Microsoft Virtualization Discussions

Set-NcCifsShare won't set OpLocks, ChangeNotify, and ABE.

JonR
2,464 Views

I created a test share using the powershell module NetApp.ONTAP 9.12.1.2302 against a NetApp running NetApp Release 9.11.1P7.

 

Connect-NcController <NetApp ClusterName>

$global:CurrentNcController.Vserver = <VServerName>

Add-NcCifsShare -name Test1 -Oplocks $true -AccessBasedEnumeration $true -ChangeNotify $true -Path /<flexGroupName>

 

The share is successfully created, but does not have the three settings set, so I tried to modify them:

 

Set-NcCifsShare -Name Test1 -Oplocks $true

 

When I do that, it does not give me feedback that something went wrong, but it also does not set the OpLocks to be true.  Also, if I have manually turned on one of the three mentioned settings, it turns all three off!  I tried it by creating the share with Add-NcCifsShare and using -ShareProperties @("oplocks","accessbasedenumberation","changenotify"), then I get this: 

 

Add-NcCifsShare: ShareProperties parameter specified, which is not supported for REST call

 

I will have to create a hundred shares in the next few days, and I really REALLY don't want to do it manually.  What am I missing? 

12 REPLIES 12

RobDBA
2,388 Views

This worked for me, or at least the last time I tried it did, to remove the browsable flag. And I've found it's usually a good idea to get the object in powershell before you set the object.  Also, I don't even see '-Oplocks' as a valid option to Set-NcCifsShare in the toolkit version I'm using.

 

Get-NcCifsShare ${DBUpper}_Images | Set-NcCifsShare -ShareProperties ('oplocks','changenotify','show_previous_versions')

RobDBA
2,386 Views

Here is some sample code I use to add a share and set the permissions on it.

 

Get-NcVol ${DBUpper}_Images | ForEach-Object {
    $_ | Add-NcCifsShare -Name ${DBUpper}_Images -Path /dbvol/${DBUpper}_Images -ShareProperties ('oplocks','changenotify','show_previous_versions')
    #Remove the "everyone" permission
    Get-NcCifsShareAcl ${DBUpper}_Images | Remove-NcCifsShareAcl
    $_ | Add-NcCifsShareAcl -Share ${DBUpper}_Images -UserOrGroup 'SOS\SOS-BMV-IS' -Permission read
    $_ | Add-NcCifsShareAcl -Share ${DBUpper}_Images -UserOrGroup 'SOS\'+${env:USERNAME} -Permission full_control
}

 

JonR
2,378 Views

Thanks for the info.  I did some playing after you said "The version I'm using", and removed the 9.12.1.2302 version I had installed, and installed the next last version that was 9.11.1.2208.  I ran my commands from before verbatim, and it worked.  I guess there is a problem with the newer version.  

KevinMDavis
914 Views

And, it's still broken in version 9.15*.  But it's clearly specified in `get-help add-nccifsshare`.  When I attempt to use the "-ShareProperties" parameter with my usual comma-delimited group, I receive the error:
"Add-NcCifsShare: ShareProperties parameter specified, which is not supported for REST call"
So I think, "oh!, then I can use the parameters that are defined in 'get-help' as 'This parameter is supported with Rest only'".  But that's a big, fat NOPE.
What's breaking for me is every single share property/parameter that's set with a boolean value: -Oplocks, -ShowSnapshot, -ChangeNotify.  And yes, they fail silently. So often I turn to this toolkit to make things go smoother and easier, and wind up spending an entire day fighting with a broken tool. 😡

mbeattie
869 Views

Hi Kevin,

 

Sorry it's not working for you. You could try using the "-ZapiCall" parameter when invoking the "Connect-NcController" CmdLet which will revert CmdLet's to using ZAPI's instead of REST. I know that doesn't solve the issue but it might be a workaround for you.

 

I agree there is a bug in this CmdLet (atleast with the "ShowSnapshot" parameter). When i tested it out and enabled debug logging, even though i specified the value as true it is not being set and isn't visable from the CLI output after creating the CIFS Share. When you do encounter such issues it's helpful to use the "Set-NaToolkitconfiguration" CmdLet logging level to debug and post the output. This displays the JSON or ZAPI that is being invoked by the CmdLet and will assist the developers to identify and fix the issue. EG:

 

PS C:\> Set-NaToolkitConfiguration -DebugLevel DEBUG

Log
---
{DataONTAP.PowerShell: DEBUG, DataONTAP.C.PowerShell: DEBUG, DataONTAP.HostUtilities: DEBUG, NetApp.Ontapi: DEBUG}


PS C:\> Add-NcCifsShare -Name qtree_001$ -Path /cifs_data_001/qtree_001 -Oplocks $true -ChangeNotify $true -ShowSnapshot $true -VserverContext vserver1
2024-08-09 21:06:28,224 INFO  DataONTAP.C.PowerShell.SDK.NcControllerCmdlet - Cmdlet invocation: Add-NcCifsShare -Name qtree_001$ -Path /cifs_data_001/qtree_001 -Oplocks $true -ChangeNotify $true -ShowSnapshot $true -Vserver
Context vserver1
2024-08-09 21:06:28,255 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Request Method]: POST
2024-08-09 21:06:28,255 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Request URL]: https://cluster1.testlab.local/api/protocols/cifs/shares
2024-08-09 21:06:28,286 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Request Body]: {"svm":{"name":"vserver1"},"name":"qtree_001$","path":"/cifs_data_001/qtree_001","oplocks":true,"change_notify":true,"encryption":tru
e}
2024-08-09 21:06:28,896 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Response StatusCode]: Created
2024-08-09 21:06:28,896 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Response Location Header]: /api/protocols/cifs/shares/a146e035-10f8-11ef-ac71-005056a0bb1e/qtree_001%24
2024-08-09 21:06:28,911 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Request Method]: GET
2024-08-09 21:06:28,911 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Request URL]: https://cluster1.testlab.local/api/protocols/cifs/shares/a146e035-10f8-11ef-ac71-005056a0bb1e/qtree_001$
2024-08-09 21:06:28,927 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Response]: {
  "svm": {
    "uuid": "a146e035-10f8-11ef-ac71-005056a0bb1e",
    "name": "vserver1",
    "_links": {
      "self": {
        "href": "/api/svm/svms/a146e035-10f8-11ef-ac71-005056a0bb1e"
      }
    }
  },
  "name": "qtree_001$",
  "path": "/cifs_data_001/qtree_001",
  "home_directory": false,
  "oplocks": true,
  "access_based_enumeration": false,
  "change_notify": true,
  "encryption": true,
  "unix_symlink": "local",
  "acls": [
    {
      "user_or_group": "Everyone",
      "type": "windows",
      "permission": "full_control"
    }
  ],
  "volume": {
    "name": "cifs_data_001",
    "uuid": "d07c117b-10f8-11ef-ac71-005056a0bb1e"
  },
  "no_strict_security": false,
  "show_snapshot": false,
  "continuously_available": false,
  "namespace_caching": false,
  "offline_files": "manual",
  "vscan_profile": "standard",
  "allow_unencrypted_access": false,
  "browsable": true,
  "show_previous_versions": true,
  "_links": {
    "self": {
      "href": "/api/protocols/cifs/shares/a146e035-10f8-11ef-ac71-005056a0bb1e/qtree_001%24"
    }
  }
}
2024-08-09 21:06:28,958 DEBUG DataONTAP.C.PowerShell.SDK.NcRestInterface - [Response StatusCode]: OK

CifsServer                ShareName       Path                                Comment
----------                ---------       ----                                -------
                          qtree_001$      /cifs_data_001/qtree_001

cluster1::> cifs share show -vserver vserver1 -fields share-properties -share-name qtree_001$
vserver  share-name share-properties
-------- ---------- ------------------------------------------------------------------
vserver1 qtree_001$ browsable,show-previous-versions,oplocks,changenotify,encrypt-data

I'll raise this with the developers.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

KevinMDavis
844 Views

Thanks for the reply Matt.  But...

PS C:\Users\********\bin> Get-NaToolkitConfiguration -Verbose |fl

Log : {DataONTAP.PowerShell: DEBUG, DataONTAP.C.PowerShell: DEBUG, DataONTAP.HostUtilities: DEBUG, NetApp.Ontapi: DEBUG}

PS C:\Users\*********\bin> Add-NcCifsShare -Name FOO -Path /CHL/foo -Oplocks $TRUE -ChangeNotify $TRUE -ShowSnapshot $TRUE -SymlinkProperties enable -Comment "OWNER: FOO; PRJ0010897"
2024-08-09 10:29:57,601 INFO  DataONTAP.C.PowerShell.SDK.NcControllerCmdlet - Cmdlet invocation: Add-NcCifsShare -Name FOO -Path /CHL/foo -Oplocks $TRUE -ChangeNotify $TRUE -ShowSnapshot $TRUE -SymlinkProperties enable -Comment "OWNER: FOO; PRJ0010897"
2024-08-09 10:29:57,615 ERROR DataONTAP.PowerShell.SDK.Host.Usage.CmdletUsageLog - NcCmdletUsageLog.Save failed.
System.UnauthorizedAccessException: Access to the path 'C:\ProgramData\OnCommand\PSToolkit\usagelog\usagelog_4a417627-317e-11e6-b560-00a0986866c3.xml' is denied.
   at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.StreamWriter.ValidateArgsAndOpenPath(String path, Boolean append, Encoding encoding, Int32 bufferSize)
   at System.IO.StreamWriter..ctor(String path)
   at DataONTAP.PowerShell.SDK.Host.Usage.CmdletUsageLog.Save() in R:\rtprlse11\npstk\nightly\devN_240707_2200\bedrock\private\ontap_pstk\ONTAP.PowerShell.Toolkit.Host\Usage\CmdletUsageLog.cs:line 157
Add-NcCifsShare: SymlinkProperties parameter specified, which is not supported for REST call


Don't know why it would be denied access.  I've two PS sessions open. This one is run a powershell CLI launched with a domain account with elevated privs. That account is also a member of the local administrators group, and has full control NTFS permissions to "C:\ProgramData\OnCommand\PSToolkit\usagelog\":

PS C:\Users\hcdavisk08\bin> Get-NTFSEffectiveAccess -Path C:\ProgramData\OnCommand\PSToolkit\usagelog -Account UMASSMEMORIAL\hcdavisk08 |fl
WARNING: The user does not hold the Security Privliege and might not be able to read the effective permissions

Name               : usagelog
FullName           : C:\ProgramData\OnCommand\PSToolkit\usagelog
InheritanceEnabled : False
InheritedFrom      :
AccessControlType  : Allow
AccessRights       : FullControl
Account            : *********\*********
InheritanceFlags   : None
IsInherited        : False
PropagationFlags   : None
AccountType        : user

In my other PS session, launched from my non-privileged account (which is the one I should be using), I can't even change the debug setting.
"Set-NaToolkitConfiguration: Access to the path 'C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetApp.ONTAP\LogSettings.xml' is denied." 
This account is also in the local admin group, however, and has full access NTFS permissions to the file in question:

Name               : LogSettings.xml
FullName           : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\NetApp.ONTAP\LogSettings.xml
InheritanceEnabled : False
InheritedFrom      :
AccessControlType  : Allow
AccessRights       : FullControl
Account            : **********\*******
InheritanceFlags   : None
IsInherited        : False
PropagationFlags   : None
AccountType        : user







Oh, the only other thing of note that I would add to the above is, the privileged account CLI session is the native PS7 CLI, the non-priveleged is launched within VSCode using the powershell extension.

Matt,

I did get the debug working.  And was able to connect with ZapiCall, and indeed, the Add-NcCifsShare command worked with all properties except showsnapshot.

 

And while all of this is a little interesting, it's of no help.  Because, if I still have to go to the filer console to set the showsnapshot property on the 177 new qtrees/shares I have to create, I might as well do it all from there.  So I'm back to BASH/Awk/SSH and PS for AD/ACLs/DFS etc.

Sure would be nice if this bug, being it's known, were published, and trackable, so customers wouldn't be wasting valuable time wrestling with KNOWN issues; "known" but nevertheless included in the get-help doco as available.

mbeattie
725 Views

Hi Kevin,

 

I agree with you that this is badly broken and I'm not sure how such errors could possibly make it into a production release...but as a work around for you it is still possible to use ZAPI to set the "showsnapshot" property using the Invoke-NcSystemApi CmdLet. EG:

 

$share    = "qtree_001$"
$vserver  = "vserver1"
$cluster  = "cluster1.testlab.local"
$property = "showsnapshot"
Connect-NcController -Name $cluster -ZapiCall -Credential (Get-Credential) | Out-Null
$command  = @("cifs", "share", "properties", "add", "-share-name", $share, "-vserver", $vserver, "-share-properties", $property)
$api      = $("<system-cli><args><arg>" + ($command -join "</arg><arg>") + "</arg></args></system-cli>")
$output   = Invoke-NcSystemApi -Request $api -ErrorAction Stop
Write-Host $("Executed Command`: " + $([String]::Join(" ", $command)))
If($output.results."cli-result-value" -eq 1){
   Write-Host "Set $property property for CIFS Share $share on vserver $vserver on cluster $cluster"
}Else{
   Write-Warning -Message $("Failed setting $property property for CIFS Share $share on vserver $vserver on cluster $cluster. Error " + $_.Exception.Message)
}

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mbeattie
726 Views

Hi Kevin,

 

I had to use the "run as admin" option to open an elevated PowerShell session to be able to use the "Set-NaToolkitConfiguration" CmdLet. Also I have reached out internally to the PSTK development team to look into the issues with the "Add-NcCifsShare" CmdLet for you.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

KevinMDavis
854 Views

Exactly.  My experience as well, with both PSTK 9.12 and 9.15.

And like you, I have to create hundreds of qtrees/shares and set quotas on each. 

Sure would be nice to keep it all in PowerShell, where I can set ACLs on the targets, create and populate the AD Groups to add to those ACLs, etc. 

Would have been nice to know this was broken BEFORE I spent most of my day yesterday trying to figure out where I was going wrong. 

You'd think that something at v.9.15 would be long out of Beta.
Guess I'll have to just go back to BASH and AWK to generate the filer-side stuff and either paste in into an SSH session or run it from a Linux box.  And turn to PowerShell for the Windows stuff.

 

mbeattie
702 Views

Hey Kevin,

 

As a work around, here is a script that you can use which will enable you to add or remove any CIFS share property from a Comma Delimited text file of CIFS Shares using ZAPI.

 

 

Param(
   [Parameter(Mandatory = $True, HelpMessage = "The UNC Path of the CSV file to read containing a comma delimited list of CIFS Shares")]
   [String]$FilePath,
   [Parameter(Mandatory = $True, HelpMessage = "The CIFS Share Property to set. Valid values are 'opslock','browsable','showsnapshot','changenotify','homedirectory','attributecache','branchcache','continuously_available','shadowcopy','access_based_enumeration'")]
   [ValidateSet("opslock","browsable","showsnapshot","changenotify","homedirectory","attributecache","branchcache","continuously_available","shadowcopy","access_based_enumeration")]
   [String]$ShareProperty,
   [Parameter(Mandatory = $True, HelpMessage = "The Method to invoke for the CIFS Share Property. Valid values are 'add' or 'remove'")]
   [ValidateSet("add","remove")]
   [String]$Method,
   [Parameter(Mandatory = $True, HelpMessage = "The Credential to authenticate to ONTAP")]
   [ValidateNotNullOrEmpty()]
   [System.Management.Automation.PSCredential]$Credential
)
#'------------------------------------------------------------------------------
#'Initialization Section.
#'------------------------------------------------------------------------------
$stopwatch          = [system.diagnostics.stopwatch]::StartNew()
[String]$scriptPath = Split-Path($myinvocation.mycommand.path)
[String]$scriptSpec =  $MyInvocation.MyCommand.Definition
[String]$scriptName = (Get-Item $scriptSpec).Name
[Int]$errorCount    = 0
#'------------------------------------------------------------------------------
#'Read the CSV file of CIFS Shares.
#'------------------------------------------------------------------------------
If(-Not(Test-Path -Path $FilePath)){
   Write-Host "The file ""$FilePath"" does not exist"
   Exit 0
}
Try{
   $shares = Import-Csv -Path $FilePath -Delimiter ","
}Catch{
   Write-Warning -Message $("Failed importing CSV file ""$FileSpec"". Error " + $_.Exception.Message)
   Exit -1
}
#'------------------------------------------------------------------------------
#'Set the CIFS share property for each share in the CSV file using ZAPI.
#'------------------------------------------------------------------------------
ForEach($share In $shares){
   Write-Host $share.share
   Do{
      If($global:CurrentNcController.Name -ne $share.cluster){
         Try{
            Connect-NcController -Name $share.cluster -ZapiCall -Credential $Credential | Out-Null
         }Catch{
            Write-Warning -Message $("Failed connecting to cluster """ + $share.cluster + """. Error " + $_.Exception.Message)
            Break;
         }
      }
      If($Method -eq "add"){
         $command = @("cifs", "share", "properties", "add", "-share-name", $share.share, "-vserver", $share.vserver, "-share-properties", $ShareProperty)
      }Else{
         $command = @("cifs", "share", "properties", "remove", "-share-name", $share.share, "-vserver", $share.vserver, "-share-properties", $ShareProperty)
      }
      $api      = $("<system-cli><args><arg>" + ($command -join "</arg><arg>") + "</arg></args></system-cli>")
      $output   = Invoke-NcSystemApi -Request $api -ErrorAction Stop
      Write-Host $("Executed Command`: " + $([String]::Join(" ", $command)))
      If($output.results."cli-result-value" -eq 1){
         Write-Host $("Set ""$ShareProperty"" property using the ""$Method"" method for CIFS Share """ + $share.share + """ on vserver """ + $share.vserver + """ on cluster """ + $share.cluster + """")
      }Else{
         Write-Warning -Message $("Failed setting ""$ShareProperty"" property using the ""$Method"" method for CIFS Share """ + $share.share + """ on vserver """ + $share.vserver + """ on cluster """ + $share.cluster + """. Error " + $_.Exception.Message)
         $errorCount++
      }
   }Until($True)
}
#'------------------------------------------------------------------------
#'Log the error count.
#'------------------------------------------------------------------------
If($errorCount -ne 0){
   Write-Warning -Message $("The script ""$scriptName"" completed with $errorCount errors in " + $Stopwatch.Elapsed.TotalSeconds + " Seconds")
}Else{
   Write-Host $("The script ""$scriptName"" completed successfully in " + $Stopwatch.Elapsed.TotalSeconds + " Seconds")
}
#'------------------------------------------------------------------------

 

CSV input:

 

Cluster,Vserver,Share
cluster1.testlab.local,vserver1,qtree_001$

 

Usage:

 

PS E:\Scripts\PowerShell\Projects\SetCifsShareProperty> .\SetCifsShareProperty.ps1 -FilePath .\CifsShares.csv -ShareProperty showsnapshot -Method add -Credential $credentials
Executed Command: cifs share properties add -share-name qtree_001$ -vserver vserver1 -share-properties showsnapshot
Set "showsnapshot" property using the "add" method for CIFS Share "qtree_001$" on vserver "vserver1" on cluster "cluster1.testlab.local"
The script "SetCifsShareProperty.ps1" completed successfully in 0.0504715 Seconds

PS E:\Scripts\PowerShell\Projects\SetCifsShareProperty> .\SetCifsShareProperty.ps1 -FilePath .\CifsShares.csv -ShareProperty showsnapshot -Method remove -Credential $credentials
Executed Command: cifs share properties remove -share-name qtree_001$ -vserver vserver1 -share-properties showsnapshot
Set "showsnapshot" property using the "remove" method for CIFS Share "qtree_001$" on vserver "vserver1" on cluster "cluster1.testlab.local"
The script "SetCifsShareProperty.ps1" completed successfully in 0.061015 Seconds

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Public