ONTAP Discussions

Help with Snaplock Compliance version?

kjoubert_atd
4,332 Views

We are trying to implement FAS6080's as our Compliance storage. I have created a Snaplock aggregate, and Volume and Qtrees inside of it. I try to write a test file there, but it does not lock the file. It allows me to delete it.

ny-FAS6080A1> aggr status aggr1
           Aggr State           Status            Options
          aggr1 online          raid_dp, aggr     raidsize=16, snaplock_compliance,

                Volumes: Q3_2010

                Plex /aggr1/plex0: online, normal, active
                    RAID group /aggr1/plex0/rg0: normal

ny-FAS6080A1> vol status Q3_2010
         Volume State           Status            Options
        Q3_2010 online          raid_dp, flex     nosnap=on, nosnapdir=on,
                                sis               no_atime_update=on,
                                                  snaplock_compliance
                Containing aggregate: 'aggr1'

ny-FAS6080A1> qtree status Q3_2010
Volume   Tree     Style Oplocks  Status
-------- -------- ----- -------- ---------
Q3_2010           unix  enabled  normal
Q3_2010  test     unix  enabled  normal

ny-FAS6080A1> vol options Q3_2010
nosnap=on, nosnapdir=on, minra=off, no_atime_update=on, nvfail=off,
ignore_inconsistent=off, snapmirrored=off, create_ucode=off,
convert_ucode=off, maxdirsize=335462, schedsnapname=ordinal,
fs_size_fixed=off, snaplock_compliance, compression=off,
guarantee=volume, svo_enable=off, svo_checksum=off, svo_allow_rman=off,
svo_reject_errors=off, no_i2p=off, fractional_reserve=100,
snaplock_default_period=max, snaplock_minimum_period=0y,
snaplock_maximum_period=7y, extent=off, try_first=volume_grow,
read_realloc=off, snapshot_clone_dependency=off

The documentation seems to indicate that files won't be Snaplocked until you change their file properties to "Read Only"? Is this accurate?

Writing a file to a snaplock volume doesn't commit the files to be locked?

Thanks in advance,

Kevin

4 REPLIES 4

danielpr
4,332 Views

Hi ,

Please check the KB for the detailed steps

https://now.netapp.com/Knowledgebase/solutionarea.asp?id=kb14664

PS : Please Ensure the SnapLock “snaplock_default_period=max, snaplock_minimum_period=0y, snaplock_maximum_period=7y” proper before you make it WORM.

Thanks

Daniel

aborzenkov
4,332 Views

Have you initialized compliance clock? You must do it before SnapLock can work.

Otherwise it is correct – you have to set file read-only, after which current access time becomes retention period. No_atime_update is always on for snaplock volumes, so you can only set it manually. If no atime is ever set, default retention period will be used.

It is not wise to play with compliance, there is no way to destroy aggregate in compliance mode until retention time has expired. Better take simulator for this.

kjoubert_atd
4,332 Views

Thanks for the helpful answers so far.

In my case, I will be using NFS shares to Linux hosts. I presume I can just "chmod 444 filename" to achieve the read only trigger and snaplock the file.


Does anyone know how I would specify a retention time in my case?

Edit: It appears you can use "touch -a" on a file to set the retention time. But I am not sure of the syntax.

Also, is anyone familiar with the volume option "snaplock.autocommit_period"?

Thank you,

Kevin

kjoubert_atd
4,332 Views

Okay, after my experimentation, I think I have this figured out, and I thought I would post in case someone else has the same questions...

1. Read only attribute is what triggers the retention timer. On Windows that is set by changing the file properties, on Linux thats set by changing permissions with "chmod".

2. You can use the "touch -a -t YYMMDDHHSS" command to set the "access time" for a file, which is its future retention date.

3. There are also volume options as follows:

     snaplock_compliance = this is the type of snaplock license. "compliance" is more restrictive than "enterprise". Your business may have requirements for a more or less restricitve option.

     snaplock_minimum_period = the minimum allowed retention time. Can be set in days, months or years. If you try to set a file access time to less than this number, it will be increased to this number when it is commited to Snaplock.
     snaplock_maximum_period = The maximum allowed retention time. Can be set in days, months or years. If you try to  set a file access time to greater than this number, it will be decreased to this number when it is commited to Snaplock.

     snaplock_default_period = the default retention time. This can be in days, months, years, or set to "min" or "max". It must be between the min and max settings. When a file is commited, without explicitly setting the access time, then it will use this number.

4. There is a system option "snaplock.autocommit_period", that will be the amount of time before a written file, that has not been commited, will be automatically commited. After this time elapses, files that aren't already read only, will be set to read only and commited, using the default snaplock retention period.

Cheers!

-K

Public