Beruflich Dokumente
Kultur Dokumente
5.6
Legal Notice
Copyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, Veritas, Veritas Storage Foundation, CommandCentral, NetBackup, Enterprise Vault, and LiveUpdate are trademarks or registered trademarks of Symantec corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (Third Party Programs). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. See the Third-party Legal Notices document for this product, which is available online or included in the base release media. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
Technical Support
Symantec Technical Support maintains support centers globally. Technical Supports primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/index.jsp All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.
Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description:
Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes
Customer service
Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues:
Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals
Documentation
Product guides are available on the media in PDF format. Make sure that you are using the current version of the documentation.The document version appears on page 2 of each guide. The latest product documentation is available on the Symantec website. http://www.symantec.com/business/support/overview.jsp?pid=15107 Your feedback on product documentation is important to us. Send suggestions for improvements and reports on errors or omissions. Include the title and document version (located on the second page), and chapter and section titles of the text on which you are reporting. Send feedback to: docs@symantec.com
Consulting Services
Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring, and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources. Education Services provide a full array of technical training, security education, security certification, and awareness communication programs.
Education Services
To access more information about enterprise services, please visit our Web site at the following URL: www.symantec.com/business/services/ Select your country or language from the site index.
Contents
Chapter 2
10
Contents
Configuring the support user account .............................................. 46 Displaying the command history ..................................................... 47
Chapter 3
Chapter 4
Contents
11
Displaying the quota values for CIFS home directories ...................... About iSCSI ............................................................................... Configuring the iSCSI initiator ................................................ Configuring the iSCSI initiator name ........................................ Configuring the iSCSI device .................................................. Configuring discovery on iSCSI ............................................... About configuring the iSCSI targets ............................................... Configuring the iSCSI targets ....................................................... About data archive and retention (DAR) .......................................... How DAR interacts with other FileStore applications ........................ Configuring data archive and retention ..........................................
105 107 108 109 110 111 114 116 119 121 123
Chapter 5
12
Contents
Chapter 6
Chapter 7
About NFS file sharing ................................................................ Displaying exported directories ..................................................... Adding an NFS share .................................................................. Sharing directories using CIFS and NFS protocols ............................ Exporting an NFS snapshot .......................................................... Unexporting a directory or deleting NFS options ..............................
Chapter 8
........................ 187 188 191 191 192 195 197 198 199 201 202 202 204 204 205 206 208 209 211 213 215 215 217 219 220 221 221
About creating and maintaining file systems ................................... Listing all file systems and associated information ........................... About creating file systems .......................................................... Creating a file system ................................................................. Adding or removing a mirror to a file system ................................... Configuring FastResync for a file system ........................................ Disabling the FastResync option for a file system ............................. Increasing the size of a file system ................................................. Decreasing the size of a file system ................................................ Checking and repairing a file system .............................................. Changing the status of a file system ............................................... Defragmenting a file system ......................................................... Destroying a file system .............................................................. About snapshots ........................................................................ Creating snapshots ............................................................... Displaying snapshots ............................................................ Configuring snapshots .......................................................... About snapshot schedules ...................................................... Creating snapshot schedules .................................................. Displaying snapshot schedules ................................................ Configuring snapshot schedules .............................................. About instant rollbacks ............................................................... Creating a FileStore space-optimized rollback ............................ Creating a full-sized rollback .................................................. Listing FileStore instant rollbacks ........................................... Restoring a file system from an instant rollback .........................
Contents
13
Refreshing an instant rollback from a file system ....................... Making an instant rollback go online ........................................ Making an instant rollback go offline ....................................... Destroying an instant rollback ................................................ Creating a shared cache object for a FileStore instant rollback ........................................................................ Listing cache objects for a FileStore instant rollback ................... Destroying a cache object of a FileStore instant rollback .............. About setting up file system alerts for file system usage .................... Setting file system alerts ....................................................... Unsetting file system alerts .................................................... Displaying file system alerts ................................................... About the Partition Secure Notification (PSN) feature ....................... Enabling the Partition Secure Notification (PSN) feature ............. Disabling the Partition Secure Notification (PSN) feature ............. Listing the online file systems that have the Partition Secure Notification (PSN) feature enabled .....................................
222 223 223 224 225 226 227 227 227 229 229 230 231 231 232
Chapter 9
14
Contents
About setting NTLM .................................................................... Setting NTLM ............................................................................ About setting trusted domains ...................................................... Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to rid ..................................................... Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to ldap ................................................... Allowing trusted domains access to CIF when setting an LDAP IDMAP backend to hash ................................................... About configuring Windows Active Directory as an LDAP IDMAP backend for FileStore for CIFS .......................................... Configuring the Active Directory schema with CIFS-schema extensions ..................................................................... Configuring LDAP as an IDMAP backend using the FileStore CLI ............................................................................... Configuring the CIFS server with the LDAP backend ................... Setting Active Directory trusted domains .................................. About storing account information ................................................ Storing user and group accounts ................................................... About reconfiguring the CIFS service ............................................. Reconfiguring the CIFS service ..................................................... About managing CIFS shares ........................................................ About the CIFS export options ................................................ Setting share properties ........................................................ Displaying CIFS share properties ............................................. Allowing specified users and groups access to the CIFS share ............................................................................ Denying specified users and groups access to the CIFS share ............................................................................ Modifying an existing CIFS share ............................................ Modifying an existing CIFS share with different CIFS options ......................................................................... Exporting a CIFS snapshot ..................................................... Deleting a CIFS share ............................................................ Sharing file systems using CIFS and NFS protocols ........................... About mapping user names for CIFS/NFS sharing ............................ About load balancing for the normal clustering mode ........................ About load balancing for the ctdb clustering mode ........................... Splitting a CIFS share .................................................................. About managing home directories ................................................. Setting the home directory file systems .................................... Setting up home directories .................................................... Displaying home directory usage information ............................
262 264 265 265 266 267 268 269 274 274 275 276 278 279 280 282 284 286 288 289 290 291 292 292 293 294 297 298 300 300 302 303 305 307
Contents
15
Deleting home directories and disabling creation of home directories ..................................................................... About ctdb clustering modes ........................................................ Exporting a directory as a CIFS share ............................................ Exporting the same file system/directory as a different CIFS share .................................................................................. About switching the clustering mode ............................................. Switching from normal to ctdb clustering mode ......................... Switching from ctdb to normal clustering mode ......................... About migrating CIFS shares and home directories ........................... Migrating CIFS shares and home directories from normal to ctdb clustering mode ............................................................. Migrating CIFS shares and home directories from ctdb to normal clustering mode ............................................................. Setting the aio_fork option ........................................................... Setting the netbios aliases for the CIFS server .................................. About managing local users and groups .......................................... Creating a local CIFS user ...................................................... About configuring local groups ............................................... Configuring a local group .......................................................
308 309 310 312 313 313 316 317 319 321 324 325 326 327 329 330
Chapter 10
Chapter 11
16
Contents
Stopping the HTTP server ...................................................... Displaying the status for the HTTP server ................................. About HTTP set commands .......................................................... Displaying the current HTTP sessions on each node ................... Setting the minimum number of idle threads for handling request spikes ........................................................................... Setting the maximum number of idle threads for handling request spikes ........................................................................... Setting the maximum number of threads to be created ................ Setting the initial number of server threads .............................. Setting the maximum number of threads in each server process ......................................................................... Displaying the list of all configurable HTTP options and their values .......................................................................... About HTTP alias commands ........................................................ Adding a mapping from a virtualPath to a realPath ..................... Deleting a mapping that is visible to clients as a virtualPath ......... Displaying all the aliases configured on the server ...................... About HTTP document root mapping commands .............................. Setting the root directory for the HTTP server ........................... Displaying the current root directory for the HTTP server ...........
361 361 361 363 363 363 364 364 364 365 365 366 367 367 367 368 368
Chapter 12
Chapter 13
Contents
17
About NetBackup snapshot methods .............................................. About NetBackup instant recovery ................................................ About Fibre Transport ................................................................. About SAN clients ...................................................................... About FT media servers ............................................................... About the FT Service Manager ...................................................... About zoning the SAN for Fibre Transport ...................................... About HBAs for SAN clients and FT media servers ............................ About connecting the fiber for SAN Client ....................................... Adding a NetBackup master server to work with FileStore ................. Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation .......................................... Configuring the virtual name of NetBackup ..................................... About Network Data Management Protocol ..................................... About NDMP supported configurations .................................... About the NDMP policies ....................................................... Configuring the NDMP policies ............................................... Displaying all NDMP policies .................................................. About retrieving the NDMP data ............................................. Retrieving the NDMP data ...................................................... Restoring the default NDMP policies ........................................ About backup configurations ........................................................ Configuring backup .................................................................... Configuring backups using NetBackup or other third-party backup applications ........................................................................
396 397 397 397 398 398 398 399 399 400 402 403 403 405 406 407 412 413 414 416 417 418 420
Chapter 14
18
Contents
About configuring schedules for all tiered file systems ...................... Configuring schedules for all tiered file systems ............................... Displaying files that will be moved and/or pruned by running a policy ................................................................................. Allowing metadata information on the file system to be written on the secondary tier ................................................................. Restricting metadata information to the primary tier only .................
Chapter 15
Chapter 16
Chapter 17
Contents
19
About configuring Auto-Protect on FileStore file systems .................. Configuring Auto-Protect on FileStore file systems ........................... About excluding file extensions ..................................................... Configuring file extensions for the Symantec AntiVirus for FileStore configuration file ................................................................. About Symantec AntiVirus for FileStore LiveUpdate ......................... Using Symantec AntiVirus for FileStore with LiveUpdate .................. About using Symantec AntiVirus for FileStore quarantine commands .......................................................................... Using Symantec AntiVirus for FileStore quarantine commands .......... Setting the Symantec AntiVirus for FileStore action policy ................ About using Symantec AntiVirus for FileStore manual scan commands .......................................................................... Using Symantec AntiVirus for FileStore manual scan commands .......................................................................... About scheduling a Symantec AntiVirus for FileStore scan job ............ Scheduling a Symantec AntiVirus for FileStore scan job ....................
481 482 482 483 484 486 490 491 493 494 495 496 498
Chapter 18
20
Contents
Chapter
About FileStore About FileStore features About the core strengths of FileStore FileStore key benefits and other applications FileStore on the Web Using the FileStore product documentation
About FileStore
FileStore was formerly known as Storage Foundation Scalable File Server. FileStore is a highly-scalable and highly-available clustered Network Attached Storage (NAS) software appliance. Based on Storage Foundation Cluster File System technology, FileStore is a complete solution for multi-protocol file serving. FileStore provides an open storage gateway model, including a highly- available and scalable Network File System (NFS), CIFS, and FTP file serving platform and an easy-to-use administrative interface. The product includes the following key features:
Backup operations using both NDMP and/or the built-in NetBackup client Active/Active CIFS, including integration with Active Directory operations Simple administration through a single GUI and/or CLI interface
22
Active/Active shared data NFS sharing including shared read/write and LDAP/NIS support Simple administration of Fibre Channel Host Bus Adapters (HBAs), file systems, disks, snapshots, and Dynamic Storage Tiering (DST) SNMP, syslog, and email notification High-speed asynchronous/episode-based replication for content distribution and data mining Multi-protocol sharing of file systems in a highly-scalable and highly-available manner Support for single-node FileStore clusters Create a snapshot schedule that stores the values by minutes, hour, day-of-the-month, month, and day-of-the-week along with the name of the file system Seamless upgrade and patch management Support information Online man pages
The components of FileStore include a security-hardened, custom-install SLES 10 SP3 operating system, core Storage Foundation services including Cluster File System, and the FileStore software platform. These components are provided on a single DVD or DVD ISO image.
Simple installation
A single node in the cluster is booted from a DVD containing the operating system image, core Storage Foundation, and FileStore modules. While the node boots, the other nodes are defined using IP addresses. After you install FileStore and the first node is up and running, the rest of the cluster nodes are automatically installed with all necessary components. The key services are then automatically started to allow the cluster to begin discovering storage and creating file shares.
23
Active/Active CIFS
CIFS is active on all nodes within the FileStore cluster. The specific shares are read/write on the node they reside on, but can failover to any other node in the cluster. FileStore supports CIFS home directory shares.
Administration
FileStore contains a role-based administration model consisting of the following key roles:
These roles are consistent with the operational roles in many data centers. For each role, the administrator uses a simple menu-driven text interface. This interface provides a single point of administration for the entire cluster. A user logs in as one of those roles on one of the nodes in the cluster and runs commands that perform the same tasks on all nodes in the cluster. You do not need to have any knowledge of the Veritas Storage Foundation technology to install or administer an FileStore cluster. If you are currently familiar with core SFCFS or Storage Foundation in general, you will be familiar with the basic management concepts.
24
Storage tiering
FileStore's built-in Dynamic Storage Tiering (DST) feature can reduce the cost of storage by moving data to lower cost storage. FileStore storage tiering also facilitates the moving of data between different drive architectures. DST lets you do the following:
Create each file in its optimal storage tier, based on pre-defined rules and policies. Relocate files between storage tiers automatically as optimal storage changes, to take advantage of storage economies. Prune files on secondary tiers automatically as files age and are no longer needed. Retain original file access paths to minimize operational disruption, for applications, backup procedures, and other custom scripts. Handle millions of files that are typical in large data centers. Automate these features quickly and accurately.
25
Dynamic Multipathing (DMP) Cluster Volume Manager Cluster File System (CFS) Veritas Cluster Server (VCS) Dynamic Storage Tiering (DST) I/O Fencing
DMP provides load balancing policies and tight integration with array vendors to provide in-depth failure detection and path failover logic. DMP is compatible with more hardware than any other similar product, and is a standard component within the FileStore product. Cluster Volume Manager provides a cluster-wide consistent virtualization layer that leverages all the strengths of the underlying Veritas Volume Manager (VxVM) technology including online re-layout and resizing of volumes, and online array migrations. You can mirror your FileStore file systems across separate physical frames to ensure maximum availability on the storage tier. This technique seamlessly adds or removes new storage, whether single drives or entire arrays. Cluster File System complies with the Portable Operating System Interface (POSIX) standard. It also provides full cache consistency and global lock management at a file or sub-file level. CFS lets all nodes in the cluster perform metadata or data transactions. This allows linear scalability in terms of NFS operations per second. VCS monitors communication, and failover for all nodes in the cluster and their associated critical resources. This includes virtual IP addressing failover for all client connections regardless of the client protocol. DST dynamically and transparently moves files to different storage tiers to respond to changing business needs. DST is used in Symantec FileStore as FileStore Storage Tiering. I/O fencing further helps to guarantee data integrity in the event of a multiple network failure by using the FileStore storage to ensure that cluster membership can be determined correctly. This virtually eliminates the chance of a cluster split-brain from occurring.
26
27
Figure 1-1
When using 16-node clusters, extremely high throughput performance numbers can be obtained. This is due to the benefits of near linear FileStore cluster scalability.
High availability
FileStore has an always on" file service that provides zero interruption of file services for company critical data. The loss of single or even multiple nodes does not interrupt I/O operations on the client tier. This is in contrast to the traditional active/passive failover paradigm. Further, with FileStore's modular N-to-N approach to clustered NAS, any node can act as a failover for any other node. The FileStore architecture provides transparent failover for other key services such as NFS lock state, CIFS and FTP daemons, reporting, logging, and backup/restore operations. The console service that provides access to the centralized menu-driven interface is automatically failed over to another node. The installation service is also highly available and can seamlessly recover from the initially installed node failing during the installation of the remaining nodes in the cluster. The use of Veritas Cluster Server technology and software within FileStore is key to the ability of FileStore to provide best-of-breed high availability, in addition to class-leading scale-out performance.
28
A typical enterprise uses 30-40% of its storage. This low storage utilization rate results in excessive spending on new storage when there is more than adequate free space in the data center. With FileStore, you can group storage assets into fewer, larger shared pools. This increases the use of backend LUNs and overall storage. FileStore also has built-in, pre-configured heterogeneous storage tiering. This lets you use different types of storage in a primary and secondary tier configuration. Using simple policies, data can be transparently moved from the primary storage tier to the secondary tier. This is ideal when mixing drive types and architectures such as high-speed SAS drives with cheaper storage, such as SATA-based drives. Furthermore, data can be stored initially on the secondary tier and then promoted to the primary tier dynamically based on a pattern of I/O. This creates an optimal scenario when you use Solid State Disks (SSDs) because there will often be a significant change between the amount of SSD storage available, and amount of other storage availability, such as SATA drives. Data and files that are promoted to the primary tier are transferred back to the secondary tier in accordance with the configured access time policy. All of this results in substantially increased efficiency, and it can save you money because you make better use of the storage you already have.
29
Symantec FileStore Web GUI Administrators Guide (sfs_admin_gui.pdf) Symantec FileStore Command-Line Administrators Guide (sfs_admin.pdf) Symantec FileStore Installation Guide (sfs_install.pdf) Symantec FileStore Replication Guide (sfs_replication.pdf) Symantec FileStore Release Notes (sfs_relnotes.pdf)
30
Chapter
About user roles and privileges About the naming requirements for adding new users About using the FileStore command-line interface Logging in to the FileStore CLI About accessing the online man pages About creating Master, System Administrator, and Storage Administrator users Creating Master, System Administrator, and Storage Administrator users About the support user Configuring the support user account Displaying the command history
32
Creating users based on roles About the naming requirements for adding new users
System Administrator
Storage Administrator
The Support account is reserved for Technical Support use only, and it cannot be created by administrators. See Using the support login on page 517.
Length
Can be up to 31 characters. If user names are greater than 31 characters, you will receive the error, "Invalid user name." FileStore CLI commands are case-insensitive (for example, the user command is the same as the USER command). However, user-provided variables are case-sensitive (for example, the username Master1 is not the same as the username MASTER1). Hyphens (-) and underscores (_) are allowed.
Case
Can contain
Creating users based on roles About using the FileStore command-line interface
33
See Creating Master, System Administrator, and Storage Administrator users on page 42.
Command-line help by typing a command and then a question mark (?) Command-line manual (man) pages by typing man and the name of the command you are trying to find Conventions used in the FileStore online command-line man pages Description
Indicates you must choose one of elements on either side of the pipe. Indicates that the element inside the brackets is optional. Indicates that the element inside the braces is part of a group. Indicates a variable for which you need to supply a value. Variables are indicated in italics in the man pages.
34
Note: Changing the default password is important for system security. If you do not change the default password, a warning message appears the next time you log in. See Creating Master, System Administrator, and Storage Administrator users on page 42. By default, the initial password for any user is the same as the username. For example, if you logged in as user1, your default password would also be user1. To use any of the CLI commands, first log in by using the user role you have been assigned. Then enter the correct mode. These two steps must be performed before you can use any of the commands. Note: The End User License Agreement (EULA) is displayed the first time you log in to the FileStore CLI. To log in to the FileStore CLI
1 2
Log in to FileStore using the appropriate user role, System Admin, Storage Admin, or Master. Enter the name of the mode you want to enter. For example, to enter the admin mode, you would enter the following:
admin
You can tell you are in the admin mode because you will see the following:
Admin>
The following tables describe all the available modes, commands associated with that mode, and what roles to use depending on which operation you are performing. Table 2-4 Admin mode commands System Admin
X X
Storage Admin
X X
Master
X X X X
35
Table 2-5
Storage Admin
Master
X X X X X X X X X
Table 2-6
Storage Admin
Master
X X X X X X X X
Table 2-7
Storage Admin
Master
X
36
Table 2-7
Storage Admin
Master
X X X X X X
Table 2-8
Storage Admin
Master
X X X X X
Table 2-9
Storage Admin
Master
X X X X X X
37
Table 2-10
Storage Admin
X
Master
X
Table 2-11
Storage Admin
Master
X X X X X X X X X
Table 2-12
Storage Admin
Master
X X X X
Table 2-13
Storage Admin
Master
X X
38
Table 2-13
Storage Admin
Master
X X X X X
Table 2-14
Storage Admin
Master
X X X X X X X X X X X X X X
39
Table 2-15
Table 2-16
Storage Admin
Master
X X X X X X X
Table 2-17
Storage Admin
Master
X X
40
Creating users based on roles About accessing the online man pages
enable disable show [users|groups|netgroups] set {server|port|basedn|binddn|ssl|rootbinddn|users-basedn| groups-basedn|netgroups-basedn|password-hash} value ldap get {server|port|basedn|binddn|ssl|rootbinddn| users-basedn|groups-basedn|netgroups-basedn|password-hash}
You can also type a question mark (?) at the prompt for a list of all the commands that are available for the command mode that you are in. For example, if you are within the admin mode, if you type a question mark (?), you will see a list of the available commands for the admin mode.
sfs> admin ? Entering admin mode... sfs.Admin> exit logout man passwd show supportuser user --return to the previous menus --logout of the current CLI session --display on-line reference manuals --change the administrator password --show the administrator details --enable or disable the support user --add or delete an administrator
To exit the command mode, enter the following: exit. For example:
sfs.Admin> exit sfs>
Creating users based on roles About creating Master, System Administrator, and Storage Administrator users
41
For example:
sfs> logout
passwd
Creates a password. Passwords can be any length. By default, the initial password for any user is the same as the username. For example, if you logged in as user1, your default password would also be user1. You will not be prompted to supply the old password. See Creating Master, System Administrator, and Storage Administrator users on page 42.
show
Displays a list of current users, or you can specify a particular username and display both the username and its associated privilege. See Creating Master, System Administrator, and Storage Administrator users on page 42.
42
Creating users based on roles Creating Master, System Administrator, and Storage Administrator users
For example:
Admin> user add master1 master Creating Master: master1 Success: User master1 created successfully
For example:
Admin> user add systemadmin1 system-admin Creating System Admin: systemadmin1 Success: User systemadmin1 created successfully
Creating users based on roles Creating Master, System Administrator, and Storage Administrator users
43
For example:
Admin> user add storageadmin1 storage-admin Creating Storage Admin: storageadmin1 Success: User storageadmin1 created successfully
To change the password for the current user, enter the following command:
Admin> passwd
You will be prompted to enter the new password for the current user.
To change the password for a user other than the current user, enter the following command:
Admin> passwd [username]
You will be prompted to enter the new password for the user.
44
Creating users based on roles Creating Master, System Administrator, and Storage Administrator users
For example:
Admin> show List of Users ------------master user1 user2
To display the details of the administrator with the username master, enter the following:
Admin> show master Username : master Privileges : Master Admin>
If you want to display the list of all the current users prior to deleting a user, enter the following:
Admin> show
For example:
Admin> user delete user1 Deleting User: user1 Success: User user1 deleted successfully
45
supportuser password
Changes the support user password. The password can be changed at any time. See Configuring the support user account on page 46.
supportuser status Checks the status of the support user (whether it is enabled or disabled).
46
For example:
Admin> supportuser enable Enabling support user. support user enabled. Admin>
If you want to change the support user password, enter the following:
Admin> supportuser password
For example:
Admin> supportuser password Changing password for support. New password: Re-enter new password: Password changed Admin>
If you want to check the status of the support user, enter the following:
Admin> supportuser status
For example:
Admin> supportuser status support user status : Enabled Admin>
47
For example:
Admin> supportuser disable Disabling support user. support user disabled. Admin>
48
For example:
SFS> history master 7 Username : master Privileges : Master Time Status 02-12-2009 11:09 Success 02-12-2009 11:10 Success 02-12-2009 11:19 Success 02-12-2009 11:28 Success 02-12-2009 15:00 SUCCESS 02-12-2009 15:31 Success 02-12-2009 15:49 Success SFS>
Message NFS> server status NFS> server start NFS> server stop NFS> fs show Disk list stats completed Network shows success Network shows success
Command (server status) (server start ) (server stop ) (show fs ) (disk list ) (show ) (show )
Chapter
About the cluster commands About FileStore installation states and conditions Displaying the nodes in the cluster About adding a new node to the cluster Installing the FileStore software onto a new node Adding a node to the cluster Deleting a node from the cluster Shutting down the cluster nodes Rebooting the nodes in the cluster
50
Displaying and adding nodes to a cluster About FileStore installation states and conditions
Installs the FileStore software onto the new node. See Installing the FileStore software onto a new node on page 54. Adds a new node to the FileStore cluster. See Adding a node to the cluster on page 56.
cluster> delete
Deletes a node from the FileStore cluster. See Deleting a node from the cluster on page 57.
cluster> shutdown Shuts down one or all of the nodes in the FileStore cluster. See Shutting down the cluster nodes on page 58. cluster> reboot Reboots a single node or all of the nodes in the FileStore cluster. Use the nodename(s) that is displayed in the show command. See Rebooting the nodes in the cluster on page 59.
INSTALLED
Displaying and adding nodes to a cluster About FileStore installation states and conditions
51
Table 3-2
Depending on the cluster condition as described in Table 3-3, output for the Cluster> show command changes. Table 3-3 Condition Cluster conditions and states Description
If the node is configured and State displays as FAULTED, and there is no installation state part of the cluster, but the or network statistics. node is powered off. If the node is configured and State displays as FAULTED, and there is no installation state part of the cluster, but the or network statistics. node is physically removed from the cluster. If the node is configured and State changes from LEAVING to EXITED. part of the cluster, but the node is shutdown using the Cluster> shutdown command. If the node is configured and Node gets deleted from the cluster, and the node is shown part of the cluster, and you under the installed node list. issue the Cluster> delete command. If the node is installed, but If the system is powered off, the node displays in the not part of the cluster, and is installed node list for 2-3 minutes, but attempting to add powered off. the node to the cluster will not work, as the system is in a powered-off state. After 2-3 minutes has expired, the node is deleted from the installed node list. If the system is powered on, the node appears in the installed node list. If the node is installed, but Same behavior as above. not part of the cluster, and is physically removed.
52
Displaying and adding nodes to a cluster Displaying the nodes in the cluster
Displaying and adding nodes to a cluster Displaying the nodes in the cluster
53
To display a list of nodes that are part of a cluster, and the systems that are available to add to the cluster, enter the following:
Cluster> show
For the nodes not yet added to the cluster, they are displayed with unique identifiers.
Node ---4dd5a565-de6c-4904-aa27-3645cf557119 bafd13c1-536a-411a-b3ab-3e3253006209 State ----INSTALLED 5.0SP2(172.16.113.118) INSTALLING-Stage-4-of-4
Node
Displays the node name if the node has already been added to the cluster. Displays the unique identifier for the node if it has not been added to the cluster. Example: node_01 or 35557d4c-6c05-4718-8691-a2224b621920
State
Displays the state of the node or the installation state of the system along with an IP address of the system if it is installed. See About FileStore installation states and conditions on page 50.
Indicates the CPU load Indicates the network load for the Public Interface 0 Indicates the network load for the Public Interface 1
54
Displaying and adding nodes to a cluster About adding a new node to the cluster
To display the CPU and network loads collected from now to the next five seconds, enter the following:
Cluster> show currentload
Example output:
Node ---sfs_01 sfs_02 sfs_03 State ----RUNNING RUNNING RUNNING CPU(5 sec) % ---------0.26 0.87 10.78 pubeth0(5 sec) pubeth1(5 sec) rx(MB/s) tx(MB/s) rx(MB/s) tx(MB/s) -------- -------- -------- -------0.01 0.00 0.01 0.00 0.01 0.00 0.01 0.00 27.83 12.54 0.01 0.00
You first need to install the FileStore software binaries on the node. You then add the node to your existing cluster. After the FileStore software has been installed, the node enters the INSTALLED state. It can then be added to the cluster and become operational.
Note: Before proceeding, make sure that all of the nodes are physically connected to the private and public networks. Software installation can run concurrently on multiple new nodes. See the Symantec FileStore Installation Guide for more information.
Log in to the master account through the FileStore console and access the network mode. To log in to the FileStore console:
Displaying and adding nodes to a cluster Installing the FileStore software onto a new node
55
For the password, enter the default password for the master account, master. You can change the password later by using the Admin> password command. Note: Changing the default password is important for system security. If you do not change the default password, a warning message appears the next time you log in.
If the nodes have not been preconfigured, you need to preconfigure them. To preconfigure nodes:
Obtain the IP address ranges, as described in the Symantec FileStore Installation Guide, for the public network interfaces of the nodes to be installed. Add each IP address using the following command:
Network> ip addr add ipaddr netmask type
IP is a protocol that allows addresses to be attached to an Ethernet interface. Each Ethernet interface must have at least one address to use the protocol. Several different addresses can be attached to one Ethernet interface. Add the ipaddr and the netmask. And type is the type of IP address (virtual or physical).
Press F12 (or an equivalent key) for each new node for a network reboot. The FileStore software is automatically installed on all of the nodes.
Enter Cluster> show to display the status of the node installation as it progresses.
Cluster> show
INSTALLING (Stage 1 of 4: Installing Linux) INSTALLING (Stage 2 of 4: Copying SFS installation sources) INSTALLING (Stage 3 of 4: First Boot) INSTALLING (Stage 4 of 4: Installing SFS)
56
Power off the node. Use the Cluster > delete nodename command to delete the node from the cluster. Power on the node. Use the Cluster > add nodeip command to add the node to the cluster.
Displaying and adding nodes to a cluster Deleting a node from the cluster
57
1 2 3
Log in to FileStore using the master user role. Enter the cluster mode. To add the new node to the cluster, enter the following:
Cluster> add nodeip
where nodeip is the IP address assigned to the INSTALLED node. For example:
Cluster> add 172.16.113.118 Checking ssh communication with 172.16.113.118 ...done Configuring the new node .....done Adding node to the cluster.........done Node added to the cluster New node's name is: sfs_01
58
Displaying and adding nodes to a cluster Shutting down the cluster nodes
To show the current state of all nodes in the cluster, enter the following:
Cluster> show
where nodename is the nodename that appeared in the listing from the show command. For example:
Cluster> delete sfs_01 Stopping Cluster processes on sfs_01 ...........done deleting sfs_1's configuration from the cluster .....done Node sfs_1 deleted from the cluster
If you try to delete a node that is unreachable, you will receive the following warning message:
This SFS node is not reachable, you have to re-install the SFS software via PXE boot after deleting it. Do you want to delete it now? (y/n)
Displaying and adding nodes to a cluster Rebooting the nodes in the cluster
59
nodename indicates the name of the node you want to shut down. For example:
Cluster> shutdown sfsfiler_04 Stopping Cluster processes on sfsfiler_04 Sent shutdown command to sfsfiler_04. SSH sessions to sfsfiler_04 may terminate.
To shut down all of the nodes in the cluster, enter the following:
Cluster> shutdown all
Use all as the nodename if you want to shut down all of the nodes in the cluster. For example:
Cluster> shutdown all Stopping Cluster processes on all SSH sessions to all nodes may terminate. Sent shutdown command to sfsfiler_02 Sent shutdown command to sfsfiler_03 Sent shutdown command to sfsfiler_04 Sent shutdown command to sfsfiler_01
60
Displaying and adding nodes to a cluster Rebooting the nodes in the cluster
To reboot a node
nodename indicates the name of the node you want to reboot. For example:
Cluster> reboot sfsfiler_04 Stopping Cluster processes on sfsfiler_04 Sent reboot command to sfsfiler_04. SSH sessions to sfsfiler_4 may terminate.
Use all as the nodename if you want to reboot all of the nodes in the cluster. For example:
Cluster> reboot all Stopping Cluster processes on all SSH sessions to all nodes may terminate. Sent reboot command to sfsfiler_02 Sent reboot command to sfsfiler_03 Sent reboot command to sfsfiler_04 Sent reboot command to sfsfiler_01
Chapter
Configuring storage
This chapter includes the following topics:
About storage provisioning and management About configuring storage pools Configuring storage pools About configuring disks Configuring disks About performing local replication initialization Detaching one or more pools from the FileStore cluster as a detached pool set Displaying detached pools Attaching a replication storage pool to a FileStore cluster About displaying information for all disk devices Displaying information for all disk devices associated with nodes in a cluster Increasing the storage capacity of a LUN Formatting/reinitializing a disk Printing WWN information Initiating FileStore host discovery of LUNs Importing pools forcefully About I/O fencing Configuring I/O fencing
62
About quotas for file systems Using quota commands for enabling, disabling, and displaying file system quotas Using quota commands for setting and displaying file system quotas About quotas for CIFS home directories Using quotas for CIFS home directories Displaying the quota values for CIFS home directories About iSCSI About configuring the iSCSI targets Configuring the iSCSI targets About data archive and retention (DAR) How DAR interacts with other FileStore applications Configuring data archive and retention
63
To access the commands, log into the administrative console (master, system-admin, or storage-admin) and enter the Storage> mode. See About using the FileStore command-line interface on page 33. Table 4-1 Command
disk grow
disk list
Lists all of the available disks, and identifies which ones you want to assign to which pools. See About displaying information for all disk devices on page 76.
disk format
Formats/reinitializes a disk forcefully to reinstate it. See Formatting/reinitializing a disk on page 81.
dar
Enables file systems for data archive and retention (DAR). See Configuring data archive and retention on page 123.
fencing
Protects the data integrity if the split-brain condition occurs. See About I/O fencing on page 82.
hba
Prints the World Wide Name (WWN) information for all of the nodes in the cluster. See Printing WWN information on page 81.
iscsi
pool
Configures storage pools. See About configuring storage pools on page 64.
pool adddisk, pool mvdisk, pool rmdisk pool detachset, pool showdetached, pool attachset
Configures the disk(s) in the pool. See About configuring disks on page 69. Configures local replication initialization. See About performing local replication initialization on page 72.
64
quota
Sets a limit on disk quota to restrict certain aspects of the file system usage. See About quotas for file systems on page 87.
65
Note: Disks being used for the Storage> pool create command
must support SCSI-3 PGR registrations if I/O fencing is enabled.
Note: The minimum size of disks required for creating a pool or adding
a disk to the pool is 10 MB. See Configuring storage pools on page 66. pool list Displays the pools and associated disks. A storage pool is a collection of disks from shared storage; the pool is used as the source for adding file system capacity as needed. See Configuring storage pools on page 66. pool rename Renames a pool. See Configuring storage pools on page 66. pool destroy Destroys storage pools used to create file systems. Destroying a pool does not delete the data on the disks that make up the storage pool. See Configuring storage pools on page 66. pool free Lists the free space in each of the pools. Free space information includes:
66
List all of the available disks, and identify which ones you want to assign to which pools.
Storage> disk list Disk sfs_01 ==== ======== disk1 OK
disk1, disk2,...
For example:
Storage> pool create pool1 Disk_0,Disk_1 SFS pool Success V-288-1015 Pool pool1 created successfully 100% [#] Creating pool pool1
67
For example:
Storage> pool list Pool List of disks --------------------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_3 pool3 Disk_4 Disk_5
To rename a pool
new_name
For example:
Storage> pool rename pool1 p01 SFS pool Success V-288-0 Disk(s) Pool rename successful.
68
where pool_name specifies the storage pool to delete. If the specified pool_name is not an existing storage pool, an error message is displayed. For example:
Storage> pool destroy pool1 SFS pool Success V-288-988 Pool pool1 is destroyed.
Because you cannot destroy an Unallocated storage pool, you need to remove the disk from the storage pool using the Storage> pool rmdisk command prior to trying to destroy the storage pool. See Configuring disks on page 70. If you want to move the disk from the unallocated pool to another existing pool, you can use the Storage> pool mvdisk command. See Configuring disks on page 70. To list free space for pools
where pool_name specifies the pool for which you want to display free space information. If a specified pool does not exist, an error message is displayed. If pool_name is omitted, the free space for every pool is displayed, but information for specific disks is not displayed. For example:
Storage> pool free Pool Free Space ==== ========== pool_1 0 KB pool_2 0 KB pool_3 57.46M
69
Note: Disks being used for the pool adddisk command must support
SCSI-3 PGR registrations if I/O fencing is enabled. See Configuring disks on page 70. pool mvdisk You can move disks from one storage pool to another.
Note: You cannot move a disk from one storage pool to another if the
disk has data on it. See Configuring disks on page 70. pool rmdisk You can remove a disk from a pool.
Note: You cannot remove a disk from a pool if the disk has data on
it. See Configuring disks on page 70. If a specified disk does not exist, an error message is displayed. If one of the disks does not exist, then none of the disks are removed. A pool cannot exist if there are no disks assigned to it. If a disk specified to be removed is the only disk for that pool, the pool is removed as well as the assigned disk. If the specified disk to be removed is being used by a file system, then that disk will not be removed.
70
Configuring disks
To add a disk
disk1,disk2,...
For example:
Storage> pool adddisk pool2 Disk_2 SFS pool Success V-288-0 Disk(s) Disk_2 are added to pool2 successfully.
71
To move a disk from one pool to another, or from an unallocated pool to an existing pool, enter the following:
Storage> pool mvdisk src_pool dest_pool disk1[,disk2,...] src_pool Specifies the source pool to move the disks from. If the specified source pool does not exist, an error message is displayed. Specifies the destination pool to move the disks to. If the specified destination pool does not exist, a new pool is created with the specified name. The disk is moved to that pool. Specifies the disks to be moved. To specify multiple disks to be moved, use a comma with no space in between. If a specified disk is not part of the source pool or does not exist, an error message is displayed. If one of the disks to be moved does not exist, all of the specified disks to be moved will not be moved. If all of the disks for the pool are moved, the pool is removed (deleted from the system), since there are no disks associated with the pool.
dest_pool
disk1,disk2,...
For example:
Storage> pool mvdisk p01 pool2 Disk_0 SFS pool Success V-288-0 Disk(s) moved successfully.
72
To remove a disk
where disk1,disk2 specifies the disk(s) to be removed from the pool. An unallocated pool is a reserved pool for holding disks that are removed from other pools. For example:
Storage> pool list Pool Name List of disks ----------------------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_5 pool3 Disk_3 Disk_4 Unallocated Disk_6 Storage> pool rmdisk Disk_6 SFS pool Success V-288-987 Disk(s) Disk_6 are removed successfully. Storage> pool list Pool Name List of disks ---------------------pool1 Disk_0 Disk_1 pool2 Disk_2 Disk_5 pool3 Disk_3 Disk_4
To remove additional disks, use a comma with no spaces in between. For example:
Storage> pool rmdisk disk1,disk2
73
then resuming the replication can save significant set up time and network costs. For details on local replication initialization, see the Symantec FileStore Replication Guide. The following operations need to occur to perform replication local synchronization:
Define a set of disk, pools, and file systems that can be removed from the local FileStore cluster. Copy files between a set of file systems or directories and a second set of file systems or directories, so that when the second set of file systems are moved from a local system to a remote system, efficient periodic copying can be resumed without a full second copy operation over the network. Attach a removed (detached) set of disks, pools, and file systems to a second (remote) FileStore cluster one-time after they have been removed from the first (local) FileStore cluster.
Table 4-4 lists the Storage> pool commands you use for local replication initialization. Note: The Storage> pool attachset, detachset, and showdetached commands should be used for local replication initialization only and not for other purposes. Table 4-4 Command
pool detachset
pool showdetached Displays the detached pools. See Displaying detached pools on page 75. pool attachset Attaches a detached pool set to the FileStore cluster. See Attaching a replication storage pool to a FileStore cluster on page 75.
74
Configuring storage Detaching one or more pools from the FileStore cluster as a detached pool set
Detaching one or more pools from the FileStore cluster as a detached pool set
The Storage> pool detachset command detaches one or more pools from the FileStore cluster as a detached pool set. You can provide a new name for the detached pool set. This operation unmounts the file systems, creating a separated disk group from the named pools, and deports that disk group. Once detached, the storage for those pools can be physically removed from the cluster. To detach one or more pools from the FileStore cluster
To detach one or more pools from the FileStore cluster, enter the following:
Storage> pool detachset pool1[,pool2,...] detach_poolset_name pool1, pool2, ... Specifies one or more pools to detach from the cluster. To specify multiple pools to detach, use a comma to separate the pool names with no space in between the pool names. detach_poolset_name Indicates the new name for the detached pool set.
For example:
Storage> pool detachset pool1 detached_pool1 SFS Storage SUCCESS V-288-1655 Pool detachset completed successfully.
75
where detach_poolset_name is the name of the detached pool set you want to display. For example:
Storage> pool showdetached DETACHED_POOLSETNAME ==================== detached_pool2 DETACHED_POOLSET_DISKS ======================= ams_wms0_34,ams_wms0_35 Storage> pool showdetached detached_pool2 Detached_poolsetname : detached_pool2 Poolsetid : 1276181004.41.src_01 Detached from Cluster : src Date : 2010.06.10 20:13:15 IST All detached fsnames : tgt_fs Detached filesystem : tgt_fs, Associated pools : pool2 Associated repunit : tgt_ru All detached pools : pool2 Detached pool : pool2, Disks : ams_wms0_34 ams_wms0_35 POOLSET_ID ========== 1276181004.41.src_01 DETACHED_POOLS ============== pool2
76
Several file systems or replication storage pools can be renamed by listing several such rename patterns in a comma-separated list, as in:
pool attachset poolset1 newfs1=tgt_fs,newpool2=pool2
For example:
Storage> pool attachset poolset1 Mount Point is being added... SFS Storage SUCCESS V-288-1653 Pool attachset completed successfully.
See Displaying information for all disk devices associated with nodes in a cluster on page 77.
Configuring storage Displaying information for all disk devices associated with nodes in a cluster
77
Displays the list of multiple paths of disks connected to all of the nodes in the cluster. It also shows the status of each path on each node in the cluster. See Displaying information for all disk devices associated with nodes in a cluster on page 77.
Displays the enclosure name, array name, and array type for a particular disk that is present on all of the nodes in the cluster. See Displaying information for all disk devices associated with nodes in a cluster on page 77.
Displaying information for all disk devices associated with nodes in a cluster
Depending on which command variable you use, the column headings will differ.
Disk Serial Number Enclosure Size Use% Indicates the disk name. Indicates the serial number for the disk. Indicates the type of storage enclosure. Indicates the size of the disk. Indicates the percentage of the disk that is being used.
78
Configuring storage Displaying information for all disk devices associated with nodes in a cluster
ID
ID column consists of the following four fields. A ":" separates these fields.
VendorID - Specifies the name of the storage vendor, for example, HITACHI, IBM, EMC, HP, and so on.
ProductID - Specifies the ProductID based on vendor. Each vendor manufactures different products. For example, HITACHI has HDS5700, HDS5800, and HDS9200 products. These products have ProductIDs such as DF350, DF400, and DF500. TargetID - Specifies the TargetID. Each port of an array is a target. Two different arrays or two ports of the same array have different TargetIDs. TargetIDs start from 0. LunID - Specifies the ID of the LUN. This should not be confused with the LUN serial number. LUN serial numbers uniquely identify a LUN in a target. Whereas a LunID uniquely identifies a LUN in an initiator group (or host group). Two LUNS in the same initiator group cannot have the same LunID. For example, if a LUN is assigned to two clusters, then the LunID of that LUN can be different in different clusters, but the serial number is the same.
Enclosure
Name of the enclosure to distinguish between arrays having the same array name. Indicates the name of the storage array. Indicates the type of storage array and can contain any one of the three values: Disk for JBODs, Active-Active, and Active-Passive.
To display a list of disks and nodes in tabular form, enter the following:
Storage> disk list stats Disk ==== fas2700_13 fas2700_14 fas2700_15 fas2700_16 fas2700_17 dev_01 ======== OK OK OK OK OK dev_02 ======== OK OK OK OK OK
Configuring storage Displaying information for all disk devices associated with nodes in a cluster
79
80
To display information for all disk devices associated with nodes in a cluster
To display information for all of the disk devices connected to all of the nodes in a cluster, enter the following:
Storage> disk list types Disk ==== fas2700_13 fas2700_14 fas2700_15 fas2700_16 fas2700_17 fas2700_18 fas2700_19 Enclosure ========= fas2700 fas2700 fas2700 fas2700 fas2700 fas2700 fas2700 Array Name ========== FAS270 FAS270 FAS270 FAS270 FAS270 FAS270 FAS270 Array Type ========== A/P-C-NETAPP A/P-C-NETAPP A/P-C-NETAPP A/P-C-NETAPP A/P-C-NETAPP A/P-C-NETAPP A/P-C-NETAPP
1 2
Increase the storage capacity of the disk on your storage array. Contact your Storage Administrator for assistance. Run the FileStore Storage> scanbus command to make sure that the disk is connected to the FileStore cluster. See Initiating FileStore host discovery of LUNs on page 81.
81
Formatting/reinitializing a disk
If the disk does not belong to any group, the Storage> disk format command erases the first 100M space on the disk(s). You can specify more than one disk for formatting by using a comma to separate the disks. To reformat/reinitialize a disk
where you can use the host_name variable if you want to find WWN information for a particular node. Example output:
Storage> hba Node ==== sfs_01 sfs_02 sfs_03
Host Initiator HBA WWNs ======================= 21:00:00:e0:8b:9d:85:27, 21:01:00:e0:8b:bd:85:27 21:00:00:e0:8b:9d:65:1c, 21:01:00:e0:8b:bd:65:1c 21:00:00:e0:8b:9d:88:27, 21:01:00:e0:8b:bd:88:27
There are two WWNs on each row that represent the two HBAs for each node.
82
configurations without interrupting the existing I/O activity. The scan does not inform you if there is a change in the storage configuration. You can see the latest storage configuration using the Storage> disk list command. You do not need to reboot after scanbus has completed. To scan SCSI devices
To scan the SCSI devices connected to all of the nodes in the cluster, enter the following:
Storage> scanbus
For example:
Storage> scanbus 100% [#] Scanning the bus for disks
83
coordinator disks. They are standard disks or LUNs that are set aside for use by the I/O fencing driver. You can specify three disks as coordinator disks. The coordinator disks act as a global lock device during a cluster reconfiguration. This lock mechanism determines which node is allowed to fence off data drives from other nodes. A system must eject a peer from the coordinator disks before it can fence the peer from the data drives. Racing for control of coordinator disks is how fencing helps prevent split-brain. Coordinator disks cannot be used for any other purpose. You cannot store data on them. To use the I/O fencing feature, specify the disks that will be used as coordinator disks; you need three coordinator disks. Your minimum configuration must be a two-node cluster with FileStore software installed and 3+ disks (three of which will be used for the coordinator disk group and the rest of the disks will be used for storing data). See Table 4-6 on page 83. Table 4-6 Command
fencing status
fencing on
Checks if the coordinator disk group has three disks. If not, you will need to add disks to the coordinator disk pool until three are present. The minimum LUN size is 10MB. See Configuring I/O fencing on page 84.
fencing replace
Replaces a coordinator disk with another disk. The command first checks the whether the replacement disks is in failed state or not. If its in the failed state, then an error appears. After the command verifies that the replacement disk is not in a failed state, it checks whether the replacement disk is already being used by an existing pool (storage or coordinator). If it is not being used by any pool, the original disk is replaced.
84
fencing destroy
In the following example, I/O fencing is configured on the three disks Disk_0,Disk_1 and Disk_4 and the column header Coord Flag On indicates that the coordinator disk group is in an imported state and these disks are in good condition. If you check the Storage> disk list output, it will be in the OK state.
IO Fencing Status ============================ Disabled Disk Name ============== Disk_0 Disk_1 Disk_2 Coord Flag On ============== Yes Yes Yes
85
The three disks are optional arguments and are required only if the coordinator pool does not contain any disks. You may still provide three disks for fencing with the coordinator pool already containing three disks. This will however remove the three disks previously used for fencing from the coordinator pool and configure I/O fencing on the new disks. For example:
Storage> fencing on SFS fencing Success V-288-0 IO Fencing feature now Enabled 100% [#] Enabling fencing Storage> fencing status IO Fencing Status ================= Enabled Disk Name ============== Disk_0 Disk_1 Disk_2 Coord Flag On ============== Yes Yes Yes
86
where src_disk is the source disk and dest_disk is the destination disk. For example:
Storage> fencing replace Disk_2 Disk_3 SFS fencing Success V-288-0 Replaced disk Disk_2 with Disk_3 successfully. 100% [#] Replacing disk Disk_2 with Disk_3 Storage> fencing status IO Fencing Status ================= Enabled Disk Name ============== Disk_0 Disk_1 Disk_3 Coord Flag On ============== Yes Yes Yes
87
Usage quota (numspace) - limits the amount of disk space that can be used on a file system Inode quota (numinodes) - limits the number of inodes that can be created on a file system
An inode is a data structure in a UNIX or UNIX-like file system that describes the location of some or all of the disk blocks allocated to the file. In addition to setting a limit on disk quotas, you can also define a warning level, or soft quota, whereby the FileStore administrator is informed that they are nearing their limit, which is less than the effective limit, or hard quota. Hard quota limits can be set so that a user is strictly not allowed to cross quota limits. A soft quota limit must be less than a hard quota limit for any type of quota. Table 4-7 Command
quota fs enable
quota fs disable
Disables the quota on a specified file system. If a file system name is not specified, the quota is disabled on all of the online file systems. See Using quota commands for enabling, disabling, and displaying file system quotas on page 89.
quota fs status
Displays the quota status of the specified file system. If a file system name is not specified, the command displays the quota status for all of the online file systems. This command only displays whether or not the quota is enabled. See Using quota commands for enabling, disabling, and displaying file system quotas on page 89.
88
quota fs setall
Sets the quota value for all the users and groups for whom the quota has already been set with set commands. Other users and groups (for whom the quota has not been set previously) will not be affected. See Using quota commands for setting and displaying file system quotas on page 91.
quota fs show
Displays the quota values that are already set for user or group. See Using quota commands for setting and displaying file system quotas on page 91.
quota fs setdefault Changes the default value used for setting future quotas. Existing user/group quotas are not changed. If a file system name is not specified, then the default is set for all of the online file systems except the CIFS home directories. See Using quota commands for setting and displaying file system quotas on page 91. quota fs showdefault Displays the default quota values for user or group. See Using quota commands for setting and displaying file system quotas on page 91.
Configuring storage Using quota commands for enabling, disabling, and displaying file system quotas
89
Using quota commands for enabling, disabling, and displaying file system quotas
To enable a file system quota
groupquota
For example, to enable a quota (user and group) for file system fs1:
Storage> quota fs enable fs1 OK Completed
groupquota
For example, to disable the user quota for file system fs1:
Storage> quota fs disable fs1 userquota OK Completed
90
Configuring storage Using quota commands for enabling, disabling, and displaying file system quotas
groupquota
For example, to display the status of a file system quota (enabled or disabled):
Storage> quota fs status FS name User Quota ======= ========== fsmirror Disabled quotafs Enabled striped1 Enabled fs1 Disabled OK Completed
Configuring storage Using quota commands for setting and displaying file system quotas
91
Using quota commands for setting and displaying file system quotas
To set the quota value
To set the quota value for a file system, enter the following:
Storage> quota fs set [{userquota | groupquota}] user_or_group_names [hardlimit | softlimit] [numinodes | numspace] [value] [fs_name]
For example, to set the user quota (hardlimit and numinodes) of user qtuser on file system fs1:
Storage> quota fs set userquota qtuser hardlimit numinodes 957 fs1 OK Completed Storage> quota fs show fs1 userquota qtuser User Quota Details for filesystem fs1: User Space Soft Hard Inodes Soft Name Used Space Space Used Inodes ===== ===== ===== ===== ===== ===== qtuser 0 0 0 0 0 OK Completed
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
user_or_group_name Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command. A 0 indicates there is no limitation on the file system. hardlimit Hard quota limits (hardlimit) can also be set so that you are not allowed to exceed the quota limits. A quota limit can be set as a soft quota limit (soflimit) where you are warned against exceeding the quota limits, and there is a grace period during which you are allowed to exceed the quota limits. After the grace period is over, you will not be allowed to exceed the quota limits. The soflimit has to be less than the hardlimit for any type of quota.
softlimit
92
Configuring storage Using quota commands for setting and displaying file system quotas
Inode quota for the file system. Usage quota (numspace) for the file system. Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used. If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence.
fs_name
Storage> quota fs setall userquota OK Completed Storage> quota fs show fs1 User Quota Details for filesystem fs1: User Space Soft Hard Inodes Name Used Space Space Used ======= ===== ===== ===== ==== a1 0 0 10G 0 qtuser 0 0 0 0 qtuser2 0 1000K 0 0
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user.
Configuring storage Using quota commands for setting and displaying file system quotas
93
groupquota
Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. Hard quota limit. Soft quota limit. Inode quota for the file system. Usage quota for the file system. Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used. If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
94
Configuring storage Using quota commands for setting and displaying file system quotas
User Quota Details for filesystem longfilesystemnameforqt: User Space Name Used ====== ===== qtuser 0 OK Completed Soft Space ===== 0 Hard Space ===== 0 Files Used ===== 0 Soft Files ==== 901 Hard Files ===== 1000
fs_name userquota
File system name you want to set the quota for. User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
Configuring storage Using quota commands for setting and displaying file system quotas
95
user_or_group_names
Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. Hard quota limit. Soft quota limit. Inode quota for the file system. Usage quota for the file system. Quota value for the users or groups on a file system. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used. If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
groupquota
fs_name
96
groupquota
97
quota cifshomedir Changes the default value that will be used for setting future quotas setdefault on the CIFS home directories. Existing user/group quotas are not effected. See Using quotas for CIFS home directories on page 98. quota cifshomedir Displays the default values for the CIFS home directories. showdefault See Using quotas for CIFS home directories on page 98. quota cifshomedir Sets the quota value for the users or groups for the CIFS home set directories. See Using quotas for CIFS home directories on page 98. quota cifshomedir Sets the quota value for all users and groups for whom the quota has setall already been set with set commands. See Using quotas for CIFS home directories on page 98. quota cifshomedir Enables the quota of the CIFS home directories. enable See Using quotas for CIFS home directories on page 98. quota cifshomedir Disables the quota of the CIFS home directories. disable See Using quotas for CIFS home directories on page 98. quota cifshomedir Displays the status of the quota of the CIFS home directories. This status command only displays whether or not the quota is enabled. See Using quotas for CIFS home directories on page 98. quota cifshomedir Displays the general quota values on the CIFS home directories per show user or group. This command also displays the consumed (used space) quota for users or groups. See Displaying the quota values for CIFS home directories on page 105. quota cifshomedir Displays the detailed quota values already set on each file system for showdetail CIFS home directories. This command also displays the consumed (used space) quota for users or groups on each file system for the CIFS home directories. See Displaying the quota values for CIFS home directories on page 105.
98
To set the default value used for quota limits for CIFS home directories, enter the following:
Storage> quota cifshomedir setdefault userquota | groupquota hardlimit | softlimit numinodes | numspace [value] userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. Hard quota limit. Soft quota limit. Inode quota for the file system. Usage quota for the file system. Quota value for the users or groups on a file system. If a value is not specified, then the value is 0. If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs show command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
groupquota
For example, to set the default CIFS home directory user quota value:
Storage> quota cifshomedir setdefault userquota hardlimit numspace 2T OK Completed
99
To display the default quota values of the CIFS home directories, enter the following:
Storage> quota cifshomedir showdefault [userquota | groupquota] userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
For example, to display the default CIFS home directory quota values:
Storage> quota cifshomedir showdefault CIFS homedir default Quota values: ============================================== User/Group Quota Soft Space Hard Space Soft Inodes ================ ========== ========== =========== User Quota 2T Group Quota OK Completed
100
To set a quota for the user or group for CIFS home directories, enter the following:
Storage> quota cifshomedir set userquota | groupquota user_or_group_names [domainname] [hardlimit | softlimit] [numinodes | numspace] [value]
For example, to set the user quota (hardlimit and numinodes) of user qtuser on CIFS home directories:
Storage> quota cifshomedir set userquota qtuser qtdomain hardlimit numinodes 6549 Storage> quota cifshomedir show User Quota Details for CIFS homedirfs: User Space Name Used ======== ===== qtuser 0 OK Completed Soft Space ===== 20M Hard Space ====== 100M Inodes Used ===== 0 Soft Inodes ====== 1000 Hard Indoes ====== 6549
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
groupquota
user_or_group_names
domainname
Domain name is the first section of the domain. For example, in symantec.filestore.com the domain name is symantec.
hardlimit softlimit
101
Inode quota for the file system. Usage quota for the file system. Quota value for the CIFS home directories. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used. If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
102
To set the quota value for all users and groups for whom the quota has already been set with the set commands, enter the following:
Storage> quota cifshomedir setall userquota | groupquota [hardlimit | softlimit] [numinodes | numspace] [value]
Other users and groups (for whom quota has not been set previously) will not be affected. For example, to set all existing user quotas for CIFS home directories:
Storage> quota cifshomedir show User Quota Details for CIFS homedirfs: User Space Name Used ======= ====== qtuser 0 OK Completed Soft Space ====== 20M Hard Space ===== 100M Inodes Used ===== 0 Soft Inodes ====== 1000 Hard Inodes ====== 6549
Storage> quota cifshomedir setall userquota softlimit numinodes 198 OK Completed Storage> quota cifshomedir show User Quota Details for CIFS homedirfs: User Space Name Used ===== ===== qtuser 0 OK Completed Soft Space ====== 20M Hard Space ====== 100M Inodes Used ===== 0 Soft Inodes ====== 198 Hard Inodes ====== 6549
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group. Hard quota limit. Soft quota limit. Inode quota for the file system.
groupquota
103
numspace value
Usage quota for the file system. Quota value for CIFS home directories for whom the quota has already been set with set commands. If a value is not provided, the default value set from using the Storage> quota fs setdefault command is used. If Storage> quota fs setdefault is set for particular file systems, then that default value has precedence. If a value is 0 is entered, it is treated as an unlimited quota. If all values for a user or group quota are 0, the user or group is automatically deleted from the quota settings, which means that the Storage> quota fs status command will not show this user's or group's settings, as all quota values are treated as an unlimited quota.
To enable the quota for CIFS home directories, enter the following:
Storage> quota cifshomedir enable [userquota | groupquota] userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
For example, to enable quotas (user and group quotas) for CIFS home directories:
Storage> quota cifshomedir enable OK Completed
104
To disable the quota for the CIFS home directories, enter the following:
Storage> quota cifshomedir disable [userquota | groupquota] userquota User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
For example, to disable the group quota for CIFS home directories:
Storage> quota cifshomedir disable groupquota OK Completed
To display the quota status of the CIFS home directories, enter the following:
Storage> quota cifshomedir status [userquota | groupquota]
groupquota
For example, to display the status of a CIFS home directory quota (enabled or disabled):
Storage> quota cifshomedir status FS name User Quota ======= ========== CIFS homedirectories OK Completed Enabled
Configuring storage Displaying the quota values for CIFS home directories
105
To display the quotas for the CIFS home directories, enter the following:
Storage> quota cifshomedir show [userquota | groupquota] [user_or_group_names]
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
For example, to display general quota information for a CIFS home directory for both userquota and group quota:
Storage> quota cifshomedir show User Quota Details for CIFS homedirfs: User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ========= ========== ========== ========== =========== =========== =========== user06 0 30M 50M 0 0 0 user07 0 0 0 0 300 500 Group Quota Details for CIFS homedirfs: Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ========= ========== ========== ========= =========== =========== =========== group01 0 400M 600M 0 0 0 group02 0 0 0 0 60000 80000 OK Completed
The Storage> quota cifshomedir show command does not display the file system name in the output.
106
Configuring storage Displaying the quota values for CIFS home directories
To display the quota values that are already set on each file system for the CIFS home directories
To display the quota values that are already set on each file system for the CIFS home directories, enter the following:
Storage> quota cifshomedir showdetail [userquota | groupquota] [user_or_group_names]
userquota
User quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by the user. Group quota can be set with hard/soft limits on usage. Usage is dictated by the number of blocks and number of inodes that can be created by all the users in the group.
groupquota
user_or_group_names Name of the user or the name of the group for which a quota value is set. You can specify a comma-separated list of user or group names. To delete quota values for a user, you will have to set all the user quota entries to 0. A user with a UID of 0 is not allowed in a Storage> quota fs set command.
For example, to display quota information on CIFS home directory file systems fs1 and fs2 for both userquota and groupquota:
Storage> quota cifshomedir showdetail User Quota Details for filesystem fs1: User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ========== ========== ========== ========== ========== ========== ========== user06 0 30M 50M 0 0 0 user07 0 0 0 0 300 500 User Quota Details for filesystem fs2: User Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ========== ========== ========== ========== ========== ========== ========== user06 0 30M 50M 0 0 0 user07 0 0 0 0 300 500 Group Quota Details for filesystem fs1: Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ========== ========== ========== ========== ========== ========== ========== group01 0 400M 600M 0 0 0 group02 0 0 0 0 60000 80000 Group Quota Details for filesystem fs2: Group Name Space Used Soft Space Hard Space Inodes Used Soft Inodes Hard Inodes ========== ========== ========== ========== ========== ========== ========== group01 0 400M 600M 0 0 0 group02 0 0 0 0 60000 80000 OK Completed
107
The file system name displays in the output for the Storage> quota cifshomedir showdetail command.
About iSCSI
The Internet Small Computer System Interface (iSCSI) is an Internet protocol-based storage networking standard that links data storage facilities. By carrying SCSI commands over IP networks, iSCSI facilitates data transfers over Intranets and manages storage over long distances. The iSCSI feature allows FileStore servers to use iSCSI disks as shared storage. Table 4-9 Command
iscsi status
iscsi start
Starts the iSCSI initiator service. See Configuring the iSCSI initiator on page 108.
iscsi stop
Stops the iSCSI initiator service. See Configuring the iSCSI initiator on page 108.
Adds a device for use with the iSCSI initiator. iSCSI initiator connections use this device to connect to the target. If there are any existing targets, then the iSCSI initiator initiates a connection to all targets by way of device. See Configuring the iSCSI initiator on page 108.
Deletes a device from the iSCSI configuration. Any existing connections by way of the device to targets is terminated. If device is the last device in the iSCSI initiator configuration, and there are existing targets, then the device cannot be deleted from the configuration. See Configuring the iSCSI initiator on page 108.
Lists the devices used by the iSCSI initiator. See Configuring the iSCSI initiator on page 108.
108
iscsi discovery add Adds a discovery address to the iSCSI initiator configuration. If no TCP port is specified with the discovery-address, then the default port 3260 is used. Any targets discovered at discovery-address are automatically logged in. See Configuring the iSCSI initiator on page 108. iscsi discovery del Deletes a discovery address from the iSCSI initiator configuration. Any targets discovered using discovery-address are also deleted from the configuration. See Configuring the iSCSI initiator on page 108. iscsi discovery rediscover Performs discovery of changes in targets or LUNs at discovery-address. Any LUNs or targets that have been removed at discovery-address will be automatically removed from the configuration. New LUNs or targets discovered at discovery-address will be automatically added and logged into. See Configuring the iSCSI initiator on page 108. iscsi discovery list Lists the discovery address present in the iSCSI initiator configuration. See Configuring the iSCSI initiator on page 108. iscsi initiator name setprefix Sets the prefix used to generate initiator names. Initiator names are generated as initiator-name-prefix followed by the node number of the node. See Configuring the iSCSI initiator name on page 109. iscsi initiator name list Lists the initiator names for all nodes in the cluster. See Configuring the iSCSI device on page 110.
To display the status of the iSCSI initiator server, enter the following:
Storage> iscsi status
For example:
iSCSI Initiator Status on sfs_01 : ONLINE iSCSI Initiator Status on sfs_02 : ONLINE
109
For example:
Storage> iscsi start Storage> iscsi status iSCSI Initiator Status on sfs_01 : ONLINE iSCSI Initiator Status on sfs_02 : ONLINE
For example:
Storage> iscsi stop Storage> iscsi status iSCSI Initiator Status on sfs_01 : OFFLINE iSCSI Initiator Status on sfs_02 : OFFLINE
For example:
Storage> iscsi initiator name list Node Initiator Name ----------------sfs_01 iqn.2009-05.com.test:test.1 sfs_02 iqn.2009-05.com.test:test.2
110
where initiatorname-prefix is a name that conforms to the naming rules for initiator and target names as specified in RFC3721. Initiator names for nodes in the cluster are generated by appending the node number to this prefix. For example:
Storage> iscsi initiator name setprefix iqn.2009-05.com.test:test
For example:
Storage> iscsi device list Device -----pubeth0 pubeth1
where device is the device where the operation takes place. For example:
Storage> iscsi device add pubeth1 Storage> iscsi device list Device -----pubeth0 pubeth1
111
where device is the device where the operation takes place. For example:
Storage> iscsi device add pubeth1 Storage> iscsi device list Device -----pubeth0
For example:
Storage> iscsi discovery list Discovery Address ----------------192.168.2.14:3260 192.168.2.15:3260
112
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery add 192.168.2.15:3260 Discovery CHAP credentials for sfs_1: Outgoing CHAP Username : root Outgoing CHAP Password : ******** Incoming CHAP Username : Authentication succeeded. Discovered Targets -----------------iqn.2001-04.com.example:storage.disk2.sys3.xyz iqn.2001-04.com.example:storage.disk3.sys3.xyz iqn.2001-04.com.example:storage.disk4.sys3.xyz iqn.2001-04.com.example:storage.disk5.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk2.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk3.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk4.sys3.xyz Logging into target iqn.2001-04.com.example:storage.disk5.sys3.xyz Storage> iscsi discovery list Discovery Address ----------------192.168.2.14:3260 192.168.2.15:3260
113
To delete the targets discovered using this discovery address, enter the following:
Storage> iscsi discovery del discovery-address
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery del 192.168.2.15:3260 Storage> iscsi discovery list Discovery Address ----------------192.168.2.14:3260
where discovery-address is the target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. For example:
Storage> iscsi discovery rediscover 192.168.2.15:3260 Deleted targets ----------------iqn.2001-04.com.example:storage.disk5.sys3.xyz New targets ----------------iqn.2001-04.com.example:storage.disk6.sys3.new.xyz Logging into target iqn.2001-04.com.example:storage.disk6.sys3.new.xyz
114
Deletes a target target-name from the iSCSI initiator configuration. Any existing connections to target-name are terminated. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target that was discovered at a discovery-address once deleted from an iSCSI initiator configuration will again be visible to an iSCSI initiator if re-discovery is done either through isci discovery rediscover or scanbus commands. See Configuring the iSCSI targets on page 116.
Allows login to a target target-name from an iSCSI initiator. Connections to target-name are made from all devices present in an iSCSI initiator configuration. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target once logged out by the iSCSI initiator is not logged in until iscsi target login is requested. See Configuring the iSCSI targets on page 116.
115
iscsi target logout Allows logout from connections to target-name from the iSCSI initiator. discovery-address or portal-address is the address through which the target becomes visible to the initiator. A target once logged out by the iSCSI initiator is not logged in until iscsi target login is requested. See Configuring the iSCSI targets on page 116. iscsi target list Lists the targets visible to the iSCSI initiator. See Configuring the iSCSI targets on page 116. iscsi target listdetail Lists detailed information about the target. See Configuring the iSCSI targets on page 116.
116
For example:
Storage> iscsi target list Target -----iqn.2001-04.com.example:storage.disk2.sys3.xyz iqn.2001-04.com.example:storage.disk4.sys3.xyz iqn.2001-04.com.example:storage.disk5.sys3.xyz iqn.2001-04.com.example:storage.disk3.sys3.xyz iqn.2001-04.com.example2:storage.disk2.sys3.xyz iqn.2001-04.com.example2:storage.disk3.sys3.xyz iqn.2001-04.com.example2:storage.disk4.sys3.xyz iqn.2001-04.com.example2:storage.disk5.sys3.xyz Discovery Address -----------------192.168.2.14:3260 192.168.2.14:3260 192.168.2.14:3260 192.168.2.14:3260 192.168.2.15:3260 192.168.2.15:3260 192.168.2.15:3260 192.168.2.15:3260 State Disk ----- ----ONLINE disk_0 ONLINE disk_2 ONLINE disk_3 ONLINE ONLINE ONLINE ONLINE ONLINE disk_1 disk_4 disk_5 disk_6 disk_7
117
where target is the name of the node you want to display the details for. For example:
Storage> iscsi target listdetail iqn.2001-04.com.example: storage.disk2.sys3.xyz Discovery Address : 192.168.2.14:3260 Connections =========== Portal Address sfs_01 sfs_02 ---------------------192.168.2.14:3260,1 2 2
portal-address
For example:
Storage> iscsi target add iqn.2001-04.com.example: storage.disk2.sys1.xyz 192.168.2.14:3260 Logging into target iqn.2001-04.com.example: storage.disk2.sys1.xyz Storage> iscsi target listdetail iqn.2001-04.com.example: storage.disk2.sys1.xyz Connections =========== Portal Address sfs55_01 --------------------192.168.2.14:3260,1 1
sfs55_02 -------1
118
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. portal-address The location where the target is accessible.
For example:
Storage> iscsi target del iqn.2001-04.com.example: storage.disk2.sys3.xyz
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. portal-address The location where the target is accessible.
For example:
Storage> iscsi target login iqn.2001-04.com.example: storage.disk2.sys3.xyz
119
discovery-address Target address at which an initiator can request a list of targets using a SendTargets text request as specified in iSCSI protocol of RFC3720. If no port is specified with the discovery address, default port 3260 is used. portal-address The location where the target is accessible.
For example:
Storage> iscsi target logout iqn.2001-04.com.example: storage.disk2.sys3.xyz
120
FileStore enforces the immutability of WORM files until their retention date is reached. Once their retention dates have passed, these files can be deleted or the retention date extended. Otherwise, no other operations are allowed on the files. To use the data archive and retention feature:
You must purchase a FileStore license for the feature. The license is based on the amount of disk space you plan to use for data archive and retention. After you purchase a license, use the Storage> dar licenseset command to specify the amount of disk space you are licensed to use. Currently, DAR is only supported for Symantec Enterprise Vault environments. When you configure Enterprise Vault to work with FileStore make sure you configure Enterprise Vault to be the only "user" of the exported DAR-enabled shares. You must have an Network Time Protocol (NTP) server enabled and configured. See About coordinating cluster nodes to work with NTP servers on page 453. When you use the CIFS> share add command to add a CIFS share for a DAR-enabled file system, make sure you include the no_full_acl export option. If you do not set this option, you cannot change a file to WORM through CIFS. See About the CIFS export options on page 284.
You can use Report > audit commands to configure audit logs for DAR-enabled file systems. See About audit logs on page 387. System and audit log entries for DAR-related operations can include (but are not limited to) the following:
Attempts to modify the data (or metadata) of a WORM file Attempts to increment (or decrement) the retention date Attempts to delete a DAR-enabled file system Attempts to modify the system clock DAR commands Definition
Sets the licensed disk space capacity for all DAR-enabled file systems. See Configuring data archive and retention on page 123.
121
dar enable
Marks a file system as DAR-enabled and sets the minimum, maximum, and default retention times for files in the archive. See Configuring data archive and retention on page 123.
dar list
Displays a list of DAR-enabled file systems, associated retention times, and retention options. See Configuring data archive and retention on page 123.
122
CIFS
DAR-enabled file systems can be accessed over CIFS. However, DAR-enabled files systems cannot be used for CIFS home directories. Currently, commands and operations to create and manage DAR-enabled file systems are available in the FileStore CLI, but not in the FileStore Management Console. Transfer of files between the storage tiers works as expected (transparent to DAR). DST removal policies cannot remove WORM files. The FTP service cannot be used on DAR-enabled file systems. Currently, DAR-enabled files systems cannot be accessed over NFS. You must have an Network Time Protocol (NTP) server enabled and configured to use data archive and retention. DAR-enabled file systems are supported as a replication source, but not as a replication target. Data from a normal (not DAR-enabled) share cannot be promoted or migrated into an existing or new DAR-enabled share. Snapshots can be mounted and promoted for DAR-enabled file systems: A warning message appears when a snapshot of a DAR-enabled file system is mounted. You can restore a snapshot of a DAR-enabled file system, but you may lose data stored after the snapshot was taken. A warning message appears before the restore occurs. Snapshot-based backups that use the NetBackup client type VxFS_Checkpoint do not work with DAR-enabled file systems.
Replication
Snapshot
123
To set the licensed disk capacity for all DAR-enabled file systems, enter the following:
Storage> dar licenseset disk_size
where disk_size is the amount of disk space you have licensed. Disk capacity can be specified as T (terabyte), G (gigabytes), or M (megabytes). For example:
Storage> dar licenseset 10G
To show the licensed disk capacity for all DAR-enabled file systems, enter the following:
Storage> dar show Licensed: 10G Used: 5.1G Available: 4.90G Used%: 51%
Use the Storage> fs create command to create an empty file system. You can create a new file system and then enable it for data archive and retention. For example:
Storage> fs create simple fs1 1G pool1 100% [#] Creating simple file system
Use the Storage> dar enable command to enable the file system for data archive and retention.
Storage> dar enable fs_name [def_retent] [min_retent] [max_retent] [retent_opt] fs_name Name of the file system you want to enable for data archive and retention. Once a file system is marked DAR-enabled, you can not remove this setting.
124
def_retent
Specifies the default data retention time (in days) for files in a DAR-enabled file system. Retention times are measured relative to the time the value was set. Valid values are:
If you do not specify a default data retention time, the default is 365 days (1 year). min_retent Specifies the minium data retention time for files in a DAR-enabled file system. Retention times are measured relative to the time the value was set. Valid values are:
If you do not specify a minimum data retention time, the default is 0 days. max_retent Specifies the maximum data retention time for files in a DAR-enabled file system. Retention times are measured relative to the time the value was set. Valid values are:
If you do not specify a maximum data retention time, the default is 10950 days (30 years). retent_opt Specifies optional retention values. Choices include: incret | noincret If the option is incret, you can increase (increment) data retention times. If the option is noincret, you cannot increase data retention times. decret | nodecret If the option is decret, you can decrease (decrement) data retention times. If the option is nodecret, you cannot decrease data retention times.
To enter more than one retention option, use a comma to separate the values. For example, incret,decret. By default, the options are incret,nodecret.
125
For example:
Storage> dar enable fs1 95 1 365 incret,decret
Note: An error message appears, if you try to use the Storage> dar enable command on a file system in any of the following states: NFS shared, CIFS shared, FTP shared, or Non-empty. Listing DAR-enabled file systems
Storage> dar list DAR Enabled FS STATUS ============== ====== fs1 fs3 fs4
where fs_name is the name of the file system you want to delete. For example:
Storage> fs destroy fs1 SFS FS WARNING V-288-0 fs1 is DAR enabled SFS FS WARNING V-288-0 Are you sure you want to destroy? (yes/no)
You must use the Storage> fs destroy CLI command to delete a DAR-enabled file system. You cannot use the Destroy option on the File System page of the FileStore Management Console.
126
Chapter
About network mode commands Displaying the network configuration and statistics About bonding Ethernet interfaces Bonding Ethernet interfaces About DNS Configuring DNS settings About IP commands About configuring IP addresses Configuring IP addresses About configuring Ethernet interfaces Displaying current Ethernet interfaces and states Configuring Ethernet interfaces About configuring routing tables Configuring routing tables About LDAP Before configuring LDAP settings
128
About configuring LDAP server settings Configuring LDAP server settings About administering FileStore cluster's LDAP client Administering the FileStore cluster's LDAP client About NIS Configuring the NIS-related commands About NSS Configuring NSS lookup order About VLAN interfaces Configuring VLAN interfaces
DNS
Identifies the DNS parameters that the FileStore cluster can use. See About DNS on page 133.
Configuring Symantec FileStore network settings Displaying the network configuration and statistics
129
LDAP
Identifies the LDAP parameters that the FileStore cluster can use. See About LDAP on page 151.
NIS
Identifies the NIS parameters that the FileStore cluster can use. See About NIS on page 160.
NSS
Provides a single configuration location to identify the services (such as NIS or LDAP) for network information such as hosts, groups, or passwords. See About NSS on page 163.
VLAN
Views, adds, or deletes VLAN interfaces. See About VLAN interfaces on page 165.
130
To display the cluster's network configuration and statistics, enter the following:
Network> show Interface Statistics -------------------sfs_01 ------------Interfaces MTU Metric lo 16436 1 priveth0 1500 1 priveth1 1500 1 pubeth0 1500 1 pubeth1 1500 1 TX-OK 13766 953273 506641 152817 673 TX-DROP 0 0 0 0 0 TX-ERR 0 0 0 0 0
RX-OK 13766 452390 325940 25806318 25755262 Flag LRU BMR BMRU BMRU BMRU
RX-DROP 0 0 0 0 0
RX-ERR 0 0 0 0 0
RX-FRAME 0 0 0 0 0
TX-CAR 0 0 0 0 0
Routing Table ------------sfs_01 ------------Destination Gateway 172.27.75.0 0.0.0.0 10.182.96.0 0.0.0.0 10.182.96.0 0.0.0.0 127.0.0.0 0.0.0.0 0.0.0.0 10.182.96.1 Genmask 255.255.255.0 255.255.240.0 255.255.240.0 255.0.0.0 0.0.0.0 Flags MSS Window irtt Iface U 0 0 0 priveth0 U 0 0 0 pubeth0 U 0 0 0 pubeth1 U 0 0 0 lo UG 0 0 0 pubeth0
131
together to provide up to 2 gigabits per second of throughput to a single IP address. Moreover, if one of the interfaces fails, communication continues using the single Ethernet interface. Bond commands let you create, remove, and display a cluster's bonds. When you create or delete a bond, it affects the corresponding Ethernet interfaces on the FileStore cluster nodes. You can only bond public Ethernet interfaces. Note: When you create or remove a bond, SSH connections with Ethernet interfaces involved in that bond may be dropped. When the operation is complete, you must restore the SSH connections. Table 5-2 Command
show
create
Creates a bond between sets of two or more named Ethernet interfaces on all FileStore cluster nodes. See Bonding Ethernet interfaces on page 132.
remove
Removes a bond between two or more named Ethernet interfaces on all FileStore cluster nodes. See Bonding Ethernet interfaces on page 132.
132
To display a bond and the algorithm used to distribute traffic among the bonded interfaces, enter the following:
Network> bond show
To create a bond
To create a bond between sets of two or more Ethernet interfaces on all FileStore cluster nodes, enter the following:
Network> bond create interfacelist mode interfacelist Specifies a comma-separated list of public Ethernet interfaces to bond. Specifies how the bonded Ethernet interfaces divide the traffic.
mode
For example:
Network> bond create pubeth1,pubeth2 broadcast 100% [#] Bonding interfaces. Please wait... bond created, the bond name is: bond0
active-backup
133
balance-xor
Transmits based on the selected transmit hash policy. The default policy is a simple. This mode provides load balancing and fault tolerance. You can use the xmit_hash_policy option to select alternate transmit policies.
broadcast
Transmits everything on all slave interfaces and provides fault tolerance. Creates aggregation groups with the same speed and duplex settings. It uses all slaves in the active aggregator based on the 802.3ad specification. Provides channel bonding that does not require special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. The current slave receives incoming traffic. If the receiving slave fails, another slave takes over its MAC address. Includes balance-tlb plus Receive Load Balancing (RLB) for IPV4 traffic. This mode does not require any special switch support. ARP negotiation load balances the receive.
802.3ad
balance-tlb
balance-alb
To remove a bond
To remove a bond from all of the nodes in a cluster, enter the following:
Network> bond remove bondname
About DNS
The Domain Name System (DNS) service translates between numeric IP addresses and their associated host names. The DNS commands let you view or change a FileStore cluster's DNS settings. You can configure a FileStore cluster's DNS lookup service to use up to three DNS
134
servers. You must enable the FileStore cluster's DNS name service before you specify the DNS servers to use for lookups. Table 5-3 Command
dns show
dns enable
Enables FileStore to perform DNS lookups. When DNS is enabled, the FileStore cluster's DNS service uses the data center's DNS server(s) to determine the IP addresses of network entities such as SNMP, NTP, LDAP, and NIS servers with which the cluster must communicate. See Configuring DNS settings on page 135.
dns disable
Specifies the IP addresses of DNS name servers to be used by the FileStore DNS lookup service. The order of the IP addresses is the order in which the name servers are to be used. Enter the IP addresses of the name servers. The order of the IP addresses is the order in which the name servers are to be used. See Configuring DNS settings on page 135.
Removes the IP addresses of DNS name servers from the cluster's DNS lookup service database. See Configuring DNS settings on page 135.
Enter the domain name that the FileStore cluster will be in. For the required information, contact your Network Administrator. This command clears any previously set domain name. Before you use this procedure, you must enable the DNS server. See Configuring DNS settings on page 135.
Removes the DNS domain name. See Configuring DNS settings on page 135.
135
To enable DNS settings to allow FileStore hosts to do lookups and verify the results, enter the following commands:
Network> dns enable Network> Network> dns show DNS Status : Enabled domain : cluster1.com nameserver : 10.216.50.132
136
To specify the IP addresses of DNS name servers to be used by the FileStore DNS service and verify the results, enter the following commands:
Network> dns set nameservers nameserver1 [nameserver2] [nameserver3]
For example:
Network> dns set nameservers 10.216.50.199 10.216.50.200 Network> Network> dns show DNS Status : Enabled nameserver : 10.216.50.199 nameserver : 10.216.50.200
To remove the name servers list used by DNS and verify the results, enter the following commands:
Network> dns clear nameservers Network> Network> dns show DNS Status : Enabled
To set the domain name for the DNS server, enter the following:
Network> dns set domainname domainname
where domainname is the domain name for the DNS server. For example:
Network> dns set domainname example.com Network> Network> dns show DNS Status : Enabled domain : example.com nameserver : 10.216.50.132
137
About IP commands
Internet Protocol (IP) commands configure your routing tables, Ethernet interfaces, and IP addresses, and display the settings. The following sections describe how to configure the IP commands:
See About configuring IP addresses on page 137. See About configuring Ethernet interfaces on page 143. See About configuring routing tables on page 146.
IP commands Definition
Displays the IP addresses, the devices (Ethernet interfaces) they are assigned to, and their attributes.
138
139
Configuring IP addresses
To configure your IP addresses, perform the following commands. To display all the IP addresses for the cluster
Device -----pubeth0 pubeth1 pubeth0 pubeth1 pubeth0 pubeth0 pubeth0 pubeth1 pubeth1
Node ---sfs_1 sfs_1 sfs_2 sfs_2 sfs_1 sfs_2 sfs_1 sfs_2 sfs_1
Type ---Physical Physical Physical Physical Virtual Virtual Virtual Virtual Virtual
Status ------
140
Status
A virtual IP can be in the FAULTED state if it is already being used. It can also be in the FAULTED state if the corresponding device is not working on all nodes in the cluster (for example, a disconnected cable).
141
For example, to add a virtual IP address on a normal device, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0 SFS ip addr Success V-288-0 ip addr add successful.
For example, to add a virtual IP address on a bond device, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0 SFS ip addr Success V-288-0 ip addr add successful.
For example, to add a virtual IP address on a VLAN device created over a normal device with VLAN ID 3, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual pubeth0.3 SFS ip addr Success V-288-0 ip addr add successful.
For example, to add a virtual IP address on a VLAN device created over a bond device with VLAN ID 3, enter the following:
Network> ip addr add 10.10.10.10 255.255.255.0 virtual bond0.3 SFS ip addr Success V-288-0 ip addr add successful.
142
To change an IP address to the online mode on a specified node, enter the following:
Network> ip addr online ipaddr nodename ipaddr nodename Specifies the IP address that needs to be brought online. Specifies the nodename on which the IP address needs to be brought online. If you do not want to enter a specific nodename, enter any with the IP address.
For example:
Network> ip addr online 10.10.10.15 node5_2 Network> ip addr show IP Netmask Device Node ---------------10.216.114.212 255.255.248.0 pubeth0 node5_1 10.216.114.213 255.255.248.0 pubeth1 node5_1 10.216.114.214 255.255.248.0 pubeth0 node5_2 10.216.114.215 255.255.248.0 pubeth1 node5_2 10.216.114.217 255.255.248.0 pubeth0 node5_1 10.10.10.10 255.255.248.0 pubeth0 node5_1 10.10.10.11 255.255.248.0 pubeth1 node5_1 10.10.10.12 255.255.248.0 pubeth0 node5_2 10.10.10.13 255.255.248.0 pubeth1 node5_2 10.10.10.15 255.255.248.0 pubeth0 node5_2
Type ---Physical Physical Physical Physical Virtual Virtual Virtual Virtual Virtual Virtual
Status ------
143
To modify an IP address
If the specified oldipaddr is not assigned to the cluster, an error message is displayed. If you enter an invalid IP address (one that is not four bytes or has a byte value greater than 255), an error message is displayed. If the new IP address is already being used, an error message is displayed. For example:
Network> ip addr modify 10.10.10.15 10.10.10.16 255.255.240.0 SFS ip addr Success V-288-0 ip addr modify successful.
where ipaddr is the IP address to remove from the cluster. For example:
Network> ip addr del 10.10.10.15 SFS ip addr Success V-288-0 ip addr del successful.
144
Configuring Symantec FileStore network settings Displaying current Ethernet interfaces and states
Network> ip link show sfs_1 pubeth0 Nodename -------sfs_01 Device Status ------ -----pubeth0 UP MTU Detect --- -----1500 yes Speed HWaddr ------ -----100Mb/s 00:0c:29:a8:9d:f3
145
up - Brings the Ethernet interface online. down - Brings the Ethernet interface offline. mtu MTU - Changes the Ethernet interface's Maximum Transmission Unit (MTU) to the value that is specified in the argument field.
argument
The argument field is used only when you enter mtu in the operation field. Setting the incorrect MTU value causes the console IP to become unavailable. The argument field specifies what the MTU of the specified Ethernet interface on the specified node should be changed to. The MTU value must be an unsigned integer between 46 and 9216. If you enter the argument field, but do not enter an MTU in the operation field, the argument is ignored.
Network> ip link set all pubeth0 mtu 1600 sfs_01 : mtu updated on pubeth0 sfs_02 : mtu updated on pubeth0 Network> ip link show
146
MTU Detect --- -----1600 yes 1500 yes 1600 yes 1500 yes
The target network node's IP address and accompanying netmask. Gateways IP address. Optionally, a specific Ethernet interface via which to communicate with the target. This is useful, for example, if the demands of multiple remote clients are likely to exceed a single gateways throughput capacity.
You add or remove routing table entries using the Network> mode ip route command. Table 5-6 lists the commands used to configure the routing tables of the nodes in the cluster. Table 5-6 Command
route show
147
route del
Deletes a route used by the cluster. Use all for nodename to delete the route from all of the nodes in the cluster. The combination of ipaddr and netmask specifies the network or host for which the route is deleted. Use a value of 255.255.255.255 for the netmask to delete a host route to ipaddr. See Configuring routing tables on page 148.
148
To display the routing tables of the nodes in the cluster, enter the following:
Network> ip route show [nodename]
where nodename is the node whose routing tables you want to display. To see the routing table for all of the nodes in the cluster, enter all. For example:
Network> ip route show all sfs_01 ------------Destination Gateway 172.27.75.0 0.0.0.0 10.182.96.0 0.0.0.0 10.182.96.0 0.0.0.0 127.0.0.0 0.0.0.0 0.0.0.0 10.182.96.1 sfs_02 ------------Destination Gateway 172.27.75.0 0.0.0.0 10.182.96.0 0.0.0.0 10.182.96.0 0.0.0.0 127.0.0.0 0.0.0.0 0.0.0.0 10.182.96.1
Destination
Displays the destination network or destination host for which the route is defined. Displays a network node equipped for interfacing with another network. Displays the netmask.
Gateway
Genmask
149
Flags
MSS
Displays maximum segment size. The default is 0. You cannot modify this attribute. Displays the maximum amount of data the system accepts in a single burst from the remote host. The default is 0. You cannot modify this attribute. Displays the initial round trip time with which TCP connections start. The default is 0. You cannot modify this attribute. Displays the interface. On UNIX systems, the device name lo refers to the loopback interface.
Window
irtt
Iface
To add a route entry to the routing table of nodes in the cluster, enter the following:
Network> ip route add nodename ipaddr netmask via gateway [dev device] nodename Specifies the node to whose routing table the route is to be added. To add a route path to all the nodes, use all in the nodename field. If you enter a node that is not a part of the cluster, an error message is displayed. ipaddr Specifies the destination of the IP address. If you enter an invalid IP address, then a message notifies you before you fill in other fields. netmask Specifies the netmask associated with the IP address that is entered for the ipaddr field. Use a netmask value of 255.255.255.255 for the netmask to add a host route to ipaddr. via This is a required field. You must type in the word.
150
gateway
Specifies the gateway IP address used for the route. If you enter an invalid gateway IP address, then an error message is displayed. To add a route that does not use a gateway, enter a value of 0.0.0.0.
Specifies the route device option. You must type in the word. Specifies which Ethernet interface on the node the route path is added to. This variable is optional. You can specify the following values:
any - Default pubeth0 - Public Ethernet interface pubeth1 - Public Ethernet interface
The Ethernet interface field is required only when you specify dev in the dev field. If you omit the dev and device fields, FileStore uses a default Ethernet interface.
For example:
Network> ip route add sfs_01 10.10.10.10 255.255.255.255 via 0.0.0.0 dev pubeth0 sfs_01: Route added successfully
151
To delete route entries from the routing tables of nodes in the cluster
To delete route entries from the routing tables of nodes in the cluster, enter the following:
Network> ip route del nodename ipaddr netmask nodename Specify the node from which the node is deleted. To delete the route entry from all nodes, use the all option in this field. ipaddr Specifies the destination IP address of the route entry to be deleted. If you enter an invalid IP address a message notifies you before you enter other fields. netmask Specifies the IP address to be used.
For example:
Network> ip route del sfs_01 10.216.128.0 255.255.255.255 sfs_01: Route deleted successfully
About LDAP
The Lightweight Directory Access Protocol (LDAP) is the protocol used to communicate with LDAP servers. The LDAP servers are the entities that perform the service. In FileStore the most common use of LDAP is user authentication. For sites that use an LDAP server for access or authentication, FileStore provides a simple LDAP client configuration interface.
IP address or host name of the LDAP server. You also need the port number of the LDAP server. Base (or root) distinguished name (DN), for example, cn=employees,c=us. LDAP database searches start here.
152
Configuring Symantec FileStore network settings About configuring LDAP server settings
Bind distinguished name (DN) and password, for example, ou=engineering,c=us. This allows read access to portions of the LDAP database to search for information. Base DN for users, for example, ou=users,dc=com. This allows access to the LDAP directory to search for and authenticate users. Base DN for groups, for example, ou=groups,dc=com. This allows access to the LDAP database, to search for groups. Root bind DN and password. This allows write access to the LDAP database, to modify information, such as changing a user's password. Secure Sockets Layer (SSL). Configures an FileStore cluster to use the Secure Sockets Layer (SSL) protocol to communicate with the LDAP server. Password hash algorithm, for example md5, if a specific password encryption method is used with your LDAP server.
See Configuring LDAP server settings on page 154. See Administering the FileStore cluster's LDAP client on page 159.
Configuring Symantec FileStore network settings About configuring LDAP server settings
153
set binddn
Sets the bind Distinguished Name (DN) and its password for the LDAP server. This DN is used to bind with the LDAP server for read access. For LDAP authentication, most attributes need read access.
Note: You must set the LDAP users, groups, and netgroups base DN.
154
set password-hash Sets the LDAP password hash algorithm used when you set or change the LDAP user's password. The password is encrypted with the configured hash algorithm before it is sent to the LDAP server and stored in the LDAP directory.
To set the base DN for the LDAP server, enter the following:
Network> ldap set basedn value
For example:
Network> ldap set basedn dc=example,dc=com OK Completed
155
For example, if you enter an IP address for the value you get the following message:
Network> ldap set server 10.10.10.10 OK Completed
For example:
Network> ldap set ssl on OK Completed
156
To set the bind DN for the LDAP server, enter the following:
Network> ldap set binddn value
The value setting is mandatory. You are prompted to supply a password. You must use your LDAP server password. For example:
Network> ldap set binddn cn Enter password for 'cn': *** OK Completed
To set the root bind DN for the LDAP server, enter the following:
Network> ldap set rootbinddn value
You are prompted to supply a password. You must use your LDAP server password. For example:
Network> ldap set rootbinddn dc Enter password for 'dc': *** OK Completed
157
To set the LDAP users, groups, or netgroups base DN, enter the following:
Network> ldap set users-basedn value Network> ldap set groups-basedn value Network> ldap set netgroups-basedn value users-basedn value Specifies the value for the users-basedn. For example: ou=users,dc=example,dc=com (default)
groups-basedn value
Specifies the value for the groups-basedn. For example: ou=groups,dc=example,dc=com (default)
netgroups-basedn Specifies the value for the netgroups-basedn. For example: value ou=netgroups,dc=example,dc=com (default)
For example:
Network> ldap set users-basedn ou=Users,dc=example,dc=com OK Completed
For example:
Network> ldap set password-hash clear OK Completed
158
Configuring Symantec FileStore network settings About administering FileStore cluster's LDAP client
For example:
Network> ldap get server LDAP server: ldap-server.example.com OK Completed
For example:
Network> ldap clear binddn OK Completed
ldap enable
Enables the LDAP client configuration. See Administering the FileStore cluster's LDAP client on page 159.
ldap disable
Disables the LDAP client configuration. This command stops FileStore from querying the LDAP service. See Administering the FileStore cluster's LDAP client on page 159.
Configuring Symantec FileStore network settings Administering the FileStore cluster's LDAP client
159
groups netgroups
If you do not include one of the optional variables, the command displays all the configured settings for the LDAP client. For example:
Network> ldap show LDAP client is enabled. ======================= LDAP server: LDAP port: LDAP base DN: LDAP over SSL: LDAP bind DN: LDAP root bind DN: LDAP password hash: LDAP users base DN: LDAP groups base DN: LDAP netgroups base DN: OK Completed
ldap_server 389 (default) dc=example,dc=com on cn=binduser,dc=example,dc=com cn=admin,dc=example,dc=com md5 ou=Users,dc=example,dc=com ou=Groups,dc=example,dc=com ou=Netgroups,dc=example,dc=com
160
For example:
Network> ldap enable
LDAP clients use the LDAPv3 protocol for communicating with the server. Enabling the LDAP client configures the Pluggable Authentication Module (PAM) files to use LDAP. PAM is the standard authentication framework for Linux. To disable the LDAP client configuration
For example:
Network> ldap disable
LDAP clients use the LDAPv3 protocol for communicating with the server. This command configures the PAM configuration files so that they do not use LDAP.
About NIS
FileStore supports Network Information Service (NIS), implemented in a NIS server, as an authentication authority. You can use NIS to authenticate computers. If your environment uses NIS, enable the NIS-based authentication on the FileStore cluster. Table 5-9 Command
nis show
Sets the NIS domain name in the FileStore cluster. See Configuring the NIS-related commands on page 161.
161
nis set servername Sets the NIS server name in the FileStore cluster. See Configuring the NIS-related commands on page 161. nis enable Enables the NIS clients in the FileStore cluster. You must set the NIS domain name and NIS server name before you can enable NIS. See Configuring the NIS-related commands on page 161. nis disable Disables the NIS clients in the FileStore cluster. See Configuring the NIS-related commands on page 161.
groups
netgroups
For example:
Network> nis show NIS Status : Disabled domain : NIS Server :
162
To set the NIS domain name on the cluster nodes, enter the following:
Network> nis set domainname [domainname]
To set the NIS server name on all cluster nodes, enter the following:
Network> nis set servername servername
where servername is the NIS server name. You can use the server's name or IP address. For example:
Network> nis servername 10.10.10.10 Setting NIS Server "10.10.10.10"
For example:
Network> nis enable Enabling NIS Client on all the nodes..... Done. Please enable NIS in nsswitch settings for required services.
163
For example:
Network> nis disable Disabling NIS Client on all nodes Please disable NIS in nsswitch settings for required services.
About NSS
Name Service Switch (NSS) is an FileStore cluster service which provides a single configuration location to identify the services (such as NIS or LDAP) for network information such as hosts, groups, or passwords. For example, host information may be on an NIS server. Group information may be in an LDAP database. The NSS configuration specifies which network services the FileStore cluster should use to authenticate hosts, users, groups, and netgroups. The configuration also specifies the order in which multiple services should be queried. Table 5-10 Command
nsswitch show
nsswitch conf
Configures the order of the NSS services. See Configuring NSS lookup order on page 164.
164
ldap
ldap
value1 (required)- { files/nis/winbind/ldap } value2 (optional) - { files/nis/winbind/ldap } value3 (optional) - { files/nis/winbind/ldap } value4 (optional) - { files/nis/winbind/ldap }
For example:
Network> nsswitch conf shadow files ldap Network> nsswitch show group: files nis winbind hosts: files nis dns netgroup: nis passwd: files nis winbind shadow: files ldap
ldap
ldap
165
vlan add
vlan del
166
For example:
VLAN ----pubeth0.2 DEVICE -----pubeth0 VLAN id ------2
vlan_id
For example:
Network> vlan add pubeth1 2 Network> vlan show VLAN ----pubeth0.2 pubeth1.2 DEVICE -----pubeth0 pubeth1 VLAN id ------2 2
167
where the vlan_device is the VLAN name from the Network> vlan show command. For example:
Network> vlan del pubeth0.2 Network> vlan show VLAN ----pubeth1.2 DEVICE -----pubeth1 VLAN id ------2
168
Chapter
About NFS server commands Accessing the NFS server Displaying NFS statistics Displaying file systems and snapshots that can be exported
170
server stop
Stops the NFS server. See Accessing the NFS server on page 170.
stat
Prints the NFS statistics. See Displaying NFS statistics on page 172.
show fs
Displays all of the online file systems and snapshots that can be exported. See Displaying file systems and snapshots that can be exported on page 173.
Prior to starting the NFS server, check on the status of the server by entering:
NFS> server status
For example:
NFS> server status NFS Status on sfs_01 : OFFLINE NFS Status on sfs_02 : OFFLINE
The states (ONLINE, OFFLINE, and FAULTED) correspond to each FileStore node identified by the node name. The states of the node may vary depending on the situation for that particular node. The possible states of the NFS> server status command are:
ONLINE OFFLINE FAULTED Indicates that the node can serve NFS protocols to the client. Indicates the NFS services on that node are down. Indicates something is wrong with the NFS service on the node.
You can run the NFS> server start command to restart the NFS services, and only the nodes where NFS services have problems, will be restarted.
171
You can use the NFS> server start command to clear an OFFLINE state from the NFS> server status output by only restarting the services that are offline. You can run the NFS> server start command multiple times without it affecting the already-started NFS server. For example:
NFS> server start ..Success.
Run the NFS> server status command again to confirm the change.
NFS> server status NFS Status on sfs_01 : ONLINE NFS Status on sfs_02 : ONLINE
For example:
NFS> server stop ..Success.
You will receive an error if you try to stop an already stopped NFS server.
172
where nodename specifies the node name for which you are trying to obtain the statistical information. If the nodename is not specified, statistics for all the nodes in the cluster are displayed. For example:
NFS> stat sfs_01 sfs_01 ---------------Server rpc stats: calls badcalls 52517 0 Server nfs v2: null getattr 10 100% 0 0% read wrcache 0 0% 0 0% link symlink 0 0% 0 0% Server null 11 read 4138 remove 0 fsstat 0 nfs v3: getattr 0% 17973 35% write 8% 4137 8% rmdir 0% 1 0% fsinfo 0% 2 0%
badauth 0
badclnt 0
xdrcall 0
Configuring your NFS server Displaying file systems and snapshots that can be exported
173
To display online file systems and the snapshots that can be exported, enter the following:
NFS> show fs
For example:
NFS> show fs FS/Snapshot =========== fs1
174
Configuring your NFS server Displaying file systems and snapshots that can be exported
Chapter
About NFS file sharing Displaying exported directories Adding an NFS share Sharing directories using CIFS and NFS protocols Exporting an NFS snapshot Unexporting a directory or deleting NFS options
176
failover is transparent to NFS clients, and NFS clients regain access transparently as soon as the failover is complete. However, depending on client configuration and the nature of the failure, a client operation may time out, resulting in an error message such as: NFS server not responding, still trying. You use NFS commands to export or unexport your directories. The NFS> share commands are defined in Table 7-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the NFS> mode. See About using the FileStore command-line interface on page 33. Table 7-1 Command
share show
share add
share delete
Unexport a directory. See Unexporting a directory or deleting NFS options on page 184.
177
For example:
NFS> share show /vx/fs2 /vx/fs3
* (sync) * (secure,ro,no_root_squash)
Right-hand column
Displays the system that the directory is exported to, and the NFS options with which the directory was exported. For example: * (secure,ro,no_root_squash)
178
For example: Consider the following set of exported directories where only the client (1.1.1.1) has read-write access to directory (fs2), while all other clients have read access only.
/vx/fs2 /vx/fs2 * (ro) 1.1.1.1 (rw)
When sharing a directory, FileStore does not check whether the client exists or not. If you add a share for an unknown client, then an entry appears in the NFS> show command output. If the directory (including the underlying file system) does not exist, you will not be able to export to any client. FileStore gives the following error:
SFS nfs ERROR V-288-1697 Directory /vx/fs1/export does not exist
You cannot export a non-existent directory. The NFS> show fs command displays the list of exportable file systems. Valid NFS options include the following:
rw Grants read and write permission to the directory (including all files under the directory that reside on the exported directory's file system). Hosts mounting this directory will be able to make changes to the directory. Grants read-only permission to the directory. Hosts mounting this directory will not be able to change it. Grants synchronous write access to the directory. Forces the server to perform a disk write before the request is considered complete. Grants asynchronous write access to the directory. Allows the server to write data to the disk when appropriate. Grants secure access to the directory. Requires that clients originate from a secure port. A secure port is between 1-1024. Grants insecure access to the directory. Permits client requests to originate from unprivileged ports (those above 1024). Requires authorization of all locking requests.
ro (Default)
sync (Default)
async
secure (Default)
insecure
secure_locks (Default)
179
insecure_locks
Some NFS clients do not send credentials with lock requests, and therefore work incorrectly with secure_locks, in which case you can only lock world-readable files. If you have such clients, either replace them with better ones, or use the insecure_locks option. Prevents the root user on an NFS client from having root privileges on an NFS mount. This effectively "squashes" the power of the remote root user to the lowest local user, preventing remote root users from acting as though they were the root user on the local system.
root_squash (Default)
no_root_squash
Disables the root_squash option. Allows root users on the NFS client to have root privileges on the NFS server. Causes the NFS server to delay writing to the disk if another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead. Disables the wdelay option. Verifies that the requested file is in an exported subdirectory. If this option is turned off, the only verification is that the file is in an exported file system. Sometimes subtree checking can produce problems when a requested file is renamed while the client has the file open. If many such situations are anticipated, it might be better to set no_subtree_check. One such situation might be the export of the home directory. Most other situations are best handled with subtree_check. This option allows the FileStore administrator to associate a specific number as fsid with the share.
wdelay (Default)
no_subtree_check
fsid (Default)
Note: With root_squash, the root user can access the share, but with 'nobody' permissions.
180
To see your exportable online file systems and snapshots, enter the following:
NFS> show fs
For example:
NFS> show fs FS/Snapshot =========== fs2 fs3
For example:
NFS> share show /vx/fs2 /vx/fs3
* (sync) * (secure,ro,no_root_squash)
Creating and maintaining NFS shares Sharing directories using CIFS and NFS protocols
181
client
Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address.
Netgroups - netgroups may be given as @group. Only the host part of each netgroup member is considered for checking membership. IP networks - you can also simultaneously export directories to all hosts on an IP sub-network. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified as a contiguous mask length.
If the client is not given, then the specified directory can be mounted or accessed by any client. To re-export new options to an existing share, the new options will be updated after the command is run.
182
Creating and maintaining NFS shares Sharing directories using CIFS and NFS protocols
Figure 7-1
2-node FileStore cluster Data access by CIFS protocol Data access by NFS protocol
Windows user
UNIX user
Note: When a share is exported over both NFS and CIFS protocols, the applications running on the NFS and CIFS clients may attempt to concurrently read or write the same file. This may lead to unexpected results since the locking models used by these protocols are different. For example, an application reads stale data. For this reason, FileStore warns you when the share export is requested over NFS or CIFS and the same share has already been exported over CIFS or NFS, when at least one of these exports allows write access.
Creating and maintaining NFS shares Sharing directories using CIFS and NFS protocols
183
To export a directory to Windows and UNIX users with read-only and read-write permission respectively, go to CIFS mode and enter the following commands:
CIFS> show Name Value ---- ----netbios name mycluster ntlm auth yes allow trusted domains no homedirfs idmap backend rid:10000-1000000 workgroup SYMANTECDOMAIN security ads Domain SYMANTECDOMAIN.COM Domain user administrator Domain Controller SYMSERVER CIFS> share add fs1 share1 ro Exporting CIFS filesystem : share1... CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,ro
184
Only the directories that are displayed can be unexported. For example:
NFS> share show /vx/fs2 /vx/fs3
* (sync) * (secure,ro,no_root_squash)
To delete a directory from the export path, enter the following command:
NFS> share delete export_dir [client]
For example:
NFS> share delete /vx/fs3 Removing export path *:/vx/fs3 ..Success.
Creating and maintaining NFS shares Unexporting a directory or deleting NFS options
185
export_dir
Specifies the name of the directory you want to delete. The directory name should start with /vx, and only a-zA-Z0-9_/@+=.:- characters are allowed in export_dir. You cannot include single or double quotes that do not enclose characters. NFS> share delete "*:/vx/example" You cannot use one single quote or one double quote, as in the following example: NFS> share delete ' "filesystem
client
Clients may be specified in the following ways: Single host - specify a host either by an abbreviated name that is recognized by the resolver (DNS is the resolver), the fully qualified domain name, or an IP address. Netgroups - netgroups may be given as @group. Only the host part of each netgroup member is considered for checking membership. IP networks - you can also simultaneously export directories to all hosts on an IP sub-network. This is done by specifying an IP address and netmask pair as address/netmask where the netmask can be specified as a contiguous mask length.
If client is included, the directory is removed from the export path that was directed at the client. If a directory is being exported to a specific client, the NFS> share delete command must specify the client to remove that export path. If the client is not specified, then the specified directory can be mounted or accessed by any client.
186
Creating and maintaining NFS shares Unexporting a directory or deleting NFS options
Chapter
About creating and maintaining file systems Listing all file systems and associated information About creating file systems Creating a file system Adding or removing a mirror to a file system Configuring FastResync for a file system Disabling the FastResync option for a file system Increasing the size of a file system Decreasing the size of a file system Checking and repairing a file system Changing the status of a file system Defragmenting a file system Destroying a file system About snapshots About instant rollbacks About setting up file system alerts for file system usage
188
Creating and maintaining file systems About creating and maintaining file systems
fs create
Creates a file system. See About creating file systems on page 191.
fs addmirror
Adds a mirror to a file system. See Adding or removing a mirror to a file system on page 195.
Creating and maintaining file systems About creating and maintaining file systems
189
fs setfastresync
Keeps the mirrors in the file system in a consistent state. See Configuring FastResync for a file system on page 197.
fs unsetfastresync Disables the FastResync option for a file system. See Disabling the FastResync option for a file system on page 198. fs growto Increases the size of a file system to a specified size. See Increasing the size of a file system on page 199. fs growby Increases the size of a file system by a specified size. See Increasing the size of a file system on page 199. fs shrinkto Decreases the size of a file system to a specified size. See Decreasing the size of a file system on page 201. fs shrinkby Decreases the size of a file system by a specified size. See Decreasing the size of a file system on page 201. fs fsck Checks and repair a file system. See Checking and repairing a file system on page 202. fs alert Sets and unsets alerts by file system usage and displays current disk usage and alert values. See About setting up file system alerts for file system usage on page 227. fs online Mounts (places online) a file system. See Changing the status of a file system on page 202. fs offline Unmounts (places offline) a file system. See Changing the status of a file system on page 202. fs destroy Destroys a file system. See Destroying a file system on page 204.
190
Creating and maintaining file systems About creating and maintaining file systems
snapshot schedule Creates or remove a snapshot. See About snapshot schedules on page 211.
Creating and maintaining file systems Listing all file systems and associated information
191
To list all file systems and associated information, enter the following:
Storage> fs list [fs_name]
where fs_name is optional. If you enter a file system that does not exist, an error message is displayed. If you do not enter a specified file system, a list of file systems is displayed. For example:
Storage> fs list General Info: =============== Block Size: sfsman4_01: sfsman4_02: Primary Tier ============ clus_01: clus_02: Size: Use%: Layout: Mirrors: Columns: Stripe Unit: FastResync: Mirror 1: List of pools: List of disks: dev
192
fs create mirrored Creates a mirrored file system with a specified number of mirrors, a list of pools, and online status. Each mirror uses the disks from the corresponding pools as listed. See Creating a file system on page 192. fs create mirrored-stripe Creates a mirrored-stripe file system with a specified number of columns, mirrors, pools, and protection options. See Creating a file system on page 192. fs create striped-mirror Creates a striped-mirror file system with a specified number of mirrors and stripes. See Creating a file system on page 192. fs create striped Creates a striped file system. A striped file system is a file system that stores its data across multiple disks rather than storing the data on one disk. See Creating a file system on page 192.
193
Log size = 100 M per node Log size = 256 MB per node
To create a simple file system with a specified size, enter the following:
Storage> fs create simple fs_name size pool1[,disk1,...] [blksize=bytes]
For example:
Storage> fs create simple fs2 10m sda 100% [#] Creating simple filesystem
For example:
Storage> fs create mirrored fs1 100M 2 pool1,pool2 100% [#] Creating mirrored filesystem
194
Storage> fs create striped fs_name size ncolumns pool1[,disk1,...] [stripeunit=kilobytes] [blksize=bytes] fs_name Specifies the name of the file system being created. The file system name should be a string. If you enter a file that already exists, you receive an error message and the file system is not created. Specifies the size of a file system. To create a file system, you need at least 10 MB of space. Available units are the following:
size
MB GB TB
You can enter the units with either uppercase (10M) or lowercase (10m) letters. To see how much space is available on a pool, use the Storage> pool free command. See About configuring storage pools on page 64. nmirrors Specifies the number of mirrors for the file system. You must enter a positive integer. Specifies the number of columns for the striped file system. The number of columns represents the number of disks to stripe the information across. If the number of columns exceeds the number of disks for the entered pools, an error message is displayed. This message indicates that there is not enough space to create the striped file system. Specifies the pool(s) or disk(s) for the file system. If you specify a pool or disk that does not exist, you receive an error message. Specify more than one pool or disk by separating the name with a comma; however, do not include a space between the comma and the name. To find a list of pools and disks, use the Storage> pool list command. To find a list of disks, use the Storage> disk list command. The disk must be part of the pool or an error message is displayed.
ncolumns
pool1[,disk1,...]
Creating and maintaining file systems Adding or removing a mirror to a file system
195
protection
If you do not specify a protection option, the default is "disk." The available options for this field are:
disk - Creates mirrors on separate disks. pool - Creates mirrors in separate pools. If there is not enough space to create the mirrors, an error message is displayed, and the file system is not created.
stripeunit=kilobytes Specifies a stripe width (in kilobytes). Possible values are the following:
blksize=bytes
Specifies the block size for the file system. Possible values of bytes are the following:
Block sizes can affect the file size. For example, to create a file system greater then 32 TB, the block size needs to be 8192.
196
Creating and maintaining file systems Adding or removing a mirror to a file system
pool1[,disk1,...]
Specifies the pool(s) or disk(s) to use for the file system. If the specified pool or disk does not exist, an error message is displayed, and the file system is not created. You can specify more than one pool or disk by separating the name with a comma, but do not include a space between the comma and the name. To find a list of existing pools and disks, use the Storage> pool list command. See About configuring storage pools on page 64. To find a list of the existing disks, use the Storage> disk list command. See About displaying information for all disk devices on page 76. The disk needs to be part of the pool or an error message is displayed.
protection
The default value for the protection field is disk. Available options are: disk - if the protection is set to disk, then mirrors will be created on separate disks. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. The disks may or may not be in the same pool. pool - if the protection is set to pool, then mirrors will be created in separate pools. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. If not enough space is available, then the file system creation operation fails.
For example:
Storage> fs addmirror fs1 pool3,pool4
Creating and maintaining file systems Configuring FastResync for a file system
197
pool_or_disk_name
For a striped-mirror file system, if any of the disks are bad, the Storage> fs rmmirror command disables the mirrors on the disks that have failed. If no disks have failed, FileStore chooses a mirror to remove. For example:
Storage> fs rmmirror fs1 AMS_WMS0_0
198
Creating and maintaining file systems Disabling the FastResync option for a file system
pool_or_disk_name
where fs_name specifies the name of the file system for which to disable FastResync. If you specify a file system does not exist, an error message is displayed. For example:
Storage> fs unsetfastresync fs6
Creating and maintaining file systems Increasing the size of a file system
199
To increase the size of a file system to a specified size, enter the following:
Storage> fs growto {primary|secondary} fs_name new_length [pool1[,disk1,...]] [protection=disk|pool]
For example:
Storage> fs growto primary fs1 1G
If no pool is specified with the command, the disks for growing the file system can be taken from any available pool. The protection flag takes the default value of disk in this case. The value of the protection field cannot be set to pool when no pool is specified with the command. This operation may convert the layout of the file system if the command determines that the new file system is too large for the original layout. To increase the size of a file system by a specified size
To increase the size of a file system by a specified size, enter the following:
Storage> fs growby {primary|secondary} fs_name length_change [pool1[,disk1,...]] [protection=disk|pool]
For example:
Storage> fs growby primary fs1 50M
If no pool is specified with the command, the disks for growing the file system can be taken from any available pool. The protection flag takes the default value of disk in this case. The value of the protection field cannot be set to pool when no pool is specified with the command. This operation may convert the layout of the file system if the command determines that the new file system is too large for the original layout.
primary |secondary Specifies the primary or the secondary tier.
200
Creating and maintaining file systems Increasing the size of a file system
fs_name
Specifies the file system whose size will be increased. If you specify a file system that does not exist, an error message is displayed. Expands the file system to a specified size. The size specified must be a positive number, and it must be bigger than the size of the existing file system. If the new file system is not larger than the size of the existing file system, an error message is displayed, and no action is taken. This variable is used with the Storage> fs growto command.
new_length
length_change
Expands the file system by a specified size. The size specified must be a positive number, and it must be lesser than the available space. If it exceeds the available space, an error message is displayed, and no action is taken. This variable is used with the Storage> fs growby command.
pool1[,disk1,...]
Specifies the pool(s) or disk(s) to use for the file system. If you specify a pool or disk that does not exist, an error message is displayed, and the file system is not resized. You can specify more than one pool or disk by separating the name with a comma; however, do not include a space between the comma and the name. To find a list of existing pools and disks, use the Storage> pool list command. See About configuring storage pools on page 64. To find a list of the existing disks, use the Storage> disk list command. See About displaying information for all disk devices on page 76. The disk needs to be part of the pool or an error message displays.
protection
The default value for the protection field is disk. Available options are: disk - if the protection is set to disk, then mirrors will be created on separate disks. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. The disks may or may not be in the same pool. pool - if the protection is set to pool, then mirrors will be created in separate pools. This flag only works for file systems of type mirrored, mirrored-striped, and striped-mirror. If not enough space is available, then the file system creation operation fails.
Creating and maintaining file systems Decreasing the size of a file system
201
For example:
Storage> fs shrinkto primary fs1 10M
For example:
Storage> fs shrinkby primary fs1 10M primary | secondary fs_name Specifies the primary or secondary tier. Specifies the file system whose size will decrease. If you specify a file system that does not exist, an error message is displayed. Specifies the size to decrease the file system to. The size specified must be a positive number, and it must be smaller than the size of the existing file system. If the new file system size is not smaller than the size of the existing file system, an error message is displayed, and no action is taken. Decreases the file system by a specified size. The size specified must be a positive number, and it must be smaller than the size of the existing file system. If the new file system size is not smaller than the size of the existing file system, an error message is displayed, and no action is taken.
new_length
length_change
202
Creating and maintaining file systems Checking and repairing a file system
where fs_name specifies the file system for which to check and repair. For example:
Storage> fs fsck fs1 SFS fs ERROR V-288-693 fs1 must be offline to perform fsck.
Creating and maintaining file systems Changing the status of a file system
203
To change the status of a file system, enter one of the following, depending on which status you are using:
Storage> fs online fs_name Storage> fs offline fs_name
where fs_name specifies the name of the file system that you want to mount (online) or unmount (offline). If you specify a file system that does not exist, an error message is displayed. For example, to bring a file system online:
Storage> fs list FS STATUS SIZE === ====== ==== fs1 online 5.00G fs2 offline 10.00M NFS SHARED ======= no no CIFS SHARED ======= no no
MIRRORS ======= -
COLUMNS ======= -
Storage> fs online fs2 100% [#] Online filesystem Storage> fs list FS STATUS SIZE === ====== ==== fs1 online 5.00G fs2 online 10.00M NFS SHARED ======= no no LAYOUT ====== simple simple MIRRORS ======= COLUMNS ======= USE% ==== 10% 100%
204
where fs_name is the name of the file system that you want to defragment. The specified file system must be online prior to attempting to defragment the file system. See Changing the status of a file system on page 202. For example:
Storage> fs defrag fs1 It will take some time to do the defragmentation Do you want to continue? yes|no yes Defragmentation in progress... If you want to stop defragmentation, you can press ctrl+c... Defragmentation completed successfully for fs1 Storage> fs defrag fs2 SFS fs ERROR V-288-646 File system fs2 does not exist. Storage> fs defrag fs22 It will take some time to do the defragmentation Do you want to continue? yes|no no Defragmentation cancelled for fs22
205
where fs_name specifies the name of the file system that you want to destroy. For example:
Storage> fs destroy fs1 100% [#] Destroy filesystem
About snapshots
A snapshot is a virtual image of the entire file system. You can create snapshots of a parent file system on demand. Physically, it contains only data that corresponds to changes made in the parent, and so consumes significantly less space than a detachable full mirror. Snapshots are used to recover from data corruption. If files, or an entire file system, are deleted or become corrupted, you can replace them from the latest uncorrupted snapshot. You can mount a snapshot and export it as if it were a complete file system. Users can then recover their own deleted or corrupted files. You can limit the space consumed by snapshots by setting a quota on them. If the total space consumed by snapshots remains above the quota, FileStore rejects attempts to create additional ones. You can create a snapshot by either using the snapshot create command or by creating a schedule that calls the snapshot create command depending on the values entered for the number of hours or minutes after which this command should run. This method automatically creates the snapshot by storing the following values in the crontab: minutes, hour, day-of-month, month, and day-of-week. Table 8-3 Command
snapshot create
206
snapshot destroy
snapshot online
snapshot offline
snapshot quota list Displays snapshot information for all the file systems. See Configuring snapshots on page 209. snapshot quota on Disables the creation of snapshots on the given file system when the space used by all of the snapshots of that file system exceeds a given capacity. The space used by the snapshots is restricted. See Configuring snapshots on page 209. snapshot quota off Enables the creation of snapshots on the given file system when the space used by all of the snapshots of that file system exceeds a given capacity. The space used by the snapshots is not restricted. See Configuring snapshots on page 209. snapshot restore Restore the given file system by a given snapshot. See Configuring snapshots on page 209.
Creating snapshots
To create a snapshot
207
snapshot_name
yes no
If the removable attribute is yes, and the file system is offline, the snapshot is removed automatically if the file system runs out of space. The default value is removable=no.
For example:
Storage> snapshot create snapshot1 fs1 100% [#] Create snapshot
208
Displaying snapshots
To display snapshots
fs_name
Displays all of the snapshots of the specified file system. If you do not specify a file system, snapshots of all of the file systems are displayed.
schedule_name Displays the schedule name. If you do not specify a schedule name, then snapshots created under fs_name are displayed.
Storage> snapshot list Snapshot =================================== snap2 sc1_24_Jul_2009_21_34_01_IST sc1_24_Jul_2009_19_34_02_IST presnap_sc1_24_Jul_2009_18_34_02_IST sc1_24_Jul_2009_17_34_02_IST ctime ==================== 2009.Jul.27.02:40:43 2009.Jul.24.21:34:03 2009.Jul.24.19:34:04 2009.Jul.24.18:34:04 2009.Jul.24.17:34:04
Status ====== offline offline offline offline offline Removable ========= no yes yes yes yes Preserved ========= No No No Yes No Size ==== 190.0M 900.0M 7.0G 125M 0K
Displays the name of the created snapshots. Displays the file systems that correspond to each created snapshots. Displays whether or not the snapshot is mounted (that is, online or offline). Displays the time the snapshot was created. Displays the time the snapshot was modified. Determines if the snapshot should be automatically removes in case the underlying file system runs out of space. You entered either yes or no in the snapshot create snapshot_name fs_name [removable] Determines if the snapshot is preserved when all of the automated snapshots are destroyed.
Preserved
209
Size
Configuring snapshots
To destroy a snapshot
For example:
Storage> snapshot destroy snapshot1 fs1 100% [#] Destroy snapshot
To mount or unmount snapshots, enter one of the following commands, depending on which operation you want to perform:
Storage> snapshot online|offline snapshot_name fs_name snapshot_name fs_name Specifies the name of the snapshot. Specifies the name of the file system.
210
fs_name capacity_limit
off
211
To restore a snapshot
For example:
Storage> snapshot restore snapshot0 fs0 SFS snapshot WARNING V-288-0 Snapshot created after snapshot0 will be deleted SFS snapshot WARNING V-288-0 Are you sure to restore file system fs0 with snapshot ssss? (yes/no) yes SFS snapshot SUCCESS V-288-0 File System fs0 restored successfully by snapshot snapshot0.
212
Note: A best practice is to create only one snapshot schedule for a specified file system. Otherwise, when running the Storage> snapshot schedule destroyall command, it might take a while to complete.
Note: If the master node is being rebooted, snapshot schedules will be missed if scheduled during the reboot of the master node. Table 8-4 Command Snapshot schedule commands Definition
snapshot schedule Creates a schedule to automatically create a snapshot of a particular create file system. See Creating snapshot schedules on page 213. snapshot schedule Modifies the snapshot schedule of a particular filesystem. modify See Configuring snapshot schedules on page 215. snapshot schedule Creates a schedule to destroy all of the automated snapshots. This destroyall excludes the preserved and online snapshots. See Configuring snapshot schedules on page 215. snapshot schedule Preserves a limited number of snapshots corresponding to an existing preserve schedule and specific file system name. These snapshots are not removed as part of the snapshot schedule autoremove command. See Configuring snapshot schedules on page 215. snapshot schedule Displays all schedules that have been set for automatically creating show snapshots. See Configuring snapshot schedules on page 215. snapshot schedule Deletes the schedule set for automatically creating snapshots for a delete particular file system or for a particular schedule. See Configuring snapshot schedules on page 215.
213
For example, to create a schedule for an automated snapshot creation of a given file system at 3:00 am every day, enter the following:
Storage> snapshot schedule create schedule1 fs1 100 0 3 * * *
When an automated snapshot is created, the entire date value is appended, including the time zone.
schedule_name Specifies the name of the schedule corresponding to the automatically created snapshot. The schedule_name cannot contain an underscore ('_') as part of its value. For example, sch_1 is not allowed. fs_name Specifies the name of the file system. The file system name should be a string.
max_snapshot_limit Specifies the number of snapshots that can be created for a given file system and schedule name. This field only accepts numeric input. Entering 0 implies the snapshots can be created on a given file system and schedule name without any restriction.
Note: If you are using the '*/xx' format, the smallest value for 'xx' is 15.
You can enter */(15-59) or a range such as 23-43. An asterisk (*) is not allowed. hour This parameter may contain either an asterisk, (*), which implies "run every hour," or a number value between 0-23. You can enter */(0-23), a range such as 12-21, or just the *.
214
day_of_the_month This parameter may contain either an asterisk, (*), which implies "run every day of the month," or a number value between 1-31. You can enter */(1-31), a range such ass 3-22, or just the *. month This parameter may contain either an asterisk, (*), which implies "run every month," or a number value between 1-12. You can enter */(1-12), a range such as 1-5, or just the *. You can also enter the first three letters of any month (must use lowercase letters). day_of_the_week This parameter may contain either an asterisk (*), which implies "run every day of the week," or a numeric value between 0-6. Crontab interprets 0 as Sunday. You can also enter the first three letters of the week (must use lowercase letters).
For example, to create a schedule for automated snapshot creation of a given file system every 3 hours on a daily basis, and only 30 snapshots can be maintained for a given snapshot schedule, enter the following:
Storage> snapshot schedule create schedule1 fs1 30 0 */3 * * *
215
To display all of the schedules for automated snapshots, enter the following:
Storage> snapshot schedule show [fs_name] [schedule_name] fs_name Displays all of the schedules of the specified file system. If no file system is specified, schedules of all of the file systems are displayed. Displays the schedule name. If no schedule name is specified, then all of the schedules created under fs_name are displayed.
schedule_name
For example, to display all of the schedules for creating or removing snapshots to an existing file system, enter the following:
Storage> snapshot schedule show fs3 FS Schedule Name Max Snapshot Minute === ============= ============ ====== fs3 sched1 30 */20 fs3 sched2 20 */45
Hour ==== * *
Day === * *
Month ===== * *
WeekDay ======= * *
For example, to list the automated snapshot schedules for all file systems, enter the following:
Storage> snapshot schedule show FS Schedule Name Max Snapshot === fs6 fs1 ============= sc1 sc1 ============ 10 10
Hour ==== * *
Day === * *
Month ===== * *
WeekDay ======= * *
When a scheduled snapshot is set to trigger, the snapshot needs to gain a lock to begin the operation. If any command is issued from the CLI or is running through schedules, and if the command holds a lock, the triggered snapshot schedule is not able to obtain the lock, and the scheduled snapshot fails. When a scheduled snapshot is set to trigger, the snapshot checks if there is any instance of a snapshot creation process running. If there is a snapshot
216
creation process running, the scheduled snapshot aborts, and a snapshot is not created. To modify a snapshot schedule
For example, to modify the existing schedule so that a snapshot is created at 2:00 am on the first day of the week, enter the following:
Storage> snapshot schedule modify schedule1 fs1 *2**1
To automatically remove all of the snapshots created under a given schedule and file system name (excluding the preserved and online snapshots), enter the following:
Storage> snapshot schedule destroyall schedule_name fs_name
Example 1: If you try to destroy all automated snapshots when two of the automated snapshots are still mounted, FileStore returns an appropriate error, and other automated snapshots under the given schedule and file system are destroyed.
Storage> snapshot schedule destroyall schedule1 fs1 SFS snapshot ERROR V-288-1074 Cannot destroy snapshot(s) schedule1_7_Dec_2009_17_58_02_UTC schedule1_7_Dec_2009_16_58_02_UTC in online state.
Example 2: If you try to destroy all automated snapshots (which are in an offline state), the operation completes successfully.
Storage> snapshot schedule destroyall schedule2 fs1 100% [#] Destroy automated snapshots
217
To preserve snapshots
To preserve a number of snapshots corresponding to an existing schedule and specific file system name, enter the following:
Storage> snapshot schedule preserve schedule_name fs_name snapshot_name
For example, to preserve a snapshot created according to a given schedule and file system name, enter the following:
Storage> snapshot schedule preserve schedule fs1 schedule1_Feb_27_16_42_IST
For example:
Storage> snapshot schedule delete fs1
218
Destroys a shared cache object. See Destroying a cache object of a FileStore instant rollback on page 227.
Displays a list of shared cache objects. See Listing cache objects for a FileStore instant rollback on page 226.
Creates a space-optimized instant rollback for a specified file system. See Creating a FileStore space-optimized rollback on page 219.
Creates a full-sized instant rollback for a specified file system. See Creating a full-sized rollback on page 220. Destroys an instant rollback. See Destroying an instant rollback on page 224.
rollback list
Displays a list of instant rollbacks. See Listing FileStore instant rollbacks on page 221.
rollback refresh
Refreshes instant rollback data. See Refreshing an instant rollback from a file system on page 222.
rollback restore
Restores instant rollback data. See Restoring a file system from an instant rollback on page 221.
rollback online
Mounts an instant rollback so that it will be available for read/write access. See Making an instant rollback go online on page 223.
rollback offline
Unmounts an instant rollback. See Making an instant rollback go offline on page 223.
When creating instant rollbacks for volumes bigger than 1T, there may be error messages such as the following:
219
An error message may occur because the default amount of memory allocated for a Data Change Object (DO) may not be large enough for such big volumes. You can use the vxtune command to change the value. The default value is 6M, which is the memory required for a 1T volume. To change it to 15M, use the following command:
vxtune volpagemod_max_memsz `expr 15 \* 1024 \* 1024`
To create a FileStore space-optimized rollback for a specified file system, enter the following:
Storage> rollback create space-optimized rollback_name fs_name [cacheobj] rollback_name fs_name Indicates the name of the rollback. Indicates the name of the file system for where to create the space-optimized rollback. Indicates the cache object name. If the cache object is specified, then the shared cache object is used. Or FileStore automatically creates a cache object for the rollback.
cacheobj
For example:
Storage> rollback create space-optimized snap4 fs4 100%[#] Create rollback
220
To create a FileStore space-optimized rollback for a specified file system, enter the following:
Storage> rollback create full-sized rollback_name fs_name pool rollback_name fs_name Indicates the name of the rollback. Indicates the name of the file system for where to create the full-sized rollback. Indicates the name of the pool for where to create the full-sized rollback. The disks used for the rollback are allocated from the specified pool.
pool
For example:
Storage> rollback create full-sized snap5 fs4 pool1 100%[#] Create rollback
221
where fs_name is the name of the file system where you want to list the instant rollbacks. If no file system is specified, instant rollbacks are displayed for all the file systems. For example:
Storage> rollback list NAME TYPE roll5 fullinst roll1 spaceopt
Storage> rollback list fs4 NAME TYPE SNAPDATE roll5 fullinst 2010/10/15 20:04
222
For example:
Storage> rollback restore fs4 snap4
Re-online the file system. See Making an instant rollback go online on page 223. Re-onlining a file system may take some time depending on the size of the file system.
rollback_name
For example:
Storage> rollback refresh roll5 fs4 SFS rollback WARNING V-288-0 rollback roll5 will be refreshed to filesystem fs4 SFS rollback WARNING V-288-0 Are you sure to refresh rollback roll5 with filesystem fs4? (yes/no) yes 100% [#] Refresh rollback SFS rollback SUCCESS V-288-0 snapshot roll5 refreshed successfully from fs fs4
223
For example:
Storage> rollback online snap1 Online the filesystem of rollback "snap1"
The instant rollback is available for read/write access just as the file system.
For example:
Storage> rollback offline snap1 fs1 Offline the filesystem of snapshot "snap1"
224
For example:
Storage> rollback destroy snap1 myfs2 Destroy the snapshot "snap1" of filesystem "myfs2"
225
To create a shared cache object for a FileStore instant rollback, enter the following:
Storage> rollback cache create cache_name cache_size pool cache_name Indicates the name of the cache you want to create for the instant rollback. Indicates the cache size for the instant rollback. Cache size can be specified in any units, such as M, G, or T. The size of the shared cache object should be sufficient to record changes to the file system during intervals between instant rollback refreshes. By default, the size of the cache object for an instant rollback is 20% of the total size of the parent file system. The size of the cache object is dependent on your environment. pool Indicates the pool for storing the cache object for the instant rollback. For better performance, the pool used for the space-optimized rollback should be different from the pool used by the file system.
cache_size
For example:
Storage> rollback cache create mycache 500m pool1 Create a shared cache object "mycache" with the disks from "pool1", the size is 500m
226
To list cache objects for a FileStore instant rollback, enter the following:
Storage> rollback cache create cache_name cache_size pool
cache_name cache_size
Indicates the name of the cache you want to display for the instant rollback. Indicates the cache size for the instant rollback. Cache size can be specified in any units, such as M, G, or T. The size of the shared cache object should be sufficient to record changes to the file system during intervals between instant rollback refreshes. By default, the size of the cache object for an instant rollback is 20% of the total size of the parent file system. The size of the cache object is dependent on your environment.
pool
Indicates the pool for storing the cache object for the instant rollback. For better performance, the pool used for the space-optimized rollback should be different from the pool used by the file system.
For example:
Storage> rollback cache list CACHE NAME TOTAL(Mb) USED(Mb) (%) AVAIL(Mb) (%) SDCNT SNAP-fs1_tier1-C01 200 5 (2) 195 (97) 1 SNAP-fs1_tier2-C01 200 4 (2) 196 (98) 1
SDCNT is the number of subdisks that have been created on the cache object. If you did not assign a cache object, a cache object is internally created for the instant rollback.
Creating and maintaining file systems About setting up file system alerts for file system usage
227
where cache_name is the name of the cache object that you want to destroy. For example:
Storage> rollback cache destroy mycache
You can only destroy the cache object if there is no instant rollback that is using this cache object.
fs alert unset
Unsets file system alerts. See Unsetting file system alerts on page 229.
fs alert show
Displays the current disk space usage and the alert value. See Displaying file system alerts on page 229.
228
Creating and maintaining file systems About setting up file system alerts for file system usage
where fs_name is the name of the file system for which you want to set the file system alerts. fs_name is optional. When setting the alert for numspace, value is the percentage you want to set to trigger the alert. By default, the alert is sent at 80%. The default value can be modified by not specifying a file system name in the command. When setting the alert for numinodes, value is the number of inodes used. The default alert value for numinodes is set at 0. An alert will not be sent until you set it to a different value. Examples of alerts: NUMSPACE alerts in Report> showevents
2011 Nov 14 23:55:02 [CLUS_01,alert,master] [[fs alert]] numspace set at 70(%) crossed for File System fs1, current usage 98(%)
Creating and maintaining file systems About setting up file system alerts for file system usage
229
where fs_name is the name of the file system for which you want to unset the file system alert. fs_name is optional. Examples for unsetting alerts that are file-system specific:
Storage> fs alert unset numinodes fs1 SFS fs SUCCESS V-288-663 Alert of type [ numinodes ] set to DEFAULT value on the file system fs1 Storage> fs alert unset numspace fs1 SFS fs SUCCESS V-288-663 Alert of type [ numspace ] set to DEFAULT value on the file system fs1
230
Creating and maintaining file systems About the Partition Secure Notification (PSN) feature
For example:
Storage> fs alert show File System Alert Type =========== ========== fs0 numspace fs0 numinodes fs1 numspace fs1 numinodes fs4 numspace fs4 numinodes
Value ========= 80% (D) 6500 80% (D) 8000 80(D)% 2000000 (D)
Creating and maintaining file systems About the Partition Secure Notification (PSN) feature
231
used. After each NDMP backup or replication session is completed, PSN finds the list of all Enterprise Vault partitions in PSN-enabled file systems, and notifies Enterprise Vault by creating an .xml file in the partition roots in an Enterprise Vault-specified format.
where fs_name is the specified file system where you want to enable the PSN feature. For example:
Storage> fs evpsn enable fs1 SFS fs SUCCESS V-288-650 evpsn enabled on fs1 successfully.
where fs_name is the specified file system where you want to disable the PSN feature. For example:
Storage> fs evpsn disable fs1 SFS fs SUCCESS V-288-652 evpsn disabled on fs1 successfully.
232
Creating and maintaining file systems About the Partition Secure Notification (PSN) feature
Listing the online file systems that have the Partition Secure Notification (PSN) feature enabled
The Storage> fs evpsn list command displays the list of online file systems that have the Enterprise Vault (EV) Partition Secure Notification (PSN) feature enabled. To list the online file systems that have the Partition Secure Notification (PSN) feature enabled
To list the online file systems that have the Partition Secure Notification (PSN) feature enabled, enter the following:
Storage> fs evpsn list
For example:
Storage> fs evpsn FS ============ fs1 list
Chapter
About configuring FileStore for CIFS About configuring CIFS for standalone mode Configuring CIFS server status for standalone mode About configuring CIFS for NT domain mode Configuring CIFS for the NT domain mode About leaving an NT domain Changing NT domain settings Changing security settings Changing security settings after the CIFS server is stopped About Active Directory (AD) About configuring CIFS for Active Directory (AD) domain mode About setting NTLM Setting NTLM About setting trusted domains About storing account information Storing user and group accounts
234
Using Symantec FileStore as a CIFS server About configuring FileStore for CIFS
About reconfiguring the CIFS service Reconfiguring the CIFS service About managing CIFS shares Sharing file systems using CIFS and NFS protocols About mapping user names for CIFS/NFS sharing About load balancing for the normal clustering mode About load balancing for the ctdb clustering mode Splitting a CIFS share About managing home directories About ctdb clustering modes Exporting a directory as a CIFS share Exporting the same file system/directory as a different CIFS share About switching the clustering mode About migrating CIFS shares and home directories Setting the aio_fork option Setting the netbios aliases for the CIFS server About managing local users and groups
Normal Clustered Trivial Database (CTDB) - a cluster implementation of the TDB (Trivial database) based on the Berkeley database API
Using Symantec FileStore as a CIFS server About configuring FileStore for CIFS
235
Each clustering mode supports all of the three operating modes. The ctdb clustering mode is a different clustered implementation of FileStore CIFS, which supports almost all of the features that are supported by normal clustering mode as well as some additional features. Additional features supported in ctdb clustering mode:
Directory-level share support Multi-instance share export of a file system/directory Simultaneous access of a share from multiple nodes and therefore better load balancing
See About ctdb clustering modes on page 309. FileStore can be integrated into a network that consists of machines running Microsoft Windows. You can control and manage the network resources by using Active Directory or NT workgroup domain controllers. Before you use FileStore with CIFS, you must have administrator-level knowledge of the Microsoft operating systems, Microsoft services, and Microsoft protocols (including Active Directory and NT services and protocols). You can find more information about them at: www.microsoft.com. To access the commands, log into your administrative console (master, system-admin, or storage-admin) and enter CIFS> mode. See About using the FileStore command-line interface on page 33. When serving the CIFS clients, FileStore can be configured to operate in one of the operating mode environments described in Table 9-1. Table 9-1 Mode
Standalone
236
Using Symantec FileStore as a CIFS server About configuring CIFS for standalone mode
Active Directory
When FileStore operates in the NT or AD domain mode, it acts as a domain member server and not as the domain controller.
Make sure that the CIFS server is not running. Set security to user. Start the CIFS server.
Check the server status. Display the server settings. Configure CIFS for standalone mode commands Definition
Checks the status of the CIFS server. See Configuring CIFS server status for standalone mode on page 237.
server stop
Stops the CIFS server if it is running. See Configuring CIFS server status for standalone mode on page 237.
show
Checks the security setting. See Configuring CIFS server status for standalone mode on page 237.
Using Symantec FileStore as a CIFS server Configuring CIFS server status for standalone mode
237
server start
Starts the service in standalone mode. See Configuring CIFS server status for standalone mode on page 237.
Be default, security is set to user, the required setting for standalone mode. The following example shows that security was previously set to ads. For example:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE Homedirfs Security Domain membership status Domain Domain Controller Domain User Clustering Mode : : : : : : : fs1 ads Disabled SYMANTECDOMAIN.COM SYMSERVER administrator normal
238
Using Symantec FileStore as a CIFS server Configuring CIFS server status for standalone mode
Check the current settings before setting security, enter the following:
CIFS> show
For example:
Name ---netbios name netbios aliases ntlm auth allow trusted domains homedirfs aio size idmap backend workgroup security Domain Domain user Domain Controller Clustering Mode Value ----ctdb yes no 1024 rid:10000-1000000 SYMANTECDOMAIN ads SYMANTECDOMAIN.COM administrator SYMSERVER normal
Using Symantec FileStore as a CIFS server Configuring CIFS server status for standalone mode
239
For example:
Name ---netbios name netbios aliases ntlm auth allow trusted domains homedirfs aio size idmap backend workgroup security Domain Domain user Domain Controller Clustering Mode Value ----mycluster yes no 1024 rid:10000-1000000 SYMANTECDOMAIN user SYMANTECDOMAIN.COM administrator SYMSERVER normal
To make sure that the server is running in standalone mode, enter the following:
CIFS> server status
For example:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE Homedirfs Security Clustering Mode : fs1 : user : normal
240
Using Symantec FileStore as a CIFS server About configuring CIFS for NT domain mode
See About managing local users and groups on page 326. See About managing CIFS shares on page 282.
Make sure that an NT domain has already been configured. Make sure that FileStore can communicate with the domain controller (DC) over the network. Make sure that the CIFS server is stopped. Set the domain user, domain, and domain controller. Set the security to domain. Start the CIFS server.
Check the server status. Display the server settings. Configuring CIFS for NT domain mode commands Definition
Sets the name of the domain user. The credentials of the domain user will be used at the domain controller while joining the domain. Therefore the domain user should be an existing NT domain user who has permission to perform the join domain operation. See Configuring CIFS for the NT domain mode on page 242.
set domain
Sets the name for the NT domain that you would like FileStore to join and become a member. See Configuring CIFS for the NT domain mode on page 242.
Using Symantec FileStore as a CIFS server About configuring CIFS for NT domain mode
241
set domaincontroller
Note: If security is set to domain, you can use both the AD server
and the Windows NT 4.0 domain controller as domain controllers. However, if you use the Windows NT 4.0 domain controller, you can only use the netbios name of the domain controller to set the domaincontroller parameter. See Configuring CIFS for the NT domain mode on page 242. set security Before you set the security for the domain, you must set the domaincontroller, domainuser, and domain. See Configuring CIFS for the NT domain mode on page 242. set workgroup Sets the workgroup name. If the name of the WORKGROUP or NETBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. See Configuring CIFS for the NT domain mode on page 242. server start The server joins the NT domain only when the server is started after issuing the CIFS> set security command. See Configuring CIFS for the NT domain mode on page 242.
242
Using Symantec FileStore as a CIFS server Configuring CIFS for the NT domain mode
where username is an existing NT domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
where domainname is the name of the domain that FileStore will join. For example:
CIFS> set domain SYMANTECDOMAIN.COM Global option updated. Note: Restart the CIFS server.
Using Symantec FileStore as a CIFS server Configuring CIFS for the NT domain mode
243
To set the domain controller server names for the NT domain mode
where servernames is a comma-separated list of primary and backup domain controller server names. The server name is the netbios name if it is a Windows NT 4.0 domain controller. For example, if the domain controller is a Windows NT 4.0 domain controller, enter the server name SYMSERVER:
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
To set the workgroup name if the WORKGROUP or NetBIOS domain name is different from the domain name, enter the following:
CIFS> set workgroup workgroup
where workgroup sets the WORKGROUP name. If the name of the WORKGROUP or NetBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. For example, if SIMPLE is the name of the WORKGROUP you want to set, you would enter the following:
CIFS> set workgroup SIMPLE
Though the following symbols $,( ), ', and & are valid characters for naming a WORKGROUP, the FileStore CIFS implementation does not allow using these symbols.
244
Using Symantec FileStore as a CIFS server Configuring CIFS for the NT domain mode
When you enter the correct password, the following messages appear:
Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server.....Success.
To find the current settings for the domain name, domain controller name, and domain user name, enter the following:
CIFS> show
To make sure that the service is running as a member of the NT domain, enter the following:
CIFS> server status
For example:
CIFS> server status CIFS Status on sfs_01 : ONLINE CIFS Status on sfs_02 : ONLINE Homedirfs Security Domain membership status Domain Domain Controller Domain User Clustering Mode : : : : : : : fs1 domain Enabled SYMANTECDOMAIN.COM SYMSERVER administrator normal
The CIFS service is now running in the NT domain mode. You can export the shares, and domain users can access the shares subject to authentication and authorization control.
245
Sets the security user. When you change the security setting, and you start or stop the CIFS server, the CIFS server leaves the existing NT domain. For example, if you change the security setting from domain to user and you stop or restart the CIFS server, it leaves the NT domain. See Changing security settings on page 247. If the CIFS server is already stopped, and you change the security to a value other than domain, FileStore leaves the domain. This method of leaving the domain is provided so that if a CIFS server is already stopped, and may not be restarted soon, you have a way to leave an existing join to the NT domain. See Changing security settings after the CIFS server is stopped on page 247.
246
where newdomain.com is the new domain name. When you start the CIFS server, the CIFS server tries to leave the existing domain. This requires the old domainuser to enter their password. After the password is supplied, and the domain leave operation succeeds, the CIFS server joins an NT domain with the new settings.
247
If the server is stopped, then changing the security mode will disable the membership of the existing domain.
248
authentication, Domain Name System (DNS) naming, secure access to resources, and more.
To set the NTP server on all of the nodes in the cluster, enter the following command:
System> ntp servername server-name
where server-name specifies the server name or the IP address you want to set. Ensure that the NTP service is enabled with the correct IP address of the NTP server. For example:
System> ntp servername 10.182.128.180
To enable the NTP server on all of the nodes in the cluster, enter the following command:
System> ntp enable
To display the NTP server on all of the nodes in the cluster, enter the following command:
System> ntp show
Configuring entries for FileStore DNS for authenticating to Active Directory (AD)
Name resolution must be configured correctly on FileStore. Domain Name System (DNS) is usually used for name resolution.
249
Create an entry for the FileStore cluster name. The cluster name is chosen at the time of installation, and it cannot be reset afterwards. It is also the NetBios name of the cluster, hence it must resolve to an IP address.
Configure the FileStore cluster name in DNS so that queries to it return the Virtual IP Addresses (VIPs) associated with the FileStore cluster in a round-robin fashion. This is done by creating separate A records that map the cluster name to each VIP. So, if there are four VIPs associated with the FileStore cluster (not including special VIPs for backup, replication, Symantec AntiVirus for FileStore, and so on), then there must be four A records mapping the cluster name to the four VIPs.
250
Verify that the DNS server has correct entries for FileStore by querying from a client:
myclient:~ # nslookup myfilestore Server: 10.182.108.75 Address: 10.182.108.75#53 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.31 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.30 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.29 Name: myfilestore.sfstest-ad2.local Address: 10.182.96.28
In the above scenario, the DNS server at 10.182.108.75, with domain name sfstest-ad2.local, has been configured so that queries for myfilestore.sfstest-ad2.local rotate in a round-robin manner among IP addresses ranging from 10.182.96.28 through 10.182.96.31. All of these are VIPs associated with the FileStore cluster named myfilestore. After configuring the DNS server correctly, FileStore must be configured as a DNS client. This is done during installation, but may be modified by using the following commands:
Network> dns set domainname sfstest-ad2.local Network> dns set nameservers 10.182.108.75 Network> dns enable
251
Verify that DNS client parameters are set correctly by entering the following command:
Network> dns show
In the above scenario, host resolution first looks at files, and then DNS. Configuring name resolution correctly is critical in order to successfully join FileStore to Active Directory.
In this example, it is the same as the DNS domain name. This is the domain name of Active Directory.
In this example, it is the same as the DNS server that was configured earlier. This is the IP address of the Active Directory Domain Controller. However, this is not a requirement . The DNS server and Active Directory can run on different servers, and hence this IP address may be different from the IP address of the DNS server.
This is a user whose credentials are used to join the Active Directory domain. The domainuser must have Domain Join privilege into the Active Directory domain. The domainuser need not be Administrator.
252
The other two supported security styles are user for local users and domain for NT Domains. For authenticating to Active Directory, use the ads security style.
FileStore displays the time on the cluster as well as the time on the Active Directory Domain Controller. If NTP has been configured correctly, then there will be no time skew. Otherwise, you will need to reconfigure NTP correctly. See Configuring entries for NTP for authenticating to Active Directory (AD) on page 248. You will be prompted to enter the password of domainuser.
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
253
To verify that FileStore has joined Active Directory successfully, enter the following command:
CIFS> server status
For example:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE Homedirfs Security Domain membership status Domain Workgroup Domain Controller Domain User Clustering Mode : : : : : : : : fs2,fs6 ads Enabled SYMANTECDOMAIN.COM SYMANTECDOMAIN SYMSERVER administrator normal
Refer to the Domain membership status line of the output to verify that the FileStore cluster has joined the domain (displays as Enabled) if the join is successful. If the cluster did not join the domain, an informative error message is provided indicating why the FileStore cluster cannot join the domain.
254
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
set domain
Sets the name of the domain for the AD domain mode that FileStore will join. See Configuring CIFS for the AD domain mode on page 255.
set domaincontroller
Sets the domain controller server name. See Configuring CIFS for the AD domain mode on page 255.
set security
Sets security for the domain. You must first set the domaincontroller, domainuser, and domain. See Configuring CIFS for the AD domain mode on page 255.
set workgroup
Sets the workgroup name. If the name of the WORKGROUP or NETBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. See Configuring CIFS for the AD domain mode on page 255.
server start
Starts the server. The CIFS server joins the Active Directory domain only when the server is started after issuing the CIFS> set security command. See Configuring CIFS for the AD domain mode on page 255.
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
255
where username is the name of an existing AD domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
256
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
where servername is the server's IP address or DNS name. For example, if the server SYMSERVER has an IP address of 172.16.113.118, you can specify one of the following:
CIFS> set domaincontroller 172.16.113.118 Global option updated. Note: Restart the CIFS server.
or
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
To set the workgroup name if the WORKGROUP or NetBIOS domain name is different from the domain name, enter the following:
CIFS> set workgroup workgroup
where workgroup sets the WORKGROUP name. If the name of the WORKGROUP OR NetBIOS domain name is different from the domain name, use this command to set the WORKGROUP name. For example, if SIMPLE is the name of the WORKGROUP you want to set, you would enter the following:
CIFS> set workgroup SIMPLE
Though the following symbols $,( ), ', and & are valid characters for naming a WORKGROUP, the FileStore CIFS implementation does not allow using these symbols.
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
257
After you enter the correct password for the user administrator belonging to AD domain SYMANTECDOMAIN.COM, the following message appears:
Joined domain SYMANTECDOMAIN.COM OK Starting CIFS Server.....Success.
The CIFS server is now running in the AD domain mode. You can export the shares, and the domain users can access the shares subject to the AD authentication and authorization control.
258
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
You will need to stop and start the CIF server. See Reconfiguring the CIFS service on page 280. To display the list of domain controllers
If the primary domain controller goes down, the CIFS server tries the next domain controller in the list until it receives a response. You should always point FileStore to the trusted domain controllers to avoid any security issues. FileStore will not perform list reduction or reordering, instead it will use the list as it is. So, avoid entering the redundant name for the same domain controller.
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
259
depending on existing security and domain settings and new administrative commands. However, the leave operation requires the credentials of the old domains user. All of the cases for a domain leave operation have been documented in Table 9-6. Table 9-6 Command
set domain
Sets the security user. If you change the security setting from ads to user and you stop or restart the CIFS server, it leaves the AD domain. When you change the security setting, and you stop or restart the CIFS server, the CIFS server leaves the existing AD domain. For example, the CIFS server leaves the existing AD domain if the existing security is ads, and the new security is changed to user, and the CIFS server is either stopped, or started again. See Changing domain settings for AD domain mode on page 259. If the CIFS server is already stopped, changing the security to a value other than ads causes FileStore to leave the domain. Both the methods mentioned earlier require either stopping or starting the CIFS server. This method of leaving the domain is provided so that if a CIFS server is already stopped, and may not be restarted in near future, you should have some way of leaving an existing join to AD domain. See Changing domain settings for AD domain mode on page 259.
260
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
Using Symantec FileStore as a CIFS server About configuring CIFS for Active Directory (AD) domain mode
261
When you start the CIFS server, it tries to leave the existing domain. This requires the old domainuser to enter its password. After the password is supplied, and the domain leave operation succeeds, the CIFS server joins an AD domain with the new settings.
262
1 2 3
Open the interface Active Directory Users and Computers. In the domain hierarchy tree, click on Computers. In the details pane, right-click the computer entry corresponding to FileStore (this can be identified by the FileStore cluster name) and click Delete.
263
When FileStore CIFS service is running in the standalone mode (with security set to user) some versions of the Windows clients require NTLM authentication to be enabled. You can do this by setting CIFS> set ntlm_auth to yes. When NTLM is disabled and you use FileStore in the NT domain mode, the only protocol available for user authentication is Microsoft NTLMv2. When NTLM is disabled and you use FileStore in AD domain mode, the available authentication protocols is Kerberos and NTLMv2. The one used depends on the capabilities of both the FileStore clients, and domain controller. If no special action is taken, FileStore allows the NTLM protocol to be used. For any specific CIFS connection, all the participants, that is the client machine, FileStore and domain controller select the protocol that they all support and that provides the highest security. In the AD domain mode, Kerberos provides the highest security. In the NT domain mode, NTLMv2 provides the highest security. Table 9-7 Command
set ntlm_auth no
set ntlm_auth yes Enables NTLM. See Setting NTLM on page 264.
264
Setting NTLM
To disable NTLM
For example:
CIFS> set ntlm_auth no Global option updated. Note: Restart the CIFS server.
To enable NTLM
For example:
CIFS> set ntlm_auth yes Global option updated. Note: Restart the CIFS server.
265
set Enables the use of trusted domains in the AD domain mode. allow_trusted_domains Note: If the security mode is user, it is not possible to enable yes AD trusted domains. All the IDMAP backend methods (rid, ldap, and hash) are able to support trusted domains. See Setting Active Directory trusted domains on page 275. set Disables the use of trusted domains in the AD domain mode. allow_trusted_domains See Setting Active Directory trusted domains on page 275. no
Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to rid
To allow trusted domains access to CIFS when setting LDAP IDMAP backend to rid
266
To verify the CIFS server status when there are trusted domains, enter the following:
CIFS> server status CIFS Status on SFS_01 CIFS Status on SFS_02
: ONLINE : ONLINE
Homedirfs : homefs Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal Trusted Domains : SYMANTECDOMAIN1 [SYMANTECDOMAIN2] SYMANTECDOMAIN3
Domain names containing square brackets indicate that the domain used to be a trusted domain, but the domain is currently obsolete.
Allowing trusted domains access to CIFS when setting an LDAP IDMAP backend to ldap
To allow trusted domains access to CIFS when setting an LDAP IDMAP backend to ldap
To configure AD as an LDAP IDMAP backend, follow the steps provided at: See About configuring Windows Active Directory as an LDAP IDMAP backend for FileStore for CIFS on page 268.
267
To verify the CIFS server status when there are trusted domains, enter the following:
CIFS> server status CIFS Status on SFS_01 CIFS Status on SFS_02
: ONLINE : ONLINE
Homedirfs : homefs Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal Trusted Domains : SYMANTECDOMAIN1 SYMANTECDOMAIN2 SYMANTECDOMAIN3
Allowing trusted domains access to CIF when setting an LDAP IDMAP backend to hash
To allow trusted domains access to CIF when setting an LDAP IDMAP backend to hash
268
To verify the CIFS server status when there are trusted domains, enter the following:
CIFS> server status CIFS Status on SFS_01 CIFS Status on SFS_02
: ONLINE : ONLINE
Homedirfs : homefs Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal Trusted Domains : SYMANTECDOMAIN1 SYMANTECDOMAIN2 SYMANTECDOMAIN3
About configuring Windows Active Directory as an LDAP IDMAP backend for FileStore for CIFS
The FileStore CIFS server requires equivalent UNIX identities for Windows accounts to service requests from Windows clients. In the case of trusted domains, FileStore has to store the mapped UNIX identities (IDMAP) in a centralized database that is accessible from each of the cluster nodes. Active Directory (AD), as with any LDAP V3 compliant directory service, can function as the backend for FileStore CIFS IDMAP backend storage. When the FileStore CIFS server joins a Windows Active Directory Domain as a member server, and you want to use LDAP as an IDMAP backend, then it is necessary to create an Active Directory application partition for the IDMAP database. To support the creation of an Active Directory application partition, Windows 2003 R2 and above version is required. Active Directory application partition provides the ability to control the scope of replication and allow the placement of replicas in a manner more suitable for dynamic data. As a result, the application directory partition provides the capability of hosting dynamic data in the Active Directory server, thus allowing ADSI/LDAP access to it.
269
By extending the AD schema with the necessary CIFS-schema extensions, and creating an AD application partition, it is possible to store CIFS IDMAP data entries in AD, using one or more domain controllers as IDMAP LDAP backend servers. Also, it is possible to replicate this information in a simple and controlled manner to a subset of AD domain controllers located either in the same domain or in different domains in the AD forest. Note: A single domain user account is used, for example, cifsuser for setting application partition Access Control List (ACL) settings. Make sure the selected user naming context has no space key inside (for example, CN=cifsuser1,CN=Users,DC=example,DC=com). A sample AD server is used, for example, adserver.example.com. Use relevant values when configuring your AD server.
1 2
Login with Schema Admins privileges on the Active Directory Forest Schema Master domain controller. Download ADCIFSSchema.zip from the FileStore server (/opt/VRTSnasgw/install/ADCIFSSchema.zip) with software such as WinSCP.exe. Unzip the file and open each .ldf file to perform a search and replace of the string dc=example,dc=com, replacing the string with the top-level domain component (that is, dc=yourdomain,dc=com) values for the AD forest. Install the schema extensions by executing the schemaupdate.bat file from the command prompt.
1 2 3 4
Execute regsvr32 schmmgmt.dll in a command prompt window to install the Active Directory Schema Snap-In on the AD server. Enter mmc in Run. On the File menu, click Add/Remove Snapin. In Available snap-ins, click Active Directory Schema, and then click Add.
270
5 6
Click OK. Click Attributes in the left frame, and try to find uidNumber and gidNumber in the right frame. Validate that the uidNumber and gidNumber attributes have no minimum or maximum value setting by viewing the properties of the attribute objects.
1 2 3
Open a command prompt window on the domain controller that will hold the first replica of the application partition. Enter ntdsutil in the command prompt window. At the ntdsutil command prompt, enter the following:
domain management
If you are using Windows 2008, change this command to the following:
partition management
271
At the domain management command prompt, enter the following such as:
create nc dc=idmap,dc=example,dc=com null
Example settings:
C:\>ntdsutil ntdsutil: domain management domain management: connection server connections: connect to server adserver.example.com Binding to adserver.example.com ... Connected to adserver.si2m.com using credentials of locally logged on user. server connections: quit domain management: create nc dc=idmap,dc=example,dc=com NULL adding object dc=idmap,dc=example,dc=com domain management: quit ntdsutil: quit Disconnecting from adserver.example.com...
272
Once the application partition has been created, open ADSIedit.msc fromRun, then right-click on ADSI Edit in the left frame, and click connect to ... to connect to the application partition using the settings as indicated:
Name Connection Point Enter Domain. Select or enter a Distinguished Name or Naming Context, as in: dc=idmap,dc=example,dc=com
Computer
273
Once connected, select the top-level application partition (for example, dc=idmap,dc=example,dc=com) node in the left panel, and right-click to select New then Object from the list, and then select SambaUnixIdPool.
10 Click Finish to complete the configuration. 11 Once the ou=cifsidmap,dc=idmap,dc=example,dc=com container has been
created, right-click the object, and select properties.
12 On the Security tab, click Add, and proceed to add the cifsuser user account,
and grant the account Read, Write, Create All Child Objects, and Delete All Child Objects permissions.
274
1 2
Log into the FileStore cluster CLI using the master account. Configure Network> ldap settings. Example settings:
Network> Network> Network> Network> Network> ldap ldap ldap ldap ldap set basedn dc=idmap,dc=example,dc=com set binddn cn=cifsuser,dc=example,dc=com set rootbinddn cn=cifsuser,cn=users,dc=example,dc=com set server adserver.example.com enable
1 2 3 4
Log into the FileStore cluster CLI using the master account. Set the domain, domaincontroller, and domainuser. Set security to ads. Set idmap_backend to ldap, and specify idmap OU as cifsidmap. Example settings:
CIFS> CIFS> CIFS> CIFS> CIFS> CIFS> set domain example.com set domainuser administrator set domaincontroller adserver.example.com set security ads set idmap_backend ldap cifsidmap server start
Start the CIFS server. The CIFS server will take some time to import all the users from the joined domain and trusted domain(s) to the application partition. Wait for at least ten minutes before trying to access the shares from Windows clients after starting the CIFS server. To validate that IDMAP entries are being entered correctly in the Active Directory application partition, connect to the Active Directory application partition using an LDAP administration tool, for example, LDP or ADSIEdit. Expand the IDMAP container (ou=cifsidmap). There should be numerous entries.
275
For example:
CIFS> set allow_trusted_domains yes Global option updated. Note: Restart the CIFS server.
For example:
CIFS> set allow_trusted_domains no Global option updated. Note: Restart the CIFS server.
276
ldap hash
Note: SID/RID are Microsoft Windows concepts that can be found at: http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx. The rid and hash values can be used in any of the following modes of operation:
rid is the default value for idmap_backend in all of these operational modes. The ldap value can be used if the AD domain mode is used.
277
set idmap_backend Configures FileStore to store information about users and groups rid locally. Trusted domains are allowed if allow_trusted_domains is set to yes. The uid_range is set to 10000-1000000 by default. Change the default range in cases where it is not appropriate to accommodate local FileStore cluster users, Active Directory, or trusted domain users. Do not attempt to modify LOW_RANGE_ID (10000) if user data has already been created or copied on the CIFS server. This may lead to data access denied issues since the UID changes. See Storing user and group accounts on page 278. set idmap_backend Allows you to obtain the unique SID to UID/GID mappings by the hash implemented hashing algorithm. Trusted domains are allowed if allow_trusted_domains is set to yes. The uid_range is set to 10000-1000000 by default. See Storing user and group accounts on page 278. set idmap_backend Configures FileStore to store information about users and groups in ldap a remote LDAP service. You can only use this command when FileStore is operating in the AD domain mode. The LDAP service can run on the domain controller or it can be external to the domain controller.
Note: For FileStore to use the LDAP service, the LDAP service must
include both RFC 2307 and proper schema extensions. See Configuring LDAP as an IDMAP backend using the FileStore CLI on page 274. This option tells the CIFS server to obtain SID to UID/GID mappings from a common LDAP backend. This option is compatible with multiple domain environments. So allow_trusted_domains can be set to yes. If idmap_backend is set to ldap, you must first configure the FileStore LDAP options using the Network> ldap commands. See About LDAP on page 151. See Storing user and group accounts on page 278.
278
Using Symantec FileStore as a CIFS server Storing user and group accounts
To store information about user and group accounts locally, enter the following:
CIFS> set idmap_backend rid [uid_range]
where uid_range represents the range of identifiers that are used by FileStore when mapping domain users and groups to local users and groups. The default range is 10000-1000000.
To make sure that you have first configured LDAP, enter the following:
Network> ldap show
To use the remote LDAP store for information about the user and group accounts, enter the following:
CIFS> set idmap_backend ldap [idmap_ou]
where idmap_ou represents the CIFS idmap Organizational Unit Name (OU) configured on the LDAP server, which is used by FileStore when mapping users and groups to local users and groups. The default value is cifsidmap.
Using Symantec FileStore as a CIFS server About reconfiguring the CIFS service
279
To store information about user and group accounts locally, enter the following:
CIFS> set idmap_backend hash [uid_range]
where the uid_range represents the range of identifiers that are used by FileStore. The default range is 10000-1000000.
Make sure that the server is not running. Set the domain user, domain, and domain controller. Start the CIFS server.
280
set domain
Changes the configuration option to reflect the values appropriate for the new domain. See Reconfiguring the CIFS service on page 280.
set domaincontroller
Changes the configuration option to reflect the values appropriate for the new domain. See Reconfiguring the CIFS service on page 280.
server start
Starts the server and causes it to leave the old domain and join the new Active Directory domain. You can only issue this command after you enter the CIFS> set security command. See Reconfiguring the CIFS service on page 280.
If the server is running, stop the server, and enter the following:
CIFS> server stop
To set the user name for the AD, enter the following:
CIFS> set domainuser username
where username is the name of an existing AD domain user who has permission to perform the join domain operation. For example:
CIFS> set domainuser administrator Global option updated. Note: Restart the CIFS server.
281
where domainname is the name of the domain. This command also sets the system workgroup. For example:
CIFS> set domain NEWDOMAIN.COM Global option updated. Note: Restart the CIFS server.
where servername is the AD server IP address or DNS name. For example, if the AD server SYMSERVER has an IP address of 172.16.113.118, you can specify one of the following:
CIFS> set domaincontroller 172.16.113.118 Global option updated. Note: Restart the CIFS server.
or
CIFS> set domaincontroller SYMSERVER Global option updated. Note: Restart the CIFS server.
If you use the AD server name, you must configure FileStore to use a DNS server that can resolve this name.
282
283
share add
Exports a file system with the given sharename or re-export new options to an existing share. The new options are updated after this command is run. This CIFS command, which creates and exports a share, takes as input the name of the file system which is being exported, the share name, and optional attributes. You can use the same command for a share that is already exported. You can do this if it is required to modify the attributes of the exported share. A file system used for storing users home directories cannot be exported as a CIFS share, and a file system that is exported as a CIFS share cannot be used for storing users' home directories. See Setting share properties on page 286.
share delete
Stops the associated file system from being exported. Any files and directories which may have been created in this file system remain intact; they are not deleted as a result of this operation. See Setting share properties on page 286.
share allow
Allows only the specified users and groups to access the share. If all is specified, then default access restrictions are restored on the share. By default, all users and groups are allowed to access the share. See Setting share properties on page 286.
share deny
Denies the specified users and groups access to the share. If all is specified, then all the users and groups are not able to access the share. By default, none of the users or groups are denied access to the share.
284
ro (Default)
Grants read-only permission to the exported share. Files cannot be created or modified. Another configuration option specifies if a user trying to establish a CIFS connection with the share must always provide the user name and password, or if they can connect without it. In this case, only restricted access to the share will be allowed. The same kind of access is allowed to anonymous or guest user accounts. This share option can have one of the following values, either guest or noguest. FileStore allows restricted access to the share when no user name or password is provided.
guest
noguest (Default)
FileStore always requires the user name and password for all of the connections to this share. All Windows Access Control Lists (ACLs) are supported except in the case when you attempt using the Windows Explorer folder Properties > Security GUI to inherit down to a non-empty directory hierarchy while denying all access to yourself. Some advanced Windows Access Control Lists (ACLs) functionality does not work. For example, if you try to create ACL rules on files saved in a CIFS share using Windows explorer while allowing some set of file access for user1 and denying file access for user2, this is not possible when CIFS shares are exported using no_full_acl. When a file system or directory is exported by CIFS, its mode is set to an fs_mode value. It is the UNIX access control set on a file system, and CIFS options like rw/ro do not take precedence over it. This value is reset to 0755 when the CIFS share is deleted. The default is: fs_mode = 1777.
full_acl
no_full_acl (Default)
fs_mode
285
create_mask
When a file is created under a file system or directory exported by CIFS, the necessary permissions are calculated by mapping DOS modes to UNIX permissions. The resulting UNIX mode is then bit-wise 'AND'ed with this parameter. Any bit not set here is removed from the modes set on a file when it is created. The default is: create_mask = 0744.
oplocks (Default)
FileStore supports the CIFS opportunistic locks. You can enable or disable them for a specific share. The opportunistic locks improve performance for some workloads, and there is a share configuration option which can be given one of the following values, either oplocks or nooplocks. FileStore supports opportunistic locks on the files in this share.
nooplocks
No opportunistic locks will be used for this share. Disable the oplocks when:
1) A file system is exported over both CIFS and NFS protocols. 2) Either CIFS or NFS protocol has read and write access.
owner
There are more share configuration options that can be used to specify the user and group who own the share. If you do not specify these options for a share, FileStore uses the current values as default values for these options. You may want to change the default values to allow a specific user or group to be the share owner. Irrespective of who are owner and group of the exported share, any CIFS clients can create folders and files in the share. However, there are some operations that require owner privileges; for example, changing the owner itself, and changing permissions of the top-level folder (that is, the root directory in UNIX terms). To enable these operations, you can set the owner option to a specific user name, and this user can perform the privileged operations.
286
ip
Note: ip is not a valid CIFS option when using the ctdb clustering
mode. See About ctdb clustering modes on page 309.
287
cifsoptions
For example, an existing file system called FSA being exported as a share called ABC:
CIFS> share add FSA ABC rw,guest,owner=john,group=abcdev
288
To display the information about all of the exported shares, enter the following:
CIFS> share show
For example:
CIFS> share show ShareName FileSystem share1 fs1
ShareOptions owner=root,group=root
To display the information about one specific share, enter the following:
CIFS> share show sharename
For example:
CIFS> share show share1 ShareName VIP Address share1 10.10.10.10
289
To allow specified users and groups access to the CIFS share, enter the following:
CIFS> share allow sharename @group1 [,@group2,user1,user2,...]
sharename
Name of the CIFS share for which you want to allow specified users and groups access. Names of the FileStore shares are case- sensitive and can consist of the following characters: lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-", cannot be used as the first character in a share name).
group
If the CIFS server joined a domain, and there is a space in the user or group name, the user or group name needs to be entered with double quotes (for example, "@domain users"). By default, all groups are allowed to access the shares. In the case where a CIFS share has joined a domain, and the domain contains trusted domains, and allow_trusted_domains is set to yes on the CIFS server, if you want to allow/deny users or groups from the trusted domains, the user or group needs to be prefixed with the trusted domain name. Separate the domain and user/group with a double backslash. For example: CIFS> share allow sharename "@domain name\\group name"
user
Name of the CIFS user allowed access to the CIFS share. By default, all users are allowed to access the shares.
If all is specified, then default access restrictions are restored on the CIFS share.
CIFS> share allow share1 user1,@group1 Warning: Modifying an already existing share. .........Done
290
To deny specified users and groups access to the CIFS share, enter the following:
CIFS> share deny sharename @group1[,@group2,user1,user2,...]
sharename
Name of the CIFS share for which you want to deny specified users and groups access. Names of the FileStore shares are case- sensitive and can consist of the following characters: lower and uppercase letters "a" - "z" and "A" - "Z," numbers "0" - "9" and special characters: "_" and "-". ( "-", cannot be used as the first character in a share name).
group
If the CIFS server joined a domain, and there is a space in the user or group name, the user or group name needs to be entered with double quotes (for example, "@domain users"). By default, all groups are allowed to access the shares. In the case where a CIFS share has joined a domain, and the domain contains trusted domains, and CIFS is set to trusted domains as true, if you want to allow/deny users or groups from the trusted domains, the user or group needs to be prefixed with the trusted domain name. Separate the domain and user/group with a double backslash. For example: CIFS> share deny sharename "@domain name\\user name"
user
Name of the CIFS user denied access to the CIFS share. By default, all users are allowed to access the shares.
If all is specified, then all the users and groups are not able to access the share.
CIFS> share deny share1 user1,@group1 Warning: Modifying an already existing share. .........Done
291
For example:
CIFS> share modify share1 ro Warning: Modifying an already existing share. Done
292
To modify an existing CIFS share with different CIFS options, enter the following:
CIFS> share show ShareName FileSystem share3 fs3 share4 fs4
The CIFS> share modify command overwrites the previous value for cifsoptions. See About the CIFS export options on page 284.
See Adding an NFS share on page 177. A client can access the CIFS snapshot by the CIFS share name, cf11sp1.
293
where sharename is the name of the share you want to delete. For example:
CIFS> share delete share1 Unexporting CIFS filesystem : share1 ..
ShareOptions owner=root,group=root
In the case of any remanent sessions (sessions that are not closed while deleting a CIFS share), FileStore displays the following output:
CIFS> share delete share2 Unexporting CIFS share : share2 ....Success. SFS cifs WARNING V-288-0 There are following remanent sessions. Clients may still access 'share4' unless the relevant processes are killed. Remanent Sessions pid nodename ----------------13966 sfsnode_01 14130 sfsnode_02
This is a rare situation, and it occurs if the following conditions are met:
CIFS server is online CIFS share that is being deleted is ONLINE There are some existing client connections with that CIFS share While deleting the share, some remanent sessions are left
If any condition is failed above, then the CIFS> share delete command output displays as usual.
CIFS> share delete share2 Unexporting CIFS share : share2 ....Success.
294
Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
2-node FileStore cluster Data access by CIFS protocol Data access by NFS protocol
Windows user
UNIX user
It is recommended that you disable the oplocks option when the following occurs:
A file system is exported over both the CIFS and NFS protocols. Either the CIFS and NFS protocol is set with read and write permission.
Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
295
See Setting share properties on page 286. Note: When a share is exported over both NFS and CIFS protocols, the applications running on the NFS and CIFS clients may attempt to concurrently read or write the same file. This may lead to unexpected results since the locking models used by these protocols are different. For example, an application reads stale data. For this reason, FileStore warns you when the share export is requested over NFS or CIFS and the same share has already been exported over CIFS or NFS, when at least one of these exports allows write access.
296
Using Symantec FileStore as a CIFS server Sharing file systems using CIFS and NFS protocols
To export a file system to Windows and UNIX users with read-only permission, go to CIFS mode, and enter the following commands:
CIFS> show Name ---netbios name netbios aliases ntlm auth allow trusted domains homedirfs aio size idmap backend workgroup security Domain Domain user Domain Controller Clustering Mode Value ----mycluster yes no 1024 rid:10000-1000000 SYMANTECDOMAIN ads SYMANTECDOMAIN.COM administrator SYMSERVER normal
CIFS> share add fs1 share1 rw SFS cifs WARNING V-288-0 Filesystem (fs1) is already shared over NFS with 'ro' permission. Do you want to proceed (y/n): y Exporting CIFS filesystem : share1 .. CIFS> share show ShareName share1
FileSystem fs1
ShareOptions owner=root,group=root,rw
When the file system in CIFS is set to homedirfs, the FileStore software assumes that the file system is exported to CIFS users in read and write mode. FileStore does not allow you to export the same file system as an CIFS share and a home
Using Symantec FileStore as a CIFS server About mapping user names for CIFS/NFS sharing
297
directory file system (homedirfs). For example, if the file system fs1 is already exported as a CIFS share, then you cannot set it as homedirfs. To export a file system set as homedirfs
To request that a file system be used for home directories, you need to export the file system. Go to the CIFS mode and enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1 fs1 owner=root,group=root,rw CIFS> set homedirfs fs1 SFS cifs ERROR V-288-615 Filesystem (fs1) is already exported by another CIFS share.
CIFS and NFS sharing by mapping CIFS users to NFS users File sharing among CIFS users by mapping multiple CIFS users to a single UNIX user Mapping between two UNIX users by using the CIFS> mapuser add <CIFSusername> LOCAL <NFSusername> command, where both the CIFS user and the NFS user are UNIX users
User name mapping is stored in a configuration file. When user name mapping takes place is dependent on the current security configurations. If security is set to user, mapping is done prior to authentication, and a password must be provided for the mapped user name. For example, if there is a mapping between the users CIFSuser1 and NFSuser1. If CIFSuser1 wants to connect to the FileStore server, then CIFSuser1 needs to provide a password for NFSuser1. In this case, NFSuser1 must be the CIFS local user. If security is set to either ads or domain, user name mapping is done after authentication with the domain controller. This means, the actual password must be supplied for the login user CIFSuser1 in the example cited above. In this case, NFSuser1 may not be the CIFS local user.
298
Using Symantec FileStore as a CIFS server About load balancing for the normal clustering mode
For example, to show the mapping between a CIFS user and an NFS user:
CIFS> mapuser show CIFSUserName DomainName NFSUserName CIFSuser1 SYMANTECDOMAIN NFSuser1
For example, to remove the mapping between a CIFS user and an NFS user:
CIFS> mapuser remove CIFSuser1 SYMANTECDOMAIN.COM
The domain you specify for CIFS user name mapping must be the netbios domain name (instead of the Active Directory DNS domain name) for the user. For example, a netbios domain name might be listed as SYMANTECDOMAIN instead of SYMANTECDOMAIN.COM (without the .com extension). To determine the netbios domain name, login to your Active Directory Server and type the following in a command window:
set | findstr DOMAIN
Use the value of USERDOMAIN (the netbios domain name) when you map user names. Note: When setting quotas on home directories and using user name mapping, make sure to set the quota on the home directory using the user name to which the original name is mapped.
Note: For mapped Active Directory users to access their home directory CIFS shares, use the following convention: \\filestore\realADuser instead of \\filestore\homes.
Using Symantec FileStore as a CIFS server About load balancing for the normal clustering mode
299
concurrently perform file operations. All of the file systems are mounted on every node. The exported shares are also exported from every node. The following restriction exists for normal clustering mode: only one node at a time can perform file operations on a single share in normal clustering mode. The decision which node is currently allowed to perform the file operations for a specific share is made by the FileStore software and is transparent to the CIFS users. Other issues pertaining to normal clustering mode:
There is a tie up between a virtual IP address and a share. If a virtual IP address that is serving a share is deleted, then the virtual IP address is needed to reschedule that share on another virtual IP address. You can only export the root file system in normal clustering mode. A file system cannot be exported as a different share. Load balancing is provided at the directory level by using the CIFS> split command.
When a CIFS share is accessed by a node that is not the owner of that share, FileStore transparently redirects the access to the node that is the owner of that share. So, all of the processing for a CIFS share is performed by the node that is designated as the owner of that share. If the FileStore work load is found to be too high on a node that owns a share, you can "split" the share by using the CIFS> split command. By splitting a share:
Each share's top-level directories is treated as a single share. Each top-level directory becomes like a root of a new share and only one node at a time can perform the file operations on this new share. The ownership of different top-level directories is assigned to different nodes in the FileStore cluster, balancing the CIFS-related workload.
Caution: You cannot specify which node owns the split share. If the node getting the ownership already has a heavy load, the new load distribution may worsen your situation. Use the CIFS> share show command to view which virtual IP address is assigned to a share. Use the Network> ip addr show command to view which node is assigned a virtual IP address. This shows which node is the current owner of the exported CIFS shares.
300
Using Symantec FileStore as a CIFS server About load balancing for the ctdb clustering mode
You cannot split a sharename more than once. You cannot delete the subdirectory share of a split share. You cannot undo the effects of the CIFS> split command.
301
DirName
For example:
CIFS> split share1 Splitting share splitshare : .........Success.
To display the list of all of the CIFS shares, enter the following command. The output, the asterisk and the word split indicate that a share is split.
CIFS> share show ShareName FileSystem share1* fs3 share2 fs2 share3 fs3
302
To create a new top-level directory in a split CIFS share, enter the following command. To create a new top-level directory called newdir in an already split share called share1, enter the following:
CIFS> split share1 newdir Creating directory: newdir Success: Directory 'newdir' created
homedir quota
Enables use of quotas on home directory file systems. See Using quotas for CIFS home directories on page 98.
homedir set
Sets the home directory for the specified user. If the home directory does not exist for the specified user, this command creates that user's home directory. See Setting up home directories on page 305.
homedir show
Displays information about home directories. See Displaying home directory usage information on page 307.
303
homedir deleteall
Deletes the home directories. See Deleting home directories and disabling creation of home directories on page 308.
304
To reserve one or more file systems for home directories, enter the following:
CIFS> set homedirfs [filesystemlist]
where filesystemlist is a comma-separated list of names of the file systems which are used for the home directories. For example:
CIFS> set homedirfs fs1,fs2,fs3 Global option updated. Note: Restart the CIFS server.
If you want to remove the file systems you previously set up, enter the command again, without any file systems:
CIFS> set homedirfs
To find which file systems (if any) are currently used for home directories, enter the following:
CIFS> show
After you select one or more of the file systems to be used in this way, you cannot export the same file systems as ordinary CIFS shares. If you want to change the current selection, for example, to add an additional file system to the list of home directory file systems or to specify that no file system should be used for home directories, you have to use the same CIFS> set homedirfs command. In each case you must enter the entire new list of home directory file systems, which may be an empty list when no home directory file systems are required. FileStore treats home directories differently from ordinary shares. The differences are as follows:
An ordinary share is used to export a file system, while a number of home directories can be stored in a single file system. The file systems used for home directories cannot be exported as ordinary shares. The CIFS> split command can be used for an ordinary share but not for a home directory share. Exporting a home directory share is done differently than exporting ordinary share. Also, removing these two kinds of shares is done differently.
305
The configuration options you specify for an ordinary share (such as read-only or use of opportunistic locks) are different from the ones you specify for a home directory share.
306
To set the home directory for the specified user, enter the following:
CIFS> homedir set username [domainname] username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example: CIFS> homedir set "test user" SYMANTECDOMAIN
domainname
To find the current settings for a home directory, enter the following:
CIFS> homedir show [username] [domainname] username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example: CIFS> homedir show "test user" SYMANTECDOMAIN UserName DomainName Usage test user SYMANTECDOMAIN 0
domainname
The Active Directory/Windows NT domain name or specify local for the FileStore local user local.
307
To find the current settings for all home directories, enter the following:
CIFS> homedir show
When you connect to your home directory for the first time, and if the home directory has not already been created, FileStore selects one of the available home directory file systems and creates the home directory there. The file system is selected in a way that tries to keep the number of home directories balanced across all available home directory file systems. The automatic creation of a home directory does not require any commands, and is transparent to both the users and the FileStore administrators. The quota limits the amount of disk space you can allocate for the files in a home directory. You can set the same quota value for all home directories using the Storage> quota cifshomedir setall command. See Using quotas for CIFS home directories on page 98.
308
To display information about a specific user's home directory, enter the following:
CIFS> homedir show [username] [domainname] username The name of the CIFS user. If a CIFS user name includes a space, enter the user name with double quotes. For example: CIFS> homedir show "test user" SYMANTECDOMAIN UserName DomainName Filesystem Usage test user SYMANTECDOMAIN /vx/fs3 0
domainname
Click on the Save button which saves the file to a new home directory.
309
You can delete all of the home directory shares with the CIFS> homedir deleteall command. This also deletes all files and subdirectories in these shares. After you delete the existing home directories, you can again create the home directories manually or automatically. To delete the home directories
Respond with y(es) or n(o) to confirm the deletion. After you delete the home directories, you can stop FileStore serving home directories by using the CIFS> set homedirfs command. To disable creation of home directories
To specify that there are no home directory file systems, enter the following:
CIFS> set homedirfs
Normal Clustered Trivial Database (CTDB) - a cluster implementation of the TDB (Trivial database) based on the Berkeley database API
310
Each clustering mode supports all of the three operating modes. The ctdb clustering mode is a different clustered implementation of FileStore CIFS, which supports almost all of the features that are supported by normal clustering mode as well as some additional features. Additional features supported in ctdb clustering mode:
Directory-level share support Multi-instance share export of a file system/directory Simultaneous access of a share from multiple nodes and therefore better load balancing
311
To check the status of the CIFS server to confirm that the clustering mode is set to ctdb
To check the status of the CIFS server to confirm that the clustering mode is set to ctdb, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb
If the directory name contains a space, enter the directory name with double quotes (" "). For example:
CIFS> share add "fs1/Symantec FileStore" share2 rw Exporting CIFS filesystem : share2 ..Success.
312
Using Symantec FileStore as a CIFS server Exporting the same file system/directory as a different CIFS share
Note: This feature is only supported in the ctdb clustering mode. To export a directory with read access to everyone, but write access to the limited set of users who need to be authenticated
To export a directory with read access to everyone, but write access to the limited set of users who need to be authenticated, enter the following:
CIFS> share add "fs1/Symantec FileStore" share1 rw,noguest Exporting CIFS filesystem : share1 ..Success. CIFS> share add "fs1/Symantec FileStore" share2 ro,guest Exporting CIFS filesystem : share21 ..Success. CIFS> share show ShareName FileSystem ShareOptions share1 fs1/FileStore owner=root,group=root,fs_mode=755,rw,noguest share2 fs1/FileStore owner=root,group=root,fs_mode=755,ro,guest
The above example illustrates that the same directory is exported as a different CIFS share for guest and noquest users with different sets of permissions.
Using Symantec FileStore as a CIFS server About switching the clustering mode
313
To check the status of the CIFS server prior to switching from normal to ctdb clustering mode, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
314
Using Symantec FileStore as a CIFS server About switching the clustering mode
Using Symantec FileStore as a CIFS server About switching the clustering mode
315
316
Using Symantec FileStore as a CIFS server About switching the clustering mode
To check the status of the CIFS server prior to switching from ctdb to normal clustering mode, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
317
318
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
migrate directory-level shares in the normal clustering mode, because directory-level sharing is not supported in normal clustering mode. Automatic migration of the content of users (that is, users' home directories) from one file system to another file system while switching home directories is not supported. So, if a FileStore administrator changes home directories from fs1 to fs2, then users' home directories are not migrated from fs1 to fs2 automatically. While migrating from normal to ctdb clustering mode, a simple share is created for each split share, because splitting shares is not supported in ctdb clustering mode. See Migrating CIFS shares and home directories from normal to ctdb clustering mode on page 319. See Migrating CIFS shares and home directories from ctdb to normal clustering mode on page 321.
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
319
Migrating CIFS shares and home directories from normal to ctdb clustering mode
To migrate CIFS shares and home directories from normal to ctdb clustering mode
To check the CIFS server status to confirm that the current cluster mode is set to normal, enter the following:
CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : normal
To list the CIFS shares and home directories, enter the following:
CIFS> share show ShareName FileSystem ShareOptions share1* fs1 split,owner=root,group=root,fs_mode=1777, rw,full_acl share3 share4 fs3 fs4 owner=root,group=root,fs_mode=1777 owner=root,group=root,fs_mode=1777,rw
Usage -
To stop the CIFS server before changing the clustering mode to ctdb, enter the following:
CIFS> server stop Stopping CIFS Server.....Success. CIFS> set clustering_mode ctdb Global option updated. Note: Restart the CIFS server.
320
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
To start the CIFS server in ctdb clustering mode and check the CIFS server status, enter the following:
CIFS> server start Disabling membership in AD domain SYMANTECDOMAIN.COM Enter a password for user `administrator' Left AD domain SYMANTECDOMAIN.COM Uninstalling `normal' Clustering Mode........Success. Installing `ctdb' Clustering Mode........Success. Starting CIFS Server.... The skew of the system clock with respect to Domain controller sfsqa_ad.sfsqa.com (10.209.110.210) is: 9 seconds Time on Domain Controller : Thu Aug 19 17:07:19 2010 Time on this system : Thu Aug 19 17:07:10 IST 2010 If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Enter a password for user `administrator' Joined domain SYMANTECDOMAIN.COM OK ..Success. CIFS> server status CIFS Status on ctdb_01 : ONLINE CIFS Status on ctdb_02 : ONLINE Homedirfs : fs1 Security : ads Domain membership status : Enabled Domain : SYMANTECDOMAIN.COM Workgroup : SYMANTECDOMAIN Domain Controller : SYMSERVER Domain User : administrator Clustering Mode : ctdb
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
321
To verify that all the CIFS shares and home directories are properly migrated to the ctdb clustering mode, enter the following:
CIFS> share show ShareName FileSystem share1 fs1 share3 fs3 share4 fs4
Usage -
Migrating CIFS shares and home directories from ctdb to normal clustering mode
If a file system is exported as multiple CIFS shares in ctdb clustering mode, then while migrating to normal clustering mode, FileStore creates only one CIFS share, whichever comes first in the list.
322
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
To migrate a CIFS share and home directory from ctdb to normal clustering mode
To list the CIFS shares and home directories, enter the following:
CIFS> share show ShareName FileSystem share1 fs1/FileStore share2 fs1/FileStore share3 fs3 share4 fs4 CIFS> homedir show UserName test administrator DomainName Local SYMANTECDOMAIN Usage -
To stop the CIFS server to switch the clustering mode to normal, enter the following:
CIFS> server stop Disabling membership in AD domain SYMANTECDOMAIN.COM Enter password for user `administrator': Left AD domain SYMANTECDOMAIN.COM Stopping CIFS Server ......Success. CIFS> set clustering_mode normal Global option updated. Note: Restart the CIFS server.
Using Symantec FileStore as a CIFS server About migrating CIFS shares and home directories
323
To start the CIFS server in normal clustering mode, enter the following:
CIFS> server start Uninstalling `ctdb' Clustering Mode.........Success. Installing `normal' Clustering Mode.........Success. The skew of the system clock with respect to Domain controller SYMSERVER (10.209.110.210) is: 9 seconds Time on Domain Controller : Thu Aug 19 16:54:03 2010 Time on this system : Thu Aug 19 16:53:54 IST 2010 If the above clock skew is greater than that allowed by the server, then the system won't be able to join the AD domain Trying to become a member in AD domain SYMANTECDOMAIN.COM ... Enter a password for user `administrator' Joined domain SYMANTECDOMAIN.COM OK SFS cifs WARNING V-288-0 Migration of following shares are not supported in normal clustering mode Clustering mode Sharename FS Name share1 fs1/Symantec FileStore share2 fs1/Symantec FileStore Starting CIFS Server......Success.
The warning message indicates that FileStore was unable to migrate the directory-level share to normal clustering mode. The rest of the CIFS share and home directory were migrated.
To list the CIFS shares and home directories after migrating to normal clustering mode, enter the following:
CIFS> share show ShareName FileSystem share3 fs3 share4 fs4
Usage -
324
where size is the AIO read/write size. If size is not set to 0, then enable the aio_fork option, and set it as an AIO read/write size. If size is set to 0, then disable the aio_fork option, and set 0 to an AIO read/write size. For example:
CIFS> set aio_size set aio_size <size> --set aio_fork read/write size. size : Unsigned integer or 0 to disable aio
CIFS> set aio_size 0 Global option updated. Note: Restart the CIFS server. CIFS> set aio_size 1024 Global option updated. Note: Restart the CIFS server.
Using Symantec FileStore as a CIFS server Setting the netbios aliases for the CIFS server
325
To set the netbios aliases for the CIFS server, enter the following:
CIFS> set alias [aliaslist]
where aliaslist is either empty (no netbios alias was specified) or a comma-separated list of netbios alias names. After setting the netbios alias names, you can access the CIFS server by using these alias names. For example, if you want to set an empty alias, you would enter the following:
CIFS> set alias Global option updated. Note: Restart the CIFS server.
For example, if you want to set one or multiple netbios alias names, you would enter the following:
CIFS> set alias A1,A2,A3 Global option updated. Note: Restart the CIFS server. CIFS> show Name ---netbios name netbios aliases ntlm auth allow trusted domains homedirfs aio size idmap backend workgroup security Domain Domain user Domain Controller Clustering Mode Value ----sfs4 A1 A2 A3 yes no fs1,fs3 0 rid:10000-1000000 SYMANTECDOMAIN ads SYMANTECDOMAIN.COM administrator SYMSERVER ctdb
326
Using Symantec FileStore as a CIFS server About managing local users and groups
local password
The default password for a newly-created account is the same as the user name. You can change the default password using the CIFS> local password command. The maximum password length is eight characters. See Creating a local CIFS user on page 327.
Deletes local user accounts. See Creating a local CIFS user on page 327.
Displays the user ID and lists the groups to which the user belongs. If you do not enter an optional username, the command lists all CIFS existing users. See Creating a local CIFS user on page 327.
Adds a user to one or more groups. For existing users, this command changes a user's group membership. See Creating a local CIFS user on page 327.
Using Symantec FileStore as a CIFS server About managing local users and groups
327
where username is the name of the user. The grouplist is a comma-separated list of group names. For example:
CIFS> local user add usr1 grp1,grp2 Adding USER : usr1 Success: User usr1 created successfully
where username is the name of the user whose password you are changing. For example, to reset the local user password for usr1, enter the following:
CIFS> local password usr1 Changing password for usr1 New password:***** Re-enter new password:***** Password changed for user: 'usr1'
328
Using Symantec FileStore as a CIFS server About managing local users and groups
where username is the name of the user. For example, to list all local users:
CIFS> local user show List of Users ------------usr1 usr2 usr3
where username is the name of the local user you want to delete. For example:
CIFS> local user delete usr1 Deleting User: usr1 Success: User usr1 deleted successfully
Using Symantec FileStore as a CIFS server About managing local users and groups
329
where username is the local user name being added to the grouplist. Group names in the grouplist must be separated by commas. For example:
CIFS> local user members usr3 grp1,grp2 Success: usr3's group modified successfully
Displays the list of available local groups you created. See Configuring a local group on page 330.
local group delete Deletes a local CIFS group. See Configuring a local group on page 330.
330
Using Symantec FileStore as a CIFS server About managing local users and groups
where groupname lists all of the users that belong to that specific group. For example:
CIFS> local group show List of groups ------------grp1 grp2 grp3
For example:
CIFS> local group show grp1 GroupName UsersList ----------------grp1 usr1, usr2, usr3, urs4
Using Symantec FileStore as a CIFS server About managing local users and groups
331
where groupname is the name of the local CIFS group. For example:
CIFS> local group delete grp1 Deleting Group: grp1 Success: Group grp1 deleted successfully
332
Using Symantec FileStore as a CIFS server About managing local users and groups
Chapter
10
About FTP Displaying FTP server About FTP server commands Using the FTP server commands About FTP set commands Using the FTP set commands Implementing all of the FTP> set command changes About FTP session commands Using the FTP session commands Using the FTP logupload command About FTP local user commands Using the FTP local user commands About FTP local user set commands Using the FTP local user set commands
About FTP
The File Transfer Protocol (FTP) server feature allows clients to access files on the FileStore servers using the FTP protocol. The FTP service provides secure/non-secure access via FTP to files in the FileStore servers. The FTP service runs on all of the nodes in the cluster and provides simultaneous read/write access
334
to the files. The FTP service also provides configurable anonymous access to the filer. The FTP commands are used to configure the FTP server. By default, the FTP server is not running. You can start the FTP server using the FTP> server start command. The FTP server starts on the standard FTP port 21. FTP mode commands are listed in Table 10-1. To access the commands, log into the administrative console (master, system-admin, or storage-admin) and enter FTP> mode. See About using the FileStore command-line interface on page 33. Table 10-1 Command
show
server
Starts, stops, and displays the status of the FTP server. See About FTP server commands on page 335.
set
Configures the FTP server. See About FTP set commands on page 337.
session
Displays and terminates the FTP sessions. See About FTP session commands on page 346.
logupload
Uploads the FTP logs to a URL. See Using the FTP logupload command on page 348.
local
Adds, deletes and displays local user accounts. Configures local user settings. See About FTP local user commands on page 348.
335
server start
Starts the FTP server on all nodes. If the FTP server is already started, the FileStore software clears any faults and tries to start the FTP server. See Using the FTP server commands on page 336.
336
337
set anonymous_login_dir
Specifies the login directory for anonymous users. Valid values of this parameter start with /vx/. Make sure that the anonymous user (UID:40 GID:49 UNAME:ftp) has the appropriate permissions to read files in login_directory. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
set anonymous_write
Specifies whether or not anonymous users have the [write] value in their login_directory. Enter yes to allow anonymous users to modify contents of their login_directory. Enter no (default) to not allow anonymous users to modify the contents of their login_directory. Make sure that the anonymous user (UID:40 GID:49 UNAME:ftp) has the appropriate permissions to modify files in their login_directory. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
338
set allow_non_ssl
Specifies whether or not to allow non-secure (plain-text) logins into the FTP server. Enter yes (default) to allow non-secure (plain-text) logins to succeed. Enter no to allow non-secure (plain-text) logins to fail. For the changes to take effect you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
set homedir_path
Specifies the location of the login directory for users. Valid values include any path that starts with /vx/. For the changes to take effect you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
set idle_timeout
Specifies the amount of time in minutes after which an idle connection is disconnected. Valid values for time_in_minutes range from 1 to 600 (default value is 15 minutes). For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
339
set max_connections
Specifies the maximum number of simultaneous FTP clients allowed. Valid values for this parameter range from 1-9999. The default value is 2000. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
set max_conn_per_client
Specifies the maximum number of simultaneous FTP connections allowed from a single client IP address. Valid values for this parameter range from 1-9999. The default value is 2000. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
set passive_port_range
Specifies the range of port numbers to listen on for passive FTP transfers. The port_range defines a range specified as startingport:endingport. A port_range of 30000:40000 specifies that port numbers starting from 30000 to 40000 can be used for passive FTP. Valid values for port numbers range from 30000 to 50000. The default value of this option is 30000:40000. For the changes to take effect, you need to restart the FTP server. Enter FTP> server stop followed by FTP> server start. See Using the FTP set commands on page 341.
340
341
You need to stop and then start the server for the new setting to take affect.
FTP> set anonymous_logon FTP> show Parameter --------listen_port max_connections max_conn_per_client passive_port_range allow_non_ssl idle_timeout anonymous_logon anonymous_write ... FTP> server stop FTP> server start FTP> show Parameter --------listen_port max_connections max_conn_per_client passive_port_range allow_non_ssl idle_timeout anonymous_logon anonymous_write ... yes Current Value ------------21 2000 2000 30000:40000 yes 15 minutes no no New Value ---------
yes
342
where the login_directory is the login directory of the anonymous users on the FTP server. To set anonymous write access
no (default)
To set whether or not to allow users to delete files on the FTP server, enter the following:
FTP> set allow_delete yes|no yes (default) Allows users to delete files on the FTP server. This setting does not apply to anonymous logins. Anonymous logins are never allowed to delete files. Prevents users from deleting files on the FTP server.
no
To set non-secure login access to the FTP server, enter the following:
FTP> set allow_non_ssl yes|no yes (default) no Allows non-secure (plain-text) logins to succeed. Allows non-secure (plain-text) logins to fail.
343
To set the location of the login directory for users, enter the following:
FTP> set homedir_path path
where path is the location of the login directory. Valid values include any path that starts with /vx/.
FTP> set homedir_path /vx/home
To set the amount of time a connection can stay idle before disconnecting, enter the following:
FTP> set idle_timeout time_in_minutes
where time_in_minutes is the amount of time you want the connection to stay idle before disconnecting.
FTP> set idle_timeout 30
To set the port number on which the FTP service listens for connections, enter the following:
FTP> set listen_port port_number
where port_number is the port on which the FTP service listens for connections.
FTP> set listen_port 24
To set the maximum number of allowed simultaneous FTP clients, enter the following:
FTP> set max_connections connections_number
where connections_number is the number of concurrent FTP connections allowed on the FTP server.
FTP> set max_connections 3000
344
To set the maximum number of simultaneous FTP connections allowed from a single client IP address, enter the following:
FTP> set max_conn_per_client connections_number
where connections_number is the number of concurrent connections allowed from a single client.
FTP> set max_conn_per_client 1000
To set the range of port numbers to listen on for passive FTP transfers, enter the following:
FTP> set passive_port_range port_range
where port_range is the range of port numbers to listen on for passive FTP transfers.
FTP> set passive_port_range 35000:45000
To set security
To set the type of users allowed to log in to the FTP server, enter the following:
FTP> set security nis_ldap|local nis_ldap Allows users with accounts configured on NIS or LDAP servers to log in to the FTP server. Allows users with accounts configured with the FTP> local user add command to log in to the FTP server.
local
Configuring your FTP server Implementing all of the FTP> set command changes
345
To view all of the FTP> set command changes, enter the following:
FTP> show Parameter --------listen_port max_connections max_conn_per_client passive_port_range allow_non_ssl idle_timeout anonymous_logon anonymous_write anonymous_login_dir user_logon homedir_path allow_delete security
Current Value ------------21 2000 2000 30000:40000 yes 15 minutes no no /vx/ no /vx/ no nis_ldap
New Value --------24 3000 1500 35000:45000 no 30 minutes yes yes /vx/anon/ yes /vx/usr yes local
24 3000 1500 35000:45000 no 30 minutes yes yes /vx/anon/ yes /vx/usr yes local
346
session showdetail Displays the details of each session that matches the filter_options criteria. If no filter_options are specified, all sessions are displayed. If multiple filter options are provided then sessions matching all of the filter options are displayed. Filter options can be combined by using ','. The details displayed include: Session ID, User, Client IP, Server IP, State (UL for uploading; DL for downloading, or IDLE), and File (the name of the files that appear are either being uploaded or downloaded). If an '?' appears under User, the session is not yet authenticated. See Using the FTP session commands on page 346. session terminate Terminates the session entered for the session_id variable. What you enter is the same session displayed under Session ID with the FTP> session showdetail command. See Using the FTP session commands on page 346.
347
where filter_options display the details of the sessions under specific headings. Filter options can be combined by using ','. If multiple filter options are used, sessions matching all of the filter options are displayed. For example, to display all of the session details, enter the following:
FTP> session showdetail Session ID User Client IP ---------- -----------sfs_01.1111 user1 10.209.105.219 sfs_01.1112 user2 10.209.106.11 sfs_02.1113 user3 10.209.107.21 sfs_01.1117 user4 10.209.105.219 sfs_02.1118 user1 10.209.105.219 sfs_01.1121 user5 10.209.111.219
File ----
file123 file345
For example, to display the details of the current FTP sessions to the Server IP (10.209.105.112), originating from the Client IP (10.209.107.21), enter the following:
FTP> session showdetail server_ip=10.209.105.112, client_ip=10.209.107.21 Session ID User Client IP Server IP ---------- ---sfs_02.1113 user3 --------10.209.107.21 --------10.209.105.112
State ----IDLE
File ----
To terminate one of the FTP sessions displayed in the FTP> session showdetail command, enter the following:
FTP> session terminate session_id
where session_id is the unique identifier for each FTP session displayed in the FTP> session showdetail output.
FTP> session terminate sfs_02.1113 Session sfs_02.1113 terminated
348
To upload the FTP server logs to a specified URL, enter the following:
FTP> logupload url [nodename] url The URL where the FTP logs will be uploaded. The URL supports both FTP and SCP (secure copy protocol). If a nodename is specified, only the logs from that node are uploaded. The default name for the uploaded file is ftp_log.tar.gz. Passwords added directly to the URL are not supported. nodename The node on which the operation occurs. Enter the value all for the operation to occur on all of the nodes in the cluster. Use the password you already set up on the node to which you are uploading the logs.
password
For example, to upload the logs from all of the nodes to an SCP-based URL:
FTP> logupload scp://user@host:/path/to/directory all Password: Collecting FTP logs, please wait..... Uploading the logs to scp://root@host:/path/to/directory, please wait...done
349
When you add a local user account, the user's home directory is created automatically on the FTP server. User home directories on the FTP server are specified by path/username where path is the home directory path configured by the FTP > set homedir_path command. Table 10-5 Command
local user add
Changes the password for a local user account on the FTP server. See Using the FTP local user commands on page 350. Removes a local user account from the FTP server. See Using the FTP local user commands on page 350.
Shows a list of local user accounts and associated information. See Using the FTP local user commands on page 350.
350
Configuring your FTP server Using the FTP local user commands
where username is the name of the user whose account you want to add.
2 3
When the password prompt appears, enter a password for the local user. Type the password again for verification. For example:
FTP > local user add user1 Input password for user1. Enter password: Re-enter password: Success.
When you add a local user, a home directory for the local user is created based on the username of the account and the home directory path specified for users. For example, /vx/home/user1. All users are limited to their home directories and are not allowed to access files on the FTP server beyond their home directories. To change a password for a local user
where username is the name of the user whose password you want to change.
When the password prompt appears, enter a new password, then type the password again for verification. For example:
FTP > local user passwd user1 Enter password: Re-enter password: Success.
Configuring your FTP server About FTP local user set commands
351
where username is the name of the user whose account you want to delete. For example:
FTP > local user delete user1 Success.
When you delete a local user account, the local user's home directory is not deleted. To show local user accounts
To show local user accounts (and account settings) configured on the FTP server, enter the following:
FTP> local user show USER HOMEDIR ---------localftp1 /localftp1 localftp2 /localftp2 localftp3 /test/asfta localftp4 /localftp4 test /test test2 /test2
MAX_FILES --------1000 -
Upload bandwidth Download bandwidth Number of files and directories in a home directory The amount of disk space available for files in a home directory Number of simultaneous connections
To configure limits for these options, use the FTP> user local set commands.
352
Configuring your FTP server About FTP local user set commands
You can also use the FTP> local user set command specify home directories for local users accounts. Local user changes are effective immediately for new connections. You do not need to restart the FTP server. Table 10-6 Command
set upload_bandwidth
set download_bandwidth
Specifies the maximum download bandwidth (in MB/second) for a local user account on the FTP server. By default, there is no limit on the download bandwidth for local users. See Using the FTP local user set commands on page 353.
set max_files
Specifies the maximum number of files and directories for a local user account on the FTP server. By default, there is no limit on the upload bandwidth for local users. See Using the FTP local user set commands on page 353.
set max_usage
Specifies the maximum amount of disk space available in a local user home directory. By default, there is no limit to the amount of disk space local users can have for their home directories. Values can be specified as M (megabytes), G (gigabytes) or T (terabytes). For example, 200G. See Using the FTP local user set commands on page 353.
set max_connections
Specifies the maximum number of simultaneous connections a local user can have to each node in the cluster. By default there is no limit to the number of connections a local user can have to the FTP server. See Using the FTP local user set commands on page 353.
Configuring your FTP server Using the FTP local user set commands
353
354
Configuring your FTP server Using the FTP local user set commands
To show the current settings for local user accounts, enter the following:
FTP> local user show USER HOMEDIR ---------localftp1 /localftp1 localftp2 /localftp2 localftp3 /test/asfta localftp4 /localftp4 test /test test2 /test2
MAX_FILES --------1000 -
To set the maximum upload bandwidth for a local user account, enter the following:
FTP> local user set upload_bandwidth username max_value username max_value Specifies the name of a user account. Specifies the maximum upload bandwidth value (measured in MB/second) for the user's account.
For example:
FTP > local user set upload_bandwidth user2 40000 Success.
Configuring your FTP server Using the FTP local user set commands
355
To set the maximum download bandwidth for a local user account, enter the following:
FTP> local user set download_bandwidth username max_value username max_value Specifies the name of a user account. Specifies the maximum download bandwidth value (measured in MB/second) for the user's account.
For example:
FTP > local user set download_bandwidth user2 80000 Success.
To set the maximum number of files and directories for a local user account, enter the following:
FTP> local user set max_files username number username max_value Specifies the name of a user account. Specifies the maximum number of files and directories allowed in the user's home directory.
For example:
FTP> local user set max_files user2 5000 Success.
356
Configuring your FTP server Using the FTP local user set commands
To set the maximum amount of disk space allowed for a local user account, enter the following:
FTP> local user set max_usage username number username number Specifies the name of a user account. Specifies the maximum amount of disk space available for files stored in the user's home directory. Values can be specified as M (megabytes), G (gigabytes), or T (terabytes). For example, 200G.
For example:
FTP> local user set max_usage user2 10T Success.
To set the maximum number of simultaneous connections a local user can have to the FTP server, enter the following:
FTP> local user set max_connections username number username number Specifies the name of a user account. Specifies the maximum number of simultaneous connects a user can have to the FTP server.
For example:
FTP> local user set max_connections user2 1000 Success.
Configuring your FTP server Using the FTP local user set commands
357
To set the home directory for a local user account, enter the following:
FTP> local user set homedir username dir_name username dir_name Specifies that name of a user account. Specifies the name of the home directory for the local user account.
For example:
FTP> local user set homedir user2 home Success.
The home directory you configure for a local user account is created relative to the home directory path configured by the FTP> set homedir_path command. Changes to this value are applicable for any new connections. Configuring a new home directory location does not migrate any existing data in a local user's current home directory to the new home directory.
358
Configuring your FTP server Using the FTP local user set commands
Chapter
11
About configuring your HTTP server for accessing FileStore data About using the HTTP server commands About HTTP set commands About HTTP alias commands About HTTP document root mapping commands
360
Configuring your HTTP server About using the HTTP server commands
server stop
Stops any existing HTTP sessions. See Stopping the HTTP server on page 361.
server status
Displays the status for the HTTP server. See Displaying the status for the HTTP server on page 361.
For example:
HTTP> server start Success.
361
For example:
HTTP> server stop Success.
To display the status for the HTTP server, enter the following:
HTTP> server status
For example:
HTTP> server status HTTP Status on sfs_01 : ONLINE HTTP Status on sfs_02 : ONLINE
362
set MinSpareThreads
set MaxSpareThreads
Sets the maximum number of idle threads to handle request spikes. If there are more than MaxSpareThreads idle, then those threads are terminated. See Setting the maximum number of idle threads for handling request spikes on page 363.
set MaxThreads
Sets the maximum number of threads that will be created. If all MaxThreads are busy, new incoming requests may be blocked or discarded. See Setting the maximum number of threads to be created on page 364.
set StartThreads
Sets the initial number of server threads to start with. If this value is less than MinSpareThreads, the HTTP server initially starts with the StartThreads value, and more threads are created until there are at least MinSpareThreads idle. See Setting the initial number of server threads on page 364.
set ThreadsPerProc
Sets the maximum number of threads in each server process. See Setting the maximum number of threads in each server process on page 364.
show
Displays the list of all configurable HTTP options and their values. See Displaying the list of all configurable HTTP options and their values on page 365.
363
To display the current HTTP sessions on each node, enter the following:
HTTP> session show
For example:
HTTP> session show Max Sessions: 2000 Nodename -------sfs_01 sfs_02 Current Sessions ---------------4 2
Setting the minimum number of idle threads for handling request spikes
To set the minimum number of idle threads for handling request spikes
To set the minimum number of idle threads for handling request spikes, enter the following:
HTTP> set MinSpareThreads value
where value is the minimum number of idle threads. value has to be less than MaxSpareThreads.
Setting the maximum number of idle threads for handling request spikes
To set the maximum number of idle threads to handle request spikes
To set the maximum number of idle threads to handle request spikes, enter the following:
HTTP> set MaxSpareThreads value
364
To set the maximum number of threads in each server process, enter the following:
HTTP> set ThreadsPerProc value
365
Displaying the list of all configurable HTTP options and their values
To display the list of all configurable HTTP options and their values
To display the list of all configurable HTTP options and their values, enter the following:
HTTP> show
For example:
HTTP> show DocumentRoot Parameter --------MinSpareThreads MaxSpareThreads MaxThreads StartThreads ThreadsPerProc Virtual Path -----------/fs_str0
366
alias show
Displays all the aliases configured on the server. See Displaying all the aliases configured on the server on page 367.
For example:
HTTP> alias add /new/vx/fs_new Success. Virtual Path -----------/fs_str0 /new Real Path --------/vx/fs_str /vx_fs_new
Configuring your HTTP server About HTTP document root mapping commands
367
where virtualPath is the virtual directory path you created. For example:
HTTP> alias del /new Success. HTTP> alias show Virtual Path -----------/fs_str0 Real Path --------/vs/fs_str
To display all the aliases configured on the server, enter the following:
HTTP> alias show
For example:
HTTP> alias show Virtual Path -----------/fs_str0 /new Real Path --------/vx/fs_str /vx/fs_new
368
Configuring your HTTP server About HTTP document root mapping commands
documentRoot show
Displays the root directory for the HTTP server. See Displaying the current root directory for the HTTP server on page 368.
To set the root directory for the HTTP server, enter the following:
HTTP> documentRoot set document_root_dir
where document_root_dir is the root directory for the HTTP server. For example:
HTTP> documentRoot set /vx/test_fs/http_dir Success.
To display the current root directory for the HTTP server, enter the following:
HTTP> documentRoot show
For example:
HTTP> documentRoot show DocumentRoot /vx/test_fs/http_dir
Chapter
12
About configuring event notifications and audit logs About severity levels and filters About email groups Configuring an email group About syslog event logging Configuring a syslog server Displaying events on the console About SNMP notifications Configuring an SNMP management server Configuring events for event reporting Exporting events in syslog format to a given URL About audit logs Configuring audit logs Disabling the audit log for a file system
370
Configuring event notifications and audit logs About configuring event notifications and audit logs
exportevents
Exports events in syslog format to a given URL. See Exporting events in syslog format to a given URL on page 386.
syslog
snmp
Configures an SNMP management server. See Configuring an SNMP management server on page 382.
showevents
audit
Configures audit logs to record file system activity on file systems that are enabled for data archive and retention (DAR).See Configuring audit logs on page 389.
Configuring event notifications and audit logs About severity levels and filters
371
FileStore classifies event notifications by area. Setting the event filter to a specific level filters out other areas. Notifications are sent for events matching the given filter. The following filters are configurable:
Network - if an alert is for a networking event, then selecting the network filter triggers that alert. If you select the network filter only, and an alert is for a storage-related event, the network alert is not sent. Storage - is for storage-related events, for example, file systems, snapshots, disks, and pools All
372
Adding email groups Adding filters to the group Adding email addresses to the email group Adding event severity to the group Configuring an external email server for sending event notification emails Email group commands Definition
Displays an existing email group or details for the email group. See Configuring an email group on page 373.
Uses email groups to group multiple email addresses into one entity; the email group is used as the destination of the FileStore email notification. Email notification properties can be configured for each email group. When an email group is added initially, it has the all default filter. When a group is added initially, the default severity is info. See Configuring an email group on page 373.
Adds an email address to a group. See Configuring an email group on page 373.
email add severity Adds a severity level to an email group. See Configuring an email group on page 373. email add filter Adds a filter to a group. See Configuring an email group on page 373. email del email-address email del filter Deletes an email address. See Configuring an email group on page 373. Deletes a filter from a specified group. See Configuring an email group on page 373. email del group Deletes an email group. See Configuring an email group on page 373. email del severity Deletes a severity from a specified group. See Configuring an email group on page 373.
373
Name of the configured email server Email user's name Email user's password
See Configuring an email group on page 373. email set Displays details for the configured email server and the email user. See Configuring an email group on page 373. email set Deletes the configured email server by specifying the command without any options to delete the email server. See Configuring an email group on page 373.
where group is optional, and it specifies the group for which to display the attributes. If the specified group does not exist, an error message is displayed. For example:
Report> email show root Group Name: root Severity of the events: info,debug Filter of the events: all,storage Email addresses in the group: adminuser@localhost OK Completed
374
where group specifies the name of the new email group and can only contain the following characters:
Entering invalid characters results in an error message. If the entered group already exists, then no error message is displayed. For example:
Report> email add group alert-grp OK Completed
Multiple email groups can be defined, each with their own email addresses, event severity, and filter. To add an email address to an existing group
For example:
Report> email add email-address alert-grp username@company.com OK Completed group Specifies the group to which the email address is being added. If the email group specified does not exist, then an error message is displayed. Specifies the email address to be added to the group. If the email address is not a valid email address, for example, name@symantecexample.com, a message is displayed. If the email address has already been added to the specified group, a message is displayed.
email-address
375
For example:
Report> email add severity alert-grp alert OK Completed group Specifies the email group for which to add the severity. If the email group specified does not exist, an error message is displayed. Indicates the severity level to add to the email group. See About severity levels and filters on page 371. Entering an invalid severity results in an error message, prompting you to enter a valid severity. Only one severity level is allowed at one time. You can have two different groups with the same severity levels and filters. Each group can have its own severity definition. You can define the lowest level of the severity that will trigger all other severities higher than it.
severity
376
filter
For example:
Report> email add filter root storage OK Completed
email-address
For example, to delete an existing email address from the email group, enter the following:
Report> email del email-address root testuser@localhost
377
filter
where group specifies the name of the email group to be deleted. If the email group specified does not exist, an error message is displayed. To delete a severity from a specified group
severity
378
Configuring event notifications and audit logs About syslog event logging
To add an email server and user account from which email notifications are sent out, enter the following:
Report> email set [email-server] [email-user] email-server Specifies the external email server from which email notifications are sent out. Specifies the user account from which email notifications are sent out. If email-user is specified, then the password for that user on the SMTP server is required.
email-user
For example:
Report> email set smtp.symantec.com adminuser Enter password for user 'adminuser': ********
To delete the email server from sending email messages, enter the following command without any options:
Report> email set
379
notifications matching configured severity levels and filters are logged to those external syslog servers. See About severity levels and filters on page 371. Table 12-4 Commands
syslog show
syslog add
syslog set severity Sets the severity for the syslog server. See Configuring a syslog server on page 379. syslog set filter Sets the syslog server filter. See Configuring a syslog server on page 379. syslog get filter Displays the values of the configured syslog server. See Configuring a syslog server on page 379. syslog delete Deletes a syslog server. See Configuring a syslog server on page 379.
where syslog-server-ipaddr specifies the hostname or the IP address of the external syslog server.
380
where value indicates the severity of syslog messages to be sent. For example:
Report> syslog set severity warning
See About severity levels and filters on page 371. To set the filter level of syslog messages
To set the filter level of syslog messages to be sent, enter the following:
Report> syslog set filter value
where value indicates the filter level of syslog messages to be sent. For example:
Report> sylog set filter storage OK Completed
See About severity levels and filters on page 371. To display the values of the configured filter/severity level settings
To display the values of the configured filter/severity level settings, enter the following:
Report> syslog get filter|severity
For example:
Report> syslog get severity Severity of the events: err OK Completed
To delete a syslog server from receiving message notifications, enter the following:
Report> syslog delete syslog-server-ipaddr
Configuring event notifications and audit logs Displaying events on the console
381
where number_of_events specifies the number of events that you want to display. If you leave number_of_events blank, or if you enter 0, FileStore displays all of the events in the system.
snmp show
Displays the current list of SNMP management servers. See Configuring an SNMP management server on page 382.
snmp delete
Deletes an already configured SNMP management server. See Configuring an SNMP management server on page 382.
Sets the severity for SNMP notifications. See Configuring an SNMP management server on page 382.
Sets the filter for SNMP notifications. See Configuring an SNMP management server on page 382.
382
Configuring event notifications and audit logs Configuring an SNMP management server
To add an SNMP management server to receive SNMP traps, enter the following:
Report> snmp add snmp-mgmtserver-ipaddr
snmp-mgmtserver-ipaddr specifies the host name or the IP address of the SNMP management server. For example, if using the IP address, enter the following:
Report> snmp add 10.10.10.10 OK Completed
SNMP traps can be sent to multiple SNMP management servers. To display the current list of SNMP management servers
To display the current list of SNMP management servers, enter the following:
Report> snmp show Configured SNMP management servers: 10.10.10.10,mgmtserv1.symantec.com OK Completed
Configuring event notifications and audit logs Configuring an SNMP management server
383
To delete an already configured SNMP management server from receiving SNMP traps
To delete an already configured SNMP management server from receiving SNMP traps, enter the following:
Report> snmp delete snmp-mgmtserver-ipaddr
specifies the host name or the IP address of the SNMP management server. For example:
Report> snmp delete 10.10.10.10 OK Completed
If you input an incorrect value for snmp-mgmtserver-ipaddr, an error message displays. For example:
Report> snmp delete mgmtserv22.symantec.com SFS snmp delete ERROR V-288-26 Cannot delete SNMP management server, it doesn't exist.
To set the severity for SNMP traps to be sent, enter the following:
Report> snmp set severity value
where value indicates the severity for the SNMP trap to be sent. For example:
Report> snmp set severity warning OK Completed
384
Configuring event notifications and audit logs Configuring an SNMP management server
To set the filter level for SNMP traps, enter the following:
Report> snmp set filter value
See About severity levels and filters on page 371. To display the filter or severity levels of SNMP traps to be sent
To display the filter or severity levels of SNMP traps to be sent, enter the following:
Report> snmp get filter|severity
For example:
Report> snmp get severity Severity of the events: warning OK Completed Report> snmp get filter Filter for the events: network OK Completed
To export the SNMP MIB file to a given URL, enter the following:
Report> snmp exportmib url
where url specifies the location the SNMP MIB file is exported to. FTP and SCP URLs are supported. For example:
Report> snmp exportmib scp://admin@server1.symantec.com:/tmp/sfsfs_mib.txt Password: ***** OK Completed
Configuring event notifications and audit logs Configuring events for event reporting
385
To reduce the number of duplicate events sent for notifications, enter the following:
Report> event set dup-frequency number
where number indicates time (in seconds) in which only one event (of duplicate events) is sent for notifications. For example:
Report> event set dup-frequency 120 OK Completed
For example:
Report> event set dup-number 10 OK Completed
To display the time interval or the number of duplicate events sent for notifications
For example:
Report> event get dup-frequency Duplicate events frequency (in seconds): 120 OK Completed
To set the number of duplicate events sent for notifications, enter the following:
Report> event get dup-number
For example:
Report> event get dup-number Duplicate number of events: 10 OK Completed
386
Configuring event notifications and audit logs Exporting events in syslog format to a given URL
FTP SCP
url specifies the location to which the events in syslog format are exported to. For example:
Report> exportevents scp://root@server1.symantecexample.com: /exportevents/event.1 Password: ****** OK Completed
If the URL specifies a remote directory, the default filename is sfsfs_event.log. To export audit events in syslog format to a given URL
To export audit events in syslog format to a given URL, enter the following:
Report> exportevents url [audit]
url specifies the location to which the audit events in syslog format are exported to. For example:
Report> exportevents scp://root@server1.symantecexample.com: /exportauditevents/auditevent.1 Password: ****** OK Completed
387
Specify the file system to be logged. Only DAR-enabled file system can be configured for audit logs. Choose which activities (operations) on the file system are included in the log. Only the activities you specify are logged, no other operations are logged.
Note: When audit logs are configured for a DAR-enabled file system, that file system cannot be taken offline or destroyed. Table 12-6 Command
audit fs enable
audit fs list
Displays the set of operations (and WORM-only settings) enabled for audit logs. See Configuring audit logs on page 389.
audit fs show
Shows audit logs for a file systems. See Configuring audit logs on page 389.
audit fs disable
Disables audit logs for a file system. Disabling audit logs does not delete current audit log records. See Configuring audit logs on page 389.
Table 12-7 lists the file system operations you can include in audit logs. Table 12-7 Operation
all all_metadata (default)
388
all_delete
all_setxattr
open close write read rename create mkdir link symlink unlink rmdir rename setattr setxattr removeattr getattr getxattr list_xattr
389
To configure an audit log for a DAR-enabled file system, enter the following:
Report> audit fs enable fs_name [operations] [wormonly=yes|no] fs_name Specifies the name of the file system you want to audit. You can only audit DAR-enabled file systems. A comma-separated list of operations to audit. Only the operations you specify are logged. See About audit logs on page 387. wormonly Valid inputs for the wormonly option are wormonly=yes or wormonly=no. If you specify wormonly=yes, only operations done on WORM files are audited. If you specify wormonly=no, all files (WORM and non-WORM) are audited. The default is wormonly=yes. Report> audit fs enable fs1 read,write wormonly=no
operations
To list which operations are tracked by an audit log, enter the following:
Report> audit fs list [fs_name]
where fs_name is the name of the file system. If fs_name is not specified, a list of audit log operations for all DAR-enabled file systems is displayed.
Report> audit fs list File system: fs1 Operations: read,write Wormonly: wormonly=no File system: fs2 Operations: all Wormonly: wormonly=yes
390
To show audit log entries for a file system, enter the following:
Report> audit fs show fs_name [operations] [maxlines] fs_name Specifies the name of the file system whose audit log you want to view. A comma-separated list of operations to display in the log. Only log entries for the operations you specify will be displayed. By default all_metadata operations are displayed. See About audit logs on page 387. maxlines The maximum number of lines shown for an audit log. If you specify zero (0), all lines in the log are shown. The default is 10 lines.
operations
Report> audit fs show fs1 all 0 Filename ======== /vx/fs1/file2 /vx/fs1/file2 /vx/fs1/file2 /vx/fs1/file2 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 /vx/fs1/file1 Operation ========= write write setattr create setattr create write write setxattr setattr setattr create unlink create UID === 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Timestamp ========= Aug 18 13:19:04 Aug 18 13:19:04 Aug 18 13:16:50 Aug 18 13:16:50 Aug 18 13:16:22 Aug 18 13:16:22 Aug 18 10:37:10 Aug 18 10:37:10 Aug 18 10:31:26 Aug 18 10:30:59 Aug 18 10:30:57 Aug 18 10:30:57 Aug 18 10:30:26 Aug 18 10:29:00 Success ======= Success Success Success Success Success Success Success Success Success Success Success Success Success Success
2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010 2010
Configuring event notifications and audit logs Disabling the audit log for a file system
391
To disable the audit log for a file system, enter the following:
Report> audit fs disable fs_name
where fs_name is the name of the file system. When you disable an audit log, the current audit log records are not deleted.
Report> audit fs disable fs1
392
Configuring event notifications and audit logs Disabling the audit log for a file system
Chapter
13
Configuring backup
This chapter includes the following topics:
About backup About NetBackup About the NetBackup snapshot client About NetBackup snapshot methods About NetBackup instant recovery About Fibre Transport About SAN clients About FT media servers About the FT Service Manager About zoning the SAN for Fibre Transport About HBAs for SAN clients and FT media servers About connecting the fiber for SAN Client Adding a NetBackup master server to work with FileStore Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation Configuring the virtual name of NetBackup About Network Data Management Protocol About backup configurations Configuring backup
394
About backup
The Backup commands are defined in Table 13-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the Backup> mode. See About using the FileStore command-line interface on page 33. Table 13-1 Command
netbackup
virtual-ip
Configures the NetBackup and NDMP data server installation on FileStore nodes to use ipaddr as its virtual IP address. See Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation on page 402.
virtual-name
Configures the NetBackup installation on FileStore nodes to use name as its hostname. See Configuring the virtual name of NetBackup on page 403.
ndmp
Transfers data between the data server and the tape server under the control of a client. The Network Data Management Protocol (NDMP) is used for data backup and recovery. See About Network Data Management Protocol on page 403.
show
Displays settings of the configured servers. See About backup configurations on page 417.
status
Displays status of configured servers. See About backup configurations on page 417.
start
Starts the configured servers. See About backup configurations on page 417.
stop
Stops the configured servers. See About backup configurations on page 417.
395
About NetBackup
FileStore includes built-in client software for Symantecs NetBackup data protection suite. If NetBackup is the enterprises data protection suite of choice, file systems hosted by FileStore can be backed up to a NetBackup media server. To configure the built-in NetBackup client, you need the names and IP addresses of the NetBackup master and media servers. Backups are scheduled from those servers, using NetBackups administrative console. Consolidating storage reduces the administrative overhead of backing up and restoring many separate file systems. With a 256 TB maximum file system size, FileStore makes it possible to collapse file storage into fewer administrative units, thus reducing the number of backup interfaces and operations necessary. All critical file data can be backed up and restored through the NetBackup client software included with FileStore (separately licensed NetBackup master and media servers running on separate computers are required), or through any backup management software that supports NAS systems as data sources. Table 13-2 Command
netbackup master-server
netbackup emm-server
Adds an external NetBackup Enterprise Media Manager (EMM) server (which can be the same as the NetBackup master server) to work with FileStore.
396
397
Note: When using FileStore with NetBackup, select the VxFS_Checkpoint snapshot method.
398
An FT traffic zone that includes only the SAN clients and the NetBackup FT media servers HBA ports that connect to the SAN clients. To promote multistream throughput, each SAN client should detect all target mode devices of the media server HBA ports in the zone. The NetBackup SAN clients should detect only the HBA ports that are in target mode on the NetBackup media servers. They should not detect HBA ports in initiator mode on the NetBackup media servers. They should not detect HBAs on other hosts. Without zoning, each NetBackup SAN client host bus adapter (HBA) port detects all HBA ports from all hosts on the SAN. The potentially large number of devices may exceed the number that the operating system supports.
Configuring backup About HBAs for SAN clients and FT media servers
399
If the storage is connected to a SAN, a backup storage zone that includes the storage and the FT media server HBA ports that connect to the storage.
These zones prevent SAN Client traffic from using the bandwidth that may be required for other SAN activity. Note: You must use physical port ID or World Wide Port Name (WWPN) to specify the media server HBA ports that connect to the SAN clients.
Install the drivers for the HBA. Install the utilities for the HBA. Although not required for NetBackup operation, the utilities may help to troubleshoot connectivity problems.
The NetBackup media servers that host Fibre Transport require the following:
For the connections to the SAN clients, use a QLogic HBA that NetBackup supports for Fibre Transport. For these HBAs, you must configure them to use the NetBackup target mode driver.
If you use SAN attached storage, you can use any supported Fibre Channel HBA to connect to the storage. For these HBAs, you should install the QLogic driver and utilities. The HBA ports that connect to the storage must remain in the default initiator mode. The HBAs and their drivers must support 256K size buffers for data transfer.
For information about supported HBAs, see the NetBackup Release Notes.
400
Node port (N_Port) switched Connect the NetBackup media servers and SAN clients to a configuration SAN switch as follows:
Connect the HBA port on the NetBackup FT media server to a Fibre Channel switch port.
Connect each SAN client HBA port to ports on the same Fibre Channel switch. Define the zones on the switch so that the client(s) and server(s) are in the same zone. Be aware of the following: You must define the NetBackup FT media server target ports by physical port ID or World Wide Port Name (WWPN). The target mode driver WWPNs are not unique because they are derived from the Fibre Channel HBA WWPN. You can define SAN clients by either port ID or WWPN. However, if you use one method only, zone definition and management is easier.
Direct connect Fibre Channel Use Fibre Channel arbitrated loop (FC-AL) to connect a arbitrated loop (FC-AL) NetBackup media server HBA port directly to a NetBackup configuration SAN client HBA port.
where server is the hostname of the NetBackup master server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup master-server nbumaster.symantecexample.com Ok Completed
401
where server is the hostname of the NetBackup EMM server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup emm-server nbumedia.symantecexample.com OK Completed
where server is the hostname of the NetBackup media server. Make sure that server can be resolved through DNS, and its IP address can be resolved back to server through the DNS reverse lookup. For example:
Backup> netbackup media-server add nbumedia.symantecexample.com OK Completed
where server is the hostname of the NetBackup media server you want to delete. For example:
Backup> netbackup media-server delete nbumedia.symantecexample.com OK Completed
402
Configuring backup Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation
Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation
You can configure or change the virtual IP address used by NetBackup and the NDMP data server installation on FileStore nodes. This is a highly available virtual IP address in the cluster. For information about the Symantec NetBackup 7.0.1 client capability, refer to the Symantec NetBackup 7.0.1 product documentation set. Note: If you are using NetBackup and the NDMP data server installation on FileStore nodes, configure the virtual IP address using the Backup> virtual-ip command so that it is different from all of the virtual IP addresses, including the console server IP address and the physical IP addresses used to install FileStore. To configure or change the virtual IP address used by NetBackup and NDMP data server installation
To configure or change the virtual IP address used by NetBackup and the NDMP data server installation on FileStore nodes, enter the following:
Backup> virtual-ip ipaddr [device] ipaddr The virtual IP address to be used with the NetBackup and the NDMP data server installation on the FileStore nodes. Make sure that ipaddr can be resolved back to the hostname that is configured by using the Backup> virtual-name command. The Ethernet interface for the virtual IP address.
device
For example:
Backup> virtual-ip 10.10.10.10 pubeth1 OK Completed
403
To configure the NetBackup installation on FileStore nodes to use name as its hostname, enter the following:
Backup> virtual-name name
where name is the hostname to be used by the NetBackup installation on FileStore nodes.
Backup> virtual-name nbuclient.symantecexample.com
Make sure that name can be resolved through DNS, and its IP address can be resolved back to name through the DNS reverse lookup. Also, make sure that name resolves to an IP address configured by using the Backup> virtual-ip command. For example:
Backup> virtual-name nbuclient.symantecexample.com OK Completed
See Configuring or changing the virtual IP address used by NetBackup and NDMP data server installation on page 402.
Defines a mechanism and protocol for controlling backup, recovery, and other transfers of data between the data server and the tape server.
404
Separates the network attached Data Management Application, Data Servers, and Tape Servers participating in archival, recovery, or data migration operations. Provides low-level control of tape devices and SCSI media changers. NDMP terminology Definition
The host computer system that executes the NDMP server application. Data is backed up from the NDMP host to either a local tape drive or to a backup device on a remote NDMP host. The virtual state machine on the NDMP host that is controlled using the NDMP protocol. This term is used independently of implementation. There are three types of NDMP services: data service, tape service, and SCSI service. An instance of one or more distinct NDMP services controlled by a single NDMP control connection. Thus a Data/Tape/SCSI Server is an NDMP server providing data, tape, and SCSI services. The configuration of one client and two NDMP services to perform a data management operation such as a backup or a recovery. The application that controls the NDMP server. Backup and restore are initiated by the NDMP client. In NDMP version 4, the client is the Data Management Application.
service
server
session
client
Data Management An application that controls the NDMP session. In NDMP there is a Application master-slave relationship. The Data Management Application is the session master; the NDMP services are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" is used instead of the Data Management Application.
The Backup> ndmp commands configure the default policies that will be used during the NDMP backup and restore sessions. In FileStore, NDMP supports the following commands:
setenv commands. The set environment commands let you configure the
variables that make up the NDMP backup policies for your environment.
getenv commands. The get environment commands display what you have
set up with the setenv commands or the default values of all of the NDMP environment variables.
showenv command. The show environment command displays all of the NDMP
policies.
405
NFS clients NBU / TSM / EMC Legato with Control NDMP Flow
Control Flow
Data Flow FileStore Cluster NDMP Server NBU Media Server with NDMP
Tape Library
The NDMP commands configure the default policies that are used during the NDMP backup or restore sessions. The Data Management Application (client) initiating the connection for NDMP backup and restore operations to the NDMP data/tape server can override these default policies by setting the same policy
406
name as environment variable and using any suitable value of that environment variable. The FileStore NDMP server supports MD5 and text authentication. The Data Management Application that initiates the connection to the server uses master for the username and for the password for the NDMP backup session authentication. The password can be changed using the Admin> passwd command. See Creating Master, System Administrator, and Storage Administrator users on page 42.
ndmp setenv failure_resilient Continues the backup and restore session even if an error condition occurs. During a backup or restore session, if a file or directory cannot be backed up or restored, setting value to yes lets the session continue with the remaining specified files and directories in the list. A log message is sent to the Data Management Application about the error. Refer to the Data Management Application documentation for the location of the NDMP logs. Some conditions, such as an I/O error, will not let the command continue the backup and restore session. See Configuring the NDMP policies on page 407.
407
408
where the variables for value are listed in the following table.
no_overwrite Checks if the file or directory to be restored already exists. If it does, the command responds with an error message. A log message is returned to the Data Management Application. Refer to the Data Management Application documentation for the location of the NDMP log messages. The file or directory is not overwritten. Checks if the file or directory already exists. If it does, it is renamed with the suffix .#ndmp_old and a new file or directory is created. If the file or directory already exists, it will be overwritten. It is recommended that while doing a restore from incremental backups, the value is set to overwrite_always. No checks are made when overwriting a directory with files. The destination path being overwritten is removed recursively.
rename_old (default)
overwrite_always
For example:
Backup> ndmp setenv overwrite_policy rename_old Ok Completed
no
409
no
410
where the variables for value are yes or no. If NetBackup is being used for backup by way of NDMP, use set UPDATE = No in NetBackup to disable updating dumpdates. Or use set UPDATE = "" to stop NetBackup from using a default value of yes.
yes (default) Updates the dumpdates files by the FileStore NDMP data server with the details of the current backup which includes the time at which the backup was taken, the directory that was backed up, and the level of the backup. This information can be later used for the next backup session for the incremental and differential backups. The dumpdates files will not be updated.
no
no
411
no
mtime
For example:
Backup> ndmp setenv backup_method mtime OK Completed
412
no (default)
For example:
Backup> ndmp setenv masquerade_as_thirdparty yes OK Completed Backup>
For example:
Backup> ndmp showenv Overwrite policy: Failure Resilient: Restore DST policies: Recursive restore: Update dumpdates: Send history: Use snapshot: Backup method: Masquerade as thirdparty: OK Completed
Rename old yes yes yes yes yes yes fcl yes
413
Enables the continuation of the backup and restore session even if an error condition occurs because a file or directory cannot be backed up or restored. To retrieve the settings for the policy that you set up, use the ndmp getenv failure_resilient command. See Retrieving the NDMP data on page 414.
Configures the dynamic storage tiering (DST) restore policy. To retrieve the settings for the policy that you set up, use the ndmp getenv restore_dst command. See Retrieving the NDMP data on page 414.
Enables the configuration of the restore session to restore the contents of a directory. To retrieve the settings for the policy that you set up, use the ndmp getenv recursive_restore command. See Retrieving the NDMP data on page 414.
Enables the configuration of the dumpdates file. To retrieve the settings for the policy that you set up, use the ndmp getenv update_dumpdates command. See Retrieving the NDMP data on page 414.
States whether or not you want the file history of the backed up data to be sent to the Data Management Application. To retrieve the settings for the policy that you set up, use the ndmp getenv send_history command. See Retrieving the NDMP data on page 414.
Enables how much of the files and directories you want to copy during the back up session. To retrieve the settings for the policy that you set up, use the ndmp getenv use_snapshot command. See Retrieving the NDMP data on page 414.
414
ndmp getenv backup_method Enables the configuration of the method to back up the file system. To retrieve the settings for the policy that you set up, use the ndmp getenv backup_method command. See Retrieving the NDMP data on page 414. ndmp getenv masquerade_as_thirdparty Configures the NDMP server to masquerade as a third-party compatible device for certain NDMP backup applications. See Retrieving the NDMP data on page 414.
For example:
Backup> ndmp getenv overwrite_policy Overwrite policy: Rename old OK Completed
For example:
Backup> ndmp getenv failure_resilient Failure Resilient: yes OK Completed
415
For example:
Backup> ndmp getenv restore_dst Restore DST policies: no OK Completed
For example:
Backup> ndmp getenv recursive_restore Recursive restore: yes OK Completed
For example:
Backup> ndmp getenv update_dumpdates Update dumpdates: yes OK Completed
For example:
Backup> ndmp getenv send_history Send history: no OK Completed
416
For example:
Backup> ndmp getenv use_snapshot Use snapshot: yes OK Completed
For example:
Backup> ndmp getenv backup_method Backup Method: fcl OK Completed
For example:
Backup> ndmp getenv masquerade_as_thirdparty Masquerade as thirdparty: yes OK Completed
417
status
Displays if the NetBackup and the NDMP data server has started or stopped on the FileStore nodes. If the NetBackup and the NDMP data server has currently started and is running, then Backup> status displays any on-going backup or restore jobs. See Configuring the virtual name of NetBackup on page 403. See Configuring backup on page 418.
start
Starts processes that handle backup and restore. You can also change the status of a virtual IP address to online after it has been configured using the Backup> virtual-ip command. This applies to any currently active node in the cluster that handles backup and restore jobs. The Backup> start command does nothing if the backup and restore processes are already running. See Configuring backup on page 418.
stop
Enables the processes that handle backup and restore. You can also change the status of a virtual IP address to offline after it has been configured using the Backup> virtual-ip command. The Backup> stop command does nothing if backup jobs are running that involve FileStore file systems. See Configuring backup on page 418.
418
Configuring backup
To display NetBackup configurations
For example:
Backup> show Virtual name: Virtual IP: NetBackup Master Server: NetBackup EMM Server: NetBackup Media Server(s): Backup Device: Ok Completed
419
: : : :
An example of the status command when the backup jobs that are running involve file systems using NDMP.
Backup> status Virtual IP state Backup service online node NDMP Server state NetBackup Client state
: : : :
Following filesystems are currently busy in backup/restore jobs by NDMP: myfs1 OK Completed
An example of the status command when the backup jobs that are running involve file systems using the NetBackup client.
Backup> status Virtual IP state Backup service online node NDMP Server state NetBackup Client state
: : : :
420
Configuring backup Configuring backups using NetBackup or other third-party backup applications
where the optional nodename specifies the node where backup services are started. For example:
Backup> start OK Completed
For example:
Backup> stop SFS backup ERROR V-288-0 Cannot stop, some backup jobs are running.
Chapter
14
About FileStore Dynamic Storage Tiering (DST) How FileStore uses Dynamic Storage Tiering About policies About adding tiers to file systems Adding tiers to a file system Removing a tier from a file system About configuring a mirror on the tier of a file system Configuring a mirror to a tier of a file system Listing all of the files on the specified tier Displaying a list of DST file systems Displaying the tier location of a specified file About configuring the policy of each tiered file system Configuring the policy of each tiered file system Relocating a file or directory of a tiered file system About configuring schedules for all tiered file systems
422
Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
Configuring schedules for all tiered file systems Displaying files that will be moved and/or pruned by running a policy Allowing metadata information on the file system to be written on the secondary tier Restricting metadata information to the primary tier only
Relocate files between primary and secondary tiers automatically as files age and become less business critical. Prune files on secondary tiers automatically as files age and are no longer needed. Promote files from a secondary storage tier to a primary storage tier based on I/O temperature. Retain original file access paths to eliminate operational disruption, for applications, backup procedures, and other custom scripts. Allow you to manually move folders/files and other data between storage tiers. Enforce policies that automatically scan the file system and relocate files that match the appropriate tiering policy.
Current active tier 1 (primary) storage. Tier 2 (secondary) storage for aged or older data.
To configure FileStore DST, add tier 2 (secondary) storage to the configuration. Specify where the archival storage will reside (storage pool) and the total size. Files can be moved from the active storage after they have aged for a specified number of days, depending on the policy selected. The number of days for files to age (not accessed) before relocation can be changed at any time. Note: An aged file is a file that exists without being accessed. Figure 14-1 depicts the features of FileStore and how it maintains application transparency.
Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
423
Figure 14-1
/sales
/financial /sales
/development /sales
/current
/forecast
/current /2007
/forecast /2008
/current /new
/forecast /history
storage
Primary Tier
Secondary Tier
mirrored RAID5
If you are familiar with Veritas Volume Manager (VxVM), every FileStore file system is a multi-volume file system (one file system resides on two volumes). The DST tiers are predefined to simplify the interface. When an administrator wants to add storage tiering, a second volume is added to the volume set, and the existing file system is encapsulated around all of the volumes in the file system. This chapter discusses the FileStore storage commands. You use these commands to configure tiers on your file systems. The Storage commands are defined in Table 14-1. You log into the administrative console (for master, system-admin, or storage-admin) and enter Storage> mode to access the commands.
424
Configuring Symantec FileStore Dynamic Storage Tiering About FileStore Dynamic Storage Tiering (DST)
See About using the FileStore command-line interface on page 33. Table 14-1 Command
tier add
tier remove
Removes a tier from a file system. See Removing a tier from a file system on page 428.
tier addmirror
Adds a mirror to a tier of a file system. See About configuring a mirror on the tier of a file system on page 429.
tier rmmirror
Removes a mirror from a tier of a file system. See About configuring a mirror on the tier of a file system on page 429.
tier listfiles
Lists all of the files on the specified tier. See Listing all of the files on the specified tier on page 431.
tier mapfile
Displays the tier location of a specified file. See Displaying the tier location of a specified file on page 432.
tier policy
Configures the policy of each tiered file system. See About configuring the policy of each tiered file system on page 432.
tier relocate
Relocates a file or directory. See Relocating a file or directory of a tiered file system on page 438.
tier schedule
Creates schedules for all tiered file systems. See About configuring schedules for all tiered file systems on page 438.
tier query
Displays a list of files that will be moved and/or pruned by running a policy. See Displaying files that will be moved and/or pruned by running a policy on page 440.
Configuring Symantec FileStore Dynamic Storage Tiering How FileStore uses Dynamic Storage Tiering
425
tier allowmetadata Allows the metadata information on the file system to be written on yes the secondary tier. See Allowing metadata information on the file system to be written on the secondary tier on page 441. tier allowmetadata Restricts the metadata information to the primary tier only. no See Restricting metadata information to the primary tier only on page 442.
Each newly created file system has only one primary tier initially. This tier cannot be removed. For example, the following operations are applied to the primary tier:
Storage> fs addmirror Storage> fs growto Storage> fs shrinkto
The Storage> tier commands manage file system DST tiers. All Storage> tier commands take a file system name as an argument and perform operations on the combined construct of that file system. The FileStore file system default is to have a single storage tier. An additional storage tier can be added to enable storage tiering. A file system can only support a maximum of two storage tiers.
Storage> tier commands can be used to perform the following:
Adding/removing/modifying the secondary tier Setting policies Scheduling policies Locating tier locations of files
426
Listing files that are located on the primary or secondary tier Moving files from the secondary tier to the primary tier Allowing metadata information on the file system to be written on the secondary tier Restricting metadata information to the primary tier only
About policies
Each tier can be assigned a policy. The policies include:
Specify on which tier (primary or secondary) the new files get created. Relocate files from the primary tier to the secondary tier based on any number of days of inactivity of a file. Relocate files from the secondary tier to the primary tier based on the Access Temperature of the file. Prune files on the secondary tier based on any number of days of inactivity of a file.
Adds a mirrored second tier to a file system. See Adding tiers to a file system on page 427.
Adds a striped second tier to a file system. See Adding tiers to a file system on page 427.
Adds a mirrored-striped second tier to a file system. See Adding tiers to a file system on page 427.
Configuring Symantec FileStore Dynamic Storage Tiering Adding tiers to a file system
427
To add a tier to a file system where the volume layout is "simple" (concatenated), enter the following:
Storage> tier add simple fs_name size pool1[,disk1,...]
For example:
Storage> tier add mirrored fs1 100M 2 pool3,pool4 100% [#] Creating mirrored secondary tier of filesystem
428
Configuring Symantec FileStore Dynamic Storage Tiering Removing a tier from a file system
Storage> tier add striped-mirror fs_name size nmirrors ncolumns pool1[,disk1,...] [protection=disk|pool] [stripeunit=kilobytes] fs_name Specifies the name of the file system to which the mirrored tier will be added. If the specified file system does not exist, an error message is displayed. Specifies the size of the tier to be added to the file system, for example, 10m, 10M, 25g, 100G. Specifies the numbers of columns to add to the striped tiered file system. Specifies the number of mirrors to be added to the tier for the specified file system. Specifies the pool(s) or disk(s) that will be used for the specified tiered file system. If the specified pool or disk does not exist, an error message is displayed. You can specify more than one pool or disk by separating the pool or disk name with a comma, but do not include a space between the comma and the name. The disk needs to be part of the pool or an error message is displayed. protection If no protection level is specified, disk is the default protection level. The protection level of the second tier is independent of the protection level of the first tier. Available options are: disk - If disk is entered for the protection field, then mirrors will be created on separate disks. The disks may or may not be in the same pool. pool - If pool is entered for the protection field, then mirrors will be created in separate pools. If not enough space is available, then the file system will not be created.
size
ncolumns
nmirrors
pool1[,disk1,...]
stripeunit=kilobytes Specifies a stripe width of either 128K, 256k, 512K, 1M, or 2M. The default stripe width is 512K.
Configuring Symantec FileStore Dynamic Storage Tiering About configuring a mirror on the tier of a file system
429
requires that the file system be online, and that no data resides on the secondary tier. If the storage tier to be removed contains any data residing on it, then the tier cannot be removed from the file system. To remove a tier from a file system
where fs_name specifies the name of the tiered file system that you want to remove. For example:
Storage> tier remove fs1
tier rmmirror
Note: For a striped-mirror file system, if any of the disks are bad, this
command disables the mirrors from the tiered file system for which the disks have failed. If no disks have failed, FileStore chooses a mirror to remove from the tiered file system. See Configuring a mirror to a tier of a file system on page 429.
430
Configuring Symantec FileStore Dynamic Storage Tiering Configuring a mirror to a tier of a file system
fs_name
Specifies the file system to which the a mirror will be added. If the specified file system does not exist, an error message is displayed. Specifies the pool(s) or disk(s) that will be used as a mirror for the specified tiered file system. You can specify more than one pool or disk by separating the name with a comma. But do not include a space between the comma and the name. The disk needs to be part of the pool or an error message is displayed.
pool1[,disk1,...]
protection
If no protection level is specified, disk is the default protection level. Available options are: disk - If disk is entered for the protection field, then mirrors will be created on separate disks. The disks may or may not be in the same pool. pool - If pool is entered for the protection field, then mirrors will be created in separate pools. If not enough space is available, then the file system will not be created.
For example:
Storage> tier addmirror fs1 pool5 100% [#] Adding mirror to secondary tier of filesystem
where fs_name specifies the name of the tiered file system from which you want to remove a mirror. For example:
Storage> tier rmmirror fs1
This command provides another level of detail for the remove mirror operation. You can use the command to specify which mirror you want to remove by specifying the pool name or disk name. The disk must be part of a specified pool.
Configuring Symantec FileStore Dynamic Storage Tiering Listing all of the files on the specified tier
431
To remove a mirror from a tier that spans a specified pool or disk, enter the following:
Storage> tier rmmirror fs_name [pool_or_disk_name] fs_name Specifies the name of the file system from which to remove a mirror. If the specified file system does not exist, an error message is displayed.
pool_or disk_name Specifies the pool or disk from which the mirror of the tiered file system spans.
The syntax for the Storage> tier rmmirror command is the same for both pool and disk. If you try to remove a mirror using Storage> fs rmmirror fs1 abc, FileStore first checks for the pool with the name abc, then FileStore removes the mirror spanning on that pool. If there is no pool with the name abc, then FileStore removes the mirror that is on the abc disk. If there is no disk with the name abc, then an error message is displayed.
To list all of the files on the specified tier, enter the following:
Storage> tier listfiles fs_name {primary|secondary}
where fs_name indicates the name of the tiered file system from which you want to list the files. You can specify to list files from either the primary or secondary tier. For example:
Storage> tier listfiles fs1 secondary
432
Configuring Symantec FileStore Dynamic Storage Tiering Displaying a list of DST file systems
file_path
For example, to show the location of a.txt, which is in the root directory of the fs1 file system, enter the following:
tier mapfile fs1 /a.txt Tier Extent Type ==== =========== Primary Data
Configuring Symantec FileStore Dynamic Storage Tiering About configuring the policy of each tiered file system
433
Specifies the prune policy of a tiered file system. Once files have aged on the secondary tier, the prune policy can be set up to delete those aged files automatically. There are three sub-commands under this command:
tier policy prune list tier policy prune modify tier policy prune remove
See Configuring the policy of each tiered file system on page 434. tier policy run Runs the policy of a tiered file system. See Configuring the policy of each tiered file system on page 434. tier policy remove Removes the policy of a tiered file system. See Configuring the policy of each tiered file system on page 434.
434
Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
To display the policy of each tiered file system, enter the following:
Storage> tier policy list
For example:
Storage> tier policy list FS Create on Days MinAccess Temp == ========= ==== ============== fs1 primary 2 3
PERIOD ====== 4
Each tier can be assigned a policy. A policy assigned to a file system has three parts:
file creation inactive files Specifies on which tier the new files are created. Indicates when a file has to be moved from the primary tier to the secondary tier. For example, if the days option of the tier is set to 10, and if a file has not been accessed for more than 10 days, then it is moved from the primary tier of the file system to the secondary tier. Measures the number of I/O requests to the file during the period designated by the period. In other words, it is the number of read or write requests made to a file over a specified number of 24-hour periods divided by the number of periods. If the access temperature of a file exceeds minacctemp (where the access temperature is calculated over a period of time previously specified) then this file is moved from the secondary tier to the primary tier.
access temperature
Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
435
tier
days
minacctemp
period
For example:
Storage> tier policy modify fs1 primary 6 5 3 SFS fs SUCCESS V-288-0 Successfully modifies tiering policy for File system fs1
To display the prune policy of a tiered file system, enter the following:
Storage> tier policy prune list
For example:
Storage> tier policy prune list FS Delete After =============== ============ fs1 200 fs2 disabled
The default prune policy status of a tiered file system is disabled. The delete_after indicates the number of days after which the files can be deleted.
436
Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
To modify the prune policy of a tiered file system, enter the following:
Storage> tier policy prune modify fs_name delete_after fs_name Name of the tiered file system from which you want to modify the prune policy. Number of days from which the inactive files will be deleted.
delete_after
For example:
Storage> tier policy prune modify fs0 180 You have set the Prune policy to file system , system will automatically delete the inactive files on secondary tier. Do you want to continue with setting the Tier Prune policy? (y/n) Y SFS fs SUCCESS V-288-0 Successfully modified the Prune policy for File system fs0
To remove the prune policy of a tiered file system, enter the following:
Storage> tier policy prune remove fs_name
where fs_name is the name of the tiered file system from which you want to remove the prune policy. For example:
Storage> tier policy prune remove fs1 SFS fs SUCCESS V-288-0 Successfully removed the Prune policy for File system fs1
Configuring Symantec FileStore Dynamic Storage Tiering Configuring the policy of each tiered file system
437
where fs_name indicates the name of the tiered file system for which you want to run a policy. For example:
Storage> tier policy run fs1 SFS fs INFO V-288-1221 The command may take some time to execute, pressing CTRL + C, will abort the command. SFS fs SUCCESS V-288-1275 Successfully ran tiering policy for File system fs1
where fs_name indicates the name of the tiered file system from which you want to remove a policy. For example:
Storage> tier policy remove fs1 SFS fs SUCCESS V-288-0 Successfully removed tiering policy for File system fs1
You can run the policy of a tiered file system, which would be similar to scheduling a job to run your policies, except in this case running the policy is initiated manually. The Storage> tier policy run command moves the older files from the primary tier to the secondary tier, and/or prunes the inactive files on the secondary tier, according to the policy setting.
438
Configuring Symantec FileStore Dynamic Storage Tiering Relocating a file or directory of a tiered file system
dirPath
Removes the schedule of a tiered file system. See Configuring schedules for all tiered file systems on page 439.
Configuring Symantec FileStore Dynamic Storage Tiering Configuring schedules for all tiered file systems
439
minute
440
Configuring Symantec FileStore Dynamic Storage Tiering Displaying files that will be moved and/or pruned by running a policy
To display schedules for all tiered file systems, enter the following:
Storage> tier schedule list [fs_name]
where fs_name indicates the name of the tiered file system for which you want to run a policy. For example:
Storage> tier schedule list FS Minute Hour Day === ====== ==== === fs1 1 1 1
Month ===== *
WeekDay ======= *
where fs_name is the name of the tiered file system from which you want to remove a schedule. For example:
Storage> tier schedule remove fs1 SFS fs SUCCESS V-288-0 Command tier schedule remove executed successfully for fs1
Configuring Symantec FileStore Dynamic Storage Tiering Allowing metadata information on the file system to be written on the secondary tier
441
To display a list of files that will be moved and/or pruned by running a policy
To display a list of files that will be moved and/or pruned by running a policy, enter the following:
Storage> tier query fs_name
where fs_name is the name of the tiered file system for which you want to display a list of files that will be moved and/or pruned by running a policy. For example:
Storage> tier query fs1 Are you sure, this command may take a long time to execute and extensively use the system resources, enter yes/no Continuing with the command, you can press CTRL+C to abort the command Yes /a.txt /b.txt /c.txt /d.txt
Allowing metadata information on the file system to be written on the secondary tier
The Storage> tier allowmetadata yes command allows the metadata information on the specified file system to be written on the secondary tier as well. By default, the secondary tier is not configured for storing metadata information on the file system. Tiers configured with this option show metaOK in the column SECONDARY TIER of the Storage> fs list command output.
442
Configuring Symantec FileStore Dynamic Storage Tiering Restricting metadata information to the primary tier only
To allow metadata information on the file system to be written on the secondary tier
To allow metadata information on the file system to be written on the secondary tier, enter the following:
Storage> tier allowmetadata yes fs_name
where fs_name is the name of the file system where metadata information can be written on the secondary tier. For example:
Storage> tier allowmetadata yes fs1 SFS fs SUCCESS V-288-0 Configured the secondary tier for storing metadata information.
To restrict metadata information to the primary tier only, enter the following:
Storage> tier allowmetadata no fs_name
where fs_name is the name of the file system where the metadata information is restricted to the primary tier only. For example:
Storage> tier allowmetadata no fs1 SFS fs SUCCESS V-288-0 Configured the secondary tier for storing no metadata information.
Chapter
15
About system commands About setting the clock commands Setting the clock commands About configuring the locally saved configuration files Configuring the locally saved configuration files Using the more command About coordinating cluster nodes to work with NTP servers Coordinating cluster nodes to work with NTP servers Displaying the system statistics Using the swap command About the option commands Using the option commands
444
contains option command displays and configures the tunable parameters. The system commands are listed in Table 15-1. To access the commands, log into the administrative console (for master, system-admin, or storage-admin) and enter the System> mode. See About using the FileStore command-line interface on page 33. Table 15-1 Command
clock
config
Imports or exports the FileStore configuration settings. See About configuring the locally saved configuration files on page 448.
more
Enables, disables, or checks the status of the more filter. See Using the more command on page 453.
ntp
Sets the Network Time Protocol (NTP) server on all of the nodes in the cluster. See About coordinating cluster nodes to work with NTP servers on page 453.
stat
Displays the system, Dynamic Multipathing (DMP), and process-related node wide statistics. See Displaying the system statistics on page 455.
swap
Swaps two network interfaces in a cluster. See Using the swap command on page 456.
option
Adjusts a variety of tunable variables that affect the cluster-wide FileStore settings. See Using the option commands on page 459.
445
clock set
Sets the system date and time. See Setting the clock commands on page 445.
clock timezone
To display the current system date and time, enter the following:
System> clock show
For example:
System> clock show Fri Feb 20 12:16:30 PST 2009
446
year
For example:
System> clock set 12:00:00 17 July 2009 .Done. Fri Jul 17 12:00:00 PDT 2009
447
To set the time zone for the system, enter the following:
System> clock timezone timezone
The system will reset to the time zone for that specific region. For example:
System> clock show Thu Apr 3 09:40:26 PDT 2008 System> clock timezone GMT Setting time zone to: GMT ..Done. Thu Apr 3 16:40:37 GMT 2008 System> clock show Thu Apr 3 16:40:47 GMT 2008 System> clock timezone Los_Angeles Setting time zone to: Los_Angeles ..Done. Thu Apr 3 09:41:06 PDT 2008
448
Configuring system information About configuring the locally saved configuration files
region
Africa America Asia Australia Canada Europe GMT-offset - (this includes GMT, GMT +1, GMT +2) Pacific US
For example:
System> clock regions US
449
config export local Exports configuration settings locally. See Configuring the locally saved configuration files on page 449. config export remote Exports configuration settings remotely. See Configuring the locally saved configuration files on page 449.
config delete
Deletes the locally saved configuration file. See Configuring the locally saved configuration files on page 449.
450
For example:
System> config export local 2007_July_20
For example:
System> config export remote ftp://admin@ftp.docserver.symantec.com/configs/config1.tar.gz Password: ******* file_name URL Specifies the saved configuration file. Specifies the URL of the export file (supported protocols are FTP and SCP).
config_type
For example:
System> config import local 2007_July_20 network Backup of current configuration was saved as 200907150515 network configuration was imported Configuration files are replicated to all the nodes
451
where 200907150515 is the date (20090715 = July 15, 2009) and the time (0515 = hour 5 and 15 minutes). To import configuration settings remotely, enter the following:
System> config import remote URL [config_type] {network|admin|all|report|system|cluster_specific| all_except_cluster_specific|nfs|cifs|ftp|http|backup|replication| storage_schedules|antivirus}
For example:
System> config import remote ftp://user1@server.com/home/user1/ 2008_July_20.tar.gz report Password: ******* file_name URL Specifies the saved configuration file. Specifies the saved configuration at a remote machine specified by a URL.
452
config_type
Specifies the type of configuration to import. This is an optional parameter. If config_type is left blank, config_type defaults to all. Available import configuration options are: network - Imports DNS, LDAP, NIS, nsswitch settings (does not include IP). admin - Imports list of users, passwords. This includes cifs local users and groups. all - Imports all configuration information.
cluster_specific - Imports public IP addresses, virtual IP addresses, and console IP addresses. Be careful before using this import option. The network connection to the console server will be lost after performing an import. You need to reconnect to the console server after importing the configuration option. all_except_cluster_specific - Imports all configuration information except for cluster-specific information. nfs - Imports NFS settings.
backup - Imports the NBU client and NDMP configuration, excluding the virtual-name and virtual-ip. replication - Imports replication settings. storage_schedules - Imports dynamic storage tiering (DST) and automated snapshot schedules. antivirus - Imports antivirus settings.
You can import the configuration settings saved in a local file or saved to a remote machine specified by a URL. To delete the locally saved configuration file
file_name specifies the locally saved configuration file for which to delete.
453
To modify and view the more filter setting, enter the following:
System> more enable|disable|status enable disable status Enables the more filter on all of the nodes in the cluster. Disables the more filter on all of the nodes in the cluster. Displays the status of the more filter.
For example:
System> more status Status : Enabled System> more disable SFS more Success V-288-748 more deactivated on console System> more enable SFS more Success V-288-751 more activated on console
ntp show
Displays NTP status and server name. See Coordinating cluster nodes to work with NTP servers on page 454.
454
Configuring system information Coordinating cluster nodes to work with NTP servers
ntp disable
Disables the NTP server on all of the nodes in the cluster. See Coordinating cluster nodes to work with NTP servers on page 454.
To set the NTP server on all of the nodes in the cluster, enter the following:
System> ntp servername server-name
where server-name specifies the name of the server or IP address you want to set. For example:
System> ntp servername ntp.symantec.com Setting NTP server = ntp.symantec.com ..Done.
Use 127.127.1.0 as the IP address for selecting the local clock as the time source for the NTP server. To display the status of the NTP server
Example output:
System> ntp show Status: Enabled Server Name: ntp.symantec.com
455
To enable the NTP server on all of the nodes in the cluster, enter the following:
System> ntp enable
For example:
System> ntp enable Enabling ntp server: ntp.symantec.com ..Done.
To disable the NTP server on all of the nodes in the cluster, enter the following:
System> ntp disable
For example:
System> ntp disable Disabling ntp server:..Done. System> ntp show Status : Disabled Server Name: ntp.symantec.com
456
all
node
To view the cluster-wide network and I/O throughput, enter the following:
System> stat cluster Gathering statistics... Cluster wide statistics:::: ======================================= IO throughput :: 0 Network throughput :: 1.205
457
Note: Do not use this command if you have exported CIFS/NFS shares. To use the swap command
For example:
System> swap pubeth0 priveth0 All ssh connection(s) need to start again after this command. Do you want to continue [Enter "y/yes" to continue]... Check status of this command in history. Wait.......
option modify nfsd Modifies the number of Network File System (NFS) daemons on all of the nodes in the cluster. The range for the number of daemons you can modify is 1 to 512.
458
option show dmpio Displays the type of Dynamic Multipathing (DMP) I/O policy corresponding to enclosure, arrayname, and arraytype for each node in a cluster. See Using the option commands on page 459. option modify dmpio Modifies the Dynamic Multipathing (DMP) I/O policy, corresponding to the enclosure, arrayname, and arraytype.
Warning: Check the sequence before modifying the I/O policy. The
policies need to be applied in following sequence: arraytype, arrayname, and enclosure. The enclosure-based modification of the I/O policy overwrites the I/O policy set using the arrayname and the arraytype for that particular enclosure. In turn, the arrayname-based modification of the I/O policy overwrites the I/O policy set using the arraytype for that particular arrayname. See Using the option commands on page 459. option reset dmpio Resets the Dynamic Multipathing (DMP) I/O policy setting for the given input (enclosure, arrayname, and arraytype). Use this command when you want to change the I/O policy from the previously set enclosure to arrayname. The settings hierarchy is enclosure, arrayname, and arraytype, so to modify the I/O policy to arraytype, you need to reset arrayname and enclosure.
Note: This command does not set the default I/O policy.
See Using the option commands on page 459. option show ninodes option modify ninodes Displays the ninodes cache size in the cluster. See Using the option commands on page 459. Changes the cache size of the global inodes. If your system is caching a large number of metadata transactions, or if there is significant virtual memory manager usage, tuning this parameter may improve performance. The range for the inode cache size is from 10000 to 2097151.
459
Displays the value of the dmptune attribute. See Using the option commands on page 459. Modifies the value for either the dmp_path_age or the dmp_health_time attributes. See Using the option commands on page 459.
For example:
System> option show nfsd NODENAME NUMBER_DAEMONS --------------------sfs_01 96 sfs_02 96
460
For example:
System> option modify nfsd 97
For example:
If you want to view your current enclosure names, use the following command:
Storage> disk list detail
For example:
Storage> Disk ===== sda_01 disk list detail Pool Enclosure ==== ========== p1 OTHER_DISKS
ID == VMware%2C:VMware%20Virtual%20S:0:0
461
arrayname
array_name
arraytype
array_type
462
iopolicy
adaptive
In storage area network (SAN) environments, this option determines the paths that have the least delays, and schedules the I/O on paths that are expected to carry a higher load. Priorities are assigned to the paths in proportion to the delay.
adaptiveminq The I/O is scheduled according to the length of the I/O queue on each path. The path with the shortest queue is assigned the highest priority. balanced Takes into consideration the track cache when balancing the I/O across paths. Uses a minimum I/O queue policy. The I/O is sent on paths that have the minimum number of I/O requests in the queue. This policy is suitable for low-end disks or JBODs where a significant track cache does not exist. This is the default policy for Active/Active (A/A) arrays. Assigns the path with the highest load carrying capacity as the priority path. This policy is useful when the paths in a SAN have unequal performances, and you want to enforce load balancing manually. Sets a simple round-robin policy for the I/O. This is the default policy for Active/Passive (A/P) and Asynchronous Active/Active (A/A-A) arrays. The I/O is channeled through the single active path.
minimumq
priority
round-robin
singleactive
For example:
System> option show ninodes INODE_CACHE_SIZE ---------------2000343
463
For example:
System> option modify ninodes 2000343 SFS option WARNING V-288-0 This will require cluster wide reboot. Do you want to continue (y/n)?
For example:
System> option NODENAME -------sfs_01 show tunefstab ATTRIBUTE --------write_throttle
VALUE ----0
where value is the number you are assigning to the write_throttle parameter. For example:
System> option System> option NODENAME -------sfs_01 sfs_02 modify tunefstab write_throttle 20003 show tunefstab ATTRIBUTE VALUE ------------write_throttle 20003 write_throttle 20003
464
For example:
System> option show dmptune NODENAME ATTRIBUTE ---------------sfs_01 dmp_path_age sfs_01 dmp_health_time
VALUE ----57 44
To modify the value of the dmp_path_age and dmp_health_time attributes, enter the following:
System> option modify dmptune {dmp_path_age value | dmp_health_time value} dmp_path_age value Modify the value of dmp_health_time. This attribute sets the time in seconds for which a path must stay healthy. If a paths state changes back from enabled to disabled within this time period, DMP marks the path as intermittently failing, and does not re-enable the path for I/O until dmp_path_age seconds elapse. The default value of dmp_health_time is 60 seconds. A value of 0 prevents DMP from detecting intermittently failing paths. Sets the time in seconds for which a path must stay healthy. If a path's state changes back from enabled to disabled within this time period, DMP marks the path as intermittently failing, and DMP does not re-enable the path for I/O until the dmp_path_age seconds have elapsed. The default value of dmp_health_time is 60 seconds. A value of 0 prevents DMP from detecting intermittently failing paths.
dmp_health_time value
For example:
System> option modify dmptune dmp_path_age 40 System> option modify dmptune dmp_health_time 50
Chapter
16
About upgrading patches or drivers Displaying the current version of FileStore About installing patches About types of patches Installing patches Uninstalling patches Synchronizing software upgrades on a node Uninstalling driver updates
466
Note: The Upgrade> patch install command can also be used for DUD upgrades in case the new node you want to add into the cluster has a separate set of driver requirements compared to the first node.
Note: To avoid potential upgrade issues, stop all workloads from clients, and then re-initiate the upgrade. Table 16-1 Command
show
patch install
Downloads the patch from the specified URL and installs it on all of the nodes. See About installing patches on page 468.
patch uninstall-upto
Uninstalls the software upgrade from all of the nodes up to the specified version. See About installing patches on page 468.
patch sync
Synchronizes the specified node. See About installing patches on page 468.
patch duduninstall Removes all of the driver updates previously added to the cluster and reverts back to the original driver update image. See About installing patches on page 468.
467
To display the current version of FileStore and the patch level, enter the following:
Upgrade> show
For example:
Upgrade> show 5.5 ENTERPRISE EDITION (Mon Aug 17 16:12:40 2009), Installed on Mon Aug 10 09:23:28 EST 2009
To display the current version of FileStore, the DUD upgrades, the patch level, and major upgrades, enter the following:
Upgrade> show detail
For example:
Upgrade> show detail 6.0SP1 ENTERPRISE EDITION (Tue Dec 15 08:40:23 2010) 6.0 ENTERPRISE EDITION (Tue Aug 11 08:40:23 2010), Installed on Tue Aug 11 17:21:18 EDT 2010 6.0SP1 ENTERPRISE EDITION (Tue Dec 15 08:40:23 2010), Installed on Tue Dec 15 19:19:54 EDT 2010 Major Upgrade(s) ================ Upgraded from 5.5 to 6.0 (Tue Aug 11 08:40:23 2010) on Tue Aug 11 17:21:18 EDT 2010
468
469
1) Patches that do not require a cluster reboot. This patch upgrades only FileStore-related binaries and any operating system RPMs that do not require a reboot after applying the patch. Type 1 patches do not require a cluster reboot, so the direct upgrade process can be used. The direct upgrade process does not bring down any nodes/resources while applying a patch, and the upgrade applies the patch on all the nodes in parallel. The cluster remains in a running state serving clients while the upgrade process is running. 2) Patches that require a cluster reboot. This patch upgrades operating system RPMs and FileStore binaries that require a reboot of the cluster. These patches require a one-time cluster reboot. Type 2 patches require a one-time cluster reboot, so use the phased upgrade process to minimize downtime. In a phased upgrade, the upgrade process selects one node called the first-stage node, and stops all services/resources on the first-stage node. (No resources failover to other nodes, so clients connected to the first-stage node virtual IP (VIP) will be interrupted.) The first-stage node is upgraded first. While the upgrade process is running on the first-stage node, the remaining nodes (second-stage nodes) continue serving clients. Once the first-stage node has been upgraded, the upgrade process stops the services/resources on the remaining nodes, and reboots the first-stage node (complete cluster shutdown). When the first-stage node comes up, the phased upgrade starts the patch upgrade process on the remaining nodes. After completion of the patch upgrade on the remaining nodes, all services/resources are online and serving clients. In the case of a phased upgrade, you will be prompted with a message such as the following:
Applying this patch requires reboot of cluster node(s) and uses a phased upgrade mechanism. In phased upgrade method, the patch will be applied on one of the cluster nodes in first phase and then on rest of the nodes in second phase. There will be a downtime of service between these two phases. Do you want to continue with phased installation of this patch? [y|n]
Also, in the case if a phased upgrade fails, the patch synchronization process will not bring a node back to the same level as for the console node. Failed nodes should be added back to the cluster using a PXE installation.
470
Note: FileStore does not support rollback if the patch upgrades any RPMs.
Installing patches
To install the latest patches on your system
For example, you can download a DUD ISO from an HTTP server with authentication and install it. The following output shows the update of the driver update image (on all of the nodes present in the cluster) with the tg3 driver of version 3.71b and the megaraid-sas.ko driver of version 00.00.03.16.
http://admin@docserver.symantec.com/DRIVER_UPDATES/SFS_DUD.iso tg3.ko:3.71b,megaraid_sas.ko:00.00.03.16 Enter password for user 'admin': ********** Please wait. Upgrade is in progress... Patch upgraded on all nodes of cluster.
URL
The URL of the location from where you can download the software patch. The URL supports HTTP, FTP, and SCP protocols for download. The username and password for the HTTP and FTP protocols are supported.
471
driver_list
An optional variable that you can use for DUD upgrades. Enter a list of comma-separated [drivername:versionnumber] pairs when you want to apply the DUD upgrade. You can exit the patch DUD upgrade process by entering no/no at the prompt. For example: Upgrade> patch install scp:// support@10.209.106.101:/home/support/SFS.iso Enter password for user 'support':******** No input driver given... List of drivers present in DUD:: Drivername:Versionnumber ************************** e1000.ko:7.6.9.1 tg3.ko:3.71b megaraid_sas.ko:00.00.03.16 Please enter driver list you want to add [Enter "No" to exit from here]:: no Sorry...Patch driverupgrade process is terminated by you. The following is an example driver name: tg3.ko
Uninstalling patches
To uninstall patches
where version specifies the versions of software up to the version that you want to uninstall. For example:
Upgrade> patch uninstall-upto 5.5RP1 OK Completed
472
where nodename specifies the node that needs to be synchronized to the same software version as the one currently installed in the cluster. For example:
Upgrade> patch sync node2 ............... Syncing software upgrades on node2... SFS patch SUCCESS V-288-122 Patch sync completed.
473
You will be asked to confirm the uninstallation of the drivers. For example:
Upgrade> patch duduninstall patch duduninstall DUD updated with following drivers :: ===================================== tg3.ko:3.71b megaraid_sas.ko:00.00.03.16 Do you really want to continue with uninstallation [Enter "y/yes" to continue]:: y Uninstalling DUD... DUD uninstall completed successfully.
474
Chapter
17
About Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore licensing About Symantec AntiVirus for FileStore commands Displaying Symantec AntiVirus for FileStore configurations About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster Configuring Symantec AntiVirus for FileStore on the cluster's nodes About configuring Auto-Protect on FileStore file systems Configuring Auto-Protect on FileStore file systems About excluding file extensions Configuring file extensions for the Symantec AntiVirus for FileStore configuration file About Symantec AntiVirus for FileStore LiveUpdate Using Symantec AntiVirus for FileStore with LiveUpdate About using Symantec AntiVirus for FileStore quarantine commands Using Symantec AntiVirus for FileStore quarantine commands Setting the Symantec AntiVirus for FileStore action policy
476
Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore
About using Symantec AntiVirus for FileStore manual scan commands Using Symantec AntiVirus for FileStore manual scan commands About scheduling a Symantec AntiVirus for FileStore scan job Scheduling a Symantec AntiVirus for FileStore scan job
Auto-Protect (AP) scan - protects files and file systems as they are accessed (when a file is opened, modified, or executed) You can use the Auto-Protect method to conduct client access on-demand scanning of NFS, CIFS, or other protocols within FileStore. Symantec AntiVirus for FileStore provides support for the Auto-Protect method through use of the autoprotect commands. See About configuring Auto-Protect on FileStore file systems on page 481. Scheduled scan - scans file systems for viruses when requested or at scheduled intervals You can use the Scheduled scan method to have automated scans occur at regular times, or to manually scan file systems on an as-needed basis. Symantec AntiVirus for FileStore provides support for Scheduled scans through use of the job and scan commands. See About scheduling a Symantec AntiVirus for FileStore scan job on page 496. See About using Symantec AntiVirus for FileStore manual scan commands on page 494.
Note: Symantec AntiVirus for FileStore is based on Symantec Endpoint Protection technology and is an optional component of the FileStore product. Symantec AntiVirus for FileStore requires you to have a valid Symantec Endpoint Protection maintenance agreement in order for the product feature to be licensed correctly.
Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore licensing
477
Figure 17-1
2. Symantec AntiVirus for FileStore scans the file. 3. If a virus is found, Symantec AntiVirus for FileStore reacts based on the policies.
Client
1.
The client attempts to access a file from the share. A file becomes a candidate for scanning when it is accessed. If Auto-Protect (AP) is enabled on the share, Symantec AntiVirus for FileStore verifies if the file needs to be scanned or not based on parameters, such as file extensions. If Auto-Protect is not enabled on that share, it allows you to access the file without Symantec AntiVirus for FileStore intervention. If the file is a candidate to be scanned, Symantec AntiVirus for FileStore scans the file and takes the specified action, such as delete, quarantine, or clean, based on the indicated scan action policies. Based on the scan results, you are allowed or denied access to the file.
2.
3.
4.
478
Using Symantec AntiVirus for FileStore Displaying Symantec AntiVirus for FileStore configurations
job liveupdate
quarantine
scan scanaction
service
show
Using Symantec AntiVirus for FileStore About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
479
To display Symantec AntiVirus for FileStore logs configuration details, enter the following:
Antivirus> show logs [number_of_jobs]
where number_of_jobs is the number of scan jobs. You can enter a 0 to display all scan logs. For example:
Antivirus> show logs 2 JOB NAME -------MANUALSCAN job1 FS NAME ------fs1 fs1 SCAN START TIME ------------------2009/06/04 04:03:02 2009/06/03 05:12:01 NODE NAME --------cluster_01 cluster_02 SCAN END TIME -----------------2009/06/02 04:08:03 2009/06/03 05:22:02 TIME TO SCAN -----------5 Mins 10 Mins TOTAL THREATS ------------0 3
THREAT NAME ---------------------EICAR Test String EICAR Test String Quarantine succeeded. EICAR Test String
FILE NAME ACTION TAKEN --------------------------------------/vx/fs1/eicar.com Quarantine succeeded. /vx/fs1/eicarcom2.zip>>eicar_com.zip>>eicar.com /vx/fs1/eicarcom2.zip /vx/fs1/eicar.com.txt Quarantine succeeded. Quarantine succeeded.
About configuring Symantec AntiVirus for FileStore on all the nodes in the cluster
The service command enables, disables, or displays status for the Symantec AntiVirus for FileStore service on all of the nodes in the cluster.
480
Using Symantec AntiVirus for FileStore Configuring Symantec AntiVirus for FileStore on the cluster's nodes
Table 17-2
Command
service start
service stop
Stops Symantec AntiVirus for FileStore on all of the nodes in the cluster. See Configuring Symantec AntiVirus for FileStore on the cluster's nodes on page 480.
service status
Displays the status of the Symantec AntiVirus for FileStore service on each node. See Configuring Symantec AntiVirus for FileStore on the cluster's nodes on page 480.
To start Symantec AntiVirus for FileStore on all of the nodes in a cluster, enter the following:
Antivirus> service start
By default, the Symantec AntiVirus for FileStore service will be offline. If the Symantec AntiVirus for FileStore service is already started, Symantec AntiVirus for FileStore clears the faults (if any), and then tries to start the Symantec AntiVirus for FileStore service. For example:
Antivirus> service start
Using Symantec AntiVirus for FileStore About configuring Auto-Protect on FileStore file systems
481
To stop Symantec AntiVirus for FileStore on all nodes in a cluster, enter the following:
Antivirus> service stop
You will receive an error if you try to stop an already stopped Symantec AntiVirus for FileStore service. For example:
Antivirus> service stop
To display Symantec AntiVirus for FileStore status on all nodes in the cluster
To display the status of the Symantec AntiVirus for FileStore service on all the nodes in the cluster, enter the following:
Antivirus> service status
For example:
Antivirus> service status
autoprotect enable Enables Auto-Protect on a specified file system(s) or all of the file systems. See Configuring Auto-Protect on FileStore file systems on page 482. autoprotect disable Disables Auto-Protect on a specified file system(s) or all of the file systems. See Configuring Auto-Protect on FileStore file systems on page 482.
482
Using Symantec AntiVirus for FileStore Configuring Auto-Protect on FileStore file systems
To enable automatic antivirus protection on individual file systems, enter the following:
Antivirus> autoprotect enable fs_name1,fs_name2
where fs_name1 and fs_name2 are the names of the file systems. For example, to enable Auto-Protect on specified file systems, enter the following:
Antivirus> autoprotect enable fs1,fs2
By default, Auto-Protect is disabled on newly created file systems. If you issue the autoprotect enable command without any options, Auto-Protect is enabled on all the file systems in the cluster. For example, to enable Auto-Protect on all the file systems in the cluster, enter the following:
Antivirus> autoprotect enable
where fs_name1 and fs_name2 are the names of the file systems for which Auto-Protect should be disabled. For example:
Antivirus> autoprotect disable fs1,fs2
Using Symantec AntiVirus for FileStore Configuring file extensions for the Symantec AntiVirus for FileStore configuration file
483
excludeextension delete
Deletes files extensions from the Symantec AntiVirus for FileStore configuration file. After the files are deleted from the configuration file, they are scanned by the Symantec AntiVirus for FileStore software. See Configuring file extensions for the Symantec AntiVirus for FileStore configuration file on page 483.
excludeextension list
Displays the list of file extensions currently in the Symantec AntiVirus for FileStore configuration file. See Configuring file extensions for the Symantec AntiVirus for FileStore configuration file on page 483.
Configuring file extensions for the Symantec AntiVirus for FileStore configuration file
To add file extensions to the Symantec AntiVirus for FileStore configuration file
To add file extensions to the Symantec AntiVirus for FileStore configuration file and eliminate the files from being scanned, enter the following:
Antivirus> excludeextension add file_extension1,file_extension2
where file_extension1,file_extension2 are the names of the file extensions you want to add to the Symantec AntiVirus for FileStore configuration file. For example:
Antivirus> excludeextension add txt,DOC SFS antivirus SUCCESS V-288-1128 File extension txt,DOC added
484
Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore LiveUpdate
To delete file extensions from the Symantec AntiVirus for FileStore configuration file
To delete file extensions from the Symantec AntiVirus for FileStore configuration file and include the files in the Symantec AntiVirus for FileStore scan, enter the following:
Antivirus> excludeextension delete file_extension1,file_extension2
where file_extension1,file_extension2 are the names of the file extensions you want to delete from the Symantec AntiVirus for FileStore configuration file. For example:
Antivirus> excludeextension delete txt SFS antivirus SUCCESS V-288-1128 File extension txt deleted
To display the list of file extensions in the Symantec AntiVirus for FileStore configuration file
To display the list of file extensions in the Symantec AntiVirus for FileStore configuration file, enter the following:
Antivirus> excludeextension list
For example:
Antivirus> excludeextension list Parameter ---------------------------------File excluded extension list
Value ----DOC
Using Symantec AntiVirus for FileStore About Symantec AntiVirus for FileStore LiveUpdate
485
liveupdate start
Runs a LiveUpdate of the virus definitions immediately. See Using Symantec AntiVirus for FileStore with LiveUpdate on page 486.
Creates a schedule for the LiveUpdate. See Using Symantec AntiVirus for FileStore with LiveUpdate on page 486. Modifies a schedule for the LiveUpdate. See Using Symantec AntiVirus for FileStore with LiveUpdate on page 486. Deletes the schedule of the LiveUpdate. See Using Symantec AntiVirus for FileStore with LiveUpdate on page 486. Displays the LiveUpdate schedule. See Using Symantec AntiVirus for FileStore with LiveUpdate on page 486.
486
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
To add the LiveUpdate servers to Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate serveradd url
where url is either an HTTP, FTP, or proxy server URL. For example:
Antivirus> liveupdate server add http://sample.com SFS antivirus SUCCESS V-288-1263 Server added to liveupdate server database.
The master node assigns a server ID to the given input. You can add a maximum of 10 servers and 1 proxy server to the LiveUpdate server list. To delete the server or proxy from the LiveUpdate servers list
To delete the server or proxy from the LiveUpdate servers list, enter the following:
Antivirus> liveupdate serverdelete serverid | proxy serverid Specifies the ID of the server to be deleted from the LiveUpdate server list. Specifies the proxy server to be deleted from the LiveUpdate server list.
proxy
For example, this command deletes the proxy server from the LiveUpdate servers list, if the proxy server exists.
Antivirus> liveupdate serverdelete proxy SFS antivirus SUCCESS V-288-1274 Successfully proxy server deleted from liveupdate server database.
For example, this command deletes the server associated with server ID 3.
Antivirus> liveupdate serverdelete 3 SFS antivirus SUCCESS V-288-1278 Successfully server with id 3 deleted from liveupdate server database.
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
487
To immediately run LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate start
488
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
To create a schedule for LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate schedule create minute hour day_of_the_month month day_of_the_week minute Specifies the minutes for the LiveUpdate. This field may contain either an asterisk '*', which implies 'every minute' or a numeric value between the range of 0-59. hour Specifies the hour for the LiveUpdate. This field may contain either an asterisk '*', which implies running every hour, or a numeric value between the range of 0-23. day_of_the_month Specifies the day of the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the month, or a numeric value between the range of 1-31. month Specifies the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every month, or a numeric value between the range of 1-12. In addition to the numeric values, this field can also accept names of month as an argument, with the first three letters of the month (case-insensitive) serving as input for the given parameter. day_of_the_week Specifies the day of the week for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the week, or a numeric value between the range of 0-7, with both 0 and 7 being interpreted as Sunday by crontab. In addition, this parameter can also accept names, with the first three letters of the month (case-insensitive) serving as an input value.
You can only create one LiveUpdate schedule. For example, this command invokes LiveUpdate every Monday.
Antivirus> liveupdate schedule create * * * * 1 SFS antivirus SUCCESS V-288-1255 Scheduled liveupdate successfully created
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore with LiveUpdate
489
To modify a schedule for LiveUpdate on Symantec AntiVirus for FileStore, enter the following:
Antivirus> liveupdate schedule modify minute hour day_of_the_month month day_of_the_week minute Modify the minutes for the LiveUpdate. This field may contain either an asterisk '*', which implies 'every minute' or a numeric value between the range of 0-59. hour Modify the hour for the LiveUpdate. This field may contain either an asterisk '*', which implies running every hour, or a numeric value between the range of 0-23. day_of_the_month Modify the day of the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the month, or a numeric value between the range of 1-31. month Modify the month for the LiveUpdate. This field may contain either an asterisk '*', which implies running every month, or a numeric value between the range of 1-12. In addition to the numeric values, this field can also accept names of month as an argument, with the first three letters of the month (case-insensitive) serving as input for the given parameter. day_of_the_week Modify the day of the week for the LiveUpdate. This field may contain either an asterisk '*', which implies running every day of the week, or a numeric value between the range of 0-7, with both 0 and 7 being interpreted as Sunday by crontab. In addition, this parameter can also accept names, with the first three letters of the month (case-insensitive) serving as an input value.
490
Using Symantec AntiVirus for FileStore About using Symantec AntiVirus for FileStore quarantine commands
quarantine delete
Deletes the quarantined files. See Using Symantec AntiVirus for FileStore quarantine commands on page 491.
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore quarantine commands
491
quarantine restore Restores quarantined files. See Using Symantec AntiVirus for FileStore quarantine commands on page 491. quarantine info Displays information about quarantined files. See Using Symantec AntiVirus for FileStore quarantine commands on page 491.
To list all of the files that have been quarantined, enter the following:
Antivirus> quarantine list
For example:
Antivirus> quarantine list QID Quarantine file ----------------sfs_01_5BA00000 /vx/fs2/eicar.com sfs_01_5BA00001 /vx/fs1/eicarcom2.zip sfs_02_5BA00002 /vx/fs1/eicar.com.txt
Each quarantined file is associated with an ID. Each node stores quarantined files locally. If any node is removed from a cluster, quarantined files on that node are lost. For example:
sfs_01_5BA00000 is the ID of the /vx/fs2/eicar.com quarantined file.
492
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore quarantine commands
where id is the specified quarantined file to be deleted. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are deleted. For example:
Antivirus> quarantine delete sfs_01_5BA00000 Please wait ... It will take some time ... SFS antivirus SUCCESS V-288-1108 Done
where id is the specified quarantined file to be repaired. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are repaired. For example:
Antivirus> quarantine repair sfs_01_5BA00000, sfs_02_6BA00000 Please wait ... It will take some time ... SFS antivirus SUCCESS V-288-1108 Done
where id is the specified quarantined file to be restored. Each quarantined file has an ID. If no ID is entered, all of the quarantined files are restored. For example:
Antivirus> quarantine restore sfs_01_5BA00000, sfs_01_6BA00000
Using Symantec AntiVirus for FileStore Setting the Symantec AntiVirus for FileStore action policy
493
where id is the specified file you want information about. For example:
Antivirus> quarantine info sfs_01_5BA00000 Item: 5BA00000 Description: /vx/fs1/eicar.com Full Path: /vx/fs1/eicar.com Log Line: 270502050402,5,1,1,sfs_01,root,EICAR Test String, /vx/fs1/eicar.com,1,5,1,256,33570852,"",1243933471,, Flags: INFECTED Quarantined: Tue Jun 2 05:04:02 2009 Created: Tue Jun 2 05:04:02 2009 Last Accessed: Tue Jun 2 05:04:02 2009 Last Modified: Tue Jun 2 05:02:47 2009
494
Using Symantec AntiVirus for FileStore About using Symantec AntiVirus for FileStore manual scan commands
To set the Symantec AntiVirus for FileStore action policy, so that Symantec AntiVirus for FileStore reacts when a virus is detected in a file, enter the following:
Antivirus> scanaction primary_action secondary_action
where primary_action secondary_action are the names of the policies you want the Symantec AntiVirus for FileStore policy to take action on. These polices are:
delete quarantine Deletes the virus-infected file if a virus is found. Quarantines the virus-infected file if a virus is found. Quarantined files are stored on local storage. Attempts to clean the virus from the file if a virus is found. Leaves the virus-infected file as is. Symantec AntiVirus for FileStore does not take any action if a virus is found.
clean leave
For example, if Symantec AntiVirus for FileStore detects a virus in a file, Symantec AntiVirus for FileStore first tries to clean the virus from the infected file (primary_action). If the clean action fails, Symantec AntiVirus for FileStore quarantines the infected file (secondary_action).
Antivirus> scanaction clean quarantine SFS antivirus SUCCESS V-288-1050 Antivirus configuration updated with given scan actions.
Using Symantec AntiVirus for FileStore Using Symantec AntiVirus for FileStore manual scan commands
495
Table 17-7
Command
scan status
scan stop
Stops the manual scan. See Using Symantec AntiVirus for FileStore manual scan commands on page 495.
To start the manual scan on the specified file systems on the preferred node, enter the following:
Antivirus> scan start fs_name1,fs_name2 [preferred_node]
where fs_name1,fs_name2, preferred_node are the file system names for performing a manual scan. If a preferred_node is not specified, the master node determines the node for running the scan. For example:
Antivirus> scan start fs1,fs2,fs3 SFS antivirus SUCCESS V-288-1187 Manual scan started on fs1,fs2,fs3.
496
Using Symantec AntiVirus for FileStore About scheduling a Symantec AntiVirus for FileStore scan job
To display the manual scan status (if the scan is in progress or done), enter the following:
Antivirus> scan status
For example:
Antivirus> scan status SFS antivirus SUCCESS V-288-1185 Manual scan is in progress on fs1,fs2,fs3.
To stop the manual scan if there are any manual scans running in the background, enter the following:
Antivirus> scan stop
For example:
Antivirus> scan stop SFS antivirus SUCCESS V-288-1188 Manual scan stopped successfully.
job modify
Modifies the schedule for a scan that is identified by the job_name. See Scheduling a Symantec AntiVirus for FileStore scan job on page 498.
Using Symantec AntiVirus for FileStore About scheduling a Symantec AntiVirus for FileStore scan job
497
job disable
Disables the given job_name scan schedule. See Scheduling a Symantec AntiVirus for FileStore scan job on page 498.
job show
Displays information about the given job_name. See Scheduling a Symantec AntiVirus for FileStore scan job on page 498.
job stop
Stops the given job_name from running. See Scheduling a Symantec AntiVirus for FileStore scan job on page 498.
job delete
Deletes the given job_name. See Scheduling a Symantec AntiVirus for FileStore scan job on page 498.
498
Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
To create a schedule for running a scan job identified by the assigned job name, enter the following:
Antivirus> job create job_name fs_name1,fs_name2 minute hour day_of_the_month month day_of_the_week [preferred_node] job_name fs_name minute hour day_of_the_month month day_of_the_week preferred_node (optional) Enter a unique job name for the scan. Enter the name of the file system you want to scan. Enter the minutes for scheduling the scan. Enter the hour for scheduling the scan. Enter the day of the month for scheduling the scan. Enter the month for scheduling the scan. Enter the day of the week for scheduling the scan. Enter the preferred node for running the scan job. If no node name appears, the master node selects a node from the cluster and assigns the scheduled scan on that node.
For example, to create a schedule for scanning the file systems fs1 and fs2 every Sunday, you would enter the following:
Antivirus> job create job1 fs1,fs2 0 0 * * 0 SFS antivirus SUCCESS V-288-1169 Job job1 successfully created
Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
499
For example, to modify job1 for scanning the file system fs3 on the sfs_02 node on the first day of every month, you would enter the following:
Antivirus> job modify job1 fs3 0 0 1 * * sfs_02 SFS antivirus SUCCESS V-288-1168 Job job1 modified.
where job_name is the unique name for the scan. For example:
Antivirus> job enable job1 SFS antivirus SUCCESS V-288-1168 Job job1 enabled.
500
Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
where job_name is the unique name for the scan. For example:
Antivirus> job disable job1 SFS antivirus SUCCESS V-288-1168 Job job1 disabled.
To display information about the scheduled scan job, enter the following:
Antivirus> job show job_name
where job_name is the unique name for the scan. For example:
Antivirus> job show job1 Jobname FS State ======= == ===== job1 fs1 DISABLED Preferrednode ============= *
Minute Hour Day Month Week ====== ==== ==== ===== ===== * * * *
where job_name is the unique name for the scan. For example:
Antivirus> job stop job1 SFS antivirus ERROR V-288-1042 job1 job is not running.
Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
501
where job_name is the unique name for the scan. For example:
Antivirus> job delete job1 SFS antivirus SUCCESS V-288-1167 Job job1 deleted.
502
Using Symantec AntiVirus for FileStore Scheduling a Symantec AntiVirus for FileStore scan job
Chapter
18
Troubleshooting
This chapter includes the following topics:
About troubleshooting commands Setting the CIFS log level Retrieving and sending debugging information Updating FileStore GUI-related operations About the iostat command Generating CPU and device utilization reports Displaying license information for the cluster About excluding the PCI ID prior to the FileStore installation Excluding the PCI IDs from the cluster Testing network connectivity About the services command Using the services command Using the support login About network traffic details Exporting and displaying the network traffic details Accessing processor activity Using the traceroute command Recovering from a non-graceful shutdown
504
gui
Updates FileStore GUI-related operations. See Updating FileStore GUI-related operations on page 507.
iostat
Generates CPU statistical information. Generates the device utilization report. See About the iostat command on page 507.
license
Displays the licensing information for the cluster. The licensing information includes the total count of CPUs in the cluster and the type of edition (Enterprise edition or Standard edition) that the cluster is running. See Displaying license information for the cluster on page 509.
pciexclusion
Excludes the Peripheral Component Interconnect (PCI) IDs from the nodes in a cluster prior to installing the FileStore software. The PCI IDs must be excluded prior to the PXE boot. See About excluding the PCI ID prior to the FileStore installation on page 510.
network> ping
Tests whether a particular host or gateway is reachable across an IP network. See Testing network connectivity on page 513.
505
support login
Reports FileStore technical support issues. See Using the support login on page 517.
tethereal
Exports the network traffic details to the specified location. Displays captured packet data from a live network. See About network traffic details on page 517.
top
Displays the dynamic real-time view of currently running tasks. See Accessing processor activity on page 519.
traceroute
Displays all of the intermediate nodes on a route between two nodes. See Using the traceroute command on page 520.
To set the CIFS-related log level for the FileStore cluster, enter the following:
Support> debuginfo setlog loglevel
A valid loglevel ranges from 0 to 10, 10 being the most detailed log level. It is recommended to increase the CIFS log level, reproduce the CIFS issue, and then upload debugging information for the CIFS issue. The default log level is 2. For example, to set the CIFS log level to 10 for the FileStore cluster:
Support> debuginfo setlog 10
506
To upload debugging information from a specified node to an external server, enter the following:
Support> debuginfo upload nodename debug-URL module
debug-URL
module
Specifies the values for module. Supported module values are the following:
generic - use to collect Symantec FileStore configurations cifs - use to collect CIFS-related debugging information all - use to collect all information for debugging
507
https://<CONSOLE-IP>:8443/sm https://<CONSOLE-IP>:8443/sm/Login
To start, stop, or display the status for the FileStore GUI, enter the following depending on which action you are performing:
Support> gui server [start|stop|status]
The rescan command rescans the database for the FileStore GUI; it generates the fresh database and updates all the changes in the cluster. To refresh the FileStore GUI database
The refresh command only updates the latest changes in the database. It will not recreate the database file.
508
iostat device
Generates the device utilization report. This information can be used to balance the load among the physical disks by modifying the system configuration. When this command is executed for the first time, it contains information since the system was booted. Each subsequent report shows the details since the last report. There are two options for this command. See Generating CPU and device utilization reports on page 508.
interval
count
where the nodename option asks for the name of the node from where the report will be generated. The default is console for the FileStore Management Console. For example, to generate the CPU utilization report of the console node, enter the following:
Support> iostat cpu sfs_01 Linux 2.6.16.60-0.21-smp (sfs_01) avg-cpu: %user 1.86 %nice 0.07 %system 4.53
509
dataunit
interval
count
For example, to generate a device utilization report of a node, enter the following:
Support> iostat device sfs_01 Blk Linux 2.6.16.60-0.21-smp (sfs_01) Device: hda sda hdc tps 4.82 1.95 0.00 Blk_read/s 97.81 16.83 0.01
Enterprise Edition - The Enterprise Edition of FileStore uses per CPU licenses. Users require as many licenses as there are CPUs in the cluster. Standard Edition - The Standard Edition of FileStore is licensed for a maximum of two CPUs per cluster.
510
For example:
Support> license show There are 4 CPUs in this 2 node FileStore cluster. You are running the Enterprise Edition of FileStore and are using 4 per CPU licenses.
pciexclusion show Displays the list of PCI IDs that have been excluded during the initial FileStore installation. The status of the PCI IDs is designated by a y (yes) or n (no). The yes option means they have been excluded. The no option means they have not yet been excluded. See Excluding the PCI IDs from the cluster on page 511. pciexclusion add Allows you to add specific PCI IDs for exclusion. You must enter the values in this command before the PXE boot installation for the PCI IDs to be excluded from the second node installation. See Excluding the PCI IDs from the cluster on page 511.
511
pciexclusion delete Deletes a specified PCI ID from being excluded. You must perform this command prior to a PXE boot installation. See Excluding the PCI IDs from the cluster on page 511.
To display the list of PCI IDs that you excluded during the FileStore installation, enter the following:
Support> pciexclusion show PCI ID -----0000:0e:00.0 0000:0e:00.0 0000:04:00:1 PCI ID EXCLUDED -------y y n NODENAME/UUID ------------sfs_01 a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820
The PCI IDs you entered to be excluded during the initial FileStore installation. The PCI ID is made up of the following: [ [<domain>] : ] [ [ <bus> ] : ] [ <slot > ] [ . [ <func> ] ]
EXCLUDED
(y) means the PCI ID has been excluded. (n) means the PCI ID has not been excluded.
NODENAME UUID
The node names corresponding to the PCI IDs. The ID of the node which is in the installed state but not yet added into the cluster.
512
where pci_list is a comma-separated list of PCI IDs. The format of the PCI ID is in hexadecimal bits (XXXX:XX:XX.X). For example:
Support> pciexclusion add 0000:00:09.8 Support> pciexclusion show PCI ID EXCLUDED NODENAME/UUID ------------------------0000:0e:00.0 y sfs_01 0000:0e:00.0 y a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820 0000:04:00:1 n 0000:00:09.0 n
To delete a PCI ID
where pci is the PCI ID in hexadecimal bits. For example: XXXX:XX:XX.X. This command must be used prior to performing a PXE boot installation to take effect. You can only delete a PCI ID exclusion that was not already used on any of the nodes in the cluster. In the following example, you cannot delete PCI IDs with the NODENAME/UUID sfs_1 or a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820. For example:
Support> pciexclusion delete 0000:04:00:1 Support> pciexclusion show PCI ID EXCLUDED NODENAME/UUID ------------------------0000:0e:00.0 y sfs_01 0000:0e:00.0 y a79a7f43-9fe2-4eeb-aa1f-27a70e7a0820 0000:00:09.0 n
513
devicename
packets
NFS server
514
CIFS server FTP HTTP GUI Console service Backup NIC information FS manager IP addresses Symantec AntiVirus for FileStore Services commands Definition
Attempts to fix any service that is offline or faulted, running on all of the nodes in the cluster. See Using the services command on page 515.
services online
Fixes a specific service. Enter the servicename and this option will attempt to bring the service back online. If the servicename is already online, no action is taken. If the servername is a parallel service, an attempt is made to online the service on all nodes. If the servicename is a failover service, an attempt is made to online the service on any of the running nodes of the cluster. See Using the services command on page 515.
services show
Lists the state of all of the services. The state of the IPs and file systems are only shown if they are not online. See Using the services command on page 515.
services showall
Lists the state of all of the services including the state of the IPs and the file systems. See Using the services command on page 515.
515
To display the important services running on the nodes, enter the following:
Support> services show Service ------nfs cifs ftp http iSCSIInitiator gui console nic_pubeth0 nic_pubeth1 fs_manager antivirus sfs 01 02 -------- -------ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE OFFLINE OFFLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE ONLINE
516
To display all of the services running on the nodes, enter the following:
Support> services showall sfs Service 01 02 -------------- -------nfs ONLINE ONLINE cifs ONLINE ONLINE ftp ONLINE ONLINE http ONLINE ONLINE iSCSIInitiator OFFLINE OFFLINE console ONLINE ONLINE gui ONLINE ONLINE nic_pubeth0 ONLINE ONLINE nic_pubeth1 ONLINE ONLINE fs_manager ONLINE ONLINE 10.182.107.201 ONLINE ONLINE 10.182.107.202 ONLINE ONLINE 10.182.107.203 ONLINE ONLINE 10.182.107.204 ONLINE ONLINE /vx/fs1 ONLINE ONLINE antivirus ONLINE ONLINE
where servicename is the name of the service you want to bring online. For example:
Support> services online 10.182.107.203
517
For example,
login as: support Password: Last login: Fri Dec 14 12:09:49 2007 from 172.16.113.118 sfs_01:~ #
After having logged in as the support account, it is recommended that you change your password. See Creating Master, System Administrator, and Storage Administrator users on page 42.
To use the supportuser commands refer to: See About the support user on page 45.
518
nodename
interface count
For example, to export the network traffic details, enter the following:
Support> tethereal export scp://user1@172.31.168.140:/ Password: ******* Capturing on pubeth0 ... Uploading network traffic details to scp://user1@172.31.168.140:/ is completed.
519
interface count
For example, the traffic details for five packets, for the Management Console on the pubeth0 interface are:
Support> tethereal show 0.000000 172.31.168.140 0.000276 10.209.105.147 0.000473 10.209.105.147 packet len=112 0.000492 10.209.105.147 packet len=112 sfs_01 pubeth0 5 172.31.168.140 -> 10.209.105.147 ICMP Echo (ping) request -> 172.31.168.140 ICMP Echo (ping) reply -> 172.31.168.140 SSH Encrypted response -> 172.31.168.140 SSH Encrypted response
520
iterations
delay
For example, to show the dynamic real-time view of tasks running on the node sfs_01, enter the following:
Support> top sfs_01 1 1 top - 16:28:27 up 1 day, 3:32, 4 users, load average: 1.00, 1.00, 1.00 Tasks: 336 total, 1 running, 335 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1% us, 0.1% sy, 0.0% ni, 99.7% id, 0.0% wa, 0.0% hi, 0.0% si Mem: 16405964k total, 1110288k used, 15295676k free, 183908k buffers Swap: 1052248k total, 0k used, 1052248k free, 344468k cached PID 6314 1 USER root root PR 15 16 NI 0 0 VIRT 5340 640 RES 1296 260 SHR 792 216 S R S %CPU 3.9 0.0 %MEM 0.0 0.0 TIME+ 0:00.02 0:04.86 COMMAND top init
521
source
maxttl
For example, to trace the route to the network host, enter the following:
Support> traceroute www.symantec.com sfs_01 10 traceroute to www.symantec.com (8.14.104.56), 10 hops max, 40 byte packets 1 10.209.104.2 0.337 ms 0.263 ms 0.252 ms 2 10.209.186.14 0.370 ms 0.340 ms 0.326 ms 3 puna-spi-core-b02-vlan105hsrp.net.symantec.com (143.127.185.130) 0.713 ms 0.525 ms 0.533 ms 4 143.127.185.197 0.712 ms 0.550 ms 0.564 ms 5 10.212.252.50 0.696 ms 0.600 ms 78.719 ms
522
To recover a node
1 2
Use the master account to log in to FileStore. Delete the failed node from the cluster. To delete the node, enter the following:
Cluster> delete nodename
Enter y to confirm the deletion. After the node is deleted, you can use the PXE boot utility to re-install FileStore software on the node.
While you are physically at the node you want to recover, power it up and press F12 (or an equivalent key) to initiate a network boot. The FileStore software automatically installs on the node. For more information, see "Installing FileStore on a preconfigured node" in the Symantec FileStore Installation Guide.
Glossary
CFS (cluster file system) A file system that can be simultaneously mounted on multiple nodes. CFS is used
and other network utilities. The Scalable File Server supports CIFS file sharing. A virtual IP address that is configured for administrative access to the Scalable File Server cluster management console. Three or more LUNs designated to function as part of the I/O fencing mechanism of the Scalable File Server. Coordinator disks cannot be used to store user data. database API. Combined Enterprise Vault and FileStore feature to support for both WORM (write once, read many) and non-WORM archives. DAR-enabled file systems are protected against accidental or deliberate file removal and tampering. data connection in NDMP is either an NDMP interprocess communication mechanism (for local operations) or a TCP/IP connection (for 3-way operations).
coordinator disks
CTDB (Clustered Trivial A cluster implementation of the TDB (Trivial database) based on the Berkeley Database) DAR (Data Archive and Retention)
data connection (NDMP) The connection between the two NDMP servers that carry the data stream. The
An NDMP service that transfers data between primary storage and the data connection. A unidirectional byte stream of data that flows over a data connection between two peer NDMP services in an NDMP session. For example, in a backup, the data stream is generated by the data service and consumed by the tape service. The data stream can be backup data, recovered data, etc. An application that controls the NDMP session. In NDMP there is a master-slave relationship. The data management application is the session master; the NDMP services are the slaves. In NDMP versions 1, 2, and 3 the term "NDMP client" is used instead of data management application. A node that contains the authoritative copy of a TDB (Trivial database) record. An enhancement technique that provides the load balancing and path failover to disks that are connected to the Scalable File Server cluster nodes.
524
Glossary
A feature that allows the files and directories to be automatically and seamlessly transferred to different types of storage technology that may originate from different hardware vendors. An ISO image or media that contains one or more additional drivers that are needed to install the Scalable File Server on specific hardware, if the base Scalable File Server installer did not include the necessary drivers. The capability to have the service of a failed computer resource made available automatically with little or no interruption. With the Scalable File Server configured as a cluster, the services provided by any failed node are automatically provided by the remainder of functioning nodes. A file system quota for inode and block consumption that can be established for individual users or groups. When the hard limit is reached no further inodes or blocks can be allocated. An optional Scalable File Server feature that configures a specific group of LUNs with (to have) an additional layer of data protection. This extra protection prevents data loss from occurring in the rare case that the redundant cluster interconnect and public low-priority interconnect fails. A NetBackup server that provides storage within a master and a media server cluster. See also NetBackup. A file system that is constructed and managed by a technique for automatically maintaining one or more copies of the file system, using separate underlying storage for each copy. If a storage failure occurs, then access is maintained through the remaining accessible mirrors. data access to network-capable clients. An open standard protocol that is used to control the data backup and the recovery communications between primary and secondary storage in a heterogeneous network environment. NDMP specifies a common architecture for the backup of network file servers. It enables the creation of a common agent which a centralized program can use to back up the data on file servers that run on different platforms. An application that controls the NDMP session. See also data management application. The host computer system that executes the NDMP server application. Data is backed up from the NDMP host to either a local tape drive or to a backup device on a remote NDMP host. An instance of one or more distinct NDMP services controlled by a single NDMP control connection. Thus a data/tape/SCSI server is an NDMP server providing data, tape, or SCSI services.
failover
hard limit
I/O fencing
media server
NAS (Network Attached A file-level computer data storage that is connected to a network that provides Storage) NDMP (Network Data Management Protocol)
NDMP client
NDMP host
NDMP server
Glossary
525
NDMP service
The state computer on the NDMP host accessed with the Internet protocol and controlled using the NDMP protocol. This term is used independently of implementation. The three types of NDMP services are: data service, tape service, and SCSI service. The configuration of one data management application and two NDMP services to perform a data management operation such as a backup or a recovery. A Veritas software product that backs up, archives, and restores files, directories, or raw partitions that reside on a client system. A protocol that lets the user on a client computer access files over a network. To the client's applications the files appear as if they resided on one of the local devices. A feature that lets a customer use the Network File System (NFS) advisory client locking feature in parallel with core Cluster File System (CFS) global lock management. An NFS sharing option. Does not map requests from the UID 0. This option is on by default. A protocol for synchronizing computer system clocks over packet-switched, variable-latency data networks. A file-locking mechanism that is designed to improve performance by controlling the caching of files on the client. An internal IP network that is used by the Scalable File Server to facilitate communications between the Scalable File Server server nodes. available data storage devices (such as hard disks) or installed operating systems. A node that contains fcntl-locks on distributed file systems and initiates the recovery process. A technique in which a DNS server, not a dedicated computer, performs the load balancing. An open-source implementation of the SMB file sharing protocol. It provides file and print services to SMB/CIFS clients. A specification of a file system or proper subset of a file system, which supports shared access to a file system through an NFS or CIFS server. The specification defines the folder or directory that represents the file system along with access characteristics and limitations. A point-in-time image or replica of a file system that looks identical to the file system from which the snapshot was taken.
NDMP session
NetBackup
no root_squash
private interconnect
PXE (Pre-boot eXecution An environment to boot computers using a network interface independent of Environment) RM (Recovery Master)
Samba
share
snapshot
526
Glossary
soft limit
A file system quota for inode and block consumption that can be established for individual users or groups. If a user exceeds the soft limit, there is a grace period, during which the quota can be exceeded. After the grace period has expired, no more inodes or data blocks can be allocated. A logical construct that contains one or more LUNs from which file systems can be created. The granularity at which data is stored on one drive of the array before subsequent data is stored on the next drive of the array. A standard for forwarding log messages in an IP network. The term refers to both the syslog protocol and the application sending the syslog messages. An NDMP service that transfers data between secondary storage and the data connection and allows the data management application to manipulate and access the secondary storage. A 64-bit identifier that is used in Fibre Channel networks to uniquely identify each element in the network (i.e., nodes and ports).
storage pool
stripe unit
syslog
Index
A
about Active Directory (AD) 247 administering FileStore cluster's LDAP client 158 backup configurations 417 bonding Ethernet interfaces 130 changing share properties 286 configuring CIFS for AD domain mode 253 configuring disks 69 configuring Ethernet interfaces 143 configuring FileStore for CIFS 234 configuring IP addresses 137 configuring iSCSI targets 114 configuring locally saved configuration files 448 configuring routing tables 146 configuring storage pools 64 creating and maintaining file systems 188 creating file systems 191 data archive and retention 119 disk lists 76 DNS 133 excluding file extensions from Symantec AntiVirus for FileStore scans 482 FTP 333 FTP local user 348 FTP local user set 351 FTP server 335 FTP session 346 FTP set 337 I/O fencing 82 installing patches 468 iostat 507 IP commands 137 iSCSI 107 LDAP 151 leaving AD domain 258 leaving NT domain 245 load balancing for the normal clustering mode 298 local replication initialization 72
about (continued) managing CIFS shares 282 managing home directories 302 NDMP policies 406 NDMP supported configurations 405 Network Data Management Protocol 403 network services 128 network traffic details 517 NFS file sharing 175 NIS 160 option commands 457 reconfiguring CIFS service 279 retrieving the NDMP data 413 scheduling a Symantec AntiVirus for FileStore scan job 496 services command 513 setting NTLM 262 setting trusted domains 265 setting up file system alerts 227 snapshot schedules 211 snapshots 205 storage provisioning and management 62 storing account information 276 support user 45 Symantec AntiVirus for FileStore 476 Symantec AntiVirus for FileStore commands 477 Symantec AntiVirus for FileStore LiveUpdate 484 Symantec AntiVirus for FileStore manual scan commands 494 Symantec AntiVirus for FileStore quarantine commands 490 troubleshooting 504 types of patches 469 VLAN interfaces 165 accessing FileStore product documentation 29 man pages 40 processor activity 519 Active Directory setting the trusted domains for 275
528
Index
Active Directory (AD) about 247 configuring FileStore to authenticate to an AD domain controller 248 joining FileStore to 251 verifying FileStore has joined successfully 253 AD domain mode changing domain settings 259 configuring CIFS 253 security settings 259 setting domain 255 setting domain user 255 setting security 255 starting CIFS server 255 AD interface using 262 AD trusted domains disabling 275 add local user FTP 350 adding a severity level to an email group 373 a syslog server 379 an email address to a group 373 an email group 373 CIFS share 286 disks 70 external NetBackup master server to work with FileStore 400 filter to a group 373 IP address to a cluster 139 mapping from a virtualPath to a realPath 366 mirror to a file system 195 mirror to a tier of a file system 429 mirrored tier to a file system 427 mirrored-striped tier to a file system 427 NetBackup Enterprise Media Manager (EMM) server 400 NetBackup media server 400 new nodes to the cluster 54 NFS share 177 second tier to a file system 427 SNMP management server 382 striped tier to a file system 427 striped-mirror tier to a file system 427 users naming requirements for 32 VLAN interfaces 166
administering FileStore cluster's LDAP client about 158 aio_fork option setting 324 alerts file system unsetting 229 aliases displaying configured on the server 367 allowing metadata information to be written on the secondary tier 441 specified users and groups access to the CIFS share 289 attaching replication storage pool to a FileStore cluster 75 audit logs about 387 configuring 389 disabling for a file system 391 Auto-Protect configuring on file systems 481482
B
backup configurations about 417 backup services displaying the status of 418 starting 418 stopping 418 bind distinguished name setting for LDAP server 154 bonding Ethernet interfaces 132 bonding Ethernet interfaces about 130
C
cache object destroying for an instant rollback 227 changing an IP address to online on any running node 139 configuration of an Ethernet interface 145 DMP I/O policy 459 domain settings 245 domain settings for AD domain mode 259 local CIFS user password 327 NFS daemons 459
Index
529
changing (continued) ninodes cache size 459 security settings 247 security settings after CIFS server is stopped 247 share properties about 286 status of a file system 202 support user password 46 checking and repairing a file system 202 I/O fencing status 84 on the status of the NFS server 170 support user status 46 CIFS allowing specified users and groups access to the CIFS share 289 configuring schema extensions 269 denying specified users and groups access to the CIFS share 290 export options 284 modifying an existing CIFS share 291 setting the log level 505 standalone mode 236 using multi-domain controller support 258 CIFS and NFS protocols share directories 181 sharing file systems 294 CIFS clustering modes about 234 switching from ctdb to normal 316 switching from normal to ctdb 313 CIFS home directories displaying the quota values for 105 quotas 96 using quotas for 98 CIFS operating modes about 234 CIFS server changing security settings after stopped 247 configuring with the LDAP backend 274 starting 280 CIFS server status standalone mode 237 CIFS service standalone mode 237 CIFS share adding 286 deleting 293 exporting as a directory 310
CIFS share (continued) exporting the same file system/directory as a different CIFS share 312 modifying existing 292 splitting 300 CIFS share and home directory migrating from ctdb to normal clustering mode 321 CIFS shares and home directories migrating from ctdb clustering modes 317 migrating from normal to ctdb clustering mode 319 CIFS snapshot exporting 292 CIFS/NFS sharing mapping user names 297 clearing DNS domain names 135 DNS name servers 135 LDAP configured settings 154 CLI logging in to 33 client configurations displaying 159 LDAP server 159 cluster adding an IP address to 139 adding new nodes 54 adding the new node to 56 changing an IP address to online for any running node 139 deleting a node from 57 displaying a list of nodes 52 displaying all the IP addresses for 139 rebooting a nodes or all nodes 59 shutting down a node or all nodes in a cluster 58 clustering modes ctdb 309 command history displaying 47 Command-Line Interface (CLI) how to use 33 commands HTTP alias 365 HTTP document root mapping 367 HTTP server 360 configurable list of all HTTP options and their values 365
530
Index
configuration of an Ethernet interface changing 145 configuration files deleting the locally saved 449 viewing locally saved 449 configuration settings exporting either locally or remotely 449 importing either locally or remotely 449 configuring AD schema with CIFS-schema extensions 269 audit logs 389 Auto-Protect on file systems 481482 backup using NetBackup 420 CIFS for standalone mode 236 CIFS server with the LDAP backend 274 data archive and retention 123 email groups 371 file extensions in Symantec AntiVirus for FileStore configuration file 483 FileStore for CIFS 234 FileStore to authenticate to an AD domain controller 248 HTTP server 359 IP routing 148 iSCSI device 110 iSCSI discovery 111 iSCSI initiator 108 iSCSI initiator name 109 iSCSI targets 116 masquerade as third-party policy 407 NDMP backup method policy 407 NDMP failure resilient policy 407 NDMP overwrite policy 407 NDMP recursive restore policy 407 NDMP restore DST policy 407 NDMP send history policy 407 NDMP update dumpdates policy 407 NDMP use snapshot policy 407 NetBackup virtual IP address 402 NetBackup virtual name 403 NSS 163 NSS lookup order 164 Symantec AntiVirus for FileStore on all the nodes in the cluster 479 Symantec AntiVirus for FileStore on the cluster's nodes 480 VLAN interfaces 166
configuring (continued) Windows Active Directory as an LDAP IDMAP backend 268 configuring CIFS NT domain mode 240 configuring disks about 69 configuring Ethernet interfaces about 143 configuring IP addresses about 137 configuring iSCSI targets about 114 configuring locally saved configuration files about 448 configuring routing tables about 146 configuring storage pools about 64 coordinating cluster nodes to work with NTP servers 454 coordinator disks replacing 84 core strengths FileStore 25 CPU utilization report generating 508 creating full-sized rollback 220 local CIFS group 330 local CIFS user 327 Master, System Administrator, and Storage Administrator users 42 mirrored file systems 192 mirrored-stripe file systems 192 shared cache object 225 simple file systems 192 snapshot schedules 213 snapshots 206 space-optimized instant rollbacks 219 storage pools 66 striped file systems 192 striped-mirror file systems 192 users 42 creating and maintaining file systems about 188 creating file systems about 191
Index
531
ctdb clustering mode about 309 directory-level share support 310 load balancing 300 switching the clustering mode 313 current Ethernet interfaces and states displaying 144 current users displaying list 42
D
data archive and retention about 119 configuring 123 interaction with other applications 121 debugging information retrieving and sending 506 decreasing size of a file system 201 default passwords resetting Master, System Administrator, and Storage Administrator users 42 defragmenting file systems 204 delete local user FTP 350 deleting a node from the cluster 57 already configured SNMP management server 382 CIFS share 293 configured email server 373 configured NetBackup media server 400 email address from a specified group 373 email groups 373 filter from a specified group 373 home directories 308 home directory of given user 308 local CIFS group 330 local CIFS user 327 locally saved configuration file 449 mapping that is visible to clients as a virtualPath 367 NFS options 184 route entries from routing tables of nodes in cluster 148 severity from a specified group 373 snapshot schedules 215
deleting (continued) syslog server 379 users 42 VLAN interfaces 166 denying specified users and groups access to the CIFS share 290 destroying a file system 204 cache object of an instant rollback 227 I/O fencing 84 instant rollbacks 224 snapshots 209 storage pools 66 detached pool set renaming 74 detached pools displaying 75 device utilization report generating 508 directories displaying exported 176 unexporting the share 184 directory-level share support ctdb clustering mode 310 disabling AD trusted domains 275 audit logs for a file system 391 creation of home directories 308 DNS settings 135 FastResync option 198 I/O fencing 84 LDAP clients configurations 159 NIS clients 161 NTLM 264 NTP server 454 Partition Secure Notification (PSN) feature 231 quota limits used by snapshots 209 support user account 46 disk formatting 81 disk lists about 76 disks adding 70 removing 70 displaying all the aliases configured on the server 367
532
Index
displaying (continued) all the IP addresses for cluster 139 command history 47 current Ethernet interfaces and states 144 current HTTP sessions on each node 363 current list of SNMP management servers 382 current root directory for the HTTP server 368 current version 467 detached pools 75 DMP I/O policy 459 DNS settings 135 events on the console 381 existing email groups or details 373 exported directories 176 file system 229 file systems that can be exported 173 files moved and/or pruned by running a policy 440 FTP server settings 335 home directory usage information 307 information for all disk devices for nodes in a cluster 77 LDAP client configurations 159 LDAP configured settings 154 license information 509 list of all configurable HTTP options and their values 365 list of current users 42 list of DST file systems 432 list of nodes in a cluster 52 list of syslog servers 379 local CIFS group 330 local CIFS user 327 NDMP backup method 414 NDMP failure resilient data 414 NDMP masquerade as third-party 414 NDMP overwrite data 414 NDMP recursive restore data 414 NDMP restore DST data 414 NDMP send history data 414 NDMP update dumpdates data 414 NDMP use snapshot data 414 NDMP variables 412 NetBackup configurations 418 network configuration and statistics 129 NFS daemons 459 NFS statistics 172 ninodes cache size 459 NIS-related commands 161
displaying (continued) node-specific network traffic details 518 NSS configuration 164 option tunefstab 459 policy of each tiered file system 434 routing tables of the nodes in the cluster 148 schedules for all tiered file systems 439 share properties 288 snapshot quotes 209 snapshot schedules 215 snapshots 208 snapshots that can be exported 173 status of backup services 418 status of the NTP server 454 Symantec AntiVirus for FileStore configuration 478 Symantec AntiVirus for FileStore logs 478 Symantec AntiVirus for FileStore stats 478 system date and time 445 system statistics 455 tier location of a specified file 432 time interval or number of duplicate events for notifications 385 values of the configured SNMP notifications 382 values of the configured syslog server 379 VLAN interfaces 166 DMP I/O policy changing 459 displaying 459 resetting 459 DNS about 133 domain names clearing 135 name servers clearing 135 specifying 135 settings disabling 135 displaying 135 enabling 135 domain setting 280 setting user name 280 domain controller setting 280 domain name for the DNS server setting 135
Index
533
domain settings changing 245 domain user NT domain mode 242 drivers upgrading 465 DUD driver updates uninstalling 472
exporting (continued) configuration settings 449 directory as a CIFS share 310 events in syslog format to a given URL 386 network traffic details 518 NFS snapshot 184 same file system/directory as a different CIFS share 312 SNMP MIB file to a given URL 382
E
email address adding to a group 373 deleting from a specified group 373 email groups about 371 adding 373 deleting 373 displaying existing and details 373 email server deleting the configured email server 373 obtaining details for 373 setting the details of external 373 enabling DNS settings 135 FastResync for a file system 197 I/O fencing 84 LDAP client configurations 159 NIS clients 161 NTLM 264 NTP server 454 Partition Secure Notification (PSN) feature 231 quota limits used by snapshots 209 support user account 46 Ethernet interfaces bonding 132 changing configuration of 145 event notifications displaying time interval for 385 event reporting setting events for 385 events displaying on the console 381 excluding PCI IDs 510511 export options CIFS 284 exporting audit events in syslog format to a given URL 386 CIFS snapshot 292
F
file data accessing by way of the HTTP server 359 file extensions configuring in Symantec AntiVirus for FileStore configuration file 483 excluding from Symantec AntiVirus for FileStore scans 482 file system alerts about setting up 227 displaying 229 setting 227 unsetting 229 file system quotas for enabling, disabling, and displaying 89 setting and displaying 91 file systems adding a mirror to 195 changing the status of 202 checking and repairing 202 creating 192 decreasing the size of 201 defragmenting 204 destroying 204 disabling FastResync option 198 DST displaying 432 enabling FastResync 197 increasing the size of 199 listing with associated information 191 quotas 87 removing a mirror from 195 restoring from an instant rollback 221 that can be exported displayed 173 FileStore about 21 core strengths of 25 key features 21
534
Index
FileStore (continued) product documentation 29 Web resources 29 FileStore Dynamic Storage Tiering (DST) about 422 FileStore software installing onto a new node 54 filter about 371 adding to a group 373 deleting from a specified group 373 forcefully importing pools 82 formatting a disk 81 FTP about 333 add local user 350 delete local user 350 implementing command changes 345 local user password 350 local user set download bandwidth 353 local user set home directory 353 local user set maximum connections 353 local user set maximum disk usage 353 local user set maximum files 353 local user set upload bandwidth 353 logupload 348 server start 336 server status 336 server stop 336 session show 346 session showdetail 346 session terminate 346 set allow delete 341 set anonymous login 341 set anonymous logon 341 set anonymous write 341 set home directory path 341 set listen port 341 set maximum connections per client 341 set non-secure logins 341 set security 341 show local users 350 FTP local user about 348 FTP local user set about 351
FTP server about 335 settings displaying 335 FTP session about 346 FTP set about 337
G
generating CPU utilization report 508 device utilization report 508 group membership managing 327 GUI-related operations updating 507
H
history command using 47 home directories setting up 305 home directory file systems setting 303 home directory of given user deleting 308 home directory usage information displaying 307 hostname or IP address setting for LDAP server 154 how to use Command-Line Interface (CLI) 33 HTTP alias commands 365 HTTP server commands about 360 configuring for accessing file data 359 displaying the current root directory for 368 displaying the status for 361 document root mapping commands 367 set commands about 361 setting the root directory 368 starting 360 stopping 361 HTTP sessions displaying on each node 363
Index
535
I
I/O fencing about 82 checking status 84 destroying 84 disabling 84 enabling 84 idle threads setting the maximum number for handling request spikes 363 setting the minimum number for request spikes 363 implementing FTP command changes 345 importing configuration settings 449 pools forcefully 82 increasing LUN storage capacity 80 size of a file system 199 initiating host discovery of LUNs 81 installation states and conditions about 50 installing patches 470 about 468 instant recovery NetBackup 397 instant rollbacks about 217 creating a shared cache object 225 creating full-sized 220 creating space-optimized 219 destroying 224 listing 221 listing cache objects 226 making go offline 223 making go online 223 refreshing from a file system 222 restoring a file system from 221 iostat about 507 IP addresses adding to a cluster 139 displaying for the cluster 139 modifying 139 removing from the cluster 139 IP commands about 137
IP routing configuring 148 iSCSI about 107 iSCSI device configuring 110 iSCSI discovery configuring 111 iSCSI initiator configuring 108 iSCSI initiator name configuring 109 iSCSI targets configuring 116
J
joining FileStore to Active Directory (AD) 251
L
LDAP about 151 before configuring settings 151 configuring server settings 152 setting up as an IDMAP backend using the FileStore CLI 274 LDAP password hash algorithm setting password for 154 LDAP server clearing configured settings 154 disabling client configurations 159 displaying client configurations 159 displaying configured settings 154 enabling client configurations 159 setting over SSL 154 setting port number 154 setting the base distinguished name 154 setting the bind distinguished name 154 setting the hostname or IP address 154 setting the password hash algorithm 154 setting the root bind DN 154 setting the users, groups, and netgroups base DN 154 leaving AD domain 258 NT domain 245 license information displaying 509
536
Index
licensing Symantec AntiVirus for FileStore 477 list of DST file systems displaying 432 list of nodes displaying in a cluster 52 listing all file systems and associated information 191 all of the files on the specified tier 431 cache objects for instant rollbacks 226 free space for storage pools 66 instant rollbacks 221 Partition Secure Notification (PSN) online file systems that have this feature enabled 232 storage pools 66 load balancing ctdb clustering mode 300 local CIFS groups creating 330 deleting 330 displaying 330 managing 329 local CIFS user creating 327 deleting 327 displaying 327 local CIFS user password changing 327 local replication initialization 72 local user and groups managing 326 local user password FTP 350 local user set download bandwidth FTP 353 local user set home directory FTP 353 local user set maximum connections FTP 353 local user set maximum disk usage FTP 353 local user set maximum files FTP 353 local user set upload bandwidth FTP 353 logging in to CLI 33 login Technical Support 517
logupload FTP 348 LUN storage capacity increasing 80 LUNs initiating host discovery 81
M
man pages how to access 40 managing CIFS shares 282 group membership 327 home directories 302 local CIFS groups 329 local users and groups 326 mapping deleting that is visible to clients as a virtualPath 367 from a virtualPath to a realPath 366 masquerade as third-party policy configuring 407 Master, System Administrator, and Storage Administrator users creating 42 metadata information allowing to be written on the secondary tier 441 restricting to the primary tier only 442 migrating CIFS share and home directory from ctdb to normal clustering mode 321 CIFS shares and home directories 317 CIFS shares and home directories from normal to ctdb clustering mode 319 mirrored file systems creating 192 mirrored tier adding to a file system 427 mirrored-stripe file systems creating 192 mirrored-striped tier adding to a file system 427 modifying an existing CIFS share 291 an IP address 139 existing CIFS share 292 option tunefstab 459 policy of a tiered file system 434 schedule of a tiered file system 439
Index
537
modifying (continued) snapshot schedules 215 more command using 453 mounting snapshots 209 moving disks from one storage pool to another 70
N
naming requirements for adding users 32 NDMP backup method displaying 414 NDMP backup method policy configuring 407 NDMP failure resilient data displaying 414 NDMP failure resilient policy configuring 407 NDMP masquerade as third-party displaying 414 NDMP overwrite data displaying 414 NDMP overwrite policy configuring 407 NDMP policies about 406 restoring 416 NDMP recursive restore data displaying 414 NDMP recursive restore policy configuring 407 NDMP restore DST data displaying 414 NDMP restore DST policy configuring 407 NDMP send history data displaying 414 NDMP send history policy configuring 407 NDMP supported configurations about 405 NDMP update dumpdates data displaying 414 NDMP update dumpdates policy configuring 407 NDMP use snapshot data displaying 414
NDMP use snapshot policy configuring 407 NDMP variables displaying 412 NetBackup about 395 configuring NetBackup virtual IP address 402 configuring virtual name 403 displaying configurations 418 instant recovery 397 snapshot client 396 snapshot methods 396 NetBackup EMM server. See NetBackup Enterprise Media Manager (EMM) server NetBackup Enterprise Media Manager (EMM) server adding to work with FileStore 400 NetBackup master server configuring to work with FileStore 400 NetBackup media server adding 400 deleting 400 netbios aliases for the CIFS server setting 325 network configuration and statistics 129 testing connectivity 513 Network Data Management Protocol about 403 network services about 128 network traffic details about 517 exporting 518 NFS daemons changing 459 displaying 459 NFS file sharing about 175 NFS options deleting 184 NFS server checking on the status 170 starting 170 stopping 170 NFS share adding 177 NFS snapshot exporting 184
538
Index
NFS statistics displaying 172 ninodes cache size changing 459 displaying 459 NIS about 160 clients disabling 161 enabling 161 domain name setting on all the nodes of cluster 161 related commands displaying 161 server name setting on all the nodes of cluster 161 node adding to the cluster 54, 56 in a cluster displaying information for all disk devices 77 installing FileStore software onto 54 node-specific network traffic details displaying 518 normal clustering mode load balancing 298 NSS configuring 163 displaying configuration 164 lookup order configuring 164 NT domain mode configuring CIFS 240 domain user 242 setting domain 242 setting domain controller 242 setting security 242 setting the workgroup name 242 starting CIFS server 242 NTLM disabling 264 enabling 264 NTP server coordinating cluster nodes to work with 454 disabling 454 displaying the status of 454 enabling 454
O
obtaining details of the configured email server 373 offline making an instant rollback go offline 223 online making an instant rollback go 223 option commands about 457 option tunefstab displaying 459 modifying 459
P
Partition Secure Notification (PSN) feature about 230 disabling 231 enabling 231 listing the online file systems that have this feature enabled 232 password changing a user's password 42 patch level displaying current versions of 467 patches installing 470 synchronizing 472 types of 469 uninstalling 471 upgrading 465 PCI excluding IDs 511 exclusion 510 policies about 426 displaying files moved and/or pruned by running 440 displaying for each tiered file system 434 modifying for a tiered file system 434 relocating from a tiered file system 438 removing from a tiered file system 434 running for a tiered file system 434 preserving snapshot schedules 215 printing WWN information 81 privileges about 31 processor activity accessing 519
Index
539
Q
quota commands enabling, disabling, and displaying file system quotas 89 for setting and displaying file system quotas 91 quota limits enabling or disabling snapshot 209 quotas CIFS home directories 96 displaying the quota values for CIFS home directories 105 for file systems 87 using for CIFS home directories 98
R
rebooting a node or all nodes in cluster 59 reconfiguring CIFS service about 279 recovering from a non-gracefule shutdown 521 refreshing instant rollbacks from a file system 222 regions and time zones setting 445 relocating policy of a tiered file system 438 removing disks 70 IP address from the cluster 139 mirror from a file system 195 mirror from a tier spanning a specified disk 429 mirror from a tier spanning a specified pool 429 mirror from a tiered file system 429 policy of a tiered file system 434 schedule of a tiered file system 439 snapshot schedules 215 tier from a file system 428 renaming detached pool set 74 storage pools 66 replacing coordinator disks 84 replication storage pool attaching 75 resetting default passwords Master, System Administrator, and Storage Administrator users 42
resetting (continued) DMP I/O policy 459 restoring a file system from an instant rollback 221 ndmp policies 416 restricting metadata information to the primary tier only 442 retrieving debugging information 506 retrieving the NDMP data about 413 roles about 31 root directory setting for the HTTP server 368 route entries deleting from routing tables 148 routing tables of the nodes in the cluster displaying 148 running policy of a tiered file system 434
S
schedule displaying for all tiered file systems 439 modifying for a tiered file system 439 removing from a tiered file system 439 scheduling Symantec AntiVirus for FileStore scan jobs 496, 498 second tier adding to a file system 427 security standalone mode 237 security settings AD domain mode 259 changing 247 sending debugging information 506 server start FTP 336 server status FTP 336 server stop FTP 336 server threads setting the initial number 364
540
Index
server threads (continued) setting the maximum number in each server process 364 servers adding LiveUpdate servers 486 services command about 513 using 515 session show FTP 346 session showdetail FTP 346 session terminate FTP 346 set allow delete FTP 341 set anonymous login FTP 341 set anonymous logon FTP 341 set anonymous write FTP 341 set commands HTTP server 361 set home directory path FTP 341 set listen port FTP 341 set maximum connections per client FTP 341 set non-secure logins FTP 341 set security FTP 341 setting AD domain mode 255 aio_fork option 324 base distinguished name for the LDAP server 154 bind distinguished name for LDAP server 154 CIFS log level 505 details of the external email server 373 domain 280 domain controller 280 domain name for the DNS server 135 domain user name 280 events for event reporting 385 file system alerts 227 filter of the syslog server 379
setting (continued) home directory file systems 303 initial number of server threads 364 LDAP as an IDMAP backend using the FileStore CLI 274 LDAP IDMAP backend to hash for accessing CIFS 267 LDAP IDMAP backend to ldap for trusted domain access to CIFS 266 LDAP IDMAP backend to rid for access to CIFS 265 LDAP password hash algorithm 154 LDAP server hostname or IP address 154 LDAP server over SSL 154 LDAP server port number 154 LDAP users, groups, and netgroups base DN 154 maximum number of idle threads for handling request spikes 363 maximum number of threads in each server process 364 maximum number to be created 364 minimum number of idle threads for request spikes 363 netbios aliases for the CIFS server 325 NIS domain name on all the nodes of cluster 161 NT domain mode 242 NT domain mode domain controller 242 NTLM 262 regions and time zones 445 root bind DN for the LDAP server 154 severity of the syslog server 379 SNMP filter notifications 382 SNMP severity notifications 382 Symantec AntiVirus for FileStore action policy 493 system date and time 445 the NIS server name on all the nodes of cluster 161 trusted domains 265 trusted domains for the Active Directory 275 workgroup name 242 setting domain user AD domain mode 255 setting security AD domain mode 255 NT domain mode 242 setting up home directories 305
Index
541
severity levels about 371 adding to an email group 373 severity notifications setting 382 share directories CIFS and NFS protocols 181 share properties displaying 288 shared cache object creating 225 sharing file systems using CIFS and NFS protocols 294 show local users FTP 350 showing snapshot schedules 215 shutdown recovering from a non-graceful 521 shutting down node or all nodes in a cluster 58 snapshot methods NetBackup 396 snapshot schedules about 211 creating 213 deleting 215 displaying 215 modifying 215 preserving 215 removing 215 showing 215 snapshots about 205 creating 206 destroying 209 displaying 208 displaying quotas 209 enabling or disabling quota limits 209 mounting 209 that can be exported displayed 173 unmounting 209 SNMP filter notifications setting 382 management server adding 382 deleting configured 382
SNMP (continued) management server (continued) displaying current list of 382 MIB file exporting to a given URL 382 notifications displaying the values of 382 server setting severity notifications 382 specified group deleting a severity from 373 specifying DNS name servers 135 splitting a CIFS share 300 SSL setting the LDAP server for 154 standalone mode CIFS server status 237 CIFS service 237 security 237 starting backup services 418 CIFS server 280 HTTP server 360 NFS server 170 starting CIFS server AD domain mode 255 NT domain mode 242 status displaying for the HTTP server 361 stopping backup services 418 HTTP server 361 NFS server 170 storage pools creating 66 destroying 66 listing 66 listing free space 66 moving disks from one to another 70 renaming 66 storage provisioning and management about 62 storing account information 276 user and group accounts in LDAP 278 user and group accounts locally 278 striped file systems creating 192
542
Index
striped tier adding to a file system 427 striped-mirror file systems creating 192 striped-mirror tier adding to a file system 427 support user about 45 support user account disabling 46 enabling 46 support user password changing 46 support user status checking 46 swap command using 456 switching CIFS clustering modes from normal to ctdb 313 ctdb clustering mode 313 from ctdb to normal clustering mode 316 Symantec AntiVirus for FileStore about 476 commands about 477 configuring on the cluster's nodes 480 displaying configuration 478 displaying logs 478 displaying stats 478 licensing 477 manual scan commands 494 quarantine commands about 490 scheduling scan jobs 498 setting action policies 493 using manual scan commands 495 using quarantine commands 491 Symantec AntiVirus for FileStore LiveUpdate about 484 adding LiveUpdate servers 486 Symantec Enterprise Vault Partition Secure Notification (PSN) 230 synchronizing patches 472 syslog event logging about 378 syslog format exporting audit events to a given URL 386 exporting events to a given URL 386 syslog server adding 379 deleting 379
syslog server (continued) displaying the list of 379 displaying the values of 379 setting the filter of 379 setting the severity of 379 system date and time displaying 445 setting 445 system statistics displaying 455
T
technical support login 517 testing network connectivity 513 threads setting the maximum number to be created 364 tier adding a tier to a file system 429 displaying location of a specified file 432 listing all of the specified files on 431 removing a mirror from 429 removing a mirror spanning a specified pool 429 removing from a file system 428 removing from a tier spanning a specified disk 429 traceroute command using 520 troubleshooting about 504 trusted domains allowing access to CIF when setting an LDAP IDMAP backend to hash 267 allowing access to CIFS when setting an LDAP IDMAP backend to ldap 266 allowing access to CIFS when setting an LDAP IDMAP backend to rid 265
U
unexporting share of exported directory 184 uninstalling DUD driver updates 472 patches 471 unmounting snapshots 209 updating GUI-related operations 507
Index
543
upgrading patches or drivers 465 user and group accounts in LDAP storing 278 user and group accounts locally storing 278 user names mapping for CIFS/NFS sharing 297 user roles and privileges about 31 users adding new 32 changing passwords 42 creating 42 deleting 42 using AD interface 262 history command 47 more command 453 multi-domain controller support in CIFS 258 services command 515 swap command 456 Symantec AntiVirus for FileStore manual scan commands 495 Symantec AntiVirus for FileStore quarantine commands 491 traceroute command 520
V
verifying FileStore has joined Active Directory (AD) 253 viewing list of locally saved configuration files 449 virtual IP address configuring or changing for NetBackup 402 virtual name configuring for NetBackup 403 VLAN about interfaces 165 adding interfaces 166 configuring interfaces 166 deleting interfaces 166 displaying interfaces 166
W
Web resources for FileStore 29 Windows Active Directory configuring as an LDAP IDMAP backend 268