IBM Spectrum Scale with Protocols

IBM Spectrum Scale mit Protokoll Unterstützung für SMB/CIFS, NFS und Object sowie Hadoop mausert sich als Multiprotokoll Cluster Dateisystem. Durch die Encyrption at Rest wird zudem GDPR Compliance sichergestellt.

Die Bereitstellung von SMB und NFS über dasselbe Dateisystem ist aufgrund der unterschiedlichen Locking Mechanismen der beiden Protokolle nicht supported [Quelle: Samba/CIFS exports of the same directory]. Genau diese Restriktion wird durch den Einsatz von IBM GPFS / Spectrum Scale beseitigt.

Pakete:

Name        : gpfs.protocols-support
Version     : 4.2.3
Release     : 7
Architecture: noarch
Install Date: Tue 27 Feb 2018 04:50:13 PM CET
Group       : System Environment/Base
Size        : 0
License     : (C) COPYRIGHT International Business Machines Corp. 2015
Signature   : (none)
Source RPM  : gpfs.protocols-support-4.2.3-7.src.rpm
Build Date  : Thu 15 Feb 2018 06:16:42 PM CET
Build Host  : bldlnx205.pok.stglabs.ibm.com
Relocations : (not relocatable)
Summary     : gpfs protocol dependencies
Description :
This package includes the dependency list for all the protocols to
enforce that all relevant Spectrum Scale protocol packages are installed.
If this package is not installed "mmchnode" will fail with an appropriate message.
Name        : gpfs.smb
Epoch       : 1
Version     : 4.5.15_gpfs_32
Release     : 1.el7
Architecture: x86_64
Install Date: Tue 27 Feb 2018 04:49:58 PM CET
Group       : System Environment/Daemons
Size        : 30993124
License     : GPLv3+ and LGPLv3+
Signature   : (none)
Source RPM  : gpfs.smb-4.5.15_gpfs_32-1.el7.src.rpm
Build Date  : Thu 15 Feb 2018 05:49:21 PM CET
Build Host  : bldlnx79.pok.stglabs.ibm.com
Relocations : (not relocatable)
URL         : http://www.samba.org/
Summary     : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and Unix.
Build id: 6e07fff
Anker

net conf list

Innerhalb der Cluster Export Services (CES) Definition sollen Konfigurationsdateien nicht direkt, sondern über Befehle bearbeitet werden.

Als Beispiel dient hier u.a. net conf:

[global]
        disable netbios = yes
        disable spoolss = yes
        printcap cache time = 0
        fileid:algorithm = fsname
        fileid:fstype allow = gpfs
        syncops:onmeta = no
        passdb backend = tdbsam
        preferred master = no
        client NTLMv2 auth = yes
        kernel oplocks = no
        level2 oplocks = yes
        debug hires timestamp = yes
        max log size = 100000
        host msdfs = yes
        notify:inotify = yes
        wide links = no
        async smb echo handler = yes
        log writeable files on exit = yes
        ctdb locktime warn threshold = 5000
        auth methods = guest sam winbind
        smbd:backgroundqueue = False
        read only = no
        use sendfile = no
        strict locking = auto
        posix locking = no
        large readwrite = yes
        aio read size = 1
        aio write size = 1
        force unknown acl user = yes
        store dos attributes = yes
        map readonly = yes
        map archive = yes
        map system = yes
        map hidden = yes
        ea support = yes
        groupdb:backend = tdb
        winbind:online check timeout = 30
        winbind max domain connections = 5
        winbind max clients = 10000
        dmapi support = no
        unix extensions = no
        socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPCNT=4 TCP_KEEPIDLE=240 TCP_KEEPINTVL=15
        strict allocate = yes
        tdbsam:map builtin = no
        password server = *
        aio_pthread:aio open = yes
        dfree cache time = 100
        change notify = yes
        max open files = 20000
        time_audit:timeout = 5000
        gencache:stabilize_count = 10000
        server min protocol = SMB2_02
        server max protocol = SMB3_02
        vfs objects = shadow_copy2 syncops gpfs fileid time_audit
        smbd profiling level = on
        log level = 1
        logging = syslog@0 file
        smbd exit on ip drop = yes
        durable handles = no
        ctdb:smbxsrv_open_global.tdb = false
        mangled names = illegal
        include system krb5 conf = no
        smbd:async search ask sharemode = yes
        gpfs:sharemodes = yes
        gpfs:leases = yes
        gpfs:dfreequota = yes
        gpfs:prealloc = yes
        gpfs:hsm = yes
        gpfs:winattr = yes
        gpfs:merge_writeappend = no
        fruit:metadata = stream
        fruit:nfs_aces = no
        fruit:veto_appledouble = no
        readdir_attr:aapl_max_access = false
        shadow:snapdir = .snapshots
        shadow:fixinodes = yes
        shadow:snapdirseverywhere = yes
        shadow:sort = desc
        idmap:cache = no
        idmap config * : read only = no
        idmap config * : backend = autorid
        idmap config * : range = 10000000-299999999
        idmap config * : rangesize = 1000000
        nfs4:mode = simple
        nfs4:chown = yes
        nfs4:acedup = merge
        add share command = /usr/lpp/mmfs/bin/mmcesmmccrexport
        change share command = /usr/lpp/mmfs/bin/mmcesmmcchexport
        delete share command = /usr/lpp/mmfs/bin/mmcesmmcdelexport
        server string = IBM NAS
        netbios name = TIRISA
        realm = TIRI.LAB
        security = ADS
        workgroup = TIRILAB

[smb]
        path = /gpfs/cesSharedRoot/fileset/smb
        guest ok = no
        smb encrypt = auto
        browseable = yes