Veritas Access Appliance Administrator's Guide
- Section I. Introducing Access Appliance
- Section II. Configuring Access Appliance
- Managing users
- Configuring the network
- About configuring the Access Appliance network
- About bonding Ethernet interfaces
- Bonding Ethernet interfaces
- Configuring DNS settings
- About Ethernet interfaces
- Displaying current Ethernet interfaces and states
- Configuring IP addresses
- Configuring VLAN interfaces
- Configuring NIC devices
- About configuring routing tables
- Configuring routing tables
- Changing the firewall settings
- Configuring Access Appliance in IPv4 and IPv6 mixed mode
- Support for multiple data subnets
- Configuring authentication services
- About configuring LDAP settings
- Configuring LDAP server settings
- Administering the Access Appliance cluster's LDAP client
- About Active Directory (AD)
- Configuring AD server settings
- Configuring entries for Access Appliance DNS for authenticating to Active Directory (AD)
- Configuring AD/LDAP using the GUI
- Configuring the NIS-related settings
- Configuring NSS lookup order
- Sign-in options for the Access Appliance UI
- Configuring user authentication using digital certificates or smart cards
- Section III. Managing Access Appliance storage
- Configuring storage
- About storage provisioning and management
- About configuring disks
- About configuring storage pools
- Configuring storage pools
- About quotas for usage
- Enabling, disabling, and displaying the status of file system quotas
- Setting and displaying file system quotas
- Setting user quotas for users of specified groups
- About quotas for CIFS home directories
- Workflow for configuring and managing storage using the Access Appliance CLI
- Displaying information for all disk devices associated with the nodes in a cluster
- Displaying WWN information
- Importing new LUNs forcefully for new or existing pools
- Initiating host discovery of LUNs
- Managing disks
- Access Appliance as an iSCSI target
- Configuring storage
- Section IV. Managing Access Appliance file access services
- Configuring the NFS server
- About using the NFS server with Access Appliance
- Using the kernel-based NFS server
- Accessing the NFS server
- Displaying and resetting NFS statistics
- Configuring Access Appliance for ID mapping for NFS version 4
- Configuring the NFS client for ID mapping for NFS version 4
- About authenticating NFS clients
- Setting up Kerberos authentication for NFS clients
- Using Access Appliance as a CIFS server
- About configuring Access Appliance for CIFS
- About configuring CIFS for standalone mode
- Configuring CIFS server status for standalone mode
- Changing security settings
- About configuring CIFS for Active Directory (AD) domain mode
- Setting NTLM
- About setting trusted domains
- Specifying trusted domains that are allowed access to the CIFS server
- Allowing trusted domains access to CIFS when setting an IDMAP backend to rid
- Allowing trusted domains access to CIFS when setting an IDMAP backend to ldap
- Allowing trusted domains access to CIFS when setting an IDMAP backend to hash
- Allowing trusted domains access to CIFS when setting an IDMAP backend to ad
- About configuring Windows Active Directory as an IDMAP backend for CIFS
- Configuring the Active Directory schema with CIFS-schema extensions
- Configuring the LDAP client for authentication using the CLI
- Setting Active Directory trusted domains
- About storing account information
- Storing user and group accounts
- Reconfiguring the CIFS service
- About mapping user names for CIFS/NFS sharing
- About the mapuser commands
- Adding, removing, or displaying the mapping between CIFS and NFS users
- Automatically mapping UNIX users from LDAP to Windows users
- About managing home directories
- About CIFS clustering modes
- About migrating CIFS shares and home directories
- Setting the CIFS aio_fork option
- About managing local users and groups
- Enabling CIFS data migration
- Using Access Appliance as an Object Store server
- Configuring the NFS server
- Section V. Managing Access Appliance security
- Section VI. Monitoring and troubleshooting
- Configuring event notifications and audit logs
- About troubleshooting
- Monitoring command activity
- Monitoring alerts
- About alert management
- Monitoring events
- Viewing reports
- Viewing cluster storage usage
- Viewing file system usage
- About event notifications
- About severity levels and filters
- About SNMP notifications
- Configuring a syslog server
- Displaying events on the console
- Appliance log files
- Configuring event notifications and audit logs
- Section VII. Provisioning and managing Access Appliance file systems
- Creating and maintaining file systems
- About creating and maintaining file systems
- About encryption at rest
- Considerations for creating a file system
- Best practices for creating file systems
- Choosing a file system layout type
- Determining the initial extent size for a file system
- About striping file systems
- About FastResync
- About fsck operation
- Enabling WORM on a file system
- Setting retention in files
- Setting WORM over NFS
- Manually setting WORM-retention on a file over CIFS
- About managing application I/O workloads using maximum IOPS settings
- Creating a file system
- Bringing the file system online or offline
- Listing all file systems and associated information
- Modifying a file system
- Managing a file system
- Destroying a file system
- Upgrading disk layout versions
- Creating and maintaining file systems
- Section VIII. Provisioning and managing Access Appliance shares
- Creating shares for applications
- Creating and maintaining NFS shares
- About NFS file sharing
- About the NFS shares
- Displaying file systems and snapshots that can be exported
- Exporting an NFS share
- Displaying exported directories
- About managing NFS shares using netgroups
- Unexporting a directory or deleting NFS options
- Exporting an NFS share for Kerberos authentication
- Mounting an NFS share with Kerberos security from the NFS client
- Exporting an NFS snapshot
- Creating and maintaining CIFS shares
- About managing CIFS shares
- About the CIFS shares
- Exporting a directory as a CIFS share
- Configuring a CIFS share as secondary storage for an Enterprise Vault store
- Exporting the same file system/directory as a different CIFS share
- About the CIFS export options
- Setting share properties
- Displaying CIFS share properties
- Hiding system files when adding a CIFS normal share
- Allowing specified users and groups access to the CIFS share
- Denying specified users and groups access to the CIFS share
- Exporting a CIFS snapshot
- Deleting a CIFS share
- Modifying a CIFS share
- Making a CIFS share shadow copy aware
- About managing CIFS shares for Enterprise Vault
- Integrating Access Appliance with Data Insight
- Section IX. Managing Access Appliance storage services
- Configuring episodic replication
- About Access Appliance episodic replication
- How Access Appliance Replication works
- Starting Access Appliance episodic replication
- Setting up communication between the source and the destination clusters
- Setting up the file systems to replicate
- Setting up files to exclude from an episodic replication unit
- Scheduling the episodic replication
- Defining what to replicate
- About the maximum number of parallel episodic replication jobs
- Managing an episodic replication job
- Replicating compressed data
- Displaying episodic replication job information and status
- Synchronizing an episodic replication job
- Behavior of the file systems on the episodic replication destination target
- Accessing file systems configured as episodic replication destinations
- Episodic replication job failover and failback
- Configuring continuous replication
- About Access Appliance continuous replication
- How Access Appliance continuous replication works
- Starting Access Appliance continuous replication
- Setting up communication between the source and the destination clusters
- Setting up the file system to replicate
- Managing continuous replication
- Displaying continuous replication information and status
- Unconfiguring continuous replication
- Preserving the file system on the destination cluster
- Continuous replication failover and failback
- Addition of multiple file systems to a Replicated Volume Group
- Using snapshots
- Using instant rollbacks
- About instant rollbacks
- Creating a space-optimized rollback
- Creating a full-sized rollback
- Listing Access Appliance instant rollbacks
- Restoring a file system from an instant rollback
- Refreshing an instant rollback from a file system
- Bringing an instant rollback online
- Taking an instant rollback offline
- Destroying an instant rollback
- Creating a shared cache object for Access Appliance instant rollbacks
- Listing cache objects
- Destroying a cache object of a Access Appliance instant rollback
- Configuring episodic replication
- Section X. Reference
- Index
Getting started with Access Appliance APIs
The Access Appliance API provides a web-service based interface to manage and administer the Veritas Access Appliance server. The Access Appliance API is built on the Representational State Transfer (REST) architecture, which is the most widely used style for building APIs. The Access Appliance API uses the HTTP protocol to communicate with the Access Appliance server. It is easy to use in cloud-based applications, as well as across multiple platforms and programming languages.
The Access Appliance API uses JavaScript Object Notation (JSON) as the message format for the request and response messages. It employs client-server communication in the form of HTTP requests and responses. The API client (your program) uses the HTTP protocol to make an API request to the Access Appliance server. The server processes the request and responds to the client with an appropriate HTTP status code indicating either success or failure. The client then extracts the required information from the server's response.
The Access Appliance server authenticates the incoming API requests based on a JSON Web Token (JWT) that needs to be provided in the Authorization HTTP header when making the API requests. A JSON Web Token (JWT) is acquired by executing a login API request. The login API accepts a username and password. The port that is used to access the Access Appliance API is the standard Access Appliance PBX port, 14161.
Example of generating and using JWT for authentication
The following procedure provides a sample workflow to retrieve task information from Access Appliance server. This procedure involves logging in to Access Appliance server to receive a JWT and then requesting task information for a specific task (task ID f42ac680-acba-11ea-b342-1f3ab58ec019 in this scenario).
Step 1:
Use the Access Appliance API endpoint POST /api/appliance/v1.0/authentication/login to create a login request:
curl --cookie-jar /tmp/cookies.txt -g -k -X POST https://hostname:14161/api/appliance/v1.0/authentication/login\ --header 'Accept: application/json'\ --header 'Content-Type: application/x-www-form-urlencoded'\ --data 'userName=myuser&password=mypassword'
The following response to the login request contains the JSON Web Token (JWT):
The userRole attribute indicates the Role of the user.
{ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsInppcCI6IkRFRiJ9. eNp0VF1v2jAU_S9-nHiArXQrb15yaT2cOLIdEJ2mKGWZmnXARMKEVvW_13EciO3weu65H -d-vaIyr9FsMp18Gt_dTsefb6bjESqrCs3Q7umYbfOqLg5ohH7XpYIWqwVfzNM1k6tHvCK JMhSnv63_5MvHO-V_cztC1fFJkQ_b3bGaHar6UGxeitm_k2Lnx_o5q_cvxW44Wlll-c9t2V jrw7FokW2-eS53hcJ-5X-qwoT5n232u7o4qfJfEQchMZfZN_YVzb6jD-jHSGOMQ0YifA9nd Elg5dJAZg9MyDMUcMASsmUkgC-96jGYrFDoKCwgFEKgSQsPlsoETILgEsyJ4HyE2dLxEIyX 9txDJYwSoK1Xa_F01EFZcLnZJgS3MOBNxEhDhNGYi9Tr7KLdJZ4JXBYsgUM0nUtnFFfmirQ 7ZBUUZzm6EwEHClDmbTBKczEtacZK55kkXJuwrjcflm6gq45Tgne7I1_o9XF8CNPqdMTnIZE UnYvXLIjQZPnEIoQS2yjAwPVuJLrIFioFfYy4VQ-6JY70hLgERGiv6gad2SYVR9Ya822h6m OKI3sSXRnwSGEWBJMnTLsszTZhpbfarnh9cfI9_saN08DbzZF87m6RcSxyqAKoK63o9Rsr JWnPd2zdq-5A8MRqUjUNllN6I4BgpQTuU44S7zzHOqQyeJdboDjAKiVor2YK8_nMutL7DQ Jux-m_KIIYukvnrthumPCbaS9BCbwkB5j8vW0cYZGfPVrXZHqrHrvU7tfsWmY9wf0Onakt 7d3AAAA__8.VVE25rQqbrC-isGOqbRTqMPoK4ts5-9_6zSgz0fUg11m9GCClq10PS9u1D laXye-S2MYYyHVEHSVs6uKcPVvN2WGBHkv7t-c4Hixc9O8zrJYhJaP979wF_gn08YnRlX 7_o4Qj6muc1IWHjK0hPMIgq0X-sBU2Git9uppVW1jbLA", "userRole": "Appliance Administrator" }Step 2:
Get the task information using the Access Appliance API endpoint GET /api/appliance/v1.0/tasks/{taskId}. In this example, the information for the task ID f42ac680-acba-11ea-b342-1f3ab58ec019 is requested.
Note:
The Authorization header uses the value of the token attribute from the response to the login request made in the previous step.
curl --cookie /tmp/cookies.txt -k -X GET https://hostname:14161/api/appliance/v1.0/tasks/f42ac680-acba-11ea- b342-1f3ab58ec019 \ --header 'Accept: application/json' \ --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz I1NiIsInppcCI6IkRFRiJ9.eNp0VF1v2jAU_S9-nHiArXQrb15yaT2cOLIdEJ2mKGWZmnX ARMKEVvW_13EciO3weu65H-d-vaIyr9FsMp18Gt_dTsefb6bjESqrCs3Q7umYbfOqLg5oh H7XpYIWqwVfzNM1k6tHvCKJMhSnv63_5MvHO-V_cztC1fFJkQ_b3bGaHar6UGxeitm_k2 Lnx_o5q_cvxW44Wlll-c9t2Vjrw7FokW2-eS53hcJ-5X-qwoT5n232u7o4qfJfEQchMZfZ N_YVzb6jD-jHSGOMQ0YifA9ndElg5dJAZg9MyDMUcMASsmUkgC-96jGYrFDoKCwgFEKgS QsPlsoETILgEsyJ4HyE2dLxEIyX9txDJYwSoK1Xa_F01EFZcLnZJgS3MOBNxEhDhNGYi 9Tr7KLdJZ4JXBYsgUM0nUtnFFfmirQ7ZBUUZzm6EwEHClDmbTBKczEtacZK55kkXJuw rjcflm6gq45Tgne7I1_o9XF8CNPqdMTnIZEUnYvXLIjQZPnEIoQS2yjAwPVuJLrIFi oFfYy4VQ-6JY70hLgERGiv6gad2SYVR9Ya822h6mOKI3sSXRnwSGEWBJMnTLsszTZh pbfarnh9cfI9_saN08DbzZF87m6RcSxyqAKoK63o9RsrJWnPd2zdq-5A8MRqUjUNl lN6I4BgpQTuU44S7zzHOqQyeJdboDjAKiVor2YK8_nMutL7DQJux-m_KIIYukvnr thumPCbaS9BCbwkB5j8vW0cYZGfPVrXZHqrHrvU7tfsWmY9wf0Onakt7d3AAAA__ 8.VVE25rQqbrC-isGOqbRTqMPoK4ts5-9_6zSgz0fUg11m9GCClq10PS9u1Dla Xye-S2MYYyHVEHSVs6uKcPVvN2WGBHkv7t-c4Hixc9O8zrJYhJaP979wF_gn 08YnRlX7_o4Qj6muc1IWHjK0hPMIgq0X-sBU2Git9uppVW1jbLA'The response to the GET request contains the task information for task ID f42ac680-acba-11ea-b342-1f3ab58ec019:
{ "data": { "links": { "self": { "href": "/api/appliance/v1.0/tasks/f42ac680-acba- 11ea-b342-1f3ab58ec019" } }, "type": "tasks", "id": "1", "attributes": { "isParent": true, "numCompleted: 1, "state": "SUCCESS", "taskId": "f42ac680-acba-11ea-b342-1f3ab58ec019", "source": "MASTER_FS", "numChildren: 2, "parentTaskId": "Unknown", "progress": "Unknown", "userName": "Unknown", "startTime": "2020-06-12 14:42:35", "sourceType": "vrts_raidgroup", "taskName": "Create File System MASTER_FS", "endTime": 2020-06-12 14:43:39, "output": [\"ACCESS fs SUCCESS V-493-10-2110 Created mirrored file system MASTER_FS\"], "childrenTaskIdList": ["f7d750fa-acba-11ea-a760-000c29 1f5977","035d1158-acbb-11ea-9ea1-000c291f5977"] } } }
Executing the REST APIs through Swagger UI
Swagger UI link: https://hostname:14161/swagger
Step 1: Authentication
Click on POST /api/appliance/v1.0/authentication/login
Click on . Enter username and password. Click on .
This will return a token, userRole and warning in Response body 200.
Copy the token from Response body.
Step 2: Authorization
Click on in the upper right corner of Swagger UI. This will open a popup modal. In the field, type Bearer (space) and paste the token copied in the previous step 1.
Example: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOi I5OWU5ZGRlMzky NWIiLCJpYXQiOjE2NDk5MzQyMDZ9.Eyv2lmRz7pM__PL UdgkyevuV8dM78-ie65rr5xzVgcshWS25HuN7bmELscNIIC13n1EKILb953ne BfW_o9R9RA8IalmL_m6NsBvNWb6AfXbAFxVXHRAPAZnDpkkt6hls6koONkC0Ld I1707w7wrceZMgWMe-F8cGmffN3dSiCvG89JkSLOwL0K6gQNcwqkkzJnI5S7by R_YMrB5hbgWV2zJMbWIIwAJoGChWE2uhhGobKqztxo0Y1ZN-XrCk4E_AFtLrbZ 4GjO_AddvbpYcV1Q7DdCZsKgSMpHG5N8FFwDtk3n_8zriVV0XPLnMGMadbSM 9qm5YmO-MkuydSI07KlQ
Click on and close the popup modal.
Step 3: Execute REST APIs
To get all the file systems using the Access Appliance API, click on GET /api/appliance/v1.0/storage/filesystems. Click on and then click . This will return a list of file systems in Response body 200.
{ "links": { "self": { "href": "/api/appliance/v1.0/storage/filesystems" } }, "data": [ { "links": { "self": { "href": "/api/appliance/v1.0/storage/filesystems/fs1" } }, "type": "storage", "id": "1" }, { "links": { "self": { "href": "/api/appliance/v1.0/storage/filesystems/fs2" } }, "type": "storage", "id": "1" } ] }To get the specific file system information using the Access Appliance API, click on GET /api/appliance/v1.0/tasks/{fsName}. In this example, the information for file system name is requested.
Click on . Enter the file system name in the input box and then . This will return details of the requested file system in Response body 200.
{ "links": { "self": { "href": "/api/appliance/v1.0/storage/filesystems/fs1" } }, "data": { "links": { "self": { "href": "/api/appliance/v1.0/storage/filesystems/fs1" } }, "type": "storage", "id": "1", "attributes": { "fsBlockSize": 8192, "size": "1.00 GB", "usedSize": "49.30 MB", "fullFsckStatus": "Not Running", "fullFsck": 0, "isDedupeEnabled": "No", "storageLayout": "striped", "numColumn": "5", "resiliency": "-", "fsName": "fs1", "offlineNodeNameList": [], "onlineNodeNameList": [ "r6515-003v011", "r6515-003v012" ], "status": "online", "stripeUnit": "64 K", "isWormEnabled": "No", "reconfigState": "Unknown", "isReconfigRunning": false, "minimumRetention": "", "maximumRetention": "", "diskPoolName": "pool_default", "diskNameList": [ "vrts_appliances0_4", "vrts_appliances0_6", "vrts_appliances0_7", "vrts_appliances0_8", "vrts_appliances0_9" ], "fsId": "{2d2c9fed-7620-9bd8-d298-c74bcc50a140}_fs1", "usage": [] } } }
Possible response codes an Access Appliance API can return:
200 - Successful
400 - Error: Bad Request
401 - Error: Unauthorized
500 - Error: Internal Server Error