4.3 User Interface
4.3.2 Synchronization Screen
4.3.2.2 Total Section of Synchronization
From the Synchronization tab screen, select Total to navigate to the Total view.
The Total section displays current snapshot of messages going through this node.
Parameters and descriptions are listed in Table 5.
Table 5 Total Section Parameters
Parameter Description
Ready Number of messages ready for delivery
Unacknowledged Number of messages waiting for confirmation from remote nodes.
Total Total number of messages on this node: Ready + Unacknowledged.
Message rate Total rates for all queues 4.3.3 Services Screen
The Services tab screen (Figure 61) is a dashboard displaying the status of WOS Access Services. Each section has an icon; place the cursor on this icon to see a tool tip displaying current service status.
Figure 61 WOS Access Service tab screen
4.3.3.1 WOS Access
Table 6 lists the WOS Access Status parameters for NFS and CIFS services.
Table 6 WOS Access Status Parameters
Parameter Description
IP Address Displays the IP address of this WOS Access Node. This IP can be used to access it; however it will not guarantee relocation services provided by Relocation. Use the virtual IP address displayed in Services-Relocation section for fail safe WOS Access cluster use.
NFS Service Displays status of NFS service.
CIFS Service Displays status of CIFS service.
WOS IP Web Object Scaler cluster’s IP.
WOS Policy WOS policy name to be used for file objects stored via WOS Access.
Export List Displays a list of export points: protocols, export point names and local folder name that are exported.
4.3.3.2 Synchronization
Table 7 Synchronization Parameters
Parameter Description
Node Name Node name is shown in brackets after Service Status title.
Sending Service Status This service is responsible for sending locally produced changes to other nodes.
Receiving Service Status This service is responsible for receiving and processing changes produced by other nodes in cluster.
Sync Port Port that is used by synchronization process to communicate between WOS Access nodes.
WOS Policy WOS policy name that is used to store and retrieve synchronization messages.
List of member servers List of Member Servers shows a list of nodes in the synchronization cluster and their statuses. Queue size displays number of messages in each node’s incoming and outgoing queue.
4.3.3.3 Services-Relocation
Table 8 represents parameters displayed inside the High-Availability section.
Table 8 Services-Relocation Parameters
Parameter Description
Virtual IP The IP address that gets relocated between nodes in a Services-Relocation pair in the event of certain failures. When the IP address is relocated, applications that were performing I/O will need to restart their sessions, and CIFS clients may need to remap the export points.
Service Status Shows service statuses for all controlled services (IP Address, Metadata Database, and NFS service). The status can be either Running, Stopped, or Unknown.
List of Failover Servers Shows a list of nodes in the Services Relocation cluster and their statuses. The possible status values are Running, Stopped, or Idle.
The active node is indicated by ‘Active’ and the standby node in indicated by “Passive.’ The active node is the one that is currently serving requests from the WOS Access clients.
4.3.3.4 Backup
The Backup section shows information about the status of the metadata database backup service and information regarding the last few backup executions. Table 9 displays this backup information.
Table 9 Backup Parameters
Parameter Description
Backup Schedule Displays scheduled backups Last 5 backup results Information shown includes:
• Backup date and time
• Backup file size
• Type of backup file: full
• Status of performed backup operation.
Full backup Information about when the last full backup was executed
successfully is displayed just below last five backup results table in case there are no successful full backups shown among those five results.
4.3.4 Configuration Screen
Access the Configuration tab screen (Figure 62) to modify WOS Access Services parameters.
NOTE: Any changes made to these service parameters, once saved, are not applied automatically. You must restart the Service for these changes to take effect.
NOTE: Parameters with edit links are password protected. To enable editing, enter the UI login password.
Figure 62 Configuration tab screen
4.3.4.1 Export List
The Export List section of the Configuration screen (Figure 63) displays the list of exports
Table 10 Export List Parameters
UI option Responsible Variable Description
Name EXPORT:Tag Export point name. This name is
used when mounting the share on the client.
File System Path EXPORT:Path WOS Access file path associated with export point. This is path relative to /mnt.
NFS Export Point Settings
Access Type EXPORT:Access_Type Used to limit what clients can do with information available via an export point:
• Read Only Mode. File system is read-only (for data and metadata);
• Read/Write Mode. All read/write operations are allowed on file system;
• Metadata Only (Read/Write) Mode. Read and write data operations are forbidden.
However, all metadata operations are allowed (mkdir, create, remove);
• Metadata Only (Read Only).
File system is read-only for metadata. Both Data Write and Data Read operations are forbidden.
Client Access EXPORT:
CLIENT {Clients = ... ; Squash=Root}
Provides access to a list of nodes, networks, and groups.
UNIX authentication and authorization applies.
The hostname may be defined as a valid IPv4 address or fully qualified network name, and may contain wildcards (*?).
Root Access EXPORT:
CLIENT {Clients = ... ; Squash=None}
Grants access to the local root account’s file system to a specific list of nodes, networks, and groups.
The hostname may be defined as a valid IPv4 address or fully qualified network name, and may contain wildcards (*?).
Table 11 CIFS Export List Parameters
UI option Responsible Variable Description
Access Type Not applicable Used to create an export point where all read/write or read-only operations are permitted.
Access Permissions
Not applicable Used to enable Access Based
Enumeration: defining new permissions for a user (Set new permissions), removing access list (Remove Access list), or leave the access list unchanged.
Access Based Enumeration is set on a per-share basis and, when enabled, displays only those files and folders to which a user has at least read-level permissions.
This feature is disabled by default. To enable Access Based Enumeration, use the CIFS configuration section of the WOS Access Web GUI. The actual permissions settings on the files and folder is performed from a Windows Client when mounting the WOS Access CIFS share.
Username Not applicable Used to specify a list of users for the “Allowed” or “Denied” lists.
These commands can be used to check user accounts known to CIFS server, run the command:
/opt/ddn/nas/bin/lw-lsa find-objects Administrator@FQDN.
Where FQDN is a fully qualified domain name of CIFS server (if you would like to check local administrator account) or domain controller (if you would like to check account for domain administrator). Active Directory users will only be available after the CIFS server has joined the domain.
This command returns the full list of users known to CIFS server:
/opt/ddn/nas/bin/lw-lsa enum-objects
4.3.4.2 NFS
Table 12 lists the configurable parameters in the NFS section.
Table 12 NFS Parameters
UI option wosnas.nfsd.conf variable Description Number of
Workers NFS_Core_Param:Nb_Worker Defines the number of worker threads which are responsible for data transfer between the file staging area in an NFS and WOS Cluster. In general, a higher number of threads may give you better data throughput. However, it depends on multiple factors such as:
• Client and WOS Access server performance;
• Number of active client connections. Twenty two worker threads is the recommended value.
4.3.4.3 CIFS
Table 13 specifies the parameters in the CIFS section.
Table 13 CIFS Parameters
UI option env.conf variable Description
Active
Directory _ Allows joining a specified domain. See
Active Directory Configuration for details.
Staging
Limit CACHE_SIZE Limits the amount of data, specified in
megabytes or as a % of total disk space on the node, that will be used when staging files for modification or when the WOS cluster is inaccessible.
To use all available disk space, specify
“-1” for this value.
Data integrity Check
DATA_INTEGRITY_ENABLED Allows turning on MD5 sum
calculation on write operations so that data can be validated on read
operation.
Enabling this option will affect both read and write operations.
4.3.4.4 Active Directory Configuration
Use the Active Directory wizard to specify the parameters necessary to join the specified domain allowing available users to access the node. Table 14 describes configuration process.
Table 14 Join Active Directory Wizard
Steps UI option Description
1 Domain Fully qualified domain name that WOS Access node needs to join.
IP Address IP address for DNS server that should be used to resolve name provided in “Domain” parameter.
2 Administrator
Username Domain user with enough permission to add new servers into domain.
Password Password for specified user.
Synchronize
time This parameter allows synchronizing time on a WOS Access node prior to joining a domain to prevent possible user authentication issue due to tokens, which might be treated as expired based on current time.
3 Confirmation
Message Message with successful/unsuccessful information.
Figure 63 Join AD Step 1
Figure 64 Join AD Step 2
Figure 65 Confirmation message
4.3.4.5 WOS
Table 15 lists the parameters and descriptions for the WOS section.
Select the Configure button to access the WOS Cluster UI screen.
Table 15 WOS Parameters
UI option wosnas.nfsd.conf variable Description WOS IP OVFS_WOS:OVFS_WOS_CLUSTER Web Object Scaler Cluster
address
WOS Policy OVFS_WOS:OVFS_WOS_POLICY Web Object Scaler Policy name that needs to be used for file storage
WOS User OVFS_WOS:OVFS_WOS_USER Username to access Web
Object Scaler cluster WOS Password OVFS_WOS:OVFS_WOS_PASSWORD Password to access Web
Object Scaler cluster
4.3.4.6 Services-Relocation
Table 16 lists the Service Relocation Service parameters.
Table 16 SR Service Parameters
UI option cluster.conf variable Description
Supported Services SUPPORT_SERVICES
Specifies the NAS services that will be monitored for failover.
Should be “nfs”, “cifs” or
“nfs,cifs”.
Local Heartbeat
Interface #1 AIS_NETADDR
Network interface to be used by Corosync for unicast transmission for local host.
Only IPv4 is supported.
Local Heartbeat
Interface #2 AIS_NETADDR_RESERVE
Secondary network interface to be used by Corosync for unicast transmission for local host. Only IPv4 is supported.
UI option cluster.conf variable Description This is optional.
Remote Node PRIMARY_NODENAME or
SECONDARY_NODENAME
The hostname of the remote node in the SR pair. Whether this node is primary or secondary depends upon the setting of the “Primary Node”
option.
Remote Heartbeat
Interface #1 AIS_REMOTE_NETADDR
Network interface to be used by Corosync for unicast transmission for remote host.
Only IPv4 is supported.
Remote Heartbeat
Interface #2 AIS_REMOTE_NETADDR_RES
ERVE
Secondary network interface to be used by Corosync for unicast transmission for remote host. Only IPv4 is supported. This is optional.
Virtual IP Address VIP Virtual IP address shared
between nodes. Only IPv4 is supported.
Virtual IP Mask VIP_MASK
The netmask of the Virtual IP Address, specified either as a number in the range [1..31] or in IP format (for example, 255.255.255.0).
Virtual IP Interface VIP_INTERFACE The NIC card interface (can be a bonded interface) where the Virtual IP will be hosted.
4.3.4.7 Synchronization
Synchronization Service only allows changing minimum set of parameters (Table 17). These settings appear in /opt/ddn/nas/etc/wosnas-cluster.conf.
Table 17 Synchronization Service Parameters
UI option wosnas-cluster.conf variable Description Synchronization
Batch Size SYNC_BATCH_SIZE Defines number of file data or attribute updates, which have to be accumulated in the
synchronization queue of this node prior to sending those changes across other nodes from the synchronization cluster.
Batch size = (Batch timeout) *
UI option wosnas-cluster.conf variable Description replication system’s response time; that is, the timeframe when local changes are being replicated to all nodes in the replication cluster.
For example, (Batch timeout) = 10 sec, (Batch size) = 10 sec * 50 files/sec * 5 = 2500.
Batch Interval SYNC_BATCH_INTERVAL_SEC Defines timeout in seconds. The synchronization service will send changes for synchronization after each such interval.
Batch TTL SYNC_BATCH_TIMETOLIVE_D
AYS Defines number of days within
which synchronization batches will be kept. These batches allow incremental recovery of other nodes if that becomes necessary.
Batches, which are older than
“Batch TTL”, will be removed and the only way to send such old changes to other nodes in case they need to recover will be to send full database dump.
WOS Policy SYNC_WOS_POLICY Defines WOS Cluster policy name to be used for communicating synchronization messages across the WOS Access cluster.
It is recommended to use two different policies between NFS and CIFS.
4.3.4.8 Adding A New Node to a Cluster Synchronization Group
The Join to the Synchronization group, the wizard adds a new node to a synchronization group. A replication group is a logical set of nodes which replicate the local changes of a database to all other nodes in the group. If a new node joins the replication group, the other nodes add the new node to a list of known replication nodes. You do not need to manually join the nodes to each other. A node cannot be joined to a replication group:
• if there is no existing DB;
• if the tables in DB are not empty (for all new nodes except first);
• if the specified node ID is already used by some other nodes in replication group.
In each case, an additional notification with short description is printed. Table 18 describes the configuration process.
Table 18 Join To Synchronization Group Wizard.
Step UI option Description
1 Create new
Replication Group Create new replication group.
Join existing
Replication Group Short hostname of destination host which is already in replication group. This must be a hostname, not an IP address.
2 Confirmation If we successfully entered the replication group no error messages should appear and Join button should also disappear.
Figure 66 Join Synchronization Group
4.3.4.9 Backup
Access the Backup section to specifying the number of days between performing a full backup (Table 19).
Table 19 Backup User Interface Options
UI option wosnas.nfsd.conf variable Description Full Backup
Schedule OVFS_BACKUP:OVFS_BACKUP_DB_FUL
L_HOURS Amount of time between
full backups.
4.3.5 Preferences Screen
The Preferences tab screen (Figure 68) allows changing e-mail notification settings, admin password; change automatic data refresh frequency and allows setting up Log file export parameters.
4.3.5.1 E-mail notifications
This section allows configuring e-mail notifications for certain WOS Access cluster events and testing e-mail settings, once they’re entered, by sending a test message (Table 20).
Table 20 Email Notifications Parameters (NFS/CIFS)
UI option wosnas.nfsd.conf variable Description Supported NFS Events
Mail Server OVFS_BACKUP:OVFS_MAIL_ Mail server to send
UI option wosnas.nfsd.conf variable Description From User OVFS_BACKUP:OVFS_MAIL_
USER_FROM Local user to be set as
sender Notification
E-mail OVFS_BACKUP:OVFS_MAIL_
ADDR_TO Destination address (may be
multiple, in this case addresses are merged using comma as a separator before writing to the configuration file)
Backup
Notifications OVFS_BACKUP:OVFS_BACKUP_MAI
L_NOTIFICATION Set to “yes” to enable.
Set to “no” to disable.
Supported CIFS Events
UI option /opt/ddn/nda/share/config/env.
conf variable Description
CIFS
Notification CIFS_MAIL_NOTIFY Set to “y” to enable.
Set to “n” to disable.
4.3.5.2 Credentials
This section allows changing admin password. Actually runs just runs CLI utility passwd to change password for UNIX user ‘admin’. Current password is required for setting a new one.
New password and its confirmation must match each other.
4.3.5.3 User Interface preferences
This section allows setting data refresh frequency. If configured information on Summary, Synchronization and Service pages refreshed with selected frequency.
4.3.5.4 Export syslog
This section allows setting up pushing selected log events to specified remote node.
Figure 67 Preferences tab screen
4.3.6 Logs Screen
Figure 68 shows an interface for viewing logs written by four services: NFS, CIFS, Backup, Sync and SR. Specified number (1...200) of strings from the end of the specified log file are shown in direct order.
To automatically enable/disable update log lines on user’s screen every 5 seconds, select the Auto-refresh checkbox.
To open a modal pop-up that contains a directory listing with logs, select the Export button.
The files are grouped by their names in order to get rotated logs together. Select the Export button under the list to pack selected logs into a tarball to download it.
Figure 68 Sample Logs Screen
5.0 Advanced Configuration Procedure
5.1 CIFS Service Shared Folder Configuration
After the installation, the WOSACCESS CIFS package has only one default share (IPC$) to be used for administrative tasks through the Microsoft Management Console.
To setup additional shares in WOSACCESS CIFS, you should use the lwnet utility. When creating shares, use the value of the CIFS_ROOT_SHARE_PATH parameter as the root folder. For example, to create a shared folder/test when $CIFS_ROOT_SHARE_PATH=/mnt, you should actually use /mnt/test:
# /opt/ddn/nas/bin/lwnet share add test="C:\mnt\test"
After the creation of shares, enable the share to allow the user to access it. For example, enable access for Administrator on share test:
# /opt/ddn/nas/bin/lwnet share set-info test --allow Administrator
When a share is created for administrator of a specified domain, the user name should contain the Fully Qualified Domain Name (FQDN).
For example:
# /opt/ddn/nas/bin/lwnet share set-info test --allow Administrator@domain
NOTE: The share is created for access only from the accounts of the administrators group. The access for the user accounts should be granted by the administrator.
To set the security permissions for specific folders inside the share, DDN recommends using the Security Attributes manager in Windows Explorer.
To delete an existing share, run the command:
# sudo /opt/ddn/nas/bin/lwnet share del <shareID>
where <shareID> is the share to be deleted.
For example, to delete the test share:
# sudo /opt/ddn/nas/bin/lwnet share del test
5.2 CIFS Service Security Configuration
The CIFS Service provides authorization on the host and the file system levels and supports both Unix system authentication and authorization and MS Windows® authentication and authorization, including Active Directory.
5.3 CIFS Users and Groups Management
5.3.1 Add a new userTo add a new user to the local authentication database, run the command:
/opt/ddn/nas/bin/lw-lsa add-user --uid 2500 <account>
where <account> is the new user account name.
You can set the user attributes with additional options (Table 21).
Table 21 User Attribute Options Option Explanation home Home directory shell Login shell uid User id (uid)
group Primary group name sid Security identifier (SID)
Add the options in the command before the <account> name.
For example, to add a user with specific user identifier 2500:
/opt/ddn/nas/bin/lw-lsa add-user --uid 2500 <account>
5.3.2 Delete an existing user
To delete an existing user account, use the command:
/opt/ddn/nas/bin/lw-lsa del-user <account>
where <account> is the user account name.
where <account> is the user account name.