Symantec™ FileStore Command-Line Administrator's Guide
5.7 Symantec FileStore Command-Line Administrator’s Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Product version: 5.7 Document version: 5.7.0 Legal Notice Copyright © 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, Veritas, Veritas Storage Foundation, CommandCentral, NetBackup, Enterprise Vault, and LiveUpdate are trademarks or registered trademarks of Symantec corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. See the Third-party Legal Notices document for this product, which is available online or included in the base release media. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis
■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/index.jsp All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Contacting Technical Support Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/contact_techsupp_static.jsp Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available:
■ Product release level ■ Hardware information
■ Available memory, disk space, and NIC information
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes
Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs or manuals Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan [email protected]
Europe, Middle-East, and Africa [email protected]
North America and Latin America [email protected]
Documentation Your feedback on product documentation is important to us. Send suggestions for improvements and reports on errors or omissions. Include the title and document version (located on the second page), and chapter and section titles of the text on which you are reporting. Send feedback to: [email protected] About Symantec Connect Symantec Connect is the peer-to-peer technical community site for Symantec’s enterprise customers. Participants can connect and share information with other product users, including creating forum posts, articles, videos, downloads, blogs and suggesting ideas, as well as interact with Symantec product teams and Technical Support. Content is rated by the community, and members receive reward points for their contributions. http://www.symantec.com/connect/storage-management Contents
Technical Support ...... 4
Chapter 1 Introducing Symantec FileStore ...... 19 About FileStore ...... 19 About FileStore features ...... 20 Simple installation ...... 20 Active/Active Scalable NFS ...... 21 Active/Active CIFS ...... 21 NFS Lock Management (NLM) ...... 21 Administration ...... 21 Storage tiering ...... 22 High-performance data replication ...... 22 Integrated content scanning using Symantec AntiVirus for FileStore ...... 22 About the core strengths of FileStore ...... 23 FileStore key benefits and other applications ...... 24 High performance scaling and seamless growth ...... 24 High availability ...... 25 Consolidating and reducing costs of storage ...... 25 Enabling scale-out compute clusters and heterogeneous sharing of data ...... 26 FileStore on the Web ...... 27 Using the FileStore product documentation ...... 27
Chapter 2 Creating users based on roles ...... 29 About user roles and privileges ...... 29 About the naming requirements for adding new users ...... 30 About using the FileStore command-line interface ...... 31 Logging in to the FileStore CLI ...... 31 About accessing the online man pages ...... 39 About creating Master, System Administrator, and Storage Administrator users ...... 40 Creating Master, System Administrator, and Storage Administrator users ...... 41 About the support user ...... 44 8 Contents
Configuring the support user account ...... 45 Displaying the command history ...... 46
Chapter 3 Displaying and adding nodes to a cluster ...... 49 About the cluster commands ...... 49 About FileStore installation states and conditions ...... 50 Displaying the nodes in the cluster ...... 52 About including new nodes on the cluster ...... 54 Installing FileStore software on additional nodes ...... 55 Adding a node to the cluster ...... 56 Adding a non-preconfigured node ...... 57 Deleting a node from the cluster ...... 58 Shutting down the cluster nodes ...... 60 Rebooting the nodes in the cluster ...... 61
Chapter 4 Configuring storage ...... 63 About storage provisioning and management ...... 64 About configuring disks ...... 66 Configuring disks ...... 67 About configuring storage pools ...... 69 Configuring storage pools ...... 72 About performing local replication initialization ...... 75 Detaching one or more pools from the FileStore cluster as a detached pool set ...... 76 Displaying detached pools ...... 77 Attaching a replication storage pool to a FileStore cluster ...... 77 About displaying information for all disk devices ...... 78 Displaying information for all disk devices associated with nodes in a cluster ...... 79 Increasing the storage capacity of a LUN ...... 82 Formatting/reinitializing a disk ...... 83 Removing a disk ...... 83 Displaying WWN information ...... 84 Initiating FileStore host discovery of LUNs ...... 86 Importing pools forcefully ...... 86 About I/O fencing ...... 86 Configuring I/O fencing ...... 89 About quotas for file systems ...... 92 Using quota commands for enabling, disabling, and displaying file system quotas ...... 94 Using quota commands for setting and displaying file system quotas ...... 96 Contents 9
Setting user quotas for users of specified groups ...... 103 About quotas for CIFS home directories ...... 105 Using quotas for CIFS home directories ...... 108 Displaying the quota values for CIFS home directories ...... 115 About iSCSI ...... 117 Configuring the iSCSI initiator ...... 119 Configuring the iSCSI initiator name ...... 120 Configuring the iSCSI device ...... 120 Configuring discovery on iSCSI ...... 122 About configuring the iSCSI targets ...... 125 Configuring the iSCSI targets ...... 127 About data archive and retention (DAR) ...... 130 How DAR interacts with other FileStore applications ...... 132 Using DAR without Symantec Enterprise Vault ...... 134 Configuring data archive and retention ...... 135 About data deduplication ...... 137 About best practices for using the FileStore deduplication feature ...... 142 Configuring file system deduplication ...... 143 Chapter 5 Configuring Symantec FileStore network settings ...... 157 About network mode commands ...... 158 Displaying the network configuration and statistics ...... 159 About bonding Ethernet interfaces ...... 160 Bonding Ethernet interfaces ...... 161 About DNS ...... 163 Configuring DNS settings ...... 165 About IP commands ...... 167 About configuring IP addresses ...... 167 Configuring IP addresses ...... 169 About configuring Ethernet interfaces ...... 173 Displaying current Ethernet interfaces and states ...... 174 Configuring Ethernet interfaces ...... 175 About configuring routing tables ...... 176 Configuring routing tables ...... 178 About LDAP ...... 181 Before configuring LDAP settings ...... 181 About configuring LDAP server settings ...... 182 Configuring LDAP server settings ...... 184 About administering FileStore cluster's LDAP client ...... 188 Administering the FileStore cluster's LDAP client ...... 189 10 Contents
About NIS ...... 190 Configuring the NIS-related commands ...... 191 About NSS ...... 193 Configuring NSS lookup order ...... 194 About VLAN interfaces ...... 195 Configuring VLAN interfaces ...... 196
Chapter 6 Configuring your NFS server ...... 199 About NFS server commands ...... 199 Accessing the NFS server ...... 200 Displaying NFS statistics ...... 202 Displaying file systems and snapshots that can be exported ...... 203
Chapter 7 Creating and maintaining NFS shares ...... 205 About NFS file sharing ...... 205 Displaying exported directories ...... 206 Adding an NFS share ...... 207 Sharing directories using CIFS and NFS protocols ...... 211 Exporting an NFS snapshot ...... 214 Unexporting a directory or deleting NFS options ...... 214
Chapter 8 Creating and maintaining file systems ...... 217 About creating and maintaining file systems ...... 218 Listing all file systems and associated information ...... 222 About creating file systems ...... 226 Creating a file system ...... 227 Adding or removing a mirror from a file system ...... 230 Adding or removing a column from a file system ...... 232 Checking and resynchronizing stale mirrors ...... 233 Configuring FastResync for a file system ...... 235 Disabling the FastResync option for a file system ...... 236 Increasing the size of a file system ...... 237 Decreasing the size of a file system ...... 239 Checking and repairing a file system ...... 240 Changing the status of a file system ...... 243 Defragmenting a file system ...... 245 Destroying a file system ...... 246 About snapshots ...... 246 Creating snapshots ...... 248 Displaying snapshots ...... 249 Configuring snapshots ...... 250 Contents 11
About snapshot schedules ...... 252 Creating snapshot schedules ...... 254 Displaying snapshot schedules ...... 256 Configuring snapshot schedules ...... 256 About instant rollbacks ...... 258 Creating a FileStore space-optimized rollback ...... 260 Creating a full-sized rollback ...... 261 Listing FileStore instant rollbacks ...... 262 Restoring a file system from an instant rollback ...... 262 Refreshing an instant rollback from a file system ...... 263 Making an instant rollback go online ...... 264 Making an instant rollback go offline ...... 264 Destroying an instant rollback ...... 265 Creating a shared cache object for a FileStore instant rollback ...... 265 Listing cache objects ...... 267 Destroying a cache object of a FileStore instant rollback ...... 269 About setting up file system alerts for file system usage ...... 269 Setting file system alerts ...... 269 Unsetting file system alerts ...... 271 Displaying file system alerts ...... 271 About the Partition Secure Notification (PSN) feature ...... 272 Enabling the Partition Secure Notification (PSN) feature ...... 273 Disabling the Partition Secure Notification (PSN) feature ...... 273 Listing the online file systems that have the Partition Secure Notification (PSN) feature enabled ...... 274 Upgrading a file system to the current layout for running deduplication ...... 274
Chapter 9 Using Symantec FileStore as a CIFS server ...... 279 About configuring FileStore for CIFS ...... 280 About configuring CIFS for standalone mode ...... 282 Configuring CIFS server status for standalone mode ...... 284 About configuring CIFS for NT domain mode ...... 287 Configuring CIFS for the NT domain mode ...... 289 About leaving an NT domain ...... 292 Changing NT domain settings ...... 292 Changing security settings ...... 294 Changing security settings after the CIFS server is stopped ...... 294 About Active Directory (AD) ...... 294 Configuring entries for NTP for authenticating to Active Directory (AD) ...... 295 12 Contents
Configuring entries for FileStore DNS for authenticating to Active Directory (AD) ...... 295 Joining FileStore to Active Directory (AD) ...... 298 Verifying that FileStore has joined Active Directory (AD) successfully ...... 300 Using the Active Directory CLI wizard for configuring Active Directory ...... 300 About configuring CIFS for Active Directory (AD) domain mode ...... 300 Configuring CIFS for the AD domain mode ...... 302 Using multi-domain controller support in CIFS ...... 305 About leaving an AD domain ...... 305 Changing domain settings for AD domain mode ...... 306 Removing the AD interface ...... 309 About setting NTLM ...... 309 Setting NTLM ...... 311 About setting trusted domains ...... 312 Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to rid ...... 312 Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to ldap ...... 313 Allowing trusted domains access to CIF when setting an LDAP IDMAP backend to hash ...... 314 About configuring Windows Active Directory as an LDAP IDMAP backend for FileStore for CIFS ...... 315 Configuring the Active Directory schema with CIFS-schema extensions ...... 316 Configuring LDAP as an IDMAP backend using the FileStore CLI ...... 321 Configuring the CIFS server with the LDAP backend ...... 321 Setting Active Directory trusted domains ...... 322 About storing account information ...... 323 Storing user and group accounts ...... 325 About reconfiguring the CIFS service ...... 326 Reconfiguring the CIFS service ...... 327 About managing CIFS shares ...... 329 About the CIFS export options ...... 331 Setting share properties ...... 333 Hiding system files when adding or modifying a CIFS normal share ...... 334 Displaying CIFS share properties ...... 336 Allowing specified users and groups access to the CIFS share ...... 337 Contents 13
Denying specified users and groups access to the CIFS share ...... 338 Modifying an existing CIFS share ...... 339 Modifying an existing CIFS share with different CIFS options ...... 340 Exporting a CIFS snapshot ...... 340 Deleting a CIFS share ...... 341 Sharing file systems using CIFS and NFS protocols ...... 342 About mapping user names for CIFS/NFS sharing ...... 345 About load balancing for the normal clustering mode ...... 346 About load balancing for the ctdb clustering mode ...... 347 About managing home directories ...... 347 Setting the home directory file systems ...... 348 Setting up home directories ...... 350 Displaying home directory usage information ...... 352 Deleting home directories and disabling creation of home directories ...... 353 About ctdb clustering modes ...... 354 Exporting a directory as a CIFS share ...... 355 Exporting the same file system/directory as a different CIFS share ...... 357 About switching the clustering mode ...... 358 Switching from normal to ctdb clustering mode ...... 358 Switching from ctdb to normal clustering mode ...... 361 About migrating CIFS shares and home directories ...... 362 Migrating CIFS shares and home directories from normal to ctdb clustering mode ...... 364 Migrating CIFS shares and home directories from ctdb to normal clustering mode ...... 366 Setting the aio_fork option ...... 369 Setting the netbios aliases for the CIFS server ...... 370 About managing local users and groups ...... 371 Creating a local CIFS user ...... 372 About configuring local groups ...... 374 Configuring a local group ...... 375 Enabling CIFS data migration ...... 376
Chapter 10 Configuring your FTP server ...... 377 About FTP ...... 377 Displaying FTP server settings ...... 379 About FTP server commands ...... 379 Using the FTP server commands ...... 380 14 Contents
About FTP set commands ...... 381 Using the FTP set commands ...... 385 Implementing all of the FTP> set command changes ...... 390 About FTP session commands ...... 391 Using the FTP session commands ...... 392 Using the FTP logupload command ...... 394 About FTP local user commands ...... 394 Using the FTP local user commands ...... 396 About FTP local user set commands ...... 397 Using the FTP local user set commands ...... 399
Chapter 11 Configuring your HTTP server ...... 405 About configuring your HTTP server for accessing FileStore data ...... 405 About using the HTTP server commands ...... 406 Starting the HTTP server ...... 406 Stopping the HTTP server ...... 407 Displaying the status for the HTTP server ...... 407 About HTTP set commands ...... 407 Displaying the current HTTP sessions on each node ...... 409 Setting the minimum number of idle threads for handling request spikes ...... 409 Setting the maximum number of idle threads for handling request spikes ...... 409 Setting the maximum number of threads to be created ...... 410 Setting the initial number of server threads ...... 410 Setting the maximum number of threads in each server process ...... 410 Displaying the list of all configurable HTTP options and their values ...... 411 About HTTP alias commands ...... 411 Adding a mapping from a virtualPath to a realPath ...... 412 Deleting a mapping that is visible to clients as a virtualPath ...... 413 Displaying all the aliases configured on the server ...... 413 About HTTP document root mapping commands ...... 413 Setting the root directory for the HTTP server ...... 414 Displaying the current root directory for the HTTP server ...... 415 Clearing the root directory setting for the HTTP server ...... 415
Chapter 12 Configuring event notifications and audit logs ...... 417 About configuring event notifications and audit logs ...... 418 About severity levels and filters ...... 419 Contents 15
About email groups ...... 419 Configuring an email group ...... 421 About syslog event logging ...... 426 Configuring a syslog server ...... 427 Displaying events on the console ...... 429 About SNMP notifications ...... 429 Configuring an SNMP management server ...... 430 Configuring events for event reporting ...... 433 Exporting events and audits in syslog format to a given URL ...... 434 About audit logs ...... 434 Configuring audit logs ...... 437 Disabling the audit log for a file system ...... 439
Chapter 13 Configuring backup ...... 441 About backup ...... 442 About NetBackup ...... 443 About the NetBackup Snapshot Client ...... 444 About NetBackup snapshot methods ...... 444 About NetBackup instant recovery ...... 445 About Fibre Transport ...... 445 About SAN clients ...... 445 About FT media servers ...... 446 About the FT Service Manager ...... 446 About zoning the SAN for Fibre Transport ...... 446 About HBAs for SAN clients and FT media servers ...... 447 About supported SAN configurations for SAN Client ...... 448 Adding a NetBackup master server to work with FileStore ...... 449 Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation ...... 450 Configuring the virtual name of NetBackup ...... 451 About the Network Data Management Protocol ...... 452 About NDMP supported configurations ...... 453 About the NDMP policies ...... 455 Configuring the NDMP policies ...... 456 Displaying all NDMP policies ...... 461 About retrieving the NDMP data ...... 462 Retrieving the NDMP data ...... 463 Restoring the default NDMP policies ...... 465 About backup configurations ...... 466 Configuring backup ...... 467 Configuring backups using NetBackup or other third-party backup applications ...... 469 16 Contents
Chapter 14 Configuring Symantec FileStore Dynamic Storage Tiering ...... 471 About FileStore Dynamic Storage Tiering (DST) ...... 472 How FileStore uses Dynamic Storage Tiering ...... 475 About policies ...... 476 Adding or removing a column from a secondary tier of a file system ...... 476 About adding tiers to file systems ...... 477 Adding tiers to a file system ...... 478 Removing a tier from a file system ...... 480 About configuring a mirror on the tier of a file system ...... 480 Configuring a mirror to a tier of a file system ...... 481 Listing all of the files on the specified tier ...... 482 Displaying a list of Dynamic Storage Tiering file systems ...... 483 Displaying the tier location of a specified file ...... 484 About configuring the policy of each tiered file system ...... 484 Configuring the policy of each tiered file system ...... 486 Relocating a file or directory of a tiered file system ...... 490 About configuring schedules for all tiered file systems ...... 490 Configuring schedules for all tiered file systems ...... 491 Displaying the files that are moved or pruned by running a policy ...... 493 Allowing metadata information on the file system to be written on the secondary tier ...... 494 Restricting metadata information to the primary tier only ...... 495
Chapter 15 Configuring system information ...... 497 About system commands ...... 498 About setting the clock commands ...... 499 Setting the clock commands ...... 500 About configuring the locally saved configuration files ...... 502 Configuring the locally saved configuration files ...... 505 Using the more command ...... 507 About coordinating cluster nodes to work with NTP servers ...... 508 Coordinating cluster nodes to work with NTP servers ...... 509 Displaying the system statistics ...... 511 Displaying file system I/O statistics ...... 512 Using the swap command ...... 512 About the VMware Virtual Center plug-in ...... 514 Using the vplugin commands ...... 516 About the option commands ...... 518 Using the option commands ...... 521 Contents 17
Modifying and displaying the volpagemod_max_memsz parameter of vxtune ...... 526 Chapter 16 Using the VMware vSphere extension for Symantec FileStore ...... 529 About the VMware vSphere extension for FileStore ...... 530 How the VMware vSphere extension for FileStore interacts with other FileStore applications ...... 531 Useful links from VMware on NFS support and customization while cloning virtual machines ...... 531 Adding storage to ESX servers ...... 532 Creating a virtual machine ...... 533 Creating virtual machine clones using Symantec FileSnap ...... 533 Specifying the number of virtual machine clones to be created ...... 535 Specifying where to create the virtual machine clones ...... 535 Specifying the guest operating system if customizing for Linux or Windows ...... 536 Specifying network customization parameters for guest operating systems if using DHCP or Static IP ...... 538 Configuring the VMware View ...... 539 Verifying the virtual machine clones ...... 541
Chapter 17 Configuring disaster recovery ...... 543 About disaster recovery ...... 543 About DNS update ...... 543 About the DNS update set command ...... 545 Configuring the DNS update service ...... 546 Starting and stopping the DNS update service ...... 549 Displaying DNS update settings ...... 550
Chapter 18 Upgrading Symantec FileStore ...... 551 About upgrading patches ...... 551 Displaying the current version of FileStore ...... 553 About installing patches ...... 554 About types of patches ...... 554 Installing patches ...... 556 Uninstalling patches ...... 556 Synchronizing software upgrades on a node ...... 556 18 Contents
Chapter 19 Using Symantec AntiVirus for FileStore ...... 559 About Symantec AntiVirus for FileStore ...... 560 About Symantec AntiVirus for FileStore licensing ...... 561 About Symantec AntiVirus for FileStore commands ...... 561 Displaying Symantec AntiVirus for FileStore configurations ...... 562 About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster ...... 563 Configuring Symantec AntiVirus for FileStore on the cluster's nodes ...... 564 About configuring Auto-Protect on FileStore file systems ...... 565 Configuring Auto-Protect on FileStore file systems ...... 566 About excluding file extensions ...... 566 Configuring file extensions for the Symantec AntiVirus for FileStore configuration file ...... 567 About Symantec AntiVirus for FileStore LiveUpdate ...... 568 Using Symantec AntiVirus for FileStore with LiveUpdate ...... 570 About using Symantec AntiVirus for FileStore quarantine commands ...... 574 Using Symantec AntiVirus for FileStore quarantine commands ...... 575 Setting the Symantec AntiVirus for FileStore action policy ...... 577 About using Symantec AntiVirus for FileStore manual scan commands ...... 578 Using Symantec AntiVirus for FileStore manual scan commands ...... 579 About scheduling a Symantec AntiVirus for FileStore scan job ...... 580 Scheduling a Symantec AntiVirus for FileStore scan job ...... 582
Glossary ...... 587
Index ...... 591 Chapter 1
Introducing Symantec FileStore
This chapter includes the following topics:
■ About FileStore
■ About FileStore features
■ About the core strengths of FileStore
■ FileStore key benefits and other applications
■ FileStore on the Web
■ Using the FileStore product documentation
About FileStore FileStore was formerly known as Storage Foundation Scalable File Server. FileStore is a highly-scalable and highly-available clustered Network Attached Storage (NAS) software appliance. Based on Storage Foundation Cluster File System technology, FileStore is a complete solution for multi-protocol file serving. FileStore provides an open storage gateway model, including a highly- available and scalable Network File System (NFS), CIFS, and FTP file serving platform and an easy-to-use administrative interface. The product includes the following key features:
■ Backup operations using both NDMP and/or the built-in NetBackup client
■ Active/Active CIFS, including integration with Active Directory operations
■ Simple administration through a single GUI and/or CLI interface 20 Introducing Symantec FileStore About FileStore features
■ Active/Active shared data NFS sharing including shared read/write and LDAP/NIS support
■ Simple administration of Fibre Channel Host Bus Adapters (HBAs), file systems, disks, snapshots, and Dynamic Storage Tiering
■ SNMP, syslog, and email notification
■ High-speed asynchronous/episode-based replication for content distribution and data mining
■ Multi-protocol sharing of file systems in a highly-scalable and highly-available manner
■ Support for single-node FileStore clusters
■ Create a snapshot schedule that stores the values by minutes, hour, day-of-the-month, month, and day-of-the-week along with the name of the file system
■ Seamless upgrade and patch management
■ Support information
■ Online man pages The components of FileStore include a security-hardened, custom-install SUSE Linux Enterprise Server (SLES) 11 SP1 operating system, core Storage Foundation services including Cluster File System, and the FileStore software platform. These components are provided on multiple DVDs or a DVD ISO image.
About FileStore features FileStore is designed to provide a full-suite of NAS features, in addition to class-leading performance and scalability. A partial list of these features is discussed in the following sections.
Simple installation A single node in the cluster is booted from a DVD containing the operating system image, core Storage Foundation, and FileStore modules. While the node boots, the other nodes are defined using IP addresses. After you install FileStore and the first node is up and running, the rest of the cluster nodes are automatically installed with all necessary components. The key services are then automatically started to allow the cluster to begin discovering storage and creating file shares. Introducing Symantec FileStore 21 About FileStore features
Active/Active Scalable NFS With FileStore, all nodes in the cluster can serve the same NFS shares as both read and write. This creates very high aggregated throughput rates, because you can use sum of the bandwidth of all nodes. Cache-coherency is maintained throughout the cluster.
Active/Active CIFS CIFS is active on all nodes within the FileStore cluster. The specific shares are read/write on the node they reside on, but can failover to any other node in the cluster. FileStore supports CIFS home directory shares.
NFS Lock Management (NLM) The NFS Lock Management (NLM) module allows a customer to use NFS advisory client locking in parallel with core SFCFS global lock management. The module consists of failing over the locks among FileStore nodes as well as forwarding all NFS client lock requests to a single NFS lock master. The result is that no data corruption occurs if a user or application needs to use NFS client locking with an FileStore cluster.
Administration FileStore contains a role-based administration model consisting of the following key roles:
■ Storage
■ Master
■ System These roles are consistent with the operational roles in many data centers. For each role, the administrator uses a simple menu-driven text interface. This interface provides a single point of administration for the entire cluster. A user logs in as one of those roles on one of the nodes in the cluster and runs commands that perform the same tasks on all nodes in the cluster. You do not need to have any knowledge of the Veritas Storage Foundation technology to install or administer an FileStore cluster. If you are currently familiar with core SFCFS or Storage Foundation in general, you will be familiar with the basic management concepts. 22 Introducing Symantec FileStore About FileStore features
Storage tiering FileStore's built-in Dynamic Storage Tiering (DST) feature can reduce the cost of storage by moving data to lower cost storage. FileStore storage tiering also facilitates the moving of data between different drive architectures. Dynamic Storage Tiering lets you do the following:
■ Create each file in its optimal storage tier, based on pre-defined rules and policies.
■ Relocate files between storage tiers automatically as optimal storage changes, to take advantage of storage economies.
■ Prune files on secondary tiers automatically as files age and are no longer needed.
■ Retain original file access paths to minimize operational disruption, for applications, backup procedures, and other custom scripts.
■ Handle millions of files that are typical in large data centers.
■ Automate these features quickly and accurately.
High-performance data replication Included as a standard feature in the Enterprise Edition of FileStore and optional on the Standard Edition, FileStore Replication provides for high-performance content distribution across multiple clusters. FileStore Replication is asynchronous (sometimes called episodic) and provides for file-based replication between clusters, together with the advantage of being able to only transfer blocks within specific files that have changed since the last update. With FileStore Replication, the destination file system can be on-line for reads, and updates to that destination can be as frequent as every fifteen minutes. FileStore Replication is ideal for content distribution, or for creating hot-standby replicas of a production environment.
Integrated content scanning using Symantec AntiVirus for FileStore New to FileStore is the ability for customers to use Symantec AntiVirus for FileStore. Leveraging content-scanning and anti-virus technology similar to that found in the Symantec Endpoint Protection range of products, this feature allows for scheduled and real-time (on-demand) scanning of files and other data contained within the FileStore cluster. When conducted in real-time, this content-scanning can be used with multiple file access protocols, including CIFS, NFS, FTP, and HTTP. Files can be automatically quarantined and regular virus definition updates can be obtained by way of the standard Symantec LiveUpdate service. Introducing Symantec FileStore 23 About the core strengths of FileStore
About the core strengths of FileStore FileStore leverages all the capabilities and strengths of the Storage Foundation family of products. FileStore contains all the key features of Storage Foundation Cluster File System 5.1 SP1PR3 including:
■ Dynamic Multi-Pathing (DMP)
■ Cluster Volume Manager
■ Cluster File System (CFS)
■ Veritas Cluster Server (VCS)
■ Dynamic Storage Tiering (DST)
■ I/O Fencing DMP provides load balancing policies and tight integration with array vendors to provide in-depth failure detection and path failover logic. DMP is compatible with more hardware than any other similar product, and is a standard component within the FileStore product. Cluster Volume Manager provides a cluster-wide consistent virtualization layer that leverages all the strengths of the underlying Veritas Volume Manager (VxVM) technology including online re-layout and resizing of volumes, and online array migrations. You can mirror your FileStore file systems across separate physical frames to ensure maximum availability on the storage tier. This technique seamlessly adds or removes new storage, whether single drives or entire arrays. Cluster File System complies with the Portable Operating System Interface (POSIX) standard. It also provides full cache consistency and global lock management at a file or sub-file level. CFS lets all nodes in the cluster perform metadata or data transactions. This allows linear scalability in terms of NFS operations per second. VCS monitors communication, and failover for all nodes in the cluster and their associated critical resources. This includes virtual IP addressing failover for all client connections regardless of the client protocol. Dynamic Storage Tiering (DST) dynamically and transparently moves files to different storage tiers to respond to changing business needs. DST is used in Symantec FileStore as FileStore Storage Tiering. I/O fencing further helps to guarantee data integrity in the event of a multiple network failure by using the FileStore storage to ensure that cluster membership can be determined correctly. This virtually eliminates the chance of a cluster split-brain from occurring. 24 Introducing Symantec FileStore FileStore key benefits and other applications
FileStore key benefits and other applications FileStore can be used with any application that requires the sharing of files using the NFS v3, CIFS, or FTP protocol. Use-cases such as home directories or decision support applications that require sequential shared access, Web pages, and applications are all ideal for FileStore. FileStore is also applicable when you want general purpose, high-throughput scale-out processing for your data, together with enterprise-class highly available cluster functionality.
High performance scaling and seamless growth FileStore lets you scale storage and processing independently and seamlessly, online. Because an application may need to scale either storage or processing, or both, this capability gives you a lot of flexibility. FileStore automates the installation of new nodes into the running cluster, configures those nodes, and adds the nodes' capacity into the processing tier. FileStore can scale from 1 to 16 nodes with near linear performance scaling. You can add processing one node at a time, rather than buying a large, expensive independent appliance. A storage administrator can configure a new array or even add new LUNs from an existing array into the FileStore cluster. FileStore can then scan the storage, automatically see the new LUNs and place them under FileStore control for use in the cluster. All of this is performed online. At the storage end, resizing of existing file systems can be performed online with no interruption of service. A simple command is used to both add space to an existing file system and to also reduce (dynamically shrink) the amount of free space in a specified file system. The product provides nearly linear scaling in terms of NFS operations per second and total I/O throughput. Figure 1-1 depicts this scaling capability. Introducing Symantec FileStore 25 FileStore key benefits and other applications
Figure 1-1 Example of near-linear performance scaling with FileStore
When using 16-node clusters, extremely high throughput performance numbers can be obtained. This is due to the benefits of near linear FileStore cluster scalability.
High availability FileStore has an “always on" file service that provides zero interruption of file services for company critical data. The loss of single or even multiple nodes does not interrupt I/O operations on the client tier. This is in contrast to the traditional active/passive failover paradigm. Further, with FileStore's modular N-to-N approach to clustered NAS, any node can act as a failover for any other node. The FileStore architecture provides transparent failover for other key services such as NFS lock state, CIFS and FTP daemons, reporting, logging, and backup/restore operations. The console service that provides access to the centralized menu-driven interface is automatically failed over to another node. The installation service is also highly available and can seamlessly recover from the initially installed node failing during the installation of the remaining nodes in the cluster. The use of Veritas Cluster Server technology and software within FileStore is key to the ability of FileStore to provide best-of-breed high availability, in addition to class-leading scale-out performance.
Consolidating and reducing costs of storage The value of consolidating several independent islands of NAS appliances into fewer, larger shared pools has many cost benefits. 26 Introducing Symantec FileStore FileStore key benefits and other applications
A typical enterprise uses 30-40% of its storage. This low storage utilization rate results in excessive spending on new storage when there is more than adequate free space in the data center. With FileStore, you can group storage assets into fewer, larger shared pools. This increases the use of backend LUNs and overall storage. FileStore also has built-in, pre-configured heterogeneous storage tiering. This lets you use different types of storage in a primary and secondary tier configuration. Using simple policies, data can be transparently moved from the primary storage tier to the secondary tier. This is ideal when mixing drive types and architectures such as high-speed SAS drives with cheaper storage, such as SATA-based drives. Furthermore, data can be stored initially on the secondary tier and then promoted to the primary tier dynamically based on a pattern of I/O. This creates an optimal scenario when you use Solid State Disks (SSDs) because there will often be a significant change between the amount of SSD storage available, and amount of other storage availability, such as SATA drives. Data and files that are promoted to the primary tier are transferred back to the secondary tier in accordance with the configured access time policy. All of this results in substantially increased efficiency, and it can save you money because you make better use of the storage you already have.
Enabling scale-out compute clusters and heterogeneous sharing of data The trend toward scale-out, or grid computing continues to gain pace. There are significant performance and cost advantages of moving applications away from large UNIX Symmetrical Multi-Processing (SMP) or mainframe environments and towards a farm of commodity computer servers running a distributed application. One of the key inhibitors to scale-out computing is the requirement to provide a shared storage infrastructure for the compute nodes, and enable you to share heterogeneously as well as scale up as performance requires. FileStore solves both of these issues by providing a highly scalable and shared storage platform at the storage tier and by facilitating heterogeneous sharing on the compute tier. FileStore can provide the performance and availability you need for a large-scale NFS compute and storage tier. It provides enough throughput and seamless failover for this type of architecture – whether a few dozen compute nodes, or scaling to several hundred nodes. Introducing Symantec FileStore 27 FileStore on the Web
FileStore on the Web For comprehensive, up-to-date information about FileStore, visit the Symantec Web site: http://www.symantec.com/business/support/overview.jsp?pid=55079
Using the FileStore product documentation FileStore product documentation is available in PDF format on the FileStore installation DVD in the /docs directory:
■ Symantec FileStore Web GUI Administrator’s Guide (sfs_admin_gui.pdf)
■ Symantec FileStore Command-Line Administrator’s Guide (sfs_admin.pdf)
■ Symantec FileStore Installation Guide (sfs_install.pdf)
■ Symantec FileStore Replication Guide (sfs_replication.pdf)
■ Symantec FileStore Troubleshooting Guide (sfs_troubleshoot.pdf)
■ Symantec FileStore Release Notes (sfs_relnotes.pdf) Find additional information at this location: http://www.symantec.com/business/support/overview.jsp?pid=55079 28 Introducing Symantec FileStore Using the FileStore product documentation Chapter 2
Creating users based on roles
This chapter includes the following topics:
■ About user roles and privileges
■ About the naming requirements for adding new users
■ About using the FileStore command-line interface
■ Logging in to the FileStore CLI
■ About accessing the online man pages
■ About creating Master, System Administrator, and Storage Administrator users
■ Creating Master, System Administrator, and Storage Administrator users
■ About the support user
■ Configuring the support user account
■ Displaying the command history
About user roles and privileges Your privileges within Symantec FileStore (FileStore) are based on what user role (Master, System Administrator, or Storage Administrator) you have been assigned. The following table provides an overview of the user roles within FileStore. 30 Creating users based on roles About the naming requirements for adding new users
Table 2-1 User roles within FileStore
User role Description
Master Masters are responsible for adding or deleting users, displaying users, and managing passwords. Only the Masters can add or delete other administrators.
System System Administrators are responsible for configuring and Administrator maintaining the file system, NFS sharing, networking, clustering, setting the current date/time, and creating reports.
Storage Storage Administrators are responsible for provisioning storage and Administrator exporting and reviewing reports.
The Support account is reserved for Technical Support use only, and it cannot be created by administrators. For more information, see the Symantec FileStore Troubleshooting Guide.
About the naming requirements for adding new users The following table provides the naming requirements for adding new FileStore users.
Table 2-2 Naming requirements for adding new users
Guideline Description
Starts with Letter or an underscore (_) Must begin with an alphabetic character and the rest of the string should be from the following POSIX portable character set: ([A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]).
Length Can be up to 31 characters. If user names are greater than 31 characters, you will receive the error, "Invalid user name."
Case FileStore CLI commands are case-insensitive (for example, the user command is the same as the USER command). However, user-provided variables are case-sensitive (for example, the username Master1 is not the same as the username MASTER1).
Can contain Hyphens (-) and underscores (_) are allowed. Creating users based on roles 31 About using the FileStore command-line interface
Table 2-2 Naming requirements for adding new users (continued)
Guideline Description
Valid syntax Valid user names include:
■ Name: ■ a.b ■ a_b ■ ______-
See “Creating Master, System Administrator, and Storage Administrator users” on page 41.
About using the FileStore command-line interface You can enter FileStore commands on the system console or from any host that can access FileStore through a session using Secure Socket Shell (SSH) . FileStore provides the following features to help you when you enter commands on the command line:
■ Command-line help by typing a command and then a question mark (?)
■ Command-line manual (man) pages by typing man and the name of the command you are trying to find
Table 2-3 Conventions used in the FileStore online command-line man pages
Symbol Description
| (pipe) Indicates you must choose one of elements on either side of the pipe.
[ ] (brackets) Indicates that the element inside the brackets is optional.
{ } (braces) Indicates that the element inside the braces is part of a group.
< > Indicates a variable for which you need to supply a value. Variables are indicated in italics in the man pages.
Logging in to the FileStore CLI When you first log in to the FileStore CLI, use the default username/password of master/master. After you have logged in successfully, change your password. 32 Creating users based on roles Logging in to the FileStore CLI
Note: Changing the default password is important for system security. If you do not change the default password, a warning message appears the next time you log in.
See “Creating Master, System Administrator, and Storage Administrator users” on page 41. By default, the initial password for any user is the same as the username. For example, if you logged in as user1, your default password would also be user1. To use any of the CLI commands, first log in by using the user role you have been assigned. Then enter the correct mode. These two steps must be performed before you can use any of the commands.
Note: The End User License Agreement (EULA) is displayed the first time you log in to the FileStore CLI.
To log in to the FileStore CLI 1 Log in to FileStore using the appropriate user role, System Admin, Storage Admin, or Master. 2 Enter the name of the mode you want to enter.
For example, to enter the admin mode, you would enter the following:
admin
You can tell you are in the admin mode because you will see the following:
Admin>
The following tables describe all the available modes, commands associated with that mode, and what roles to use depending on which operation you are performing.
Table 2-4 Admin mode commands
Admin mode commands System Storage Master Admin Admin
passwd X X X
show X X X
supportuser X
user X Creating users based on roles 33 Logging in to the FileStore CLI
Table 2-5 Antivirus mode commands
Antivirus mode commands System Storage Master Admin Admin autoprotect X X excludeextension X X job X X liveupdate X X quarantine X X scanaction X X scan X X service X X show X X
Table 2-6 Backup mode commands
Backup mode commands System Storage Master Admin Admin ndmp X X netbackup X X show X X start X X status X X stop X X virtual-ip X X virtual-name X X
Table 2-7 CIFS mode commands
CIFS mode commands System Storage Master Admin Admin homedir X X 34 Creating users based on roles Logging in to the FileStore CLI
Table 2-7 CIFS mode commands (continued)
CIFS mode commands System Storage Master Admin Admin
local X X
mapuser X X
server X X
set X X
share X X
show X X
Table 2-8 Cluster mode commands
Cluster mode commands System Storage Master Admin Admin
add X X
delete X X
install X X
reboot X X
show X X
shutdown X X
Table 2-9 Disaster recovery (DR) mode commands
Disaster recovery System Admin Storage Admin Master mode commands
dnsupdate X
Table 2-10 FTP mode commands
FTP mode commands System Storage Master Admin Admin
local X X
logupload X X
server X X Creating users based on roles 35 Logging in to the FileStore CLI
Table 2-10 FTP mode commands (continued)
FTP mode commands System Storage Master Admin Admin
session X X
set X X
show X X
Table 2-11 History mode commands
History mode commands System Storage Master Admin Admin
history X X X
Table 2-12 HTTP mode commands
HTTP mode commands System Storage Master Admin Admin
alias X X
documentRoot X X
server X X
session X X
set X X
show X X
Table 2-13 Network mode commands
Network mode commands System Storage Master Admin Admin
bond X X
dns X X
ip X X
ldap X X
nis X X
nsswitch X X 36 Creating users based on roles Logging in to the FileStore CLI
Table 2-13 Network mode commands (continued)
Network mode commands System Storage Master Admin Admin
ping X X
show X X
vlan X X
Table 2-14 NFS mode commands
NFS mode commands System Storage Master Admin Admin
server X X
share X X
show fs X X
stat X X
Table 2-15 Replication mode commands
Replication mode commands System Storage Master Admin Admin
config X X
exclunit X
job X X
repunit X X
rpo X
schedule X X
service X X
set X X
show X X Creating users based on roles 37 Logging in to the FileStore CLI
Table 2-16 Report mode commands
Report mode commands System Storage Master Admin Admin audit X X email X X event X X exportevents X X X showevents X X X snmp X X syslog X X
Table 2-17 Storage mode commands
Storage mode commands System Storage Master Admin Admin dar X X dedup X disk grow X X X disk list X X X disk format X X X disk remove X fencing X X fs X X hba X X iscsi X X X migrate X X X pool X X quota X X rollback X X 38 Creating users based on roles Logging in to the FileStore CLI
Table 2-17 Storage mode commands (continued)
Storage mode commands System Storage Master Admin Admin
scanbus X X
snapshot X X
tier X X
Table 2-18 Support mode commands
Support mode commands System Storage Master Admin Admin
debuginfo X X
gui X X
iostat X X
license X X
pciexclusion X X
services X X
tethereal X X
top X X
traceroute X X
Table 2-19 System mode commands
System mode commands System Storage Master Admin Admin
clock X X
config X X
more X X
ntp X X
option X X
stat X X Creating users based on roles 39 About accessing the online man pages
Table 2-19 System mode commands (continued)
System mode commands System Storage Master Admin Admin
swap X X
vplugin X
Table 2-20 Upgrade mode commands
Upgrade mode commands System Storage Master Admin Admin
patch X X
show X X
About accessing the online man pages
You access the online man pages by typing man name_of_command at the command line.
The example shows the result of entering the Network> man ldap command.
Network> man ldap NAME ldap - configure LDAP client for authentication
SYNOPSIS ldap enable ldap disable ldap show [users|groups|netgroups] ldap set {server|port|basedn|binddn|ssl|rootbinddn|users-basedn| groups-basedn|netgroups-basedn|password-hash} value ldap get {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash}
You can also type a question mark (?) at the prompt for a list of all the commands that are available for the command mode that you are in. For example, if you are within the admin mode, if you type a question mark (?), you will see a list of the available commands for the admin mode.
sfs> admin ? Entering admin mode... sfs.Admin> 40 Creating users based on roles About creating Master, System Administrator, and Storage Administrator users
exit --return to the previous menus logout --logout of the current CLI session man --display on-line reference manuals passwd --change the administrator password show --show the administrator details supportuser --enable or disable the support user user --add or delete an administrator
To exit the command mode, enter the following: exit. For example:
sfs.Admin> exit sfs>
To exit the system console, enter the following: logout. For example:
sfs> logout
About creating Master, System Administrator, and Storage Administrator users
The admin> user commands add or delete a user, display user settings, and rename the password.
Note: By default, the password of the new user is the same as the username. Creating users based on roles 41 Creating Master, System Administrator, and Storage Administrator users
Table 2-21 Creating users
Command Definition
user add Creates the different levels of administrator. You must have master privilege. A user can be a Master user who has all the permissions, including add and deleting users. A Storage Administrator has access to only storage commands and is responsible for upgrading the cluster and applying the patches. A System Administrator is responsible for configuring the NFS server and exporting the file system, adding and deleting new nodes to the cluster, and configuring other network parameters such as DNS and NIS. See “Creating Master, System Administrator, and Storage Administrator users” on page 41.
passwd Creates a password. Passwords can be any length. By default, the initial password for any user is the same as the username. For example, if you logged in as user1, your default password would also be user1.
You will not be prompted to supply the old password. See “Creating Master, System Administrator, and Storage Administrator users” on page 41.
show Displays a list of current users, or you can specify a particular username and display both the username and its associated privilege. See “Creating Master, System Administrator, and Storage Administrator users” on page 41.
user delete Deletes a user. See “Creating Master, System Administrator, and Storage Administrator users” on page 41.
Creating Master, System Administrator, and Storage Administrator users
To create the different levels of administrator, you must have master privilege.
Note: When creating a user, you must assign a password. 42 Creating users based on roles Creating Master, System Administrator, and Storage Administrator users
To create a Master user
◆ To create a Master user, enter the following:
Admin> user add username master
For example:
Admin> user add master2 master Creating Master: master2 Success: User master2 created successfully Changing password for master2. New password: Re-enter new password: Password changed
To create a System Administrator user
◆ To create a System Administrator user, enter the following:
Admin> user add username system-admin
For example:
Admin> user add systemadmin1 system-admin Creating System Admin: systemadmin1 Success: User systemadmin1 created successfully
To create a Storage Administrator user
◆ To create a Storage Administrator user, enter the following:
Admin> user add username storage-admin
For example:
Admin> user add storageadmin1 storage-admin Creating Storage Admin: storageadmin1 Success: User storageadmin1 created successfully Creating users based on roles 43 Creating Master, System Administrator, and Storage Administrator users
To change a user's password 1 To change the password for the current user, enter the following command:
Admin> passwd
You will be prompted to enter the new password for the current user. 2 To change the password for a user other than the current user, enter the following command:
Admin> passwd [username]
You will be prompted to enter the new password for the user. To display a list of current users 1 To display the current user, enter the following:
Admin> show [username]
2 To display a list of all the current users, enter the following:
Admin> show
For example:
Admin> show List of Users ------master user1 user2
To display the details of the administrator with the username master, enter the following:
Admin> show master Username : master Privileges : Master Admin> 44 Creating users based on roles About the support user
To delete a user from FileStore 1 If you want to display the list of all the current users prior to deleting a user, enter the following:
Admin> show
2 To delete a user from FileStore, enter the following:
Admin> user delete username
For example:
Admin> user delete user1 Deleting User: user1 Success: User user1 deleted successfully
About the support user
The supportuser commands are used to enable, disable, or view the status of the support user. Only an administrator logged in as master has the privilege to enable, disable, change the password, or check the status of the support user.
You log into the system console and enter the Admin> mode to access the commands. See “About using the FileStore command-line interface” on page 31.
Table 2-22 Support user commands
Command Definition
supportuser Enables the support user for the tracing and debugging of any node. enable The enable command lets the support user login remotely.
See “Configuring the support user account” on page 45.
supportuser Changes the support user password. The password can be changed at password any time. See “Configuring the support user account” on page 45.
supportuser status Checks the status of the support user (whether it is enabled or disabled). Note: You must have master privilege to use this command.
See “Configuring the support user account” on page 45. Creating users based on roles 45 Configuring the support user account
Table 2-22 Support user commands (continued)
Command Definition
supportuser Disables the support user without permanently removing it from the disable system. By default, the support user is in disable mode when FileStore is installed. See “Configuring the support user account” on page 45.
Configuring the support user account To enable the support user account
◆ If you want to enable the support user, enter the following:
Admin> supportuser enable
For example:
Admin> supportuser enable Enabling support user. support user enabled. Please change default password. Admin>
To change the support user password
◆ If you want to change the support user password, enter the following:
Admin> supportuser password
For example:
Admin> supportuser password
Changing password for support. New password: Re-enter new password:
Password changed Admin> 46 Creating users based on roles Displaying the command history
To check the support user status
◆ If you want to check the status of the support user, enter the following:
Admin> supportuser status
For example:
Admin> supportuser status support user status : Enabled Admin>
To disable the support user account
◆ If you want to disable the support user, enter the following:
Admin> supportuser disable
For example:
Admin> supportuser disable Disabling support user. support user disabled. Admin>
Displaying the command history
The history command displays the commands that you have executed. You can also view commands executed by another user. You must be logged in to the system to view the command history. See “About using the FileStore command-line interface” on page 31. Creating users based on roles 47 Displaying the command history
To display command history
◆ To display the command history, enter the following:
SFS> history [username] [number_of_lines]
username Displays the command history for a particular user.
number_of_lines Displays the number of lines of history you want to view.
For example:
SFS> history master 7 Username : master Privileges : Master Time Status Message Command 02-12-2009 11:09 Success NFS> server status (server status) 02-12-2009 11:10 Success NFS> server start (server start ) 02-12-2009 11:19 Success NFS> server stop (server stop ) 02-12-2009 11:28 Success NFS> fs show (show fs ) 02-12-2009 15:00 SUCCESS Disk list stats completed (disk list ) 02-12-2009 15:31 Success Network shows success (show ) 02-12-2009 15:49 Success Network shows success (show ) SFS>
The information displayed from using the history command is:
Time Displays the time stamp as MM-DD-YYYY HH:MM
Status Displays the status of the command as Success, Error, or Warning.
Message Displays the command description.
Command Displays the actual commands that were executed by you or another user. 48 Creating users based on roles Displaying the command history Chapter 3
Displaying and adding nodes to a cluster
This chapter includes the following topics:
■ About the cluster commands
■ About FileStore installation states and conditions
■ Displaying the nodes in the cluster
■ About including new nodes on the cluster
■ Installing FileStore software on additional nodes
■ Adding a node to the cluster
■ Adding a non-preconfigured node
■ Deleting a node from the cluster
■ Shutting down the cluster nodes
■ Rebooting the nodes in the cluster
About the cluster commands This chapter discusses the FileStore cluster commands. You use these commands to add or delete nodes to your cluster. The cluster commands are defined in Table 3-1. To access the commands, log into the administrative console (for master or system-admin) and enter Cluster> mode. See “About using the FileStore command-line interface” on page 31. 50 Displaying and adding nodes to a cluster About FileStore installation states and conditions
Table 3-1 Cluster mode commands
Commands Definition
cluster> show Displays the nodes in the FileStore cluster, their states, CPU load, and network load during the past 15 minutes. See “Displaying the nodes in the cluster” on page 52.
cluster> install Installs FileStore software on other nodes in the FileStore cluster. This command installs FileStore software only. It does not install the operating system software. Note: This command is not supported on a single-node cluster.
See “Installing FileStore software on additional nodes” on page 55.
cluster> add Adds a new node to the FileStore cluster. A node can be added to the cluster only after FileStore software is installed on the node. See “Adding a node to the cluster” on page 56.
cluster> delete Deletes a node from the FileStore cluster. See “Deleting a node from the cluster” on page 58.
cluster> shutdown Shuts down a single node or all of the nodes in the FileStore cluster. Use the nodename that is displayed in the show command.
See “Shutting down the cluster nodes” on page 60.
cluster> reboot Reboots a single node or all of the nodes in the FileStore cluster. Use the nodename that is displayed in the show command.
See “Rebooting the nodes in the cluster” on page 61.
About FileStore installation states and conditions Table 3-2 describes FileStore installation states.
Table 3-2 FileStore installation states
Installation state Description
Need to Install - The operating system has been installed on the host machine and the FileStore Not host machine is present in the private network of the FileStore cluster. Installed
INSTALLING FileStore installation is in progress on the new node. The stage of installation is also shown. Displaying and adding nodes to a cluster 51 About FileStore installation states and conditions
Table 3-2 FileStore installation states (continued)
Installation state Description
INSTALLED FileStore has been successfully installed on this node and the node is ready to be added to the cluster.
RUNNING Node is part of the cluster and FileStore processes are running on it.
FAULTED Node is down and/or FileStore processes are not running on it.
LEAVING Node is leaving the cluster gracefully
EXITED Node has exited the cluster gracefully
UNKNOWN Exact state of the node cannot be determined
Depending on the cluster condition as described in Table 3-3, output for the Cluster> show command changes.
Table 3-3 Cluster conditions and states
Condition Description
If the node is configured and State displays as FAULTED, and there is no installation state part of the cluster, but the or network statistics. node is powered off.
If the node is configured and State displays as FAULTED, and there is no installation state part of the cluster, but the or network statistics. node is physically removed from the cluster.
If the node is configured and State changes from LEAVING to EXITED. part of the cluster, but the node is shutdown using the Cluster> shutdown command.
If the node is configured and Node gets deleted from the cluster, and the node is shown part of the cluster, and you under the installed node list. issue the Cluster> delete command. 52 Displaying and adding nodes to a cluster Displaying the nodes in the cluster
Table 3-3 Cluster conditions and states (continued)
Condition Description
If the node is installed, but If the system is powered off, the node displays in the not part of the cluster, and is installed node list for 2-3 minutes, but attempting to add powered off. the node to the cluster will not work, as the system is in a powered-off state. After 2-3 minutes has expired, the node is deleted from the installed node list. If the system is powered on, the node appears in the installed node list.
If the node is installed, but Same behavior as above. not part of the cluster, and is physically removed.
Displaying the nodes in the cluster You can display all the nodes in the cluster, their states, CPU load, and network load during the past 15 minutes.
If you use the Cluster> show currentload option, you can display the CPU and network loads collected from now to the next five seconds. Displaying and adding nodes to a cluster 53 Displaying the nodes in the cluster
To display a list of nodes in the cluster 1 To display a list of nodes that are part of a cluster, and the systems that are available to add to the cluster, enter the following:
Cluster> show
Command output includes the following information. See examples below.
Node Displays the node name if the node has already been added to the cluster. Displays the unique identifier for the node if it has not been added to the cluster. Example:
node_01
or
35557d4c-6c05-4718-8691-a2224b621920
State Displays the state of the node or the installation state of the system along with an IP address of the system if it is installed. See “About FileStore installation states and conditions” on page 50.
CPU Indicates the CPU load
pubeth0 Indicates the network load for the Public Interface 0
pubeth1 Indicates the network load for the Public Interface 1
2 For nodes already in the cluster, the following is displayed:
Node State CPU(15 min) pubeth0(15 min) pubeth1(15 min) % rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s) ------sfs_01 RUNNING 1.35 0.00 0.00 0.00 0.00 sfs_02 RUNNING 1.96 0.00 0.00 0.00 0.00
3 For the nodes not yet added to the cluster, they are displayed with unique identifiers.
Node State ------4dd5a565-de6c-4904-aa27-3645cf557119 INSTALLED 5.7 (172.16.113.118) bafd13c1-536a-411a-b3ab-3e3253006209 INSTALLING-Stage-3-of-3 INSTALLING-Stage-4-of-4 54 Displaying and adding nodes to a cluster About including new nodes on the cluster
4 For host machines with the operating system installed on them that are present in the private network of the cluster, they are displayed with a NEED TO INSTALL state.
Need to Install Nodes Node State ------3aa5a565-fe6c-6002-bb27-... FileStore Not Installed 172.16.113.119 5dd4a335-de6c-4904-aa95-... FileStore Not Installed 172.16.113.120
5 To display the CPU and network loads collected from now to the next five seconds, enter the following:
Cluster> show currentload
Example output:
Node State CPU(5 sec) pubeth0(5 sec) pubeth1(5 sec) % rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s) ------sfs_01 RUNNING 0.26 0.01 0.00 0.01 0.00 sfs_02 RUNNING 0.87 0.01 0.00 0.01 0.00 sfs_03 RUNNING 10.78 27.83 12.54 0.01 0.00
Statistics for network interfaces will be shown for as each public interface available on the cluster nodes.
About including new nodes on the cluster After you have installed the operating system and FileStore software on the first node of the cluster, you need to complete the following procedures to include new nodes on the cluster. Procedures to include new nodes:
■ Install the appropriate operating system software on the additional nodes. You must install the operating system software first before you install the FileStore software binaries on the node. For more information, see the Symantec FileStore Installation Guide.
■ Install the FileStore software binaries on the node. Software installation can run concurrently on multiple new nodes. See “Installing FileStore software on additional nodes” on page 55.
■ Add the node to your existing cluster. Displaying and adding nodes to a cluster 55 Installing FileStore software on additional nodes
After the FileStore software has been installed, the node enters the INSTALLED state. It can then be added to the cluster and become operational. See “Adding a node to the cluster” on page 56.
Note: Before proceeding, make sure that all of the nodes are physically connected to the private and public networks.
Installing FileStore software on additional nodes After you install the operating system software and the FileStore software on the first node of a cluster, you can use the Cluster> install command to install FileStore software on other nodes on the cluster.
Note: This command is not supported on a single-node cluster.
To install FileStore software on other nodes 1 Log in to the first (master) node in the cluster. 2 To install FileStore software on other nodes on the cluster, enter the following:
Cluster> install nodeip[,nodeip,...]
where nodeip is the IP address of the node where you want to install FileStore software. Specify the nodeip for any node that is in the NEED TO INSTALL state. To install on multiple nodes, you can enter more than one IP address separated by commas. Example output:
Cluster> install 172.16.0.21 10% [\] Copying installation script to 172.16.0.21 100% [#] FileStore is installing on 172.16.0.21
Cluster> show Installed/Installing Nodes Node State ------44ec2813-d98c-45f7-9949-d5ec9ed5f383 INSTALLING (Stage 1 of 3: Download install image) 56 Displaying and adding nodes to a cluster Adding a node to the cluster
Adding a node to the cluster After the FileStore software is installed on a new node, the node is assigned a temporary IP address. The address is displayed in the State field in the output for Cluster> show. For example, the temporary IP address shown above is 172.16.113.118. The temporary IP address is only used to add the node to the cluster. Only the nodes in the INSTALLED state can be added to the cluster. See “Adding a non-preconfigured node” on page 57.
Note: This command is not supported in a single-node cluster.
The coordinator disks must be visible on the newly added node as a prerequisite for I/O fencing to be configured successfully. Without the coordinator disks, I/O fencing will not load properly and the node will not be able to obtain cluster membership. See “About I/O fencing” on page 86. To add the new node to the cluster
1 Log in to FileStore using the master user role.
2 Enter the cluster mode. 3 To add the new node to the cluster, enter the following:
Cluster> add nodeip
where nodeip is the IP address assigned to the INSTALLED node. For example:
Cluster> add 172.16.113.118 Checking ssh communication with 172.16.113.118 ...done Configuring the new node .....done Adding node to the cluster...... done Node added to the cluster New node's name is: sfs_02
4 If a problem occurs while you are adding a node to a cluster (for example, if the node is temporarily disconnected from the network), do the following to fix the problem: To recover the node:
■ Power off the node. Displaying and adding nodes to a cluster 57 Adding a non-preconfigured node
■ Use the Cluster > delete nodename command to delete the node from the cluster.
■ Power on the node.
■ Use the Cluster > add nodeip command to add the node to the cluster.
Adding a non-preconfigured node A non-preconfigured node is a node that you did not specify as part of the cluster when you first installed and configured FileStore software on the cluster. To add a non-preconfigured node to the cluster 1 Make sure the appropriate operating system is installed on the nodes you want to add to the cluster. 2 Obtain the IP address ranges, as described in the Symantec FileStore Installation Guide, for the public network interfaces of the nodes to be installed. 3 Log in to the master account through the FileStore console and access the network mode. To log in to the FileStore console:
■ Use ssh master@consoleipaddr where consoleipaddr is the console IP address.
■ For the password, enter the default password for the master account, master. You can change the password later by using the Admin> password command.
Note: Changing the default password is important for system security. If you do not change the default password, a warning message appears the next time you log in.
4 Add each IP address using the following command:
Network> ip addr add ipaddr netmask type [device]
IP is a protocol that allows addresses to be attached to an Ethernet interface. Each Ethernet interface must have at least one address to use the protocol. Several different addresses can be attached to one Ethernet interface. Add the ipaddr and the netmask. type is the type of IP address (virtual or physical). device is the device on which the operation takes place. For example, pubeth0. 58 Displaying and adding nodes to a cluster Deleting a node from the cluster
5 To install FileStore software on the new nodes, use the following command:
Cluster> install nodeip[,nodeip,...]
where nodeip is the IP address of the node where you want to install FileStore software. To install on multiple nodes at the same time, you can enter more than one IP address, separated by commas. The FileStore software is automatically installed on all of the nodes you specify.
6 Enter Cluster> show to display the status of the node installation as it progresses.
Cluster> show
The following are the three stages when installing FileStore software on a node:
■ INSTALLING (Stage 1 of 3: Download install image)
■ INSTALLING (Stage 2 of 3: Configure network)
■ INSTALLING (Stage 3 of 3: Installing SFS) The installing state also contains a unique identifier, as in:
Node State ------4dd5a565-de6c-4904-aa27-3645cf557119 INSTALLED 5.7 (172.16.113.118) bafd13c1-536a-411a-b3ab-3e3253006209 INSTALLING (Stage 3 of 3...)
7 When all the nodes you want to add are in the INSTALLED state, enter the following command to add the node to the cluster:
Cluster> add nodeip
where nodeip is the IP address of the node you want to add.
Deleting a node from the cluster This command deletes a node from the cluster. Use the nodename that is displayed in the Cluster> show command.
Note: This command is not supported in a single-node cluster. Displaying and adding nodes to a cluster 59 Deleting a node from the cluster
If the deleted node was in the RUNNING state prior to deletion, that node would be assigned an IP address that can be used to add the node back to the cluster. See “About including new nodes on the cluster” on page 54. If the deleted node was not in the RUNNING state prior to deletion, reboot the deleted node to assign it an IP address which can be used to add the node back into the cluster. You must first reinstall the operating system and the FileStore software onto the node before adding it to the cluster. Refer to Symantec FileStore Installation Guide. After the node is deleted from the cluster, IP addresses associated with the node are free for use by the cluster for new nodes.
Note: When using the Cluster> shutdown or Cluster> delete or Cluster> reboot commands, you cannot use unique identifiers for node names; these commands only work with node names.
To delete a node from the cluster 1 To show the current state of all nodes in the cluster, enter the following:
Cluster> show
2 To delete a node from a cluster, enter the following:
Cluster> delete nodename
where nodename is the nodename that appeared in the listing from the show command. For example:
Cluster> delete sfs_01 Stopping Cluster processes on sfs_01 ...... done deleting sfs_1's configuration from the cluster .....done Node sfs_1 deleted from the cluster
If you try to delete a node that is unreachable, you will receive the following warning message:
This SFS node is not reachable, you have to re-install the SFS software after deleting it. Do you want to delete it now? (y/n) 60 Displaying and adding nodes to a cluster Shutting down the cluster nodes
Shutting down the cluster nodes You can shut down a single node or all of the nodes in the cluster. Use the nodename that is displayed in the Cluster> show command.
Note: When using the Cluster> shutdown or Cluster> delete commands, you cannot use a unique identifier to specify a node; these commands only work with a node name.
To shut down a node or all the nodes in a cluster 1 To shut down a node, enter the following:
Cluster> shutdown nodename
nodename indicates the name of the node you want to shut down. For example:
Cluster> shutdown sfsfiler_04 Stopping Cluster processes on sfsfiler_04 Sent shutdown command to sfsfiler_04. SSH sessions to sfsfiler_04 may terminate.
2 To shut down all of the nodes in the cluster, enter the following:
Cluster> shutdown all
Use all as the nodename if you want to shut down all of the nodes in the cluster. For example:
Cluster> shutdown all Stopping Cluster processes on all SSH sessions to all nodes may terminate. Sent shutdown command to sfsfiler_02 Sent shutdown command to sfsfiler_03 Sent shutdown command to sfsfiler_04 Sent shutdown command to sfsfiler_01 Displaying and adding nodes to a cluster 61 Rebooting the nodes in the cluster
Rebooting the nodes in the cluster You can reboot a single node or all of the nodes in the cluster. Use the nodename that is displayed in the Cluster> show command. To reboot a node 1 To reboot a node, enter the following:
Cluster> reboot nodename
nodename indicates the name of the node you want to reboot. For example:
Cluster> reboot sfsfiler_04 Stopping Cluster processes on sfsfiler_04 Sent reboot command to sfsfiler_04. SSH sessions to sfsfiler_4 may terminate.
2 To reboot all of the nodes in the cluster, enter the following:
Cluster> reboot all
Use all as the nodename if you want to reboot all of the nodes in the cluster. For example:
Cluster> reboot all Stopping Cluster processes on all SSH sessions to all nodes may terminate. Sent reboot command to sfsfiler_02 Sent reboot command to sfsfiler_03 Sent reboot command to sfsfiler_04 Sent reboot command to sfsfiler_01 62 Displaying and adding nodes to a cluster Rebooting the nodes in the cluster Chapter 4
Configuring storage
This chapter includes the following topics:
■ About storage provisioning and management
■ About configuring disks
■ Configuring disks
■ About configuring storage pools
■ Configuring storage pools
■ About performing local replication initialization
■ Detaching one or more pools from the FileStore cluster as a detached pool set
■ Displaying detached pools
■ Attaching a replication storage pool to a FileStore cluster
■ About displaying information for all disk devices
■ Displaying information for all disk devices associated with nodes in a cluster
■ Increasing the storage capacity of a LUN
■ Formatting/reinitializing a disk
■ Removing a disk
■ Displaying WWN information
■ Initiating FileStore host discovery of LUNs
■ Importing pools forcefully
■ About I/O fencing 64 Configuring storage About storage provisioning and management
■ Configuring I/O fencing
■ About quotas for file systems
■ Using quota commands for enabling, disabling, and displaying file system quotas
■ Using quota commands for setting and displaying file system quotas
■ Setting user quotas for users of specified groups
■ About quotas for CIFS home directories
■ Using quotas for CIFS home directories
■ Displaying the quota values for CIFS home directories
■ About iSCSI
■ About configuring the iSCSI targets
■ Configuring the iSCSI targets
■ About data archive and retention (DAR)
■ How DAR interacts with other FileStore applications
■ Using DAR without Symantec Enterprise Vault
■ Configuring data archive and retention
■ About data deduplication
About storage provisioning and management Storage provisioning in FileStore focuses on the storage pool, which is comprised of a set of disks. The file system commands accept a set of pools as an argument. For example, creating a file system takes one or more pools, and creates a file system over some or all of the pools. A mirrored file system takes multiple pools as an argument and creates a file system such that each copy of the data resides on a different pool. To provision FileStore storage, verify that the Logical Unit Numbers (LUNS) or meta-LUNS in your physical storage arrays have been zoned for use with the FileStore cluster. The storage array administrator normally allocates and zones this physical storage. Configuring storage 65 About storage provisioning and management
Use the FileStore Storage> pool commands to create storage pools using disks (the named LUNS). Each disk can only belong to one storage pool. If you try to add a disk that is already in use, an error message is displayed.
With these storage pools, use the Storage> fs commands to create file systems with different layouts (for example mirrored, striped, striped-mirror). The storage commands are defined in Table 4-1. To access the commands, log into the administrative console (master, system-admin, or storage-admin) and enter the Storage> mode. See “About using the FileStore command-line interface” on page 31.
Table 4-1 Storage mode commands
Command Definition disk grow Grows a selected disk if it is resized on the storage array. See “Increasing the storage capacity of a LUN” on page 82. disk list Lists all of the available disks, and identifies which ones you want to assign to which pools. See “About displaying information for all disk devices” on page 78. disk format Formats/reinitializes a disk forcefully to reinstate it. See “Formatting/reinitializing a disk” on page 83. disk remove Removes specified disks from a cluster. See “Removing a disk” on page 83. dar Enables file systems for data archive and retention (DAR). See “Configuring data archive and retention” on page 135. dedup Allows you to remove redundant data to improve storage utilization for your primary storage. See “Configuring file system deduplication” on page 143. fencing Protects the data integrity if the split-brain condition occurs. See “About I/O fencing” on page 86. fs Provides commands for configuring your file system. See “About creating and maintaining file systems” on page 218. 66 Configuring storage About configuring disks
Table 4-1 Storage mode commands (continued)
Command Definition
hba Prints the World Wide Name (WWN) information for all of the nodes in the cluster. See “Displaying WWN information” on page 84.
iscsi Links data storage facilities. See “About iSCSI” on page 117.
pool Configures storage pools. See “About configuring storage pools” on page 69.
scanbus Scans all of the SCSI devices connected to all of the nodes in the cluster. See “Initiating FileStore host discovery of LUNs ” on page 86.
quota Sets a limit on disk quota to restrict certain aspects of the file system usage. See “About quotas for file systems” on page 92.
About configuring disks Disks and pools can be specified in the same command provided the disks are part of an existing storage pool. The pool and disk that are specified first are allocated space before other pools and disks. If the specified disk is larger than the space allocated, the remainder of the space is still utilized when another file system is created spanning the same disk.
Table 4-2 Configure disks commands
Command Definition
pool adddisk You can add a new disk to an existing pool. A disk can belong to only one pool. The minimum size of disks required for creating a pool or adding a disk to the pool is 10 MB. Note: Disks being used for the pool adddisk command must support SCSI-3 PGR registrations if I/O fencing is enabled.
See “Configuring disks” on page 67. Configuring storage 67 Configuring disks
Table 4-2 Configure disks commands (continued)
Command Definition
pool mvdisk You can move disks from one storage pool to another. Note: You cannot move a disk from one storage pool to another if the disk has data on it.
See “Configuring disks” on page 67.
pool rmdisk You can remove a disk from a pool. Note: You cannot remove a disk from a pool if the disk has data on it.
See “Configuring disks” on page 67. If a specified disk does not exist, an error message is displayed. If one of the disks does not exist, then none of the disks are removed. A pool cannot exist if there are no disks assigned to it. If a disk specified to be removed is the only disk for that pool, the pool is removed as well as the assigned disk. If the specified disk to be removed is being used by a file system, then that disk will not be removed.
Configuring disks To add a disk
◆ To add a new disk to an existing pool, enter the following:
Storage> pool adddisk pool_name disk1[,disk2,...]
pool_name Specifies the pool to be added to the disk. If the specified pool name is not an existing pool, an error message is displayed.
disk1,disk2,... Specifies the disks to be added to the pool. To add additional disks, use a comma with no spaces between. A disk can only be added to one pool, so if the entered disk is already in the pool, an error message is displayed.
For example:
Storage> pool adddisk pool2 Disk_2 SFS pool Success V-288-0 Disk(s) Disk_2 are added to pool2 successfully. 68 Configuring storage Configuring disks
To move disks from one pool to another
◆ To move a disk from one pool to another, or from an unallocated pool to an existing pool, enter the following:
Storage> pool mvdisk src_pool dest_pool disk1[,disk2,...]
src_pool Specifies the source pool to move the disks from. If the specified source pool does not exist, an error message is displayed.
dest_pool Specifies the destination pool to move the disks to. If the specified destination pool does not exist, a new pool is created with the specified name. The disk is moved to that pool.
disk1,disk2,... Specifies the disks to be moved. To specify multiple disks to be moved, use a comma with no space in between. If a specified disk is not part of the source pool or does not exist, an error message is displayed. If one of the disks to be moved does not exist, all of the specified disks to be moved will not be moved. If all of the disks for the pool are moved, the pool is removed (deleted from the system), since there are no disks associated with the pool.
For example:
Storage> pool mvdisk p01 pool2 Disk_0 SFS pool Success V-288-0 Disk(s) moved successfully. Configuring storage 69 About configuring storage pools
To remove a disk 1 To remove a disk from a pool, enter the following:
Storage> pool rmdisk disk1[,disk2,...]
where disk1,disk2 specifies the disk(s) to be removed from the pool. An unallocated pool is a reserved pool for holding disks that are removed from other pools. For example:
Storage> pool list Pool Name List of disks ------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_5 pool3 Disk_3 Disk_4 Unallocated Disk_6
Storage> pool rmdisk Disk_6 SFS pool Success V-288-987 Disk(s) Disk_6 are removed successfully. Storage> pool list Pool Name List of disks ------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_5 pool3 Disk_3 Disk_4
The Disk_6 disk no longer appears in the output. 2 To remove additional disks, use a comma with no spaces in between. For example:
Storage> pool rmdisk disk1,disk2
About configuring storage pools Storage provisioning in FileStore focuses on the concept of pools. Pools are more a logical construct rather than an architectural component. Pools are loosely collections of disks. In the FileStore context, a disk is a LUN provisioned from a storage array. Each LUN should be provisioned to all FileStore nodes. Disks must be added to pools prior to use. 70 Configuring storage About configuring storage pools
During the initial configuration, you use the Storage> commands to create storage pools, to discover disks, and to assign them to pools. Disk discovery and pool assignment are done once. FileStore propagates disk information to all cluster nodes. You must first create storage pools that can be used to build file systems on. Disks and pools can be specified in the same command provided the disks are part of an existing storage pool. The pool and disk specified first are allocated space before other pools and disks. If the specified disk is larger than the space allocated, the remainder of the space is still utilized when another file system is created spanning the same disk.
Table 4-3 Configure storage pool commands
Command Definition
pool create Creates storage pools. You can build file systems on top of them. Note: Disks being used for the Storage> pool create command must support SCSI-3 PGR registrations if I/O fencing is enabled.
Note: The minimum size of disks required for creating a pool or adding a disk to the pool is 10 MB.
See “Configuring storage pools” on page 72.
pool list Displays the pools and associated disks. A storage pool is a collection of disks from shared storage; the pool is used as the source for adding file system capacity as needed. See “Configuring storage pools” on page 72.
pool rename Renames a pool. See “Configuring storage pools” on page 72.
pool destroy Destroys storage pools used to create file systems. Destroying a pool does not delete the data on the disks that make up the storage pool. See “Configuring storage pools” on page 72.
pool free Lists the free space in each of the pools. Free space information includes:
■ Disk name ■ Free space ■ Total space ■ Use %
See “Configuring storage pools” on page 72. Configuring storage 71 About configuring storage pools
Table 4-3 Configure storage pool commands (continued)
Command Definition pool adddisk, pool Configures the disk(s) in the pool. mvdisk, pool See “About configuring disks” on page 66. rmdisk pool detachset, Configures local replication initialization. pool See “About performing local replication initialization” on page 75. showdetached, pool attachset 72 Configuring storage Configuring storage pools
Configuring storage pools To create the storage pool used to create a file system 1 List all of the available disks, and identify which ones you want to assign to which pools.
Storage> disk list Disk sfs_01 ======disk1 OK
2 To create a storage pool, enter the following:
Storage> pool create pool_name disk1[,disk2,...]
pool_name Specifies what the created storage pool will be named. The storage pool name should be a string.
disk1, disk2,... Specifies the disks to include in the storage pool. If the specified disk does not exist, an error message is displayed. Use the Storage> disk list command to view the available disks. Each disk can only belong to one storage pool. If you try to add a disk that is already in use, an error message is displayed. To specify additional disks to be part of the storage pool, use a comma with no space in between.
For example:
Storage> pool create pool1 Disk_0,Disk_1 SFS pool Success V-288-1015 Pool pool1 created successfully 100% [#] Creating pool pool1 Configuring storage 73 Configuring storage pools
To list your pools
◆ To list your pools, enter the following:
Storage> pool list
For example:
Storage> pool list Pool List of disks ------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_3 pool3 Disk_4 Disk_5
To rename a pool
◆ To rename a pool, enter the following:
Storage> pool rename old_name new_name
old_name Specifies the name for the existing pool that will be changed. If the old name is not the name of an existing pool, an error message is displayed.
new_name Specifies the new name for the pool. If the specified new name for the pool is already being used by another pool, an error message is displayed.
For example:
Storage> pool rename pool1 p01 SFS pool Success V-288-0 Disk(s) Pool rename successful. 74 Configuring storage Configuring storage pools
To destroy a storage pool
◆ To destroy a storage pool, enter the following:
Storage> pool destroy pool_name
where pool_name specifies the storage pool to delete. If the specified pool_name is not an existing storage pool, an error message is displayed. For example:
Storage> pool destroy pool1 SFS pool Success V-288-988 Pool pool1 is destroyed.
Because you cannot destroy an Unallocated storage pool, you need to remove the disk from the storage pool using the Storage> pool rmdisk command prior to trying to destroy the storage pool. See “Configuring disks” on page 67. If you want to move the disk from the unallocated pool to another existing pool, you can use the Storage> pool mvdisk command. See “Configuring disks” on page 67. To list free space for pools
◆ To list free space for your pool, enter the following:
Storage> pool free [pool_name]
where pool_name specifies the pool for which you want to display free space information. If a specified pool does not exist, an error message is displayed. If pool_name is omitted, the free space for every pool is displayed, but information for specific disks is not displayed. For example:
Storage> pool free Pool Free Space Total Space Use% ======pool_1 0 KB 165.49M 100% pool_2 0 KB 165.49M 100% pool_3 57.46M 165.49M 65% Configuring storage 75 About performing local replication initialization
About performing local replication initialization Local replication initialization allows you to initialize replication locally to some locally-attached disk array, then physically transport the disk array to the location of the destination file server, and then resume replication over a network link once the replication is configured correctly. Given that replicating an existing dataset can require delivering many terabytes of data to a remote site, physically transporting the disk array to a new location, then resuming the replication can save significant set up time and network costs. For details on local replication initialization, see the Symantec FileStore Replication Guide. The following operations need to occur to perform replication local synchronization:
■ Define a set of disk, pools, and file systems that can be removed from the local FileStore cluster.
■ Copy files between a set of file systems or directories and a second set of file systems or directories, so that when the second set of file systems are moved from a local system to a remote system, efficient periodic copying can be resumed without a full second copy operation over the network.
■ Attach a removed (detached) set of disks, pools, and file systems to a second (remote) FileStore cluster one-time after they have been removed from the first (local) FileStore cluster.
Table 4-4 lists the Storage> pool commands you use for local replication initialization.
Note: The Storage> pool attachset, detachset, and showdetached commands should be used for local replication initialization only and not for other purposes.
Table 4-4 Local replication initialization commands
Command Definition
pool detachset Detaches one or more pools from the FileStore cluster as a detached pool set. See “Detaching one or more pools from the FileStore cluster as a detached pool set” on page 76.
pool showdetached Displays the detached pools. See “Displaying detached pools” on page 77. 76 Configuring storage Detaching one or more pools from the FileStore cluster as a detached pool set
Table 4-4 Local replication initialization commands (continued)
Command Definition
pool attachset Attaches a detached pool set to the FileStore cluster. See “Attaching a replication storage pool to a FileStore cluster” on page 77.
Detaching one or more pools from the FileStore cluster as a detached pool set
The Storage> pool detachset command detaches one or more pools from the FileStore cluster as a detached pool set. You can provide a new name for the detached pool set. This operation unmounts the file systems, creating a separated disk group from the named pools, and deports that disk group. Once detached, the storage for those pools can be physically removed from the cluster. To detach one or more pools from the FileStore cluster
◆ To detach one or more pools from the FileStore cluster, enter the following:
Storage> pool detachset pool1[,pool2,...] detach_poolset_name
pool1, pool2, ... Specifies one or more pools to detach from the cluster. To specify multiple pools to detach, use a comma to separate the pool names with no space in between the pool names.
detach_poolset_name Indicates the new name for the detached pool set.
For example:
Storage> pool detachset pool1 detached_pool1 SFS Storage SUCCESS V-288-1655 Pool detachset completed successfully. Configuring storage 77 Displaying detached pools
Displaying detached pools To display detached pools
◆ To display detached pools, enter the following
Storage> pool showdetached [detach_poolset_name]
where detach_poolset_name is the name of the detached pool set you want to display. For example:
Storage> pool showdetached
DETACHED_POOLSETNAME POOLSET_ID DETACHED_POOLS ======detached_pool2 1276181004.41.src_01 pool2
DETACHED_POOLSET_DISKS ======ams_wms0_34,ams_wms0_35
Storage> pool showdetached detached_pool2
Detached_poolsetname : detached_pool2 Poolsetid : 1276181004.41.src_01 Detached from Cluster : src Date : 2010.06.10 20:13:15 IST All detached fsnames : tgt_fs Detached filesystem : tgt_fs, Associated pools : pool2 Associated repunit : tgt_ru All detached pools : pool2 Detached pool : pool2, Disks : ams_wms0_34 ams_wms0_35
Attaching a replication storage pool to a FileStore cluster
The Storage> pool attachset command allows you to attach replication storage pool(s) to a FileStore cluster. At the time the replication storage pool is attached, the file systems or pools that are part of the replication storage poolset, can be renamed by using the pattern newname=oldname. 78 Configuring storage About displaying information for all disk devices
Several file systems or replication storage pools can be renamed by listing several such rename patterns in a comma-separated list, as in:
pool attachset poolset1 newfs1=tgt_fs,newpool2=pool2
To attach a replication storage pool to a FileStore cluster
◆ To attach a replication storage pool(s) to a FileStore cluster, enter the following:
Storage> pool attachset poolset_name [name_mapping]
poolset_name Indicates the name of the pool set to attach.
name_mapping Specifies a comma-separated list of pools or file system name pairs in the form of new_name=old_name that you want to rename.
For example:
Storage> pool attachset poolset1 Mount Point is being added... SFS Storage SUCCESS V-288-1653 Pool attachset completed successfully.
About displaying information for all disk devices
The Storage> disk list command displays the aggregated information of the disk devices connected to all of the nodes in the cluster.
Table 4-5 Disk devices commands
Command Definition
disk list stats Displays a list of disks and nodes in tabular form. Each row (default) corresponds to a disk, and each column corresponds to a node.
■ If an OK appears in the table, it indicates that the disk that corresponds to that row is accessible by the node that corresponds to that column. ■ If an ERR appears in the table, it indicates that the disk that corresponds to that row is inaccessible by the node that corresponds to that column. This list does not include the internal disks of each node. See “Displaying information for all disk devices associated with nodes in a cluster” on page 79. Configuring storage 79 Displaying information for all disk devices associated with nodes in a cluster
Table 4-5 Disk devices commands (continued)
Command Definition
disk list detail Displays the disk information, including a list of disks and their properties. If the console server is unable to access any disk, but if any other node in the cluster is able to access that disk, then that disk is shown as "---." See “Displaying information for all disk devices associated with nodes in a cluster” on page 79.
disk list paths Displays the list of multiple paths of disks connected to all of the nodes in the cluster. It also shows the status of each path on each node in the cluster. See “Displaying information for all disk devices associated with nodes in a cluster” on page 79.
disk list types Displays the enclosure name, array name, and array type for a particular disk that is present on all of the nodes in the cluster. See “Displaying information for all disk devices associated with nodes in a cluster” on page 79.
Displaying information for all disk devices associated with nodes in a cluster Depending on which command variable you use, the column headings will differ.
Disk Indicates the disk name.
Serial Number Indicates the serial number for the disk.
Enclosure Indicates the type of storage enclosure.
Size Indicates the size of the disk.
Use% Indicates the percentage of the disk that is being used. 80 Configuring storage Displaying information for all disk devices associated with nodes in a cluster
ID ID column consists of the following four fields. A ":" separates these fields.
■ VendorID - Specifies the name of the storage vendor, for example, HITACHI, IBM, EMC, HP, and so on. ■ ProductID - Specifies the ProductID based on vendor. Each vendor manufactures different products. For example, HITACHI has HDS5700, HDS5800, and HDS9200 products. These products have ProductIDs such as DF350, DF400, and DF500. ■ TargetID - Specifies the TargetID. Each port of an array is a target. Two different arrays or two ports of the same array have different TargetIDs. TargetIDs start from 0. ■ LunID - Specifies the ID of the LUN. This should not be confused with the LUN serial number. LUN serial numbers uniquely identify a LUN in a target. Whereas a LunID uniquely identifies a LUN in an initiator group (or host group). Two LUNS in the same initiator group cannot have the same LunID. For example, if a LUN is assigned to two clusters, then the LunID of that LUN can be different in different clusters, but the serial number is the same.
Enclosure Name of the enclosure to distinguish between arrays having the same array name.
Array Name Indicates the name of the storage array.
Array Type Indicates the type of storage array and can contain any one of the three values: Disk for JBODs, Active-Active, and Active-Passive.
To display a list of disks and nodes in tabular form
◆ To display a list of disks and nodes in tabular form, enter the following:
Storage> disk list stats
Disk dev_01 dev_02 ======fas2700_13 OK OK fas2700_14 OK OK fas2700_15 OK OK fas2700_16 OK OK fas2700_17 OK OK Configuring storage 81 Displaying information for all disk devices associated with nodes in a cluster
To display the disk information
◆ To display the disk information, enter the following:
Storage> disk list detail
Disk Pool Enclosure Size Use% ======fas2701_4 pool2 fas2701 1.0G 47.3% fas2701_5 pool1 fas2701 10.0G 44.2% fas2701_6 pool2 fas2701 1.0G 4.3% fas2701_7 pool1 fas2701 1.0G 100.0%
ID Serial Number ======NETAPP:LUN%5F311170011:0:1 hpasKJZRKpHK NETAPP:LUN%5F311170011:0:2 hpasKJZRKpaT NETAPP:LUN%5F311170011:0:3 hpasKJZRKppB NETAPP:LUN%5F311170011:0:4 hpasKJZRKqKx
To display the disk list paths
◆ To display the disks multiple paths, enter the following:
Storage> disk list paths Disk Paths dev_01 dev_02 ======fas2700_13 Path 1 secondary,enabled,active secondary,enabled,active
fas2700_14 Path 1 secondary,enabled,active secondary,enabled,active
fas2700_15 Path 1 secondary,enabled,active secondary,enabled,active
fas2700_16 Path 1 secondary,enabled,active secondary,enabled,active
fas2700_17 Path 1 secondary,enabled,active secondary,enabled,active
fas2700_18 Path 1 secondary,enabled,active secondary,enabled,active 82 Configuring storage Increasing the storage capacity of a LUN
To display information for all disk devices associated with nodes in a cluster
◆ To display information for all of the disk devices connected to all of the nodes in a cluster, enter the following:
Storage> disk list types
Disk Enclosure Array Name Array Type ======fas2700_13 fas2700 FAS270 A/P-C-NETAPP fas2700_14 fas2700 FAS270 A/P-C-NETAPP fas2700_15 fas2700 FAS270 A/P-C-NETAPP fas2700_16 fas2700 FAS270 A/P-C-NETAPP fas2700_17 fas2700 FAS270 A/P-C-NETAPP fas2700_18 fas2700 FAS270 A/P-C-NETAPP fas2700_19 fas2700 FAS270 A/P-C-NETAPP
Increasing the storage capacity of a LUN
The Storage> disk grow command lets you increase the storage capacity of a previously created LUN on a storage array disk.
Warning: When increasing the storage capacity of a disk, make sure that the storage array does not reformat it. This will destroy the data. For help, contact your Storage Administrator.
To increase the storage capacity of a LUN 1 Increase the storage capacity of the disk on your storage array. Contact your Storage Administrator for assistance.
2 Run the FileStore Storage> scanbus command to make sure that the disk is connected to the FileStore cluster. See “Initiating FileStore host discovery of LUNs ” on page 86. 3 To increase the storage capacity of the LUN, enter the following:
Storage> disk grow disk_name
where disk_name is the name of the disk. For example:
Storage> disk grow Disk_0 SFS disk SUCCESS V-288-0 disk grow Disk_0 completed successfully Configuring storage 83 Formatting/reinitializing a disk
Formatting/reinitializing a disk
If the disk does not belong to any group, the Storage> disk format command erases the first 100M space on the disk(s). You can only format one disk. To reformat/reinitialize a disk
◆ To reformat/reinitialize a disk, enter the following:
Storage> disk format disk1
where disk1 is the disk that you want to format/reinitialize.
Removing a disk
The Storage> disk remove command allows you to remove disks from a cluster. This command is helpful in situations when the disk attributes are incorrectly listed in FileStore.
Note: Only the disks that are not a part of a pool can be removed.
The Storage> disk remove command will not destroy the data on the disk, but it removes the disk from the system's configuration. Rebooting the cluster or running scanbus will bring back the disk into the system's configuration. To remove the disk permanently from the system's configuration, you should remove the disk's mapping from the array. 84 Configuring storage Displaying WWN information
To remove a disk from a cluster
◆ To remove a disk from a cluster, enter the following:
Storage> disk remove disk1[,disk2,...]
disk1 Indicates the first disk name that you want to remove from the cluster.
disk2 Indicates the second disk name that you want to remove from the cluster. Disk names are comma-separated without any spaces between the disk names.
For example:
Storage> disk remove emc0_03ff Deleting disk emc0_03ff ...... Deleting disk emc0_03ff ...... Deleting disk emc0_03ff ...... done
Displaying WWN information
The Storage> hba (Host Bus Adapter) command displays World Wide Name (WWN) information for all of the nodes in the cluster. If you want to find the WWN information for a particular node, specify the node name (host name). To display WWN information
◆ To display the WWN information, enter the following:
Storage> hba [host_name]
where you can use the host_name variable if you want to find WWN information for a particular node. For example, to display WWN information for all the running nodes in the cluster, enter the following:
Storage> hba Node Host Initiator HBA WWNs ------democluster_01 21:00:00:1b:32:89:15:5f, 21:01:00:1b:32:a9:15:5f democluster_02 21:00:00:1b:32:89:71:52, 21:01:00:1b:32:a9:71:52
There are two WWNs on each row that represent the two HBAs for each node. Configuring storage 85 Displaying WWN information
For example, to display WWN information for a particular node, enter the following:
Storage> hba democluster_01 HBA_Node_Name WWN State Speed ------20:00:00:1b:32:89:15:5f 21:00:00:1b:32:89:15:5f offline 4_Gbit 20:01:00:1b:32:a9:15:5f 21:01:00:1b:32:a9:15:5f offline unknown
Support_Classes Transmitted_FC_Frames Received_FC_frames ------Class_3 445606 1815671 Class_3 0 0
Link_Failure_Count ------0
B.Storage> democluster_01 21:00:00:1b:32:1e:5c:ba, 21:01:00:1b:32:3e:5c:ba
HBA_Node_Name Displays the node name for the Host Bus Adapter (HBA).
WWN Displays World Wide Name (WWN) information.
State Available values include:
■ online ■ offline
Speed Displays the speed per second.
Support_Classes Displays the class value from /sys/class/fc_host/${host}/supported_classes.
Transmitted_FC_Frames Displays a value equal to the number of total transmitted serial attached SCSI frames across all protocols.
Received_FC_frames Displays a value equal to the number of total received serial attached SCSI frames across all protocols.
Link_Failure_Count Displays a value equal to the value of the LINK FAILURE COUNT field of the Link Error Status. 86 Configuring storage Initiating FileStore host discovery of LUNs
Initiating FileStore host discovery of LUNs
The Storage> scanbus command scans all of the SCSI devices connected to all of the nodes in the cluster. When you add new storage to your devices, you must scan for new SCSI devices. You only need to issue the command once and all of the nodes discover the newly added disks. And the command updates the device configurations without interrupting the existing I/O activity. The scan does not inform you if there is a change in the storage configuration. You can see the latest storage configuration using the Storage> disk list command. You do not need to reboot after scanbus has completed. To scan SCSI devices
◆ To scan the SCSI devices connected to all of the nodes in the cluster, enter the following:
Storage> scanbus
For example:
Storage> scanbus 100% [#] Scanning the bus for disks
Importing pools forcefully
The Storage> scanbus force command tries to import pools forcefully. This may help when using Storage> scanbus alone does not work. To import pools forcefully
◆ To import pools forcefully, enter the following:
Storage> scanbus [force]
About I/O fencing In the FileStore cluster, one method of communication between the nodes is conducted through heartbeats over private links. If two nodes cannot verify each other's state because they cannot communicate, then neither node can distinguish if the failed communication is because of a failed link or a failed partner node. The network breaks into two networks that cannot communicate with each other but do communicate with the central storage. This condition is referred to as the "split-brain" condition. Configuring storage 87 About I/O fencing
I/O fencing (also referred to as disk fencing) protects data integrity if the split-brain condition occurs. I/O fencing determines which nodes are to retain access to the shared storage and which nodes are to be removed from the cluster, to prevent possible data corruption. To protect the data on the shared disks, each system in the cluster must be configured to use I/O fencing by making use of special purpose disks called coordinator disks. They are standard disks or LUNs that are set aside for use by the I/O fencing driver. You can specify three disks as coordinator disks. The coordinator disks act as a global lock device during a cluster reconfiguration. This lock mechanism determines which node is allowed to fence off data drives from other nodes. A system must eject a peer from the coordinator disks before it can fence the peer from the data drives. Racing for control of coordinator disks is how fencing helps prevent split-brain. Coordinator disks cannot be used for any other purpose. You cannot store data on them. To use the I/O fencing feature, specify the disks that will be used as coordinator disks; you need three coordinator disks. Your minimum configuration must be a two-node cluster with FileStore software installed and 3+ disks (three of which will be used for the coordinator disk group and the rest of the disks will be used for storing data). See Table 4-6 on page 87.
Table 4-6 I/O fencing commands
Command Definition
fencing status Checks the status of I/O fencing. It shows whether the coordinator disk group is currently enabled or disabled. It also shows the status of the individual coordinator disks. See “Configuring I/O fencing” on page 89.
fencing on Checks if the coordinator disk group has three disks. If not, you will need to add disks to the coordinator disk pool until three are present. The minimum LUN size is 10MB. See “Configuring I/O fencing” on page 89. 88 Configuring storage About I/O fencing
Table 4-6 I/O fencing commands (continued)
Command Definition
fencing replace Replaces a coordinator disk with another disk. The command first checks the whether the replacement disks is in failed state or not. If its in the failed state, then an error appears. After the command verifies that the replacement disk is not in a failed state, it checks whether the replacement disk is already being used by an existing pool (storage or coordinator). If it is not being used by any pool, the original disk is replaced. Note: If the disk being replaced is in a failed state, then it is mandatory to delete the disk from the array. This is required because if the failed disk comes up and works properly, it can lead to an even number of fencing disks, and this affects the functionality.
See “Configuring I/O fencing” on page 89.
fencing off Disables I/O fencing on all of the nodes. This command does not free up the coordinator disks. See “Configuring I/O fencing” on page 89.
fencing destroy Destroys the coordinator pool if I/O fencing is disabled. Note: This command is not supported for a single-node cluster.
See “Configuring I/O fencing” on page 89. Configuring storage 89 Configuring I/O fencing
Configuring I/O fencing To check the status of I/O fencing
◆ To check the status of I/O fencing, enter the following:
Storage> fencing status
In the following example, I/O fencing is configured on the three disks Disk_0,Disk_1 and Disk_2 and the column header Coord Flag On indicates that the coordinator disk group is in an imported state and these disks are in good condition. If you check the Storage> disk list output, it will be in the OK state.
IO Fencing Status ======Disabled
Disk Name Coord Flag On ======Disk_0 Yes Disk_1 Yes Disk_2 Yes 90 Configuring storage Configuring I/O fencing
To add disks to the coordinator disk group
◆ To add disks to the coordinator disk group, enter the following:
Storage> fencing on [disk1,disk2,disk3]
The three disks are optional arguments and are required only if the coordinator pool does not contain any disks. You may still provide three disks for fencing with the coordinator pool already containing three disks. This will, however, remove the three disks previously used for fencing from the coordinator pool, and configure I/O fencing on the new disks.
Note: Enabling I/O fencing causes a disruption of FileStore services. It is suggested to bring down the FileStore services, enable I/O fencing, and then resume FileStore services.
For example:
Storage> fencing on SFS fencing Success V-288-0 IO Fencing feature now Enabled 100% [#] Enabling fencing
Storage> fencing status IO Fencing Status ======Enabled
Disk Name Coord Flag On ======Disk_0 Yes Disk_1 Yes Disk_2 Yes Configuring storage 91 Configuring I/O fencing
To replace an existing coordinator disk
◆ To replace the existing coordinator disk, enter the following:
Storage> fencing replace src_disk dest_disk
where src_disk is the source disk and dest_disk is the destination disk. For example:
Storage> fencing replace Disk_2 Disk_3 SFS fencing Success V-288-0 Replaced disk Disk_2 with Disk_3 successfully. 100% [#] Replacing disk Disk_2 with Disk_3 Storage> fencing status IO Fencing Status ======Enabled
Disk Name Coord Flag On ======Disk_0 Yes Disk_1 Yes Disk_3 Yes
To disable I/O fencing
◆ To disable I/O fencing, enter the following:
Storage> fencing off
For example, to disable fencing if it's already enabled:
Storage> fencing off SFS fencing Success V-288-0 IO Fencing feature now Disabled 100% [#] Disabling fencing
Note: Disabling I/O fencing causes a disruption of FileStore services. It is suggested to bring down the FileStore services, disable I/O fencing, and then resume FileStore services.
To destroy the coordinator pool
◆ To destroy the coordinator pool, enter the following:
Storage> fencing destroy 92 Configuring storage About quotas for file systems
About quotas for file systems
You use Storage > quota commands for configuring disk quotas on file systems for users and groups. Users and groups visible through different sources of name service lookup (nsswitch), local users, LDAP, NIS, and Windows users can be configured for files systems or CIFS home directory quotas. There are two types of disk quotas:
■ Usage quota (numspace) - limits the amount of disk space that can be used on a file system. The numspace quota value must be an integer with a unit. The minimum unit is KB, because the block size in the underlying Veritas File System (VxFS) is 1KB, and VxFS calculates numspace quotas based on the number of KBs. The range for numspace is from 1K to 9007199254740991(2^53 - 1)K.
■ Inode quota (numinodes) - limits the number of inodes that can be created on a file system. An inode is a data structure in a UNIX or UNIX-like file system that describes the location of some or all of the disk blocks allocated to the file. The numinodes quota value must be an integer without a unit, and the range is from 1 to 9999999999999999999(19bit). 0 is valid for numspace and numinodes, which means the quota is infinite. In addition to setting a limit on disk quotas, you can also define a warning level, or soft quota, whereby the FileStore administrator is informed that they are nearing their limit, which is less than the effective limit, or hard quota. Hard quota limits can be set so that a user is strictly not allowed to cross quota limits. A soft quota limit must be less than a hard quota limit for any type of quota.
Table 4-7 File system quota commands
Command Definition
quota fs enable Enables the quota on a specified file system. If the file system name is not specified, the quota is enabled for all of the online file systems. See “Using quota commands for enabling, disabling, and displaying file system quotas” on page 94.
quota fs disable Disables the quota on a specified file system. If a file system name is not specified, the quota is disabled on all of the online file systems. See “Using quota commands for enabling, disabling, and displaying file system quotas” on page 94. Configuring storage 93 About quotas for file systems
Table 4-7 File system quota commands (continued)
Command Definition quota fs status Displays the quota status of the specified file system. If a file system name is not specified, the command displays the quota status for all of the online file systems. This command only displays whether or not the quota is enabled. See “Using quota commands for enabling, disabling, and displaying file system quotas” on page 94. quota fs set Sets the quota for the user or group on the specified file system. If a file system name is not specified, the quota for the user name or group name applies to all of the online file systems. This command does not set the quota for the CIFS home directories. See “Using quota commands for setting and displaying file system quotas” on page 96. quota fs Sets the user quota for users of specified groups. setbygroup See “Setting user quotas for users of specified groups” on page 103. quota fs setall Sets the quota value for all the users and groups for whom the quota has already been set with set commands. Other users and groups (for whom the quota has not been set previously) will not be affected. See “Using quota commands for setting and displaying file system quotas” on page 96. quota fs show Displays the quota values that are already set for user or group. See “Using quota commands for setting and displaying file system quotas” on page 96. quota fs setdefault Changes the default value used for setting future quotas. Existing user/group quotas are not changed. If a file system name is not specified, then the default is set for all of the online file systems except the CIFS home directories. See “Using quota commands for setting and displaying file system quotas” on page 96. quota fs Displays the default quota values for user or group. showdefault See “Using quota commands for setting and displaying file system quotas” on page 96. 94 Configuring storage Using quota commands for enabling, disabling, and displaying file system quotas
Using quota commands for enabling, disabling, and displaying file system quotas To enable a file system quota
◆ To enable a file system quota, enter the following:
Storage> quota fs enable [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to enable a quota (user and group) for file system fs1:
Storage> quota fs enable fs1 OK Completed
To disable a file system quota
◆ To disable a file system quota, enter the following:
Storage> quota fs disable [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to disable the user quota for file system fs1:
Storage> quota fs disable fs1 userquota OK Completed Configuring storage 95 Using quota commands for enabling, disabling, and displaying file system quotas
To display the status of a file system quota
◆ To display the status of a file system quota, enter the following:
Storage> quota fs status [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to display the status of a file system quota (enabled or disabled):
Storage> quota fs status FS name User Quota Group Quota ======fsmirror Disabled Disabled quotafs Enabled Enabled striped1 Enabled Enabled fs1 Disabled Enabled OK Completed 96 Configuring storage Using quota commands for setting and displaying file system quotas
Using quota commands for setting and displaying file system quotas To set the quota value
◆ To set the quota value for a file system, enter the following:
Storage> quota fs set [{userquota | groupquota}] user_or_group_names domain_name [hardlimit | softlimit] [numinodes | numspace] [value] [fs_name]
For example, to set the user quota (hardlimit and numinodes) of user qtuser on file system fs1:
Storage> quota fs set userquota qtuser qtdomain hardlimit numinodes 957 fs1 OK Completed
Storage> quota fs show fs1 userquota qtuser User Quota Details for filesystem fs1: User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======qtuser 0 0 0 0 0 957 OK Completed
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
user_or_group_name Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
A 0 indicates there is no limitation on the file system.
domain_name You can specify a domain name when setting file system quotas. Domain name is the first section of the domain, for example:
symantec.filestore.com
The domain name is symantec in the example above. Configuring storage 97 Using quota commands for setting and displaying file system quotas
hardlimit Hard quota limits (hardlimit) can also be set so that you are not allowed to exceed the quota limits. softlimit A quota limit can be set as a soft quota limit (soflimit) where you are warned against exceeding the quota limits, and there is a grace period during which you are allowed to exceed the quota limits. After the grace period is over, you will not be allowed to exceed the quota limits. The soflimit has to be less than the hardlimit for any type of quota. numinodes Inode quota for the file system. numspace Usage quota (numspace) for the file system. value Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. fs_name File system name you want to set the quota for. 98 Configuring storage Using quota commands for setting and displaying file system quotas
To set all quota values
◆ To set all of the quota values, enter the following:
Storage> quota fs setall [{userquota | groupquota}] [hardlimit | softlimit] [numinodes | numspace] [value] [fs_name]
For example, to set all existing user quotas to default values:
Storage> quota fs show fs1 User Quota Details for filesystem fs1: User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======a1 0 0 10G 0 1000 10000 qtuser 0 0 0 0 0 957 qtuser2 0 1000K 0 0 0 0
Storage> quota fs setall userquota OK Completed Storage> quota fs show fs1 User Quota Details for filesystem fs1: User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======a1 0 0 10G 0 1000 1000 qtuser 0 0 0 0 0 1000 qtuser2 0 1000K 0 0 0 1000
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numinodes Inode quota for the file system.
numspace Usage quota for the file system. Configuring storage 99 Using quota commands for setting and displaying file system quotas
value Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
To display the file system settings
◆ To display the file system settings, enter the following:
Storage> quota fs show [fs_name] [{userquota | groupquota}] [user_or_group_names]
For example, to display quota values for the file system:
Storage> quota fs show User Quota Details for filesystem quotafs: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======quotauser 10M 1M 20M 1 5 1000 quotauser 9M 1M 10M 1 0 0 qtuser 10M 10M 20M 9 5 1000 qtuser2 19M 5M 20M 1 0 1000
User Quota Details for filesystem fs1: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======a1 0 0 10G 0 1000 1000 qtuser 0 0 0 0 0 1000 qtuser2 0 1000K 0 0 0 1000
User Quota Details for filesystem longfilesystemnameforqt: User Space Soft Hard Files Soft Hard Name Used Space Space Used Files Files ======qtuser 0 0 0 0 901 1000 OK Completed 100 Configuring storage Using quota commands for setting and displaying file system quotas
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command. Configuring storage 101 Using quota commands for setting and displaying file system quotas
To set the default quota values
◆ To set the default quota values, enter the following:
Storage> quota fs setdefault [{userquota | groupquota}] hardlimit | softlimit numinodes | numspace [value] [fs_name] userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. hardlimit Hard quota limit. softlimit Soft quota limit. numinodes Inode quota for the file system. numspace Usage quota for the file system. value Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota. fs_name File system name you want to set the quota for.
For example, to set the default group quota value:
Storage> quota fs setdefault groupquota hardlimit numspace 1T OK Completed 102 Configuring storage Using quota commands for setting and displaying file system quotas
To display the default values
◆ To display the default values, enter the following:
Storage> quota fs showdefault [fs_name] [{userquota | groupquota}]
fs_name File system name you want to set the quota for.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to display the default quota values:
Storage> quota fs showdefault Default Quota values: ======Title User/Group Soft Hard Soft Hard Quota Space Space Files Files ======Default Quota User Quota - - - 1000 Default Quota Group Quota - 1T - -
Per FS default Quota values: ======FS User/Group Soft Hard Soft Hard Name Quota Space Space Files Files ======fs1 User Quota - - - 1000 OK Completed Configuring storage 103 Setting user quotas for users of specified groups
Setting user quotas for users of specified groups To set user quotas for users of specified groups 104 Configuring storage Setting user quotas for users of specified groups
◆ To set user quotas on users of specified groups, enter the following:
Storage> quota fs setbygroup [group_names] [domain_name] [hard_or_soft_limit] [numinodes_or_numspace] [value] [fs_name]
For example, to set the user quota for users of local groups:
Storage> quota fs setbygroup cifsgrp1,cifsgrp2 local softlimit numspace 50M fs3 OK Completed
Storage> quota fs show User Quota Details for filesystem fs3:
User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======cifsusr1 0 50M 0 0 0 0 cifsusr2 0 50M 0 0 0 0 cifsusr3 0 50M 0 0 0 0 OK Completed
Storage> cifs local group show cifsgrp1 GroupName UsersList ------cifsgrp1 cifsusr2,cifsusr1
Storage> cifs local group show cifsgrp2 GroupName UsersList ------cifsgrp2 cifsusr3
For example, to set the user quota for users of the winbind group:
Storage> quota fs setbygroup "domain users" javadom hardlimit numspace 50M fs2 OK Completed
Storage> quota fs show User Quota Details for filesystem fs2:
User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======JAVADOM\administrator 0 0 50M 0 0 0 Configuring storage 105 About quotas for CIFS home directories
JAVADOM\krbtgt 0 0 50M 0 0 0 JAVADOM\support_388945a0 0 0 50M 0 0 0 JAVADOM\java 0 0 50M 0 0 0 JAVADOM\power 0 0 50M 0 0 0 JAVADOM\james 0 0 50M 0 0 0 JAVADOM\12345 0 0 50M 0 0 0 JAVADOM\space 0 0 50M 0 0 0 OK Completed
About quotas for CIFS home directories
You use Storage> quota cifshomedir commands to configure quotas for CIFS home directories. Users and groups visible through different sources of name service lookup (nsswitch), local users, LDAP, NIS, and Windows users can be configured for CIFS home directory quotas. Default values are entered in a configuration file only. The actual application of the quota is done with the set and setall commands using the default values provided. When a CIFS home directory file system is changed, quota information for a user's home directory is migrated from the existing home directory file system to the new home directory file system. Quota migration results are based on the following logic:
■ Case 1: In the case where the existing home directory file system is NULL, you can set the new home directory file system to be multiple file systems (for example, fs1, fs2). If the multiple file systems previously had different quota values, the quota status and values from the first file system are migrated to other file systems in the new home directory. The first file system is the template. Only the user/group quota values that existed on the first file system are migrated. Other user/group quota values remain the same on the other file system. For example, assume the following:
■ The new home directory file systems are fs1 and fs2.
■ user1, user2, and user3 have quota values on fs1.
■ user2, user3, and user4 have quota values on fs2. For the migration, user/group quota values for user1, user2, and user3 are migrated from fs1 to fs2. Quota values for user4 are kept the same on fs2, and user4 has no quota values on fs1.
■ Case 2: 106 Configuring storage About quotas for CIFS home directories
When the existing home directory file systems are already set, and you change the file systems for the home directory, the quota status and values need to be migrated from the existing home directory file systems to the new file systems. For this migration, the first file system in the existing home directory acts as the template for migrating quota status and values. For example, if the existing home directory file systems are fs1 and fs2, and the file systems are changed to fs2, fs3, and fs4, then the user/group quota values on fs1 are migrated to fs3 and fs4. Other user/group values on fs3 and fs4 remain the same.
Table 4-8 CIFS home directory quota commands
Command Definition
quota cifshomedir Changes the default value that will be used for setting future quotas setdefault on the CIFS home directories. Existing user/group quotas are not effected. See “Using quotas for CIFS home directories” on page 108.
quota cifshomedir Displays the default values for the CIFS home directories. showdefault See “Using quotas for CIFS home directories” on page 108.
quota cifshomedir Sets the quota value for the users or groups for the CIFS home set directories. See “Using quotas for CIFS home directories” on page 108.
quota cifshomedir Sets the quota value for all users and groups for whom the quota has setall already been set with set commands.
See “Using quotas for CIFS home directories” on page 108.
quota cifshomedir Enables the quota of the CIFS home directories. enable See “Using quotas for CIFS home directories” on page 108.
quota cifshomedir Disables the quota of the CIFS home directories. disable See “Using quotas for CIFS home directories” on page 108.
quota cifshomedir Displays the status of the quota of the CIFS home directories. This status command only displays whether or not the quota is enabled. See “Using quotas for CIFS home directories” on page 108. Configuring storage 107 About quotas for CIFS home directories
Table 4-8 CIFS home directory quota commands (continued)
Command Definition quota cifshomedir Displays the general quota values on the CIFS home directories per show user or group. This command also displays the consumed (used space) quota for users or groups. See “Displaying the quota values for CIFS home directories” on page 115. quota cifshomedir Displays the detailed quota values already set on each file system for showdetail CIFS home directories. This command also displays the consumed (used space) quota for users or groups on each file system for the CIFS home directories. See “Displaying the quota values for CIFS home directories” on page 115. 108 Configuring storage Using quotas for CIFS home directories
Using quotas for CIFS home directories To set the default value used for quota limits for CIFS home directories
◆ To set the default value used for quota limits for CIFS home directories, enter the following:
Storage> quota cifshomedir setdefault userquota | groupquota hardlimit | softlimit numinodes | numspace [value]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numinodes Inode quota for the file system.
numspace Usage quota for the file system.
value Quota value for the users or groups on a file system. If a value is not specified, then the value is 0.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs show command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
For example, to set the default CIFS home directory user quota value:
Storage> quota cifshomedir setdefault userquota hardlimit numspace 2T OK Completed Configuring storage 109 Using quotas for CIFS home directories
To display default quota values for CIFS home directories
◆ To display the default quota values of the CIFS home directories, enter the following:
Storage> quota cifshomedir showdefault [userquota | groupquota]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to display the default CIFS home directory quota values:
Storage> quota cifshomedir showdefault
CIFS homedir default Quota values: ======User/Group Quota Soft Space Hard Space Soft Inodes Hard Inodes ======User Quota - 2T - - Group Quota - - - - OK Completed 110 Configuring storage Using quotas for CIFS home directories
To set a quota for CIFS home directories
◆ To set a quota for the user or group for CIFS home directories, enter the following:
Storage> quota cifshomedir set userquota | groupquota user_or_group_names [domainname] [hardlimit | softlimit] [numinodes | numspace] [value]
For example, to set the user quota (hardlimit and numinodes) of user qtuser on CIFS home directories:
Storage> quota cifshomedir set userquota qtuser qtdomain hardlimit numinodes 6549
Storage> quota cifshomedir show User Quota Details for CIFS homedirfs:
User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Indoes ======qtuser 0 20M 100M 0 1000 6549 OK Completed
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
domainname Domain name is the first section of the domain. For example, in
symantec.filestore.com
the domain name is symantec.
hardlimit Hard quota limit.
softlimit Soft quota limit. Configuring storage 111 Using quotas for CIFS home directories
numinodes Inode quota for the file system. numspace Usage quota for the file system. value Quota value for the CIFS home directories. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota. 112 Configuring storage Using quotas for CIFS home directories
To set the quota value for all users and groups
◆ To set the quota value for all users and groups for whom the quota has already been set with the set commands, enter the following:
Storage> quota cifshomedir setall userquota | groupquota [hardlimit | softlimit] [numinodes | numspace] [value]
Other users and groups (for whom quota has not been set previously) will not be affected. For example, to set all existing user quotas for CIFS home directories:
Storage> quota cifshomedir show User Quota Details for CIFS homedirfs:
User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======qtuser 0 20M 100M 0 1000 6549 OK Completed
Storage> quota cifshomedir setall userquota softlimit numinodes 198 OK Completed
Storage> quota cifshomedir show User Quota Details for CIFS homedirfs:
User Space Soft Hard Inodes Soft Hard Name Used Space Space Used Inodes Inodes ======qtuser 0 20M 100M 0 198 6549 OK Completed
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
hardlimit Hard quota limit.
softlimit Soft quota limit.
numinodes Inode quota for the file system. Configuring storage 113 Using quotas for CIFS home directories
numspace Usage quota for the file system. value Quota value for CIFS home directories for whom the quota has already been set with set commands. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used.
If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
To enable the quota for CIFS home directories
◆ To enable the quota for CIFS home directories, enter the following:
Storage> quota cifshomedir enable [userquota | groupquota]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to enable quotas (user and group quotas) for CIFS home directories:
Storage> quota cifshomedir enable OK Completed 114 Configuring storage Using quotas for CIFS home directories
To disable the quota for CIFS home directories
◆ To disable the quota for the CIFS home directories, enter the following:
Storage> quota cifshomedir disable [userquota | groupquota]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to disable the group quota for CIFS home directories:
Storage> quota cifshomedir disable groupquota OK Completed
To display the status of the quota for CIFS home directories
◆ To display the quota status of the CIFS home directories, enter the following:
Storage> quota cifshomedir status [userquota | groupquota]
Displays only if the quota is enabled or disabled.
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
For example, to display the status of a CIFS home directory quota (enabled or disabled):
Storage> quota cifshomedir status FS name User Quota Group Quota ======CIFS homedirectories Enabled Disabled OK Completed Configuring storage 115 Displaying the quota values for CIFS home directories
Displaying the quota values for CIFS home directories To display the quotas for CIFS home directories
◆ To display the quotas for the CIFS home directories, enter the following:
Storage> quota cifshomedir show [userquota | groupquota] [user_or_group_names] [domain_name] userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command. domain_name You can display the domain name that was set when setting file system quotas. Domain name is the first section of the domain, as in symantec.filestore.com. The domain name is symantec.
For example, to display general quota information for a CIFS home directory for both userquota and group quota:
Storage> quota cifshomedir show User Quota Details for CIFS homedirfs: User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ======user06 0 30M 50M 0 0 0 user07 0 0 0 0 300 500 Group Quota Details for CIFS homedirfs: Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ======group01 0 400M 600M 0 0 0 group02 0 0 0 0 60000 80000 OK Completed
The Storage> quota cifshomedir show command does not display the file system name in the output. 116 Configuring storage Displaying the quota values for CIFS home directories
The CIFS home directory is created on one of the CIFS home directory file systems. FileStore sets CIFS home directory quotas on all of the CIFS home directory file systems. The Storage> quota cifshomedir show userquota username command displays the quota and usage information on the file system on which the CIFS home directory is created. For example, if homedirfs=fs1,fs2, and the home directory of user1 is created on fs1, and the home directory of user2 is created on fs2, then the Storage> quota cifshomedir show userquota user2 command displays the CIFS home directory quota and usage on fs2. To display the quota values that are already set on each file system for the CIFS home directories
◆ To display the quota values that are already set on each file system for the CIFS home directories, enter the following:
Storage> quota cifshomedir showdetail [userquota | groupquota] [user_or_group_names] [domain_name]
userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
groupquota Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names.
To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
domain_name You can display the domain name that was set when setting file system quotas. Domain name is the first section of the domain, as in symantec.filestore.com. The domain name is symantec.
For example, to display quota information on CIFS home directory file systems fs1 and fs2 for both userquota and groupquota: Configuring storage 117 About iSCSI
Storage> quota cifshomedir showdetail User Quota Details for filesystem fs1: User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ======user06 0 30M 50M 0 0 0 user07 0 0 0 0 300 500 User Quota Details for filesystem fs2: User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ======user06 0 30M 50M 0 0 0 user07 0 0 0 0 300 500 Group Quota Details for filesystem fs1: Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ======group01 0 400M 600M 0 0 0 group02 0 0 0 0 60000 80000 Group Quota Details for filesystem fs2: Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ======group01 0 400M 600M 0 0 0 group02 0 0 0 0 60000 80000 OK Completed
The file system name displays in the output for the Storage> quota cifshomedir showdetail command.
About iSCSI The Internet Small Computer System Interface (iSCSI) is an Internet protocol-based storage networking standard that links data storage facilities. By carrying SCSI commands over IP networks, iSCSI facilitates data transfers over Intranets and manages storage over long distances. The iSCSI feature allows FileStore servers to use iSCSI disks as shared storage.
Table 4-9 iSCSI commands
Command Definition
iscsi status Displays the status of the iSCSI initiator service. See “Configuring the iSCSI initiator” on page 119.
iscsi start Starts the iSCSI initiator service.
See “Configuring the iSCSI initiator” on page 119. 118 Configuring storage About iSCSI
Table 4-9 iSCSI commands (continued)
Command Definition
iscsi stop Stops the iSCSI initiator service. See “Configuring the iSCSI initiator” on page 119.
iscsi device add Adds a device for use with the iSCSI initiator. iSCSI initiator connections use this device to connect to the target. If there are any existing targets, then the iSCSI initiator initiates a connection to all targets by way of device.
See “Configuring the iSCSI initiator” on page 119.
iscsi device del Deletes a device from the iSCSI configuration. Any existing connections by way of the device to targets is terminated. If device is the last device in the iSCSI initiator configuration, and there are existing targets, then the device cannot be deleted from the configuration. See “Configuring the iSCSI initiator” on page 119.
iscsi device list Lists the devices used by the iSCSI initiator. See “Configuring the iSCSI initiator” on page 119.
iscsi discovery add Adds a discovery address to the iSCSI initiator configuration. If no TCP port is specified with the discovery-address, then the default port 3260 is used. Any targets discovered at discovery-address are automatically logged in. See “Configuring the iSCSI initiator” on page 119.
iscsi discovery del Deletes a discovery address from the iSCSI initiator configuration. Any targets discovered using discovery-address are also deleted from the configuration. See “Configuring the iSCSI initiator” on page 119.
iscsi discovery Performs discovery of changes in targets or LUNs at rediscover discovery-address. Any LUNs or targets that have been removed at discovery-address will be automatically removed from the configuration. New LUNs or targets discovered at discovery-address will be automatically added and logged into.
See “Configuring the iSCSI initiator” on page 119.
iscsi discovery list Lists the discovery address present in the iSCSI initiator configuration. See “Configuring the iSCSI initiator” on page 119. Configuring storage 119 About iSCSI
Table 4-9 iSCSI commands (continued)
Command Definition
iscsi initiator Sets the prefix used to generate initiator names. Initiator names are name setprefix generated as initiator-name-prefix followed by the node number of the node. See “Configuring the iSCSI initiator name” on page 120.
iscsi initiator Lists the initiator names for all nodes in the cluster. name list See “Configuring the iSCSI device” on page 120.
Configuring the iSCSI initiator To display the iSCSI initiator service
◆ To display the status of the iSCSI initiator server, enter the following:
Storage> iscsi status
For example:
iSCSI Initiator Status on sfs_01 : ONLINE iSCSI Initiator Status on sfs_02 : ONLINE
To start the iSCSI initiator service
◆ To start the iSCSI initiator service, enter the following:
Storage> iscsi start
For example:
Storage> iscsi start Storage> iscsi status iSCSI Initiator Status on sfs_01 : ONLINE iSCSI Initiator Status on sfs_02 : ONLINE 120 Configuring storage About iSCSI
To stop the iSCSI initiator service
◆ To stop the iSCSI initiator service, enter the following:
Storage> iscsi stop
For example:
Storage> iscsi stop Storage> iscsi status iSCSI Initiator Status on sfs_01 : OFFLINE iSCSI Initiator Status on sfs_02 : OFFLINE
Configuring the iSCSI initiator name To display the iSCSI initiator names
◆ To display the iSCSI initiator names, enter the following:
Storage> iscsi initiator name list
For example:
Storage> iscsi initiator name list Node Initiator Name ------sfs_01 iqn.2009-05.com.test:test.1 sfs_02 iqn.2009-05.com.test:test.2
To configure the iSCSI initiator name
◆ To configure the iSCSI initiator name, enter the following:
Storage> iscsi initiator name setprefix initiatorname-prefix
where initiatorname-prefix is a name that conforms to the naming rules for initiator and target names as specified in RFC3721. Initiator names for nodes in the cluster are generated by appending the node number to this prefix. For example:
Storage> iscsi initiator name setprefix iqn.2009-05.com.test:test
Configuring the iSCSI device The iSCSI initiator contains a list of devices from which connections are made to targets. Configuring storage 121 About iSCSI
To display the list of devices
◆ To display the list of devices, enter the following:
Storage> iscsi device list
For example:
Storage> iscsi device list Device ------pubeth0 pubeth1
To add an iSCSI device
◆ To add an iSCSI device, enter the following:
Storage> iscsi device add device
where device is the device where the operation takes place. For example:
Storage> iscsi device add pubeth1 Storage> iscsi device list Device ------pubeth0 pubeth1
To delete an iSCSI device
◆ To delete an iSCSI device, enter the following:
Storage> iscsi device delete device
where device is the device where the operation takes place. For example:
Storage> iscsi device add pubeth1 Storage> iscsi device list Device ------pubeth0 122 Configuring storage About iSCSI
Configuring discovery on iSCSI The iSCSI initiator contains a list of discovery addresses. To display the iSCSI discovery addresses
◆ To display the iSCSI discovery addresses, enter the following:
Storage> iscsi discovery list
For example:
Storage> iscsi discovery list Discovery Address ------192.168.2.14:3260 192.168.2.15:3260 Configuring storage 123 About iSCSI
To add a discovery address to the iSCSI initiator
◆ To add a discovery address to the iSCSI initiator, enter the following:
Storage> iscsi discovery add discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery add 192.168.2.15:3260 Discovery CHAP credentials for sfs_1: Outgoing CHAP Username : root Outgoing CHAP Password : ******** Incoming CHAP Username : Authentication succeeded.
Discovered Targets ------iqn.2001-04.com.example:storage.disk2.sys3.xyz iqn.2001-04.com.example:storage.disk3.sys3.xyz iqn.2001-04.com.example:storage.disk4.sys3.xyz iqn.2001-04.com.example:storage.disk5.sys3.xyz
Logging into target iqn.2001-04.com.example:storage.disk2.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk3.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk4.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk5.sys3.xyz
Storage> iscsi discovery list
Discovery Address ------192.168.2.14:3260 192.168.2.15:3260 124 Configuring storage About iSCSI
To delete an iSCSI discovery address
◆ To delete the targets discovered using this discovery address, enter the following:
Storage> iscsi discovery del discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery del 192.168.2.15:3260 Storage> iscsi discovery list
Discovery Address ------192.168.2.14:3260
To rediscover an iSCSI discovery address
◆ To rediscover an iSCSI discovery address, enter the following:
Storage> iscsi discovery rediscover discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery rediscover 192.168.2.15:3260 Deleted targets ------iqn.2001-04.com.example:storage.disk5.sys3.xyz
New targets ------iqn.2001-04.com.example:storage.disk6.sys3.new.xyz
Logging into target iqn.2001-04.com.example:storage.disk6.sys3.new.xyz Configuring storage 125 About configuring the iSCSI targets
About configuring the iSCSI targets iSCSI target commands allow you to view or manipulate targets discovered using the iscsi discovery add command, or statically added targets using the iscsi target add command. The iscsi target list command lists all the targets visible to the iSCSI initiator. To get detailed information about a target, use the iscsi target listdetail targetname command.
Table 4-10 iSCSI target commands
Command Definition
iscsi target add Adds a static target-portal combination to the iSCSI initiator configuration. The portal-address cannot be the same as any discovery-address present in the iSCSI initiator configuration. Connections to portal-address are made for target-name, but no discovery is done for any other targets available at portal-address. If no portal tag is specified with portal-address, the default portal tag of 1 is used.
See “Configuring the iSCSI targets” on page 127.
iscsi target del Deletes a target target-name from the iSCSI initiator configuration. Any existing connections to target-name are terminated. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target that was discovered at a discovery-address once deleted from an iSCSI initiator configuration will again be visible to an iSCSI initiator if re-discovery is done either through isci discovery rediscover or scanbus commands.
See “Configuring the iSCSI targets” on page 127.
iscsi target login Allows login to a target target-name from an iSCSI initiator. Connections to target-name are made from all devices present in an iSCSI initiator configuration. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target once logged out by the iSCSI initiator is not logged in until iscsi target login is requested. See “Configuring the iSCSI targets” on page 127. 126 Configuring storage About configuring the iSCSI targets
Table 4-10 iSCSI target commands (continued)
Command Definition
iscsi target logout Allows logout from connections to target-name from the iSCSI initiator. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target once logged out by the iSCSI initiator is not logged in until iscsi target login is requested.
See “Configuring the iSCSI targets” on page 127.
iscsi target rescan Allows a static target to scan for new LUNs. See “Configuring the iSCSI targets” on page 127.
iscsi target list Lists the targets visible to the iSCSI initiator. See “Configuring the iSCSI targets” on page 127.
iscsi target Lists detailed information about the target. listdetail See “Configuring the iSCSI targets” on page 127. Configuring storage 127 Configuring the iSCSI targets
Configuring the iSCSI targets To display the iSCSI targets
◆ To display the iSCSI targets, enter the following:
Storage> iscsi target list
For example:
Storage> iscsi target list Target ------iqn.2001-04.com.example:storage.disk2.sys3.xyz iqn.2001-04.com.example:storage.disk4.sys3.xyz iqn.2001-04.com.example:storage.disk5.sys3.xyz iqn.2001-04.com.example:storage.disk3.sys3.xyz iqn.2001-04.com.example2:storage.disk2.sys3.xyz iqn.2001-04.com.example2:storage.disk3.sys3.xyz iqn.2001-04.com.example2:storage.disk4.sys3.xyz iqn.2001-04.com.example2:storage.disk5.sys3.xyz
Discovery Address State Disk ------192.168.2.14:3260 ONLINE disk_0 192.168.2.14:3260 ONLINE disk_2 192.168.2.14:3260 ONLINE disk_3 192.168.2.14:3260 ONLINE disk_1 192.168.2.15:3260 ONLINE disk_4 192.168.2.15:3260 ONLINE disk_5 192.168.2.15:3260 ONLINE disk_6 192.168.2.15:3260 ONLINE disk_7 128 Configuring storage Configuring the iSCSI targets
To display the iSCSI target details
◆ To display the iSCSI target details, enter the following:
Storage> iscsi target listdetail target
where target is the name of the node you want to display the details for. For example:
Storage> iscsi target listdetail iqn.2001-04.com.example: storage.disk2.sys3.xyz
Discovery Address : 192.168.2.14:3260 Connections ======Portal Address sfs_01 sfs_02 ------192.168.2.14:3260,1 2 2
To add an iSCSI target
◆ To add an iSCSI target, enter the following:
Storage> iscsi target add target-name portal-address
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target add iqn.2001-04.com.example: storage.disk2.sys1.xyz 192.168.2.14:3260
Logging into target iqn.2001-04.com.example: storage.disk2.sys1.xyz Storage> iscsi target listdetail iqn.2001-04.com.example: storage.disk2.sys1.xyz
Connections ======Portal Address sfs55_01 sfs55_02 ------192.168.2.14:3260,1 1 1 Configuring storage 129 Configuring the iSCSI targets
To delete an iSCSI target
◆ To delete an iSCSI target, enter the following:
Storage> iscsi target del target-name {discovery-address|portal-address}
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target del iqn.2001-04.com.example: storage.disk2.sys3.xyz
To login to an iSCSI target
◆ To login to an iSCSI target, enter the following:
Storage> iscsi target login target-name {discovery-address | portal-address}
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target login iqn.2001-04.com.example: storage.disk2.sys3.xyz 130 Configuring storage About data archive and retention (DAR)
To logout from an iSCSI target
◆ To logout from an iSCSI target, enter the following:
Storage> iscsi target logout target-name {discovery-address | portal-address}
target-name Name of the iSCSI target at which SCSI LUNs are available. target-name should conform to the naming rules defined in RFC3721.
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used.
portal-address The location where the target is accessible.
For example:
Storage> iscsi target logout iqn.2001-04.com.example: storage.disk2.sys3.xyz
To rescan static targets for new LUNs
◆ To rescan a static target for new LUNs, enter the following:
Storage> iscsi target target-name
where target-name is the name of the iSCSI target that you want to rescan.
About data archive and retention (DAR) The FileStore data archive and retention feature enables you to create WORM (write once, read many)-enabled file systems for data archiving. DAR-enabled file systems are protected against accidental or deliberate file removal and tampering. This feature is important for installations that must meet corporate requirements to ensure that data is archived reliably and securely over a long period of time.
Once a file system is created in FileStore, you can use the Storage> dar command to mark the file system as DAR-enabled and specify the minimum, maximum, and default retention times for WORM files in the archive. After a file system is DAR-enabled, you can use Symantec Enterprise Vault to configure a file as WORM and specify a specific retention time. Configuring storage 131 About data archive and retention (DAR)
Marking a file system as DAR-enabled and setting the range of retention times is controlled by FileStore. Marking a file as a WORM file and choosing a retention time for the file are controlled by Enterprise Vault. Retention times set for the file must be compatible with the minimum and maximum retention times configured by the Storage> dar enable command. If no retention time is set, the default FileStore retention time is used. FileStore enforces the immutability of WORM files until their retention date is reached. Once their retention dates have passed, these files can be deleted or the retention date extended. Otherwise, no other operations are allowed on the files. To use the data archive and retention feature:
■ You must purchase a FileStore license for the feature. The license is based on the amount of disk space you plan to use for data archive and retention. After you purchase a license, use the Storage> dar licenseset command to specify the amount of disk space you are licensed to use.
■ Currently, DAR is optimized for Symantec Enterprise Vault environments. When you configure Enterprise Vault to work with FileStore make sure you configure Enterprise Vault to be the only "user" of the exported DAR-enabled shares.
■ You can use DAR in environments that do not include Symantec Enterprise Vault. See “Using DAR without Symantec Enterprise Vault” on page 134.
■ You must have an Network Time Protocol (NTP) server enabled and configured. See “About coordinating cluster nodes to work with NTP servers” on page 508.
■ When you use the CIFS> share add command to add a CIFS share for a DAR-enabled file system, make sure you include the no_full_acl export option. If you do not set this option, you cannot change a file to WORM through CIFS. See “About the CIFS export options” on page 331.
You can use Report > audit commands to configure audit logs for DAR-enabled file systems. See “About audit logs” on page 434. System and audit log entries for DAR-related operations can include (but are not limited to) the following:
■ Attempts to modify the data (or metadata) of a WORM file
■ Attempts to increment (or decrement) the retention date
■ Attempts to delete a DAR-enabled file system
■ Attempts to modify the system clock 132 Configuring storage How DAR interacts with other FileStore applications
Table 4-11 DAR commands
Command Definition
dar licenseset Sets the licensed disk space capacity for all DAR-enabled file systems. See “Configuring data archive and retention” on page 135.
dar show Shows the licensed disk space capacity for all DAR-enabled file systems. This includes the amount of currently-used disk space and the amount of available disk space. See “Configuring data archive and retention” on page 135.
dar enable Marks a file system as DAR-enabled and sets the minimum, maximum, and default retention times for files in the archive. See “Configuring data archive and retention” on page 135.
dar list Displays a list of DAR-enabled file systems, associated retention times, and retention options. See “Configuring data archive and retention” on page 135.
How DAR interacts with other FileStore applications The FileStore data archive and retention feature is designed and optimized to work with Enterprise Vault. It supports the current version of Enterprise Vault and is compatible with earlier versions of Enterprise Vault. In general, other FileStore features and applications preserve both the WORM data and metadata when accessing and performing operations on files in a DAR-enabled file system, but there are some exceptions. See Table 4-12 for details.
Note: For the latest information on how DAR interacts with other applications, see the Symantec FileStore Release Notes.
Table 4-12 Application support for data archive and retention
Feature or Description Application
AntiVirus AntiVirus can overwrite DAR protection. If a file is suspected to be infected, AntiVirus can remove the file even if the file is marked WORM. Configuring storage 133 How DAR interacts with other FileStore applications
Table 4-12 Application support for data archive and retention (continued)
Feature or Description Application
Backup Data archive and retention works with the NDMP client and NetBackup.
■ The NDMP client preserves both the WORM data and metadata when accessing and performing backup operations on files in a DAR-enabled file system. ■ For the NetBackup client, use pathname /_vxfs_private_/fs_name (instead of /vx/fs_name) to restore DAR-enabled files.
CIFS DAR-enabled file systems can be accessed over CIFS. However, DAR-enabled files systems cannot be used for CIFS home directories.
CLI and Currently, commands and operations to create and manage Management DAR-enabled file systems are available in the FileStore CLI, but not Console in the FileStore Management Console.
Deduplication Any file system can be enabled for both DAR and deduplication, but you have to enable DAR first, then deduplication. The reverse sequence is not supported.
DST Transfer of files between the storage tiers works as expected (transparent to DAR). DST removal policies cannot remove WORM files.
FTP The FTP service cannot be used on DAR-enabled file systems.
NFS Currently, DAR-enabled files systems cannot be accessed over NFS.
NTP You must have a Network Time Protocol (NTP) server enabled and configured to use data archive and retention.
Replication DAR-enabled file systems are supported as a replication source, but not as a replication target. Data from a normal (not DAR-enabled) share cannot be promoted or migrated into an existing or new DAR-enabled share. 134 Configuring storage Using DAR without Symantec Enterprise Vault
Table 4-12 Application support for data archive and retention (continued)
Feature or Description Application
Snapshot Snapshots can be mounted and promoted for DAR-enabled file systems:
■ A warning message appears when a snapshot of a DAR-enabled file system is mounted. ■ You can restore a snapshot of a DAR-enabled file system, but you may lose data stored after the snapshot was taken. A warning message appears before the restore occurs. ■ Snapshot-based backups that use the NetBackup client type VxFS_Checkpoint do not work with DAR-enabled file systems.
Using DAR without Symantec Enterprise Vault The FileStore DAR feature is optimized for use with Symantec Enterprise Vault, but you can use DAR to enable WORM capability in non-EV enviornments. To enable WORM capability on a CIFS volume:
■ Use the Storage> dar enable command to enable DAR on a CIFS file system. See “Configuring data archive and retention” on page 135.
■ Use CIFS operations to perform the following:
■ Create a file.
■ Add data to the file.
■ As required for WORM compliance, set the file access time (atime) to some date in the future.
■ Set the file permissions to read-only (RO). The file will be WORM-compliant until the retention time expires.
Note: This procedure applies to CIFS volumes only. NFS volumes are not supported at this time. Configuring storage 135 Configuring data archive and retention
Configuring data archive and retention To license a DAR-enabled file system
◆ To set the licensed disk capacity for all DAR-enabled file systems, enter the following:
Storage> dar licenseset disk_size
where disk_size is the amount of disk space you have licensed. Disk capacity can be specified as T (terabyte), G (gigabytes), or M (megabytes). For example:
Storage> dar licenseset 10G
To show the licensed disk capacity for a DAR-enabled file system
◆ To show the licensed disk capacity for all DAR-enabled file systems, enter the following:
Storage> dar show Licensed: 10G Used: 5.1G Available: 4.90G Used%: 51%
To create a DAR-enabled file system
1 Use the Storage> fs create command to create an empty file system. You can create a new file system and then enable it for data archive and retention. For example:
Storage> fs create simple fs1 1G pool1 100% [#] Creating simple file system
2 Use the Storage> dar enable command to enable the file system for data archive and retention.
Storage> dar enable fs_name [def_retent] [min_retent] [max_retent] [retent_opt]
fs_name Name of the file system you want to enable for data archive and retention. Once a file system is marked DAR-enabled, you can not remove this setting. 136 Configuring storage Configuring data archive and retention
def_retent Specifies the default data retention time (in days) for files in a DAR-enabled file system. Retention times are measured relative to the time the value was set. Valid values are:
■ number - the number of days ■ inf - infinite retention time
If you do not specify a default data retention time, the default is 365 days (1 year).
min_retent Specifies the minium data retention time for files in a DAR-enabled file system. Retention times are measured relative to the time the value was set. Valid values are:
■ number - the number of days ■ inf - infinite retention time
If you do not specify a minimum data retention time, the default is 0 days.
max_retent Specifies the maximum data retention time for files in a DAR-enabled file system. Retention times are measured relative to the time the value was set. Valid values are:
■ number - the number of days ■ inf - infinite retention time
If you do not specify a maximum data retention time, the default is 10950 days (30 years).
retent_opt Specifies optional retention values. Choices include:
■ incret | noincret If the option is incret, you can increase (increment) data retention times. If the option is noincret, you cannot increase data retention times. ■ decret | nodecret If the option is decret, you can decrease (decrement) data retention times. If the option is nodecret, you cannot decrease data retention times. To enter more than one retention option, use a comma to separate the values. For example, incret,decret.
By default, the options are incret,nodecret. Configuring storage 137 About data deduplication
For example:
Storage> dar enable fs1 95 1 365 incret,decret
Note: An error message appears, if you try to use the Storage> dar enable command on a file system in any of the following states: NFS shared, CIFS shared, FTP shared, or Non-empty.
Listing DAR-enabled file systems
◆ To list DAR-enabled files systems, enter the following:
Storage> dar list DAR Enabled FS STATUS DEF RETENTION MIN RETENTION MAX RETENTION RETENTION OPTIONS ======fs1 Online 95 days 1 days 365 days INC_RETN,DEC_RETN fs3 Offline - - - - fs4 Online 365 days 0 days 10950 days INC_RETN
To delete a DAR-enabled file system
◆ To delete a DAR-enabled file system, enter the following:
Storage> fs destroy fs_name
where fs_name is the name of the file system you want to delete. For example:
Storage> fs destroy fs1 SFS FS WARNING V-288-0 fs1 is DAR enabled SFS FS WARNING V-288-0 Are you sure you want to destroy? (yes/no)
You must use the Storage> fs destroy CLI command to delete a DAR-enabled file system. You cannot use the Destroy option on the File System page of the FileStore Management Console.
About data deduplication Data deduplication is the process by which redundant data is eliminated to improve storage utilization. Using data deduplication, you can reduce the amount of storage required for storing user and application data. It is most effective in use-cases where many copies of very similar or even identical copies of data are stored. The 138 Configuring storage About data deduplication
deduplication feature in FileStore provides storage optimization for primary storage (storage of active data). Each file in the configured file system is broken into user-configurable chunks for evaluating duplicates. The smaller the chunk size, the higher the percentage of sharing due to better chances of matches.
Note: Deduplication with a small chunk size increases the deduplication time and load on the system.
Note: In order to use FileStore deduplication, the file system layout must be at the current version. See “Upgrading a file system to the current layout for running deduplication” on page 274.
FileStore deduplication is periodic, that is, as per the user-configured frequency, redundant data in the file system is detected and eliminated. The following are potential use-cases for FileStore file system deduplication:
■ Microsoft Exchange mailboxes
■ DAR-enabled file systems integrated with Symantec Enterprise Vault
■ File systems hosting user home directories
■ Virtual Machine Disk Format (VMDK) or virtual image stores. Table 4-13 shows an estimated file system data size that can be supported for a FileStore deduplicated file system.
Table 4-13 Relationship between physical and logical data on a file system for two billion unique fingerprints with various deduplication ratios
Fingerprint block Deduplication Unique Physical file Effective size ratio signature per system data logical file TB size system data size
4K 50% 128 M 16 TB 32 TB
4K 65% 90 M 23 TB 65 TB
4K 80% 51 M 40 TB 200 TB
8K 50% 64 M 32 TB 64 TB
8K 65% 45 M 46 TB 132 TB Configuring storage 139 About data deduplication
Table 4-13 Relationship between physical and logical data on a file system for two billion unique fingerprints with various deduplication ratios (continued)
Fingerprint block Deduplication Unique Physical file Effective size ratio signature per system data logical file TB size system data size
8K 80% 25 M 80 TB 400 TB
16K 50% 32 M 64 TB 128 TB
16K 65% 22 M 93 TB 266 TB
16K 80 % 13 M 158 TB 800 TB 140 Configuring storage About data deduplication
Figure 4-1 Overview of the deduplication workflow
The Storage> dedup commands perform administrative functions for the FileStore deduplication feature. The Storage> dedup commands allow you to enable, disable, start, stop, and remove deduplication on a file system. Using the Storage> dedup commands, you can reset several deduplication configuration parameters and display the current deduplication status for your file system. Configuring storage 141 About data deduplication
Note: Some configuration parameters can be set as local (specific to a file system) and/or global (applicable to all deduplication-enabled file systems). Local parameters override the value of a global parameter.
Table 4-14 Deduplication commands
Command Definition enable Marks a file system as deduplication-enabled. See “Configuring file system deduplication” on page 143. disable Disables the deduplication schedule on a file system. Other information, for example, configuration parameters, schedule, and the deduplication database remain intact. See “Configuring file system deduplication” on page 143. list Displays a list of the deduplication-enabled file systems, and the deduplication parameters of each file system. See “Configuring file system deduplication” on page 143. start Starts the manual deduplication process on a specified file system. See “Configuring file system deduplication” on page 143. stop Stops the deduplication process running on a specified file system. See “Configuring file system deduplication” on page 143. status Displays the current deduplication status. See “Configuring file system deduplication” on page 143. set cpu Sets the CPU usage behavior. This parameter can be set as a global and/or a local parameter. See “Configuring file system deduplication” on page 143. set memory Sets the memory allocation limit in MB. This can be set only as a global parameter. See “Configuring file system deduplication” on page 143. set priority Sets the priority for the deduplication-enabled file system(s). This parameter can be set as a global and/or a local parameter. See “Configuring file system deduplication” on page 143. schedule set Sets the deduplication schedule for running the deduplication process. This can be set only as a local parameter. See “Configuring file system deduplication” on page 143. 142 Configuring storage About data deduplication
Table 4-14 Deduplication commands (continued)
Command Definition
schedule modify Modifies the deduplication schedule. See “Configuring file system deduplication” on page 143.
schedule delete Deletes the deduplication schedule. See “Configuring file system deduplication” on page 143.
dryrun Allows the deduplication process to scan the entire file system and report on potential space savings by identifying duplicate data. A dry run can be converted to the actual deduplication if the dry run meets the specified threshold value. See “Configuring file system deduplication” on page 143.
remove Removes deduplication configuration-related information from the specified file system. See “Configuring file system deduplication” on page 143.
About best practices for using the FileStore deduplication feature The following are best practices when using the FileStore deduplication feature:
■ Deduplication is most effective when the file system block size and the deduplication block size are the same for file systems with block sizes of 4K and above. This also allows the deduplication process to estimate space savings more accurately.
■ The smaller the file system block size and the deduplication block size, the higher is the time required for performing deduplication. Smaller block sizes, for example, 1K and 2K, increase the number of data fingerprints that the deduplication database has to store. Though the file system block size is data-dependent, the recommended block size for optimal deduplication is 4K for file systems less than 1TB. For file systems 1TB and above, it is 8K.
■ For VMware NFS datastores that store Virtual Machine Disk Format (VMDK) images, a 4K block size is optimal.
■ Compressed media files for images, music, and video, like JPEG, mp3, .MOV, and databases do not deduplicate or compress effectively.
■ Home directory file systems are good candidates for deduplication.
■ Data archive and retention (DAR) file systems may be good candidates for deduplication depending on the workload. Deduplication is more effective if Configuring storage 143 About data deduplication
deduplication is turned off in Symantec Enterprise Vault (EV) prior to running FileStore deduplication.
■ Deduplication is a CPU and I/O intensive process. It is a best practice to schedule deduplication when the load on your file systems is expected to be low.
■ Evaluation of changes in the file system is done by the file system's File Change Log (FCL). Setting the frequency on a too infrequent basis may cause the FCL to rollover, thereby missing changes and deduplication opportunities to the file system.
■ After enabling deduplication on file systems with existing data, the first deduplication run does a full deduplication. This can be time-consuming, and may take 12 to 15 hours per TB, so plan accordingly.
■ The deduplication database takes up 1% to 7% of logical file system data. In addition, during deduplication processing, an additional but temporary storage space is required. Though 15% free space is enforced, it is recommended to have 30% free space when the deduplication block size is less than 4096 (4K) bytes.
■ Any file system can be enabled for both DAR and deduplication, but you have to enable DAR first, then deduplication. The reverse sequence is not supported.
■ If you plan to use the deduplication scheduler, you must have a Network Time Protocol (NTP) server enabled and configured. See “About coordinating cluster nodes to work with NTP servers” on page 508.
Configuring file system deduplication To enable deduplication on a file system
◆ To enable deduplication on a file system, enter the following:
Storage> dedup enable fs_name blksize
Note: Deduplication must be enabled for a file system before setting file system configuration parameters and schedules.
This command also re-enables a deduplication schedule for a file system. Enabling deduplication does not automatically deduplicate a file system. Deduplication has to be manually started by using the Storage> dedup start command or by setting up a schedule by using the Storage> dedup set schedule command. The first deduplication of a file system is always a full deduplication of the entire file system. This is an end-to-end deduplication 144 Configuring storage About data deduplication
process that identifies and eliminates duplicate data. Any subsequent attempt to run deduplication on that file system results in incremental deduplication.
fs_name Specify the file system name for which you want to enable deduplication.
blksize Specify the deduplication block size of the file system in bytes, where possible values of bytes are the following:
■ blksize=0 (Default) ■ blksize=1024 ■ blksize=2048 ■ blksize=4096 ■ blksize=8192 ■ blksize=16384 ■ blksize=32768 ■ blksize=65536 ■ blksize=131072
Specify the deduplication block size in bytes, for example, 4096. The deduplication block size should be a power of 2. For example, 3K, is not a valid deduplication block size. The deduplication block size is a multiple of the file system's block size, and should be equal to or less than 128K. 0 is the default configuration for the deduplication block size. If blksize=0 is specified while enabling deduplication, then if the file system block size is < 4096, then the deduplication block size is set to 4096. Otherwise, the deduplication block size is set to the same as the file system block size. Note: Once the deduplication block size is set when enabling file system deduplication, the deduplication block size cannot be changed. The only way to change the deduplication block size is to remove deduplication on the file system and then re-enable deduplication on the file system.
For example, to enable deduplication on the file system fs1, enter:
Storage> dedup enable fs1 blksize=4096 SFS dedup SUCCESS V-288-0 Enabled dedup on file system fs1. Set memory, cpu, priority as required.
Note: For deduplication-enabled file systems, you are prompted during Storage> fs offline and Storage> fs destroy operations.
For example:
Storage> dedup list
Default Priority CPU Memory Configuring storage 145 About data deduplication
------NORMAL IDLE 2048M
Filesystem Priority CPU Granularity Enabled Schedule NodeList ------/vx/fs1 HIGH YIELD 8192B YES SET node_01,node_02 /vx/fs2 LOW IDLE 1024B YES NONE node_01,node_02
Storage> fs destroy fs1 SFS fs WARNING V-288-0 fs1 is deduplication configured. Are you sure to destroy ? (yes/no) no SFS fs ERROR V-288-0 Aborting fs destroy command
To start the deduplication process
◆ To manually start the deduplication process, enter the following:
Storage> dedup start fs_name [nodename]
where fs_name is the name of the file system where you want to start the deduplication process and nodename is the node in the cluster where you want to start deduplication. You can run deduplication on any node in the cluster.
Note: A file system must be deduplication-enabled before being able to start the deduplication process.
When the deduplication process is started for the first time, a full scan of the file system is performed. Any subsequent attempt to run deduplication requires an incremental scan only. For example:
Storage> dedup start fs1 node_01
Note: When deduplication is running on a file system, you are prompted during Storage> fs offline and Storage> fs destroy operations, and these operations can proceed only after deduplication is stopped by using the Storage> dedup stop command. 146 Configuring storage About data deduplication
To stop the deduplication process
◆ To stop the deduplication process running on a file system, enter the following command:
Storage> dedup stop fs_name
where fs_name is the name of the file system where you want to stop the deduplication process.
Note: The deduplication process may not stop immediately as a consistent state is ensured while stopping. Use the Storage> dedup status command to verify if the deduplication process has stopped.
To disable deduplication on a file system
◆ To disable deduplication on a file system, enter the following:
Storage> dedup disable fs_name
where fs_name is the name of the deduplication-enabled file system that you want to disable. Only the deduplication schedule is suspended for a deduplication-disabled file system. All other configuration parameters, for example, file system configuration, schedule, and the deduplication database remain intact.
Note: Keeping a file system deduplication-disabled for a significant period of time may reduce the effectiveness of deduplication when it is re-enabled. Configuring storage 147 About data deduplication
To create a deduplication dryrun
◆ To create a deduplication dryrun, enter the following command:
Storage> dedup dryrun fs_name [threshold]
The Storage> dedup dryrun command is useful for determining the statistics/potential savings on the file system data if actual deduplication is performed. Most accurate statistics are obtained when the file system block size and the deduplication block size are the same.
fs_name Specify the file system name for which you want to create a dryrun.
threshold Specify the threshold percentage in the range of [0-100]. A dryrun is automatically converted to the actual deduplication if the dryrun meets the threshold value. For example, if you specified a threshold value of 40%, and if deduplication results in a space savings of >=40%, then the dryrun is automatically converted to the actual deduplication.
To check whether the deduplication dryrun reaches to a threshold value of 60%, enter the following:
Storage> dedup dryrun fs1 60
To set the deduplication schedule
◆ To set the deduplication schedule, enter the following:
Storage> dedup schedule set fs_name hours day [freq]
The Storage> dedup schedule set command can only be set as a local parameter. Two categories of schedules are allowed: run periodicity and type periodicity. The granularity of the schedule is limited to the time of day and the day of the month.
fs_name Specify the file system where you want to set the deduplication schedule. 148 Configuring storage About data deduplication
hours Specify the hours value for setting the duplication schedule.
There are three types of values for the hours field:
■ * - indicates every hour. ■ */N - indicates every Nth hour, where N is in the range [1-12]. ■ You can also specify 5 comma-separated hours in the range of [0-23]. For example:
Storage> dedup schedule modify fs1 0,6,12,18,23 2 3 SFS dedup SUCCESS V-288-0 Schedule modify on file system fs1.
day Specify the interval in days for setting the deduplication schedule.
There are three types of values for the day field:
■ * - indicates every day. ■ */N - indicates every Nth day, where N is in the range of [1-15]. ■ Any number in the range of [1-7] where: ■ 1 - Sunday ■ 2 - Monday ■ 3 - Tuesday ■ 4 - Wednesday ■ 5 - Thursday ■ 6 - Friday ■ 7 - Saturday
Note: The deduplication scheduler will only pick up the schedule if the schedule is enabled for deduplication.
freq Specify the frequency to run the deduplication schedule in the range of [1-5]. The default frequency is [1]. This value controls deduplication load on the file system by distributing phases of deduplication across various runs, and potentially across systems in the cluster. A value of 4 means, every 4th run deduplicates the file system, whereas the other runs consolidate the changes.
To modify the deduplication schedule
◆ To modify the deduplication schedule, enter the following:
Storage> dedup schedule modify fs_name hours day freq Configuring storage 149 About data deduplication
fs_name Specify the file system where you want to modify the deduplication schedule.
hours Specify the hours value for modifying the deduplication schedule.
There are three types of values for the hours field:
■ * - indicates every hour. ■ */N - indicates every Nth hour, where N is in the range [1-12]. ■ You can also specify 5 comma-separated hours in the range of [0-23]. For example:
Storage> dedup schedule modify fs1 0,6,12,18,23 2 3 SFS dedup SUCCESS V-288-0 Schedule modify on file system fs1.
day Specify the interval in days for modifying the deduplication schedule.
There are three types of values for the day field:
■ * - indicates every day. ■ */N - indicates every Nth hour, where N is in the range [1-12]. ■ Any number in the range of [1-7] where: ■ 1 - Sunday ■ 2 - Monday ■ 3 - Tuesday ■ 4 - Wednesday ■ 5 - Thursday ■ 6 - Friday ■ 7 - Saturday
Note: The deduplication scheduler will only pick up the schedule if the schedule is enabled for deduplication.
freq Specify the frequency to run the deduplication schedule in the range of [1-5].
To delete the deduplication schedule
◆ To delete the deduplication schedule, enter the following:
Storage> dedup schedule delete fs_name
where fs_name is the name of the file system that you want to delete. 150 Configuring storage About data deduplication
To list the deduplication-enabled file system or file systems
◆ To list the deduplication-enabled file system or file systems, enter the following:
Storage> dedup list fs_name
where fs_name is the name of the deduplication-enabled file system that you want to list.
For example, to list the deduplication-enabled file systems, fs1, and then fs2, enter:
Storage> dedup list fs1 Priority NORMAL CPU IDLE Memory 2048M Granularity 1024B Enabled YES Schedule hours Every hour Schedule day interval Every day Schedule frequency 1 NodeList node_01,node_02
Storage> dedup list fs2 Priority NORMAL CPU IDLE Memory 2048M Granularity 1024B Enabled YES Schedule hours 00:00, 06:00, 12:00, 18:00, 23:00 Schedule day interval Every Monday Schedule frequency 3 NodeList node_01,node_02
Schedule hours are displayed as:
■ * - is displayed as "Every hour"
■ */N - is displayed as "Every N hours"
■ 0,6,12,18,23 are shown as "00:00, 06:00, 12:00, 18:00, 23:00"
Note: 0 is replaced by 00:00, 1 is replaced by 01:00, 23 is replaced by 23:00
Schedule day interval is displayed as: Configuring storage 151 About data deduplication
■ * - is displayed as "Every day"
■ */N - is displayed as "Every N days"
■ 1 - is displayed as "Every Sunday"
■ 2 - is displayed as "Every Monday"
■ 3 - is displayed as "Every Tuesday"
■ 4 - is displayed as "Every Wednesday"
■ 5- is displayed as "Every Thursday"
■ 6 - is displayed as "Every Friday"
■ 7 - is displayed as "Every Saturday" If you issue the command without fs_name, you get a list of all the deduplication-enabled file systems.
Storage> dedup list
Default Priority CPU Memory ------NORMAL IDLE 2048M
Filesystem Priority CPU Granularity Enabled Schedule NodeList ------/vx/fs1 HIGH YIELD 8192B YES SET node_01,node_02 /vx/fs2 LOW IDLE 1024B YES NONE node_01,node_02
The Default column header indicates the global value (applicable to all deduplication-enabled file systems). For example, if you have not set Priority, CPU, and Memory for file system fs1, the deduplication process uses the global value. FileStore deduplication uses the default values for global settings options. Local parameters override the value of global parameters. To obtain status information for a specified deduplicated-enabled file system or all deduplicated-enabled file systems
◆ To obtain status information for deduplicated-enabled file systems, enter the following:
Storage> dedup status [fs_name]
where fs_name is the specified deduplicated-enabled file system for which you want to obtain current status information. If you issue the command without fs_name, you get status information for all deduplicated-enabled file systems. For example: 152 Configuring storage About data deduplication
Storage> dedup status Filesystem Saving Status Node Type Details ------/vx/fs1 00% COMPLETED node_01 MANUAL 2011/05/17 16:57:16 End full scan with error /vx/fs2 00% COMPLETED node_01 MANUAL 2011/05/17 16:57:32 End detecting duplicates and filesystem changes 0
If you issue the command with fs_name, you get the detailed status information for the specified file system, along with any error messages or warnings.
Storage> dedup status fs2 Filesystem Saving Status Node Type Details ------/vx/fs2 00% COMPLETED node_01 MANUAL 2011/05/17 16:57:32 End detecting duplicates and filesystem changes 0 2011/05/17 16:57:17 DEDUP_INFO Using FP block size = 4096 Mode = 0
The following describes the output from the Storage> dedup status command:
Filesystem Displays the directory where the file system is mounted.
Savings Displays the savings as a percentage. The value can mean different things during the course of deduplication. When the deduplication is in a COMPLETED state, or when the deduplication process is computing the expected deduplication, the value in this column shows the actual sharing in the file system. However, when the expected deduplication calculation is complete, this column value shows the expected deduplication. The expected deduplication calculation is based on user data only; therefore, at the end of deduplication, the saving percentage may vary from the expected deduplication percentage. This is because the actual file system deduplication percentage not only takes into consideration the user data, but also file system and deduplication metadata. This difference may be pronounced if the user data is very small. For a failed deduplication, the value is undefined. Configuring storage 153 About data deduplication
Status Displays one of the following status values:
■ RUNNING ■ COMPLETED ■ STOPPED ■ FAILED ■ NONE - indicates that deduplication has not been previously run on this file system.
Node Indicates the node name where the deduplication job is either running or has completed for a file system.
Type The following are the types of deduplication jobs:
■ MANUAL - the deduplication job is started by using either the Storage> dedup start command or the Storage> dedup dryrun command. ■ SCHEDULED - the deduplication job is started by the deduplication scheduler.
Details Displays the status of the file system deduplication activity. The deduplication process writes its status in the status log. The relevant status log is displayed in this column. For a long-running deduplication process, the status log may also show the actual file system sharing as a progress indicator. This actual file system sharing percentage along with the expected saving percentage in the Saving column gives a good estimate of the progress. When displaying deduplication status for a specific file system, any errors, or warnings for the deduplication run are also shown. The Details column gives a detailed idea of what to look for in case of any issues.
To set the CPU usage for the deduplication-enabled file system
◆ To set the CPU usage for the file system, enter the following:
Storage> dedup set cpu cpuvalue fs_name 154 Configuring storage About data deduplication
cpuvalue Specify the CPU usage behavior for the deduplication-enabled file system. Available values are the following:
■ IDLE (default) - indicates that the deduplication process consumes as much CPU processing as is available. For example, if the CPUs are IDLE, then the deduplication process takes all of the idle CPUs, and performs the deduplication job faster. CPU usage may reach 100% on each available CPU. ■ YIELD - indicates that the deduplication process yields the CPU periodically; that is, even if the CPUs are not busy, the deduplication process relinquishes the CPU. More time may be taken for the same job in some scenarios. However, the yield value ensures that the deduplication process does not hang onto the CPU, or cause CPU usage spikes.
fs_name Specify the deduplication-enabled file system for which you want to set the CPU usage. Note: If a file system name is specified, the Storage> dedup set cpu command sets the CPU value for that file system. Otherwise, the CPU value is applicable to all file systems, which have not overridden the CPU value.
To set the deduplication memory allocation limit for the deduplication-enabled file system
◆ To set the deduplication memory limit in MB for the deduplication-enabled file system, enter the following:
Storage> dedup set memory memvalue
where memvalue is the memory value in MB, for example, 1024. The memvalue controls the maximum memory per deduplication process.
Note: Care must be taken to increase memvalue if large file systems are present. Otherwise, deduplication efficiency may be affected. Since this is a limit value, only the required memory is consumed for smaller file system deduplication jobs. Note that scheduled deduplication jobs start deduplication based on the available memory; therefore, if available RAM in the system falls below the configured memory allocation limit for deduplication, the deduplication scheduler on that system will postpone the scheduled deduplication. At this point, other systems with available memory will start deduplication. If the job remains postponed for 1 hour, the job will be abandoned. Configuring storage 155 About data deduplication
To set the deduplication priority for the deduplication-enabled file system
◆ To set the deduplication priority (importance) for the deduplication-enabled file system, enter the following:
Storage> dedup set priority priorityvalue [fs_name]
priorityvalue Specify the importance of deduplication for the file system. The setting of this parameter is local (specific to a file system). The priorityvalue parameter is used by the deduplication scheduler to evaluate if starting deduplication at the scheduled time is appropriate or not based on the state of the file system at that time. priorityvalue is also a load-balancing mechanism whereby a less-loaded system in the cluster may pick up a scheduled deduplication job. Available values are the following:
■ LOW (default) - indicates that if the system has sustained CPU usage of 50% or more in the last one hour, the file systems marked as LOW have their deduplication schedules skipped with a message in the syslog. ■ NORMAL - indicates that if the system has sustained CPU usage of 80% or more in the last one hour, the file systems marked as NORMAL have their deduplication schedules skipped with a message in the syslog. ■ HIGH - indicates that starting deduplication is a must for this file system, and without evaluating any system state, deduplication is started at the scheduled time.
fs_name Specify the file system where you want to set the deduplication priority. 156 Configuring storage About data deduplication
To remove deduplication configuration-related information from the specified file system
◆ To remove deduplication configuration-related information from the specified file system, enter the following:
Storage> dedup remove fs_name
where fs_name is the name of the file system for which you want to remove deduplication. This command removes all configurations and the deduplication database for the specified file system.
Note: This operation cannot be undone, and re-running deduplication on your file system may take a significant amount of time.
If you run the Storage> dedup remove command on an incorrect file system, you can stop the deduplication process, and then rerun the Storage> dedup remove command on the correct file system. For example:
Storage> dedup remove fs1 Chapter 5
Configuring Symantec FileStore network settings
This chapter includes the following topics:
■ About network mode commands
■ Displaying the network configuration and statistics
■ About bonding Ethernet interfaces
■ Bonding Ethernet interfaces
■ About DNS
■ Configuring DNS settings
■ About IP commands
■ About configuring IP addresses
■ Configuring IP addresses
■ About configuring Ethernet interfaces
■ Displaying current Ethernet interfaces and states
■ Configuring Ethernet interfaces
■ About configuring routing tables
■ Configuring routing tables
■ About LDAP
■ Before configuring LDAP settings 158 Configuring Symantec FileStore network settings About network mode commands
■ About configuring LDAP server settings
■ Configuring LDAP server settings
■ About administering FileStore cluster's LDAP client
■ Administering the FileStore cluster's LDAP client
■ About NIS
■ Configuring the NIS-related commands
■ About NSS
■ Configuring NSS lookup order
■ About VLAN interfaces
■ Configuring VLAN interfaces
About network mode commands FileStore network-mode commands let you specify and check the status of network parameters for the FileStore cluster.
Note: Before you use FileStore network mode commands, you must have a general understanding of IP addresses and networking. If you are not familiar with the terms or output, contact your Network Administrator for help.
As shown in Table 5-1, network node commands are organized into functional groups or submodes. To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter Network> mode. See “About using the FileStore command-line interface” on page 31.
Table 5-1 Network submodes
Network Function submode
Bond Creates a logical association between two or more Ethernet interfaces. See “About bonding Ethernet interfaces” on page 160.
DNS Identifies the DNS parameters that the FileStore cluster can use.
See “About DNS” on page 163. Configuring Symantec FileStore network settings 159 Displaying the network configuration and statistics
Table 5-1 Network submodes (continued)
Network Function submode
IP Manages the FileStore cluster IP addresses. See “About IP commands” on page 167.
LDAP Identifies the LDAP parameters that the FileStore cluster can use. See “About LDAP” on page 181.
NIS Identifies the NIS parameters that the FileStore cluster can use. See “About NIS” on page 190.
NSS Provides a single configuration location to identify the services (such as NIS or LDAP) for network information such as hosts, groups, or passwords. See “About NSS” on page 193.
VLAN Views, adds, or deletes VLAN interfaces. See “About VLAN interfaces” on page 195.
Displaying the network configuration and statistics
You can use the Network> show command to display the current cluster configuration and related statistics of the cluster network configuration. 160 Configuring Symantec FileStore network settings About bonding Ethernet interfaces
To display the network configuration and statistics
◆ To display the cluster's network configuration and statistics, enter the following:
Network> show Interface Statistics ------sfs_01 ------Interfaces MTU Metric RX-OK RX-DROP RX-ERR RX-FRAME lo 16436 1 13766 0 0 0 priveth0 1500 1 452390 0 0 0 priveth1 1500 1 325940 0 0 0 pubeth0 1500 1 25806318 0 0 0 pubeth1 1500 1 25755262 0 0 0
TX-OK TX-DROP TX-ERR TX-CAR Flag 13766 0 0 0 LRU 953273 0 0 0 BMR 506641 0 0 0 BMRU 152817 0 0 0 BMRU 673 0 0 0 BMRU
Routing Table ------sfs_01 ------Destination Gateway Genmask Flags MSS Window irtt Iface 172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0
See “Configuring routing tables” on page 178.
About bonding Ethernet interfaces Bond commands associate each set of two or more Ethernet interfaces with one IP address. This association improves network performance on each FileStore cluster node by increasing the potential bandwidth available on an IP address beyond the limits of a single Ethernet interface and by providing redundancy for higher availability. Configuring Symantec FileStore network settings 161 Bonding Ethernet interfaces
For example, you can bond two 1-Gigabit Ethernet interfaces together to get throughput greater then 1 GB; actual speed is dependent on your hardware configuration and bonding policies. Moreover, if one of the interfaces fails, communication continues using the single Ethernet interface. Bond commands let you create, remove, and display a cluster's bonds. When you create or delete a bond, it affects the corresponding Ethernet interfaces on the FileStore cluster nodes. You can only bond public Ethernet interfaces.
Note: When you create or remove a bond, SSH connections with Ethernet interfaces involved in that bond may be dropped. When the operation is complete, you must restore the SSH connections.
Table 5-2 Bond commands
Command Definition
show Displays a bond and its type used to distribute traffic among the bonded interfaces. See “Bonding Ethernet interfaces” on page 161.
create Creates a bond between sets of two or more named Ethernet interfaces on all FileStore cluster nodes. See “Bonding Ethernet interfaces” on page 161.
remove Removes a bond between two or more named Ethernet interfaces on all FileStore cluster nodes. See “Bonding Ethernet interfaces” on page 161.
Bonding Ethernet interfaces
The Network> bond create and Network> bond remove operations involve bringing down the interface first and then bringing them back up. This may cause the SSH connections hosted over those interfaces to terminate. Use the physical console of the client rather than SSH when performing Network> bond create and Network> bond remove operations. 162 Configuring Symantec FileStore network settings Bonding Ethernet interfaces
To display a bond
◆ To display a bond and the algorithm used to distribute traffic among the bonded interfaces, enter the following:
Network> bond show
In this example, DEVICES refers to Ethernet interfaces.
Network> bond show
BONDNAME MODE DEVICES ------bond0 active-backup pubeth1 pubeth2
To create a bond
◆ To create a bond between sets of two or more Ethernet interfaces on all FileStore cluster nodes, enter the following:
Network> bond create interfacelist mode
interfacelist Specifies a comma-separated list of public Ethernet interfaces to bond.
mode Specifies how the bonded Ethernet interfaces divide the traffic.
For example:
Network> bond create pubeth1,pubeth2 broadcast 100% [#] Bonding interfaces. Please wait... bond created, the bond name is: bond0
You can specify a mode either as a number or a character string, as follows:
0 balance-rr This mode provides fault tolerance and load balancing. It transmits packets in order from the first available slave through the last.
1 active-backup Only one slave in the bond is active. If the active slave fails, a different slave becomes active. To avoid confusing the switch, the bond's MAC address is externally visible on only one port (network adapter).
2 balance-xor Transmits based on the selected transmit hash policy. The default policy is a simple. This mode provides load balancing and fault tolerance. Configuring Symantec FileStore network settings 163 About DNS
3 broadcast Transmits everything on all slave interfaces and provides fault tolerance.
4 802.3ad Creates aggregation groups with the same speed and duplex settings. It uses all slaves in the active aggregator based on the 802.3ad specification.
5 balance-tlb Provides channel bonding that does not require special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. The current slave receives incoming traffic. If the receiving slave fails, another slave takes over its MAC address.
6 balance-alb Includes balance-tlb plus Receive Load Balancing (RLB) for IPV4 traffic. This mode does not require any special switch support. ARP negotiation load balances the receive.
To remove a bond
◆ To remove a bond from all of the nodes in a cluster, enter the following:
Network> bond remove bondname
where bondname is the name of the bond configuration. For example:
Network> bond remove bond0 100% [#] Removing Bond bond0. Please wait... bond removed : bond0
About DNS The Domain Name System (DNS) service resolves names to IP addresses. The DNS commands let you view or change a FileStore cluster's DNS settings. You can configure a FileStore cluster's DNS lookup service to use up to three DNS servers. You must enable the FileStore cluster's DNS name service before you specify the DNS servers to use for lookups. 164 Configuring Symantec FileStore network settings About DNS
Table 5-3 DNS commands
Command Definition
dns show Displays the current settings of the FileStore cluster's DNS lookup service. See “Configuring DNS settings” on page 165.
dns enable Enables FileStore to perform DNS lookups. When DNS is enabled, the FileStore cluster's DNS service uses the data center's DNS server(s) to determine the IP addresses of network entities such as SNMP, NTP, LDAP, and NIS servers with which the cluster must communicate. See “Configuring DNS settings” on page 165.
dns disable Disables DNS lookups. See “Configuring DNS settings” on page 165.
dns set Specifies the IP addresses of DNS name servers to be used by the nameservers FileStore DNS lookup service. The order of the IP addresses is the order in which the name servers are to be used. Enter the IP addresses of the name servers. The order of the IP addresses is the order in which the name servers are to be used. See “Configuring DNS settings” on page 165.
dns clear Removes the IP addresses of DNS name servers from the cluster's DNS nameservers lookup service database.
See “Configuring DNS settings” on page 165.
dns set Enter the domain name that the FileStore cluster will be in. For the domainname required information, contact your Network Administrator. This command clears any previously set domain name. Before you use this procedure, you must enable the DNS server. See “Configuring DNS settings” on page 165.
dns clear Removes the DNS domain name. domainname See “Configuring DNS settings” on page 165. Configuring Symantec FileStore network settings 165 Configuring DNS settings
Configuring DNS settings To display DNS settings
◆ To display DNS settings, enter the following:
Network> dns show DNS Status : Disabled nameserver : 172.16.113.118 domain : symantec.com
To enable DNS settings
◆ To enable DNS settings to allow FileStore hosts to do lookups and verify the results, enter the following commands:
Network> dns enable Network> Network> dns show DNS Status : Enabled domain : cluster1.com nameserver : 10.216.50.132
To disable DNS settings
◆ To disable DNS settings, enter the following:
Network> dns disable Network> Network> dns show DNS Status : Disabled Old Settings ------domain : cluster1.com nameserver : 10.216.50.132 166 Configuring Symantec FileStore network settings Configuring DNS settings
To specify IP addresses of DNS name servers
◆ To specify the IP addresses of DNS name servers to be used by the FileStore DNS service and verify the results, enter the following commands:
Network> dns set nameservers nameserver1 [nameserver2] [nameserver3]
For example:
Network> dns set nameservers 10.216.50.199 10.216.50.200 Network> Network> dns show DNS Status : Enabled nameserver : 10.216.50.199 nameserver : 10.216.50.200
To remove name servers list used by DNS
◆ To remove the name servers list used by DNS and verify the results, enter the following commands:
Network> dns clear nameservers Network> Network> dns show DNS Status : Enabled
To set the domain name for the DNS server
◆ To set the domain name for the DNS server, enter the following:
Network> dns set domainname domainname
where domainname is the domain name for the DNS server. For example:
Network> dns set domainname example.com Network> Network> dns show DNS Status : Enabled domain : example.com nameserver : 10.216.50.132 Configuring Symantec FileStore network settings 167 About IP commands
To remove domain name used by DNS
◆ To remove the domain name used by DNS, enter the following:
Network> dns clear domainname Network> Network> dsn show DNS Status : Enabled nameserver : 10.216.50.132
About IP commands Internet Protocol (IP) commands configure your routing tables, Ethernet interfaces, and IP addresses, and display the settings. The following sections describe how to configure the IP commands:
■ See “About configuring IP addresses” on page 167.
■ See “About configuring Ethernet interfaces” on page 173.
■ See “About configuring routing tables” on page 176.
About configuring IP addresses Each Ethernet interface must have a physical IP address associated with it. These are usually supplied when the FileStore software is installed. Each Ethernet interface can be configured with a virtual IP address for clustering purposes in FileStore. This restriction does not imply that each interface must have a virtual IP to communicate with the network. Table 5-4 lists the commands you can use to configure your IP addresses.
Table 5-4 IP commands
Command Definition
ip addr show Displays the IP addresses, the devices (Ethernet interfaces) they are assigned to, and their attributes. Note: Any Ethernet interfaces excluded during the initial FileStore installation will not be displayed.
See “Configuring IP addresses” on page 169. 168 Configuring Symantec FileStore network settings About configuring IP addresses
Table 5-4 IP commands (continued)
Command Definition
ip addr add Adds a virtual or physical IP address to the FileStore cluster. FileStore assigns the newly added IP address to an Ethernet interface or one of its nodes. Virtual IP addresses are used for communication among cluster nodes and with clients on the enterprise network. By default, this command does not use VLAN Ethernet interfaces unless they are specified in the device option. FileStore determines the node to which the IP address will be assigned. After you add a virtual IP address, it takes a few seconds for it to come online. If you enter an IP address that is already used in the cluster, an error message is displayed. You cannot enter an invalid IP address (one that is not four bytes or has a byte value greater than 255). Note: An IP address that does not go online may indicate a problem with the FileStore cluster. For help, use the Support> services command, or contact Symantec Technical Support. For more information, see the Symantec FileStore Troubleshooting Guide.
See “Configuring IP addresses” on page 169.
ip addr online Brings an IP address online on any running node in the cluster. The IP address does not need to be in the offline mode for this command to work. You can use this command to switch the IP address from an online node to another specified node. You can change an IP address to the online mode if it is in the OFFLINE/FAULTED state. This command also displays any faults for the IP address on the specified node. Note: An IP address that does not go online may indicate a problem with the FileStore cluster. For help, use the Support> services command, or contact Symantec Technical Support. For more information, see the Symantec FileStore Troubleshooting Guide.
See “Configuring IP addresses” on page 169.
ip addr modify Modifies an IP protocol address used by the cluster. You can change both the physical IP addresses and virtual IP addresses. If you change the virtual IP address it terminates the NFS connection on oldipaddr. See “Configuring IP addresses” on page 169. Configuring Symantec FileStore network settings 169 Configuring IP addresses
Table 5-4 IP commands (continued)
Command Definition
ip addr del Deletes an IP protocol address from the cluster. You can delete physical IP addresses only if they are not being used by any interface of the cluster. You can also delete virtual IP addresses, except for the console IP address. When you add or delete an IP address from the cluster, the cluster automatically evens out the number of virtual IP addresses on each node. See “Configuring IP addresses” on page 169.
Configuring IP addresses To configure your IP addresses, perform the following commands. To display all the IP addresses for the cluster
◆ To display all of a cluster's IP addresses, enter the following:
Network> ip addr show IP Netmask Device Node Type Status ------10.182.107.53 255.255.240.0 pubeth0 sfs_1 Physical 10.182.107.54 255.255.240.0 pubeth1 sfs_1 Physical 10.182.107.55 255.255.240.0 pubeth0 sfs_2 Physical 10.182.107.56 255.255.240.0 pubeth1 sfs_2 Physical 10.182.107.65 255.255.240.0 pubeth0 sfs_1 Virtual ONLINE (Con IP) 10.182.107.201 255.255.240.0 pubeth0 sfs_2 Virtual ONLINE 10.182.107.202 255.255.240.0 pubeth0 sfs_1 Virtual ONLINE 10.182.107.203 255.255.240.0 pubeth1 sfs_2 Virtual ONLINE 10.182.107.204 255.255.240.0 pubeth1 sfs_1 Virtual ONLINE
The output headings are:
IP Displays the IP addresses for the cluster.
Netmask Displays the netmask for the IP address.
Device Displays the name of the Ethernet interface for the IP address.
Node Displays the node name associated with the interface.
Type Displays the type of the IP address: physical or virtual. 170 Configuring Symantec FileStore network settings Configuring IP addresses
Status Displays the status of the IP addresses:
■ ONLINE ■ ONLINE (console IP) ■ OFFLINE ■ FAULTED
A virtual IP can be in the FAULTED state if it is already being used. It can also be in the FAULTED state if the corresponding device is not working on all nodes in the cluster (for example, a disconnected cable). Configuring Symantec FileStore network settings 171 Configuring IP addresses
To add an IP address to a cluster
◆ To add an IP address to a cluster, enter the following:
Network> ip addr add ipaddr netmask type [device]
ipaddr Specifies the IP address to add to the cluster. Do not use physical IP addresses to access the FileStore cluster. In case of failure, the IP addresses cannot move between nodes. A failure could be either a node failure, an Ethernet interface failure, or storage failure.
netmask Specifies the netmask for the IP address.
type Specifies the IP type, either virtual or physical.
device Only use this option if you entered virtual for the type.
For example, to add a virtual IP address on a normal device, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0 SFS ip addr Success V-288-0 ip addr add successful.
For example, to add a virtual IP address on a bond device, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0 SFS ip addr Success V-288-0 ip addr add successful.
For example, to add a virtual IP address on a VLAN device created over a normal device with VLAN ID 3, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0.3 SFS ip addr Success V-288-0 ip addr add successful.
For example, to add a virtual IP address on a VLAN device created over a bond device with VLAN ID 3, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0.3 SFS ip addr Success V-288-0 ip addr add successful. 172 Configuring Symantec FileStore network settings Configuring IP addresses
To change an IP address to the online mode on a specified node
◆ To change an IP address to the online mode on a specified node, enter the following:
Network> ip addr online ipaddr nodename
ipaddr Specifies the IP address that needs to be brought online.
nodename Specifies the nodename on which the IP address needs to be brought online. If you do not want to enter a specific nodename, enter any with the IP address.
For example:
Network> ip addr online 10.10.10.15 node5_2 Network> ip addr show IP Netmask Device Node Type Status ------10.216.114.212 255.255.248.0 pubeth0 node5_1 Physical 10.216.114.213 255.255.248.0 pubeth1 node5_1 Physical 10.216.114.214 255.255.248.0 pubeth0 node5_2 Physical 10.216.114.215 255.255.248.0 pubeth1 node5_2 Physical 10.216.114.217 255.255.248.0 pubeth0 node5_1 Virtual ONLINE (Con IP) 10.10.10.10 255.255.248.0 pubeth0 node5_1 Virtual ONLINE 10.10.10.11 255.255.248.0 pubeth1 node5_1 Virtual ONLINE 10.10.10.12 255.255.248.0 pubeth0 node5_2 Virtual ONLINE 10.10.10.13 255.255.248.0 pubeth1 node5_2 Virtual ONLINE 10.10.10.15 255.255.248.0 pubeth0 node5_2 Virtual ONLINE Configuring Symantec FileStore network settings 173 About configuring Ethernet interfaces
To modify an IP address
◆ To modify an IP address, enter the following:
Network> ip addr modify oldipaddr newipaddr netmask
oldipaddr Specifies the old IP address to be modified.
newipaddr Specifies what the new IP address will be.
netmask Specifies the netmask for the new IP address.
If the specified oldipaddr is not assigned to the cluster, an error message is displayed. If you enter an invalid IP address (one that is not four bytes or has a byte value greater than 255), an error message is displayed. If the new IP address is already being used, an error message is displayed. For example:
Network> ip addr modify 10.10.10.15 10.10.10.16 255.255.240.0 SFS ip addr Success V-288-0 ip addr modify successful.
To remove an IP address from the cluster
◆ To remove an IP address from the cluster, enter the following:
Network> ip addr del ipaddr
where ipaddr is the IP address to remove from the cluster. For example:
Network> ip addr del 10.10.10.15 SFS ip addr Success V-288-0 ip addr del successful.
About configuring Ethernet interfaces You can display and change the public Ethernet interfaces (for example, pubeth0 and pubeth1) whether a link is up or down, and the Ethernet interface's Maximum Transmission Unit (MTU) value. 174 Configuring Symantec FileStore network settings Displaying current Ethernet interfaces and states
Table 5-5 Ethernet interface commands
Command Definition
ip link show Displays each Ethernet interface's (device) status, if it connected to each node in the cluster, the speed, MTU, and MAC address. Note: Any Ethernet interfaces excluded during the initial FileStore installation are not displayed.
See “Displaying current Ethernet interfaces and states” on page 174.
ip link set Changes the network Ethernet interface's attributes or states. See “Configuring Ethernet interfaces” on page 175.
Displaying current Ethernet interfaces and states To display current Ethernet interfaces and states
◆ To display current configurations, enter the following:
Network> ip link show [nodename] [device]
nodename Specifies which node of the cluster to display the attributes. Enter all to display all IP links.
device Specifies which Ethernet interface on the node to display the attributes.
Network> ip link show sfs_1 pubeth0
Nodename Device Status MTU Detect Speed HWaddr ------sfs_01 pubeth0 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:f3
To display all configurations, enter the following:
Network> ip link show
Nodename Device Status MTU Detect Speed HWaddr ------sfs_01 pubeth0 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:f3 sfs_01 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:fd sfs_02 pubeth0 UP 1500 yes 100Mb/s 00:0c:29:da:c9:e2 sfs_02 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:da:c9:ec Configuring Symantec FileStore network settings 175 Configuring Ethernet interfaces
Configuring Ethernet interfaces To change an Ethernet interface
◆ To change an Ethernet interface's configuration, enter the following:
Network> ip link set nodename device operation [argument]
nodename Specifies which node of the cluster to configure. If the node specified is not part of the cluster, then an error message is displayed. To configure all nodes at once, use the all option in the nodename field.
device Specifies the Ethernet interface to configure. If you enter an Ethernet interface that cannot be configured, an error message is displayed.
operation Enter one of the following operations:
■ up - Brings the Ethernet interface online. ■ down - Brings the Ethernet interface offline. ■ mtu MTU - Changes the Ethernet interface's Maximum Transmission Unit (MTU) to the value that is specified in the argument field.
argument The argument field is used only when you enter mtu in the operation field. Setting the incorrect MTU value causes the console IP to become unavailable. The argument field specifies what the MTU of the specified Ethernet interface on the specified node should be changed to. The MTU value must be an unsigned integer between 46 and 9216. If you enter the argument field, but do not enter an MTU in the operation field, the argument is ignored.
Network> ip link set all pubeth0 mtu 1600
sfs_01 : mtu updated on pubeth0 sfs_02 : mtu updated on pubeth0
Network> ip link show 176 Configuring Symantec FileStore network settings About configuring routing tables
Nodename Device Status MTU Detect Speed HWaddr ------sfs_01 pubeth0 UP 1600 yes 100Mb/s 00:0c:29:a8:9d:f3 sfs_01 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:a8:9d:fd sfs_02 pubeth0 UP 1600 yes 100Mb/s 00:0c:29:da:c9:e2 sfs_02 pubeth1 UP 1500 yes 100Mb/s 00:0c:29:da:c9:ec
About configuring routing tables Sometimes an FileStore cluster must communicate with network services (for example, LDAP) using specific gateways in the public network. In these cases, you must define routing table entries. These entries consist of the following:
■ The target network node's IP address and accompanying netmask.
■ Gateway’s IP address.
■ Optionally, a specific Ethernet interface via which to communicate with the target. This is useful, for example, if the demands of multiple remote clients are likely to exceed a single gateway’s throughput capacity.
You add or remove routing table entries using the Network> ip route command. Table 5-6 lists the commands used to configure the routing tables of the nodes in the cluster.
Table 5-6 Routing table commands
Command Definition
route show Displays the routing table of the nodes in the cluster. You can enter a specific nodename or use all to display the routing tables for all nodes in the cluster. See “Configuring routing tables” on page 178. Configuring Symantec FileStore network settings 177 About configuring routing tables
Table 5-6 Routing table commands (continued)
Command Definition route add Adds a new route for the cluster. The routing table contains information about paths to other networked nodes. You can make routing table changes on each node of the cluster. Use all for the nodename to add the route to all of the nodes in the cluster. Use a netmask value of 255.255.255.255 for the netmask to add a host route to ipaddr. Use a value of 0.0.0.0 for the gateway to add a route that does not use any gateway. The dev device is an optional argument.
Use any of the public Ethernet interfaces for the device, for example, pubeth0, pubeth1, or any. See “Configuring routing tables” on page 178. route del Deletes a route used by the cluster. Use all for nodename to delete the route from all of the nodes in the cluster. The combination of ipaddr and netmask specifies the network or host for which the route is deleted. Use a value of 255.255.255.255 for the netmask to delete a host route to ipaddr. See “Configuring routing tables” on page 178. 178 Configuring Symantec FileStore network settings Configuring routing tables
Configuring routing tables To display the routing tables of the nodes in the cluster
◆ To display the routing tables of the nodes in the cluster, enter the following:
Network> ip route show [nodename]
where nodename is the node whose routing tables you want to display. To see the routing table for all of the nodes in the cluster, enter all. For example:
Network> ip route show all
sfs_01 ------Destination Gateway Genmask Flags MSS Window irtt Iface 172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0
sfs_02 ------Destination Gateway Genmask Flags MSS Window irtt Iface 172.27.75.0 0.0.0.0 255.255.255.0 U 0 0 0 priveth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth0 10.182.96.0 0.0.0.0 255.255.240.0 U 0 0 0 pubeth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.182.96.1 0.0.0.0 UG 0 0 0 pubeth0
Destination Displays the destination network or destination host for which the route is defined.
Gateway Displays a network node equipped for interfacing with another network.
Genmask Displays the netmask. Configuring Symantec FileStore network settings 179 Configuring routing tables
Flags The flags are as follows: U - Route is up H - Target is a host G - Use gateway
MSS Displays maximum segment size. The default is 0. You cannot modify this attribute.
Window Displays the maximum amount of data the system accepts in a single burst from the remote host. The default is 0. You cannot modify this attribute. irtt Displays the initial round trip time with which TCP connections start. The default is 0. You cannot modify this attribute.
Iface Displays the interface. On UNIX systems, the device name lo refers to the loopback interface.
To add to the route table
◆ To add a route entry to the routing table of nodes in the cluster, enter the following:
Network> ip route add nodename ipaddr netmask via gateway [dev device]
nodename Specifies the node to whose routing table the route is to be added. To add a route path to all the nodes, use all in the nodename field. If you enter a node that is not a part of the cluster, an error message is displayed.
ipaddr Specifies the destination of the IP address. If you enter an invalid IP address, then a message notifies you before you fill in other fields.
netmask Specifies the netmask associated with the IP address that is entered for the ipaddr field. Use a netmask value of 255.255.255.255 for the netmask to add a host route to ipaddr.
via This is a required field. You must type in the word. 180 Configuring Symantec FileStore network settings Configuring routing tables
gateway Specifies the gateway IP address used for the route. If you enter an invalid gateway IP address, then an error message is displayed. To add a route that does not use a gateway, enter a value of 0.0.0.0.
dev Specifies the route device option. You must type in the word.
dev device Specifies which Ethernet interface on the node the route path is added to. This variable is optional. You can specify the following values:
■ any - Default ■ pubeth0 - Public Ethernet interface ■ pubeth1 - Public Ethernet interface
The Ethernet interface field is required only when you specify dev in the dev field.
If you omit the dev and device fields, FileStore uses a default Ethernet interface.
For example:
Network> ip route add sfs_01 10.10.10.10 255.255.255.255 via 0.0.0.0 dev pubeth0 sfs_01: Route added successfully Configuring Symantec FileStore network settings 181 About LDAP
To delete route entries from the routing tables of nodes in the cluster
◆ To delete route entries from the routing tables of nodes in the cluster, enter the following:
Network> ip route del nodename ipaddr netmask
nodename Specify the node from which the node is deleted. To delete the route entry from all nodes, use the all option in this field.
ipaddr Specifies the destination IP address of the route entry to be deleted. If you enter an invalid IP address a message notifies you before you enter other fields.
netmask Specifies the IP address to be used.
For example:
Network> ip route del sfs_01 10.216.128.0 255.255.255.255 sfs_01: Route deleted successfully
About LDAP The Lightweight Directory Access Protocol (LDAP) is the protocol used to communicate with LDAP servers. The LDAP servers are the entities that perform the service. In FileStore the most common use of LDAP is user authentication. For sites that use an LDAP server for access or authentication, FileStore provides a simple LDAP client configuration interface.
Before configuring LDAP settings Before you configure FileStore LDAP settings, obtain the following LDAP configuration information from your system administrator:
■ IP address or host name of the LDAP server. You also need the port number of the LDAP server.
■ Base (or root) distinguished name (DN), for example, cn=employees,c=us. LDAP database searches start here. 182 Configuring Symantec FileStore network settings About configuring LDAP server settings
■ Bind distinguished name (DN) and password, for example, ou=engineering,c=us. This allows read access to portions of the LDAP database to search for information.
■ Base DN for users, for example, ou=users,dc=com. This allows access to the LDAP directory to search for and authenticate users.
■ Base DN for groups, for example, ou=groups,dc=com. This allows access to the LDAP database, to search for groups.
■ Root bind DN and password. This allows write access to the LDAP database, to modify information, such as changing a user's password.
■ Secure Sockets Layer (SSL). Configures an FileStore cluster to use the Secure Sockets Layer (SSL) protocol to communicate with the LDAP server.
■ Password hash algorithm, for example md5, if a specific password encryption method is used with your LDAP server. The following sections describe how to configure LDAP:
■ See “Configuring LDAP server settings” on page 184.
■ See “Administering the FileStore cluster's LDAP client” on page 189.
About configuring LDAP server settings Table 5-7 lists the LDAP commands used to configure the LDAP server settings.
Table 5-7 LDAP commands
Command Definition
set basedn Sets the base DN value for the LDAP server. Note: Setting the base DN for the LDAP server is required.
See “Configuring LDAP server settings” on page 184.
set server Sets the hostname or IP address for the LDAP server. See “Configuring LDAP server settings” on page 184.
set port Sets the port number for the LDAP server. See “Configuring LDAP server settings” on page 184. Configuring Symantec FileStore network settings 183 About configuring LDAP server settings
Table 5-7 LDAP commands (continued)
Command Definition set ssl Configures an FileStore cluster to use the Secure Sockets Layer (SSL) protocol to communicate with the LDAP server. If your LDAP server does not use SSL for authentication, sets this value to off (the default value). Consult your system administrator for confirmation. If your LDAP server supports SSL, you must set SSL to on. This setting is mandatory. The certificates that are required for SSL are auto-negotiated with the LDAP server when the session is established. See “Configuring LDAP server settings” on page 184. set binddn Sets the bind Distinguished Name (DN) and its password for the LDAP server. This DN is used to bind with the LDAP server for read access. For LDAP authentication, most attributes need read access. Note: Use the LDAP server password. Contact your Network Administrator for assistance.
See “Configuring LDAP server settings” on page 184. set rootbinddn Sets the LDAP root bind DN and its password. This DN is used to bind with the LDAP server for write access to the LDAP directory. This setting is not required for authentication. To change some attributes of an LDAP entry, the root bind DN is required. For example, if a root user wants to change a user's password, the root user must have administrative privileges to write to the LDAP directory. Note: Use the LDAP server password. Contact your Network Administrator for assistance.
See “Configuring LDAP server settings” on page 184. set users-basedn Sets the LDAP users, groups, and netgroups base Distinguished Name (DN). PAM/NSS uses this DN to search LDAP groups. set groups-basedn Note: You must set the LDAP users, groups, and netgroups base DN. set See “Configuring LDAP server settings” on page 184. netgroups-basedn 184 Configuring Symantec FileStore network settings Configuring LDAP server settings
Table 5-7 LDAP commands (continued)
Command Definition
set password-hash Sets the LDAP password hash algorithm used when you set or change the LDAP user's password. The password is encrypted with the configured hash algorithm before it is sent to the LDAP server and stored in the LDAP directory. Note: Setting the LDAP password hash algorithm is optional.
See “Configuring LDAP server settings” on page 184.
get Displays the configured LDAP settings. See “Configuring LDAP server settings” on page 184.
clear Clears a configured setting. See “Configuring LDAP server settings” on page 184.
Configuring LDAP server settings You can set the LDAP base Distinguished Name (base DN). LDAP records are structured in a hierarchical tree. You access records through a particular path, in this case, a Distinguished Name, or DN. The base DN indicates where in the LDAP directory hierarchy you want to start your search.
Note: For FileStore to access an LDAP directory service, you must specify the LDAP server DNS name or IP address.
To set the base DN for the LDAP server
◆ To set the base DN for the LDAP server, enter the following:
Network> ldap set basedn value
where value is the LDAP base DN in the following format:
dc=yourorg,dc=com
For example:
Network> ldap set basedn dc=example,dc=com OK Completed Configuring Symantec FileStore network settings 185 Configuring LDAP server settings
To set the LDAP server hostname or IP address
◆ To set the LDAP server hostname or IP address, enter the following:
Network> ldap set server value
where value is the LDAP server hostname or IP address. For example:
Network> ldap set server ldap-server.example.com OK Completed
For example, if you enter an IP address for the value you get the following message:
Network> ldap set server 10.10.10.10 OK Completed
To set the LDAP server port number
◆ To set the LDAP server port number, enter the following:
Network> ldap set port value
where value is the LDAP server port number. For example:
Network> ldap set port 555 OK Completed
To set FileStore to use LDAP over SSL
◆ To set FileStore to use LDAP over SSL, enter the following:
Network> ldap set ssl {on|off}
For example:
Network> ldap set ssl on OK Completed 186 Configuring Symantec FileStore network settings Configuring LDAP server settings
To set the bind DN for the LDAP server
◆ To set the bind DN for the LDAP server, enter the following:
Network> ldap set binddn value
where value is the LDAP bind DN in the following format:
cn=binduser,dc=yourorg,dc=com
The value setting is mandatory. You are prompted to supply a password. You must use your LDAP server password. For example:
Network> ldap set binddn cn Enter password for 'cn': *** OK Completed
To set the root bind DN for the LDAP server
◆ To set the root bind DN for the LDAP server, enter the following:
Network> ldap set rootbinddn value
where value is the LDAP root bind DN in the following format:
cn=admin,dc=yourorg,dc=com
You are prompted to supply a password. You must use your LDAP server password. For example:
Network> ldap set rootbinddn dc Enter password for 'dc': *** OK Completed Configuring Symantec FileStore network settings 187 Configuring LDAP server settings
To set the LDAP users, groups, or netgroups base DN
◆ To set the LDAP users, groups, or netgroups base DN, enter the following:
Network> ldap set users-basedn value
Network> ldap set groups-basedn value
Network> ldap set netgroups-basedn value
users-basedn value Specifies the value for the users-basedn. For example:
ou=users,dc=example,dc=com (default)
groups-basedn Specifies the value for the groups-basedn. For example: value ou=groups,dc=example,dc=com (default)
netgroups-basedn Specifies the value for the netgroups-basedn. For example: value ou=netgroups,dc=example,dc=com (default)
For example:
Network> ldap set users-basedn ou=Users,dc=example,dc=com OK Completed
To set the password hash algorithm
◆ To set the password hash algorithm, enter the following:
Network> ldap set password-hash {clear|crypt|md5}
For example:
Network> ldap set password-hash clear OK Completed 188 Configuring Symantec FileStore network settings About administering FileStore cluster's LDAP client
To display the LDAP configured settings
◆ To display the LDAP configured settings, enter the following:
Network> ldap get {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash}
For example:
Network> ldap get server LDAP server: ldap-server.example.com OK Completed
To clear the LDAP setting
◆ To clear the previously configured LDAP setting, enter the following:
Network> ldap clear {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash}
For example:
Network> ldap clear binddn OK Completed
About administering FileStore cluster's LDAP client You can display the Lightweight Directory Access Protocol (LDAP) client configurations. LDAP clients use the LDAPv3 protocol to communicate with the server.
Table 5-8 LDAP client commands
Command Definition
ldap show Displays the FileStore cluster's LDAP client configuration. See “Administering the FileStore cluster's LDAP client” on page 189.
ldap enable Enables the LDAP client configuration. See “Administering the FileStore cluster's LDAP client” on page 189.
ldap disable Disables the LDAP client configuration. This command stops FileStore from querying the LDAP service. See “Administering the FileStore cluster's LDAP client” on page 189. Configuring Symantec FileStore network settings 189 Administering the FileStore cluster's LDAP client
Administering the FileStore cluster's LDAP client To display the LDAP client configuration
◆ To display the LDAP client configuration, enter the following:
Network> ldap show [users|groups|netgroups]
users Displays the LDAP users that are available in the Name Service Switch (NSS) database.
groups Displays the LDAP groups that are available in the NSS database.
netgroups Displays the LDAP netgroups that are available in the NSS database.
If you do not include one of the optional variables, the command displays all the configured settings for the LDAP client. For example:
Network> ldap show LDAP client is enabled. ======LDAP server: ldap_server LDAP port: 389 (default) LDAP base DN: dc=example,dc=com LDAP over SSL: on LDAP bind DN: cn=binduser,dc=example,dc=com LDAP root bind DN: cn=admin,dc=example,dc=com LDAP password hash: md5 LDAP users base DN: ou=Users,dc=example,dc=com LDAP groups base DN: ou=Groups,dc=example,dc=com LDAP netgroups base DN: ou=Netgroups,dc=example,dc=com OK Completed 190 Configuring Symantec FileStore network settings About NIS
To enable the LDAP client configuration
◆ To enable the LDAP client configuration, enter the following:
Network> ldap enable
For example:
Network> ldap enable
LDAP clients use the LDAPv3 protocol for communicating with the server. Enabling the LDAP client configures the Pluggable Authentication Module (PAM) files to use LDAP. PAM is the standard authentication framework for Linux. To disable the LDAP client configuration
◆ To disable the LDAP client configuration, enter the following:
Network> ldap disable
For example:
Network> ldap disable
LDAP clients use the LDAPv3 protocol for communicating with the server. This command configures the PAM configuration files so that they do not use LDAP.
About NIS FileStore supports Network Information Service (NIS), implemented in a NIS server, as an authentication authority. You can use NIS to authenticate computers. If your environment uses NIS, enable the NIS-based authentication on the FileStore cluster.
Table 5-9 NIS commands
Command Definition
nis show Displays the NIS server name, domain name, the NIS users, groups, and netgroups that are available in the NIS database. See “Configuring the NIS-related commands” on page 191.
nis set Sets the NIS domain name in the FileStore cluster. domainname See “Configuring the NIS-related commands” on page 191. Configuring Symantec FileStore network settings 191 Configuring the NIS-related commands
Table 5-9 NIS commands (continued)
Command Definition
nis set servername Sets the NIS server name in the FileStore cluster. See “Configuring the NIS-related commands” on page 191.
nis enable Enables the NIS clients in the FileStore cluster. You must set the NIS domain name and NIS server name before you can enable NIS. See “Configuring the NIS-related commands” on page 191.
nis disable Disables the NIS clients in the FileStore cluster. See “Configuring the NIS-related commands” on page 191.
Configuring the NIS-related commands To display NIS-related settings
◆ To display NIS-related settings, enter the following:
Network> nis show [users|groups|netgroups]
users Displays the NIS users that are available in the FileStore cluster's NIS database.
groups Displays the NIS groups that are available in the FileStore cluster's NIS database.
netgroups Displays the NIS netgroups that are available in the FileStore cluster's NIS database.
For example:
Network> nis show NIS Status : Disabled domain : NIS Server : 192 Configuring Symantec FileStore network settings Configuring the NIS-related commands
To set the NIS domain name on all nodes in the cluster
◆ To set the NIS domain name on the cluster nodes, enter the following:
Network> nis set domainname [domainname]
where domainname is the domain name. For example:
Network> nis domainname domain_1 Setting domainname: "domain_1"
To set NIS server name on all nodes in the cluster
◆ To set the NIS server name on all cluster nodes, enter the following:
Network> nis set servername servername
where servername is the NIS server name. You can use the server's name or IP address. For example:
Network> nis servername 10.10.10.10 Setting NIS Server "10.10.10.10"
To enable NIS clients
◆ To enable NIS clients, enter the following:
Network> nis enable
For example:
Network> nis enable Enabling NIS Client on all the nodes..... Done. Please enable NIS in nsswitch settings for required services.
To view the new settings, enter the following:
Network> nis show NIS Status : Enabled domain : domain_1 NIS Server : 10.10.10.10 Configuring Symantec FileStore network settings 193 About NSS
To disable NIS clients
◆ To disable NIS clients, enter the following:
Network> nis disable
For example:
Network> nis disable Disabling NIS Client on all nodes Please disable NIS in nsswitch settings for required services.
About NSS Name Service Switch (NSS) is an FileStore cluster service which provides a single configuration location to identify the services (such as NIS or LDAP) for network information such as hosts, groups, or passwords. For example, host information may be on an NIS server. Group information may be in an LDAP database. The NSS configuration specifies which network services the FileStore cluster should use to authenticate hosts, users, groups, and netgroups. The configuration also specifies the order in which multiple services should be queried.
Table 5-10 NSS commands
Command Definition
nsswitch show Displays the NSS configuration. See “Configuring NSS lookup order” on page 194.
nsswitch conf Configures the order of the NSS services. See “Configuring NSS lookup order” on page 194. 194 Configuring Symantec FileStore network settings Configuring NSS lookup order
Configuring NSS lookup order To display the NSS configuration
◆ To display the NSS configuration, enter the following:
Network> nsswitch show group: files nis winbind ldap hosts: files nis dns netgroup: nis passwd: files nis winbind ldap shadow: files winbind
To configure the NSS lookup order
◆ To configure the NSS lookup order, enter the following:
Network> nsswitch conf {group|hosts|netgroups|passed|shadow} value1 [[value2]] [[value3]] [[value4]]
group Selects the group file.
hosts Selects the hosts file.
netgroups Selects the netgroups file.
passed Selects the password.
shadow Selects the shadow file.
value Specifies the following NSS lookup order with the following values:
■ value1 (required)- { files/nis/winbind/ldap } ■ value2 (optional) - { files/nis/winbind/ldap } ■ value3 (optional) - { files/nis/winbind/ldap } ■ value4 (optional) - { files/nis/winbind/ldap }
For example:
Network> nsswitch conf shadow files ldap Network> nsswitch show group: files nis winbind ldap hosts: files nis dns netgroup: nis passwd: files nis winbind ldap shadow: files ldap Configuring Symantec FileStore network settings 195 About VLAN interfaces
To select DNS, you must use the following command:
Network> nsswitch conf hosts
nsswitch conf hosts
value1 : Choose the type (files) (files) value2 : Type the type (files/nis/dns) [] value3 : Type the type (files/nis/dns) []
About VLAN interfaces The virtual LAN (VLAN) feature lets you create VLAN interfaces on the FileStore nodes and administer them as any other VLAN interfaces. The VLAN interfaces are created using Linux support for VLAN interfaces.
Use the Network> vlan commands to view, add, or delete VLAN interfaces.
Note: To use VLAN, your network must have VLAN-supported switches.
Table 5-11 VLAN commands
Command Definition
vlan show Displays the VLAN interfaces. See “Configuring VLAN interfaces” on page 196.
vlan add Adds a VLAN interface. See “Configuring VLAN interfaces” on page 196.
vlan del Deletes a VLAN interface. See “Configuring VLAN interfaces” on page 196. 196 Configuring Symantec FileStore network settings Configuring VLAN interfaces
Configuring VLAN interfaces To display the VLAN interfaces
◆ To display the VLAN interfaces, enter the following:
Network> vlan show
For example:
VLAN DEVICE VLAN id ------pubeth0.2 pubeth0 2
To add a VLAN interface
◆ To add a VLAN interface, enter the following:
Network> vlan add device vlan_id
device Specifies the VLAN interface on which the VLAN interfaces will be added.
vlan_id Specifies the VLAN ID which the new VLAN interface uses. Valid values range from 1 to 4095.
For example:
Network> vlan add pubeth1 2 Network> vlan show
VLAN DEVICE VLAN id ------pubeth0.2 pubeth0 2 pubeth1.2 pubeth1 2 Configuring Symantec FileStore network settings 197 Configuring VLAN interfaces
To delete a VLAN interface
◆ To delete a VLAN interface, enter the following:
Network> vlan del vlan_device
where the vlan_device is the VLAN name from the Network> vlan show command. For example:
Network> vlan del pubeth0.2 Network> vlan show
VLAN DEVICE VLAN id ------pubeth1.2 pubeth1 2 198 Configuring Symantec FileStore network settings Configuring VLAN interfaces Chapter 6
Configuring your NFS server
This chapter includes the following topics:
■ About NFS server commands
■ Accessing the NFS server
■ Displaying NFS statistics
■ Displaying file systems and snapshots that can be exported
About NFS server commands The clustered NFS Server provides file access services to UNIX and Linux client computers via the Network File System (NFS) protocol. You use the NFS commands to start and stop your NFS server. See Table 6-1 on page 199.
Note: For the NFS> share commands, see the section referenced below.
See “About NFS file sharing” on page 205. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter NFS> mode. See “About using the FileStore command-line interface” on page 31.
Table 6-1 NFS mode commands
Command Definition
server status Displays the status of the NFS server. See “Accessing the NFS server” on page 200. 200 Configuring your NFS server Accessing the NFS server
Table 6-1 NFS mode commands (continued)
Command Definition
server start Starts the NFS server. See “Accessing the NFS server” on page 200.
server stop Stops the NFS server. See “Accessing the NFS server” on page 200.
stat Prints the NFS statistics. See “Displaying NFS statistics” on page 202.
show fs Displays all of the online file systems and snapshots that can be exported. See “Displaying file systems and snapshots that can be exported” on page 203.
Accessing the NFS server To check on the NFS server status
◆ Prior to starting the NFS server, check on the status of the server by entering:
NFS> server status
For example:
NFS> server status NFS Status on sfs_01 : OFFLINE NFS Status on sfs_02 : OFFLINE
The states (ONLINE, OFFLINE, and FAULTED) correspond to each FileStore node identified by the node name. The states of the node may vary depending on the situation for that particular node.
The possible states of the NFS> server status command are:
ONLINE Indicates that the node can serve NFS protocols to the client.
OFFLINE Indicates the NFS services on that node are down.
FAULTED Indicates something is wrong with the NFS service on the node.
You can run the NFS> server start command to restart the NFS services, and only the nodes where NFS services have problems, will be restarted. Configuring your NFS server 201 Accessing the NFS server
To start the NFS server
◆ To start the NFS server, enter the following:
NFS> server start
You can use the NFS> server start command to clear an OFFLINE state from the NFS> server status output by only restarting the services that are offline. You can run the NFS> server start command multiple times without it affecting the already-started NFS server. For example:
NFS> server start ..Success.
Run the NFS> server status command again to confirm the change.
NFS> server status NFS Status on sfs_01 : ONLINE NFS Status on sfs_02 : ONLINE
To stop the NFS server
◆ To stop the NFS server, enter the following:
NFS> server stop
For example:
NFS> server stop ..Success.
You will receive an error if you try to stop an already stopped NFS server. 202 Configuring your NFS server Displaying NFS statistics
Displaying NFS statistics To display statistics for all the nodes in the cluster on the NFS server
◆ To display NFS statistics, enter the following:
NFS> stat [nodename]
where nodename specifies the node name for which you are trying to obtain the statistical information. If the nodename is not specified, statistics for all the nodes in the cluster are displayed. For example:
NFS> stat sfs_01 sfs_01 ------Server rpc stats: calls badcalls badauth badclnt xdrcall 52517 0 0 0 0
Server nfs v2: null getattr setattr root lookup readlink 10 100% 0 0% 0 0% 0 0% 0 0% 0 0% read wrcache write create remove rename 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% link symlink mkdir rmdir readdir fsstat 0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
Server nfs v3: null getattr setattr lookup access readlink 11 0% 17973 35% 0 0% 5951 11% 6997 13% 1034 2% read write create mkdir symlink mknod 4138 8% 4137 8% 3251 6% 1255 2% 1034 2% 0 0% remove rmdir rename link readdir readdirplus 0 0% 1 0% 0 0% 0 0% 0 0% 1361 2% fsstat fsinfo pathconf commit 0 0% 2 0% 0 0% 3067 6% Configuring your NFS server 203 Displaying file systems and snapshots that can be exported
Displaying file systems and snapshots that can be exported To display a file system and snapshots that can be exported
◆ To display online file systems and the snapshots that can be exported, enter the following:
NFS> show fs
For example:
NFS> show fs FS/Snapshot ======fs1 204 Configuring your NFS server Displaying file systems and snapshots that can be exported Chapter 7
Creating and maintaining NFS shares
This chapter includes the following topics:
■ About NFS file sharing
■ Displaying exported directories
■ Adding an NFS share
■ Sharing directories using CIFS and NFS protocols
■ Exporting an NFS snapshot
■ Unexporting a directory or deleting NFS options
About NFS file sharing The Network File System (NFS) protocol enables exported directories (including all files under the directory that reside on the exported directory's file system) hosted by an NFS server to be accessed by multiple UNIX and Linux client systems. Using NFS, a local system can mount and use a disk partition or file system from a remote system (an NFS server), as if it were local. The FileStore NFS server exports a directory , with selected permissions and options, and makes it available to NFS clients. The selected permissions and options can also be updated, to restrict or expand the permitted use. To remove sharing, unexport the NFS directory. The FileStore NFS service is clustered. The NFS clients continuously retry during a failover transition. Even if the TCP connection is broken for a short time, the 206 Creating and maintaining NFS shares Displaying exported directories
failover is transparent to NFS clients, and NFS clients regain access transparently as soon as the failover is complete. However, depending on client configuration and the nature of the failure, a client operation may time out, resulting in an error message such as: NFS server not responding, still trying.
You use NFS commands to export or unexport your directories. The NFS> share commands are defined in Table 7-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the NFS> mode. See “About using the FileStore command-line interface” on page 31.
Table 7-1 NFS mode commands
Command Definition
share show Display exported directories. See “Displaying exported directories” on page 206.
share add Export a directory. See “Adding an NFS share ” on page 207.
share delete Unexport a directory. See “Unexporting a directory or deleting NFS options” on page 214.
Displaying exported directories You can display the exported directories and the NFS options that are specified when the directory was exported. Creating and maintaining NFS shares 207 Adding an NFS share
To display exported directories
◆ To display exported directories, enter the following:
NFS> share show
For example:
NFS> share show /vx/fs2 * (sync) /vx/fs3 * (secure,ro,no_root_squash)
The command output displays two columns.
Left-hand column Displays the directory that was exported. For example:
/vx/fs2
Right-hand Displays the system that the directory is exported to, and the column NFS options with which the directory was exported. For example:
* (secure,ro,no_root_squash)
Adding an NFS share You can export an NFS share with the specified NFS options that can then be accessed by one or more client systems. The new NFS options are updated after the command is run. If you add a directory that has already been exported with a different NFS option (rw, ro, async, or secure, for example), FileStore provides a warning message saying that the directory has already been exported. FileStore updates (overwrite) the old NFS options with the new NFS options. Directory options appear in parentheses.
If a client was not specified when the NFS> share add command was used, then * is displayed as the system to be exported to, indicating that all clients can access the directory. Directories that have been exported to different clients appear as different entries. Directories that are exported to
For example: Consider the following set of exported directories where only the client (1.1.1.1) has read-write access to directory (fs2), while all other clients have read access only.
/vx/fs2 * (ro)
/vx/fs2 1.1.1.1 (rw)
When sharing a directory, FileStore does not check whether the client exists or not. If you add a share for an unknown client, then an entry appears in the NFS> show command output. If the directory (including the underlying file system) does not exist, you will not be able to export to any client. FileStore gives the following error:
SFS nfs ERROR V-288-1697 Directory /vx/fs1/export does not exist
You cannot export a non-existent directory. The NFS> show fs command displays the list of exportable file systems. Valid NFS options include the following:
rw Grants read and write permission to the directory (including all files under the directory that reside on the exported directory's file system). Hosts mounting this directory will be able to make changes to the directory.
ro (Default) Grants read-only permission to the directory. Hosts mounting this directory will not be able to change it.
sync (Default) Grants synchronous write access to the directory. Forces the server to perform a disk write before the request is considered complete.
async Grants asynchronous write access to the directory. Allows the server to write data to the disk when appropriate.
secure (Default) Grants secure access to the directory. Requires that clients originate from a secure port. A secure port is between 1-1024.
insecure Grants insecure access to the directory. Permits client requests to originate from unprivileged ports (those above 1024).
secure_locks Requires authorization of all locking requests. (Default) Creating and maintaining NFS shares 209 Adding an NFS share
insecure_locks Some NFS clients do not send credentials with lock requests, and therefore work incorrectly with secure_locks, in which case you can only lock world-readable files. If you have such clients, either replace them with better ones, or use the insecure_locks option. root_squash Prevents the root user on an NFS client from having root (Default) privileges on an NFS mount. This effectively "squashes" the power of the remote root user to the lowest local user, preventing remote root users from acting as though they were the root user on the local system. no_root_squash Disables the root_squash option. Allows root users on the NFS client to have root privileges on the NFS server. wdelay (Default) Causes the NFS server to delay writing to the disk if another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead. no_wdelay Disables the wdelay option. subtree_check Verifies that the requested file is in an exported subdirectory. If this option is turned off, the only verification is that the file is in an exported file system. no_subtree_check Sometimes subtree checking can produce problems when a (Default) requested file is renamed while the client has the file open. If many such situations are anticipated, it might be better to set no_subtree_check. One such situation might be the export of the home directory. Most other situations are best handled with subtree_check. fsid (Default) This option allows the FileStore administrator to associate a specific number as fsid with the share.
For example, you could issue the following commands:
NFS> share add rw,async /vx/fs2
NFS> share add rw,sync,secure,root_squash /vx/fs3 10.10.10.10
Note: With root_squash, the root user can access the share, but with 'nobody' permissions. 210 Creating and maintaining NFS shares Adding an NFS share
To export a directory/file system 1 To see your exportable online file systems and snapshots, enter the following:
NFS> show fs
For example:
NFS> show fs FS/Snapshot ======fs2 fs3
2 To see your NFS share options, enter the following:
NFS> share show
For example:
NFS> share show /vx/fs2 * (sync) /vx/fs3 * (secure,ro,no_root_squash)
3 To export a directory, enter the following command:
NFS> share add nfsoptions export_dir [client]
nfsoptions Comma-separated list of export options from the set.
export_dir Specifies the name of the directory you want to export. The directory name should start with /vx, and only a-zA-Z0-9_/@+=.:- characters are allowed for export_dir. Creating and maintaining NFS shares 211 Sharing directories using CIFS and NFS protocols
client Clients may be specified in the following ways:
■ Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address. ■ Netgroups - netgroups may be given as @group. Only the host part of each netgroup member is considered for checking membership. ■ IP networks - you can also simultaneously export directories to all hosts on an IP sub-network. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified as a contiguous mask length. If the client is not given, then the specified directory can be mounted or accessed by any client. To re-export new options to an existing share, the new options will be updated after the command is run.
Example using NFS options:
NFS> share add async /vx/fs1 Exporting *:/vx/fs1 with options async ..Success.
Sharing directories using CIFS and NFS protocols FileStore provides support for multi-protocol file sharing where the same directory (including all files under the directory that reside on the exported directory's file system) can be exported to both Windows and UNIX users using the CIFS and NFS protocols. The result is an efficient use of storage by sharing a single data set across multi-application platforms. Figure 7-1 shows how the directory sharing for the two protocols works. 212 Creating and maintaining NFS shares Sharing directories using CIFS and NFS protocols
Figure 7-1 Exporting and/or sharing CIFS and NFS directories
Shared Storage
File System FS1
2-node FileStore cluster Data access by Data access by CIFS protocol NFS protocol
Windows user UNIX user
Note: When a share is exported over both NFS and CIFS protocols, the applications running on the NFS and CIFS clients may attempt to concurrently read or write the same file. This may lead to unexpected results since the locking models used by these protocols are different. For example, an application reads stale data. For this reason, FileStore warns you when the share export is requested over NFS or CIFS and the same share has already been exported over CIFS or NFS, when at least one of these exports allows write access. Creating and maintaining NFS shares 213 Sharing directories using CIFS and NFS protocols
To export a directory to Windows and UNIX users 1 To export a directory to Windows and UNIX users with read-only and read-write permission respectively, go to CIFS mode and enter the following commands:
CIFS> show Name Value ------netbios name mycluster ntlm auth yes allow trusted domains no homedirfs idmap backend rid:10000-1000000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER CIFS> share add fs1 share1 ro Exporting CIFS filesystem : share1... CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,ro
2 Enter the NFS mode and enter the following commands:
CIFS> exit > nfs Entering share mode... NFS> share add rw fs1 SFS nfs WARNING V-288-0 Filesystem (fs1) is already shared over CIFS with 'ro' permission. Do you want to proceed (y/n): y Exporting *:/vx/fs1 with options rw ..Success. NFS> share show /vx/fs1 * (rw) 214 Creating and maintaining NFS shares Exporting an NFS snapshot
Exporting an NFS snapshot To export an NFS snapshot 1 To create an NFS snapshot, enter the following for example:
Storage> snapshot create fs5sp1 FS5
See “About snapshots” on page 246. 2 To export the NFS snapshot, enter the following for example:
NFS> share add rw /vx/FS5:fs5sp1
See “Adding an NFS share ” on page 207.
Unexporting a directory or deleting NFS options You can unexport the share of the exported directory.
Note: You will receive an error message if you try to remove a directory that does not exist.
To unexport a directory or delete NFS options 1 To see your existing exported resources, enter the following command:
NFS> share show
Only the directories that are displayed can be unexported. For example:
NFS> share show /vx/fs2 * (sync) /vx/fs3 * (secure,ro,no_root_squash)
2 To delete a directory from the export path, enter the following command:
NFS> share delete export_dir [client]
For example:
NFS> share delete /vx/fs3 Removing export path *:/vx/fs3 ..Success. Creating and maintaining NFS shares 215 Unexporting a directory or deleting NFS options
export_dir Specifies the name of the directory you want to delete. The directory name should start with /vx, and only a-zA-Z0-9_/@+=.:- characters are allowed in export_dir.
You cannot include single or double quotes that do not enclose characters.
NFS> share delete "*:/vx/example"
You cannot use one single quote or one double quote, as in the following example:
NFS> share delete ' "filesystem client Clients may be specified in the following ways:
■ Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address. ■ Netgroups - netgroups may be given as @group. Only the host part of each netgroup member is considered for checking membership. ■ IP networks - you can also simultaneously export directories to all hosts on an IP sub-network. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified as a contiguous mask length. If client is included, the directory is removed from the export path that was directed at the client. If a directory is being exported to a specific client, the NFS> share delete command must specify the client to remove that export path. If the client is not specified, then the specified directory can be mounted or accessed by any client. 216 Creating and maintaining NFS shares Unexporting a directory or deleting NFS options Chapter 8
Creating and maintaining file systems
This chapter includes the following topics:
■ About creating and maintaining file systems
■ Listing all file systems and associated information
■ About creating file systems
■ Creating a file system
■ Adding or removing a mirror from a file system
■ Adding or removing a column from a file system
■ Checking and resynchronizing stale mirrors
■ Configuring FastResync for a file system
■ Disabling the FastResync option for a file system
■ Increasing the size of a file system
■ Decreasing the size of a file system
■ Checking and repairing a file system
■ Changing the status of a file system
■ Defragmenting a file system
■ Destroying a file system
■ About snapshots 218 Creating and maintaining file systems About creating and maintaining file systems
■ About instant rollbacks
■ About setting up file system alerts for file system usage
■ About the Partition Secure Notification (PSN) feature
■ Upgrading a file system to the current layout for running deduplication
About creating and maintaining file systems This chapter discusses the FileStore file system commands. You use these commands to configure your file system.
For more information on the Storage> fs commands, see Table 8-1. File systems consist of both the metadata and the file system data. Metadata contains information such as the last modification date, creation time, permissions, and so on. The total amount of the space that is required for the metadata depends on the number of files in the file system. A file system with many small files requires more space to store metadata. A file system with fewer larger files requires less space for handling the metadata. When you create a file system, you need to set aside some space for handling the metadata. The space that is required is generally proportional to the size of the file system. For this reason, after you create the file system with the Storage> fs list command the output includes non-zero percentages. The space that is set aside to handle metadata may increase or decrease as needed. For example, a file system on a 1-GB volume takes approximately 35 MB (about 3%) initially to store metadata. In contrast, a file system of 10 MB requires approximately 3.3 MB (30%) initially for storing the metadata. File systems can be increased or decreased in size. Dynamic Storage Tiering (DST) functionality is also provided at the file system level. See “About FileStore Dynamic Storage Tiering (DST)” on page 472. Any file system can be enabled for both DAR and deduplication, but you have to enable DAR first, then deduplication. The reverse sequence is not supported See “Configuring data archive and retention” on page 135. See “Configuring file system deduplication” on page 143. To access the commands, log into the administrative console (as a master, system-admin, or storage-admin) and enter Storage> mode. See “About using the FileStore command-line interface” on page 31. Creating and maintaining file systems 219 About creating and maintaining file systems
Table 8-1 Storage mode commands
Command Definition fs list Lists all file systems and associated information. See “Listing all file systems and associated information” on page 222. fs create Creates a file system. See “About creating file systems” on page 226. fs addmirror Adds a mirror to a file system. See “Adding or removing a mirror from a file system” on page 230. fs rmmirror Removes a mirror from a file system. See “Adding or removing a mirror from a file system” on page 230. fs addcolumn Lets you add a column to a file system. See “Adding or removing a column from a file system” on page 232. fs rmcolumn Lets you remove a column from a file system. See “Adding or removing a column from a file system” on page 232. fs checkmirror Lets you check your file systems for stale mirrors. See “Checking and resynchronizing stale mirrors” on page 233. fs resync Lets you resynchronize any stale mirrors. See “Checking and resynchronizing stale mirrors” on page 233. fs checkresync Lets you display the resynchronization progress running in the background. See “Checking and resynchronizing stale mirrors” on page 233. resync Keeps the mirrors in the file system in a consistent state. See “Configuring FastResync for a file system” on page 235. fs setfastresync Enables the FastResync option for a file system. See “Configuring FastResync for a file system” on page 235. fs unsetfastresync Disables the FastResync option for a file system. See “Disabling the FastResync option for a file system” on page 236. fs growto Increases the size of a file system to a specified size. See “Increasing the size of a file system” on page 237. 220 Creating and maintaining file systems About creating and maintaining file systems
Table 8-1 Storage mode commands (continued)
Command Definition
fs growby Increases the size of a file system by a specified size. See “Increasing the size of a file system” on page 237.
fs shrinkto Decreases the size of a file system to a specified size. See “Decreasing the size of a file system” on page 239.
fs shrinkby Decreases the size of a file system by a specified size. See “Decreasing the size of a file system” on page 239.
fs fsck Checks and repairs a file system while the file system is offline. See “Checking and repairing a file system” on page 240.
fs alert Sets and unsets alerts by file system usage and displays current disk usage and alert values. See “About setting up file system alerts for file system usage” on page 269.
fs evpsn Sets and unsets the Enterprise Vault (EV) Partition Secure Notification (PSN) feature on the specified file system. See “About the Partition Secure Notification (PSN) feature” on page 272.
fs online Mounts (places online) a file system. See “Changing the status of a file system” on page 243.
fs offline Unmounts (places offline) a file system. See “Changing the status of a file system” on page 243.
fs destroy Destroys a file system. See “Destroying a file system” on page 246.
fs upgrade The deduplication feature does not work if the file system layout is not at the current version. See “Configuring file system deduplication” on page 143. This command upgrades the file system layout to the current version. The file system needs to be online for this command to proceed. You can find version information about the file system by using the Storage> fs list file_system_name command.
See “Upgrading a file system to the current layout for running deduplication” on page 274. Creating and maintaining file systems 221 About creating and maintaining file systems
Table 8-1 Storage mode commands (continued)
Command Definition snapshot Copies a set of files and directories as they were at a particular point in the past. See “About snapshots” on page 246. snapshot schedule Creates or remove a snapshot. See “About snapshot schedules” on page 252. 222 Creating and maintaining file systems Listing all file systems and associated information
Listing all file systems and associated information To list all file systems and associated information Creating and maintaining file systems 223 Listing all file systems and associated information
◆ To list all file systems and associated information, enter the following:
Storage> fs list [fs_name]
where fs_name is optional. If you enter a file system that does not exist, an error message is displayed. If you do not enter a specified file system, a list of file systems is displayed. For example: 224 Creating and maintaining file systems Listing all file systems and associated information
Storage> fs list alltask General Info: ======Block Size: 1024 Bytes Version: Version 8 Cluster5_01: online
Primary Tier ======Size: 40.00G Use%: 0% Layout: mirrored-stripe Mirrors: 2 Columns: 2 Stripe Unit: 512 K FastResync: Enabled
1. Mirror 01: List of pools: p03 List of disks: ams_wms0_12
2. Mirror 02: List of pools: p03 List of disks: ams_wms0_13
Secondary Tier ======Size: 40.00G Use%: 0% Layout: mirrored-stripe Mirrors: 2 Columns: 2 Stripe Unit: 512 K FastResync: Enabled
1. Mirror 01: List of pools: p03 List of disks: ams_wms0_12
2. Mirror 02: List of pools: p03 List of disks: ams_wms0_13
Defrag Status: Not Running Fullfsck Status: Not Running Resync Status: Creating and maintaining file systems 225 Listing all file systems and associated information
Tier 1, Mirror 02: 1.56% Start_time: Jun/20/2011/21:20:02 Work_time: 0:4:18 Remaining_time: 4:30:54 Tier 2, Mirror 02: 0.21% Start_time: Jun/20/2011/21:33:20 Work_time: 0:0:4 Remaining_time: 32:03 Rollsync Status: Rollback alltask_roll, Tier 1: 0.16% Start_time: Jun/20/2011/19:12:45 Work_time: 0:0:3
Remaining_time: 30:29 Rollback alltask_roll, Tier 2: 0.29% Start_time: Jun/20/2011/19:12:45 Work_time: 0:0:3 Remaining_time: 17:01 Relayout Status: Not Running 226 Creating and maintaining file systems About creating file systems
Storage> fs list fsrelayout General Info: ======Block Size: 1024 Bytes Version: Version 8 Cluster5_01: online
Primary Tier ======Size: 40.00G Use%: 0% Layout: striped-mirror Mirrors: 5 Columns: - Stripe Unit: K
List of pools: List of disks:
Secondary Tier ======Size: 40.00G Use%: 0% Layout: striped-mirror Mirrors: 5 Columns: - Stripe Unit: K
List of pools: List of disks:
Defrag Status: Not Running Fullfsck Status: Not Running Resync Status: Not Running Rollsync Status: Not Running Relayout Status: Tier 1: 0.04% Start_time: Jun/20/2011/21:48:02 Work_time: 0:26:36 Remaining_time: 1134:29:23 Tier 2: 9.44% Start_time: Jun/20/2011/21:48:28 Work_time: 0:26:10 Remaining_time: 4:11:01
About creating file systems
The Storage> fs commands manage file system operations. Creating and maintaining file systems 227 Creating a file system
Table 8-2 Create file systems commands
Command Definition
fs create simple Creates a simple file system of a specified size. You can specify a block size for the file system. The default block size is determined based on the size of the file system when the file system is created. For example, 1 KB is the default block size for up to a 2 TB file system size. Other default block sizes, 2 KB, 4 KB, and 8 KB are available for different ranges of file system sizes. If you create a 1 TB file system, and then increase it to 3 TB, the file system block size remains at 1KB. See “Creating a file system ” on page 227.
fs create mirrored Creates a mirrored file system with a specified number of mirrors, a list of pools, and online status. Each mirror uses the disks from the corresponding pools as listed. See “Creating a file system ” on page 227.
fs create Creates a mirrored-stripe file system with a specified number of mirrored-stripe columns, mirrors, pools, and protection options. See “Creating a file system ” on page 227.
fs create Creates a striped-mirror file system with a specified number of mirrors striped-mirror and stripes. See “Creating a file system ” on page 227.
fs create striped Creates a striped file system. A striped file system is a file system that stores its data across multiple disks rather than storing the data on one disk. See “Creating a file system ” on page 227.
Creating a file system After a file system is created, the file system reserves some space for internal logging. Internal logging provides additional data integrity. Due to the space that is reserved for internal logging, the file system may appear to be used immediately after file system creation. The space that is reserved for internal logging increases with the number of nodes in the FileStore cluster. Log file sizes for the file systems are as follows:
10 G to 100 G Log size = 60 M per node 228 Creating and maintaining file systems Creating a file system
100 G to 1 T Log size = 100 M per node
1 T and above Log size = 256 MB per node
To create a simple file system of a specified size
◆ To create a simple file system with a specified size, enter the following:
Storage> fs create simple fs_name size pool1[,disk1,...] [blksize=bytes]
For example:
Storage> fs create simple fs2 10m sda 100% [#] Creating simple filesystem
To create a mirrored file system
◆ To create a mirrored file system, enter the following:
Storage> fs create mirrored fs_name size nmirrors pool1[,disk1,...] [protection=disk|pool] [blksize=bytes]
For example:
Storage> fs create mirrored fs1 100M 2 pool1,pool2 100% [#] Creating mirrored filesystem
To create a mirrored-stripe file system
◆ To create a mirrored-stripe file system, enter the following:
Storage> fs create mirrored-stripe fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes] [blksize=bytes]
To create a striped-mirror file system
◆ To create a striped-mirror file system, enter the following:
Storage> fs create striped-mirror fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes] [blksize=bytes]
To create a striped file system
◆ To create a striped file system, enter the following: Creating and maintaining file systems 229 Creating a file system
Storage> fs create striped fs_name size ncolumns pool1[,disk1,...] [stripeunit=kilobytes] [blksize=bytes] fs_name Specifies the name of the file system being created. The file system name should be a string. If you enter a file that already exists, you receive an error message and the file system is not created. size Specifies the size of a file system. To create a file system, you need at least 10 MB of space. Available units are the following:
■ MB ■ GB ■ TB
You can enter the units with either uppercase (10M) or lowercase (10m) letters. To see how much space is available on a pool, use the Storage> pool free command.
See “About configuring storage pools” on page 69. nmirrors Specifies the number of mirrors for the file system. You must enter a positive integer. ncolumns Specifies the number of columns for the striped file system. The number of columns represents the number of disks to stripe the information across. If the number of columns exceeds the number of disks for the entered pools, an error message is displayed. This message indicates that there is not enough space to create the striped file system. pool1[,disk1,...] Specifies the pool(s) or disk(s) for the file system. If you specify a pool or disk that does not exist, you receive an error message. You can specify more than one pool or disk by separating the name with a comma. Do not include a space between the comma and the name. To find a list of pools and disks, use the Storage> pool list command. To find a list of disks, use the Storage> disk list command. The disk must be part of the pool or an error message is displayed. 230 Creating and maintaining file systems Adding or removing a mirror from a file system
protection If you do not specify a protection option, the default is "disk." The available options for this field are:
■ disk - Creates mirrors on separate disks. ■ pool - Creates mirrors in separate pools. If there is not enough space to create the mirrors, an error message is displayed, and the file system is not created.
stripeunit=kilobytes Specifies a stripe width (in kilobytes). Possible values are the following:
■ 128 ■ 256 ■ 512 (default) ■ 1024 ■ 2048
blksize=bytes Specifies the block size for the file system. Possible values of bytes are the following:
■ 1024 (default) ■ 2048 ■ 4096 ■ 8192
Block sizes can affect the file size. For example, to create a file system greater than 32 TB, the block size needs to be 8192.
Adding or removing a mirror from a file system A mirrored file system is one that has copies of itself on other disks or pools. To add a mirror to a file system
◆ To add a mirror to a file system, enter the following:
Storage> fs addmirror fs_name pool1[,disk1,...] [protection=disk|pool]
fs_name Specifies which file system to add the mirror. If the specified file system does not exist, an error message is displayed. Creating and maintaining file systems 231 Adding or removing a mirror from a file system
pool1[,disk1,...] Specifies the pool(s) or disk(s) to use for the file system. If the specified pool or disk does not exist, an error message is displayed, and the file system is not created. You can specify more than one pool or disk by separating the name with a comma, but do not include a space between the comma and the name. To find a list of existing pools and disks, use the Storage> pool list command.
See “About configuring storage pools” on page 69. To find a list of the existing disks, use the Storage> disk list command. See “About displaying information for all disk devices” on page 78. The disk needs to be part of the pool or an error message is displayed. protection The default value for the protection field is disk. Available options are:
■ disk - if the protection is set to disk, then mirrorsare created on separate disks. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. The disks may or may not be in the same pool. ■ pool - if the protection is set to pool, then mirrors are created in separate pools. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. If not enough space is available, then the file system creation operation fails.
For example:
Storage> fs addmirror fs1 pool3,pool4 232 Creating and maintaining file systems Adding or removing a column from a file system
To remove a mirror from a file system
◆ To remove a mirror from a file system, enter the following:
Storage> fs rmmirror fs_name [pool_or_disk_name]
fs_name Specifies the file system from which to remove the mirror. If you specify a file system that does not exist, an error message is displayed.
pool_or_disk_name Specifies the pool or the disk name to remove from the mirrored file system that spans the specified pools or disks. If a pool name is the same as the disk name, then the mirror present on the pool is deleted.
For a striped-mirror file system, if any of the disks are bad, the Storage> fs rmmirror command disables the mirrors on the disks that have failed. If no disks have failed, FileStore chooses a mirror to remove. For example:
Storage> fs rmmirror fs1 AMS_WMS0_0
Adding or removing a column from a file system You may want to add or remove a column from a file system in specific situations. Adding columns can help to perform more I/Os in parallel, so you may want to increase the number of columns in the file system.
Note: For a striped file system when you add a column, the layout that is displayed when you issue the Storage> fs list and Storage> fs list fsname commands may be different than the original layout of the file system while the relayout (addition of new columns) operation is in progress. The original file system layout is displayed when the relayout operation is completed. Creating and maintaining file systems 233 Checking and resynchronizing stale mirrors
To add a specified number of columns to a file system
◆ To add a specified number of columns to a file system, enter the following:
Storage> fs addcolumn fs_name ncolumns pool_or_disk_name
fs_name Specifies the file system for which you want to add additional columns.
ncolumns Specifies the number of columns that you want to add to the file system. Note: In the case of a striped file system, the number of the disks that are specified should be equal to the number of columns (ncolumns).
Note: In the case of a mirrored-stripe and a striped-mirrored file system, the disks should be equal to (ncolumns * number_of_mirrors_in_fs).
pool_or_disk_name Specifies the pool or the disk name for the file system.
For example, to add two columns to file system fs1, enter the following:
Storage> fs addcolumn fs1 2 pool3
To remove a column from a file system
◆ To remove a column from a file system, enter the following:
Storage> fs rmcolumn fs_name
where fs_name is the name of the file system for which you want to remove the column. For example:
Storage> fs rmcolumn fs1
Checking and resynchronizing stale mirrors You can check if there is a stale mirror on any of your file systems. If there is a stale mirror, the stale mirror needs to be resynchronized, and the resynchronization process needs to be verified. 234 Creating and maintaining file systems Checking and resynchronizing stale mirrors
To check if there are stale mirrors on your file systems
◆ To check if your file systems contain a stale mirror, enter the following:
Storage> fs checkmirror
For example, to display the file systems that have a stale mirror, enter the following:
Storage> fs checkmirror fs_name: ------mirror3
To resynchronize all stale mirrors or a stale mirror for a specified file system
◆ To resynchronize all stale mirrors or a stale mirror for a specified file system, enter the following:
Storage> fs resync [fs_name]
where fs_name is the name of the specified file system where you want to resynchronize for stale mirrors. If you do not include fs_name, you resynchronize all the stale mirrors for all your file systems. For example, to resynchronize all stale mirrors for all file systems, enter the following:
Storage> fs resync Resync stale mirror for file systems are started in background.
For example, to resynchronize all stale mirrors for a specified file system, enter the following:
Storage> fs resync mirror3 Resync stale mirror for file system mirror3 is started in background. Creating and maintaining file systems 235 Configuring FastResync for a file system
To verify the resynchronization process for your stale mirrors
◆ To verify the resynchronization process for your stale mirrors, enter the following:
Storage> fs checkresync
For example, to display the resynchronization progress running in the background, enter the following:
Storage> fs checkresync FS MIRROR TYPE PROGRESS START_TIME WORK_TIME ======alltask_roll tier 1 ROLLBACK 0.16% Jun/20/2011/19:12:45 0:0:3 alltask_roll tier 2 ROLLBACK 0.29% Jun/20/2011/19:12:45 0:0:3 alltask tier 1,mirror 02 RESYNC 1.56% Jun/20/2011/21:20:02 0:4:18 alltask tier 2,mirror 02 RESYNC 0.21% Jun/20/2011/21:33:20 0:0:4 fsrelayout tier 1 RELAYOUT 0.04% Jun/20/2011/21:48:02 0:26:15 fsrelayout tier 2 RELAYOUT 9.44% Jun/20/2011/21:48:28 0:25:49
REMAINING_TIME ======30:29 17:01 4:30:54 32:03 1119:33:44 4:07:40
Note: If a column addition to a file system is in progress, the output of the Storage> fs checkresync command will include RELAYOUT status.
Configuring FastResync for a file system If the power fails or a switch fails mirrors in a file system may not be in a consistent state.
The Storage> fs setfastresync (Fast Mirror Resynchronization (FastResync)) command keeps the mirrors in the file system in a consistent state.
Note: You must have at least two mirrors on the file system to enable FastResync. The setfastresync command is enabled by default. 236 Creating and maintaining file systems Disabling the FastResync option for a file system
To enable the FastResync option
◆ To enable FastResync, enter the following:
Storage> fs setfastresync fs_name [pool_or_disk_name]
fs_name Specifies the name of the file system for which to enable FastResync. If you specify a file system that does not exist, an error message is displayed. If the FastResync on the specified file system already has FastResync enabled, an error message is displayed, and no action is taken.
pool_or_disk_name Specifies the pool or the disk name to resynchronize from the mirrored file system that spans the specified pool or disk. If you specify a pool or disk that is not part of the mirrored file system, an error message is displayed, and no action is taken.
For example, to enable FastResync for a file system, enter the following:
Storage> fs setfastresync fs6
Disabling the FastResync option for a file system You can disable the FastResync option for a file system.
Note: When instant rollbacks exist for a volume, you cannot disable the FastResync option for a file system.
To disable the FastResync option
◆ To disable the FastResync option, enter the following:
Storage> fs unsetfastresync fs_name
where fs_name specifies the name of the file system for which to disable FastResync. If you specify a file system does not exist, an error message is displayed. For example:
Storage> fs unsetfastresync fs6 Creating and maintaining file systems 237 Increasing the size of a file system
Increasing the size of a file system To increase the size of a file system, it must be online. If the file system is not online, an error message is displayed, and no action is taken. To increase the size of a file system to a specified size
◆ To increase the size of a file system to a specified size, enter the following:
Storage> fs growto {primary|secondary} fs_name new_length [pool1[,disk1,...]] [protection=disk|pool]
For example:
Storage> fs growto primary fs1 1G
If no pool is specified with the command, the disks for growing the file system can be taken from any available pool. The protection flag takes the default value of disk in this case. The value of the protection field cannot be set to pool when no pool is specified with the command. This operation may convert the layout of the file system if the command determines that the new file system is too large for the original layout. To increase the size of a file system by a specified size
◆ To increase the size of a file system by a specified size, enter the following:
Storage> fs growby {primary|secondary} fs_name length_change [pool1[,disk1,...]] [protection=disk|pool]
For example:
Storage> fs growby primary fs1 50M
If no pool is specified with the command, the disks for growing the file system can be taken from any available pool. The protection flag takes the default value of disk in this case. The value of the protection field cannot be set to pool when no pool is specified with the command. This operation may convert the layout of the file system if the command determines that the new file system is too large for the original layout.
primary Specifies the primary or the secondary tier. |secondary
fs_name Specifies the file system whose size is increased. If you specify a file system that does not exist, an error message is displayed. 238 Creating and maintaining file systems Increasing the size of a file system
new_length Expands the file system to a specified size. The size that you specify must be a positive number, and it must be bigger than the size of the existing file system. If the new file system is not larger than the size of the existing file system, an error message is displayed, and no action is taken. This variable is used with the Storage> fs growto command.
length_change Expands the file system by a specified size. The size that you specify must be a positive number, and it must be lesser than the available space. If it exceeds the available space, an error message is displayed, and no action is taken. This variable is used with the Storage> fs growby command.
pool1[,disk1,...] Specifies the pool(s) or disk(s) to use for the file system. If you specify a pool or disk that does not exist, an error message is displayed, and the file system is not resized. You can specify more than one pool or disk by separating the name with a comma; however, do not include a space between the comma and the name. To find a list of existing pools and disks, use the Storage> pool list command.
See “About configuring storage pools” on page 69. To find a list of the existing disks, use the Storage> disk list command. See “About displaying information for all disk devices” on page 78. The disk needs to be part of the pool or an error message displays.
protection The default value for the protection field is disk. Available options are:
■ disk - if the protection is set to disk, then mirrors are created on separate disks. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. The disks may or may not be in the same pool. ■ pool - if the protection is set to pool, then mirrors are created in separate pools. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. If not enough space is available, then the file system creation operation fails. Creating and maintaining file systems 239 Decreasing the size of a file system
Decreasing the size of a file system You can decrease the size of the file system. To decrease the size of the file system, it must be online. If the file system is not online, an error message is displayed, and no action is taken. You cannot decrease the size of a file system if a rollback exists. Delete the rollback first before using the Storage> fs shrinkto or Storage> fs shrinkby commands. To decrease the size of a file system to a specified size
◆ To decrease the size of a file system, enter the following:
Storage> fs shrinkto {primary|secondary} fs_name new_length
For example:
Storage> fs shrinkto primary fs1 10M
To decrease the size of a file system by a specified size
◆ To decrease the size of a file system, enter the following:
Storage> fs shrinkby {primary|secondary} fs_name length_change
For example:
Storage> fs shrinkby primary fs1 10M
primary | secondary Specifies the primary or the secondary tier.
fs_name Specifies the file system whose size decreases. If you specify a file system that does not exist, an error message is displayed.
new_length Specifies the size to decrease the file system to. The size that you specify must be a positive number, and it must be smaller than the size of the existing file system. If the new file system size is not smaller than the size of the existing file system, an error message is displayed, and no action is taken.
length_change Decreases the file system by a specified size. The size that you specify must be a positive number, and it must be smaller than the size of the existing file system. If the new file system size is not smaller than the size of the existing file system, an error message is displayed, and no action is taken. 240 Creating and maintaining file systems Checking and repairing a file system
Checking and repairing a file system
The Storage> fs fsck command lets you check and repair a file system while the file system is offline.
The Storage> fs fsck command tries to perform a normal fsck (check and repair) of the file system first, but if the fullfsck option is set, the command proceeds depending on the input that is provided by the user. In most cases, a normal fsck (only log replay) is sufficient to repair a file system. In cases where there is structural damage to the file system's metadata, a full fsck of the file system may be necessary to repair the file system.
Warning: Using the Storage> fs fsck command on an online file system can damage the data on the file system. Only use the Storage> fs fsck command on a file system that is offline. Creating and maintaining file systems 241 Checking and repairing a file system
To check and repair a file system 242 Creating and maintaining file systems Checking and repairing a file system
◆ To check and repair a file system, enter the following:
Storage> fs fsck fs_name
where fs_name specifies the file system for which you want to check and repair. For example:
Storage> fs fsck fs1 Do you want to do fsck without log replay? yes|no n File system fs1 fsck successfully Storage> Storage> fs fsck fs1 Do you want to do fsck without log replay? yes|no y File system fs1 fsck successfully Storage> Storage> fs fsck fs1 Do you want to do fsck without log replay? yes|no n File system fs1 marked for full fsck. Running full fsck may take long time for completion. Do you want to continue? yes|no n File system fs1 full fsck canceled. Storage> Storage> fs fsck fs1 Do you want to do fsck without log replay? yes|no n File system fs1 marked for full fsck. Running full fsck may take long time for completion. Do you want to continue? yes|no y Storage> You can run other command, and you can check the fullfsck status by Storage>fs list fs1 General Info: ======Block Size: 1024 Bytes Version: Version 8 test_01: offline test_02: offline Primary Tier Creating and maintaining file systems 243 Changing the status of a file system
======Size: 1.00G Use%: - Layout: simple Mirrors: - Columns: - Stripe Unit: 0.00 K FastResync: Disabled Mirror 1: List of pools: pool List of disks: disk_4 disk_5 Defrag Status: Not Running Fullfsck Status: Done successfully
Changing the status of a file system
The Storage> fs online or Storage> fs offline command lets you mount (online) or unmount (offline) a file system. You cannot access an offline file system from a client. 244 Creating and maintaining file systems Changing the status of a file system
To change the status of a file system
◆ To change the status of a file system, enter one of the following, depending on which status you use:
Storage> fs online fs_name Storage> fs offline fs_name
where fs_name specifies the name of the file system that you want to mount (online) or unmount (offline). If you specify a file system that does not exist, an error message is displayed. For example, to bring a file system online:
Storage> fs list FS STATUS SIZE LAYOUT MIRRORS COLUMNS USE% ======fs1 online 5.00G simple - - 10% fs2 offline 10.00M simple - - -
NFS CIFS SECONDARY POOL SHARED SHARED TIER LIST ======no no no pool1 no no no pool2
Storage> fs online fs2 100% [#] Online filesystem Storage> fs list FS STATUS SIZE LAYOUT MIRRORS COLUMNS USE% ======fs1 online 5.00G simple - - 10% fs2 online 10.00M simple - - 100%
NFS CIFS SECONDARY POOL SHARED SHARED TIER LIST ======no no no pool1 no no no pool2
For example, to place a file system offline:
Storage> fs offline fs1 100% [#] Offline filesystem Creating and maintaining file systems 245 Defragmenting a file system
Defragmenting a file system To defragment a file system
◆ To defragment a file system, enter the following:
Storage> fs defrag fs_name time
fs_name Specifies the name of the file system that you want to defragment. Note: The specified file system must be online before attempting to defragment the file system.
time Specifies the maximum time to run. The defragmentation options are processed until defragmentation is complete, or until the time limit expires. The time value should be larger than one minute. Potential time value output and what the values mean:
■ 10M - indicates 10 minutes ■ 1H20M - indicates 1 hour and 10 minutes ■ Infinite - indicates the defragmentation process continues to run until the defragmentation process is done completely. There is no limit time.
See “Changing the status of a file system” on page 243. For example:
Storage>fs defrag fs0 1H10M The file system fs0 is offline, please online fs0 before defragmentation Storage>fs defrag fs1 1H10M it will take some time to do the defragmentation do you want to continue? yes|no n Defragmentation cancelled for fs1 Storage>fs defrag fs1 1H10M it will take some time to do the defragmentation do you want to continue? yes|no y Storage> You can run other command, and you can check the defragment status by Storage>fs list fs1 General Info: ======246 Creating and maintaining file systems Destroying a file system
Block Size: 1024 Bytes test_01: offline test_02: offline Primary Tier ======Size: 1.00G Use%: - Layout: simple Mirrors: - Columns: - Stripe Unit: 0.00 K FastResync: Disabled Mirror 1: List of pools: pool List of disks: disk_4 disk_5 Defrag Status: Done successfully Fullfsck Status: Not Running
Destroying a file system
The Storage> fs destroy command unmounts a file system and releases its storage back to the storage pool. You cannot destroy the file systems that CIFS or NFS share. To destroy a file system
◆ To destroy a file system, enter the following:
Storage> fs destroy fs_name
where fs_name specifies the name of the file system that you want to destroy. For example:
Storage> fs destroy fs1 100% [#] Destroy filesystem
About snapshots A snapshot is a virtual image of the entire file system. You can create snapshots of a parent file system on demand. Physically, it contains only data that corresponds to the changes that are made in the parent, and so consumes significantly less space than a detachable full mirror. Creating and maintaining file systems 247 About snapshots
Snapshots are used to recover from data corruption. If files, or an entire file system, are deleted or become corrupted, you can replace them from the latest uncorrupted snapshot. You can mount a snapshot and export it as if it were a complete file system. Users can then recover their own deleted or corrupted files. You can limit the space snapshots consume by setting a quota on them. If the total space that snapshots consume remains above the quota, FileStore rejects attempts to create additional ones.
You can create a snapshot by either using the snapshot create command or by creating a schedule that calls the snapshot create command depending on the values that are entered for the number of hours or minutes after which this command should run. This method automatically creates the snapshot by storing the following values in the crontab: minutes, hour, day-of-month, month, and day-of-week.
Table 8-3 Snapshot commands
Command Definition snapshot create A storage snapshot is a copy of a set of files and directories as they were at a particular point in the past. FileStore supports file system level snapshots. FileStore limits the space a snapshot can use. Snapshots use free space in the file system from which they were taken. See “Creating snapshots” on page 248. snapshot list Lists all the snapshots for the specified file system. If you do not specify a file system, snapshots of all the file systems are displayed. See “Displaying snapshots” on page 249. snapshot destroy Deletes a snapshot. See “Configuring snapshots” on page 250. snapshot online Mounts a snapshot. See “Configuring snapshots” on page 250. snapshot offline Unmounts a snapshot. See “Configuring snapshots” on page 250. snapshot quota list Displays snapshot information for all the file systems. See “Configuring snapshots” on page 250. 248 Creating and maintaining file systems About snapshots
Table 8-3 Snapshot commands (continued)
Command Definition
snapshot quota on Disables the creation of snapshots on the given file system when the file system snapshots use space that exceeds a given capacity. The space that the snapshots use is restricted. See “Configuring snapshots” on page 250.
snapshot quota off Enables the creation of snapshots on the given file system when the file system snapshots use space that exceeds a given capacity. The space that the snapshots use is not restricted. See “Configuring snapshots” on page 250.
snapshot restore Restore the given file system by a given snapshot. See “Configuring snapshots” on page 250.
Creating snapshots To create a snapshot
◆ To create a snapshot, enter the following:
Storage> snapshot create snapshot_name fs_name [removable]
snapshot_name Specifies the name for the snapshot. Note: The following are reserved words for snapshot name: flags, ctime, and mtime.
fs_name Specifies the name for the file system.
removable Valid values are:
■ yes ■ no
If the removable attribute is yes, and the file system is offline, the snapshot is removed automatically if the file system runs out of space. The default value is removable=no.
For example:
Storage> snapshot create snapshot1 fs1 100% [#] Create snapshot Creating and maintaining file systems 249 About snapshots
Displaying snapshots To display snapshots
◆ To display snapshots, enter the following:
Storage> snapshot list [fs_name] [schedule_name] fs_name Displays all of the snapshots of the specified file system. If you do not specify a file system, snapshots of all of the file systems are displayed. schedule_name Displays the schedule name. If you do not specify a schedule name, then snapshots created under fs_name are displayed.
Storage> snapshot list Snapshot FS Status ======snap2 fs1 offline sc1_24_Jul_2009_21_34_01_IST fs1 offline sc1_24_Jul_2009_19_34_02_IST fs1 offline presnap_sc1_24_Jul_2009_18_34_02_IST fs1 offline sc1_24_Jul_2009_17_34_02_IST fs1 offline ctime mtime Removable Preserved Size ======2009.Jul.27.02:40:43 2009.Jul.27.02:40:57 no No 190.0M 2009.Jul.24.21:34:03 2009.Jul.24.21:34:03 yes No 900.0M 2009.Jul.24.19:34:04 2009.Jul.24.19:34:04 yes No 7.0G 2009.Jul.24.18:34:04 2009.Jul.24.18:34:04 yes Yes 125M 2009.Jul.24.17:34:04 2009.Jul.24.17:34:04 yes No 0K
Snapshot Displays the name of the created snapshots.
FS Displays the file systems that correspond to each created snapshots.
Status Displays whether or not the snapshot is mounted (that is, online or offline). ctime Displays the time the snapshot was created. mtime Displays the time the snapshot was modified.
Removable Determines if the snapshot should be automatically removes in case the underlying file system runs out of space. You entered either yes or no in the snapshot create snapshot_name fs_name [removable]
Preserved Determines if the snapshot is preserved when all of the automated snapshots are destroyed. 250 Creating and maintaining file systems About snapshots
Size Displays the size of the snapshot.
Configuring snapshots To destroy a snapshot
◆ To destroy a snapshot, enter the following:
Storage> snapshot destroy snapshot_name fs_name
snapshot_name Specifies the name of the snapshot to be destroyed.
fs_name Specifies the name of the file system to be destroyed.
For example:
Storage> snapshot destroy snapshot1 fs1 100% [#] Destroy snapshot
To mount or unmount snapshots
◆ To mount or unmount snapshots, enter one of the following commands, depending on which operation you want to perform:
Storage> snapshot online|offline snapshot_name fs_name
snapshot_name Specifies the name of the snapshot.
fs_name Specifies the name of the file system.
For example, to bring a snapshot online, enter the following:
Storage> snapshot online snapshot1 fs1 100% [#] Online snapshot
For example, to place snapshot offline, enter the following:
Storage> snapshot offline snapshot fs1 100% [#] Offline snapshot Creating and maintaining file systems 251 About snapshots
To display snapshot quotas
◆ To display snapshot quotas, enter the following:
Storage> snapshot quota list FS Quota Capacity Limit ======fs1 on 1G fs2 off 0 fs3 off 0
To enable or disable a quota limit
◆ To enable or disable a quota limit, enter the following:
Storage> snapshot quota on fs_name [capacity_limit]
Storage> snapshot quota off [fs_name]
on Enables the quota limit, which disallows creation of snapshots on the given file system when the space used by all the snapshots of that file system exceeds a given capacity limit.
fs_name Specifies the name of the file system.
capacity_limit You can specify a capacity limit on the number of blocks used by all the snapshots for a specified file system. Enter a number that needs to be followed by K, M, G, or T (for kilo, mega, giga, or terabyte).
off Disables the quota capacity limit for the specified file system.
For example, to enable the snapshot quota, enter the following:
Storage> snapshot quota on fs1 1024K Storage> snapshot quota list FS Quota Capacity Limit ======fs1 ON 1024K
For example, to disable the snapshot quota, enter the following:
Storage> snapshot quota off fs1 252 Creating and maintaining file systems About snapshots
To restore a snapshot
◆ To restore a snapshot, enter the following:
Storage> snapshot restore snapshot_name fs_name
snapshot_name Specifies the name of the snapshot to be destroyed.
fs_name Specifies the name of the file system to be destroyed.
For example:
Storage> snapshot restore snapshot0 fs0 SFS snapshot WARNING V-288-0 Snapshot created after snapshot0 will be deleted SFS snapshot WARNING V-288-0 Are you sure to restore file system fs0 with snapshot ssss? (yes/no) yes SFS snapshot SUCCESS V-288-0 File System fs0 restored successfully by snapshot snapshot0.
About snapshot schedules
The Storage> snapshot schedule commands let you automatically create or remove a snapshot that stores the values for minutes, hour, day-of-the-month, month, and day-of-the-week in the crontab along with the name of the file system. To distinguish the automated snapshots, a time stamp corresponding to their time of creation is appended to the schedule name. For example, if a snapshot is created using the name schedule1 on February 27, 2009 at 11:00 AM, the name becomes: schedule1_Feb_27_2009_11_00_01_IST. The crontab interprets the numeric values in a different manner when compared to the manner in which FileStore interprets the same values. For example, snapshot schedule create schedule1 fs1 30 2 * * * automatically creates a snapshot every day at 2:30 AM, and does not create snapshots every two and a half hours. If you wanted to create a snapshot every two and a half hours with at most 50 snapshots per schedule name, then run snapshot schedule create schedule1 fs1 50 */30 */2 * * *, where the value */2 implies that the schedule runs every two hours. You can also specify a step value for the other parameters, such as day-of-month or month and day-of-week as well, and you can use a range along with a step value. Specifying a range in addition to the numeric_value implies the number of times the crontab skips for a given parameter. Creating and maintaining file systems 253 About snapshots
Note: A best practice is to create only one snapshot schedule for a specified file system. Otherwise, when running the Storage> snapshot schedule destroyall command, it might take a while to complete.
Note: If the master node is being rebooted, snapshot schedules will be missed if scheduled during the reboot of the master node.
Table 8-4 Snapshot schedule commands
Command Definition snapshot schedule Creates a schedule to automatically create a snapshot of a particular create file system. See “Creating snapshot schedules” on page 254. snapshot schedule Modifies the snapshot schedule of a particular filesystem. modify See “Configuring snapshot schedules” on page 256. snapshot schedule Creates a schedule to destroy all of the automated snapshots. This destroyall excludes the preserved and online snapshots. See “Configuring snapshot schedules” on page 256. snapshot schedule Preserves a limited number of snapshots corresponding to an existing preserve schedule and specific file system name. These snapshots are not removed as part of the snapshot schedule autoremove command.
See “Configuring snapshot schedules” on page 256. snapshot schedule Displays all schedules that have been set for automatically creating show snapshots. See “Configuring snapshot schedules” on page 256. snapshot schedule Deletes the schedule set for automatically creating snapshots for a delete particular file system or for a particular schedule. See “Configuring snapshot schedules” on page 256. 254 Creating and maintaining file systems About snapshots
Creating snapshot schedules To create a snapshot schedule
◆ To create a snapshot schedule, enter the following:
Storage> snapshot schedule create schedule_name fs_name max_snapshot_limit minute [hour] [day_of_the_month] [month] [day_of_the_week]
For example, to create a schedule for an automated snapshot creation of a given file system at 3:00 am every day, enter the following:
Storage> snapshot schedule create schedule1 fs1 100 0 3 * * *
When an automated snapshot is created, the entire date value is appended, including the time zone.
schedule_name Specifies the name of the schedule corresponding to the automatically created snapshot. The schedule_name cannot contain an underscore ('_') as part of its value. For example, sch_1 is not allowed.
fs_name Specifies the name of the file system. The file system name should be a string.
max_snapshot_limit Specifies the number of snapshots that can be created for a given file system and schedule name. This field only accepts numeric input. The range allowed for this parameter is 1-366. This value would imply that only x number of snapshots can be created for a given file system and schedule name. If the number of snapshots corresponding to a schedule name is equal to or greater than the value of this field, then snapshots will be automatically destroyed until the number of snapshots is less than the maximum snapshot limit value. Note: If you need to save daily snapshots for up to one year, the max_snapshot_limit is 366.
minute This parameter may contain either an asterisk like '*/15'', which implies every 15 minutes, or a numeric value between 0-59. Note: If you are using the '*/xx' format, the smallest value for 'xx' is 15.
You can enter */(15-59) or a range such as 23-43. An asterisk (*) is not allowed.
hour This parameter may contain either an asterisk, (*), which implies "run every hour," or a number value between 0-23. You can enter */(0-23), a range such as 12-21, or just the *.
day_of_the_month This parameter may contain either an asterisk, (*), which implies "run every day of the month," or a number value between 1-31. You can enter */(1-31), a range such ass 3-22, or just the *. Creating and maintaining file systems 255 About snapshots
month This parameter may contain either an asterisk, (*), which implies "run every month," or a number value between 1-12. You can enter */(1-12), a range such as 1-5, or just the *. You can also enter the first three letters of any month (must use lowercase letters). day_of_the_week This parameter may contain either an asterisk (*), which implies "run every day of the week," or a numeric value between 0-6. Crontab interprets 0 as Sunday. You can also enter the first three letters of the week (must use lowercase letters).
For example, to create a schedule for automated snapshot creation of a given file system every 3 hours on a daily basis, and only 30 snapshots can be maintained for a given snapshot schedule, enter the following:
Storage> snapshot schedule create schedule1 fs1 30 0 */3 * * * 256 Creating and maintaining file systems About snapshots
Displaying snapshot schedules To display a snapshot schedule
◆ To display all of the schedules for automated snapshots, enter the following:
Storage> snapshot schedule show [fs_name] [schedule_name]
fs_name Displays all of the schedules of the specified file system. If no file system is specified, schedules of all of the file systems are displayed.
schedule_name Displays the schedule name. If no schedule name is specified, then all of the schedules created under fs_name are displayed.
For example, to display all of the schedules for creating or removing snapshots to an existing file system, enter the following:
Storage> snapshot schedule show fs3 FS Schedule Name Max Snapshot Minute Hour Day Month WeekDay ======fs3 sched1 30 */20 * * * * fs3 sched2 20 */45 * * * *
For example, to list the automated snapshot schedules for all file systems, enter the following:
Storage> snapshot schedule show FS Schedule Name Max Snapshot Minute Hour Day Month WeekDay ======fs6 sc1 10 */50 * * * * fs1 sc1 10 */25 * * * *
Configuring snapshot schedules In some instances, snapshots may skip scheduled runs. This may happen because of the following two reasons:
■ When a scheduled snapshot is set to trigger, the snapshot needs to gain a lock to begin the operation. If any command is issued from the CLI or is running through schedules, and if the command holds a lock, the triggered snapshot schedule is not able to obtain the lock, and the scheduled snapshot fails.
■ When a scheduled snapshot is set to trigger, the snapshot checks if there is any instance of a snapshot creation process running. If there is a snapshot Creating and maintaining file systems 257 About snapshots
creation process running, the scheduled snapshot aborts, and a snapshot is not created. To modify a snapshot schedule
◆ To modify a snapshot schedule, enter the following:
Storage> snapshot schedule modify schedule_name fs_name max_snapshot_limit minute [hour] [day_of_the_month] [month] [day_of_the_week]
For example, to modify the existing schedule so that a snapshot is created at 2:00 am on the first day of the week, enter the following:
Storage> snapshot schedule modify schedule1 fs1 *2**1
To remove all snapshots
◆ To automatically remove all of the snapshots created under a given schedule and file system name (excluding the preserved and online snapshots), enter the following:
Storage> snapshot schedule destroyall schedule_name fs_name
Example 1: If you try to destroy all automated snapshots when two of the automated snapshots are still mounted, FileStore returns an appropriate error, and other automated snapshots under the given schedule and file system are destroyed.
Storage> snapshot schedule destroyall schedule1 fs1 SFS snapshot ERROR V-288-1074 Cannot destroy snapshot(s) schedule1_7_Dec_2009_17_58_02_UTC schedule1_7_Dec_2009_16_58_02_UTC in online state.
Example 2: If you try to destroy all automated snapshots (which are in an offline state), the operation completes successfully.
Storage> snapshot schedule destroyall schedule2 fs1 100% [#] Destroy automated snapshots 258 Creating and maintaining file systems About instant rollbacks
To preserve snapshots
◆ To preserve a number of snapshots corresponding to an existing schedule and specific file system name, enter the following:
Storage> snapshot schedule preserve schedule_name fs_name snapshot_name
For example, to preserve a snapshot created according to a given schedule and file system name, enter the following:
Storage> snapshot schedule preserve schedule fs1 schedule1_Feb_27_16_42_IST
To delete a snapshot schedule
◆ To delete a snapshot schedule, enter the following:
Storage> snapshot schedule delete fs_name [schedule_name]
For example:
Storage> snapshot schedule delete fs1
About instant rollbacks
The Storage> rollback commands manage volume-level snapshots. All rollback commands take a file system name as an argument and perform operations on the underlying volume of that file system. Both space-optimized and full-sized rollbacks are supported by FileStore. Space-optimized rollbacks use a storage cache, and do not need a complete copy of the original volume's storage space. However, space-optimized rollbacks are not suitable for write-intensive volumes, because the copy-on-write mechanism may degrade the performance of the volume. Full-sized rollbacks use more storage, but that has little impact on write performance after synchronization is completed. Both space-optimized rollbacks and full-sized rollbacks can be used instantly after operations such as create, restore, or refresh.
Note: When instant rollbacks exist for a volume, you cannot disable the FastResync option for a file system. Creating and maintaining file systems 259 About instant rollbacks
Table 8-5 Rollback snapshot commands
Command Definition rollback cache create Creates a shared cache object. See “Creating a shared cache object for a FileStore instant rollback” on page 265. rollback cache destroy Destroys a shared cache object. See “Destroying a cache object of a FileStore instant rollback” on page 269. rollback cache list Displays a list of shared cache objects. See “Listing cache objects ” on page 267. rollback create Creates a space-optimized instant rollback for a specified file space-optimized system. See “Creating a FileStore space-optimized rollback” on page 260. rollback create Creates a full-sized instant rollback for a specified file system. full-sized See “Creating a full-sized rollback” on page 261. rollback destroy Destroys an instant rollback. See “Destroying an instant rollback” on page 265. rollback list Displays a list of instant rollbacks. See “Listing FileStore instant rollbacks” on page 262. rollback refresh Refreshes instant rollback data. See “Refreshing an instant rollback from a file system” on page 263. rollback restore Restores instant rollback data. See “Restoring a file system from an instant rollback” on page 262. rollback online Mounts an instant rollback so that it will be available for read/write access. See “Making an instant rollback go online” on page 264. rollback offline Unmounts an instant rollback. See “Making an instant rollback go offline” on page 264.
When creating instant rollbacks for volumes bigger than 1T, there may be error messages such as the following: 260 Creating and maintaining file systems About instant rollbacks
SFS instant_snapshot ERROR V-288-1487 Volume prepare for full-fs1-1 failed.
An error message may occur because the default amount of memory allocated for a Data Change Object (DO) may not be large enough for such big volumes. You can use the vxtune command to change the value. The default value is 6M, which is the memory required for a 1T volume. To change it to 15M, use the following command:
vxtune volpagemod_max_memsz `expr 15 \* 1024 \* 1024`
Creating a FileStore space-optimized rollback To create a FileStore space-optimized rollback
◆ To create a FileStore space-optimized rollback for a specified file system, enter the following:
Storage> rollback create space-optimized rollback_name fs_name [cacheobj]
rollback_name Indicates the name of the rollback.
fs_name Indicates the name of the file system for where to create the space-optimized rollback.
cacheobj Indicates the cache object name. If the cache object is specified, then the shared cache object is used. Or FileStore automatically creates a cache object for the rollback.
For example:
Storage> rollback create space-optimized snap4 fs4 100%[#] Create rollback Creating and maintaining file systems 261 About instant rollbacks
Creating a full-sized rollback To create a full-sized rollback for a specified file system
◆ To create a FileStore space-optimized rollback for a specified file system, enter the following:
Storage> rollback create full-sized rollback_name fs_name pool
rollback_name Indicates the name of the rollback.
fs_name Indicates the name of the file system for where to create the full-sized rollback.
pool Indicates the name of the pool for where to create the full-sized rollback. The disks used for the rollback are allocated from the specified pool.
For example:
Storage> rollback create full-sized snap5 fs4 pool1 100%[#] Create rollback 262 Creating and maintaining file systems About instant rollbacks
Listing FileStore instant rollbacks To list FileStore instant rollbacks
◆ To list FileStore instant rollbacks, enter the following:
Storage> rollback list [fs_name]
where fs_name is the name of the file system where you want to list the instant rollbacks. If no file system is specified, instant rollbacks are displayed for all the file systems. For example:
Storage> rollback list NAME TYPE FILESYSTEM SNAPDATE roll5 fullinst fs4 2010/10/15 20:04 roll1 spaceopt bigfs 2010/10/15 17:03
Storage> rollback list fs4 NAME TYPE SNAPDATE CHANGED_DATA SYNCED_DATA roll5 fullinst 2010/10/15 20:04 640K(0.1%) 800M(100%)
Restoring a file system from an instant rollback Prior to restoring a file system by a specified rollback, the file system should be offline. See “Making an instant rollback go offline” on page 264. Creating and maintaining file systems 263 About instant rollbacks
To restore a file system from an instant rollback 1 To restore a file system from an instant rollback, enter the following:
Storage> rollback restore fs_name rollback_name
fs_name Indicates the name of the file system that you want to restore.
rollback_name Indicates the name of the rollback that you want to restore.
For example, to restore a file system by a given instant rollback, enter the following:
Storage> rollback restore fs4 snap4
2 Re-online the file system. See “Making an instant rollback go online” on page 264. Re-onlining a file system may take some time depending on the size of the file system.
Refreshing an instant rollback from a file system To refresh an instant rollback from a file system
◆ To refresh an instant rollback from a file system, enter the following:
Storage> rollback refresh rollback_name fs_name
rollback_name Indicates the name of the rollback that you want to refresh.
fs_name Indicates the name of the file system that you want to refresh.
For example:
Storage> rollback refresh roll5 fs4 SFS rollback WARNING V-288-0 rollback roll5 will be refreshed to filesystem fs4 SFS rollback WARNING V-288-0 Are you sure to refresh rollback roll5 with filesystem fs4? (yes/no) yes 100% [#] Refresh rollback SFS rollback SUCCESS V-288-0 snapshot roll5 refreshed successfully from fs fs4 264 Creating and maintaining file systems About instant rollbacks
Making an instant rollback go online You can choose to online an instant rollback and use it as a live file system. If the original file system is offline for some reason, the instant rollback can be used as a backup. When a instant rollback is mounted and written to with new data, the instant rollback may no longer be suitable for use in restoring the contents of the original volume. If you chose to write to an instant rollback, create another instant rollback as a backup of the original file system. Making an instant rollback go online
◆ To make an instant rollback go online, enter the following:
Storage> rollback online rollback_name fs_name
rollback_name Indicates the name of the rollback that you want to go online.
fs_name Indicates the name of the file system that you want to go online.
For example:
Storage> rollback online snap1 Online the filesystem of rollback "snap1"
The instant rollback is available for read/write access just as the file system.
Making an instant rollback go offline Making an instant rollback go offline
◆ To make an instant rollback go offline, enter the following:
Storage> rollback offline rollback_name fs_name
rollback_name Indicates the name of the rollback that you want to go offline.
fs_name Indicates the name of the file system that you want to go offline.
For example:
Storage> rollback offline snap1 fs1 Offline the filesystem of snapshot "snap1" Creating and maintaining file systems 265 About instant rollbacks
Destroying an instant rollback The instant rollback must be in the offline state before it can be destroyed. See “Making an instant rollback go offline” on page 264. To destroy an instant rollback
◆ To destroy an instant rollback, enter the following:
Storage> rollback destroy rollback_name fs_name
rollback_name Indicates the name of the rollback that you want to destroy.
fs_name Indicates the name of the file system that you want to destroy.
For example:
Storage> rollback destroy snap1 myfs2 Destroy the snapshot "snap1" of filesystem "myfs2"
Creating a shared cache object for a FileStore instant rollback You can create a shared cache object for a FileStore instant rollback. Space-optimized rollbacks use a storage cache to save the data. Using a shared cache object, cache storage can be shared by all the space-optimized rollbacks. 266 Creating and maintaining file systems About instant rollbacks
To create a shared cache object for a FileStore instant rollback
◆ To create a shared cache object for a FileStore instant rollback, enter the following:
Storage> rollback cache create cache_name [cache_size] [pool]
cache_name Indicates the name of the cache object you want to create for the instant rollback.
cache_size Indicates the cache size for the instant rollback. Cache size can be specified in any units, such as M, G, or T. The size of the shared cache object should be sufficient to record changes to the file system during intervals between instant rollback refreshes. By default, the size of the cache object for an instant rollback is 20% of the total size of the parent file system. The size of the cache object is dependent on your environment.
pool Indicates the pool for storing the cache object for the instant rollback. For better performance, the pool used for the space-optimized rollback should be different from the pool used by the file system.
For example:
Storage> rollback cache create mycache 500m pool1 Create a shared cache object "mycache" with the disks from "pool1", the size is 500m Creating and maintaining file systems 267 About instant rollbacks
To convert an existing file system into a cache object with a file type of striped
◆ Run the Storage> rollback cache create command without the cache_size and pool parameters:
Storage> rollback cache create cache_name
cache_name should be the same as an existing file system name that is to be converted. There will be a confirmation message in the FileStore CLI asking if you want to convert the specified file system to a cache object. In this way, you can create cache objects with any kind of file system type. For example, the commands used to create a cache object with a file system type of striped are listed as follows:
Storage> fs create striped cobj1 100m 2 pool0 100% [#] Creating striped filesystem
Storage> rollback cache create cobj1 SFS rollback WARNING V-288-0 Filesystem cobj1 will be converted to cache object. All data on Filesystem cobj1 will be lost SFS rollback WARNING V-288-0 Are you sure you want to convert cobj1 to a cache object? (yes/no) yes 100% [#]
Storage> rollback cache list CACHE NAME TOTAL(Mb) USED(Mb) (%) AVAIL(Mb) (%) SDCNT cache1 15 15 (100) 0 (0) 2 cobj1 100 4 (4) 96 (96) 0
Listing cache objects
The Storage> rollback cache list command allows you to list the FileStore instant rollbacks that are using a cache object. 268 Creating and maintaining file systems About instant rollbacks
To list cache objects for FileStore instant rollbacks
◆ To list cache objects for FileStore instant rollbacks, enter the following:
Storage> rollback cache list [cache_name]
where cache_name is the name of the cache object you want to display for the instant rollbacks. When cache_name is specified, the instant rollbacks that are using the cache object are listed.
The disabled cache object is listed with '-' as the attribute. cache2and mycache are in the DISABLED state. For example:
Storage> rollback cache list CACHE NAME TOTAL(Mb) USED(Mb) (%) AVAIL(Mb) (%) SDCNT cache1 15 15 (100) 0 (0) 2 cobj1 100 4 (4) 96 (96) 0 cache2 ------mycache ------
SDCNT is the number of subdisks that have been created on the cache object. If the cache object is disabled for some reason, it will automatically be restarted when the Storage> rollback cache list cache_name command is run. For example:
Storage> rollback cache list cache2 rollbacks located on cache cache2: roll3 SFS rollback WARNING V-288-0 Cache object cache2 was DISABLED, trying to restart it. SFS rollback INFO V-288-0 Cache object cache2 started successfully.
You can choose to start the cache object, or destroy it after destroying all the instant rollbacks located on it. See “Destroying a cache object of a FileStore instant rollback” on page 269. If you did not assign a cache object, a cache object is internally created for the instant rollback. Creating and maintaining file systems 269 About setting up file system alerts for file system usage
Destroying a cache object of a FileStore instant rollback To destroy a cache object of a FileStore instant rollback
◆ To destroy a cache object of a FileStore instant rollback, enter the following:
Storage> rollback cache destroy cache_name
where cache_name is the name of the cache object that you want to destroy. For example:
Storage> rollback cache destroy mycache
You can only destroy the cache object if there is no instant rollback that is using this cache object.
About setting up file system alerts for file system usage
The Storage> fs alert commands allow you to set, unset alerts by file system usage and display current disk usage and alert values. You can set alerts based on the number of inodes used or the file system space used.
Table 8-6 File system alerts commands
Command Description
fs alert set Sets file system alerts based on file system usage. See “Setting file system alerts” on page 269.
fs alert unset Unsets file system alerts. See “Unsetting file system alerts” on page 271.
fs alert show Displays the current disk space usage and the alert value. See “Displaying file system alerts” on page 271.
Setting file system alerts You can set file system alerts based on usage. You can either set the alert based on the number of inodes used or the file system space used.
File system alerts can be displayed by using the Report> showevents command. 270 Creating and maintaining file systems About setting up file system alerts for file system usage
To set file system alerts
◆ To set file system alerts, enter the following:
Storage> fs alert set numinodes | numspace value [fs_name]
where fs_name is the name of the file system for which you want to set the file system alerts. fs_name is optional.
When setting the alert for numspace, value is the percentage you want to set to trigger the alert. By default, the alert is sent at 80%. The default value can be modified by not specifying a file system name in the command.
When setting the alert for numinodes, value is the number of inodes used. The default alert value for numinodes is set at 0. An alert will not be sent until you set it to a different value. Examples of alerts:
NUMSPACE alerts in Report> showevents
2011 Nov 14 23:55:02 [CLUS_01,alert,master] [[fs alert]] numspace set at 70(%) crossed for File System fs1, current usage 98(%)
NUMINODES alert in Report> showevents
2011 Nov 15 00:05:22 [CLUS_01,alert,master] [[fs alert]] numinodes set at 2000 crossed for File System fs1, current usage 7768
Examples for setting alerts that are file-system specific:
Storage> fs alert set numinodes 2M fs1 SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to 2M on the file system fs1
Storage> fs alert set numinodes 2M SFS fs SUCCESS V-288-663 Default Alert on the file systems of type [ numinodes ] set to 2M
Examples for default alerts:
Storage> fs alert set numspace 80 fs1 SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to 80 on the file system fs1
Storage> fs alert set numspace 60 SFS fs SUCCESS V-288-663 Default Alert on the file systems of type [ numspace ] set to 60 Creating and maintaining file systems 271 About setting up file system alerts for file system usage
Unsetting file system alerts You can unset the alerts set on a file system. If you unset an alert on any file system, you receive alerts for the file systems based on the default values. To unset file system alerts
◆ To unset file system alerts, enter the following:
Storage> fs alert unset numinodes | numspace [fs_name]
where fs_name is the name of the file system for which you want to unset the file system alert. fs_name is optional. Examples for unsetting alerts that are file-system specific:
Storage> fs alert unset numinodes fs1 SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to DEFAULT value on the file system fs1
Storage> fs alert unset numspace fs1 SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to DEFAULT value on the file system fs1
Examples of default alerts for unsetting alerts:
Storage> fs alert unset numinodes SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to Default value 0
Storage> fs alert unset numspace SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to Default value 80 (%)
Displaying file system alerts
You can display the current disk space usage and the set alert value. A D beside the value indicates that the value is the default value used throughout the system. 272 Creating and maintaining file systems About the Partition Secure Notification (PSN) feature
To display file system alerts
◆ To display file system alerts, enter the following:
Storage> fs alert show
For example:
Storage> fs alert show File System Alert Type Value Current Usage ======fs0 numspace 80% (D) 2% fs0 numinodes 6500 1000 fs1 numspace 80% (D) 2% fs1 numinodes 8000 10000 fs4 numspace 80(D)% 3% fs4 numinodes 2000000 (D) 4
About the Partition Secure Notification (PSN) feature FileStore is integrated with Symantec Enterprise Vault, a data archiving application, such that FileStore can be used as a backend data store for non-WORM and WORM files for Enterprise Vault. Enterprise Vault can be configured to retain original items that have been archived until the vault store partition has been backed up. Enterprise Vault provides a safety copy setting for each vault store for the above purpose. The safety copy setting can be set to various values like ImmediatelyAfterArchive or Afterbackup. To support the Afterbackup option, the vault store, for example, in this case, FileStore has to provide a notification to Enterprise Vault after it has successfully made a redundant copy of the data. Enterprise Vault can then remove the safety copies. Enterprise Vault also creates shortcuts and placeholders at this time, if Enterprise Vault is configured to do so. For more information about Enterprise Vault, refer to the Symantec Enterprise Vault Administrator's Guide.
Note: To configure Enterprise Vault to work with partitions supported by FileStore, when the Enterprise Vault Administration Console (VAC) asks you to input the Location for the new Vault Store Partition, enter the following as an example: \\10.209.105.101\myshare_myfs1\test\. The final backslash (\) needs to be entered to add the partition.
The Partition Secure Notification (PSN) feature refers to the FileStore feature that provides the above-mentioned notifications to Enterprise Vault. This feature is supported when either an NDMP backup or the FileStore replication service is Creating and maintaining file systems 273 About the Partition Secure Notification (PSN) feature
used. After each NDMP backup or replication session is completed, PSN finds the list of all Enterprise Vault partitions in PSN-enabled file systems, and notifies Enterprise Vault by creating an .xml file in the partition roots in an Enterprise Vault-specified format.
Enabling the Partition Secure Notification (PSN) feature
The Storage> fs evpsn enable command enables the Enterprise Vault (EV) Partition Secure Notification (PSN) feature on the specified file system. The specified file system must be online to enable this feature. To enable the Partition Secure Notification (PSN) feature
◆ To enable the PSN feature, enter the following:
Storage> fs evpsn enable fs_name
where fs_name is the specified file system where you want to enable the PSN feature. For example:
Storage> fs evpsn enable fs1 SFS fs SUCCESS V-288-650 evpsn enabled on fs1 successfully.
Disabling the Partition Secure Notification (PSN) feature
The Storage > evpsn disable command disables the Enterprise Vault (EV) Partition Secure Notification (PSN) feature on the specified file system. The specified file must be online to disable this feature. To disable the Partition Secure Notification (PSN) feature
◆ To disable the PSN feature, enter the following:
Storage> fs evpsn disable fs_name
where fs_name is the specified file system where you want to disable the PSN feature. For example:
Storage> fs evpsn disable fs1 SFS fs SUCCESS V-288-652 evpsn disabled on fs1 successfully. 274 Creating and maintaining file systems Upgrading a file system to the current layout for running deduplication
Listing the online file systems that have the Partition Secure Notification (PSN) feature enabled
The Storage> fs evpsn list command displays the list of online file systems that have the Enterprise Vault (EV) Partition Secure Notification (PSN) feature enabled. To list the online file systems that have the Partition Secure Notification (PSN) feature enabled
◆ To list the online file systems that have the Partition Secure Notification (PSN) feature enabled, enter the following:
Storage> fs evpsn list
For example:
Storage> fs evpsn list FS ======fs1
Upgrading a file system to the current layout for running deduplication FileStore deduplication will not work if the file system layout is not at the current version. The Storage> fs upgrade file_system_name command upgrades the file system layout to the current version.
Note: The file system needs to be online for this command to proceed.
See “About data deduplication” on page 137.
You can find information about the file system version by using the Storage> fs list file_system_name command. Creating and maintaining file systems 275 Upgrading a file system to the current layout for running deduplication
To upgrade a file system to the current layout for running deduplication 276 Creating and maintaining file systems Upgrading a file system to the current layout for running deduplication
◆ To upgrade a file system to the current layout, enter the following:
Storage> fs upgrade file_system_name
Storage> fs upgrade fs1 Upgrading the file system, are you sure that you want to upgrade the file system, the operation is irreversible, please enter yes/no yes
SFS fs INFO V-288-670 Proceeding with fs upgrade operation ... SFS fs SUCCESS V-288-1833 file system upgraded to version 8.
Storage> fs upgrade fs1 SFS fs ERROR V-288-646 File system fs1 is already at upgraded version 8.
Storage> fs upgrade fssim SFS fs ERROR V-288-685 fssim must be online to perform upgrade operation.
Example output displaying the file system layout prior to upgrading a file system version:
Storage> fs list fssim General Info: ======Block Size: 1024 Bytes Layout: Version 7 d188_01: offline d188_02: offline Primary Tier ======Size: 200.00M Use%: - Layout: simple Mirrors: - Columns: - Stripe Unit: 0.00 K FastResync: Disabled Mirror 1: List of pools: pd1 List of disks: fas2700_0 Defrag Status: Not Running Fullfsck Status: Not Running Creating and maintaining file systems 277 Upgrading a file system to the current layout for running deduplication
Example output displaying the file system layout after upgrading a file system version:
Storage> fs list fssim General Info: ======Block Size: 1024 Bytes Layout: Version 8 d188_01: online d188_02: online Primary Tier ======Size: 200.00M Use%: 3% Layout: simple Mirrors: - Columns: - Stripe Unit: 0.00 K FastResync: Disabled Mirror 1: List of pools: pd1 List of disks: fas2700_0 Defrag Status: Not Running Fullfsck Status: Not Running 278 Creating and maintaining file systems Upgrading a file system to the current layout for running deduplication Chapter 9
Using Symantec FileStore as a CIFS server
This chapter includes the following topics:
■ About configuring FileStore for CIFS
■ About configuring CIFS for standalone mode
■ Configuring CIFS server status for standalone mode
■ About configuring CIFS for NT domain mode
■ Configuring CIFS for the NT domain mode
■ About leaving an NT domain
■ Changing NT domain settings
■ Changing security settings
■ Changing security settings after the CIFS server is stopped
■ About Active Directory (AD)
■ Using the Active Directory CLI wizard for configuring Active Directory
■ About configuring CIFS for Active Directory (AD) domain mode
■ About setting NTLM
■ Setting NTLM
■ About setting trusted domains
■ About storing account information 280 Using Symantec FileStore as a CIFS server About configuring FileStore for CIFS
■ Storing user and group accounts
■ About reconfiguring the CIFS service
■ Reconfiguring the CIFS service
■ About managing CIFS shares
■ Sharing file systems using CIFS and NFS protocols
■ About mapping user names for CIFS/NFS sharing
■ About load balancing for the normal clustering mode
■ About load balancing for the ctdb clustering mode
■ About managing home directories
■ About ctdb clustering modes
■ Exporting a directory as a CIFS share
■ Exporting the same file system/directory as a different CIFS share
■ About switching the clustering mode
■ About migrating CIFS shares and home directories
■ Setting the aio_fork option
■ Setting the netbios aliases for the CIFS server
■ About managing local users and groups
■ Enabling CIFS data migration
About configuring FileStore for CIFS The Common Internet File System (CIFS), also known as the Server Message Block (SMB), is a network file sharing protocol that is widely used on Microsoft and other operating systems. This chapter describes the initial configuration of the FileStore CIFS service on two clustering modes and three operating modes, and how to reconfigure the FileStore CIFS service when, some CIFS settings are changed. The following clustering modes are supported by FileStore:
■ Normal Using Symantec FileStore as a CIFS server 281 About configuring FileStore for CIFS
■ Clustered Trivial Database (CTDB) - a cluster implementation of the TDB (Trivial database) based on the Berkeley database API The following operating modes are supported by FileStore:
■ User
■ Domain
■ ADS Each clustering mode supports all of the three operating modes. The ctdb clustering mode is a different clustered implementation of FileStore CIFS, which supports almost all of the features that are supported by normal clustering mode as well as some additional features. Additional features supported in ctdb clustering mode:
■ Directory-level share support
■ Multi-instance share export of a file system/directory
■ Simultaneous access of a share from multiple nodes and therefore better load balancing See “About ctdb clustering modes” on page 354. FileStore can be integrated into a network that consists of machines running Microsoft Windows. You can control and manage the network resources by using Active Directory or NT workgroup domain controllers. Before you use FileStore with CIFS, you must have administrator-level knowledge of the Microsoft operating systems, Microsoft services, and Microsoft protocols (including Active Directory and NT services and protocols). You can find more information about them at: www.microsoft.com. To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter CIFS> mode. See “About using the FileStore command-line interface” on page 31. When serving the CIFS clients, FileStore can be configured to operate in one of the operating mode environments described in Table 9-1. 282 Using Symantec FileStore as a CIFS server About configuring CIFS for standalone mode
Table 9-1 CIFS operating mode environments
Mode Definition
Standalone Information about the user and group accounts is stored locally on FileStore. FileStore also authenticates users locally using the Linux password and group files. This mode of operation is provided for FileStore testing and may be appropriate in other cases, for example, when FileStore is used in a small network and is not a member of a Windows security domain. In this mode of operation, you must create the local users and groups; they can access the shared resources subject to authorization control.
NT Domain FileStore becomes a member of an NT4 security domain. The domain controller (DC) stores user and group account information, and the Microsoft NTLM or NTLMv2 protocol authenticates.
Active Directory FileStore becomes a member of an AD security domain and is configured to use the services of the AD domain controller, such as DNS, LDAP, and NTP. Kerberos, NTLMv2, or NTLM authenticate users.
When FileStore operates in the NT or AD domain mode, it acts as a domain member server and not as the domain controller.
About configuring CIFS for standalone mode If you do not have an AD server or NT domain controller, you can use FileStore as a standalone server. FileStore is used in standalone mode when testing FileStore functionality and when it is not a member of a domain. Before you configure the CIFS service for the standalone mode, do the following:
■ Make sure that the CIFS server is not running.
■ Set security to user.
■ Start the CIFS server. To make sure that the configuration has changed, do the following:
■ Check the server status.
■ Display the server settings. Using Symantec FileStore as a CIFS server 283 About configuring CIFS for standalone mode
Table 9-2 Configure CIFS for standalone mode commands
Command Definition server status Checks the status of the CIFS server. See “Configuring CIFS server status for standalone mode” on page 284. server stop Stops the CIFS server if it is running. See “Configuring CIFS server status for standalone mode” on page 284. show Checks the security setting. See “Configuring CIFS server status for standalone mode” on page 284. set security user Sets security to user. This is the default value. In standalone mode you do not need to set the domaincontroller, domainuser, or domain.
See “Configuring CIFS server status for standalone mode” on page 284. server start Starts the service in standalone mode. See “Configuring CIFS server status for standalone mode” on page 284. 284 Using Symantec FileStore as a CIFS server Configuring CIFS server status for standalone mode
Configuring CIFS server status for standalone mode To check the CIFS server status 1 To check the status of the CIFS server, enter the following:
CIFS> server status
Be default, security is set to user, the required setting for standalone mode. The following example shows that security was previously set to ads. For example:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Disabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
2 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success. Using Symantec FileStore as a CIFS server 285 Configuring CIFS server status for standalone mode
To check the security setting 1 Check the current settings before setting security, enter the following:
CIFS> show
For example:
Name Value ------netbios name ctdb netbios aliases ntlm auth yes allow trusted domains no homedirfs aio size 1024 idmap backend rid:10000-1000000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER Clustering Mode normal
2 To set security to user, enter the following:
CIFS> set security user Global option updated. Note: Restart the CIFS server. 286 Using Symantec FileStore as a CIFS server Configuring CIFS server status for standalone mode
To start the CIFS service in standalone mode 1 To start the service in standalone mode, enter the following:
CIFS: server start Starting CIFS Server.....Success.
2 To display the new settings, enter the following:
CIFS> show
For example:
Name Value ------netbios name mycluster netbios aliases ntlm auth yes allow trusted domains no homedirfs aio size 1024 idmap backend rid:10000-1000000 workgroup SYMANTECDOMAIN security user Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER Clustering Mode normal
3 To make sure that the server is running in standalone mode, enter the following:
CIFS> server status
For example:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE
Homedirfs : fs1 Security : user Clustering Mode : normal
The CIFS service is now running in standalone mode. Using Symantec FileStore as a CIFS server 287 About configuring CIFS for NT domain mode
See “About managing local users and groups” on page 371. See “About managing CIFS shares” on page 329.
About configuring CIFS for NT domain mode Before you configure the CIFS service for the NT domain mode, do the following:
■ Make sure that an NT domain has already been configured.
■ Make sure that FileStore can communicate with the domain controller (DC) over the network.
■ Make sure that the CIFS server is stopped.
■ Set the domain user, domain, and domain controller.
■ Set the security to domain.
■ Start the CIFS server. To make sure that the configuration has changed, do the following:
■ Check the server status.
■ Display the server settings.
Table 9-3 Configuring CIFS for NT domain mode commands
Command Definition
set domainuser Sets the name of the domain user. The credentials of the domain user will be used at the domain controller while joining the domain. Therefore the domain user should be an existing NT domain user who has permission to perform the join domain operation. See “Configuring CIFS for the NT domain mode” on page 289.
set domain Sets the name for the NT domain that you would like FileStore to join and become a member. See “Configuring CIFS for the NT domain mode” on page 289. 288 Using Symantec FileStore as a CIFS server About configuring CIFS for NT domain mode
Table 9-3 Configuring CIFS for NT domain mode commands (continued)
Command Definition
set domaincontroller Sets the domain controller server names. You can pass a comma-separated list of primary and backup domain controller server names. Note: If security is set to domain, you can use both the AD server and the Windows NT 4.0 domain controller as domain controllers. However, if you use the Windows NT 4.0 domain controller, you can only use the netbios name of the domain controller to set the domaincontroller parameter.
See “Configuring CIFS for the NT domain mode” on page 289.
set security Before you set the security for the domain, you must set the domaincontroller, domainuser, and domain.
See “Configuring CIFS for the NT domain mode” on page 289.
set workgroup Sets the workgroup name. If the name of the WORKGROUP or NETBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. See “Configuring CIFS for the NT domain mode” on page 289.
server start The server joins the NT domain only when the server is started after issuing the CIFS> set security command.
See “Configuring CIFS for the NT domain mode” on page 289. Using Symantec FileStore as a CIFS server 289 Configuring CIFS for the NT domain mode
Configuring CIFS for the NT domain mode To set the domain user name for NT mode 1 To verify that the CIFS server is stopped, enter the following:
CIFS> server status
2 If the server is running, stop the server. enter the following:
CIFS> server stop
3 To set the user name, enter the following:
CIFS> set domainuser username
where username is an existing NT domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
To set the domain for the NT domain node
◆ To set the domain, enter the following:
CIFS> set domain domainname
where domainname is the name of the domain that FileStore will join. For example:
CIFS> set domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server. 290 Using Symantec FileStore as a CIFS server Configuring CIFS for the NT domain mode
To set the domain controller server names for the NT domain mode
◆ To set the domain controller server names, enter the following:
CIFS> set domaincontroller servernames
where servernames is a comma-separated list of primary and backup domain controller server names. The server name is the netbios name if it is a Windows NT 4.0 domain controller. For example, if the domain controller is a Windows NT 4.0 domain controller, enter the server name SYMSERVER:
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
To set security to domain for the NT domain mode
◆ To set security to domain, enter the following:
CIFS> set security security
Enter domain for security.
CIFS> set security domain Global option updated. Note: Restart the CIFS server.
To set the workgroup name for the NT domain mode
◆ To set the workgroup name if the WORKGROUP or NetBIOS domain name is different from the domain name, enter the following:
CIFS> set workgroup workgroup
where workgroup sets the WORKGROUP name. If the name of the WORKGROUP or NetBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. For example, if SIMPLE is the name of the WORKGROUP you want to set, you would enter the following:
CIFS> set workgroup SIMPLE
Though the following symbols $,( ), ', and & are valid characters for naming a WORKGROUP, the FileStore CIFS implementation does not allow using these symbols. Using Symantec FileStore as a CIFS server 291 Configuring CIFS for the NT domain mode
To start the CIFS server for the NT domain mode 1 To start the CIFS server, enter the following:
CIFS> server start
You are prompted for a domainuser password by:
CIFS> server start Trying to become a member in domain SYMANTECDOMAIN.COM ... Enter password for user 'administrator':
When you enter the correct password, the following messages appear:
Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server.....Success.
2 To find the current settings for the domain name, domain controller name, and domain user name, enter the following:
CIFS> show
3 To make sure that the service is running as a member of the NT domain, enter the following:
CIFS> server status
For example:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE
Homedirfs : fs1 Security : domain Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
The CIFS service is now running in the NT domain mode. You can export the shares, and domain users can access the shares subject to authentication and authorization control. 292 Using Symantec FileStore as a CIFS server About leaving an NT domain
About leaving an NT domain There is no FileStore command that lets you leave an NT domain. It happens automatically when the security or domain settings change, and then starts or stops the CIFS server. Thus, FileStore provides the domain leave operation depending on existing security and domain settings and new administrative commands. However, the leave operation requires the credentials of the old domain’s user. See “Changing NT domain settings” on page 292.
Table 9-4 Change NT domain settings commands
Command Definition
set domain Sets the domain. When you change any of the domain settings and you restart the CIFS server, the CIFS server leaves the old domain. Thus, when a change is made to either one or more of the domain, domain controller, or domain user settings, and the next time the CIFS server is started, the CIFS server first attempts to leave the existing join, and then joins the NT domain with the new settings. See “Changing NT domain settings” on page 292.
set security user Sets the security user. When you change the security setting, and you start or stop the CIFS server, the CIFS server leaves the existing NT domain. For example, if you change the security setting from domain to user and you stop or restart the CIFS server, it leaves the NT domain. See “Changing security settings” on page 294. If the CIFS server is already stopped, and you change the security to a value other than domain, FileStore leaves the domain. This method of leaving the domain is provided so that if a CIFS server is already stopped, and may not be restarted soon, you have a way to leave an existing join to the NT domain. See “Changing security settings after the CIFS server is stopped” on page 294.
Changing NT domain settings Each case assumes that the FileStore cluster is part of an NT domain. Using Symantec FileStore as a CIFS server 293 Changing NT domain settings
To verify if cluster is part of NT domain
◆ To verify if your cluster is part of the NT domain, enter the following:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE
Homedirfs : fs1 Security : domain Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
To change domain settings 1 To stop the CIFS server, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To change the domain, enter the following:
CIFS> set domain newdomain.com Global option updated. Note: Restart the CIFS server.
where newdomain.com is the new domain name. When you start the CIFS server, the CIFS server tries to leave the existing domain. This requires the old domainuser to enter their password. After the password is supplied, and the domain leave operation succeeds, the CIFS server joins an NT domain with the new settings. 3 To start the CIFS server, enter the following:
CIFS> server start Disabling membership in existing domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Left domain SYMANTECDOMAIN.COM
Trying to become a member in domain NEWDOMAIN.COM Enter password for user 'administrator': 294 Using Symantec FileStore as a CIFS server Changing security settings
Changing security settings To change security settings
◆ To set the security to user, enter the following:
CIFS> set security user Global option updated. Note: Restart the CIFS server.
To stop the CIFS server:
CIFS> server stop Disabling membership in existing domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Stopping CIFS Server.....Success. Left domain SYMANTECDOMAIN.COM
Changing security settings after the CIFS server is stopped To change security settings for a CIFS server that has been stopped
◆ To set security to a value other than domain, enter the following:
CIFS> set security user Disabling membership in existing domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Left domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server.
If the server is stopped, then changing the security mode will disable the membership of the existing domain.
About Active Directory (AD) In order to provide CIFS services, FileStore must be able to authenticate within the Windows environment. Active Directory (AD) is a technology created by Microsoft that provides a variety of network services including LDAP directory services, Kerberos-based Using Symantec FileStore as a CIFS server 295 About Active Directory (AD)
authentication, Domain Name System (DNS) naming, secure access to resources, and more.
Configuring entries for NTP for authenticating to Active Directory (AD) FileStore will not join the AD domain if its clock is excessively out-of-sync with the clock on the AD domain controller. Ensure that Network Time Protocol (NTP) is configured on FileStore, preferably on the same NTP server as the AD domain controller. To configure NTP on FileStore for authenticating to Active Directory 1 To set the NTP server on all of the nodes in the cluster, enter the following command:
System> ntp servername server-name
where server-name specifies the server name or the IP address you want to set. Ensure that the NTP service is enabled with the correct IP address of the NTP server. For example:
System> ntp servername 10.182.128.180
2 To enable the NTP server on all of the nodes in the cluster, enter the following command:
System> ntp enable
3 To display the NTP server on all of the nodes in the cluster, enter the following command:
System> ntp show
4 To check the FileStore clock, enter the following command:
System> clock show
Configuring entries for FileStore DNS for authenticating to Active Directory (AD) Name resolution must be configured correctly on FileStore. Domain Name System (DNS) is usually used for name resolution. 296 Using Symantec FileStore as a CIFS server About Active Directory (AD)
To configure entries for FileStore DNS for authenticating to Active Directory 1 Create an entry for the FileStore cluster name. The cluster name is chosen at the time of installation, and it cannot be reset afterwards. It is also the NetBios name of the cluster, hence it must resolve to an IP address. 2 Configure the FileStore cluster name in DNS so that queries to it return the Virtual IP Addresses (VIPs) associated with the FileStore cluster in a round-robin fashion. This is done by creating separate A records that map the cluster name to each VIP. So, if there are four VIPs associated with the FileStore cluster (not including special VIPs for backup, replication, Symantec AntiVirus for FileStore, and so on), then there must be four A records mapping the cluster name to the four VIPs. Using Symantec FileStore as a CIFS server 297 About Active Directory (AD)
3 Verify that the DNS server has correct entries for FileStore by querying from a client:
myclient:~ # nslookup myfilestore Server: 10.182.108.75 Address: 10.182.108.75#53
Name: myfilestore.sfstest-ad2.local Address: 10.182.96.31 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.30 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.29 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.28
In the above scenario, the DNS server at 10.182.108.75, with domain name sfstest-ad2.local, has been configured so that queries for myfilestore.sfstest-ad2.local rotate in a round-robin manner among IP addresses ranging from 10.182.96.28 through 10.182.96.31. All of these are VIPs associated with the FileStore cluster named myfilestore. After configuring the DNS server correctly, FileStore must be configured as a DNS client. This is done during installation, but may be modified by using the following commands:
Network> dns set domainname sfstest-ad2.local
Network> dns set nameservers 10.182.108.75
Network> dns enable 298 Using Symantec FileStore as a CIFS server About Active Directory (AD)
4 Verify that DNS client parameters are set correctly by entering the following command:
Network> dns show
5 Ensure host resolution is querying DNS by checking nsswitch:
Network> nsswitch show hosts: files dns
In the above scenario, host resolution first looks at files, and then DNS. Configuring name resolution correctly is critical in order to successfully join FileStore to Active Directory.
Joining FileStore to Active Directory (AD) To join FileStore to Active Directory (AD) 1 To stop the CIFS server, enter the following command.
CIFS> server stop
2 To set the domain, enter the following command:
CIFS> set domain sfstest-ad2.local
In this example, it is the same as the DNS domain name. This is the domain name of Active Directory. 3 To set the domain controller, enter the following command:
CIFS> set domaincontroller 10.182.108.75
In this example, it is the same as the DNS server that was configured earlier. This is the IP address of the Active Directory Domain Controller. However, this is not a requirement . The DNS server and Active Directory can run on different servers, and hence this IP address may be different from the IP address of the DNS server. 4 To set the domain user, enter the following command:
CIFS> set domainuser newuser
This is a user whose credentials are used to join the Active Directory domain. The domainuser must have Domain Join privilege into the Active Directory domain. The domainuser need not be Administrator. Using Symantec FileStore as a CIFS server 299 About Active Directory (AD)
5 To set the security style, enter the following command:
CIFS> set security ads
The other two supported security styles are user for local users and domain for NT Domains. For authenticating to Active Directory, use the ads security style. 6 To start the CIFS server, enter the following command:
CIFS> server start
FileStore displays the time on the cluster as well as the time on the Active Directory Domain Controller. If NTP has been configured correctly, then there will be no time skew. Otherwise, you will need to reconfigure NTP correctly. See “Configuring entries for NTP for authenticating to Active Directory (AD)” on page 295.
You will be prompted to enter the password of domainuser. 300 Using Symantec FileStore as a CIFS server Using the Active Directory CLI wizard for configuring Active Directory
Verifying that FileStore has joined Active Directory (AD) successfully To verify that FileStore has joined Active Directory (AD) successfully
◆ To verify that FileStore has joined Active Directory successfully, enter the following command:
CIFS> server status
For example:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs2,fs6 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
Refer to the Domain membership status line of the output to verify that the FileStore cluster has joined the domain (displays as Enabled) if the join is successful. If the cluster did not join the domain, an informative error message is provided indicating why the FileStore cluster cannot join the domain.
Using the Active Directory CLI wizard for configuring Active Directory
About configuring CIFS for Active Directory (AD) domain mode This section assumes that an Active Directory (AD) domain has already been configured and that FileStore can communicate with the AD domain controller (DC) over the network. The AD domain controller is also referred to as the AD server. Using Symantec FileStore as a CIFS server 301 About configuring CIFS for Active Directory (AD) domain mode
Table 9-5 Configure CIFS for AD domain mode commands
Command Definition set domainuser Sets the name of the domain user. The domain user's credentials will be used at the domain controller while joining the domain. Therefore, the domain user should be an existing AD user who has the permission to perform the join domain operation. See “Configuring CIFS for the AD domain mode” on page 302. set domain Sets the name of the domain for the AD domain mode that FileStore will join. See “Configuring CIFS for the AD domain mode” on page 302. set domaincontroller Sets the domain controller server name. See “Configuring CIFS for the AD domain mode” on page 302. set security Sets security for the domain. You must first set the domaincontroller, domainuser, and domain.
See “Configuring CIFS for the AD domain mode” on page 302. set workgroup Sets the workgroup name. If the name of the WORKGROUP or NETBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. See “Configuring CIFS for the AD domain mode” on page 302. server start Starts the server. The CIFS server joins the Active Directory domain only when the server is started after issuing the CIFS> set security command. See “Configuring CIFS for the AD domain mode” on page 302. 302 Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
Configuring CIFS for the AD domain mode To set the domain user for AD domain mode 1 To verify that the CIFS server is stopped, enter the following:
CIFS> server status
2 If the server is running, stop the server. enter the following:
CIFS> server stop
3 To set the domain user, enter the following:
CIFS> set domainuser username
where username is the name of an existing AD domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
To set the domain for AD domain mode
◆ To set the domain for AD domain mode, enter the following:
CIFS> set domain domainname
where domainname is the name of the domain. For example:
CIFS> set domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 303 About configuring CIFS for Active Directory (AD) domain mode
To set the domain controller for AD domain mode
◆ To set the domain controller, enter the following:
CIFS> set domaincontroller servername
where servername is the server's IP address or DNS name. For example, if the server SYMSERVER has an IP address of 172.16.113.118, you can specify one of the following:
CIFS> set domaincontroller 172.16.113.118 Global option updated. Note: Restart the CIFS server.
or
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
To set security to ads
◆ To set security to ads, enter the following:
CIFS> set security security
Enter ads for security.
CIFS> set security ads Global option updated. Note: Restart the CIFS server.
To set the workgroup
◆ To set the workgroup name if the WORKGROUP or NetBIOS domain name is different from the domain name, enter the following:
CIFS> set workgroup workgroup
where workgroup sets the WORKGROUP name. If the name of the WORKGROUP OR NetBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. For example, if SIMPLE is the name of the WORKGROUP you want to set, you would enter the following:
CIFS> set workgroup SIMPLE
Though the following symbols $,( ), ', and & are valid characters for naming a WORKGROUP, the FileStore CIFS implementation does not allow using these symbols. 304 Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
To start the CIFS server 1 To start the CIFS server, enter the following:
CIFS> server start
The skew of the system clock with respect to Domain controller is: -17 seconds
Time on Domain controller : Thu Dec 4 05:21:47 2008 Time on this system : Thu Dec 4 05:22:04 PST 2008
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain SYMANTECDOMAIN.COM ...
Enter password for user 'administrator':
After you enter the correct password for the user administrator belonging to AD domain SYMANTECDOMAIN.COM, the following message appears:
Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server.....Success.
2 To make sure that the service is running, enter the following:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
The CIFS server is now running in the AD domain mode. You can export the shares, and the domain users can access the shares subject to the AD authentication and authorization control. Using Symantec FileStore as a CIFS server 305 About configuring CIFS for Active Directory (AD) domain mode
Using multi-domain controller support in CIFS FileStore allows you to set a comma-separated list of primary and backup domain controllers for the given domain. For example:
CIFS> set domaincontroller SYMSERVER1,SYMSERVER2,SYMSERVER3 Global option updated. Note: Restart the CIFS server.
You will need to stop and start the CIF server. See “Reconfiguring the CIFS service” on page 327. To display the list of domain controllers
◆ To display the list of domain controllers, enter the following:
CIFS> show
Name Value ------netbios name sfs ntlm auth yes allow trusted domains no homedirfs aio size 1024 idmap backend rid 10000-1000000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER1 SYMSERVER2 SYMSERVER3 Clustering Mode normal
If the primary domain controller goes down, the CIFS server tries the next domain controller in the list until it receives a response. You should always point FileStore to the trusted domain controllers to avoid any security issues. FileStore will not perform list reduction or reordering, instead it will use the list as it is. So, avoid entering the redundant name for the same domain controller.
About leaving an AD domain There is no FileStore command that lets you leave an AD domain. It happens automatically as a part of change in security or domain settings, and then starts or stops the CIFS server. Thus, FileStore provides the domain leave operation 306 Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
depending on existing security and domain settings and new administrative commands. However, the leave operation requires the credentials of the old domain’s user. All of the cases for a domain leave operation have been documented in Table 9-6.
Table 9-6 Change AD domain mode settings commands
Command Definition
set domain Sets the domain. When you change any of the domain settings and you restart the CIFS server, the CIFS server leaves the old domain. Thus, when a change is made to either one or more of domain, domain controller, or domain user settings, and the next time the CIFS server is started, the CIFS server first attempts to leave the existing join and then joins the AD domain with the new settings. See “Changing domain settings for AD domain mode” on page 306.
set security user Sets the security user. If you change the security setting from ads to user and you stop or restart the CIFS server, it leaves the AD domain. When you change the security setting, and you stop or restart the CIFS server, the CIFS server leaves the existing AD domain. For example, the CIFS server leaves the existing AD domain if the existing security is ads, and the new security is changed to user, and the CIFS server is either stopped, or started again.
See “Changing domain settings for AD domain mode” on page 306. If the CIFS server is already stopped, changing the security to a value other than ads causes FileStore to leave the domain. Both the methods mentioned earlier require either stopping or starting the CIFS server. This method of leaving the domain is provided so that if a CIFS server is already stopped, and may not be restarted in near future, you should have some way of leaving an existing join to AD domain. See “Changing domain settings for AD domain mode” on page 306.
Changing domain settings for AD domain mode Each case assumes that the FileStore cluster is part of an AD domain. Using Symantec FileStore as a CIFS server 307 About configuring CIFS for Active Directory (AD) domain mode
To verify cluster is part of an AD domain
◆ To verify that you cluster is part of an AD domain, enter the following:
CIFS> server status CIFS Status on SFS_01 : ONLINE CIFS Status on SFS_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal 308 Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
To change domain settings for AD domain mode 1 To stop the CIFS server, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To change the domain, enter the following:
CIFS> set domain newdomain.com
When you start the CIFS server, it tries to leave the existing domain. This requires the old domainuser to enter its password. After the password is supplied, and the domain leave operation succeeds, the CIFS server joins an AD domain with the new settings. 3 To start the CIFS server, enter the following:
CIFS> server start Disabling membership in existing AD domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Left domain SYMANTECDOMAIN.COM
The skew of the system clock with respect to Domain controller is: -18 seconds
Time on this system: Thu Dec 4 05:21:47 2008 Time on this system : Thu Dec 4 05:22:04 PST 2008
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain NEWDOMAIN.COM...
Enter password for user 'administrator': Using Symantec FileStore as a CIFS server 309 About setting NTLM
To change the security settings for the AD domain mode
◆ To set the security to user, enter the following:
CIFS> set security user Global option updated. Note: Restart the CIFS server.
To stop the CIFS server:
CIFS> server stop Disabling membership in existing AD domain SYMANTECDOMAIN.COM
Enter password for user 'administrator' of domain SYMANTECDOMAIN.COM : Stopping CIFS Server.....Success. Left AD domain SYMANTECDOMAIN.COM
Changing security settings with stopped server on the AD domain mode
◆ To set security to a value other than ads, enter the following:
CIFS> set security user Disabling membership in existing AD domain SYMANTECDOMAIN.COM
Enter password for user 'administrator': Left AD domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server.
Removing the AD interface You can remove the FileStore cluster from the AD domain by using the Active Directory interface. To remove the FileStore cluster 1 Open the interface Active Directory Users and Computers. 2 In the domain hierarchy tree, click on Computers. 3 In the details pane, right-click the computer entry corresponding to FileStore (this can be identified by the FileStore cluster name) and click Delete.
About setting NTLM When you use FileStore in NT or AD domain mode, there is an optional configuration step that can be done. You can disable the use of Microsoft NTLM (NT LAN Manager) protocol for authenticating users. 310 Using Symantec FileStore as a CIFS server About setting NTLM
When FileStore CIFS service is running in the standalone mode (with security set to user) some versions of the Windows clients require NTLM authentication to be enabled. You can do this by setting CIFS> set ntlm_auth to yes. When NTLM is disabled and you use FileStore in the NT domain mode, the only protocol available for user authentication is Microsoft NTLMv2. When NTLM is disabled and you use FileStore in AD domain mode, the available authentication protocols is Kerberos and NTLMv2. The one used depends on the capabilities of both the FileStore clients, and domain controller. If no special action is taken, FileStore allows the NTLM protocol to be used. For any specific CIFS connection, all the participants, that is the client machine, FileStore and domain controller select the protocol that they all support and that provides the highest security. In the AD domain mode, Kerberos provides the highest security. In the NT domain mode, NTLMv2 provides the highest security.
Table 9-7 Set NTLM commands
Command Definition
set ntlm_auth no Disables NTLM. See “Setting NTLM” on page 311.
set ntlm_auth yes Enables NTLM. See “Setting NTLM” on page 311. Using Symantec FileStore as a CIFS server 311 Setting NTLM
Setting NTLM To disable NTLM 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To disable NTLM, enter the following:
CIFS> set ntlm_auth no
For example:
CIFS> set ntlm_auth no Global option updated. Note: Restart the CIFS server.
3 To start the CIFS service, enter the following:
CIFS> server start Starting CIFS Server.....Success.
To enable NTLM 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To enable the NTLM protocol, enter the following:
CIFS> set ntlm_auth yes
For example:
CIFS> set ntlm_auth yes Global option updated. Note: Restart the CIFS server.
3 To start the CIFS service, enter the following:
CIFS> server start Starting CIFS Server.....Success. 312 Using Symantec FileStore as a CIFS server About setting trusted domains
About setting trusted domains The Microsoft Active Directory supports the concept of trusted domains. When you authenticate users, you can configure domain controllers in one domain to trust the domain controllers in another domain. This establishes the trust relation between the two domains. When FileStore is a member in an AD domain, both FileStore and the domain controller are involved in authenticating the clients. You can configure FileStore to support or not support trusted domains.
Table 9-8 Set trusted domains commands
Command Definition
set Enables the use of trusted domains in the AD domain mode. allow_trusted_domains Note: If the security mode is user, it is not possible to enable yes AD trusted domains. All the IDMAP backend methods (rid, ldap, and hash) are able to support trusted domains.
See “Setting Active Directory trusted domains” on page 322.
set Disables the use of trusted domains in the AD domain mode. allow_trusted_domains See “Setting Active Directory trusted domains” on page 322. no
Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to rid To allow trusted domains access to CIFS when setting LDAP IDMAP backend to rid 1 If the CIFS server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To set the idmap_backend to rid, enter the following:
CIFS> set idmap_backend rid Global option updated. Note: Restart the CIFS server.
3 To set allow_trusted_domains to yes, enter the following:
CIFS> set allow_trusted_domains yes Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 313 About setting trusted domains
4 To start the CIF server again, enter the following:
CIFS> server start Starting CIFS Server.....Success.
5 To verify the CIFS server status when there are trusted domains, enter the following:
CIFS> server status CIFS Status on SFS_01 : ONLINE CIFS Status on SFS_02 : ONLINE
Homedirfs : homefs Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal Trusted Domains : SYMANTECDOMAIN1 [SYMANTECDOMAIN2] SYMANTECDOMAIN3
Domain names containing square brackets indicate that the domain used to be a trusted domain, but the domain is currently obsolete.
Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to ldap To allow trusted domains access to CIFS when setting an LDAP IDMAP backend to ldap 1 To configure AD as an LDAP IDMAP backend, follow the steps provided at: See “About configuring Windows Active Directory as an LDAP IDMAP backend for FileStore for CIFS” on page 315. 2 If the CIFS server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
3 To set idmap_backend to ldap, enter the following:
CIFS> set idmap_backend ldap Global option updated. Note: Restart the CIFS server. 314 Using Symantec FileStore as a CIFS server About setting trusted domains
4 To set allow_trusted_domains to yes, enter the following:
CIFS> set allow_trusted_domains yes Global option updated. Note: Restart the CIFS server.
5 To restart the CIFS server again, enter the following:
CIFS> server start Starting CIFS Server.....Success.
6 To verify the CIFS server status when there are trusted domains, enter the following:
CIFS> server status CIFS Status on SFS_01 : ONLINE CIFS Status on SFS_02 : ONLINE
Homedirfs : homefs Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal Trusted Domains : SYMANTECDOMAIN1 SYMANTECDOMAIN2 SYMANTECDOMAIN3
Allowing trusted domains access to CIF when setting an LDAP IDMAP backend to hash To allow trusted domains access to CIF when setting an LDAP IDMAP backend to hash 1 If the CIFS server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To set idmap_backend to hash, enter the following:
CIFS> set idmap_backend hash Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 315 About setting trusted domains
3 To set allow_trusted_domains to yes, enter the following:
CIFS> set allow_trusted_domains yes Global option updated. Note: Restart the CIFS server.
4 To verify the CIFS server status when there are trusted domains, enter the following:
CIFS> server status CIFS Status on SFS_01 : ONLINE CIFS Status on SFS_02 : ONLINE
Homedirfs : homefs Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal Trusted Domains : SYMANTECDOMAIN1 SYMANTECDOMAIN2 SYMANTECDOMAIN3
About configuring Windows Active Directory as an LDAP IDMAP backend for FileStore for CIFS The FileStore CIFS server requires equivalent UNIX identities for Windows accounts to service requests from Windows clients. In the case of trusted domains, FileStore has to store the mapped UNIX identities (IDMAP) in a centralized database that is accessible from each of the cluster nodes. Active Directory (AD), as with any LDAP V3 compliant directory service, can function as the backend for FileStore CIFS IDMAP backend storage. When the FileStore CIFS server joins a Windows Active Directory Domain as a member server, and you want to use LDAP as an IDMAP backend, then it is necessary to create an Active Directory application partition for the IDMAP database. To support the creation of an Active Directory application partition, Windows 2003 R2 and above version is required. Active Directory application partition provides the ability to control the scope of replication and allow the placement of replicas in a manner more suitable for dynamic data. As a result, the application directory partition provides the capability of hosting dynamic data in the Active Directory server, thus allowing ADSI/LDAP access to it. 316 Using Symantec FileStore as a CIFS server About setting trusted domains
By extending the AD schema with the necessary CIFS-schema extensions, and creating an AD application partition, it is possible to store CIFS IDMAP data entries in AD, using one or more domain controllers as IDMAP LDAP backend servers. Also, it is possible to replicate this information in a simple and controlled manner to a subset of AD domain controllers located either in the same domain or in different domains in the AD forest.
Note: A single domain user account is used, for example, cifsuser for setting application partition Access Control List (ACL) settings. Make sure the selected user naming context has no space key inside (for example, CN=cifsuser1,CN=Users,DC=example,DC=com). A sample AD server is used, for example, adserver.example.com. Use relevant values when configuring your AD server.
Configuring the Active Directory schema with CIFS-schema extensions To extend the Active Directory schema with the necessary CIFS-schema extensions 1 Login with SchemaAdmins privileges on the Active Directory Forest Schema Master domain controller.
2 Download ADCIFSSchema.zip from the FileStore server (/opt/VRTSnasgw/install/ADCIFSSchema.zip) with software such as WinSCP.exe.
3 Unzip the file and open each .ldf file to perform a search and replace of the string dc=example,dc=com, replacing the string with the top-level domain component (that is, dc=yourdomain,dc=com) values for the AD forest.
4 Install the schema extensions by executing the schemaupdate.bat file from the command prompt. To validate the schema extensions
1 Execute regsvr32 schmmgmt.dll in a command prompt window to install the Active Directory Schema Snap-In on the AD server.
2 Enter mmc in Run. 3 On the File menu, click Add/Remove Snapin. 4 In Available snap-ins, click Active Directory Schema, and then click Add. Using Symantec FileStore as a CIFS server 317 About setting trusted domains
5 Click OK. 6 Click Attributes in the left frame, and try to find uidNumber and gidNumber in the right frame. Validate that the uidNumber and gidNumber attributes have no minimum or maximum value setting by viewing the properties of the attribute objects. To create an application partition 1 Open a command prompt window on the domain controller that will hold the first replica of the application partition.
2 Enter ntdsutil in the command prompt window.
3 At the ntdsutil command prompt, enter the following:
domain management
If you are using Windows 2008, change this command to the following:
partition management
4 At the domain management command prompt, enter the following:
connection
5 At the connection command prompt, enter the following:
connect to server adserver.example.com
6 At the connection command prompt, enter the following:
quit 318 Using Symantec FileStore as a CIFS server About setting trusted domains
7 At the domain management command prompt, enter the following such as:
create nc dc=idmap,dc=example,dc=com null
Example settings:
C:\>ntdsutil ntdsutil: domain management domain management: connection server connections: connect to server adserver.example.com Binding to adserver.example.com ... Connected to adserver.si2m.com using credentials of locally logged on user. server connections: quit domain management: create nc dc=idmap,dc=example,dc=com NULL adding object dc=idmap,dc=example,dc=com domain management: quit ntdsutil: quit Disconnecting from adserver.example.com... Using Symantec FileStore as a CIFS server 319 About setting trusted domains
8 Once the application partition has been created, open ADSIedit.msc fromRun, then right-click on ADSI Edit in the left frame, and click connect to ... to connect to the application partition using the settings as indicated:
Name Enter Domain.
Connection Point Select or enter a Distinguished Name or Naming Context, as in:
dc=idmap,dc=example,dc=com
Computer Select or enter a domain or server, as in:
adserver.example.com 320 Using Symantec FileStore as a CIFS server About setting trusted domains
9 Once connected, select the top-level application partition (for example, dc=idmap,dc=example,dc=com) node in the left panel, and right-click to select New then Object from the list, and then select SambaUnixIdPool.
When prompted, enter the following values:
OU attribute cifsidmap
uidNumber 10000
gidNumber 10000
10 Click Finish to complete the configuration. 11 Once the ou=cifsidmap,dc=idmap,dc=example,dc=com container has been created, right-click the object, and select properties. 12 On the Security tab, click Add, and proceed to add the cifsuser user account, and grant the account Read, Write, Create All Child Objects, and Delete All Child Objects permissions. Using Symantec FileStore as a CIFS server 321 About setting trusted domains
Configuring LDAP as an IDMAP backend using the FileStore CLI To configure LDAP as an IDMAP backend using the FileStore CLI
1 Log into the FileStore cluster CLI using the master account.
2 Configure Network> ldap settings. Example settings:
Network> ldap set basedn dc=idmap,dc=example,dc=com Network> ldap set binddn cn=cifsuser,dc=example,dc=com Network> ldap set rootbinddn cn=cifsuser,cn=users,dc=example,dc=com Network> ldap set server adserver.example.com Network> ldap enable
Configuring the CIFS server with the LDAP backend To configure the CIFS server with the LDAP backend
1 Log into the FileStore cluster CLI using the master account. 2 Set the domain, domaincontroller, and domainuser.
3 Set security to ads.
4 Set idmap_backend to ldap, and specify idmap OU as cifsidmap. Example settings:
CIFS> set domain example.com CIFS> set domainuser administrator CIFS> set domaincontroller adserver.example.com CIFS> set security ads CIFS> set idmap_backend ldap cifsidmap CIFS> server start
5 Start the CIFS server. The CIFS server will take some time to import all the users from the joined domain and trusted domain(s) to the application partition. Wait for at least ten minutes before trying to access the shares from Windows clients after starting the CIFS server. To validate that IDMAP entries are being entered correctly in the Active Directory application partition, connect to the Active Directory application partition using an LDAP administration tool, for example, LDP or ADSIEdit. Expand the IDMAP container (ou=cifsidmap). There should be numerous entries. 322 Using Symantec FileStore as a CIFS server About setting trusted domains
Setting Active Directory trusted domains To enable Active Directory (AD) trusted domains 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To enable trusted domains, enter the following:
CIFS> set allow_trusted_domains yes
For example:
CIFS> set allow_trusted_domains yes Global option updated. Note: Restart the CIFS server.
3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success.
To disable trusted domains 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To disable trusted domains, enter the following:
CIFS> set allow_trusted_domains no
For example:
CIFS> set allow_trusted_domains no Global option updated. Note: Restart the CIFS server.
3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success. Using Symantec FileStore as a CIFS server 323 About storing account information
About storing account information FileStore maps between the domain users and groups (their identifiers) and local representation of these users and groups. Information about these mappings can be stored locally on FileStore or remotely using the DC directory service. FileStore uses the idmap_backend configuration option to decide where this information is stored. This option can be set to one of the following:
rid Maps SIDs for domain users and groups by deriving UID and GID from RID on the FileStore CIFS server.
ldap Stores the user and group information in the LDAP directory service.
hash Maps SIDs for domain users and groups to 31-bit UID and GID by the implemented hashing algorithm on the FileStore CIFS server.
Note: SID/RID are Microsoft Windows concepts that can be found at: http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx.
The rid and hash values can be used in any of the following modes of operation:
■ Standalone
■ NT domain
■ AD domain
rid is the default value for idmap_backend in all of these operational modes. The ldap value can be used if the AD domain mode is used. 324 Using Symantec FileStore as a CIFS server About storing account information
Table 9-9 Store account information commands
Command Definition
set idmap_backend Configures FileStore to store information about users and groups rid locally. Trusted domains are allowed if allow_trusted_domains is set to yes. The uid_range is set to 10000-1000000 by default.
Change the default range in cases where it is not appropriate to accommodate local FileStore cluster users, Active Directory, or trusted domain users. Do not attempt to modify LOW_RANGE_ID (10000) if user data has already been created or copied on the CIFS server. This may lead to data access denied issues since the UID changes. See “Storing user and group accounts” on page 325.
set idmap_backend Allows you to obtain the unique SID to UID/GID mappings by the hash implemented hashing algorithm. Trusted domains are allowed if allow_trusted_domains is set to yes.
See “Storing user and group accounts” on page 325.
set idmap_backend Configures FileStore to store information about users and groups in ldap a remote LDAP service. You can only use this command when FileStore is operating in the AD domain mode. The LDAP service can run on the domain controller or it can be external to the domain controller. Note: For FileStore to use the LDAP service, the LDAP service must include both RFC 2307 and proper schema extensions.
See “Configuring LDAP as an IDMAP backend using the FileStore CLI” on page 321. This option tells the CIFS server to obtain SID to UID/GID mappings from a common LDAP backend. This option is compatible with multiple domain environments. So allow_trusted_domains can be set to yes.
If idmap_backend is set to ldap, you must first configure the FileStore LDAP options using the Network> ldap commands.
See “About LDAP” on page 181. See “Storing user and group accounts” on page 325. Using Symantec FileStore as a CIFS server 325 Storing user and group accounts
Storing user and group accounts To set idmap_backend to rid 1 If the server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To store information about user and group accounts locally, enter the following:
CIFS> set idmap_backend rid [uid_range]
where uid_range represents the range of identifiers that are used by FileStore when mapping domain users and groups to local users and groups. The default range is 10000-1000000. 3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success.
To set idmap_backend to LDAP 1 To make sure that you have first configured LDAP, enter the following:
Network> ldap show
2 If the CIFS server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
3 To use the remote LDAP store for information about the user and group accounts, enter the following:
CIFS> set idmap_backend ldap [idmap_ou]
where idmap_ou represents the CIFS idmap Organizational Unit Name (OU) configured on the LDAP server, which is used by FileStore when mapping users and groups to local users and groups. The default value is cifsidmap. 4 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success. 326 Using Symantec FileStore as a CIFS server About reconfiguring the CIFS service
To set idmap_backend to a hash algorithm 1 If the CIFS server is running, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
2 To store information about user and group accounts locally, enter the following:
CIFS> set idmap_backend hash
3 To start the CIFS server, enter the following:
CIFS> server start Starting CIFS Server.....Success.
About reconfiguring the CIFS service Sometime after you have configured the CIFS service, and used it for awhile, you need to change some of the settings. For example, you may want to allow the use of trusted domains or you need to move FileStore from one security domain to another. To carry out these changes, set the new settings and then start the CIFS server. As a general rule, you should stop the CIFS service before making the changes. An example where FileStore is moved to a new security domain (while the mode of operation stays unchanged as, AD domain) is referenced in the section below. See “Reconfiguring the CIFS service” on page 327. This example deals with reconfiguring CIFS. So make sure that if any of the other AD services like DNS or NTP are being used by FileStore, that FileStore has already been configured to use these services from the AD server belonging to the new domain. Make sure that the DNS service, NTP service and, if used as an ID mapping store, also the LDAP service, are configured as required for the new domain. To reconfigure the CIFS service, do the following:
■ Make sure that the server is not running.
■ Set the domain user, domain, and domain controller.
■ Start the CIFS server. Using Symantec FileStore as a CIFS server 327 Reconfiguring the CIFS service
Table 9-10 Reconfigure the CIFS service commands
Command Definition
set domainuser Changes the configuration option to reflect the values appropriate for the new domain. See “Reconfiguring the CIFS service” on page 327.
set domain Changes the configuration option to reflect the values appropriate for the new domain. See “Reconfiguring the CIFS service” on page 327.
set Changes the configuration option to reflect the values appropriate domaincontroller for the new domain. See “Reconfiguring the CIFS service” on page 327.
server start Starts the server and causes it to leave the old domain and join the new Active Directory domain. You can only issue this command after you enter the CIFS> set security command.
See “Reconfiguring the CIFS service” on page 327.
Reconfiguring the CIFS service To set the user name for the AD 1 To verify that the CIFS server is stopped, enter the following:
CIFS> server status
2 If the server is running, stop the server, and enter the following:
CIFS> server stop
3 To set the user name for the AD, enter the following:
CIFS> set domainuser username
where username is the name of an existing AD domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server. 328 Using Symantec FileStore as a CIFS server Reconfiguring the CIFS service
To set the AD domain
◆ To set the AD domain, enter the following:
CIFS> set domain domainname
where domainname is the name of the domain. This command also sets the system workgroup. For example:
CIFS> set domain NEWDOMAIN.COM Global option updated. Note: Restart the CIFS server.
To set the AD server
◆ To set the AD server, enter the following:
CIFS> set domaincontroller servername
where servername is the AD server IP address or DNS name. For example, if the AD server SYMSERVER has an IP address of 172.16.113.118, you can specify one of the following:
CIFS> set domaincontroller 172.16.113.118 Global option updated. Note: Restart the CIFS server.
or
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
If you use the AD server name, you must configure FileStore to use a DNS server that can resolve this name. Using Symantec FileStore as a CIFS server 329 About managing CIFS shares
To start the CIFS server 1 To start the CIFS server, enter the following:
CIFS> server start
The skew of the system clock with respect to Domain controller is: 3 seconds
Time on Domain controller : Fri May 30 06:00:03 2008 Time on this system : Fri May 30 06:00:00 PDT 2008
If the above clock skew is greater than that allowed by the server, then the system won’t be able to join the AD domain
Enter password for user 'administrator':
Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server..
2 To make sure that the service is running, enter the following:
CIFS> server status
3 To find the current settings, enter the following:
CIFS> show
About managing CIFS shares You can export the FileStore file systems to the clients as CIFS shares. When a share is created, it is given a name. The name is different from the file system name. Clients use the share name when they import the share. You create and export a share with one command. The same command binds the share to a file system, and you can also use it to specify share properties. In addition to exporting file systems as CIFS share, you can use FileStore to store the users' home directories. Each of these home directories is called a home directory share. Shares which are used to export ordinary file systems (that is, file systems which are not used for home directories), are called ordinary shares to distinguish them from the home directory shares. 330 Using Symantec FileStore as a CIFS server About managing CIFS shares
Table 9-11 Manage the CIFS shares commands
Command Definition
share show Displays information on one or all exported shares. The information is displayed for a specific share includes the name of the file system which is being exported and the values of the share options. See “Setting share properties” on page 333.
share add Exports a file system with the given sharename or re-export new options to an existing share. The new options are updated after this command is run. This CIFS command, which creates and exports a share, takes as input the name of the file system which is being exported, the share name, and optional attributes. You can use the same command for a share that is already exported. You can do this if it is required to modify the attributes of the exported share. A file system used for storing users home directories cannot be exported as a CIFS share, and a file system that is exported as a CIFS share cannot be used for storing users' home directories. See “Setting share properties” on page 333.
share delete Stops the associated file system from being exported. Any files and directories which may have been created in this file system remain intact; they are not deleted as a result of this operation. See “Setting share properties” on page 333.
share allow Allows only the specified users and groups to access the share. If all is specified, then default access restrictions are restored on the share. By default, all users and groups are allowed to access the share. See “Setting share properties” on page 333.
share deny Denies the specified users and groups access to the share. If all is specified, then all the users and groups are not able to access the share. By default, none of the users or groups are denied access to the share. Note: If a user or group is present in both the share allow and share deny list, then access is denied to that user or group.
See “Setting share properties” on page 333.
share modify Allows you to modify any CIFS share. See “Setting share properties” on page 333. Using Symantec FileStore as a CIFS server 331 About managing CIFS shares
About the CIFS export options The following are the CIFS export options.
Table 9-12 CIFS export options
CIFS export option Definition
rw There is a share option which specifies if the files in the share will be read-only or if both read and write access will be possible, subject to the authentication and authorization checks when a specific access is attempted. This share option can be given one of these values, either rw or ro.
Grants read and write permission to the exported share.
ro (Default) Grants read-only permission to the exported share. Files cannot be created or modified.
guest Another configuration option specifies if a user trying to establish a CIFS connection with the share must always provide the user name and password, or if they can connect without it. In this case, only restricted access to the share will be allowed. The same kind of access is allowed to anonymous or guest user accounts. This share option can have one of the following values, either guest or noguest. FileStore allows restricted access to the share when no user name or password is provided.
noguest (Default) FileStore always requires the user name and password for all of the connections to this share.
full_acl All Windows Access Control Lists (ACLs) are supported except in the case when you attempt using the Windows Explorer folder Properties > Security GUI to inherit down to a non-empty directory hierarchy while denying all access to yourself.
no_full_acl (Default) Some advanced Windows Access Control Lists (ACLs) functionality does not work. For example, if you try to create ACL rules on files saved in a CIFS share using Windows explorer while allowing some set of file access for user1 and denying file access for user2, this is not possible when CIFS shares are exported using no_full_acl.
hide_unreadable Prevents clients from seeing the existence of files and directories that are not readable to them. The default is: hide_unreadable is set to off. 332 Using Symantec FileStore as a CIFS server About managing CIFS shares
Table 9-12 CIFS export options (continued)
CIFS export option Definition
veto_sys_files To hide some system files (lost+found, quotas, quotas.grp) from displaying when using a CIFS normal share, you can use the veto_sys_files CIFS export option. For example, when adding a CIFS normal share, the default is to display the system files. To hide the system files, you must use the veto_sys_files CIFS export option.
fs_mode When a file system or directory is exported by CIFS, its mode is set to an fs_mode value. It is the UNIX access control set on a file system, and CIFS options like rw/ro do not take precedence over it. This value is reset to 0755 when the CIFS share is deleted.
The default is: fs_mode = 1777.
dir_mask When a directory is created under a file system or directory exported by CIFS, the necessary permissions are calculated by mapping DOS modes to UNIX permissions. The resulting UNIX mode is then bit-wise 'AND'ed with this parameter. Any bit not set here is removed from the modes set on a directory when it is created. The default is: dir_mask = 0755.
create_mask When a file is created under a file system or directory exported by CIFS, the necessary permissions are calculated by mapping DOS modes to UNIX permissions. The resulting UNIX mode is then bit-wise 'AND'ed with this parameter. Any bit not set here is removed from the modes set on a file when it is created. The default is: create_mask = 0744.
oplocks (Default) FileStore supports the CIFS opportunistic locks. You can enable or disable them for a specific share. The opportunistic locks improve performance for some workloads, and there is a share configuration option which can be given one of the following values, either oplocks or nooplocks. FileStore supports opportunistic locks on the files in this share.
nooplocks No opportunistic locks will be used for this share. Disable the oplocks when:
■ 1) A file system is exported over both CIFS and NFS protocols. ■ 2) Either CIFS or NFS protocol has read and write access. Using Symantec FileStore as a CIFS server 333 About managing CIFS shares
Table 9-12 CIFS export options (continued)
CIFS export option Definition
owner There are more share configuration options that can be used to specify the user and group who own the share. If you do not specify these options for a share, FileStore uses the current values as default values for these options. You may want to change the default values to allow a specific user or group to be the share owner. Irrespective of who are owner and group of the exported share, any CIFS clients can create folders and files in the share. However, there are some operations that require owner privileges; for example, changing the owner itself, and changing permissions of the top-level folder (that is, the root directory in UNIX terms). To enable these operations, you can set the owner option to a specific user name, and this user can perform the privileged operations.
group By default, the current group is the primary group owner of the root directory of the exported share. This lets CIFS clients create folders and files in the share. However, there are some operations that require group privileges; for example, changing the group itself, and changing permissions of the top-level folder (that is, the root directory in UNIX terms). To enable these operations, you can set the group option to a specific group name, and this group can perform the privileged operations.
ip FileStore lets you specify a virtual IP address. This address must be part of the FileStore cluster, and is used by the system to serve the share internally. Note: ip is not a valid CIFS option when using the ctdb clustering mode.
See “About ctdb clustering modes” on page 354.
Setting share properties After a file system is exported as a CIFS share, you can decide to change one or more share options. This is done using the same share add command, giving the name of an existing share and the name of the file system exported with this share. FileStore will realize the given share has already been exported and that it is only required to change the values of the share options. For example, to export the file system fs1 with the name share1, enter the following: 334 Using Symantec FileStore as a CIFS server About managing CIFS shares
CIFS> share add fs1 share1 "owner=administrator,group=domain users,rw" Exporting CIFS filesystem : share1 ... CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=administrator,group=domain users,rw
To export a file system
◆ To export a file system, enter the following:
CIFS> share add filesystem sharename [cifsoptions]
filesystem An FileStore file system that you want to export as a CIFS share. The given file system must not be currently used for storing the home directory shares. The file system or directory path should always start with the file system name, not with the file system mount point /vx.
sharename The name for the newly-exported share. Names of the FileStore shares can consist of the following characters: lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-" cannot be used as the first character in a share name). Note: A share name cannot exceed 256 characters.
cifsoptions A comma-separated list of CIFS export options. This part of the command is optional. If a CIFS export option is not provided, FileStore uses the default value. See “About the CIFS export options” on page 331.
For example, an existing file system called FSA being exported as a share called ABC:
CIFS> share add FSA ABC rw,guest,owner=john,group=abcdev
Hiding system files when adding or modifying a CIFS normal share When adding a CIFS normal share, the default is to display the system files (lost+found, quotas, quotas.grp). To hide the system files, you must use the veto_sys_files CIFS export option. Using Symantec FileStore as a CIFS server 335 About managing CIFS shares
See “About the CIFS export options” on page 331. To hide system files when adding or modifying a CIFS normal share
◆ To hide system files when adding a CIFS normal share, enter the following:
CIFS> share add filesystem sharename [cifsoption]
Use the veto_sys_files CIFS export option to hide system files. For example:
CIFS> share add fs1 share1 veto_sys_files Exporting CIFS filesystem : share1 ...Success. CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,fs_mode=1777,veto_sys_files
CIFS> share show ShareName FileSystem ShareOptions share2 fs2 owner=root,group=root,fs_mode=1777 CIFS> share modify share2 veto_sys_files Warning: Modifying an already existing share...... Done
CIFS> share show ShareName FileSystem ShareOptions share2 fs2 owner=root,group=root,fs_mode=1777,veto_sys_files 336 Using Symantec FileStore as a CIFS server About managing CIFS shares
Displaying CIFS share properties To display share properties 1 To display the information about all of the exported shares, enter the following:
CIFS> share show
For example:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root
2 To display the information about one specific share, enter the following:
CIFS> share show sharename
For example:
CIFS> share show share1 ShareName VIP Address share1 10.10.10.10 Using Symantec FileStore as a CIFS server 337 About managing CIFS shares
Allowing specified users and groups access to the CIFS share To allow specified users and groups access to the CIFS share
◆ To allow specified users and groups access to the CIFS share, enter the following:
CIFS> share allow sharename @group1 [,@group2,user1,user2,...] sharename Name of the CIFS share for which you want to allow specified users and groups access. Names of the FileStore shares are case- sensitive and can consist of the following characters: lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-", cannot be used as the first character in a share name). group If the CIFS server joined a domain, and there is a space in the user or group name, the user or group name needs to be entered with double quotes (for example, "@domain users"). By default, all groups are allowed to access the shares. In the case where a CIFS share has joined a domain, and the domain contains trusted domains, and allow_trusted_domains is set to yes on the CIFS server, if you want to allow/deny users or groups from the trusted domains, the user or group needs to be prefixed with the trusted domain name. Separate the domain and user/group with a double backslash. For example:
CIFS> share allow sharename "@domain name\\group name" user Name of the CIFS user allowed access to the CIFS share. By default, all users are allowed to access the shares.
If all is specified, then default access restrictions are restored on the CIFS share.
CIFS> share allow share1 user1,@group1 Warning: Modifying an already existing share...... Done 338 Using Symantec FileStore as a CIFS server About managing CIFS shares
Denying specified users and groups access to the CIFS share To deny specified users and groups access to the CIFS share
◆ To deny specified users and groups access to the CIFS share, enter the following:
CIFS> share deny sharename @group1[,@group2,user1,user2,...]
sharename Name of the CIFS share for which you want to deny specified users and groups access. Names of the FileStore shares are case- sensitive and can consist of the following characters: lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-", cannot be used as the first character in a share name).
group If the CIFS server joined a domain, and there is a space in the user or group name, the user or group name needs to be entered with double quotes (for example, "@domain users"). By default, all groups are allowed to access the shares. In the case where a CIFS share has joined a domain, and the domain contains trusted domains, and CIFS is set to trusted domains as true, if you want to allow/deny users or groups from the trusted domains, the user or group needs to be prefixed with the trusted domain name. Separate the domain and user/group with a double backslash. For example:
CIFS> share deny sharename "@domain name\\user name"
user Name of the CIFS user denied access to the CIFS share. By default, all users are allowed to access the shares.
If all is specified, then all the users and groups are not able to access the share.
CIFS> share deny share1 user1,@group1 Warning: Modifying an already existing share...... Done Using Symantec FileStore as a CIFS server 339 About managing CIFS shares
Modifying an existing CIFS share To modify an existing CIFS share
◆ To modify an existing CIFS share, enter the following:
CIFS> share modify sharename [cifsoptions]
sharename Name of the CIFS share you want to modify. Names of the FileStore shares are case- sensitive and can consist of the following characters: lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-", cannot be used as the first character in a share name).
cifsoptions A comma-separated list of CIFS export options. This part of the command is optional.
For example:
CIFS> share modify share1 ro Warning: Modifying an already existing share. Done 340 Using Symantec FileStore as a CIFS server About managing CIFS shares
Modifying an existing CIFS share with different CIFS options To modify an existing CIFS share with different CIFS options 1 To modify an existing CIFS share with different CIFS options, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share3 fs3 owner=root,group=root,fs_mode=1777 share4 fs4 owner=root,group=root,fs_mode=1777,rw
2 To modify the CIFS share, enter the following:
CIFS> share modify share4 rw,full_acl,oplocks Warning: Modifying an already existing share. ..Done
The CIFS> share modify command overwrites the previous value for cifsoptions. See “About the CIFS export options” on page 331. 3 To list the CIFS shares, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share3 fs3 owner=root,group=root,fs_mode=1777 share4 fs4 owner=root,group=root,fs_mode=1777,rw, full_acl,oplocks
Exporting a CIFS snapshot To export a CIFS snapshot 1 To create a CIFS snapshot, enter the following for example:
Storage> snapshot create cf11sp1 CF11
See “About snapshots” on page 246. 2 To export the CIFS snapshot, enter the following for example:
CIFS> share add CF11:cf11sp1 cf11sp1 rw,guest
See “Adding an NFS share ” on page 207.
A client can access the CIFS snapshot by the CIFS share name, cf11sp1. Using Symantec FileStore as a CIFS server 341 About managing CIFS shares
Deleting a CIFS share To delete a CIFS share 1 To delete a share, enter the following:
CIFS> share delete sharename
where sharename is the name of the share you want to delete. For example:
CIFS> share delete share1 Unexporting CIFS filesystem : share1 ..
2 To confirm the share is no longer exported, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share2 fs2 owner=root,group=root
In the case of any remanent sessions (sessions that are not closed while deleting a CIFS share), FileStore displays the following output:
CIFS> share delete share2 Unexporting CIFS share : share2 ....Success. SFS cifs WARNING V-288-0 There are following remanent sessions. Clients may still access 'share4' unless the relevant processes are killed. Remanent Sessions pid nodename ------13966 sfsnode_01 14130 sfsnode_02
This is a rare situation, and it occurs if the following conditions are met:
■ CIFS server is online
■ CIFS share that is being deleted is ONLINE
■ There are some existing client connections with that CIFS share
■ While deleting the share, some remanent sessions are left
If any condition is failed above, then the CIFS> share delete command output displays as usual.
CIFS> share delete share2 Unexporting CIFS share : share2 ....Success. 342 Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
Sharing file systems using CIFS and NFS protocols FileStore provides support for multi-protocol file sharing, where the same file system can be exported to both Windows and UNIX users using the CIFS and NFS (Network File System) protocols. The result is an efficient use of storage by sharing a single data set across multi-application platforms. Figure 9-1 shows how file system sharing for the two protocols works.
Figure 9-1 Exporting files systems
Shared Storage
File System FS1
2-node FileStore cluster Data access by Data access by CIFS protocol NFS protocol
Windows user UNIX user
It is recommended that you disable the oplocks option when the following occurs:
■ A file system is exported over both the CIFS and NFS protocols.
■ Either the CIFS and NFS protocol is set with read and write permission. Using Symantec FileStore as a CIFS server 343 Sharing file systems using CIFS and NFS protocols
See “Setting share properties” on page 333.
Note: When a share is exported over both NFS and CIFS protocols, the applications running on the NFS and CIFS clients may attempt to concurrently read or write the same file. This may lead to unexpected results since the locking models used by these protocols are different. For example, an application reads stale data. For this reason, FileStore warns you when the share export is requested over NFS or CIFS and the same share has already been exported over CIFS or NFS, when at least one of these exports allows write access. 344 Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
To export a file system to Windows and UNIX users
1 Go to the NFS mode and enter the following commands:
NFS> share add ro /vx/fs1 Exporting *:/vx/fs1 with options ro ..Success.
NFS> share show /vx/fs1 *(ro)
2 To export a file system to Windows and UNIX users with read-only permission, go to CIFS mode, and enter the following commands:
CIFS> show Name Value ------netbios name mycluster netbios aliases ntlm auth yes allow trusted domains no homedirfs aio size 1024 idmap backend rid:10000-1000000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER Clustering Mode normal
CIFS> share add fs1 share1 rw SFS cifs WARNING V-288-0 Filesystem (fs1) is already shared over NFS with 'ro' permission. Do you want to proceed (y/n): y Exporting CIFS filesystem : share1 ..
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,rw
When the file system in CIFS is set to homedirfs, the FileStore software assumes that the file system is exported to CIFS users in read and write mode. FileStore does not allow you to export the same file system as an CIFS share and a home Using Symantec FileStore as a CIFS server 345 About mapping user names for CIFS/NFS sharing
directory file system (homedirfs). For example, if the file system fs1 is already exported as a CIFS share, then you cannot set it as homedirfs. To export a file system set as homedirfs
◆ To request that a file system be used for home directories, you need to export the file system. Go to the CIFS mode and enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,rw CIFS> set homedirfs fs1 SFS cifs ERROR V-288-615 Filesystem (fs1) is already exported by another CIFS share.
About mapping user names for CIFS/NFS sharing The CIFS server uses user name mapping to translate login names sent by a Windows client to local or remote UNIX user names. The CIFS server uses file lookup for mapping, and this mapping is unidirectional. You can map a CIFS user to an NFS user, but the reverse operation is not possible. This functionality can be used for the following purposes:
■ CIFS and NFS sharing by mapping CIFS users to NFS users
■ File sharing among CIFS users by mapping multiple CIFS users to a single UNIX user
■ Mapping between two UNIX users by using the CIFS> mapuser add
If security is set to either ads or domain, user name mapping is done after authentication with the domain controller. This means, the actual password must be supplied for the login user CIFSuser1 in the example cited above. In this case, NFSuser1 may not be the CIFS local user. 346 Using Symantec FileStore as a CIFS server About load balancing for the normal clustering mode
For example, to map a CIFS user to an NFS user:
CIFS> mapuser add CIFSuser1 SYMANTECDOMAIN.COM NFSuser1
For example, to show the mapping between a CIFS user and an NFS user:
CIFS> mapuser show CIFSUserName DomainName NFSUserName CIFSuser1 SYMANTECDOMAIN NFSuser1
For example, to remove the mapping between a CIFS user and an NFS user:
CIFS> mapuser remove CIFSuser1 SYMANTECDOMAIN.COM
The domain you specify for CIFS user name mapping must be the netbios domain name (instead of the Active Directory DNS domain name) for the user. For example, a netbios domain name might be listed as SYMANTECDOMAIN instead of SYMANTECDOMAIN.COM (without the .com extension). To determine the netbios domain name, login to your Active Directory Server and type the following in a command window:
set | findstr DOMAIN
The results will include:
USERDOMAIN netbios_domain_name USERDNSDOMAIN Active_Directory_DNS_domain_name
Use the value of USERDOMAIN (the netbios domain name) when you map user names.
Note: When setting quotas on home directories and using user name mapping, make sure to set the quota on the home directory using the user name to which the original name is mapped.
Note: For mapped Active Directory users to access their home directory CIFS shares, use the following convention: \\filestore\realADuser instead of \\filestore\homes.
About load balancing for the normal clustering mode In normal clustering mode, a CIFS share is served from a single node. CIFS users can access an exported share on any FileStore node. All of the nodes can Using Symantec FileStore as a CIFS server 347 About load balancing for the ctdb clustering mode
concurrently perform file operations. All of the file systems are mounted on every node. The exported shares are also exported from every node. The following restriction exists for normal clustering mode: only one node at a time can perform file operations on a single share in normal clustering mode. The decision which node is currently allowed to perform the file operations for a specific share is made by the FileStore software and is transparent to the CIFS users. Other issues pertaining to normal clustering mode:
■ There is a tie up between a virtual IP address and a share. If a virtual IP address that is serving a share is deleted, then the virtual IP address is needed to reschedule that share on another virtual IP address.
■ You can only export the root file system in normal clustering mode.
■ A file system cannot be exported as a different share. When a CIFS share is accessed by a node that is not the owner of that share, FileStore transparently redirects the access to the node that is the owner of that share. So, all of the processing for a CIFS share is performed by the node that is designated as the owner of that share.
Use the CIFS> share show command to view which virtual IP address is assigned to a share.
Use the Network> ip addr show command to view which node is assigned a virtual IP address. This shows which node is the current owner of the exported CIFS shares.
About load balancing for the ctdb clustering mode The ctdb-based clustering mode provides a guarantee of data integrity and consistent locking among FileStore nodes. A CIFS share can be served from multiple nodes simultaneously and therefore provides better load balancing. A CIFS share can be served from multiple virtual IP addresses (VIPs) simultaneously. There will not be any tie up between a VIP and a CIFS share. No redistribution of the CIFS share is required while deleting the VIP. A newly-added VIP can be easily used to serve the CIFS share without any administrator intervention.
About managing home directories You can use FileStore to store the home directories of CIFS users. 348 Using Symantec FileStore as a CIFS server About managing home directories
The home directory share name is identical to the FileStore user name. When FileStore receives a new CIFS connection request, it checks if the requested share is one of the ordinary exported shares. If it is not, FileStore checks if the requested share name is the name of an existing FileStore user (either local user or domain user, depending on the current mode of operation). If a match is found, it means that the received connection request is for a home directory share. You can access your home directory share the same way you access the file system ordinary shares. A user can connect only to his or her own home directory.
Note: The internal directories structure of home directory file systems is maintained by FileStore. It is recommended not to use a file system as a homedirfs that has been used by a normal share in the past or vice versa.
Table 9-13 Home directory commands
Command Definition
set homedirfs Specifies one or more file systems to be used for home directories. See “Setting the home directory file systems” on page 348.
homedir quota Enables use of quotas on home directory file systems. See “Using quotas for CIFS home directories” on page 108.
homedir set Sets the home directory for the specified user. If the home directory does not exist for the specified user, this command creates that user's home directory. See “Setting up home directories” on page 350.
homedir show Displays information about home directories. See “Displaying home directory usage information” on page 352.
homedir delete Deletes a home directory share. See “Deleting home directories and disabling creation of home directories” on page 353.
homedir deleteall Deletes the home directories. See “Deleting home directories and disabling creation of home directories” on page 353.
Setting the home directory file systems Home directory shares are stored in one or more file systems. A single home directory can exist only in one of these file systems, but a number of home Using Symantec FileStore as a CIFS server 349 About managing home directories
directories can exist in a single home directory file system. File systems that are to be used for home directories are specified using the CIFS> set homedirfs command.
When a file system is exported as a homedirfs, its mode is set to a 0755 value. This takes place when you start the CIFS server after setting the homedirfs list.
Note: Snapshots cannot be shared as home directory file systems.
To specify one or more file systems as the home directories 1 To reserve one or more file systems for home directories, enter the following:
CIFS> set homedirfs [filesystemlist]
where filesystemlist is a comma-separated list of names of the file systems which are used for the home directories. For example:
CIFS> set homedirfs fs1,fs2,fs3 Global option updated. Note: Restart the CIFS server.
2 If you want to remove the file systems you previously set up, enter the command again, without any file systems:
CIFS> set homedirfs
3 To find which file systems (if any) are currently used for home directories, enter the following:
CIFS> show
After you select one or more of the file systems to be used in this way, you cannot export the same file systems as ordinary CIFS shares. If you want to change the current selection, for example, to add an additional file system to the list of home directory file systems or to specify that no file system should be used for home directories, you have to use the same CIFS> set homedirfs command. In each case you must enter the entire new list of home directory file systems, which may be an empty list when no home directory file systems are required. FileStore treats home directories differently from ordinary shares. The differences are as follows:
■ An ordinary share is used to export a file system, while a number of home directories can be stored in a single file system. 350 Using Symantec FileStore as a CIFS server About managing home directories
■ The file systems used for home directories cannot be exported as ordinary shares.
■ Exporting a home directory share is done differently than exporting an ordinary share. Also, removing these two kinds of shares is done differently.
■ The configuration options you specify for an ordinary share (such as read-only or use of opportunistic locks) are different from the ones you specify for a home directory share.
Setting up home directories
You can set the home directory for the specified user with the CIFS> homedir set command. If the home directory does not exist for the specified user, the CIFS> homedir set command creates that user's home directory.
Use the Storage> quota cifshomedir set command to set the quota value for the specified user. Otherwise, the value set from the Storage> quota cifshomedir setdefault command is used to configure the quota limit. If either the user or default quota is not set, 0 is used as the default value for the unlimited quota. Once the global quota value is specified, the value applies to the automatically created homedir. For example, if you set the global quota value to Storage> quota cifshomedir setdefault 100M, and you then create a new homedir in Windows, then the 100M quota value is assigned to that homedir. Using Symantec FileStore as a CIFS server 351 About managing home directories
To set the home directory for the specified user 1 To set the home directory for the specified user, enter the following:
CIFS> homedir set username [domainname] [fsname]
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example:
CIFS> homedir set "test user" SYMANTECDOMAIN
domainname The domain for the new home directory.
fsname The home directory file system where the user's home directory is created. If no file system is specified, the user's home directory is created on the home directory file system that has the fewest home directories.
2 To find the current settings for a home directory, enter the following:
CIFS> homedir show [username] [domainname]
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example:
CIFS> homedir show "test user" SYMANTECDOMAIN UserName DomainName Usage test user SYMANTECDOMAIN 0
domainname The Active Directory/Windows NT domain name or specify local for the FileStore local user local. 352 Using Symantec FileStore as a CIFS server About managing home directories
3 To find the current settings for all home directories, enter the following:
CIFS> homedir show
Because the CIFS> homedir show command takes a long time when there are more than 1000 CIFS home directories to display, you will be prompted if you want to continue displaying CIFS home directories or not.
If there are more than 1000 CIFS home directories when issuing the CIFS> homedir show command, you will receive a warning message asking if you want to continue displaying CIFS home directories. If you answer yes to the prompt, you will see each CIFS home directory. If you answer no, you will not see any additional output of CIFS home directories. When you connect to your home directory for the first time, and if the home directory has not already been created, FileStore selects one of the available home directory file systems and creates the home directory there. The file system is selected in a way that tries to keep the number of home directories balanced across all available home directory file systems. The automatic creation of a home directory does not require any commands, and is transparent to both the users and the FileStore administrators. The quota limits the amount of disk space you can allocate for the files in a home directory.
You can set the same quota value for all home directories using the Storage> quota cifshomedir setall command. See “Using quotas for CIFS home directories” on page 108.
Displaying home directory usage information
You can display information about home directories using the CIFS> homedir show command.
Note: Information about home directory quotas is up-to-date only when you enable the use of quotas for the home directory file systems. Using Symantec FileStore as a CIFS server 353 About managing home directories
To display information about home directories 1 To display information about a specific user's home directory, enter the following:
CIFS> homedir show [username] [domainname]
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example:
CIFS> homedir show "test user" SYMANTECDOMAIN UserName DomainName Filesystem Usage test user SYMANTECDOMAIN /vx/fs3 0
domainname The domain where the home directory is located.
2 To display information about all home directories, enter the following:
CIFS> homedir show
Deleting home directories and disabling creation of home directories You can delete a home directory share. This also deletes the files and sub-directories in the share. After a home directory is deleted, if you try to access the same home directory again, a new home directory will automatically be created. If you have an open file when the home directory is deleted, and you try to save the file, a warning appears:
Warning: Make sure the path or filename is correct.
Save dialog?
Click on the Save button which saves the file to a new home directory. 354 Using Symantec FileStore as a CIFS server About ctdb clustering modes
To delete a home directory share
◆ To delete the home directory of a specific user, enter the following:
CIFS> homedir delete username [domainname] Do you want to delete homedir for username(y/n):
username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. Respond with y(es) or n(o) to confirm the deletion.
domainname The domain it is located in.
You can delete all of the home directory shares with the CIFS> homedir deleteall command. This also deletes all files and subdirectories in these shares. After you delete the existing home directories, you can again create the home directories manually or automatically. To delete the home directories
◆ To delete all home directories, enter the following:
CIFS> homedir deleteall Do you want to delete all home directories (y/n):
Respond with y(es) or n(o) to confirm the deletion. After you delete the home directories, you can stop FileStore serving home directories by using the CIFS> set homedirfs command. To disable creation of home directories
◆ To specify that there are no home directory file systems, enter the following:
CIFS> set homedirfs
After these steps, FileStore does not serve home directories.
About ctdb clustering modes The following clustering modes are supported by FileStore:
■ Normal
■ Clustered Trivial Database (CTDB) - a cluster implementation of the TDB (Trivial database) based on the Berkeley database API The following operating modes are supported by FileStore: Using Symantec FileStore as a CIFS server 355 Exporting a directory as a CIFS share
■ User
■ Domain
■ ADS Each clustering mode supports all of the three operating modes. The ctdb clustering mode is a different clustered implementation of FileStore CIFS, which supports almost all of the features that are supported by normal clustering mode as well as some additional features. Additional features supported in ctdb clustering mode:
■ Directory-level share support
■ Multi-instance share export of a file system/directory
■ Simultaneous access of a share from multiple nodes and therefore better load balancing
Exporting a directory as a CIFS share Directory-level share support is available only in the ctdb clustering mode. If you want to export a directory as a CIFS share, you must first switch to the ctdb clustering mode. See “About ctdb clustering modes” on page 354. See “Switching from normal to ctdb clustering mode” on page 358.
Note: This feature is only supported in the ctdb clustering mode. 356 Using Symantec FileStore as a CIFS server Exporting a directory as a CIFS share
To check the status of the CIFS server to confirm that the clustering mode is set to ctdb
◆ To check the status of the CIFS server to confirm that the clustering mode is set to ctdb, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb
To export a directory as a CIFS share 1 To export a directory as a CIFS share, enter the following:
CIFS> share add fs1/FileStore share1 rw,full_acl Exporting CIFS filesystem : share1 ..Success.
2 To list the shares, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,full_acl
If the directory name contains a space, enter the directory name with double quotes (" "). For example:
CIFS> share add "fs1/Symantec FileStore" share2 rw Exporting CIFS filesystem : share2 ..Success.
To list the CIFS shares, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share2 fs1/FileStore owner=root,group=root,fs_mode=755,rw share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw, full_acl Using Symantec FileStore as a CIFS server 357 Exporting the same file system/directory as a different CIFS share
Exporting the same file system/directory as a different CIFS share In ctdb clustering mode, you can export the same file system or directory as a different CIFS share with different available CIFS options. This features allows you more granular control over CIFS shares for different sets of users. If the same file system is exported as different shares in ctdb clustering mode, then after switching to normal clustering mode only one share out of these is available, because multi-instance share export is not supported in normal clustering mode.
Note: If the same file system or directory is exported as different shares, then the fs_mode value is the same for all of these shares; that is, the last modified fs_mode value is applicable for all of those shares.
Note: This feature is only supported in the ctdb clustering mode.
To export a directory with read access to everyone, but write access to the limited set of users who need to be authenticated
◆ To export a directory with read access to everyone, but write access to the limited set of users who need to be authenticated, enter the following:
CIFS> share add "fs1/Symantec FileStore" share1 rw,noguest Exporting CIFS filesystem : share1 ..Success.
CIFS> share add "fs1/Symantec FileStore" share2 ro,guest Exporting CIFS filesystem : share21 ..Success.
CIFS> share show ShareName FileSystem ShareOptions share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,noguest share2 fs1/FileStore owner=root,group=root,fs_mode=755,ro,guest
The above example illustrates that the same directory is exported as a different CIFS share for guest and noquest users with different sets of permissions. 358 Using Symantec FileStore as a CIFS server About switching the clustering mode
About switching the clustering mode You can switch from normal to ctdb clustering mode or from ctdb to normal clustering mode. You must stop the CIFS server prior to switching to any cluster mode. See “About ctdb clustering modes” on page 354. See “Switching from normal to ctdb clustering mode” on page 358. See “Switching from ctdb to normal clustering mode” on page 361.
Switching from normal to ctdb clustering mode You must stop the CIFS server prior to switching to any clustering mode by issuing the CIFS> server stop command. In ctdb clustering mode, if the FileStore cluster is joined to the domain, then stopping the CIFS server always results in leaving the join. This is a special case that applies to ctdb clustering mode; this behavior does not occur with normal clustering mode. To switch from normal to ctdb clustering mode 1 To check the status of the CIFS server prior to switching from normal to ctdb clustering mode, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
2 If the CIFS server is running, enter the following:
CIFS> server stop Stopping CIFS Server .....Success. Using Symantec FileStore as a CIFS server 359 About switching the clustering mode
3 To set the CIFS clustering mode to ctdb, enter the following:
CIFS> set clustering_mode ctdb Global option updated. Note: Restart the CIFS server. 360 Using Symantec FileStore as a CIFS server About switching the clustering mode
4 To start the CIFS server, enter the following:
CIFS> server start
Disabling membership in AD domain SYMANTECDOMAIN.COM
Enter password for user `administrator': Left AD domain SYMANTECDOMAIN.COM Uninstalling `normal' Clustering Mode ...... Success. Installing `ctdb' Clustering Mode ...... Success. Starting CIFS Server .... The skew of the system clock with respect to Domain controller SYMSERVER (10.209.110.210) is: 8 seconds
Time on Domain Controller : Thu Aug 19 15:04:22 2010 Time on this system : Thu Aug 19 15:04:14 IST 2010
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain SYMANTECDOMAIN.COM ...
Enter password for user `administrator': Joined domain SYMANTECDOMAIN.COM OK ..Success.
5 To check the status of the CIFS server, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb Using Symantec FileStore as a CIFS server 361 About switching the clustering mode
Switching from ctdb to normal clustering mode You must stop the CIFS server prior to switching to any clustering mode by issuing the CIFS> server stop command.
Note: Domain membership is disabled while stopping the CIFS server in ctdb clustering mode.
To switch from ctdb to normal clustering mode 1 To check the status of the CIFS server prior to switching from ctdb to normal clustering mode, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb
2 If the CIFS server is running, enter the following:
CIFS> server stop
Disabling membership in AD domain SYMANTECDOMAIN.COM
Enter password for user `administrator': Left AD domain SYMANTECDOMAIN.COM Stopping CIFS Server ...... Success.
3 To set the CIFS clustering mode to normal, enter the following:
CIFS> set clustering_mode normal Global option updated. Note: Restart the CIFS server. 362 Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
4 To start the CIFS server, enter the following:
CIFS> server start Uninstalling `ctdb' Clustering Mode...... Success. Installing `normal' Clustering Mode...... Success.
The skew of the system clock with respect to Domain controller SYMSERVER (10.209.110.210) is: 8 seconds
Time on Domain Controller : Thu Aug 19 15:47:47 2010 Time on this system : Thu Aug 19 15:47:39 IST 2010
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Enter a password for user `administrator' Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server.....Success.
5 To check the status of the CIFS server, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
About migrating CIFS shares and home directories You can migrate CIFS shares and home directories from normal to ctdb clustering mode and from ctdb to normal clustering mode. FileStore automatically migrates all CIFS shares and home directories while switching from one clustering mode to another. However, it is not possible to Using Symantec FileStore as a CIFS server 363 About migrating CIFS shares and home directories
migrate directory-level shares in the normal clustering mode, because directory-level sharing is not supported in normal clustering mode. Automatic migration of the content of users (that is, users' home directories) from one file system to another file system while switching home directories is not supported. So, if a FileStore administrator changes home directories from fs1 to fs2, then users' home directories are not migrated from fs1 to fs2 automatically. While migrating from normal to ctdb clustering mode, a simple share is created for each split share, because splitting shares is not supported in ctdb clustering mode. See “Migrating CIFS shares and home directories from normal to ctdb clustering mode” on page 364. See “Migrating CIFS shares and home directories from ctdb to normal clustering mode” on page 366. 364 Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
Migrating CIFS shares and home directories from normal to ctdb clustering mode To migrate CIFS shares and home directories from normal to ctdb clustering mode 1 To check the CIFS server status to confirm that the current cluster mode is set to normal, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
2 To list the CIFS shares and home directories, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1* fs1 split,owner=root,group=root,fs_mode=1777, rw,full_acl share3 fs3 owner=root,group=root,fs_mode=1777 share4 fs4 owner=root,group=root,fs_mode=1777,rw
CIFS> homedir show UserName DomainName Usage test Local - administrator SYMANTECDOMAIN -
3 To stop the CIFS server before changing the clustering mode to ctdb, enter the following:
CIFS> server stop Stopping CIFS Server.....Success.
CIFS> set clustering_mode ctdb Global option updated. Note: Restart the CIFS server. Using Symantec FileStore as a CIFS server 365 About migrating CIFS shares and home directories
4 To start the CIFS server in ctdb clustering mode and check the CIFS server status, enter the following:
CIFS> server start
Disabling membership in AD domain SYMANTECDOMAIN.COM
Enter a password for user `administrator' Left AD domain SYMANTECDOMAIN.COM Uninstalling `normal' Clustering Mode...... Success. Installing `ctdb' Clustering Mode...... Success. Starting CIFS Server....
The skew of the system clock with respect to Domain controller sfsqa_ad.sfsqa.com (10.209.110.210) is: 9 seconds
Time on Domain Controller : Thu Aug 19 17:07:19 2010 Time on this system : Thu Aug 19 17:07:10 IST 2010
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Enter a password for user `administrator' Joined domain SYMANTECDOMAIN.COM OK ..Success.
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb 366 Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
5 To verify that all the CIFS shares and home directories are properly migrated to the ctdb clustering mode, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,fs_mode=1777,rw,full_acl share3 fs3 owner=root,group=root,fs_mode=1777 share4 fs4 owner=root,group=root,fs_mode=1777,rw
CIFS> homedir show UserName DomainName Usage test Local - administrator SYMANTECDOMAIN -
Migrating CIFS shares and home directories from ctdb to normal clustering mode If a file system is exported as multiple CIFS shares in ctdb clustering mode, then while migrating to normal clustering mode, FileStore creates only one CIFS share, whichever comes first in the list. Using Symantec FileStore as a CIFS server 367 About migrating CIFS shares and home directories
To migrate a CIFS share and home directory from ctdb to normal clustering mode 1 To check the status of the CIFS server, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE
Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb
2 To list the CIFS shares and home directories, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,noguest share2 fs1/FileStore owner=root,group=root,fs_mode=755,ro,guest share3 fs3 owner=root,group=root,fs_mode=1777 share4 fs4 owner=root,group=root,fs_mode=1777,rw
CIFS> homedir show UserName DomainName Usage test Local - administrator SYMANTECDOMAIN -
3 To stop the CIFS server to switch the clustering mode to normal, enter the following:
CIFS> server stop
Disabling membership in AD domain SYMANTECDOMAIN.COM
Enter password for user `administrator': Left AD domain SYMANTECDOMAIN.COM Stopping CIFS Server ...... Success.
CIFS> set clustering_mode normal Global option updated. Note: Restart the CIFS server. 368 Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
4 To start the CIFS server in normal clustering mode, enter the following:
CIFS> server start Uninstalling `ctdb' Clustering Mode...... Success. Installing `normal' Clustering Mode...... Success.
The skew of the system clock with respect to Domain controller SYMSERVER (10.209.110.210) is: 9 seconds
Time on Domain Controller : Thu Aug 19 16:54:03 2010 Time on this system : Thu Aug 19 16:53:54 IST 2010
If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain
Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Enter a password for user `administrator' Joined domain SYMANTECDOMAIN.COM OK
SFS cifs WARNING V-288-0 Migration of following shares are not supported in normal clustering mode Clustering mode Sharename FS Name share1 fs1/Symantec FileStore share2 fs1/Symantec FileStore Starting CIFS Server...... Success.
The warning message indicates that FileStore was unable to migrate the directory-level share to normal clustering mode. The rest of the CIFS share and home directory were migrated. 5 To list the CIFS shares and home directories after migrating to normal clustering mode, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share3 fs3 owner=root,group=root,fs_mode=1777 share4 fs4 owner=root,group=root,fs_mode=1777,rw
CIFS> homedir show UserName DomainName Usage test Local - administrator SYMANTECDOMAIN - Using Symantec FileStore as a CIFS server 369 Setting the aio_fork option
Setting the aio_fork option
The CIFS> set aio_size option allows you to set an Asynchronous I/O (AIO) read/write size with an unsigned integer. To set the aio_fork option
◆ To set the aio_fork option, enter the following:
CIFS> set aio_size size
where size is the AIO read/write size.
If size is not set to 0, then enable the aio_fork option, and set it as an AIO read/write size. If size is set to 0, then disable the aio_fork option, and set 0 to an AIO read/write size. For example:
CIFS> set aio_size
set aio_size
size : Unsigned integer or 0 to disable aio
CIFS> set aio_size 0 Global option updated. Note: Restart the CIFS server. CIFS> set aio_size 1024 Global option updated. Note: Restart the CIFS server. 370 Using Symantec FileStore as a CIFS server Setting the netbios aliases for the CIFS server
Setting the netbios aliases for the CIFS server To set the netbios aliases for the CIFS server
◆ To set the netbios aliases for the CIFS server, enter the following:
CIFS> set alias [aliaslist]
where aliaslist is either empty (no netbios alias was specified) or a comma-separated list of netbios alias names. After setting the netbios alias names, you can access the CIFS server by using these alias names. For example, if you want to set an empty alias, you would enter the following:
CIFS> set alias Global option updated. Note: Restart the CIFS server.
For example, if you want to set one or multiple netbios alias names, you would enter the following:
CIFS> set alias A1,A2,A3 Global option updated. Note: Restart the CIFS server.
CIFS> show Name Value ------netbios name sfs4 netbios aliases A1 A2 A3 ntlm auth yes allow trusted domains no homedirfs fs1,fs3 aio size 0 idmap backend rid:10000-1000000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER Clustering Mode ctdb Using Symantec FileStore as a CIFS server 371 About managing local users and groups
About managing local users and groups When FileStore is operating in the standalone mode, only the local users and groups of users can establish CIFS connections and access the home directories and ordinary shares. The FileStore local files store the information about these user and group accounts. Local procedures authenticate and authorize these users and groups based on the use of names and passwords. You can manage the local users and groups as described in the rest of this topic. Accounts for local users can be created, deleted, and information about them can be displayed using the CIFS> local user commands.
Table 9-14 Manage local users and groups commands
Command Definition
local user add Adds a new user to CIFS. You can add the user to a local group, by entering the group name in the optional grouplist variable. Before you add the user to a grouplist, you must create the grouplist. When you create a local user, FileStore assigns a default password to the new account. The default password is the same as the user name. For example, if you enter usr1 for the user name, the default password is also usr1. See “Creating a local CIFS user” on page 372.
local password The default password for a newly-created account is the same as the user name. You can change the default password using the CIFS> local password command.
The maximum password length is eight characters. See “Creating a local CIFS user” on page 372.
local user delete Deletes local user accounts. See “Creating a local CIFS user” on page 372.
local user show Displays the user ID and lists the groups to which the user belongs. If you do not enter an optional username, the command lists all CIFS existing users. See “Creating a local CIFS user” on page 372.
local user Adds a user to one or more groups. For existing users, this command members changes a user's group membership. See “Creating a local CIFS user” on page 372. 372 Using Symantec FileStore as a CIFS server About managing local users and groups
Creating a local CIFS user To create the new local CIFS user
◆ To create a local CIFS user, enter the following:
CIFS> local user add username [grouplist]
where username is the name of the user. The grouplist is a comma-separated list of group names. For example:
CIFS> local user add usr1 grp1,grp2 Adding USER : usr1 Success: User usr1 created successfully
To set the local user password
◆ To set the local password, enter the following:
CIFS> local password username
where username is the name of the user whose password you are changing.
For example, to reset the local user password for usr1, enter the following:
CIFS> local password usr1 Changing password for usr1 New password:***** Re-enter new password:***** Password changed for user: 'usr1' Using Symantec FileStore as a CIFS server 373 About managing local users and groups
To display the local CIFS user(s) 1 To display local CIFS users, enter the following:
CIFS> local user show [username]
where username is the name of the user. For example, to list all local users:
CIFS> local user show List of Users ------usr1 usr2 usr3
2 To display one local user, enter the following:
CIFS> local user show usr1 Username : usr1 UID : 1000 Groups : grp1
To delete the local CIFS user
◆ To delete a local CIFS user, enter the following:
CIFS> local user delete username
where username is the name of the local user you want to delete. For example:
CIFS> local user delete usr1 Deleting User: usr1 Success: User usr1 deleted successfully 374 Using Symantec FileStore as a CIFS server About managing local users and groups
To change a user's group membership
◆ To change a user's group membership, enter the following:
CIFS> local user members username grouplist
where username is the local user name being added to the grouplist. Group names in the grouplist must be separated by commas. For example:
CIFS> local user members usr3 grp1,grp2 Success: usr3's group modified successfully
About configuring local groups A local user can be a member of one or more local groups. This group membership is used in the standalone mode to determine if the given user can perform some file operations on an exported share. You can create, delete, and display information about local groups using the CIFS> local group command.
Table 9-15 Configure local groups commands
Command Definition
local group add Creates a local CIFS group. See “Configuring a local group” on page 375.
local group show Displays the list of available local groups you created. See “Configuring a local group” on page 375.
local group delete Deletes a local CIFS group. See “Configuring a local group” on page 375. Using Symantec FileStore as a CIFS server 375 About managing local users and groups
Configuring a local group To create a local group
◆ To create a local group, enter the following:
CIFS> local group add groupname
where groupname is the name of the local group. For example:
CIFS> local group add grp1 Adding GROUP: grp1 Success: Group grp1 created successfully
To list all local groups
◆ To list all existing local groups, enter the following:
CIFS> local group show [groupname]
where groupname lists all of the users that belong to that specific group. For example:
CIFS> local group show List of groups ------grp1 grp2 grp3
For example:
CIFS> local group show grp1 GroupName UsersList ------grp1 usr1, usr2, usr3, urs4 376 Using Symantec FileStore as a CIFS server Enabling CIFS data migration
To delete the local CIFS groups
◆ To delete the local CIFS group, enter the following:
CIFS> local group delete groupname
where groupname is the name of the local CIFS group. For example:
CIFS> local group delete grp1 Deleting Group: grp1 Success: Group grp1 deleted successfully
Enabling CIFS data migration FileStore provides the following command for enabling CIFS data migration:
CIFS> set data_migration yes|no
To enable data migration for the CIFS server 1 To enable data migration for the CIFS server, enter the following:
CIFS> set data_migration yes
2 Restart the CIFS server by entering the following command:
CIFS> server start
3 Map the CIFS share on the Windows domain using theFileStore_Cluster_Name\root by the Domain Administrator. 4 Copy the data with ROBOCOPY by entering the following command in a Windows command prompt:
C:\> ROBOCOPY /E /ZB /COPY:DATSO [windows_source_dir] [CIFS_target_dir]
Make sure you have the Windows Resource Kit Tools installed. 5 Disable the CIFS data migration option after migration completes for CIFS server security by entering the following command:
CIFS> set data_migration no
6 Restart the CIFS server by entering the following command:
CIFS> server start Chapter 10
Configuring your FTP server
This chapter includes the following topics:
■ About FTP
■ Displaying FTP server settings
■ About FTP server commands
■ Using the FTP server commands
■ About FTP set commands
■ Using the FTP set commands
■ Implementing all of the FTP> set command changes
■ About FTP session commands
■ Using the FTP session commands
■ Using the FTP logupload command
■ About FTP local user commands
■ Using the FTP local user commands
■ About FTP local user set commands
■ Using the FTP local user set commands
About FTP The file transfer protocol (FTP) server feature allows clients to access files on the FileStore servers using the FTP protocol. The FTP service provides secure/non-secure access by FTP to files in the FileStore servers. The FTP service runs on all of the nodes in the cluster and provides simultaneous read and write 378 Configuring your FTP server About FTP
access to the files. The FTP service also provides configurable anonymous access to the filer. The FTP commands are used to configure the FTP server. By default, the FTP server is not running. You can start the FTP server using the FTP> server start command. The FTP server starts on the standard FTP port 21. FTP mode commands are listed in Table 10-1. To access the commands, log into the administrative console (master, system-admin, or storage-admin) and enter FTP> mode. See “About using the FileStore command-line interface” on page 31.
Table 10-1 FTP mode commands
Command Definition
show Displays the FTP server settings. See “Displaying FTP server settings” on page 379.
server Starts, stops, and displays the status of the FTP server. See “About FTP server commands” on page 379.
set Configures the FTP server. See “About FTP set commands” on page 381.
session Displays and terminates the FTP sessions. See “About FTP session commands” on page 391.
logupload Uploads the FTP logs to a URL. See “Using the FTP logupload command” on page 394.
local Adds, deletes, and displays local user accounts. Configures the local user settings. See “About FTP local user commands” on page 394. Configuring your FTP server 379 Displaying FTP server settings
Displaying FTP server settings To display the FTP settings
◆ To display the FTP settings, enter the following:
FTP> show
Parameter Current Value ------listen_port 21 max_connections 2000 max_conn_per_client 2000 passive_port_range 30000:40000 allow_non_ssl yes idle_timeout 15 minutes anonymous_logon no anonymous_write no anonymous_login_dir /vx/ allow_anon_fxp no user_logon yes homedir_path /vx/ftphomes allow_delete yes security local allow_user_fxp no
About FTP server commands
The FTP> server commands start, stop, and display the status of the FTP server.
Note: All configuration changes made using the FTP> set commands come into effect only when the FTP server is restarted.
Table 10-2 FTP server commands
Command Definition
server status Displays the status of the FTP server. See “Using the FTP server commands” on page 380. 380 Configuring your FTP server Using the FTP server commands
Table 10-2 FTP server commands (continued)
Command Definition
server start Starts the FTP server on all nodes. If the FTP server is already started, the FileStore software clears any faults and tries to start the FTP server. See “Using the FTP server commands” on page 380.
server stop Stops the FTP server and terminates any existing FTP sessions. By default, the FTP server is not running. See “Using the FTP server commands” on page 380.
Using the FTP server commands To display the FTP server status
◆ To display the FTP server status, enter
FTP> server status
FTP Status on sfs_01 : OFFLINE FTP Status on sfs_02 : OFFLINE
To start the FTP server
◆ To start the FTP server, enter the following:
FTP> server start
To check server status, enter the following:
FTP> server status FTP Status on sfs_01 : ONLINE FTP Status on sfs_02 : ONLINE Configuring your FTP server 381 About FTP set commands
To stop the FTP server
◆ To stop the FTP server, enter the following:
FTP> server stop
To check the server status, enter the following:
FTP> server status
FTP Status on sfs_01 : OFFLINE FTP Status on sfs_02 : OFFLINE
About FTP set commands
The FTP> set commands let you set various configurable options for the FTP server.
Table 10-3 FTP set commands
Command Definition
set anonymous_logon Tells the FTP server whether or not to allow anonymous logons. Enter yes to allow anonymous users to log on to the FTP server. Enter no (default) to not allow anonymous logons. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set anonymous_login_dir Specifies the login directory for anonymous users. Valid values of this parameter start with /vx/. Make sure that the anonymous user (UID:40 GID:49 UNAME:ftp) has the appropriate permissions to read files in login_directory. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. 382 Configuring your FTP server About FTP set commands
Table 10-3 FTP set commands (continued)
Command Definition
set anonymous_write Specifies whether or not anonymous users have the [write] value in their login_directory. Enter yes to allow anonymous users to modify contents of their login_directory. Enter no (default) to not allow anonymous users to modify the contents of their login_directory. Make sure that the anonymous user (UID:40 GID:49 UNAME:ftp) has the appropriate permissions to modify files in their login_directory. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set allow_anon_fxp Specifies whether anonymous FTP sessions can perform FXP (File eXchange Protocol) transfers. A value of yes allows anonymous authenticated sessions to transfer files to another FTP server using FXP. The default value of this parameter is no.
For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set allow_user_fxp Specifies whether user FTP sessions can perform FXP (File eXchange Protocol) transfers. A value of yes allows user authenticated sessions to transfer files to another FTP server using FXP. The default value of this parameter is no.
For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set user_logon Specifies whether to allow FTP access for users. A value of yes allows normal users (non-anonymous users) to log in.
For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. Configuring your FTP server 383 About FTP set commands
Table 10-3 FTP set commands (continued)
Command Definition set allow_delete Specifies whether or not to allow users to delete files on the FTP server. This option only applies to users. It does not apply to anonymous logins. Anonymous logins are never allowed to delete files. Enter yes (default) to allow users to delete files on the FTP server. Enter no to prevent users from deleting files on the FTP server. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. set allow_non_ssl Specifies whether or not to allow non-secure (plain-text) logins into the FTP server. Enter yes (default) to allow non-secure (plain-text) logins to succeed. Enter no to allow non-secure (plain-text) logins to fail. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. set homedir_path Specifies the location of the login directory for users. Valid values include any path that starts with /vx/.
For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. set idle_timeout Specifies the amount of time in minutes after which an idle connection is disconnected. Valid values for time_in_minutes range from 1 to 600 (default value is 15 minutes). For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. set listen_port Specifies the port number on which the FTP service listens for connections. Valid values for this parameter range from 10-1023. The default value is 21. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. 384 Configuring your FTP server About FTP set commands
Table 10-3 FTP set commands (continued)
Command Definition
set max_connections Specifies the maximum number of simultaneous FTP clients allowed. Valid values for this parameter range from 1-9999. The default value is 2000. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set max_conn_per_client Specifies the maximum number of simultaneous FTP connections that are allowed from a single client IP address. Valid values for this parameter range from 1-9999. The default value is 2000. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set passive_port_range Specifies the range of port numbers to listen on for passive FTP transfers. The port_range defines a range that is specified as startingport:endingport. A port_range of 30000:40000 specifies that port numbers starting from 30000 to 40000 can be used for passive FTP. Valid values for port numbers range from 30000 to 50000. The default value of this option is 30000:40000. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385.
set security Specifies the type of users that are allowed to log in to the FTP server. Enter nis_ldap (default) to allow users with accounts configured on NIS or LDAP servers to log in to the FTP server. Users that are created with the FTP > local user add command cannot log in.
Enter local to allow users with accounts created with the FTP> local user add command to log in to the FTP server. NIS and LDAP users cannot log in. For the changes to take effect, restart the FTP server. Enter FTP> server stop followed by FTP> server start.
See “Using the FTP set commands” on page 385. Configuring your FTP server 385 Using the FTP set commands
Using the FTP set commands You need to stop and then start the FTP server for the new settings to take effect. To set anonymous logons
◆ To enable anonymous logons, enter the following:
FTP> set anonymous_logon yes|no
yes Allows the anonymous users to log on to the FTP server.
no (default) Does not allow anonymous logons.
FTP> set anonymous_logon yes Success. FTP> show Parameter Current Value New Value ------listen_port 21 max_connections 2000 max_conn_per_client 2000 passive_port_range 30000:40000 allow_non_ssl yes idle_timeout 15 minutes anonymous_logon no yes anonymous_write no ... FTP> server stop FTP> server start
FTP> show Parameter Current Value ------listen_port 21 max_connections 2000 max_conn_per_client 2000 passive_port_range 30000:40000 allow_non_ssl yes idle_timeout 15 minutes anonymous_logon yes anonymous_write no ... 386 Configuring your FTP server Using the FTP set commands
To set anonymous logins
◆ To set anonymous logins, enter the following:
FTP> set anonymous_login_dir login_directory
where the login_directory is the login directory of the anonymous users on the FTP server. To set anonymous write access
◆ To set anonymous write access, enter the following:
FTP> set anonymous_write yes|no
yes Allows the anonymous users to modify the contents of their login_directory.
no (default) Does not allow anonymous users to modify the contents of their login_directory.
FTP> set anonymous_write yes
To allow users to delete files
◆ To set whether or not to allow users to delete files on the FTP server, enter the following:
FTP> set allow_delete yes|no
yes (default) Allows the users to delete files on the FTP server. This setting does not apply to anonymous logins. Anonymous logins are never allowed to delete files.
no Prevents the users from deleting files on the FTP server.
To set non-secure logins
◆ To set non-secure login access to the FTP server, enter the following:
FTP> set allow_non_ssl yes|no
yes (default) Allows non-secure (plain-text) logins to succeed.
no Allows non-secure (plain-text) logins to fail. Configuring your FTP server 387 Using the FTP set commands
To specify whether anonymous FTP sessions can perform FXP transfers
◆ To specify whether anonymous FTP sessions can perform FXP (File eXchange Protocol) transfers, enter the following:
FTP> set allow_anon_fxp yes | no
yes Allows the anonymous authenticated sessions to transfer files to another FTP server using FXP.
no (default) Prevents the anonymous authenticated sessions from transferring files to another FTP server using FXP.
To specify whether user FTP sessions can perform FXP transfers
◆ To specify whether user FTP sessions can perform FXP (File eXchange Protocol) transfers, enter the following:
FTP> set allow_user_fxp yes | no
yes Allows the user-authenticated sessions to transfer files to another FTP server using FXP.
no (default) Prevents the user-authenticated sessions from transferring files to another FTP server using FXP.
To specify whether to allow FTP access for users
◆ To specify whether to allow FTP access for users, enter the following:
FTP> set user_logon yes | no
yes (default) Allows the normal users (non-anonymous users) to log in to the FTP server.
no Prevents the normal users (non-anonymous users) from logging into the FTP server.
To set the home directory path
◆ To set the location of the login directory for users, enter the following:
FTP> set homedir_path path
where path is the location of the login directory. Valid values include any path that starts with /vx/.
FTP> set homedir_path /vx/home 388 Configuring your FTP server Using the FTP set commands
To set idle timeout
◆ To set the amount of time a connection can stay idle before disconnecting, enter the following:
FTP> set idle_timeout time_in_minutes
where time_in_minutes is the amount of time you want the connection to stay idle before it is disconnected.
FTP> set idle_timeout 30
To set the listen port
◆ To set the port number on which the FTP service listens for connections, enter the following:
FTP> set listen_port port_number
where port_number is the port on which the FTP service listens for connections.
FTP> set listen_port 24
To set the maximum connections
◆ To set the maximum number of allowed simultaneous FTP clients, enter the following:
FTP> set max_connections connections_number
where connections_number is the number of concurrent FTP connections that are allowed on the FTP server.
FTP> set max_connections 3000
To set the maximum connections per client
◆ To set the maximum number of simultaneous FTP connections that are allowed from a single client IP address, enter the following:
FTP> set max_conn_per_client connections_number
where connections_number is the number of concurrent connections that are allowed from a single client.
FTP> set max_conn_per_client 1000 Configuring your FTP server 389 Using the FTP set commands
To set the range of port numbers
◆ To set the range of port numbers to listen on for passive FTP transfers, enter the following:
FTP> set passive_port_range port_range
where port_range is the range of port numbers to listen on for passive FTP transfers.
FTP> set passive_port_range 35000:45000
To set security
◆ To set the type of users that are allowed to log in to the FTP server, enter the following:
FTP> set security nis_ldap|local
nis_ldap Allows the users with accounts configured on NIS or LDAP servers to log in to the FTP server.
local Allows the users with accounts configured with the FTP> local user add command to log in to the FTP server.
FTP> set security local 390 Configuring your FTP server Implementing all of the FTP> set command changes
Implementing all of the FTP> set command changes
To implement FTP> set command changes
1 To view all of the FTP> set command changes, enter the following:
FTP> show Parameter Current Value New Value ------listen_port 21 max_connections 2000 max_conn_per_client 1000 passive_port_range 30000:40000 idle_timeout 15 minutes allow_non_ssl yes anonymous_logon no yes anonymous_write no anonymous_login_dir /vx/ftpanon allow_anon_fxp no user_logon yes homedir_path /vx/ftphomes allow_delete yes security local allow_user_fxp no
2 To implement the new changes, enter the following:
FTP> server stop FTP> server start Configuring your FTP server 391 About FTP session commands
3 To view the new command settings, enter the following:
FTP> show Parameter Current Value ------listen_port 21 max_connections 2000 max_conn_per_client 1000 passive_port_range 30000:40000 idle_timeout 15 minutes allow_non_ssl yes anonymous_logon yes anonymous_write no anonymous_login_dir /vx/ftpanon allow_anon_fxp no user_logon yes homedir_path /vx/ftphomes allow_delete yes security local allow_user_fxp no
About FTP session commands
The FTP> session commands let you view or terminate the FTP sessions that are currently active.
Table 10-4 FTP session Commands
Command Definition
session show Displays the number of current FTP sessions to each node. See “Using the FTP session commands” on page 392. 392 Configuring your FTP server Using the FTP session commands
Table 10-4 FTP session Commands (continued)
Command Definition
session showdetail Displays the details of each session that matches the filter_options criteria. If no filter_options are specified, all sessions are displayed. If multiple filter options are provided then sessions matching all of the filter options are displayed. Filter options can be combined by using ','. The details that are displayed include: Session ID, User, Client IP, Server IP, State (UL for uploading; DL for downloading, or IDLE), and File (the name of the files that appear are either uploaded or downloaded). If an '?' appears under User, the session is not yet authenticated. See “Using the FTP session commands” on page 392.
session terminate Terminates the session that is entered for the session_id variable. What you enter is the same session displayed under Session ID with the FTP> session showdetail command.
See “Using the FTP session commands” on page 392.
Using the FTP session commands To display the current FTP sessions
◆ To display the current FTP sessions, enter the following:
FTP> session show Max Sessions : 2000
Nodename Current Sessions ------sfs_01 4 sfs_02 2 Configuring your FTP server 393 Using the FTP session commands
To display the FTP session details
◆ To display the details in the FTP sessions, enter the following:
FTP> session showdetail [filter_options]
where filter_options display the details of the sessions under specific headings. Filter options can be combined by using ','. If multiple filter options are used, sessions matching all of the filter options are displayed. For example, to display all of the session details, enter the following:
FTP> session showdetail Session ID User Client IP Server IP State File ------sfs_01.1111 user1 10.209.105.219 10.209.105.111 IDLE sfs_01.1112 user2 10.209.106.11 10.209.105.111 IDLE sfs_02.1113 user3 10.209.107.21 10.209.105.112 IDLE sfs_01.1117 user4 10.209.105.219 10.209.105.111 DL file123 sfs_02.1118 user1 10.209.105.219 10.209.105.111 UL file345 sfs_01.1121 user5 10.209.111.219 10.209.105.112 IDLE
For example, to display the details of the current FTP sessions to the Server IP (10.209.105.112), originating from the Client IP (10.209.107.21), enter the following:
FTP> session showdetail server_ip=10.209.105.112, client_ip=10.209.107.21 Session ID User Client IP Server IP State File ------sfs_02.1113 user3 10.209.107.21 10.209.105.112 IDLE
To terminate an FTP session
◆ To terminate one of the FTP sessions that are displayed in the FTP> session showdetail command, enter the following:
FTP> session terminate session_id
where session_id is the unique identifier for each FTP session that is displayed in the FTP> session showdetail output.
FTP> session terminate sfs_02.1113 Session sfs_02.1113 terminated 394 Configuring your FTP server Using the FTP logupload command
Using the FTP logupload command
The FTP> logupload command lets you upload the FTP server logs to a specified URL. To upload the FTP server logs
◆ To upload the FTP server logs to a specified URL, enter the following:
FTP> logupload url [nodename]
url The URL where the FTP logs are uploaded. The URL supports both FTP and SCP (secure copy protocol). If a node name is specified, only the logs from that node are uploaded. The default name for the uploaded file is ftp_log.tar.gz.
Passwords that are added directly to the URL are not supported.
nodename The node on which the operation occurs. Enter the value all for the operation to occur on all of the nodes in the cluster.
password Use the password you already set up on the node to which you upload the logs.
For example, to upload the logs from all of the nodes to an SCP-based URL:
FTP> logupload scp://user@host:/path/to/directory all Password: Collecting FTP logs, please wait..... Uploading the logs to scp://root@host:/path/to/directory, please wait...done
For example, to upload the logs from sfs_1 to an FTP-based URL:
FTP> logupload ftp://user@host:/path/to/directory sfs_1 Password: Collecting FTP logs, please wait..... Uploading the logs to ftp://root@host:/path/to/directory, please wait...done
About FTP local user commands
The FTP> local user commands let you create and manage local user accounts on the FTP server. Configuring your FTP server 395 About FTP local user commands
When you add a local user account, the user's home directory is created automatically on the FTP server. User home directories on the FTP server are specified by path/username where path is the home directory path configured by the FTP > set homedir_path command.
Table 10-5 FTP local user Commands
Command Definition local user add Adds a local user account to the FTP server. See “Using the FTP local user commands” on page 396. local user Changes the password for a local user account on the FTP server. password See “Using the FTP local user commands” on page 396. local user delete Removes a local user account from the FTP server. See “Using the FTP local user commands” on page 396. local user show Shows a list of local user accounts and associated information. See “Using the FTP local user commands” on page 396. 396 Configuring your FTP server Using the FTP local user commands
Using the FTP local user commands To add a local user account 1 To add a local user account, enter the following:
FTP> local user add username
where username is the name of the user whose account you want to add. 2 When the password prompt appears, enter a password for the local user. 3 Type the password again for verification. For example:
FTP > local user add user1 Input password for user1. Enter password: Re-enter password: Success.
When you add a local user, a home directory for the local user is created based on the user name of the account and the home directory path that is specified for users. For example, /vx/home/user1. All users are limited to their home directories and are not allowed to access files on the FTP server beyond their home directories. To change a password for a local user 1 To change a password for a local user, enter the following:
FTP> local user passwd username
where username is the name of the user whose password you want to change. 2 When the password prompt appears, enter a new password, then type the password again for verification. For example:
FTP > local user passwd user1 Enter password: Re-enter password: Success. Configuring your FTP server 397 About FTP local user set commands
To delete a local user account
◆ To delete a local user account, enter the following:
FTP> local user delete username
where username is the name of the user whose account you want to delete. For example:
FTP > local user delete user1 Success.
When you delete a local user account, the local user's home directory is not deleted. To show local user accounts
◆ To show local user accounts (and account settings) configured on the FTP server, enter the following:
FTP> local user show USER HOMEDIR UPLOAD DOWNLOAD MAX_FILES MAX_USAGE MAX_CONN ------localftp1 /localftp1 - - 1000 - - localftp2 /localftp2 20 MB/s - - - - localftp3 /test/asfta - 10 MB/s - 10.00 MB - localftp4 /localftp4 - - - - 20 test /test 103 MB/s 203 MB/s - 103.00 MB 10003 test2 /test2 - - - - -
About FTP local user set commands By default, local user accounts on the FTP server have no limits for the following:
■ Upload bandwidth.
■ Download bandwidth.
■ Number of files and directories in a home directory.
■ The amount of disk space available for files in a home directory.
■ Number of simultaneous connections.
To configure limits for these options, use the FTP> user local set commands. 398 Configuring your FTP server About FTP local user set commands
You can also use the FTP> local user set command specify home directories for local users accounts. Local user changes are effective immediately for new connections. You do not need to restart the FTP server.
Table 10-6 FTP local user set commands
Command Definition
set upload_bandwidth Specifies the maximum upload bandwidth (in MB/second) for a local user account on the FTP server. By default, there is no limit on the upload bandwidth for local users. See “Using the FTP local user set commands” on page 399.
set download_bandwidth Specifies the maximum download bandwidth (in MB/second) for a local user account on the FTP server. By default, there is no limit on the download bandwidth for local users. See “Using the FTP local user set commands” on page 399.
set max_files Specifies the maximum number of files and directories for a local user account on the FTP server. By default, there is no limit on the upload bandwidth for local users. See “Using the FTP local user set commands” on page 399.
set max_usage Specifies the maximum amount of disk space available in a local user home directory. By default, there is no limit to the amount of disk space local users can have for their home directories. Values can be specified as M (megabytes), G (gigabytes) or T (terabytes). For example, 200G.
See “Using the FTP local user set commands” on page 399.
set max_connections Specifies the maximum number of simultaneous connections a local user can have to each node in the cluster. By default there is no limit to the number of connections a local user can have to the FTP server. See “Using the FTP local user set commands” on page 399. Configuring your FTP server 399 Using the FTP local user set commands
Table 10-6 FTP local user set commands (continued)
Command Definition
set homedir Specifies the home directory for a local user account. The home directory you configure for a local user account is created relative to the home directory path that is configured by the FTP > set homedir_path command.
The default home directory value for local user accounts is username where username is the login name for the local user account. For example, if the home directory path is set to /vx/fs1/ftp_home and the user name is user1, the default home directory for user1 is /vx/fs1/ftp_home/user1
Changes to this value are applicable for any new connections. Configuring a new home directory location does not migrate any existing data in a local user's current home directory to the new home directory. See “Using the FTP local user set commands” on page 399.
Using the FTP local user set commands
Note: Quota values for MAX_FILES and MAX_USAGE are enforced during the commit of the FTP transaction. The transfer might show the status as 100% transferred, but the final commit might fail if the quota is exceeded.
150 Accepted data connection 100% *****************************************************| 2791 MB 106.58 MB/s 00:00 ETA 553-Quota exceeded: largefile.iso won't be saved 400 Configuring your FTP server Using the FTP local user set commands
To show local user settings
◆ To show the current settings for local user accounts, enter the following:
FTP> local user show USER HOMEDIR UPLOAD DOWNLOAD MAX_FILES MAX_USAGE MAX_CONN ------localftp1 /localftp1 - - 1000 - - localftp2 /localftp2 20 MB/s - - - - localftp3 /test/asfta - 10 MB/s - 10.00 MB - localftp4 /localftp4 - - - - 20 test /test 103 MB/s 203 MB/s - 103.00 MB 10003 test2 /test2 - - - - -
To set upload bandwidth
◆ To set the maximum upload bandwidth for a local user account, enter the following:
FTP> local user set upload_bandwidth username max_value
username Specifies the name of a user account.
max_value Specifies the maximum upload bandwidth value (measured in MB/second) for the user's account.
For example:
FTP > local user set upload_bandwidth user2 40000 Success. Configuring your FTP server 401 Using the FTP local user set commands
To set download bandwidth
◆ To set the maximum download bandwidth for a local user account, enter the following:
FTP> local user set download_bandwidth username max_value
username Specifies the name of a user account.
max_value Specifies the maximum download bandwidth value (measured in MB/second) for the user's account.
For example:
FTP > local user set download_bandwidth user2 80000 Success.
To set maximum files
◆ To set the maximum number of files and directories for a local user account, enter the following:
FTP> local user set max_files username number
username Specifies the name of a user account.
max_value Specifies the maximum number of files and directories that are allowed in the user's home directory.
For example:
FTP> local user set max_files user2 5000 Success. 402 Configuring your FTP server Using the FTP local user set commands
To set maximum disk space usage
◆ To set the maximum amount of disk space that is allowed for a local user account, enter the following:
FTP> local user set max_usage username number
username Specifies the name of a user account.
number Specifies the maximum amount of disk space available for the files that are stored in the user's home directory. Values can be specified as M (megabytes), G (gigabytes), or T (terabytes). For example, 200G.
For example:
FTP> local user set max_usage user2 10T Success.
To set maximum connections
◆ To set the maximum number of simultaneous connections a local user can have to the FTP server, enter the following:
FTP> local user set max_connections username number
username Specifies the name of a user account.
number Specifies the maximum number of simultaneous connects a user can have to the FTP server.
For example:
FTP> local user set max_connections user2 1000 Success. Configuring your FTP server 403 Using the FTP local user set commands
To set the home directory
◆ To set the home directory for a local user account, enter the following:
FTP> local user set homedir username dir_name
username Specifies that name of a user account.
dir_name Specifies the name of the home directory for the local user account.
For example:
FTP> local user set homedir user2 home Success.
The home directory you configure for a local user account is created relative to the home directory path that is configured by the FTP> set homedir_path command. Changes to this value are applicable for any new connections. Configuring a new home directory location does not migrate any existing data in a local user's current home directory to the new home directory. 404 Configuring your FTP server Using the FTP local user set commands Chapter 11
Configuring your HTTP server
This chapter includes the following topics:
■ About configuring your HTTP server for accessing FileStore data
■ About using the HTTP server commands
■ About HTTP set commands
■ About HTTP alias commands
■ About HTTP document root mapping commands
About configuring your HTTP server for accessing FileStore data In addition to CIFS, FTP, and NFS, you can access FileStore file data by way of the Hypertext Transfer (HTTP) protocol using a standard HTTP server. You specify the document root directory of the HTTP server to access data within one or more FileStore file systems. Then, you can use HTTP protocol to access and download these files.
Note: If you monitor HTTP downloads, Internet Explorer may display an incorrect percentage for the amount of file downloaded. Occasionally, Internet Explorer might display the download percentage as more than 100%. In addition, Internet Explorer may sometimes only partially download a file, without displaying an error message for the partial download. 406 Configuring your HTTP server About using the HTTP server commands
About using the HTTP server commands
You use the HTTP> server commands to configure a Hypertext Transfer (HTTP) server. The HTTP server allows files to be accessed using the HTTP protocol. The HTTP server is started on the standard HTTP port 80. By default, the HTTP server is not running.
Table 11-1 HTTP server commands
Command Definition
server start Starts the HTTP server. By default, the HTTP server is not running. See “Starting the HTTP server” on page 406.
server stop Stops any existing HTTP sessions. See “Stopping the HTTP server” on page 407.
server status Displays the status for the HTTP server. See “Displaying the status for the HTTP server” on page 407.
Starting the HTTP server To start the HTTP server
◆ To start the HTTP server, enter the following:
HTTP> server start
For example:
HTTP> server start Success. Configuring your HTTP server 407 About HTTP set commands
Stopping the HTTP server To stop the HTTP server
◆ To stop the HTTP server, enter the following:
HTTP> server stop
For example:
HTTP> server stop Success.
Displaying the status for the HTTP server To display the status for the HTTP server
◆ To display the status for the HTTP server, enter the following:
HTTP> server status
For example:
HTTP> server status HTTP Status on sfs_01 : ONLINE HTTP Status on sfs_02 : ONLINE
About HTTP set commands
You use the HTTP> set commands to set various configurable options for the HTTP server.
You can view the current HTTP sessions using the HTTP> session show command. You can also display the list of all HTTP configurable options and their values using the HTTP> show command.
Table 11-2 HTTP set commands
Command Definition
session show Displays the current HTTP sessions on each node. See “Displaying the current HTTP sessions on each node” on page 409. 408 Configuring your HTTP server About HTTP set commands
Table 11-2 HTTP set commands (continued)
Command Definition
set MinSpareThreads Sets the minimum number of threads that need to be kept idle to handle sudden bursts of requests. If there is a sudden burst of requests, the HTTP server attempts to use these spare threads. Also, it tries to start additional spare threads in the background. See “Setting the minimum number of idle threads for handling request spikes” on page 409.
set MaxSpareThreads Sets the maximum number of idle threads to handle request spikes. If there are more than MaxSpareThreads idle, then those threads are terminated. See “Setting the maximum number of idle threads for handling request spikes” on page 409.
set MaxThreads Sets the maximum number of threads that are created. If all MaxThreads are busy, new incoming requests may be blocked or discarded. See “Setting the maximum number of threads to be created” on page 410.
set StartThreads Sets the initial number of server threads to start with. If this value is less than MinSpareThreads, the HTTP server initially starts with the StartThreads value, and more threads are created until there are at least MinSpareThreads idle.
See “Setting the initial number of server threads” on page 410.
set ThreadsPerProc Sets the maximum number of threads in each server process. See “Setting the maximum number of threads in each server process” on page 410.
show Displays the list of all configurable HTTP options and their values. See “Displaying the list of all configurable HTTP options and their values” on page 411. Configuring your HTTP server 409 About HTTP set commands
Displaying the current HTTP sessions on each node To display the current HTTP sessions on each node
◆ To display the current HTTP sessions on each node, enter the following:
HTTP> session show
For example:
HTTP> session show Max Sessions: 2000
Nodename Current Sessions ------sfs_01 4 sfs_02 2
Setting the minimum number of idle threads for handling request spikes To set the minimum number of idle threads for handling request spikes
◆ To set the minimum number of idle threads for handling request spikes, enter the following:
HTTP> set MinSpareThreads value
where value is the minimum number of idle threads. value has to be less than MaxSpareThreads.
Setting the maximum number of idle threads for handling request spikes To set the maximum number of idle threads to handle request spikes
◆ To set the maximum number of idle threads to handle request spikes, enter the following:
HTTP> set MaxSpareThreads value
where value is the maximum number of idle threads. For example:
HTTP> set MaxSpareThreads 10 Success. 410 Configuring your HTTP server About HTTP set commands
Setting the maximum number of threads to be created To set the maximum number of threads to be created
◆ To set the maximum number of threads to be created, enter the following:
HTTP> set MaxThreads value
where value is the maximum number of threads to be created.
Setting the initial number of server threads To set the initial number of server threads
◆ To set the initial number of server threads, enter the following:
HTTP> set StartThreads value
where value is the initial number of server threads.
Setting the maximum number of threads in each server process To set the maximum number of threads in each server process
◆ To set the maximum number of threads in each server process, enter the following:
HTTP> set ThreadsPerProc value
where value is the maximum number of threads in each server process. Configuring your HTTP server 411 About HTTP alias commands
Displaying the list of all configurable HTTP options and their values To display the list of all configurable HTTP options and their values
◆ To display the list of all configurable HTTP options and their values, enter the following:
HTTP> show
For example:
HTTP> show DocumentRoot /vx/fs_str
Parameter Current Value ------MinSpareThreads 7 MaxSpareThreads 9 MaxThreads 100 StartThreads 8 ThreadsPerProc 4
Virtual Path Real Path ------/fs_str0 /vx/fs_str
About HTTP alias commands
You use the HTTP> alias commands to configure the HTTP aliases that provide mappings of physical directories (realPath) to virtual paths (virtualPath). Changes are visible to new HTTP connections. Existing HTTP connections still use the old HTTP mappings.
Table 11-3 HTTP alias commands
Command Definition
alias add Adds a mapping from a virtualPath to a realPath. When clients try to access a virtualPath, they access the realPath instead. realPath needs to be an existing directory. If a virtualPath ends with a slash (/), then the realPath should also end with a slash (/). If a virtualPath does not end with a slash (/), then the realPath should also not end with a slash (/). See “Adding a mapping from a virtualPath to a realPath” on page 412. 412 Configuring your HTTP server About HTTP alias commands
Table 11-3 HTTP alias commands (continued)
Command Definition
alias del Deletes a mapping that is visible from clients as a virtualPath. See “Deleting a mapping that is visible to clients as a virtualPath” on page 413.
alias show Displays all the aliases that are configured on the server. See “Displaying all the aliases configured on the server” on page 413.
Adding a mapping from a virtualPath to a realPath To add a mapping from a virtualPath to a realPath
◆ To add a mapping from a virtualPath to a realPath, enter the following:
HTTP> alias add virtualPath realPath
virtualPath Virtual path visible from the HTTP server. For example: /fs_str0.
realPath Existing physical directory location. realPath needs to be an existing directory, and it needs to belong to the /vx directory.
For example: /vx/fs_str.
For example:
HTTP> alias add /new/vx/fs_new Success.
Virtual Path Real Path ------/fs_str0 /vx/fs_str /new /vx_fs_new Configuring your HTTP server 413 About HTTP document root mapping commands
Deleting a mapping that is visible to clients as a virtualPath To delete a mapping that is visible to clients as a virtualPath
◆ To delete a mapping that is visible to clients as a virtualPath, enter the following:
HTTP> alias del virtualPath
where virtualPath is the virtual directory path you created. For example:
HTTP> alias del /new Success.
HTTP> alias show
Virtual Path Real Path ------/fs_str0 /vs/fs_str
Displaying all the aliases configured on the server To display all the aliases configured on the server
◆ To display all the aliases that are configured on the server, enter the following:
HTTP> alias show
For example:
HTTP> alias show
Virtual Path Real Path ------/fs_str0 /vx/fs_str /new /vx/fs_new
About HTTP document root mapping commands
You use the HTTP> documentRoot commands to specify and then to display the root directory for the HTTP server. 414 Configuring your HTTP server About HTTP document root mapping commands
Table 11-4 HTTP document root mapping commands
Command Definition
documentRoot set Specifies the root directory for the HTTP server. For Web serving, '/' represents the root directory. See “Setting the root directory for the HTTP server” on page 414.
documentRoot show Displays the root directory for the HTTP server. See “Displaying the current root directory for the HTTP server” on page 415.
documentRoot clear Removes the existing root directory setting for the HTTP server. This command cannot be run when HTTP server is started. Once the setting is cleared, the HTTP server cannot be started until the HTTP document root is set again using the HTTP> documentRoot set command.
See “Clearing the root directory setting for the HTTP server” on page 415.
Setting the root directory for the HTTP server To set the root directory for the HTTP server
◆ To set the root directory for the HTTP server, enter the following:
HTTP> documentRoot set document_root_dir
where document_root_dir is the root directory for the HTTP server. For example:
HTTP> documentRoot set /vx/test_fs/http_dir Success. Configuring your HTTP server 415 About HTTP document root mapping commands
Displaying the current root directory for the HTTP server To display the current root directory for the HTTP server
◆ To display the current root directory for the HTTP server, enter the following:
HTTP> documentRoot show
For example:
HTTP> documentRoot show DocumentRoot /vx/test_fs/http_dir
Clearing the root directory setting for the HTTP server To clear the root directory setting for the HTTP server 1 Make sure that the HTTP server is stopped. 2 To clear the root directory setting for the HTTP server, enter the following:
HTTP> documentRoot clear
For example:
HTTP> documentRoot clear Success.
Once this setting is cleared, the HTTP server cannot be started until the HTTP document root directory is set again using the HTTP> documentRoot set command. 416 Configuring your HTTP server About HTTP document root mapping commands Chapter 12
Configuring event notifications and audit logs
This chapter includes the following topics:
■ About configuring event notifications and audit logs
■ About severity levels and filters
■ About email groups
■ Configuring an email group
■ About syslog event logging
■ Configuring a syslog server
■ Displaying events on the console
■ About SNMP notifications
■ Configuring an SNMP management server
■ Configuring events for event reporting
■ Exporting events and audits in syslog format to a given URL
■ About audit logs
■ Configuring audit logs
■ Disabling the audit log for a file system 418 Configuring event notifications and audit logs About configuring event notifications and audit logs
About configuring event notifications and audit logs FileStore monitors the status and health of various network and storage components, and generates events to notify the administrator. FileStore provides a mechanism to send these events to external event monitoring applications like syslog server, SNMP trap logger, and mail servers . This section explains how to configure FileStore so that external event monitoring applications are notified of events on the FileStore cluster.
This chapter discusses the FileStore report commands. The Report commands are defined in Table 12-1. To access the commands, log in to the administrative console (for master, system-admin, or storage-admin) and enter Report> mode. See “About using the FileStore command-line interface” on page 31.
Table 12-1 Report mode commands
Command Definition
event Configures the events for event reporting. See “Configuring events for event reporting” on page 433.
exportevents Exports the events in syslog format to a given URL. See “Exporting events and audits in syslog format to a given URL” on page 434.
email Configures an email group. See “Configuring an email group” on page 421.
syslog Configures a syslog server. See “Configuring a syslog server” on page 427.
snmp Configures an SNMP management server. See “Configuring an SNMP management server” on page 430.
showevents Displays the events. See “Displaying events on the console” on page 429.
audit Configures the audit logs to record file system activity on the file systems that are enabled for data archive and retention (DAR).See “Configuring audit logs” on page 437. Configuring event notifications and audit logs 419 About severity levels and filters
About severity levels and filters FileStore monitors events of different severity levels. Setting the severity to a particular level informs FileStore to stop notifications about lower-level events. Notifications are sent for events having the same or higher severity. Table 12-2 describes the valid FileStore severity levels in descending order of severity.
Table 12-2 Severity levels
Valid value Description
emerg Indicates that the system is unusable
alert Indicates that immediate action is required
crit Indicates a critical condition
err Indicates an error condition
warning Indicates a warning condition
notice Indicates a normal but a significant condition
info Indicates an informational message
debug Indicates a debugging message
FileStore classifies event notifications by area. Setting the event filter to a specific level filters out other areas. Notifications are sent for events matching the given filter. The following filters are configurable:
■ Network - if an alert is for a networking event, then selecting the network filter triggers that alert. If you select the network filter only, and an alert is for a storage-related event, the network alert is not sent.
■ Storage - is for storage-related events, for example, file systems, snapshots, disks, and pools
■ All - resets the filter to show all events.
About email groups
The Report> email commands configure the email notifications of events. These commands support the following: 420 Configuring event notifications and audit logs About email groups
■ Adding email groups
■ Adding filters to the group
■ Adding email addresses to the email group
■ Adding event severity to the group
■ Configuring an external mail server for sending event notification emails
Table 12-3 Email group commands
Command Definition
email show Displays an existing email group or details for the email group. See “Configuring an email group” on page 421.
email add group Uses the email groups to combine multiple email addresses into one entity; the email group is used as the destination of the FileStore email notification. Email notification properties can be configured for each email group. When an email group is added initially, it has the all default filter. When a group is added initially, the default severity is info.
See “Configuring an email group” on page 421.
email add Adds an email address to a group. email-address See “Configuring an email group” on page 421.
email add severity Adds a severity level to an email group.
See “Configuring an email group” on page 421.
email add filter Adds a filter to a group. See “Configuring an email group” on page 421.
email del Deletes an email address. email-address See “Configuring an email group” on page 421.
email del filter Deletes a filter from a specified group. See “Configuring an email group” on page 421.
email del group Deletes an email group. See “Configuring an email group” on page 421.
email del severity Deletes a severity from a specified group. See “Configuring an email group” on page 421. Configuring event notifications and audit logs 421 Configuring an email group
Table 12-3 Email group commands (continued)
Command Definition
email get Displays the details of the configured mail server . Obtain the following information:
■ Name of the configured mail server ■ Email user's name ■ Email user's password
See “Configuring an email group” on page 421.
email set Adds an mail server and user account from which email notifications are sent out. See “Configuring an email group” on page 421.
email set Deletes the configured mail server by specifying the command without any options to delete the mail server . See “Configuring an email group” on page 421.
Configuring an email group FileStore can be configured to send email messages to users or groups of users through an external SMTP server. To display attributes of an email group
◆ To display attributes of an email group, enter the following:
Report> email show [group]
where group is optional, and it specifies the group for which to display the attributes. If the specified group does not exist, an error message is displayed. For example:
Report> email show root Group Name: root Severity of the events: info,debug Filter of the events: all,storage Email addresses in the group: [email protected] OK Completed
To add a new email group
◆ To add a new email group, enter the following: 422 Configuring event notifications and audit logs Configuring an email group
Report> email add group group
where group specifies the name of the new email group and can only contain the following characters:
■ Alpha characters
■ Numbers
■ Hyphens
■ Underscores Entering invalid characters results in an error message. If the entered group already exists, then no error message is displayed. For example:
Report> email add group alert-grp OK Completed
Multiple email groups can be defined, each with their own email addresses, event severity, and filter. To add an email address to an existing group
◆ To add an email address to an existing group, enter the following:
Report> email add email-address group email-address
For example:
Report> email add email-address alert-grp [email protected] OK Completed
group Specifies the group to which the email address is added. If the email group that is specified does not exist, then an error message is displayed.
email-address Specifies the email address to be added to the group. If the email address is not a valid email address, a message is displayed. If the email address has already been added to the specified group, a message is displayed. Configuring event notifications and audit logs 423 Configuring an email group
To add a severity level to an existing email group
◆ To add a severity level to an existing email group, enter the following:
Report> email add severity group severity
For example:
Report> email add severity alert-grp alert OK Completed
group Specifies the email group for which to add the severity. If the email group that is specified does not exist, an error message is displayed.
severity Indicates the severity level to add to the email group. See “About severity levels and filters” on page 419. Entering an invalid severity results in an error message, prompting you to enter a valid severity. Only one severity level is allowed at one time. You can have two different groups with the same severity levels and filters. Each group can have its own severity definition. You can define the lowest level of the severity that triggers all other severities higher than it. 424 Configuring event notifications and audit logs Configuring an email group
To add a filter to an existing group
◆ To add a filter to an existing group, enter the following:
Report> email add filter group filter
group Specifies the email group for which to apply the filter. If the specified email group does not exist, an error message is displayed.
filter Specifies the filter for which to apply to the group. See “About severity levels and filters” on page 419. The default filter is all.
A group can have more than one filter, but there may not be any duplicate filters for the group.
For example:
Report> email add filter root storage OK Completed
To delete an email address from an existing group
◆ To delete an email address from an existing group, enter the following:
Report> email del email-address group email-address
group Specifies the group from which to delete the email address. If the entered group does not exist, an error message is displayed.
email-address Specifies the email address from which to delete from the group. If the email address you entered does not exist for the group, an error message is displayed.
For example, to delete an existing email address from the email group, enter the following:
Report> email del email-address root testuser@localhost Configuring event notifications and audit logs 425 Configuring an email group
To delete a filter from an existing group
◆ To delete a filter from an existing group, enter the following:
Report> email del filter group filter
group Specifies the group to remove the filter from. If the entered email group does not exist, an error message is displayed.
filter Specifies the filter to be removed from the group. See “About severity levels and filters” on page 419. The default filter is all.
If the specified filter is not in the specified group, an error message is displayed.
To delete an existing email group
◆ To delete an existing email group, enter the following:
Report> email del group group
where group specifies the name of the email group to be deleted. If the email group you specified does not exist, an error message is displayed. To delete a severity from a specified group
◆ To delete a severity from a specified group, enter the following:
Report> email del severity group severity
group Specifies the name of the email group from which the severity is to be deleted. If the specified email group does not exist, an error message is displayed.
severity Specifies the severity to delete from the specified group. See “About severity levels and filters” on page 419. A severity cannot be deleted from a group if it does not exist for that group. If this situation occurs, an error message is displayed. 426 Configuring event notifications and audit logs About syslog event logging
To display mail server settings
◆ To display mail server settings, enter the following:
Report> email get E-Mail Server: smtp.symantec.com E-Mail Username: adminuser E-mail User's Password: ******** OK Completed
To add a mail server and user account
◆ To add a mail server and user account from which email notifications are sent out, enter the following:
Report> email set [email-server] [email-user]
email-server Specifies the external mail server from which email notifications are sent out.
email-user Specifies the user account from which email notifications are sent out. If email-user is specified, then the password for that user on the SMTP server is required.
For example:
Report> email set smtp.symantec.com adminuser Enter password for user 'adminuser': ********
To delete the mail server from sending email messages
◆ To delete the mail server from sending email messages, enter the following command without any options:
Report> email set
About syslog event logging FileStore can be configured to send system log messages to syslog servers based on severity and filter. In FileStore, options include specifying the external system log (syslog) server for event reporting, and setting the filter and the severity levels for events. Event Configuring event notifications and audit logs 427 Configuring a syslog server
notifications matching configured severity levels and filters are logged to those external syslog servers. See “About severity levels and filters” on page 419.
Table 12-4 Syslog commands
Commands Definition
syslog show Displays the list of syslog servers. See “Configuring a syslog server” on page 427.
syslog add Adds a syslog server See “Configuring a syslog server” on page 427.
syslog set severity Sets the severity for the syslog server. See “Configuring a syslog server” on page 427.
syslog set filter Sets the syslog server filter. See “Configuring a syslog server” on page 427.
syslog get filter Displays the values of the configured syslog server. See “Configuring a syslog server” on page 427.
syslog delete Deletes a syslog server. See “Configuring a syslog server” on page 427.
Configuring a syslog server FileStore can be configured to send syslog messages to syslog servers based on set severities and filters. To display the list of syslog servers
◆ To display the list of syslog servers, enter the following:
Report> syslog show
To add a syslog server to receive event notifications
◆ To add a syslog server to receive event notifications, enter the following:
Report> syslog add syslog-server-ipaddr
where syslog-server-ipaddr specifies the host name or the IP address of the external syslog server. 428 Configuring event notifications and audit logs Configuring a syslog server
To set the severity of syslog messages
◆ To set the severity of syslog messages to be sent, enter the following:
Report> syslog set severity value
where value indicates the severity of syslog messages to be sent. For example:
Report> syslog set severity warning
See “About severity levels and filters” on page 419. To set the filter level of syslog messages
◆ To set the filter level of syslog messages to be sent, enter the following:
Report> syslog set filter value
where value indicates the filter level of syslog messages to be sent. For example:
Report> sylog set filter storage OK Completed
See “About severity levels and filters” on page 419. To display the values of the configured filter and severity level settings
◆ To display the values of the configured filter and severity level settings, enter the following:
Report> syslog get filter|severity
For example:
Report> syslog get severity Severity of the events: err OK Completed
To delete a syslog server from receiving message notifications
◆ To delete a syslog server from receiving message notifications, enter the following:
Report> syslog delete syslog-server-ipaddr
syslog-server-ipaddr specifies the host name or the IP address of the syslog server. Configuring event notifications and audit logs 429 Displaying events on the console
Displaying events on the console To display events on the console
◆ To display events on the console, enter the following:
Report> showevents [number_of_events]
where number_of_events specifies the number of events that you want to display. If you leave number_of_events blank, or if you enter 0, FileStore displays all of the events in the system.
About SNMP notifications Simple Network Management Protocol (SNMP) is a network protocol to simplify the management of remote network-attached devices such as servers and routers. SNMP is an open standard system management interface. Information from the Management Information Base (MIB) can also be exported. SNMP traps enable the reporting of a serious condition to a management station. The management station is then responsible for initiating further interactions with the managed node to determine the nature and extent of the problem. In FileStore, options include specifying the SNMP server to receive traps from the FileStore cluster, and selecting the severity of the occurrences to report. See “About severity levels and filters” on page 419.
Table 12-5 SNMP commands
Command Definition
snmp add Adds an SNMP management server. See “Configuring an SNMP management server” on page 430.
snmp show Displays the current list of SNMP management servers. See “Configuring an SNMP management server” on page 430.
snmp delete Deletes an already configured SNMP management server. See “Configuring an SNMP management server” on page 430.
snmp set severity Sets the severity for SNMP notifications. See “Configuring an SNMP management server” on page 430.
snmp set filter Sets the filter for SNMP notifications. See “Configuring an SNMP management server” on page 430. 430 Configuring event notifications and audit logs Configuring an SNMP management server
Table 12-5 SNMP commands (continued)
Command Definition
snmp get Displays the values of the configured SNMP notifications. filter|severity See “Configuring an SNMP management server” on page 430.
snmp exportmib Uploads the SNMP Management Information Base (MIB) file to the given URL. The URLs support FTP and SCP. If the url specifies a remote directory, the default file name is sfsfs_mib.txt. See “Configuring an SNMP management server” on page 430.
Configuring an SNMP management server To add an SNMP management server to receive SNMP traps
◆ To add an SNMP management server to receive SNMP traps, enter the following:
Report> snmp add snmp-mgmtserver-ipaddr [community_string]
snmp-mgmtserver-ipaddr specifies the host name or the IP address of the SNMP management server. [community_string] specifies the community name for the SNMP management server. The default community_string is public.
When you use the Report> snmp show command, community_string displays as follows:
[email protected], [email protected]
For example, if using the IP address, enter the following:
Report> snmp add 10.10.10.10 OK Completed
For example, if using the host name, enter the following:
Report> snmp add mgmtserv1.symantec.com OK Completed
SNMP traps can be sent to multiple SNMP management servers. Configuring event notifications and audit logs 431 Configuring an SNMP management server
To display the current list of SNMP management servers
◆ To display the current list of SNMP management servers, enter the following:
Report> snmp show Configured SNMP management servers: 10.10.10.10,mgmtserv1.symantec.com [email protected], [email protected] OK Completed
To delete an already configured SNMP management server from receiving SNMP traps
◆ To delete an already configured SNMP management server from receiving SNMP traps, enter the following:
Report> snmp delete snmp-mgmtserver-ipaddr
snmp-mgmtserver-ipaddr specifies the host name or the IP address of the SNMP management server. For example:
Report> snmp delete 10.10.10.10 OK Completed
If you input an incorrect value for snmp-mgmtserver-ipaddr, an error message displays. For example:
Report> snmp delete mgmtserv22.symantec.com SFS snmp delete ERROR V-288-26 Cannot delete SNMP management server, it doesn't exist.
To set the severity for SNMP traps to be sent
◆ To set the severity for SNMP traps to be sent, enter the following:
Report> snmp set severity value
where value indicates the severity for the SNMP trap to be sent. For example:
Report> snmp set severity warning OK Completed
See “About severity levels and filters” on page 419. 432 Configuring event notifications and audit logs Configuring an SNMP management server
To set the filter level of SNMP traps
◆ To set the filter level for SNMP traps, enter the following:
Report> snmp set filter value
where value indicates the filter. For example:
Report> snmp set filter network OK Completed
See “About severity levels and filters” on page 419. To display the filter or the severity levels of SNMP traps to be sent
◆ To display the filter or the severity levels of SNMP traps to be sent, enter the following:
Report> snmp get filter|severity
For example:
Report> snmp get severity Severity of the events: warning OK Completed Report> snmp get filter Filter for the events: network OK Completed
To export the SNMP MIB file to a given URL
◆ To export the SNMP MIB file to a given URL, enter the following:
Report> snmp exportmib url
where url specifies the location the SNMP MIB file is exported to. FTP and SCP URLs are supported. For example:
Report> snmp exportmib scp://[email protected]:/tmp/sfsfs_mib.txt Password: ***** OK Completed
If the url specifies a remote directory, the default file name is sfsfs_mib.txt. Configuring event notifications and audit logs 433 Configuring events for event reporting
Configuring events for event reporting To reduce duplicate events
◆ To reduce the number of duplicate events that are sent for notifications, enter the following:
Report> event set dup-frequency number
where number indicates time (in seconds) in which only one event (of duplicate events) is sent for notifications. For example:
Report> event set dup-frequency 120 OK Completed
where number indicates the number of duplicate events to ignore.
Report> event set dup-number number
For example:
Report> event set dup-number 10 OK Completed
To display the time interval or the number of duplicate events sent for notifications
◆ To display the time interval, enter the following:
Report> event get dup-frequency
For example:
Report> event get dup-frequency Duplicate events frequency (in seconds): 120 OK Completed
To set the number of duplicate events that are sent for notifications, enter the following:
Report> event get dup-number
For example:
Report> event get dup-number Duplicate number of events: 10 OK Completed 434 Configuring event notifications and audit logs Exporting events and audits in syslog format to a given URL
Exporting events and audits in syslog format to a given URL You can export events and audits in syslog format to a given URL. Supported URLs for upload include:
■ FTP
■ SCP To export audit events and audits in syslog format
◆ To export events and audits in syslog format to a given URL, enter the following:
Report> exportevents url [audit]
url Exports the events in syslog format to the specified URL. URL supports FTP and SCP. If the URL specifies the remote directory, the default file name is sfsfs_event.log.
audit Exports the audits in syslog format to the specified URL. URL supports FTP and SCP. If the URL specifies the remote directory, the default file name is sfsfs_audit.log.
For example:
Report> exportevents scp://[email protected]:/exportevents/event.1 Password: ***** OK Completed
About audit logs
Use Report> audit commands to configure audit logs for DAR-enabled file systems. When it is enabled, the audit log feature tracks file system activity and stores the results in log files. To configure an audit log:
■ Specify the file system to be logged. Only DAR-enabled file system can be configured for audit logs.
■ Choose which activities (operations) on the file system are included in the log. Only the activities you specify are logged, no other operations are logged. Configuring event notifications and audit logs 435 About audit logs
Note: When audit logs are configured for a DAR-enabled file system, that file system cannot be taken offline or destroyed.
Table 12-6 Audit commands
Command Definition audit fs enable Enables the audit logs on a DAR-enabled file system. See “Configuring audit logs” on page 437. audit fs list Displays the set of operations (and WORM-only settings) enabled for audit logs. See “Configuring audit logs” on page 437. audit fs show Shows the audit logs for a file system. See “Configuring audit logs” on page 437. audit fs disable Disables the audit logs for a file system. Disabling audit logs does not delete current audit log records. See “Configuring audit logs” on page 437.
Table 12-7 lists the file system operations you can include in audit logs.
Table 12-7 File system operations in audit logs
Operation Definition all All file system operations. all_metadata All metadata operations. (default) all_create All file create operations, including the create, mkdir, link, and symlink operations. all_delete All delete file operations, including the delete, unlink, and rmdir operations. all_setxattr All set extended attribute operations, including the setattr and the setxattr operations. open All open file operations. close All close file operations. write All file write operations. 436 Configuring event notifications and audit logs About audit logs
Table 12-7 File system operations in audit logs (continued)
Operation Definition
read All file read operations.
rename All file rename operations.
create All file create operations.
mkdir All make directory operations.
link All file link operations.
symlink All symbolic link operations for files.
unlink All unlink operations.
rmdir All remove directory operations.
rename All file rename operations.
setattr All file set attribute operations.
setxattr All file set extended attribute operations.
removeattr All file remove attribute operations.
getattr All file get attribute operations.
getxattr All file get extended attribute operations.
list_xattr All file-related list extended attribute operations. Configuring event notifications and audit logs 437 Configuring audit logs
Configuring audit logs To enable an audit log
◆ To configure an audit log for a DAR-enabled file system, enter the following:
Report> audit fs enable fs_name [operations] [wormonly=yes|no]
fs_name Specifies the name of the file system you want to audit. You can only audit DAR-enabled file systems.
operations A comma-separated list of operations to audit. Only the operations you specify are logged. See “About audit logs” on page 434.
wormonly Valid inputs for the wormonly option are wormonly=yes or wormonly=no.
If you specify wormonly=yes, only the operations which are done on WORM files are audited. If you specify wormonly=no, all files (WORM and non-WORM) are audited. The default is wormonly=yes.
Report> audit fs enable fs1 read,write wormonly=no
To list operations tracked by an audit log
◆ To list which operations are tracked by an audit log, enter the following:
Report> audit fs list [fs_name]
where fs_name is the name of the file system. If fs_name is not specified, a list of audit log operations for all DAR-enabled file systems is displayed.
Report> audit fs list File system: fs1 Operations: read,write Wormonly: wormonly=no
File system: fs2 Operations: all Wormonly: wormonly=yes 438 Configuring event notifications and audit logs Configuring audit logs
To show audit results for a DAR-enabled file system
◆ To show audit log entries for a file system, enter the following:
Report> audit fs show fs_name [operations] [maxlines]
fs_name Specifies the name of the file system whose audit log you want to view.
operations A comma-separated list of operations to display in the log. Only log entries for the operations you specify are displayed. By default all_metadata operations are displayed.
See “About audit logs” on page 434.
maxlines The maximum number of lines that are shown for an audit log. If you specify zero (0), all lines in the log are shown. The default is 10 lines.
Report> audit fs show fs1 all 0
Filename Operation UID Timestamp Success ======/vx/fs1/file2 write 0 Aug 18 13:19:04 2010 Success /vx/fs1/file2 write 0 Aug 18 13:19:04 2010 Success /vx/fs1/file2 setattr 0 Aug 18 13:16:50 2010 Success /vx/fs1/file2 create 0 Aug 18 13:16:50 2010 Success /vx/fs1/file1 setattr 0 Aug 18 13:16:22 2010 Success /vx/fs1/file1 create 0 Aug 18 13:16:22 2010 Success /vx/fs1/file1 write 0 Aug 18 10:37:10 2010 Success /vx/fs1/file1 write 0 Aug 18 10:37:10 2010 Success /vx/fs1/file1 setxattr 0 Aug 18 10:31:26 2010 Success /vx/fs1/file1 setattr 0 Aug 18 10:30:59 2010 Success /vx/fs1/file1 setattr 0 Aug 18 10:30:57 2010 Success /vx/fs1/file1 create 0 Aug 18 10:30:57 2010 Success /vx/fs1/file1 unlink 0 Aug 18 10:30:26 2010 Success /vx/fs1/file1 create 0 Aug 18 10:29:00 2010 Success Configuring event notifications and audit logs 439 Disabling the audit log for a file system
Disabling the audit log for a file system To disable the audit log for a file system
◆ To disable the audit log for a file system, enter the following:
Report> audit fs disable fs_name
where fs_name is the name of the file system. When you disable an audit log, the current audit log records are not deleted.
Report> audit fs disable fs1 440 Configuring event notifications and audit logs Disabling the audit log for a file system Chapter 13
Configuring backup
This chapter includes the following topics:
■ About backup
■ About NetBackup
■ About the NetBackup Snapshot Client
■ About NetBackup snapshot methods
■ About NetBackup instant recovery
■ About Fibre Transport
■ About SAN clients
■ About FT media servers
■ About the FT Service Manager
■ About zoning the SAN for Fibre Transport
■ About HBAs for SAN clients and FT media servers
■ About supported SAN configurations for SAN Client
■ Adding a NetBackup master server to work with FileStore
■ Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation
■ Configuring the virtual name of NetBackup
■ About the Network Data Management Protocol
■ About backup configurations
■ Configuring backup 442 Configuring backup About backup
■ Configuring backups using NetBackup or other third-party backup applications
About backup
The Backup commands are defined in Table 13-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the Backup> mode. See “About using the FileStore command-line interface” on page 31.
Table 13-1 Backup mode commands
Command Definition
netbackup Configures the local NetBackup installation of FileStore to use an external NetBackup master server, Enterprise Media Manager (EMM) server, or media server. See “About NetBackup” on page 443.
virtual-ip Configures the NetBackup and NDMP data server installation on FileStore nodes to use ipaddr as its virtual IP address.
See “Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation” on page 450.
virtual-name Configures the NetBackup installation on FileStore nodes to use name as its host name. See “Configuring the virtual name of NetBackup” on page 451.
ndmp Transfers data between the data server and the tape server under the control of a client. The Network Data Management Protocol (NDMP) is used for data backup and recovery. See “About the Network Data Management Protocol” on page 452.
show Displays the settings of the configured servers. See “About backup configurations” on page 466.
status Displays the status of configured servers. See “About backup configurations” on page 466.
start Starts the configured servers. See “About backup configurations” on page 466.
stop Stops the configured servers. See “About backup configurations” on page 466. Configuring backup 443 About NetBackup
About NetBackup FileStore includes built-in client software for Symantec’s NetBackup data protection suite. If NetBackup is the enterprise’s data protection suite of choice, file systems hosted by FileStore can be backed up to a NetBackup media server. To configure the built-in NetBackup client, you need the names and IP addresses of the NetBackup master and media servers. Backups are scheduled from those servers, using NetBackup’s administrative console. Consolidating storage reduces the administrative overhead of backing up and restoring many separate file systems. With a 2255 TB maximum file system size, FileStore makes it possible to collapse file storage into fewer administrative units, thus reducing the number of backup interfaces and operations necessary. All critical file data can be backed up and restored through the NetBackup client software included with FileStore (separately licensed NetBackup master and media servers running on separate computers are required), or through any backup management software that supports NAS systems as data sources.
Table 13-2 Netbackup commands
Command Definition
netbackup Provides a functioning external NetBackup master server to work with master-server FileStore. FileStore only includes the NetBackup client code on the FileStore nodes. If you want to use NetBackup to back up your FileStore file systems, you must add an external NetBackup master server. For NetBackup clients to be compliant with the NetBackup End-User License Agreement (EULA), you must have purchased and entered valid license keys on the external NetBackup master server prior to configuring NetBackup to work with FileStore. For more information on entering NetBackup license keys on the NetBackup master server, refer to the Symantec NetBackup Installation Guide, Release 7.0.1. See “Adding a NetBackup master server to work with FileStore ” on page 449.
netbackup Adds an external NetBackup Enterprise Media Manager (EMM) server emm-server (which can be the same as the NetBackup master server) to work with FileStore. Note: If you want to use NetBackup to backup FileStore file systems, you must add an external NetBackup EMM server.
See “Adding a NetBackup master server to work with FileStore ” on page 449. 444 Configuring backup About the NetBackup Snapshot Client
Table 13-2 Netbackup commands (continued)
Command Definition
netbackup Adds an external NetBackup media server (if the NetBackup media media-server add server is not co-located with the NetBackup master server). Note: Adding an external NetBackup media server is optional. If you do not add one, then FileStore uses the NetBackup master server as the NetBackup media server.
See “Adding a NetBackup master server to work with FileStore ” on page 449.
netbackup Deletes an already configured NetBackup media server. media-server See “Adding a NetBackup master server to work with FileStore ” delete on page 449.
About the NetBackup Snapshot Client A snapshot is a point-in-time, read-only, disk-based copy of a client volume. After the snapshot is created, NetBackup backs up data from the snapshot, not directly from the client’s primary or original volume. Users and client operations can access the primary data without interruption while data on the snapshot volume is backed up. The contents of the snapshot volume are cataloged as if the backup was produced directly from the primary volume. After the backup is complete, the snapshot-based backup image on storage media is indistinguishable from a traditional, non-snapshot backup.
About NetBackup snapshot methods NetBackup can create different types of snapshots. Each snapshot type that you configure in NetBackup is called a snapshot method. Snapshot methods enable NetBackup to create snapshots within the storage stack (such as the file system, volume manager, or disk array) where the data resides. If the data resides in a logical volume, NetBackup can use a volume snapshot method to create the snapshot. If the data resides in a file system, NetBackup can use a file system method, depending on the client operating system and the file system type. You select the snapshot method in the backup policy as explained under “Selecting the snapshot method” in the Symantec NetBackup 7.0.1 Snapshot Client Administrator's Guide. Configuring backup 445 About NetBackup instant recovery
Note: When using FileStore with NetBackup, select the VxFS_Checkpoint snapshot method.
About NetBackup instant recovery This feature makes backups available for quick recovery from disk. Instant Recovery combines snapshot technology—the image is created with minimal interruption of user access to data—with the ability to do rapid snapshot-based restores. The snapshot is retained on disk as a full backup image.
About Fibre Transport NetBackup Fibre Transport is a method of data transfer. It uses Fibre Channel and a subset of the SCSI command protocol for data movement over a SAN rather than TCP/IP over a LAN. It provides a high-performance transport mechanism between NetBackup clients and NetBackup media servers. Fibre Transport supports multiple, concurrent logical connections. The NetBackup systems that support Fibre Transport contain Fibre Channel HBAs that are dedicated to FT communication. The NetBackup Fibre Transport service is active on both the SAN clients and the NetBackup media servers that connect to the storage. Throughout this documentation, Fibre Transport connections between NetBackup clients and NetBackup servers are referred to as FT pipes.
About SAN clients A NetBackup SAN client is a NetBackup client on which the Fibre Transport service is activated. The SAN client is similar to the NetBackup SAN media server that is used for the Shared Storage Option; it backs up its own data. However, the SAN client is based on the smaller NetBackup client installation package, so it has fewer administration requirements and uses fewer system resources. Usually, a SAN client contains critical data that requires high bandwidth for backups. It connects to a NetBackup media server over Fibre Channel. The NetBackup SAN Client Fibre Transport Service manages the connectivity and the data transfers for the FT pipe on the SAN clients. The SAN client FT service also discovers FT target mode devices on the NetBackup media servers and notifies the FT Service Manager about them. 446 Configuring backup About FT media servers
About FT media servers A NetBackup FT media server is a NetBackup media server on which the Fibre Transport services are activated. NetBackup FT media servers accept connections from SAN clients and send data to the disk storage. The host bus adapters (HBAs) that accept connections from the SAN clients use a special NetBackup target mode driver to process FT traffic. The media server FT service controls data flow, processes SCSI commands, and manages data buffers for the server side of the FT pipe. It also manages the target mode driver for the host bus adaptors. Requires the SAN Client license.
About the FT Service Manager The FT Service Manager (FSM) resides on the NetBackup server that hosts the NetBackup Enterprise Media Manager service. FSM interacts with the FT services that run on SAN clients and on FT media servers. FSM discovers, configures, and monitors FT resources and events. FSM runs in the same process as EMM.
About zoning the SAN for Fibre Transport Before you can configure and use the NetBackup Fibre Transport (FT) mechanism, the SAN must be configured and operational. See “About supported SAN configurations for SAN Client” on page 448. For SAN switched configurations, proper zoning prevents Fibre Transport traffic from using the bandwidth that may be required for other SAN activity. Proper zoning also limits the devices that the host bus adapter (HBA) ports discover; the ports should detect the other ports in their zone only. Without zoning, each HBA port detects all HBA ports from all hosts on the SAN. The potentially large number of devices may exceed the number that the operating system supports. Instructions for how to configure and manage a SAN are beyond the scope of the NetBackup documentation. However, the following recommendations may help you optimize your SAN traffic. Table 13-3 describes the zones you should use for your SAN traffic. Configuring backup 447 About HBAs for SAN clients and FT media servers
Note: You must use physical port ID or World Wide Port Name (WWPN) when you specify the HBA ports on NetBackup Fibre Transport media servers.
Table 13-3 Appliance zones
Zone Description
A Fibre Transport A Fibre Transport zone (or backup zone) should include only specific HBA ports of the hosts zone that use Fibre Transport, as follows:
■ Ports on the FT media server HBAs that connect to the SAN clients. These ports use the Symantec Corporation target mode driver. ■ Ports on the SAN client HBAs that connect to the media server ports that are in target mode. The ports on the SAN clients use the standard initiator mode driver. You must define the FT media server target ports by physical port ID or World Wide Port Name (WWPN). The target mode driver WWPNs are not unique because they are derived from the Fibre Channel HBA WWPN. The NetBackup SAN clients should detect only the HBA ports that are in target mode on the NetBackup media servers. They should not detect HBA ports in initiator mode on the NetBackup media servers. They should not detect the FC HBAs on other hosts. To promote multistream throughput, each SAN client should detect all target mode devices of the media server HBA ports in the zone.
External storage If the storage is on a SAN, create an external storage zone. The zone should include the HBA zone ports for the storage and the FT media server HBA ports that connect to the storage. All of the ports in the storage zone use the standard initiator mode HBA driver.
About HBAs for SAN clients and FT media servers The Fibre Channel host bus adapter (HBA) and driver requirements differ on the SAN clients and on the NetBackup FT media servers, as follows:
HBAs on SAN clients The HBAs on the SAN clients can be any supported Fibre Channel HBA. The HBA ports must operate in the default initiator mode. For the HBAs on the SAN client systems, do the following:
■ Install the drivers for the HBA. ■ Install the utilities for the HBA. Although not required for NetBackup operation, the utilities may help to troubleshoot connectivity problems. 448 Configuring backup About supported SAN configurations for SAN Client
HBAs on NetBackup FT The NetBackup media servers that host Fibre Transport media servers require the following:
■ For the connections to the SAN clients, use a QLogic HBA that NetBackup supports for Fibre Transport. For these HBAs, you must configure them to use the NetBackup target mode driver. ■ If you use SAN attached storage, you can use any supported Fibre Channel HBA to connect to the storage. For these HBAs, you should install the QLogic driver and utilities. The HBA ports that connect to the storage must remain in the default initiator mode. ■ The HBAs and their drivers must support 256K size buffers for data transfer.
For information about supported HBAs, see the NetBackup Release Notes.
About supported SAN configurations for SAN Client NetBackup supports the following SAN configurations for Fibre Transport:
Node port (N_Port) switched Connect the NetBackup media servers and SAN clients to a configuration SAN switch as follows:
■ Connect the HBA port on the NetBackup FT media server to a Fibre Channel switch port. ■ Connect each SAN client HBA port to ports on the same Fibre Channel switch. ■ Define the zones on the switch so that the client(s) and server(s) are in the same zone. Be aware of the following: ■ You must define the NetBackup FT media server target ports by physical port ID or World Wide Port Name (WWPN). The target mode driver WWPNs are not unique because they are derived from the Fibre Channel HBA WWPN. ■ You can define SAN client ports by either port ID or WWPN. However, if you use one method only, zone definition and management is easier.
Fibre Channel arbitrated loop Use Fibre Channel arbitrated loop (FC-AL) to connect a (FC-AL) configuration NetBackup FT media server HBA port directly to a NetBackup SAN client HBA port. Note: FC-AL hubs are not supported. Configuring backup 449 Adding a NetBackup master server to work with FileStore
Adding a NetBackup master server to work with FileStore To add an external NetBackup master server
◆ To add an external NetBackup master server, enter the following:
Backup> netbackup master-server server
where server is the host name of the NetBackup master server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup master-server nbumaster.symantecexample.com Ok Completed
To add a NetBackup EMM server
◆ To add the external NetBackup EMM server, enter the following:
Backup> netbackup emm-server server
where server is the host name of the NetBackup EMM server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup emm-server nbumedia.symantecexample.com OK Completed
To add a NetBackup media server
◆ To add an NetBackup media server, enter the following:
Backup> netbackup media-server add server
where server is the host name of the NetBackup media server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup media-server add nbumedia.symantecexample.com OK Completed 450 Configuring backup Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation
To delete an already configured NetBackup media server
◆ To delete an already configured NetBackup media server, enter the following:
Backup> netbackup media-server delete server
where server is the host name of the NetBackup media server you want to delete. For example:
Backup> netbackup media-server delete nbumedia.symantecexample.com OK Completed
Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation You can configure or change the virtual IP address that is used by NetBackup and the NDMP data server installation on FileStore nodes. This address is a highly available virtual IP address in the cluster. For information about the Symantec NetBackup 7.0.1 client capability, refer to the Symantec NetBackup 7.0.1 product documentation set.
Note: If you use NetBackup and the NDMP data server installation on FileStore nodes, configure the virtual IP address using the Backup> virtual-ip command so that it is different from all of the virtual IP addresses, including the console server IP address and the physical IP addresses used to install FileStore. Configuring backup 451 Configuring the virtual name of NetBackup
To configure or change the virtual IP address used by NetBackup and NDMP data server installation
◆ To configure or change the virtual IP address that is used by NetBackup and the NDMP data server installation on FileStore nodes, enter the following:
Backup> virtual-ip ipaddr [device]
ipaddr The virtual IP address to be used with the NetBackup and the NDMP data server installation on the FileStore nodes. Make sure that ipaddr can be resolved back to the host name that is configured by using the Backup> virtual-name command.
device The Ethernet interface for the virtual IP address.
For example:
Backup> virtual-ip 10.10.10.10 pubeth1 OK Completed
See “Configuring the virtual name of NetBackup” on page 451.
Configuring the virtual name of NetBackup To configure or change the NetBackup host name
◆ To configure the NetBackup installation on FileStore nodes to use name as its host name, enter the following:
Backup> virtual-name name
where name is the host name for the NetBackup installation on FileStore nodes.
Backup> virtual-name nbuclient.symantecexample.com
Make sure that name can be resolved through DNS, and its IP address can be resolved back to name through the DNS reverse lookup. Also, make sure that name resolves to an IP address that is configured by using the Backup> virtual-ip command. For example:
Backup> virtual-name nbuclient.symantecexample.com OK Completed
See “Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation” on page 450. 452 Configuring backup About the Network Data Management Protocol
About the Network Data Management Protocol The Network Data Management Protocol (NDMP) is an open protocol for transferring data between the data server and the tape server under the control of a client. NDMP is used for data backup and recovery. NDMP is based on a client-server architecture. The Data Management Application is the client and the data and the tape services are the servers. The Data Management Application initiates the backup session. A single control connection from the Data Management Application to each of the data and the tape services and a data connection between the tape and the data services creates a backup session.
Note: The information in this section assumes that you have the correct backup infrastructure to support the NDMP environment.
NDMP provides the following services:
■ Defines a mechanism and protocol for controlling the backup, recovery, and other transfers of data between the data server and the tape server.
■ Separates the network attached Data Management Application, data servers , and tape servers participating in archival, recovery, or data migration operations.
■ Provides low-level control of tape devices and SCSI media changers.
Table 13-4 NDMP terminology
Terminology Definition
host The host computer system that executes the NDMP server application. Data is backed up from the NDMP host to either a local tape drive or to a backup device on a remote NDMP host.
service The virtual state machine on the NDMP host that is controlled using the NDMP protocol. This term is used independently of implementation. The three types of NDMP services include: data service, tape service, and SCSI service.
server An instance of one or more distinct NDMP services that are controlled by a single NDMP control connection. Thus a Data/Tape/SCSI Server is an NDMP server providing data, tape, and SCSI services.
session The configuration of one client and two NDMP services to perform a data management operation such as a backup or a recovery. Configuring backup 453 About the Network Data Management Protocol
Table 13-4 NDMP terminology (continued)
Terminology Definition
client The application that controls the NDMP server. The NDMP client initiates backup and restore. In NDMP version 4, the client is the Data Management Application.
Data Management An application that controls the NDMP session. In NDMP there is a Application master-slave relationship. The Data Management Application is the session master; the NDMP services are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" is used instead of the Data Management Application.
The Backup> ndmp commands configure the default policies that are used during the NDMP backup and restore sessions. In FileStore, NDMP supports the following commands:
■ setenv commands. The set environment commands let you configure the variables that make up the NDMP backup policies for your environment.
■ getenv commands. The get environment commands display what you have set up with the setenv commands or the default values of all of the NDMP environment variables.
■ showenv command. The show environment command displays all of the NDMP policies.
■ restoredefaultenv command. The restore default environment command restores the NDMP policies back to their default values.
About NDMP supported configurations FileStore currently supports the three-way NDMP backup. The data and the tape services reside on different nodes on a network. The Data Management Application has two control connections, one to each of the data and the tape services. The data and the tape services also have a data connection. Data travels from the disk on an NDMP host to a tape device on another NDMP host. Backup data is sent over the local network. The tape drives must be in NDMP-type storage units. 454 Configuring backup About the Network Data Management Protocol
Figure 13-1 Illustration of three-way NDMP FileStore backup
NFS clients NBU / TSM / EMC Control Legato with Control Flow NDMP Flow
Data Flow
NBU Media FileStore – Cluster Server with – NDMP Server NDMP
Tape Library
Primary Storage Array
The NDMP commands configure the default policies that are used during the NDMP backup or restore sessions. The Data Management Application (client) initiating the connection for NDMP backup and restore operations to the NDMP data server or tape server can override these default policies by setting the same policy name as environment variable and using any suitable value of that environment variable. The FileStore NDMP server supports MD5 and text authentication. The Data Management Application that initiates the connection to the server uses master for the user name and for the password for the NDMP backup session authentication. The password can be changed using the Admin> passwd command. See “Creating Master, System Administrator, and Storage Administrator users” on page 41. Configuring backup 455 About the Network Data Management Protocol
About the NDMP policies
The Backup> ndmp commands configure the default policies which are used during the NDMP backup and restore sessions. The DMA (NDMP client) initiating the connection for the NDMP backup and restore operation to the FileStore NDMP data server can override these default policies by setting the same policy name as environment variable and using any suitable value of that environment variable.
Table 13-5 NDMP set commands
Command Definition
ndmp setenv Defines how new data is recorded over old data. This overwrite_policy command has three configuration options. See “Configuring the NDMP policies” on page 456.
ndmp setenv failure_resilient Continues the backup and restore session even if an error condition occurs. During a backup or restore session, if a file or directory cannot be backed up or restored, setting value to yes lets the session continue with the remaining specified files and directories in the list. A log message is sent to the Data Management Application about the error. Refer to the Data Management Application documentation for the location of the NDMP logs. Some conditions, such as an I/O error, does not let the command continue the backup and restore session.
See “Configuring the NDMP policies” on page 456.
ndmp setenv restore_dst Configures the Dynamic Storage Tiering (DST) restore policy. Note: During the restore session, the DST policy only applies to the file system, but it does not become effective until you run it through the storage tier policy commands.
See “Configuring the NDMP policies” on page 456.
ndmp setenv Configures the NDMP recursive restore policy to restore recursive_restore the contents of a directory each time you restore. See “Configuring the NDMP policies” on page 456.
ndmp setenv Contains the file system backup information for the backup update_dumpdates command. In the FileStore NDMP environment, the dumpdates file is /etc/ndmp.dumpdates.
See “Configuring the NDMP policies” on page 456. 456 Configuring backup About the Network Data Management Protocol
Table 13-5 NDMP set commands (continued)
Command Definition
ndmp setenv send_history States whether or not you want the file history of the backed up data to be sent to the Data Management Application. See “Configuring the NDMP policies” on page 456.
ndmp setenv use_snapshot Lets you bring back previous versions of the files for review or to be used. A snapshot is a virtual copy of a set of files and directories that is taken at a particular point in time. The NDMP use snapshot policy enables the backup of a point-in-time image of a set of files and directories instead of a continuous changing set of files and directories. See “Configuring the NDMP policies” on page 456.
ndmp setenv backup_method Enables the configuration of the NDMP backup method policy. This policy enables an incremental backup. See “Configuring the NDMP policies” on page 456.
ndmp setenv Configures the masquerade as a third-party policy. masquerade_as_thirdparty See “Configuring the NDMP policies” on page 456.
Configuring the NDMP policies
Caution: No checks are made when the file overwrites the directory or vice versa. The destination path being overwritten is removed recursively. Configuring backup 457 About the Network Data Management Protocol
To configure the overwrite policy
◆ To configure the overwrite policy, enter the following:
Backup> ndmp setenv overwrite_policy value
where the variables for value are listed in the following table.
no_overwrite Checks if the file or directory to be restored already exists. If it does, the command responds with an error message. A log message is returned to the Data Management Application. Refer to the Data Management Application documentation for the location of the NDMP log messages. The file or directory is not overwritten.
rename_old Checks if the file or directory already exists. If it does, it is (default) renamed with the suffix .#ndmp_old and a new file or directory is created.
overwrite_always If the file or directory already exists, it is overwritten. While restoring from incremental backups, set the value to overwrite_always.
No checks are made when files overwrite a directory. The destination path being overwritten is removed recursively.
For example:
Backup> ndmp setenv overwrite_policy rename_old Ok Completed
To configure the failure resilient policy
◆ To configure the failure resilient policy, enter the following:
Backup> ndmp setenv failure_resilient value
where the variables for value are yes or no.
yes (default) The backup and restore session continues even if an error condition is encountered. However some conditions, such as the I/O error, cause the backup and restore session to stop.
no The backup and restore session terminates immediately when it encounters any error condition. 458 Configuring backup About the Network Data Management Protocol
To configure the restore Dynamic Storage Tiering policy
◆ To configure the restore Dynamic Storage Tiering policy, enter the following:
Backup> ndmp setenv restore_dst value
where the variables for value are yes or no.
yes (default) During the backup session, if the specified directory that is set up for backup is a directory in the file system mount point, then the Dynamic Storage Tiering policy is backed up. During the restore session, if the Dynamic Storage Tiering policy exists in the backup stream, the Dynamic Storage Tiering policy that was backed up is applied to the restore destination path if that path is a mount point (full file system restore). The Dynamic Storage Tiering policy is not restored if the secondary tier does not exist on the destination path. If the Dynamic Storage Tiering policy could not be restored, a log message is returned to the Data Management Application (refer to the Data Management Application documentation for the location of the NDMP logs). During the restore, the Dynamic Storage Tiering policy is applied only to the file system, but it is not effective until you run it through the Storage> tier policy commands.
no The Dynamic Storage Tiering policy is not applied even if all of the other conditions are met.
To configure the recursive restore policy
◆ To configure the recursive restore policy, enter the following:
Backup> ndmp setenv recursive_restore value
where the variables for value are yes or no.
yes (default) If the name list (names of the files and directories to be restored from the backup) specifies a directory, the contents of that directory are restored recursively.
no Restores the directory, but not the contents of the directory. Configuring backup 459 About the Network Data Management Protocol
To configure the update dumpdates policy
◆ To configure the update dumpdates policy, enter the following:
Backup> ndmp setenv update_dumpdates value
where the variables for value are yes or no.
If NetBackup is used for backup by way of NDMP, use set UPDATE = No in NetBackup to disable updating dumpdates. Or use set UPDATE = "" to stop NetBackup from using a default value of yes.
yes (default) Updates the dumpdates files by the FileStore NDMP data server with the details of the current backup which includes the time at which the backup was taken, the directory that was backed up, and the level of the backup. This information can be later used for the next backup session for the incremental and the differential backups.
no The dumpdates files are not updated.
To configure the send history policy
◆ To configure the send history policy, enter the following:
Backup> ndmp setenv send_history value
where the variables for value are yes or no.
yes (default) Sends the history of the backed up data to the Data Management Application. The history includes information for every file and directory that was backed up, such as name, stat, positioning data (used for DAR restore), and inode information.
no The file history information is not sent to the Data Management Application. 460 Configuring backup About the Network Data Management Protocol
To configure the use snapshot policy
◆ To configure the use snapshot policy, enter the following:
Backup> ndmp setenv use_snapshot value
where the variables for value are yes or no.
yes (default) The backup session first takes the snapshot of the file system which is backed up. The snapshot is also taken if any directory of the file system is backed up. The snapshot that is taken uses the same storage space as the stprage space of the main file system.
no The backup session takes the backup of only the live file system.
To configure the backup method policy
◆ To configure the backup method policy, enter the following:
Backup> ndmp setenv backup_method value
where the variables for value are fcl or mtime.
FCL (default) File Change Log. FCL can be used to directly get the list of modified files in the file system and they can then be backed up. However, since FCL is finite in size, it is possible that not all of the changes can be recorded in the FCL. In that case, use the mtime backup method.
mtime Time of last modification. By checking the mtimes of the files in the file system, the time of last backup can be stored reliably somewhere in the file system, and the time can be used to find all of the modified files since last backup. The location where the 'time of last backup' is stored is /etc/ndmp.dumpdates. The file name is mentioned when you configure the update_dumpdates command.
For example:
Backup> ndmp setenv backup_method mtime OK Completed Configuring backup 461 About the Network Data Management Protocol
To configure the masquerade as a third-party policy
◆ To configure the masquerade as a third-party policy, enter the following:
Backup> ndmp setenv masquerade_as_thirdparty value
where the variables for value are yes or no.
yes The FileStore NDMP server masquerades as a third-party compatible device for certain NDMP backup applications.
no (default) The FileStore NDMP server does not masquerade as a third-party compatible device.
For example:
Backup> ndmp setenv masquerade_as_thirdparty yes OK Completed Backup>
Displaying all NDMP policies To display all of the NDMP policies
◆ To display the NDMP policies, enter the following:
Backup> ndmp showenv
For example:
Backup> ndmp showenv Overwrite policy: Rename old Failure Resilient: yes Restore DST policies: yes Recursive restore: yes Update dumpdates: yes Send history: yes Use snapshot: yes Backup method: fcl Masquerade as thirdparty: yes OK Completed 462 Configuring backup About the Network Data Management Protocol
About retrieving the NDMP data
Table 13-6 NDMP get commands
Command Definition
ndmp getenv Defines how new data is recorded over old data. To retrieve overwrite_policy the settings for the policy that you set up, use the ndmp getenv overwrite_policy command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv Enables the continuation of the backup and restore session failure_resilient even if an error condition occurs because a file or directory cannot be backed up or restored. To retrieve the settings for the policy that you set up, use the ndmp getenv failure_resilient command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv restore_dst Configures the Dynamic Storage Tiering restore policy. To retrieve the settings for the policy that you set up, use the ndmp getenv restore_dst command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv Enables the configuration of the restore session to restore recursive_restore the contents of a directory. To retrieve the settings for the policy that you set up, use the ndmp getenv recursive_restore command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv Enables the configuration of the dumpdates file. To retrieve update_dumpdates the settings for the policy that you set up, use the ndmp getenv update_dumpdates command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv send_history States whether or not you want the file history of the backed up data to be sent to the Data Management Application. To retrieve the settings for the policy that you set up, use the ndmp getenv send_history command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv use_snapshot Enables how much of the files and directories you want to copy during the backup session. To retrieve the settings for the policy that you set up, use the ndmp getenv use_snapshot command.
See “Retrieving the NDMP data” on page 463. Configuring backup 463 About the Network Data Management Protocol
Table 13-6 NDMP get commands (continued)
Command Definition
ndmp getenv backup_method Enables the configuration of the method to back up the file system. To retrieve the settings for the policy that you set up, use the ndmp getenv backup_method command.
See “Retrieving the NDMP data” on page 463.
ndmp getenv Configures the NDMP server to masquerade as a third-party masquerade_as_thirdparty compatible device for certain NDMP backup applications. See “Retrieving the NDMP data” on page 463.
Retrieving the NDMP data To retrieve the overwrite backup data
◆ To retrieve the overwrite backup data, enter the following:
Backup> ndmp getenv overwrite_policy
For example:
Backup> ndmp getenv overwrite_policy Overwrite policy: Rename old OK Completed
To retrieve the failure resilient backup data
◆ To retrieve the failure resilient data, enter the following:
Backup> ndmp getenv failure_resilient
For example:
Backup> ndmp getenv failure_resilient Failure Resilient: yes OK Completed 464 Configuring backup About the Network Data Management Protocol
To retrieve the restore Dynamic Storage Tiering data
◆ To retrieve the restore Dynamic Storage Tiering data, enter the following:
Backup> ndmp getenv restore_dst
For example:
Backup> ndmp getenv restore_dst Restore DST policies: no OK Completed
To retrieve the recursive restore data
◆ To retrieve the recursive restore data, enter the following:
Backup> ndmp getenv recursive_restore
For example:
Backup> ndmp getenv recursive_restore Recursive restore: yes OK Completed
To retrieve the update dumpdates data
◆ To retrieve the update dumpdates data, enter the following:
Backup> ndmp getenv update_dumpdates
For example:
Backup> ndmp getenv update_dumpdates Update dumpdates: yes OK Completed
To retrieve the send history data
◆ To retrieve the send history data, enter the following:
Backup> ndmp getenv send_history
For example:
Backup> ndmp getenv send_history Send history: no OK Completed Configuring backup 465 About the Network Data Management Protocol
To retrieve the NDMP use snapshot data
◆ To retrieve the send history data, enter the following:
Backup> ndmp getenv use_snapshot
For example:
Backup> ndmp getenv use_snapshot Use snapshot: yes OK Completed
To retrieve the NDMP backup method
◆ To retrieve the configured backup method policy, enter the following:
Backup> ndmp getenv backup_method
For example:
Backup> ndmp getenv backup_method Backup Method: fcl OK Completed
To retrieve the masquerade as a third-party policy
◆ To retrieve the configured masquerade as a third-party policy, enter the following:
Backup> ndmp getenv masquerade_as_thirdparty
For example:
Backup> ndmp getenv masquerade_as_thirdparty Masquerade as thirdparty: yes OK Completed
Restoring the default NDMP policies To restore the NDMP policies to default values
◆ To restore the NDMP policies to default values, enter the following:
Backup> ndmp restoredefaultenv 466 Configuring backup About backup configurations
About backup configurations
Table 13-7 Backup configuration commands
Command Definition
show Displays the NetBackup configured settings. If the settings were configured while the backup and the restore services were running, then they may not be currently in use by the FileStore nodes. To display all of the configured settings, first run the backup> stop command, then run the backup> start command.
See “Configuring backup” on page 467.
status Displays if the NetBackup and the NDMP data server have started or stopped on the FileStore nodes. If the NetBackup and the NDMP data server have currently started and is running, then Backup> status displays any on-going backup or restore jobs. See “Configuring the virtual name of NetBackup” on page 451. See “Configuring backup” on page 467.
start Starts processes that handle backup and restore. You can also change the status of a virtual IP address to online after it has been configured using the Backup> virtual-ip command. This command applies to any currently active node in the cluster that handles backup and restore jobs. The Backup> start command does nothing if the backup and the restore processes are already running. See “Configuring backup” on page 467.
stop Enables the processes that handle backup and restore. You can also change the status of a virtual IP address to offline after it has been configured using the Backup> virtual-ip command.
The Backup> stop command does nothing if backup jobs are running that involve FileStore file systems. See “Configuring backup” on page 467. Configuring backup 467 Configuring backup
Configuring backup To display NetBackup configurations
◆ To display NetBackup configurations, enter the following:
Backup> show
For example:
Backup> show Virtual name: nbuclient.symantec.com Virtual IP: 10.10.10.10 NetBackup Master Server: nbumaster.symantec.com NetBackup EMM Server: nbumaster.symantec.com NetBackup Media Server(s): not configured Backup Device: pubeth1 Ok Completed 468 Configuring backup Configuring backup
To display the status of backup services
◆ To display the status of backup services, enter the following:
Backup> status
An example of the status command when no backup services are running:
Backup> status Virtual IP state : up Backup service online node : node_01 NDMP Server state : running NetBackup Client state : running
No backup/restore jobs running. OK Completed
An example of the status command when the backup jobs that are running involve file systems using NDMP.
Backup> status Virtual IP state : up Backup service online node : node_01 NDMP Server state : working NetBackup Client state : running
Following filesystems are currently busy in backup/restore jobs by NDMP: myfs1 OK Completed
An example of the status command when the backup jobs that are running involve file systems using the NetBackup client.
Backup> status Virtual IP state : up Backup service online node : node_01 NDMP Server state : running NetBackup Client state : working
Some filesystems are busy in backup/restore jobs by NetBackup Client OK Completed Configuring backup 469 Configuring backups using NetBackup or other third-party backup applications
To start backup services
◆ To start backup processes, enter the following:
Backup> start [nodename]
where the optional nodename specifies the node where backup services are started. For example:
Backup> start OK Completed
To stop backup services
◆ To stop backup services, enter the following:
Backup> stop
For example:
Backup> stop SFS backup ERROR V-288-0 Cannot stop, some backup jobs are running.
Configuring backups using NetBackup or other third-party backup applications You can backup FileStore using the Symantec NetBackup 7.0.1 client capability, or backup applications from other third-party companies that use the standard NFS mount to backup over the network. The FileStore ISO image includes the Symantec NetBackup 7.0.1 FileStore client code. For information about the Symantec NetBackup 7.0.1 client capability, refer to the Symantec NetBackup 7.0.1 product documentation set.
The Backup> netbackup commands configure the local NetBackup installation of FileStore to use an external NetBackup master server, Enterprise Media Manager (EMM) server, or media server. When NetBackup is installed on FileStore, it acts as a NetBackup client to perform IP-based backups of FileStore file systems.
Note: A new public IP address, not an IP address that is currently used, is required for configuring the NetBackup client. Use the Backup> virtual-ip and Backup> virtual-name commands to configure the NetBackup client. 470 Configuring backup Configuring backups using NetBackup or other third-party backup applications Chapter 14
Configuring Symantec FileStore Dynamic Storage Tiering
This chapter includes the following topics:
■ About FileStore Dynamic Storage Tiering (DST)
■ How FileStore uses Dynamic Storage Tiering
■ About policies
■ Adding or removing a column from a secondary tier of a file system
■ About adding tiers to file systems
■ Adding tiers to a file system
■ Removing a tier from a file system
■ About configuring a mirror on the tier of a file system
■ Configuring a mirror to a tier of a file system
■ Listing all of the files on the specified tier
■ Displaying a list of Dynamic Storage Tiering file systems
■ Displaying the tier location of a specified file
■ About configuring the policy of each tiered file system
■ Configuring the policy of each tiered file system
■ Relocating a file or directory of a tiered file system 472 Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
■ About configuring schedules for all tiered file systems
■ Configuring schedules for all tiered file systems
■ Displaying the files that are moved or pruned by running a policy
■ Allowing metadata information on the file system to be written on the secondary tier
■ Restricting metadata information to the primary tier only
About FileStore Dynamic Storage Tiering (DST) The FileStore Dynamic Storage Tiering (DST) feature makes it possible to allocate two tiers of storage to a file system. The following features are part of the FileStore Dynamic Storage Tiering solution:
■ Relocate files between primary and secondary tiers automatically as files age and become less business critical.
■ Prune files on secondary tiers automatically as files age and are no longer needed.
■ Promote files from a secondary storage tier to a primary storage tier based on I/O temperature.
■ Retain original file access paths to eliminate operational disruption, for applications, backup procedures, and other custom scripts.
■ Let you manually move folders, files and other data between storage tiers.
■ Enforce the policies that automatically scan the file system and relocate files that match the appropriate tiering policy. In FileStore, there are two predefined tiers for storage:
■ Current active tier 1 (primary) storage.
■ Tier 2 (secondary) storage for aged or older data. To configure FileStore DST, add tier 2 (secondary) storage to the configuration. Specify where the archival storage resides (storage pool) and the total size. Files can be moved from the active storage after they have aged for a specified number of days, depending on the policy selected. The number of days for files to age (not accessed) before relocation can be changed at any time.
Note: An aged file is a file that exists without being accessed. Configuring Symantec FileStore Dynamic Storage Tiering 473 About FileStore Dynamic Storage Tiering (DST)
Figure 14-1 depicts the features of FileStore and how it maintains application transparency.
Figure 14-1 Dynamic Storage Tiering features
/one-file-system
/sales /financial/sales /development/sales
/current /forecast /current/2007 /forecast/2008 /current/new /forecast/history
storage
Primary Tier Secondary Tier
mirrored
RAID5
If you are familiar with Veritas Volume Manager (VxVM), every FileStore file system is a multi-volume file system (one file system resides on two volumes). The DST tiers are predefined to simplify the interface. When an administrator wants to add storage tiering, a second volume is added to the volume set, and the existing file system is encapsulated around all of the volumes in the file system. This chapter discusses the FileStore storage commands. You use these commands to configure tiers on your file systems. The Storage commands are defined in Table 14-1. 474 Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
You log into the administrative console (for master, system-admin, or storage-admin) and enter Storage> mode to access the commands. See “About using the FileStore command-line interface” on page 31.
Table 14-1 Storage mode commands
Command Definition
tier add Adds the different types of storage tier to the file system. See “About adding tiers to file systems” on page 477.
tier remove Removes a tier from a file system. See “Removing a tier from a file system” on page 480.
tier addmirror Adds a mirror to a tier of a file system. See “About configuring a mirror on the tier of a file system” on page 480.
tier rmmirror Removes a mirror from a tier of a file system. See “About configuring a mirror on the tier of a file system” on page 480.
tier addcolumn Lets you add a column to a secondary tier. See “Adding or removing a column from a secondary tier of a file system” on page 476.
tier rmcolumn Lets you remove a column from a secondary tier of a file system.
See “Adding or removing a column from a secondary tier of a file system” on page 476.
tier listfiles Lists all of the files on the specified tier. See “Listing all of the files on the specified tier” on page 482.
tier mapfile Displays the tier location of a specified file. See “Displaying the tier location of a specified file” on page 484.
tier policy Configures the policy of each tiered file system. See “About configuring the policy of each tiered file system” on page 484.
tier relocate Relocates a file or directory. See “Relocating a file or directory of a tiered file system” on page 490. Configuring Symantec FileStore Dynamic Storage Tiering 475 How FileStore uses Dynamic Storage Tiering
Table 14-1 Storage mode commands (continued)
Command Definition
tier schedule Creates the schedules for all tiered file systems. See “About configuring schedules for all tiered file systems” on page 490.
tier query Displays a list of files that are moved or pruned by running a policy. See “Displaying the files that are moved or pruned by running a policy” on page 493.
tier allowmetadata Allows the metadata information on the file system to be written on yes the secondary tier. See “Allowing metadata information on the file system to be written on the secondary tier” on page 494.
tier allowmetadata Restricts the metadata information to the primary tier only. no See “Restricting metadata information to the primary tier only” on page 495.
How FileStore uses Dynamic Storage Tiering FileStore provides two types of tiers:
■ Primary tier
■ Secondary tier Each newly created file system has only one primary tier initially. This tier cannot be removed. For example, the following operations are applied to the primary tier:
Storage> fs addmirror
Storage> fs growto
Storage> fs shrinkto
The Storage> tier commands manage file system DST tiers.
All Storage> tier commands take a file system name as an argument and perform operations on the combined construct of that file system. The FileStore file system default is to have a single storage tier. An additional storage tier can be added to enable storage tiering. A file system can only support a maximum of two storage tiers. 476 Configuring Symantec FileStore Dynamic Storage Tiering About policies
Storage> tier commands can be used to perform the following:
■ Adding/removing/modifying the secondary tier
■ Setting policies
■ Scheduling policies
■ Locating tier locations of files
■ Listing the files that are located on the primary or the secondary tier
■ Moving files from the secondary tier to the primary tier
■ Allowing metadata information on the file system to be written on the secondary tier
■ Restricting metadata information to the primary tier only
About policies Each tier can be assigned a policy. The policies include:
■ Specify on which tier (primary or secondary) the new files get created.
■ Relocate files from the primary tier to the secondary tier based on any number of days of inactivity of a file.
■ Relocate files from the secondary tier to the primary tier based on the Access Temperature of the file.
■ Prune files on the secondary tier based on any number of days of inactivity of a file.
Adding or removing a column from a secondary tier of a file system You can add a column to a secondary tier of a file system. Configuring Symantec FileStore Dynamic Storage Tiering 477 About adding tiers to file systems
To add a column to a secondary tier of a file system
◆ To add a column to a secondary tier of a file system, enter the following:
Storage> tier addcolumn fs_name ncolumns pool_or_disk_name
fs_name Specifies the file system for which you want to add a column to a secondary tier of the file system.
ncolumn Specifies the number of columns that you want to add to the secondary tier of the file system. Note: In the case of striped file systems, the number of disks that are specified should be equal to the number of columns (ncolumns).
Note: In the case of mirrored-striped and striped-mirrored file systems, the disks that are specified should be equal to (ncolumns * number_of_mirrors_in_fs).
pool_or_disk_name Specifies the pool or the disk name for the tiered file system.
For example, to add two columns to the secondary tier of file system fs1, enter the following:
Storage> tier addcolumn fs1 2 pool3
To remove a column from a secondary tier of a file system
◆ To remove a column from a secondary tier of a file system, enter the following:
Storage> tier rmcolumn fs_name
where fs_name is the name of the tiered file system, the secondary tier of which you want to remove the column from. For example:
Storage> tier rmcolumn fs1
About adding tiers to file systems You can add different types of tiers to file systems. 478 Configuring Symantec FileStore Dynamic Storage Tiering Adding tiers to a file system
Table 14-2 Tier add commands
Command Definition
tier add simple Adds a second tier to a file system. The storage type of the second tier is independent of the protection level of the first tier. See “Adding tiers to a file system” on page 478.
tier add mirrored Adds a mirrored second tier to a file system. See “Adding tiers to a file system” on page 478.
tier add striped Adds a striped second tier to a file system. See “Adding tiers to a file system” on page 478.
tier add Adds a mirrored-striped second tier to a file system. mirrored-stripe See “Adding tiers to a file system” on page 478.
tier add Adds a striped-mirror second tier to a file system. striped-mirror See “Adding tiers to a file system” on page 478.
Adding tiers to a file system To add a second tier to a file system
◆ To add a tier to a file system where the volume layout is "simple" (concatenated), enter the following:
Storage> tier add simple fs_name size pool1[,disk1,...]
To add a mirrored tier to a file system
◆ To add a mirrored tier to a file system, enter the following:
Storage> tier add mirrored fs_name size nmirrors pool1[,disk1,...] [protection=disk|pool]
For example:
Storage> tier add mirrored fs1 100M 2 pool3,pool4 100% [#] Creating mirrored secondary tier of filesystem Configuring Symantec FileStore Dynamic Storage Tiering 479 Adding tiers to a file system
To add a striped tier to a file system
◆ To add a striped tier to a file system, enter the following:
Storage> tier add striped fs_name size ncolumns pool1[,disk1,...] [stripeunit=kilobytes]
To add a mirrored-striped tier to a file system
◆ To add a mirrored-striped tier to a file system, enter the following:
Storage> tier add mirrored-stripe fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes]
To add a striped-mirror tier to a file system
◆ To add a striped-mirror tier to a file system, enter the following:
Storage> tier add striped-mirror fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes]
fs_name Specifies the name of the file system to which the mirrored tier is added. If the specified file system does not exist, an error message is displayed.
size Specifies the size of the tier to be added to the file system (for example, 10m, 10M, 25g, 100G).
ncolumns Specifies the numbers of columns to add to the striped tiered file system.
nmirrors Specifies the number of mirrors to be added to the tier for the specified file system.
pool1[,disk1,...] Specifies the pool(s) or disk(s) that is used for the specified tiered file system. If the specified pool or disk does not exist, an error message is displayed. You can specify more than one pool or disk by separating the pool or the disk name with a comma, but do not include a space between the comma and the name. The disk needs to be part of the pool or an error message is displayed. 480 Configuring Symantec FileStore Dynamic Storage Tiering Removing a tier from a file system
protection If no protection level is specified, disk is the default protection level. The protection level of the second tier is independent of the protection level of the first tier. Available options are:
■ disk - If disk is entered for the protection field, then mirrors are created on separate disks. The disks may or may not be in the same pool. ■ pool - If pool is entered for the protection field, then mirrors are created in separate pools. If not enough space is available, then the file system is not created.
stripeunit=kilobytes Specifies a stripe width of either 128K, 256k, 512K, 1M, or 2M. The default stripe width is 512K.
Removing a tier from a file system
The Storage> tier remove command removes a tier from the file system and releases the storage that is used by the file system back to the storage pool. This command requires that the file system be online, and that no data resides on the secondary tier. If the storage tier to be removed contains any data residing on it, then the tier cannot be removed from the file system. To remove a tier from a file system
◆ To remove a tier from a file system, enter the following:
Storage> tier remove fs_name
where fs_name specifies the name of the tiered file system that you want to remove. For example:
Storage> tier remove fs1
About configuring a mirror on the tier of a file system These commands add or remove mirrors to the tier of the file system. Configuring Symantec FileStore Dynamic Storage Tiering 481 Configuring a mirror to a tier of a file system
Table 14-3 Tier mirror commands
Command Definition
tier addmirror Adds a mirror to a tier of a file system. See “Configuring a mirror to a tier of a file system” on page 481.
tier rmmirror Removes a mirror from a tier of a file system. Note: For a striped-mirror file system, if any of the disks are bad, this command disables the mirrors from the tiered file system for which the disks have failed. If no disks have failed, FileStore chooses a mirror to remove from the tiered file system.
See “Configuring a mirror to a tier of a file system” on page 481.
Configuring a mirror to a tier of a file system To add a mirror to a tier of a file system
◆ To add a mirror to a tier of a file system, enter the following:
Storage> tier addmirror fs_name pool1[,disk1,...] [protection=disk|pool]
fs_name Specifies the file system to which a mirror is added. If the specified file system does not exist, an error message is displayed.
pool1[,disk1,...] Specifies the pool(s) or disk(s) that are used as a mirror for the specified tiered file system. You can specify more than one pool or disk by separating the name with a comma. But do not include a space between the comma and the name. The disk needs to be part of the pool or an error message is displayed.
protection If no protection level is specified, disk is the default protection level. Available options are:
■ disk - If disk is entered for the protection field, then mirrors are created on separate disks. The disks may or may not be in the same pool. ■ pool - If pool is entered for the protection field, then mirrors are created in separate pools. If not enough space is available, then the file system is not created.
For example: 482 Configuring Symantec FileStore Dynamic Storage Tiering Listing all of the files on the specified tier
Storage> tier addmirror fs1 pool5 100% [#] Adding mirror to secondary tier of filesystem
To remove a mirror from a tier of a file system
◆ To remove a mirror from a tier of a file system, enter the following:
Storage> tier rmmirror fs_name
where fs_name specifies the name of the tiered file system from which you want to remove a mirror. For example:
Storage> tier rmmirror fs1
This command provides another level of detail for the remove mirror operation. You can use the command to specify which mirror you want to remove by specifying the pool name or disk name. The disk must be part of a specified pool. To remove a mirror from a tier spanning a specified pool or disk
◆ To remove a mirror from a tier that spans a specified pool or disk, enter the following:
Storage> tier rmmirror fs_name [pool_or_disk_name]
fs_name Specifies the name of the file system from which to remove a mirror. If the specified file system does not exist, an error message is displayed.
pool_or disk_name Specifies the pool or disk from which the mirror of the tiered file system spans.
The syntax for the Storage> tier rmmirror command is the same for both pool and disk. If you try to remove a mirror using Storage> fs rmmirror fs1 abc, FileStore first checks for the pool with the name abc, then FileStore removes the mirror spanning on that pool. If there is no pool with the name abc, then FileStore removes the mirror that is on the abc disk. If there is no disk with the name abc, then an error message is displayed.
Listing all of the files on the specified tier You can list all of the files that reside on either the primary tier or the secondary tier. Configuring Symantec FileStore Dynamic Storage Tiering 483 Displaying a list of Dynamic Storage Tiering file systems
Note: If the tier contains a large number of files, it may take some time before the output of this command is displayed.
To list all of the files on the specified tier
◆ To list all of the files on the specified tier, enter the following:
Storage> tier listfiles fs_name {primary|secondary}
where fs_name indicates the name of the tiered file system from which you want to list the files. You can specify to list files from either the primary or the secondary tier. For example:
Storage> tier listfiles fs1 secondary
Displaying a list of Dynamic Storage Tiering file systems
You can display a list of Dynamic Storage Tiering file systems using the Storage> fs list command. See “Listing all file systems and associated information” on page 222. 484 Configuring Symantec FileStore Dynamic Storage Tiering Displaying the tier location of a specified file
Displaying the tier location of a specified file To display the tier location of a specified file
◆ To display the tier location of a specified file, enter the following:
Storage> tier mapfile fs_name file_path
fs_name Specifies the name of the file system for which the specified file on the tiered file system resides. If the specified file system does not exist, an error message is displayed.
file_path Specifies the tier location of the specified file. The path of the file is relative to the file system.
For example, to show the location of a.txt, which is in the root directory of the fs1 file system, enter the following:
tier mapfile fs1 /a.txt Tier Extent Type File Offset Extent Size ======Primary Data 0 Bytes 1.00 KB
About configuring the policy of each tiered file system You can configure the policy of each tiered file system.
Table 14-4 Tier policy commands
Command Definition
tier policy list Displays the policy for each tiered file system. You can have one policy for each tiered file system. See “Configuring the policy of each tiered file system” on page 486.
tier policy modify Modifies the policy of a tiered file system. The new files are created on the primary tier. If a file has not been accessed for more than seven days, the files are moved from the primary tier to the secondary tier. If the access temperature is more than five for of the files in the secondary tier, these files are moved from the secondary tier to the primary tier. The access temperature is calculated over a three-day period. See “Configuring the policy of each tiered file system” on page 486. Configuring Symantec FileStore Dynamic Storage Tiering 485 About configuring the policy of each tiered file system
Table 14-4 Tier policy commands (continued)
Command Definition tier policy prune Specifies the prune policy of a tiered file system. Once files have aged on the secondary tier, the prune policy can be set up to delete those aged files automatically. The sub-commands under this command are:
■ tier policy prune list ■ tier policy prune modify ■ tier policy prune remove
See “Configuring the policy of each tiered file system” on page 486. tier policy run Runs the policy of a tiered file system. See “Configuring the policy of each tiered file system” on page 486. tier policy remove Removes the policy of a tiered file system. See “Configuring the policy of each tiered file system” on page 486. 486 Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
Configuring the policy of each tiered file system To display the policy of each tiered file system
◆ To display the policy of each tiered file system, enter the following:
Storage> tier policy list
For example:
Storage> tier policy list FS Create on Days MinAccess Temp PERIOD ======fs1 primary 2 3 4
Each tier can be assigned a policy. A policy that is assigned to a file system has three parts:
file creation Specifies on which tier the new files are created.
inactive files Indicates when a file has to be moved from the primary tier to the secondary tier. For example, if the days option of the tier is set to 10, and if a file has not been accessed for more than 10 days, then it is moved from the primary tier of the file system to the secondary tier.
access Measures the number of I/O requests to the file during the period temperature as designated by the period. In other words, it is the number of read or write requests that are made to a file over a specified number of 24-hour periods, divided by the number of periods. If the access temperature of a file exceeds minacctemp (where the access temperature is calculated over a period of time previously specified) then this file is moved from the secondary tier to the primary tier. Configuring Symantec FileStore Dynamic Storage Tiering 487 Configuring the policy of each tiered file system
To modify the policy of a tiered file system
◆ To modify the policy of a tiered file system, enter the following:
Storage> tier policy modify fs_name {primary|secondary} days minacctemp period
fs_name The name of the tiered file system from which you want to modify a policy.
tier Causes the new files to be created on the primary or the secondary tier. You need to input either primary or secondary.
days Number of days from which the inactive files move from the primary to the secondary tier.
minacctemp The minimum access temperature value for moving files from the secondary to the primary tier.
period The number of past days used for calculating the access temperature.
For example:
Storage> tier policy modify fs1 primary 6 5 3 SFS fs SUCCESS V-288-0 Successfully modifies tiering policy for File system fs1
To display the prune policy of a tiered file system
◆ To display the prune policy of a tiered file system, enter the following:
Storage> tier policy prune list
For example:
Storage> tier policy prune list FS Delete After ======fs1 200 fs2 disabled
By default, the prune policy status of a tiered file system is disabled. The delete_after indicates the number of days after which the files can be deleted. 488 Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
To modify the prune policy of a tiered file system
◆ To modify the prune policy of a tiered file system, enter the following:
Storage> tier policy prune modify fs_name delete_after
fs_name Name of the tiered file system from which you want to modify the prune policy.
delete_after Number of days after which the inactive files are deleted.
For example:
Storage> tier policy prune modify fs0 180 You have set the Prune policy to file system , system will automatically delete the inactive files on secondary tier. Do you want to continue with setting the Tier Prune policy? (y/n) Y SFS fs SUCCESS V-288-0 Successfully modified the Prune policy for File system fs0
To remove the prune policy of a tiered file system
◆ To remove the prune policy of a tiered file system, enter the following:
Storage> tier policy prune remove fs_name
where fs_name is the name of the tiered file system from which you want to remove the prune policy. For example:
Storage> tier policy prune remove fs1 SFS fs SUCCESS V-288-0 Successfully removed the Prune policy for File system fs1 Configuring Symantec FileStore Dynamic Storage Tiering 489 Configuring the policy of each tiered file system
To run the policy of a tiered file system
◆ To run the policy of a tiered file system, enter the following:
Storage> tier policy run fs_name
where fs_name indicates the name of the tiered file system for which you want to run a policy. For example:
Storage> tier policy run fs1 SFS fs INFO V-288-1221 The command may take some time to execute, pressing CTRL + C, will abort the command. SFS fs SUCCESS V-288-1275 Successfully ran tiering policy for File system fs1
To remove the policy of a tiered file system
◆ To remove the policy of a tiered file system, enter the following:
Storage> tier policy remove fs_name
where fs_name indicates the name of the tiered file system from which you want to remove a policy. For example:
Storage> tier policy remove fs1 SFS fs SUCCESS V-288-0 Successfully removed tiering policy for File system fs1
You can run the policy of a tiered file system, which would be similar to scheduling a job to run your policies, except in this case running the policy is initiated manually. The Storage> tier policy run command moves the older files from the primary tier to the secondary tier, or prunes the inactive files on the secondary tier, according to the policy setting. 490 Configuring Symantec FileStore Dynamic Storage Tiering Relocating a file or directory of a tiered file system
Relocating a file or directory of a tiered file system To relocate a file or directory
◆ To relocate a file or directory, enter the following:
Storage> tier relocate fs_name dirPath
fs_name The name of the tiered file system from which you want to relocate a file or directory. The relocation of the file or directory is done from the secondary tier to the primary tier.
dirPath Enter the relative path of the directory (dirPath) you want to relocate. Or enter the relative path of the file (FilePath) that you want to relocate.
Note: Relocation is not possible if the primary tier of the file system is full. No error message displays.
About configuring schedules for all tiered file systems
The tier schedule commands display, modify, and remove the tiered file systems.
Table 14-5 Tier schedule commands
Command Definition
tier schedule Modifies the schedule of a tiered file system. modify See “Configuring schedules for all tiered file systems” on page 491.
tier schedule list Displays the schedules for all tiered file systems. You can have one schedule for each tiered file system. You cannot create a schedule for a non-existent or a non-tiered file system. See “Configuring schedules for all tiered file systems” on page 491.
tier schedule Removes the schedule of a tiered file system. remove See “Configuring schedules for all tiered file systems” on page 491. Configuring Symantec FileStore Dynamic Storage Tiering 491 Configuring schedules for all tiered file systems
Configuring schedules for all tiered file systems To modify the schedule of a tiered file system 492 Configuring Symantec FileStore Dynamic Storage Tiering Configuring schedules for all tiered file systems
◆ To modify the schedule of a tiered file system, enter the following:
Storage> tier schedule modify fs_name minute hour day_of_the_month month day_of_the_week
For example, enter the following:
Storage> tier schedule modify fs1 1 1 1 * * * SFS fs SUCCESS V-288-0 Command 'tier schedule modify' executed successfully for fs1
Note: If a previous schedule operation is still running, a new schedule is not created until the previous schedule operation is completed.
fs_name Specifies the file system where the schedule of the tiered file system resides. If the specified file system does not exist, an error message is displayed.
minute This parameter may contain either an asterisk, (*), which implies "every minute," or a numeric value between 0-59. You can enter */(0-59), a range such as 23-43, or only the *.
hour This parameter may contain either an asterisk, (*), which implies "run every hour," or a number value between 0-23. You can enter */(0-23), a range such as 12-21, or only the *.
day_of_the_month This parameter may contain either an asterisk, (*), which implies "run every day of the month," or a number value between 1-31. You can enter */(1-31), a range such as 3-22, or only the *.
month This parameter may contain either an asterisk, (*), which implies "run every month," or a number value between 1-12. You can enter */(1-12), a range such as 1-5, or only the *. You can also enter the first three letters of any month (must use lowercase letters).
day_of_the_week This parameter may contain either an asterisk (*), which implies "run every day of the week," or a numeric value between 0-6. The number 0 is interpreted as Sunday. You can also enter the first three letters of the week (must use lowercase letters). Configuring Symantec FileStore Dynamic Storage Tiering 493 Displaying the files that are moved or pruned by running a policy
To display schedules for all tiered file systems
◆ To display schedules for all tiered file systems, enter the following:
Storage> tier schedule list [fs_name]
where fs_name indicates the name of the tiered file system for which you want to run a policy. For example:
Storage> tier schedule list FS Minute Hour Day Month WeekDay ======fs1 1 1 1 * *
To remove the schedule of a tiered file system
◆ To remove the schedule of a tiered file system, enter the following:
Storage> tier schedule remove fs_name
where fs_name is the name of the tiered file system from which you want to remove a schedule. For example:
Storage> tier schedule remove fs1 SFS fs SUCCESS V-288-0 Command tier schedule remove executed successfully for fs1
Displaying the files that are moved or pruned by running a policy You can display the list of files that are moved or pruned by running a policy. This feature is very useful as a "what if" type of analysis. The command does not physically move any file blocks. 494 Configuring Symantec FileStore Dynamic Storage Tiering Allowing metadata information on the file system to be written on the secondary tier
To display a list of files that are moved or pruned by running a policy
◆ To display a list of files that are moved or pruned by running a policy, enter the following:
Storage> tier query fs_name
where fs_name is the name of the tiered file system for which you want to display a list of files that moved or pruned by running a policy. For example:
Storage> tier query fs1 Are you sure, this command may take a long time to execute and extensively use the system resources, enter yes/no Continuing with the command, you can press CTRL+C to abort the command Yes /a.txt /b.txt /c.txt /d.txt
Allowing metadata information on the file system to be written on the secondary tier
The Storage> tier allowmetadata yes command allows the metadata information on the specified file system to be written on the secondary tier as well. By default, the secondary tier is not configured for storing metadata information on the file system. Tiers configured with this option show metaOK in the column SECONDARY TIER of the Storage> fs list command output. Configuring Symantec FileStore Dynamic Storage Tiering 495 Restricting metadata information to the primary tier only
To allow metadata information on the file system to be written on the secondary tier
◆ To allow metadata information on the file system to be written on the secondary tier, enter the following:
Storage> tier allowmetadata yes fs_name
where fs_name is the name of the file system where metadata information can be written on the secondary tier. For example:
Storage> tier allowmetadata yes fs1 SFS fs SUCCESS V-288-0 Configured the secondary tier for storing metadata information.
Restricting metadata information to the primary tier only
The Storage> tier allowmetadata no command restricts the metadata information to the primary tier only. If the primary tier gets full, the write operations to the secondary tier are not served as the metadata updates. They are restricted to the primary tier only. To restrict metadata information to the primary tier only
◆ To restrict metadata information to the primary tier only, enter the following:
Storage> tier allowmetadata no fs_name
where fs_name is the name of the file system where the metadata information is restricted to the primary tier only. For example:
Storage> tier allowmetadata no fs1 SFS fs SUCCESS V-288-0 Configured the secondary tier for storing no metadata information. 496 Configuring Symantec FileStore Dynamic Storage Tiering Restricting metadata information to the primary tier only Chapter 15
Configuring system information
This chapter includes the following topics:
■ About system commands
■ About setting the clock commands
■ Setting the clock commands
■ About configuring the locally saved configuration files
■ Configuring the locally saved configuration files
■ Using the more command
■ About coordinating cluster nodes to work with NTP servers
■ Coordinating cluster nodes to work with NTP servers
■ Displaying the system statistics
■ Displaying file system I/O statistics
■ Using the swap command
■ About the VMware Virtual Center plug-in
■ Using the vplugin commands
■ About the option commands
■ Using the option commands
■ Modifying and displaying the volpagemod_max_memsz parameter of vxtune 498 Configuring system information About system commands
About system commands
The system commands set or show the date and time of the system, and start, stop, or check the status of the NTP server. The system command class also lets you display cluster-wide performance statistics, swap network interfaces, and enable or disable the more filter on output of the administrative console. It also contains option command displays and configures the tunable parameters. The system commands are listed in Table 15-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the System> mode. See “About using the FileStore command-line interface” on page 31.
Table 15-1 System mode commands
Command Definition
clock Sets or shows the date and time of the system, including setting time zones and displaying the list of regions. See “About setting the clock commands” on page 499.
config Imports or exports the FileStore configuration settings. See “About configuring the locally saved configuration files” on page 502.
more Enables, disables, or checks the status of the more filter. See “Using the more command” on page 507.
ntp Sets the Network Time Protocol (NTP) server on all of the nodes in the cluster. See “About coordinating cluster nodes to work with NTP servers” on page 508.
stat Displays the system, Dynamic Multi-Pathing (DMP), and process-related node-wide statistics. See “Displaying the system statistics” on page 511.
swap Swaps two network interfaces in a cluster. See “Using the swap command” on page 512.
vplugin Lets you register, unregister, and check the registration status of the specified FileStore cluster with a VMware Virtual Center Server. See “Using the vplugin commands” on page 516. Configuring system information 499 About setting the clock commands
Table 15-1 System mode commands (continued)
Command Definition
option Adjusts a variety of tunable variables that affect the cluster-wide FileStore settings. See “Using the option commands” on page 521. See “Modifying and displaying the volpagemod_max_memsz parameter of vxtune” on page 526.
About setting the clock commands These commands set or show the date and time of the system, including setting time zones and displaying the list of regions.
Warning: Changing the system clock may cause timing conflicts for scheduled operations such as replication, Dynamic Storage Tiering (DST), and snapshot. Use caution when making a change.
Table 15-2 Clock commands
Command Definition
clock show Displays the current system date and time. See “Setting the clock commands” on page 500.
clock set Sets the system date and time. See “Setting the clock commands” on page 500.
clock timezone Sets the time zone for the system. Note: This command only accepts the name of a city or GMT (Greenwich Mean Time).
See “Setting the clock commands” on page 500.
clock regions Sets the region for the system. See “Setting the clock commands” on page 500. 500 Configuring system information Setting the clock commands
Setting the clock commands To display the current date and time of the system
◆ To display the current system date and time, enter the following:
System> clock show
For example:
System> clock show Fri Feb 20 12:16:30 PST 2009
To set the system date and time
◆ To set the system date and time, enter the following:
System> clock set time day month year
time HH:MM:SS using a 24-hour clock Pacific Daylight Time (PDT) is the time zone used for the system. Greenwich Mean Time (GMT) is the time zone used for the BIOS.
day 1..31
month January, February, March, April, May, June, July, August, September, October, November, December
year YYYY
For example:
System> clock set 12:00:00 17 July 2009 .Done. Fri Jul 17 12:00:00 PDT 2009 SFS clock WARNING V-288-0 Changing cluster time is dangerous and may affect replication, DST, snapshot and other functionalities. Configuring system information 501 Setting the clock commands
To set the time zone and region for the system 1 To set the time zone for the system, enter the following:
System> clock timezone timezone
2 To reset the time zone on your system, enter the following:
System> clock timezone region
The system resets to the time zone for that specific region. For example:
System> clock show Thu Apr 3 09:40:26 PDT 2008
System> clock timezone GMT Setting time zone to: GMT ..Done. Thu Apr 3 16:40:37 GMT 2008
System> clock show Thu Apr 3 16:40:47 GMT 2008
System> clock timezone Los_Angeles Setting time zone to: Los_Angeles ..Done. Thu Apr 3 09:41:06 PDT 2008
System> clock show Thu Apr 3 09:41:13 PDT 2008
To display the region for the system
◆ To display the region for the system, enter the following:
System> clock regions [region] 502 Configuring system information About configuring the locally saved configuration files
region Specifies the region for the system. Valid values include:
■ Africa ■ America ■ Asia ■ Australia ■ Canada ■ Europe ■ GMT-offset - (for example, GMT, GMT +1, GMT +2) ■ Pacific ■ US
For example:
System> clock regions US
The software responds with the areas included in the US region.
System> clock regions US Alaska Aleutian Arizona Central East-Indiana Eastern Hawaii Indiana-Starke Michigan Mountain Pacific Samoa
About configuring the locally saved configuration files You can use the FileStore import and export features to save and restore configuration information. Saving configuration information is useful when you are upgrade FileStore software and you want to backup and restore your configuration settings. You can export the configuration settings and save them in a local file, or you can export configuration settings and save them to a remote machine as specified by Configuring system information 503 About configuring the locally saved configuration files
a URL. You can import configuration settings from a local file, or you can import configuration settings from a remote machine as specified by a URL.
Table 15-3 Configuration commands
Command Definition config list Views the locally saved configuration files. See “Configuring the locally saved configuration files” on page 505. config export local Exports the configuration settings locally. See “Configuring the locally saved configuration files” on page 505. config export Exports the configuration settings remotely. remote See “Configuring the locally saved configuration files” on page 505. config import local Imports the configuration settings locally. Warning: Running the system> config import command overwrites all of your existing configuration settings except cluster name.
See “Configuring the locally saved configuration files” on page 505. config import Imports the configuration settings remotely. remote Warning: Running the system> config import command overwrites all of your existing configuration settings except cluster name.
See “Configuring the locally saved configuration files” on page 505. config delete Deletes the locally saved configuration file. See “Configuring the locally saved configuration files” on page 505.
When you use the System> config import local or System> config import remote commands to import a locally saved configuration, you can import all configuration information in the file, or you can use the config_type option to control what type of configuration information is imported. See Table 15-4 for a list of configuration types you can import.
Table 15-4 Import configuration types
Configuration type Description (config_type) network Imports the DNS, LDAP, NIS, nsswitch settings (does not include IP). 504 Configuring system information About configuring the locally saved configuration files
Table 15-4 Import configuration types (continued)
Configuration type Description (config_type)
admin Imports a list of users and passwords. This list includes CIFS local users and groups.
all Imports all configuration information.
report Imports report settings.
system Imports the NTP settings.
cluster-specific Imports public IP addresses, virtual IP addresses, and console IP addresses. Be careful before using this import option. The network connection to the console server is lost after a configuration file is imported. You need to reconnect to the console server.
all_except_cluster_specific Imports all configuration information except for cluster-specific information.
nfs Imports the NFS settings.
cifs Imports the CIFS settings. Note: To import cifs local users and groups you have to import the admin the module also.
ftp Imports the FTP setting.
http Imports the HTTP settings.
backup Imports the NBU client and NDMP configuration (excluding the virtual-name and the virtual-ip).
replication Imports the replication settings.
storage_schedules Imports the dynamic storage tiering (DST) information and automated snapshot schedules.
antivirus Imports the antivirus settings.
storage_quota Imports the default quota values and the quota status information for file systems. Configuring system information 505 Configuring the locally saved configuration files
Configuring the locally saved configuration files To list configuration settings
◆ To view locally saved configuration files, enter the following:
System> config list
To export configuration settings either locally or remotely
◆ To export configuration settings locally, enter the following:
System> config export local file_name
For example:
System> config export local 2007_July_20
To export configuration settings remotely, enter the following:
System> config export remote URL
For example:
System> config export remote ftp://[email protected]/configs/config1.tar.gz Password: *******
file_name Specifies the saved configuration file.
URL Specifies the URL of the export file (supported protocols are FTP and SCP). 506 Configuring system information Configuring the locally saved configuration files
To import configuration settings locally
◆ To import configuration settings locally, enter the following:
System> config import local file_name [config_type] {network|admin|all|report|system|cluster_specific| all_except_cluster_specific|nfs|cifs|ftp|http|backup|replication| storage_schedules|antivirus|storage_quota}
file_name Specifies the name of the configuration file to be imported saved in a local file.
config_type Specifies the type of configuration to import. This parameter is optional. If config_type is left blank, config_type defaults to all.
See “About configuring the locally saved configuration files” on page 502.
For example:
System> config import local 2007_July_20 network Backup of current configuration was saved as 200907150515 network configuration was imported Configuration files are replicated to all the nodes
where 200907150515 is the date (20090715 = July 15, 2009) and the time (0515 = hour 5 and 15 minutes). Configuring system information 507 Using the more command
To import configuration settings remotely
◆ To import configuration settings remotely, enter the following:
System> config import remote URL [config_type] {network|admin|all|report|system|cluster_specific| all_except_cluster_specific|nfs|cifs|ftp|http|backup|replication| storage_schedules|antivirus|storage_quota}
file_name Specifies the saved configuration file.
URL Specifies the saved configuration at a remote machine as specified by a URL.
config_type Specifies the type of configuration to import. This parameter is optional. If config_type is left blank, config_type defaults to all.
See “About configuring the locally saved configuration files” on page 502.
For example:
System> config import remote ftp://[email protected]/home/user1/ 2008_July_20.tar.gz report Password: *******
To delete the locally saved configuration file
◆ To delete the locally saved configuration file, enter the following:
System> config delete file_name
file_name specifies the locally saved configuration file for which to delete.
Using the more command
The System> more command enables, disables, or checks the status of the more filter. The default setting is enable, which lets you page through the text one screen at a time. 508 Configuring system information About coordinating cluster nodes to work with NTP servers
To modify and view the more filter setting
◆ To modify and view the more filter setting, enter the following:
System> more enable|disable|status
enable Enables the more filter on all of the nodes in the cluster.
disable Disables the more filter on all of the nodes in the cluster.
status Displays the status of the more filter.
For example:
System> more status Status : Enabled
System> more disable SFS more Success V-288-748 more deactivated on console
System> more enable SFS more Success V-288-751 more activated on console
About coordinating cluster nodes to work with NTP servers You can set the Network Time Protocol (NTP) server on all of the nodes in the cluster.
Table 15-5 NTP commands
Command Definition
ntp servername Sets the NTP server on all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 509.
ntp show Displays the NTP status and server name. See “Coordinating cluster nodes to work with NTP servers” on page 509.
ntp enable Enables the NTP server on all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 509.
ntp disable Disables the NTP server on all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 509. Configuring system information 509 Coordinating cluster nodes to work with NTP servers
Table 15-5 NTP commands (continued)
Command Definition
ntp sync Synchronizes the date on the NTP server across all of the nodes in the cluster. See “Coordinating cluster nodes to work with NTP servers” on page 509.
Coordinating cluster nodes to work with NTP servers To set the NTP server on all of the nodes in the cluster
◆ To set the NTP server on all of the nodes in the cluster, enter the following:
System> ntp servername server-name
where server-name specifies the name of the server or IP address you want to set. For example:
System> ntp servername ntp.symantec.com Setting NTP server = ntp.symantec.com ..Done.
Use 127.127.1.0 as the IP address for selecting the local clock as the time source for the NTP server. To display the status of the NTP server
◆ To display NTP status and server name, enter the following:
System> ntp show
Example output:
System> ntp show Status: Enabled Server Name: ntp.symantec.com 510 Configuring system information Coordinating cluster nodes to work with NTP servers
To enable the NTP server
◆ To enable the NTP server on all of the nodes in the cluster, enter the following:
System> ntp enable
For example:
System> ntp enable Enabling ntp server: ntp.symantec.com ..Done.
To disable the NTP server
◆ To disable the NTP server on all of the nodes in the cluster, enter the following:
System> ntp disable
For example:
System> ntp disable Disabling ntp server:..Done. System> ntp show Status : Disabled Server Name: ntp.symantec.com
To synchronize the date on the NTP server on all of the nodes in the cluster
◆ To synchronize the date on the NTP server on all of the nodes in the cluster, enter the following:
System> ntp sync
You must have enabled the NTP server before using the System> ntp sync command. If the status of the NTP server is Partially Enabled or Disabled, you receive the following error message:
Please enable ntp in all nodes before sync the date
For example:
System> ntp sync Date is synchronized with NTP server. Configuring system information 511 Displaying the system statistics
Displaying the system statistics
The System> stat command displays the system, Dynamic Multipathing (DMP), and process-related node-wide statistics. The load in the displayed output is the load from the last 1, 5, and 15 minutes. To display the system statistics
◆ To display cluster wide or node-wide statistics, enter the following:
System> stat sys|dmp|all|cluster [node]
sys Displays the system-related statistics.
dmp Displays the DMP-related statistics.
cluster Displays the aggregate of the I/O and network performances from each node and averages out the number of nodes in the cluster to show the statistics at the cluster level. The variable node does not apply to this option.
all Displays the system and DMP-related statistics of one node at a time in the cluster or all of the nodes in the cluster.
node The name of the node in the cluster.
To view the cluster-wide network and I/O throughput, enter the following:
System> stat cluster Gathering statistics... Cluster wide statistics:::: ======IO throughput :: 0 Network throughput :: 1.205 512 Configuring system information Displaying file system I/O statistics
Displaying file system I/O statistics To display file system I/O statistics
◆ To display file system I/O statistics, enter the following:
System> stat fsio [fsname]
where fsname is the name of the file system for which you want to display the file system I/O statistics.
System> stat fsio testfs1 OPERATIONS BLOCKS AVG TIME(ms) NAME READ WRITE READ WRITE READ WRITE ------Node: sfs1_0 ======testfs1_tier1 532 206 2336 7486 1.17 9.98 testfs1_tier2 1 1 2 16 4.00 8.00
Node: sfs1_1 ======testfs1_tier1 369 168 1970 3218 2.12 7.67 testfs1_tier2 1 0 2 0 0.00 0.00
Using the swap command
The System> swap command can be used for swapping two network interfaces of a node in a cluster. This command helps set up the cluster properly in cases where the first node of a cluster cannot be pinged.
Figure 15-1 describes a scenario whereby using the System> swap command, you can use the more powerful 10G network interfaces to carry the public network load. Configuring system information 513 Using the swap command
Figure 15-1 Scenario for using System> swap for network interfaces
A System Administrator can use the System> swap command in the following ways:
■ In a multi-node cluster: System> swap allows swapping of public interfaces only. This is normally done to have the same interface sequencing on all nodes in the cluster.
■ In a single-node cluster: System> swap can be done for both public and private interfaces. Swapping of one private and one public interface is also possible.
If input to the System> swap command contains one public and one private interface, and there are two separate switches for the private and the public network, then before you run the System> swap command, the System Administrator has to exchange cable connections between these interfaces. Running the System> swap command requires stopping the given interfaces, which causes the following:
■ After you run the System> swap command, all SSH connection(s) hosted on the input interfaces terminate.
■ If a public interface is involved when issuing the System> swap command, all Virtual IP addresses (VIPs) hosted on that interface are brought down first, and are brought back up after System> swap is complete.
■ If the System> swap command is run remotely, due to SSH connection termination, its end status may not be visible to the end user. You can check the status of the System> swap command under history, by reconnecting to the cluster.
Note: FileStore recommends not to use the System> swap command when active I/O load is present on the cluster. 514 Configuring system information About the VMware Virtual Center plug-in
To use the swap command
◆ To use the System> swap command, enter the following:
System> swap interface1 interface2 [nodename]
interface1 Indicates the name of the first network interface.
interface2 Indicates the name of the second network interface.
nodename Indicates the name of the node. If nodename is not provided, the System> swap command is executed on the current node in the cluster.
For example, to swap two network interfaces:
System> swap pubeth0 priveth0 sfs_01 All ssh connection(s) to swapped interfaces need to start again after this command. Do you want to continue [Enter "y/yes" to continue]... Check status of this command in history.
About the VMware Virtual Center plug-in The VMware Virtual Center (vCenter) plug-in is part of the VMware vSphere extension for FileStore feature. See “About the VMware vSphere extension for FileStore” on page 530. After registering your FileStore cluster using the System> vplugin commands, you can use the VMware Virtual Center plug-in to do the following:
■ Create virtual machine clones using Symantec FileSnap technology A FileSnap is a space-optimized copy of a file in the same name space, stored in the same file system.
■ Add storage from a FileStore cluster to ESX servers
Use the FileStore System> vplugin commands to register, unregister, or check the registration status of your FileStore cluster with a VMware Virtual Center Server.
The System> vplugin commands are listed in Table 15-6. If the vCenter Server is not configured to use the default port number, you need to specify the port number using the [:port] option for all the System> vplugin commands. Configuring system information 515 About the VMware Virtual Center plug-in
See “Using the vplugin commands” on page 516.
Table 15-6 vplugin commands
Command Definition vplugin register Allows you to register the specified FileStore cluster with a vCenter Server. See “Using the vplugin commands” on page 516. vplugin unregister Allows you to unregister the specified FileStore cluster from a vCenter Server. See “Using the vplugin commands” on page 516. vplugin status Checks the registration status of the specified FileStore cluster with a vCenter Server. See “Using the vplugin commands” on page 516. 516 Configuring system information Using the vplugin commands
Using the vplugin commands To register a FileStore cluster with a vCenter Server
◆ To register a specified FileStore cluster with a vCenter Server, enter the following:
System> vplugin register vcenter_server[:port] vcenter_login
vcenter_server[:port] Enter the IP address for the vCenter Server with which you want to register. If the vCenter Server is not configured to use the default port number, you need to specify the port number. See “About the VMware Virtual Center plug-in” on page 514.
vcenter_login Enter the vCenter Server login. The vCenter Server administrator can choose the login name.
For example, to register this FileStore cluster with a vCenter Server:
System> vplugin register 10.182.47.9 Administrator Enter password for Administrator: ******* Cluster plug-in has been successfully registered. Restart vSphere Client before continuing. SFS vplugin SUCCESS V-288-2572 Plugin has been successfully registered.
For example, to register this FileStore cluster with a vCenter Server with a non-default port number:
System> vplugin register 10.182.47.9:8443 Administrator Enter password for Administrator: ******* Cluster plug-in has been successfully registered. Restart vSphere Client before continuing. SFS vplugin SUCCESS V-288-2572 Plugin has been successfully registered. Configuring system information 517 Using the vplugin commands
To unregister a FileStore cluster with a vCenter Server
◆ To unregister a specified FileStore cluster from a vCenter Server, enter the following:
System> vplugin unregister vcenter_server[:port] vcenter_login
vcenter_server Enter the IP address for the vCenter Server with which you want [:port] to unregister. If the vCenter Server is not configured to use the default port number, you need to specify the port number. See “About the VMware Virtual Center plug-in” on page 514.
vcenter_login Enter the vCenter Server login. The vCenter Server administrator can choose the login name.
Note: The VMware Virtual Center plug-in should be unregistered anytime the FileStore cluster is uninstalled or upgraded to a newer version.
For example, to unregister this FileStore cluster with a vCenter Server:
System> vplugin unregister 10.182.47.9 Administrator Enter password for Administrator: ******* Cluster plug-in has been successfully unregistered from this VMware vCenter Server. SFS vplugin SUCCESS V-288-2573 Plugin has been successfully unregistered. 518 Configuring system information About the option commands
To check the registration status of a FileStore cluster with a vCenter Server
◆ To check the registration status of a specified FileStore cluster with a vCenter Server, enter the following:
System> vplugin status vcenter_server[:port] vcenter_login
vcenter_server Enter the IP address for the vCenter Server for which you want [:port] to check the registration status. If the vCenter Server is not configured to use the default port number, you need to specify the port number. See “About the VMware Virtual Center plug-in” on page 514.
vcenter_login Enter the vCenter Server login. The vCenter Server administrator can choose the login name.
For example, to display the registration status of this FileStore cluster on a vCenter Server:
System> vplugin status 10.182.47.9 Administrator Enter password for Administrator: ******* Cluster plug-in (version=2.0.0) found on this VMware vCenter Server.
About the option commands
The option commands were created to let you adjust a variety of tunable variables that affect the global FileStore settings. The tunable variables that can be changed or displayed are listed in Table 15-7.
Note: Only system administrators with advanced knowledge of Dynamic Multipathing (DMP) I/O policies should use the DMP-related commands under the System> option. For assistance, contact Symantec Technical Support.
Table 15-7 option commands
Command Definition
option show nfsd Displays the number of Network File System (NFS) daemons for each node in the cluster. See “Using the option commands” on page 521. Configuring system information 519 About the option commands
Table 15-7 option commands (continued)
Command Definition option modify nfsd Modifies the number of Network File System (NFS) daemons on all of the nodes in the cluster. The range for the number of daemons you can modify is 1 to 512. Warning: The option modify nfsd command overwrites the existing configuration settings.
See “Using the option commands” on page 521. option show dmpio Displays the type of Dynamic Multipathing (DMP) I/O policy corresponding to enclosure, arrayname, and arraytype for each node in a cluster. See “Using the option commands” on page 521. option modify Modifies the Dynamic Multipathing (DMP) I/O policy, corresponding dmpio to the enclosure, arrayname, and arraytype. Warning: Check the sequence before modifying the I/O policy. The policies need to be applied in following sequence: arraytype, arrayname, and enclosure. The enclosure-based modification of the I/O policy overwrites the I/O policy that was set using the arrayname and the arraytype for that particular enclosure. In turn, the arrayname-based modification of the I/O policy overwrites the I/O policy that was set using the arraytype for that particular arrayname.
See “Using the option commands” on page 521. option reset dmpio Resets the Dynamic Multipathing (DMP) I/O policy setting for the given input (enclosure, arrayname, and arraytype). Use this command when you want to change the I/O policy from the previously set enclosure to arrayname. The settings hierarchy is enclosure, arrayname, and arraytype, so to modify the I/O policy to arraytype, you need to reset arrayname and enclosure. Note: This command does not set the default I/O policy.
See “Using the option commands” on page 521. option show Displays the ninodes cache size in the cluster. ninodes See “Using the option commands” on page 521. 520 Configuring system information About the option commands
Table 15-7 option commands (continued)
Command Definition
option modify Changes the cache size of the global inodes. If your system caches a ninodes large number of metadata transactions, or if there is significant virtual memory manager usage, tuning this parameter may improve performance. The range for the inode cache size is from 10000 to 2097151. Warning: The option modify ninodes command requires a cluster-wide restart.
See “Using the option commands” on page 521.
option show Displays the global value of the write_throttle parameter. tunefstab See “Using the option commands” on page 521.
option modify Modifies the global write_throttle parameter for all the mounted file tunefstab systems. The write_throttle parameter is useful in situations where a computer system combines a large amount of memory and slow storage devices. In this configuration, sync operations (such as fsync()) may take so long to complete that a system appears to hang. This behavior occurs because the file system created dirty buffers (in-memory updates) faster than they can be asynchronously flushed to disk without slowing system performance. Lowering the value of write_throttle limits the number of dirty buffers per file that a file system generates before flushing the buffers to disk. When the number of dirty buffers reaches the write_throttle threshold for a file, the file system starts flushing buffers to disk even if free memory is available. The default value of write_throttle is zero, which puts no limit on the number of dirty buffers per file. See “Using the option commands” on page 521.
option show Displays the value of the dmptune attribute. dmptune See “Using the option commands” on page 521.
option modify Modifies the value for either the dmp_path_age or the dmptune dmp_health_time attributes.
See “Using the option commands” on page 521. Configuring system information 521 Using the option commands
Table 15-7 option commands (continued)
Command Definition
option show Lets you display the maximum memory (measured in kilobytes) that vxtune is allocated for cache object metadata. See “Modifying and displaying the volpagemod_max_memsz parameter of vxtune” on page 526.
option modify Lets you modify the maximum memory (measured in kilobytes) that vxtune is allocated for cache object metadata. See “Modifying and displaying the volpagemod_max_memsz parameter of vxtune” on page 526.
Using the option commands To display the NFS daemons
◆ To display the number of NFS daemons, enter the following:
System> option show nfsd
For example:
System> option show nfsd NODENAME NUMBER_DAEMONS ------sfs_01 96 sfs_02 96
To change the NFS daemons
◆ To change the number of NFS daemons, enter the following:
System> option modify nfsd number [nodename]
For example:
System> option modify nfsd 97 522 Configuring system information Using the option commands
To display the DMP I/O policy
◆ To display the dmpio policy, enter the following:
System> option show dmpio
For example:
NODENAME TYPE ENCLR/ARRAY IOPOLICY ------sfs_01 arrayname disk balanced sfs_01 enclosure disk minimumq
If you want to view your current enclosure names, use the following command:
Storage> disk list detail
For example:
Storage> disk list detail Disk Pool Enclosure Size ======sda_01 p1 OTHER_DISKS 10.00G
ID Serial Number ======VMware%2C:VMware%20Virtual%20S:0:0 -
To change the DMP I/O policy
◆ To change the DMP I/O policy, enter the following:
System> option modify dmpio {enclosure enclr_name|arrayname array_name|arraytype {A/A|A/P|...}} iopolicy={adaptive|adaptiveminq|balanced|minimumq|priority| round-robin|singleactive}
The dmpio policy variables are the following:
enclosure enclr_name Name of the enclosure to distinguish between arrays having the same array name.
arrayname array_name Name of the array. Two physical array boxes of the same make have the same array name. Configuring system information 523 Using the option commands
arraytype array_type A multipathing type of array. Use one of the following: active-active, active-active-A, active-active-A-HDS, active-active-A-HP, APdisk, active-passive, active-passive-C, active-passiveF-VERITAS, active-passiveF-T3PLUS, active-passiveF-LSI, active-passiveG, active-passiveG-C, Disk, CLR-A-P, CLR-A-PF iopolicy adaptive In storage area network (SAN) environments, this option determines the paths that have the least delays, and schedules the I/O on the paths that are expected to carry a higher load. Priorities are assigned to the paths in proportion to the delay.
adaptiveminq The I/O is scheduled according to the length of the I/O queue on each path. The path with the shortest queue is assigned the highest priority.
balanced Takes into consideration the track cache to balance the I/O across paths.
minimumq Uses a minimum I/O queue policy. The I/O is sent on the paths that have the minimum number of I/O requests in the queue. This policy is suitable for low-end disks or JBODs where a significant track cache does not exist. This policy is the default for Active/Active (A/A) arrays.
priority Assigns the path with the highest load carrying capacity as the priority path. This policy is useful when the paths in a SAN have unequal performances, and you want to enforce load balancing manually.
round-robin Sets a standard round-robin policy for the I/O. This policy is the default for Active/Passive (A/P) and Asynchronous Active/Active (A/A-A) arrays.
singleactive The I/O is channeled through the single active path.
To reset the DMP I/O policy
◆ To reset the DMP I/O policy, enter the following:
System> option reset dmpio {enclosure enclr_name|arrayname array_name|arraytype {A/A|A/P|...}} 524 Configuring system information Using the option commands
To display the ninodes cache size
◆ To display the ninodes cache size, enter the following:
System> option show ninodes
For example:
System> option show ninodes INODE_CACHE_SIZE ------2000343
To change the ninodes cache size
◆ To change the ninodes cache size, enter the following:
System> option modify ninodes number
For example:
System> option modify ninodes 2000343 SFS option WARNING V-288-0 This will require cluster wide reboot. Do you want to continue (y/n)?
To display the tunefstab parameter
◆ To display the tunefstab parameter, enter the following:
System> option show tunefstab
For example:
System> option show tunefstab NODENAME ATTRIBUTE VALUE ------sfs_01 write_throttle 0 Configuring system information 525 Using the option commands
To modify the tunefstab parameter
◆ To modify the tunefstab parameter, enter the following:
System> option modify tunefstab write_throttle value
where value is the number you assign to the write_throttle parameter. For example:
System> option modify tunefstab write_throttle 20003 System> option show tunefstab NODENAME ATTRIBUTE VALUE ------sfs_01 write_throttle 20003 sfs_02 write_throttle 20003
To display the value of the dmptune attribute
◆ To display the value of the dmptune attribute, enter the following:
System> option show dmptune
For example:
System> option show dmptune NODENAME ATTRIBUTE VALUE ------sfs_01 dmp_path_age 57 sfs_01 dmp_health_time 44 526 Configuring system information Modifying and displaying the volpagemod_max_memsz parameter of vxtune
To modify the value of the dmp_path_age and dmp_health_time attributes
◆ To modify the value of the dmp_path_age and dmp_health_time attributes, enter the following:
System> option modify dmptune {dmp_path_age value | dmp_health_time value}
dmp_path_age Modify the value of dmp_health_time. value This attribute sets the time in seconds for which a path must stay healthy. If a path’s state changes back from enabled to disabled within this time period, DMP marks the path as intermittently failing, and does not re-enable the path for I/O until dmp_path_age seconds elapse. The default value of dmp_health_time is 60 seconds. A value of 0 prevents DMP from detecting intermittently failing paths.
dmp_health_time Sets the time in seconds for which a path must stay healthy. If a value path's state changes back from enabled to disabled within this time period, DMP marks the path as intermittently failing, and DMP does not re-enable the path for I/O until the dmp_path_age seconds have elapsed. The default value of dmp_health_time is 60 seconds. A value of 0 prevents DMP from detecting intermittently failing paths.
For example:
System> option modify dmptune dmp_path_age 40
System> option modify dmptune dmp_health_time 50
Modifying and displaying the volpagemod_max_memsz parameter of vxtune You can modify the maximum memory measured in kilobytes that is allocated for cache object metadata. The default value for volpagemod_max_memsz is set to 6144 KB. The value that should be used is determined by the total size of volumes for which instant rollbacks are taken. Configuring system information 527 Modifying and displaying the volpagemod_max_memsz parameter of vxtune
To modify the volpagemod_max_memsz parameter of vxtune
◆ To modify the volpagemod_max_memsz parameter of vxtune, enter the following:
System> option modify vxtune volpagemod_max_memsz value
The following formula can be used to calculate the required value of volpagemod_ max_memsz:
size_in_KB=6 * (total_filesystem_size_in_GB) * (64/region_size_in_KB)
region_size can be set to 256 KB by default for large file systems.
For example, to modify the volpagemod_max_memsz parameter of vxtune, enter the following:
System> option modify vxtune volpagemod_max_memsz 12288
To display the value of the vxtune parameters
◆ To display the value of the vxtune parameters, enter the following:
System> option show vxtune
For example, to display the value of the vxtune parameters, enter the following:
System> option show vxtune NODENAME TUNABLE VALUE(KB) ------sfs_01 volpagemod_max_memsz 12288 sfs_02 volpagemod_max_memsz 12288 528 Configuring system information Modifying and displaying the volpagemod_max_memsz parameter of vxtune Chapter 16
Using the VMware vSphere extension for Symantec FileStore
This chapter includes the following topics:
■ About the VMware vSphere extension for FileStore
■ How the VMware vSphere extension for FileStore interacts with other FileStore applications
■ Useful links from VMware on NFS support and customization while cloning virtual machines
■ Adding storage to ESX servers
■ Creating a virtual machine
■ Creating virtual machine clones using Symantec FileSnap
■ Specifying the number of virtual machine clones to be created
■ Specifying where to create the virtual machine clones
■ Specifying the guest operating system if customizing for Linux or Windows
■ Specifying network customization parameters for guest operating systems if using DHCP or Static IP
■ Configuring the VMware View
■ Verifying the virtual machine clones 530 Using the VMware vSphere extension for Symantec FileStore About the VMware vSphere extension for FileStore
About the VMware vSphere extension for FileStore FileStore provides the benefits of a highly-scalable NAS and NFS solution for VMware ESX server workloads. The VMware vSphere extension for FileStore enables the following functionality:
■ Provides a VMware vCenter Server plug-in for seamless integration into the vSphere user interface. The VMware vCenter Server plug-in gives you the ability to do the following:
■ Quickly clone hundreds of virtual machines based off a single golden image using Symantec FileSnap technology, a component of Symantec VirtualStore.
■ Add storage from a FileStore cluster to multiple ESX servers.
Figure 16-1 FileStore architecture in VMware vSphere
With this architecture, the FileStore cluster provides NAS storage that is mounted on your VMware ESX servers as an NFS datastore. The FileStore cluster provides VCenter plug-ins that can be invoked through the vSphere client user interface. Using the VMware vSphere extension for Symantec FileStore 531 How the VMware vSphere extension for FileStore interacts with other FileStore applications
How the VMware vSphere extension for FileStore interacts with other FileStore applications
Note: For the latest information on how the VMware vSphere extension for FileStore interacts with other applications, see the Symantec FileStore Release Notes.
Table 16-1 Application support for the VMware vSphere extension for FileStore
Feature or Description application
Backup When restoring a virtual machine using either the embedded NetBackup client or NDMP from a backup, it is required to turn off the virtual machine before restoring. Once the restore is completed, the virtual machine can be turned on.
Useful links from VMware on NFS support and customization while cloning virtual machines To learn more about NFS support and customization while cloning virtual machines, refer to the following locations.
■ Best practices for running VMware vSphere on Network Attached Storage (White paper): http://vmware.com/files/pdf/VMware_NFS_BestPractices_WP_EN.pdf
■ VirtualCenter2 templates usage and best practices (White paper). Best practices for setting up templates and guest customization: http://www.vmware.com/pdf/vc_2_templates_usage_best_practices_wp.pdf
■ vSphere Basic System Administration Guide. See the guest operating systems customization chapter. https://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_admin_guide.pdf 532 Using the VMware vSphere extension for Symantec FileStore Adding storage to ESX servers
Adding storage to ESX servers To add storage to ESX servers 1 Right-click on a datacenter, cluster, folder, or an ESX server in the vSphere Client window. Choose Add storage from clustername, where clustername is the FileStore cluster that has been registered with this vCenter Server, and from which you want to add storage. 2 In the Add Symantec Storage window, specify ESX server information, NFS storage, and datastore information in the appropriate fields.
ESX Servers In the ESX Servers table, check the ESX server(s) to which you want to add storage. The ESX servers that are displayed under the ESX Host Name column depend on what entity you selected in step 1. If the entity selected is a datacenter, all the ESX servers in the datacenter are displayed. If the entity selected is a folder, all the ESX servers in the folder are displayed. If the entity selected is a cluster, then all the ESX servers in that cluster are displayed. Basically, a datacenter, a cluster, or a folder are containers of ESX servers.
Virtual IP Address In the NFS Storage Properties table, in the drop-down menu, select a virtual IP address.
Share In the NFS Storage Properties table, in the drop-down menu, select the directory path of the NFS share.
Mount NFS Read In the NFS Storage Properties table, check if you want the Only mounted NFS share to be read-only.
Datastore Name A datastore name is automatically generated based on the virtual IP address and the NFS share that you selected. You can change the datastore name to whatever you choose. Note: The datastore name must be unique. If the datastore name is not unique, you receive an error message after clicking Submit.
3 Click Submit. Using the VMware vSphere extension for Symantec FileStore 533 Creating a virtual machine
Creating a virtual machine To create a virtual machine
◆ Create a virtual machine. See the VMware vSphere Virtual Machine Administration Guide. http://www.vmware.com/pdf/vsphere4/r41/vsp_41_vm_admin_guide.pdf If you plan on using or integrating the virtual machine with VMware View, create a virtual machine for use with VMware View. See the VMware View Administrator's Guide. http://www.vmware.com/pdf/view45_admin_guide.pdf
Note: If you plan to use the VMware vApp and OVF templates, then you must disable the vApp. See the Symantec FileStore Release Notes for more information. MAC address conflicts may arise if static addresses are used. See the VMware Knowledge Base Article on changing the MAC address of a hosted virtual machine for more information. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=507
Creating virtual machine clones using Symantec FileSnap This section describes how to create virtual machine clones using Symantec FileSnap. FileSnap is a component of Symantec VirtualStore.
Note: Before being able to create virtual machine clones using Symantec FileSnap, you must have registered your FileStore cluster with a vCenter Server using the FileStore CLI. You must also have created a virtual machine. See “About the VMware Virtual Center plug-in” on page 514. See “Creating a virtual machine” on page 533. 534 Using the VMware vSphere extension for Symantec FileStore Creating virtual machine clones using Symantec FileSnap
To create virtual machine clones using Symantec FileSnap 1 Right-click on the virtual machine you want to clone, and select FileSnap on clustername in the vSphere Client window. Depending upon whether the virtual disks belong to a Symantec datastore (CNFS/VirtualStore), the GUI allows or disallows the cloning operation of the virtual machine. To allow cloning, at least one virtual disk must be from a Symantec datastore. If the NEXT button is not displayed, then the GUI displays a message that the cloning operation is not allowed on this virtual machine.
2 In the Security alert window, click Yes. See “Specifying the number of virtual machine clones to be created” on page 535. Using the VMware vSphere extension for Symantec FileStore 535 Specifying the number of virtual machine clones to be created
Specifying the number of virtual machine clones to be created To specify the number of virtual machine clones to be created 1 In the Clone Name Pattern window of the Symantec Quick Clone Virtual MachineWizard, enter virtual machine clone information in the appropriate fields.
Number of Clones Specify the number of virtual machine clones you want to create.
Clone Name Specify the name of the virtual machine clone. The clone name should only contain alpha-numeric characters, underscores, and or hyphens.
Start From Specify the number of the virtual machine clone that you want to start creating clones from.
2 Click Next. See “Specifying where to create the virtual machine clones” on page 535.
Specifying where to create the virtual machine clones To specify where to create the virtual machine clones 1 In the Clone Target window of the Symantec Quick Clone Virtual Machine Wizard, enter the datacenter, ESX host/cluster, and the resource pool for creating virtual machine clones in the appropriate fields.
Datacenter From the drop-down menu, select the datacenter where you want (required) the virtual machine clones to reside.
ESX Host From the drop-down menu, select the ESX host/cluster where (required) you want the virtual machine clones to reside.
Resource Pool From the drop-down menu, select the resource pool for running the virtual machine clones. A resource pool is a VMware term; it is a division of computing resources that are used to manage allocations between virtual machines. 536 Using the VMware vSphere extension for Symantec FileStore Specifying the guest operating system if customizing for Linux or Windows
Customize the If you want to customize the guest OS and network for virtual guest OS and machine clones, check the Customize the guest OS and network network for virtual for virtual machine clones checkbox. machine clones
Configure the If you want to customize the VMware View, check the Customize VMware View VMware View checkbox.
Customize for If you want to customize the virtual machine for advanced advanced VM configuration, check the Customize for advanced VM configuration configuration checkbox. This feature lets you:
■ Select a vmdk file for performing a full copy of a particular disk while creating a virtual machine clone. ■ Ability to create a virtual machine clone of a single vmdk file rather than a full virtual machine clone.
2 Click Next. See “Specifying the guest operating system if customizing for Linux or Windows” on page 536.
Specifying the guest operating system if customizing for Linux or Windows To specify the guest operating system if customizing the guest operating system for Linux 1 In the GuestOSCustomization window of the SymantecQuickCloneVirtual Machine Wizard, specify the guest operating system parameters for virtual machine clones if you want to customize the guest operating system for Linux.
Guest OS Name Specify the guest operating system name that you want to customize.
Start From Specify the number of the virtual machine clone that you want to start from.
2 Click Next. Using the VMware vSphere extension for Symantec FileStore 537 Specifying the guest operating system if customizing for Linux or Windows
To specify the guest operating system if customizing the guest operating system for Windows 1 In the GuestOSCustomization window of the SymantecQuickCloneVirtual Machine Wizard, specify the guest operating system parameters for virtual machine clones if you want to customize the guest operating system for Windows.
Guest OS Name Specify the guest operating system name that you want to customize. The guest OS name should only contain alpha-numeric characters and or hyphens. The full host name (concatenated Guest OS Name and Start From) cannot be greater than 63 characters.
Start From Specify the number of the virtual machine clone that you want to start from.
Product ID Specify the product ID for the virtual machine clone. The product ID should only contain alpha-numeric characters, underscores, and or hyphens.
User Name Specify the user name for the virtual machine clone. The user name should only contain alpha-numeric characters, underscores, and or hyphens.
Company Specify the name of the company you are from.
Timezone From the drop-down menu, specify the time zone for creating the virtual machine clone.
2 Click Next. See “Specifying network customization parameters for guest operating systems if using DHCP or Static IP” on page 538. 538 Using the VMware vSphere extension for Symantec FileStore Specifying network customization parameters for guest operating systems if using DHCP or Static IP
Specifying network customization parameters for guest operating systems if using DHCP or Static IP To specify network customization parameters for guest operating systems if using DHCP 1 If you checked the Customize the guest OS and network for virtual machine clones checkbox on the Clone Target window of the Symantec Quick Clone Virtual Machine Wizard, the Network Customization window appears. See “Specifying where to create the virtual machine clones” on page 535. Each virtual machine may have multiple network adapters. 2 In the Network Customization window, if you select DHCP as the IP Assignment, you do not need to specify values for the IP Address, Netmask, and the Gateway fields. 3 Click Next. To specify network customization parameters for guest operating systems if using Static IP 1 If you checked the Customize the guest OS and network for virtual machine clones checkbox on the Clone Target window of the Symantec Quick Clone Virtual Machine Wizard, the Network Customization window appears. See “Specifying where to create the virtual machine clones” on page 535. 2 In the Network Customization window, if you select Static IP as the IP Assignment, enter information in the appropriate fields.
IP Assignment If you select Static IP from the drop-down menu, you need to enter values for IP Address, Netmask, and Gateway fields. Note: Static IP address assignment is not supported for Windows 7 or Windows Server 2008 virtual machine clones.
IP Address Specify a valid IP address for the network adapter card. Each virtual machine may have multiple network adapters.
Netmask Specify a valid netmask address for the network adapter.
Gateway Specify a valid gateway IP address for the network adapter.
3 Click Next. See “Configuring the VMware View” on page 539. Using the VMware vSphere extension for Symantec FileStore 539 Configuring the VMware View
Configuring the VMware View To configure the VMware View 1 If you checked the ConfigVMwareView checkbox on the CloneTarget window of the Symantec Quick Clone Virtual Machine Wizard, the VMware View Configuration window appears. See “Specifying where to create the virtual machine clones” on page 535. 540 Using the VMware vSphere extension for Symantec FileStore Configuring the VMware View
2 In the VMware View Configuration window, enter information in the appropriate fields to import cloned virtual machines as a new Desktop Pool in the VMware View.
Server Name/IP Specify the name of the server or IP address for the server for Address importing cloned virtual machines. Note: You must log on to the vCenter Server using the same IP address or a fully-qualified domain name (FQDN) that the VMware View Server uses to access the vCenter Server for successful integration of the cloned virtual machines into the VMware View Server.
Username Specify the user name for the VMware administrator. You must enter a user name.
Password Specify the password for the server for importing the cloned virtual machines. You must enter a password.
Domain Specify the domain for importing the cloned virtual machines. Note: To be accessed by the VMware View Server, virtual machines must be joined to a domain. The SymantecQuickClone VirtualMachineWizard can automatically join virtual machine clones to the domain entered on the VMwareViewConfiguration window. This operation requires that both Customize the guest OS and Config VMware View are checked on the Clone Target window.
See “Specifying where to create the virtual machine clones” on page 535.
Pool ID Specify the pool ID for importing the cloned virtual machines. You must enter a pool ID.
Pool Persistence Specify if you want persistent pools by checking this checkbox. Pool persistence indicates if users are allocated a dedicated desktop. This option statically assigns the desktop to a user on the first connection. All user documents, applications, and settings are retained between sessions.
3 Click Next. See “Verifying the virtual machine clones” on page 541. Using the VMware vSphere extension for Symantec FileStore 541 Verifying the virtual machine clones
Verifying the virtual machine clones To verify the list of requested virtual machine clones 1 In the Summary window of the Symantec Quick Clone Virtual Machine Wizard, verify the list of requested virtual machine clones. 2 If you want to turn on the virtual machine clones after they are created, check the Power on clones after creation checkbox. 3 Click Submit. 542 Using the VMware vSphere extension for Symantec FileStore Verifying the virtual machine clones Chapter 17
Configuring disaster recovery
This chapter includes the following topics:
■ About disaster recovery
■ About DNS update
■ About the DNS update set command
■ Configuring the DNS update service
■ Starting and stopping the DNS update service
■ Displaying DNS update settings
About disaster recovery FileStore disaster recovery includes a series of commands and procedures available to help you recover quickly from system failures. Currently, the disaster recovery features includes a set of DNS update commands which enable you to keep DNS server support active during failover situations.
About DNS update The FileStore DNS update feature enables users to update DNS records so that clients can be served from a different cluster. This feature is useful in failover situations where an active FileStore cluster must be brought down and the services moved to the backup cluster. Consider the scenario shown in Figure 17-1. In this example, there are two FileStore clusters (Cluster 1 and Cluster 2). Cluster 1 is the active cluster. Cluster 2 is the 544 Configuring disaster recovery About DNS update
"backup" cluster, the cluster that can run services when Cluster 1 is brought down. Data is kept in synchronization between the two clusters using the FileStore replication feature. However, at any given time, the DNS server stores resource records for only one cluster. In previous releases, DNS updates had to be done manually when cluster operations were switched form one cluster to another. Now, you can use FileStore DNS update commands to update the DNS server. The DNS update feature is supported for UNIX and Linux-based DNS servers only. Windows-based DNS servers are not supported.
Figure 17-1 Active and backup clusters
By default, the DNS update service is offline. To use the DNS update service, first use the DR> dnsupdate set command to configure the DNS update service parameters, then use the DR> dnsupdate start command to start the service.
Table 17-1 DNS update commands
Command Description
dnsupdate show Shows the configuration settings for DNS update. Configuration settings include the DNS server name, DNS domain name, key file location, and so on. This command also shows the status of the DNS update service on the local and the remote clusters. See “Displaying DNS update settings” on page 550. Configuring disaster recovery 545 About the DNS update set command
Table 17-1 DNS update commands (continued)
Command Description
dnsupdate start Starts the DNS update service on the local cluster and uploads cluster-specific information to the DNS server. Any new clients are served from the cluster where the command was issued. See “Starting and stopping the DNS update service” on page 549.
dnsupdate stop Stops the DNS update service on the local cluster. DNS information for the local cluster is removed from the DNS server. When the DNS update service is stopped on the local cluster, new clients are served from the "backup" cluster, provided the DNS update service has been started on the backup cluster. See “Starting and stopping the DNS update service” on page 549.
dnsupdate set Configures the DNS update service parameters. See “About the DNS update set command” on page 545.
About the DNS update set command
Use the DR> dnsupdate set command to configure the DNS update service. If no replication links have been added to the DNS update configuration, the configuration parameters apply to the local cluster only. If replication links have been added, the configuration parameters are applied to both the local and the remote cluster. Make sure that the DNS update service is offline before you set configuration parameters. If the service is online on a cluster, the parameters cannot be set on that cluster.
Table 17-2 DNS update set command arguments
Command Definition
set dns_server Sets the IP address of the DNS server where name resolution records are uploaded. See “Configuring the DNS update service” on page 546.
set domain_name Sets the domain name that is associated with the DNS server. This domain specifies the service that is hosted on the cluster. Clients use the domain name to access the cluster's service. See “Configuring the DNS update service” on page 546. 546 Configuring disaster recovery Configuring the DNS update service
Table 17-2 DNS update set command arguments (continued)
Command Definition
set keyfiles Sets the SCP path to the transaction signature (TSIG) key files for the DNS server. These files are used to send secure updates to the DNS server. Once this path is provided, FileStore keeps a local copy of key files on each node of the cluster. See “Configuring the DNS update service” on page 546.
set addreplink Configures the specified replication link with the same DNS update parameters as on the local cluster. The DR> dnsupdate set addreplink command does not create replication links, it only configures them for the DNS update service. Replication links are created using the Replication> config command. See for the Symantec FileStore Replication Guide for more information. See “Configuring the DNS update service” on page 546.
set delreplink Removes a replication link from the DNS update configuration. See “Configuring the DNS update service” on page 546.
Configuring the DNS update service
Use the DR> dnsupdate set command to configure the DNS update service parameters. You can configure DNS update service parameters on a cluster only when the DNS update service is offline for the cluster. The parameter changes take effect when the DNS update service is started. To set the DNS server
◆ To set the DNS server where configuration information is uploaded, enter the following:
DR> dnsupdate set dns_server ip_address
where ip_address is the IP address of the DNS server. For example:
DR> dnsupdate set dns_server 172.10.409.251 SFS DNSupdate SUCCESS V-288-0 operation dnsserver 172.10.409.251 successful on cluster1. Configuring disaster recovery 547 Configuring the DNS update service
To set the domain name
◆ To set the domain name that is associated with the DNS server, enter the following:
DR> dnsupdate set domain_name domain_name
where domain_name is the domain name. This domain specifies the service that is hosted on the cluster. Clients use the domain name to access the cluster's service. For example:
DR> dnsupdate set domain_name sfs.example.com SFS DNSupdate SUCCESS V-288-0 operation domain_name sfs.example.com successful on cluster1.
To set the keyfiles path
◆ To set the path to the TSIG key files for the DNS server, enter the following:
DR> dnsupdate set keyfiles scp-URL filename.key filename.private
scp-URL Indicates the SCP URL where the key files are stored for the DNS server. The TSIG key files are a pair of files that are generated by the DNS server administrator. They are used for making secure updates to the DNS server. One file in the pair has a *.key extension. The other file has a *.private extension.
filename.key Indicates the file name for the *.key TSIG file.
filename.private Indicates the file name for the *.private TSIG file.
For example:
DR> dnsupdate set keyfiles scp://lkarnes@mkt1:/secure/ Kexample.com.+157+20648.key Kexample.com.+157+20648.private Password:******* SFS DNSUpdate SUCCESS V-288-0 operation keyfile Kexample.com.+157+20648.private successful on cluster1. 548 Configuring disaster recovery Configuring the DNS update service
To add a replication link to the DNS update configuration
◆ To add a replication link to the DNS update configuration, enter the following:
DR> dnsupdate addreplink link_name
where link_name is the name of a replication link.
The DR> dnsupdate set addreplink command does not create a replication link, instead it configures the specified replication link with the same DNS update parameters as on the local cluster. For example:
DR> dnsupdate addreplink Rep1 SFS DNSUpdate SUCCESS V-288-0 operation addreplink Rep1 successful on cluster1.
When you add a replication link to the DNS update configuration, existing parameters for the DNS update service are set on both the local and the remote cluster. For example:
SFS DNSupdate SUCCESS V-288-0 operation dnsserver 172.10.409.251 successful on cluster2. SFS DNSupdate SUCCESS V-288-0 operation domain_name sfs.example.com successful on cluster2. SFS DNSUpdate SUCCESS V-288-0 operation keyfile Kexample.com.+157+20648.private successful on cluster2. SFS DNSUpdate SUCCESS V-288-0 operation keyfile scp://lkarnes@mkt1:/secure/ successful on cluster2.
To delete a replication link from the DNS update configuration
◆ To delete a replication link to the DNS update configuration, enter the following:
DR> dnsupdate delreplink link_name
where link_name is the name of a replication link.
The DR> dnsupdate set delreplink command does not delete a replication link, instead it removes the link from the DNS update configuration. For example:
DR> dnsupdate delreplink Rep1 SFS DNSUpdate SUCCESS V-288-0 operation delreplink Rep1 successful on cluster1. Configuring disaster recovery 549 Starting and stopping the DNS update service
Starting and stopping the DNS update service To start the DNS update service
◆ To start the DNS update service, enter the following:
DR> dnsupdate start Starting... SFS DNSupdate SUCCESS V-288-0 DNSupdate started.
The DR> dnsupdate start command works on the local cluster only. When the DNS service is started, FileStore updates the DNS server with a Type-A DNS record that contains a list of VIP addresses for the cluster. Based on this record, the DNS server uses a round-robin method to resolve the domain name with the appropriate VIPs. Among the clusters that are configured for the DNS update service, the service can be online on only one cluster at a time. If the DNS update service is online on any of the remote clusters that are configured through replication links, then the service cannot be started on the local cluster. To stop the DNS update service
◆ To stop the DNS update service, enter the following:
DR> dnsupdate stop Stopping... SFS DNSupdate SUCCESS V-288-0 DNSupdate stopped.
The DR> dnsupdate stop command works on the local cluster only. 550 Configuring disaster recovery Displaying DNS update settings
Displaying DNS update settings To display DNS update settings
◆ To display DNS update status and configuration settings, enter the following:
DR> dnsupdate show
Status Location Console IP Status ------Local 10.209.188.192 ONLINE Rep1 10.733.195.186 OFFLINE Rep2 10.733.195.187 OFFLINE
Configuration Parameter Value ------DNSServer 172.10.409.251 DomainName sfs.example.com Keyfile Kexample.com.+157+20648.private
Status on the remote cluster is shown only if related replication links have been added to the configuration. Chapter 18
Upgrading Symantec FileStore
This chapter includes the following topics:
■ About upgrading patches
■ Displaying the current version of FileStore
■ About installing patches
■ About types of patches
■ Installing patches
■ Uninstalling patches
■ Synchronizing software upgrades on a node
About upgrading patches
The upgrade commands install or uninstall upgrades to the FileStore software. The upgrades can be patches or drivers. The software is installed or uninstalled on all of the nodes. The upgrade commands are defined in Table 18-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the Upgrade> mode. See “About using the FileStore command-line interface” on page 31.
Note: To avoid potential upgrade issues, stop all workloads from clients, and then re-initiate the upgrade. 552 Upgrading Symantec FileStore About upgrading patches
Table 18-1 Upgrade mode commands
Command Definition
show Displays the current version of FileStore, the patch level. The Upgrade> show detail command displays information about major upgrades. Error messages are displayed if any of the nodes in the cluster do not have matching software versions or operating system packages installed. See “Displaying the current version of FileStore” on page 553.
patch install Downloads the patch from the specified URL and installs it on all of the nodes. See “About installing patches” on page 554.
patch Uninstalls the software upgrade from all of the nodes up to the uninstall-upto specified version. See “About installing patches” on page 554.
patch sync Synchronizes the specified node. See “About installing patches” on page 554. Upgrading Symantec FileStore 553 Displaying the current version of FileStore
Displaying the current version of FileStore To display the current version of FileStore 1 To display the current version of FileStore and the patch level, enter the following:
Upgrade> show
For example:
Upgrade> show 5.7 ENTERPRISE EDITION (Fri April 15 16:12:40 2011), Installed on Thurs April 21 09:23:28 PDT 2011
2 To display the current version of FileStore, the patch level, and major upgrades, enter the following:
Upgrade> show detail
For example:
Upgrade> show detail 5.7 ENTERPRISE EDITION (Fri April 15 16:12:40 2011), Installed on Thurs April 21 09:23:28 PDT 2011
Major Upgrade(s) ======Upgraded from 5.6P2 to 5.7 (Mon April 11 08:40:23 2011) on Tues April 12 17:21:18 PDT 2011 554 Upgrading Symantec FileStore About installing patches
About installing patches
Table 18-2 Patch commands
Command Definition
patch install Downloads the patch from a specified URL and install it on all of the nodes. The Upgrade> patch install command first synchronizes the nodes that have different software versions compared to the other nodes. Note: After you have installed, uninstalled, or synchronized a new FileStore patch into your cluster, the list of available commands may have changed. Please re-login to the CLI to access the updated features.
See “Installing patches” on page 556.
patch Uninstalls the software upgrade from all of the nodes up to the uninstall-upto specified version. You must specify the versions of software up to the version that you want to uninstall. This command first synchronizes the nodes that have different software versions compared to other nodes in the cluster. See “Installing patches” on page 556.
patch sync Forcefully synchronizes the specified node, bringing it up to the currently installed software version of the remaining nodes in the cluster. You only need to install the patch on one node, and then run the Upgrade> patch sync command to synchronize all of the nodes.
See “Installing patches” on page 556.
About types of patches FileStore patches can be divided into two types based on if a patch requires a restart of the cluster or not:
■ 1) Patches that do not require a cluster restart. This patch upgrades only FileStore-related binaries and any operating system RPMs that do not require a restart after you apply the patch. Type 1 patches do not require a cluster restart, so the direct upgrade process can be used. The direct upgrade process does not bring down any nodes or resources while the patch is applied, and the upgrade applies the patch on all the nodes in parallel. The cluster remains in a running state serving clients while the upgrade process is running. Upgrading Symantec FileStore 555 About types of patches
■ 2) Patches that require a cluster restart. This patch upgrades operating system RPMs and FileStore binaries that require a restart of the cluster. These patches require a one-time cluster restart. Type 2 patches require a one-time cluster restart, so use the phased upgrade process to minimize downtime. In a phased upgrade, the upgrade process selects one of the nodes, called the first-stage node, and stops all services and resources on the first-stage node. All resources failover to other nodes including the VIP groups. During the failover process, the clients connected to the first stage node VIP are intermittently interrupted. For the clients that do not timeout, the service resumes after the VIP goes back online on one of the second-stage nodes. The first-stage node is upgraded first. While the upgrade process is running on the first-stage node, the remaining nodes (second-stage nodes) continue serving clients. Once the first-stage node has been upgraded, it restarts the first-stage node. Immediately after the first-stage node comes up, the upgrade process stops the services and resources on the remaining nodes. When the first-stage node comes up, all services and resources are online and serving clients. Meanwhile, the phased upgrade starts the patch upgrade process on the remaining nodes. After completion of the patch upgrade on the remaining nodes, the cluster recovers to normal and services are balanced across the cluster. In the case of a phased upgrade, you are prompted with a message such as the following:
Applying this patch requires reboot of cluster node(s) and uses a phased upgrade mechanism. In phased upgrade method, the patch will be applied on one of the cluster nodes in first phase and then on rest of the nodes in second phase. There will be a downtime of service between these two phases. Do you want to continue with phased installation of this patch? [y|n]
Also, in the case if a phased upgrade fails, the patch synchronization process does not bring a node back to the same level as for the console node. Failed nodes should be added back to the cluster using the Cluster> install and Cluster> add commands.
Note: An uninstall is not supported for phased-upgrade patches.
Note: FileStore does not support rollback if the patch upgrades any RPMs. 556 Upgrading Symantec FileStore Installing patches
Installing patches To install the latest patches on your system
◆ To install the latest patches, enter the following:
Upgrade> patch install URL
where URL is the URL location from where you can download the software patch. The URL supports HTTP, FTP, and SCP protocols for download. The user name and password for the HTTP and FTP protocols are supported. For example, you can download a FileStore patch from an HTTP server with authentication and install it.
http://[email protected]/SFS_UPDATES/SFS.iso tg3.ko:3.71b,megaraid_sas.ko:00.00.03.16 Enter password for user 'admin': ********** Please wait. Upgrade is in progress... Patch upgraded on all nodes of cluster.
Uninstalling patches To uninstall patches
◆ To uninstall the software upgrades, enter the following:
Upgrade> patch uninstall-upto version
where version specifies the versions of software up to the version that you want to uninstall. For example:
Upgrade> patch uninstall-upto 5.6P1 OK Completed
Synchronizing software upgrades on a node
The Upgrade> patch sync command checks that all the nodes are on the same patch level or not. If not, FileStore brings the nodes that are on different patch levels to the same patch level as for the console node. Upgrading Symantec FileStore 557 Synchronizing software upgrades on a node
To forcefully synchronize software upgrades on a node
◆ To forcefully synchronize software upgrades on a node, enter the following:
Upgrade> patch sync nodename
where nodename specifies the node that needs to be synchronized to the same software version as the one currently installed in the cluster. For example:
Upgrade> patch sync node2 ...... Syncing software upgrades on node2... SFS patch SUCCESS V-288-122 Patch sync completed. 558 Upgrading Symantec FileStore Synchronizing software upgrades on a node Chapter 19
Using Symantec AntiVirus for FileStore
This chapter includes the following topics:
■ About Symantec AntiVirus for FileStore
■ About Symantec AntiVirus for FileStore licensing
■ About Symantec AntiVirus for FileStore commands
■ Displaying Symantec AntiVirus for FileStore configurations
■ About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
■ Configuring Symantec AntiVirus for FileStore on the cluster's nodes
■ About configuring Auto-Protect on FileStore file systems
■ Configuring Auto-Protect on FileStore file systems
■ About excluding file extensions
■ Configuring file extensions for the Symantec AntiVirus for FileStore configuration file
■ About Symantec AntiVirus for FileStore LiveUpdate
■ Using Symantec AntiVirus for FileStore with LiveUpdate
■ About using Symantec AntiVirus for FileStore quarantine commands
■ Using Symantec AntiVirus for FileStore quarantine commands
■ Setting the Symantec AntiVirus for FileStore action policy 560 Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore
■ About using Symantec AntiVirus for FileStore manual scan commands
■ Using Symantec AntiVirus for FileStore manual scan commands
■ About scheduling a Symantec AntiVirus for FileStore scan job
■ Scheduling a Symantec AntiVirus for FileStore scan job
About Symantec AntiVirus for FileStore FileStore software lets you access data through numerous protocols including NFS, CIFS, and FTP. You can store your data on the network-attached storage. Symantec AntiVirus for FileStore provides on-access virus protection for the data that can be accessed through FileStore. Symantec AntiVirus for FileStore detects and prevents the spread of malicious virus code before your data is compromised. Symantec AntiVirus for FileStore provides two methods for protecting data:
■ Auto-Protect (AP) scan - protects files and file systems as they are accessed (when a file is opened, modified, or executed) You can use the Auto-Protect method to conduct client access on-demand scanning of NFS, CIFS, or other protocols within FileStore. Symantec AntiVirus for FileStore provides support for the Auto-Protect method through use of the autoprotect commands. See “About configuring Auto-Protect on FileStore file systems” on page 565.
■ Scheduled scan - scans file systems for viruses when requested or at scheduled intervals You can use the Scheduled scan method to have automated scans occur at regular times, or to manually scan file systems on an as-needed basis. Symantec AntiVirus for FileStore provides support for Scheduled scans through use of the job and scan commands. See “About scheduling a Symantec AntiVirus for FileStore scan job” on page 580. See “About using Symantec AntiVirus for FileStore manual scan commands” on page 578.
Note: Symantec AntiVirus for FileStore is based on Symantec Endpoint Protection technology and is an optional component of the FileStore product. Symantec AntiVirus for FileStore requires you to have a valid Symantec Endpoint Protection maintenance agreement in order for the product feature to be licensed correctly. Using Symantec AntiVirus for FileStore 561 About Symantec AntiVirus for FileStore licensing
Figure 19-1 Symantec AntiVirus for FileStore overview
2. Symantec AntiVirus for 1. Client opens a file. FileStore scans the file. 3. If a virus is found, Symantec AntiVirus for FileStore reacts based on the policies. Client 4. Client is allowed or Server denied access to the file.
1. The client attempts to access a file from the share. A file becomes a candidate for scanning when it is accessed.
2. If Auto-Protect (AP) is enabled on the share, Symantec AntiVirus for FileStore verifies if the file needs to be scanned or not based on parameters, such as file extensions. If Auto-Protect is not enabled on that share, it lets you access the file without Symantec AntiVirus for FileStore intervention.
3. If the file is a candidate to be scanned, Symantec AntiVirus for FileStore scans the file and takes the specified action, such as delete, quarantine, or clean, based on the indicated scan action policies.
4. Based on the scan results, you are allowed or denied access to the file.
About Symantec AntiVirus for FileStore licensing FileStore includes the ability to enable scheduled and Auto-Protect (on-demand) antivirus scanning within the FileStore cluster and without requiring external servers. If you use the Symantec AntiVirus for FileStore antivirus feature, to comply with the Symantec Endpoint Protection End-User License Agreement (EULA), you must have purchased the appropriate number of licenses. Contact your Symantec account representative or channel partner representative for more information on licensing Symantec AntiVirus for FileStore.
About Symantec AntiVirus for FileStore commands To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter Antivirus> mode. See “About using the FileStore command-line interface” on page 31. 562 Using Symantec AntiVirus for FileStore Displaying Symantec AntiVirus for FileStore configurations
Table 19-1 Symantec AntiVirus for FileStore commands
Commands Definitions
autoprotect Enables or disables Auto-Protect (AP) on specified file systems.
excludeextension Adds or deletes file extensions to/from the Symantec AntiVirus for FileStore configuration file. Symantec AntiVirus for FileStoreskips scanning the files whose file extensions are in the excluded list. By default, Symantec AntiVirus for FileStore scans all the files.
job Creates and configures the scan task that is identified by a unique job_name.
liveupdate Adds, updates, views, and schedules LiveUpdates to Symantec AntiVirus for FileStore for updating virus definitions.
quarantine Lists, deletes, repairs, and provides information about quarantined items.
scan Manually starts, stops, and gives status of the file systems.
scanaction Sets the Symantec AntiVirus for FileStore action policy. Symantec AntiVirus for FileStore takes action according to action policies when a virus is detected in a file. Available action policies are delete, quarantine, clean, and leave.
service Starts or stops the Symantec AntiVirus for FileStore service. The command also displays the status of Symantec AntiVirus for FileStore on each node. By default, the Symantec AntiVirus for FileStoreservice is stopped on all of the nodes.
show Displays all of the configuration details of Symantec AntiVirus for FileStore. For example, list of file extensions (doc, exe, zip) and scan action details (clean, delete).
Displaying Symantec AntiVirus for FileStore configurations
The show command displays the Symantec AntiVirus for FileStore logs and configuration details. Using Symantec AntiVirus for FileStore 563 About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
To display Symantec AntiVirus for FileStore configurations
◆ To display Symantec AntiVirus for FileStore logs configuration details, enter the following:
Antivirus> show logs [number_of_jobs]
where number_of_jobs is the number of scan jobs. You can enter a 0 to display all scan logs. For example:
Antivirus> show logs 2
JOB NAME FS NAME SCAN START TIME SCAN END TIME TIME TO SCAN TOTAL THREATS ------MANUALSCAN fs1 2009/06/04 04:03:02 2009/06/02 04:08:03 5 Mins 0 job1 fs1 2009/06/03 05:12:01 2009/06/03 05:22:02 10 Mins 3
FILES OMITTED FILES SCANNED NODE NAME ------0 100 cluster_01 0 500 cluster_02
THREAT NAME FILE NAME ACTION TAKEN ------EICAR Test String /vx/fs1/eicar.com Quarantine succeeded. EICAR Test String /vx/fs1/eicarcom2.zip>>eicar_com.zip>>eicar.com Quarantine succeeded. /vx/fs1/eicarcom2.zip Quarantine succeeded. EICAR Test String /vx/fs1/eicar.com.txt Quarantine succeeded.
About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
The service command enables, disables, or displays status for the Symantec AntiVirus for FileStore service on all of the nodes in the cluster. 564 Using Symantec AntiVirus for FileStore Configuring Symantec AntiVirus for FileStore on the cluster's nodes
Table 19-2 Symantec AntiVirus for FileStore cluster node configuration commands
Command Definition
service start Starts Symantec AntiVirus for FileStore on all of the nodes in a cluster. By default, Symantec AntiVirus for FileStore is disabled on all of the nodes in the cluster. See “Configuring Symantec AntiVirus for FileStore on the cluster's nodes” on page 564.
service stop Stops Symantec AntiVirus for FileStore on all of the nodes in the cluster. See “Configuring Symantec AntiVirus for FileStore on the cluster's nodes” on page 564.
service status Displays the status of the Symantec AntiVirus for FileStore service on each node. See “Configuring Symantec AntiVirus for FileStore on the cluster's nodes” on page 564.
Configuring Symantec AntiVirus for FileStore on the cluster's nodes To start Symantec AntiVirus for FileStore on all nodes in the cluster
◆ To start Symantec AntiVirus for FileStore on all of the nodes in a cluster, enter the following:
Antivirus> service start
By default, the Symantec AntiVirus for FileStore service is offline. If the Symantec AntiVirus for FileStore service is already started, Symantec AntiVirus for FileStore clears the faults (if any), and then tries to start the Symantec AntiVirus for FileStore service. For example:
Antivirus> service start Using Symantec AntiVirus for FileStore 565 About configuring Auto-Protect on FileStore file systems
To stop Symantec AntiVirus for FileStore on all nodes in the cluster
◆ To stop Symantec AntiVirus for FileStore on all nodes in a cluster, enter the following:
Antivirus> service stop
You receive an error if you try to stop an already stopped Symantec AntiVirus for FileStore service. For example:
Antivirus> service stop
To display Symantec AntiVirus for FileStore status on all nodes in the cluster
◆ To display the status of the Symantec AntiVirus for FileStore service on all the nodes in the cluster, enter the following:
Antivirus> service status
For example:
Antivirus> service status
About configuring Auto-Protect on FileStore file systems
The autoprotect command enables or disables Auto-Protect (AP) antivirus protection on specified file system(s) or on all of the FileStore file systems. The default option enables Auto-Protect on all FileStore file systems.
Table 19-3 autoprotect commands
Command Definition
autoprotect enable Enables Auto-Protect on a specified file system(s) or all of the file systems. See “Configuring Auto-Protect on FileStore file systems” on page 566.
autoprotect Disables Auto-Protect on a specified file system(s) or all of the file disable systems. See “Configuring Auto-Protect on FileStore file systems” on page 566. 566 Using Symantec AntiVirus for FileStore Configuring Auto-Protect on FileStore file systems
Configuring Auto-Protect on FileStore file systems To enable Auto-Protect on FileStore file systems
◆ To enable automatic antivirus protection on individual file systems, enter the following:
Antivirus> autoprotect enable fs_name1,fs_name2
where fs_name1 and fs_name2 are the names of the file systems. For example, to enable Auto-Protect on specified file systems, enter the following:
Antivirus> autoprotect enable fs1,fs2
By default, Auto-Protect is disabled on newly created file systems. If you issue the autoprotect enable command without any options, Auto-Protect is enabled on all the file systems in the cluster. For example, to enable Auto-Protect on all the file systems in the cluster, enter the following:
Antivirus> autoprotect enable
To disable Auto-Protect on FileStore file systems
◆ To disable Auto-Protect on FileStore file systems, enter the following:
Antivirus> autoprotect disable fs_name1,fs_name2
where fs_name1 and fs_name2 are the names of the file systems for which Auto-Protect should be disabled. For example:
Antivirus> autoprotect disable fs1,fs2
About excluding file extensions
The excludeextension command lets you exclude file extensions so they are not included in the Symantec AntiVirus for FileStore scan.
Note: File extensions are case-sensitive. Using Symantec AntiVirus for FileStore 567 Configuring file extensions for the Symantec AntiVirus for FileStore configuration file
Table 19-4 File extension exclusion commands
Command Definition
excludeextension Adds the file extensions to the Symantec AntiVirus for FileStore add configuration file. Symantec AntiVirus for FileStore software does not scan the files that are contained in this configuration file. See “Configuring file extensions for the Symantec AntiVirus for FileStore configuration file” on page 567.
excludeextension Deletes the files extensions from the Symantec AntiVirus for FileStore delete configuration file. After the files are deleted from the configuration file, they are scanned by the Symantec AntiVirus for FileStore software. See “Configuring file extensions for the Symantec AntiVirus for FileStore configuration file” on page 567.
excludeextension Displays the list of file extensions currently in the Symantec AntiVirus list for FileStore configuration file. See “Configuring file extensions for the Symantec AntiVirus for FileStore configuration file” on page 567.
Configuring file extensions for the Symantec AntiVirus for FileStore configuration file To add file extensions to the Symantec AntiVirus for FileStore configuration file
◆ To add file extensions to the Symantec AntiVirus for FileStore configuration file and eliminate the files from being scanned, enter the following:
Antivirus> excludeextension add file_extension1,file_extension2
where file_extension1,file_extension2 are the names of the file extensions you want to add to the Symantec AntiVirus for FileStore configuration file. For example:
Antivirus> excludeextension add txt,DOC SFS antivirus SUCCESS V-288-1128 File extension txt,DOC added 568 Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore LiveUpdate
To delete file extensions from the Symantec AntiVirus for FileStore configuration file
◆ To delete file extensions from the Symantec AntiVirus for FileStore configuration file and include the files in the Symantec AntiVirus for FileStore scan, enter the following:
Antivirus> excludeextension delete file_extension1,file_extension2
where file_extension1,file_extension2 are the names of the file extensions you want to delete from the Symantec AntiVirus for FileStore configuration file. For example:
Antivirus> excludeextension delete txt SFS antivirus SUCCESS V-288-1128 File extension txt deleted
To display the list of file extensions in the Symantec AntiVirus for FileStore configuration file
◆ To display the list of file extensions in the Symantec AntiVirus for FileStore configuration file, enter the following:
Antivirus> excludeextension list
For example:
Antivirus> excludeextension list Parameter Value ------File excluded extension list DOC
About Symantec AntiVirus for FileStore LiveUpdate
The liveupdate feature is used to add LiveUpdate servers to Symantec AntiVirus for FileStore for updating virus definitions.
Table 19-5 Symantec AntiVirus for FileStore liveupdate commands
Command Definition
liveupdate Adds the LiveUpdate servers to Symantec AntiVirus for FileStore for serveradd updating virus definitions. See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. Using Symantec AntiVirus for FileStore 569 About Symantec AntiVirus for FileStore LiveUpdate
Table 19-5 Symantec AntiVirus for FileStore liveupdate commands (continued)
Command Definition liveupdate Deletes a Symantec AntiVirus for FileStore LiveUpdate server or proxy serverdelete from the LiveUpdate servers list. See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. liveupdate start Runs a LiveUpdate of the virus definitions immediately. See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. liveupdate Creates a schedule for the LiveUpdate. schedule create See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. liveupdate Modifies a schedule for the LiveUpdate. schedule modify See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. liveupdate Deletes the schedule of the LiveUpdate. schedule delete See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. liveupdate Displays the LiveUpdate schedule. schedule show See “Using Symantec AntiVirus for FileStore with LiveUpdate” on page 570. 570 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
Using Symantec AntiVirus for FileStore with LiveUpdate To add the LiveUpdate servers to Symantec AntiVirus for FileStore
◆ To add the LiveUpdate servers to Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate serveradd url
where url is either an HTTP, FTP, or proxy server URL. For example:
Antivirus> liveupdate server add http://sample.com SFS antivirus SUCCESS V-288-1263 Server added to liveupdate server database.
The master node assigns a server ID to the given input. You can add a maximum of 10 servers and 1 proxy server to the LiveUpdate server list. To delete the server or proxy from the LiveUpdate servers list
◆ To delete the server or proxy from the LiveUpdate servers list, enter the following:
Antivirus> liveupdate serverdelete serverid | proxy
serverid Specifies the ID of the server to be deleted from the LiveUpdate server list.
proxy Specifies the proxy server to be deleted from the LiveUpdate server list.
For example, this command deletes the proxy server from the LiveUpdate servers list, if the proxy server exists.
Antivirus> liveupdate serverdelete proxy SFS antivirus SUCCESS V-288-1274 Successfully proxy server deleted from liveupdate server database.
For example, this command deletes the server that is associated with server ID 3.
Antivirus> liveupdate serverdelete 3 SFS antivirus SUCCESS V-288-1278 Successfully server with id 3 deleted from liveupdate server database. Using Symantec AntiVirus for FileStore 571 Using Symantec AntiVirus for FileStore with LiveUpdate
To run LiveUpdate on Symantec AntiVirus for FileStore
◆ To immediately run LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate start
For example, this command runs LiveUpdate immediately.
Antivirus> liveupdate start Please wait liveupdate in progress SFS antivirus SUCCESS V-288-1108 Done 572 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
To create a new schedule for LiveUpdate on Symantec AntiVirus for FileStore
◆ To create a schedule for LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate schedule create minute hour day_of_the_month month day_of_the_week
minute Specifies the minutes for the LiveUpdate. This field may contain either an asterisk '*', which implies 'every minute' or a numeric value between the range of 0-59.
hour Specifies the hour for the LiveUpdate. This field may contain either an asterisk '*', which implies running every hour, or a numeric value between the range of 0-23.
day_of_the_month Specifies the day of the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the month, or a numeric value between the range of 1-31.
month Specifies the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every month, or a numeric value between the range of 1-12. In addition to the numeric values, this field can also accept names of month as an argument, with the first three letters of the month (case-insensitive) serving as input for the given parameter.
day_of_the_week Specifies the day of the week for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the week, or a numeric value between the range of 0-7, with both 0 and 7 being interpreted as Sunday by crontab. In addition, this parameter can also accept names, with the first three letters of the month (case-insensitive) serving as an input value.
You can only create one LiveUpdate schedule. For example, this command invokes LiveUpdate every Monday.
Antivirus> liveupdate schedule create * * * * 1 SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully created Using Symantec AntiVirus for FileStore 573 Using Symantec AntiVirus for FileStore with LiveUpdate
To modify the LiveUpdate schedule
◆ To modify a schedule for LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate schedule modify minute hour day_of_the_month month day_of_the_week
minute Modify the minutes for the LiveUpdate. This field may contain either an asterisk '*', which implies 'every minute' or a numeric value between the range of 0-59.
hour Modify the hour for the LiveUpdate. This field may contain either an asterisk '*', which implies running every hour, or a numeric value between the range of 0-23.
day_of_the_month Modify the day of the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the month, or a numeric value between the range of 1-31.
month Modify the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every month, or a numeric value between the range of 1-12. In addition to the numeric values, this field can also accept names of month as an argument, with the first three letters of the month (case-insensitive) serving as input for the given parameter.
day_of_the_week Modify the day of the week for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the week, or a numeric value between the range of 0-7, with both 0 and 7 being interpreted as Sunday by crontab. In addition, this parameter can also accept names, with the first three letters of the month (case-insensitive) serving as an input value.
For example, this command modifies the LiveUpdate schedule.
Antivirus> liveupdate schedule modify 0 1 * * * SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully modified 574 Using Symantec AntiVirus for FileStore About using Symantec AntiVirus for FileStore quarantine commands
To delete the current LiveUpdate schedule
◆ To delete the current LiveUpdate schedule, enter the following:
Antivirus> liveupdate schedule delete
For example, this command deletes the LiveUpdate schedule.
Antivirus> liveupdate schedule delete SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully deleted
To display the current LiveUpdate schedule
◆ To display the current LiveUpdate schedule, enter the following:
Antivirus> liveupdate schedule show
For example, this command displays the current LiveUpdate schedule.
Antivirus> liveupdate schedule show Liveupdate scheduled on 0 1 * * *
About using Symantec AntiVirus for FileStore quarantine commands Symantec AntiVirus for FileStore places the scanned files that have not passed the virus protection software in quarantine. The quarantine commands let you display information about these files, delete the files, repair the files, or restore the quarantined files.
Table 19-6 Symantec AntiVirus for FileStore quarantine commands
Command Definition
quarantine list Lists all of the files that have been quarantined. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 575.
quarantine delete Deletes the quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 575. Using Symantec AntiVirus for FileStore 575 Using Symantec AntiVirus for FileStore quarantine commands
Table 19-6 Symantec AntiVirus for FileStore quarantine commands (continued)
Command Definition
quarantine repair Repairs the quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 575.
quarantine restore Restores the quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 575.
quarantine info Displays information about quarantined files. See “Using Symantec AntiVirus for FileStore quarantine commands” on page 575.
Using Symantec AntiVirus for FileStore quarantine commands To list all of the quarantined files
◆ To list all of the files that have been quarantined, enter the following:
Antivirus> quarantine list
For example:
Antivirus> quarantine list QID Quarantine file ------sfs_01_5BA00000 /vx/fs2/eicar.com sfs_01_5BA00001 /vx/fs1/eicarcom2.zip sfs_02_5BA00002 /vx/fs1/eicar.com.txt
Each quarantined file is associated with an ID. Each node stores quarantined files locally. If any node is removed from a cluster, quarantined files on that node are lost. For example:
sfs_01_5BA00000 is the ID of the /vx/fs2/eicar.com quarantined file. 576 Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore quarantine commands
To delete the quarantined files
◆ To delete the quarantined files, enter the following:
Antivirus> quarantine delete [id]
where id is the specified quarantined file to be deleted. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are deleted. For example:
Antivirus> quarantine delete sfs_01_5BA00000 Please wait ... It will take some time ... SFS antivirus SUCCESS V-288-1108 Done
To repair a quarantined file
◆ To repair a quarantined file, enter the following:
Antivirus> quarantine repair [id]
where id is the specified quarantined file to be repaired. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are repaired. For example:
Antivirus> quarantine repair sfs_01_5BA00000, sfs_02_6BA00000 Please wait ... It will take some time ... SFS antivirus SUCCESS V-288-1108 Done
To restore a quarantined file
◆ To restore a quarantined file, enter the following:
Antivirus> quarantine restore [id]
where id is the specified quarantined file to be restored. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are restored. For example:
Antivirus> quarantine restore sfs_01_5BA00000, sfs_01_6BA00000 Using Symantec AntiVirus for FileStore 577 Setting the Symantec AntiVirus for FileStore action policy
To display information about quarantined files
◆ To display information about specified quarantined files, enter the following:
Antivirus> quarantine info [id]
where id is the specified file you want information about. For example:
Antivirus> quarantine info sfs_01_5BA00000 Item: 5BA00000 Description: /vx/fs1/eicar.com Full Path: /vx/fs1/eicar.com Log Line: 270502050402,5,1,1,sfs_01,root,EICAR Test String, /vx/fs1/eicar.com,1,5,1,256,33570852,"",1243933471,, Flags: INFECTED Quarantined: Tue Jun 2 05:04:02 2009 Created: Tue Jun 2 05:04:02 2009 Last Accessed: Tue Jun 2 05:04:02 2009 Last Modified: Tue Jun 2 05:02:47 2009
Setting the Symantec AntiVirus for FileStore action policy
The scanaction command sets the Symantec AntiVirus for FileStore action policy. Based on this policy, Symantec AntiVirus for FileStore takes action when a virus is detected in a file. 578 Using Symantec AntiVirus for FileStore About using Symantec AntiVirus for FileStore manual scan commands
To set the Symantec AntiVirus for FileStore action policy
◆ To set the Symantec AntiVirus for FileStore action policy, so that Symantec AntiVirus for FileStore reacts when a virus is detected in a file, enter the following:
Antivirus> scanaction primary_action secondary_action
where primary_action secondary_action are the names of the policies you want the Symantec AntiVirus for FileStore policy to take action on. These polices are:
delete Deletes the virus-infected file if a virus is found.
quarantine Quarantines the virus-infected file if a virus is found. Quarantined files are stored on local storage.
clean Attempts to clean the virus from the file if a virus is found.
leave Leaves the virus-infected file as is. Symantec AntiVirus for FileStore does not take any action if a virus is found.
For example, if Symantec AntiVirus for FileStore detects a virus in a file, Symantec AntiVirus for FileStore first tries to clean the virus from the infected file (primary_action). If the clean action fails, Symantec AntiVirus for FileStore quarantines the infected file (secondary_action)
Antivirus> scanaction clean quarantine SFS antivirus SUCCESS V-288-1050 Antivirus configuration updated with given scan actions.
Note: You can configure a single scan action by setting the same action for both the primary and the secondary scan.
About using Symantec AntiVirus for FileStore manual scan commands
The scan command lets you scan specific file systems for viruses, instead of the entire node. Using Symantec AntiVirus for FileStore 579 Using Symantec AntiVirus for FileStore manual scan commands
Table 19-7 Symantec AntiVirus for FileStore manual scan commands
Command Definition
scan start Starts the manual scan on the file systems. See “Using Symantec AntiVirus for FileStore manual scan commands” on page 579.
scan status Displays the manual scan status , which shows if the scan is in progress or done. See “Using Symantec AntiVirus for FileStore manual scan commands” on page 579.
scan stop Stops the manual scan. See “Using Symantec AntiVirus for FileStore manual scan commands” on page 579.
Using Symantec AntiVirus for FileStore manual scan commands To start the manual scan
◆ To start the manual scan on the specified file systems on the preferred node, enter the following:
Antivirus> scan start fs_name1,fs_name2 [preferred_node]
where fs_name1,fs_name2, preferred_node are the file system names for performing a manual scan. If a preferred_node is not specified, the master node determines the node for running the scan. For example:
Antivirus> scan start fs1,fs2,fs3 SFS antivirus SUCCESS V-288-1187 Manual scan started on fs1,fs2,fs3. 580 Using Symantec AntiVirus for FileStore About scheduling a Symantec AntiVirus for FileStore scan job
To display the scan status from a manual scan
◆ To display the manual scan status (if the scan is in progress or done), enter the following:
Antivirus> scan status
For example:
Antivirus> scan status SFS antivirus SUCCESS V-288-1185 Manual scan is in progress on fs1,fs2,fs3.
To stop the manual scan
◆ To stop the manual scan if there are any manual scans running in the background, enter the following:
Antivirus> scan stop
For example:
Antivirus> scan stop SFS antivirus SUCCESS V-288-1188 Manual scan stopped successfully.
About scheduling a Symantec AntiVirus for FileStore scan job
Use the job command to schedule a Symantec AntiVirus for FileStore scan job. The specified job_name must be unique.
Table 19-8 Scan scheduling commands
Definition Command
job create Creates a schedule for a scan that the job_name identifies.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582.
job modify Modifies the schedule for a scan that the job_name identifies.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582. Using Symantec AntiVirus for FileStore 581 About scheduling a Symantec AntiVirus for FileStore scan job
Table 19-8 Scan scheduling commands (continued)
Definition Command job enable Enables the given job_name scan schedule.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582. job disable Disables the given job_name scan schedule.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582. job show Displays information about the given job_name.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582. job stop Stops the given job_name from running.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582. job delete Deletes the given job_name.
See “Scheduling a Symantec AntiVirus for FileStore scan job” on page 582. 582 Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
Scheduling a Symantec AntiVirus for FileStore scan job To create a schedule for running a scan job
◆ To create a schedule for running a scan job identified by the assigned job name, enter the following:
Antivirus> job create job_name fs_name1,fs_name2 minute hour day_of_the_month month day_of_the_week [preferred_node]
job_name Enter a unique job name for the scan.
fs_name Enter the name of the file system you want to scan.
minute Enter the minutes for scheduling the scan.
hour Enter the hour for scheduling the scan.
day_of_the_month Enter the day of the month for scheduling the scan.
month Enter the month for scheduling the scan.
day_of_the_week Enter the day of the week for scheduling the scan.
preferred_node Enter the preferred node for running the scan job. If no node (optional) name appears, the master node selects a node from the cluster and assigns the scheduled scan on that node.
For example, to create a schedule for scanning the file systems fs1 and fs2 every Sunday, you would enter the following:
Antivirus> job create job1 fs1,fs2 0 0 * * 0 SFS antivirus SUCCESS V-288-1169 Job job1 successfully created Using Symantec AntiVirus for FileStore 583 Scheduling a Symantec AntiVirus for FileStore scan job
To modify the schedule for a scan job
◆ To modify the already created scan job, enter the following:
Antivirus> job modify job_name fs_name1,fs_name2 minute hour day_of_the_month month day_of_the_week [preferred_node]
job_name Modify the unique job name for the scan.
fs_name Modify the name of the file system you want to scan.
minute Modify the minutes for scheduling the scan.
hour Modify the hour for scheduling the scan.
day_of_the_month Modify the day of the month for scheduling the scan.
month Modify the month for scheduling the scan.
day_of_the_week Modify the day of the week for scheduling the scan.
preferred_node Modify the preferred node for running the scan job. If no (optional) node name appears, the master node selects a node from the cluster and assigns the scheduled scan on that node.
For example, to modify job1 for scanning the file system fs3 on the sfs_02 node on the first day of every month, you would enter the following:
Antivirus> job modify job1 fs3 0 0 1 * * sfs_02 SFS antivirus SUCCESS V-288-1168 Job job1 modified.
To enable the scan schedule
◆ To enable the scheduled scan job, enter the following:
Antivirus> job enable job_name
where job_name is the unique name for the scan. For example:
Antivirus> job enable job1 SFS antivirus SUCCESS V-288-1168 Job job1 enabled. 584 Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
To disable the scan schedule
◆ To disable the scheduled scan, enter the following:
Antivirus> job disable job_name
where job_name is the unique name for the scan. For example:
Antivirus> job disable job1 SFS antivirus SUCCESS V-288-1168 Job job1 disabled.
To display information about the scan schedule
◆ To display information about the scheduled scan job, enter the following:
Antivirus> job show job_name
where job_name is the unique name for the scan. For example:
Antivirus> job show job1 Jobname FS State Minute Hour Day Month Week ======job1 fs1 DISABLED * * * * Preferrednode ======*
To stop the scan schedule
◆ To stop the scheduled scan from running, enter the following:
Antivirus> job stop job_name is
where job_name is the unique name for the scan. For example:
Antivirus> job stop job1 SFS antivirus ERROR V-288-1042 job1 job is not running. Using Symantec AntiVirus for FileStore 585 Scheduling a Symantec AntiVirus for FileStore scan job
To delete the scan schedule
◆ To delete the scheduled scan, enter the following:
Antivirus> job delete job_name
where job_name is the unique name for the scan. For example:
Antivirus> job delete job1 SFS antivirus SUCCESS V-288-1167 Job job1 deleted. 586 Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job Glossary
CIFS See Common Internet File System.
Clustered Trivial A cluster implementation of the TDB (Trivial database) based on the Berkeley Database database API.
Common Internet File A network protocol that provides the foundation for Windows-based file sharing System and other network utilities. FileStore supports Common Internet File System sharing. console IP address A virtual IP address that is configured for administrative access to the FileStore cluster management console. coordinator disks In FileStore, three or more LUNs designated to function as part of the I/O fencing mechanism. You cannot use coordinator disks to store user data.
CTDB See Clustered Trivial Database.
DAR See Data Archive and Retention. data archive and Combined Enterprise Vault and FileStore feature that supports both write once retention read many (WORM) and non-WORM archives. DAR-enabled file systems are protected against accidental or deliberate file removal and tampering. data connection The connection between the two NDMP servers that carry the data stream. The data connection in NDMP is either an NDMP interprocess communication mechanism (for local operations) or a TCP/IP connection (for 3-way operations). data management An application that controls the NDMP session. In NDMP there is a master-slave relationship. The data management application is the session master; the NDMP services are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" is used instead of data management application. data master A node that contains the authoritative copy of a Trivial database (TDB) record. data service An NDMP service that transfers data between primary storage and the data connection. datastore A database that integrates data from multiple sources such as fibre channel, iSCSI LUNs, or NAS volumes. deduplication database A database that stores the mapping of the data fingerprints to one or more data segments. 588 Glossary
deduplication A measure of freed storage as a result of deduplication. It is another way of percentage representing the deduplication ratio. For example, if deduplicating 1 TB frees up 800 GB, the deduplication percentage is 80%.
deduplication ratio The ratio of logical to physical storage. In other words, a deduplication ratio of 5:1 denotes that 200 GB of allocated storage actually accounts for 1 TB of data.
DM See data master.
DST See Dynamic Storage Tiering.
fingerprint block size The data size on which a fingerprint is calculated for detecting duplicates. The smaller the granularities, the better the match detection. It cannot be less than the file system block size.
guest operating system An operating system installed on a virtual machine.
mirrored file system A file system that is constructed and managed by a technique for automatically maintaining one or more copies of the file system, using separate underlying storage for each copy. If a storage failure occurs, then access is maintained through the remaining accessible mirrors.
NDMP Network data management protocol. NDMP is a widely used protocol through which an NDMP-compliant backup application can control the backups and restores for an NDMP host. NetBackup requires the NetBackup for NDMP separately-priced option to support NDMP.
NDMP client An application that controls the NDMP session. See also data management application.
NDMP host The host computer system that executes the NDMP server application. Data is backed up from the NDMP host to either a local tape drive or to a backup device on a remote NDMP host.
NDMP server An instance of one or more distinct NDMP services controlled by a single NDMP control connection. Thus a data/tape/SCSI server is an NDMP server providing data, tape, or SCSI services.
NDMP service The state computer on the NDMP host accessed with the Internet protocol and controlled using the NDMP protocol. This term is used independently of implementation. The three types of NDMP services are: data service, tape service, and SCSI service.
NDMP session The configuration of one data management application and two NDMP services to perform a data management operation such as a backup or a recovery.
Netbackup Pure Disk The deduplication engine for NetBackup, enabling efficient, storage-optimized data protection for the data center, remote office, and virtual environments. NetBackup PureDisk is a software-based deduplication solution that is tightly Glossary 589
integrated with NetBackup. PureDisk is ideal for unique environments that require high performance and scalability.
Network Attached A file-level computer data storage that is connected to a network that provides Storage data access to network-capable clients.
Network File System A protocol that lets the user on a client computer access files over a network. To the client's applications the files appear as if they resided on one of the local devices.
Network Time Protocol A protocol for synchronizing computer system clocks over packet-switched, variable-latency data networks.
NFS See Network File System.
NFS lock management A feature that lets a customer use the Network File System (NFS) advisory client locking feature in parallel with core Cluster File System (CFS) global lock management. no_root_squash An NFS sharing option. Does not map requests from the UID 0. This option is on by default.
NTP See Network Time Protocol. oplocks A file-locking mechanism that is designed to improve performance by controlling the caching of files on the client. private interconnect An internal IP network that is used by the Scalable File Server to facilitate communications between the Scalable File Server server nodes. recovery master A node that contains fcntl-locks on distributed file systems and initiates the recovery process.
RM See recovery master. round-robin DNS A technique in which a DNS server, not a dedicated computer, performs the load balancing.
Samba An open-source implementation of the SMB file sharing protocol. It provides file and print services to SMB/CIFS clients. share A specification of a file system or proper subset of a file system, which supports shared access to a file system through an NFS or CIFS server. The specification defines the folder or directory that represents the file system along with access characteristics and limitations. shared extent An extent shared by multiple files. A shared extent is freed only when there are no more references to it in any file. soft limit A file system quota for inode and block consumption that can be established for individual users or groups. If a user exceeds the soft limit, there is a grace period, 590 Glossary
during which the quota can be exceeded. After the grace period has expired, no more inodes or data blocks can be allocated.
snapshot A point-in-time image or replica of a file system that looks identical to the file system from which the snapshot was taken.
storage pool A logical construct that contains one or more LUNs from which file systems can be created.
Symantec NetBackup A Symantec software product that backs up, archives, and restores files, directories, or raw partitions that reside on a client system.
syslog A standard for forwarding log messages in an IP network. The term refers to both the syslog protocol and the application sending the syslog messages.
tape service An NDMP service that transfers data between secondary storage and the data connection and allows the data management application to manipulate and access the secondary storage.
vCenter plug-in One or more components extending collective capabilities of the vSphere Client and the vCenter Server.
Virtual Machine Disk One or more files underlying the physical image of a virtual machine.
VMware vCenter Server A management server from VMware allowing management of ESX servers and VMware VDI.
VMware vSphere Client A Windows-based GUI for accessing vCenter Server capabilities.
World Wide Name A 64-bit identifier that is used in Fibre Channel networks to uniquely identify each element in the network (nodes and ports).
WWN See World Wide Name. Index
A about (continued) about load balancing for the normal clustering Active Directory (AD) 294 mode 346 administering FileStore cluster's LDAP local replication initialization 75 client 188 managing CIFS shares 329 backup configurations 466 managing home directories 347 bonding Ethernet interfaces 160 NDMP policies 455 changing share properties 333 NDMP supported configurations 453 configuring CIFS for AD domain mode 300 Network Data Management Protocol 452 configuring disks 66 network services 158 configuring Ethernet interfaces 173 NFS file sharing 205 configuring FileStore for CIFS 280 NIS 190 configuring IP addresses 167 option commands 518 configuring iSCSI targets 125 reconfiguring CIFS service 326 configuring locally saved configuration files 502 retrieving the NDMP data 462 configuring routing tables 176 scheduling a Symantec AntiVirus for FileStore configuring storage pools 69 scan job 580 creating and maintaining file systems 218 setting NTLM 309 creating file systems 226 setting trusted domains 312 data archive and retention 130 setting up file system alerts 269 data deduplication 137 snapshot schedules 252 disk lists 78 snapshots 246 DNS 163 storage provisioning and management 64 DNS update 543 storing account information 323 DNS update commands 545 support user 44 excluding file extensions from Symantec Symantec AntiVirus for FileStore 560 AntiVirus for FileStore scans 566 Symantec AntiVirus for FileStore FileStore VMware Virtual Center plug-in 514 commands 561 FTP 377 Symantec AntiVirus for FileStore FTP local user 394 LiveUpdate 568 FTP local user set 397 Symantec AntiVirus for FileStore manual scan FTP server 379 commands 578 FTP session 391 Symantec AntiVirus for FileStore quarantine FTP set 381 commands 574 I/O fencing 86 types of patches 554 installing patches 554 VLAN interfaces 195 IP commands 167 accessing iSCSI 117 FileStore product documentation 27 LDAP 181 man pages 39 leaving AD domain 305 Active Directory leaving NT domain 292 setting the trusted domains for 322 592 Index
Active Directory (AD) administering FileStore cluster's LDAP client about 294 about 188 configuring FileStore to authenticate to an AD aio_fork option domain controller 295 setting 369 joining FileStore to 298 alerts verifying FileStore has joined successfully 300 file system unsetting 271 AD domain mode aliases changing domain settings 306 displaying configured on the server 413 configuring CIFS 300 allowing security settings 306 metadata information to be written on the setting domain 302 secondary tier 494 setting domain user 302 specified users and groups access to the CIFS setting security 302 share 337 starting CIFS server 302 attaching AD interface replication storage pool to a FileStore cluster 77 using 309 audit logs AD trusted domains about 434 disabling 322 configuring 418, 437 add local user disabling for a file system 439 FTP 396 Auto-Protect adding configuring on file systems 565–566 a column to a file system 232 a column to a tiered file system 476 B a severity level to an email group 421 backup configurations a syslog server 427 about 466 an email address to a group 421 backup services an email group 421 displaying the status of 467 CIFS share 333 starting 467 disks 67 stopping 467 external NetBackup master server to work with best practices FileStore 449 for using the FileStore deduplication feature 142 filter to a group 421 bind distinguished name IP address to a cluster 169 setting for LDAP server 184 mapping from a virtualPath to a realPath 412 bonding mirror to a file system 230 Ethernet interfaces 161 mirror to a tier of a file system 481 bonding Ethernet interfaces mirrored tier to a file system 478 about 160 mirrored-striped tier to a file system 478 NetBackup Enterprise Media Manager (EMM) server 449 C NetBackup media server 449 cache object NFS share 207 destroying for an instant rollback 269 second tier to a file system 478 cache objects SNMP management server 430 listing 267 striped tier to a file system 478 changing striped-mirror tier to a file system 478 an IP address to online users on any running node 169 naming requirements for 30 configuration of an Ethernet interface 175 VLAN interfaces 196 DMP I/O policy 521 Index 593
changing (continued) CIFS service domain settings 292 standalone mode 284 domain settings for AD domain mode 306 CIFS share local CIFS user password 372 adding 333 NFS daemons 521 deleting 341 ninodes cache size 521 exporting as a directory 355 security settings 294 exporting the same file system/directory as a security settings after CIFS server is different CIFS share 357 stopped 294 modifying existing 340 share properties about 333 CIFS share and home directory status of a file system 243 migrating from ctdb to normal clustering support user password 45 mode 366 checking CIFS shares and home directories and repairing a file system 240 migrating from ctdb clustering modes 362 for stale mirrors on file systems 233 migrating from normal to ctdb clustering I/O fencing status 89 mode 364 on the status of the NFS server 200 CIFS snapshot support user status 45 exporting 340 CIFS CIFS/NFS sharing allowing specified users and groups access to mapping user names 345 the CIFS share 337 clearing configuring schema extensions 316 DNS domain names 165 denying specified users and groups access to the DNS name servers 165 CIFS share 338 LDAP configured settings 184 export options 331 CLI modifying an existing CIFS share 339 logging in to 31 standalone mode 282 client configurations using multi-domain controller support 305 displaying 189 CIFS and NFS protocols LDAP server 189 share directories 211 clock commands sharing file systems 342 about 499 CIFS clustering modes cluster about 280 adding an IP address to 169 switching from ctdb to normal 361 adding the new node to 56 switching from normal to ctdb 358 changing an IP address to online for any running CIFS data migration node 169 enabling 376 deleting a node from 58 CIFS home directories displaying a list of nodes 52 displaying the quota values for 115 displaying all the IP addresses for 169 quotas 105 including new nodes 54 using quotas for 108 installing software on other nodes 55 CIFS operating modes rebooting a nodes or all nodes 61 about 280 shutting down a node or all nodes in a cluster 60 CIFS server clustering modes changing security settings after stopped 294 ctdb 354 configuring with the LDAP backend 321 columns starting 327 adding or removing 232 CIFS server status adding or removing from a tiered file system 476 standalone mode 284 594 Index
command history configuring (continued) displaying 46 NDMP overwrite policy 456 Command-Line Interface (CLI) NDMP recursive restore policy 456 how to use 31 NDMP restore Dynamic Storage Tiering commands policy 456 dns update set 545 NDMP send history policy 456 HTTP alias 411 NDMP update dumpdates policy 456 HTTP document root mapping 413 NDMP use snapshot policy 456 HTTP server 406 NetBackup virtual IP address 450 configurable NetBackup virtual name 451 list of all HTTP options and their values 411 NSS 193 configuration NSS lookup order 194 of an Ethernet interface Symantec AntiVirus for FileStore on all the changing 175 nodes in the cluster 563 configuration files Symantec AntiVirus for FileStore on the cluster's deleting the locally saved 505 nodes 564 viewing locally saved 505 VLAN interfaces 196 configuration settings VMware View 539 exporting either locally or remotely 505 Windows Active Directory as an LDAP IDMAP importing either locally or remotely 505 backend 315 configuring configuring CIFS AD schema with CIFS-schema extensions 316 NT domain mode 287 audit logs 437 configuring disks Auto-Protect on file systems 565–566 about 66 backup using NetBackup 469 configuring Ethernet interfaces CIFS for standalone mode 282 about 173 CIFS server with the LDAP backend 321 configuring IP addresses DAR without Symantec Enterprise Vault 134 about 167 data archive and retention 135 configuring iSCSI targets disaster recovery 543 about 125 DNS update 546 configuring locally saved configuration files email groups 419 about 502 event notifications and audit logs 418 configuring routing tables file extensions in Symantec AntiVirus for about 176 FileStore configuration file 567 configuring storage pools file system 143 about 69 FileStore for CIFS 280 converting FileStore to authenticate to an AD domain existing file system into a cache object 265 controller 295 coordinating HTTP server 405 coordinating cluster nodes IP routing 178 to work with NTP servers 508 iSCSI device 120 coordinator disks iSCSI discovery 122 replacing 89 iSCSI initiator 119 core strengths iSCSI initiator name 120 FileStore 23 iSCSI targets 127 creating masquerade as third-party policy 456 full-sized rollback 261 NDMP backup method policy 456 local CIFS group 375 NDMP failure resilient policy 456 local CIFS user 372 Index 595
creating (continued) defragmenting Master, System Administrator, and Storage file systems 245 Administrator users 41 delete local user mirrored file systems 227 FTP 396 mirrored-stripe file systems 227 deleting shared cache object 265 a node from the cluster 58 simple file systems 227 already configured SNMP management snapshot schedules 254 server 430 snapshots 248 CIFS share 341 space-optimized instant rollbacks 260 configured mail server 421 storage pools 72 configured NetBackup media server 449 striped file systems 227 email address from a specified group 421 striped-mirror file systems 227 email groups 421 users 41 filter from a specified group 421 virtual machine 533 home directories 353 creating and maintaining file systems home directory of given user 353 about 218 local CIFS group 375 creating file systems local CIFS user 372 about 226 locally saved configuration file 505 creating virtual machine clones mapping that is visible to clients as a specifying where to create 535 virtualPath 413 using Symantec FileSnap 533 NFS options 214 ctdb clustering mode route entries from routing tables of nodes in about 354 cluster 178 directory-level share support 355 severity from a specified group 421 load balancing 347 snapshot schedules 256 switching the clustering mode 358 syslog server 427 current Ethernet interfaces and states users 41 displaying 174 VLAN interfaces 196 current users denying displaying list 41 specified users and groups access to the CIFS share 338 D destroying a file system 246 data archive and retention cache object of an instant rollback 269 about 130 I/O fencing 89 configuring 135 instant rollbacks 265 interaction with other applications 132 snapshots 250 using without Symantec Enterprise Vault 134 storage pools 72 data deduplication detached pool set about 137 renaming 76 decreasing detached pools size of a file system 239 displaying 77 deduplication directories configuring file system 143 displaying exported 206 default unexporting the share 214 passwords directory-level share support resetting Master, System Administrator, ctdb clustering mode 355 and Storage Administrator users 41 596 Index
disabling displaying (continued) AD trusted domains 322 LDAP configured settings 184 audit logs for a file system 439 list of all configurable HTTP options and their creation of home directories 353 values 411 DNS settings 165 list of current users 41 FastResync option 236 list of Dynamic Storage Tiering systems 483 I/O fencing 89 list of nodes in a cluster 52 LDAP clients list of syslog servers 427 configurations 189 local CIFS group 375 NIS clients 191 local CIFS user 372 NTLM 311 NDMP backup method 463 NTP server 509 NDMP failure resilient data 463 Partition Secure Notification (PSN) feature 273 NDMP masquerade as third-party 463 quota limits used by snapshots 250 NDMP overwrite data 463 support user account 45 NDMP recursive restore data 463 disaster recovery NDMP restore Dynamic Storage Tiering configuring 543 data 463 disk NDMP send history data 463 formatting 83 NDMP update dumpdates data 463 removing 83 NDMP use snapshot data 463 disk lists NDMP variables 461 about 78 NetBackup configurations 467 disks network configuration and statistics 159 adding 67 NFS daemons 521 removing 67 NFS statistics 202 displaying ninodes cache size 521 all the aliases configured on the server 413 NIS-related commands 191 all the IP addresses for cluster 169 NSS configuration 194 command history 46 option tunefstab 521 current Ethernet interfaces and states 174 policy of each tiered file system 486 current HTTP sessions on each node 409 routing tables of the nodes in the cluster 178 current list of SNMP management servers 430 schedules for all tiered file systems 491 current root directory for the HTTP server 415 share properties 336 current version 553 snapshot quotes 250 detached pools 77 snapshot schedules 256 DMP I/O policy 521 snapshots 249 DNS settings 165 snapshots that can be exported 203 events on the console 429 status of backup services 467 existing email groups or details 421 status of the NTP server 509 exported directories 206 Symantec AntiVirus for FileStore file system 271 configuration 562 file system I/O statistics 512 Symantec AntiVirus for FileStore logs 562 file systems that can be exported 203 Symantec AntiVirus for FileStore stats 562 files moved or pruned by running a policy 493 system date and time 500 FTP server settings 379 system statistics 511 home directory usage information 352 tier location of a specified file 484 information for all disk devices for nodes in a time interval or number of duplicate events for cluster 79 notifications 433 LDAP client configurations 189 values of the configured SNMP notifications 430 Index 597
displaying (continued) email groups values of the configured syslog server 427 about 419 VLAN interfaces 196 adding 421 volpagemod_max_memsz parameter of deleting 421 vxtune 526 displaying existing and details 421 displaying WWN information 84 enabling DMP I/O policy CIFS data migration 376 changing 521 DNS settings 165 displaying 521 FastResync for a file system 235 resetting 521 I/O fencing 89 DNS LDAP client configurations 189 about 163 NIS clients 191 domain names NTLM 311 clearing 165 NTP server 509 name servers Partition Secure Notification (PSN) feature 273 clearing 165 quota limits used by snapshots 250 specifying 165 support user account 45 settings ESX servers disabling 165 adding storage to 532 displaying 165 Ethernet interfaces enabling 165 bonding 161 DNS update changing configuration of 175 about 543 event notifications configuring 546 configuring 418 displaying the settings for 550 displaying time interval for 433 DNS update commands event reporting about 545 setting events for 433 DNS update service events starting 549 displaying on the console 429 stopping 549 export options DNS update set command CIFS 331 about 545 exporting domain audit events in syslog format to a given URL 434 setting 327 CIFS snapshot 340 setting user name 327 configuration settings 505 domain controller directory as a CIFS share 355 setting 327 events in syslog format to a given URL 434 domain name NFS snapshot 214 for the DNS server same file system/directory as a different CIFS setting 165 share 357 domain settings SNMP MIB file to a given URL 430 changing 292 domain user F NT domain mode 289 file data accessing by way of the HTTP server 405 E file extensions email address configuring in Symantec AntiVirus for FileStore adding to a group 421 configuration file 567 deleting from a specified group 421 598 Index
file extensions (continued) FileStore integration with VMware Virtual Center excluding from Symantec AntiVirus for FileStore about 514 scans 566 FileStore software file system adding a non-preconfigured node 57 converting into a cache object 265 filter upgrading to the current layout for running about 419 deduplication 274 adding to a group 421 file system alerts deleting from a specified group 421 about setting up 269 forcefully displaying 271 importing pools 86 setting 269 formatting unsetting 271 a disk 83 file system deduplication FTP configuring 143 about 377 file system I/O statistics add local user 396 displaying 512 delete local user 396 file system quotas implementing command changes 390 for enabling, disabling, and displaying 94 local user password 396 setting and displaying 96 local user set download bandwidth 399 file systems local user set home directory 399 adding a mirror to 230 local user set maximum connections 399 changing the status of 243 local user set maximum disk usage 399 checking and repairing 240 local user set maximum files 399 checking for stale mirrors 233 local user set upload bandwidth 399 creating 227 logupload 394 decreasing the size of 239 server start 380 defragmenting 245 server status 380 destroying 246 server stop 380 disabling FastResync option 236 session show 392 Dynamic Storage Tiering session showdetail 392 displaying 483 session terminate 392 enabling FastResync 235 set allow delete 385 increasing the size of 237 set anonymous login 385 listing with associated information 222 set anonymous logon 385 quotas 92 set anonymous write 385 removing a mirror from 230 set home directory path 385 restoring from an instant rollback 262 set listen port 385 that can be exported set maximum connections per client 385 displayed 203 set non-secure logins 385 FileStore set security 385 about 19 show local users 396 core strengths of 23 FTP local user key features 19 about 394 product documentation 27 FTP local user set Web resources 27 about 397 FileStore deduplication feature FTP server best practices for using 142 about 379 FileStore Dynamic Storage Tiering settings displaying 379 about 472 Index 599
FTP session I about 391 I/O fencing FTP set about 86 about 381 checking status 89 destroying 89 G disabling 89 group membership enabling 89 managing 372 idle threads guest operating system setting the maximum number for handling specifying if customizing for Linux or request spikes 409 Windows 536 setting the minimum number for request spikes 409 implementing H FTP command changes 390 hiding importing system files when adding or modifying a CIFS configuration settings 505 normal share 334 pools forcefully 86 history command including using 46 new nodes in the cluster 54 home directories increasing setting up 350 LUN storage capacity 82 home directory file systems size of a file system 237 setting 348 initiating host discovery of LUNs 86 home directory of given user installation states and conditions deleting 353 about 50 home directory usage information installing displaying 352 software on other nodes on the cluster 55 hostname or IP address installing patches 556 setting for LDAP server 184 about 554 how to use instant recovery Command-Line Interface (CLI) 31 NetBackup 445 HTTP alias instant rollbacks commands 411 about 258 HTTP server creating a shared cache object 265 clearing the root directory setting 415 creating full-sized 261 commands about 406 creating space-optimized 260 configuring for accessing file data 405 destroying 265 displaying the current root directory for 415 listing 262 displaying the status for 407 making go offline 264 document root mapping commands 413 making go online 264 set commands about 407 refreshing from a file system 263 setting the root directory 414 restoring a file system from 262 starting 406 interactions with other FileStore applications stopping 407 VMware vSphere extension for FileStore 531 HTTP sessions IP addresses displaying on each node 409 adding to a cluster 169 displaying for the cluster 169 modifying 169 removing from the cluster 169 600 Index
IP commands licensing Symantec AntiVirus for FileStore 561 about 167 list of Dynamic Storage Tiering file systems IP routing displaying 483 configuring 178 list of nodes iSCSI displaying in a cluster 52 about 117 listing iSCSI device all file systems and associated information 222 configuring 120 all of the files on the specified tier 482 iSCSI discovery cache objects 267 configuring 122 free space for storage pools 72 iSCSI initiator instant rollbacks 262 configuring 119 Partition Secure Notification (PSN) online file iSCSI initiator name systems that have this feature enabled 274 configuring 120 storage pools 72 iSCSI targets load balancing configuring 127 ctdb clustering mode 347 local CIFS groups J creating 375 deleting 375 joining displaying 375 FileStore to Active Directory (AD) 298 managing 374 local CIFS user L creating 372 LDAP deleting 372 about 181 displaying 372 before configuring settings 181 local CIFS user password configuring server settings 182 changing 372 setting up as an IDMAP backend using the local replication initialization 75 FileStore CLI 321 local user and groups LDAP password hash algorithm managing 371 setting password for 184 local user password LDAP server FTP 396 clearing configured settings 184 local user set download bandwidth disabling client configurations 189 FTP 399 displaying client configurations 189 local user set home directory displaying configured settings 184 FTP 399 enabling client configurations 189 local user set maximum connections setting over SSL 184 FTP 399 setting port number 184 local user set maximum disk usage setting the base distinguished name 184 FTP 399 setting the bind distinguished name 184 local user set maximum files setting the hostname or IP address 184 FTP 399 setting the password hash algorithm 184 local user set upload bandwidth setting the root bind DN 184 FTP 399 setting the users, groups, and netgroups base logging DN 184 in to CLI 31 leaving logupload AD domain 305 FTP 394 NT domain 292 Index 601
LUN storage capacity modifying (continued) increasing 82 policy of a tiered file system 486 LUNs schedule of a tiered file system 491 initiating host discovery 86 snapshot schedules 256 volpagemod_max_memsz parameter of M vxtune 526 more command mail server using 507 deleting the configured mail server 421 mounting snapshots 250 obtaining details for 421 moving disks setting the details of external 421 from one storage pool to another 67 man pages how to access 39 managing N CIFS shares 329 naming requirements for group membership 372 adding users 30 home directories 347 NDMP backup method local CIFS groups 374 displaying 463 local users and groups 371 NDMP backup method policy mapping configuring 456 deleting that is visible to clients as a NDMP failure resilient data virtualPath 413 displaying 463 from a virtualPath to a realPath 412 NDMP failure resilient policy masquerade as third-party policy configuring 456 configuring 456 NDMP masquerade as third-party Master, System Administrator, and Storage displaying 463 Administrator users NDMP overwrite data creating 41 displaying 463 metadata information NDMP overwrite policy allowing to be written on the secondary tier 494 configuring 456 restricting to the primary tier only 495 NDMP policies migrating about 455 CIFS share and home directory from ctdb to restoring 465 normal clustering mode 366 NDMP recursive restore data CIFS shares and home directories 362 displaying 463 CIFS shares and home directories from normal NDMP recursive restore policy to ctdb clustering mode 364 configuring 456 mirrored file systems NDMP restore Dynamic Storage Tiering data creating 227 displaying 463 mirrored tier NDMP restore Dynamic Storage Tiering policy adding to a file system 478 configuring 456 mirrored-stripe file systems NDMP send history data creating 227 displaying 463 mirrored-striped tier NDMP send history policy adding to a file system 478 configuring 456 modifying NDMP supported configurations an existing CIFS share 339 about 453 an IP address 169 NDMP update dumpdates data existing CIFS share 340 displaying 463 option tunefstab 521 602 Index
NDMP update dumpdates policy NFS snapshot configuring 456 exporting 214 NDMP use snapshot data NFS statistics displaying 463 displaying 202 NDMP use snapshot policy ninodes cache size configuring 456 changing 521 NDMP variables displaying 521 displaying 461 NIS NetBackup about 190 about 443 clients configuring NetBackup virtual IP address 450 disabling 191 configuring virtual name 451 enabling 191 displaying configurations 467 domain name instant recovery 445 setting on all the nodes of cluster 191 Snapshot Client 444 related commands snapshot methods 444 displaying 191 NetBackup EMM server. See NetBackup Enterprise server name Media Manager (EMM) server setting on all the nodes of cluster 191 NetBackup Enterprise Media Manager (EMM) server node adding to work with FileStore 449 adding a non-preconfigured node 57 NetBackup master server adding to the cluster 54, 56 configuring to work with FileStore 449 in a cluster NetBackup media server displaying information for all disk adding 449 devices 79 deleting 449 normal clustering mode netbios aliases for the CIFS server load balancing 346 setting 370 NSS network configuring 193 configuration and statistics 159 displaying configuration 194 network customization parameters lookup order specifying for guest operating systems if using configuring 194 DHCP or Static IP 538 NT domain mode Network Data Management Protocol configuring CIFS 287 about 452 domain user 289 network services setting domain 289 about 158 setting domain controller 289 NFS daemons setting security 289 changing 521 setting the workgroup name 289 displaying 521 starting CIFS server 289 NFS file sharing NTLM about 205 disabling 311 NFS options enabling 311 deleting 214 NTP server NFS server coordinating cluster nodes to work with 509 checking on the status 200 disabling 509 starting 200 displaying the status of 509 stopping 200 enabling 509 NFS share NTP servers adding 207 working with 508 Index 603
number of virtual machines to be created Q specifying 535 quota commands enabling, disabling, and displaying file system O quotas 94 obtaining for setting and displaying file system quotas 96 details of the configured email server 421 quota limits offline enabling or disabling snapshot 250 making an instant rollback go offline 264 quotas online CIFS home directories 105 making an instant rollback go 264 displaying the quota values for CIFS home option commands directories 115 about 518 for file systems 92 option tunefstab setting user quotas for users of specified displaying 521 groups 103 modifying 521 using for CIFS home directories 108
P R Partition Secure Notification (PSN) feature rebooting about 272 a node or all nodes in cluster 61 disabling 273 reconfiguring CIFS service enabling 273 about 326 listing the online file systems that have this refreshing feature enabled 274 instant rollbacks from a file system 263 password regions and time zones changing a user's password 41 setting 500 patch level registering displaying current versions of 553 FileStore cluster with the VMware Virtual Center patches Server 516 installing 556 relocating synchronizing 556 policy of a tiered file system 490 types of 554 removing uninstalling 556 a column from a file system 232 upgrading 551 a column from a tiered file system 476 policies a disk 83 about 476 disks 67 displaying files moved or pruned by running 493 IP address from the cluster 169 displaying for each tiered file system 486 mirror from a file system 230 modifying for a tiered file system 486 mirror from a tier spanning a specified disk 481 relocating from a tiered file system 490 mirror from a tier spanning a specified pool 481 removing from a tiered file system 486 mirror from a tiered file system 481 running for a tiered file system 486 policy of a tiered file system 486 preserving schedule of a tiered file system 491 snapshot schedules 256 snapshot schedules 256 privileges tier from a file system 480 about 29 renaming detached pool set 76 storage pools 72 replacing coordinator disks 89 604 Index
replication storage pool server status attaching 77 FTP 380 resetting server stop default passwords FTP 380 Master, System Administrator, and Storage server threads Administrator users 41 setting the initial number 410 DMP I/O policy 521 setting the maximum number in each server restoring process 410 a file system from an instant rollback 262 servers ndmp policies 465 adding LiveUpdate servers 570 restricting session show metadata information to the primary tier FTP 392 only 495 session showdetail resynchronizing FTP 392 stale mirrors on file systems 233 session terminate retrieving the NDMP data FTP 392 about 462 set allow delete roles FTP 385 about 29 set anonymous login root directory FTP 385 setting for the HTTP server 414 set anonymous logon root directory setting FTP 385 clearing for the HTTP server 415 set anonymous write route entries FTP 385 deleting from routing tables 178 set commands routing tables HTTP server 407 of the nodes in the cluster set home directory path displaying 178 FTP 385 running set listen port policy of a tiered file system 486 FTP 385 set maximum connections per client S FTP 385 set non-secure logins schedule FTP 385 displaying for all tiered file systems 491 set security modifying for a tiered file system 491 FTP 385 removing from a tiered file system 491 setting scheduling AD domain mode 302 Symantec AntiVirus for FileStore scan jobs 580, aio_fork option 369 582 base distinguished name for the LDAP second tier server 184 adding to a file system 478 bind distinguished name for LDAP server 184 security clock commands 499 standalone mode 284 details of the external mail server 421 security settings domain 327 AD domain mode 306 domain controller 327 changing 294 domain name for the DNS server 165 server start domain user name 327 FTP 380 events for event reporting 433 Index 605
setting (continued) setting up file system alerts 269 home directories 350 filter of the syslog server 427 severity levels home directory file systems 348 about 419 initial number of server threads 410 adding to an email group 421 LDAP as an IDMAP backend using the FileStore severity notifications CLI 321 setting 430 LDAP IDMAP backend to hash for accessing share directories CIFS 314 CIFS and NFS protocols 211 LDAP IDMAP backend to ldap for trusted domain share properties access to CIFS 313 displaying 336 LDAP IDMAP backend to rid for access to shared cache object CIFS 312 creating 265 LDAP password hash algorithm 184 sharing LDAP server hostname or IP address 184 file systems using CIFS and NFS protocols 342 LDAP server over SSL 184 show local users LDAP server port number 184 FTP 396 LDAP users, groups, and netgroups base DN 184 showing maximum number of idle threads for handling snapshot schedules 256 request spikes 409 shutting down maximum number of threads in each server node or all nodes in a cluster 60 process 410 snapshot methods maximum number to be created 410 NetBackup 444 minimum number of idle threads for request snapshot schedules spikes 409 about 252 netbios aliases for the CIFS server 370 creating 254 NIS domain name on all the nodes of cluster 191 deleting 256 NT domain mode 289 displaying 256 NT domain mode domain controller 289 modifying 256 NTLM 309 preserving 256 regions and time zones 500 removing 256 root bind DN for the LDAP server 184 showing 256 severity of the syslog server 427 snapshots SNMP filter notifications 430 about 246 SNMP severity notifications 430 creating 248 Symantec AntiVirus for FileStore action destroying 250 policy 577 displaying 249 system date and time 500 displaying quotas 250 the NIS server name on all the nodes of enabling or disabling quota limits 250 cluster 191 mounting 250 trusted domains 312 that can be exported trusted domains for the Active Directory 322 displayed 203 user quotas for users of specified groups 103 unmounting 250 workgroup name 289 SNMP setting domain user filter notifications AD domain mode 302 setting 430 setting security management server AD domain mode 302 adding 430 NT domain mode 289 deleting configured 430 606 Index
SNMP (continued) storage pools (continued) management server (continued) listing free space 72 displaying current list of 430 moving disks from one to another 67 MIB file renaming 72 exporting to a given URL 430 storage provisioning and management notifications about 64 displaying the values of 430 storing server account information 323 setting severity notifications 430 user and group accounts in LDAP 325 specified group user and group accounts locally 325 deleting a severity from 421 striped file systems specifying creating 227 DNS name servers 165 striped tier number of virtual machine clones to be adding to a file system 478 created 535 striped-mirror file systems specifying guest operating system creating 227 if customizing for Linux or Windows 536 striped-mirror tier specifying network customization parameters for adding to a file system 478 guest operating systems support user if customizing for DHCP or Static IP 538 about 44 SSL support user account setting the LDAP server for 184 disabling 45 standalone mode enabling 45 CIFS server status 284 support user password CIFS service 284 changing 45 security 284 support user status starting checking 45 backup services 467 swap command CIFS server 327 using 512 DNS update service 549 switching HTTP server 406 CIFS clustering modes from normal to ctdb 358 NFS server 200 ctdb clustering mode 358 starting CIFS server from ctdb to normal clustering mode 361 AD domain mode 302 Symantec AntiVirus for FileStore NT domain mode 289 about 560 status commands about 561 displaying for the DNS update service 550 configuring on the cluster's nodes 564 displaying for the HTTP server 407 displaying configuration 562 stopping displaying logs 562 backup services 467 displaying stats 562 DNS update service 549 licensing 561 HTTP server 407 manual scan commands 578 NFS server 200 quarantine commands about 574 storage scheduling scan jobs 582 adding to ESX servers 532 setting action policies 577 storage pools using manual scan commands 579 creating 72 using quarantine commands 575 destroying 72 Symantec AntiVirus for FileStore LiveUpdate listing 72 about 568 Index 607
Symantec AntiVirus for FileStore LiveUpdate trusted domains (continued) (continued) allowing access to CIFS when setting an LDAP adding LiveUpdate servers 570 IDMAP backend to rid 312 Symantec Enterprise Vault Partition Secure Notification (PSN) 272 U Symantec FileSnap unexporting creating virtual machine clones with 533 share of exported directory 214 synchronizing patches 556 uninstalling syslog event logging patches 556 about 426 unmounting snapshots 250 syslog format upgrading exporting audit events to a given URL 434 file system to the current layout for running exporting events to a given URL 434 deduplication 274 syslog server patches 551 adding 427 user and group accounts in LDAP deleting 427 storing 325 displaying the list of 427 user and group accounts locally displaying the values of 427 storing 325 setting the filter of 427 user names setting the severity of 427 mapping for CIFS/NFS sharing 345 system commands user roles and privileges about 498 about 29 system date and time users displaying 500 adding new 30 setting 500 changing passwords 41 system files creating 41 hiding when adding or modifying a CIFS normal deleting 41 share 334 using system statistics AD interface 309 displaying 511 history command 46 more command 507 T multi-domain controller support in CIFS 305 threads swap command 512 setting the maximum number to be created 410 Symantec AntiVirus for FileStore manual scan tier commands 579 adding a tier to a file system 481 Symantec AntiVirus for FileStore quarantine displaying location of a specified file 484 commands 575 listing all of the specified files on 482 removing a mirror from 481 V removing a mirror spanning a specified pool 481 verifying removing from a file system 480 FileStore has joined Active Directory (AD) 300 removing from a tier spanning a specified virtual machine clones 541 disk 481 viewing trusted domains list of locally saved configuration files 505 allowing access to CIF when setting an LDAP virtual IP address IDMAP backend to hash 314 configuring or changing for NetBackup 450 allowing access to CIFS when setting an LDAP virtual machine IDMAP backend to ldap 313 creating 533 608 Index
virtual machine clones specifying where to create 535 verifying 541 virtual name configuring for NetBackup 451 VLAN about interfaces 195 adding interfaces 196 configuring interfaces 196 deleting interfaces 196 displaying interfaces 196 VMware View configuring 539 VMware Virtual Center Server registering the FileStore with 516 VMware vSphere extension for FileStore about 530 interactions with other FileStore applications 531 volpagemod_max_memsz parameter of vxtune modifying 526 vxtune parameters displaying 526
W Web resources for FileStore 27 Windows Active Directory configuring as an LDAP IDMAP backend 315 WWN information displaying 84