Closing Locked Files using PowerShell in cDOT

by Frequent Contributor on ‎2014-06-07 08:34 PM

Hi,

Clustered Data ONTAP doesn't support closing locked CIFS files using the MMC yet (coming in a future release) ...but even then do you really want to waste your time clicking in a GUI just to close a locked file?

I'd posted a previous solution for closing locked files in 7-Mode using sysinternals psfile.exe here:

https://communities.netapp.com/thread/22165

Unfortunately psfile.exe doesn't behave well with cDOT and I required the same functionality in cDOT for closing locked CIFS files on a vserver...so I developed a work around solution in the interim (see code and example output below).

I'll be porting this into a WFA workflow and uploading to communities. Hope this helps

Matt

Example Output:

PS C:\Scripts\> .\CloseLockedFile.ps1 -FileSpec "\\vserver1\share1$\folder1\data\employees.accdb"
The Script "CloseLockedFile.ps1" Started Processing.
Imported Module "DataOnTap"
Please enter the password for user "vsadmin": *************
Connected to vserver "vserver1"
Enumerated the mount point for CIFS share "share1$" as "/volume1/qtree1"

NcController : vserver1
Value        :
               2 entries were acted on.

Executed Command: set advanced;vserver locks break -vserver vserver1 -volume volume1 -lif * -path /volume1/qtree1/folder1/data/employees.accdb
The Script "CloseLockedFile.ps1" Completed Successfully.

#'------------------------------------------------------------------------------

Param(

   [CmdletBinding()]

   [Parameter(Position=0,

      Mandatory=$True,

      ValueFromPipeLine=$True,

      ValueFromPipeLineByPropertyName=$True)]

   [String]$FileSpec

)

<#'-----------------------------------------------------------------------------

'Script Name : CloseLockedFile.ps1  

'Author      : Matthew Beattie

'Email       : mbeattie@netapp.com

'Created     : 08/06/14

'Description : This script closes a locked file on a CIFS share on a

'            : NetApp storage controller running Clustered Data ONTAP.

'            : It accepts a FileSpec parameter containing the UNC Path of the

'            : file to close.

'-----------------------------------------------------------------------------#>

#'Initialization Section.

#'------------------------------------------------------------------------------

[String]$scriptPath     = Split-Path($MyInvocation.MyCommand.Path)

[String]$scriptSpec     = $MyInvocation.MyCommand.Definition

[String]$scriptBaseName = (Get-Item $scriptSpec).BaseName

[String]$scriptName     = (Get-Item $scriptSpec).Name

Write-Host "The Script ""$scriptName"" Started Processing."

#'------------------------------------------------------------------------------

#'Split the files UNC Path into variables.

#'------------------------------------------------------------------------------

[String]$modulename = "DataOnTap"

[Array]$elements    = $fileSpec -Split [regex]::Escape("\")

[String]$hostName   = $elements[2]

[String]$shareName  = $elements[3]

[String]$fileName   = $elements[$elements.Length -1]

[String]$folderPath = "/"

#'------------------------------------------------------------------------------

#'Import the Data ONTAP powershell module.

#'------------------------------------------------------------------------------

Try{

   Import-Module $moduleName -ErrorAction Stop

   Write-Host "Imported Module ""$moduleName"""

}Catch{

   Write-Error "Failed Importing Module ""$moduleName"""

   Break;

}

#'------------------------------------------------------------------------------

#'construct the folder path between the share and file name.

#'------------------------------------------------------------------------------

For($i=4; $i -lt ($elements.Count -1); $i++){

   [String]$folderPath = $folderPath + $elements[$i] + "/"

}

#'------------------------------------------------------------------------------

#'Ensure the vserver is online and responding to ICMP requests.

#'------------------------------------------------------------------------------

If(-Not(Test-Connection -computername $hostName -count 1)){

   Write-Warning "The vserver ""$hostName"" did not respond to an ICMP request"

   Break;

}

#'------------------------------------------------------------------------------

#'Prompt for credentials to connect to the vserver.

#'------------------------------------------------------------------------------

[String]$username = "vsadmin"

[System.Security.SecureString]$password = `

Read-Host "Please enter the password for user ""$username""" -AsSecureString

[System.Management.Automation.PSCredential]$credentials = `

New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password

#'------------------------------------------------------------------------------

#'Connect to the vserver.

#'------------------------------------------------------------------------------

Try{

   Connect-NcController -Name $hostName -Credential $credentials -HTTPS -ErrorAction Stop | Out-Null

   Write-Host "Connected to vserver ""$hostName"""

}Catch{

   Write-Error "Failed connecting to vserver ""$hostName"""

   Break;

}

#'------------------------------------------------------------------------------

#'Enumerate the mount point of the CIFS share matching the share name.

#'------------------------------------------------------------------------------

Try{

   [String]$mountPoint = Get-NcCifsShare -Name $shareName -ErrorAction Stop | `

                         Select-Object -ExpandProperty Path

   Write-Host "Enumerated the mount point for CIFS share ""$shareName"" as ""$mountPoint"""

}Catch{

   Write-Error "Failed enumerating the CIFS share named ""$shareName"""

   Break;

}

#'------------------------------------------------------------------------------

#'Set the command to close the locked CIFS file

#'------------------------------------------------------------------------------

[String]$volumeName = $mountPoint.Split("/")[1]

[String]$filePath   = "$mountPoint$folderPath$fileName"

[String]$command    = "set advanced;vserver locks break -vserver $hostName -volume $volumeName -lif * -path $filePath"

#'------------------------------------------------------------------------------

#'Invoke the command to close the CIFS locked files.

#'------------------------------------------------------------------------------

Try{

   Invoke-NcSsh -Name $hostName -Command $command -Credential $credentials -ErrorAction Stop

   Write-Host "Executed Command: $command"

}Catch{

   Write-Error "Failed executing Command: $command"

   Break;

}

Write-Host "The Script ""$scriptName"" Completed Successfully."

#'------------------------------------------------------------------------------

Comments
Frequent Contributor

Attached the WFA workflow which also supports DFS integration. The requirements are:

  • The “vsadmin” account enabled on the vserver serving the CIFS share
  • The credentials for the “vsadmin” account are added to the WFA Cache
  • The file input parameter must be in double quotes
  • DFS Management utilities installed on the WFA server
    >Install-WindowsFeatuure RSAT-DFS-Mgmt-Con


NOTE: If WFA is installed on Windows Server 2012 R2 the DFSN powershell module could be integrated to manage the DFS namespace instead of "dfsutil.exe" http://technet.microsoft.com/en-us/library/jj884270.aspx)

I am trying to implement this and having a problem.  Wondering if anyone can help.

 

Looking at another thread for 7 mode, I found a way to add the WARNING message to see a little more of what is happening.  I add that code and also ser -VERBOSE mode.

 

This is the error message I get.

 

VERBOSE: Trying HTTP/HTTPS
WARNING: Failed connecting to Controller "vserver_test". Object reference not set to an instance of an object.
C:\Users\me\CloseLockedFile.ps1 : Failed connecting to vserver "vserver_test"
+ CategoryInfo : NotSpecified: (Smiley Happy [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,CloseLockedFile.ps1

 

Connecting from a command line directly, I get this.

 

PS C:\Users\me\PowerShell> Connect-NcController vserver_test
Connect-NcController : Object reference not set to an instance of an object.
At line:1 char:1
+ Connect-NcController vserver_test
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (vserver_test:NcController) [Connect-NcController], NullReferenceExcep
tion
+ FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.C.PowerShell.SDK.ConnectNcController

 

If I go to a 7Mode filer and change Nc to Na, it seems to work.

 

Any ideas?

Frequent Contributor

Hi There,

 

This script assumes you are authenticating to the vserver as "vsadmin" so you might need to change the $username variable if you are attempting to use a different user. Also i'd check that your vserver named "vserver_test" has the appropriate A & PTR records registered in DNS otherwise you can use the vservers IP Address instead. Are you able to connect to the vserver using the followin PowerShell code:

 

Import-Module DataONTAP

$hostname    = "vserver_test" #Note you could also use the IP Address of the vserver
$username    = "vsadmin"
$password    = Read-Host "Please enter the password for user ""$username""" -AsSecureString
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password
Connect-NcController -Name $hostname -Credential $credentials -HTTPS

 

Let me know, hope that helps

 

/matt

I had been using either my personal ID or the root ID and those do the same thing.  No, the script you put here did not work.  Did the same thing.

 

I put in the IP address and still got the same output.

 

Import-Module DataONTAP
$hostname = "172.30.XX.XX" #Note you could also use the IP Address of the vserver
$username = "root"
$password = Read-Host "Please enter the password for user ""$username""" -AsSecureString
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password
Connect-NcController -Name $hostname -Credential $credentials -HTTPS

 

PS C:\Users\me> C:\Users\me\dotlogin.ps1
Connect-NcController : Object reference not set to an instance of an object.
At C:\Users\me\dotlogin.ps1:6 char:1
+ Connect-NcController -Name $hostname -Credential $credentials -HTTPS
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (172.30.XX.XX:NcController) [Connect-NcController], NullReferenceException
+ FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.C.PowerShell.SDK.ConnectNcController

Hmmm.  I decided to try invalid credentials.  Weird!  It does not say "Incorrect credentials" like it should.  I get the same "Object reference not set to an instance of an object" message instead.

 

This is making me wonder if the filer has some config setting that is not right.

Frequent Contributor

Hi,

 

I noticed you changed the username variable to "root". If you are looking for a solution to closing locked files for 7-Mode systems then i've posted a script here:

 

http://community.netapp.com/t5/Microsoft-Cloud-and-Virtualization-Discussions/Unlocking-files-via-Powershell/m-p/47124#M2213

 

I would advise ensuring that you can SSH to the vserver as vsadmin using Putty. Try logging onto the cluster as "admin" and checking the state of the vsadmin account on the vserver.

 

cluster1> security login show -vserver vserver1

Vserver: vserver1
                             Authentication                  Acct
UserName         Application Method         Role Name        Locked
---------------- ----------- -------------- ---------------- ------
TESTLAB\Administrator
                 ssh         domain         vsadmin          -
vsadmin          ontapi      password       vsadmin          no
vsadmin          ssh         password       vsadmin          no

 

Ensure the vsadmin account is not Locked. If not and you still can't authenticate to the vserver as that account then can you check the logs and post the error. Thanks

 

/matt

Well, it is a test system.  So I should have susepcted that it was not configured right.  I could not ssh directly to the vserver.  I could connect to cifs shares.

 

There were no network interfaces configured with management access.  They were all data only.  DOH!

 

It's working now that I created a new interface.

Thanks a lot!  You have been a lot of help and this is a good learning experience.

 

I am curious about how this is different from using Computer Manager and remotely closing the files in the GUI.

 

This is what I see ...

 

If I close the files with the GUI, running a `vserver locks show` shows the files closed.

 

If I close the file on the filer with `vserver locks break ...`, the GUI shows the file as still locked.

 

My guess is that the GUI is not updating right, even when clicking refresh, or even closing and reopening the console.

 

I even remoted to another windows server and opened a new computer management console there to remotely look at the Open Files and the file shows open.

 

That makes me think that maybe the file really isn't closed yet after running vserver locks break.

 

Does this make sense?  Which should I trust?

 

Or ... is this what you meant by "Clustered Data ONTAP doesn't support closing locked CIFS files using the MMC yet (coming in a future release)"?

Warning!

This NetApp Community is public and open website that is indexed by search engines such as Google. Participation in the NetApp Community is voluntary. All content posted on the NetApp Community is publicly viewable and available. This includes the rich text editor which is not encrypted for https.

In accordance to our Code of Conduct and Community Terms of Use DO NOT post or attach the following:

  • Software files (compressed or uncompressed)
  • Files that require an End User License Agreement (EULA)
  • Confidential information
  • Personal data you do not want publicly available
  • Another’s personally identifiable information
  • Copyrighted materials without the permission of the copyright owner

Files and content that do not abide by the Community Terms of Use or Code of Conduct will be removed. Continued non-compliance may result in NetApp Community account restrictions or termination.