InfoScale™ 9.0 Storage Foundation Administrator's Guide - Linux
- Section I. Introducing Storage Foundation
- Overview of Storage Foundation
- How Dynamic Multi-Pathing works
- How Volume Manager works
- How Volume Manager works with the operating system
- How Volume Manager handles storage management
- Volume layouts in Veritas Volume Manager
- Online relayout
- Volume resynchronization
- Hot-relocation
- Dirty region logging
- Volume snapshots
- Support for atomic writes
- FastResync
- Volume sets
- How VxVM handles hardware clones or snapshots
- Volume encryption
- How Veritas File System works
- Section II. Provisioning storage
- Provisioning new storage
- Advanced allocation methods for configuring storage
- Customizing allocation behavior
- Setting default values for vxassist
- Using rules to make volume allocation more efficient
- Understanding persistent attributes
- Customizing disk classes for allocation
- Specifying allocation constraints for vxassist operations with the use clause and the require clause
- Management of the use and require type of persistent attributes
- Creating volumes of a specific layout
- Creating a volume on specific disks
- Creating volumes on specific media types
- Configuring a Key Management Server
- Creating encrypted volumes
- Changing the KEK using the re-key operation
- Viewing encrypted volumes
- Changing the encryption password
- Enabling or disabling deletion of KEKs along with encrypted objects
- Specifying ordered allocation of storage to volumes
- Site-based allocation
- Changing the read policy for mirrored volumes
- Customizing allocation behavior
- Creating and mounting VxFS file systems
- Creating a VxFS file system
- Converting a file system to VxFS
- Mounting a VxFS file system
- log mount option
- delaylog mount option
- tmplog mount option
- logiosize mount option
- nodatainlog mount option
- blkclear mount option
- mincache mount option
- convosync mount option
- ioerror mount option
- largefiles and nolargefiles mount options
- cio mount option
- mntlock mount option
- ckptautomnt mount option
- Combining mount command options
- Unmounting a file system
- Resizing a file system
- Displaying information on mounted file systems
- Identifying file system types
- Monitoring free space
- Extent attributes
- Section III. Administering multi-pathing with DMP
- Administering Dynamic Multi-Pathing
- Discovering and configuring newly added disk devices
- Partial device discovery
- About discovering disks and dynamically adding disk arrays
- About third-party driver coexistence
- How to administer the Device Discovery Layer
- Listing all the devices including iSCSI
- Listing all the Host Bus Adapters including iSCSI
- Listing the ports configured on a Host Bus Adapter
- Listing the targets configured from a Host Bus Adapter or a port
- Listing the devices configured from a Host Bus Adapter and target
- Getting or setting the iSCSI operational parameters
- Listing all supported disk arrays
- Displaying details about an Array Support Library
- Excluding support for a disk array library
- Re-including support for an excluded disk array library
- Listing excluded disk arrays
- Listing disks claimed in the DISKS category
- Adding unsupported disk arrays to the DISKS category
- Removing disks from the DISKS category
- Foreign devices
- Making devices invisible to VxVM
- Making devices visible to VxVM
- About enabling and disabling I/O for controllers and storage processors
- About displaying DMP database information
- Displaying the paths to a disk
- Administering DMP using the vxdmpadm utility
- Retrieving information about a DMP node
- Displaying consolidated information about the DMP nodes
- Displaying the members of a LUN group
- Displaying paths controlled by a DMP node, controller, enclosure, or array port
- Displaying information about controllers
- Displaying information about enclosures
- Displaying information about array ports
- Displaying information about devices controlled by third-party drivers
- Displaying extended device attributes
- Suppressing or including devices from VxVM control
- Gathering and displaying I/O statistics
- Setting the attributes of the paths to an enclosure
- Displaying the redundancy level of a device or enclosure
- Specifying the minimum number of active paths
- Displaying the I/O policy
- Specifying the I/O policy
- Disabling I/O for paths, controllers, array ports, or DMP nodes
- Enabling I/O for paths, controllers, array ports, or DMP nodes
- Renaming an enclosure
- Configuring the response to I/O failures
- Configuring the I/O throttling mechanism
- Configuring Low Impact Path Probing (LIPP)
- Configuring Subpaths Failover Groups (SFG)
- Displaying recovery option values
- Configuring DMP path restoration policies
- Stopping the DMP path restoration thread
- Displaying the status of the DMP path restoration thread
- Configuring Array Policy Modules
- Configuring latency threshold tunable for metro/geo array
- Discovering and configuring newly added disk devices
- Dynamic Reconfiguration of devices
- About online dynamic reconfiguration
- Reconfiguring a LUN online that is under DMP control using the Dynamic Reconfiguration tool
- Manually reconfiguring a LUN online that is under DMP control
- Overview of manually reconfiguring a LUN
- Manually removing LUNs dynamically from an existing target ID
- Manually adding new LUNs dynamically to a new target ID
- About detecting target ID reuse if the operating system device tree is not cleaned up
- Scanning an operating system device tree after adding or removing LUNs
- Manually cleaning up the operating system device tree after removing LUNs
- Changing the characteristics of a LUN from the array side
- Upgrading the array controller firmware online
- Reformatting NVMe devices manually
- Managing devices
- Displaying disk information
- Changing the disk device naming scheme
- About disk installation and formatting
- Adding and removing disks
- Renaming a disk
- Event monitoring
- Administering Dynamic Multi-Pathing
- Section IV. Administering Storage Foundation
- Administering sites and remote mirrors
- About sites and remote mirrors
- Making an existing disk group site consistent
- Configuring a new disk group as a Remote Mirror configuration
- Fire drill - testing the configuration
- Changing the site name
- Administering the Remote Mirror configuration
- Examples of storage allocation by specifying sites
- Displaying site information
- Failure and recovery scenarios
- Administering sites and remote mirrors
- Section V. Optimizing I/O performance
- Veritas File System I/O
- Veritas Volume Manager I/O
- Veritas Volume Manager throttling of administrative I/O
- Managing application I/O workloads using maximum IOPS settings
- About application volume groups
- Creating application volume groups
- Viewing the list of application volume groups
- Setting the maximum IOPS threshold on application volume groups
- Viewing the IOPS statistics for application volume groups
- Removing the maximum IOPS setting from application volume groups
- Adding volumes to an application volume group
- Removing volumes from an application volume group
- Removing an application volume group
- Section VI. Using Point-in-time copies
- Understanding point-in-time copy methods
- About point-in-time copies
- When to use point-in-time copies
- About Storage Foundation point-in-time copy technologies
- Volume-level snapshots
- Storage Checkpoints
- About FileSnaps
- About snapshot file systems
- Administering volume snapshots
- About volume snapshots
- Traditional third-mirror break-off snapshots
- Full-sized instant snapshots
- Creating instant snapshots
- Adding an instant snap DCO and DCO volume
- Creating and managing space-optimized instant snapshots
- Creating and managing full-sized instant snapshots
- Creating and managing third-mirror break-off snapshots
- Creating and managing linked break-off snapshot volumes
- Creating multiple instant snapshots
- Creating instant snapshots of volume sets
- Adding snapshot mirrors to a volume
- Removing a snapshot mirror
- Removing a linked break-off snapshot volume
- Adding a snapshot to a cascaded snapshot hierarchy
- Refreshing an instant space-optimized snapshot
- Reattaching an instant full-sized or plex break-off snapshot
- Reattaching a linked break-off snapshot volume
- Restoring a volume from an instant space-optimized snapshot
- Dissociating an instant snapshot
- Removing an instant snapshot
- Splitting an instant snapshot hierarchy
- Displaying instant snapshot information
- Controlling instant snapshot synchronization
- Listing the snapshots created on a cache
- Tuning the autogrow attributes of a cache
- Monitoring and displaying cache usage
- Growing and shrinking a cache
- Removing a cache
- Creating instant snapshots
- Linked break-off snapshots
- Cascaded snapshots
- Creating multiple snapshots
- Restoring the original volume from a snapshot
- Adding a version 0 DCO and DCO volume
- Administering Storage Checkpoints
- About Storage Checkpoints
- Storage Checkpoint administration
- Storage Checkpoint space management considerations
- Restoring from a Storage Checkpoint
- Storage Checkpoint quotas
- Administering FileSnaps
- Administering snapshot file systems
- Understanding point-in-time copy methods
- Section VII. Optimizing storage with Storage Foundation
- Understanding storage optimization solutions in Storage Foundation
- Migrating data from thick storage to thin storage
- Maintaining Thin Storage with Thin Reclamation
- Reclamation of storage on thin reclamation arrays
- Identifying thin and thin reclamation LUNs
- Displaying VxFS file system usage on thin reclamation LUNs
- Reclaiming space on a file system
- Reclaiming space on a disk, disk group, or enclosure
- About the reclamation log file
- Monitoring Thin Reclamation using the vxtask command
- Configuring automatic reclamation
- InfoScale 4K sector device support solution
- Section VIII. Maximizing storage utilization
- Understanding storage tiering with SmartTier
- Creating and administering volume sets
- Multi-volume file systems
- About multi-volume file systems
- About volume types
- Features implemented using multi-volume file system (MVFS) support
- Creating multi-volume file systems
- Converting a single volume file system to a multi-volume file system
- Adding a volume to and removing a volume from a multi-volume file system
- Volume encapsulation
- Reporting file extents
- Load balancing
- Converting a multi-volume file system to a single volume file system
- Administering SmartTier
- About SmartTier
- Supported SmartTier document type definitions
- Placement classes
- Administering placement policies
- File placement policy grammar
- File placement policy rules
- Calculating I/O temperature and access temperature
- Multiple criteria in file placement policy rule statements
- Multiple file selection criteria in SELECT statement clauses
- Multiple placement classes in <ON> clauses of CREATE statements and in <TO> clauses of RELOCATE statements
- Multiple placement classes in <FROM> clauses of RELOCATE and DELETE statements
- Multiple conditions in <WHEN> clauses of RELOCATE and DELETE statements
- File placement policy rule and statement ordering
- File placement policies and extending files
- Using SmartTier with solid state disks
- Sub-file relocation
- Administering hot-relocation
- About hot-relocation
- How hot-relocation works
- Configuring a system for hot-relocation
- Displaying spare disk information
- Marking a disk as a hot-relocation spare
- Removing a disk from use as a hot-relocation spare
- Excluding a disk from hot-relocation use
- Making a disk available for hot-relocation use
- Configuring hot-relocation to use only spare disks
- Moving relocated subdisks
- Modifying the behavior of hot-relocation
- Compressing files
- About compressing files
- Compressing files with the vxcompress command
- Interaction of compressed files and other commands
- Interaction of compressed files and other features
- Interaction of compressed files and applications
- Use cases for compressing files
- Section IX. Administering and protecting storage
- Managing volumes and disk groups
- Rules for determining the default disk group
- Moving volumes or disks
- Monitoring and controlling tasks
- Using vxnotify to monitor configuration changes
- Performing online relayout
- Adding a mirror to a volume
- Configuring SmartMove
- Removing a mirror
- Setting tags on volumes
- Encrypting existing volumes
- Managing disk groups
- Disk group versions
- Displaying disk group information
- Creating a disk group
- Removing a disk from a disk group
- Deporting a disk group
- Importing a disk group
- Handling of minor number conflicts
- Moving disk groups between systems
- Importing a disk group containing hardware cloned disks
- Setting up configuration database copies (metadata) for a disk group
- Renaming a disk group
- Handling conflicting configuration copies
- Disabling a disk group
- Destroying a disk group
- Backing up and restoring disk group configuration data
- Working with existing ISP disk groups
- Managing plexes and subdisks
- Decommissioning storage
- Rootability
- Root Disk Encapsulation (RDE) is not supported
- Encapsulating a disk
- Device name format changes in RHEL 7 environments after encapsulation
- Rootability
- Restrictions on using rootability with Linux
- Sample supported root disk layouts for encapsulation
- Example 1: supported root disk layouts for encapsulation
- Example 2: supported root disk layouts for encapsulation
- Example 3: supported root disk layouts for encapsulation
- Example 4: supported root disk layouts for encapsulation
- Sample unsupported root disk layouts for encapsulation
- Example 1: unsupported root disk layouts for encapsulation
- Example 2: unsupported root disk layouts for encapsulation
- Example 3: unsupported root disk layouts for encapsulation
- Example 4: unsupported root disk layouts for encapsulation
- Booting root volumes
- Boot-time volume restrictions
- Creating redundancy for the root disk
- Creating an archived back-up root disk for disaster recovery
- Encapsulating and mirroring the root disk
- Upgrading the kernel on a root encapsulated system
- Administering an encapsulated boot disk
- Unencapsulating the root disk
- Quotas
- About Veritas File System quota limits
- About quota files on Veritas File System
- About Veritas File System quota commands
- About quota checking with Veritas File System
- Using Veritas File System quotas
- Turning on Veritas File System quotas
- Turning on Veritas File System quotas at mount time
- Editing Veritas File System quotas
- Modifying Veritas File System quota time limits
- Viewing Veritas File System disk quotas and usage
- Displaying blocks owned by users or groups
- Turning off Veritas File System quotas
- Support for 64-bit Quotas
- File Change Log
- Support for protection against ransomware
- About support for protection against ransomware
- Write Once, Read Many (WORM) storage
- Secure clock
- Audit logging
- Non-modifiable storage checkpoints
- Post-upgrade tasks to enable the use of non-modifiable checkpoints
- Creating non-modifiable checkpoints
- Setting retention periods for non-modifiable checkpoints
- Making an existing checkpoint non-modifiable
- Deletion of non-modifiable checkpoints
- Compatibility of WORM flag with relevant checkpoint operations
- Restrictions and limitations on the promote operation for checkpoints
- Restrictions and limitations on the mount operations
- Soft WORM storage
- About the secure configuration file
- Secure file system
- Secure file system for Oracle Single Instance
- Secure file system for PostgreSQL database
- Prerequisites for configuring SecureFS for PostgreSQL
- Enabling PostgreSQL for SecureFS and Single-Click Recovery
- SecureFS authentication methods for PostgreSQL
- PostgreSQL configuration reload and restart requirements
- Configure SecureFS for PostgreSQL using CLI
- Recovering PostgreSQL data
- PostgreSQL SecureFS configuration logs
- SecureFS limitations for PostgreSQL
- Managing volumes and disk groups
- Section X. Reference
- Appendix A. Reverse path name lookup
- Appendix B. Tunable parameters
- About tuning Storage Foundation
- Tuning the VxFS file system
- DMP tunable parameters
- Methods to change Dynamic Multi-Pathing tunable parameters
- Tunable parameters for VxVM
- Methods to change Veritas Volume Manager tunable parameters
- Appendix C. Command reference
- Appendix D. InfoScale event logging
Configuring a secure file system using CLI
The purpose of this section is to provide the step-by-step procedure for configuring a SecureFS and enabling corruption or ransomware protection using CLI. These procedures are presented separately for clarity and ease of understanding.
Before configuring SecureFS, make sure that the vxfstaskd service is in running state. You can use systemctl status vxfstaskd to check the state of service.
Use the following command to create file system on existing volume. To create volume, use vxassist command:
# /opt/VRTS/bin/mkfs -t vxfs <path_of_volume>
Sample command and output:
# mkfs -t vxfs /dev/vx/rdsk/testdg/vol1
version 18 layout 20971520 sectors, 10485760 blocks of size 1024, log size 16384 blocks rcq size 1024 blocks largefiles supported maxlink supported WORM not supported maxts supported
Note:
For ransomware protection, a file system should be WORM-enabled or softworm-enabled. You can enable WORM on a file system using the command: /opt/VRTS/bin/fsadm -o worm <path_of_mountpoint>. For ransomware protection, use the -o worm option with the mkfs command.
Mount the file system:
# mount -t vxfs <path of volume> <mount point>
Sample command:
# mount -t vxfs /dev/vx/dsk/testdg/vol1 /mnt1
Create SecureFS configuration file:
# vxschadm create <mount point>
Sample command:
# vxschadm create /mnt1
You can configure the same SecureFS for both corruption and ransomware protection based on your requirements.
Prepare the volume for snapshot:
# vxsnap -g <disk-group name> prepare <volume name>
Sample command:
# vxsnap -g testdg prepare vol1
Enable the snapshot feature:
# vxschadm add snapshot <interval in cron format> <maximum number of snapshots> <mount_point>
Use the following snapshot format to configure snapshots:
Format : "mm hh dd MM ww" mm : minutes (0-59) or * hh : hours (0-23) or * dd : days (1-31) or * MM: months (1-12) or * ww: week (0-6) SUNDAY=0, SATURADAY=6
*: Refers 'per', for example, per minute, per hour, and so on.
Following is a sample output of a snapshot format:
Example 1: "30 15 * * *" Every day at 1530 hours, task will be executed. Example 2: "30 15 * * 6" Every Saturday at 1530 hours, task will be executed. Caution: "* * * * *" Every minute and hour options are not supported.
Get the list of snapshots at a given interval:
# vxsnap -g <diskgroup name> list <volume name>
Sample command and output:
# vxsnap -g testdg list vol1 NAME DG OBJTYPE SNAPTYPE PARENT PARENTDG SNAPDATE vol1 testdg vol - - - - - secfs_1204231555vol1 testdg vol spaceopt vol1 testdg 2023/04/12 15
You can independently enable and disable all the features. To delete the feature use following command:
# /opt/VRTS/bin/vxschadm delete snapshot <mount_point>
You can modify a configured feature using the "add" command:
# /opt/VRTS/bin/vxschadm add snapshot <interval in cron format> <maximum number of snapshot> <mount_point>
This completes the procedure for protecting the file system from corruption.
- Use the non-modifiable checkpoint for ransomware protection.
Enable the checkpoint feature using the following command:
# /opt/VRTS/bin/vxschadm add checkpoint <interval> <max_number> <retention> <time_mode> <removable> <mount_point>
Parameter
Description
<interval>
The time interval for creating a checkpoint. Specify the interval in the operating system crond format for scheduling a job.
Format: "mm hh dd MM ww" mm : minutes (0-59) or * hh : hours (0-23) or * dd : days (1-31) or * MM: months (1-12) or * ww: week (0-6) SUNDAY=0, SATURADAY=6 *: indicate "per". For example, per minute, per hour.
Note:
The interval must not be less than one hour.
<max_number>
The maximum number of checkpoints or snapshots that can exist at a time.
After the max count is reached, the oldest checkpoint or snapshot is removed before creating a new one. For checkpoints, the oldest checkpoint is removed only after its retention period has expired.
<retention>
The retention period for the checkpoint. Specify the input in digits, starting from zero (0).
The retention period is determined using the retention period value and the time unit specified in the <time_mode> argument value.
<time_mode>
The measurement unit for the retention period. Specify the input as follows:
Format: m or h or d or M or y m: minutes, h: hours, d: days, M: months, y: years
<removable>
Specifies whether the checkpoint is removable or not. If the value is set to 1, the checkpoint is deleted as per the ENOSPC condition.
The checkpoint is deleted only if the retention period is specified and has expired.
<mount_point>
The mount point for which to create the checkpoint.
Sample command and output:
# /opt/VRTS/bin/vxschadm add checkpoint "00 13 * * *" 5 5 h 0 /mnt1
Example 1: "30 15 * * *" Every day at 1530 hours, task will be executed. Example 2: "30 15 * * 6" Every Saturday at 1530 hours, task will be executed. Caution: "* * * * *" Every minute and hour options are not supported.
The checkpoints are created as a non-modifiable checkpoints and mounted in a read-only (RO) mode.
You can view the list of checkpoints using the following command:
# /opt/VRTS/bin/vxschadm show checkpoint <mount_point>
- Create a placement policy file using following set of fsppmk commands.
The following commands create a placement policy named "worm policy" with the RULE element as "normal", with user as "root", and output policy xml file as "sample.xml":
# fsppmk policy -b -n "worm policy" \-v 6.0 > /tmp/sample.xml # fsppmk rule -b -n "normal" \-t data >> /tmp/sample.xml # fsppmk select -b -u User1 \-g Group1 -p \*.mpg -d /test/dir1 .e >> /tmp/sample.xml # fsppmk relocate -b \-d tier1:2:MB -s tier2,tier3 >> /tmp/sample.xml # fsppmk qualifier -b -q iotemp \-t nwbytes -c gteq,200 -p 10 -e >> /tmp/sample.xml # fsppmk relocate -e >> /tmp/sample.xml # fsppmk rule -e >> /tmp/sample.xml # fsppmk policy -e >> /tmp/sample.xmlThe following is a sample policy xml file created using fsppmk commands:
<?xml version = "1.0"> <!DOCTYPE FILE_PLACEMENT_POLICY_SYSTEM "/opt/VRTSvxfs/etc/placement_policy.dtd"> <PLACEMENT_POLICY Name="worm policy" Version="6.0"> <RULE Name="normal" Flags="data"> <SELECT> <DIRECTORY Flags=" recursive "> /test/dir1 </DIRECTORY> <PATTERN Flags=" nonrecursive "> *.mpg </PATTERN> <USER> root </USER> <GROUP> Group1 </GROUP> </SELECT> <RELOCATE> <FROM> <SOURCE> <CLASS> tier2 </CLASS> </SOURCE> <SOURCE> <CLASS> tier3 </CLASS> </SOURCE> </FROM> <TO> <DESTINATION> <CLASS> tier1 </CLASS> <BALANCE_SIZE Units = "MB"> 2 </BALANCE_SIZE> </DESTINATION> </TO> <WHEN> <IOTEMP Type="nwbytes"> <MIN Flags="gteq"> 200 </MIN> <PERIOD Units="days"> 10 </PERIOD> </IOTEMP> </WHEN> </RELOCATE> </RULE> </PLACEMENT_POLICY>Validate the policy file.
# fsppadm validate <mount_point> <policy_file>
Sample command:
# fsppadm vlidate /mnt1 /tmp/sample.xml
Assign the policy file.
# fsppadm assign <mount_point> <policy_file>
Sample command:
# fsppadm assign /mnt1 /tmp/sample.xml
Add the policy to the secure file system.
# /opt/VRTS/bin/vxschadm add policy <interval in os cron format> <mount_point>
Sample command:
# /opt/VRTS/bin/vxschadm add policy "15 16 * * *" /mnt1
The ransomware protection file system procedure is completed.
You can independently enable and disable all the features. To delete the feature, use the following command:
# /opt/VRTS/bin/vxschadm delete {checkpoint | policy} <mount_point>
You can modify a configured feature using the "add" command:
# /opt/VRTS/bin/vxschadm add {checkpoint | policy} <mount_point>
Command for checkpoint:
# /opt/VRTS/bin/vxschadm add checkpoint <interval in os cron format> <maximum number of checkpoints> <retention time of checkpoint> <time mode> <type of checkpoint> <mount_point>
Command for policy:
# /opt/VRTS/bin/vxschadm add policy <interval in os cron format> <mount_point>
For more details about all the command options and arguments, see the vxschadm(1M), fsppadm(1M), and fsppmk(1M) manual pages.