Network and Storage Protocols

CIFS Widelink implementation in a WIntell Environment

ROBIN_MINSHALL
6,968 Views

Hello,

i've been reaseraching ways to implement a single namespace CIFS environment with netapp and it looks like the way this should be done is with Widelinks. I have however been looking at a configuration guide or setup steps that show the full process of doing this and so far i cant find anything that works. everything seems to be using NFS or nix client to create the link which i would prefer to not do - as this would prove a headache if we want to quickly add another share/symlink

Can anyone help.

our environment is a HA pair of .7 FAS controlers.

i would like to know how to configure the following

ControlerA:/Vol/Volume1/VolumeQtree/Sharename   -->  ControlerB:/Vol/Volume2/VolumeQtree/share

Idealy i would like it to work so a user could browser the following UNC \\storagedevice\sharename\    and view the content on controlerB

the dificulty that i am having is how to create the symlynks, and the correct format for the symlink.translation files

any help would be greatly appreciated. perhaps we could put out an offiical guide for this that does not involve NFS or nix clients

Thanks

Robin

7 REPLIES 7

scottgelb
6,968 Views

Poor mans DFS   Here is an example from my laptop and VSIMs below and also some copy/paste from NetApp docs and kbs that cover the topic very well...a little tricky but easy once you get the example processed a couple times.  7-Mode example so different commands for cDOT but can be done in cDOT too.  Note that relative path links follow automatically per below with no symlink entry.  Also if you can use windows dfs that would be better with a gui to manage and replication.  I don't know of a windows tool to create the symlink (I used my OSX nfs mount to do that) but remember someone posting a a tool somewhere that created links... or worst case you could use the ONTAP systemshell, sudo mount and run the ln command from bsd... not ideal since support for systemshell isn't for us to do this but if you don't have a linux machine or any unix system that can mount that would be a workaround.

----------------------------------------------------------------example

Symlink file created by an nfs client can be used as a cifs widelink to redirect symlinks on a filer...using DFS on the cifs client.  It can be a share on the same filer or another filer.  A poor mans name space without a dfs server... a little tricky, but a few experiments and it works great... matching the unix symlink to a translation file on the filer to the actual cifs share target is the key that puts it together. 

ABSOLUTE SYMBOLIC LINKS ONLY!

RELATIVE LINKS FOLLOW AUTOMATICALLY....no mapping needed... and no widelink option set on the share itself...handled by "options cifs.symlinks.enable on" for relative paths... default is on.

Note: CIFS client users who follow symlinks to resources outside the link’s share do not work,

unless the cifs share -nosymlink_strict_security option has been specified for the source

share.

Widelink Time To Live

    options cifs.widelink.ttl     # timeout for widelink updates... default is 600 (10 minutes)

*********************************************************

*** Create widelink root and a local_link volume on FAS6080A and create remote_link volume on FAS6080B

*********************************************************

fas6080a> vol create wideroot aggr1 20m

fas6080a> vol create local_link aggr1 1024m

fas6080b> vol create remote_link aggr1 1024m

*********************************************************

Create Qtrees on both root, local and target volumes (not required) (Share root with widelinks)

*********************************************************

FAS6080A> qtree create /vol/local_link/wide_local_target

FAS6080B> qtree create /vol/remote_link/wide_remote_target

FAS6080A> cifs shares -add wideroot /vol/wideroot -widelink cifs share -nosymlink_strict_security   # enable widelink on root cifs share and also alo remote shares outside the share

FAS6080A> cifs shares -add local  /vol/local_link/wide_local_target

FAS6080B> cifs shares -add remote /vol/remote_link/wide_remote_target

### FOR CIFS HOME DIR - we can't set to the dynamic share, but can assign to the virtual share so it applies to all virtual homedirs ###

    cifs shares -change cifs.homedir [ -widelink | -nowidelink]

FAS6080A

-----------

local        /vol/local_link/wide_local_target

                        everyone / Full Control

wideroot     /vol/wideroot

             ... widelinks supported

                        everyone / Full Control

FAS6080B

---------

remote       /vol/remote_link/wide_remote_target

                        everyone / Full Control

*** write some data to a file in each link...

FAS6080A> wrfile /vol/local_link/wide_local_target/local_link.txt

FAS6080B> wrfile /vol/remote_link/wide_remote_target/remote_link.txt

*********************************************************

*** Create symlinks from unix/linux/mac/unixtools on windows   *** This is just to create the links...not needed after..

*********************************************************

scott-gelbs-macbook-pro:/ root# cd /mnt

scott-gelbs-macbook-pro:/ root# mkdir wideroot

scott-gelbs-macbook-pro:/ root# mkdir local

scott-gelbs-macbook-pro:/ root# mkdir remote

scott-gelbs-macbook-pro:/ root# mount 192.168.150.201:/vol/wideroot /wideroot

scott-gelbs-macbook-pro:/ root# mount 192.168.150.201:/vol/local_link /local

scott-gelbs-macbook-pro:/ root# mount 192.168.150.202:/vol/remote_link /remote

### Create the symlink in the source share for both local and target - syntax is "ln -s source target"

scott-gelbs-macbook-pro:/ root# ln -s /mnt/local/wide_local_target    /mnt/wideroot/local_link

scott-gelbs-macbook-pro:/ root# ln -s /mnt/remote/wide_remote_target  /mnt/wideroot/remote_link

### Show links and cd to links to make sure they work.. note: for a widelink to work, the symlink doesn't have to be valid, but it's nice if they do work and go to the same place.  The widelink just takes the value of the links target as the mapping value to a cifs share.

scott-gelbs-macbook-pro:/ root# ls -l /mnt/wideroot

total 2

lrwxrwxrwx  1 root  wheel  26 Mar 17 10:22 local_link ->  /mnt/local/wide_local_target

lrwxrwxrwx  1 root  wheel  27 Mar 17 10:23 remote_link -> /mnt/remote/wide_remote_target

scott-gelbs-macbook-pro:/ root# cd /mnt/wideroot

scott-gelbs-macbook-pro:wide_source root# cd local_link

scott-gelbs-macbook-pro:local_link root# pwd

/mnt/local/local_link

scott-gelbs-macbook-pro:local_link root# ls -l

total 0

-rw-r--r--  1 65534  wheel  0 Mar 17 10:17 local_widelink.txt

scott-gelbs-macbook-pro:local_link root# cd /mnt/wideroot

scott-gelbs-macbook-pro:wide_source root# cd remote_link

scott-gelbs-macbook-pro:remote_link root# pwd

/mnt/remote/remote_link

scott-gelbs-macbook-pro:remote_link root# ls -l

total 0

-rw-r--r--  1 65534  wheel  0 Mar 17 10:19 remote_widelink.txt

*********************************************************

*** Now... for CIFS to use this we have to create /etc/symlink.translations on the filer.

*** THIS IS KEY TO LINK THE symlink target to the cifs share local or remote... add the * at the end of the link and share or it won't work..  The first value is the value in the link (doesn't have to be valid) but the second value must be a valid cifs share

*********************************************************

FAS6080A> wrfile /etc/symlink.translations   # or use vi or notepad/wordpad... must use the "*"

widelink /mnt/local/wide_local_target/*  \\192.168.150.201\local\*

widelink /mnt/remote/wide_remote_target/* \\192.168.150.202\remote\*

*********************************************************

*** Test on Windows

*********************************************************

net use w: \\192.168.150.200\wideroot  # map source only...then go to local_link and remote_link.. dfs referrals are used... the symlinks look like directories... a poor mans namespace without a dfs server...

--------------------------------------------------------------------------------------------

Contents of POORLY written /etc/symlink.translations file

=========================================================

Widelink /root/home/user1/* \\homeFiler\homeShare\user1\*

Widelink /root/home/user2/* \\homeFiler\homeShare\user2\*

Widelink /root/home/user3/* \\homeFiler\homeShare\user3\*

Widelink /root/home/user4/* \\homeFiler\homeShare\user4\*

Widelink /root/home/user5/* \\homeFiler\homeShare\user5\*

.........and so on for 1000 users......

Contents of WELL written /etc/symlink.translations file

=========================================================

Widelink /root/home/* \\homeFiler\homeShare\*

Boom! One entry replaces 1000 entries.

--------------------------------------------------------------------------------------------

symlink.translations

NAME

na_symlink.translations - Symbolic link translations to be applied to CIFS path lookups

SYNOPSIS

/etc/symlink.translations

DESCRIPTION

When the CIFS server encounters a symbolic link (also called a "symlink," or "soft link"), it attempts to follow the link. If the symlink target is a path that starts with a "/", the filer must interpret the rest of the path relative to the root of the file system. On the filer, there is no way to know how NFS clients (which must be used to create the symlinks) might have mounted filesystems, so there is no reliable way to follow such absolute, or "rooted" symlinks. The symlink.translations file enables you to use absolute symlinks by mapping them to CIFS-based paths.

The entries in this file are similar to the httpd.translations file. There are two formats for file entries, as follows:

Map template result

Widelink template [@qtree] result

Any request that matches template is replaced with the result string given. Note that the result path for a "Map" entry must point to a destination within the share to which the client is connected. This is because the client has only been authenticated to that share; therefore access is limited to the same share for security reasons. A result path for a "Widelink" entry may point anywhere, thus the name "wide symlink" or widelink for short. Widelinks have these limitations-- the filer share on which the symlink resides must be enabled for wide symlinks, the CIFS client must support Microsoft's Dfs protocol, and the destination must be able to function as a Dfs leaf node. By using Dfs requests, the filer causes the client to authenticate with the destination and thus enforces security. To enable a filer share for "wide symlinks", use the "cifs shares -change" filer console command.

Both templates and results might (and usually do) contain wildcards (a star "*" character). The wildcard behaves like a shell wildcard in the template string, matching zero or more characters, including the slash ("/") character. In the result string, a wildcard causes text from the corresponding match in the template string to be inserted into the result.

The entries are examined in the order they appear in the file until a match is found or the lookup fails.

EXAMPLES

This example maps absolute symlinks that start with "/u/home" to go to the filer path "/vol/vol2/home". Also, symlinks starting with "/u" go to "/vol/vol0". Note that you should put the more restrictive entries first to avoid premature mapping since the matches are done in order.

#

# Example Map symlink translations

#

Map /u/home/* /vol/vol2/home/*

Map /u/* /vol/vol2/*

The next example maps absolute symlinks that start with "/u/docs/" to go to the filer path "\\filer\engr\tech pubs". Note that widelink result paths use CIFS pathname syntax (backslashes are separators, spaces in path components are allowed, and so on).

#

# Example Widelink symlink translation

#

Widelink /u/docs/* \\filer\engr\tech pubs\*

The next example maps absolute symlinks that start with "/u/joe". Note that depending on how NFS mounts are set up, it is possible that there could be several absolute symlinks pointing to "/u/joe" which need to have differing destinations. The qtree in which a symlink resides can optionally be used to distinguish destinations. Thus, following an absolute symlink starting with "/u/joe" in qtree /vol/vol1/mixed takes the client to "\\filer\home\joe", while symlinks in other qtrees take the client to "\\filer\test tools\joe".

#

# Example Widelink symlink translations #

Widelink /u/joe/* @/vol/vol1/mixed \\filer\home\joe\*

Widelink /u/joe/*            \\filer\test tools\joe\*

Note that there is no theoretical reason why a wide symlink can't point to another filer or indeed any NT server, though it may be difficult to imagine the translated link making sense to the Unix client which created the original symlink.

#

# More Widelink examples

#

Widelink /u/joe/* @/vol/vol1/mixed \\netapp2\users2\joe\*

Widelink /u/joe/* \\joe-PC\Program Files\*

billshaffer
6,968 Views

The man page for symlink.translations says that the symlink must be created by an NFS client.  I'm sure there's a way around it (maybe), but I've never seen it.

As for the format of the symlink.translations file:

Widelink <symlink_target> <share_to_redirect_to>

Pretty sure the symlink target has to be rooted at /.

So if you create a symlink in \\controllerA\share1 named link1, such that link1 -> /dummydir (ln -s /dummydir link1), and you want that to point to \\controllerB\share2, your entry would be

Widelink /dummydir \\controllerB\share2

You could also have a wildcard, to keep you from having 3 entries for the following:

link1 -> /dummydir/link1

link2 -> /dummydir/link2

link3 -> /dummydir/link3

and shares

\\controllerB\share2\link1

\\controllerB\share2\link2

\\controllerB\share2\link3

and

Widelink /dummydir/* \\controllerB\share2\*

Does that help (aside from not knowing how to create windows symlinks)?

Bill

billshaffer
6,968 Views

I stand corrected - check out mklink.exe.  I couldn't get it to work, but I didn't spend too much time on it.  It also looks like there may be some tools out there that will let you create symlinks from within windows.

Bill

scottgelb
6,968 Views

Thank you...I couldn't remember one of the windows ln tools without installing cygwin or similar.

ROBIN_MINSHALL
6,968 Views

Ok, Thanks for the assistance. i'm not a major nix user so didnt want to go down the route of having a nix client, or finding nix tools for windows to do this. i could also not get mklink or ln.exe or the ntap_symlink tools to work.

however i do belive i have got it to work after discovering the powershell toolkit cmdlet New-nafileSymLink. these were the steps i took to get a folder in a share redirect to another folder in another share on another controler

  1. I created the following share 'share' in the following location controler A /vol/ShareVol/ShareQt/
  2. I created the following share 'share' in the following location on controlerB /vol/ShareVolR/shareQtr/
  3. enable widelinks on 'share' on controlerA
  4. user powershell command new-NaFileSymLink -Symlink /vol/ShareVolR/ShareVolQtr/foldertolink -path /vol/ShareVol/ShareQt/LinkName
  5. wrfile /etc/symlink.translations --  widelink /vol/ShareVolR/ShareVolQtr/* \\ControlerB\Share\*

i can now unc to \\ControlerA\Share\ and see a folder called 'LinkName' which takes me to 'FoldertoLink

This works for redirecting folders in a share to another share/folder. however is it possilbe to create a symlink so \\controlerA\Share links direct to \\controlerB\Share - so that one symlink is created for a share and all data within that is automaticaly created/edited on the destination. I hope i made that last part clear. one share we would like to link has a large number of subfolders at the root level, and new folders are automaticaly created on that root level, we would then need to manualy move and recreate the symlink when those new folders are created.

Thanks

Robin

scottgelb
6,968 Views

Good find on PowerShell. More customers are using WFA and PowerShell now and very useful. I don’t know of a way to get the path to go straight to the B target without going to the target share directly. The namespace provides the links in it to go to…unless another script or path the user is given
pathA\pathB<file:///
pathA\pathB> for example.

billshaffer
6,968 Views

If you remove the asterisk from the WideLink config, and change your link target to /vol/ShareVol/ShareQt, what happens?  Try different combinations of trailing slashes, too.

new-NaFileSymLink -Symlink /vol/ShareVolR/ShareVolQtr/foldertolink -path /vol/ShareVol/ShareQt/

wrfile /etc/symlink.translations --  widelink /vol/ShareVolR/ShareVolQtr/ \\ControlerB\Share\

Bill

Public