◆ To display NetBackup configurations, enter the following:
Backup> show
For example:
Backup> show Virtual name: nbuclient.symantec.com Virtual IP: 10.10.10.10 NetBackup Master Server: nbumaster.symantec.com NetBackup EMM Server: nbumaster.symantec.com NetBackup Media Server(s): not configured Backup Device: pubeth1 Ok Completed Configuring backup 307 Configuring backup
To display the status of backup services
◆ To display the status of backup services, enter the following:
Backup> status
An example of the status command when no backup services are running:
Backup> status Virtual IP state : up NDMP Server state : running NetBackup Client state : running No backup/restore jobs running. OK Completed
An example of the status command when backup services are running with file systems on the FileStore nodes:
Backup> status Virtual IP state : up NDMP Server state : working NetBackup Client state : running
Following filesystems are currently busy in backup/restore jobs by NDMP: myfs1 OK Completed
An example of the status command when the backup jobs that are running involve file systems using the NetBackup client.
Backup> status Virtual IP state : up NDMP Server state : running NetBackup Client state : working
Some filesystems are busy in backup/restore jobs by NetBackup Client OK Completed 308 Configuring backup Configuring backup
To start backup services
◆ To start backup processes, enter the following:
Backup> start
For example:
Backup> start OK Completed
To stop backup services
◆ To stop backup services, enter the following:
Backup> stop
For example:
Backup> stop SFS backup ERROR V-288-0 Cannot stop, some backup jobs are running. Chapter 13
Configuring Symantec FileStore Dynamic Storage Tiering
This chapter includes the following topics:
■ About FileStore Dynamic Storage Tiering (DST)
■ How FileStore uses Dynamic Storage Tiering
■ About policies
■ About adding tiers to file systems
■ Adding tiers to a file system
■ Removing a tier from a file system
■ About configuring a mirror on the tier of a file system
■ Configuring a mirror to a tier of a file system
■ Listing all of the files on the specified tier
■ Displaying a list of DST file systems
■ Displaying the tier location of a specified file
■ About configuring the policy of each tiered file system
■ Configuring the policy of each tiered file system
■ Relocating a file or directory of a tiered file system
■ About configuring schedules for all tiered file systems 310 Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
■ Configuring schedules for all tiered file systems
■ Displaying files that will be moved and/or pruned by running a policy
About FileStore Dynamic Storage Tiering (DST) The FileStore Dynamic Storage Tiering (DST) feature makes it possible to allocate two tiers of storage to a file system. The following features are part of the FileStore Dynamic Storage Tiering Solution:
■ Relocate files between primary and secondary tiers automatically as files age and become less business critical.
■ Prune files on secondary tiers automatically as files age and are no longer needed.
■ Promote files from a secondary storage tier to a primary storage tier based on I/O temperature.
■ Retain original file access paths to eliminate operational disruption, for applications, backup procedures, and other custom scripts.
■ Allow you to manually move folders/files and other data between storage tiers.
■ Enforce policies that automatically scan the file system and relocate files that match the appropriate tiering policy. In FileStore, there are two predefined tiers for storage:
■ Current active tier 1 (primary) storage.
■ Tier 2 (secondary) storage for aged or older data. To configure FileStore DST, add tier 2 (secondary) storage to the configuration. Specify where the archival storage will reside (storage pool) and the total size. Files can be moved from the active storage after they have aged for a specified number of days, depending on the policy selected. The number of days for files to age (not accessed) before relocation can be changed at any time.
Note: An aged file is a file that exists without being accessed.
Figure 13-1 depicts the features of FileStore and how it maintains application transparency. Configuring Symantec FileStore Dynamic Storage Tiering 311 About FileStore Dynamic Storage Tiering (DST)
Figure 13-1 Dynamic Storage Tiering
/one-file-system
/sales /financial/sales /development/sales
/current /forecast /current/2007 /forecast/2008 /current/new /forecast/history
storage
Primary Tier Secondary Tier
mirrored
RAID5
If you are familiar with Veritas Volume Manager (VxVM), every FileStore file system is a multi-volume file system (one file system resides on two volumes). The DST tiers are predefined to simplify the interface. When an administrator wants to add storage tiering, a second volume is added to the volume set, and the existing file system is encapsulated around all of the volumes in the file system. This chapter discusses the FileStore storage commands. You use these commands to configure tiers on your file systems. The Storage commands are defined in Table 13-1. You log into the administrative console (for master, system-admin, or storage-admin) and enter Storage> mode to access the commands. 312 Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
See “About using the FileStore command-line interface” on page 27.
Table 13-1 Storage mode commands
Command Definition
tier add Adds different types of storage tier to the file system. See “About adding tiers to file systems” on page 314.
tier remove Removes a tier from a file system. See “Removing a tier from a file system” on page 316.
tier addmirror Adds a mirror to a tier of a file system. See “About configuring a mirror on the tier of a file system” on page 317.
tier rmmirror Removes a mirror from a tier of a file system. See “About configuring a mirror on the tier of a file system” on page 317.
tier listfiles Lists all of the files on the specified tier. See “Listing all of the files on the specified tier” on page 319.
tier mapfile Displays the tier location of a specified file. See “Displaying the tier location of a specified file” on page 320.
tier policy Configures the policy of each tiered file system.
See “About configuring the policy of each tiered file system” on page 320.
tier relocate Relocates a file or directory. See “Relocating a file or directory of a tiered file system” on page 326.
tier schedule Creates schedules for all tiered file systems. See “About configuring schedules for all tiered file systems” on page 326.
tier query Displays a list of files that will be moved and/or pruned by running a policy. See “Displaying files that will be moved and/or pruned by running a policy” on page 328. Configuring Symantec FileStore Dynamic Storage Tiering 313 How FileStore uses Dynamic Storage Tiering
How FileStore uses Dynamic Storage Tiering FileStore provides two types of tiers:
■ Primary tier
■ Secondary Tier Each newly created file system has only one primary tier initially. This tier cannot be removed. For example, the following operations are applied to the primary tier:
Storage> fs addmirror
Storage> fs growto
Storage> fs shrinkto
The Storage> tier commands manage file system DST tiers.
All Storage> tier commands take a file system name as an argument and perform operations on the combined construct of that file system. The FileStore file system default is to have a single storage tier. An additional storage tier can be added to enable storage tiering. A file system can only support a maximum of two storage tiers. Storage> tier commands can be used to perform the following:
■ Adding/removing/modifying the secondary tier
■ Setting policies
■ Scheduling policies
■ Locating tier locations of files
■ Listing files that are located on the primary or secondary tier
■ Moving files from the secondary tier to the primary tier
About policies Each tier can be assigned a policy. The policies include:
■ Specify on which tier (primary or secondary) the new files get created.
■ Relocate files from the primary tier to the secondary tier based on any number of days of inactivity of a file. 314 Configuring Symantec FileStore Dynamic Storage Tiering About adding tiers to file systems
■ Relocate files from the secondary tier to the primary tier based on the Access Temperature of the file.
■ Prune files on the secondary tier based on any number of days of inactivity of a file.
About adding tiers to file systems You can add different types of tiers to file systems.
Table 13-2 Tier add commands
Command Definition
tier add simple Adds a second tier to a file system. The storage type of the second tier is independent of the protection level of the first tier. See “Adding tiers to a file system” on page 314.
tier add mirrored Adds a mirrored second tier to a file system. See “Adding tiers to a file system” on page 314.
tier add striped Adds a striped second tier to a file system. See “Adding tiers to a file system” on page 314.
tier add Adds a mirrored-striped second tier to a file system. mirrored-stripe See “Adding tiers to a file system” on page 314.
tier add Adds a striped-mirror second tier to a file system. striped-mirror See “Adding tiers to a file system” on page 314.
Adding tiers to a file system To add a second tier to a file system
◆ To add a tier to a file system where the volume layout is "simple" (concatenated), enter the following:
Storage> tier add simple fs_name size pool1[,disk1,...] Configuring Symantec FileStore Dynamic Storage Tiering 315 Adding tiers to a file system
To add a mirrored tier to a file system
◆ To add a mirrored tier to a file system, enter the following:
Storage> tier add mirrored fs_name size nmirrors pool1[,disk1,...] [protection=disk|pool]
For example:
Storage> tier add mirrored fs1 100M 2 pool3,pool4 100% [#] Creating mirrored secondary tier of filesystem
To add a striped tier to a file system
◆ To add a striped tier to a file system, enter the following:
Storage> tier add striped fs_name size ncolumns pool1[,disk1,...] [stripeunit=kilobytes]
To add a mirrored-striped tier to a file system
◆ To add a mirrored-striped tier to a file system, enter the following:
Storage> tier add mirrored-stripe fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes]
To add a striped-mirror tier to a file system
◆ To add a striped-mirror tier to a file system, enter the following:
Storage> tier add striped-mirror fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes]
fs_name Specifies the name of the file system to which the mirrored tier will be added. If the specified file system does not exist, an error message is displayed.
size Specifies the size of the tier to be added to the file system, for example, 10m, 10M, 25g, 100G.
ncolumns Specifies the numbers of columns to add to the striped tiered file system.
nmirrors Specifies the number of mirrors to be added to the tier for the specified file system. 316 Configuring Symantec FileStore Dynamic Storage Tiering Removing a tier from a file system
pool1[,disk1,...] Specifies the pool(s) or disk(s) that will be used for the specified tiered file system. If the specified pool or disk does not exist, an error message is displayed. You can specify more than one pool or disk by separating the pool or disk name with a comma, but do not include a space between the comma and the name. The disk needs to be part of the pool or an error message is displayed.
protection If no protection level is specified, disk is the default protection level. The protection level of the second tier is independent of the protection level of the first tier. Available options are:
■ disk - If disk is entered for the protection field, then mirrors will be created on separate disks. The disks may or may not be in the same pool. ■ pool - If pool is entered for the protection field, then mirrors will be created in separate pools. If not enough space is available, then the file system will not be created.
stripeunit=kilobytes Specifies a stripe width of either 128K, 256k, 512K, 1M, or 2M. The default stripe width is 512K.
Removing a tier from a file system
The Storage> tier remove command removes a tier from the file system and releases the storage used by the file system back to the storage pool. This command requires that the file system be online, and that no data resides on the secondary tier. If the storage tier to be removed contains any data residing on it, then the tier cannot be removed from the file system. To remove a tier from a file system
◆ To remove a tier from a file system, enter the following:
Storage> tier remove fs_name
where fs_name specifies the name of the tiered file system that you want to remove. For example:
Storage> tier remove fs1 Configuring Symantec FileStore Dynamic Storage Tiering 317 About configuring a mirror on the tier of a file system
About configuring a mirror on the tier of a file system These commands add or remove mirrors to the tier of the file system.
Table 13-3 Tier mirror commands
Command Definition
tier addmirror Adds a mirror to a tier of a file system. See “Configuring a mirror to a tier of a file system” on page 317.
tier rmmirror Removes a mirror from a tier of a file system. Note: For a striped-mirror file system, if any of the disks are bad, this command disables the mirrors from the tiered file system for which the disks have failed. If no disks have failed, FileStore chooses a mirror to remove from the tiered file system.
See “Configuring a mirror to a tier of a file system” on page 317.
Configuring a mirror to a tier of a file system To add a mirror to a tier of a file system
◆ To add a mirror to a tier of a file system, enter the following:
Storage> tier addmirror fs_name pool1[,disk1,...] [protection=disk|pool]
fs_name Specifies the file system to which the a mirror will be added. If the specified file system does not exist, an error message is displayed.
pool1[,disk1,...] Specifies the pool(s) or disk(s) that will be used as a mirror for the specified tiered file system. You can specify more than one pool or disk by separating the name with a comma. But do not include a space between the comma and the name. The disk needs to be part of the pool or an error message is displayed. 318 Configuring Symantec FileStore Dynamic Storage Tiering Configuring a mirror to a tier of a file system
protection If no protection level is specified, disk is the default protection level. Available options are:
■ disk - If disk is entered for the protection field, then mirrors will be created on separate disks. The disks may or may not be in the same pool. ■ pool - If pool is entered for the protection field, then mirrors will be created in separate pools. If not enough space is available, then the file system will not be created.
For example:
Storage> tier addmirror fs1 pool5 100% [#] Adding mirror to secondary tier of filesystem
To remove a mirror from a tier of a file system
◆ To remove a mirror from a tier of a file system, enter the following:
Storage> tier rmmirror fs_name
where fs_name specifies the name of the tiered file system from which you want to remove a mirror. For example:
Storage> tier rmmirror fs1
This command provides another level of detail for the remove mirror operation. You can use the command to specify which mirror you want to remove by specifying the pool name or disk name. The disk must be part of a specified pool. Configuring Symantec FileStore Dynamic Storage Tiering 319 Listing all of the files on the specified tier
To remove a mirror from a tier spanning a specified pool or disk
◆ To remove a mirror from a tier that spans a specified pool or disk, enter the following:
Storage> tier rmmirror fs_name [pool_or_disk_name]
fs_name Specifies the name of the file system from which to remove a mirror. If the specified file system does not exist, an error message is displayed.
pool_or disk_name Specifies the pool or disk from which the mirror of the tiered file system spans.
The syntax for the Storage> tier rmmirror command is the same for both pool and disk. If you try to remove a mirror using Storage> fs rmmirror fs1 abc, FileStore first checks for the pool with the name abc, then FileStore removes the mirror spanning on that pool. If there is no pool with the name abc, then FileStore removes the mirror that is on the abc disk. If there is no disk with the name abc, then an error message is displayed.
Listing all of the files on the specified tier You can list all of the files that reside on either the primary tier or the secondary tier.
Note: If the tier contains a large number of files, it may take some time before the output of this command is displayed.
To list all of the files on the specified tier
◆ To list all of the files on the specified tier, enter the following:
Storage> tier listfiles fs_name {primary|secondary}
where fs_name indicates the name of the tiered file system from which you want to list the files. You can specify to list files from either the primary or secondary tier. For example:
Storage> tier listfiles fs1 secondary 320 Configuring Symantec FileStore Dynamic Storage Tiering Displaying a list of DST file systems
Displaying a list of DST file systems
You can display a list of DST file systems using the Storage> fs list command. See “Listing all file systems and associated information” on page 156.
Displaying the tier location of a specified file To display the tier location of a specified file
◆ To display the tier location of a specified file, enter the following:
Storage> tier mapfile fs_name file_path
fs_name Specifies the name of the file system for which the specified file on the tiered file system resides. If the specified file system does not exist, an error message is displayed.
file_path Specifies the tier location of the specified file. The path of the file is relative to the file system.
For example, to show the location of a.txt, which is in the root directory of the fs1 file system, enter the following:
tier mapfile fs1 /a.txt Tier Extent Type File Offset Extent Size ======Primary Data 0 Bytes 1.00 KB
About configuring the policy of each tiered file system You can configure the policy of each tiered file system.
Table 13-4 Tier policy commands
Command Definition
tier policy list Displays the policy for each tiered file system. You can have one policy for each tiered file system. See “Configuring the policy of each tiered file system” on page 322. Configuring Symantec FileStore Dynamic Storage Tiering 321 About configuring the policy of each tiered file system
Table 13-4 Tier policy commands (continued)
Command Definition tier policy modify Modifies the policy of a tiered file system. The new files are created on the primary tier. If a file has not been accessed for more than seven days, the files are moved from the primary tier to the secondary tier. If the access temperature of the files in the secondary tier is more than five, these files are moved from the secondary tier to the primary tier. The access temperature is calculated over a 3-day period. See “Configuring the policy of each tiered file system” on page 322. tier policy prune Specifies the prune policy of a tiered file system. Once files have aged on the secondary tier, the prune policy can be set up to delete those aged files automatically. There are three sub-commands under this command:
■ tier policy prune list ■ tier policy prune modify ■ tier policy prune remove
See “Configuring the policy of each tiered file system” on page 322. tier policy run Runs the policy of a tiered file system. See “Configuring the policy of each tiered file system” on page 322. tier policy remove Removes the policy of a tiered file system. See “Configuring the policy of each tiered file system” on page 322. 322 Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
Configuring the policy of each tiered file system To display the policy of each tiered file system
◆ To display the policy of each tiered file system, enter the following:
Storage> tier policy list
For example:
Storage> tier policy list FS Create on Days MinAccess Temp PERIOD ======fs1 primary 2 3 4
Each tier can be assigned a policy. A policy assigned to a file system has three parts:
file creation Specifies on which tier the new files are created.
inactive files Indicates when a file has to be moved from the primary tier to the secondary tier. For example, if the days option of the tier is set to 10, and if a file has not been accessed for more than 10 days, then it is moved from the primary tier of the file system to the secondary tier.
access Measures the number of I/O requests to the file during the period temperature designated by the period. In other words, it is the number of read or write requests made to a file over a specified number of 24-hour periods divided by the number of periods. If the access temperature of a file exceeds minacctemp (where the access temperature is calculated over a period of time previously specified) then this file is moved from the secondary tier to the primary tier. Configuring Symantec FileStore Dynamic Storage Tiering 323 Configuring the policy of each tiered file system
To modify the policy of a tiered file system
◆ To modify the policy of a tiered file system, enter the following:
Storage> tier policy modify fs_name {primary|secondary} days minacctemp period
fs_name The name of the tiered file system from which you want to modify a policy.
tier Causes new files to be created on the primary or secondary tier. You need to input either primary or secondary.
days Number of days from which the inactive files move from the primary to the secondary tier.
minacctemp The minimum access temperature value for moving files from the secondary to the primary tier.
period The number of past days used for calculating the access temperature.
For example:
Storage> tier policy modify fs1 primary 6 5 3 SFS fs SUCCESS V-288-0 Successfully modifies tiering policy for File system fs1
To display the prune policy of a tiered file system
◆ To display the prune policy of a tiered file system, enter the following:
Storage> tier policy prune list
For example:
Storage> tier policy prune list FS Delete After ======fs1 200 fs2 disabled
The default prune policy status of a tiered file system is disabled. The delete_after indicates the number of days after which the files can be deleted. 324 Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
To modify the prune policy of a tiered file system
◆ To modify the prune policy of a tiered file system, enter the following:
Storage> tier policy prune modify fs_name delete_after
fs_name Name of the tiered file system from which you want to modify the prune policy.
delete_after Number of days from which the inactive files will be deleted.
For example:
Storage> tier policy prune modify fs0 180 You have set the Prune policy to file system , system will automatically delete the inactive files on secondary tier. Do you want to continue with setting the Tier Prune policy? (y/n) Y SFS fs SUCCESS V-288-0 Successfully modified the Prune policy for File system fs0
To remove the prune policy of a tiered file system
◆ To remove the prune policy of a tiered file system, enter the following:
Storage> tier policy prune remove fs_name
where fs_name is the name of the tiered file system from which you want to remove the prune policy. For example:
Storage> tier policy prune remove fs1 SFS fs SUCCESS V-288-0 Successfully removed the Prune policy for File system fs1 Configuring Symantec FileStore Dynamic Storage Tiering 325 Configuring the policy of each tiered file system
To run the policy of a tiered file system
◆ To run the policy of a tiered file system, enter the following:
Storage> tier policy run fs_name
where fs_name indicates the name of the tiered file system for which you want to run a policy. For example:
Storage> tier policy fs1 SFS fs SUCCESS V-288-0 Successfully ran tiering policy for File system fs1
To remove the policy of a tiered file system
◆ To remove the policy of a tiered file system, enter the following:
Storage> tier policy remove fs_name
where fs_name indicates the name of the tiered file system from which you want to remove a policy. For example:
Storage> tier policy remove fs1 SFS fs SUCCESS V-288-0 Successfully removed tiering policy for File system fs1
You can run the policy of a tiered file system, which would be similar to scheduling a job to run your policies, except in this case running the policy is initiated manually. The Storage> tier policy run command moves the older files from the primary tier to the secondary tier, and/or prunes the inactive files on the secondary tier, according to the policy setting. 326 Configuring Symantec FileStore Dynamic Storage Tiering Relocating a file or directory of a tiered file system
Relocating a file or directory of a tiered file system To relocate a file or directory
◆ To relocate a file or directory, enter the following:
Storage> tier relocate fs_name dirPath
fs_name The name of the tiered file system from which you want to relocate a file or directory. The relocation of the file or directory is done from the secondary tier to the primary tier.
dirPath Enter the relative path of the directory (dirPath) you want to relocate. Or enter the relative path of the file (FilePath) that you want to relocate.
About configuring schedules for all tiered file systems
The tier schedule commands display, modify, and remove the tiered file systems.
Table 13-5 Tier schedule commands
Command Definition
tier schedule Modifies the schedule of a tiered file system. modify See “Configuring schedules for all tiered file systems” on page 327.
tier schedule list Displays the schedules for all tiered file systems. You can have one schedule for each tiered file system. You cannot create a schedule for a non-existent or a non-tiered file system. See “Configuring schedules for all tiered file systems” on page 327.
tier schedule Removes the schedule of a tiered file system. remove See “Configuring schedules for all tiered file systems” on page 327. Configuring Symantec FileStore Dynamic Storage Tiering 327 Configuring schedules for all tiered file systems
Configuring schedules for all tiered file systems To modify the schedule of a tiered file system
◆ To modify the schedule of a tiered file system, enter the following:
Storage> tier schedule modify fs_name minute hour day_of_the_month month day_of_the_week
For example, enter the following:
Storage> tier schedule modify fs1 1 1 1 * * * SFS fs SUCCESS V-288-0 Command 'tier schedule modify' executed successfully for fs1
fs_name Specifies the file system where the schedule of the tiered file system resides. If the specified file system does not exist, an error message is displayed.
minute This parameter may contain either an asterisk, (*), which implies "every minute," or a numeric value between 0-59. You can enter */(0-59), a range such as 23-43, or just the *.
hour This parameter may contain either an asterisk, (*), which implies "run every hour," or a number value between 0-23. You can enter */(0-23), a range such as 12-21, or just the *.
day_of_the_month This parameter may contain either an asterisk, (*), which implies "run every day of the month," or a number value between 1-31. You can enter */(1-31), a range such ass 3-22, or just the *.
month This parameter may contain either an asterisk, (*), which implies "run every month," or a number value between 1-12. You can enter */(1-12), a range such as 1-5, or just the *. You can also enter the first three letters of any month (must use lowercase letters).
day_of_the_week This parameter may contain either an asterisk (*), which implies "run every day of the week," or a numeric value between 0-6. Crontab interprets 0 as Sunday. You can also enter the first three letters of the week (must use lowercase letters). 328 Configuring Symantec FileStore Dynamic Storage Tiering Displaying files that will be moved and/or pruned by running a policy
To display schedules for all tiered file systems
◆ To display schedules for all tiered file systems, enter the following:
Storage> tier schedule list [fs_name]
where fs_name indicates the name of the tiered file system for which you want to run a policy. For example:
Storage> tier schedule list FS Minute Hour Day Month WeekDay ======fs1 1 1 1 * *
To remove the schedule of a tiered file system
◆ To remove the schedule of a tiered file system, enter the following:
Storage> tier schedule remove fs_name
where fs_name is the name of the tiered file system from which you want to remove a schedule. For example:
Storage> tier schedule remove fs1 SFS fs SUCCESS V-288-0 Command tier schedule remove executed successfully for fs1
Displaying files that will be moved and/or pruned by running a policy You can display the list of files that will be moved and/or pruned by running a policy. This is very useful as a "what if" type of analysis. The command does not physically move any file blocks. Configuring Symantec FileStore Dynamic Storage Tiering 329 Displaying files that will be moved and/or pruned by running a policy
To display a list of files that will be moved and/or pruned by running a policy
◆ To display a list of files that will be moved and/or pruned by running a policy, enter the following:
Storage> tier query fs_name
where fs_name is the name of the tiered file system for which you want to display a list of files that will be moved and/or pruned by running a policy. For example:
Storage> tier query fs1 /a.txt /b.txt /c.txt /d.txt 330 Configuring Symantec FileStore Dynamic Storage Tiering Displaying files that will be moved and/or pruned by running a policy Chapter 14
Configuring system information
This chapter includes the following topics:
■ About system commands
■ About setting the clock commands
■ Setting the clock commands
■ About configuring the locally saved configuration files
■ Configuring the locally saved configuration files
■ Using the more command
■ About coordinating cluster nodes to work with NTP servers
■ Coordinating cluster nodes to work with NTP servers
■ Displaying the system statistics
■ Using the swap command
■ About the option commands
■ Using the option commands
About system commands The system commands set or show the date and time of the system, and start, stop, or check the status of the NTP server. The system command class also allows you to display cluster-wide performance statistics, swap network interfaces, and enable or disable the more filter on output of the administrative console. It also 332 Configuring system information About setting the clock commands
contains option command display and configure the tunable parameters. The system commands are listed in Table 14-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the System> mode. See “About using the FileStore command-line interface” on page 27.
Table 14-1 System mode commands
Command Definition
clock Sets or shows the date and time of the system, including setting time zones and displaying the list of regions. See “About setting the clock commands” on page 332.
config Imports or exports the FileStore configuration settings. See “About configuring the locally saved configuration files” on page 336.
more Enables, disables, or checks the status of the more filter. See “Using the more command” on page 340.
ntp Sets the Network Time Protocol (NTP) server on all of the nodes in the cluster. See “About coordinating cluster nodes to work with NTP servers” on page 340.
stat Displays the system, Dynamic Multipathing (DMP), and process-related node wide statistics. See “Displaying the system statistics” on page 342.
swap Swaps two network interfaces of a node in a cluster. See “Using the swap command” on page 343.
option Adjusts a variety of tunable variables that affect the global FileStore settings. See “Using the option commands” on page 347.
About setting the clock commands These commands set or show the date and time of the system, including setting time zones and displaying the list of regions. Configuring system information 333 Setting the clock commands
Table 14-2 Clock commands
Command Definition
clock show Displays the current system date and time. See “Setting the clock commands” on page 333.
clock set Sets the system date and time. See “Setting the clock commands” on page 333.
clock timezone Sets the time zone for the system. Note: This command only accepts the name of a city or GMT (Greenwich Mean Time).
See “Setting the clock commands” on page 333.
clock regions Sets the region for the system. See “Setting the clock commands” on page 333.
Setting the clock commands To display the current date and time of the system
◆ To display the current system date and time, enter the following:
System> clock show
For example:
System> clock show Fri Feb 20 12:16:30 PST 2009
You can set the current date and time of the system on all of the nodes in the cluster. 334 Configuring system information Setting the clock commands
To set the system date and time
◆ To set the system date and time, enter the following:
System> clock set time day month year
time HH:MM:SS using a 24-hour clock Pacific Daylight Time (PDT) is the time zone used for the system. Greenwich Mean Time (GMT) is the time zone used for the BIOS.
day 1..31
month January, February, March, April, May, June, July, August, September, October, November, December
year YYYY
For example:
System> clock set 12:00:00 17 July 2009 .Done. Fri Jul 17 12:00:00 PDT 2009 Configuring system information 335 Setting the clock commands
To set the time zone and region for the system 1 To set the time zone for the system, enter the following:
System> clock timezone timezone
2 To reset the time zone on your system, enter the following:
System> clock timezone region
The system will reset to the time zone for that specific region. For example:
System> clock show Thu Apr 3 09:40:26 PDT 2008
System> clock timezone GMT Setting time zone to: GMT ..Done. Thu Apr 3 16:40:37 GMT 2008
System> clock show Thu Apr 3 16:40:47 GMT 2008
System> clock timezone Los_Angeles Setting time zone to: Los_Angeles ..Done. Thu Apr 3 09:41:06 PDT 2008
System> clock show Thu Apr 3 09:41:13 PDT 2008
To set the region for the system
◆ To set the region for the system, enter the following:
System> clock regions [region] 336 Configuring system information About configuring the locally saved configuration files
region Specifies the region for the system. Valid values include:
■ Africa ■ America ■ Asia ■ Australia ■ Canada ■ Europe ■ GMT-offset - (this includes GMT, GMT +1, GMT +2) ■ Pacific ■ US
For example:
System> clock regions US
The software responds with the areas included in the US region.
System> clock regions US Alaska Aleutian Arizona Central East-Indiana Eastern Hawaii Indiana-Starke Michigan Mountain Pacific Samoa
About configuring the locally saved configuration files
Table 14-3 Configuration commands
Command Definition
config list Views locally saved configuration files. See “Configuring the locally saved configuration files” on page 337. Configuring system information 337 Configuring the locally saved configuration files
Table 14-3 Configuration commands (continued)
Command Definition
config export local Exports configuration settings locally. See “Configuring the locally saved configuration files” on page 337.
config export Exports configuration settings remotely. remote See “Configuring the locally saved configuration files” on page 337.
config import local Imports configuration settings locally. Warning: Running the system> config import command overwrites all of your existing configuration settings except cluster name.
See “Configuring the locally saved configuration files” on page 337.
config import Imports configuration settings remotely. remote Warning: Running the system> config import command overwrites all of your existing configuration settings except cluster name.
See “Configuring the locally saved configuration files” on page 337.
config delete Deletes the locally saved configuration file. See “Configuring the locally saved configuration files” on page 337.
Configuring the locally saved configuration files To list configuration settings
◆ To view locally saved configuration files, enter the following:
System> config list 338 Configuring system information Configuring the locally saved configuration files
To export configuration settings either locally or remotely
◆ To export configuration settings locally, enter the following:
System> config export local file_name
For example:
System> config export local 2007_July_20
To export configuration settings remotely, enter the following:
System> config export remote URL
For example:
System> config export remote ftp://[email protected]/configs/config1.tar.gz Password: *******
file_name Specifies the saved configuration file.
URL Specifies the URL of the export file (supported protocols are FTP and SCP).
You can import the configuration settings saved in a local file or saved to a remote machine specified by a URL. To import configuration settings either locally or remotely
◆ To import configuration settings locally, enter the following:
System> config import local file_name {network|admin|all| report|system|cluster_specific|all_except_cluster_specific| nfs|cifs|ftp|backup|replication|storage_schedules|antivirus}
For example:
System> config import local 2007_July_20 network Backup of current configuration was saved as 200907150515 network configuration was imported Configuration files are replicated to all the nodes
where 200907150515 is the date (20090715 = July 15, 2009) and the time (0515 = hour 5 and 15 minutes). To import configuration settings remotely, enter the following: Configuring system information 339 Configuring the locally saved configuration files
System> config import remote URL {network|admin|all| report|system|cluster_specific|all_except_cluster_specific| nfs|cifs|ftp|backup|replication|storage_schedules|antivirus}
For example:
System> config import remote ftp://[email protected]/home/user1/ 2008_July_20.tar.gz report Password: ******* file_name Specifies the saved configuration file.
URL Specifies the saved configuration at a remote machine specified by a URL. import Available import configuration options are: configuration ■ network - Imports DNS, LDAP, NIS, nsswitch settings (does options not include IP). ■ admin - Imports list of users, passwords. ■ all - Imports all configuration information. ■ report - Imports report settings. ■ system - Imports NTP settings. ■ cluster_specific - Imports public IP addresses, virtual IP addresses, and console IP addresses. Be careful before using this import option. The network connection to the console server will be lost after performing an import. You need to reconnect to the console server after importing the configuration option. ■ all_except_cluster_specific - Imports all configuration information except for cluster-specific information. ■ nfs - Imports NFS settings.
■ cifs - Imports CIFS settings. ■ ftp - Imports the FTP setting. ■ backup - Imports the NBU client and NDMP configuration, excluding the virtual-name and virtual-ip. ■ replication - Imports replication settings. ■ storage_schedules - Imports dynamic storage tiering (DST) and automated snapshot schedules. ■ antivirus - Imports antivirus settings. 340 Configuring system information Using the more command
To delete the locally saved configuration file
◆ To delete the locally saved configuration file, enter the following:
System> config delete file_name
file_name specifies the locally saved configuration file for which to delete.
Using the more command
The System> more command enables, disables, or checks the status of the more filter. The default setting is enable, which lets you page through the text one screen at a time. To set the more command
◆ To use the more command, enter the following:
System> more enable|disable|status
enable Enables the more filter on all of the nodes in the cluster.
disable Disables the more filter on all of the nodes in the cluster.
status Displays the status of the more filter.
For example:
System> more status Status : Enabled
System> more disable SFS more Success V-288-748 more deactivated on console
System> more enable SFS more Success V-288-751 more activated on console
About coordinating cluster nodes to work with NTP servers You can set the Network Time Protocol (NTP) server on all of the nodes in the cluster. The Storage Foundation Cluster File Server (SFCFS) configuration recommends setting the NTP server, though setting the NTP server is optional. Configuring system information 341 Coordinating cluster nodes to work with NTP servers
Note: Use 127.127.1.0 as the IP address for selecting the local clock as the time source for the NTP server.
Table 14-4 NTP commands
Command Definition
ntp servername Sets the NTP server on all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 341.
ntp show Displays NTP status and server name. See “Coordinating cluster nodes to work with NTP servers” on page 341.
ntp enable Enables the NTP server on all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 341.
ntp disable Disables the NTP server on all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 341.
Coordinating cluster nodes to work with NTP servers To set the NTP server on all of the nodes in the cluster
◆ To set the NTP server on all of the nodes in the cluster, enter the following:
System> ntp servername server-name
where server-name specifies the name of the server or IP address you want to set. For example:
System> ntp servername ntp.symantec.com Setting NTP server = ntp.symantec.com ..Done. 342 Configuring system information Displaying the system statistics
To display the status of the NTP server
◆ To display NTP status and server name, enter the following:
System> ntp show
Example output:
System> ntp show Status: Enabled Server Name: ntp.symantec.com
To enable the NTP server
◆ To enable the NTP server on all of the nodes in the cluster, enter the following:
System> ntp enable
For example:
System> ntp enable Enabling ntp server: ntp.symantec.com ..Done.
To disable the NTP server
◆ To disable the NTP server on all of the nodes in the cluster, enter the following:
System> ntp disable
For example:
System> ntp disable Disabling ntp server:..Done. System> ntp show Status : Disabled Server Name: ntp.symantec.com
Displaying the system statistics
The System> stat command displays the system, Dynamic Multipathing (DMP), and process-related node-wide statistics. The load in the displayed output is the load from the last 1, 5, and 15 minutes. Configuring system information 343 Using the swap command
To display the system statistics
◆ To display cluster wide or node wide statistics, enter the following:
System> stat sys|dmp|all|cluster [node]
sys Displays the system-related statistics.
dmp Displays the DMP-related statistics.
cluster Displays the aggregate of the I/O and network performances from each node and averages out the number of nodes in the cluster to show the statistics at the cluster level. The variable node does not apply to this option.
all Displays the system and DMP-related statistics of one node at a time in the cluster or all of the nodes in the cluster.
node The name of the node in the cluster.
To view the cluster-wide network and I/O throughput, enter the following:
System> stat cluster Gathering statistics... Cluster wide statistics:::: ======IO throughput :: 0 Network throughput :: 1.205
Using the swap command If you set up a single-node cluster, and you were not able to ping the gateway through the private or public interface, then the cables may have been attached incorrectly. To correct this problem, you first need to switch the cables back to the correct connectors. You then need to run the System> swap command. For example, if the public switch is 'priveth0' and the private switch is 'pubeth0,' the System> swap command switches the MAC addresses for 'priveth0' and 'pubeth0.' After running the System> swap command, all Secure Shell (SSH) connections hosted on the input interfaces will terminate. You can check the status of the System> swap command using the > history command.
The System> swap command works only on a single-node cluster. No other service should be running. 344 Configuring system information About the option commands
Note: Do not use this command if you have exported CIFS/NFS shares.
To use the swap command
◆ To use the swap command, enter the following:
System> swap interface1 interface2
For example:
System> swap pubeth0 priveth0 All ssh connection(s) need to start again after this command. Do you want to continue [Enter "y/yes" to continue]... Check status of this command in history. Wait......
About the option commands
The option commands were created to allow you to adjust a variety of tunable variables that affect the global FileStore settings. The tunable variables that can be changed or displayed are listed in Table 14-5.
Note: Only system administrators with advanced knowledge of Dynamic Multipathing (DMP) I/O policies should use the System> option commands. For assistance, contact Technical Support.
Table 14-5 Option commands
Command Definition
option show nfsd Displays the number of Network File System (NFS) daemons for each node in the cluster. See “Using the option commands” on page 347.
option modify nfsd Modifies the number of Network File System (NFS) daemons on all of the nodes in the cluster. The range for the number of daemons you can modify is 16 to 1892. Warning: The option modify nfsd command overwrites the existing configuration settings.
See “Using the option commands” on page 347. Configuring system information 345 About the option commands
Table 14-5 Option commands (continued)
Command Definition option show dmpio Displays the type of Dynamic Multipathing (DMP) I/O policy and the enclosure for each node in a cluster. See “Using the option commands” on page 347. option modify Modifies the Dynamic Multipathing (DMP) I/O policy, corresponding dmpio to the enclosure, arrayname, and arraytype. Warning: Check the sequence before modifying the I/O policy. The policies need to be applied in following sequence: arraytype, arrayname, and enclosure. The enclosure-based modification of the I/O policy overwrites the I/O policy set using the arrayname and the arraytype for that particular enclosure. In turn, the arrayname-based modification of the I/O policy overwrites the I/O policy set using the arraytype for that particular arrayname.
See “Using the option commands” on page 347. option reset dmpio Resets the Dynamic Multipathing (DMP) I/O policy setting for the given input (enclosure, arrayname, and arraytype). Use this command when you want to change the I/O policy from the previously set enclosure to arrayname. The settings hierarchy is enclosure, arrayname, and arraytype, so to modify the I/O policy to arraytype, you need to reset arrayname and enclosure. Note: This command does not set the default I/O policy.
See “Using the option commands” on page 347. option show Displays the ninodes cache size in the cluster. ninodes See “Using the option commands” on page 347. option modify Changes the cache size of the global inodes. If your system is caching ninodes a large number of metadata transactions, or if there is significant virtual memory manager usage, modifying some of the variables may improve performance. The range for the inode cache size is from 10000 to 2097151. Warning: The option modify ninodes command requires a cluster-wide reboot.
See “Using the option commands” on page 347. option show Displays the global value of the write_throttle parameter. tunefstab See “Using the option commands” on page 347. 346 Configuring system information About the option commands
Table 14-5 Option commands (continued)
Command Definition
option modify Modifies the global write_throttle parameter for all the mounted file tunefstab systems. The write_throttle parameter is useful in situations where a computer system combines a large amount of memory and slow storage devices. In this configuration, sync operations (such as fsync()) may take so long to complete that a system appears to hang. This behavior occurs because the file system is creating dirty buffers (in-memory updates) faster than they can be asynchronously flushed to disk without slowing system performance. Lowering the value of write_throttle limits the number of dirty buffers per file that a file system generates before flushing the buffers to disk. After the number of dirty buffers for a file reaches the write_throttle threshold, the file system starts flushing buffers to disk even if free memory is available. The default value of write_throttle is zero, which puts no limit on the number of dirty buffers per file. See “Using the option commands” on page 347.
option show Displays the value of the dmptune attribute. dmptune See “Using the option commands” on page 347.
option modify Modifies the value for either the dmp_path_age or the dmptune dmp_health_time attributes.
See “Using the option commands” on page 347. Configuring system information 347 Using the option commands
Using the option commands To display the NFS daemons
◆ To display the NFS daemons, enter the following:
System> option show nfsd
For example:
System> option show nfsd NODENAME NUMBER_DAEMONS ------sfs_1 96 sfs_2 96
If you want to view your current enclosure names, use the following command:
Storage> disk list detail
For example:
Storage> disk list detail Disk Pool Enclosure Size ======sda p1 OTHER_DISKS 10.00G
ID Serial Number ======VMware%2C:VMware%20Virtual%20S:0:0 -
To change the NFS daemons
◆ To display the number of NFS daemons, enter the following:
System> option modify nfsd number [nodename]
For example:
System> option modify nfsd 97 System> 348 Configuring system information Using the option commands
To display the DMP I/O policy
◆ To change the dmpio policy, enter the following:
System> option show dmpio
For example:
NODENAME TYPE ENCLR/ARRAY IOPOLICY ------rama_01 arrayname disk balanced rama_01 enclosure disk minimumq
To change the DMP I/O policy
◆ To change the DMP I/O policy, enter the following:
System> option modify dmpio {enclosure enclr_name|arrayname array_name|arraytype {A/A|A/P|...}} iopolicy={adaptive|adaptiveminq|balanced|minimumq|priority| round-robin|singleactive}
The dmpio policy variables are the following:
enclosure enclr_name Name of the enclosure to distinguish between arrays having the same array name.
arrayname array_name Name of the array. Two physical array boxes of the same make will have the same array name.
arraytype array_type A multipathing type of array. Use one of the following: active-active, active-active-A, active-active-A-HDS, active-active-A-HP, APdisk, active-passive, active-passive-C, active-passiveF-VERITAS, active-passiveF-T3PLUS, active-passiveF-LSI, active-passiveG, active-passiveG-C, Disk, CLR-A-P, CLR-A-PF Configuring system information 349 Using the option commands
iopolicy adaptive In storage area network (SAN) environments, this option determines the paths that have the least delays, and schedules the I/O on paths that are expected to carry a higher load. Priorities are assigned to the paths in proportion to the delay.
adaptiveminq The I/O is scheduled according to the length of the I/O queue on each path. The path with the shortest queue is assigned the highest priority.
balanced Takes into consideration the track cache when balancing the I/O across paths.
minimumq Uses a minimum I/O queue policy. The I/O is sent on paths that have the minimum number of I/O requests in the queue. This policy is suitable for low-end disks or JBODs where a significant track cache does not exist. This is the default policy for Active/Active (A/A) arrays.
priority Assigns the path with the highest load carrying capacity as the priority path. This policy is useful when the paths in a SAN have unequal performances, and you want to enforce load balancing manually.
round-robin Sets a simple round-robin policy for the I/O. This is the default policy for Active/Passive (A/P) and Asynchronous Active/Active (A/A-A) arrays.
singleactive The I/O is channeled through the single active path.
To reset the DMP I/O policy
◆ To reset the DMP I/O policy, enter the following:
System> option reset dmpio {enclosure enclr_name|arrayname array_name|arraytype {A/A|A/P|...}}
To display the ninodes cache size
◆ To display the ninodes cache size, enter the following:
System> option show ninodes
For example:
System> option show ninodes INODE_CACHE_SIZE ------2000343 350 Configuring system information Using the option commands
To change the ninodes cache size
◆ To change the ninodes cache, enter the following:
System> option modify ninodes number
For example:
System> option modify ninodes 2000343 SFS option WARNING V-288-0 This will require cluster wide reboot. Do you want to continue (y/n)?
To display the tunefstab parameter
◆ To display the tunefstab parameter, enter the following:
System> option show tunefstab
For example:
System> option show tunefstab NODENAME ATTRIBUTE VALUE ------sfs_01 write_throttle Default sfs_02 write_throttle Default
To modify the tunefstab parameter
◆ To modify the tunefstab parameter, enter the following:
System> option modify tunefstab write_throttle value
where value is the number you are assigning to the write_throttle parameter. For example:
System> option modify tunefstab write_throttle 20003 System> option show tunefstab NODENAME ATTRIBUTE VALUE ------sfs_01 write_throttle 20003 sfs_02 write_throttle 20003 Configuring system information 351 Using the option commands
To display the value of the dmptune attribute
◆ To display the value of the dmptune attribute, enter the following:
System> option show dmptune
For example:
System> option show dmptune NODENAME ATTRIBUTE VALUE ------rama_01 dmp_path_age 57 rama_01 dmp_health_time 44
To modify the value of the dmp_path_age and dmp_health_time attributes
◆ To modify the value of the dmp_path_age and dmp_health_time attributes, enter the following:
System> option modify dmptune {dmp_path_age value | dmp_health_time value}
dmp_path_age Time when an intermittently failing path needs to be monitored value before DMP marks the path as healthy, and DMP attempts to schedule I/O requests for that path. The default value is 300 seconds. A value of 0 prevents DMP from detecting intermittently failing paths.
dmp_health_time Sets the time in seconds for which a path must stay healthy. If a value path's state changes back from enabled to disabled within this time period, DMP marks the path as intermittently failing, and DMP does not re-enable the path for I/O until the dmp_path_age seconds have elapsed. The default value of dmp_health_time is 60 seconds. A value of 0 prevents DMP from detecting intermittently failing paths.
For example:
System> option modify dmptune dmp_path_age 40
System> option modify dmptune dmp_health_time 50 352 Configuring system information Using the option commands Chapter 15
Upgrading Symantec FileStore
This chapter includes the following topics:
■ About upgrading drivers
■ Displaying the current version of FileStore
■ About installing patches
■ Installing patches
About upgrading drivers
The upgrade commands install or uninstall upgrades to the FileStore software. The upgrades can be patches or drivers. The software is installed or uninstalled on all of the nodes. The upgrade commands are defined in Table 15-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the Upgrade> mode. See “About using the FileStore command-line interface” on page 27.
Note: The Upgrade> patch install command can also be used for DUD upgrades in case the new node you want to add into the cluster has a separate set of driver requirements compared to the first node. 354 Upgrading Symantec FileStore About upgrading drivers
Table 15-1 Upgrade mode commands
Command Definition
show Displays the current version of FileStore, the patch level, and the DUD upgrade(s). The Upgrade> show detail command displays information about major upgrades. Error messages are displayed if any of the nodes in the cluster do not have matching software versions, operating system packages installed, or any DUD upgrade(s) installed. See “Displaying the current version of FileStore” on page 355.
patch install Downloads the patch from the specified URL and installs it on all of the nodes. See “About installing patches” on page 356.
patch Uninstalls the software upgrade from all of the nodes up to the uninstall-upto specified version. See “About installing patches” on page 356.
patch sync Synchronizes the specified node. See “About installing patches” on page 356.
patch duduninstall Removes all of the driver updates previously added to the cluster and reverts back to the original driver update image. See “About installing patches” on page 356. Upgrading Symantec FileStore 355 Displaying the current version of FileStore
Displaying the current version of FileStore To display the current version of FileStore 1 To display the current version of FileStore and the patch level, enter the following:
Upgrade> show
For example:
Upgrade> show 5.5 ENTERPRISE EDITION (Mon Aug 17 16:12:40 2009), Installed on Mon Aug 10 09:23:28 EST 2009
2 To display the current version of FileStore, the DUD upgrades, the patch level, and major upgrades, enter the following:
Upgrade> show detail
For example:
Upgrade> show detail 6.0SP1 ENTERPRISE EDITION (Tue Dec 15 08:40:23 2010) 6.0 ENTERPRISE EDITION (Tue Aug 11 08:40:23 2010), Installed on Tue Aug 11 17:21:18 EDT 2010 6.0SP1 ENTERPRISE EDITION (Tue Dec 15 08:40:23 2010), Installed on Tue Dec 15 19:19:54 EDT 2010 Major Upgrade(s) ======Upgraded from 5.5 to 6.0 (Tue Aug 11 08:40:23 2010) on Tue Aug 11 17:21:18 EDT 2010 356 Upgrading Symantec FileStore About installing patches
About installing patches
Table 15-2 Patch commands
Command Definition
patch install Downloads the patch from a specified URL and install it on all of the nodes. The Upgrade> patch install command first synchronizes the nodes that have different software versions compared to the other nodes. If the remaining nodes (nodes other then first node added into the cluster) have a different set of driver requirements, then you can also use the same patch install command to add drivers in the driver update image present in the install server. The driver update image present in the install server acts as a Driver Update Disk (DUD) image during the installation for any node using the PXE boot. To use the same patch install interface for the DUD update process, along with the URL path of the DUD patch (the DUD ISO), you have to specify the list of drivers you want to add. Note: After you have installed, uninstalled, or synchronized a new FileStore patch into your cluster, the list of available commands may have changed. Please re-login to the CLI to access the updated features.
See “Installing patches” on page 357.
patch Uninstalls the software upgrade from all of the nodes up to the uninstall-upto specified version. You must specify the versions of software up to the version that you want to uninstall. This command first synchronizes the nodes that have different software versions compared to other nodes in the cluster. See “Installing patches” on page 357.
patch sync Forcefully synchronizes the specified node, bringing it up to the currently installed software version of the remaining nodes in the cluster. You only need to install the patch on one node, and then run the Upgrade> patch sync command to synchronize all of the nodes.
See “Installing patches” on page 357.
patch duduninstall Removes all of the driver updates previously added to the cluster and reverts back to the original driver update image. This process does not remove the drivers that were added during the installation of the first node. The DUD uninstall process is not incremental, unlike the DUD upgrade process where you can add different drivers by using the patch install commands multiple times.
See “Installing patches” on page 357. Upgrading Symantec FileStore 357 Installing patches
Installing patches To install the latest patches on your system
◆ To install the latest patches, enter the following:
Upgrade> patch install URL [driver_list]
For example, you can download a DUD ISO from an HTTP server with authentication and install it. The following output shows the update of the driver update image (on all of the nodes present in the cluster) with the tg3 driver of version 3.71b and the megaraid-sas.ko driver of version 00.00.03.16.
http://[email protected]/DRIVER_UPDATES/SFS_DUD.iso tg3.ko:3.71b,megaraid_sas.ko:00.00.03.16 Enter password for user 'admin': ********** Please wait. Upgrade is in progress... Patch upgraded on all nodes of cluster.
URL The URL of the location from where you can download the software patch. The URL supports HTTP, FTP, and SCP protocols for download. The username and password for the HTTP and FTP protocols are supported.
driver_list An optional variable that you can use for DUD upgrades. Enter a list of comma-separated [drivername:versionnumber] pairs when you want to apply the DUD upgrade. You can exit the patch DUD upgrade process by entering no/no at the prompt. For example:
Upgrade> patch install scp:// [email protected]:/home/support/SFS.iso Enter password for user 'support':******** No input driver given... List of drivers present in DUD:: Drivername:Versionnumber ************************** e1000.ko:7.6.9.1 tg3.ko:3.71b megaraid_sas.ko:00.00.03.16
Please enter driver list you want to add [Enter "No" to exit from here]:: no Sorry...Patch driverupgrade process is terminated by you. 358 Upgrading Symantec FileStore Installing patches
To uninstall patches
◆ To uninstall the software upgrades, enter the following:
Upgrade> patch uninstall-upto version
where version specifies the versions of software up to the version that you want to uninstall. For example:
Upgrade> patch uninstall-upto 5.5RP1 OK Completed
To forcefully synchronize software upgrades on a node
◆ To forcefully synchronize software upgrades on a node, enter the following:
Upgrade> patch sync nodename
where nodename specifies the node that needs to be synchronized to the same software version as the one currently installed in the cluster. For example:
Upgrade> patch sync node2 ...... Syncing software upgrades on node2... SFS patch SUCCESS V-288-122 Patch sync completed.
This command lists all of the drivers updated on the cluster and asks you to confirm the uninstall on each one by entering y or yes. If you decide not to uninstall the drivers, press any key other than y or yes to exit the uninstall process. Upgrading Symantec FileStore 359 Installing patches
To uninstall driver updates
◆ To uninstall the driver updates, enter the following:
Upgrade> patch duduninstall
You will be asked to confirm the uninstallation of the drivers. For example:
Upgrade> patch duduninstall patch duduninstall DUD updated with following drivers :: ======tg3.ko:3.71b megaraid_sas.ko:00.00.03.16 Do you really want to continue with uninstallation [Enter "y/yes" to continue]:: y Uninstalling DUD... DUD uninstall completed successfully. 360 Upgrading Symantec FileStore Installing patches Chapter 16
Using Symantec AntiVirus for FileStore
This chapter includes the following topics:
■ About Symantec AntiVirus for FileStore
■ About Symantec AntiVirus for FileStore licensing
■ About Symantec AntiVirus for FileStore commands
■ Displaying Symantec AntiVirus for FileStore configurations
■ About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
■ Configuring Symantec AntiVirus for FileStore on the cluster's nodes
■ About configuring Auto-Protect on FileStore file systems
■ Configuring Auto-Protect on FileStore file systems
■ About excluding file extensions
■ Configuring file extensions for the Symantec AntiVirus for FileStore configuration file
■ About Symantec AntiVirus for FileStore LiveUpdate
■ Using Symantec AntiVirus for FileStore with LiveUpdate
■ About using Symantec AntiVirus for FileStore quarantine commands
■ Using Symantec AntiVirus for FileStore quarantine commands
■ About using Symantec AntiVirus for FileStore serial number commands 362 Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore
■ Adding or displaying Symantec AntiVirus for FileStore serial numbers
■ Setting the Symantec AntiVirus for FileStore action policy
■ About using Symantec AntiVirus for FileStore manual scan commands
■ Using Symantec AntiVirus for FileStore manual scan commands
■ About scheduling a Symantec AntiVirus for FileStore scan job
■ Scheduling a Symantec AntiVirus for FileStore scan job
About Symantec AntiVirus for FileStore FileStore software lets you access data through numerous protocols including NFS, CIFS, and FTP. You are able to store your data on the network-attached storage. Symantec AntiVirus for FileStore provides on-access virus protection for data that can be accessed through FileStore. Symantec AntiVirus for FileStore detects and prevents the spread of malicious virus code before your data is compromised. Symantec AntiVirus for FileStore provides two methods for protecting data:
■ Auto-Protect (AP) scan - protects files and file systems as they are accessed (when a file is opened, modified, or executed) You can use the Auto-Protect method to conduct client access on-demand scanning of NFS, CIFS, or other protocols within FileStore. Symantec AntiVirus for FileStore provides support for the Auto-Protect method through use of the autoprotect commands. See “About configuring Auto-Protect on FileStore file systems” on page 367.
■ Scheduled scan - scans file systems for viruses when requested or at scheduled intervals You can use the Scheduled scan method to have automated scans occur at regular times, or to manually scan file systems on an as-needed basis. Symantec AntiVirus for FileStore provides support for Scheduled scans through use of the job and scan commands. See “About scheduling a Symantec AntiVirus for FileStore scan job” on page 383. See “About using Symantec AntiVirus for FileStore manual scan commands” on page 381.
Note: Symantec AntiVirus for FileStore is based on Symantec Endpoint Protection technology and is an optional component of the FileStore product. Symantec AntiVirus for FileStore requires you to have a valid Symantec Endpoint Protection maintenance agreement in order for the product feature to be licensed correctly. Using Symantec AntiVirus for FileStore 363 About Symantec AntiVirus for FileStore licensing
Figure 16-1 Symantec AntiVirus for FileStore overview
2. Symantec AntiVirus for 1. Client opens a file. FileStore scans the file. 3. If a virus is found, Symantec AntiVirus for FileStore reacts based on the policies. Client 4. Client is allowed or Server denied access to the file.
1. The client attempts to access a file from the share. A file becomes a candidate for scanning when it is accessed.
2. If Auto-Protect (AP) is enabled on the share, Symantec AntiVirus for FileStore verifies if the file needs to be scanned or not based on parameters, such as file extensions. If Auto-Protect is not enabled on that share, it allows you to access the file without Symantec AntiVirus for FileStore intervention.
3. If the file is a candidate to be scanned, Symantec AntiVirus for FileStore scans the file and takes the specified action, such as delete, quarantine, or clean, based on the indicated scan action policies.
4. Based on the scan results, you are allowed or denied access to the file.
About Symantec AntiVirus for FileStore licensing FileStore includes the ability to enable scheduled and Auto-Protect (on-demand) antivirus scanning within the FileStore cluster and without requiring external servers. If you use the Symantec AntiVirus for FileStore antivirus feature, to comply with the Symantec Endpoint Protection End-User License Agreement (EULA), you must have purchased the appropriate number of licenses. Contact your Symantec account representative or channel partner representative for more information on licensing Symantec AntiVirus for FileStore.
About Symantec AntiVirus for FileStore commands To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter Antivirus> mode. See “About using the FileStore command-line interface” on page 27. 364 Using Symantec AntiVirus for FileStore Displaying Symantec AntiVirus for FileStore configurations
Table 16-1 Symantec AntiVirus for FileStore commands
Commands Definitions
autoprotect Enables or disables Auto-Protect (AP) on specified file systems.
excludeextension Adds or deletes file extensions to/from the Symantec AntiVirus for FileStore configuration file. Symantec AntiVirus for FileStoreskips scanning the files whose file extensions are in the excluded list. By default, Symantec AntiVirus for FileStore scans all the files.
job Creates and configures the scan task identified by a unique job_name.
liveupdate Adds, updates, views, and schedules LiveUpdates to Symantec AntiVirus for FileStore for updating virus definitions.
quarantine Lists, deletes, repairs, and provides information about quarantined items.
savkey Adds/displays Symantec AntiVirus for FileStore serial numbers.
scan Manually starts, stops, and gives status of the file systems.
scanaction Sets the Symantec AntiVirus for FileStore action policy. Symantec AntiVirus for FileStore takes action according to action policies when a virus is detected in a file. Available action policies are delete, quarantine, clean, and leave.
service Starts or stops Symantec AntiVirus for FileStore on specified file systems. The command also displays the status of Symantec AntiVirus for FileStore on each node. By default, Symantec AntiVirus for FileStore is stopped on all of the nodes.
show Displays all of the configuration details of Symantec AntiVirus for FileStore. For example, list of file extensions (doc, exe, zip) and scan action details (clean, delete).
Displaying Symantec AntiVirus for FileStore configurations
The show command displays the Symantec AntiVirus for FileStore logs and configuration details. Using Symantec AntiVirus for FileStore 365 About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
To display Symantec AntiVirus for FileStore configurations
◆ To display Symantec AntiVirus for FileStore logs configuration details, enter the following:
Antivirus> show [logs]
For example:
Antivirus> show Parameter Value ------Primary action Clean Secondary action Quarantine File excluded extension list Auto protect enabled file systems Auto protect disabled file systems fs1 Virus definitions version 12/14/09 rev. 020
LiveUpdate serverid LiveUpdate servername ------0 http://liveupdate.symantecliveupdate.com:80 1 http://liveupdate.symantec.com:80 2 ftp://update.symantec.com/opt/content/onramp
About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
The service command enables, disables, or displays status for the Symantec AntiVirus for FileStore service on all of the nodes in the cluster.
Table 16-2 Symantec AntiVirus for FileStore cluster node configuration commands
Command Definition
service start Starts Symantec AntiVirus for FileStore on all of the nodes in a cluster. By default, Symantec AntiVirus for FileStore is disabled on all of the nodes in the cluster. See “Configuring Symantec AntiVirus for FileStore on the cluster's nodes” on page 366. 366 Using Symantec AntiVirus for FileStore Configuring Symantec AntiVirus for FileStore on the cluster's nodes
Table 16-2 Symantec AntiVirus for FileStore cluster node configuration commands (continued)
Command Definition
service stop Stops Symantec AntiVirus for FileStore on all of the nodes in the cluster. See “Configuring Symantec AntiVirus for FileStore on the cluster's nodes” on page 366.
service status Displays the status of the Symantec AntiVirus for FileStore service on each node. See “Configuring Symantec AntiVirus for FileStore on the cluster's nodes” on page 366.
Configuring Symantec AntiVirus for FileStore on the cluster's nodes To start Symantec AntiVirus for FileStore on all nodes in the cluster
◆ To start Symantec AntiVirus for FileStore on all of the nodes in a cluster, enter the following:
Antivirus> service start
By default, the Symantec AntiVirus for FileStore service will be offline. If the Symantec AntiVirus for FileStore service is already started, Symantec AntiVirus for FileStore clears the faults (if any), and then tries to start the Symantec AntiVirus for FileStore service. For example:
Antivirus> service start Using Symantec AntiVirus for FileStore 367 About configuring Auto-Protect on FileStore file systems
To stop Symantec AntiVirus for FileStore on all nodes in the cluster
◆ To stop Symantec AntiVirus for FileStore on all nodes in a cluster, enter the following:
Antivirus> service stop
You will receive an error if you try to stop an already stopped Symantec AntiVirus for FileStore service. For example:
Antivirus> service stop
To display Symantec AntiVirus for FileStore status on all nodes in the cluster
◆ To display the status of the Symantec AntiVirus for FileStore service on all the nodes in the cluster, enter the following:
Antivirus> service status
For example:
Antivirus> service status
About configuring Auto-Protect on FileStore file systems
The autoprotect command enables or disables Auto-Protect (AP) antivirus protection on a single file system or on all of the FileStore file systems. The default option enables Auto-Protect on all FileStore file systems.
Table 16-3 autoprotect commands
Command Definition
autoprotect enable Enables Auto-Protect on a single file system or all of the file systems. See “Configuring Auto-Protect on FileStore file systems” on page 368.
autoprotect Disables Auto-Protect on a single file system or all of the file systems. disable See “Configuring Auto-Protect on FileStore file systems” on page 368. 368 Using Symantec AntiVirus for FileStore Configuring Auto-Protect on FileStore file systems
Configuring Auto-Protect on FileStore file systems To enable Auto-Protect on FileStore file systems
◆ To enable automatic antivirus protection on individual file systems, enter the following:
Antivirus> autoprotect enable fs_name1,fs_name2
where fs_name1 and fs_name2 are the names of the file systems. For example, to enable Auto-Protect on specified file systems, enter the following:
Antivirus> autoprotect enable fs1,fs2
By default, Auto-Protect is disabled on newly created file systems. If you issue the autoprotect enable command without any options, Auto-Protect is enabled on all the file systems in the cluster. For example, to enable Auto-Protect on all the file systems in the cluster, enter the following:
Antivirus> autoprotect enable
To disable Auto-Protect on FileStore file systems
◆ To disable Auto-Protect on FileStore file systems, enter the following:
Antivirus> autoprotect disable fs_name1,fs_name2
where fs_name1 and fs_name2 are the names of the file systems for which Auto-Protect should be disabled. For example:
Antivirus> autoprotect disable fs1,fs2
About excluding file extensions
The excludeextension command lets you exclude file extensions so they are not included in the Symantec AntiVirus for FileStore scan.
Note: File extensions are case-sensitive. Using Symantec AntiVirus for FileStore 369 Configuring file extensions for the Symantec AntiVirus for FileStore configuration file
Table 16-4 File extension exclusion commands
Command Definition
excludeextension Adds file extensions to the Symantec AntiVirus for FileStore add configuration file. The files contained in this configuration file are not scanned by the Symantec AntiVirus for FileStore software. See “Configuring file extensions for the Symantec AntiVirus for FileStore configuration file” on page 369.
excludeextension Deletes files extensions from the Symantec AntiVirus for FileStore delete configuration file. After the files are deleted from the configuration file, they are scanned by the Symantec AntiVirus for FileStore software. See “Configuring file extensions for the Symantec AntiVirus for FileStore configuration file” on page 369.
excludeextension Displays the list of file extensions currently in the Symantec AntiVirus list for FileStore configuration file. See “Configuring file extensions for the Symantec AntiVirus for FileStore configuration file” on page 369.
Configuring file extensions for the Symantec AntiVirus for FileStore configuration file To add file extensions to the Symantec AntiVirus for FileStore configuration file
◆ To add file extensions to the Symantec AntiVirus for FileStore configuration file and eliminate the files from being scanned, enter the following:
Antivirus> excludeextension add file_extension1,file_extension2
where file_extension1,file_extension2 are the names of the file extensions you want to add to the Symantec AntiVirus for FileStore configuration file. For example:
Antivirus> excludeextension add txt,DOC SFS antivirus SUCCESS V-288-1128 File extension txt,DOC added 370 Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore LiveUpdate
To delete file extensions from the Symantec AntiVirus for FileStore configuration file
◆ To delete file extensions from the Symantec AntiVirus for FileStore configuration file and include the files in the Symantec AntiVirus for FileStore scan, enter the following:
Antivirus> excludeextension delete file_extension1,file_extension2
where file_extension1,file_extension2 are the names of the file extensions you want to delete from the Symantec AntiVirus for FileStore configuration file. For example:
Antivirus> excludeextension delete txt SFS antivirus SUCCESS V-288-1128 File extension txt deleted
To display the list of file extensions in the Symantec AntiVirus for FileStore configuration file
◆ To display the list of file extensions in the Symantec AntiVirus for FileStore configuration file, enter the following:
Antivirus> excludeextension list
For example:
Antivirus> excludeextension list Parameter Value ------File excluded extension list DOC
About Symantec AntiVirus for FileStore LiveUpdate
The liveupdate feature is used to add LiveUpdate servers to Symantec AntiVirus for FileStore for updating virus definitions.
Table 16-5 Symantec AntiVirus for FileStore liveupdate commands
Command Definition
liveupdate Adds LiveUpdate servers to Symantec AntiVirus for FileStore for serveradd updating virus definitions. See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. Using Symantec AntiVirus for FileStore 371 About Symantec AntiVirus for FileStore LiveUpdate
Table 16-5 Symantec AntiVirus for FileStore liveupdate commands (continued)
Command Definition liveupdate Deletes a Symantec AntiVirus for FileStore LiveUpdate server or proxy serverdelete from the LiveUpdate servers list. See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. liveupdate start Runs a LiveUpdate of the virus definitions immediately. See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. liveupdate Creates a schedule for the LiveUpdate. schedule create See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. liveupdate Modifies a schedule for the LiveUpdate. schedule modify See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. liveupdate Deletes the schedule of the LiveUpdate. schedule delete See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. liveupdate Displays the LiveUpdate schedule. schedule show See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 372. 372 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
Using Symantec AntiVirus for FileStore with LiveUpdate To add the LiveUpdate servers to Symantec AntiVirus for FileStore
◆ To add the LiveUpdate servers to Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate serveradd url
where url is either an HTTP, FTP, or proxy server URL. For example:
Antivirus> liveupdate server add http://sample.com SFS antivirus SUCCESS V-288-1263 Server added to liveupdate server database.
The master node assigns a server ID to the given input. You can add a maximum of 10 servers and 1 proxy server to the LiveUpdate server list. To delete the server or proxy from the LiveUpdate servers list
◆ To delete the server or proxy from the LiveUpdate servers list, enter the following:
Antivirus> liveupdate serverdelete serverid | proxy
serverid Specifies the ID of the server to be deleted from the LiveUpdate server list.
proxy Specifies the proxy server to be deleted from the LiveUpdate server list.
For example, this command deletes the proxy server from the LiveUpdate servers list, if the proxy server exists.
Antivirus> liveupdate serverdelete proxy SFS antivirus SUCCESS V-288-1274 Successfully proxy server deleted from liveupdate server database.
For example, this command deletes the server associated with server ID 3.
Antivirus> liveupdate serverdelete 3 SFS antivirus SUCCESS V-288-1278 Successfully server with id 3 deleted from liveupdate server database. Using Symantec AntiVirus for FileStore 373 Using Symantec AntiVirus for FileStore with LiveUpdate
To run LiveUpdate on Symantec AntiVirus for FileStore
◆ To immediately run LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate start
For example, this command runs LiveUpdate immediately.
Antivirus> liveupdate start Please wait liveupdate in progress SFS antivirus SUCCESS V-288-1108 Done 374 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
To create a new schedule for LiveUpdate on Symantec AntiVirus for FileStore
◆ To create a schedule for LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate schedule create minute hour day_of_the_month month day_of_the_week
minute Specifies the minutes for the LiveUpdate. This field may contain either an asterisk '*', which implies 'every minute' or a numeric value between the range of 0-59.
hour Specifies the hour for the LiveUpdate. This field may contain either an asterisk '*', which implies running every hour, or a numeric value between the range of 0-23.
day_of_the_month Specifies the day of the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the month, or a numeric value between the range of 1-31.
month Specifies the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every month, or a numeric value between the range of 1-12. In addition to the numeric values, this field can also accept names of month as an argument, with the first three letters of the month (case-insensitive) serving as input for the given parameter.
day_of_the_week Specifies the day of the week for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the week, or a numeric value between the range of 0-7, with both 0 and 7 being interpreted as Sunday by crontab. In addition, this parameter can also accept names, with the first three letters of the month (case-insensitive) serving as an input value.
You can only create one LiveUpdate schedule. For example, this command invokes LiveUpdate every Monday.
Antivirus> liveupdate schedule create * * * * 1 SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully created Using Symantec AntiVirus for FileStore 375 Using Symantec AntiVirus for FileStore with LiveUpdate
To modify the LiveUpdate schedule
◆ To modify a schedule for LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate schedule modify minute hour day_of_the_month month day_of_the_week
minute Modify the minutes for the LiveUpdate. This field may contain either an asterisk '*', which implies 'every minute' or a numeric value between the range of 0-59.
hour Modify the hour for the LiveUpdate. This field may contain either an asterisk '*', which implies running every hour, or a numeric value between the range of 0-23.
day_of_the_month Modify the day of the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the month, or a numeric value between the range of 1-31.
month Modify the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every month, or a numeric value between the range of 1-12. In addition to the numeric values, this field can also accept names of month as an argument, with the first three letters of the month (case-insensitive) serving as input for the given parameter.
day_of_the_week Modify the day of the week for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the week, or a numeric value between the range of 0-7, with both 0 and 7 being interpreted as Sunday by crontab. In addition, this parameter can also accept names, with the first three letters of the month (case-insensitive) serving as an input value.
For example, this command modifies the LiveUpdate schedule.
Antivirus> liveupdate schedule modify 0 1 * * * SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully modified 376 Using Symantec AntiVirus for FileStore About using Symantec AntiVirus for FileStore quarantine commands
To delete the current LiveUpdate schedule
◆ To delete the current LiveUpdate schedule, enter the following:
Antivirus> liveupdate schedule delete
For example, this command deletes the LiveUpdate schedule.
Antivirus> liveupdate schedule delete SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully deleted
To display the current LiveUpdate schedule
◆ To display the current LiveUpdate schedule, enter the following:
Antivirus> liveupdate schedule show
For example, this command displays the current LiveUpdate schedule.
Antivirus> liveupdate schedule show Liveupdate scheduled on 0 1 * * *
About using Symantec AntiVirus for FileStore quarantine commands Symantec AntiVirus for FileStore places scanned files that have not passed the virus protection software in quarantine. The quarantine commands let you display information about these files, delete the files, repair the files, or restore the quarantined files.
Table 16-6 Symantec AntiVirus for FileStore quarantine commands
Command Definition
quarantine list Lists all of the files that have been quarantined. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 377.
quarantine delete Deletes the quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 377. Using Symantec AntiVirus for FileStore 377 Using Symantec AntiVirus for FileStore quarantine commands
Table 16-6 Symantec AntiVirus for FileStore quarantine commands (continued)
Command Definition
quarantine repair Repairs quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 377.
quarantine restore Restores quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 377.
quarantine info Displays information about quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 377.
Using Symantec AntiVirus for FileStore quarantine commands To list all of the quarantined files
◆ To list all of the files that have been quarantined, enter the following:
Antivirus> quarantine list
For example:
Antivirus> quarantine list QID Quarantine file ------BBA00000 /vx/fs2/eicar.com BBA00001 /vx/fs2/eicar_com.zip BBA00000 is id of /vx/fs2/eicar.com quarantine file.
Each quarantined file is associated with an ID. Each node stores quarantined files locally. If any node is removed from a cluster, quarantined files on that node are lost. For example:
BBA00000 is the ID of the /vx/fs2/eicar.com quarantined file. 378 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore quarantine commands
To delete the quarantined files
◆ To delete the quarantined files, enter the following:
Antivirus> quarantine delete [id]
where id is the specified quarantined file to be deleted. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are deleted. For example:
Antivirus> quarantine delete 1BA00007 Please wait ... It will take some time ... SFS antivirus SUCCESS V-288-1108 Done
To repair a quarantined file
◆ To repair a quarantined file, enter the following:
Antivirus> quarantine repair [id]
where id is the specified quarantined file to be repaired. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are repaired. For example:
Antivirus> quarantine repair 3BA00006 Please wait ... It will take some time ... SFS antivirus SUCCESS V-288-1108 Done
To restore a quarantined file
◆ To restore a quarantined file, enter the following:
Antivirus> quarantine restore [id]
where id is the specified quarantined file to be restored. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are restored. For example:
Antivirus> quarantine restore 5BA00000 Using Symantec AntiVirus for FileStore 379 About using Symantec AntiVirus for FileStore serial number commands
To display information about quarantined files
◆ To display information about specified quarantined files, enter the following:
Antivirus> quarantine info [id]
where id is the specified file you want information about. For example:
Antivirus> quarantine info 3BA00006 Please wait ... It will take some time ... Item: 3BA00006 Description: /vx/fs2/eicar.com Full Path: /vx/fs2/eicar.com Log Line: 270B03111737,5,1,2,sfs_02,root,EICAR Test String,/vx/fs2/eicar.com,5,1,1,256,33574980,"",0,,0,,1000341510,11101, 0,0,0,,,,20091126.016,102952,0,,0,,,,,,,,,,,,,,,,,,,,,,,,0,,,0, Flags: INFECTED Quarantined: Thu Dec 3 17:23:55 2009 Created: Thu Dec 3 17:18:57 2009 Last Accessed: Thu Dec 3 17:23:55 2009 Last Modified: Fri Jul 4 06:38:03 2008 SFS antivirus SUCCESS V-288-1108 Done
About using Symantec AntiVirus for FileStore serial number commands
The Antivirus> savkey commands allow you to add or display Symantec AntiVirus for FileStore serial numbers registered in FileStore.
Table 16-7 Symantec AntiVirus for FileStore serial number commands
Command Definition
savkey add Adds a given serial number to the Symantec AntiVirus for FileStore configuration database. See “Adding or displaying Symantec AntiVirus for FileStore serial numbers” on page 380.
savkey show Displays Symantec AntiVirus for FileStore serial number information. See “Adding or displaying Symantec AntiVirus for FileStore serial numbers” on page 380. 380 Using Symantec AntiVirus for FileStore Adding or displaying Symantec AntiVirus for FileStore serial numbers
Adding or displaying Symantec AntiVirus for FileStore serial numbers To add a given serial number to the Symantec AntiVirus for FileStore configuration database
◆ To add a given serial number to the Symantec AntiVirus for FileStore configuration database, enter the following:
Antivirus> savkey add QZZU-923C-111111-JR8K-XPVE-Z6 SFS antivirus SUCCESS V-288-1128 Key successfully added.
To display Symantec AntiVirus for FileStore serial number information
◆ To display Symantec AntiVirus for FileStore serial number information, enter the following:
Antivirus> savkey show Antivirus Key ------QZZU-923C-111111-JR8K-XPVE-Z6
Setting the Symantec AntiVirus for FileStore action policy
The scanaction command sets the Symantec AntiVirus for FileStore action policy. Based on this policy, Symantec AntiVirus for FileStore takes action when a virus is detected in a file. Using Symantec AntiVirus for FileStore 381 About using Symantec AntiVirus for FileStore manual scan commands
To set the Symantec AntiVirus for FileStore action policy
◆ To set the Symantec AntiVirus for FileStore action policy, so that Symantec AntiVirus for FileStore reacts when a virus is detected in a file, enter the following:
Antivirus> scanaction primary_action secondary_action
where primary_action secondary_action are the names of the policies you want the Symantec AntiVirus for FileStore policy to take action on. These polices are:
delete Deletes the virus-infected file if a virus is found.
quarantine Quarantines the virus-infected file if a virus is found. Quarantined files are stored on local storage.
clean Attempts to clean the virus from the file if a virus is found.
leave Leaves the virus-infected file as is. Symantec AntiVirus for FileStore does not take any action if a virus is found.
For example, if Symantec AntiVirus for FileStore detects a virus in a file, Symantec AntiVirus for FileStore first tries to clean the virus from the infected file (primary_action). If the clean action fails, Symantec AntiVirus for FileStore quarantines the infected file (secondary_action).
Antivirus> scanaction clean quarantine SFS antivirus SUCCESS V-288-1050 Antivirus configuration updated with given scan actions.
About using Symantec AntiVirus for FileStore manual scan commands
The scan command lets you scan specific file systems for viruses, instead of the entire node.
Table 16-8 Symantec AntiVirus for FileStore manual scan commands
Command Definition
scan start Starts the manual scan on the file systems. See “Using Symantec AntiVirus for FileStore manual scan commands” on page 382. 382 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore manual scan commands
Table 16-8 Symantec AntiVirus for FileStore manual scan commands (continued)
Command Definition
scan status Displays the manual scan status , which shows if the scan is in progress or done. See “Using Symantec AntiVirus for FileStore manual scan commands” on page 382.
scan stop Stops the manual scan. See “Using Symantec AntiVirus for FileStore manual scan commands” on page 382.
Using Symantec AntiVirus for FileStore manual scan commands To start the manual scan
◆ To start the manual scan on the specified file systems on the preferred node, enter the following:
Antivirus> scan start fs_name1,fs_name2 [preferred_node]
where fs_name1,fs_name2, preferred_node are the file system names for performing a manual scan. If a preferred_node is not specified, the master node determines the node for running the scan. For example:
Antivirus> scan start fs1,fs2,fs3 SFS antivirus SUCCESS V-288-1187 Manual scan started on fs1,fs2,fs3. Using Symantec AntiVirus for FileStore 383 About scheduling a Symantec AntiVirus for FileStore scan job
To display the scan status from a manual scan
◆ To display the manual scan status (if the scan is in progress or done), enter the following:
Antivirus> scan status
For example:
Antivirus> scan status SFS antivirus SUCCESS V-288-1185 Manual scan is in progress on fs1,fs2,fs3.
To stop the manual scan
◆ To stop the manual scan if there are any manual scans running in the background, enter the following:
Antivirus> scan stop
For example:
Antivirus> scan stop SFS antivirus SUCCESS V-288-1188 Manual scan stopped successfully.
About scheduling a Symantec AntiVirus for FileStore scan job
Use the job command to schedule a Symantec AntiVirus for FileStore scan job. The specified job_name must be unique.
Table 16-9 Scan scheduling commands
Definition Command
job create Creates a schedule for a scan that is identified by the job_name.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385.
job modify Modifies the schedule for a scan that is identified by the job_name.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385. 384 Using Symantec AntiVirus for FileStore About scheduling a Symantec AntiVirus for FileStore scan job
Table 16-9 Scan scheduling commands (continued)
Definition Command
job enable Enables the given job_name scan schedule.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385.
job disable Disables the given job_name scan schedule.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385.
job show Displays information about the given job_name.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385.
job stop Stops the given job_name from running.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385.
job delete Deletes the given job_name.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 385. Using Symantec AntiVirus for FileStore 385 Scheduling a Symantec AntiVirus for FileStore scan job
Scheduling a Symantec AntiVirus for FileStore scan job To create a schedule for running a scan job
◆ To create a schedule for running a scan job identified by the assigned job name, enter the following:
Antivirus> job create job_name fs_name1,fs_name2 minute hour day_of_the_month month day_of_the_week [preferred_node]
job_name Enter a unique job name for the scan.
fs_name Enter the name of the file system you want to scan.
minute Enter the minutes for scheduling the scan.
hour Enter the hour for scheduling the scan.
day_of_the_month Enter the day of the month for scheduling the scan.
month Enter the month for scheduling the scan.
day_of_the_week Enter the day of the week for scheduling the scan.
preferred_node Enter the preferred node for running the scan job. If no node (optional) name appears, the master node selects a node from the cluster and assigns the scheduled scan on that node.
For example, to create a schedule for scanning the file systems fs1 and fs2 every Sunday, you would enter the following:
Antivirus> job create job1 fs1,fs2 0 0 * * 0 SFS antivirus SUCCESS V-288-1169 Job job1 successfully created 386 Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
To modify the schedule for a scan job
◆ To modify the already created scan job, enter the following:
Antivirus> job modify job_name fs_name1,fs_name2 minute hour day_of_the_month month day_of_the_week [preferred_node]
job_name Modify the unique job name for the scan.
fs_name Modify the name of the file system you want to scan.
minute Modify the minutes for scheduling the scan.
hour Modify the hour for scheduling the scan.
day_of_the_month Modify the day of the month for scheduling the scan.
month Modify the month for scheduling the scan.
day_of_the_week Modify the day of the week for scheduling the scan.
preferred_node Modify the preferred node for running the scan job. If no (optional) node name appears, the master node selects a node from the cluster and assigns the scheduled scan on that node.
For example, to modify job1 for scanning the file system fs3 on the sfs_02 node on the first day of every month, you would enter the following:
Antivirus> job modify job1 fs3 0 0 1 * * sfs_02 SFS antivirus SUCCESS V-288-1168 Job job1 modified.
To enable the scan schedule
◆ To enable the scheduled scan job, enter the following:
Antivirus> job enable job_name
where job_name is the unique name for the scan. For example:
Antivirus> job enable job1 SFS antivirus SUCCESS V-288-1168 Job job1 enabled. Using Symantec AntiVirus for FileStore 387 Scheduling a Symantec AntiVirus for FileStore scan job
To disable the scan schedule
◆ To disable the scheduled scan, enter the following:
Antivirus> job disable job_name
where job_name is the unique name for the scan. For example:
Antivirus> job disable job1 SFS antivirus SUCCESS V-288-1168 Job job1 disabled.
To display information about the scan schedule
◆ To display information about the scheduled scan job, enter the following:
Antivirus> job show job_name
where job_name is the unique name for the scan. For example:
Antivirus> job show job1 Jobname FS State Minute Hour Day Month Week ======job1 fs1 DISABLED * * * * Preferrednode ======*
To stop the scan schedule
◆ To stop the scheduled scan from running, enter the following:
Antivirus> job stop job_name is
where job_name is the unique name for the scan. For example:
Antivirus> job stop job1 SFS antivirus ERROR V-288-1042 job1 job is not running. 388 Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
To delete the scan schedule
◆ To delete the scheduled scan, enter the following:
Antivirus> job delete job_name
where job_name is the unique name for the scan. For example:
Antivirus> job delete job1 SFS antivirus SUCCESS V-288-1167 Job job1 deleted. Chapter 17
Troubleshooting
This chapter includes the following topics:
■ About troubleshooting commands
■ Retrieving and sending debugging information
■ Updating FileStore GUI-related operations
■ About the iostat command
■ Generating CPU and device utilization reports
■ Displaying license information for the cluster
■ About excluding the PCI ID prior to the FileStore installation
■ Excluding the PCI IDs from the cluster
■ Testing network connectivity
■ About the services command
■ Using the services command
■ Using the support login
■ About network traffic details
■ Exporting and displaying the network traffic details
■ Accessing processor activity
■ Using the traceroute command 390 Troubleshooting About troubleshooting commands
About troubleshooting commands This chapter discusses the FileStore troubleshooting commands. You use these commands to check the status of the nodes and the FileStore cluster. The troubleshooting mode commands are in Table 17-1. To access a particular troubleshooting submode command, log into the administrative console (for master, system-admin, or storage-admin) and enter the appropriate mode. See “About using the FileStore command-line interface” on page 27.
Table 17-1 Support mode commands
Command Definition
debuginfo Retrieves FileStore debug information from an FileStore node and send the information to a server using an external FTP or SCP server. See “Retrieving and sending debugging information” on page 391.
gui Updates FileStore GUI-related operations. See “Updating FileStore GUI-related operations” on page 392.
iostat Generates CPU statistical information. Generates the device utilization report. See “About the iostat command” on page 393.
license Displays the licensing information for the cluster. The licensing information includes the total count of CPUs in the cluster and the type of edition (Enterprise edition or Standard edition) that the cluster is running. See “Displaying license information for the cluster” on page 395.
pciexclusion Excludes the Peripheral Component Interconnect (PCI) IDs from the nodes in a cluster prior to installing the FileStore software. The PCI IDs must be excluded prior to the PXE boot. See “About excluding the PCI ID prior to the FileStore installation ” on page 396.
network> ping Tests whether a particular host or gateway is reachable across an IP network. See “Testing network connectivity” on page 399. Troubleshooting 391 Retrieving and sending debugging information
Table 17-1 Support mode commands (continued)
Command Definition
services Brings services that are OFFLINE or FAULTED back into the ONLINE state. See “Using the services command” on page 401.
support login Reports FileStore technical support issues. See “Using the support login” on page 402.
tethereal Exports the network traffic details to the specified location. Displays captured packet data from a live network. See “About network traffic details” on page 403.
top Displays the dynamic real-time view of currently running tasks. See “Accessing processor activity” on page 405.
traceroute Displays all of the intermediate nodes on a route between two nodes. See “Using the traceroute command” on page 406.
Retrieving and sending debugging information You can retrieve FileStore debug information from an FileStore node and send the information to a server using an external FTP or SCP server. 392 Troubleshooting Updating FileStore GUI-related operations
To upload debugging information
◆ To upload debugging information from a specified node to an external server, enter the following:
Support> debuginfo nodename debug-url
For example:
Support> debuginfo sfsnode scp://[email protected]:/tmp
nodename Specifies the nodename from which to collect the debugging information.
debug-url Specifies the URL where you want to upload the debugging information. Depending on the type of server from which you are uploading debugging information, use one of the following example URL formats:
ftp://[email protected]/patches/
scp://[email protected]:/tmp/
If debug-url specifies a remote directory, the default filename is sfsfs_debuginfo.tar.gz.
Updating FileStore GUI-related operations
You use the Support> gui server commands to start, stop, or display status information for FileStore GUI resources.
You use the Support> gui db commands to refresh or rescan the database for the FileStore GUI. To access the FileStore GUI, use any of the following URLs:
■ https://
■ https://
◆ To start, stop, or display the status for the FileStore GUI, enter the following depending on which action you are performing:
Support> gui server [start|stop|status] Troubleshooting 393 About the iostat command
To rescan the FileStore GUI database
◆ To rescan the FileStore GUI database, enter the following:
Support> gui db rescan
The rescan command rescans the database for the FileStore GUI; it generates the fresh database and updates all the changes in the cluster. To refresh the FileStore GUI database
◆ To refresh the FileStore GUI database, enter the following:
Support> gui db refresh [all|filesystem|share|storage|cluster |replication|antivirus|settings|alert|user]
The refresh command only updates the latest changes in the database. It will not recreate the database file.
About the iostat command
The iostat commands display the CPU and I/O statistics.
Table 17-2 iostat commands
Command Definition
iostat cpu Generates CPU statistical information. When the command is used for the first time, it contains information since the system was booted. Each subsequent report shows the details since the last report. See “Generating CPU and device utilization reports” on page 394.
iostat device Generates the device utilization report. This information can be used to balance the load among the physical disks by modifying the system configuration. When this command is executed for the first time, it contains information since the system was booted. Each subsequent report shows the details since the last report. There are two options for this command. See “Generating CPU and device utilization reports” on page 394. 394 Troubleshooting Generating CPU and device utilization reports
Generating CPU and device utilization reports To use the iostat command
◆ To use the iostat cpu command, enter the following:
Support> iostat cpu [nodename] [interval] [count]
nodename The name of the node from where the report will be generated. The default is console for the Management Console.
interval The duration between each report in seconds. The default is 2 seconds.
count The number of reports generated at the interval entered in seconds. The default is one report.
where the nodename option asks for the name of the node from where the report will be generated. The default is console for the FileStore Management Console. For example, to generate the CPU utilization report of the console node, enter the following:
Support> iostat cpu sfs_01 Linux 2.6.16.60-0.21-smp (sfs_01) 07/09/09
avg-cpu: %user %nice %system %iowait %steal %idle 1.86 0.07 4.53 0.13 0.00 93.40 Troubleshooting 395 Displaying license information for the cluster
To use the iostat device command
◆ To use the iostat device command, enter the following:
Support> iostat device [nodename] [dataunit] [interval] [count]
nodename The nodename option asks for the name of the node from where the report will be generated. The default is console for the Management Console.
dataunit The dataunit option lets you generate the report in block(s) or kilobytes(s). The default is block(s).
interval The duration between each report in seconds. The default is two seconds.
count The number of reports generated at the interval entered in seconds. The default is one report.
For example, to generate a device utilization report of a node, enter the following:
Support> iostat device sfs_01 Blk Linux 2.6.16.60-0.21-smp (sfs_01) 07/09/09
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn hda 4.82 97.81 86.11 1410626 1241992 sda 1.95 16.83 4.05 242712 58342 hdc 0.00 0.01 0.00 136 0
Displaying license information for the cluster
The Support> license show command allows you to display license information for the cluster. The licensing information includes the total count of CPUs in the cluster, and the type of edition (Enterprise or Standard) that the cluster is running. FileStore provides two types of licenses:
■ Enterprise Edition - The Enterprise Edition of FileStore uses per CPU licenses. Users require as many licenses as there are CPUs in the cluster.
■ Standard Edition - The Standard Edition of FileStore is licensed for a maximum of two CPUs per cluster. 396 Troubleshooting About excluding the PCI ID prior to the FileStore installation
To display license information for the cluster
◆ To display license information for the cluster, enter the following:
Support> license show
For example:
Support> license show
There are 4 CPUs in this 2 node FileStore cluster. You are running the Enterprise Edition of FileStore and are using 4 per CPU licenses.
About excluding the PCI ID prior to the FileStore installation During the initial FileStore software installation, you excluded certain PCI IDs in your cluster to reserve them for future use. This action applied only to the first node. Use the commands in this section to exclude additional PCI IDs from the second node or subsequent nodes before you install FileStore software on the second or subsequent nodes. The PXE boot installation excludes the same PCI IDs you entered during the initial FileStore software installation on the second node or subsequent nodes. Before the PXE boot, you can delete the PCI IDs from being excluded on the second node by using the Support> pciexclusion delete command.
Note: If you decide to include the PCI IDs you previously excluded you need to reinstall FileStore on your cluster.
Table 17-3 PCI exclusion commands
Command Definition
pciexclusion show Displays the list of PCI IDs that have been excluded during the initial FileStore installation. The status of the PCI IDs is designated by a y (yes) or n (no). The yes option means they have been excluded. The no option means they have not yet been excluded.
See “Excluding the PCI IDs from the cluster” on page 397. Troubleshooting 397 Excluding the PCI IDs from the cluster
Table 17-3 PCI exclusion commands (continued)
Command Definition
pciexclusion add Allows you to add specific PCI IDs for exclusion. You must enter the values in this command before the PXE boot installation for the PCI IDs to be excluded from the second node installation. See “Excluding the PCI IDs from the cluster” on page 397.
pciexclusion delete Deletes a specified PCI ID from being excluded. If you do not want the same PCI ID excluded on additional nodes, you must delete them here. You must perform this command before doing the PXE boot installation. See “Excluding the PCI IDs from the cluster” on page 397.
Excluding the PCI IDs from the cluster To display the list of excluded PCI IDs
◆ To display the list of PCI IDs that you excluded during the FileStore installation, enter the following:
Support> pciexclusion show
PCI ID EXCLUDED NODENAME/UUID ------0000:0e:00.0 y sfs_1 0000:0e:00.0 y a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820 0000:04:00:1 n
PCI ID The PCI IDs you entered to be excluded during the initial FileStore installation. The PCI ID is made up of the following: [ [
EXCLUDED (y) means the PCI ID has been excluded. (n) means the PCI ID has not been excluded.
NODENAME The node names corresponding to the PCI IDs.
UUID The ID of the node which is in the installed state but not yet added into the cluster. 398 Troubleshooting Excluding the PCI IDs from the cluster
To add a PCI ID for exclusion
◆ To add a PCI ID for exclusion, enter the following:
Support> pciexclusion add pci_list
where pci_list is a comma-separated list of PCI IDs. The format of the PCI ID is in hexadecimal bits (XXXX:XX:XX.X). For example:
Support> pciexclusion add 0000:00:09.8
Support> pciexclusion show PCI ID EXCLUDED NODENAME/UUID ------0000:0e:00.0 y sfs_1 0000:0e:00.0 y a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820 0000:04:00:1 n 0000:00:09.0 n
To delete a PCI ID
◆ To delete a PCI ID that you excluded during the FileStore installation so that the PCI ID is now available for use, enter the following:
Support> pciexclusion delete pci
where pci is the PCI ID in hexadecimal bits. For example: XXXX:XX:XX.X. You can only delete a PCI ID exclusion that was not already used on any of the nodes in the cluster. In the following example, you cannot delete PCI IDs with the NODENAME/UUID sfs_1 or a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820. For example:
Support> pciexclusion delete 0000:04:00:1
Support> pciexclusion show PCI ID EXCLUDED NODENAME/UUID ------0000:0e:00.0 y sfs_1 0000:0e:00.0 y a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820 0000:00:09.0 n Troubleshooting 399 Testing network connectivity
Testing network connectivity You can test whether a particular host or gateway is reachable across an IP network. To use the ping command
◆ To use the ping command, enter the following:
Network> ping destination [nodename] [devicename] [packets]
For example, you can ping host1 using node1:
Network> ping host1 node1
destination Specifies the host or gateway to send the information to. The destination field can contain either a DNS name or an IP address.
nodename Specifies the nodename to ping from. To ping from any node, use any in the nodename field. The nodename field is an optional field, and if omitted, any node is chosen to ping from.
devicename Specifies the device through which you will ping. To ping from any device in the cluster, use the any variable in the devicename field.
packets Specifies the number of packets that should be sent to the destination.
If the packets field is omitted, five packets are sent to the destination by default. The packets field must contain an unsigned integer.
About the services command
The Support> services command lets you bring services that are OFFLINE or FAULTED back into the ONLINE state.
Note: If after using the services command, a service is still offline or faulted, you need to contact Technical Support.
These services include:
■ NFS server 400 Troubleshooting About the services command
■ CIFS server
■ Console service
■ Backup
■ NIC information
■ FS manager
■ IP addresses
Table 17-4 Services commands
Command Definition
services autofix Attempts to fix any service that is offline or faulted, running on all of the nodes in the cluster. See “Using the services command” on page 401.
services online Fixes a specific service. Enter the servicename and this option will attempt to bring the service back online. If the servicename is already online, no action is taken. If the servername is a parallel service, an attempt is made to online the service on all nodes. If the servicename is a failover service, an attempt is made to online the service on any of the running nodes of the cluster. See “Using the services command” on page 401.
services show Lists the state of all of the services. The state of the IPs and file systems are only shown if they are not online. See “Using the services command” on page 401.
services showall Lists the state of all of the services including the state of the IPs and the file systems. See “Using the services command” on page 401. Troubleshooting 401 Using the services command
Using the services command To display the state of the services
◆ To display the important services running on the nodes, enter the following:
Support> services show sfs Service 01 02 ------nfs ONLINE ONLINE cifs ONLINE ONLINE ftp ONLINE ONLINE iSCSIInitiator OFFLINE OFFLINE gui ONLINE ONLINE console ONLINE ONLINE nic_pubeth0 ONLINE ONLINE nic_pubeth1 ONLINE ONLINE fs_manager ONLINE ONLINE antivirus ONLINE ONLINE
To display the state of all of the services
◆ To display all of the services running on the nodes, enter the following:
Support> services showall
sfs Service 01 02 ------nfs ONLINE ONLINE cifs ONLINE ONLINE ftp ONLINE ONLINE iSCSIInitiator OFFLINE OFFLINE console ONLINE ONLINE gui ONLINE ONLINE nic_pubeth0 ONLINE ONLINE nic_pubeth1 ONLINE ONLINE fs_manager ONLINE ONLINE 10.182.107.201 ONLINE ONLINE 10.182.107.202 ONLINE ONLINE 10.182.107.203 ONLINE ONLINE 10.182.107.204 ONLINE ONLINE /vx/fs1 ONLINE ONLINE antivirus ONLINE ONLINE 402 Troubleshooting Using the support login
To fix any service fault
◆ To fix any service fault, enter the following:
Support> services autofix Attempting to fix service faults...... done
To bring a service online
◆ To bring a service online on the nodes, enter the following:
Support> services online servicename
where servicename is the name of the service you want to bring online. For example:
Support> services online 10.182.107.203
Using the support login
There is a support login used for reporting FileStore technical support issues.
Note: The support account is intended for Technical Support use only. It cannot be created by administrators. Troubleshooting 403 About network traffic details
To use the support login
1 Log in to the CLI as the support account by entering:
support
and then entering:
symantec
For example,
login as: support Password: Last login: Fri Dec 14 12:09:49 2007 from 172.16.113.118 sfs_1:~ #
2 After having logged in as the support account, it is recommended that you change your password. See “Creating Master, System Administrator, and Storage Administrator users” on page 36.
3 To use the supportuser commands refer to: See “About the support user” on page 38.
About network traffic details
The tethereal command exports and displays network traffic data.
Table 17-5 Tethereal commands
Command Definition
tethereal export Exports the network traffic details to the specified location. See “Exporting and displaying the network traffic details” on page 404.
tethereal show Displays captured packet data from a live network. See “Exporting and displaying the network traffic details” on page 404. 404 Troubleshooting Exporting and displaying the network traffic details
Exporting and displaying the network traffic details To use the tethereal command
◆ To use the tethereal export command, enter the following:
Support> tethereal export url [nodename] [interface] [count] [source]
url Provides the location to export the network traffic details. The default filename tethereal.log is used if a filename is not specified in the url.
nodename The name of the node from where the traffic details are generated. Unless a name is enter, the default is console for the Management Console.
interface Specifies the network interface for the packet capture.
count Specifies the maximum number of packets to read. The maximum allowed file size to capture the network traffic details is 128 MB. For a very large 'count' value, if the file size exceeds 128 MB, then the command stops capturing the network traffic details.
source Specifies the node to filter the packets.
For example, to export the network traffic details, enter the following:
Support> tethereal export scp://[email protected]:˜/ Password: ******* Capturing on pubeth0 ... Uploading network traffic details to scp://[email protected]:˜/ is completed. Troubleshooting 405 Accessing processor activity
To use the tethereal show command
◆ To use the tethereal show command, enter the following:
Support> tethereal show [nodename] [interface] [count] [source]
nodename The name of the node from where the traffic details are displayed. The default is console for the Management Console.
interface Specifies the network interface for the packet capture.
count Specifies the maximum number of packets to read. If you do not specify a count value, the network traffic continues to be displayed until you interrupt it.
source Specifies the node to filter the packets.
For example, the traffic details for five packets, for the Management Console on the pubeth0 interface are:
Support> tethereal show sfs_01 pubeth0 5 172.31.168.140 0.000000 172.31.168.140 -> 10.209.105.147 ICMP Echo (ping) request 0.000276 10.209.105.147 -> 172.31.168.140 ICMP Echo (ping) reply 0.000473 10.209.105.147 -> 172.31.168.140 SSH Encrypted response packet len=112 0.000492 10.209.105.147 -> 172.31.168.140 SSH Encrypted response packet len=112
Accessing processor activity
The top command displays the dynamic real-time view of currently running tasks. It shows the resources being consumed by users and processes at a given time for a specified node. 406 Troubleshooting Using the traceroute command
To use the top command
◆ To use the top command, enter the following:
Support> top [nodename] [iterations] [delay]
nodename Displays the resources and processes at a given time for the specified node.
iterations Specifies the number of iterations you want to run. The default is three.
delay Specifies the delay between screen updates that you want to see. The default is five seconds.
For example, to show the dynamic real-time view of tasks running on the node sfs_01, enter the following:
Support> top sfs_01 1 1 top - 16:28:27 up 1 day, 3:32, 4 users, load average: 1.00, 1.00, 1.00 Tasks: 336 total, 1 running, 335 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1% us, 0.1% sy, 0.0% ni, 99.7% id, 0.0% wa, 0.0% hi, 0.0% si Mem: 16405964k total, 1110288k used, 15295676k free, 183908k buffers Swap: 1052248k total, 0k used, 1052248k free, 344468k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 6314 root 15 0 5340 1296 792 R 3.9 0.0 0:00.02 top 1 root 16 0 640 260 216 S 0.0 0.0 0:04.86 init
Using the traceroute command
The traceroute command displays all of the intermediate nodes on a route between two nodes. Troubleshooting 407 Using the traceroute command
To use the traceroute command
◆ To use the traceroute command, enter the following:
Support> traceroute destination [source] [maxttl]
destination The target node. To display all of the intermediate nodes located between two nodes on a network, enter the destination node.
source Specifies the source node name from where you want to begin the trace.
maxttl Specifies the maximum number of hops. The default is seven hops.
For example, to trace the route to the network host, enter the following:
Support> traceroute www.symantec.com sfs_01 10 traceroute to www.symantec.com (8.14.104.56), 10 hops max, 40 byte packets 1 10.209.104.2 0.337 ms 0.263 ms 0.252 ms 2 10.209.186.14 0.370 ms 0.340 ms 0.326 ms 3 puna-spi-core-b02-vlan105hsrp.net.symantec.com (143.127.185.130) 0.713 ms 0.525 ms 0.533 ms 4 143.127.185.197 0.712 ms 0.550 ms 0.564 ms 5 10.212.252.50 0.696 ms 0.600 ms 78.719 ms 408 Troubleshooting Using the traceroute command Glossary
CFS (cluster file system) A file system that can be simultaneously mounted on multiple nodes. CFS is used as the underlying file system within the Scalable File Server.
CIFS (Common Internet A network protocol that provides the foundation for Windows-based file sharing File System) and other network utilities. The Scalable File Server supports CIFS file sharing. console IP address A virtual IP address that is configured for administrative access to the Scalable File Server cluster management console. coordinator disks Three or more LUNs designated to function as part of the I/O fencing mechanism of the Scalable File Server. Coordinator disks cannot be used to store user data.
DAR (Direct Access An optional capability of NDMP Data and Tape Services where only relevant Recovery) portions of the secondary media are accessed during Recovery Operations. data connection (NDMP) The connection between the two NDMP servers that carry the data stream. The data connection in NDMP is either an NDMP interprocess communication mechanism (for local operations) or a TCP/IP connection (for 3-way operations). data service (NDMP) An NDMP service that transfers data between primary storage and the data connection. data stream (NDMP) A unidirectional byte stream of data that flows over a data connection between two peer NDMP services in an NDMP session. For example, in a backup, the data stream is generated by the data service and consumed by the tape service. The data stream can be backup data, recovered data, etc. data management An application that controls the NDMP session. In NDMP there is a master-slave application (NDMP) relationship. The data management application is the session master; the NDMP services are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" is used instead of data management application.
DMP (Dynamic An enhancement technique that provides the load balancing and path failover to Multipathing) disks that are connected to the Scalable File Server cluster nodes.
DST (Dynamic Storage A feature that allows the files and directories to be automatically and seamlessly Tiering) transferred to different types of storage technology that may originate from different hardware vendors.
DUD (Driver Update An ISO image or media that contains one or more additional drivers that are Disk) needed to install the Scalable File Server on specific hardware, if the base Scalable File Server installer did not include the necessary drivers. 410 Glossary
failover The capability to have the service of a failed computer resource made available automatically with little or no interruption. With the Scalable File Server configured as a cluster, the services provided by any failed node are automatically provided by the remainder of functioning nodes.
hard limit A file system quota for file and block consumption which can be established for individual users or groups. When the hard limit is reached no further files or blocks can be allocated.
I/O fencing An optional Scalable File Server feature that configures a specific group of LUNs with (to have) an additional layer of data protection. This extra protection prevents data loss from occurring in the rare case that the redundant cluster interconnect and public low-priority interconnect fails.
media server A NetBackup server that provides storage within a master and a media server cluster. See also NetBackup.
mirrored file system A file system that is constructed and managed by a technique for automatically maintaining one or more copies of the file system, using separate underlying storage for each copy. If a storage failure occurs, then access is maintained through the remaining accessible mirrors.
NAS (Network Attached A file-level computer data storage that is connected to a network that provides Storage) data access to network-capable clients.
NDMP (Network Data An open standard protocol that is used to control the data backup and the recovery Management Protocol) communications between primary and secondary storage in a heterogeneous network environment. NDMP specifies a common architecture for the backup of network file servers. It enables the creation of a common agent which a centralized program can use to back up the data on file servers that run on different platforms.
NDMP client An application that controls the NDMP session. See also data management application.
NDMP host The host computer system that executes the NDMP server application. Data is backed up from the NDMP host to either a local tape drive or to a backup device on a remote NDMP host.
NDMP server An instance of one or more distinct NDMP services controlled by a single NDMP control connection. Thus a data/tape/SCSI server is an NDMP server providing data, tape, or SCSI services.
NDMP service The state computer on the NDMP host accessed with the Internet protocol and controlled using the NDMP protocol. This term is used independently of implementation. The three types of NDMP services are: data service, tape service, and SCSI service.
NDMP session The configuration of one data management application and two NDMP services to perform a data management operation such as a backup or a recovery. Glossary 411
NetBackup A Veritas software product that backs up, archives, and restores files, directories, or raw partitions that reside on a client system.
NFS (Network File A protocol that lets the user on a client computer access files over a network. To System) the client's applications the files appear as if they resided on one of the local devices.
NFS lock management A feature that lets a customer use the Network File System (NFS) advisory client locking feature in parallel with core Cluster File System (CFS) global lock management. no root_squash An NFS sharing option. Does not map requests from the UID 0. This option is on by default.
NTP (Network Time A protocol for synchronizing computer system clocks over packet-switched, Protocol) variable-latency data networks. oplocks A file-locking mechanism that is designed to improve performance by controlling the caching of files on the client. private interconnect An internal IP network that is used by the Scalable File Server to facilitate communications between the Scalable File Server server nodes.
PXE (Pre-boot eXecution An environment to boot computers using a network interface independent of Environment) available data storage devices (such as hard disks) or installed operating systems. round robin DNS A technique in which a DNS server, not a dedicated computer, performs the load balancing.
Samba An open-source implementation of the SMB file sharing protocol. It provides file and print services to SMB/CIFS clients. share A specification of a file system or proper subset of a file system, which supports shared access to a file system through an NFS or CIFS server. The specification defines the folder or directory that represents the file system along with access characteristics and limitations. snapshot A point-in-time image or replica of a file system that looks identical to the file system from which the snapshot was taken. soft limit A file system quota for file and block consumption which can be established for individual users or groups. If a user exceeds the soft limit, there is a grace period, during which the quota can be exceeded. After the grace period has expired, no more file or data blocks can be allocated. storage pool A logical construct that contains one or more LUNs from which file systems can be created. stripe unit The granularity at which data is stored on one drive of the array before subsequent data is stored on the next drive of the array. 412 Glossary
syslog A standard for forwarding log messages in an IP network. The term refers to both the syslog protocol and the application sending the syslog messages.
tape service (NDMP) An NDMP service that transfers data between secondary storage and the data connection and allows the data management application to manipulate and access the secondary storage.
WWN (World Wide A 64-bit identifier that is used in Fibre Channel networks to uniquely identify Name) each element in the network (i.e., nodes and ports). Index
A about (continued) about NFS file sharing 181 administering FileStore cluster's LDAP client 84 NIS 86 backup configurations 305 option commands 344 bonding Ethernet interfaces 56 reconfiguring CIFS service 222 changing share properties 226 retrieving the NDMP data 301 configuring CIFS for AD domain mode 206 scheduling a Symantec AntiVirus for FileStore configuring disks 106 scan job 383 configuring Ethernet interfaces 69 services command 399 configuring FileStore for CIFS 194 setting NTLM 215 configuring IP addresses 63 setting trusted domains 218 configuring iSCSI targets 146 snapshot schedules 175 configuring locally saved configuration files 336 snapshots 169 configuring routing tables 72 storage provisioning and management 100 configuring storage pools 101 storing account information 219 creating and maintaining file systems 154 support user 38 creating file systems 156 Symantec AntiVirus for FileStore 362 disk lists 109 Symantec AntiVirus for FileStore DNS 59 commands 363 excluding file extensions from Symantec Symantec AntiVirus for FileStore AntiVirus for FileStore scans 368 LiveUpdate 370 FileStore cluster and load balancing 234 Symantec AntiVirus for FileStore manual scan FTP 251 commands 381 FTP server 253 Symantec AntiVirus for FileStore quarantine FTP session 260 commands 376 FTP set 254 troubleshooting 390 I/O fencing 115 VLAN 90 installing patches 356 accessing iostat 393 FileStore product documentation 23 IP commands 63 man pages 33 iSCSI 138 processor activity 405 LDAP 77 Active Directory leaving AD domain 211 setting the trusted domains for 218 leaving NT domain 204 AD domain mode managing CIFS shares 225 changing domain settings 212 managing home directories 237 configuring CIFS 206 NDMP policies 295 security settings 212 NDMP supported configurations 293 setting domain 208 Network Data Management Protocol 292 setting domain user 208 network services 54 setting security 208 network traffic details 403 starting CIFS server 208 414 Index
AD interface bonding Ethernet interfaces using 215 about 56 AD trusted domains disabling 218 C adding changing a severity level to an email group 269 an IP address to online a syslog server 275 on any running node 65 an email address to a group 269 configuration of an Ethernet interface 70 an email group 269 DMP I/O policy 347 CIFS share 226 domain settings 204 disks 107 domain settings for AD domain mode 212 external NetBackup master server to work with local CIFS user password 246 FileStore 289 NFS daemons 347 filter to a group 269 ninodes cache size 347 IP address to a cluster 65 security settings 206 mirror to a file system 160 security settings after CIFS server is mirror to a tier of a file system 317 stopped 206 mirrored tier to a file system 314 share properties about 226 mirrored-striped tier to a file system 314 status of a file system 167 NetBackup Enterprise Media Manager (EMM) support user password 39 server 289 checking NetBackup media server 289 and repairing a file system 166 new nodes to the cluster 47 I/O fencing status 117 NFS share 183 on the status of the NFS server 94 second tier to a file system 314 support user status 39 SNMP management server 278 CIFS striped tier to a file system 314 standalone mode 196 striped-mirror tier to a file system 314 using multi-domain controller support 210 Symantec AntiVirus for FileStore serial CIFS and NFS protocols numbers 380 share file systems 187 users sharing file systems 230 naming requirements for 26 CIFS home directories vlan 91 quotas 129 administering FileStore cluster's LDAP client using quotas for 131 about 84 CIFS server Auto-Protect changing security settings after stopped 206 configuring on file systems 367–368 starting 223 CIFS server status B standalone mode 197 backup configurations CIFS service about 305 standalone mode 197 backup services CIFS share displaying the status of 306 adding 226 starting 306 deleting 226 stopping 306 CIFS/NFS sharing bind distinguished name mapping user names 233 setting for LDAP server 80 clearing bonding DNS domain names 61 Ethernet interfaces 58 DNS name servers 61 Index 415
clearing (continued) configuring (continued) LDAP configured settings 80 NDMP restore DST policy 296 CLI NDMP send history policy 296 logging in to 27 NDMP update dumpdates policy 296 client configurations NDMP use snapshot policy 296 displaying 85 NetBackup virtual IP address 290 LDAP server 85 NetBackup virtual name 291 cluster NSS 89 adding an IP address to 65 NSS lookup order 89 adding new nodes 47 Symantec AntiVirus for FileStore on all the adding the new node to 48 nodes in the cluster 365 changing an IP address to online for any running Symantec AntiVirus for FileStore on the cluster's node 65 nodes 366 deleting a node from 49 vlan 91 displaying a list of nodes 44 configuring CIFS displaying all the IP addresses for 65 NT domain mode 200 rebooting a nodes or all nodes 51 configuring disks shutting down a node or all nodes in a cluster 51 about 106 command history configuring Ethernet interfaces displaying 40 about 69 Command-Line Interface (CLI) configuring IP addresses how to use 27 about 63 configuration configuring iSCSI targets of an Ethernet interface about 146 changing 70 configuring locally saved configuration files configuration files about 336 deleting the locally saved 337 configuring routing tables viewing locally saved 337 about 72 configuration settings configuring storage pools exporting either locally or remotely 337 about 101 importing either locally or remotely 337 coordinating configuring cluster nodes to work with NTP servers 341 Auto-Protect on file systems 367–368 coordinator disks backup using NetBackup 286 replacing 117 CIFS for standalone mode 196 core strengths file extensions in Symantec AntiVirus for FileStore 19 FileStore configuration file 369 CPU utilization report FileStore for CIFS 194 generating 394 IP routing 74 creating iSCSI device 142 local CIFS group 249 iSCSI discovery 143 local CIFS user 246 iSCSI initiator 140 Master, System Administrator, and Storage iSCSI initiator name 141 Administrator users 36 iSCSI targets 148 mirrored file systems 157 masquerade as third-party policy 296 mirrored-stripe file systems 157 NDMP backup method policy 296 simple file systems 157 NDMP failure resilient policy 296 snapshot schedule 177 NDMP overwrite policy 296 storage pools 103 NDMP recursive restore policy 296 striped file systems 157 416 Index
creating (continued) destroying snapshots 171 striped-mirror file systems 157 device utilization report users 36 generating 394 creating and maintaining file systems disabling about 154 AD trusted domains 218 creating file systems creation of home directories 243 about 156 DNS settings 61 creating snapshots 171 FastResync option 163 current Ethernet interfaces and states I/O fencing 117 displaying 70 LDAP clients current users configurations 85 displaying list 36 NIS clients 87 NTLM 217 D NTP server 341 quota limits used by snapshots 171 debugging information support user account 39 retrieving and sending 391 disk lists decreasing about 109 size of a file system 165 disks default adding 107 passwords removing 107 resetting Master, System Administrator, displaying and Storage Administrator users 36 all the IP addresses for cluster 65 deleting command history 40 a node from the cluster 49 current Ethernet interfaces and states 70 already configured SNMP management current list of SNMP management servers 278 server 278 current version 355 CIFS share 226 DMP I/O policy 347 configured email server 269 DNS settings 61 configured NetBackup media server 289 events 276 email address from a specified group 269 existing email groups or details 269 email group 269 exported file systems 182 filter from a specified group 269 file systems that can be exported 97 home directories 243 files moved and/or pruned by running a home directory of given user 243 policy 328 local CIFS group 249 FTP server settings 252 local CIFS user 246 home directory usage information 243 locally saved configuration file 337 information for all disk devices for nodes in a NFS options 190 cluster 110 route entries from routing tables of nodes in LDAP client configurations 85 cluster 74 LDAP configured settings 80 severity from a specified group 269 license information 395 snapshot schedule 177 list of current users 36 syslog server 275 list of DST file systems 320 users 36 list of nodes in a cluster 44 vlan 91 list of syslog servers 275 destroying local CIFS group 249 a file system 169 local CIFS user 246 I/O fencing 117 NDMP backup method 303 storage pools 103 Index 417
displaying (continued) DNS (continued) NDMP failure resilient data 303 name servers NDMP masquerade as third-party 303 clearing 61 NDMP overwrite data 303 specifying 61 NDMP recursive restore data 303 settings NDMP restore DST data 303 disabling 61 NDMP send history data 303 displaying 61 NDMP update dumpdates data 303 enabling 61 NDMP use snapshot data 303 domain NDMP variables 301 setting 223 NetBackup configurations 306 setting user name 223 network configuration and statistics 55 domain controller NFS daemons 347 setting 223 NFS statistics 96 domain name ninodes cache size 347 for the DNS server NIS-related commands 87 setting 61 node-specific network traffic details 404 domain settings NSS configuration 89 changing 204 option tunefstab 347 domain user policy of each tiered file system 322 NT domain mode 201 routing tables of the nodes in the cluster 74 DUD driver updates schedules for all tiered file systems 327 uninstalling 357 share properties 226 snapshot quotes 171 E snapshots that can be exported 97 email address status of backup services 306 adding to a group 269 status of the NTP server 341 deleting from a specified group 269 Symantec AntiVirus for FileStore email group configuration 364 adding 269 Symantec AntiVirus for FileStore logs 364 deleting 269 Symantec AntiVirus for FileStore serial displaying existing and details 269 numbers 380 email server Symantec AntiVirus for FileStore stats 364 deleting the configured email server 269 system date and time 333 obtaining details for 269 system statistics 342 setting the details of external 269 tier location of a specified file 320 enabling time interval or number of duplicate events for DNS settings 61 notifications 281 FastResync for a file system 162 values of the configured SNMP notifications 278 I/O fencing 117 values of the configured syslog server 275 LDAP client configurations 85 vlan 91 NIS clients 87 DMP I/O policy NTLM 217 changing 347 NTP server 341 displaying 347 quota limits used by snapshots 171 resetting 347 support user account 39 DNS enabling quotas about 59 home directory file systems 239 domain names Ethernet interface clearing 61 changing configuration of 70 418 Index
Ethernet interfaces FileStore (continued) bonding 58 product documentation 23 event notifications Web resources 23 displaying time interval for 281 FileStore cluster and load balancing event reporting about 234 setting events for 281 FileStore Dynamic Storage Tiering (DST) events about 310 displaying 276 FileStore software excluding installing onto a new node 47 PCI IDs 396–397 filter exporting about 266 audit events in syslog format to a given URL 282 adding to a group 269 configuration settings 337 deleting from a specified group 269 events in syslog format to a given URL 282 FTP network traffic details 404 about 251 SNMP MIB file to a given URL 278 logupload 263 server start 253 F server status 253 server stop 253 file extensions session show 261 configuring in Symantec AntiVirus for FileStore session showdetail 261 configuration file 369 session terminate 261 excluding from Symantec AntiVirus for FileStore set anonymous login 257 scans 368 set anonymous logon 257 file system quotas set anonymous write 257 for enabling, disabling, and displaying 122 set non-secure logins 257 setting and displaying 124 FTP server file systems about 253 adding a mirror to 160 settings displaying 252 changing the status of 167 FTP session checking and repairing 166 about 260 creating 157 FTP set decreasing the size of 165 about 254 destroying 169 disabling FastResync option 163 displaying exported 182 G DST generating displaying 320 CPU utilization report 394 enabling FastResync 162 device utilization report 394 increasing the size of 163 group membership listing with associated information 156 managing 246 quotas 120 GUI-related operations removing a mirror from 160 updating 392 that can be exported displayed 97 H unexporting 190 history command FileStore using 40 about 15 home directories and quotas core strengths of 19 setting up 240 key features 15 Index 419
home directory file systems iSCSI targets enabling quotas 239 configuring 148 setting 238 home directory of given user L deleting 243 LDAP home directory usage information about 77 displaying 243 before configuring settings 77 hostname or IP address configuring server settings 78 setting for LDAP server 80 LDAP password hash algorithm how to use setting password for 80 Command-Line Interface (CLI) 27 LDAP server clearing configured settings 80 I disabling client configurations 85 I/O fencing displaying client configurations 85 about 115 displaying configured settings 80 checking status 117 enabling client configurations 85 destroying 117 setting over SSL 80 disabling 117 setting port number 80 enabling 117 setting the base distinguished name 80 importing setting the bind distinguished name 80 configuration settings 337 setting the hostname or IP address 80 increase setting the password hash algorithm 80 LUN storage capacity 112 setting the root bind DN 80 increasing setting the users, groups, and netgroups base size of a file system 163 DN 80 initiating host discovery of LUNs 114 leaving installing patches 357 AD domain 211 about 356 NT domain 204 iostat license information about 393 displaying 395 IP addresses licensing Symantec AntiVirus for FileStore 363 adding to a cluster 65 list of DST file systems displaying for the cluster 65 displaying 320 modifying 65 list of nodes removing from the cluster 65 displaying in a cluster 44 IP commands listing about 63 all file systems and associated information 156 IP routing all of the files on the specified tier 319 configuring 74 free space for storage pools 103 iSCSI storage pools 103 about 138 listing snapshots 171 iSCSI device local CIFS group configuring 142 creating 249 iSCSI discovery deleting 249 configuring 143 displaying 249 iSCSI initiator local CIFS groups configuring 140 managing 248 iSCSI initiator name local CIFS user configuring 141 creating 246 420 Index
local CIFS user (continued) moving disks deleting 246 from one storage pool to another 107 displaying 246 local CIFS user password N changing 246 naming requirements for local user and groups adding users 26 managing 244 NDMP backup method logging displaying 303 in to CLI 27 NDMP backup method policy login configuring 296 Technical Support 402 NDMP failure resilient data logupload displaying 303 FTP 263 NDMP failure resilient policy LUN storage capacity configuring 296 increase 112 NDMP masquerade as third-party LUNs displaying 303 initiating host discovery 114 NDMP overwrite data displaying 303 M NDMP overwrite policy man pages configuring 296 how to access 33 NDMP policies managing about 295 CIFS shares 225 restoring 305 group membership 246 NDMP recursive restore data home directories 237 displaying 303 local CIFS groups 248 NDMP recursive restore policy local users and groups 244 configuring 296 masquerade as third-party policy NDMP restore DST data configuring 296 displaying 303 Master, System Administrator, and Storage NDMP restore DST policy Administrator users configuring 296 creating 36 NDMP send history data mirrored file systems displaying 303 creating 157 NDMP send history policy mirrored tier configuring 296 adding to a file system 314 NDMP supported configurations mirrored-stripe file systems about 293 creating 157 NDMP update dumpdates data mirrored-striped tier displaying 303 adding to a file system 314 NDMP update dumpdates policy modifying configuring 296 an IP address 65 NDMP use snapshot data option tunefstab 347 displaying 303 policy of a tiered file system 322 NDMP use snapshot policy schedule of a tiered file system 327 configuring 296 snapshot schedule 177 NDMP variables more command displaying 301 using 340 NetBackup mounting snapshots 171 configuring NetBackup virtual IP address 290 Index 421
NetBackup (continued) NIS (continued) configuring virtual name 291 server name displaying configurations 306 setting on all the nodes of cluster 87 NetBackup EMM server. See NetBackup Enterprise node Media Manager (EMM) server adding to the cluster 47–48 NetBackup Enterprise Media Manager (EMM) server in a cluster adding to work with FileStore 289 displaying information for all disk NetBackup master server devices 110 configuring to work with FileStore 289 installing FileStore software onto 47 NetBackup media server node-specific network traffic details adding 289 displaying 404 deleting 289 NSS network configuring 89 configuration and statistics 55 displaying configuration 89 testing connectivity 399 lookup order Network Data Management Protocol configuring 89 about 292 NT domain mode network services configuring CIFS 200 about 54 domain user 201 network traffic details setting domain 201 about 403 setting domain controller 201 exporting 404 setting security 201 NFS daemons starting CIFS server 201 changing 347 NTLM displaying 347 disabling 217 NFS file sharing enabling 217 about 181 NTP server NFS options coordinating cluster nodes to work with 341 deleting 190 disabling 341 NFS server displaying the status of 341 checking on the status 94 enabling 341 starting 94 stopping 94 O NFS share obtaining adding 183 details of the configured email server 269 NFS statistics option commands displaying 96 about 344 ninodes cache size option tunefstab changing 347 displaying 347 displaying 347 modifying 347 NIS about 86 clients P disabling 87 password enabling 87 changing a user's password 36 domain name patch level setting on all the nodes of cluster 87 displaying current versions of 355 related commands patches displaying 87 installing 357 422 Index
patches (continued) removing (continued) synchronizing 357 mirror from a file system 160 uninstalling 357 mirror from a tier spanning a specified disk 317 PCI mirror from a tier spanning a specified pool 317 excluding IDs 397 mirror from a tiered file system 317 exclusion 396 policy of a tiered file system 322 policies schedule of a tiered file system 327 about 313 snapshot schedule 177 policy tier from a file system 316 displaying files moved and/or pruned by renaming running 328 storage pools 103 displaying for each tiered file system 322 replacing modifying for a tiered file system 322 coordinator disks 117 relocating from a tiered file system 326 resetting removing from a tiered file system 322 default passwords running for a tiered file system 322 Master, System Administrator, and Storage preserving Administrator users 36 snapshot schedule 177 DMP I/O policy 347 printing WWN information 113 restoring privileges ndmp policies 305 about 25 retrieving processor activity debugging information 391 accessing 405 retrieving the NDMP data about 301 Q roles about 25 quota commands route entries enabling, disabling, and displaying file system deleting from routing tables 74 quotas 122 routing tables for setting and displaying file system quotas 124 of the nodes in the cluster quota limits displaying 74 enabling or disabling snapshot 171 running quotas policy of a tiered file system 322 CIFS home directories 129 for file systems 120 using for CIFS home directories 131 S schedule R displaying for all tiered file systems 327 modifying for a tiered file system 327 rebooting removing from a tiered file system 327 a node or all nodes in cluster 51 scheduling reconfiguring CIFS service Symantec AntiVirus for FileStore scan jobs 383, about 222 385 regions and time zones second tier setting 333 adding to a file system 314 relocating security policy of a tiered file system 326 standalone mode 197 removing security settings disks 107 AD domain mode 212 IP address from the cluster 65 changing 206 Index 423
sending setting (continued) debugging information 391 root bind DN for the LDAP server 80 server start severity of the syslog server 275 FTP 253 SNMP filter notifications 278 server status SNMP severity notifications 278 FTP 253 Symantec AntiVirus for FileStore action server stop policy 380 FTP 253 system date and time 333 servers the NIS server name on all the nodes of adding LiveUpdate servers 372 cluster 87 services command trusted domains 218 about 399 trusted domains for the Active Directory 218 using 401 setting domain user session show AD domain mode 208 FTP 261 setting security session showdetail AD domain mode 208 FTP 261 NT domain mode 201 session terminate setting up FTP 261 home directories and use quotas 240 set anonymous login severity levels FTP 257 about 266 set anonymous logon adding to an email group 269 FTP 257 severity notifications set anonymous write setting 278 FTP 257 share set non-secure logins splitting 235 FTP 257 share file systems setting CIFS and NFS protocols 187 AD domain mode 208 share properties base distinguished name for the LDAP server 80 displaying 226 bind distinguished name for LDAP server 80 sharing details of the external email server 269 file systems using CIFS and NFS protocols 230 domain 223 showing domain controller 223 snapshot schedule 177 domain name for the DNS server 61 shutting down domain user name 223 node or all nodes in a cluster 51 events for event reporting 281 snapshot schedule filter of the syslog server 275 creating 177 home directory file systems 238 deleting 177 LDAP password hash algorithm 80 modifying 177 LDAP server hostname or IP address 80 preserving 177 LDAP server over SSL 80 removing 177 LDAP server port number 80 showing 177 LDAP users, groups, and netgroups base DN 80 snapshot schedules NIS domain name on all the nodes of cluster 87 about 175 NT domain mode 201 snapshots NT domain mode domain controller 201 about 169 NTLM 215 creating 171 regions and time zones 333 destroying 171 424 Index
snapshots (continued) storage provisioning and management displaying quotas 171 about 100 enabling or disabling quota limits 171 storing listing 171 account information 219 mounting 171 user and group accounts in LDAP 221 that can be exported user and group accounts locally 221 displayed 97 striped file systems unmounting 171 creating 157 SNMP striped tier filter notifications adding to a file system 314 setting 278 striped-mirror file systems management server creating 157 adding 278 striped-mirror tier deleting configured 278 adding to a file system 314 displaying current list of 278 support user MIB file about 38 exporting to a given URL 278 support user account notifications disabling 39 displaying the values of 278 enabling 39 server support user password setting severity notifications 278 changing 39 specified group support user status deleting a severity from 269 checking 39 specifying swap command DNS name servers 61 using 343 splitting a share 235 Symantec AntiVirus for FileStore SSL about 362 setting the LDAP server for 80 commands about 363 standalone mode configuring on the cluster's nodes 366 CIFS server status 197 displaying configuration 364 CIFS service 197 displaying logs 364 security 197 displaying stats 364 starting licensing 363 backup services 306 manual scan commands 381 CIFS server 223 quarantine commands about 376 NFS server 94 scheduling scan jobs 385 starting CIFS server setting action policies 380 AD domain mode 208 using manual scan commands 382 NT domain mode 201 using quarantine commands 377 stopping Symantec AntiVirus for FileStore LiveUpdate backup services 306 about 370 NFS server 94 adding LiveUpdate servers 372 storage pools Symantec AntiVirus for FileStore serial numbers creating 103 about adding or displaying 379 destroying 103 adding 380 listing 103 displaying 380 listing free space 103 synchronizing patches 357 moving disks from one to another 107 syslog event logging renaming 103 about 274 Index 425
syslog format user names exporting audit events to a given URL 282 mapping for CIFS/NFS sharing 233 exporting events to a given URL 282 user roles and privileges syslog server about 25 adding 275 users deleting 275 adding new 26 displaying the list of 275 changing passwords 36 displaying the values of 275 creating 36 setting the filter of 275 deleting 36 setting the severity of 275 using system date and time AD interface 215 displaying 333 history command 40 setting 333 more command 340 system statistics multi-domain controller support in CIFS 210 displaying 342 services command 401 swap command 343 T Symantec AntiVirus for FileStore manual scan commands 382 technical support Symantec AntiVirus for FileStore quarantine login 402 commands 377 testing traceroute command 406 network connectivity 399 tier adding a tier to a file system 317 V displaying location of a specified file 320 viewing listing all of the specified files on 319 list of locally saved configuration files 337 removing a mirror from 317 virtual IP address removing a mirror spanning a specified pool 317 configuring or changing for NetBackup 290 removing from a file system 316 virtual name removing from a tier spanning a specified configuring for NetBackup 291 disk 317 VLAN traceroute command about 90 using 406 vlan troubleshooting adding 91 about 390 configuring 91 deleting 91 U displaying 91 unexporting file systems 190 W uninstalling Web resources for FileStore 23 DUD driver updates 357 WWN information patches 357 printing 113 unmounting snapshots 171 updating GUI-related operations 392 user and group accounts in LDAP storing 221 user and group accounts locally storing 221