Friday, February 14, 2014

De-Mystifying Obscure NetApp Warnings

SAN volume with a non-UNIX security style:  "The recommendation has to do with avoid auditing that is usually performed by ONTAP on files (NAS) which could add unneeded IOPS to the system." 

Security style means the method the filer uses to determine whether a user has access to a file.

The user’s UID and GID, and the UNIX-style permission bits of the file or directory determine user access. The filer uses the same method for determining access for both NFS and CIFS requests. If you change the security style of a qtree or a volume from ntfs to unix, the filer disregards the Windows NT permissions that were established when the qtree or volume used the ntfs security style.
For CIFS requests, Windows NT permissions determine user access. For NFS requests, the filer generates and stores a set of UNIX-style permission bits that are at least as restrictive as the Windows NT permissions. The filer grants NFS access only if the UNIX-style permission bits allow the user access. If you change the security style of a qtree or a volume from unix to ntfs, files created before the change do not have Windows NT permissions. For these files, the filer uses only the UNIX-style permission bits to determine access.
Some files in the qtree or volume have the unix security style, and some have the ntfs security style. A file’s security style depends on whether the permission was last set from CIFS or NFS. For example, if a file currently uses the unix security style and a CIFS user sends a setACL request to the file, the file’s security style is changed to ntfs. If a file currently uses the ntfs style and an NFS user sends a setpermission request to the file, the file’s security style is changed to unix.

Volume option create_ucode set to off: "A non-unicode directory will be converted to Unicode the first time it is touched by any protocol that requires Unicode directories. It is recommended that create_ucode is set on every volume (NAS and SAN) as converting large directories can delay a takeover operation for longer than the takeover time limit"

"Setting this option to on forces UNICODE format directories to be created by default, both from NFS and CIFS.  By default, it is set to off, in which case, all directories are created in pre-4.0 format, and this first CIFS access will convert it to UNICODE format."

Volume option fs_size_fixed is set to on for a non-mirrored volume - the source side locks the volume size to prevent the source becoming larger than the destination.  If this is on for non replicated volumes, this can result in a full volume by preventing auto grow.    Related: “You can increase the size of the source volume for a FlexVol volume. After you increase the size of a source volume and perform a SnapMirror transfer, the size of the destination volume is automatically increased to the same size as that of the source volume, provided the destination aggregate has sufficient space to contain the resized volume.”

Exposure to bug 488909 - Xcopy memory corruption: XCOPY is a vmware VAAI feature that lets the storage system do the copying rather than a host reading and then writing a bunch of data.  We have a bug associated with this, so they need to upgrade ontap.

No comments:

Post a Comment