7 3commandspart2
7 3commandspart2
7 3commandspart2
3
Commands:
NetApp, Inc.
495 East Java Drive
Sunnyvale, CA 94089 USA
Telephone: +1 (408) 822-6000
Fax: +1 (408) 822-4501
Support telephone: +1 (888) 4-NETAPP
Documentation comments: [email protected]
Information Web: http://www.netapp.com
Copyright
Copyright © 1994-2009 NetApp, Inc. All rights reserved. Printed in the U.S.A.
No part of this document covered by copyright may be reproduced in any form or by any
means—graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an
electronic retrieval system—without prior written permission of the copyright owner.
Software derived from copyrighted NetApp material is subject to the following license and disclaimer:
THIS SOFTWARE IS PROVIDED BY NETAPP “AS IS” AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE
HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
NetApp reserves the right to change any products described herein at any time, and without notice.
NetApp assumes no responsibility or liability arising from the use of products described herein, except
as expressly agreed to in writing by NetApp. The use or purchase of this product does not convey a
license under any patent rights, trademark rights, or any other intellectual property rights of NetApp.
The product described in this manual may be protected by one or more U.S.A. patents, foreign patents,
or pending applications.
RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to
restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer
Software clause at DFARS 252.277-7103 (October 1988) and FAR 52-227-19 (June 1987).
Trademarks
NetApp, the Network Appliance logo, the bolt design, NetApp—the Network Appliance Company,
Cryptainer, Cryptoshred, DataFabric, DataFort, Data ONTAP, Decru, FAServer, FilerView, FlexClone,
FlexVol, Manage ONTAP, MultiStore, NearStore, NetCache, NOW NetApp on the Web, SANscreen,
SecureShare, SnapDrive, SnapLock, SnapManager, SnapMirror, SnapMover, SnapRestore,
SnapValidator, SnapVault, Spinnaker Networks, SpinCluster, SpinFS, SpinHA, SpinMove, SpinServer,
StoreVault, SyncMirror, Topio, VFM, VFM (Virtual File Manager), and WAFL are registered
trademarks of NetApp, Inc. in the U.S.A. and/or other countries. gFiler, Network Appliance, SnapCopy,
Contents of Volume 1
Manual
page Section titles Information related to
section
Contents of Volume 2
Manual
page Section titles Information related to
section
Manual pages can also be viewed from the FilerView main navigational page or displayed at the storage
system command line.
Terminology
Storage systems that run Data ONTAP are sometimes also referred to as filers, appliances, storage
appliances, or systems. The name of the graphical user interface for Data ONTAP (FilerView) reflects
one of these common usages.
tape
NAME
na_tape - information on the tape interface
DESCRIPTION
The Data ONTAP system supports up to 64 local tape drives (tape drives connected directly to the
system). The tape drive interface follows a UNIX-like device name allowing use of a rewind,
norewind or unload/reload device. The device name can be the classic cstnd format, or of the format
c.name.d where:
c
describes the rewind/unload characteristic of the device. Use r to specify the rewind device, use nr
to specify the norewind device, or use ur to specify the unload/reload device. The norewind
device will not rewind when the tape device is closed. The unload/reload device is used with
sequential tape loaders and will unload the current tape volume and attempt to load the next tape
volume (note that the server will wait up to one minute for the next volume to become ready before
aborting the reload of the next volume). The rewind device will rewind the tape volume to
beginning-of-tape on close.
st
the st portion of the device name is always present in the classic format, and is one of the options
in the name format. It specifies that you are requesting a SCSI tape device.
n
the alias number (in decimal) of the tape drive to use. The st and n parameters together - stn
constitute a tape "alias". See the storage alias command for information about tape aliases and
device addresses.
d
the density (or format) to use for tape write operations. Consists of one of the four letters l (low), m
(medium), h (high) or a (advanced).
name
specifies a tape alias, an electrical name or an IEEE World-Wide Name (WWN) corresponding to
the device. The electrical-name and WWN formats only can contain an optional device LUN
(SCSI Logical UNit) parameter expressed as Llun. See the storage alias command for further
information about the format of the name parameter.
Each tape device is automatically associated with an alias. If an alias assignment does not already exist
at the first discovery of a tape device, the system will create an alias for it. FC devices receive WWN
aliases, and SCSI devices receive electrical aliases by default. The alias will remain associated with the
WWN or electrical name -- even through boot -- until the alias is changed.
The storage alias and storage unalias commands (q.v.) allow the user to preassign electrical or WWN
addresses to aliases (the devices do not have to exist yet), or to adjust the aliases after automatic
assignment. A WWN alias allows an FC device that has been moved from one FC adapter or switch
port to another to be located by the system without further intervention. An electrical-name alias allows
a particular address to be persistently allocated to the alias.
EXAMPLES
The density specifications for an Exabyte 8505 8mm drive:
l Exabyte 8200 format, no compression
m Exabyte 8200 format with compression
h Exabyte 8500 format, no compression
a Exabyte 8500 format with compression
Examples of tape drive names:
nrst0l
nr.st0.l
r.9a.1L1.a
ur.switch1:5.h
nr.WWN[1:23:456789:012345].m
The sysconfig -t command displays the tape drives on your system, the device alias associated with
each tape device, and the device’s available density settings. The following is an example of the output
from a sysconfig command on a system with one tape device attached:
toaster> sysconfig -t
Tape drive (0.6) Exabyte 8505 8mm
rst0l - rewind device, format is: EXB-8200 2.5GB
nrst0l - no rewind device, format is: EXB-8200 2.5GB
urst0l - unload/reload device, format is: EXB-8200 2.5GB
rst0m - rewind device, format is: EXB-8200C (w/compression)
nrst0m - no rewind device, format is: EXB-8200C (w/compression)
urst0m - unload/reload device, format is: EXB-8200C (w/compression)
rst0h - rewind device, format is: EXB-8500 5.0GB
nrst0h - no rewind device, format is: EXB-8500 5.0GB
urst0h - unload/reload device, format is: EXB-8500 5.0GB
rst0a - rewind device, format is: EXB-8500C (w/compression)
nrst0a - no rewind device, format is: EXB-8500C (w/compression)
urst0a - unload/reload device, format is: EXB-8500C (w/compression)
The storage show tape command shows the electrical or WWN name associated with the device and
the corresponding alias:
toaster> storage show tape
Tape Drive: 0.6
Description: Exabyte 8505 8mm
Serial Number: IE71E024
World Wide Name:
Alias Name(s): st0
Device State: available
SEE ALSO
na_sysconfig(1)
auditlog
NAME
na_auditlog - contains an audit record of recent administrative activity
SYNOPSIS
<logdir>/auditlog
<logdir> is /etc/log for filers and /logs for NetCache appliances.
DESCRIPTION
If the option auditlog.enable is on, the system logs all input to the system at the console/telnet shell and
via rsh to the auditlog file. The data output by commands executed in this fashion is also logged to
auditlog. Administrative servlet invocations (via HTTP, typically from FilerView) and API calls made
via the ONTAPI interface are also logged to the auditlog. A typical message is:
Wed Feb 9 17:34:09 GMT [rshd_0:auditlog]: root:OUT:date: Wed Feb 9 17:34:09 GMT 2000
This indicates that there was an rsh session around Wed Feb 9 17:34:09 GMT which caused the date
command to be executed. The user performing the command was root. The type of log is data output by
the system as indicated by the OUT keyword.
Commands typed at the filer’s console or executed by rsh are designated by the IN keyword as in:
Wed Feb 9 17:34:03 GMT [rshd_0:auditlog]: :IN:rsh shell: RSH INPUT COMMAND is date
The start and end of an rsh session are specially demarcated as in
Wed Feb 9 17:34:09 GMT [rshd_0:auditlog]: root:START:rsh shell:orbit.eng.mycompany.com
and
Wed Feb 9 17:34:09 GMT [rshd_0:auditlog]: root:END:rsh shell:
The maximum size of the auditlog file is controlled by the auditlog.max_file_size option. If the file
gets to this size, it is rotated (see below).
Every Saturday at 24:00, <logdir>/auditlog is moved to <logdir>/auditlog.0, <logdir>/auditlog.0 is
moved to <logdir>/auditlog.1, and so on. This process is called rotation. Auditlog files are saved for a
total of six weeks, if they do not overflow.
If you want to forward audit log messages to a remote syslog log host (one that accepts syslog messages
via the BSD Syslog protocol specified in RFC 3164), modify the filer’s /etc/syslog.conf file to forward
messages from the filer’s "local7" facility to the remote host. Do this by adding a line like:
local7.*
@1.2.3.4
to /etc/syslog.conf. An IP address has been used here, but a valid DNS name could also be used. Note
that using a DNS name can fail if the filer is unable to resolve the name given in the file. If that
happens, your messages will not be forwarded.
On the log host, you’ll need to modify the syslog daemon’s configuration file to redirect syslog message
traffic from the "local7" facility to the appropriate configuration file. That is typically done by adding a
line similar to the one shown above for the filer:
local7.*
/var/logs/filer_auditlogs
Then restart the daemon on the log host, or send an appropriate signal to it. See the documentation for
your log host’s syslog daemon for more information on how to make that configuration change.
FILES
<logdir>/auditlog
auditlog file for current week. <logdir>/auditlog.[0-5] auditlog files for previous weeks
SEE ALSO
na_syslog.conf(5)
backuplog
NAME
na_backuplog - captures significant events during file system backup/recovery activities.
SYNOPSIS
/etc/log/backup
DESCRIPTION
Filer captures significant dump/restore-related events and the respective times at which they occur. All
events are recorded in one-line messages in /etc/log/backup.
The following are the events filer monitors:
Start
Dump/restore starts.
Restart
Restart of a dump/restore.
End
Dump/restore completes successfully.
Abort
The operation aborts.
Error
Dump/restore hits an unexpected event.
Options
Logs the options as users specify.
Tape_open
Output device is opened successfully.
Tape_close
Output device is closed successfully.
Phase_change
As dump/restore completes a stage.
Dump specific events:
Snapshot
When the snapshot is created or located.
Base_dump
When a valid base dump entry is located.
Logging events:
Start_logging Logging begins.
Stop_logging
Logging ends.
Each event record is in the following format:
TYPE TIME_STAMP IDENTIFIER EVENT (EVENT_INFO)
TYPE
Either dmp(dump), rst(restore) or log events.
TIME_STAMP
Shows date and time at which event occurs.
IDENTIFIER
Unique ID for the dump/restore.
EVENT
The event name.
EVENT_INFO
Event specific information.
A typical event record message looks like:
dmp Thu Apr 5 18:54:56 PDT 2001 /vol/vol0/home(5) Start (level 0, NDMP)
In the particular example:
TYPE
= dmp
TIME_STAMP
= Thu Apr 5 18:54:56 PDT 2001
IDENTIFER
= /vol/vol0/home(5)
EVENT
= Start
EVENT_INFO
= level 0, NDMP
All event messages go to /etc/log/backup. On every Sunday at 00:00, backup is roated to backup.0
and backup.0 is moved to backup.1 and so on. Up to 6 log files(spanning up to 6 weeks) are kept.
The registry option backup.log.enable controls the enabling and disabling of the logging with values
on and off respectively. The functionality is enabled by default. (See na_options(1) for how to set
options.)
FILES
/etc/log/backup
backup log file for current week. /etc/log/backup.[0-5] backup log files for previous weeks
SEE ALSO
na_options(1)
boot
NAME
na_boot - directory of Data ONTAP executables
SYNOPSIS
/etc/boot
DESCRIPTION
The boot directory contains copies of the executable files required to boot the filer. The download
command (see na_download(1)) copies these files from /etc/boot into the filer’s boot block, from which
the system boots.
FILES
/etc/boot
directory of Data ONTAP executables. Files are place in /etc/boot after the tar or setup.exe has
decompressed them. These files vary from release to release.
SEE ALSO
na_download(1)
cifs_homedir.cfg
NAME
na_cifs_homedir.cfg - configuration file for CIFS home directories
SYNOPSIS
/etc/cifs_homedir.cfg
DESCRIPTION
The configuration file /etc/cifs_homedir.cfg is used to configure home directory paths for users which
access the filer using the CIFS network protocol.
EXAMPLE
This is a sample /etc/cifs_homedir.cfg file with one CIFS home directory path. The filer will look for a
CIFS home directory for user "Bill" by appending the user’s name to the path. From the example below,
the filer will provide user "Bill" a CIFS home directory at /vol/userVol/users/Bill if that directory exists.
#
# This file contains the path(s) used by the filer to determine if a
# CIFS user has a home directory. See the System Administrator’s Guide
# for a full description of this file and a full description of the
# CIFS homedir feature.
#
# There is a limit to the number of paths that may be specified.
# Currently that limit is 1000.
# Paths must be entered one per line.
#
# After editing this file, use the console command "cifs homedir load"
# to make the filer process the entries in this file.
#
# Note that the "#" character is valid in a CIFS directory name.
# Therefore the "#" character is only treated as a comment in this
# file if it is in the first column.
#
# Two example path entries are given below.
# /vol/vol0/users1
# /vol/vol1/users2
#
# Actual path entries follow this line.
/vol/userVol/users
EFFECTIVE
Any changes take effect after running the ‘cifs homedir load’ command.
PERSISTENCE
Changes are persistent across system reboots.
FILES
/etc/cifs_homedir.cfg
SEE ALSO
na_cifs_homedir(1)
cifs_nbalias.cfg
NAME
na_cifs_nbalias.cfg - configuration file for CIFS NetBIOS aliases
SYNOPSIS
/etc/cifs_nbalias.cfg
DESCRIPTION
The configuration file /etc/cifs_nbalias.cfg is used to configure NetBIOS aliases for the filer. A
NetBIOS alias allows the filer to be accessed by a CIFS client using an alternate name for the filer.
EXAMPLE
This is a sample /etc/cifs_nbalias.cfg file with one NetBIOS alias.
#
# This file contains NetBIOS aliases used by the filer.
# See the System Administrator’s Guide for a full
# description of this file.
#
# There is a limit to the number of aliases that may be specified.
# Currently that limit is 200.
#
# Aliases must be entered one per line.
#
# After editing this file, use the console command "cifs nbalias load"
# to make the filer process the entries in this file.
#
# Note that the "#" character is valid in a CIFS NetBIOS alias.
# Therefore the "#" character is only treated as a comment in this
# file if it is in the first column.
#
# Actual NetBIOS alias name(s) for the filer follow this line.
FILERALIAS01
EFFECTIVE
Any changes take effect once CIFS services are restarted
PERSISTENCE
Changes are persistent across system reboots.
FILES
/etc/cifs_nbalias.cfg
SEE ALSO
na_cifs_nbalias(1)
clone
NAME
na_clone - Log of clone activities
SYNOPSIS
/etc/log/clone
DESCRIPTION
The clone log file contains a log of clone activities for the filer. The file lives in /etc/log on the root
volume.
Every Sunday at midnight, /etc/log/clone is moved to /etc/log/clone.0; /etc/log/clone.0 is moved to
/etc/log/clone.1; and so on. The suffix can go up to 5, so the old /etc/log/clone.5 will be deleted. Clone
activities are saved for a total of seven weeks.
Each entry of the /etc/log/clone file is a single line containing the following space-separated fields.
timestamp Volume:vol-name event_info
EXAMPLE
A clone operation started with source file as f1 and clone file as f1_1. then the clone operation was
stopped by user. The clone log file should have the following entries:
Tue Oct 21 09:03:18 GMT 2008 Volume: vol1 [sid: 0] Clone Start ID: 1, Clone File: f1_1, Source File: f1, Total Blocks: 786432
Tue Oct 21 09:03:24 GMT 2008 Volume: vol1 [sid: 0] Clone Stop ID: 1, Clone File: f1_1, Source File: f1
Tue Oct 21 09:03:26 GMT 2008 Volume: vol1 [sid: 0] Clone End ID: 1, Clone File: f1_1, Source File: f1 (Clone operation aborted by user), Total Blocks: 786432,Blocks Copied: 0
Tue Oct 21 09:11:17 GMT 2008 Volume: vol2 [sid: 0] Clone Restart Successful. ID: 2, Clone File: f2, Source File: f2_1, Total Blocks: 50
FILES
/etc/log/clone
Clone log file for current week.
/etc/log/clone.[0-5]
Clone log files for previous weeks.
SEE ALSO
na_clone(1)
cloned_tapes
NAME
na_cloned_tapes - list of nonqualified tape drives attached to the filer
SYNOPSIS
/etc/cloned_tapes
DESCRIPTION
If you attach a tape drive that Network Appliance has not tested with the filer, enter information about
the tape drive in the /etc/cloned_tapes file. This file enables the filer to register the drive as a clone of a
qualifed drive.
If the filer boots with a nonqualified tape drive and the /etc/cloned_tapes file does not exist, the filer
creates a sample file, when the first "mt" command for the tape is executed.
Each entry in the /etc/cloned_tapes file corresponds to one tape drive. Specify the entry in one of the
following formats:
clone_vendor_id clone_product_id EMULATES vendor_id product_id
clone_product_id EMULATES product_id
The "storage show tape supported" command provides a list the product_id and vendor_id values of
qualified drives.
EXAMPLE
The following entry in the /etc/cloned_tapes file enables the filer to register the Quantum DLT9000
tape drive, which has not been tested with the filer, as a clone of the Quantum DLT7000 tape drive:
QUANTUM DLT9000 EMULATES QUANTUM DLT7000
SEE ALSO
na_storage(1)
crash
NAME
na_crash - directory of system core files
SYNOPSIS
/etc/crash
DESCRIPTION
If a filer crashes, it creates a core file in the crash directory. The core files are very useful for finding
and fixing bugs in Data ONTAP, so please notify Network Appliance Global Services of any core files
on your filer.
See na_savecore(1) for more details about how core files are saved.
FILES
/etc/crash/core.*
saved core files /etc/crash/core.*-small compact core file.
/etc/crash/bounds
suffix for next core file
/etc/crash/minfree
free KB in FS to maintain after savecore
SEE ALSO
na_savecore(1)
dgateways
NAME
na_dgateways - default gateways list
SYNOPSIS
/etc/dgateways
DESCRIPTION
The use of /etc/dgateways file has been deprecated. Either add a static default gateway in /etc/rc or
enable router discovery in routed to discover multiple default gateways.
The /etc/dgateways file is used by the old routed command to construct a set of potential default
gateways. The file comprises a series of lines, each in the following format:
gateway metric
gateway is the name or address of a gateway to be used as a potential default gateway.
metric is a metric indicating the preference weighting of the gateway. 1 is the value to use for highest
preference, 15 for the least. If no value is specified, metric will default to the value 1.
There can be a maximum of 128 valid entries in the /etc/dgateways file - additional ones will be
ignored, with an error message being displayed. Duplicate gateway names or addresses are not allowed
- only the first one encountered in the file will be added by routed to the default gateway table, and the
additional ones will produce error messages.
EXAMPLE
Here are typical lines from the /etc/dgateways file:
main_router 1
backup_router 2
SEE ALSO
na_rc(5),
NOTES
The use of /etc/dgateways file has been deprecated.
dumpdates
NAME
na_dumpdates - data base of file system dump times
SYNOPSIS
/etc/dumpdates
DESCRIPTION
The dump command (see na_dump(1)) uses /etc/dumpdates to keep track of which subtrees have been
dumped and when. Each line in dumpdates contains the subtree dumped, the dump level, and the
creation date of the snapshot used by dump. There is only one entry per subtree at a given dump level.
dumpdates may be edited to change any of the fields, if necessary.
EXAMPLE
This shows the dumpdate file for a system on which /home and /export are backed up using dump.
/home 0 Tue Nov 2 10:56:27 1993
/export 0 Tue Nov 2 13:51:17 1993
/export 1 Tue Nov 5 18:31:17 1993
/home 1 Tue Nov 5 18:45:27 1993
FILES
/etc/dumpdates
SEE ALSO
na_dump(1)
exports
NAME
na_exports - directories and files exported to NFS clients
SYNOPSIS
/etc/exports
DESCRIPTION
The /etc/exports file contains a list of export entries for all file system paths that Data ONTAP exports
automatically when NFS starts up. The /etc/exports file can contain up to 10,240 export entries. Each
export entry can contain up to 4,096 characters, including the end-of-line character. To specify that an
export entry continues onto the next line, you must use the line continuation character "\".
An export entry has the following syntax:
Each export entry is a line in the following format:
pathname -option[,option ] ...
The following list describes the fields in an export entry:
pathname
path name of a file or directory to be exported.
option
the export option specifying how a file or directory is exported.
You can specify an option in one of the following formats:
actual=path
Specifies the actual path to use when a NFS client attempts to mount the original path. This option
is useful for moving mount points without reconfiguring the clients right away. Note that while the
exported pathname need not exist, the pathname given as a parameter to actual must exist.
anon=uid|name If a request comes from user ID of 0 (root user ID on the client), use uid as the
effective user ID unless the client host is included in the root option. The default value of uid is 65534.
To disable root access, set uid to 65535. To grant root access to all clients, set uid to 0. The user ID can
also be specified by a name string corresponding to an entry in /etc/passwd.
nosuid
If a request tries to set either with either setuid or setgid or if a special file, i.e., block or character
type via mknod, then nosuid disallows that request. The default mode is to allow such requests.
ro | ro=hostname[:hostname]...
A pathname can be either exported ro to all hosts or to a set of specified hosts.
rw | rw=hostname[:hostname]...
A pathname can be either exported rw to all hosts or to a set of specified hosts. If no access modifiers
are provided, then the default is rw.
root=hostname[:hostname]...
Give root access only to the specified hosts. Note that there is no -root option, i.e., this option always
takes at least one hostname as a parameter.
sec=secflavor[:secflavor]...
Allow access to the mounted directory only using the listed security flavors. If no sec directive is
provided, then the default of sys is applied to the export. The sec directive may appear multiple times in
a rule, which each appearance setting the context of the following directives: anon, nosuid, ro, root,
and rw. The contexts apply in order. If only one security context is provided in an export, then it applies
regardless of where it appears in the export. Note that any given secflavor can only appear once in an
export rule.
The supported security flavors are:
sys
for Unix(tm) style security based on uids and gids
krb5
for Kerberos(tm) Version 5 authentication.
krb5i
for Kerberos(tm) Version 5 integrity service
krb5p
for Kerberos(tm) Version 5 privacy service
The Kerberos(tm) authentication service verifies the identity of the users accessing the filer on all
accesses, and also verifies to the client that the responses are from the filer. The integrity service
provides a strong assurance that the messages have not been tampered with. The privacy service ensures
that messages intercepted on the wire cannot be read by any other party. The integrity and privacy
services both include authentication. The default security flavor is sys.
The security flavor of none can also be applied to an export. If the client uses this flavor, then all
requests get the effective UID of the anonymous user. Also, if a request arrives with a security context
which is not present in the export, and none is allowed, then that request is treated as if it arrived with
the flavor of none.
HOSTNAMES
A host is allowed to mount an export if it has either ro or rw access permissions.
A hostname is described as:
[-][machine name|netgroup|machine IP|subnet|DNS domain]
Where, ‘-’ indicates that the host is to be denied access.
DUPLICATE DETECTION
Neither the same path nor the same file handle can be advertised for exports. We restrict the path names
to make mounts unique and the file handle restriction makes per NFS request checking also be unique.
As the /etc/exports file is parsed and the same path is determined to be used for exporting, then the last
instance of the export rule is stored in memory. Note that different path names may evaluate to the same
advertised path:
/home
/vol/vol0/home
/vol/vol0/home/ontap/..
The addition of actual complicates the rules for determining what gets exported. If an export uses
-actual, then neither the advertised path nor the actual storage path may be duplicated in memory.
ACCESS RULES
There is no set ordering of options, but as the ro and rw options interact, there is a strict interpretation
of these options:
1) -rw is the default if -ro, -ro=, -rw, and -rw= are all not present.
2) If only -rw= is present, ro is not the default for all other hosts. This rule is a departure from pre-6.5
semantics.
3) -ro,ro= and -rw,rw= are errors.
4) -ro=A,rw=A is an error
5) -ro=A,rw=-A is an error
6) -ro=-A,rw=A is an error
7) The position of -rw, -rw= -ro, and -ro= in the options does not have any significance
8) -ro trumps -rw
9) -ro= trumps -rw
10) -rw= trumps -ro
11) A specific host name in either -ro= or -rw= overrides a grouping in the other access specifier.
12) -ro= trumps -rw=
13) Left to right precedence, which determines ‘-’ and the order we go across the wire.
Note, "A trumps B" means that option A overrules option B.
livestock
(cow,,) (pig,,) (chicken,,) (ostrich,,)
workers
(dog,,) (horse,,) (ox,,) (mule,,)
predators
(coyote,,) (puma,,) (fox,,) (crow,,)
We can illustrate the access rules thusly:
/vol/vol0 -anon=0
All hosts have rw access, and root at that.
/vol/vol0 -root=horse,rw
All hosts have rw access, but only horse has root access.
/vol/vol0 -anon=0,rw=horse
Only horse has access and it is rw. Note the departure from the prior rule format, in which all other
hosts would by default have ro access.
/vol/vol0 -anon=0,ro,rw=horse
All hosts have ro access, except horse, which has rw access.
/vol/vol1 -ro=@workers,rw=@farm:canary /vol/vol1 -rw=@farm:canary,ro=@workers
All hosts in the netgroup farm have rw access, except dog, horse, ox, and mule. All of which have ro
access. In addition, canary has rw access to the export. Note that both lines are identical with respect to
determining access rights.
/vol/vol2 -ro=@pets,rw
All hosts have rw access, except for dog, cat, skunk, pig, and crow, all of which have ro access.
/vol/vol2 -ro=-@pets,rw
All hosts have rw access, except for dog, cat, skunk, pig, and crow, all of which have no access at all.
By rule #9, all members of the netgroup pets are denied rw access. By negation, all members of the
netgroup pets are denied ro access.
/vol/vol2 -ro,rw=@pets:canary
All hosts have ro access, except for canary, dog, cat, skunk, pig, and crow, all of which have rw access.
/vol/vol2 -ro,rw=-@pets:canary
All hosts have ro access, except for canary which has rw access.
/vol/vol2 -ro,rw=@pets:@farm:canary
All hosts have ro access, except for canary and all hosts in the netgroups pets and farm, which all have
rw access.
/vol/vol2 -ro,rw=-@pets:@farm:canary
All hosts have ro access, except for all hosts in the netgroup farm, excluding all hosts in the netgroup
pets, which have rw access. The host canary also has rw access.
If the host cat wants to write to /vol/vol2, by rule #10, we first check the -rw= access list. By rule #13,
we check for access in order of -@pets, @farm, and finally canary. We match cat in the netgroup pets
and therefore cat is denied rw access. It will however be granted ro access.
/vol/vol2 -ro,rw=@farm:-@pets:canary
Effectively, all hosts have ro access, except for canary and all hosts in the netgroup farm, which all
have rw access.
If the host cat wants to write to /vol/vol2, by rule #10, we first check the -rw= access list. By rule #13,
we check for access in order of @farm, -@pets, and finally canary. We match cat in the netgroup farm,
by expansion, and therefore cat is granted rw access.
/vol/vol2a -rw=@pets:-@workers,ro=@livestock
By rule #12, cow, pig, chicken, and ostrich all have ro access.
By rule #13, dog, cat, and skunk all have rw access.
By negation, horse, ox, and mule have no rw access and by rule #2, they have no access at all.
/vol/vol2a -rw=-@workers:pets,ro=@livestock
By rule #12, cow, pig, chicken, and ostrich all have ro access.
By rule #13, negation, and rule #2, dog, horse, ox, and mule have no access.
cat and skunk have rw access.
/vol/vol3 -ro=@pets,rw=@farm:lion
All hosts in the netgroup farm have rw access, except for all hosts in the netgroup pets, which all have
ro access. In addition, the host lion has rw access.
If the host cat wants to write to /vol/vol3, by rule #12, we first check the -ro= access list. We match cat
in the netgroup pets and therefore we deny rw access.
/vol/vol4 -ro=10.56.17/24,rw=10.56/16
All hosts in the subnet 10.56/16 have rw access, except those in the subnet 10.56.17/24, which have ro
access.
/vol/vol1
-ro=[A1C0:4C34:5D32:6F34::1]/64,\\ rw=[BA32:235C:5D24:23F::32]
All hosts in the subnet A1C0:4C34:5D32:6F34::1/64 have ro access and the host whose IPv6 address is
BA32:235C:5D24:23F::32 has rw access.
/vol/vol17
-ro=10.56.17/24,rw=10.56.17.5:10.56.17.6:farm
All hosts in the subnet 10.56.17/24 have ro access, except, by rule #11, for 10.56.17.5 and 10.56.17.6,
which have rw access. If the hosts in the netgroup farm are on the 10.56.17/24 subnet, they have ro
access, else they have rw access. Rule #11 allows for specific hosts to be excluded from a range
provided by a group. Since it makes no sense to compare netgroups to subnets, we do not allow
exceptions by groups.
/vol/vol19
-ro=10.56.17.9:.frogs.fauna.mycompany.com,\\ rw=.fauna.mycompany.com
All hosts in the subdomain .fauna.mycompany.com get rw access, except those in the subdomain Note
that we determine this result from rule #12 and not rule #11; we do not evaluate if one grouping
construct is a subset of another. If 10.56.17.9 is in the subdomain .fauna.mycompany.com, then by rule
#11, it gets ro access.
/vol/vol21 -ro=10.56.17.9,rw=-pets:farm:skunk
Rule #11 interacts with rules #5 and #6 in an interesting way, if a host is mentioned in an export by
either name or IP, then it appears that it will always be granted the access given by whether it is in -ro=
or -rw=. However, rule #13 still applies. Thus, 10.56.17.9 always gets ro access, but in this case by rule
#13, skunk is denied access to the mount. Since skunk is a member of the netgroup pets, and pets is
denied rw access by negation, skunk is denied access.
/vol/vol5
-ro=.farm.mycompany.com,sec=krb5,rw,anon=0
If the secflavor is sys, then all hosts in the DNS subdomain of .farm.mycompany.com are granted ro
access. If the secflavor is krb5, then all hosts are granted rw access.
/vol/vol6 -sec=sys:none,rw,sec=krb5:krb5i:k4b5p,rw,anon=0
If the secflavor is sys or none, then all hosts are granted rw access, but effectively all root access is
blocked. If the secfla_vor is from one of the secure krb5, krb5i, or krb5p, then rw and effectively root
access are both granted.
UPGRADING
Exports defined prior to ONTAP 6.5 contain a different option, -access, which defined which hosts
were permitted to mount an export. With the newer finer grained options, and by allowing more
flexibility such as netgroups in the options, -access has been removed as an option.
Another significant change is that -ro is no longer the default if -rw= is present as an option.
During the upgrade process, the /etc/exports file is converted to the newer format.
The rules for upgrading to the new format are:
1) -root= options stay the same
2) No access list => -rw
3) -access=X => -rw=X
4) -ro => -ro
5) -access=X,ro => -ro=X
6) -rw=X => -rw=X
This is more secure than the change -rw=X,ro.
Remember from Access Rule #2, -ro is never a default.
If the less restrictive form is desired, then the option needs to be manually changed. Note that if an
export file has a mix of old and new style options, the more secure new style option of -rw=X can not
be differentiated from the less secure option of -rw=X(,ro) with the implicit ro modifier. To solve this
problem, we always interpret -rw=X in the most secure format.
7) -access=Y,rw=X => -rw=X,ro=(Y-X)
There is a potential to remove write access here, but we keep the most secure translation.
In all cases, we preserve ordering inside an option.
UPGRADE EXAMPLES
/vol/vol0 -anon=0
By rule #2, this becomes:
/vol/vol0 -rw,anon=0
/vol/vol3 -ro By rule #4, this becomes:
/vol/vol3 -ro
/vol/vol0/home -rw=dog:cat:skunk:pig:mule By rule #6, this becomes:
/vol/vol0/home -rw=dog:cat:skunk:pig:mule
Note that by the access rules given above, all other hosts are denied ro access.
Since the upgrade code does not know about netgroups and netgroups used to not be allowed inside the
-rw host list, this could be rewritten as:
/vol/vol0/home -rw=@pets
Also, if the security style is desired to be the older style, this could be further rewritten as:
/vol/vol0/home -ro,rw=@pets
/vol/vol1
-access=pets:workers:alligator:mule,\\ rw=dog:cat:skunk:pig:horse:ox:mule
By rule #7, this becomes:
/vol/vol1
-ro=pets:workers:alligator,\\ rw=dog:cat:skunk:pig:horse:ox:mule
This can be rewritten as:
/vol/vol1
-ro=pets:workers:alligator,\\ rw=pets:workers
And should be:
/vol/vol1 -ro=alligator,rw=@pets:@workers
AUTOMATIC EDITING
The /etc/exports file is changed by ONTAP for any of the following conditions:
vol create
A default entry is added for the new volume. If an admin host had been defined during the setup
process, access is restricted to that host, otherwise all hosts have access to the new volume.
vol rename
All entries which have either a pathname or an -actual pathname which matches the old volume name
are changed to be that of the new volume name.
vol destroy
All entries which have either a pathname or an -actual pathname which matches the old volume name
are removed from the file.
upgrade
During every invocation of exportfs -a, the exports file is checked for old style formatting. If this style
is found, the exports file is upgraded to follow the current formatting.
Please note that when we upgrade exports which contain subnets, we always rewrite the subnets in the
compact format of IP_address/num_bits.
If the option nfs.export.auto-update is disabled, then the automatic updates for the vol commands will
not take place. Instead the need for manual updates is syslogged.
ACCESS CACHE
A new feature in ONTAP 6.5 is the access cache, which allows netgroups to appear in -ro=, -rw=, and
-root= options. Each time a request arrives from a host, it refers to an exported path. To avoid lengthy
delays, we first check for that host and path in the cache to determine if we will accept or reject the
request. If there is cache miss, we reject the request and do name resolution in another thread. On the
next request, we should get a cache hit (i.e., the hit or miss depends on network traffic).
The time that a entry lives in the cache is determined by the two options:
nfs.export.neg.timeout
dictates how long an entry which has been denied access lives
nfs.export.pos.timeout
dictates how long an entry which has been granted access lives
There are several ways that the cache can be flushed:
exportfs -f
Flushes the entire access cache.
exportfs -f pathname
Flushes the cache for the longest leading prefix match for the path.
Also, any command which alters an export entry will result in the access cache for that export being
flushed. E.g., exportfs -au, exportfs -a, exportfs -io -rw /vol/vol1, etc.
As the access cache is designed to eliminate name service lookups, entries inside it can become stale
when the name services are modified. For example, if a netgroup is changed or a DNS server is found to
have corrupt maps. If the access cache is found to have stale data, then either parts of it or all of it must
be flushed. If the stale data applies to only a few exports, then each may be flushed with the exportfs -f
pathname command. The entire cache may be cleared with the exportfs -f command.
Note that the same effect may be had by using commands to reload the exports table. In prior versions
of ONTAP, either the exportfs -au; exportfs -a command sequence or a simple exportfs -a command
was commonly used to clear away exports issues. While these can be used to clear the access cache,
they can also result in extra work and lead to very small windows when an export is unavailable.
TROUBLESHOOTING
All mount requests, and NFS requests, come across the wire with an IP address and not the hostname. In
order for an address to be converted to a name, a reverse lookup must be performed. Depending on the
contents and ordering in /etc/nsswitch.conf, DNS, NIS, and/or /etc/hosts may be examined to determine
the mapping.
A common problem with reverse DNS lookups is the existence of a mapping from name to IP, but not
IP to name. Note: Data ONTAP cannot resolve a IPv6 address to multiple hostnames (including
aliases), when doing a reverse host name lookup.
The option nfs.mountd.trace can be turned on to help debug access requests. Note that as this option
can be very verbose and it writes to the syslog, care should be taken to only enable it while trying to
resolve an access problem.
Another useful tool is to use exportfs -c to check for access permissions.
DEPRECATED FEATURES
All exported pathnames which do not begin with a leading "/vol/" or "/etc/" pathname are being
deprecated.
WARNINGS
Exporting the root volume as / can be misleading to some automounters.
FILES
/etc/hosts host name database
/etc/nsswitch.conf determines name resolution search order
SEE ALSO
na_netgroup(5), na_passwd(5)
fsecurity
NAME
na_fsecurity - Definition file for an fsecurity job
DESCRIPTION
The fsecurity definition files describe an fsecurity job, which is used as input to the
na_fsecurity_apply(1) command, and contains a list of tasks that will be run against the file system.
This file can have any convenient name, and can be stored in any convenient location in the local
volumes. The name of the file is given as a parameter to the na_fsecurity_apply(1) command.
SYNTAX
The definition file can be located anywhere in the file system, in either ASCII or Unicode format. The
first line is always the file’s signature, with task definitions on each subsequent line.
The file signature is currently cb56f6f4, and it will be updated when new versions of the file are
supported. It is important that this is the only value on the line, including spaces.
Each task is a comma-separated list of values that are defined as follows:
type,subtype,"path",propagation mode,"security definition"
type
1 - Security Descriptor Definition Language (SDDL)
subtype
0 - Standard
1 - Storage-Level Access Guard (Guard)
path
The path to the target file system object, in double-quotes.
propagation mode
0 - Propagate inheritable permissions to all subfolders and files
1 - Do not allow permissions on this file or folders to be replaced (Not implemented)
2 - Replace existing permissions on all subfolders and files with inheritable permissions
security definition
The security definition that will be applied to the specified path. The format is described by the type
field, and is always enclosed in double-quotes.
For more information about SDDL syntax and proper formatting of the security description value, see
"Security Descriptor String Format" at the following URL:
http://msdn2.microsoft.com/en-us/library/aa379567.aspx
NOTE This file can also be generated by the secedit utility, which is available via download from the
NOW Tool Chest.
EXAMPLE
This is a sample fsecurity definition file which propagates a security descriptor down the /vol/vol0/qtree
hierarchy. The definition allows Everyone full control, and the second line sets a Guard security
descriptor which denies the ability to Write.
cb56f6f4
1,0,"/vol/vol0/qtree",0,"D:(A;CIOI;0x1f01ff;;;Everyone)"
1,1,"/vol/vol0/qtree",0,"D:(D;CIOI;0x000002;;;Everyone)"
EFFECTIVE
Any changes take effect after running the na_fsecurity_apply(1) command.
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
na_fsecurity(1)
ftpusers
NAME
na_ftpusers - file listing users to be disallowed ftp login privileges
SYNOPSIS
/etc/ftpusers
DESCRIPTION
The /etc/ftpusers file is an ASCII file that lists users for whom ftp login privileges are disallowed. Each
ftpuser entry is a single line of the form:
user_name
where user_name is the user’s login name.
By default there is no /etc/ftpusers file, and therefore ftp login privileges are allowed to all users.
EFFECTIVE
Any changes take effect immediately
PERSISTENCE
Changes are persistent across system reboots.
group
NAME
na_group - group file
SYNOPSIS
/etc/group
DESCRIPTION
The /etc/group database contains information for each group in the following form:
groupname:password:gid:user-list
The following list describes the required fields:
groupname
The name of the group.
password
The group’s password, in an encrypted form. This field may be empty.
gid
An integer representing the group; each group is assigned a unique integer.
user-list
The user list is a comma-separated list of users allowed in the group.
EXAMPLE
Here is a sample group file:
project:asderghuIoiyw:12:dan,dave
myproject::11:steve,jerry
SEE ALSO
na_quota(1), na_cifs_setup(1)
hosts
NAME
na_hosts - host name data base
SYNOPSIS
/etc/hosts
DESCRIPTION
The hosts file contains information regarding the known hosts on the network. For each host a single
line should be present with the following information:
Internet-address official-host-name aliases
Items are separated by any number of blanks and/or tab characters. A ‘‘#’’ indicates the beginning of a
comment; characters up to the end of the line are not interpreted by routines which search the file. The
maximum line length is 1022 characters. There is no way to continue an entry past the end of the line.
This file may be created from the official host data base maintained at the Network Information Control
Center (NIC), though local changes may be required to bring it up to date regarding unofficial aliases
and/or unknown hosts.
Network addresses are specified in the conventional ‘‘.’’ (dot) notation. Host names may contain any
alphanumeric character, but not field delimiters, newline, or comment characters.
FILES
/etc/hosts
SEE ALSO
na_nis(8)
hosts.equiv
NAME
na_hosts.equiv - list of hosts and users with rsh permission
SYNOPSIS
/etc/hosts.equiv
DESCRIPTION
The hosts.equiv file contains a list of hosts on which you can enter a filer command through the remote
shell protocol (rsh).
Hosts specified in this file are considered the trusted hosts of the filer.
It is also possible to use hosts.equiv for other protocols such as ssh (both interactive and
non-interactive) and telnet. Additionally, access to ONTAPI (ONTAP management APIs) over HTTP
and HTTPS can use hosts.equiv authentication by setting the filer option
httpd.admin.hostsequiv.enable.
Each line in hosts.equiv has the following format:
hostname [ username ]
+@netgroup [ username ]
If the host on which you enter the filer command is a UNIX host, the user name is optional. If the host
on which you enter the filer command is a PC, you must enter the user name for that PC in the
/etc/hosts.equiv file.
We can also specify a group of hosts using netgroup. Hence all hosts in that netgroup are allowed to
access the filer.
If you do not specify a user name for a UNIX host, you must be root on that host to execute a filer
command through rsh.
If multiple users on the same host should have access to the filer through rsh, enter each user name on a
separate line.
EXAMPLE
The following hosts.equiv file allows both root and joe_smith to enter filer commands through rsh on
a UNIX host named adminhost. It also allows joe_smith to enter filer commands through rsh from all
hosts in netgroup ourhosts:
adminhost
adminhost joe_smith
+@ourhosts joe_smith
SEE ALSO
na_options(1)
httpd.access
NAME
na_httpd.access - authentication controls for HTTP access
SYNOPSIS
/etc/httpd.access
DESCRIPTION
The HTTP daemon can apply authentication controls to individual users or groups on a per directory
basis. The file /etc/httpd.access specifies the following items for each access-controlled tree:
the path to the tree
the authority required to authenticate access to the tree
the lists of users or groups who are permitted access when authenticated
The syntax is the same as the access control syntax used by NCSA and Apache. However, the
httpd.access file only supports a subset of directives supported by NCSA and Apache. You can copy an
existing NCSA or Apache access to the filer without editing or reformatting.
SYNTAX
The supported directives are:
<Directory directory_name>
</Directory>
AuthName Title phrase
require user user_id[, user_id,...] require group group_id[, group_id,...]
where Title phrase is a word or phrase that is passed to the authentication dialog as a title for the dialog
that prompts the user for a password.
EXAMPLES
The following example restricts access to the file /home/htdocs/private/bob so that only user dole can
access it, after supplying the required password. The authentication dialog is titled ‘‘My private stuff.’’
<Directory /home/htdocs/private/bob> AuthName My private stuff
<Limit GET>
require user dole
</Limit>
</Directory>
The <Limit GET> and </Limit> directives are not supported, but are retained for format consistency
with NCSA and Apache. The filer just ignores them.
The following example restricts access to the directory tree /home/htdocs/private/conspiracy to the
group ‘‘guyinblack’’, which consists of the users whose IDs are cancer, deepthroat, mrx, and skinner.
The authentication dialog is titled ‘‘Area 51.’’
<Directory /home/htdocs/private/conspiracy> AuthName Area 51
<Limit GET>
require group guyinblack
</Limit GET>
</Directory>
In this example, ‘‘guyinblack’’ is defined by the following entry in /etc/httpd.group:
guyinblack: cancer deepthroat mrx skinner
The following example requires the client to provide a Windows Domain username and password to
access the directory tree /home/htdocs/win. The authentication dialog is ‘‘Windows(tm)
Authentication’’ This authentication dialog, typed exactly as presented here, is required to enforce
NTLM authentication.
<Directory /home/htdocs/win>
AuthName Windows(tm) Authentication </Directory>
If this authentication control is used the Filer must have CIFS running, and either be a member of a
Windows Domain or be using Local User authentication.
EFFECTIVE
Any changes take effect within 5 minutes
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
na_httpd.group(5).
BUGS
Only the directives listed above are supported; other directives that may appear in NCSA or Apache
access files are ignored.
httpd.group
NAME
na_httpd.group - names of HTTP access groups and their members
SYNOPSIS
/etc/httpd.group
DESCRIPTION
The file declares the names of groups and the user IDs of the members of each group, for use by the
HTTP daemon in executing the access controls declared in /etc/httpd.access.
SYNTAX
group_id1:user_id1 [ user_id2 ... ]
EFFECTIVE
Any changes take effect within 5 minutes
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
na_httpd.access(5).
httpd.hostprefixes
NAME
na_httpd.hostprefixes - configuration of HTTP root directories for virtual hosts
SYNOPSIS
/etc/httpd.hostprefixes
DESCRIPTION
The httpd.hostprefixes file maps virtual hosts used in HTTP to corresponding root directories. The
same configuration file is used for both IP virtual hosts (discriminated by the IP address used for
connecting to the server) and HTTP virtual hosts (discriminated by the Host: header used in HTTP
requests).
Each virtual host has a corresponding subdirectory within the directory specified by the option
httpd.rootdir. This subdirectory is called the virtual host root directory. Clients connected to a virtual
host can only access files within the virtual host root directory.
In the httpd.hostprefixes file, each line consists of a virtual host root directory followed by the names
and IP addresses of a virtual host. If you specify an IP address, the virtual host root directory is
associated with the given virtual host for IP-level virtual hosting. If you specify a name, the virtual host
root directory is associated with the virtual host with that name, using HTTP-level virtual hosting. If the
filer can resolve that name to an IP address, which is used for an IP-level host alias (see the alias option
in na_ifconfig(1)), the filer uses that IP address in the same way as it would if you specified the IP
address in the httpd.hostprefixes file.
If the /etc/httpd.hostprefixes file is edited, it is read again by the HTTP server after the changes are
saved.
EXAMPLE
This example maps requests sent to www.customer1.com to the customer1 subdirectory of
httpd.rootdir and requests directed at a host with IP address 207.68.156.58 to the subdirectory
customer2.
/customer1 www.customer1.com
/customer2 207.68.156.58
If the command
toaster> ifconfig vh alias www.customer1.com
had been issued before the configuration file was read, requests destined for the IP address of
www.customer1.com would also be mapped to the /customer1 subdirectory, regardless any the Host:
header they included.
EFFECTIVE
Any changes take effect within 5 minutes
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
na_options(1)
httpd.log
NAME
na_httpd.log - Log of HTTP
SYNOPSIS
/etc/log/httpd.log
DESCRIPTION
The HTTP server logs an entry for every file retrieved via HTTP. This log, written to /etc/log/httpd.log,
is stored in the "Common Log Format," which is used by many WorldWide Web servers.
Each entry in /etc/log/httpd.log consists of one line with seven fields. The fields are, in order:
address
The IP address of the HTTP client requesting the file.
rfc931
This field is always "-".
authuser
This field is always "-".
date
The time and date the request was is reported in the format "[Day/Mon/Year:HH:MM:SS]", which
is logged in universal time (GMT) rather than the local time zone.
request
A quoted string is recorded for the method (request type) and file involved in the request.
result
The status code for the request, as defined in RFC 1945, the HTTP protocol specification. (See
below.)
bytes
The size of the file in bytes.
Possible values for result codes include:
200
Success: the requested file was transmitted.
302 Redirected (see /etc/httpd.translations).
304
Not modified (client cache used).
400
Bad request.
401
Unauthorized request.
403
Access to file prohibited.
404
File not found.
503
HTTP server disabled.
The size of the log file can be restricted by the option httpd.log.max_file_size.
SEE ALSO
na_httpd.translations(5)
RFC 1945, "Hypertext Transfer Protocol -- HTTP/1.0"
BUGS
Some Web servers report size statistics differently for result codes other than 200. For example, a file
size of 0 is often reported for result code 304 (Not modified).
The log file grows automatically and is never reset. It is your responsibility to rotate files and empty the
log files regularly.
httpd.mimetypes
NAME
na_httpd.mimetypes - map of file suffixes to MIME ContentType
SYNOPSIS
/etc/httpd.mimetypes
DESCRIPTION
For HTTP/1.0 and higher protocols, a MIME header is returned in the reply of every GET request. This
header includes a "Content-Type" field, whose contents is determined by examining the suffix of the
file being transmitted.
The /etc/httpd.mimetypes file contains the mapping of filename suffixes to MIME Content-Type. The
format of each line is: suffix, Content-Type. Comments are introduced with a "#".
The filer is not shipped with the /etc/httpd.mimetypes file. Instead, the filer’s system files include a
sample file named /etc/httpd.mimetypes.sample. Before you start using HTTP, make a copy of
/etc/httpd.mimetypes.sample and name the copy /etc/httpd.mimetypes.
If the file /etc/httpd.mimetypes is not installed, the HTTP server looks for the file
/etc/httpd.mimetypes.sample as a fallback.
EXAMPLE
# map .ps files to PostScript type:
ps application/postscript
EFFECTIVE
Any changes take effect within 5 minutes
PERSISTENCE
Changes are persistent across system reboots.
httpd.passwd
NAME
na_httpd.passwd - file of passwords required for HTTP access
SYNOPSIS
/etc/httpd.passwd
DESCRIPTION
The password file containing the encrypted form of the password that an HTTP client must supply to
have access to a file in a controlled-access directory tree, as declared in /etc/httpd.access.
The password is encrypted in the regular UNIX style. User of NCSA or Apache can use their htpasswd
program to generate the user_id:passwd pair.
The HTTP access control does not use the existing CIFS password database on the filer because in http
basic authentication, in each request for protected pages, the value of passwd is sent over the network in
clear text, and without encryption would compromise the user’s password.
SYNTAX
user_id1:encrypted_passwd1
used_id2:encrypted_passwd2
...
EFFECTIVE
Any changes take effect within 5 minutes
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
na_httpd.access(5).
httpd.translations
NAME
na_httpd.translations - URL translations to be applied to incoming HTTP requests
SYNOPSIS
/etc/httpd.translations
DESCRIPTION
The HTTP daemon supports four URL translation rules to filter incoming HTTP requests. The HTTP
daemon applies each rule in succession, stopping at the first successful Redirect, Pass, or Fail rule:
Map template result
Any request which matches template is replaced with the result string given.
Redirect template result
Any request which matches template is redirected to the result URL. Note that this must be a full URL,
e.g., beginning with "http:".
Pass template [ result ]
Any request which matches template is granted access, and no further rule processing occurs. An
optional result can be used in place of the matching URL.
Fail template
Any request which matches template is denied access. Rule processing stops after a matched Fail.
Both templates and results may contain wildcards (a star "*" character). The wildcard behaves like a
shell wildcard in the template string, matching zero or more characters, including the slash ("/")
character. In the result string, a wildcard causes text from the corresponding match in the template
string to be inserted into the result.
EXAMPLE
This example redirects CGI queries to cgi-host, prevents accesses to /usr/forbidden, and maps requests
for images to a local image directory:
#
# Example URL translations
#
Redirect /cgi-bin/* http://cgi-host/*
Fail /usr/forbidden/*
Map /image-bin/* /usr/local/http/images/*
EFFECTIVE
Any changes take effect within 5 minutes
PERSISTENCE
Changes are persistent across system reboots.
messages
NAME
na_messages - record of recent console messages
SYNOPSIS
/etc/messages
DESCRIPTION
The default behavior of the filer syslogd daemon (see na_syslogd(8)) is to print all logging messages of
priority info or higher to the console, and to the messages file. A typical message is:
Fri Jun 10 14:31:37 PDT 2005 [rc]: NetApp Release 7.1 boot complete.
Every Saturday at 24:00, /etc/messages is moved to /etc/messages.0, /etc/messages.0 is moved to
/etc/messages.1, and so on. Message files are saved for a total of six weeks.
FILES
/etc/messages
messages file for current week /etc/messages.[0-5] messages file for previous weeks
SEE ALSO
na_syslog.conf(5)
ndmpdlog
NAME
na_ndmpdlog - The ndmpdlog provides a detailed description of the activities of all active NDMP
sessions.
SYNOPSIS
/etc/log/ndmpdlog.yyyymmdd
DESCRIPTION
The NDMP debug log provides a detailed description of the activities of all active NDMP sessions. See
na_ndmpd (1) for a detailed description of how NDMP logging is enabled and disabled and the various
options associated with the control of logging. All events are recorded in multi-line entries and are sent
to the filer console and/or the /etc/log/ndmpdlog.yyyymmdd files depending on how logging has been
configured with the ndmpd debug command.
The information in the ndmpdlog is a trace of the NDMP protocol messages as defined in the various
versions of the NDMP Protocol Specification. Data ONTAP supports versions 2, 3 and 4 of the
protocol. At least a cursory knowledge of the NDMP Protocol is required to analyze the ndmpdlog.
Describing the protocol is beyond the scope of this manpage. Descriptions of the three supported
versions of the protocol can be found at www.ndmp.org.
If logging to files is enabled, a new log file is created each day. The last part of the log file name is the
date for which the log file applies. If NDMP sessions are active at the time a new daily log file is
created, information for the existing sessions will continue to be logged to the file which was active at
the time the sessions were created. Information for any new sessions will be logged in the new log file.
Up to 9 daily log files are retained on the system. A log file for a particular day may not exist if no
NDMP activity occurred on that day. Log files over 8 days old are automatically deleted by Data
ONTAP.
The log has a multi-column, multi-line format.
The three columns contain:
Date
The time of the messages displayed in the timezone specified by the timezone command.
Session
The NDMP session number for the messages in [ndmpd:<session>] format.
Message
The contents of the messages.
The information for each message occupies multilple lines in the log. At a high level, there are two
types of log entries: those representing request/reply pairs and those representing log/notify messages.
Note that there is only one entry for a request/reply pair. Some of the information is placed in the log as
the message is received by the filer and other information is placed in the log as the reply is being sent
to the NDMP client. Also note that the debug level must be set to the appropriate level with the ndmpd
debug command as described in na_ndmpd (1) for the following information to be displayed.
The log entry for each request/reply message begins with the following 2 lines:
NDMP message type:
The high-level message type such as
NDMP_DATA_START_BACKUP
or NDMP_TAPE_OPEN.
NDMP message replysequence:
The replysequence is the sequence number from the request message with which the reply is associated.
The log entry for each log/notify message begins with the following line:
Message <message type> sent
The high-level message type such as
NDMP_NOTIFY_DATA_ABORT
or NDMP_LOG_MESSAGE.
The above information is followed by the NDMP message header.
Message header:
The message header contains information such as sequence numbers, a numerical representation of the
message type, and an error field representing the success or failure of receiving and decoding the
message. The fields correspond to the fields in the NDMP message header as defined in the NDMP
Protocol Specifications.
The header information is followed by the request/reply information or the log/notify information.
Request/Reply information including the Error code: Contains the remainder of the information
about the request and reply for the message and possibly some other state information associated with
the request/reply. An Error code: field is displayed for all reply message log entries. This is the overall
status of the execution of the request and is a key piece of information when diagnosing problems. The
contents of the rest of the log entry varies widely depending on the message being logged. It is beyond
the scope of this manpage to describe the details for the dozens of different messages which are part of
the NDMP protocol. Refer to the NDMP Protocol Specifications as well as the NDMP Extension
Specifications available from NetApp to decode these fields in the logs.
Log/Notify information:
Contains the remainder of the information about the log/notify message. As for the request/reply
information, see the NDMP Protocol Specifications as well as the NDMP Extension Specifications to
decode these fields in the logs.
VFILER CONSIDERATIONS
The log files are stored in the /etc/log directory of the vfiler’s root volume.
FILES
/etc/log/ndmpdlog.yyyymmdd
daily ndmpd log file
SEE ALSO
na_ndmpd(1).
netgroup
NAME
na_netgroup - network groups data base
SYNOPSIS
/etc/netgroup
DESCRIPTION
netgroup defines network wide groups used for access permission checking during remote mount
request processing. Each line defines a group and has the format:
groupname member-list
Each element in member-list is either another group name or a triple of the form:
(hostname, username, domainname)
The hostname entry must be fully qualified if the specified host is not in the local domain.
The filer can also use the netgroup NIS map.
Since the filer uses netgroups only in /etc/exports (see na_exports(5)), the username entry is ignored.
The domainname field refers to the domain in which the netgroup entry is valid. It must either be empty
or be the local domain; otherwise the netgroup entry is ignored. An empty entry allows a single
/etc/netgroup file to be used for filers in multiple domains.
A group definition can be at most 4096 bytes even when ‘\’s are used to extend the definition over
several lines. The maximum nesting level when group names are used in the member-lists of other
groups is 1000.
Modifications to the /etc/netgroup file may take upto 60 seconds to take effect.
EXAMPLE
This is a typical netgroup file:
trusted_hosts (adminhost,,) (zeus,,) (thor,,) (minerva,,)
untrusted_hosts
(sleepy,,) (dopey,,) (grumpy,,) (sneezy,,)
all_hosts
trusted_hosts untrusted_hosts
With this netgroup file it might make sense to modify /etc/exports to export / on the filer only to
trusted_hosts, but to export /home to all_hosts.
FILES
/etc/netgroup
/etc/exports
directories and files exported to NFS clients
/etc/hosts
host name data base
SEE ALSO
na_nis(8)
BUGS
The only place that netgroups can be used are in the options of the exportfs command (see exportfs(1))
and /etc/exports.
The /etc/netgroup configuration does not failover. Thus, the /etc/netgroup files on the active and
backup filer must be kept consistent manually.
networks
NAME
na_networks - network name data base
SYNOPSIS
/etc/networks
DESCRIPTION
The networks file contains information regarding the known networks which comprise the Internet. For
each network a single line should be present with the following information:
official-network-name network-number aliases
Items are separated by any number of blanks and/or tab characters. A ‘‘#’’ indicates the beginning of a
comment; characters up to the end of the line are not interpreted by routines which search the file. This
file is normally created from the official network data base maintained at the Network Information
Control Center (NIC), though local changes may be required to bring it up to date regarding unofficial
aliases and/or unknown networks.
Network number may be specified in the conventional ‘‘.’’ (dot) notation or as a 32 bit integer.
Numbers may be specified in decimal (default), octal or hexadecimal. A number is interpreted as octal
if it starts with the digit "0". A hexadecimal number must begin with "0x" or "0X." Network names may
contain any printable character other than a field delimiter, newline, or comment character.
FILES
/etc/networks
nsswitch.conf
NAME
na_nsswitch.conf - configuration file for name service switch
SYNOPSIS
/etc/nsswitch.conf
DESCRIPTION
The name service switch configuration file contains the preferred order in which name services will be
contacted for name resolution by the filer. For each map, the name services to be used and the lookup
order is specified in this file. Currently four name services are supported. They are local files in the /etc
directory, NIS, LDAP, and DNS. The maps or "databases" that are supported are hosts, passwd,
shadows, group, and netgroups (LDAP is currently supported in the passwd, group, and netgroups map).
Each line has the form:
map: order of name services
For example:
hosts: files nis dns ldap
passwd: files nis ldap
When trying to resolve a name, the services are contacted one by one, as per the order specified, until
the name is successfully resolved. A name resolution failure occurs when no service can successfully
resolve the name. When enumerating a map, enumeration happens over all the services specified for the
map.
FILES
/etc/nsswitch.conf
SEE ALSO
na_setup(1)
nvfail_rename
NAME
na_nvfail_rename - Internet services
SYNOPSIS
/etc/services
DESCRIPTION
The services file contains information mapping between port numbers and service names. This file
exists purely for reference purposes and is not currently used by Data ONTAP. Modifying entries in this
file will have no effect on the filer. Removing entries will not disable ports or services. For information
on how to change which port numbers a service uses (if possible), see the relevant manual page for that
service. Such changes will not update the services file.
Each line contains a service name followed by a port number, a ‘‘/’’, and a protocol, for example 20/tcp.
Legal protocol names are ‘‘tcp’’ and ‘‘udp’’. Port numbers are decimal numbers in the range of 0 to
65535. A service name may contain any printable character other than the comment character (i.e. no
spaces, tabs, newlines, or ‘‘#’’).
Items are separated by any number of blanks and/or tab characters. A ‘‘#’’ indicates the beginning of a
comment; characters up to the end of the line are not interpreted by routines which search the file.
FILES
/etc/nvfail_rename
SEE ALSO
na_vol(1)
passwd
NAME
na_passwd - password file
SYNOPSIS
/etc/passwd
DESCRIPTION
The passwd file contains basic information about each user’s account. It contains a one-line entry for
each authorized user, of the form:
username:password:uid:gid:gcos_field:home_directory:login_shell
Required Fields:
username
The user’s login name, not more than eight characters.
password
The user’s password, in an encrypted form that is generated by the UNIX passwd function.
However, if the encypted password is stored in /etc/shadow, (see shadow(5)), the password field
of /etc/passwd is empty.
uid
A unique interger assigned by the UNIX administrator to represent the user’s account; its value is
usually between 0 and 32767.
gid
An interger representing the group to which the user has been assigned. Groups are created by the
UNIX system administrator; each is assigned a unique integer whose value is generally between 0
and 32767.
gcos-field
The user’s real name. The name may be of any length; it may include capital letters as well as
lower case, and may include blanks. The name may be empty.
home_directory The user’s home directory. The home directory field may be empty.
login-shell
The default shell launched at login. This field may be empty.
EXAMPLE
Here is a sample passwd file when the /etc/shadow does not exist:
root:bDPu/ys5PBoYU:0:1:Operator:/:/bin/csh
dave:Qs5I6pBb2rJDA:1234:12:David:/u/dave:/bin/csh
dan:MNRWDsW/srMfE:2345:23:Dan::
jim:HNRyuuiuMFerx:::::
SEE ALSO
na_pcnfsd(8), na_cifs_access(1), na_cifs_setup(1)
psk.txt
NAME
na_psk.txt - pre-shared authentication key file
SYNOPSIS
/etc/psk.txt
DESCRIPTION
The psk.txt file contains an pre-shared key that authenticates the specified machine For each machine a
single line should be present with the following information:
Internet-address authentication-key
Items are separated by any number of blanks and/or tab characters. authenticaion-key is specified as an
ascii text. Network addresses are specified in the conventional ‘‘.’’ (dot) notation.
FILES
/etc/hosts
SEE ALSO
na_ipsec(1),
qual_devices
NAME
na_qual_devices - table of qualified disk and tape devices
SYNOPSIS
/etc/qual_devices
DESCRIPTION
The qual_devices file names storage devices qualified for use with Data ONTAP. This is a read-only
file and must not be modified.
Disk and tape drives listed in this file are qualified for use with a Data ONTAP system. This file is read
by the dynamic qualification process which is invoked to authenticate devices not listed in the internal
tables of a particular Data ONTAP release. The dynamic qualification process may be invoked at
system startup, cluster takeover, or when a new device is detected.
WARNING
Do not modify or remove this file. However, it may be replaced with an updated version containing
identification data for additionally qualified devices supplied by Network Appliance.
NOTES
Each line in the file contains identification strings for a qualified device.
QUALIFICATION ERRORS
A qualification error will occur when Data ONTAP is unable to locate identification information for one
or more storage devices detected by the system. To resolve qualification errors, verify the existence of
/etc/qual_devices and ensure it represents the latest version available from Network Appliance. Periodic
console messages will be generated when a qualification error is present. All qualification errors MUST
be resolved for continued system operation.
quotas
NAME
na_quotas - quota description file
SYNOPSIS
/etc/quotas
DESCRIPTION
The /etc/quotas file describes disk quotas that go into effect when quotas are enabled. All quotas are
established on a per-volume basis. If a volume name is not specified in an entry of the /etc/quotas file,
the entry applies to the root volume.
The following sample /etc/quotas file describes different kinds of quotas:
# Quota Target type disk files thold sdisk sfile
# ------------- ----- ---- ----- ----- ----- -----
mhoward user 500M 50K
lfine user@/vol/home 500M
tracker user - -
stooges group@/vol/vol0 750M 75K
/vol/vol0/export tree 750M 75K
mhoward user@/vol/vol0/export 50M 5K
stooges group@/vol/vol0/export 100M 10K
* user@/vol/home 100M 10K 90M 90M 9K
* group@/vol/vol0 500M 70K
* tree 500M 50K
* user@/vol/vol0/export 20M 2K
* group@/vol/vol0/export 200M 20K 150M
* tree@/vol/home 500M 50K
corp\bill user - - 100M
corp\joe, fin\joe user 200M 40K 160M
corp\sue, sue user 100M 20K
corp\ann user 100M - 90M
QUOTA_TARGET_DOMAIN corp
# The following entry will become corp\jim
jim user 200M - -
# The following entry will become corp\beth
beth user 120M 50K -
QUOTA_TARGET_DOMAIN
QUOTA_PERFORM_USER_MAPPING ON
# If corp\sam maps to usam, the following entry will become
# corp\sam, usam user .....
corp\sam user 50M
# If umary maps to corp\mary, the following entry will become
# umary, corp\mary user ....
umary user 300M
QUOTA_PERFORM_USER_MAPPING OFF
The first non-comment line in the file restricts the user mhoward to 500 MB of disk space and 51,200
files in the root volume. The second line restricts the user lfine to 500 MB of disk space in the home
volume, but places no restriction on the number of files he can have. You can leave the file limit blank
to indicate that no limit is imposed but you cannot omit the value for disk space. The third line places
no restriction on either disk usage or file usage by using a limit field of "-". This may be useful for
tracking usage on a per-user or per-group basis without imposing any usage limits.
The next two lines restrict the stooges group and the /vol/vol0/export qtree to 750 MB and 76,800 files
each in the root volume.
The fifth column of the /etc/quotas file contains a value for the warning threshold. If an attempt to
allocate space for the quota target causes the quota target’s disk space usage to exceed the warning
threshold value, a warning message is logged on the filer’s console. Additionally, an SNMP trap is
emitted indicating the condition. The disk space allocation will succeed if no other quota limits are
exceeded. The value is specified in bytes.
The sixth column specifies a soft disk limit, while the seventh column specifies a soft file limit. They
are analogous to the (hard) limits specified in the third and fourth columns, but behave more similarly to
the threshold value: when a soft limit is exceeded, a warning message is logged to the filer’s console.
Additionally, an SNMP trap is emitted indicating the condition. Lastly, when the quota target’s usage
returns below the soft limit, a warning message and SNMP trap is also generated.
An entry in the /etc/quotas file may extend over several lines, but the last five columns (hard limits,
warning threshold, and soft limit values) must be on the same line of the quota file.
A user is specified by one of the following values:
a unix user name, which must appear in the password database (either in the /etc/passwd file on the
filer, or in the password NIS map if NIS is enabled on the filer and is being used for the password
database);
a numerical unix user ID;
the pathname of a file owned by that user;
a Windows account name, which consists of the domain name and the account name separated by a
backslash (if the domain name or the account name contain spaces or other special characters, then the
entire name must be enclosed in quotes);
the text form of a Windows SID that represents a Windows account;
a comma separated list of any of the above items that are to be considered one user quota target (the list
can extend to multiple lines, but the last item must be on the same line as the quota type, disk limit, file
limit and warning threshold values).
A group is specified by one of the following values:
a unix group name, which must appear in the group database (either in the /etc/group file on the filer, or
in the group NIS map if NIS is enabled on the filer and is being used for the group database);
SEE ALSO
na_usermap.cfg(5)
rc
NAME
na_rc - system initialization command script
SYNOPSIS
/etc/rc
DESCRIPTION
The command script /etc/rc is invoked automatically during system initialization. Since the filer has no
local editor, /etc/rc must be edited from an NFS client with root access to /etc. Alternately, you can use
the setup command to generate a new /etc/rc file without using NFS.
EXAMPLE
This is a sample /etc/rc file as generated by setup:
#Auto-generated by setup Tue Jun 2 21:23:52 GMT 1994
hostname toaster.mycompany.com
ifconfig e0 ‘hostname‘-0
ifconfig e1a ‘hostname‘-1
route add default MyRouterBox 1
routed on
timezone Atlantic/Bermuda
savecore
FILES
/etc/rc
SEE ALSO
na_nfs(1), na_setup(1), na_timezone(1)
registry
NAME
na_registry - registry database
SYNOPSIS
/etc/registry
DESCRIPTION
The file /etc/registry stores a variety of persistent information for ONTAP. For example, the options
command uses this file to save option values, eliminating the need to manually add lines to the /etc/rc
file.
Do not edit this file directly; if you do, some aspects of ONTAP will not operate correctly. Several
backups of the registry database exist and are automatically used if the original registry becomes
unusable. In particular, /etc/registry.lastgood is a copy of the registry as it existed after the last
successful boot.
If you back up the configuration files in the /etc directory, the /etc/registry file should be included. After
restoring all the configuration files, a reboot will be required to complete the restore (for example, in
order to reload the registry, and to re-execute /etc/rc).
ERRORS
If the /etc/rc file contains an explicit "options" statement whose value conflicts with the value of the
option stored in the registry, you will see an error message at boot time like this:
** Option cifs.show_snapshot is being set to "true" in /etc/rc, and this
** conflicts with a value - "off" - loaded from the registry.
** Commands in /etc/rc always override the registry at boot time,
** so the value of cifs.show_snapshot is now "true".
Similarly, if you execute the "options" statement interactively, and the /etc/rc file contains an explicit
"options" statement for the same option, you may see an error message such as this:
** Option autosupport.enable is being set to "off", but this conflicts
** with a line in /etc/rc that sets it to "on".
** Options are automatically persistent, but the line in /etc/rc
** will override this persistence, so if you want to make this change
** persistent, you will need to change (or remove) the line in /etc/rc.
By removing the explicit options statements from /etc/rc, you can eliminate these warnings about
inconsistencies between /etc/rc and the registry.
FILES
/etc/registry (primary registry)
/etc/registry.bck (first-level backup)
/etc/registry.lastgood (second-level backup)
resolv.conf
NAME
na_resolv.conf - configuration file for domain name system resolver
SYNOPSIS
/etc/resolv.conf
DESCRIPTION
The resolver configuration file contains information that is read by the resolver routines. The file is
designed to be human readable and contains a list of keywords with values that provide various types of
resolver information. Semicolon (’;’) or pound (’#’) starts comment. So, any character after ‘;’ or ‘#’ is
ignored until the next line. Lines in bad formats are ignored entirely.
The different configuration options are:
nameserver address
This specifies the Internet address (in dot notation) of a name server that the resolver should query. Up
to 3 name servers may be listed, one per keyword. If there are multiple servers, the resolver queries
them in the order listed. When a query to a name server on the list times out, the resolver will move to
the next one until it gets to the bottom of the list. It will then restart from the top retrying all the name
servers until a maximum number of retries are made.
search domain-list
This specifies the search list for host-name lookup. The search list is normally determined from the
local domain name; by default, it begins with the local domain name, then successive parent domains
that have at least two components in their names. This may be changed by listing the desired domain
search path following the search keyword with spaces or tabs separating the names. Most resolver
queries will be attempted using each component of the search path in turn until a match is found. Note
that this process may be slow and will generate a lot of network traffic if the servers for the listed
domains are not local, and that queries will time out if no server is available for one of the domains.
The search list is currently limited to six domains with a total of 256 characters.
The keyword and value must appear on a single line, and the keyword (e.g. nameserver) must start the
line. The value follows the keyword, separated by white space.
FILES
/etc/resolv.conf
SEE ALSO
na_rc(5), RFC 1034, RFC 1035
rmtab
NAME
na_rmtab - remote mounted file system table
SYNOPSIS
/etc/rmtab
DESCRIPTION
/etc/rmtab maintains the list of client mount points between server reboots. The list of client mount
points can be obtained by using the MOUNTPROC_DUMP remote procedure call, or by using the
UNIX showmount(1) command. When the server successfully executes a mount request from a client,
the server appends a new entry to the file. When the client issues an unmount request, the corresponding
entry is marked as unused. When the server reboots, unused entries are deleted from the file.
BUGS
Entries may become stale if clients crash without sending an unmount request. The file may be removed
before rebooting the server in which case the server will lose information about any active client mount
entries on reboot.
serialnum
NAME
na_serialnum - system serial number file
SYNOPSIS
/etc/serialnum
DESCRIPTION
The file /etc/serialnum should contain the serial number of your machine.
If /etc/serialnum does not exist, it is an indication that your machine could not obtain the serial number
from the hardware. In this case you need to enter the serial number manually. The serial number is
found on the back of the machine in the lower right hand corner. You should see a tag that says:
NetworkAppliance SN: xxxx
Use a text editor to create /etc/serialnum and put the machine’s serial number in it. The file should
contain a single line that only has the serial number. The file is used to help Network Appliance’s
customer service group process your autosupport email more efficiently.
FILES
/etc/serialnum
WARNINGS
A warning is issued to the console if /etc/serialnum contains a different value other than the hardware
serial number in which case it is automatically overwritten with the hardware serial number. Also if the
hardware serial number and /etc/serialnum do not exist, then a warning is issued to the console.
services
NAME
na_services - Internet services
SYNOPSIS
/etc/services
DESCRIPTION
The services file contains information mapping between port numbers and service names. This file
exists purely for reference purposes and is not currently used by Data ONTAP. Modifying entries in this
file will have no effect on the filer. Removing entries will not disable ports or services. For information
on how to change which port numbers a service uses (if possible), see the relevant manual page for that
service. Such changes will not update the services file.
Each line contains a service name followed by a port number, a ‘‘/’’, and a protocol, for example 20/tcp.
Legal protocol names are ‘‘tcp’’ and ‘‘udp’’. Port numbers are decimal numbers in the range of 0 to
65535. A service name may contain any printable character other than the comment character (i.e. no
spaces, tabs, newlines, or ‘‘#’’).
Items are separated by any number of blanks and/or tab characters. A ‘‘#’’ indicates the beginning of a
comment; characters up to the end of the line are not interpreted by routines which search the file.
FILES
/etc/services
SEE ALSO
na_hosts(5)
shadow
NAME
na_shadow - shadow password file
SYNOPSIS
/etc/shadow
DESCRIPTION
The shadow file provides more secure storage for the user’s password (which would otherwise be in
/etc/passwd). When the password field of an entry in /etc/passwd is empty, /etc/shadow must contain a
corresponding entry with the same user name but a non-empty encrypted password.
username:password:
The following list explains the required fields:
username
The user’s login name, not more than eight characters.
password
The user’s password, in an encrypted form that is generated by the UNIX passwd function.
There can be other fields in the /etc/shadow file following the ":" after the password.
EXAMPLE
Here is a sample shadow password file entry:
dave:Qs5I6pBb2rJDA:
SEE ALSO
na_pcnfsd(8), na_nsswitch.conf(5)
sis
NAME
na_sis - Log of Advanced Single Instance Storage (SIS) activities
SYNOPSIS
/etc/log/sis
DESCRIPTION
The sis log file contains a log of SIS activities for this filer. The file lives in /etc/log on the root volume.
Every Sunday at midnight, /etc/log/sis is moved to /etc/log/sis.0; /etc/log/sis.0 is moved to
/etc/log/sis.1; and so on. The suffix can go up to 5, so the old /etc/log/sis.5 will be deleted. SIS activities
are saved for a total of seven weeks.
Each entry of the /etc/log/sis file is a single line containing the following space-separated fields.
timestamp path session-ID event_info
session-ID
The session ID is as shown below:
[sid: 1220249325]
event_info
The event which is being logged. Some events may have extra information in parentheses. The current
event types are:
Sis Restart
When a SIS operation resumes from a checkpoint. The event is augmented within parenthesis with the
stage from which it is restarting.( Restarting from [ - | gathering | sorting | saving_pass1 | saving_pass2
checking |
checking_pass1 | checking_pass2 ] )
Begin ( operation information)
When a SIS operation is first kicked off, there can be multiple reasons which trigger it. The event is
augmented with the following additional information in parenthesis.
schedule : If the SIS operation is kicked off as per the configured or default schedule.
sis start scan : Corresponds to "sis start -s", when we are instructed to scan the entire file system for
duplicated blocks.
sis check : If we are specifically instructed to perform fingerprint database checking.
sis start snapvault : If the snapvault initiated the SIS operation.
sis start : When the SIS operation is kicked off to perform deduplication based on the changelogs.
Undo
Corresponds to "sis undo" command.
Stage ( amount_processed )
An event is logged at the end of each stage along with the amount of processing that was done in that
stage. The different stages can be Sort, Dedup Pass1, Dedup Pass2 and Verify. Note the Verify event is
logged at the start of sis check operation. The events for each are shown below :
Thu Sep 01 10:31:05 GMT 2008 /vol/dense_vol [sid: 12] Sort (2560 fp entries)
Thu Sep 22 10:33:03 GMT 2008 /vol/dense_vol [sid: 12] Dedup Pass1 (0 dup entries)
Thu Oct 13 10:35:00 GMT 2008 /vol/dense_vol [sid: 12] Dedup Pass2 (2559 dup entries)
Thu Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 12] Verify
End ( processed_size KB )
When a long-running SIS operation (either Begin or Undo) completes successfully. The size of data
processed is included in the event.
Error ( Error_message )
If a SIS operation aborts or fails to start, the cause of the error is indicated.
Config ( schedule_string )
When a "sis config" command successfully set or modified the SIS schedule on a volume. The new
schedule string is logged with the event.
Enable
When the SIS is enabled on a volume.
Disable
When the SIS is disabled on a volume.
Stats ( statistics string)
When each changelog is processed ,statistics are logged with this event.
Info ( operation information)
Some of the operations that are logged within parenthesis in the Info event are :
sis start : This corresponds to the event when user issues the sis operation based on changelogs.
sis check : When a sis check operation starts to perform fingerprint database checking.
sis start scan : This information is logged when a "sis start -s" command is issued.
sis start schedule : When a sis operation starts based on its schedule.
operation pending : The maximum number of sis operations running is 8. If a sis operation is issued or
scheduled when this upper limit is already reached, it gets queued as a pending operation and prints this
message in Info event.
starting pending operation : A sis operation is queued when 8 sis operations are already running. This
message is logged when later on system becomes free and the pending operation starts its execution at
the time of schedule start.
EXAMPLE
On the successful completion of such a sis start -s operation, the log file should have the following
entries:
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 11] Info (sis start scan)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 11] Begin (sis start scan)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 11] Sort (0 fp entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 11] Dedup Pass1 (0 dup entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 11] Dedup Pass2 (0 dup entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 11] Stats (blks gathered 0,finger
prints sorted 0,dups found 0,new dups found 0,blks deduped 0,finger prints checked 0,finger
prints deleted 0)
Tue Jul 12 02:02:05 GMT /vol/dense_vol [sid: 11] End (0 KB)
On the successful completion of a sis start operation, the log file should have the following entries:
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 9] Info (sis start)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 9] Begin (sis start)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 9] Sort (0 fp entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 9] Dedup Pass1 (0 dup entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 9] Dedup Pass2 (0 dup entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 9] Stats (blks gathered 0,finger
prints sorted 0,dups found 0,new dups found 0,blks deduped 0,finger prints checked
0,finger prints deleted 0)
Tue Jul 12 02:02:05 GMT 2008 /vol/dense_vol [sid: 9] End (0 KB)
A SIS operation initiated by schedule and based on change log is the most common case. In this case a
pending operation has started its execution. On the successful completion of such an operation, the log
file should have the following entries:
Tue Jul 12 02:01:03 GMT 2008 /vol/dense_vol [sid: 0] Info (starting pending operation)
Tue Jul 12 02:01:03 GMT 2008 /vol/dense_vol [sid: 0] Begin (schedule)
Tue Jul 12 02:01:04 GMT 2008 /vol/dense_vol [sid: 0] Sort (128000 fp entries)
Tue Jul 12 02:01:04 GMT 2008 /vol/dense_vol [sid: 0] Dedup Pass1 (0 dup entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 0] Dedup Pass2 (127999 dup entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 0] Stats (blks gathered 0,finger prints sorted 0,dups found
0,new dups found 127999,blks deduped 127541,finger prints checked 0,finger prints deleted 0)
Tue Jul 12 02:02:22 GMT 2008 /vol/dense_vol [sid: 0] End (2356080 KB)
The log file will have following entries if sis start operation starts from a checkpoint corresponding to
saving_pass2 stage :
Thu Sep 18 03:32:23 GMT 2008 /vol/dense_vol [sid: 15] Sis Restart (Restarting from saving_pass2 stage )
Thu Sep 18 03:32:23 GMT 2008 /vol/dense_vol [sid: 15] Begin (sis start)
Thu Sep 18 03:32:23 GMT 2008 /vol/dense_vol [sid: 15] Dedup Pass2 (130559 dup entries)
Thu Sep 18 03:32:30 GMT 2008 /vol/dense_vol [sid: 15] Stats (blks gathered 0,finger prints sorted 0,dups found 0,new dups found 130559,blks deduped 130091,finger prints checked 0,finger prints delet...
Thu Sep 18 03:32:30 GMT 2008 /vol/dense_vol [sid: 15] End (522240 KB)
On the successful completion of such a sis check operation, the log file should have the following
entries: (sis check)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 14] Info (sis check)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 14] Begin (sis check)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 14] Verify
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 14] Merge(0 stale entries)
Tue Jul 12 02:01:05 GMT 2008 /vol/dense_vol [sid: 14] Stats (blks gathered 0,finger
prints sorted 0,dups found 0,new dups found 0,blks deduped 0,finger prints
checked 0,finger prints deleted 0)
Tue Jul 12 02:02:05 GMT 2008 /vol/dense_vol [sid: 14] End (0 KB)
If a SIS operation aborts, the Error event will replace the End event.
Fri Jul 15 00:40:31 GMT 2008 /vol/dense_vol [sid: 18] Begin(schedule)
Fri Jul 15 18:58:26 GMT 2008 /vol/dense_vol [sid: 18] Error (Volume is full)
The Undo is the only other long-running event, similar to the Begin event, is terminated by either End
or Error.
Fri Jul 15 18:58:26 GMT 2008 /vol/dense_vol [sid: 19] Undo
Fri Jul 15 18:58:26 GMT 2008 /vol/dense_vol [sid: 19] End (34670 KB)
The Enable, Disable and Config events are only logged when they complete successfully.
Fri Jul 15 18:58:26 GMT 2008 /vol/dense_vol [sid: 20] Enable
Fri Jul 15 18:58:26 GMT 2008 /vol/dense_vol [sid: 20] Disable
Fri Jul 15 18:58:26 GMT 2008 /vol/dense_vol [sid: 20] Config (sun-sat@0-23)
FILES
/etc/log/sis
SIS log file for current week.
/etc/log/sis.[0-5] SIS log files for previous weeks.
SEE ALSO
na_sis(1)
sm
NAME
na_sm - network status monitor directory
SYNOPSIS
/etc/sm
DESCRIPTION
The network status monitor provides information about the status of network hosts to clients such as the
network lock manager. The network status monitor keeps its information in the /etc/sm directory.
The /etc/sm/state file contains an integer that is incremented each time the filer is booted.
The /etc/sm/monitor file contains a list of network hosts the filer is monitoring.
The /etc/sm/notify file contains a list of network hosts that made an NLM lock request to the filer. Each
time the filer reboots, it tries to notify the hosts of its new state information. You can remove this file if
you want the filer to stop notifying the hosts in this file.
BUGS
If the filer cannot resolve a host name in the /etc/sm/notify file or if a host in the /etc/sm/notify file
does not exist on the network any more, the filer logs an error message each time it tries to contact the
host. The error message is similar to the following:
[sm_recover]: get RPC port for failed
snapmirror
NAME
na_snapmirror - Log of SnapMirror Activity
SYNOPSIS
/etc/log/snapmirror
DESCRIPTION
The SnapMirror log file contains a log of SnapMirror activity for this filer. The file lives in /etc/log on
the root volume of both the source and destination filers. When the option snapmirror.log.enable is set
to on, all the SnapMirror activities will be recorded in this log file. See na_options(1) for details
regarding how to enable and disable this option. Every Sunday at 00:00, /etc/log/snapmirror is moved
to /etc/log/snapmirror.0, /etc/log/snapmirror.0 is moved to /etc/log/snapmirror.1, and so on. The
suffix can go up to 5. This process is called rotation. SnapMirror log entries are saved for a total of six
weeks.
Each entry of the /etc/log/snapmirror file is a single line consisting of space-separated fields. All log
entries begin with a type field and a timestamp field. The final field may be enclosed by parentheses, in
which case it may contain spaces. The timestamp field contains a fixed number of spaces, and as such
can be parsed as five space-delimited fields. Which fields appear, and in what order they appear in, is
determined by the type field of log entry (which is the first field).
Following is a description of each field.
type Indicate the type of the entry, which also determines the format of the rest of the entry. It can be
one of the following values:
log
log facility activity
Format: type timestamp event_info...
sys
system-wide activity
Format: type timestamp event_info...
tgt
snapvault target activity
Format: type timestamp volume target event_info...
src
source activity
destination
This is the name of the destination filer and the volume name or qtree path of the destination. The name
is specified as two colon-separated fields, same as in the source field.
This field may be ‘-’ when not applicable for the event.
event_info
This field contains the event which is being logged. Some events may have extra information in
parentheses.
Request (IP address | transfer type) A transfer request has been sent (destination) or received (source).
On source side, the IP address of the destination filer that made the request is included in parentheses.
On destination side, the transfer type is included in the parentheses.
Start The beginning of a transfer.
Start (Snapshots to check=#num, level={data|checksum}, {check|fix}, {quick|full} mode)
The beginning of a replication check or fix session. The session options are included in the parentheses.
All options appear on the destination side log but only the "snapshots to check" option appears in source
side log.
Restart (@ num KB)
The beginning of a restarted transfer.
End (num KB done)
The completion of a transfer. The total size of the transfer in KB is included in the parentheses.
End (src_only=num_1, dst_only=num_2, mismatch=num_3) The completion of a replication check or
fix session. The summary of the session is included in the parentheses. The summary is present only on
the destination side logs. Source side logs will not contain any summary information.
Abort (error msg)
A transfer is aborted. The error message is included in the parentheses.
Defer (reason)
Indicates a transfer is deferred because of a resource limitation. The reason for the deferment is included
in the parentheses.
Wait_tape
A SnapMirror tape operation is waiting for next tape.
New_tape
A SnapMirror tape operation continued the operation with the new tape.
Sync_start
The start of synchronous mirroring mode for the SnapMirror relationship specified by this log entry.
Sync_end (reason)
The end of synchronous mirroring mode for the SnapMirror relationship specified by this log entry. The
reason for dropping out of synchronous mode is included in the parentheses.
Quiesce_start
The beginning of quiesce process.
Quiesce_end
The completion of quiesce process.
Quiesce_failed (reason)
The failure of quiesce process. The reason for failure is included in the parentheses.
Rollback_start
The beginning of a rollback process for a qtree SnapMirror or SnapVault.
Rollback_end
The completion of a rollback process for a qtree SnapMirror or SnapVault.
Rollback_failed (reason)
The failure of a rollback process for a qtree SnapMirror or SnapVault. The reason for failure is included
in the parentheses.
Coalesce_start (snapshot)
The beginning of a coalesce process for a SnapVault qtree. The base snapshot for the coalesce operation
is included in the parentheses.
Coalesce_end
The completion of a coalesce process for a SnapVault qtree.
Coalesce_failed (reason)
The failure of a coalesce process for a SnapVault qtree. The reason for failure is included in the
parentheses.
Target_start
The beginning of a SnapVault target.
Target_end
The completion of a SnapVault target.
Target_failed (reason)
The failure of a SnapVault target. The reason for failure is included in the parentheses.
Start_logging
SnapMirror log was enabled.
End_logging
SnapMirror log was disabled.
SnapMirror_on (cause)
SnapMirror was enabled on this host. The operation or process that caused SnapMirror to become
enabled is specified in the parentheses.
SnapMirror_off (cause)
SnapMirror was disabled on this host. The operation or process that caused SnapMirror to become
disabled is specified in the parentheses.
SnapVault_on (cause)
SnapVault was enabled on this host. The operation or process that caused SnapVault to become enabled
is specified in the parentheses.
SnapVault_off (cause)
SnapVault was disabled on this host. The operation or process that caused SnapVault to become
disabled is specified in the parentheses.
Resume_command
User issued snapmirror resume command.
Break_command
User issued snapmirror break command.
Release_command
User issued snapmirror release command.
Abort_command
Abort_command (type)
User issued snapmirror abort command. The type will only be present if the abort was issued with
additional options which changed the type of the abort.
Resync_command (common snapshot)
User issued snapmirror resync command. The common snapshot for the resync operation is included
in the parentheses.
Restore_resync_command (common snapshot) User issued snapvault restore -r command. The
common snapshot for the resync operation is included in the parentheses.
Migrate_command
User issued snapmirror migrate command.
Request_check (snapshot_name)
A request for single snapshot during replication check session. This is source side log entry. Each
snapshot being checked in a replication check session will have its entry. Name of snapshot is included
in the parentheses.
Checking_snapshot source snapshot_name (timestamp, cpcount=num_2, snapid=id) to
dest_snapshot_name (timestamp, cpcount=count, snapid=id) The beginning of a single snapshot
comparison during replication check. It is logged on both source and destination.
Abort_check
replication check session for SnapMirror or SnapVault aborted. Reason of abort is included in the
parentheses.
Abort_check_command
User issued replication check abort command. Corresponding log file entry appears with cmd type.
Data_differ ({block blk_num in file_path | VBN vbn})
Replication check found a data block mismatch. Either the block number and the inode path or Volume
Block Number (VBN) is included in the parentheses.
Unique_in_src (entry_type for entry_path) Replication check found an entry only present in the source.
The entry type and entry path are included in the parentheses.
Unique_in_dst (entry_type for entry_path) Replication check found an entry only present in the
destination. The entry type and entry path are included in the parentheses.
Size_differ (path)
Replication check found a file size mismatch in specified inode. The inode path is included in the
parentheses.
Type_differ (path)
Replication check found a inode type mismatch. The inode path is included in the parentheses.
UID_differ (path)
Replication check found a user ID mismatch for specified inode. The inode path is included in the
parentheses.
GID_differ (path)
Replication check found a group ID mismatch for specified inode. The inode path is included in the
parentheses.
Perm_differ (path)
Replication check found a permission or dosbit mismatch for specified inode. The inode path is
included in the parentheses.
Atime_differ (path)
Replication check found a mismatch in the last access time for specified inode. The inode path is
included in the parentheses.
Mtime_differ (path)
Replication check found a mismatch in the last modification time for specified inode. The inode path is
included in the parentheses.
Ctime_differ (path)
Replication check found a mismatch in the last size/status change time for specified inode. The inode
path is included in the parentheses.
Crtime_differ (path)
Replication check found a mismatch in the creation time for specified inode. The inode path is included
in the parentheses.
Rdev_differ (path)
Replication check found a device number mismatch for specified inode. The inode path is included in
the parentheses.
DOSbits_differ (path)
Replication check found a DOS bits mismatch for specified inode. The inode path is included in the
parentheses.
ACL_differ (path)
Replication check found an NT or NFS V4 ACL mismatch for specified inode. The inode path is
included in the parentheses.
Hardlink_differ (path)
Replication check found a hardlink for specified inode, but the inode on destination doesn’t match
between the links. The inode path is included in the parentheses.
Qtree_oplock_differ (path)
Replication check found oplock setting mismatch for a qtree. The qtree path is included in the
parentheses.
Qtree_security_differ (path)
Replication check found security setting mismatch for a qtree. The qtree path is included in the
parentheses.
Hole_uses_disk_space (path)
Replication check found unnecessary disk usage for specified inode, this however is not a mismatch.
The inode path is included in the parentheses.
Convert_command
User issued snapmirror convert command.
Older_snapshot
Updating from a snapshot which is older than the current base snapshot.
Snapshot_delete (snapshot name)
A snapshot is deleted from this volume. The snapshot name is included in the parentheses.
Snapshot_replace (snapshot name)
A SnapVault snapshot has been replaced after a SIS operation with a newer snapshot of the same name.
The snapshot name is included in the parentheses.
FILER_REBOOTED
The filer is rebooted.
WORM_LOG_FAIL (reason)
Write to WORM log file failed. The reason for failure is included in the parentheses.
WORM_LOG_FAILURE_RECOVER_START
The beginning of the recovery of the failed WORM log entries.
WORM_LOG_FAILURE_RECOVER_END
The end of the recovery of the failed WORM log entries.
Softlock_add (operation)
A softlock is added. The operation that added the softlock is included in the parentheses.
Softlock_add_pending (operation)
A softlock is added as a pending softlock. The operation that added the softlock is included in the
parentheses.
Softlock_delete (operation)
A softlock is deleted. The operation that deleted the softlock is included in the parentheses.
EXAMPLES
A typical entry in /etc/log/snapmirror looks like:
dst Fri Jul 17 22:50:18 GMT filer1:srcvol filer2:dstvol Request (Update)
The above example shows an update request recorded by the destination side for a SnapMirror
relationship from filer:srcvol to filer2:dstvol that happened at the recorded time.
A typical Replication check session in /etc/log/snapmirror on destination looks like:
chk Wed Jan 19 01:07:39 GMT woolf:/vol/vol1 milton:/vol/vol1 Request (check)
chk Wed Jan 19 01:07:39 GMT woolf:/vol/vol1 milton:/vol/vol1 Start (Snapshots to check = 2, level= data, check, full)
chk Wed Jan 19 01:07:39 GMT woolf:/vol/vol1 milton:/vol/vol1 Checking_snapshot milton(0033587346)_vol1.5 (Jan 18...
chk Wed Jan 19 01:07:48 GMT woolf:/vol/vol1 milton:/vol/vol1 Checking_snapshot nightly.0 (Jan 18 00:00, cpcount =...
chk Wed Jan 19 01:07:57 GMT woolf:/vol/vol1 milton:/vol/vol1 End (src_only = 0, dst_only = 0, mismatch = 0)
FILES
/etc/log/snapmirror
SnapMirror log file for current week.
/etc/log/snapmirror.[0-5]
SnapMirror log files for previous weeks.
SEE ALSO
na_snapvault(1)
snapmirror.allow
NAME
na_snapmirror.allow - list of allowed destination filers
SYNOPSIS
/etc/snapmirror.allow
DESCRIPTION
The /etc/snapmirror.allow file provides for one of two ways for controlling SnapMirror access to a
source filer.
The snapmirror.access option is the preferred method for controlling snapmirror access on a
snapmirror source filer. See na_options(1) and na_protocolaccess (8) for information on setting the
option. If the option snapmirror.access is set to "legacy", the snapmirror.allow file defines the access
permissions.
The snapmirror.allow file exists on the source filer used for SnapMirror. It contains a list of allowed
destination filers to which you can replicate volumes or qtrees from that filer.
The file format is line-based. Each line consists of the hostname of the allowed destination filer.
The snapmirror.checkip.enable option controls how the allow check is performed. When the option is
off, which is the default, the entries in the allow file must match the hostname of the destination filer as
reported by the hostname command. When the option is on, the source filer resolves the names in the
snapmirror.allow to IP addresses and then checks for a match with the IP address of the requesting
destination filer. In this mode, literal IP addresses (e.g. 123.45.67.89) and fully qualified names (e.g.
toaster.acme.com) may be valid entries in the allow file.
Note that the allow file entry must map to the IP address of the originating network interface on the
destination filer. For example, if the request comes from the IP address of a Gbit Ethernet interface e10
which is given the name "toaster-e10", then the allow file must contain "toaster-e10" or
"toaster-e10.acme.com" so the name resolves to the correct IP address.
A local snapmirror, between two volumes or qtrees on the same filer, does not require an entry in the
allow file.
EXAMPLE
The following snapmirror.allow file on a filer allows filers named toaster and fridge to replicate
volumes or qtrees from it:
toaster
fridge
SEE ALSO
na_snapmirror.conf(5) na_protocolaccess(8)
snapmirror.conf
NAME
na_snapmirror.conf - volume and qtree replication schedules and configurations
SYNOPSIS
/etc/snapmirror.conf
DESCRIPTION
The /etc/snapmirror.conf file exists on the filer containing the mirror used for SnapMirror.
There are two types of lines in the configuration file: lines that define mirror relationships and lines that
define connections to source filers to be used in the relationship definitions. Relationship definition
lines are used to define the mirror relationships for destination volumes on this filer. Connection
definition lines are optional and are used to specify specific network connections to the source volume
and allow the specification of dual paths to the source volume.
Each relationship line of the file specifies the volume or qtree to be replicated, arguments for the
replication, and the schedule for updating the mirror. You may only have one line for each destination
volume or qtree. The maximum number of relationship entries supported is limited to 712. Any entry
after this limit is ignored.
Each relationship entry of the /etc/snapmirror.conf file is a single line containing space-separated
fields. The entry has this format:
source destination arguments schedule
If the source or destination field contains one or more space characters (on account of it including a
qtree name with space(s)), then the field must be enclosed in double quotes. If the field value itself
contains one or more double quotes, then each of these double quotes must be escaped by preceding it
with an additional double quote.
The following list describes the fields in each entry:
source This is the name of the source host, and the volume name, or the path of the qtree to be mirrored.
The name is specified as two colon-separated fields, as follows:
host:volname
host:/vol/volume/qtree
Note that the host field is not necessarily the hostname of the filer (unlike the first field of the
destination entry). You can specify a network resolvable name, IP address or connection name. The
host field can be considered a definition of how to reach the source over the network.
destination
This is the hostname (must match the result of the hostname command) of the destination filer and the
name of the destination volume or the path of the destination qtree. The name is specified as two
colon-separated fields, as follows:
name:volume
name:/vol/volume/qtree
The name field must match the hostname of the destination filer (use the hostname(1) function to check
this).
arguments
These are a comma-separated list of arguments for the transfer. To specify no arguments, enter a dash
(‘‘-’’) in this field. Each argument is specified as a key and a value pair, as follows:
key=value
Currently, there are the following argument keys:
cksum This controls which checksum algorithm is used to protect the data transmitted by SnapMirror.
Currently supported values are "none", "crc32c", and "crc32c_header_only". The value
"crc32c_header_only" has been added only for volume SnapMirror and is not supported for
synchronous SnapMirror and qtree SnapMirror.
kbs
The value for this argument specifies the maximum speed (in kilobytes per second) at which
SnapMirror data is transferred over the network. The kbs setting is used to throttle network
bandwidth consumed, disk I/O, and CPU usage. By default, the filer transfers the data as fast as it
can. The throttle value is not used while synchronously mirroring.
tries The value for this argument specifies the maximum number of attempts that the destination will
make to complete a scheduled snapmirror update. A retry will be attempted on the first minute after the
previous attempt was abandoned. Notice that retries are only attempted for retry-able errors, and that
some errors do not count as a retry. The tries setting is used to limit the number of retries, for instance
to assure that backup transfers are started within a designated backup window, or else abandoned
entirely until the next scheduled update. The syntax is "tries=N" or "tries=unlimited", where N is greater
or equal to 0, and N is less or equal to 1000000000. If this value is set to 0, the transfer is never started.
If no try count is specified, the default is "unlimited". Manually started transfers are never retried
irrespective of the the value of this argument.
restart
This controls the behavior of the SnapMirror scheduler with respect to restartability. If value is set to
always, then an interrupted transfer will always restart, if it has a restart checkpoint and the conditions
are the same as before the transfer was interrupted. If value is set to never, then an interrupted transfer
will never restart, even if it has a restart checkpoint. By default, SnapMirror behaves like the always
case, unless it has passed the next scheduled transfer time, in which case it will begin that scheduled
transfer instead of restarting.
ignore_atime
The value for this argument can be enable or disable. This option only applies to Qtree SnapMirror
relationships. When the value is enable, SnapMirror will ignore files which have only their access times
changed for incremental transfers. When the value is disable, SnapMirror will transfer metadata for all
modified files. If not specified, the default is disable.
outstanding (deprecated)
This argument controls the performance versus synchronicity trade-off for synchronous mirrors. The
value for this argument is a number followed by the suffixes: ops (operations), ms (milliseconds) or s
(seconds). Setting a value less than 10s configures the mirror to run in fully synchronous mode. Setting
a value greater than or equal to 10s configures the mirror to run in semi-synchronous mode. This
argument is ignored for asynchronous mirrors. Please note that this is a deprecated option. Use the
schedule field to specify the synchronous mode for the mirror.
wsize This sets the TCP window size to use for the connection. Due to how TCP negotiates window
sizes, the size of the receive window will initially be large and gradually work its way down to the size
specified.
visibility_interval
The value for this argument is a number optionally followed by the suffixes: s (seconds), m (minutes) or
h (hours). If a suffix is not specified, value is interpreted as seconds. This argument controls the amount
of time before an automatic snapshot is created on the source volume that is synchronously mirrored.
The value is the number of seconds between automatically created snapshots. The default value is 3
minutes. A small number here can negatively affect the performance of the mirror. This argument is
ignored for asynchronous mirrors.
schedule
This is the schedule used by the destination filer for updating the mirror. It informs the SnapMirror
scheduler when transfers will be initiated. The schedule field can contain the word sync to specify fully
synchronous mirroring, semi-sync to specify semi-synchronous mirroring, or a cron-style specification
of when to update the mirror. The cronstyle schedule contains four space-separated fields:
minute hour day-of-month day-of-week
Each field consists of one or more numbers or ranges. If a field contains more than one value, the values
are separated from each other by a comma. A field consisting solely of an asterisk (‘‘*’’) is the same as
a field enumerating all possible legal values for that field. A field consisting solely of a dash (‘‘-’’)
represents a null value; any schedule with a dash in one of its fields will never run any scheduled
transfers. Values in a field can take any of the following forms:
number
first-last
first-last/step
A value with a dash in it specifies a range; it is treated as containing all the values between first and
last, inclusive. A range value with a slash specifies skips of step size in the range. For example, the
value of the entry ‘‘0-23/4’’ would be the same as that of the entry ‘‘0,4,8,12,16,20’’.
minute Which minutes in each hour to update on. Values are from 0 to 59.
hour Which hours in the day to update on. Values are from 0 to 23.
day-of-month
Which days in the month to update on. Values are from 1 to 31.
day-of-week
Which days in the week to update on. Values are from 0 (Sunday) to 6 (Saturday).
Whenever the current time matches all the specified schedule fields, a transfer from the source to the
destination will be invoked.
The other type of line allowed in this file is a connec_tion definition line. These lines define an alternate
name for the source filer that can be used as the source host in the relationship lines. They are used to
describe more specifically the parameters for the connection(s) to the source filer. SnapMirror supports
the multi path specification for both asynchronous and synchronous mirrors.
Each connection definition is a single line giving a name to one or two pairs of IP addresses along with
a mode of operation for the connection. The lines are specified in the following format:
name = mode( source_ip_addr1 , dest_ip_addr1 ) ( source_ip_addr2 , dest_ip_addr2 )
name This is the name of the connection you would like to define. This name is to be used as the source
filer in relationship definitions.
mode The mode is optional and specifies the mode in which two IP address pairs will be used. Two
modes are allowed multiplexing and failover mode and are specified by using the multi and failover
keywords. If not specified, multiplexing mode is used.
The multiplexing mode causes snapmirror to use both paths at the same time. If one should fail, it will
switch to use the remaining path only and use both again should the failing path be repaired.
Failover mode causes snapmirror to use the first path as the desired path and only use the second path
should problems arise with the first path.
source_ip_addr1 source_ip_addr2 dest_ip_addr1 dest_ip_addr2
These are resolvable network names or IP addresses that define a path through the network between the
source and the destination. The source addresses are the IP addresses of interfaces to use on the source
and respectively for the destination. The pairing denotes a path from source to destination.
EXAMPLES
The following snapmirror.conf entry indicates that filer fridge’s qtree home, in volume vol2 will
mirror qtree home, in volume vol1 from the filer toaster. Transfer speed is set at a maximum rate of
2,000 kilobytes per second. The four asterisks mean transfers to the mirror are initiated every minute, if
possible. (If a previous transfer is in progress at the minute edge, it will continue; a new transfer will be
initiated at the first minute edge after the transfer has completed.)
toaster:/vol/vol1/home fridge:/vol/vol2/home kbs=2000 * * * *
The following snapmirror.conf entry is similar to the above example, except that it shows how qtree
names with spaces and double quotes can be specified. This entry indicates that filer fridge’s qtree x
y"z in volume vol2 will mirror qtree x y"z in volume vol1 from the filer toaster.
"toaster:/vol/vol1/x y""z" "fridge:/vol/vol2/x y""z" kbs=2000 * * * *
The following snapmirror.conf entry indicates that filer myfiler1’s volume home_mirror will mirror
volume home via the myfiler0-gig interface. (The myfiler0-gig interface is whatever IP address
myfiler1 can resolve that name to. In this case, it might be a gigabit ethernet link on filer myfiler0.) The
mirror is updated at 9:30 a.m., 1:30 p.m., and 7:30 p.m., Monday through Friday. The asterisk means
that the data replication schedule is not affected by the day of month; it is the same as entering numbers
1 through 31 (comma-separated) in that space. The dash in the arguments field indicates that both the
kbs and restart arguments are set to default.
myfiler0-gig:home myfiler1:home_mirror - 30 9,13,19 * 1,2,3,4,5
The following snapmirror.conf entry makes transfers every half hour, with the first at 8:15 a.m., and
the last at 6:45 p.m. The asterisks mean that the data replication schedule is not affected by the day of
month or week; in other words, this series of transfers are initiated every day.
filer1:build filer2:backup - 15,45 8,9,10,11,12,13,14,15,16,17,18 * *
The following snapmirror.conf entry, between the docs qtree on dev and docs_bak on icebox, is
kicked off on every Sunday, at 12:00 midnight.
dev:/vol/dept/docs icebox:/vol/backup/docs_bak - 0 0 * 0
The following snapmirror.conf entry, between the home and backup volume on icebox, is kicked off
once every halfpast the hour between 7:30 a.m. and 9:30 p.m., and once at midnight.
icebox:home icebox:backup - 30 0,7-21 * *
The following snapmirror.conf entry, between the db volumes on fridge-gig dev and icebox, is kicked
off on every five minutes, starting at 0. (Note that fridge-gig is just a network interface name. In this
case, it could be a gigabit ethernet link on fridge.)
fridge-gig:db icebox:db - 0-55/5 * * *
This can be extended to use the multiple path options and synchronous mirroring.
fridge-con = failover(fridge-gig,icebox-gig)(fridge-slow,icebox-slow)
fridge-con:db icebox:db - sync
This changes the relationship into synchronous mode and the connection specifies that we should use a
gigabit ethernet path for the mirroring where only if that connection fails, use a slower network
connection. Even if you would like to use one path from source to destination, it is a good idea to
specify a connection line in your configuration file. This can reduce problems seen with name
resolution affects on the relationship configuration line.
Personality: Default
====================
# Model Maximum #
# Transfers #
====================
| |
| FAS250 4 |
|__________________|
| |
| F810 |
| F820 |
| F825 |
| FAS920 8 |
| FAS270 |
| GF270 |
| GF825 |
|__________________|
| |
| F840 |
| F880 |
| FAS940 |
| FAS960 16 |
| GF940 |
| GF960 |
| GF980 |
|__________________|
The above platforms have the same maximum concurrent transfer limit for each transfer type.
Personality: Default
========================================================
# Model Volcopy #
# Sync SM #
# Legacy QSM QSM #
# Legacy SV Legacy VSM MP VSM SV #
# Src Src Dst Src Src #
# Dst Dst Dst #
========================================================
| FAS980 |
| FAS3020 |
| FAS3040 |
| FAS3050 16 16 16 50 64 |
| V3020 |
| V3040 |
| V3050 |
|______________________________________________________|
| |
| FAS3070 16 16 64 50 64 |
| V3070 |
|______________________________________________________|
| |
| FAS6030 24 24 24 100 96 |
| V6030 |
|______________________________________________________|
| |
| FAS6070 32 32 32 150 128 |
| V6070 |
|______________________________________________________|
Personality: Nearstore
==============================================================================
# Model Legacy QSM QSM #
# Volcopy Legacy VSM MP VSM Sync SM Legacy SV SV #
# Src Dst Src Dst Src Dst Src Src Dst Src Dst #
# Dst #
==============================================================================
| |
| R100 |
| R150 64 64 64 64 64 64 16 64 128 64 128 |
| R200 |
|____________________________________________________________________________|
| |
| FAS3020 16 16 16 16 50 100 16 16 32 80 80 |
|____________________________________________________________________________|
| |
| FAS3040 16 32 16 32 50 100 16 16 64 160 160 |
|____________________________________________________________________________|
| |
| FAS3050 16 32 16 32 50 100 16 16 64 120 120 |
|____________________________________________________________________________|
| |
| FAS3070 16 64 16 32 50 100 16 16 128 320 320 |
|____________________________________________________________________________|
| |
| FAS6030 24 48 24 48 100 200 24 24 96 512 512 |
|____________________________________________________________________________|
| |
| FAS6070 32 64 32 64 150 300 32 32 128 512 512 |
|____________________________________________________________________________|
SEE ALSO
na_snapmirror.allow(5)
stats_preset
NAME
na_stats_preset - stats preset file format
SYNOPSIS
/etc/stats/preset
DESCRIPTION
The stats utility supports preset queries, using the -p argument. A preset includes the statistics to be
gathered, and the format for display. Using presets not only saves typing when entering commands from
the CLI, it also allows greater flexibility in formatting the data than is possible on the command line.
Each preset is described in an XML file, stored in the applicance directory /etc/stats/preset. The name of
each preset file is pre_setname.xml.
print_object_names
In row output, whether or not to include object names in the output. Default: true
print_instance_names
In column output, whether or not to include instance names as a column in the output. Default: true
print_footer
After printing a set of counters print a footer string. Default: false. In multiple-count outputs the footer
is printed after each iteration.
pre_header
A header string that is printed prior to data headers. Default: none
use_regex
Allow extended regular expressions for instance and counter names. Default: false
print_zero_values
Determines whether counters with zero values should be displayed. The default setting displays all
counters, except for counters that are flagged as not-zero-printing by default. The allowed values are
default, true and false. This option only affects row output.
column_delimeter
In column output, the text to print between each column, changing the default TAB spacing.
catenate_instances
In column output, whether or not to catenate all instance counters into a long line, or to split the output
so that each instance goes on its own line. Default: false
The following example specifies a preset with column output, that displays values each second:
<?xml VERSION = "1.0" ?>
<preset orientation="column" interval="1" > ...
</preset>
Objects
The object element specifies an object that is to be used in the preset. It has attributes, as listed below,
and optional counters and instances.
The following example shows a preset using the system and volume objects:
<?xml VERSION = "1.0" ?>
<preset>
<object name="system">
...
</object>
<object name="volume">
...
</object>
</preset>
EXAMPLE
The following example shows a preset with output similar to the sysstat command. It might be invoked
as:
stats show -p sysstat -i 1
<?xml VERSION = "1.0" ?>
<!-- This preset is similar to the tradition ‘sysstat’ command, using column output -->
<preset orientation="column"
print_instance_names="false" catenate_instances="true" > <object name="system">
<counter name="cpu_busy"> <width>4</width>
<title>CPU</title>
</counter>
<counter name="nfs_ops"> <width>6</width>
<title>NFS</title>
</counter>
<counter name="cifs_ops"> <width>6</width>
<title>CIFS</title>
</counter>
<counter name="http_ops"> <width>6</width>
<title>HTTP</title>
</counter>
<counter name="net_data_recv"> <width>8</width>
<title>Net in</title> </counter>
<counter name="net_data_sent"> <width>8</width>
<title>Net out</title> </counter>
<counter name="disk_data_read"> <width>8</width>
<title>Disk read</title> </counter>
<counter name="disk_data_written"> <width>8</width>
<title>Disk write</title> </counter>
</object>
</preset>
SEE ALSO
na_stats.1
symlink.translations
NAME
na_symlink.translations - Symbolic link translations to be applied to CIFS path lookups
SYNOPSIS
/etc/symlink.translations
DESCRIPTION
When the CIFS server encounters a symbolic link (also called a "symlink," or "soft link"), it attempts to
follow the link. If the symlink target is a path that starts with a "/", the filer must interpret the rest of the
path relative to the root of the file system. On the filer, there is no way to know how NFS clients (which
must be used to create the symlinks) might have mounted filesystems, so there is no reliable way to
follow such absolute, or "rooted" symlinks. The symlink.translations file enables you to use absolute
symlinks by mapping them to CIFS-based paths.
The entries in this file are similar to the httpd.translations file. There are two formats for file entries, as
follows:
Map template result
Widelink template [@qtree] result
Any request that matches template is replaced with the result string given. Note that the result path for a
"Map" entry must point to a destination within the share to which the client is connected. This is
because the client has only been authenticated to that share; therefore access is limited to the same share
for security reasons. A result path for a "Widelink" entry may point anywhere, thus the name "wide
symlink" or widelink for short. Widelinks have these limitations-- the filer share on which the symlink
resides must be enabled for wide symlinks, the CIFS client must support Microsoft’s Dfs protocol, and
the destination must be able to function as a Dfs leaf node. By using Dfs requests, the filer causes the
client to authenticate with the destination and thus enforces security. To enable a filer share for "wide
symlinks", use the "cifs shares -change" filer console command.
Both templates and results might (and usually do) contain wildcards (a star "*" character). The wildcard
behaves like a shell wildcard in the template string, matching zero or more characters, including the
slash ("/") character. In the result string, a wildcard causes text from the corresponding match in the
template string to be inserted into the result.
The entries are examined in the order they appear in the file until a match is found or the lookup fails.
EXAMPLES
This example maps absolute symlinks that start with "/u/home" to go to the filer path "/vol/vol2/home".
Also, symlinks starting with "/u" go to "/vol/vol0". Note that you should put the more restrictive entries
first to avoid premature mapping since the matches are done in order.
#
# Example Map symlink translations
#
Map /u/home/* /vol/vol2/home/*
Map /u/* /vol/vol0/*
The next example maps absolute symlinks that start with "/u/docs/" to go to the filer path
"\\filer\engr\tech pubs". Note that widelink result paths use CIFS pathname syntax (backslashes are
separators, spaces in path components are allowed, and so on).
#
# Example Widelink symlink translation
#
Widelink /u/docs/* \\filer\engr\tech pubs\*
The next example maps absolute symlinks that start with "/u/joe". Note that depending on how NFS
mounts are set up, it is possible that there could be several absolute symlinks pointing to "/u/joe" which
need to have differing destinations. The qtree in which a symlink resides can optionally be used to
distinguish destinations. Thus, following an absolute symlink starting with "/u/joe" in qtree
/vol/vol1/mixed takes the client to "\\filer\home\joe", while symlinks in other qtrees take the client to
"\\filer\test tools\joe".
#
# Example Widelink symlink translations #
Widelink /u/joe/* @/vol/vol1/mixed \\filer\home\joe\* Widelink /u/joe/* \\filer\test tools\joe\*
Note that there is no theoretical reason why a wide symlink can’t point to another filer or indeed any NT
server, though it may be difficult to imagine the translated link making sense to the Unix client which
created the original symlink.
#
# More Widelink examples
#
Widelink /u/joe/* @/vol/vol1/mixed \\myfiler2\users2\joe\*
Widelink /u/joe/* \\joe-PC\Program Files\*
SEE ALSO
na_cifs_shares(1)
syslog.conf
NAME
na_syslog.conf - syslogd configuration file
DESCRIPTION
The syslog.conf file is the configuration file for the syslogd daemon (see na_syslogd(8)). It consists of
lines with two fields separated by tabs or spaces:
selector
action
The selector field specifies the types of messages and priorities to which the line applies. The action
field specifies the action to be taken if a message the syslogd daemon receives matches the selection
criteria.
The selector field is encoded as a facility, a period (‘‘.’’), and a level , with no intervening white-space.
Both the facility and the level are case insensitive.
The facility describes the part of the system generating the message, and is one of the following
keywords: auth, cron, daemon, kern and local7. Here’s a short description of each facility keyword:
kern
Messages generated by the filer kernel.
daemon
System daemons, such as the rshd daemon (see na_rshd(8)), the routing daemon (see
na_routed(1)), the SNMP daemon (see na_snmpd(8)), etc.
auth
The authentication system, e.g. messages logged for Telnet sessions.
cron
The system’s internal cron facility.
local7
The system’s audit logging facility. All messages coming from the audit logging facility are logged
at level debug.
The level describes the severity of the message, and is a keyword from the following ordered list (higher
to lower): emerg, alert, crit, err, warning, notice, info, and debug.
Here is a short description of each level keyword:
emerg
A panic condition that results in the disruption of normal service.
alert
A condition that should be corrected immediately, such as a failed disk.
crit
Critical conditions, such as hard disk errors.
err
Errors, such as those resulting from a bad configuration file.
warning
Warning messages.
notice
Conditions that are not error conditions, but that may require special handling.
info
Informational messages, such as the hourly uptime message (see na_uptime(1)).
debug
Debug messages used for diagnostic purposes. These messages are supressed by default.
If a received message matches the specified facility and is of the specified level (or a higher level ), the
action specified in the action field will be taken.
Multiple selectors may be specified for a single action by separating them with semicolon (‘‘;’’)
characters. It is important to note, however, that each selector can modify the ones preceding it.
Multiple facilities may be specified for a single level by separating them with comma (‘‘,’’) characters.
An asterisk (‘‘*’’) can be used to specify all facilities (except local7) or all levels .
The special level none disables a particular facility .
The action field of each line specifies the action to be taken when the selector field selects a message.
There are four forms:
A pathname (beginning with a leading slash).
Selected messages are appended to the specified file.
A hostname (preceded by an at (‘‘@’’) sign).
Selected messages are forwarded to the syslogd daemon on the named host.
/dev/console. Selected messages are written to the
console.
An asterisk. Selected messages are written to the
console.
Blank lines and lines whose first non-blank character is a pound (‘‘#’’) character are ignored.
It is recommended that all /etc/syslog.conf files include the line
*.info /etc/messages
EXAMPLES
A configuration file might appear as follows:
# Log all kernel messages, and anything of level err or
# higher to the console.
*.err;kern.* /dev/console
FILES
/etc/syslog.conf
The syslogd configuration file. /etc/syslog.conf.sample Sample syslogd configuration file.
BUGS
The effects of multiple selectors are sometimes not intuitive. For example ‘‘daemon.crit,*.err’’ will
select ‘‘daemon’’ facility messages at the level of ‘‘err’’ or higher, not at the level of ‘‘crit’’ or higher.
SEE ALSO
na_messages(5)
tape_config
NAME
tape_config - directory of tape drive configuration files
SYNOPSIS
/etc/tape_config
DESCRIPTION
The tape_config directory contains NetApp-approved tape configuration files. These files allow Data
ONTAP to recognize a tape drive and to properly set its various parameters without the tape drive
parameters being built into Data ONTAP. Only NetApp-approved tape configuration files should be
placed into the tape_config directory.
The tape_config directory of the latest release of Data ONTAP contains tape configuration files for tape
drives that are configured exclusively with tape configuration files. Other approved files may be added
to the directory by the user as tape qualifications are completed by Network Appliance and
configuration files become available.
All NetApp-approved tape configuration files may be found
at
http://now.netapp.com/NOW/download/tools/tape_config/index.shtml. To use configuration files
shown in this page -- if your version of Data ONTAP does not already support the tape drive(s) --
first verify that the configuration file is approved for your version of Data ONTAP. Then copy the
desired file(s) to the /etc/tape_config directory. The file(s) may be renamed if necessary. When an
attached tape drive is accessed, Data ONTAP detects the presence of files in the directory and
install the parameters for the tape drive.
SEE ALSO
na_cloned_tapes(5)
NOTES
External tape configuration files do not override built-in tape drive parameters. If the tape drive is
already supported by Data ONTAP, remove the corresponding tape configuration file.
If a tape drive is represented in tape_config directory, remove any reference from the /etc/cloned_tapes
file that attempts to cause the drive to use the parameters of another drive.
The command storage show tape supported displays all tape drives that are currently supported
directly within Data ONTAP. If any tape drives are connected to the system, the command will also any
show tape drives specified by tape configuration files.
treecompare
NAME
na_treecompare - Log of treecompare activities
SYNOPSIS
/etc/log/treecompare
DESCRIPTION
The treecompare log file contains a log of treecompare activities for this filer. The file lives in /etc/log
on the root volume.
Every Sunday at midnight, /etc/log/treecompare is moved to /etc/log/treecompare.0;
/etc/log/treecompare.0 is moved to /etc/log/treecompare.1; and so on. The suffix can go up to 5, so
the old /etc/log/treecompare.5 will be deleted. Treecompare activities are saved for a total of seven
weeks.
Each entry of the /etc/log/treecompare file is a single line containing the following space-separated
fields.
timestamp tree1 tree2 event_info
tree2 The name of the host2 and the full path for tree2 as shown below:
host2:tree2_path
event_info
The event which is being logged. Some events may have extra information in parentheses. The existing
event types are:
Start (cmp_level={data|checksum}, {compare|ignore} NT ACL)
The beginning of a treecompare session. The command options are included in the parentheses.
End (tree1_only=num_1, tree2_only=num_2, mismatch=num_3) The completion of a treecompare
session. The summary of the session is included in the parentheses.
Abort (error_msg)
A treecompare operation was aborted. The error message is included in the parentheses.
Data_differ (block blk_num in file_name) Found a data block mismatch. The block number and the file
name are included in the parentheses.
Unique_in_tree1 (entry_type for entry_path) Found an entry only present in the first tree. The entry
type and entry path are included in the parentheses.
Unique_in_tree2 (entry_type for entry_path) Found an entry only present in the second tree. The entry
type and entry path are included in the parentheses.
Size_differ (file_name)
Found a file size mismatch. The file name is included in the parentheses.
Type_differ (entry_name)
Found a directory entry type mismatch. The entry name is included in the parentheses.
UID_differ (entry_name)
Found a user ID mismatch for a directory entry. The entry name is included in the parentheses.
GID_differ (entry_name)
Found a group ID mismatch for a directory entry. The entry name is included in the parentheses.
Perm_differ (entry_name)
Found a permission mismatch for a directory entry. The entry name is included in the parentheses.
Atime_differ (entry_name)
Found a mismatch in the last access time for a directory entry. The entry name is included in the
parentheses.
Mtime_differ (entry_name)
Found a mismatch in the last modification time for a directory entry. The entry name is included in the
parentheses.
Ctime_differ (entry_name)
Found a mismatch in the last size/status change time for a directory entry. The entry name is included in
the parentheses.
Crtime_differ (entry_name)
Found a mismatch in the creation time for a directory entry. The entry name is included in the
parentheses.
Rdev_differ (entry_name)
Found a device number mismatch for a directory entry. The entry name is included in the parentheses.
DOSbits_differ (entry_name)
Found a DOS bits mismatch for a directory entry. The entry name is included in the parentheses.
ACL_differ (entry_name)
Found an NT ACL mismatch for a directory entry. The entry name is included in the parentheses.
Hardlink_differ (entry_name)
Found a hardlink for a directory entry, but the inode on tree2 doesn’t match between the links. The
entry name is included in the parentheses.
EXAMPLE
A typical treecompare session in /etc/log/treecompare looks like:
Tue Jun 24 00:05:20 GMT fridge:/vol/src1/.snapshot/snap1/qt1 toaster:/vol/
dst4/.snapshot/snap1/qt1 Start (cmp_level = data, compare NT ACL)
Tue Jun 24 00:05:44 GMT fridge:/vol/src1/.snapshot/snap1/qt1 toaster:/vol/
dst4/.snapshot/snap1/qt1 End (tree1_only = 0, tree2_only = 0, mismatch = 0)
This example shows a treecompare session which used comparison level data and did compare NT
ACLs. At the end of the session, the summary shows no mismatches were found.
The next example shows a log with several mismatches.
Tue Jun 24 00:07:31 GMT fridge:/vol/src1/.snapshot/snap2/qt1 toaster:/vol/
dst4/.snapshot/snap1/qt1 Start (cmp_level = checksum, ignore NT ACL)
Tue Jun 24 00:07:32 GMT fridge:/vol/src1/.snapshot/snap2/qt1 toaster:/vol/
dst4/.snapshot/snap1/qt1 Atime_differ (.)
Tue Jun 24 00:07:32 GMT fridge:/vol/src1/.snapshot/snap2/qt1 toaster:/vol/
FILES
/etc/log/treecompare
Treecompare log file for current week.
/etc/log/treecompare.[0-5] Treecompare log files for previous weeks.
SEE ALSO
usermap.cfg
NAME
na_usermap.cfg - mappings between UNIX and Windows NT accounts and users
SYNOPSIS
/etc/usermap.cfg
DESCRIPTION
The usermap.cfg file explicitly maps Windows NT users to the correct UNIX account and UNIX users
to the correct Windows NT account. Each line in /etc/usermap.cfg has the format:
[ IP-qual: ] [ NT-domain \] NTUser [ direction ] [ IP_qual: ] UnixUser
Lines are processed sequentially.
The following table describes the variables in the usermap.cfg file description.
IP-qual
An IP qualifier that the filer uses to match a user. You use an IP qualifier to narrow a match.
IP-qual can be a regular IP address, a host name, a network name, or a network name with a subnet
specified in dot notation.
NT-domain
Specifies the domain to match or the domain to use for a mapped UNIX account. The default is the
domain in which the filer is installed.
NTUser
Any user-type account name. If the name contains a space, put the name in quotation marks.
direction
Restricts the direction of the mapping. By default, mappings are bidirectional. The three valid
direction symbols are as follows: "=>" means NT to UNIX mapping only; "<=" means UNIX to
NT mapping only; "==" means bidirectional mapping (use this to explicitly indicate a bidirectional
mapping).
The usermap.cfg file format uses the following symbol conventions. An asterisk (*) matches any name.
The null string ("") matches no name and rejects any user. You can use either spaces or tabs as
separators.
Windows NT names are case-insensitive and can contain nonASCII characters within the character set
in the current code page. Windows NT user names can contain spaces, in which case you must enclose
the name in quotation marks. UNIX user names are case-sensitive and must be in ASCII.
This manpage is not encyclopedic. Please refer to online documentation and the System Administrator’s
Guide for further information.
EXAMPLES
The following usermap.cfg file ...
"Bob Garg" == bobg
mktg\Roy => nobody
engr\Tom => ""
uguest <= *
*\root => ""
maps NT user Bob Garg to UNIX user bobg and vice versa,
allows mktg\Roy to login, but only with the privileges of UNIX user nobody,
disallows login by NT user engr\Tom,
maps all other UNIX names to NT user uguest,
and disallows NT logins using the name root from all domains.
zoneinfo
NAME
na_zoneinfo - time zone information files
SYNOPSIS
/etc/zoneinfo
DESCRIPTION
The directory /etc/zoneinfo contains time zone information files used by the timezone command (see
na_timezone(1)). They are in standard Unix time zone file format as described below.
The time zone information files begin with bytes reserved for future use, followed by six four-byte
signed values, written in a "standard" byte order (the high-order byte of the value is written first). These
values are, in order:
tzh_ttisgmtcnt
The number of GMT/local indicators stored in the file.
tzh_ttisstdcnt
The number of standard/wall indicators stored in the file.
tzh_leapcnt
The number of leap seconds for which data is stored in the file.
tzh_timecnt
The number of "transition times" for which data is stored in the file.
tzh_typecnt
The number of "local time types" for which data is stored in the file (must not be zero).
tzh_charcnt
The number of characters of "time zone abbreviation strings" stored in the file.
The above header is followed by tzh_timecnt four-byte signed values, sorted in ascending order. These
values are written in "standard" byte order. Each is used as a transition time at which the rules for
computing local time change. Next come tzh_timecnt one-byte unsigned values; each one tells which
of the different types of "local time" types described in the file is associated with the same-indexed
transition time. These values serve as indices into an array of structures that appears next in the file;
these structures are written as a four-byte signed tt_gmtoff member in a standard byte order, followed
by a one-byte signed tt_isdst member and a one-byte unsigned tt_abbrind member. In each structure,
tt_gmtoff gives the number of seconds to be added to GMT, tt_isdst tells whether this time is during a
Daylight Savings Time period and tt_abbrind serves as an index into the array of time zone
abbreviation characters that follow the structure(s) in the file.
Then there are tzh_leapcnt pairs of four-byte values, written in standard byte order; the first value of
each pair gives the time at which a leap second occurs; the second gives the total number of leap
seconds to be applied after the given time. The pairs of values are sorted in ascending order by time.
Then there are tzh_ttisstdcnt standard/wall indicators, each stored as a one-byte value; they tell
whether the transition times associated with local time types were specified as standard time or wall
clock time. A local time transition specified in standard time ignores any offset due to Daylight Savings
Time. On the other hand, a time specified in wall clock time takes the prevailing value of Daylight
Savings Time in to account.
Finally there are tzh_ttisgmtcnt GMT/local indicators, each stored as a one-byte value; they tell
whether the transition times associated with local time types were specified as GMT or local time.
SEE ALSO
na_timezone(1)
autosupport
NAME
na_autosupport - notification daemon
SYNOPSIS
Data ONTAP is capable of sending automated notification to Customer Support at Network Appliance
and/or to other designated addressees in certain situations. The notification contains useful information
to help them solve or recognize problems quickly and proactively. The system can also be configured to
send a short alert notification containing only the reason for the alert to a separate list of recipients. This
notification is sent only for critical events that might require some corrective action and can be useful
for Administrators with alphanumeric pagers that can accept short email messages.
DESCRIPTION
The autosupport mechanism will use SMTP if there are any (user configured) destination email
addresses set in the autosupport.to option. If autosupport.support.enable is on then autosupports will
also be sent to Network Appliance. Autosupports sent to Network Appliance may be transmitted by
SMTP or by HTTP as specified in the autosupport.support.transport option.
If SMTP is used then the autosupport mechanism contacts a mail host that is listening on the SMTP port
(25) to send email. A list of up to 5 mailhosts can be specified by using the autosupport.mailhosts
option, and they will be accessed in the order specified until one of them answers as a mailhost. It will
then send email through the successful mailhost connection to the destination email address specified in
the autosupport.to option. Note that the autosupport.to option only allows 5 email address. To send to
more than 5 recipients, create a local alias, or distribution list, and add that as the recipient.
If autosupport.support.enable is on then a copy of the autosupport message is also sent to Network
Appliance as follows:
If autosupport.support.transport is smtp then the copy of the autosupport is emailed to the
destination specified in autosupport.support.to and the same mailhost picking algorithm is used as
above.
If autosupport.support.transport is http then a direct connection to the location specified in
autosupport.support.url is made and the autosupport is transmitted to Network Appliance via HTTP
POST.
The autosupport mechanism is triggered automatically once a week by the kernel to send information
before backing up the messages file. It can also be invoked to send the information through the options
command. Autosupport mail will also be sent on events that require corrective action from the System
Administrator. And finally, the autosupport mechanism will send notification upon system reboot from
disk.
To accommodate multiple delivery methods and destinations and to preserve time dependent values, the
outgoing autosupport messages are now spooled in /etc/log/autosupport. Autosupport processing will
attempt to deliver all (currently undelivered) messages until the autosupport.retry.count has been
reached or until subsequent autosupport messages "fill the spool" such that the oldest (undelivered)
messages are forced to be dropped. The spool size is currently 40 messages.
The subject line of the mail sent by the autosupport mechanism contains a text string to identify the
reason for the notification. The subject also contains a relative prioritization of the message, using
syslog severity levels from DEBUG to EMERGENCY (see na_syslog.conf(5)). The messages and other
information in the notification should be used to check on the problem being reported.
The setup command tries to configure autosupport as follows:
If a mailhost is specified, it adds an entry for mailhost to the /etc/hosts file.
Setup also queries for autosupport.from information.
OPTIONS
Autosupport features are manipulated through the options command (see na_options(1)). The available
options are as follows:
autosupport.cifs.verbose
If on, includes CIFS session and share information in autosupport messages. If off, those sections are
omitted. The default is off.
autosupport.content
The type of content that the autosupport notification should contain. Allowable values are complete and
minimal. The default value is complete. The minimal option allows the delivery of a "sanitized" and
smaller version of the autosupport, at the cost of reduced support from Network Appliance. Please
contact Network Appliance if you feel you need to use the minimal option. The complete option is the
traditional (and default) form of autosupport. If this option is changed from complete to minimal then
all previous and pending autosupport messages will be deleted under the assumption that complete
messages should not be transmitted.
autosupport.doit
Triggers the autosupport daemon to send an autosupport notification immediately. A text word entered
as the option is sent in the notification subject line and should be used to explain the reason for the
notification.
autosupport.enable
Enables/disables the autosupport notification features (see na_autosupport(8)). The default is on to
cause autosupport notifications to be sent. This option will override the autosupport.support.enable
option.
autosupport.from
Defines the user to be designated as the sender of the notification. The default is
[email protected]. Email replies from Network Appliance will be sent to this address.
autosupport.local.nht_data.enable
Enables/disables the NHT data autosupport to be sent to the recipients listed in the autosupport.to
option. NHT data is the binary, internal log data from each disk drive, and in general, is not parsable by
other than Network Appliance. There is no customer data in the NHT autosupport. The default for this
option is off.
autosupport.local.performance_data.enable
Enables/disables performance data autosupport to be sent to the recipients listed in autosupport.to. The
performance autosupport contains hourly samples of system performance counters, and in general is
only useful to Network Appliance. The default is off.
autosupport.mailhost
Defines the list of up to 5 mailhost names. Enter the host names as a comma-separated list with no
spaces in between. The default is an empty list.
autosupport.minimal.subject.id
Defines the type of string that is used in the identification portion of the subject line when
autosupport.content is set to minimal. Allowable values are systemid and hostname. The default is
systemid.
autosupport.noteto
Defines the list of recipients for the autosupport short note email. Up to 5 mail addresses are allowed.
Enter the addresses as a comma-separated list with no spaces in between. The default is an empty list to
disable short note emails.
autosupport.nht_data.enable
Enables/disables the generation of the Health Trigger (NHT) data autosupport. Default is off
autosupport.performance_data.enable
Enables/disables hourly sampling of system performance data, and weekly creation of a performance
data autosupport. The default is on.
autosupport.retry.count
Number of times to try resending the mail before giving up and dropping the mail. Minimum is 5;
maximum is 4294967295 ; The default is 15 .
autosupport.retry.interval
Time in minutes to delay before trying to send the autosupport again. Minimum is 30 seconds,
maximum is 1 day. Values may end with ‘s’, ‘m’ or ‘h’ to indicate seconds, minutes or hours
respectively, if no units are specified than input is
assumed to be in seconds. The default value is 4m.
autosupport.support.enable
Enables/disables the autosupport notification to Network Appliance The default is on to cause
autosupport notifications to be sent directly to Network Appliance as described by the
autosupport.support.transport option. This option is superceded (overridden) by the value of
autosupport.enable.
autosupport.support.proxy
Allows the setting of an http based proxy if autosupport.support.transport is https or http. The
default
for this option is the empty string, implying no proxy is necessary.
autosupport.support.to
This option is read only; it shows where autosupport notifications to Network Appliance are sent if
autosupport.support.transport is smtp.
autosupport.support.transport
Allows setting the type of delivery desired for autosupport notifications that are destined for Network
Appliance. Allowed values are https, http (for direct web based posting) or smtp (for traditional
email). The default value is https. Note that http and https may (depending on local network
configuration) require that the autosupport.support.proxy option be set correctly. Also smtp requires
that autosupport.mailhosts be configured correctly before autosupport delivery can be successful.
autosupport.support.url
This option is read only; it shows where autosupport notifications to Network Appliance are sent if
autosupport.support.transport is https or http.
autosupport.throttle
Enables autosupport throttling (see na_autosupport(8)). When too many autosupports are sent in too
short a time, additional messages of the same type will be dropped. Valid values for this option are on
or off. The default value for this option is on.
autosupport.to
Defines the list of recipients for the autosupport email notification. Up to 5 mail addresses are allowed.
Enter the addresses as a comma-separated list with no spaces in between. The default is an empty list.
Note that it is no longer necessary to use the standard Network Appliance autosupport email address in
this field to direct autosupport messages to Network Appliance. Please use
autosupport.support.enable instead.
autosupport.partner.to
Defines the list of recipients for the autosupport email notification that will receive all messages that are
or will be sent to the standard Network Appliance autosupport email address. Up to 5 mail addresses are
allowed. Enter the addresses as a comma-separated list with no spaces in between. To disable, clear this
list. The default is an empty list.
CONTENTS
A complete autosupport will contain the following information. Note that some sections are
configurable, and/or available depending on what features are licensed. The order given is the general
order of appearance in the autosupport message itself.
Generation date and timestamp
Software Version
System ID
Hostname
SNMP contact name (if specified)
SNMP location (if specified)
Partner System ID (if clustered)
Partner Hostname (if clustered)
WAFL_check logs
TYPES
The following types of autosupport messages, with their associated severity, can be generated
automatically. The autosupport message text is in bold, and the LOG_XXX value is the syslog severity
level. Note that text inside of square brackets ([]) is descriptive and is not static for any given
autosupport message of that type.
BATTERY_LOW!!!
LOG_ALERT
BMC_EVENT: BUS ERROR
LOG_ERR
BMC_EVENT: POST ERROR
LOG_ERR
CLUSTER DOWNREV BOOT FIRMWARE
LOG_CRIT
CLUSTER ERROR: DISK/SHELF COUNT MISMATCH LOG_EMERG
CLUSTER GIVEBACK COMPLETE
LOG_INFO
CLUSTER TAKEOVER COMPLETE AUTOMATIC
LOG_ALERT
CLUSTER TAKEOVER COMPLETE MANUAL
LOG_INFO
CLUSTER TAKEOVER FAILED
LOG_INFO
CONFIGURATION_ERROR!!!
LOG_ALERT
CPU FAN WARNING - [fan]
LOG_WARNING
DEVICE_QUALIFICATION_FAILED
LOG_CRIT
DISK CONFIGURATION ERROR
LOG_ALERT
DISK RECONSTRUCTION FAILED!!
LOG_ALERT
SYSTEM_CONFIGURATION_ERROR
LOG_ERR
UNDER_TEMPERATURE_SHUTDOWN!!!
LOG_EMERG
UNDER_TEMPERATURE_WARNING!!!
LOG_EMERG
USER_TRIGGERED ([user input from autosupport.doit]) LOG_INFO
WAFL_check!!!
LOG_ALERT
WEEKLY_LOG
LOG_INFO
[EMS event]
LOG_INFO
[fan] FAN_FAIL!!!
LOG_ALERT
[mini core]
LOG_CRIT
[power supply failure]
LOG_ALERT
[power supply] POWER_SUPPLY_DEGRADED!!!
LOG_ALERT
[shelf over temperature critical]
LOG_EMERG
CLUSTER CONSIDERATIONS
The autosupport email messages from a filer in a cluster are different from the autosupport email
messages from a standalone filer in the following ways:
The subject in the autosupport email messages from a filer in a cluster reads, ‘‘Cluster notification,’’
instead of ‘‘System notification.’’
The autosupport email messages from a filer in a cluster contains information about its partner, such as
the partner system ID and the partner host name.
In takeover mode, if you reboot the live filer, two autosupport email messages notify the email
recipients of the reboot: one is from the live filer and one is from the failed filer.
The live filer sends an autosupport email message after it finishes the takeover process.
SEE ALSO
na_hosts(5), RFC821
cifs
NAME
na_cifs - Common Internet File System (CIFS) Protocol
DESCRIPTION
The filer supports the CIFS protocol, which is documented in an Internet Engineering Task Force
(IETF) InternetDraft specification titled "A Common Internet File System (CIFS/1.0) Protocol."
CIFS is a file sharing protocol intended to provide an open cross-platform mechanism for client systems
to request file services from server systems over a network. it is based on the standard Server Message
Block (SMB) protocol widely in use by personal computers and workstations running a wide variety of
operating systems.
SEE ALSO
na_cifs_audit(1), na_cifs_help(1), na_cifs_sessions(1),
na_cifs_shares(1), na_cifs_testdc(1)
RFC 1001, RFC 1002
cli
NAME
na_cli - Data ONTAP command language interperter (CLI)
DESCRIPTION
The Data ONTAP CLI is a command language interpreter that executes commands from the Data
ONTAP console. You can access the console with a physical connection, through telnet, or through the
Remote LAN Manager (RLM). The commands can also be executed using rsh and ssh protocols.
You can concatenate commands together on the same line by separating the commands with
semi-colons, (;).
Quoting
The quoting rules in the Data ONTAP CLI are unusual. There is no escape character like the backslash;
however there are the following special characters:
& (ampersand) - unicode indicator
# (pound sign) - comment indicator
; (semicolon) - command separator
’ (single quote) - parameter wrapper
" (double quote) - parameter wrapper
(space) - parameter separator
(tab) - parameter separator
When special characters are part of a command argument, the argument needs to be surrounded by
quotes or the character will be treated as a special character. A single quote character needs to be
surrounded by double quote characters and a double quote character needs to be surrounded by single
quote characters. The other special characters can be surrounded by either single or double quotes.
EXAMPLES
The following examples show quote usage:
qtree create /vol/test_vol/’qtree 1’
The qtree qtree 1 is created.
qtree create /vol/test_vol/’qtree#1’
The qtree qtree#1 is created.
qtree create /vol/test_vol/"qtree’1"
The qtree qtree’1 is created.
qtree create /vol/test_vol/’hello"’"’"1
SEE ALSO
na_rshd(8), na_source(1),
dns
NAME
na_dns - Domain Name System
DESCRIPTION
Domain Name Service provides information about hosts on a network. This service has two parts: a
resolver which requests information and a nameserver which provides it.
Data ONTAP supports only the resolver. When the filer needs to resolve a host address, it first looks at
the /etc/nsswitch.conf (see na_nsswitch.conf(5)) file to get the order in which various name services are
to be consulted. If the name services before DNS fail in their lookup and DNS is enabled, then the DNS
name server is contacted for address resolution.
DNS can be enabled on the filer by running the setup command (see na_setup(1)) or by manually
editing the configuration files as described below. If DNS is enabled by running the setup command,
then the DNS domain name needs to be entered.
Enabling DNS without the setup command:
1. Create the /etc/resolv.conf file (see na_resolv.conf(5)) with up to 3 nameservers. Each line contains
the keyword nameserver followed by the IP address of the server. For example:
nameserver 192.9.200.1
nameserver 192.9.201.1
nameserver 192.9.202.1
2. Edit the /etc/rc file (see na_rc(5)) to make sure that the option specifying the DNS domain name is
set and the option to enable DNS is on. For example:
options dns.domainname mycompany.com
options dns.enable on
3. Reboot the filer for these changes to take effect. If the above options commands are also entered from
the console, the reboot can be avoided.
Enabling DNS with the setup command:
At setup time, one can choose to enable DNS when prompted to do so. setup then queries for the
Internet addresses of up to three DNS nameservers.
VFILER CONSIDERATIONS
When run from a vfiler context, (e.g. via the vfiler run command), dns displays DNS information about
the concerned vfiler.
SEE ALSO
na_resolv.conf(5), RFC1034, RFC1035
http
NAME
na_http - HyperText Transfer Protocol
DESCRIPTION
The filer supports the HTTP/1.0 protocol, which is documented in the Internet Engineering Task Force
(IETF) RFC 1945 titled "HyperText Transfer Protocol --HTTP/1.0."
HTTP is the primary Internet protocol used for transferring documents on the World Wide Web. It is a
simple ASCII text request/response protocol. An HTTP request consists of a method, a target Web
address or URL (Uniform Resource Locator), a protocol version identifier, and a set of headers. The
method specifies the type of operation. For example, the GET method is used to retrieve a document.
The POST method is used to submit a form. Headers contain additional information to the request in
the form of simple name-value pairs. The HTTP header section is similar to Multipurpose Internet Mail
Extensions (MIME).
The GET method is the most commonly used HTTP method. GET is used to retrieve a single resource,
for example, an HTML document, image file, or other type of object, or part of it. By appending an
If-modified-since header to the GET request, the document is retrieved conditionally, based on whether
it has been modified since the date specified in the header.
An HTTP response consists of a protocol version identifier, a status code, a text response status line,
response headers, and the contents of the requested document.
Access for http can be restricted by the options httpd.access command. Please see
na_protocolaccess(8) for details.
EXAMPLES
The following is an example of use of the GET method:
GET http://www.somesite.com/ HTTP/1.0
If-modified-since: Fri, 31 Dec 1999 15:45:12 GMT
SEE ALSO
na_httpd.hostprefixes(5),
na_httpd.mimetypes(5), na_httpstat(1), na_protocolaccess(8)
nfs
NAME
na_nfs - Network File System (NFS) Protocol
DESCRIPTION
The filer supports versions 2, 3, and 4 of the NFS protocol, which are documented in RFC’s 1094,
1813, and 3530 respectively.
NFS is a widely used file sharing protocol supported on a broad range of platforms. The protocol is
designed to be stateless, allowing easy recovery in the event of server failure. Associated with the NFS
protocol are two ancillary protocols, the MOUNT protocol and the NLM protocol. The MOUNT
protocol provides a means of translating an initial pathname on a server to an NFS filehandle which
provides the initial reference for subsequent NFS protocol opertions. The NLM protocol provides file
locking services, which are stateful by nature, outside of the stateless NFS protocol.
NFS is supported on both TCP and UDP transports. Support for TCP and UDP is enabled by default.
Either one can be disabled by setting the nfs.tcp.enable or nfs.udp.enable options using the options
command.
SEE ALSO
na_nfsstat(1), na_exports(5),
nis
NAME
na_nis - NIS client service
DESCRIPTION
The NIS client service provides information about hosts, user passwords, user groups and netgroups on
a network. In NIS terminology, each of the above is referred to as the map and the specific information
being looked up is called the key. For example, the hosts map is like the /etc/hosts file; it provides a
translation from host names to IP addresses. The NIS service typically has two parts: a client component
which requests information and a name server which provides it.
Data ONTAP supports only the NIS client. When the filer needs to resolve a key in a given map, it
looks at the /etc/nsswitch.conf (see na_nsswitch.conf(5)) file to figure out the order in which the
various databases should be consulted. For example, in case of the hosts map the lookup order may be
file, nis, dns. This means that the filer will first consult the /etc/hosts file. If the host name is not found
in the local file, it will then try the NIS service. If the host name is still not found, then it will attempt a
DNS lookup.
The NIS client can be enabled on the filer by running the setup command (see na_setup(1)) or by
manually editing the configuration files as described below. If NIS is enabled by running the setup
command, then the NIS domain name needs to be entered.
Enabling NIS without the setup command:
1. Edit the /etc/rc file (see na_rc(5)) to make sure that the option specifying the NIS domain name is set
and the option to enable NIS is on. For example:
options nis.domainname mycompany.com
options nis.enable on
2. Reboot the filer for these changes to take effect. If the above options commands are also entered from
the console, the reboot can be avoided. If the options are entered via the console only, they are not
saved across a reboot.
Enabling NIS with the setup command:
At setup time, one can choose to enable NIS when prompted to do so. setup then queries for the NIS
domain name.
SEE ALSO
na_nsswitch.conf(5).
pcnfsd
NAME
na_pcnfsd - (PC)NFS authentication request server
DESCRIPTION
pcnfsd provides a personal computer NFS client with the authentication services. This release supports
versions 1 and 2 of the PCNFSD protocol.
When pcnfsd receives an authentication request, it will register the user by validating the user name and
password and returning the corresponding UID and primary GID pair, and the secondary group set for
PCNFSD version 2.
It will look up the user in the /etc/shadow file, or the passwd.adjunct NIS map, if present, to find the
user’s password. It will look up the user in the /etc/passwd file, or the passwd.byname NIS map, to
find the user’s UID and primary GID, and to find the user’s password if there is no /etc/shadow file or
passwd.adjunct NIS map.
For a PCNFSD version 2 request, it will scan the /etc/group file, or the group.byname NIS map, to
find all the groups of which the user is a member. It will look up the user in the auto.home NIS map, if
NIS is enabled, to find the user’s home directory; if NIS is not enabled, no home directory will be
returned.
FILES
/etc/passwd
This file should be in the format used on many flavors of UNIX (SunOS 4.x and later, 4.4BSD,
System V Release 4 and later, and others).
/etc/group
This file should be in the format used on many flavors of UNIX (SunOS 4.x and later, 4.4BSD,
System V Release 4 and later, and others).
/etc/shadow
This file should be in the format used on many flavors of UNIX (SunOS 5.x and later, System V
Release 4 and later, and others).
SEE ALSO
na_nis(8)
BUGS
When the call fails, pcnfsd doesn’t fake by setting the UID and the GID to acceptable values.
Passwords that have been encrypted using Kerberos are not supported.
protocolaccess
NAME
na_protocolaccess - Describes protocol access control
DESCRIPTION
Protocol access control defines a method to restrict access to the filer on a protocol-by-protocol basis.
For example, the command options rsh.access host=admin restricts access to rsh to a host named
admin. Access can be restricted by host name, IP address, and/or network interface name.
USAGE
The syntax is as follows:
options protocol.access access_spec [ AND | OR [ ( ] access_spec [ ) ] ... ]
protocol is currently one of the following: rsh, telnet, ssh, httpd, httpd.admin, snmp, ndmpd, snapmirror,
or snapvault.
access_spec is composed of keywords and their values. Currently the following keywords and values
are defined:
host [=|!=] host spec
netgroup [=|!=] netgroup spec
if [=|!=] network interface spec all
none
legacy
*
host spec is a comma separated list consisting of either a host name, an IP address, or an IP address with
a netmask. Valid host name is a string and cannot contain the following characters: "=", "(", ")", "!",
"*", and "," . IP address can be either an IPv4 address or IPv6 address An IPv4 address is of the format
aa.bb.cc.dd . If the IP address contains a netmask, then the format is: aa.bb.cc.dd/mm where mm
represents the number of bits from the left. An IPv6 address is of the format
aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh . If the IPv6 address contains a prefixlen, then the format is:
aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh/mm where mm represents the number of bits from the left.
network interface spec is a comma separated list of one or more network interface names. Valid
network interface names can be obtained from the ifconfig -a command.
netgroup spec is a comma separated list consisting of names of one or more netgroups(group of hosts).
The access specs may be and’ed and or’ed by the keywords AND and OR respectively. The keywords
AND and OR are not case-sensitive.
Operational precedence is from left to right. Parentheses may be used to force operational order.
The keyword all is used to allow access to all. The keyword none is used to allow access to none. The
legacy keyword is used to specify previous behavior. For example, the legacy behavior of telnet is to
use trusted.hosts, while the legacy behavior of rsh is to allow all.
The access spec can be a "*" which matches all. This is the same as the all keyword. If the access spec
is a "-", then all access is denied. This is the same as the none keyword.
The difference between setting the host value to an IP address or a host name becomes apparent when
the matching occurs. IP addresses are matched before the connection is made. If access is denied, the
connection is not made and the client times out. Therefore, specifiyng the IP address lessens the impact
of denial of service attacks. Host names are matched after the connection is made, and therefore the
client is informed that access is denied.
If httpd.admin.access is not set to legacy, then trusted.hosts is ignored for httpd.admin. If
telnet.access is not set to legacy, then trusted.hosts is ignored for telnet. If snapmirror.access is not
set to legacy, then the /etc/snapmirror.allow file is ignored for snapmirror destination checking.
EXAMPLES
Here are some protocol access control examples:
Allow an NDMP server to accept control connection request from any client.
options ndmpd.access legacy
Allow remote shell access for only one host named gnesha.zo.
options rsh.access "host = gnesha.zo"
Allow access for Telnet subnet 10.42.69.
options telnet.access host=10.42.69.1/24
Allow access for Telnet to all hosts with prefix matching 3FFE:81D0:107:2082
options telnet.access host=3FFE:81D0:107:2082::1/64
Allow ssh access for hosts abc and xyz when on network interface e0.
options ssh.access "host=abc,xyz AND if=e0"
Allow access to SNMP for network interfaces e0, e1, and e2.
options snmp.access if=e0,e1,e2
Do not allow access to HTTPD for network interface e3.
options httpd.access "if != e3"
Allow access to administrative HTTPD from for two hosts.
SEE ALSO
na_snmpd(8), na_netgroup(5)
rmt
NAME
na_rmt - remote magtape protocol module
SYNOPSIS
/etc/rmt
DESCRIPTION
/etc/rmt is a special command that can be used by remote computers to manipulate a magnetic tape
drive over a network connection; for example, the UNIX dump and restore commands often can either
use /etc/rmt to access a remote tape, or have rdump and rrestore variants that can do so. /etc/rmt is
normally run by the rshd daemon (see na_rshd(8)) as a result of a remote machine making a request to
rshd to do so.
The /etc/rmt command accepts requests specific to the manipulation of magnetic tapes, performs the
commands, then responds with a status indication. This protocol is provided by rmt commands on
many UNIX systems, although UNIX systems may support more commands and may give more
different error codes.
All responses are in ASCII and in one of two forms. Successful commands have responses of:
Anumber\n
number is an ASCII representation of a decimal number. Unsuccessful commands are responded to
with:
Eerror-number\nerror-message\n
error-number is one of:
2 (ENOENT)
The tape device specified in an open request did not have a valid syntax.
6 (ENXIO)
The tape device specified in an open request does not exist.
5 (EIO)
An I/O error occurred when performing the request.
25 (ENOTTY)
An invalid tape operation was specified in a ‘‘perform special tape operation’’ request.
error-message is a (UNIX-style) error string for the error specified by error-number.
The protocol is comprised of the following commands, which are sent as indicated - no spaces are
supplied between the command and its arguments, or between its arguments, and \n indicates that a
newline should be supplied:
Odevice\nmode\n
Open the specified device using the indicated mode. device is a tape name of the form described in
na_tape(4) and mode is an ASCII representation of a decimal number specifying how the tape is to be
opened:
0
read-only
1
write-only
2
read-write
If a device had already been opened, it is closed before a new open is performed.
Cdevice\n
Close the currently open device. The device specified is ignored.
Lwhence\noffset\n
Performs no operation, and returns the value of offset; UNIX-style lseek operations are ignored on
NetApp filer tape devices, just as they are on tape devices on many UNIX systems.
Wcount\n
Write data onto the open device. If count exceeds the maximum data buffer size (64 kilobytes), it is
truncated to that size. /etc/rmt then reads count bytes from the connection, aborting if a premature
end-offile is encountered. The response value is the number of bytes written if the write succeeds, or -1
if the write fails.
Rcount\n
Read count bytes of data from the open device. If count exceeds the maximum data buffer size (64
kilobytes), it is truncated to that size. /etc/rmt then attempts to read count bytes from the tape and
responds with Acount-read\n if the read was successful; otherwise an error in the standard format is
returned. If the read was successful, the data read is then sent.
Ioperation\ncount\n
Perform a special tape operation on the open device using the specified parameters. The parameters are
interpreted as ASCII representations of the decimal values. operation is one of:
0
write end-of-file marker
1
forward space count files
2
backward space count files
3
forward space count tape blocks
4
backward space count tape blocks
5
rewind the tape
6
rewind and unload the tape
The return value is the count parameter when the operation is successful.
Any other command causes /etc/rmt to close the connection.
DIAGNOSTICS
All responses are of the form described above.
SEE ALSO
na_rshd(8)
rquotad
NAME
na_rquotad - remote quota server
DESCRIPTION
The filer supports the remote quota service that allows NFS clients to determine their quota allocation
on the server.
SEE ALSO
na_quota(1)
BUGS
The rquota protocol doesn’t support group or tree quotas.
rshd
NAME
na_rshd - remote shell daemon
DESCRIPTION
The filer has UNIX-compatible remote shell capability that enables you to execute certain filer
commands from a UNIX command line or shell script. It also enables you to use a remote shell
application on a PC to run filer commands.
The value of rsh.access controls access to the filer, and is set by options rsh.access. See
na_protocolaccess(8) for more details. This value is checked prior to the authentication mechanisms
discussed below.
The /etc/hosts.equiv file controls authentication to the filer remote shell. The hosts and users (on those
hosts) listed in the /etc/hosts.equiv file are automatically authenticated. This means that the filer
accepts remote shell commands via rsh from these hosts and users.
An alternative authentication mechanism for rshd is to have the client use rsh with a -l option that
specifies the admin_name and password in the form of -l admin_name:password. Both the admin_name
and password are created with the filer’s useradmin command.
EXAMPLE
The following example shows how to run the version command from a trusted host named adminhost
through a remote shell:
adminhost% rsh -l root toaster version
The following example shows how to run the sysconfig -r command with a password rpass42 from an
untrusted host named ahost through a remote shell:
ahost% rsh -l root:rpass42 toaster sysconfig -r
To see a list of filer commands that can be executed, enter:
adminhost% rsh -l root toaster "?"
SEE ALSO
na_protocolaccess(8)
snmpd
NAME
na_snmpd - snmp agent daemon
DESCRIPTION
The filer supports an SNMP version 1 (RFC 1157) compatible agent that provides support for both the
MIB-II (RFC 1213) management information base for TCP/IP based internets as well as a Data ONTAP
Custom MIB.
A number of user configurable options for the SNMP agent can be set and queried from the console
using the snmp command (see na_snmp(1)).
Due to weak authentication in SNMP version 1, SetRequest commands that allow the remote setting of
configuration variables have been disabled.
Access for snmp can be restricted by the options snmp.access command. Please see
na_protocolaccess(8) for details.
MIB-II
Under MIB-II, information is accessible for the system, interfaces, at, ip, icmp, tcp, udp and snmp
MIBII groups. The transmission and egp groups are not supported.
The coldStart, linkDown, linkUp and authenticationFailure traps are implemented. Traps are
configured using the snmp command.
DATA ONTAP CUSTOM MIB
The Data ONTAP Custom MIB provides a means to obtain detailed information about many aspects of
filer operation via SNMP. The Custom MIB can be obtained from Network Appliance’s FTP site at
ftp://ftp.netapp.com/pub/netapp/mib/netapp.mib, or by requesting the MIB on a floppy disk from
Network Appliance Technical Support.
The following is a summary of the top-level groups in the Custom MIB and the information they
contain:
product
Product-level information such as the software version string and system ID.
sysStat
System-level statistics such as CPU uptime, idle time and aggregate kilobytes received and transmitted
on all network interfaces.
nfs
Statistics like those displayed by the nfsstat command (see na_nfsstat(1)), including statistics for each
client if per-client NFS statistics have been enabled using the nfs.per_client_stats.enable option (see
na_options(1)). The per-client NFS statistics are indexed by client IP addresses.
quota
Information related to disk quotas, including the output of the quota report command (see na_quota(1)).
To access quota information, quotas must be turned on.
filesys
Information related to the file system, including the equivalent of the maxfiles and df commands, and
some of the information from the snap list command (see na_maxfiles(1), na_snap(1)).
raid
Information on RAID equivalent to the output of the sysconfig -r command (see na_sysconfig(1)).
CLUSTER CONSIDERATIONS
In takeover mode, SNMP agents can continue to access the MIBs on both filers in a cluster. However,
the counters reported by SNMP are combined counters from both filers. For example, in takeover mode,
the SNMP agent can report the number of packets sent or received by both filers, but you cannot
determine from the number how many packets are sent or received on each filer.
You can have an application on the network management station set an alarm when a filer has been
taken over. The SNMP variable to check is the netapp.netapp1.sysStat.cf.cfSettings variable. If this
variable is set to thisNodeDead, the filer has been taken over.
SEE ALSO
na_options(1), na_snmp(1), na_protocolaccess(8)
syslogd
NAME
na_syslogd - log system messages
DESCRIPTION
The syslogd daemon logs system messages to the console, log files and other remote systems as
specified by its configuration file, /etc/syslog.conf. The syslogd daemon reads its configuration file
when it starts up during the boot procedure, or within 30 seconds after the /etc/syslog.conf file is
modified. For information on the format of the configuration file, see na_syslog.conf(5).
If /etc/syslog.conf does not exist the syslogd daemon will output all log messages of priority info or
higher to the console and to the file /etc/messages. To prevent /etc/messages from getting too large, the
syslogd daemon will rotate the contents of /etc/messages through the files /etc/messages.0 through
/etc/messages.5. This rotation is done once a week. So the log messages of the current week will be
saved in the file /etc/messages and the message logs of the six weeks prior to that are saved in the files
/etc/messages.0 through /etc/messages.5.
To prevent large numbers of repeated messages being logged, the syslogd daemon will follow the first
instance of a repeated message with the number of times the message was repeated. If a message is
repeated over a long time period, the syslogd daemon will wait for increasingly longer intervals before
logging the number of repeats. The repeat notification interval starts at 30 seconds and moves quickly to
20 minutes.
FILES
/etc/syslog.conf
The configuration file. /etc/syslog.conf.sample A sample configuration file.
/etc/messages
Message log file for current week.
/etc/messages.[0-5]
Message log for prior weeks.
CLUSTER CONSIDERATIONS
In takeover mode, the failed filer logs syslog messages to its own /etc/messages file and to the
/etc/messages file on the live filer. The live filer logs its syslog messages only to its own /etc/messages
file.
Because the /etc/messages file on the live filer contains syslog messages from two filers, the filer uses
filer names in the syslog messages to indicate the filer from which the syslog message originated.
For example, if toaster1 takes over toaster2, a message from toaster2 is logged to the /etc/messages
file on toaster1, and the message can be similar to the following:
Wed May 6 18:57:52 GMT [toaster2/toaster1]: raid_disk_admin]: Volume vol7 has been added to the system.
If the name of the failed filer is unknown, the string ‘‘partner’’ is printed instead of a filer name.
SEE ALSO
na_syslog.conf(5)