Topic
  • 1 reply
  • Latest Post - ‏2013-07-11T08:17:51Z by Thomas Luther
Thomas Luther
Thomas Luther
4 Posts

Pinned topic Prohibit file creation via policy?

‏2013-07-10T10:34:01Z |

Hi there

Is it possible to define a policy that can prevent file creations? Eg. if there is a company rule that doesn't allow to store MP3 files in the NAS storage (assuming GPFS exported via NAS).

I know you can regularly scan and delete files based on rules/attributes, but can GPFS somehow prohibit to create files with certain customer definable attributes/rules?

Following work arounds seem to not working or are not optimal:

  • Define placement rule to non existing pool => GPFS doesn't allow to activate placement rules with non existing pools (at least not in SONAS or V7000 Unified)
  • Create user pool with single, small NSD and prefill the NSD with a dummy file to consume all capacity. Rule based placements to this full pool would not be possible and cause client write errors. This might be useful for native GPFS clusters, but not for appliances such as SONAS and V7000 Unified, which alert upon high utilization rates. This would flag permanent health error which could mask real system problems.

GPFS would allow that bahavior with a simple placement rule that excludes unwanted files.

# mmlspolicy gpfs0:
Policy for file system '/dev/gpfs0':
Installed by root@mgmt001st004 on Wed Jul 10 13:50:34 2013.
First line of policy 'policy' is:
RULE 'mp3' set POOL 'system' WHERE lower(NAME) NOT LIKE '%.mp3'

# echo 123 > /ibm/gpfs0/test.mp3
bash: /ibm/gpfs0/test.mp3: Invalid argument

# echo 123 > /ibm/gpfs0/test.mp4

Even if the error message is a bit confusing, the policy makes what it is supposed to do.

With SONAS and V7000 Unified however, when a policy is applied via CLI command setpolicy, the appliance always adds a default placement rule for user convenience, to avoid I/O errors based on undefined file placements. So it will look like this:

RULE 'mp3' set POOL 'system' WHERE lower(NAME) NOT LIKE '%.mp3'

RULE 'default' set POOL 'system'

That means, this is no option either to prohibit creation of certain files on the appliances.

Any other idea to prevent certain files from being created using GPFS policies?

Updated on 2013-07-10T14:48:49Z at 2013-07-10T14:48:49Z by Thomas Luther
  • Thomas Luther
    Thomas Luther
    4 Posts

    Re: Prohibit file creation via policy?

    ‏2013-07-11T08:17:51Z  

    Further tests showed that there is a work around on the appliances as well to prohibit creation of certain file types.

    To avoid that the appliance adds another default placement rule, you simply have to name your rule 'default'. That means following rule example would prevent creation of MP3 and MOV files:

    RULE 'default' set POOL 'system' WHERE lower(NAME) NOT LIKE '%.mp3' AND lower(NAME) NOT LIKE '%.mov'

    Again, it is important to name this rule 'default' to avoid that another default rule is automatically added by SONAS or V7000 Unified.

    Following are examples when clients try to create or copy such prohibited file types:

    Linux:

    # echo 'writing mov' > /ibm/gpfs0/fileset1/movietest.mov
    -bash: /ibm/gpfs0/fileset1/
    movietest.mov: Invalid argument
    #

    Windows:

    Error Copying File or Folder:
    Cannot Copy myMP3.mp3: The Parameter is incorrect.