InfoScale™ 9.0 Storage Foundation Administrator's Guide - Linux
- Section I. Introducing Storage Foundation
- Overview of Storage Foundation
- How Dynamic Multi-Pathing works
- How Volume Manager works
- How Volume Manager works with the operating system
- How Volume Manager handles storage management
- Volume layouts in Veritas Volume Manager
- Online relayout
- Volume resynchronization
- Dirty region logging
- Volume snapshots
- FastResync
- How VxVM handles hardware clones or snapshots
- Volume encryption
- How Veritas File System works
- Section II. Provisioning storage
- Provisioning new storage
- Advanced allocation methods for configuring storage
- Customizing allocation behavior
- Using rules to make volume allocation more efficient
- Understanding persistent attributes
- Customizing disk classes for allocation
- Specifying allocation constraints for vxassist operations with the use clause and the require clause
- Creating volumes of a specific layout
- Customizing allocation behavior
- Creating and mounting VxFS file systems
- Creating a VxFS file system
- Mounting a VxFS file system
- tmplog mount option
- ioerror mount option
- largefiles and nolargefiles mount options
- Resizing a file system
- Monitoring free space
- Extent attributes
- Section III. Administering multi-pathing with DMP
- Administering Dynamic Multi-Pathing
- Discovering and configuring newly added disk devices
- About discovering disks and dynamically adding disk arrays
- How to administer the Device Discovery Layer
- Administering DMP using the vxdmpadm utility
- Gathering and displaying I/O statistics
- Specifying the I/O policy
- Discovering and configuring newly added disk devices
- Dynamic Reconfiguration of devices
- Reconfiguring a LUN online that is under DMP control using the Dynamic Reconfiguration tool
- Manually reconfiguring a LUN online that is under DMP control
- Managing devices
- Displaying disk information
- Changing the disk device naming scheme
- Adding and removing disks
- Event monitoring
- Administering Dynamic Multi-Pathing
- Section IV. Administering Storage Foundation
- Administering sites and remote mirrors
- About sites and remote mirrors
- Fire drill - testing the configuration
- Changing the site name
- Administering the Remote Mirror configuration
- Failure and recovery scenarios
- Administering sites and remote mirrors
- Section V. Optimizing I/O performance
- Veritas File System I/O
- Veritas Volume Manager I/O
- Managing application I/O workloads using maximum IOPS settings
- Section VI. Using Point-in-time copies
- Understanding point-in-time copy methods
- When to use point-in-time copies
- About Storage Foundation point-in-time copy technologies
- Volume-level snapshots
- Storage Checkpoints
- About FileSnaps
- About snapshot file systems
- Administering volume snapshots
- Traditional third-mirror break-off snapshots
- Full-sized instant snapshots
- Creating instant snapshots
- Adding an instant snap DCO and DCO volume
- Controlling instant snapshot synchronization
- Creating instant snapshots
- Cascaded snapshots
- Adding a version 0 DCO and DCO volume
- Administering Storage Checkpoints
- Storage Checkpoint administration
- Administering FileSnaps
- Administering snapshot file systems
- Understanding point-in-time copy methods
- Section VII. Optimizing storage with Storage Foundation
- Understanding storage optimization solutions in Storage Foundation
- Migrating data from thick storage to thin storage
- Maintaining Thin Storage with Thin Reclamation
- Reclamation of storage on thin reclamation arrays
- Identifying thin and thin reclamation LUNs
- InfoScale 4K sector device support solution
- Section VIII. Maximizing storage utilization
- Understanding storage tiering with SmartTier
- Creating and administering volume sets
- Multi-volume file systems
- Features implemented using multi-volume file system (MVFS) support
- Adding a volume to and removing a volume from a multi-volume file system
- Volume encapsulation
- Load balancing
- Administering SmartTier
- About SmartTier
- Placement classes
- Administering placement policies
- File placement policy rules
- Multiple criteria in file placement policy rule statements
- Using SmartTier with solid state disks
- Sub-file relocation
- Administering hot-relocation
- How hot-relocation works
- Moving relocated subdisks
- Compressing files
- About compressing files
- Use cases for compressing files
- Section IX. Administering and protecting storage
- Managing volumes and disk groups
- Rules for determining the default disk group
- Moving volumes or disks
- Monitoring and controlling tasks
- Performing online relayout
- Adding a mirror to a volume
- Encrypting existing volumes
- Managing disk groups
- Disk group versions
- Displaying disk group information
- Creating a disk group
- Importing a disk group
- Moving disk groups between systems
- Importing a disk group containing hardware cloned disks
- Handling conflicting configuration copies
- Destroying a disk group
- Backing up and restoring disk group configuration data
- Managing plexes and subdisks
- Decommissioning storage
- Rootability
- Encapsulating a disk
- Rootability
- Sample supported root disk layouts for encapsulation
- Encapsulating and mirroring the root disk
- Administering an encapsulated boot disk
- Quotas
- Using Veritas File System quotas
- File Change Log
- Support for protection against ransomware
- Non-modifiable storage checkpoints
- Soft WORM storage
- Secure file system
- Secure file system for Oracle Single Instance
- Secure file system for PostgreSQL database
- Managing volumes and disk groups
- Section X. Reference
- Appendix A. Reverse path name lookup
- Appendix B. Tunable parameters
- Tuning the VxFS file system
- Methods to change Dynamic Multi-Pathing tunable parameters
- Tunable parameters for VxVM
- Methods to change Veritas Volume Manager tunable parameters
- Appendix C. Command reference
- Appendix D. InfoScale event logging
Configuring a secure file system using CLI
The purpose of this section is to provide the step-by-step procedure for configuring a SecureFS and enabling corruption or ransomware protection using CLI. These procedures are presented separately for clarity and ease of understanding.
Before configuring SecureFS, make sure that the vxfstaskd service is in running state. You can use systemctl status vxfstaskd to check the state of service.
Use the following command to create file system on existing volume. To create volume, use vxassist command:
# /opt/VRTS/bin/mkfs -t vxfs <path_of_volume>
Sample command and output:
# mkfs -t vxfs /dev/vx/rdsk/testdg/vol1
version 18 layout 20971520 sectors, 10485760 blocks of size 1024, log size 16384 blocks rcq size 1024 blocks largefiles supported maxlink supported WORM not supported maxts supported
Note:
For ransomware protection, a file system should be WORM-enabled or softworm-enabled. You can enable WORM on a file system using the command: /opt/VRTS/bin/fsadm -o worm <path_of_mountpoint>. For ransomware protection, use the -o worm option with the mkfs command.
Mount the file system:
# mount -t vxfs <path of volume> <mount point>
Sample command:
# mount -t vxfs /dev/vx/dsk/testdg/vol1 /mnt1
Create SecureFS configuration file:
# vxschadm create <mount point>
Sample command:
# vxschadm create /mnt1
You can configure the same SecureFS for both corruption and ransomware protection based on your requirements.
Prepare the volume for snapshot:
# vxsnap -g <disk-group name> prepare <volume name>
Sample command:
# vxsnap -g testdg prepare vol1
Enable the snapshot feature:
# vxschadm add snapshot <interval in cron format> <maximum number of snapshots> <mount_point>
Use the following snapshot format to configure snapshots:
Format : "mm hh dd MM ww" mm : minutes (0-59) or * hh : hours (0-23) or * dd : days (1-31) or * MM: months (1-12) or * ww: week (0-6) SUNDAY=0, SATURADAY=6
*: Refers 'per', for example, per minute, per hour, and so on.
Following is a sample output of a snapshot format:
Example 1: "30 15 * * *" Every day at 1530 hours, task will be executed. Example 2: "30 15 * * 6" Every Saturday at 1530 hours, task will be executed. Caution: "* * * * *" Every minute and hour options are not supported.
Get the list of snapshots at a given interval:
# vxsnap -g <diskgroup name> list <volume name>
Sample command and output:
# vxsnap -g testdg list vol1 NAME DG OBJTYPE SNAPTYPE PARENT PARENTDG SNAPDATE vol1 testdg vol - - - - - secfs_1204231555vol1 testdg vol spaceopt vol1 testdg 2023/04/12 15
You can independently enable and disable all the features. To delete the feature use following command:
# /opt/VRTS/bin/vxschadm delete snapshot <mount_point>
You can modify a configured feature using the "add" command:
# /opt/VRTS/bin/vxschadm add snapshot <interval in cron format> <maximum number of snapshot> <mount_point>
This completes the procedure for protecting the file system from corruption.
- Use the non-modifiable checkpoint for ransomware protection.
Enable the checkpoint feature using the following command:
# /opt/VRTS/bin/vxschadm add checkpoint <interval> <max_number> <retention> <time_mode> <removable> <mount_point>
Parameter
Description
<interval>
The time interval for creating a checkpoint. Specify the interval in the operating system crond format for scheduling a job.
Format: "mm hh dd MM ww" mm : minutes (0-59) or * hh : hours (0-23) or * dd : days (1-31) or * MM: months (1-12) or * ww: week (0-6) SUNDAY=0, SATURADAY=6 *: indicate "per". For example, per minute, per hour.
Note:
The interval must not be less than one hour.
<max_number>
The maximum number of checkpoints or snapshots that can exist at a time.
After the max count is reached, the oldest checkpoint or snapshot is removed before creating a new one. For checkpoints, the oldest checkpoint is removed only after its retention period has expired.
<retention>
The retention period for the checkpoint. Specify the input in digits, starting from zero (0).
The retention period is determined using the retention period value and the time unit specified in the <time_mode> argument value.
<time_mode>
The measurement unit for the retention period. Specify the input as follows:
Format: m or h or d or M or y m: minutes, h: hours, d: days, M: months, y: years
<removable>
Specifies whether the checkpoint is removable or not. If the value is set to 1, the checkpoint is deleted as per the ENOSPC condition.
The checkpoint is deleted only if the retention period is specified and has expired.
<mount_point>
The mount point for which to create the checkpoint.
Sample command and output:
# /opt/VRTS/bin/vxschadm add checkpoint "00 13 * * *" 5 5 h 0 /mnt1
Example 1: "30 15 * * *" Every day at 1530 hours, task will be executed. Example 2: "30 15 * * 6" Every Saturday at 1530 hours, task will be executed. Caution: "* * * * *" Every minute and hour options are not supported.
The checkpoints are created as a non-modifiable checkpoints and mounted in a read-only (RO) mode.
You can view the list of checkpoints using the following command:
# /opt/VRTS/bin/vxschadm show checkpoint <mount_point>
- Create a placement policy file using following set of fsppmk commands.
The following commands create a placement policy named "worm policy" with the RULE element as "normal", with user as "root", and output policy xml file as "sample.xml":
# fsppmk policy -b -n "worm policy" \-v 6.0 > /tmp/sample.xml # fsppmk rule -b -n "normal" \-t data >> /tmp/sample.xml # fsppmk select -b -u User1 \-g Group1 -p \*.mpg -d /test/dir1 .e >> /tmp/sample.xml # fsppmk relocate -b \-d tier1:2:MB -s tier2,tier3 >> /tmp/sample.xml # fsppmk qualifier -b -q iotemp \-t nwbytes -c gteq,200 -p 10 -e >> /tmp/sample.xml # fsppmk relocate -e >> /tmp/sample.xml # fsppmk rule -e >> /tmp/sample.xml # fsppmk policy -e >> /tmp/sample.xml
The following is a sample policy xml file created using fsppmk commands:
<?xml version = "1.0"> <!DOCTYPE FILE_PLACEMENT_POLICY_SYSTEM "/opt/VRTSvxfs/etc/placement_policy.dtd"> <PLACEMENT_POLICY Name="worm policy" Version="6.0"> <RULE Name="normal" Flags="data"> <SELECT> <DIRECTORY Flags=" recursive "> /test/dir1 </DIRECTORY> <PATTERN Flags=" nonrecursive "> *.mpg </PATTERN> <USER> root </USER> <GROUP> Group1 </GROUP> </SELECT> <RELOCATE> <FROM> <SOURCE> <CLASS> tier2 </CLASS> </SOURCE> <SOURCE> <CLASS> tier3 </CLASS> </SOURCE> </FROM> <TO> <DESTINATION> <CLASS> tier1 </CLASS> <BALANCE_SIZE Units = "MB"> 2 </BALANCE_SIZE> </DESTINATION> </TO> <WHEN> <IOTEMP Type="nwbytes"> <MIN Flags="gteq"> 200 </MIN> <PERIOD Units="days"> 10 </PERIOD> </IOTEMP> </WHEN> </RELOCATE> </RULE> </PLACEMENT_POLICY>
Validate the policy file.
# fsppadm validate <mount_point> <policy_file>
Sample command:
# fsppadm vlidate /mnt1 /tmp/sample.xml
Assign the policy file.
# fsppadm assign <mount_point> <policy_file>
Sample command:
# fsppadm assign /mnt1 /tmp/sample.xml
Add the policy to the secure file system.
# /opt/VRTS/bin/vxschadm add policy <interval in os cron format> <mount_point>
Sample command:
# /opt/VRTS/bin/vxschadm add policy "15 16 * * *" /mnt1
The ransomware protection file system procedure is completed.
You can independently enable and disable all the features. To delete the feature, use the following command:
# /opt/VRTS/bin/vxschadm delete {checkpoint | policy} <mount_point>
You can modify a configured feature using the "add" command:
# /opt/VRTS/bin/vxschadm add {checkpoint | policy} <mount_point>
Command for checkpoint:
# /opt/VRTS/bin/vxschadm add checkpoint <interval in os cron format> <maximum number of checkpoints> <retention time of checkpoint> <time mode> <type of checkpoint> <mount_point>
Command for policy:
# /opt/VRTS/bin/vxschadm add policy <interval in os cron format> <mount_point>
For more details about all the command options and arguments, see the vxschadm(1M), fsppadm(1M), and fsppmk(1M) manual pages.