|
Help is available on the following topics:
Adminaccess
Alerts
Alias
Authentication
Autosupport
Cifs
Cluster
config
disk
enclosure
filesys
log
net
nfs
ntp
ost
replication
route
snapshot
snmp
system
user
Type "help <topic>" to view help for the given topic.
Type "help <keyword>" to search the commands for a specific keyword.
For example, "help timezone" shows all commands relating to timezones.
sysadmin@dd620> help adminaccess
adminaccess - creates
access control lists for the use of HTTP, FTP, Telnet, and SSH administrative protocols on the Data Domain system.
DESCRIPTION
The Data Domain system adminaccess command allows remote hosts to use the FTP, Telnet, HTTP, HTTPS, and SSH administrative protocols on the Data Domain system. Except as noted for specific command options, this command is available only to Data Domain system administrative users.
The FTP, SSH, HTTP, HTTPS, and Telnet protocols have host-machine access lists that limit access. The SSH protocol is open to the default user sysadmin and to all Data Domain system users added with the user add command. By default, FTP and Telnet are disabled.
OPTIONS
adminaccess add {ftp | telnet | ssh | http | https} <host-list>
Use this command to add hosts to a protocol. For multiple hosts, enter a list of entries separated by commas, spaces, or both. For FTP, Telnet, and SSH, a host is a fully-qualified domain hostname, class-C IP address, IP address with either netmasks or length, or an asterisk (*) wildcard with a domain name, such as *.
fcoe.ru. An asterisk (*) by itself means no restrictions.
For HTTP and HTTPS, the host-list can contain hostnames, class-C IP addresses, an IP address range, or the word all.
For SSH, TCP wrappers are used and /etc/hosts.allow and /etc/hosts.deny files are updated.
For HTTP/HTTPS, Apache's mod_access is used for host-based access control and the /usr/local/apache2/conf/httpd-ddr.conf file is updated.
adminaccess add ssh-keys [user username]
Use this command to add an SSH public key, created on a remote machine, to the SSH authorized keys file on the Data Domain system. The operation allows users to log in without giving a password. On the remote machine, create a public key using the ssh-keygen command. Use the key ~/.ssh/id_dsa.pub as generated on the remote machine by ssh-keygen as input to the add ssh-keys command. Refer to Add an Authorized SSH Public Key for more information.
adminaccess
authentication add
cifs
Use this command to allow Windows domain users who have no local account on the Data Domain system to access the system through SSH, Telnet, and FTP using Windows domain group credentials. For administrative access, the user must be in either the standard Windows "Domain Admins" group or in a group that you create named "Data Domain." Users from both group names are always accepted as administrative users. The command also gives user-level access (no administrative operations allowed) to all other users from the domain. Users must be from the domain that includes the Data Domain system or a related, trusted domain.
The SSH, Telnet, or FTP command that accesses the Data Domain system must include the domain name, a backslash, and the user name in double quotation marks.
Note: For this command to work, CIFS must be enabled and the Data Domain system must be part of a Windows domain.
adminaccess authentication del cifs
Use this command to prevent authentication against a Windows domain and to allow administrative access only for those users who have local user accounts on the Data Domain system.
adminaccess authentication reset cifs
Use this command to reset the Windows user access to the default of requiring a local account for administrative access to the Data Domain system.
adminaccess authentication show
Use this command to display the current value of the setting that allows a Windows administrative user to access a Data Domain system when no local account exists. For example,
# adminaccess authentication show
CIFS authentication: disabled
adminaccess certificate show {ca | host}
Use this command to display the host or CA certificate. This command is available to all users. For example:
# adminaccess certificate show ca
Cert Type Root CA
Subject dd120-18.fcoe.ru
Valid From Tue Oct 14 13:39:35 2008
Valid Until Thu Oct 7 12:39:35 2038
Finger Print D6:E2:7B:55:F8:90:E9:27
adminaccess del {ftp | telnet | ssh | http} <host-list>
Use this command to remove hosts (IP addresses, hostnames, or asterisk (*)) from the FTP, HTTP, SSH, or Telnet access lists. You can enter a list that is separated by commas, spaces, or both. This command is available to administrative users only.
adminaccess del ssh-keys <lineno> [user <username>]
Use this command to delete an SSH key from the key file. The <lineno> is a line number as displayed by the adminaccess show ssh-keys command. Users may delete their own keys.
Administrators may delete any user's keys. Use adminaccess show ssh-keys to get the line number value for the key to delete.
adminaccess disable {http | https | ftp | telnet | ssh | all}
Use this command to disable a service on the Data Domain system. Disabling FTP or Telnet does not affect entries in the access lists. If all services are disabled, the Data Domain system is accessible only through a serial console or keyboard and monitor. This command is available to administrative users only.
adminaccess enable {http | https | ftp | telnet | ssh | all}
Use this command to enable a protocol on the Data Domain system. By default, the SSH, HTTP, and HTTPS services are enabled and FTP and Telnet are disabled. HTTP and HTTPS allow users to log in through the Web-based graphical user interface. To use FTP and Telnet, you must also add host machines to the access lists. This command is available to administrative users only.
adminaccess reset {ftp | telnet | ssh | http | all}
Use this command to reset the FTP, HTTP, SSH, and Telnet protocols to their default states and clear the access lists of host entries. This command is available to administrative users only.
adminaccess reset ssh-keys [user <username>]
Use this command to remove the authorized SSH keys file for a user specified user or for the operator account from the Data Domain system. After you remove the file, every SSH connection needs password authentication. Administrators can reset SSH keys for themselves (by omitting the user option) or for other users.
Regular users can only reset the SSH keys for their own account.
adminaccess show
Use this command to display every access service available on a Data Domain system, whether or not the service is enabled, and a list of hostnames that are allowed access through each service that uses a list. An N/A in the Allowed Hosts column means that the service does not use a list. A dash (-) means that the service can have a list, but currently has no hosts in the list. An asterisk means all hosts are allowed. For example:
# adminaccess show
Service Enabled Allowed Hosts
------- ------- -------------
Ssh yes -
telnet no -
ftp no *
http yes -
https yes -
------- ------- -------------
Web options:
Option Value
--------------- -----
http-port 80
https-port 443
session-timeout 10800
--------------- -----
This command is available to administrative users only.
adminaccess show ssh-keys [user <username>]
Use this command to display the SSH key file with a line number for each entry. Administrators can view the SSH key files of any user. Regular users can only view their own SSH key file.
You can add trust between Data Domain systems for group and Global Deduplication Array management purposes. The trust commands let administrators manage trust relationships. There are two scenarios where trust relationships are used.
Group management in the Enterprise Manager is based on trust relationships between nodes. You can view these trust relationships with the trust commands. If you add the trust relationship from the DD OS command line, when a Data Domain system is imported into the EM for group management, the sysadmin password is not required for setting up the management of the external Data Domain system (because the trust has been already established).
Global Deduplication Array management is also based on trust relationships. As nodes are added to the Global Deduplication Array by using the cluster add command, you can view the trust relationships and their details by using the adminaccess trust show command.
Note: Do not delete trusts that involve Global Deduplication Array nodes. Doing so can cause Global Deduplication Array management to fail.
adminaccess trust add <hostname> [type mutual]
Use this command to establish trust with the given host. The [type mutual] option establishes mutual trust with that host.
adminaccess trust copy {source | destination} <hostname>
Use this command to copy the trust to or from the given host.
adminaccess trust del <hostname> [type mutual]
Use this command to remove trust from the given host. The [type mutual] option removes the mutual trust from that host.
adminaccess trust show <hostname>
Use this command to show the list of trusted Certificate Authorities (CAs). This command is available to all users.
adminaccess web option reset [http-port | https-port | session-timeout]
Use this command to reset all Web options or the specified Web option to their default values.
adminaccess web option set http-port <port-number>
Use this command to set the http access port for the Web client.
Port 80 is set by default.
adminaccess web option set https-port <port-number>
Port 443 is set by default.
adminaccess web option set session-timeout <timeout-in-secs> seconds is set by default.
adminaccess web option show
The output of this command may look like:
# adminaccess web option show
Option Value
--------------- -----
http-port 80
https-port 443
session-timeout 10800
--------------- -----
EXAMPLES
Add a Host
To add the host srvr24 to the Telnet access list:
adminaccess add telnet srvr24.fcoe.ru
To add all hosts in a domain to the Telnet access list:
adminaccess add telnet *.fcoe.ru
To add a range of IP addresses to the Telnet access list:
adminaccess add telnet 10.24.20.0/24
Add an Authorized SSH Public Key
The following steps create a key on a UNIX-based system and then write the key to a Data Domain system:
1. On the remote machine, create the public and private SSH keys.
jsmith > ssh-keygen -d
Generating public/private dsa key pair.
Enter file in which to save the key
(/home/jsmith/.ssh/id_dsa):
.
2. Press Enter to accept the file location and other defaults. The public key created under /home/jsmith/.ssh (in this example) is id_dsa.pub.
3. On the remote machine, write the public key to the Data
Domain system, dd10 in this example. The Data Domain system asks for the user's password before accepting the key:
jsmith > ssh -l sysadmin dd10 "adminaccess add ssh-keys user jsmith" < ~/.ssh/id_dsa.pub
Return Command Output to a Remote Machine
Using SSH, you can have output from Data Domain system commands return to a remote machine at login and then automatically log out. For example, the following command connects with the machine dd10 as user sysadmin, asks for the password, and returns output from the command filesys status.
ssh -l sysadmin dd10 filesys status
sysadmin@dd10's password:
The filesystem is enabled
You can create a file with a number of Data Domain system commands, with one command on a line, and then use the file as input to the login. Output from all the commands is returned. For example, a file named cmds11 could contain the following commands:
filesys status
system show uptime
nfs status
The login and the returned data look similar to the following:
ssh -l sysadmin dd10 < cmds11
sysadmin@dd10's password:
The filesystem is enabled
3:00 pm up 14 days 10 hours 15 minutes 1 user, load average: 0.00, 0.00, 0.00
Filesystem has been up 14 days 10:13
The NFS system is currently active and running
Total number of NFS requests handled = 314576
To use scripts that return output from a Data Domain system, see Add an Authorized SSH Public Key on page 56 to eliminate the need for a password.
sysadmin@dd620>help alerts
NAME
alerts- manage the alert email list
DESCRIPTION
The alerts command manages who receives email notification for system alerts. Alerts happen whenever the Restore Protection Manager discovers a problem with software or a monitored hardware component.
All alerts are sent as email (either immediately or via the Daily Alert Summary) and a subset of alerts are also sent as SNMP traps.
The full list of traps sent are described in the snmp chapter (and are also documented in the MIB).
Alerts are sent with either a WARNING or a CRITICAL severity.
Alerts of WARNING severity are sent to the recipients specified in the autosupport email list (see autosupport on page 75). Alerts of CRTICAL severity are sent to the recipients specified in the alerts email list. To receive both WARNING and CRITICAL alerts, add your email address to both lists.
OPTIONS
alerts add <email-list>
Use this command to add email addresses to the list that receives system alert emails. The <email-list> is a list of email addresses that are separated by commas, spaces, or both.
By default, the list includes an address for Data Domain support staff. After adding to the list, always use the alerts test command to test for mailer problems. This command is available to administrative users only.
alerts clear alert-id <alert-id-list>
Use this command to clear a specified alert. The <alert-id-list> is a list of active alert IDs separated by commas, spaces, or hyphens. This command is available to administrative users only.
alerts del <email-list>
Use this command to delete email addresses from the list. The <email-list> is a list of email addresses that are separated by commas, spaces, or both. This command is available to administrative users only.
alerts reset
Use this command to set the email alerts list to the factory default of
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
. This command is available to administrative users only.
alerts show alerts-list
Use this command to display the alerts email list, which includes an address for Data Domain support. Addresses that you add to the list appear as local or fully-qualified addresses exactly as you enter them.
alerts show all
Use this command to display the alerts email list and the administrator email address, along with the current list of active alerts.
alerts show current
Use this command to display alerts for all situations that have not been dealt with.
The list of current alerts includes all alerts that are not corrected.
An alert is removed from the display when the underlying situation is corrected. For example, an alert about a fan failure is removed when the fan is replaced with a working unit.
Each type of alert maintains only one message in the current alerts list. For example, the display reports the most recent date of a system reboot, not every reboot. Look in the system log files for current and previous messages.
alerts show daily
Use this command to display current alerts and the alerts events history for the last 24 hours. Use the up and down arrow keys to move through the log. Use the q key to exit. Enter a slash character (/) and a pattern to search for and highlight lines of particular interest.
alerts show history
Use this command to display the alerts events history file. The event history file includes one line (date and reason) for every system alert. Use the up and down arrow keys to move through the log. Use the q key to exit. Enter a slash character (/) and a pattern to search for and highlight lines of particular interest.
The alerts history lists alerts messages from all of the existing messages system log files, which hold messages for up to ten weeks.
alerts test [email-addr]
Use this command to send an email to all addresses on the alerts list or to one or more specified addresses. After adding addresses to the email list, always use this operation to test for mailer problems.
EXAMPLES
Add to the Email List
To add the email addresses
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
and
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
to the alerts email list, use the command:
alerts add
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
,
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Remove from the Email List
To remove an email address from the alerts list, use the command:
alerts del
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Managing alerts
Test the Email List
To test for the address
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
:
alerts test
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Display the Email List
To display all email addresses in the alerts list, use the alerts show alerts-list command.
The display is similar to the following:
# alerts show alerts-list
Alerts email:
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
admin12
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Display the Email List and Administrator Email
To display all email addresses on the alerts-list, use the alerts show all command:
The administrator address appears twice:
# alerts show all
The Admin email is:
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Alerts email
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
admin12
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
No active alerts.
Display Current Alerts
To display current alerts, use the alerts show current command. The command returns entries similar to the following:
# alerts show current
Alert Id Alert Time Description
-------- ---------------- -------------
47 Wed Sep 23 07:46 Space in Data
Collection is 100% full (exceeds 100% threshold).
-------- ---------------- -------------
There is 1 active alert.
Display Current Alerts and Recent History
To display the current alerts and the alerts history over the last 24 hours, use the alerts show daily command. The display is similar to the following:
# alerts show daily
Current Alert
-------------
Alert Id Alert Time Description
-------- ------------ ------------------------
42 Nov 12 18:54 Rear fan #1 failure:
Current RPM is 0, nominal is 8000
-------- ------------ ------------------------
There is 1 active alert.
Recent Alerts and Log Messages
------------------------------
Nov 5 20:56:43 localhost sysmon: EMS: Rear fan #2 failure: Current RPM is 960, nominal is 8000
Display the Alerts History
To display the history of alerts messages, use the alerts show history command. Use the up and down arrow keys to move through the display. Use the q key to exit. Enter a slash character (/) and a pattern to search for and highlight lines of particular interest.
The display is similar to the following:
# alerts show history
Alert Time Description
--------------- ------------------
Nov 11 18:54:51 Rear fan #1
failure: Current RPM is 0, nominal is 8000
Nov 11 18:54:53 system rebooted
Nov 12 18:54:58 Rear fan #2
failure: Current RPM is 0, nominal is 8000
--------------- ------------------
Important Notices
The alerts feature sends an email whenever a critical component in the system fails or is known, through monitoring, to be out of the acceptable range. Consider adding pager email addresses to the alerts email list so that someone is informed immediately about system problems. For example, multiple fan failures can cause a system to begin overheating, which generates an alerts email.
Each
disk, fan, and CPU in the Data Domain system is monitored.
Temperature extremes are also monitored.
sysadmin@dd620> help alias
alias - create, delete, and display command aliases
DESCRIPTION
The alias command allows you to add, delete, and display command aliases for the Data Domain system command set. Each user can view and use aliases only for those commands that are available at that user's permission level. OPTIONS
alias add
Use this command to add a command alias. Give the name for the alias and then give the complete Data Domain system command enclosed in double quotation marks ("..."). The new alias is available only for the user that adds the alias.
alias del
Use this command to delete an alias by name.
alias reset
Use this command to return to the default alias list, removing all user-added aliases.
alias show
Use this command to display all aliases and their command definitions.
EXAMPLES
The following command adds an alias named rely for the Data
Domain system command that displays disk reliability statistics:
# alias add rely "disk show reliability-data"
sysadmin@dd620> help authentication
authentication -manage NIS users, domains, groups and servers.
DESCRIPTION
The authentication nis command allows the Data Domain system to participate in an active
Network Information Service (NIS) domain, which keeps a centralized repository of users, groups, and server names. NIS adds a global directory which authenticates users from any host on the network.
OPTIONS
authentication nis disable
Use this command to disable the NIS client. This command is available to administrative users only.
authentication nis domain reset
Use this command to reset the NIS domain name. This command is available to administrative users only.
authentication nis domain set <domain> [servers <server-list>]
Use this command to set the NIS domain name and optionally to add NIS servers to the <server-list>. This command is available to administrative users only.
authentication nis domain show
Use this command to display the NIS domain name. The display is similar to the following:
# authentication nis domain show
NIS domain is "fcoe.ru".
authentication nis enable
Use this command to enable the NIS client. This command is available to administrative users only.
authentication nis groups add <group-list> priv {user | admin}
Use this command to add the privileges for NIS users in the <group-list> as administrators or users. This command is available to administrative users only.
authentication nis groups del <group-list> priv {user | admin}
Use this command to delete the privileges for NIS users in the <group-list> as administrators or users. This command is available to administrative users only.
authentication nis groups reset
Use this command to delete all added NIS groups. This command is available to administrative users only.
authentication nis groups show
Use this command to display lists of both NIS user groups and NIS admin groups.
authentication nis reset
Use this command to delete the NIS configuration and set it to the default.
authentication nis servers add <server-list>
Use this command to add NIS servers to the <server-list>. This command is available to administrative users only.
authentication nis servers del <server-list>
Use this command to delete NIS servers from the <server-list>. This command is available to administrative users only.
authentication nis servers reset
Use this command to reset the NIS servers to their default settings. This command is available to administrative users only.
authentication nis servers show
Use this command to display a list of NIS servers. The display is similar to the following:
# authentication nis servers show
NIS Servers:
dd120-18
authentication nis show
Use this command to display the NIS configuration. The display is similar to the following:
# authentication nis servers show
NIS Servers:
dd120-18
sysadmin@dd120-19# authentication nis show
NIS Summary:
Domain: fcoe.ru
Servers: dd120-18
Admin Groups:
User Groups:
Enabled: No
Status: N/A (NIS Disabled)
authentication nis status
Use this command to display the NIS status.
sysadmin@dd620> help autosupport
autosupport -manage the system report.
DESCRIPTION
The autosupport command automatically generates two reports on state of the system: the Autosupport Report and the Daily Alert Summary.
The Autosupport Report is sent daily at 6:00 a.m. (local time for your system) to the autosupport email list. This time is configurable.
The first section of an Autosupport Report gives system identification and uptime information. The next sections display output from numerous Data Domain system commands and entries from various log files. At the end of the report, extensive and detailed internal statistics and information are included to aid Data Domain in debugging system problems.
Using autosupport from the master
controller in a Global Deduplication Array, two additional sections are present: cluster information, and detailed cluster information. The first section shows the Global Deduplication Array configuration and status from the cluster show config and cluster status commands. The second section shows Global Deduplication Array alerts, licenses, and system performance. The worker controller has a cluster information section and contains the cluster configuration.
Every morning at 8:00 a.m. (local time for your system), the Data Domain system sends a Daily Alert Summary email to the autosupport email list. This time is not configurable. The purpose of this report is to highlight hardware or other failures that are not critical, but that should be dealt with soon. An example is a fan failure. A failed fan should be replaced as soon as is reasonably possible, but the system can continue operation.
Non-critical hardware problems generate email messages to the autosupport list. The Daily Alert Summary contains messages from alerts show current (see 'Display Current Alerts on page 64) about non-critical hardware situations, and some disk space usage numbers. Specifically, it displays recent alerts and log messages above the severity level WARNING from the "messages" log file. If the situation is not fixed, the message also appears in the Daily Alert Summary.
OPTIONS
autosupport add <email-list>
Use this command to add email addresses to the list that receives system reports. The <email-list> is a list of email addresses that are separated by commas, spaces, or both. (The autosupport email list contains the
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
address by default.) This command is available to administrative users only.
In Global Deduplication Arrays, this command is run on the master controller only.
To add the email address
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
to the list, use the command:
# autosupport add
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
autosupport del <email-list>
Use this command to delete email addresses from the list. The <email-list> is a list of email addresses that are separated by commas, spaces, or both. This command is available to administrative users only.
In Global Deduplication Arrays, this command is run on the master controller only.
For example, to remove an email address from the list, use:
# autosupport del
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
autosupport reset all
Use this command to set all autosupport parameters to the factory defaults. This command is available to administrative users only.
In Global Deduplication Arrays, this command is run on the master controller only.
autosupport reset schedule
Use this command to set the system report schedule to the default (daily 0600). This command is available to administrative users only.
In Global Deduplication Arrays, this command is run on the master controller only and the email list and schedule set on the master controller are automatically propagated to the worker controller.
autosupport reset support-list
Use this command to set the email list to the factory defaults. This command is available to administrative users only.
In Global Deduplication Arrays, this command is run on the master controller only and the email list and schedule set on the master controller are automatically propagated to the worker controller.
autosupport send [<email-addr>] [cmd "<cmd>"]
Use this command to run the system report and email the results to either a single address (using the <email-addr> option) or all addresses on the autosupport list.
*With an email address and a Data Domain system command, autosupport sends the output of the command to the address. Enclose the command that is to generate output in double quotation marks.
*With only a command, autosupport sends the command output to the autosupport list.
*When neither email addresses nor a command is specified, then an autosupport message is generated and sent to all email addresses in the autosupport list.
To send an autosupport message to
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
, use the command:
# autosupport send
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
To send the output of net stats show to
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
, use:
# autosupport send
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
cmd "net show stats"
autosupport set schedule [daily | never | <day1>[,<day2>,...]] <time>
Use this command to set the verbose system report to run at a given frequency and a given time. The schedule operation can specify a day (one or two numerals) or a day of the week (three letters) at a specific time (0000). This command is available to administrative users only.
In a Global Deduplication Array, this command is available only on the master controller.
<day>
Use three letters (such as mon for Monday). Use a dash (-) between days for a range of days. For example: tue-fri.
<time>
Use 24-hour military time. 2400 is not a valid time. mon 0000 is midnight between Sunday night and Monday morning.
For example, the following command runs the report automatically every Tuesday at 4 a.m:
# autosupport set schedule tue 0400
The most recent invocation of the scheduling operation cancels the previous setting.
autosupport show all
Use this command to display all autosupport parameters. The default display includes only the Data Domain support address and the system administrator address (as given in the initial system configuration). Any additional addresses that you add to the list also appear. The display is similar to the following:
autosupport show history
Use this command to display the event history file, which includes the date for each Autosupport Report. Use the up and down arrow keys to move through the log. Use the q key to exit. Enter a forward slash (/) and a pattern to search for and highlight lines of particular interest.
The command returns entries similar to the following:
# autosupport show history
Nov 10 03:00:19 scheduled autosupport
Nov 11 03:00:19 scheduled autosupport
Nov 12 03:00:19 scheduled autosupport
autosupport show report
Use this command to run and display the normal system report, but not send email. Use the up and down arrow keys to move through the log. Use the q key to exit. Enter a forward slash (/) and a pattern to search for and highlight lines of particular interest.
autosupport show schedule
Use this command to display the system report schedule.
The display is similar to the following:
# autosupport show schedule
Autosupport is scheduled to run "Sun" at "0600"
autosupport show support-list
Use this command to display the autosupport email list.
autosupport test [<email-addr>]
Use this command with no email address to test-run the system report and email the results to all addresses on the autosupport list. Use this command with only an email address, send the system report to the specified address. After adding addresses to the email list, always use this operation to test the new addresses.
EXAMPLES
Schedule the Autosupport Report
To schedule the system report for every Tuesday at 3 p.m., use the following command:
# autosupport set schedule tue 1500
To schedule the system report for 2 p.m. every Monday and Friday, use:
# autosupport set schedule mon,fri 1400
To send a copy of the log file messages.1 to Data Domain Support, use:
# autosupport send
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
cmd "log view messages.1"
Run the Autosupport Report
Use the autosupport show report command to manually run and immediately display the Autosupport Report. Use the up and down arrow keys to move through the display. Use the q key to exit. Enter a slash character (/) and a pattern to search for and highlight lines of particular interest.
The display is similar to the following. The first section gives system identification and uptime information:
# autosupport show report
========== GENERAL INFO ==========
GENERATED_ON=Wed Feb 11 13:17:48 UTC 2009
VERSION=Data Domain OS 4.6.0.0-62320
SYSTEM_ID=Serial number: 22BM030026
MODEL_NO=DD560
HOSTNAME=dd10.fcoe.ru
LOCATION=Bldg12 room221 rack6
ADMIN_EMAIL=
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
UPTIME= 1:17pm up 124 days, 14:31, 2 users, load
average: 0.00, 0.00, 0.00
The next sections display output from numerous Data Domain system commands and entries from various log files. At the end of the report, extensive and detailed internal statistics and information appear to aid Data Domain in debugging system problems.
Display the autosupport Email List
The autosupport email list includes an address for Data Domain support. Addresses that you add to the list appear as local or fully-qualified addresses exactly as you enter them.
To display all email addresses in the alerts list, use the command autosupport show support-list.
The default display is similar to the following:
# autosupport show support-list
Autosupport Email List
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Display the autosupport History
To display all autosupport messages, use the autosupport show history command. Use the J key to scroll down through the file, the K key to scroll up, and the Q key to exit. The operation displays entries from all of the messages system logs, which hold messages for up to ten weeks.
The command returns entries similar to the following:
# autosupport show history
Nov 10 03:00:19 scheduled autosupport
Nov 11 03:00:19 scheduled autosupport
Nov 12 03:00:19 scheduled autosupport
sysadmin@dd620> help cifs
cifs -manages CIFS (Common Internet File System) data access between a Data Domain system and Windows clients.
DESCRIPTION
The cifs command, which is for administrative use only, enables and disables access to a Data Domain system from media servers and other Windows clients that use the CIFS protocol. The cifs command sets the authentication mode and CIFS options, and displays status and statistics for CIFS clients.
OPTIONS
Note: Data Domain recommends using the cifs share create command instead of the cifs add command, except when adding the name of an individual client.
When entering the client list for the cifs add command:
*Separate clients in the list by a comma, a space, or both.
*The client-list can contain class-C IP addresses, IP addresses with either netmasks or length, hostnames, or an asterisk (*) followed by a domain name, such as *.fcoe.ru.
*Enter an asterisk (*) to add all clients on the network.cifs add /
backup <client-list>
Use this command to specify the CIFS backup clients that can access a Data Domain system's /backup directory. The /backup directory is the target directory for compressed backup server data.
cifs add /ddvar <client-list>
Use this command to specify the administrative clients that can access a Data Domain system's /ddvar directory, which contains Data Domain system core and log files.
Note: After a CIFS client name has been added, it needs to be configured to access the Data Domain system. If CIFS is not enabled on the Data Domain system, it must be enabled via the cifs enable command. Data Domain integration documents explain how to configure the client. Go to the Documentation > Integration Documentation page at the Data Domain Support Web site (https://my.fcoe.ru). Select the vendor for the client's operating system and then select the appropriate tuning document.
Note: Data Domain recommends using the cifs share destroy command instead of the cifs del command, except when deleting the name of an individual client.
When entering the client list for the cifs del command:
*Separate clients in the list by a comma, a space, or both.
*The client-list can contain class-C IP addresses, IP addresses with either netmasks or length, hostnames, or an asterisk (*) followed by a domain name, such as *.fcoe.ru.
*Enter an asterisk (*) to add all clients on the network.
cifs del /backup <client-list>
Use this command to specify clients to remove from the list of CIFS backup clients that can access a Data Domain system's /backup directory.
cifs del /ddvar <client-list>
Use this command to specify administrative clients to remove from the list of clients that can access a Data Domain system's /ddvar directory, which contains Data Domain system core and log files.
cifs disable
Use this command to disable the CIFS service on the Data Domain system, thereby preventing CIFS clients from connecting to it.
cifs enable
Use this command to enable the CIFS service on the Data Domain system and give clients CIFS access.
cifs hosts add <ipaddr> <host-list>
Use this command to add an lmhosts mapping. The lmhosts file is a local text file that maps IP addresses to NetBIOS names. One IP address can have multiple hostnames.
cifs hosts del <ipaddr>
Use this command to remove the lmhosts mapping for the specified IP address.
cifs hosts reset
Use this command to reset the lmhosts mapping to the default, which is to remove all IP address and NetBIOS hostnames from the lmhosts file.
cifs hosts show
Use this command to display lmhosts mappings.
cifs nb-lookup <nb_hostname>
Use this command to display the IP address for the specified NetBIOS name when CIFS is enabled.
cifs option reset <name>
Use this command to reset the specified option to its default value.
The cifs option set commands set the following CIFS options:
cifs option set allowtrusteddomains {enabled | disabled}
Use this command to allow user access from domains that are trusted by the domain that includes the Data Domain system. The default value is disabled.
cifs option set "dd admin group<n>" ["windows grp-name"]
Use this command to allow system administrative access via SSH, Telnet, and FTP for groups that exist on a Windows domain controller if CIFS administrative access is enabled on the Data Domain system with the adminaccess command. Use the windows grp-name option to add groups or to map a default group number, such as dd admin group1, to a different Windows group name. These default group mappings are configured on a system:
*"dd admin group1" is mapped to the Windows group "Domain Admins."
*"dd admin group2" is not mapped to any group.
cifs option set idmap-type {rid | none}
Use this command to set the CIFS idmap-type.
*When this option is set to rid (the default), the SAMBA idmap rid/tdb is used.
*When the option is set to none, all CIFS users are mapped to a local UNIX user named cifsuser belonging to the local UNIX group users.
Note: This option can be set to none only when ACL support is enabled using the cifs option set ntfs-acls {enabled | disabled} command.
cifs option set interfaces <value>
Use this command to set the interfaces network interfaces on which the CIFS server listens for client connections. The value is a list of interface names. Multiple interfaces must be separated by a space and enclosed within double quotation marks; for example, "eth0 eth2".
By default, the CIFS server listens on all Data Domain system NIC-active interfaces. Use this command to restrict the CIFS server access to specified interfaces.
cifs option set loglevel <value>
Use this command to set the level of detail in messages sent to the CIFS log file, where value is an integer from 0 (zero) to 10. The system default is 0, which sends the least-detailed level of messages.
Note: A log level of 10 degrades system performance. Please reset the log level to 1 after debugging an issue.
cifs option set maxopenfiles <value>
Use this command to set the maximum number of open files, where value is an integer from 128 to a suggested maximum of 10000. The actual maximum is limited by the system resources. The default value is 10000. Because each open file requires a certain amount of memory, the server could run out of memory if value is set too high. If <value>is set to less than 128, the system uses 128.
cifs option set maxxmit <value>
Use this command to set the maximum transmit size, where value is an integer from 16384 to 65536. The default value is 16644.
cifs option set ntfs-acls {enabled | disabled}
Use this command to enable (the default) or disable ACL support.
When ACL support is disabled, the system has limited ACL support in that you can set ACLs that can be represented in UNIX permission bits.
Note: CIFS must be disabled to set this option. If CIFS is running, disable CIFS services.
cifs option set organizational-unit <value>
Use this command to set the organizational-unit (OU). You can add the Data Domain system to any OU in the AD (active directory), instead of the default OU, which is Computers. After setting this option, use the cifs set authentication active-directory command to join the domain. For example:
# cifs option set organizational-unit "Computers/Servers /ddsys units"
# cifs set authentication active-directory Fcoe.ru
Note: If the Data Domain system's account is already in the default Computers or in another OU, the computer account does not change to the newly specified organizational unit when the domain is rejoined.
cifs option set restrict-anonymous {enabled | disabled}
Use this command to control anonymous connections. The default value is disabled, which allows anonymous connections.
cifs option set smbd-mem-limit <value>
Use this command to set the amount of memory available for SMBD connections. Some backup applications open more SMBD sessions and connections if the system does not process SMBD operations as fast as expected, which might be the case when there is a large number of file deletions. New connections also slow down operations. Increase memory for SMBD to avoid looping. The value is an integer from 52428800 to 1073741824 with a default value of 209715200.
cifs option set start-tls {enabled | disabled}
Use this command to allow a system to work with an active-directory domain that is set up for secured LDAP sessions using TLS or with the following Domain Controller policy set: Security Options, Domain Controller:LDAP server signing requirements Property set to Require signing.
Use this command only after copying the Certificate Authority (CA) to a system.
cifs option set winbindd-mem-limit <value>
Use this command to set the memory available for user accounts when the number of user accounts approaches 30,000. The value is an integer from 52428800 to 1073741824 with a default value of 157286400.
cifs option show
Use this command to display the CIFS options.
cifs reset authentication
Use this command to reset the CIFs authentication to the default mode, which is workgroup.
cifs reset clients
Use this command to reset the CIFS client access list for the backup and administrative clients (shared backup and ddvar) to the default, which does not grant access to any client. In addition, the backup and ddvar shares are also removed.
cifs reset nb-hostname <nb_hostname>
Use this command to reset the NetBIOS hostname to the default, which is none.
cifs reset wins-server
Use this command to set the WINS server IP address to the default, which is none.
cifs set authentication active-directory <realm> {[<dc1>[<dc2>...]]/ | *}
Use this command to set the authentication to the active directory.:
*The realm must be a fully qualified name.
Note: Data Domain does not recommend specifying a domain controller. Instead, specify all controllers by entering an asterisk (*).
*(Optional) Specify multiple domain controllers (<dc>). The entries in the domain controller list entries can be separated by commas, spaces, or both.
When you enter this command, you are prompted for a user account. Enter either a user on your company's domain, or a user in a domain that is a trusted domain of your company. This user must have permission to create accounts in your company's domain.
The Data Domain system automatically adds a host entry to the DNS server, so it is not necessary to manually create the DNS host entry for the Data Domain system.
Note: If you set NetBIOS hostname using the command cifs set nb-hostname, the entry is created for NetBIOS hostname instead of the system hostname. Otherwise, the system hostname is used.
cifs set authentication nt4 <domain>{[<dc1>[<dc2>...]]/ | *}
Use this command to set the authentication mode to the NT4 domain. Only use this command to join NT4 domains. To join an Active Directory domain (Windows 2000 and later), use set authentication active-directory instead. If you do not know the domain type, ask your domain administrator.
cifs set authentication workgroup <workgroup>
Use this command to set the authentication mode to workgroup for the specified workgroup name.
cifs set nb-hostname <nb_hostname>
Use this command to set the NetBIOS hostname.
cifs set wins-server <ipaddr>
Use this command to set the WINS server IP address. If CIFS clients are using NetBIOS, a WINS server may be needed to resolve NetBIOS names to IP addresses.
cifs share create share-name path <path> {max-connections <> | clients "<client-list>" | browsing {enabled | disabled} | writeable {enabled | disabled} | users "<user-names>" |comment "<comment>"}
Use the share create command to add a share.
Note: /backup subdirectory is not supported in Global Deduplication Array.
Note the command options:
share-name
A descriptive name for the share.
path
The path to the target directory.
max-connections
The maximum number of connections to the share that are allowed at one time.
<client-list>
A comma-separated list of clients that are allowed to access the share. You can specify the clients by host name or IP address. No blanks or tabs (white space) characters are allowed. The list must be enclosed in double quotation marks. For example, use:
"host1,host2"
"host1,10.24.160.116"
browsing
The share can be seen (enabled, which is the default), or not seen (disabled) by Web browsers.
writeable
The share can be writable (enabled, the default), or not writable (disabled).
Note: All administrative users have write privileges, by default, even if writable is disabled
<user-names>
A comma-separated list of user names. Other than the comma delimiter, any white space (blank or tab) characters are treated as part of the user name because a Windows user name can have a space character in the name. The list must be enclosed in double quotation marks. For example, "user1,user2" or "user1,@group1"
*The user names list can include group names, which must be proceeded by the at ("@") symbol, such as @group1.
*All users in the client list can access the share, unless one or more user names are specified, in which case only the listed names can access the share. Group names and user names should be separated only by commas, not by spaces. There can be spaces inside the name of a group, but there should not be spaces between groups.
comment
A descriptive comment about the share.
Examples of valid client lists include:
"host1,host2"
"host1,10.24.160.116"
Examples of invalid client lists include:
"host1 "
"host1 ,host2"
"host1, 10.24.160.116"
"host1 10.24.160.116"
Examples of valid user names lists include:
"user1,user2"
"user1,@group1"
" user-with-one-leading-space,user2"
"user1,user-with-two-trailing-spaces "
"user-with-a middle-space,user2,user3"
"user1,@CHAOSDomain Admins"
cifs share destroy share <share>
Use this command to delete a share.
cifs share disable share <share>
Use this command to disable a share.
cifs share enable share <share>
Use this command to enable a share.
cifs share modify <share> {max-connections number |clients "<client-list>" | browsing {enabled | disabled} |writeable {enabled | disabled} | users "<user-names>"}
Use this command to modify a share configuration with the same configuration options as in the cifs share create command, except for its path. You cannot change the path for an existing share. Modifications apply to new connections only.
See the share create command for a description of the command variables. To remove a user list for the share, specify "<user-names>".
Note: /backup subdirectory is not supported in Global Deduplication Array.
cifs share show <share>
Use this command to display share configurations for all shares, or for a specified share.
cifs show active
Use this command to display all active CIFS clients.
cifs show clients
Use this command to display all allowed CIFS clients for the default /ddvar administrative share and the default /backup data share.
Note: Use the cifs share show command to show client access information for custom shares.
cifs show config
Use this command to display the CIFS configuration.
cifs show detailed-stats
Use this command to display statistics for every individual type of SMB operation, display CIFS client statistics, and print a list of operating systems with their client counts.
The list counts the number of different IP addresses that are connected from each operating system. In some cases the same client may use multiple IP addresses. The next table describes the client statistics.
Miscellaneous clients
Yes means that the displayed list of clients is incomplete. No means that the list is complete.
Maximum connections
This value is the maximum number of connections since the last reset.
Note: In the output display, the entry "Windows 2002 Service Pack 2 2600" is more commonly known as Windows XP.
cifs show stats
Use this command to display statistics for SMB reads, writes, and total operations.
cifs status
Use this command to display whether the CIFS service is enabled or disabled on the system.
cifs troubleshooting domaininfo
Use this command to report domain information. Specifically, it useful when you want to check the connectivity between the Data Domain system and the domain or when you suspect that, due to domain connectivity, you have authentication issues.
cifs troubleshooting group <groupname>
Use this command to list details for a specified group.
cifs troubleshooting list-groups
Use this command to list all CIFS groups.
cifs troubleshooting list-users
Use this command to list all CIFS users.
cifs troubleshooting performance
Use this command to collect tcpdump and ddfs traces for CIFS performance analysis. If you are having performance problems, enter these commands in succession:
# cifs troubleshooting performance
# support upload bundle
cifs troubleshooting user <username>
Use this command to list details for a specified user.
EXAMPLES
Add a Share
1.On the Data Domain system, add the list of clients that can access the system. For example:
# cifs share create backup path /backup clients "10.24.160.116"
2.On a CIFS client, browse to ddbackup and create the share directory, such as ddbackupdir2.
3.On the CIFS client, set share directory permissions or security options.
4.On the Data Domain system, create the share and add users, which are the clients that were given access to the system. For example:
# cifs share create dir2 path /backup/dir2 clients "host1,host2" users "domainuser5,domainuser6"
5.To create a share named user5 and allow a maximum of five client connections with client access for a client named db1, enter:
# cifs share create user5 path /backup/user5 max-connections
5 clients "db1.domain.com" comment "user5 backups"
To create a share named share6 and limit access to the share to the built-in CIFS user sysadmin, enter:
# cifs share create share6 path /backup/share6 clients * users "sysadmin"
Note: When mapping share6, use the Data Domain system name as the domain name; for example, use dd1sysadmin.
6.To give Data Domain system administrative access to a Windows group named backup-admin and to map the Data Domain system "dd admin group1" to the group, enter:
# cifs option set "dd admin group1" "windows backup-admin"
Allow Class C Network Access to a Share
To allow class C network access to a share, use CIDR notation or the class C network's address and subnet mask to specify the client.
To add a subnet by using CIDR notation:
# cifs share create test path /backup clients "192.168.4.0/22"
To add a subnet by using a class C network subnet mask:
# cifs share create test path /backup clients "192.168.4.0/255.255.252.0"
To add two class C network subnets:
# cifs share create test path /backup/test clients "192.168.4.0/255.255.255.0,192.168.5.0/255.255.255.0"
sysadmin@dd620> help cluster
cluster - manages a Data Domain Global Deduplication Array. A standard Global Deduplication Array is comprised of two controllers. The first controller is known as the master controller, and the second as the worker controller. The master controller manages the worker controller.
Note: For more information, see the Data Domain Global Deduplication Administration Guide.
DESCRIPTION
Only two of the cluster commands are allowed on the worker controller: cluster destroy and cluster show config.
Except for cluster status and cluster show config, the cluster commands are for administrative use only.
OPTIONS
cluster add <node-name> [license <license-code>]
After creating a Global Deduplication Array, enter this administrative command from the master controller to add the second controller to the Global Deduplication Array. The file system must be disabled on the master controller. The second controller must be identical to the master controller in terms of DD OS software, storage capacity, and hardware model. The second controller must have a pristine file system. To add the first controller, use the cluster create command.
All of the controllers added to the Global Deduplication Array must have a Global-Deduplication license.
cluster alerts show
Use this administrative command to show active alerts in the Global Deduplication Array.
Each controller reports its alert status, even if there are no active alerts. If there is an alert for a controller, the alert time and a description of the problem are given.
An example summary of the number of alerts for each controller follows:
Alerts from node "dd880-1.fcoe.ru" (Serial No: 8DDXXXXXXX)
An example from a two-controller Global Deduplication Array follows:
sysadmin@dd690-43(Master:1)# cluster alerts show
Alerts from node "dd690-43.fcoe.ru" (Serial No: 8DD6927005)
No active alerts.
Alerts from node "dd690-44.fcoe.ru" (Serial No: 8DD6927006)
Alert Id Alert Time Description
-------- ---------------- -------------------------
4Thu Sep 24 11:13 Encl 2 (50050CC100100D33) Disk 15 has
failed and should be replaced
-------- ---------------- -------------------------
There is 1 active alert.
cluster create <cluster-name>
Use this administrative command to create a new Global Deduplication Array. The name you assign is the name by which the Global Deduplication Array is identified within the
CLI and Data Domain Enterprise Manager. This command must be executed on the master controller. The file system must be in a pristine state.
cluster destroy <cluster-name>
Use this administrative command to destroy the filesystem on all of the array's controllers and to separate the controllers from the Global Deduplication Array. All of the controllers are converted to single-controller functionality.
This command must be executed on the master controller. This command reboots all of the controllers in the Global Deduplication Array.
cluster run [host [<host-list> | all | worker ] cmd <command>
Administrators can use this command to execute CLI commands for specific controllers locally. Global commands work for the entire array.
*<command> is the one of the local commands that you want to run on one or more of the array's controllers.
*<host-list> is the list of hosts, represented by IP addresses or host names. Items are separated by commas.
Below is an example of the output for the command net show hardware:
# cluster run host all cmd net show hardware
Command output from host dd690-43.fcoe.ru:
Data Domain OS 4.8.0.0-130539
Port Speed Duplex Supp Speeds Hardware Address Physical Link Status
---- -------- ------ ----------- ----------------- -------- ---
eth0 1000Mb/s full 10/100/1000 00:15:17:65:9a:a8 Copper yes
eth1 1000Mb/s full 10/100/1000 00:15:17:65:9a:a9 Copper yes
[...]
---- -------- ------ ----------- ----------------- -------- ---
Command output from host dd690-44.fcoe.ru:
Data Domain OS 4.8.0.0-130539
Port Speed Duplex Supp Speeds Hardware Address Physical Link Status
---- -------- ------ ----------- ----------------- -------- ---
eth0 1000Mb/s full 10/100/1000 00:15:17:65:c5:cc Copper yes
eth1 1000Mb/s full 10/100/1000 00:15:17:65:c5:cd Copper yes
[...]
---- -------- ------ ----------- ----------------- -------- ---
cluster show config
All users can run this command on any controller of the Global Deduplication Array to display array membership information. The following information is shown for each controller in the Global Deduplication Array:
*Name: for example, dd880-1.fcoe.ru
*Serial Number
*Role: Master or Worker
*Management Interface: the IP address of the management interface for the controller.
*Data Interface: the IP address of the data interface.
*Replication Interface: the IP address of the replication interface.
*Global Deduplication Array Interface: the IP address of the Global Deduplication Array interconnect between the array's controllers.
*Number: the number assigned to the controller; for example, 1, 2.
cluster status [node <node-name> | all]
All users can run this command to show the status for a specific controller or for all controllers in the Global Deduplication Array. You can run this command on the master controller only.
If you enter cluster status without any options, a summary of the array's status is displayed for each controller. This summary provides the following information:
*Filesystem status, such as:
The filesystem is enabled and running.
*Name: For example, dd880-1.fcoe.ru
*Role: Master or Worker
*Interface Status, such as:
Master: 3 up, 3 down
Worker: 3 up, 3 down
*Filesystem Status, such as:
Filesystem up and running (Up)
Filesystem has encountered a problem (Down)
*Alerts: the number of alerts for each controller
If you enter the cluster status command for a specified controller, only that controller's status is displayed. To show the status of each controller in the Global Deduplication Array separately, enter:
# cluster status all
sysadmin@dd620> help config
config -manage the Data Domain system configuration settings.
DESCRIPTION
The config setup command brings up the same prompts as the initial system configuration. You can change any of the configuration parameters. All of the config operations, with the exception of show, are available only to administrative users.
Note: You can also use other Data Domain system commands to change individual configuration settings. An example of an individual command that sets only one of the configuration possibilities is nfs add to add NFS clients.
OPTIONS
config reset location
Use this command to reset the location description to the system default of a null entry. This command is available to administrative users only
config reset mailserver
Use this command to reset the mail server used by the Data Domain system to the system default of a mail. This command is available to administrative users only.
config reset timezone
Use this command to reset the time zone used by the Data Domain system to the system default of US/Pacific. This command is available to administrative users only.
config set admin-email <email-addr>
Use this command to give the required address for alerts and autosupport emails to other recipients. The system needs only one administrative email address. Use the autosupport and alerts commands to add other email addresses. This command is available to administrative users only.
For example, use the command:
# config set admin-email
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
The Admin Email is:
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
To check the current setting, use the config show admin-email command.
config set admin-host <host>
Use this command to set the machine from which you can log into the Data Domain system to see system logs and use system commands. The host name can be a simple host name, a host name with a fully-qualified domain name, or an IP address. The host is also added to the FTP and Telnet lists and (if the features are licensed) to the CIFS and NFS lists for access to /ddvar and /backup. This command provides a quick way to add authentication privileges. This command is available to administrative users only.
For example, to set the administrative host to admin12.fcoe.ru, use:
# config set admin-host admin12.fcoe.ru
The System Admin host is admin12.fcoe.ru
To check the current setting, use the config show admin-host command.
config set location "<location>"
Use this command to change the description of a Data Domain system's location. A description of a physical location helps identify the machine when viewing alerts and autosupport emails. If the description contains one or more spaces, the description must be in double quotation marks. This command is available to administrative users only.
For example, to set the location description to row2-num4-room221, use :
# config set location "row2-num4-room221"
The system location is row2-num4-room221
To check the current setting, use the config show location command.
config set mailserver <host>
Use this command to change the SMTP mail server used by the Data Domain system. This command is available to administrative users only.
For example, to set the mail server to mail.fcoe.ru, use:
# config set mailserver mail.fcoe.ru
The Mail (SMTP) server is: mail.fcoe.ru
To check the current setting, use the config show mailserver command.
config set timezone <zonename>
Use this command to set the system clock to a specific time zone. The default setting is US/Pacific. For the change to take effect for all currently running processes, you must reboot the Data Domain system. This command is available to administrative users only.
For example, to set the system clock to the time zone that includes Los Angeles, California, USA, use:
# config set timezone Los_Angeles
To display time zones, enter a category or a partial zone name. The categories are Africa, America, Asia, Atlantic, Australia, Brazil, Canada, Chile, Europe, Indian, Mexico, Mideast, Pacific, and US. The following examples show the use of a category and the use of a partial zone name:
# config set timezone us
Ambiguous timezone name; matching...
US/Alaska
US/Aleutian
US/Arizona
US/Central
US/Eastern
US/East-Indiana
US/Hawaii
US/Indiana-Starke
US/Michigan
US/Mountain
US/Pacific
US/Samoa
# config set timezone new
Ambiguous timezone name; matching ...
America/New_York
Canada/Newfoundland
config setup
Use this command to change multiple essential configuration settings. The command displays the current value for each setting. Press the Enter key to retain the current value for a setting. This command is available to administrative users only.
Many other Data Domain system commands change configuration settings. For example, the user command adds another user account each time a user is added.
config show admin-email
Use this command to display the administrative email address that the Data Domain system uses for email from the alerts and autosupport commands.
The display is similar to the following:
# config show admin-email
The Admin Email is:
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
config show admin-host
Use this command to display the administrative host from which you can log into the Data Domain system to see system logs and use system commands.
The display is similar to the following:
# config show admin-host
The Admin Host is: admin12.fcoe.ru
config show all
Display all config command settings
config show location
Use this command to display the Data Domain system location description, if you gave one.
The display is similar to the following:
# config show location
The System Location is: bldg12 rm 120 rack8
config show mailserver
Use this command to display the name of the mail server that the Data Domain system uses to send email.
The display is similar to the following:
# config show mailserver
The Mail (SMTP) server is: mail.fcoe.ru
config show timezone
Use this command to display the time zone used by the system clock.
The display is similar to the following:
# config show timezone
The Timezone name is: US/Pacific
EXAMPLES
Set the Timezone
To set the time zone for the Pacific coast of the U.S.A., use:
# config set timezone Los_Angeles
To find all time zones that include a match for new, use:
# config set timezone new
Ambiguous timezone name; matching ...
America/New_York Canada/Newfoundland
sysadmin@dd620> help disk
disk -manage and display disk information
DESCRIPTION
The Data Domain system disk command manages disks and displays disk locations, logical (RAID) layout, usage, and reliability statistics. Command output examples in this chapter show systems with 15 disk drives. Each Data Domain system model reports on the number of disks actually in the system. On a Data Domain system that has one or more Data Domain external disk shelves, commands also include entries for all enclosures, disks, and RAID groups. See the Data Domain Expansion Shelf Hardware Guide for details about disks in external shelves.
A Data Domain system has 3, 4, 7, 8, 9, 12, or 15 disks, depending on the model. Each disk has two LEDs. A green or blue LED indicates disk activity, and an amber or red LED indicates a failure or attention condition.
Each disk in an external shelf has two LEDs at the right edge of the disk carrier. The top LED is green and flashes when the disk is accessed or when the disk is the target of a beacon operation. The bottom LED is amber and glows steadily when the disk has failed.
The disk-identifying variable used in disk commands (except gateway-specific commands) is in the format enclosure-id.disk-id. An enclosure is a Data Domain system or an external disk shelf. A Data Domain system is always enclosure 1 (one). For example, disk 12 in a Data Domain system is labeled as 1.12. Disk 12 in the first external shelf is labeled as 2.12.
OPTIONS
disk add dev<disk_id> spindle-group <1-16>
Use this command to add a new LUN to the current volume, optionally assigning it to the specified spindle-group. To get the dev<id#>, use the disk rescan command and then use the disk show raid-info command. The dev<id#> format is the word dev and the number as seen in output from the disk show raid-info command.
If the keyword spindle-group is specified, the LUN <disk-id> is assigned to the given spindle-group. The designated spindle-group must be within the range of 1 through 16. Spindle-group 1 is the default spindle-group. By default, the device is assigned to the default spindle-group (1).
For example, to add a LUN with a dev<id#> of 2 as shown by the disk show raid-info command, use:
# disk add dev2
To add a new LUN and assign it to a spindle-group, use:
# disk add dev2 spindle-group 7
The 'disk add' command adds a disk to the filesystem. Once the disk is added, it cannot be removed from the filesystem without re-installing the restorer or destroying the filesystem.
Are you sure? (yes|no|?) [no]: yes
ok, proceeding.
Please enter sysadmin password to confirm 'disk add':
This command may take several minutes to complete; please wait.
disk add device............. [ - ]
disk add device............. [success]
This device has created a new spindle-group 7. When creating new spindle-groups, the filesystem should be re-started to load-balance correctly
Notes:
The disk add command adds a disk to the filesystem.
Once the disk is added, it cannot be removed from the filesystem without destroying the filesystem.
Also, when creating new spindle-groups, the filesystem should be re-started to load-balance correctly.
disk add enclosure <enclosure-id>
Use this command to add a Data Domain expansion shelf disk storage unit. The <enclosure-id> is always 2 for the first added shelf, 3 for the second, and so forth all the way up to 7 for the sixth added shelf. The Data Domain system always has the <enclosure-id> number of 1 (one).
To remove an enclosure, destroy the filesystem.
disk beacon <enclosure-id.disk-id>
Use this command to cause the LED on the right (that signals normal operation) on the target disk to flash. Press Ctrl+c to turn off the command. (To check all disks in an enclosure, use the enclosure beacon command.) This command is available to administrative users only.
For example, to flash the LED for disk3 in a Data Domain system, use:
# disk beacon 1.3
disk expand
Use this command to expand disk usage from eight disks plus one spare to 14 disks plus one spare for the DD510 and DD530, or six disks plus one to 11 disks plus one spare for the later Data Domain systems.
Expansion can occur only when the first nine disks are not in a degraded state, and there is at least one spare disk. (To verify this, enter the disk status command. In the output, the in use line must show at least eight disks as in use, and the spare line must show at least one disk as spare.)
disk fail <enclosure-id.disk-id>
Use this command to set a disk to the failed state. The command asks for a confirmation before carrying out the operation. This command is available to administrative users only.
A failed disk is automatically removed from a RAID disk group and is replaced by a spare disk (when a spare is available). The disk use changes from spare to in use and the status becomes reconstructing. See show detailed-raid-info to list the available spares.
Up to two disks in the head unit can be failed at the same time in most Data Domain systems, with the exception of the DD120 and DD140, which have only three disks (and no spare) so only one disk can be failed.
Always replace a failed disk as soon as possible. Spare disks are supplied in a carrier for a Data Domain system or a carrier for an expansion shelf. DO NOT move a disk from one carrier to another.
disk multipath failback
Use this command to manually force all disks to use the primary path. This command works on gateway models only. This command is available to administrative users only.
disk multipath option set auto-failback {enabled | disabled}
Use this command to enable or disable auto-failback policy. Enabling auto-failback means the primary path is used whenever it is available. Disabling auto-failback means the user has to manually failback to the primary path when it becomes available again. This command works on gateway models only. This command is available to administrative users only.
disk multipath option set monitor {enabled | disabled}
Use this command to enable multipath configuration monitoring. When multipath configuration monitoring is enabled, failures in paths to disk devices trigger alerts and log multipath events. If monitoring is disabled, logging of multipath events is not done, which means disk multipath show history is not updated. Multipath configuration monitoring is disabled by default. This command is available to administrative users only.
disk multipath option reset auto-failback
Use this command to switch over to the primary path once it becomes available, even if the secondary path is still usable. The auto-failback option is enabled by default. The auto-failback option is supported on gateway systems only. This command is available to administrative users only.
disk multipath option reset monitor
Use this command to disable multipath configuration monitoring. When multipath configuration monitoring is disabled, failures in paths to disk devices do not trigger alerts. Multipath configuration monitoring is disabled by default. This command is available to administrative users only.
disk multipath option show
Use this command to show whether multipath configuration monitoring and auto-failback are disabled or enabled. The auto-failback option is supported on gateway systems only.
disk multipath reset stats
Use this command to clear the statistics of all paths to all disks in all expansion shelves. This command is available to administrative users only.
disk multipath resume port <port-id>
Use this command to allow I/O on specified initiator port. This command is available to administrative users only.
disk multipath show history
Use this command to show the history of multipath events.
disk multipath show stats [enclosure <enc-id>]
Use this command to show statistics for all paths of all disks by default, or optionally, for the specified enclosure only.
disk multipath status [<port-id>]
Use this command to show multipath configurations and run time status.
disk multipath suspend port <port-id>
Use this command to disallow I/O on specified initiator port, and to stop traffic on particular ports during scheduled maintenance of the SAN or storage array, and so forth. This command does not drop the FC link. This command is available to administrative users only.
disk port enable <port_id>
Use this command to enable the specified initiator port. This command is available to administrative users only.
disk port show stats
Use this command to show disk port information. For each port, the following information is shown:
*Port number
*Command aborts
*Target resets
*Bus resets
*Host resets
*Device additions
*Device removals
disk port show summary
Use this command to show disk port information. For each port, the following information is shown:
*Port number
*Connection type
*Link speed
*Connected enclosure IDs
*Status
*Online
*Offline
Disabled
When a port is listed as disabled, the following message appears:
Contact your contracted support provider or visit us online at https://my.datadomain.com
disk rescan
Use this command to check for new internal or external storage of all types. This command is available to administrative users only.
disk reset performance
Use this command to reset disk performance statistics to zero. See show detailed-raid-info for displaying disk statistics. This command is available to administrative users only.
disk set dev<disk_id> spindle-group <1-16>
Use this command to assign a LUN group to the disk. This command is available to administrative users only. For example:
# disk set dev1 spindle-group 8
The 'disk set' command assigns a lun-group to the disk/lun. Are you sure? (yes|no|?) [no]: yes
ok, proceeding.
Please enter sysadmin password to confirm 'disk set':
This command may take several minutes to complete; please wait.
Disk dev1 has been added to spindle-group 8. The result will be effective after the filesystem is restarted.
disk show hardware
Use this command to display the disks on a Data Domain system.
The display of disk information for a Data Domain system has the columns:
Disk (enc/disk)
The enclosure and disk numbers.
Manufacturer/
Model
The manufacturer's model designation.
Firmware
The firmware revision on each disk.
Serial No.
The manufacturer's serial number for the disk.
Capacity
The data storage capacity of the disk when used in a Data Domain system. The Data Domain
convention for computing disk space defines one gigabyte as 230 bytes, giving a different disk capacity than the manufacturer's rating.
The display for a Data Domain system has the columns:
Disk
Each LUN accessed by the Data Domain system as a disk.
LUN
The LUN number given to a LUN on the third-party physical disk storage system.
Port WWN
The world-wide number of the port on the storage array through which data is sent to the Data Domain system.
Manufacturer/Model
A label that identifies the manufacturer. The display may include a model ID, RAID type, or other information depending on the vendor string sent by the storage array.
Firmware
The firmware level used by the third-party physical disk storage controller.
Serial No.
The serial number from the third-party physical disk storage system for a volume that is sent to the Data Domain system.
Capacity
The amount of data in a volume sent to the Data Domain system.
Spindle-Group
The spindle-group for this LUN. (Present for gateway systems only.)
The display for disks in a Data Domain system is similar to the following:
# disk show hardware
Disk Manufacturer/ModelFirmware Serial No.Capacity(enc/disk)
---------- ----------------------- -------- -------------- ----------
1.1 Hitachi HDP725025GLA380 GM2OA52A GEL230RB0DMU8B 232.88 GiB
1.2 Hitachi HDP725025GLA380 GM2OA52A GEL230RB0DRTSB 232.88 GiB
1.3 Hitachi HDP725025GLA380 GM2OA52A GEL230RB0DTH8B 232.88 GiB
---------- ----------------------- -------- -------------- ----------
3 drives present.
Note: GiB = Gibibytes, the base-2 equivalent of Gigabytes.
disk show detailed-raid-info
Use this command to display RAID disk groups and disk status within each group. On a gateway system, the display does not include information about individual disks.
The short example below does not include a spare disk. RAID groups usually have a spare disk.
# disk show detailed-raid-info
Disk Group (dg0)
Raid Group (ext3):(raid-0)(33.03 GiB)
Raid Group (ext3_1):(raid-5)(33.03 GiB) - Status: normal - double redund ant protection
Disk State Additional Status
---- ------------ -----------------
1.1 in use (dg0)
1.2 in use (dg0)
1.3 in use (dg0)
---- ------------ -----------------
Raid Group (ppart):(raid-6)(412.92 GiB) - Status: normal - double redund ant protection
Disk State Additional Status
---- ------------ -----------------
1.1 in use (dg0)
1.2 in use (dg0)
1.3 in use (dg0)
1.4 in use (dg0)
1.5 in use (dg0)
1.6 in use (dg0)
1.7 in use (dg0)
1.8 in use (dg0)
---- ------------ -----------------
Spare Disks
Disk Status
---- ------------ -----------------
1.9 Spare
Unused Disks
1 disk group present
Note: MiB = Mebibytes, the base-2 equivalent of Megabytes.
TiB = Tebibytes, the base-2 equivalent of Terabytes.
disk show failure-history
Use this command to display a list of serial numbers for all disks that have ever been failed in the Data Domain system. Use the disk show hardware command to display the serial numbers of current disks.
disk show performance
Use this command to display disk performance statistics for each disk. Each column displays statistics averaged over time since the last disk reset performance command or since the last system power cycle. See reset for reset details.
Command output from a gateway Data Domain system lists each LUN accessed by the Data Domain system as a disk.
Disk (enc/disk)
The enclosure and disk numbers.
Read sects/s
The average number of sectors per second written to each disk.
Write sect/s
The average number of sectors per second written to each disk.
Cumul. MiBytes/s
The average number of megabytes per second written to each disk.
Busy
The average percent of time that each disk has at least one command queued.
The display is similar to the following:
# disk show performance
Disk Read Write Cumul. Busy
(enc/disk) sects/s sects/s MiBytes/s
---------- ------- ------- --------- ----
1.1 5620 0.037 0 %
1.2 5720 0.037 0 %
1.3 5720 0.037 0 %
---------- ------- ------- --------- ----
Cumulative 0.111 MiB/s, 0 % busy
Note: MiBytes = MiB = Mebibytes, the base-2 equivalent of Megabytes.
disk show raid-info
Use this command to display the RAID status and use of disks, which disks have failed from a RAID point of view, spare disks available for RAID, and the progress of a disk group reconstruction operation.
When a spare disk is available, the Data Domain system file system automatically replaces a failed disk with a spare and begins the reconstruction process to integrate the spare into the RAID disk group. The disk use changes from spare to in use and the status becomes reconstructing.
For a gateway Data Domain system, disks and LUNs that the system does not access show the State of unknown.
Reconstruction is done on one disk at a time. If more than one disk is to be reconstructed, the disks waiting for reconstruction show as spare or hot spare until reconstruction starts on the disk. During reconstruction, the output line x drives are undergoing "reconstruction" includes a percentage of reconstruction that is completed. The percentage is the average amount completed for all disks that are currently undergoing reconstruction.
The display for disks in a Data Domain system is similar to the
following:
# disk show raid-info
Disk State Additional Status
---- ------------ -----------------
1.1 in use (dg0)
1.2 in use (dg0)
1.3 in use (dg0)
---- ------------ -----------------
3 drives are operational
3 drives are "in use"
1 disk group total
1 disk group present
disk show reliability-data
Disk reliability information details the hardware state of each disk. The information is generally for the use of Data Domain support staff when troubleshooting.
Disk
The enclosure.disk-id disk identifier.
ATA Bus CRC Err
The uncorrected raw UDMA CRC errors.
Reallocated Sectors
The number of mapped-out defective sectors.
Temperature
The current temperature of each disk in Celsius and Fahrenheit. The allowable case temperature range for disks is from 5 degrees centigrade to 55 degrees centigrade.
The display is similar to the following:
# disk show reliability-data
Disk ATA Bus Reallocated Temperature
(enc/disk) CRC Err Sectors
---------- ------- ----------- -----------
1.1 0 0 25 C 77 F
1.2 0 0 23 C 73 F
1.3 0 0 23 C 73 F
---------- ------- ----------- -----------
3 drives operating normally.
disk status
Use this command to report the overall status of disks in the system. It displays the number of disks in use and failed, the number of spare disks available, and whether or not a RAID disk group reconstruction is underway.
Note: The RAID portion of the display could show one or more disks as failed while the Operational portion of the display could show all drives as operating nominally. A disk can be physically functional and available, but not currently in use by RAID, possibly because of operator intervention.
On a gateway Data Domain system, the display shows only the number and state of the LUNs accessed by the Data Domain system. The remainder of the display is not valid for a gateway system.
Reconstruction is done on one disk at a time. If more than one disk is to be reconstructed, the disks waiting for reconstruction show as spare or hot spare until reconstruction starts on the disk.
Note: The disks in a new expansion shelf recognized with the disk rescan command show a status of unknown. Use the disk add enclosure command to change the status to in use.
The output of the disk status command is as follows:
# disk status
Normal - system operational
1 disk group total
3 drives are operational
3 drives are "in use"
1 disk group total
1 disk group present
The first line can start with Normal, Error, or Warning.
Normal
A brand-new Data Domain system is normal if there is no configured storage attached, the commands disk add or disk add enclosure have never been used on the system, and all disks outside of the Data Domain system are not in any of the following states: in use, foreign, or known.
Error
A brand-new head unit is in this state when foreign storage is present. For a system that has been configured with some storage, Error indicates that some or all of its own storage is missing.
Warning
A special case of a system that would have been Normal if the system had none of the following conditions that require user action:
?RAID system degraded
?Foreign storage present
?Some of the disks are failed or absent
disk unfail <enclosure-id.disk-id>
Use this command to change a disk status from failed to available. Use the command when replacing a failed disk. The new disk in the failed slot is seen as failed until the disk is unfailed. This command is available to administrative users only.
Caution:Use of this command repartitions the disk; any data residing on the disk will be difficult, if not impossible to retrieve.
EXAMPLES
Add an Expansion Shelf
The following high-level procedure gives the general steps needed to add an external shelf. See the DD OS 4.7 Administration Guide for the detailed procedure.
Refer to the Data Domain Expansion Shelf Hardware Guide for instructions on installing hardware components to support external shelves to the Data Domain system model. The guide also provides directions for cabling the external shelves to the Data Domain system.
The Data Domain system auto-discovers an expansion shelf within a few minutes. Use the show summary command as well as the show raid-info command to confirm that auto-discovery is successful.
On the Data Domain system, enter the following command with an enclosure-id of 2 for the first shelf and 3 for a second shelf:
disk add enclosure 2
The Data Domain system file system automatically expands when the disk add enclosure command is entered. Adding the enclosure is not reversible. An enclosure cannot be permanently removed after the disk add enclosure command has been used without losing the use of the file system. Contact Data Domain Technical Support to permanently remove an enclosure.
Important Notices
On gateway Data Domain systems (that use third-party physical storage disk arrays other than Data Domain external disk shelves), the following command options are not valid:
disk beacon
disk expand
disk fail
disk unfail
disk show failure-history
disk show reliability-data
With gateway storage, output from all other disk commands returns information about the LUNs and volumes accessed by the Data Domain system.
sysadmin@dd620> help enclosure
enclosure -manage Data Domain expansion shelves.
DESCRIPTION
Use the enclosure command to identify and display information about expansion shelves.
An enclosure is a Data Domain system or an attached expansion shelf. Enclosure commands do not include adding a shelf. Use the disk add enclosure command to add a shelf.
If a Data Domain system, previously installed shelf, or both need spare disks and have none available, disks from a newly installed shelf are allocated to the previously existing RAID groups (disk groups) as soon as the new shelf is recognized with the disk rescan command. If the disk add enclosure command fails for a new shelf, check that the shelf has at least 14 disks available for its own RAID group.
Note: Enclosure numbers are not static; they may change when the system is rebooted. (The numbers are generated according to when the shelves are detected during system boot.) Thus, in order to determine enclosure numbering, refer to the WWN (World Wide Name) of each enclosure, which is shown in the output of the enclosure show topology command.
OPTIONS
enclosure beacon <enclosure-id>
Use this command to check that the DD OS and hardware recognize an enclosure. The command causes the green (activity) LED on each disk in an enclosure to flash green. Press Ctrl+c to halt the command. This command is available to administrative users only.
enclosure show all [<enclosure-id>]
Use this command to display the temperatures and the status of fans and power supplies.
Note: The status of individual power supplies is displayed with the exception of 4xx models (including 560), which are shown in aggregated status. For an enclosure connected to a 560, you will see an individual report.
enclosure show controllers [<enclosure-id>]
Use this command to display information and status for the ES20 enclosure and the shelf controller systems or a specific controller system.
# enclosure show controllers
Enclosure 1
Model ES20
Capacity16 Slots
WWN 50050CC1001010B1
Serial #50050CC1001010B1
Number of Controllers 2
Controller A
WWN 50050CC1010203CF
Firmware 0605
Serial # IMS5846010203CF
StatusOK
HOST port 12.0 Gbps
EXP'N port 12.0 Gbps
Controller B
WWN 50050CC1010371CF
Firmware 0605 R02
Serial # IMS5846010371CF
StatusOK
HOST port 12.0 Gbps
EXP'N port 0.0 Gbps
The first
block of information in the output describes the physical ES20 enclosure shell:
Enclosure
The number listed here is the enclosure number assigned by DDOS. This number is the argument that is passed to the command.
Model
The product name of the enclosure. In this example, the enclosure is an ES20.
Capacity
The number of usable drive slots in the enclosure.
WWN
The World Wide Name of the physical ES20 enclosure. This identifier describes the enclosure itself and will not change when components within the enclosure are swapped. This number matches the label located on the enclosure OPS Panel.
Serial #
The serial number of the physical ES20 enclosure. As with the WWN, this describes the enclosure and will not change if components are swapped. Depending on when the ES20 was manfactured, this may be the same value as the WWN. This value matches the serial number printed on the label on the back of the enclosure.
Number of
Controllers
The number of shelf controllers currently inserted in the ES20 enclosure.
Following the enclosure information are one or two blocks that describe the inserted shelf controller modules:
Controller A
This identifies which shelf controller module the block of information is for. If this enclosure has both shelf controllers installed, there is a block for both Controller A and Controller B.
WWN
The World Wide Name for this shelf controller. The WWN is different for each controller and is different than the WWN for the enclosure.
Firmware
The firmware revision level for the firmware that resides on this shelf controller. This can be different for each shelf controller. In the above example Controller A and B have different versions.
Serial #
The serial number or this shelf controller. The serial number is different for each shelf controller and is different from the Serial # for the enclosure.
Status
The current status for this shelf controller.
HOST port
The speed of the link on the HOST port of this shelf controller. A controller connects to the DDR or the shelf controller of the previous ES20 through the HOST port.
EXP'N port
The speed of the link on the EXP'N port of this shelf controller. A controller connects to the shelf controller of the next ES20 in the chain through the EXP'N port.
enclosure show fans [<enclosure-id>]
Use this command to display the current status of fans in all enclosures or in a specific enclosure.
To show the status of all fans for a system:
# enclosure show fans
Enclosure 1
Fans
Description Level Status
-------------- ------ ------
Cooling fan #1 medium OK
Cooling fan #2 medium OK
-------------- ------ ------
Enclosure
The enclosure number, starting with 1 (one) for the Data Domain system.
Description
The fan description for each power or cooling unit.
Level
The fan speed, which depends on the internal temperature and amount of cooling needed.
Status
The fan status, either OK or Failed.
enclosure show powersupply [<enclosure-id>]
Use this command to display the status esof power supplies in all enclosures or in a specific enclosure.
Note: The status of individual power supplies is displayed with the exception of 4xx models (including 560), which are shown in aggregated status. For an enclosure connected to a 560, you will see an individual report.
This report for shows the status of individual power supplies:
# enclosure show powersupply
Enclosure DescriptionStatus
--------- --------------- ------
1 Power Module #1 OK
1 Power Module #2 OK
2 Power Module #1 OK
2 Power Module #2 OK
--------- --------------- ------
This report for shows the aggregated status of all power
supplies:
# enclosure show powersupply
Power Supply
Status
------
OK
------
The status can be:
OK
The power supply is operating normally.
Degraded
The power supply is either manifesting a fault or not installed.
Unavailable
The system is unable to determine the status of the power supply.
enclosure show summary
Use this command to list known enclosures, model numbers, serial numbers, and capacity (number of disks in the enclosure). The serial number for an expansion shelf is the same as the chassis serial number, which is the same as the enclosure WWN (world-wide name) and the OPS panel WWN.
# enclosure show summary
Enclosure Model No. Serial No. Capacity
--------- --------- ---------- --------
1 DD5608F41214030 15 Slots
2 ES2050050CC100123456 16 slots
2 ES2050050CC100123457 16 slots
--------- --------- ---------------- --------
3 enclosures present.
enclosure show temperature-sensors [<enclosure-id>]
Use this command to list the internal and CPU chassis temperatures for a system and the internal temperature for expansion shelves. CPU temperatures may be shown in relative or ambient readings. The CPU numbers depend on the Data Domain system model. With newer models, the numbers are negative when the status is OK and move toward 0 (zero) as CPU temperature increases; if a CPU temperature reaches 0? Celsius, the Data Domain system shuts down. With older models, the numbers are positive; if the CPU temperature reaches 80? Celsius, the Data Domain system shuts down. A Status of Critical indicates that the temperature is above the shutdown threshold.
In the following example, the temperature for CPU 0 is 97?
Fahrenheit below the maximum:
# enclosure show temperature-sensors
Enclosure DescriptionC/FStatus
--------- --------------- ------- ------
1 CPU 0 Relative -54/-97 OK
Chassis Ambient 23/73 OK
--------- --------------- ------- ------
enclosure show topology
Use this command to show the layout of the SAS enclosures attached to a system.
Note: Enclosure numbers are not static; they may change when the system is rebooted. (The numbers are generated according to when the shelves are detected during system boot.) Thus, in order to determine enclosure numbering, refer to the WWN (World Wide Name) of each enclosure, which is shown in the output of the enclosure show topology command.
The output of the command looks like the following sample:
# enclosure show topology
Port
enc.ctrl.port
enc.ctrl.port
enc.ctrl.port
----
3a
>
2.A.H:2.A.E
>
3.A.H:3.A.E
>
4.A.H:4.A.E
3b
>
7.B.H:7.B.E
>
6.B.H:6.B.E
>
5.B.H:5.B.E
4a
>
5.A.H:5.A.E
>
6.A.H:6.A.E
>
7.A.H:7.A.E
4b
>
4.B.H:4.B.E
>
3.B.H:3.B.E
>
2.B.H:2.B.E
----
Encl
WWN
Serial #
----
2
50050CC1001019AA
50050CC1001019AA
3
50050CC10010194D
50050CC10010194D
4
50050CC100100FD1
50050CC100100FD1
5
50050CC100101A80
50050CC100101A80
6
50050CC1001019E6
50050CC1001019E6
7
50050CC100101933
50050CC100101933
----
Error Message:
-----------------
No error detected
enclosure test topology <port> duration <minutes>
Test the connections in the enclosure topology. This command is available to administrative users only.
EXAMPLES
Display the Enclosure Temperature
The following is an example of the temperature-sensors display.
The CPU relative values show that CPU 0 is 97? Fahrenheit below the maximum allowable temperature.
# enclosure show temperature-sensors
Enclosure DescriptionC/FStatus
--------- ---------------- -------- ------
1 CPU 0 Relative -54/-97 OK
CPU 1 Relative -57/-103 OK
Chassis Ambient 32/90 OK
2 Internal ambient 33/91 OK
3 Internal ambient 31/88 OK
--------- ---------------- -------- ------
sysadmin@dd620> help filesys
filesys -manage and display disk information
DESCRIPTION
The filesys command allows you to display statistics, capacity, status, and utilization of the Data Domain system file system. The command also allows you to clear the statistics file and to start and stop the file system processes. The clean operation of the filesys command reclaims physical storage within the Data Domain system file system.
Note: All Data Domain system commands that display the use of disk space or the amount of data on disks compute and display amounts using base-2 calculations. For example, a command that displays 1 GiB of disk space as used is reporting a value of
230 bytes = 1,073,741,824 bytes.
1 KiB = 210 bytes = 1024 bytes.
1 MiB = 220 bytes = 1,048,576 bytes
1 GiB = 230 bytes = 1,073,741,824 bytes
1 TiB = 240 bytes = 1,099,511,627,776 bytes
OPTIONS
Clean
The filesys clean command reclaims physical storage occupied by deleted objects in the Data Domain file system. Only a filesys clean command reclaims the physical storage used by files that are deleted and that are not present in a snapshot.
*During the clean operation, the Data Domain file system is available for backup (write) and restore (read) operations.
*Although cleaning uses a noticeable amount of system resources, cleaning is self-throttling and gives up system resources in the presence of user traffic.
*Data Domain recommends running a clean operation after the first full backup to a Data Domain system. The initial local compression on a full backup is generally a factor of 1.5 to 2.5. An immediate clean operation gives additional compression by another factor of 1.15 to 1.2 and reclaims a corresponding amount of disk space.
*When the clean operation finishes, it sends a message to the system log giving the percentage of storage space that was cleaned.
A default schedule runs the clean operation every Tuesday at 6 a.m. (tue 0600). You can change the schedule or you can run the operation manually with the filesys clean commands. Data Domain recommends running the clean operation once a week. If you want to increase file system
availability and if the Data Domain system is not short on disk space, consider changing the schedule to clean less often.
Notes: Any operation that shuts down the Data Domain system file system, such as the filesys disable command, or that shuts down the Data Domain system, such as a system power-off or reboot, stops the clean operation. The clean does not restart when the system and file system restart. Either manually restart the clean or wait until the next scheduled clean operation.
Replication between Data Domain systems can affect filesys clean operations. If a source Data Domain system receives large amounts of new or changed data while replication is disabled or disconnected, resuming replication may significantly slow down filesys clean operations.
When there is a large replication lag, cleaning is not efficient and does not clean up much space, because what has not been replicated is not cleaned.
filesys clean reset {schedule | throttle | all}
Use this command to set the clean schedule to the default of Tuesday at 6 a.m. (tue 0600), the default throttle of 50%, or both. The operation is available only to administrative users.
filesys clean set schedule {daily time} | (monthly <day-num-1>[,<day-num-2>,...] time} | never} | {<day-num-1>[,<day-num-2>,...] <time>}
Use this command to change the date and time when clean runs automatically. The default time is Tuesday at 6 a.m. (tue 0600). This operation is available only to administrative users. The command has the following options:
daily
Runs the command every day at the given time.
monthly
Starts the command on a given day or days (from 1 to 31) at the given time.
never
Turns off the clean schedule.
day-num
The command runs on the given day or days, entered as integers from 1 to 31.
day-name
The command runs on the given day(s) at the given time. A day-name is three letters (such as mon for Monday). Use a dash (-) between days for a range of days. For example, use: tue-fri.
Time is 24-hour military time. 2400 is not a valid time. mon 0000 is midnight between Sunday night and Monday morning. A new set schedule command cancels the previous setting.
For example, the following command runs the operation automatically every Tuesday at 4 p.m.:
# filesys clean set schedule tue 1600
To run the operation more than once in a month, set multiple days in one command. For example, to run the operation on the first and fifteenth of the month at 4 p.m., use:
# filesys clean set schedule monthly 1,15 1600
filesys clean set throttle <percent>
Use this command to set clean operations to use a lower level of system resources when the Data Domain system is busy. At a percentage of 0 (zero), cleaning runs very slowly or not at all when the system is busy. A percentage of 100 allows cleaning to use system resources in the usual way. The default is 50. When the Data Domain system is not busy with backup or restore operations, cleaning runs at 100% (uses resources as does any other process). This command is available to administrative users only.
For example, to set the clean operation to run at 30% of its possible speed, use:
# filesys clean set throttle 30
filesys clean show config
Use this command to display all file system cleaning settings.
The display is similar to the following:
# filesys clean show config
50 Percent Throttle
Filesystem cleaning is scheduled to run "Tue" at "0600".
filesys clean show schedule
Use this command to display the current date and time for the clean schedule.
The display is similar to the following:
# filesys clean show schedule
Filesystem cleaning is scheduled to run "Tue" at "0600".
filesys clean show throttle
Use this command to display the throttle setting for cleaning.
The display is similar to the following:
# filesys clean show throttle
100 Percent Throttle
filesys clean start
Use this command to manually start the clean process. The command uses the current setting for the scheduled automatic clean operation. This command is available to administrative users only.
For example, the following command runs the clean process and reminds you of the monitoring command. When the command finishes, a message is sent to the system log giving the amount of free space available.
# filesys clean start
Cleaning started. Use 'filesys clean watch' to monitor progress.
filesys clean status
Use this command to display the active or inactive status of the clean process. When the clean process is running, the command displays progress.
The display is similar to the following:
# filesys clean status
Cleaning started at 2009/02/06 10:21:51: phase 6 of 10
64.6% complete, 2496 GiB free; time: phase 1:06:32, total 8:53:21
filesys clean stop
Use this command to stop the clean process. Stopping the process means that all work done so far is lost. Starting the process again means starting over at the beginning. If the clean process is slowing down the rest of the system, consider using the filesys clean set throttle operation to reset the amount of system resources used by the clean process. The change in the use of system resources takes place immediately. This command is available to administrative users only.
filesys clean watch
Use this command to monitor an ongoing clean process,. The output is the same as output from the filesys clean status command, but continuously updates. Press Ctrl+c to stop monitoring the progress of a clean process. The process continues, but the reporting stops. Use the filesys clean start command to restart monitoring. This command is available to administrative users only.
filesys destroy [and-zero] [and-shrink]
Use this command to delete all data in the Data Domain system file system and re-initialize the file system. This command also removes Replicator configuration settings. Deleted data is not recoverable. This command is available to administrative users only.
and-zero
This option writes zeros to all disks, which can take many hours.
and-shrink
This option removes any additional external storage that was added to the system using the disk add command and returns the system to the factory default state. When this option is used in conjunction with the and-zero option, the file system is zeroed prior to removing any storage.
Note: The and-zero option is not supported on Data Domain gateway systems.
The display includes a warning similar to the following:
# filesys destroy
The 'filesys destroy' command irrevocably destroys all data in the '/backup' data collection, including all virtual tapes, and creates a newly initialized (empty) file system.
The 'filesys destroy' operation will take about a minute.
File access is disabled during this process.
Are you sure? (yes|no|?) [no]:
Note: The file system in a Global Deduplication Array is treated as a single file system so the command output differs.
Note: When filesys destroy is run on a system with retention-lock enabled:
*All data is destroyed, including retention-locked data.
*All filesys options are returned to default; this means retention-lock is not enabled and the min-retention-period as well as max-retention-period options are set back to default values on the newly created file system.
After a filesys destroy, all NFS clients connected to the system may need to be remounted.
The file system is disabled after the filesys destroy command is run. Run filesys enable (or replication commands) to enable the file system.
filesys disable
Use this command to stop the Data Domain system file system, which stops Data Domain system operations (including cleaning). This command is available to administrative users only.
Note: The file system in a Global Deduplication Array is treated as a single file system so the command output differs.
filesys enable
Use this command to start the Data Domain system file system, allowing Data Domain system operations to begin. This command is available to administrative users only.
Note: The file system in a Global Deduplication Array is treated as a single file system so the command output differs.
filesys encryption
The optional Encryption of Data at Rest feature encrypts all incoming data before being written to the physical storage media. The data is physically stored in an encrypted manner and cannot be accessed on the existing Data Domain system or in any other environment without first decrypting it.
The Encryption at Rest feature protects stored data in these situations:
*Theft or loss of a Data Domain system or its external storage hardware while in transit from one customer location to another
*Theft or loss of a disk drive from a Data Domain system or its external storage hardware
*Failure of a storage device in transit for replacement
The encryption feature uses a passphrase to encrypt and decrypt the keys that, in turn, get used to encrypt and decrypt the data. Thus, changing the passphrase does not require re-encryption of any stored data.
The encryption feature requires a separate license.
Caution:Unencrypted data that was stored before enabling this feature is not automatically encrypted. To protect all of the data on the system, be sure to enable encryption before you put the system into use.
For a description of how Encryption at Rest works, and information about configuring and managing the feature, see "Managing Encryption of Data at Rest" in the DD OS 4.9 Administration Guide.
filesys encryption algorithm reset
Use this command to reset the algorithm to the default: aes_256_cbc. After running this command, you must restart the file system with the filesys restart command.
filesys encryption algorithm set [aes_128_cbc | aes_256_cbc | aes_128_gcm | aes_256_gcm]
Use this command to select the encryption algorithm. The aes_256_gcm option, which selects AES in the Galois/Counter mode, is the most secure algorithm, but it is significantly slower than the Cipher Block Chaining (CBC) mode. After running this command, you must restart the file system with the filesys restart command.
filesys encryption algorithm show
Use this command to print the encryption algorithm.
filesys encryption disable
Use this command to deactivate the encryption feature.
filesys encryption enable
Use this command to activate the encryption feature for new data written to the file system and specify a new passphrase. After running this command, you must restart the file system with the filesys restart command. Here is an example:
# filesys encryption enable
Enter new passphrase:
Re-enter new passphrase:
Passphrases matched.
The passphrase is 'mypassphrase'.
The encryption feature is now enabled.
The filesystem must be restarted to effect this
change.
filesys encryption lock
Use this command to prepare the Data Domain system and its external storage devices for shipment. This command creates a new passphrase and destroys the cached copy of the current passphrase, so anyone who does not possess the new passphrase will not be able to decrypt the data.
Before you run this command, you must run filesys disable. To run this command, you need to know the user names and passwords for two accounts with system administration privileges.
# filesys encryption lock
Enter a second authorized user name: sysadmin2
Enter password:
Enter the current passphrase:
Enter new passphrase:
Re-enter new passphrase:
Passphrases matched.
The filesystem is now locked.
filesys encryption passphrase change
Use this command to change the passphrase. Before running this command, you must run filesys disable.
filesys encryption show
Use this command to check the status of the encryption feature. Here is an example:
# filesys encryption show
Encryption is enabled
Algorithm: aes_256_cbc
The filesystem is unlocked
filesys encryption unlock
Use this command to prepare the encrypted file system for use after it has arrived at its destination. The system prompts you to enter the passphrase that was specified in the encryption lock command. After running this command, enable the file system with filesys enable. If the passphrase is incorrect, the file system does not start and the system reports the error.
filesys fastcopy [force] source <src-path> destination <dest- path>
Use this command to copy a file or directory tree from a Data Domain system source directory to another destination on the Data Domain system. See snapshot for snapshot details.
<src-path>
The location of the directory or file that you want to copy. The first part of the path must be /backup. Snapshots always reside in /backup/.snapshot.
Use the snapshot list command to list existing snapshots.
<dest-path>
The destination for the directory or file being copied. The destination cannot already exist.
force
Allows the fastcopy to proceed without warning in the event the destination exists. The force option is useful for scripting, because it is not interactive.
filesys fastcopy force causes the destination to be an exact copy of the source even if the two directories had nothing in common before.
Note: Users may want or need to use fastcopy force if they are scripting fastcopy operations to simulate cascaded replication, the major use case for the option. It is not needed for interactive use, because regular fastcopy warns if the destination exists and then re-executes with the force option if allowed to proceed.
Caution:If the destination has retention-locked files, fastcopy and fastcopy force fail, aborting the moment they encounter retention-locked files.
For example, to copy the directory /user/bsmith from the snapshot scheduled-2007-04-27 and put the bsmith directory into the user directory under /backup, use:
# filesys fastcopy
source /backup/.snapshot/scheduled-2007-04-27/user/bsmith
destination /backup/user/bsmith
Like a standard UNIX copy, filesys fastcopy makes the destination equal to the source, but not at a particular point in time. If you change either folder while copying, there are no guarantees that the two are or were ever equal.
filesys option disable report-replica-as-writable
Use this command to set the reported read/write status of a replication destination file system to read-only. Use the filesys disable command before changing this option and use the filesys enable command after changing the option. With CIFS, use the cifs disable command before changing the option and use the cifs enable command after changing the option. This command is available to administrative users only.
filesys option enable report-replica-as-writable
Use this command to set the reported read/write status of a replication destination file system to read/write. Use the filesys disable command before changing this option and use the filesys enable command after changing the option. With CIFS, use the cifs disable command before changing the option and use the cifs enable command after changing the option. This command is available to administrative users only.
filesys option reset {local-compression-type | marker-type | report-replica-as-writable | global-compression-type}
Use this command on the destination Data Domain system to return file system compression to the default settings. This command is available to administrative users only.
The options are as follows:
global-compression-type
Remove a manually set global compression type. The file system continues to use the current type. Only when a filesys destroy command is entered does the type used change to the default of 9.
Caution:The filesys destroy command irrevocably destroys all data in the /backup data collection, including all virtual tapes, and creates a newly initialized (empty) file system.
local-compression-type
Reset the compression algorithm to the default of lz.
marker-type
Return the marker setting to the default of auto.
report-replica-as-writable
Reset the file system to read-only.
filesys option set global-compression-type {1 | 9}
Use this command to set the global compression of data to either type 9 (new type) or type 1 (old type). Enter the filesys disable and filesys enable commands for the change to take effect. If the file system is over 40% full, the command fails with an error message. Also, if the compression type is different on each side of a directory replication pair, replication stops. This command is available to administrative users only.
To change the setting (to type 1, for example) and activate the change, use the following commands:
# filesys option set global-compression-type 1
# filesys disable
# filesys enable
filesys option set local-compression-type {none | lz | gzfast | gz}
Use this command to set the compression algorithm. This command is available to administrative users only.
Changing the algorithm affects only new data and data accessed as part of a clean operation, not current data. To enable the new setting, use the filesys disable and filesys enable commands.
lz
The default algorithm that gives the best throughput. Data Domain recommends the lz option.
gzfast
A zip-style compression that uses less space for compressed data, but more CPU cycles. gzfast is the recommended alternative for sites that want more compression at the cost of lower performance.
gz
A zip-style compression that uses the least amount of space for data storage (10% to 20% less than lz), but also uses the most CPU cycles (up to twice as many as lz).
none
No data compression occurs.
filesys option set marker-type {auto | besr1 | cv1 | eti1 | hpdp1 | ism1 | nw1 | ssrt1 | tsm1 | tsm2 | none}
Use this command to have a Data Domain system deal with markers inserted into backup data by some backup software. This command is available to administrative users only.
*The setting is system-wide and applies to all data received by a Data Domain system.
*If a Data Domain system is set for a marker type and data is received that has no markers, compression and system performance are not affected.
*If a Data Domain system is set for a marker type and data is received with markers of a different type, compression is degraded for the data with different markers.
The options are:
auto
Attempt to automatically determine what type of markers are in use (the default setting).
On 4.5 systems and earlier, you may need to set this option manually.
besr1
Backup Express System Restore, used for Symantec NetBackup family of products, which takes a sector level dump of a Windows drive.
cv1
CommVault Galaxy with VTL and file system backups.
eti1
HP NonStop systems using ETI-NET EZX/BackBox.
hpdp1
HP DP versions 5.1, 5.5, and 6.0 with VTL and file system backups.
ism1
Informix Onbar. Used when Informix database is backed up using onbar and its internal storage manager.
If an external storage manager is used, this option should not be needed.
nw1
Legato NetWorker with VTL.
ssrt1
Synectics backup express
tsm1
IBM Tivoli Storage Manager on media servers with "small-endian" processor architecture, such as x86 Intel or AMD.
tsm2
IBM Tivoli Storage Manager on media servers with "big-endian" processor architecture, such as SPARC or IBM mainframe. PowerPC can be configured as either big- or small-endian. Check with your system administrator if you are not sure about the media server architecture configuration.
none
Data with no markers.
After changing the setting, enter the following two commands to enable the new setting:
# filesys disable
# filesys enable
filesys option set staging-reserve <percent>
Use this command to reserve a percentage of total disk space for disk staging. This command is available to administrative users only.
filesys option show {local-compression-type | marker-type | report-replica-as-writable | global-compression-type}
Use this command to show the file system option settings. The options are:
global-compression-type
Display the current global compression type.
local-compression-type
Display the current compression algorithm.
marker-type
Display the current marker setting.
report-replica-as-writable
Display the current reported setting on the destination Data Domain system.
filesys restart
Use this command to disable and enable the Data Domain system file system in one operation. This command is available to administrative users only
The retention lock feature allows the user to keep selected files from being modified and deleted for a specified retention period of up to 70 years.
Once a file is committed to be a retention-locked file, it cannot be deleted until its retention period is reached, and its contents cannot be modified. The retention period of a retention-locked file can be extended but not reduced. The access control information of a retention-locked file may be updated.
The retention lock feature can be enabled only if there is a retention lock license. Enabling the retention lock feature affects only the ability to commit non-retention-locked files to be retention-locked files and the ability to extend the retention period of retention-locked files. A retention-locked file is always protected from modification and premature deletion, regardless of a valid retention lock license and whether or not the retention lock feature is enabled.
Once retention lock has ever been enabled on a Data Domain system, you cannot rename non-empty folders or directories on that system (although you can rename empty ones).
Notes: *A file must be explicitly committed to be a retention-locked file through client-side file commands before the file is protected from modification and premature deletion. (See the section Client-Side Retention Lock File Control on page 165 for details.) Most
archive applications and selected backup applications issue these commands when appropriately configured. Applications that do not issue these commands do not trigger the retention lock feature.
*The retention lock feature supports a maximum retention period of 70 years and does not support the "retain forever" option offered by certain archive applications. Also, certain archiving applications may impose a different limit (such as 30 years) on retention period, so please check with the appropriate vendor.
Client-Side Retention Lock File Control
This section describes how files must be processed on the client-side interface to become retention-locked (and a UNIX interface is described in this section?your interface may differ). These changes on the client side must be implemented in addition to the setup/configuration of the retention lock feature on the Data Domain system.
The client-side commands are used to control the retention locking of individual files.
Note: The commands listed in this section are to be used only on the client-side interface, not the Data Domain system CLI.
Create Retention-Locked Files and Set Retention Dates
The user creates a file in the usual way and then sets the last access time (atime) of the file to the desired retention date of the file. If the atime is set to a value that is larger than the current time plus the configured minimum retention period, then the file is committed to be a retention-locked file. Its retention date is set to the smaller of the atime value and the current time plus the configured maximum retention period. Setting the atime for a non-retention-locked file to a value less than the current time plus the configured minimum retention period is ignored without error.
The following (Unix) command can be used to set the atime:
ClientOS# touch -a -t [atime] [filename]
The format of atime is: [[YY]YY]MMDDhhmm[.ss]
For example, suppose the current date and time is 1 p.m. on December 18th 2009 (that is, 200912181300) and the minimum retention period is 12 hours. Adding the minimum retention period of 12 hours to that date/time gives 200912190100.
Therefore, if atime for a file is set to a value greater than 201112190100, the file becomes retention-locked:
ClientOS# touch -a -t 201112312230 SavedData.dat
Note: The file must be completely written to the Data Domain system before it is committed to be a retention-locked file.
Extending the Retention Date
To extend the retention date of a retention-locked file, set the file's atime to a value greater than the current retention date. If the new value is less than the current time plus the configured minimum retention period, the atime update is ignored without error. Otherwise, the retention date is set to the smaller of the new value and the current time plus the configured maximum retention period.
Identifying a Retention-Locked File and Listing a Retention Date
To determine whether a file is a retention-locked file, you can set the atime of the file to a value smaller than its current atime. The attempt will fail with a permission denied error, if and only if, the file is a retention-locked file. The retention date for a retention-locked file is its atime value. This can be listed by the following command:
ClientOS# ls -l --time=atime [filename]
Deleting an Expired Retention-Locked File
Invoke the standard file delete operation on the retention-locked file to be deleted. The command is typically:
ClientOS# rm [filename]
or
ClientOS# del [filename]
Note: If the retention date of the retention-locked file has not expired, the delete operation will result in a permission denied error.
The user must have the appropriate
access rights to delete the file, independent of the retention lock feature.
filesys retention-lock disable
Use this command to disable the retention lock feature. This command is available to administrative users only.
filesys retention-lock enable
Use this command to enable the retention lock feature. This command is available to administrative users only.
filesys retention-lock option reset {min-retention-period | max-retention-period}
Use this command to reset both the minimum and maximum retention periods to their default values. The default min-retention-period is 12 hours and the default max-retention-period is 5 years. This command is available to administrative users only.
filesys retention-lock option set {min-retention-period | max-retention-period} <period>
Use this command to set the minimum or maximum retention period. This command is available to administrative users only.
The period is specified in a similar way as for snapshot retention, requiring a number followed by units, with no space between. The units are any of the following:
*min
*hr
*day
*mo
*year
The period should not be more than 70 years; any period larger than 70 years results in an error. The limit of 70 years may be raised in a subsequent release. By default, the min-retention-period is 12 hours and the max-retention-period is 5 years. These default values may be subsequently revised.
For example, to set the min-retention-period to 24 months, use:
# filesys retention-lock option set min-retention-period 24mo
filesys retention-lock option show {min-retention-period | max-retention-period}
Use this command to show the minimum and maximum retention periods.
filesys retention-lock reset <path>
Use this command to reset retention lock for all files on a specified path, that is, allow all files on the specified path to be modified or deleted (with the appropriate access rights). For example, to reset the retention lock on all files in /backup/dir1, use the command:
# filesys retention-lock reset /backup/dir1
Resetting retention lock raises an alert and logs the names of the retention-locked files that have been reset. On receiving such an alert, the user should verify that the particular reset operation is intended. This command is available to administrative users only.
filesys retention-lock status
Use this command to show retention lock status. The possible values of retention lock status are enabled, disabled, or previously enabled.
filesys show compression [filename] [last <n> {hours | days}] [no-sync]
Use this command to display the space used by and compression achieved for files, directories, and file systems. In general, the more often a backup is done for a particular file or file system, the higher the compression. The output does not include global and local compression factors for the Currently Used row, but uses a dash (-) instead. Note that the display on a busy system may not return for several hours, depending on the number of files. Other factors may influence the display. The meta-data value is an estimate of index data.
Note: Specifying a file name is not recommended. If there are many files, it could take several hours.
filesys show compression [summary | daily | daily-detailed] {[last <n> {hours | days | weeks | months}] | [start <date> [end <date>]]}
show compression daily
Use this command to display the space used by and compression achieved for files, directories, and file systems, daily over the previous four full weeks and the current partial week.
show compression daily-detailed
Use this command to display a slightly more detailed version of show compression daily. This command adds the rows Global-Comp Factor and Local-Comp Factor.
filesys show space
Use this command to display the space available to and used by file system components. Values are in gigabytes to one decimal place.
The display is similar to the following:
# filesys show space
Resource Size GiB Used GiB Avail GiB Use% Cleanable GiB*
------------------ -------- -------- --------- ---- --------------
/backup: pre-comp - 206.2 - - -
/backup: post-comp 342.23.1339.0 1% 0.0
/ddvar 19.70.618.1 3% -
------------------ -------- -------- --------- ---- --------------
Note: GiB = Gibibyte, the base-2 equivalent of Gigabyte.
/backup: pre-comp
Display the amount of virtual data stored on the Data Domain system. Virtual data is the amount of data sent to the Data Domain system from backup servers. Do not expect the amount shown in the /backup: pre-comp line to be the same as the amount displayed in the Original Bytes line by the filesys show compression command, which includes system overhead.
/backup: post-comp
Display the amount of total physical disk space available for data, actual physical space used for compressed data, and physical space still available for data storage. Warning messages go to the system log and an email alert is generated when the Use% figure reaches 90%, 95%, and 100%. At 100%, the Data Domain system accepts no more data from backup servers.
/ddvar
Display the approximate amount of space used by and available to the log and core files. Remove old logs and core files to free space in this area.
The total amount of space available for data storage can change because an internal index may expand as the Data Domain system fills with data. The index expansion takes space from the Avail GiB amount.
If Use% is always high, use the filesys clean show-schedule command to see how often the cleaning operation runs automatically, then use filesys clean schedule to run the operation more often. Also consider reducing the data retention period or splitting off a portion of the backup data to another Data Domain system.
filesys show uptime
Use this command to display the amount of time that has passed since the file system was last enabled. The display is in days, hours, and minutes.
The display is similar to the following:
# filesys show uptime
Filesys has been up 47 days, 23:28
filesys status
Use this command to display the state of the file system process. The display gives a basic status of enabled or disabled with more detailed information for each basic status.
The display is similar to the following:
# filesys status
The filesystem is enabled and running
If the file system was shut down with a Data Domain system command, such as filesys disable, the display includes the command. For example:
# filesys status
The filesystem is disabled and shutdown. [filesys disable]
Note: The file system in a Global Deduplication Array is treated as a single file system so the command output differs.
filesys sync
Use this command to sync all modified files to disk.
EXAMPLES
Retention Lock Procedure
This example shows the use of the retention lock feature.
1. Add the retention lock license:
# license add ABCD-EFGH-IJKL-MNOP
2. Display the status of the retention lock license:
# license show
3. Enable the retention lock feature:
# filesys retention-lock enable
4.Display the status of the retention lock feature:
# filesys retention-lock status
5. Set the minimum retention period for the Data Domain system:
# filesys retention-lock option set min-retention-period 96hr
6. Set the maximum retention period for the Data Domain system:
# filesys retention-lock option set max-retention-period 30year
7. If you want to reset both the minimum and the maximum retention periods to their default values:
# filesys retention-lock option reset
The minimum and maximum retention periods have now been reset to their defaults: 12 hours and 5 years, respectively.
8. To show the maximum and minimum retention periods:
# filesys retention-lock option show max-retention-period
# filesys retention-lock option show min-retention-period
9. Activate the retention locking for the file on the client-side:
ClientOS# touch -a -t 201112312230 SavedData.dat
Performing Retention Lock File Control Commands on the Client Operating System
Suppose the current date/time is December 18th 2009 at 1 p.m., that is, 200912181300. Adding the min retention period of 12 hours gives 200912190100. Thus, if atime for a file is set to a value greater than 200912190100, the file becomes retention-locked.
1. Put a retention lock on the existing file SavedData.dat by setting its atime to a value greater than the current time plus the minimum retention period:
ClientOS# touch -a -t 200912312230 SavedData.dat
2. To extend the retention date of the file:
ClientOS# touch -a -t 202012121230 SavedData.dat
3. To identify retention-locked files and list retention date:
ClientOS# touch -a -t 202012121200 SavedData.dat
ClientOS# ls -l --time=atime SavedData.dat
4. To delete an expired retention-locked file:
Assuming the retention date of the retention-locked file has
expired, as determined in the previous step.
ClientOS# rm SavedData.dat
Additional Notes
A Data Domain system that has become full may need multiple clean operations to clean 100% of the file system, especially if there is an external shelf. Depending on the type of data stored, such as when using markers for specific backup software, the file system may never report 100% cleaned. The total space cleaned may always be a few percentage points less than 100.
Local Compression
A Data Domain system uses a local compression algorithm developed specifically to maximize throughput as data is written to disk. The default algorithm allows shorter backup windows for backup jobs, but uses more space. Local compression options allow you to choose slower performance that uses less space, or you can set the system for no local compression.
*Changing the algorithm affects only new data and data that is accessed as part of the filesys clean process. Current data remains as is until a clean operation checks the data.
*To enable the new setting, use the filesys disable and filesys enable commands.
Global Compression
DD OS 4.0 and later releases use a global compression algorithm called type 9 as the default. Earlier releases use an algorithm called type 1 (one) as the default.
*A Data Domain system using type 1 global compression continues to use type 1 when upgraded to a new release. A Data Domain system using type 9 global compression continues to use type 9 when upgraded to a new release.
*A DD OS 4.0.3.0 or later Data Domain system can be changed from one type to another if the file system is less than 40% full.
*Directory replication pairs must use the same global compression type.
Replicator Destination Read/Write Option
The read/write setting of the file system on a Replicator destination Data Domain system is read-only. With some backup software, the file system must be reported as writable for restoring or vaulting data from the destination Data Domain system. The commands in this section change and display the reported setting of the destination file system. The actual state of the file system remains as read-only.
*Before changing the reported setting, use the filesys disable command. After changing the setting, use the filesys enable command.
*When using CIFS on the Data Domain system, use the cifs disable command before changing the reported state and use the cifs enable command after changing the reported state.
Tape Marker Handling
Backup software from some vendors inserts markers (tape markers, tag headers, or other names are used) in all data streams (both file system and VTL backups) sent to a Data Domain system. Markers can significantly degrade data compression on a Data Domain system. The filesys option ... marker-type commands allow a Data Domain system to handle specific marker types while maintaining compression at expected levels.
Note: When backing up a network-attached storage device using NDMP (not the Data Domain system NDMP feature), the backup application is not in control of the data stream and does not insert tape markers. In such cases, the Data Domain system tape marker feature is not needed for either file system or VTL backups.
Disk Staging
Disk staging enables a Data Domain system to serve as a staging device, where the system is viewed as a basic disk via a CIFS share or NFS mount point. You use disk staging in conjunction with your backup software, such as Symantec's NetBackup (NBU), OpenStorage lifecycle, or Legato's NetWorker.
The Data Domain disk staging feature does not require a license and is disabled by default.
The reason that some backup applications use disk staging devices is to enable tape drives to stream continuously. After the data is copied to tape, it is retained on disk for as long as space is available. Should a restore be needed from a recent backup, more than likely the data is still on disk and can be restored from it more conveniently than from tape. When the disk fills up, old backups can be deleted to make space. This delete-on-demand policy maximizes the use of the disk.
In normal operation, the Data Domain System does not reclaim space from deleted files until a cleaning operation is done. This is not compatible with backup software that operates in a staging mode, which expects space to be reclaimed when files are deleted. When you configure disk staging, you reserve a percentage of the total space, typically 20 to 30 percent, to allow the system to simulate the immediate freeing of space.
The amount of available space, which is shown by the filesys show space command, is reduced by the amount of the staging reserve. When the amount of data stored uses all of the available space, the system is full. However, whenever a file is deleted, the system estimates the amount of space that will be recovered by cleaning and borrows from the staging reserve to increase the available space by that amount. When cleaning runs, the space is actually recovered and the reserve restored to its initial size. Since the amount of space made available by deleting files is only an estimate, the actual space reclaimed by cleaning may not match the estimate. The goal of disk staging is to configure enough reserve so that you do not run out before cleaning is scheduled to run.
Retention Lock and Replication
Both Directory Replication and Collection Replication replicate the locked or unlocked state of files. That is, files that are retention-locked in the source are retention-locked in the destination.
However:
*Collection replication replicates minimum and maximum retention periods to the destination system.
*Directory replication does not replicate minimum and maximum retention periods to the destination system.
*Replication resync fails if the destination is not empty and if retention lock is currently or was previously enabled on either the source or destination system.
Retention Lock and Fastcopy
Fastcopy does not copy the locked or unlocked state of files. Files that are retention-locked in the source are not retention-locked in the destination.
If you try to fastcopy to a destination that has retention-locked files, the fastcopy operation aborts the moment it encounters retention-locked files on the destination.
Retention Lock and Filesys Destroy
When filesys destroy is run on a system with retention lock enabled:
1. All data is destroyed including retention-locked data.
2. All filesys options are returned to their defaults. This means
that retention lock is not enabled and min-retention-period
as well as max-retention-period options are set back to their
default values on the newly created file system.
sysadmin@dd620> help log
log -display and manage the log file.
DESCRIPTION
The log command allows you to view Data Domain system log file entries and the log file contents. Messages from the alerts feature, the autosupport reports, and general system messages go to the log directory (/ddvar/log)and into the file messages.*. A log entry appears for each Data Domain system command given on the system.
The log files on the Data Domain system are rotated to provide easier management of log files. See Archive Log Files on page 177 for instructions on saving log files.
OPTIONS
Data Domain systems can send log messages to other systems which must be enabled to listen for network log messages. The Data Domain system sends the log in the standard syslog format. When remote logging is enabled, all of the messages in the messages and kern.info files are exported. For managing the selectors and receiving messages on a third-party system, see your vendor-supplied documentation for the receiving system.
*.notice
Send all messages at the notice priority and higher.
*.alert
Send all messages at the alert priority and higher (alerts are included in *.notice).
kern.*
Send all kernel messages (kern.info log files).
local7.*
Send all messages from system startups (boot.log files).
The log host commands manage the process of sending log messages to another system.
log host add <host-name>
Use this command to add a system to the list that receives Data Domain system log messages. This command is available to administrative users only.
For example, the following command adds the system log-server to the hosts that receive log messages:
# log host add log-server
log host del <host-name>
Use this command to remove a system from the list of systems that receive Data Domain system log messages. This command is available to administrative users only.
For example, the following command removes the system log-server from the hosts that receive log messages:
# log host del log-server
log host disable
Use this command to disable sending log messages to other systems. This command is available to administrative users only.
log host enable
Use this command to enable sending log messages to other systems. This command is available to administrative users only.
log host reset
Use this command to reset the log sending feature to the defaults of disabled and an empty list. This command is available to administrative users only.
log host show
Use this command to display the list of systems that receive log messages and the state of enabled or disabled.
The output is similar to the following:
# log host show
Remote logging is enabled.
Remote logging hosts
log-server
log list [debug]
Use this command to list the files in the log directory with the date each file was last modified and the size of each file.
When the command is executed without the debug option, the following files are listed:
messages
The system log, generated from Data Domain system actions and general system operations.
space.log
Messages about disk space use by Data Domain system components and data storage, and messages from the clean process. A space use message is generated every hour. Each time the clean process runs, it creates about 100 messages. All the messages are in comma-separated-value format with tags that you can use to separate out the disk space or clean messages. You can use third-party software to analyze either set of messages. The tags are:
*CLEAN for data lines from clean operations.
*CLEAN_HEADER for lines that contain headers for the clean operations data lines.
*SPACE for disk space data lines.
*SPACE_HEADER for lines that contain headers for the disk space data lines.
When the command is executed with the debug option, the following files are added to the list of files above:
access
Track users of the Data Domain Enterprise Manager graphical user interface.
boot.log
Kernel diagnostic messages generated during the booting up process.
ddfs.info
Debugging information created by the file system processes.
ddfs.memstat
Memory debugging information for file system processes.
destroy.id_number.log
All of the actions taken by an instance of the filesys destroy command. Each instance produces a log with a unique ID number.
disk-error-log
Disk error messages.
error
List errors generated by the Data Domain Enterprise Manager operations.
kern.error
Kernel error messages.
kern.info
Kernel information messages.
network
Messages from network connection requests and operations.
perf.log
Performance statistics used by Data Domain support staff for system tuning.
secure
Messages from unsuccessful logins and changes to user accounts.
ssi_request
Messages from the Data Domain Enterprise Manager when users connect with HTTPS.
windows
Messages about CIFS-related activity from CIFS clients attempting to connect to the Data Domain system.
For example, to list all of the files in the log directory, use:
# log list
Last modified SizeFile
------------------------ -------- ----------
Mon Mar 16 11:10:07 2009 135 KB messages
Sun Jan 18 00:00:02 2009 1460 KB messages.9
Sun Jan 25 00:27:16 2009 177 KB messages.8
Sun Feb 1 00:00:03 2009 154 KB messages.7
Sun Feb 8 00:00:03 2009 799 KB messages.6
Sun Feb 15 00:00:03 2009 385 KB messages.5
Sun Feb 22 00:00:03 2009 247 KB messages.4
Sun Mar 1 00:00:02 2009 394 KB messages.3
Sun Mar 8 00:00:02 2009 644 KB messages.2
Sun Mar 15 00:36:23 2009 469 KB messages.1
Mon Mar 16 11:00:02 2009 10741 KB space.log
------------------------ -------- ----------
Note: KiB = Kibibytes = the binary equivalent of Kilobytes.
log view [<filename>]
Use this command to view the log files. With no filename, the command displays the current messages file. When viewing the log, use the up and down arrows to scroll through the file; use the q key to quit; enter a slash character (/) to search forward or a question mark (?) to search backward for a pattern (for example, a date) in the file.
log watch [<filename>]
Use this command to display a view of the messages file that adds new entries as they occur. Use the key combination Ctrl+c to break out of the watch operation. With no filename, the command displays the current messages file.
EXAMPLES
Understand a Log Message
1. View the log file. (This can be done on the Data Domain system either by using the command log view message, or the command log view.
2. The log file includes information like this:
Jan 31 10:28:11 syrah19 bootbin: NOTICE: MSG-SMTOOL-00006: No replication throttle schedules found: setting throttle to unlimited.
3. Look for the file of log messages. A detailed description of log messages can be obtained from the Data Domain Support Web site, https://my.datadomain.com/, by clicking Software Downloads, then the book icon under Docs for the given release, then Error Message Catalog.
4. In the Web page of log messages, search for the message "MSG-SMTOOL-00006." Find the following:
ID: MSG-SMTOOL-00006 - Severity: NOTICE - Audience: customer
Message: No replication throttle schedules found: setting throttle to unlimited.
Description: The restorer cannot find a replication throttle schedule. Replication is running with throttle set to unlimited.
Action: To set a replication throttle schedule, run the replication throttle add command.
5. Based on the message, the user could run the replication throttle add command to set the throttle.
Archive Log Files
To archive log files, use NFS, CIFS mount, or FTP to copy the files to another machine.
If using CIFS or NFS, mount /ddvar to your desktop and copy the files from the mount point. See the CIFS add command or the NFS add command for more information.
If using FTP:
1. On the Data Domain system, use the adminaccess show command to see that the FTP service is enabled. If the service is not enabled, use the command adminaccess enable ftp.
2. On the Data Domain system, use the adminaccess show command to see that the FTP access list has the IP address of your remote machine or a class-C address that includes your remote machine. If the address is not in the list, use the command adminaccess add ftp ipaddr.
3. On the remote machine, open a Web
browser.
4. In the Address box at the top of the Web browser, use FTP to access the Data Domain system. For example:
ftp://Data Domain system_name.datadomain.com/
Note: Some Web browsers do not automatically ask for a login if a machine does not accept anonymous logins. In that case, add a user name and password to the FTP line. For example, add:
ftp://sysadmin:your-pw@Data Domain system_name.datadomain.com/
5. At the login popup, log into the Data Domain system as user sysadmin.
6. On the Data Domain system, you are in the directory just above the log directory. Open the log directory to list the messages files.
7. Copy the file that you want to save. Right-click on the file icon and select Copy To Folder from the menu. Choose a location for the file copy.
8. If you want the FTP service disabled on the Data Domain system, use SSH to log into the Data Domain system as sysadmin and give the command adminaccess disable ftp.
sysadmin@dd620> help net
net -sets up network parameters and Ethernet interface addresses and displays network information.
DESCRIPTION
The net command manages the use of virtual interfaces,
DHCP, DNS, and IP addresses, and displays network information and status. The route command manages routing rules.
Note: Changes to disabled Ethernet interfaces made with the net command options flush the routing table. Data Domain recommends making interface changes only during scheduled maintenance downtime. After making interface changes, you must reconfigure any routing rules and gateways.
OPTIONS
Link aggregation provides improved network performance and resiliency by using two to four network ports in parallel, thus increasing the link speed and reliability over that of a single port.
The net aggregate commands control this feature. (Link aggregation and Ethernet trunking are different terms for the same thing.)
net aggregate add <virtual-ifname> mode {xor-L2 |xor-L2L3 | roundrobin} interfaces physical-ifname-list
See Considerations for Ethernet Failover and Net Aggregation on page 222 before setting up aggregation.
Note: To create a virtual interface, see the net create virtual command.
Use the net aggregate add command to enable aggregation on an existing virtual interface by specifying the physical interfaces and mode (the mode must be specified). Available modes are the Layer 2 or Layer 3/Layer4 implementations of the static balanced mode, or round-robin. Choose the mode that is compatible with the requirements of the system to which the ports are directly attached.
The command enables aggregation on a virtual interface <virtual-ifname> in the specified mode with the physical interfaces named in <physical-ifname-list>. The aggregated links transmit packets out of the Data Domain system.
The supported aggregate modes are:
xor-L2
Transmit based on static balanced mode aggregation with an XOR hash of Layer 2 (inbound and outbound MAC addresses).
xor-L3L4
Transmit based on static balanced mode aggregation with an XOR hash of Layer 3 (inbound and outbound IP address) and Layer 4 (inbound and outbound port numbers).
roundrobin
Transmit packets in sequential order from the first available link through the last in the aggregated group.
For example, to enable link aggregation on virtual interface veth1 to physical interfaces eth1 and eth2 in mode xor-L2, use the following command:
# net aggregate add veth1 mode xor-L2 interfaces eth2 eth3
net aggregate del virtual-ifname interfaces <physical-ifname- list>
Use this command to delete interfaces from the physical list of the aggregate virtual interface.
For example, to delete physical interfaces eth1 and eth2 from the aggregate virtual interface veth1, use the following command:
# net aggregate del veth1 interfaces eth2,eth3
net aggregate reset <virtual-ifname>
Use this command to remove all physical interfaces from an aggregate virtual interface.
The output is similar to the following:
# net aggregate reset veth1
Interfaces "eth2, eth3" have been removed from "veth1".
net aggregate show
Use this command to display basic information on the aggregate setup.
The output is similar to the following:
# net aggregate show
Ifname Hardware Address Aggregation Mode Configured Interfaces
------ ---------------- ---------------- ---------------------
veth1 00:15:17:0f:63:fc balance hash xor-L2 eth4,eth5
------ ----------------- ---------------- -------------------
net config <ifname> [<ipaddr>][netmask <mask>][up | down] [dhcp {yes | no}][mtu {<size> | default}][autoneg][duplex {full | half}] [speed {10 | 100 | 1000}] [0]
net config <ifname> 0
Use this command to reset a network interface card to its default (unconfigured) mode. For example, use net config eth0 0 to reset interface 0. This command is available to administrative users only.
net config <ifname> autoneg
Use this command to allow the network interface card to autonegotiate the line speed and duplex setting for an interface. This command is available to administrative users only.
Note: This command is not applicable with 10 Gb Ethernet cards.
For example, to set autonegotiation for interface eth1, use:
# net config eth1 autoneg
net config <ifname> dhcp [yes | no]
Use this command to set up an Ethernet interface to expect DHCP information. Changes take effect only after a system reboot. This command always enables the specified interface, regardless of whether you specify yes or no. This command is available to administrative users only.
Note: To activate DHCP for an interface when no other interface is using DHCP, you must reboot the Data Domain system. To activate DHCP for an optional gigabit Ethernet card, either have a network cable attached to the card during the reboot or, after attaching a cable, run the net enable command for the interface.
For example, to set DHCP for the interface eth0, use the command:
# net config eth0 dhcp yes
To check the command, use the net show configuration command. To check that the Ethernet connection is live, use the net show hardware command.
net config <ifname> duplex {full|half} speed {10 | 100 | 1000}
Use this command to manually set an interface to half-duplex or full-duplex, and set the line speed. Both duplex and speed are required keywords. Half-duplex is not available for any port set for a speed of 1000 (Gigabit). This command disables auto-negotiation. You can specify line speeds of 10 Base-T, 100 Base-T, or 1000 Base-T (Gigabit). A line speed of 1000 allows only a duplex setting of full. Setting a port to a speed of 1000 and duplex of half leads to unpredictable results.
You cannot use this command with 10 Gb Ethernet cards. This command is available to administrative users only.
For example, to set the line use to half-duplex for interface eth1, use:
# net config eth1 duplex half speed 100
To set the line speed to 100 Base-T for interface eth1, use:
# net config eth1 speed 100 duplex full
net config <ifname> <ipaddr>
Use this command to change the IP address used by a Data Domain system Ethernet interface. This command disables DHCP for the interface, if it is enabled. Use the net config ifname dhcp disable command to turn off DHCP for an interface. See config ifname dhcp on page 201 for details. If you do not specify a netmask with config ifname netmask, the system uses the default netmask. The default value for netmask depends on the IP address. For example, the default netmask for 10.x.x.x is 255.0.0.0, and the default netmask for 192.x.x.x is 255.255.255.0. This command is available to administrative users only.
For example, to set the interface eth0 to the IP address of 192.168.1.1, use:
# net config eth0 192.168.1.1
Use the net show config command to check the operation.
net config <ifname> mtu {<size> | default}
Use this command to change the maximum transfer unit size for an Ethernet interface. Supported values are from 1500 to 9014. For 100 Base-T and gigabit networks, 1500 is the standard default. The default option returns the setting to the default value. Make sure that all of your network components support the size set with this option. This command is available to administrative users only.
For example, to set a maximum transfer unit size of 9014 for the interface eth2, use the command:
# net config eth2 mtu 9014
net config <ifname> netmask <mask>
Use this command to change the netmask used by an Ethernet interface. If you specify a netmask for an interface, you must also specify an IP address with config ifname ipaddr. This command is available to administrative users only.
For example, to set the netmask 255.255.255.0 for the interface eth0:
# net config eth0 192.168.99.200 netmask 255.255.255.0
net config <ifname> type [none|management|data|replication|cluster|"data,replication"]
This command is used to tag a network interface for a specific type of Global Deduplication Array traffic. The Global Deduplication license must be installed. This command is available to administrative users only.
Note: Only one physical or virtual interface can be associated with each logical interface type.
*Management interface: identifies the IP address for managing the controller (SSH or the Data Domain Enterprise Manager, which is a graphical-user interface (GUI) application).
Note: To use the Enterprise Manager, you must be able to connect to the Data Domain controller via the internet. The Data Domain controller needs an IP address so the Web browser can locate it on the network.
*Data interface: identifies the IP address for backup traffic from the media servers to the controller. Data Domain file systems use the network interface with type data to communicate with the Media Server for backup data.
*Replication interface: identifies the IP address for replication traffic.
*Global Deduplication interface: identifies the Global Deduplication Array interconnect IP address on each controller. If a Global Deduplication Array has two Data Domain systems, the Data Domain file system will use the network interface with type cluster to communicate with the second system.
For example, in a Global Deduplication Array, to communicate with a second Data Domain system, veth1, enter:
# net config veth1 type cluster
net config <ifname> [up | down]
See net config enable and net config disable.
net create interface {<physical-ifname>|<virtual-ifname>} vlan <vlan-id>
Use this command to create a new VLAN interface from either a physical port or a virtual interface. The range of <vlan-id> is between 1 and 4095. Use the net config commands to configure the IP address and netmask, or to enable or disable the interface. The maximum number of interfaces is 512. The VLAN interface is named <ifname.vlan-id>.
Notes: A VLAN interface cannot be created on a failover interface consisting of Chelsio 10 GbE interfaces. The total number of VLAN and virtual interfaces that can be created is limited to 80.
For example, to create a VLAN interface named eth0.2:
# net create interface eth0 vlan 2
net create virtual <virtual-id>
Use this command to create a new virtual interface. The virtual interface name <virtual-id> must begin with veth. The remainder of the name can be decimal or hexadecimal numbers (0-9 and aA-fF are permitted). Interface names must be unique. This command is available to administrative users only.
Note: A VLAN interface cannot be created on a failover interface consisting of Chelsio 10Gb interfaces.
For example, to create a virtual interface named veth12, use:
# net create virtual veth12
net destroy {<virtual-ifname>|<vlan-ifname>}
Use this command to delete an existing VLAN or virtual interface.
For example to destroy a VLAN named eth1.35 and a virtual interface named veth23:2, use:
# net destroy eth1.35
# net destroy veth23
net disable <ifname>
Use this command to disable an Ethernet interface on the Data Domain system. This command is available to administrative users only.
For example, to disable the interface eth0, use:
# net disable eth0
DDNS (Dynamic DNS) is the protocol that allows machines on a network to communicate with, and register their IP address on, a DNS server.
net ddns add (<ifname-list> | all)
Use this command to add interfaces to the DDNS registration list. This command is available to administrative users only.
net ddns del (<ifname-list> | all)
Use this command to remove interfaces from the DDNS registration list. This command is available to administrative users only.
net ddns disable
Use this command to disable DNS updates. This command is available to administrative users only.
net ddns enable
Use this command to enable DNS updates. This command is available to administrative users only.
net ddns register
Use this command to manually register configured interfaces with DNS. This command is available to administrative users only.
net ddns reset
Use this command to reset the DDNS registration list to its defaults and disable registration. This command is available to administrative users only.
net ddns show
Use this command to display interfaces in the DDNS registration list.
net ddns status
Use this command to display whether DDNS registration is enabled or not.
net enable <ifname>
Use this command to enable a disabled Ethernet interface on the Data Domain system, where ifname is the name of an interface. This command is available to administrative users only.
For example, to enable the interface eth0, use:
# net enable eth0
Ethernet failover provides improved network stability and performance, and is implemented with the net failover command. The failover enabled virtual interface represents a group of secondary physical interfaces, one of which can be specified as the primary. The system makes the primary interface the active interface whenever the primary interface is operational.
A failover from one physical interface to another can take up to 30 seconds. The delay is to guard against multiple failovers when a network is unstable.
See Considerations for Ethernet Failover and Net Aggregation on page 222 before setting up failover.
net failover add <virtual-ifname> interfaces <physical-ifname- list>[primary <physical-ifname> | none]
Use this command to enable failover on an existing virtual interface name in the form vethx, where x is a unique string (typically one or two digits). A typical full virtual interface name is veth56.3999:199. The maximum length of the full name is 16 characters, which typically limits the name string x to two characters. Using special characters in the string x other than the period (.) and the colon (:) is allowed but not recommended.
The virtual interface must already be present on the system; to check for the presence of a virtual interface, use the net show settings command. To designate one of the physical interfaces as the primary failover interface, use the optional primary parameter. This command is available to administrative users only.
Note: A primary interface must be part of the failover and cannot be deleted from the failover while it is the primary interface. Use the net failover modify command to change the primary interface.
For example, to associate a failover virtual interface named veth1 with the physical interfaces eth2 and eth3, and with eth2 as the primary, use:
# net failover add veth1 interfaces eth2 eth3 primary eth2
Current interfaces for veth1: eth2, eth3, primary eth2
net failover del <virtual-ifname> interfaces <physical-ifname- list>
Use this command to remove a physical Ethernet interface from a failover virtual interface. The physical interface remains disabled after being removed from the virtual interface. This command is available to administrative users only.
For example, to remove eth2 from the virtual interface veth1, which has eth2 and eth3 as slaves and eth3 as the primary interface, use:
# net failover del veth1 interfaces eth2
Interfaces "eth2" have been removed from "veth1".Current interfaces for veth1: eth3, primary: eth3
net failover modify <virtual-ifname> primary {<physical-ifname> | none}
Use this command to modify the physical Ethernet interface designated as primary for failover on a virtual interface. This command is available to administrative users only.
net failover reset <virtual-ifname>
Use this command to reset a virtual interface and remove all physical interfaces that were associated with it. Resetting a virtual interface removes all associated physical interfaces from the virtual interface. This command is available to administrative users only.
For example, the following command removes the virtual interface veth1 and releases all of its associated physical interfaces. (The physical interfaces are still disabled and must be enabled for any other use than as part of another virtual interface.)
# net failover reset veth1
After the virtual interface has been reset, the physical interfaces remain disabled. Use the net enable command to re-enable the
interfaces.
# net enable eth2
# net enable eth3
net failover show
Use this command to display configured failover virtual interfaces. This command shows what is configured at the bonding driver. To see what is in the registry, use the net show settings command.
Note: The registry settings may be different from the bonding configuration. When interfaces are added to the virtual interface the information is not sent to the bonding module until the virtual interface is brought up. Until that time the registry and the bonding driver configuration will be different.
The value in the Hardware Address column is the physical interface currently used by the failover virtual interface.
# net failover show
Ifname Hardware Address Configured Interfaces
------ ----------------- ---------------------
veth1 00:04:23:d4:f1:27 eth3
------ ----------------- ---------------------
net hosts add <ipaddr> {<host> | <host> [<alias>]} ...
Use this command to associate an IP address with a hostname,. The hostname is a fully-qualified domain name or a hostname. The entry is added to the /etc/hosts file. This command is available to administrative users only.
For example, to associate both the fully-qualified domain name bkup20.fcoe.ru and the hostname of bkup20 with an IP address of 192.168.3.3, use the command:
# net hosts add 192.168.3.3 bkup20.fcoe.ru bkup20
net hosts del <ipaddr>
Use this command to delete a hostname or IP address entry from the /etc/hosts file. This command is available to administrative users only.
For example, to remove the host entries with an IP address of 192.168.3.3, use:
# net hosts del 192.168.3.3
net hosts reset
Use this command to delete all hostname and IP address entries from the /etc/hosts file. This command is available to administrative users only.
net hosts show
Use this command to display hostnames and IP addresses from the /etc/hosts file. This command is available to administrative users only.
The display looks similar to the following:
# net hosts show
Hostname Mappings:
192.168.3.3 -> bkup20 bkup20.fcoe.ru
The iperf Linux command measures the quality and
bandwidth of network connections. The net iperf command provides the equivalent capabilities.
net iperf client <server-host> [port <port>] [window-size <bytes>][data {random|default}] [interval <secs>] [{transmit- size <bytes> |duration <secs>}]
Use this command to run the iperf command in client mode. This command is available to administrative users only.
net iperf client Option
Equivalent iperf Option
<server-host>
-c <server-host>
port <port>
-p <port>
window-size <bytes>
-w <iperf_bytes>
transmit-size <bytes>
-n <iperf_bytes>
duration <secs>
-t <secs>
interval <secs>
-i <secs>
data random
-F /dev/urandom
data default
No equivalent option (default behavior)
Values for <bytes> may be followed by the K, M, or G suffices to scale the value.
net iperf server [port <port>] [window-size <bytes>]
Use this command to run the iperf command in server (-s) mode. This command is available to administrative users only.
net iperf server Option
Equivalent iperf Option
port <port>
-p <port>
window-size <bytes>
-w <iperf_bytes>
net lookup {<ipaddr> | <hostname>}
Use this command to look up DNS entries.
net ping host [broadcast] [count <n>] [interface <ifname>]
Use this command to check that a Data Domain system can communicate with a remote host with a hostname or IP address.
broadcast
Allow pinging a broadcast address.
count
Give the number of pings to issue.
interface
Give the interface to use: eth0 through eth3.
For example, to check that communication is possible with the host srvr24, use:
# net ping srvr24
net reset {hostname | domainname | dns}
Use this command to reset the hostname, domain name, and DNS parameters to their default values (empty). The command requires at least one parameter and accepts multiple parameters. Changes take effect only after a system reboot. This command is available to administrative users only.
For example, to reset the system host name, use:
# net reset hostname
net set dns <ipaddr1>[, <ipaddr2>[, <ipaddr3>]]
Use this command to add or change DNS servers for the Data Domain system to use in resolving addresses to give DNS server IP addresses. The command writes over the current list of DNS servers. Only the servers given in the latest command are available to a Data Domain system. Entries in the list can be separated by commas, spaces, or both. This command is available to administrative users only.
Note: To activate a DNS change, the Data Domain system must be rebooted.
For example, to allow a Data Domain system to use a DNS server with an IP address of 123.234.78.92, use the command:
# net set dns 123.234.78.92
To check the command, use the net ping host-name command.
net set domainname <name>
Use this command to change the domain name used by the Data Domain system. This command is available to administrative users only.
For example, to set the domain name to yourcompany-ny.com, use:
# net set domainname yourcompany-ny.com
net set hostname <host>
Use this command to change the name other systems use to access the Data Domain system. Because of a restriction with some browsers, the hostname should not include an underscore character. If the hostname contains an underscore, it can prevent logins to that host from the GUI, and would result in the GUI not being able to manage that host. This command is available to administrative users only.
For example, to set the Data Domain system name to dd10:
# net set hostname dd10
To check the operation, use the net show hostname command.
If the Data Domain system is using CIFS with active directory authentication, changing the hostname causes the Data Domain system to drop out of the domain. Use the cifs set authentication command to rejoin the active directory domain.
net show all
Use this command to display the output from the commands net show config, net show settings, net show domainname, net show hostname, net show hardware, net show dns, and net show stats.
net show config [<ifname>]
Use this command to display the current network driver settings for an Ethernet interface. With no <ifname>, the command returns configuration information for all Ethernet interfaces.
net show dns
Use this command to display the DNS servers used by a Data Domain system.
The display looks similar to the following. The last line indicates whether the servers were configured manually or by DHCP.
# net show dns
#
Server
-
-----------
1
192.168.1.3
2
192.168.1.4
-
-----------
Showing DNS servers configured manually.
net show domainname
Use this command to display the domain name used for email sent by a Data Domain system.
The display looks similar to the following:
# net show domainname
The Domainname is: fcoe.ru
net show hostname
To display the current hostname used by the Data Domain system, use the net show hostname operation. The display is similar to the following:
# net show hostname
The Hostname is: dd10.fcoe.ru
net show hardware
Use this command to display hardware information. The display looks similar to the following:
# net show hardware
Port
Speed
Duplex
Supp Speeds
Hardware Address
Physical
Cable
----
eth0
100Mb/s
full
10/100/1000
00:02:b3:b0:8a:d2
Copper
yes
eth1
unknown
unknown
10/100/1000
00:02:b3:b0:80:3f
Copper
no
eth2
1000Mb/s
full
10/100/1000
00:07:e9:0d:5a:1a
Copper
yes
eth3
unknown
unknown
10/100/1000
00:07:e9:0d:5a:1b
Copper
no
The display of the status of network ports has the columns:
Port
The Ethernet interfaces on the system (for example, eth3 or eth3, depending on the port naming convention your system uses).
Speed
The actual speed at which the port currently deals with data.
Duplex
Shows whether the port is using the full or half duplex protocol
Supp Speeds
Lists all the speeds that the port is capable of using.
Hardware
Address
The MAC address.
Physical
Shows whether the port is Copper or Fiber.
Cable
Shows whether or not the port currently has a cable attached and the carrier is up.
net show settings
Use this command to display network settings.
The display of Ethernet interface settings shows what you have configured, not the actual status of each interface. For example, if an interface on the Data Domain System does not have a live Ethernet connection, the interface is not actually enabled.
# net show settings
port enabled DHCP IP address netmask additional setting
----- ------- ---- ---------------- ---------------- ------------------
eth0 yesyes 192.168.9.199* 255.255.252.0*
eth1 yesyes (not specified)* (not specified)*
veth0 non/a n/an/a
veth1 non/a n/an/a
veth2 non/a n/an/a
veth3 non/a n/an/a
----- ------- ---- ---------------- ---------------- ------------------
* Value from DHCP
Port
Each Ethernet interface listed by name.
Enabled
Whether or not the port is configured as enabled. To check the actual status of interfaces, use the net show hardware command. The Cable column entry shows a value of yes for live Ethernet connections.
DHCP
Whether or not port characteristics are supplied by DHCP. If a port uses DHCP for configuration values, the display does not have values for the remaining columns.
IP Address
The address used by the network to identify the port.
Netmask
The standard IP network mask.
net show stats [all | interfaces | listening | route | statistics]
Use this command to display network statistics. The information returned from all the options is used by Data Domain support staff for troubleshooting.
all
Display summaries of the other options.
interfaces
Display the kernel interface table and a table of all network-enabled interfaces and their activity.
listening
Display statistics about active internet connections from servers.
route
Display the IP routing tables showing the destination, gateway, netmask, and other information for each route.
statistics
Display network statistics for protocols.
The display with the route option is similar to the following.
# net show stats route
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.8.0 *255.255.252.0 U 0 0 0 eth0
127.0.0.0*255.0.0.0U 0 0 0 lo
default router-10.datad 0.0.0.0 UG0 0 0 eth0
net tcpdump capture <filename> [interface <iface>] [{host <host> | net <net> [mask <mask>]}] [port <port>] [snaplen <bytes>]
Use this command to run the Linux tcpdump command and save packet data to a file for later analysis. You can use this command to collect data and then copy the output file to another system for analysis. This command converts the options from the command line to equivalent tcpdump options. The output files are placed in /ddvar/traces from where you can upload them to autosupport. A maximum of 10 output files may be retained on the system; if this limit is reached, the command prompts you to delete some of the existing files. This command is available to administrative users only.
Command options are translated as follows:
net tcpdump Option
Equivalent tcpdump Options
<filename>
-w
/ddvar/traces/tcpdump_<filename>
-C 100M -W 5
interface <iface>
-i <iface>
host <host>
host <host>
net <net>
net <net>
mask <mask>
mask <mask>
port <port>
port <port>
snaplen <bytes>
-s <bytes>
net tcpdump del {<filename> | all}
This command deletes output files created by the net tcpdump capture command. Specify a <filename> to delete all files that match the pattern /ddvar/traces/tcpdump_<filename> *. Specify all to remove all net tcpdump output files. This command is available to administrative users only.
EXAMPLES
1. Disable the interfaces eth2, eth3, and eth4 for use as failover interfaces:
# net disable eth2
# net disable eth3
# net disable eth4
2. If virtual interface veth1 does not exist on the system, create it:
# net create virtual veth1
3. Create a failover virtual interface named veth1 using the physical interfaces eth2 and eth3:
# net failover add veth1 interfaces eth2,eth3
Current interfaces for veth1: eth2, eth3
4. Enable virtual interface veth1:
# net config veth1 10.20.199.41 netmask 255.255.0.0
5. Show configured failover virtual interfaces:
# net failover show
Ifname Hardware Address Configured Interfaces
------ ----------------- ---------------------
veth1 00:04:23:d4:f1:27 eth2,eth3
------ ----------------- ---------------------
*To add the physical interface eth4 to failover virtual interface veth1:
# net failover add veth1 interfaces eth4
Current interfaces for veth1: eth2,eth3,eth4
*To remove eth2 from the virtual interface veth1:
# net failover del veth1 interfaces eth2
Interfaces "eth2" have been removed from "veth1".Configuration of "veth1" is reset.
*To remove the virtual interface veth1 and release all of its associated physical interfaces:
# net failover reset veth1
Interfaces for veth1:
*To re-enable the physical interfaces:
# net enable eth2
# net enable eth3
# net enable eth4
1. Disable the interfaces eth2, eth3, and eth4 to use as
aggregation interfaces:
# net disable eth2
# net disable eth3
# net disable eth4
2. If virtual interface veth1 does not exist on the system, create it:
# net create virtual veth1
3. Enable link aggregation on virtual interface veth1 for physical interfaces eth2 and eth3 in xor-L2 mode:
# net aggregate add veth1 mode xor-L2 interfaces eth2 eth3
4. Enable the virtual interface:
# net config veth1 192.168.45.119 netmask 255.255.248.0
5. Show the aggregate setup:
# net aggregate show
Ifname Hardware Address Aggregation Mode Configured Interfaces
------ ---------------- ---------------- ---------------------
veth1 00:15:17:0f:63:fc xor-L2 eth2,eth3
------ ----------------- ---------------- ---------------------
*To delete physical interface eth3 from the aggregate virtual interface veth1:
# net aggregate del veth1 interfaces eth3
*To add link physical interface eth4 on virtual interface veth1:
# net aggregate add veth1 mode xor-L2 interfaces eth4
*To remove all interfaces from veth1:
# net aggregate reset veth1
Interfaces "eth2, eth4" have been removed from "veth1".
Configuration of "veth1" is reset.
*To re-enable the physical interfaces:
# net enable eth2
# net enable eth3
# net enable eth4
Considerations for Ethernet Failover and Net Aggregation
While planning Ethernet failover and net aggregation, consider the following supported guidelines:
*A system with two Ethernet cards can have a maximum of six ports, eth0, eth1, eth2, eth3, eth4, and eth5, unless one of the cards is a 1-port 10 GbE fiber, in which case the system has a total of five ports (eth0-eth4).
*The recommended number of physical interfaces for failover is two. However, you can configure one primary interface and up to five failover interfaces (except with 10 Gb copper Ethernet cards, which are restricted to one primary interface and one failover interface, and with the 10 Gb optical Ethernet cards, which cannot be used in any failover or aggregation).
*The recommended number of physical interfaces used in aggregation is two.
*Each physical interface (eth0 to eth5) can belong to at most one virtual interface.
*A system can have multiple and mixed failover and aggregation virtual interfaces, subject to the restrictions above.
*Virtual interfaces must be created from identical physical interfaces (all copper or all optical, and all 1 Gb or all 10 Gb).
Supported Interfaces
For complete information about configuring interfaces, port naming conventions, and supported configurations for the various Data Domain controller models, see the DD OS 4.9 Initial Configuration Guide.
When you create a virtual interface:
*The virtual-name must be in the form vethx where x is a number in the format required for the net create virtual command.
*You can create as many virtual interfaces as there are physical interfaces.
*The physical-name must be in the form ethx where x is an alphanumeric string (typically a number).
*Each interface used in a virtual interface must first be disabled with the net disable command. An interface that is part of a virtual interface is seen as disabled by other net commands.
*All interfaces in a virtual interface must be on the same subnet and on the same
LAN (or card for 10 Gb). Network switches used by a virtual interface must be on the same subnet.
*A virtual interface needs an IP address that is set manually.
Use the net config command.
If a primary interface is to be used in a failover configuration, it must be explicitly specified with the primary option to the net failover add command and must also be a slave to the virtual interface. If the primary interface goes down and multiple interfaces are still available, the next interface used is a random choice.
sysadmin@dd620> help nfs
nfs -manages NFS clients for a Data Domain system.
DESCRIPTION
The nfs command allows you to add NFS clients and to manage their access to a Data Domain system. It also allows you to display status information, such as whether or not the NFS system is active, and the time needed for specific NFS operations.
OPTIONS
nfs add {/ddvar | /backup[/<sub-dir>]} <client-list> [<nfs-options>]
Use this command to add NFS clients that can access the Data Domain system. To specify multiple clients, create a list of entries separated by commas, spaces, or both. A client can be a fully-qualified domain hostname, class-C IP addresses, IP addresses with either netmasks or length, an NIS netgroup name with the prefix @, or an asterisk (*) wildcard with a domain name, such as *.fcoe.ru.
An asterisk (*) by itself means no restrictions. A client added to a subdirectory under /backup has access only to that subdirectory. This command is available to administrative users only.
Note: /backup subdirectory is not supported in Global Deduplication Array.
The <nfs-options> are contained in a list, with entries separated by commas, spaces, or both, and bounded by parentheses. With no options specified, the default options are rw, root_squash, no_all_squash, and secure. The following options are allowed:
ro
Enable read-only permission.
rw
Enable read and write permissions (default value).
root_squash
Map requests from uid or gid 0 to the anonymous uid/gid.
no_root_squash
Turn off root squashing (default value).
all_squash
Map all user requests to the anonymous uid/gid.
no_all_squash
Turn off the mapping of all user requests to the anonymous uid/gid (default value).
secure
Require that requests originate on an Internet port that is less than IPPORT_RESERVED (1024) (default value).
insecure
Turn off the secure option.
anonuid="id"
Set an explicit user ID for the anonymous account. The ID is an integer bounded from 0 to 65635, which must be enclosed in double quotation marks.
anongid=id
Set an explicit group ID for the anonymous account. The ID is an integer bounded from 0 to 65635, which must be enclosed in double quotation marks.
nfs del {/ddvar | /backup[/subdir]} <client-list>
Use this command to delete specific directories, including a backup subdirectory, for one or more clients. The <client-list> can contain IP addresses, hostnames, or an asterisk (*) that represents all clients. Separate items in the list by commas, spaces, or both. This command is available to administrative users only.
Note: /backup subdirectory is not supported in Global Deduplication Array.
nfs disable
Use this command to disable all NFS clients. This command is available to administrative users only.
nfs enable
Use this command to allow all NFS-defined clients to access the Data Domain system. This command is available to administrative users only.
nfs reset clients
Use this command to reset the client list to the factory default, which is an empty list. No NFS clients can access the Data Domain system when the list is empty. This command is available to administrative users only.
nfs reset stats
Use this command to clear the NFS statistics. This command is available to administrative users only.
nfs show active
Use this command to list all of the clients that have been active in the past 15 minutes and the mount path for each active client.
nfs show clients
Use this command to list the NFS clients allowed to access the Data Domain system, and the mount path and NFS options for each.
nfs show detailed-stats
Use this command to display NFS
cache entries and status for purposes of troubleshooting.
nfs show histogram [<op>]
Use this command to display NFS operations in a histogram. Optionally, use the <op> argument to plot a histogram for a specific NFS operation. This command is available to administrative users only. The command displays the following output.
Op
The name of the NFS operation.
mean-ms
The mathematical mean time for completion of the operations.
stddev
The standard deviation for time to complete operations, derived from the mean time.
max-s
The maximum time taken for a single operation.
2ms
The number of operations that took 2 ms or less.
4ms
The number of operations that took between 2ms and 4ms.
6ms
The number of operations that took between 4ms and 6ms.
8ms
The number of operations that took between 6ms and 8ms.
10ms
The number of operations that took between 8ms and 10ms.
100ms
The number of operations that took between 10ms and 100ms.
1s
The number of operations that took between 100ms and 1 second.
10s
The number of operations that took between 1 second and 10 seconds.
>10s
The number of operations that took over 10 seconds.
# nfs show histogram
Opmean-ms stddev max-s 2ms 4ms 6ms 8ms 10ms 100ms 1s 10s >10s
---------------------------------------------------------------------------------------------------------
NULL 0.0 0.0 0.0 1 0 0 0 0 0 0 0 0
GETATTR0.0 0.0 0.0 3 0 0 0 0 0 0 0 0
SETATTR0.1 0.0 0.0 1 0 0 0 0 0 0 0 0
LOOKUP0.0 0.0 0.0 20 0 0 0 0 0 0 0 0
ACCESS0.0 0.0 0.0 3 0 0 0 0 0 0 0 0
READLINK 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
READ 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
WRITE 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
CREATE0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
MKDIR 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
SYMLINK0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
MKNOD 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
REMOVE0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
RMDIR 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
RENAME0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
LINK 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
READDIR0.0 0.0 0.0 1 0 0 0 0 0 0 0 0
READDIRPLUS 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
FSSTAT0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
FSINFO0.0 0.0 0.0 1 0 0 0 0 0 0 0 0
PATHCONF 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
COMMIT0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
WRITESHM 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
READSHM 49.0 0.0 0.0 0 0 0 0 0 1 0 0 0
SYNC 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
COMPSTATS 0.0 0.0 0.0 0 0 0 0 0 0 0 0 0
nfs show stats
Use this command to display NFS statistics.
nfs status
Enter this option to determine whether or not the NFS system is operational. When the files system is active and running, the output shows the total number of NFS requests since the file system started, or since the last time that the NFS statistics were reset.
EXAMPLES
Add or Delete NFS Clients
To add an NFS client with an IP address of 192.168.1.02 and read/write access to /backup with the secure option, enter:
# nfs add /backup 192.168.1.02
You can also add NFS clients that are part of a subnet. The following examples show how to add a client using its IP address followed by a length and a netmask:
# nfs add /backup 192.168.1.02/24
# nfs add /backup 192.168.1.02/255.255.255.0
To delete an NFS client with an IP address of 192.168.1.02 from the /ddvar directory, enter:
# nfs del /ddvar 192.168.1.02
sysadmin@dd620> help ntp
ntp -synchronize a Data Domain system with NTP time servers and manage the NTP service.
DESCRIPTION
The ntp command allows you to synchronize a Data Domain system with an NTP time server, manage the NTP service, or turn off the local (on the Data Domain system) NTP server. The default system settings for NTP service are enabled and multicast.
A Data Domain system can use a time server supplied through the default multicast operation, received from DHCP, or set manually with the Data Domain system ntp add command.
*Time servers set with the ntp add command override time servers from DHCP and from multicast operations.
*Time servers from DHCP override time servers from multicast operations.
*The Data Domain system ntp del and ntp reset commands act only on manually added time servers, not on DHCP-supplied time servers. You cannot delete DHCP time servers or reset to multicast when DHCP time servers are supplied.
OPTIONS
ntp add timeserver <server_name>
Use this command to add a remote time server to NTP list. This command is available to administrative users only.
For example, to add an NTP time server named srvr26.fcoe.ru to the list, enter:
# ntp add timeserver srvr26.fcoe.ru
ntp del timeserver <server_name>
Use this command to delete a manually added time server from the list. This command is available to administrative users only.
For example, to delete an NTP time server named srvr26.fcoe.ru from the list, enter:
# ntp del timeserver srvr26.fcoe.ru
ntp disable
Use this command to disable NTP service on a Data Domain system. This command is available to administrative users only.
ntp enable
Use this command to enable NTP service on a Data Domain system. This command is available to administrative users only.
ntp reset
Use this command to reset the NTP configuration to the default settings. This command is available to administrative users only.
ntp reset timeservers
Use this command to reset the time server list from manually entered time servers to either DHCP time servers (if supplied) or to the multicast mode (if no DHCP time servers supplied). This command is available to administrative users only.
ntp show config
Use this command to display whether NTP is enabled or disabled, and show the time server list.
The following example shows the information that is returned:
# ntp show config
NTP is currently enabled.
# Server eth0 eth1
- --------------- ---- ----
1 192.168.244.208 X
2 192.168.244.214 X
- --------------- ---- ----
Showing NTP servers configured by DHCP.
ntp status
Use this command to display the local NTP service status, time, and synchronization information.
The following example shows the information that is returned:
# ntp status
Status Enabled
Current Clock Time Thu Feb 26 19:27:57.676 2009
Clock Last Synchronized Thu Feb 26 19:12:05.729 2009
Clock Last Synchronized With Time Server 192.168.244.208
Note: For Global Deduplication Array mode, the output includes information about both the master and worker controllers.
EXAMPLES
Add an NTP Server
The following command gives the time server srvr26.fcoe.ru as a time server for the Data Domain system to use for synchronization:
# ntp add timeserver srvr26.fcoe.ru
sysadmin@dd620>help ost
ost -manages OpenStorage (OST), which is a feature of Symantec's Veritas NetBackup backup and recovery product. OST integrates NetBackup with disk backup devices, such as Data Domain systems. OST is a licensed feature. If basic options do not work, verify that OST licensing has been implemented on your Data Domain system.
DESCRIPTION
The ost command allows you to create and delete logical storage units (LSUs) on the storage server and to display LSUs disk space usage. The LSUs and their contents remain in the Data Domain file system even if you subsequently disable OST. Once you re-enable OST, you can use these LSUs again.
OST commands also support the following major features.
Advanced Load Balancing and Failover
Configuring an interface group creates a private network within the Data Domain system, comprised of the IP addresses designated as a group interface. The group interface uses the Advanced Load Balancing and Failover feature to improve data transfer performance and increase reliability.
In the Symantec NetBackup environment, media server clients use a single public network IP address to access the Data Domain system. All communication with the Data Domain system is initiated via this master IP connection, which is configured on the NetBackup server. This public network also processes data transfer, that is, backups and restores.
If an interface group is configured, when the Data Domain system receives data from the media server clients, the data transfer is load balanced and distributed as separate jobs on the private network, providing higher input/output throughput, especially for customers who use multiple 1 GigE connections.
The data transfer is load balanced based on the number of connections outstanding on the interfaces. Only connections for backup and restore jobs are load balanced.
Note: You manage Advanced Load Balancing and Failover via the ost ifgroup commands.
Distributed Segment Processing
The Distributed Segment Processing feature increases backup throughput in almost all cases by eliminating duplicate data transmission between the media server and the Data Domain system.
Note: You manage Distributed Segment Processing via the ost option commands.
Low-Bandwidth Optimization
NetBackup customers who utilize optimized duplication over a low-bandwidth network (WAN) can increase image duplication speed by using low-bandwidth optimization (low-bw-optim). This feature provides additional compression during data transfer. Low-bandwidth compression is available to Data Domain systems with an installed Replication license.
Note: You manage low-bandwidth optimization via the ost opt-dup commands.
OPTIONS
ost enable
Administrators use this command to create and export the /backup/ost directory.
Whenever the user, user ID (UID), or group ID (GID) changes, the Data Domain system updates all images and LSUs the next time that the ost enable command is issued.
ost destroy
Administrators use this command to delete all LSUs and their contents from the Data Domain system. The command permanently removes all of the data (images) contained in the LSUs.
You must also manually remove (expire) the corresponding NetBackup catalog entries.
ost disable
Administrators use this command to disable OST for the Data Domain system.
Notes:
ifgroup is an interface group.
Advanced Load Balancing and Failover is not supported for a Global Deduplication Array.
ost ifgroup add interface <ipaddr>
Administrators use this command to add an IP address to a private network that is to process data transfer. The IP address must be configured on the Data Domain system, and its interface enabled.
The command checks if the IP address is valid. If not, a message reports the IP address is invalid (either because it is not configured on the Data Domain system, or its interface is not enabled). Use the net show settings or net show config commands to view available IP addresses.
If the IP is valid, the message IP added to list is displayed. After adding an IP address as an interface, you need to enable Advanced Load Balancing and Failover using the ost ifgroup enable command.
Failover is not an automatic process. If an interface (or a NIC that has multiple interfaces) fails, all the in flight jobs to that interface fail and need to be restarted by the backup administrator. However, any jobs that are started subsequent to the failure will get routed to the healthy interfaces.
Notes:
*It is not recommended that you use 1 GigE and 10 GigE connections in the same interface group.
*You can add public or private IP addresses for data transfer connections.
ost ifgroup del interface <ipaddr>
Administrators use this command to remove a valid IP address added as an interface.
If you are attempting to delete the last IP address interface, you are informed that the ifgroup will be disabled and are given the option of terminating this command.
ost ifgroup disable
Administrators use this command to disable the Advanced Load Balancing and Failover option for new jobs. Currently running jobs are not affected.
If the OST feature is disabled, the message disabled is displayed.
ost ifgroup enable
Administrators use this command to enable Advanced Load Balancing and Failover. At least one IP address must have already been added.
ifgroup show config
Use this command to show the IP addresses that have been added to the ifgroup.
ifgroup reset
Administrators use this command to reset Advanced Load Balancing and Failover links.
For a reset to occur, the Advanced Load Balancing and Failover feature must be disabled; and there must be no active jobs. If there are active jobs, a message informs you that the system is busy and that jobs need to complete. You are asked to try again later.
If the Advanced Load Balancing and Failover links are reset, a message to this effect is displayed.
ifgroup status
Use this command to show whether OST Link Aggregation is enabled or disabled.
ost lsu create <lsu-name>
Administrators use this command to create an LSU with a given name.
Note: If you invoke the filesys destroy command, you need to run ost disable followed by ost enable and then create an LSU using ost lsu create. If you do not run this series of commands, the Data Domain system reports an error.
ost lsu delete <lsu-name>
Administrators use this command to delete a specified LSU and all of its contents. You must also manually remove (expire) the corresponding NetBackup catalog entries.
ost lsu show [compression] [<lsu-name>]
Use this command to display the names of all LSUs or, optionally, the names of all images in a specified LSU.
To display the compression for all LSUs (the original byte size, global compression, and local compression for all LSUs), enter the compression option.
Note: To interrupt the output of this command, press Ctrl+C.
Note: The low-bandwidth optimization option is not supported in a Global Deduplication Array.
ost opt-dup option reset {low-bw-optim}
Administrators can use this command to reset low-bandwidth optimization to its default value, which is disabled.
ost opt-dup option set low-bw-optim {enabled | disabled}
Low-bandwidth optimization, which is disabled by default, is designed for use on networks with less than 6 Mbps aggregate bandwidth. Do not use this option if maximum filesystem write performance is required.
This command, which is available to administrators only, must be entered on both Data Domain systems the source and destination (target) systems.
After you enable low-bandwidth optimization on both systems, both systems must undergo a full cleaning cycle to prepare the existing data. Enter this CLI command on the source and destination systems:
# filesys clean start
The amount of time the cleaning cycle takes depends on the amount of data currently on the Data Domain system.
ost opt-dup option show [low-bw-optim]
Use this command to show whether low-bandwidth optimization is enabled or disabled for optimized duplication.
ost opt-dup reset stats
Administrators can use this command to reset opt-dup statistics when OST is enabled.
ost opt-dup show active
Use this command to show the status of an OST image duplication transfer to a destination Data Domain system.
The low-bandwidth optimization status output indicates either that it is enabled and running, or that it is enabled but there is a configuration mismatch.
04/28 11:29:43
Outbound image name /backup/example.tar
Target host name 127.2.0.1
Low-bw-optim enabled and running
Logical bytes to transfer 436,874,240
Logical bytes already transferred 104,659,157
ost opt-dup show history [ duration <duration>{day | hr}] [interval <hr> ]
Use this command to show the data transfer history between the source and destination (target) Data Domain systems. The following information is shown for inbound and outbound traffic for a given duration at a specified interval:
*amount of pre-compressed data in KB
*amount of post-compressed data in KB
*network transfer data in KB
*low-bandwidth optimization factor
*number of errors
ost opt-dup show image-history [duration <duration>{day | hr}]
Use this command to show the data transfer history for inbound and outbound traffic on each image in Data Domain system's backup directory for a given duration at a specified interval. The following is shown for inbound and outbound traffic by date and time:
*amount of pre-compressed data in KB
*amount of post-compressed data in KB
*network transfer data in KB
*low-bandwidth optimization factor
*number of errors
Example of OST opt-dup show image history command output:
ost opt-dup show performance [interval <sec> ] [count <count> ]
Use this command to display in real time, for a given duration at a specified interval, the amount of pre-compressed outbound and inbound data versus the actual network throughput, or post-compressed data.
04/30 11:14:16
OutboundInbound
Pre-comp Network Pre-comp Network
(KB/s) (KB/s)(KB/s) (KB/s)
--------- --------- --------- ---------
0 0 1644325
0 0 2901470
0 0 2430458
0 014390300
0 0 0 70
0 0 2308446
0 0 2814552
0 0 3010529
ost opt-dup show stats
Use this command to monitor outbound and inbound traffic on a Data Domain system during replication. The compression ratio increases when low-bandwidth optimization is enabled.
Direction: Outbound
Network bytes sent: 88,383,976
Pre-compressed bytes sent: 436,874,240
Bytes after filtering: 153,080,417
Bytes after low-bw-optim:145,547,868
Bytes after local compression: 83,628,271
Compression ratio: 4.9
Direction: Inbound
Network bytes received: 88,383,976
Pre-compressed bytes received: 436,874,240
Bytes after filtering: 153,080,417
Bytes after low-bw-optim:145,547,868
Bytes after local compression: 83,628,271
Compression ratio: 4.9
ost option set boost {enabled | disabled}
Administrators can use this command to enable or disable the Distributed Segment Processing feature on the DD OS. By default, it is enabled for DD OS 4.8. If this feature presents any problem for a media server, use this command to disable the feature on the Data Domain system.
Distributed Segment Processing is supported only if the installed version of the OST plug-in is version 2.0 or later, and the feature is enabled on the DD OS.
Notes:
*Distributed Segment Processing is enabled by default in DD OS 4.8. If a system is upgraded from DD OS 4.6.x or 4.7.x to DD OS 4.8, and the OST license is installed at the time of the upgrade, Distributed Segment Processing is not automatically enabled.
*The Distributed Segment Processing feature is enabled in a Global Deduplication Array, you cannot disable it.
ost option reset [boost]
Administrators use this command to reset Distributed Segment Processing to the default option, which is enabled.
ost option show [boost]
Use this command to show whether the Distributed Segment Processing option is enabled or disabled.
ost reset user-name <ost-user>
Use this command to delete the <ost-user>.
ost reset stats
Administrators use this command as follows:
*to reset all statistics when OST is enabled, or
*as a network recovery procedure to clear job connections after the network connection has been lost.
ost set user-name <ost-user>
Administrators use this command to set the OST user name when OST is enabled.
*You must disable and then re-enable OST for OST user-name modifications to take effect.
*There can be only one OST user at a time. The username and password must have already been set up on the Data Domain system by using the DD OS CLI command: user add username [password password]
*The user must be configured in NetBackup to connect to the Data Domain system.
ost show connections
Use this command to show the following information:
*the number of active clients, and for each active client:
*the client's name
*whether or not the client is idle (yes/no)
*the number of installed CPUs
*the amount of memory in MiB
*the installed OST plug-in version number
*the name and version of the operating system
*the NetBackup version number.
*the number of connections that a system uses for OST, and whether these connections are spread across interfaces using Advanced Load Balancing and Failover. (See sample output for client connections below.)
*the number of connections used for a given group, even when the interface has been removed from the ifgroup.*an overview of interfaces available for OST.
Note: For a Global Deduplication Array, the ifgroup status is always disabled, and the member column value is always no.
Client Connections:
Max Client Connections: 65
ifgroup status: Disabled
Interface ifgroup -------------- Connections --------------
member Backup Restore Control* Total
----------------- -------- -------- -------- -------- --------
192.168.52.193 no 0 0 10 10
----------------- -------- -------- -------- -------- --------
Total Connections 0 0 10 10
----------------- -------- -------- -------- -------- --------
* Control connections for opt-dup, image operations
ost show histogram <op>
Use this command to display an OST histogram for the Data Domain system.
op
The name of the NFS operation.
mean-ms
The mathematical mean time for completion of the operations.
stddev
The standard deviation for time to complete operations, derived from the mean time.
max-s
The maximum time taken for a single operation.
2,4,6,8, or 10ms
The number of operations that took less than the specified number of milliseconds (ms).
100ms
The number of operations that took between 10 ms and 100 ms.
1s
The number of operations that took between 100 ms and one second.
10s
The number of operations that took between 1 second and 10 seconds.
>10s
The number of operations that took over 10 seconds.
ost show image-duplication active
Use this command to show the OST image duplication status.
ost show stats [interval <seconds>] [count <count>]
Use this command to display OST statistics. The output shows the number of bytes written to (Pre-compressed bytes received) and read (Total bytes read) from OST images contained in LSUs, and the number of OST images created and deleted from LSUs. The number of errors encountered for each operation is also shown (note that OSTLOOKUP will appear to have failed quite frequently since it is used to verify that an image name is unique before creating an image). Optionally, you can show statistics for a specific number of seconds and repeat the output <count> number of times
If Distributed Segment Processing is enabled, the number of bytes transferred (Pre-compressed bytes received) and the amount of compression (compression ratio) achieved is displayed (see filesys show space for details).
ost show <ost-user>
Use this command to display the current OST user.
ost status
Enter this command to determine whether OST is enabled or disabled.
sysadmin@dd620> help replication
replication - manages the mirroring of data between Data Domain systems. Replication is a licensed feature. If basic options do not work, check that licensing is implemented.
DESCRIPTION
Replication can be implemented as either a collection or a directory:
*Collection replication replicates the complete /backup directory from one Data Domain system (a source) to another Data Domain system (a destination). Each Data Domain system is dedicated as a source or a destination and each can be in only one replication pair. The destination is a read-only system except for receiving data from the source. In addition to /backup certain system files, such as /etc/passwd, are also replicated.
*Directory replication provides replication at the level of individual directories.
Each Data Domain system can be the source or the destination for multiple directories and can also be a source for some directories and a destination for others. During directory replication, each Data Domain system can also perform normal backup and restore operations. Replication command options with directory replication may target a single replication pair or may target all pairs that have a source or destination on the Data Domain system. Each replication pair configured on a Data Domain system is called a context.
In the command options, a specific replication pair is always identified by the destination.
A single destination Data Domain system can receive backups from both CIFS clients and NFS clients as long as separate directories are used for CIFS and NFS. Do not mix CIFS and NFS data under the same directory.
VTL pool replication is the same as directory replication when you configure replication and when you use the replication command (except for the destination name limitation mentioned in the add option).
OPTIONS
replication abort recover <destination>
Use this command to stop a recover process. This command can be executed only on the destination. Once the command is executed, reconfigure replication on the source and restart the recover process.
replication abort resync <destination>
Use this command to stop an ongoing resync operation. This command can be invoked from either the source or the destination directory replication systems.
replication add source <source> destination <destination> [low-bw-optim {enabled | disabled}]
Use this command to create a replication pair on both the source and destination Data Domain systems. This command is available to administrative users only.
Note: This command is just one of the commands that are used to create a replication pair. Refer to the entire procedure in Configuring Replication on page 269 before using this command.
*The source and destination hostnames must be the names returned by the hostname command for the source and destination Data Domain systems.
*When a Data Domain system is at or near full capacity, the command may take 15 to 20 seconds to finish.
*Use low-bw-optim enabled to enable delta replication. The default is disabled. This option is only active when it is enabled on both the source and the destination.
When you configure collection replication, the source and destination parameters must start with col://. For example, enter a command similar to the following on the source and destination Data Domain systems:
# replication add source col://hostA destination col://hostB
When you configure directory replication, the source and destination parameters must start with dir://. The source and destination include the host and backup directory names. For example, enter a command similar to the following on the source and destination Data Domain systems:
# replication add source dir://hostA/backup/dir2 destination dir://hostB/backup/hostA/dir2
Note: When the hostname for a source or destination does not correspond to the network name through which the Data Domain systems will communicate, use replication modify connection -host command on the other system to direct communications to the correct network name.
replication break {<destination> | all}
Use this command to remove either the source or the destination Data Domain system from a replication pair, or to remove all Replicator configurations from a Data Domain system. A <destination> variable or all is required.
Note: This command is just one of the commands that are used to remove a replication pair. Refer to the entire procedure in Delete a Replication Pair on page 274 before using this command.
replication disable {<destination> | all}
Use this command to temporarily halt the replication of data between the source and the destination on either the source or the destination. While replication is disabled, you can change the bandwidth and delay parameters on both sides of the connection with the replication option set command.
On the source, the operation stops the sending of data to the destination. On the destination, the operation stops serving the active connection from the source. If the file system is disabled on either Data Domain system when replication is disabled, replication remains disabled even after the file system is restarted. This command is available to administrative users only.
Note: The replication disable command should be used as a short-term solution. A filesys clean operation may proceed very slowly on a replication context when that context is disabled, and cannot reclaim space for files that are deleted but not yet replicated. Use the replication break command to permanently stop replication and to avoid slowing filesys clean operations.
Note: Using the command replication break on a collection replication replica or recovering originator requires the use of filesys destroy on that machine before the file system can be enabled again.
replication enable {<destination> | all}
Use this command to restart replication that is temporarily halted on the Data Domain system that was temporarily halted. On the source, the operation resumes the sending of data to the destination. On the destination, the operation resumes serving the active connection from the source. If the file system is disabled on either Data Domain system when replication is enabled, replication is enabled when the file system is restarted. This command is available to administrative users only.
Note: If the source Data Domain system received large amounts of new or changed data during the halt, resuming replication may significantly slow down filesys clean operations.
replication initialize <destination>
Use this command on the source to start replication between a source and destination. The command checks that the configuration and connections are correct and returns error messages if any problems appear. If the source holds a lot of data, the initialize operation can take many hours. As an alternative, consider placing both Data Domain systems of the Replicator pair in the same location with a direct link to reduce initialization time. A destination variable is required. This command is available to administrative users only.
Note: This command is just one of the commands that are used to create a replication pair. Refer to the entire procedure in Configuring Replication on page 269 before using this command.
replication modify <destination> low-bw-optim {enabled | disabled}
Use this command to enable delta replication on an existing replication context. This option is only active when it is enabled on both the source and the destination. This command is available to administrative users only.
replication modify <destination> {source-host | destination-host} <hostname>
Use this command when replacing a system in a replication pair to assign a new name for the replacement system on the other side of the replication pair. The <hostname> must be the name returned by the hostname command on the system receiving the new hostname.
If you are changing the hostname on an existing source Data Domain system, use the replication modify command on the destination. Do not use the command if you want to change the hostname on an existing destination. Call Data Domain Technical Support before changing the hostname on an existing destination.
When using the replication modify command, always run the filesys disable command first and the filesys enable command after. This command is available to administrative users only.
For example, if the local destination dest-orig.ca.fcoe.ru is moved from California to New York, run a command similar to the following on both the source and destination:
# filesys disable
# replication modify
dir://ca.fcoe.ru/backup/dir2 destination-host
ny.fcoe.ru
# filesys enable
replication modify <destination> connection-host <hostname> [port <port>]
A source Data Domain system connects to the destination Data Domain system using the <destination> name as returned by the <hostname> command on the destination (either name or IP address). If the destination hostname does not resolve correctly for the connection, use the modify connection-host option to correct the name (or IP address) for the connection. An optional port number can also be used.
The connection-host option may be required when a connection passes through a firewall and is required when connecting to an alternate listen-port on the destination.
The option may be needed after adding a new source and destination pair or after renaming either a source or a destination.
The following example is run on the source to change the destination host ny.fcoe.ru to ny2.fcoe.ru. Note that the destination variable for the context does not change and is still ny.fcoe.ru/backup/dir2.
# replication modify
dir://ny.fcoe.ru/backup/dir2 connection-host
ny2.fcoe.ru
replication modify <destination> connection-host <hostname> [port <port>]
The default listen-port for a destination Data Domain system is 2051. Use the replication modify command on a source to change the port to which the source sends data. A destination can have only one listen port. If multiple sources use one destination, each source must send to the same port.
Note: See the procedure Change the Destination Listen Port on page 277 for an example using this command.
replication option reset {bandwidth | delay | listen-port}
To reset system bandwidth to the default of unlimited or delay to the default of none, or listen port to 2151, use the replication option reset operation. Use the filesys disable command before making changes and use the filesys enable command after making changes.
replication option set bandwidth <rate>
Use this command to set the network bandwidth rate for the Data Domain system.
Caution: If you set bandwidth or delay you MUST set both, and they must be set on both sides of the connection.
replication option set delay <value>
Use this command to set the network delay in milliseconds for the Data Domain system.
Caution: If you set bandwidth or delay you MUST set both, and they must be set on both sides of the connection.
Using bandwidth and network-delay settings together, replication calculates the proper tcp buffer size for replication usage.
This should be needed only for high-latency, high-bandwidth WANs in which the default tcp setting is not good enough to provide best throughput.
For a destination with multiple sources, use the values with the maximum product.
Note: This command is just one of the commands that are used to set the replication bandwidth and delay. Refer to the entire procedure in Set Replication Bandwidth and Network Delay on page 278 before using this command.
replication option set listen-port <value>
Use this command to set the listen port for the Data Domain system. On a destination Data Domain system, set the port from which the destination receives data from replication sources (port 2051 by default). A destination can have only one listen-port that must be used by all sources. The connection-host port used by a source must match the listen-port used by the destination.
option show
Use this command to display the current bandwidth and delay settings. If these settings are at the default of none, the operation returns just a command prompt with no setting information.
replication reauth <destination>
To reset authentication between a source and destination, use the replication reauth command on both the source and the destination. A destination variable is required. This command is available to administrative users only.
Messages similar to "Authentication keys out of sync" or "Key out of sync" signal the need for a reset. Reauthorization is primarily used when replacing a source Data Domain system. See Replace a Directory Source -- Same Directory Name on page 276.
replication recover <destination>
To move data from a surviving destination to a new source, use the replication recover command on the new source. This command is available to administrative users only.
*A destination variable is required.
*This command must be invoked only from the source.
*With collection replication, first use the filesys disable and filesys destroy commands on the new source.
*If the replication break command was run earlier, the destination cannot be used to recover a source.
*With directory replication, the target directory on the source must be empty. See Create Many-to-One Directory Replication on page 272.
Use the replication watch command to display the progress of the recovery process.
replication resync <destination>
To resynchronize replication when directory replication is broken between a source and destination, use the replication resync command. (Both source and destination must already be configured.)
Note: This command cannot be used with collection replication.
A replication resynchronization is useful when converting from collection replication to directory replication or when a directory replication destination runs out of space while the source destination still has data to replicate. See Recover from a Full Replication Destination on page 275 for an example of using the command when a directory replication destination runs out of space.
Note: If you try to replicate to a Data Domain system that has retention-lock enabled, and the destination is not empty, replication resync does not work.
replication show config [<destination> | all]
Use this command to display configuration parameters for a specific destination or for all destinations.
On the replica, the per-context display is modified to include an asterisk; if at least one context was marked with an asterisk, the footnote "Used for recovery only" is also displayed.
The display with a <destination> variable is similar to the following. The all option returns a similar display for each context.
# replication show config dir://host3.fcoe.ru/backup/dir2
CTX:2
Source: dir://host2.fcoe.ru/backup/host2
Destination:dir://host3.fcoe.ru/backup/host2
Connection Host: ccm34.fcoe.ru
Connection Port: (default)
Low-bw-optim: enabled
Enabled: yes
# replication show config all
CTX:1
Source dir://syrah22.fcoe.ru/backup/syrah22
Destinationdir://dd580.pr.fcoe.ru/backup/syrah22
Connection Host: dd580.princeton.fcoe.ru
Connection Port: (default)
Low-bw-optim: enabled
Enabled: yes
The columns in the output are:
CTX
The context number for directory replication or a 0 (zero) for collection replication.
Source
The Data Domain system that receives data from backup applications.
Destination
The Data Domain system that receives data from the replication source Data Domain system.
Connection
Host and
Port
A source Data Domain system connects to the destination Data Domain system using the destination name as returned by the hostname command on the destination or by using a destination name or IP address and port given with the replication modify connection-host command. The destination hostname may not resolve to the correct IP address for the connection when connecting to an alternate interface on the destination or when a connection passes through a firewall.
Low-bw-optim
The active status of low-bw-optim: enabled, disabled, or configuration mismatch.
Enabled
The replication process is yes (enabled and available to replicate data) or no (disabled and not available to replicate data).
replication show detailed-history {<destination> | all} [duration <duration> {hr | min}] [interval <number> {hr | min}]
Use this command to display statistics accumulated over the specified interval. This command provides byte-count statistics related to identity-filtering, delta-compression, and local-compression. The ratio of the columns Replicated Post-filtered and Replicated Post-low-bw-optim gives the additional compression ratio supplied by delta compression.
replication show detailed-stats [<destination> | all]
Use this command to display cumulative stats since the context was created. This command provides byte-count statistics related to identity-filtering, delta-compression, and local-compression. The ratio of the byte values Bytes after filtering by destination to Bytes after low bandwidth optimization gives the additional compression ratio supplied by delta compression.
replication show history {<destination> | all} [duration <duration> {hr | min}] [interval <number> {hr | min}]
To display a history of replication, use the replication show history command. Statistics are generated only once an hour, so the smallest interval that appears is one hour.
The columns in the output are:
Pre-Comp (KB) Remaining
The amount of pre-compression data that is not replicated.
Replicated (KB) Pre-Comp
The amount of pre-compressed data that is replicated.
Replicated (KB) Network
The amount of compressed data sent over the network.
Sync'ed-as-of Time
The time when the most recently replicated data on the destination was generated on the source. A value of unknown appears during replication initialization.
Low-bw-optim
The additional compression ratio supplied by delta compression.
replication show performance {<obj-spec-list> | all} [interval <sec>] [count <count>]
To display current replication activity, use the replication show performance command. The default interval is two seconds.
If only a single source context is specified, four additional columns are presented. These columns show the relative amounts of time spent working or waiting by replication sender threads for the specified context. The values are calculated by taking the amount of time spent for the given activity, multiplying by 100, and dividing by the duration of the reporting interval. Values can exceed 100 due to the presence of multiple threads working on behalf of the specified replication context.
The columns and their meanings are as follows:
Pre-comp (KB/s)
The size value before compression is applied. Sometimes referred to as "logical size."
Network (KB/s)
The amount of compressed data per second transferred over the network.
Streams
An internal system resource associated with reads and writes. Assuming more system streams are actually available, one replication context can use multiple streams for better performance.
Reading
The time reading file system data from the local file system. Typically this number is the second highest number (after Network, below). On a deployment with high network bandwidth, Reading may be the largest of the columns.
Meta
The time spent on miscellaneous bookkeeping acclivities, as well as replicating filesystem namespace operations. Normally this value is under 50. If this value exceeds 50 on a sustained basis, it may indicate an unusual workload (a large number of file attribute updates, for example).
Dest
The time spent waiting due to the receiver not having given the sender more information about what data to send. Normally this value is low. Exceptions include systems on high-speed networks where the sender is a more powerful Data Domain system than the replica, or where the replica has a higher workload than the sender because the replica is the destination for a number of additional replication contexts.
Network
The time spent sending file data and metadata, and waiting for replies from the server about what data needs to be sent. Typically this is the highest of the four values. This value exceeds 100 regularly if the sender is able to replicate multiple unreplicated files in parallel.
If the Network column has the highest time values among Reading, Meta, Waiting, and Network, and if the Network KB/sec value is lower than expected, a network problem may be present. For example, packet loss may be causing reduced throughput.
The following example was captured while initializing replication over a 100Mbps network. The output shows the following:
*The ratio between Pre-comp and Network is approximately 2:1. This is because replication is having to send all of the segments from the source to the destination. Local compression is responsible for the 2:1 ratio.
*At 100Mbps, the source spends most of its time waiting (in the Network column) for socket send buffer space to clear. The source has previously sent data which has not yet been received. The other source of time waiting is file system reads (Reading column).
*The value of 3 for Streams means that replication is sending three files in parallel for this context.
# replication show performance rctx://1
07/31 10:09:27
rctx://1
Pre-comp Network StreamsBusy Waiting
(KB/s) (KB/s) Reading Meta Dest Network
--------- --------- ------- -------------- --------------
21798 10173331 00 264
199149427327 00 269
23091 11314342 00 253
194469161320 00 276
24002 11604352 00 242
22725 10829347 00 248
186629119341 00 254
24263 11355331 00 264
201799640328 00 267
23887 11162340 00 255
211259957323 00 272
The next example shows the command output from the same system, this time with the replication throttle removed. In this example, most of the time is spent in filesystem reading, as expected.
Note: These examples use older Data Domain Systems, so the numbers are lower than users should expect to see with newer models.
# replication show performance rctx://1
07/31 10:20:13
rctx://1
Pre-comp Network StreamsBusy Waiting
(KB/s) (KB/s) Reading Meta Dest Network
--------- --------- ------- -------------- --------------
35864 167783 253 00 12
38120 179253 243 00 12
34004 155363 238 00 11
40418 189723 252 00 11
32612 155743 251 00 12
33133 158393 253 00 13
36273 175303 237 00 18
30522 144673 272 00 9
36398 173723 256 00 16
24684 121503 260 00 12
38906 182933 246 00 17
replication show stats [<destination> | all]
To display replicator statistics for all replication pairs or for a specific <destination> pair, use the replication show stats command.
To display statistics for the destination labeled as context 1, use the following command:
# replication show stats rctx://1
The columns in the output are:
CTX
The context number for directory replication or a 0 (zero) for collection replication
Destination
The replication destination.
Network bytes sent
The count of bytes sent over the network. Does not include TCP/IP headers. Does include internal replication control information and metadata, as well as file system data.
Post-
compressed bytes sent
For the source, the actual (network) data sent by the source. For Destination, the actual (network) data sent by the destination to the source.
Pre-compressed bytes sent
The number of pre-compressed bytes sent by the source. Note: this includes logical bytes associated with the current file that's being replicated.
Sync'ed-as-of-Time
The time when the most recently replicated data on the destination was generated on the source. A value of unknown appears during replication initialization.
Pre-compressed bytes remaining (directory replication only)
The sum of the size(s) of the file(s) remaining to be replicated for this context.
Note: this includes the *entire* logical size of the current file being replicated, so if a very large file is being replicated, this number may not change for a noticeable period of time; it only changes after the current file finishes.
Compression ratio
The ratio of pre-compressed bytes transferred to network bytes transferred.
Compressed data remaining (collection replication only)
The amount of compressed file system data remaining to be sent.
Below is some actual output for replication show stats all. In this example, an engineer created a file a bit larger than 1 GB by writing some data. Then he created seven copies of it using filesystem fastcopy. The fact that he wrote only approximately 1 GB shows up in the Pre-compressed bytes written to source column; Network bytes sent to destination is a bit larger than this, due to metadata exchanged as part of the replication protocol. The Pre-compressed bytes sent to destination column gives the full (approximately) 8 GB, being the sum of the sizes of the eight files involved. 7.6 is the ratio between pre-comp bytes sent and network bytes sent.
sym2# replication show stats all
CTX: 1
Destination: dir://syrah33.fcoe.ru/backup/example
Network bytes sent to destination: 1,134,514,576
Pre-compressed bytes written to source: 1,073,741,824
Pre-compressed bytes sent to destination: 8,590,163,968
Pre-compressed bytes remaining: 0
Files remaining: 0
Compression ratio: 7.6
Sync'ed-as-of time: Wed Apr 2 16:40
sym3# replication show stats all
CTX: 1
Destination: dir://syrah33.fcoe.ru/backup/example
Network bytes received from source: 1,134,515,676
Pre-compressed bytes written to source: 1,073,741,824
Pre-compressed bytes sent to destination: 8,590,163,968
Pre-compressed bytes remaining: 0
Files remaining: 0
Compression ratio: 7.6
Sync'ed-as-of time: Wed Apr 2 16:40
replication status [<destination> | all]
To display replicator configuration information and the status of replication operations, use the replication status command.
With the all option, the display is similar to the following:
# replication status all
CTX: 1
Mode: source
Destination:
dir://dd580.princeton.fcoe.ru/backup/syrah22
Enabled: yes
Low bandwidth optimization: enabled
Local filesystem status: enabled
Connection: connected since Thu Sep 24 00:46:58
State:normal
Error:no error
Sync'ed-as-of time: Tue Oct 27 14:57
Current throttle: unlimited
The columns in the output for all are:
Mode
The role of the local system: source or
destination.
Destination
To be supplied.
Enabled
The enabled state (yes or no) of replication for each replication pair. This column will show yes even if replication is enabled but the rate is throttled to zero.
Low bandwidth
optimization
To be supplied.
Local Filesystem
Status
The status (enabled or disabled) of the local file system.
Connection
Includes both the state and the date and time of the last change in the connection state.
State
The state of the replication process.
Error
A listing of any errors in the replication process.
Sync'ed-as-of-time
The time when the most recently replicated data on the destination was generated on the source. A value of unknown appears during replication initialization.
Current Throttle
The current throttle setting.
The fields in the output for destination are:
Mode
The role of the local system: source or destination.
Local Filesystem Status
The status (enabled or disabled) of the local file system.
Connection
Includes both the state and the date and time of the last change in the connection state.
State
The state of the replication process.
Error
A listing of any errors in the replication process.
Current Throttle
The current throttle setting.
replication sync <destination>
Use this command only on the source. The output's current value represents data on the source that is yet to be replicated to the destination. The value represents only the data available at the time the command is given.
Data received after the command begins is not added to the output. When the current value is equal to or greater than the output's sync_target value, replication is complete for all of the data that was available for replication at the time the command began.
Output is updated periodically and the command line cursor does not return until the operation is complete.
# replication sync
0 files flushed.
current=2832642 sync_target=2941532 head=2841234
replication sync status <destination>
To check on progress when running the sync start command, use the replication sync status command.
replication throttle add <sched-spec> <rate>
To change the rate of network bandwidth used by replication, use the throttle add command. By default, the network bandwidth use is unlimited (as fast as possible at all times). This command is available to administrative users only.
Replication runs at the given rate until the next scheduled change or until new throttle commands force a change.
Note: The system enforces a minimum rate of 98,304 bits per second (12 KiB).
The <sched-spec> must specify either:
*One or more three-letter days of the week (such as mon, tue, or wed) or the word daily (to set the schedule every day of the week)
*A time of day in 24-hour military time
The <rate> includes a number or the word unlimited. Rate can also be 0 (the zero character), disable, or disabled (each stops replication until the next rate change). If you set <rate> to zero, any new contexts also get throttled to zero.
The number can include a tag for bits or bytes per second. Do not use a space between the number and the bits or bytes specification (for example, 2000 KiB). The default rate is bits per second.
In the rate variable:
*bps or b equals raw bits per second
*Kibps, Kib, or K equals 1024 bits per second
*Bps or B equals bytes per second
*KiBps or KiB equals 1024 bytes per second
Note: Kib = Kibibits, the base-2 equivalent of Kb or Kilobits. KiB = Kibibytes, the base-2 equivalent of KB or Kilobytes.
For example, the following command limits replication to 20 kibibytes per second starting on Mondays and Thursdays at 6:00 a.m.:
# replication throttle add mon thu 0600 20KiB
replication throttle del <sched-spec>
To remove one or more throttle schedule entries, use the throttle del command. This command is available to administrative users only.
The sched-spec must include:
*One or more three-letter days of the week (such as mon, tue, or wed) or the word daily (to set the schedule every day of the week)
*A time of day in 24-hour military time
For example, the following command removes an entry for Mondays at 11:00 a.m.:
# replication throttle del mon 1100
replication throttle reset {current | override | schedule | all}
This command can reset a throttling schedule:.
current
Remove the rate set by the replication throttle set current command.
override
Remove the rate set by the replication throttle set override command.
schedule
Remove all scheduled change entries.
all
Remove any current or override settings and remove all scheduled change entries, returning the system to the default settings. This command is available to administrative users only.
replication throttle set {current | override} rate
Use this command to set a throttle override. The options are:
current
Set the throttle rate until the next scheduled change or until a system reboot. (See the rate explanation for the replication throttle add command above.) current cannot be set if the replication throttle set override command is in effect.
override
Set the throttle rate until another override command is invoked. (See the rate explanation for the replication throttle add command above.) override cannot be set if the replication throttle set current command is in effect. This command is available to administrative users only.
replication throttle show [KiB]
Use this command to display all scheduled throttle entries and rates. Use the KiB option to display the rate in Kibibytes (the base-2 equivalent of Kilobytes) per second. Without the option, the rate is displayed in bits per second.
replication watch <destination>
Use this command to display the progress of a replication initialization, resync, or recovery operation. This command is available to administrative users only.
EXAMPLES
Configuring Replication
Before starting the replication configuration, be sure to consider the following:
*Ensure adequate storage is available on the source and destination. At a minimum, the destination must have more space than the source.
*Determine the type of replication configuration to use.
*Ensure the destination directory is empty or its contents are not required, as it will be overwritten.
Limitations
Before configuring directory replication, review the following information.
Table 1: Maximum Contexts for Directory Replication
Model
Maximum Number of Contexts
DD880
180
DD690 and DD690g
90
DD580, DD565, and DD560
45
DD630, DD565, and DD560 with 8 GB RAM
20
All other models
20
*If the source holds a lot of data, the replication operation can take many hours. Consider putting both Data Domain systems in the Replicator pair in the same location with a direct link to cut down on initialization time.
*A subdirectory that is under a source directory in a replication context cannot be used in another directory replication context. A directory can be in only one context at a time. If it is, either choose another or delete the system from the context.
Configuring Replication Pairs
Create either a collection or directory replication pair, as described in the following sections.
Create Collection Replication
1.Run this command on both the source and destination Data Domain systems:
filesys disable
2.Run this command on the destination Data Domain system:
filesys destroy
3.Run this command on both the source and destination Data Domain systems:
replication add source col://hostA destination col://hostB
Once it is verified that both Data Domain systems in the pair can communicate, the Replicator process starts. If a problem arises, such as that communication between the Data Domain systems is not possible, you do not need to re-initialize after fixing the problem. Replication should begin as soon as the Data Domain systems can communicate.
After replication is initialized, ownership and permissions of the destination directory are always identical to those of the source directory.
Test results from Data Domain returned the following guidelines for estimating the time needed for replication initialization. Note that the following are guidelines only and may not be accurate in specific production environments.
*Over a gibibit LAN, performance is about 70 MiB/sec of compressed data.
*Over a WAN, performance is governed by the WAN link line speed, bandwidth, latency, and packet loss rate.
Create a Directory Replication
1.Run this command on both the source and destination Data Domain systems:
replication add source dir://hostA/backup/dir2
destination dir://hostB/backup/dir2
2.Run this command on the source:
replication initialize
Once it is verified that both Data Domain systems in the pair can communicate, the Replicator process starts. If a problem arises, such as that communication between the Data Domain systems is not possible, you do not need to re-initialize after fixing the problem. Replication should begin as soon as the Data Domain systems can communicate.
Note: When a new directory or pool replication pair is being created, the source directory cannot be written to until the replication relationship between source and destination systems has been established. Attempts to write to the newly configured replication source directory will fail until the replication relationship has been established. Instead, schedule the replication configuration at a time when backups are not occurring.
Test results from Data Domain returned the following guidelines for estimating the time needed for replication initialization. Note that the following are guidelines only and may not be accurate in specific production environments.
*Using a T3 connection, 100ms WAN, performance is about 40 MiB/sec of pre-compressed data, which gives data transfer of:
40 MiB/sec = 25 seconds/GiB = 3.456 TiB/day
*Using a gibibit (the base-2 equivalent of gigabit) LAN, performance is about 80 MiB/sec of pre-compressed data, which gives data transfer of about double the rate for a T3 WAN.
Create Bi-Directional Directory Replication
To set up and start directory replication for dir2 from hostA to hostB and for dir1 from hostB to hostA, follow this procedure.
1. Run this command on both the source and destination Data Domain systems:
replication add source dir://hostA/backup/dir2
destination dir://hostB/backup/dir2
2.Run this command on both the source and destination Data Domain systems:
replication add source dir://hostB/backup/dir1
destination dir://hostA/backup/dir1
3.Run this command on hostA:
replication initialize dir://hostB/backup/dir2
4.Run this command on hostB:
replication initialize dir://hostA/backup/dir1
Create One-to-Many Directory Replication
One source directory can be replicated to many destination systems.
1. Run this command on both the source and destination Data Domain systems:
replication add source dir://hostA/backup/dir2
destination dir://hostB/backup/dir2
2. Run this command on the source:
replication initialize
Create Many-to-One Directory Replication
To set up and start directory replication for directories from hostA and hostB to hostC, follow this procedure.
1.Run this command on both hostA and hostC:
replication add source dir://hostA/backup/dir2
destination dir://hostC/backup/dir2
2.Run this command on both hostB and hostC:
replication add source dir://hostB/backup/dir1
destination dir://hostC/backup/dir1
3.Run this command on hostA:
replication initialize dir://hostC/backup/dir2
4.Run this command on hostB:
replication initialize dir://hostC/backup/dir1
Create Cascaded Directory Replication
1.When creating a cascaded directory replication, use the procedure Create a Directory Replication on page 271 to create a pair for dir1 from hostA to dir1 hostB.
2.Complete the cascade from dir1 hostB to dir1 hostC.
Both directory and collection replica can be part of a single cascaded directory replication.
Create a Pool Replication
Replicating VTL tape cartridges (or pools) simply means There has been some confusion over "pool replication," which is nothing but directory replication of directories that contain pools, and acts no differently.
*All these types of directory replication are the same (except for the destination name limitation below) when configuring replication and when using the replication command set. Examples in this chapter that use dir:// are also valid for pool://. (To avoid exposing the full directory names to the VTL cartridges, we created the UNI "pool" as a shorthand. UNI stands for "User to Network Interface".)
*Replicating VTL pools and tape cartridges does not require the VTL license on the destination Data Domain system.
*The pool name must be unique on the destination, and the destination cannot include levels of directories between the destination hostname and the pool name. For example, a destination of pool://hostB/hostA/pool2 is not allowed.
Note: When a new directory or pool replication pair is being created, the source directory cannot be written to until the replication relationship between source and destination systems has been established. Attempts to write to the newly configured replication source directory will fail until the replication relationship has been established. Instead, schedule the replication configuration at a time when backups are not occurring.
1.Start the source and destination variables with pool:// and include the pool that is the replication target. For example, enter a command similar to the following on both Data Domain systems:
replication add source pool://hostA/pool2
destination pool://hostB/pool2
The replication from source to destination begins.
Managing Replication
Delete a Replication Pair
1.Run the filesys disable command on the source and destination systems.
2.Run the replication break command:
replication break {destination | all}
3.On a collection replication replica or recovering originator, use the filesys destroy command on that machine before the file system can be enabled again.
4.Run the filesys enable command.
*With collection replication, a destination is left as a stand-alone read/write Data Domain system that can then be used as a source.
*With collection replication, a destination cannot be brought back into the replication pair or used as a destination for another source until the file system is emptied with the filesys destroy command.
*With directory replication, a destination directory must be empty to be used again (whether with the original source or with a different source), or alternatively, replication resync must be used.
Suspend and Resume Replication
Suspending replication temporarily pauses an active replication of data between source and destination. On the source, the data being sent to the destination is paused. On the destination, this operation stops serving the active connection from the source.
1.To suspend replication from either the source or the destination, use:
replication disable {destination | all}
2.To resume replication from either the source or the destination, use:
replication enable {destination | all}
Replication of data is resumed.
Note: If the source Data Domain system received large amounts of new or changed data during the halt, resuming replication may significantly slow down filesys clean operations.
Recover from a Full Replication Destination
When using directory replication, a destination Data Domain system can become full before a source Data Domain system replicates all of a context to the destination.
For example, to recover a context of dir://hostA/backup/dir2, use the following procedure:
1. On the source and destination Data Domain systems, run commands similar to the following:
filesys disable
replication break dir://hostB/backup/dir2
filesys enable
2. On the destination, run a file system cleaning operation:
filesys clean
3. On both the source and destination, add back the original context:
replication add source dir://hostA/backup/dir2
destination dir://hostB/backup/dir2
4. On the source, run a replication resynchronization operation
for the target context:
replication resync dir://hostB/backup/dir2
Replace a Directory Source -- Same Directory Name
If the source (hostA) for directory replication is replaced or changed out, use the following commands to integrate (with hostB) a new source that uses a new name (hostC).
1. If the new source has any data in the target directories, delete all data from the directories.
2. Run the following commands on the destination:
filesys disable
replication modify dir://hostB/backup/dir2 source-
host hostC
replication reauth dir://hostB/backup/dir2
filesys enable
3. Run the following commands on the new source:
replication add source dir://hostC/backup/dir2
destination dir://hostB/backup/dir2
replication recover dir://hostB/backup/dir2
4. Use the following command to see when the recovery is complete. Note the State entry in the output. State is normal when recovery is done and recovering while recovery is in progress. Also, a messages log file entry, replication recovery completed is sent when the process is complete. The byte count may be equal on both sides, but the recovery is not complete until data integrity is verified. The recovering directory is read-only until recovery finishes.
# replication status dir://hostC/backup/dir2
CTX:2
Mode:source
Destination:dir://hostC/backup/dir2
Enabled: yes
Local filesystem status: enabled
Connection: connected since Sat Apr8 23:38:11
State: recovering
Error: no error
Destination lag: less than 5 minutes
Current throttle: unlimited
Change the Destination Listen Port
The default IP Listen port for transmitting the data stream to the replication destination is 2051. If a network configuration requires a different port, it can be changed globally or per replication pair.
The following example is run on the source to inform the source that the destination host ny.fcoe.ru has a listen-port of 2161. Then use the replication option set listen-port command on the destination to set an alternate listen-port.
1. For example, on the source, use the command:
# replication modify
dir://ny.fcoe.ru/backup/dir2 connection-host
ny.fcoe.ru port 2161
2. On the destination, use:
# replication option set listen-port 2161
A destination can have only one listen port. If multiple sources use one destination, each source must send to the same port.
Set Replication Bandwidth and Network Delay
Using bandwidth and network-delay settings together, replication calculates the proper tcp buffer size for replication usage. This should be needed only for high-latency, high-bandwidth WANs on which the default tcp setting is sufficient to provide the best throughput.
Caution: If you set bandwidth or delay you MUST set both.
Bandwidth and delay must be set on both sides of the connection. For a destination with multiple sources, use the values with the maximum product.
1. Find the actual bandwidth for each server. Find the actual network delay values for each server (for example, by using the ping command).
2. Disable replication on all servers:
# replication disable all
3. For each server, wait until replication status reports "disconnected":
# replication status
4. For each server, set the bandwidth to its actual value in Bytes per second:
# replication option set bandwidth rate
Note: The replication option set of bandwidth and network delay only needs to be executed once on any Data Domain system even with multiple replication server contexts. The setting is global to the box.
5. For each server, set the network delay to its actual value in milliseconds:
# replication option set delay value
6. Re-enable replication on all servers:
# replication enable all
Managing Delta Replication
Delta replication, also called "low bandwith optimization," can increase the virtual throughput of directory replication across links with less than 6 Mbps of available (or throttled) bandwidth. Delta replication incurs significant additional CPU and I/O overhead on both the source and destination Data Domain systems. If low bandwidth optimization is enabled across links with greater than 6 Mbps of bandwidth, it is unlikely that any gain in virtual throughput will be realized.
Delta Replication applies more computation time to data compression, which utilizes a low-bandwidth link more efficiently and reduces the time required to perform replication. When a low-bandwidth link is fully loaded, Delta Replication can cut replication time by 50%. For high-bandwidth links (faster than T3 capacity), Delta Replication might not speed up, and could slow down, the replication process.
Low bandwidth optimization increases the virtual throughput of directory replication on most data sets by a factor of 2x or more. However, low bandwidth optimization does not compress segment metadata. If the data to be replicated is more than 96% identical to data already existing on the destination system (that is, the over-the-wire compression ratio reported by the replication show stats command is 25x or more, and thus most of the bandwidth is being consumed by segment metadata), it is unlikely that low bandwidth optimization will increase virtual throughput significantly.
If the data to be replicated is less than 96% identical to data already existing on the destination system; and there is less than 6 Mbps of available bandwidth; and both systems have spare CPU and I/O capacity; then enable low bandwidth optimization and monitor the output of replication show history over several weeks. The Low-bw-optim ratio should average 2.00 or more, and the network throughput (network bytes divided by time interval) should not be much less than the available bandwidth.
If the Low-bw-optim ratio does not average 2.00 or more, then delta compression is probably not effective on the data set and should be disabled. If the network throughput is much less than the available bandwidth, then most likely one or both Data Domain systems do not have enough spare CPU or I/O capacity to support delta replication, and it should be disabled.
Use the replication show command options to analyze your replication throughput and determine whether Delta Replication is likely to be helpful.
Determining Whether Delta Replication Increases Compression
In some cases, Delta Replication cannot increase compression and therefore provides no benefit. This example shows a value of 1.0 for Low-bw-optim, the low bandwidth optimization ratio. This is a ratio of bytes before applying delta compression to bytes after delta compression; that is, the additional compression delta has added.
destination# replication show history all
Directory Replication:
Date TimeCTX Pre-Comp (KB) Pre-Comp (KB) WrittenRemaining
---------- -------- --- ------------- -------------
2009/03/12 15:19:51 1 13,618,616 13,618,616
Replicated (KB) Low-bw- Sync-as-of Pre-CompNetwork optim Time
----------------------- ------- ----------------
9,881,662 4,472,200 1.00 Thu Mar 12 14:20
In this example, the destination system reports that Bytes after low bandwidth optimization is not smaller than Bytes after filtering by destination.
destination# replication show detailed-stats all
CTX:
1
Destination:
dir://1.2.3.4/backup/destination
Network bytes received from
source:
5,576,867,192
Pre-compressed bytes written to
source:
13,618,616,344
Pre-compressed bytes sent to
destination:
13,618,616,344
Bytes after filtering by
destination:
8,068,500,019
Bytes after low bandwidth
optimization:
8,068,500,019
Bytes after local compression:
5,475,813,069
Pre-compressed bytes remaining:
0
Files remaining:
0
Compression ratio:
2.4
Sync'ed-as-of time:
Thu Mar 12 21:14
Example where Delta Replication Improves Throughput
The actual numbers below show a situation where delta replication improves compression/throughput. In this case, Pre-compressed bytes sent to destination is larger than Pre-compressed bytes written to source because of retries resulting from network problems. Note that Bytes after low bandwidth optimization is smaller than Bytes after filtering by destination by about 2.88x.
destination# replication show detailed-stats all
CTX: 1
Destination: dir://1.2.3.4/backup/destination
Network bytes received from source: 300,919,746,737
Pre-compressed bytes written to source: 10,499,354,457,124
Pre-compressed bytes sent to destination: 10,515,122,596,205
Bytes after filtering by destination: 1,295,201,966,223
Bytes after low bandwidth optimization: 450,446,948,340
Bytes after local compression: 237,166,897,273
Pre-compressed bytes remaining: 0
Files remaining: 0
Compression ratio: 34.9
Sync'ed-as-of time: Tue Oct 20 05:28
When Pre-compressed bytes written to source is not equal to Pre-compressed bytes sent to destination,possible reasons include the following:
*Pre-compressed bytes written might be less than pre-compressed bytes sent due to network-related resends. Or, because an overwrite of even one byte to a file requires a certain minimum amount of logical file content around that one-byte overwrite to be re-replicated. Workloads involving overwrites or updates to small files may see marginally higher pre-compression bytes replicated.
*Pre-compression bytes written might be higher than pre-compression bytes sent in cases where a large amount of file content is written, then overwritten prior to the file being closed on the sender. This is unusual for backup applications, but is possible with database applications.
sysadmin@dd620> help route
route -manage Data Domain system network routing, routing displays, and the routing gateway.
DESCRIPTION
Use the route command to manage routing between a Data Domain system and backup hosts. An added routing rule appears in the Kernel IP routing table and in the Data Domain system Route Config list, a list of static routes that are re-applied at each system boot. Use the route show config command to display the Route Config list. Use the route show table command to display the Kernel IP routing table.
Note: Changes to the Ethernet interfaces made with the net command options flush the routing table. All routing information is lost and any data movement currently using routing is immediately cut off. Data Domain recommends making interface changes only during scheduled maintenance down times. After making interface changes, you must reconfigure any routing rules and gateways.
OPTIONS
route add {-host <host-name> | -net <ipaddr> netmask <mask>} gw <gw-addr>
Use this command to add a routing rule. If the target being added is a network, use the -net option. If the target is a host, use the -host option. The gateway (gw) can be either an IP address or a hostname that is available to the Data Domain system and that can be resolved to an IP address. This command is available to administrative users only.
To add a route for the host user24 with a gateway of srvr12, use:
# route add -host user24 gw srvr12
To add a route with a route specification of 192.168.1.x, a
netmask, and a gateway of srvr12, use:
# route add -net 192.168.1.0 netmask 255.255.255.0 gw srvr12
The following example gives a default gateway of srvr14 for use when no other route matches:
# route set gw srvr14
route del {-host <host-name> | -net <ipaddr> netmask <mask>}
Use this command to remove a routing rule. Use the same form (-host or -net) to delete a rule as was used to create the rule. The route show config command shows whether the entry is a host name or a net address. If neither -host or -net is used, any matching lines in the Route Config list are deleted. This command is available to administrative users only.
To remove a route for host user24, use:
# route del -host user24
To remove a route with a route specification of 192.168.1.x and a
gateway of srvr12, use:
# route del -net 192.168.1.0 netmask 255.255.255.0
gw srvr12
route reset gateway
Use this command to reset the default routing gateway to the default value (empty). This command is available to administrative users only.
route set gateway <ipaddr>
Use this command to change the routing default gateway. This command is available to administrative users only.
For example, to set the default routing gateway to the IP address of 192.168.1.2, use:
# route set gateway 192.168.1.2
route show config
Use this command to display the configured static routes that are in the Route Config list.
The display looks similar to the following (each line in the example wraps):
# route show config
The Route Config list is:
-host user24 gw srvr12
-net 192.168.1.0 netmask 255.255.255.0 gw srvr12
route show gateway
Use this command to display the configured or DHCP-supplied routing gateways used by a Data Domain system.
The display looks similar to the following:
# route show gateway
Default Gateways
192.168.1.2
192.168.3.4
route show table
Use this command to display all entries in the Kernel IP routing table.
The display looks similar to the following (each line in the example wraps):
# route show table
route trace <host>
Use this command to display a route used by a Data Domain system to connect with a particular destination.
For example, to trace the route to srvr24, use:
# route trace srvr24
Traceroute to srvr24.fcoe.ru (192.168.1.6),
30 hops max, 38 byte packets
1 srvr24 (192.168.1.6) 0.163 ms 0.178 ms 0.147 ms
EXAMPLES
Add a Route
To add a route with a route specification of 192.168.1.x, a netmask, and a gateway of srvr12, use:
# route add -net 192.168.1.0 netmask 255.255.255.0 gw srvr12
To add a route for host user24 with a gateway of srvr12, use:
# route add -host user24 gw srvr12
Delete a Route
To delete a route with a route specification of 192.168.1.x and a netmask of 255.255.255.0, use:
# route del -net 192.168.1.0 netmask 255.255.255.0
Set a Default Gateway
To give a default gateway when no other route matches, use:
# route set gateway 192.168.10.1
sysadmin@dd620> help snapshot
snapshot -create and manage read-only copies of the Data Domain file system.
DESCRIPTION
The snapshots command manages file system snapshots. A snapshot is a read-only copy of the Data Domain system file system from the top directory, /backup. Snapshots are useful for avoiding version skew when backing up volatile data sets, such as tables in a busy data base, and for retrieving earlier versions of a directory or file that was deleted.
If the Data Domain system is a source for collection replication, snapshots are replicated. If the Data Domain system is a source for directory replication, snapshots are not replicated. Snapshots must be created separately on a directory replication destination.
Snapshots are created in the system directory /backup/.snapshot. Each directory under /backup also has a .snapshot directory with the name of each snapshot that includes the directory. The filesys fastcopy command can use snapshots to copy a file or directory tree from a snapshot to the active file system.
Note: The .snapshot directory is a virtual directory. It can be referenced in any directory, but it does not show up in a directory listing except at export points (for example, a CIFS share or NFS mount point).
OPTIONS
snapshot add schedule <name> [days <days>] time <time> [,<time>...] [retention <period>]
snapshot add schedule <name> [days <days>] time <time> every <mins> [retention <period>]
snapshot add schedule <name> [days <days>] time <time> - <time> [every <hrs> | <mins>] [retention <period>]
Use these commands to set up a series of snapshots to be taken at a regular intervals in the future.
Notes: It is strongly recommended that snapshot schedules always explicitly specify a retention time. The default retention time is 14 days. If no retention time is specified, all snapshots are retained for 14 days, consuming valuable resources.
Multiple snapshot schedules can be active at the same time.
If multiple snapshots are scheduled to occur at the same time, only one is retained. However, which one is retained is indeterminate, thus only one snapshot should be scheduled for a given time.
snapshot add schedule <name> [days <days>] time <time> [,<time>...] [retention <period>]
The default for days is daily and the user can specify a list of hours.
snapshot add schedule <name> [days <days>] time <time> every <mins> [retention <period>]
The default for days is daily. The user can also specify the interval in minutes.
snapshot add schedule <name> [days <days>] time <time> - <time> [every <hrs> | <mins>] [retention <period>]
The default for days is daily. When every is omitted, the command defaults to 1hr.
<days>
Are one or more three-letter day abbreviations, such as tue for Tuesday. Use a hyphen ( - ) between days to denote a range. For example, mon-fri creates a snapshot every day, Monday through Friday.
<time>
A 24-hour clock that starts at 00:00 and goes to 23:59. The format in the command is a three- or four-digit number with an optional colon ( : ) between hours and minutes. For example, 4:00 or 04:00 or 0400 sets the time to 4:00 a.m., and 14:00 or 1400 sets the time to 2:00 p.m.
retention <period>
A number plus days, weeks or wks, or months or mos with no space between the number and the days, weeks, or months tag. For example, 6wks. The months or mos period is always 30 days.
The naming convention for scheduled snapshots is the word scheduled followed by a four-digit year, a two-digit month, a two-digit day, a two-digit hour, and a two-digit minute. All elements of the name are separated by hyphens( - ). For example scheduled-2009-04-27-13-41.
The name every_day_8_7 is the name of a snapshot schedule. Snapshots generated by that schedule might have the names scheduled-2008-03-24-20-00, scheduled-2008-03-25-20-00, and so forth.
For example, to schedule a snapshot every Monday and Thursday at 2:00 a.m. with a retention of two months, use:
# snapshot add schedule mon thu 02:00 retention 2mos
Snapshots are scheduled to run "Mon, Thu" at "0200".
Snapshots are retained for "60" days.
snapshot create <snapshot> [retention {<date> | <period>]
Use this command to create a snapshot. This command is available to administrative users only.
<snapshot>
A descriptive name for the snapshot.
retention <date>
A four-digit year, a two-digit month, and a two-digit day separated by dots ( . ), slashes ( / ), or hyphens ( - ). For example, 2009.05.22.
With a retention <date>, the snapshot is retained until midnight (00:00, the first minute of the day) of the given date. With a retention period, the snapshot is retained until the same time of day as the creation.
retention <period>
A number of days, weeks or wks, or months or mos with no space between the number and the days, weeks, or months. For example, 6wks. The months or mos period is always 30 days.
For example, when a snapshot is created at 8:48 a.m. on April 27, 2009, the output is similar to the following:
# snapshot create test22 retention 6wks
Snapshot "test22" created and will be retained until Jun 8 2007 08:48.
Note: The maximum number of snapshots allowed to be stored on a system is 800. If the maximum number is reached, the system generates an alert. If your system becomes filled with snapshots, you can resolve this by expiring snapshots and then running filesys clean.
snapshot del schedule [<name> | all]
Use the snapshot del schedule <name> command to delete a specific snapshot schedule. Use this command to delete all snapshot schedules with the argument all. This command is available to administrative users only.
Note that there are two ways to delete all scheduled snapshots:
snapshot del schedule all
or
snapshot reset schedule
snapshot expire <snapshot> [retention {<date> | <period> | forever}]
Use this command to set or reset the retention time of an existing snapshot. This command is available to administrative users only.
<snapshot>
The name of an existing snapshot.
retention <date>
The four-digit year, a two-digit month, and a two-digit day separated by dots ( . ), slashes ( / ), or hyphens ( - ). For example, 2009.05.22.
With a retention <date>, the snapshot is retained until midnight (00:00, the first minute of the day) of the given date. With a retention period, the snapshot is retained until the same time of day as the snapshot expire command was entered.
retention <period>
The number of days, weeks or wks, or months or mos with no space between the number and the days, weeks, or months. For example, 6wks. The months or mos period is always 30 days.
forever
The snapshot does not expire.
For example:
# snapshot expire tester23 retention 5wks
Snapshot "tester23" will be retained until Jun 1 2007 09:26.
To immediately expire a snapshot, use the snapshot expire operation with no options. An expired snapshot remains available until the next file system clean operation.
snapshot expire name
See also filesys clean.
snapshot list
Use this command to list existing snapshots. The display gives the snapshot name, the pre-compression amount of data in the snapshot, the creation date, the retention date, and the status. The status is either blank or expired. An expired snapshot remains available until the next file system clean operation. Use the snapshot expire command to set a future expiration date for an expired, but still available, snapshot.
snapshot modify schedule <name> {[days <days>] time <time> [,<time>...] [retention <period>]}
snapshot modify schedule <name> {[days <days>] time <time> every <mins> [retention <period>]}
snapshot modify schedule <name> {[days <days>] time <time> - <time> [every <hrs> | <mins>] [retention <period>]
Use this command to modify an already-existing snapshot schedule, with the same syntax as the snapshot add schedule command. This command is available to administrative users only.
There are several possible syntaxes:
snapshot modify schedule <name> {[days <days>] time <time> [,<time>...] [retention <period>]}
The default for days is daily and the user can specify a list of hours.
snapshot modify schedule <name> {[days <days>] time <time> every <mins> [retention <period>]}
The default for days is daily. The user can also specify the interval in mins.
snapshot modify schedule <name> {[days <days>] time <time> - <time> [every <hrs> | <mins>] [retention <period>]
The default for days is daily. When every is omitted, the command defaults to every 1hr.
snapshot rename <snapshot> <new-name>
Use this command to change the name of a snapshot. This command is available to administrative users only.
For example, to change the name from snap12-20 to snap12-21, use:
# snapshot rename snap12-20 snap12-21
Snapshot "snap12-20" renamed to "snap12-21".
snapshot reset schedule
Use this command to reset to the default of no snapshot schedules. This command is available to administrative users only.
snapshot show schedule <name>
Use this command to display a given snapshot schedule.
To display a list of all snapshot schedules currently in effect, use the snapshot show schedule operation without an argument.
For example,
# snapshot show schedule
Snapshots are scheduled to run "daily" at "0700".
Snapshots are scheduled to run "daily" at "1900".
Snapshots are retained for "60" days.
EXAMPLES
Schedule a snapshot
To schedule a snapshot every day at 8:00p.m., use:
add schedule every_day_8_pm days daily time 20:00
or
add schedule every_day_8_pm days mon-sun time 20:00
Note: The name "every_day_8_pm" is the name of a snapshot schedule. Snapshots generated by that schedule will have names like "scheduled-2008-03-24-20-00", "scheduled-2008-03-25-20-00", etc.
To schedule a snapshot every midnight, use:
add schedule every_midnight days daily time 00:00 retention 3days
or
add schedule every_midnight days mon-sun time 00:00 retention 3days
To schedule a snapshot every weekday at 6:00a.m., use:
add schedule wkdys_6_am days mon-fri time 06:00 retention 4days
or
add schedule wkdys_6_am days mon,tue,wed,thu,fri time 06:00 retention 4days
To schedule a snapshot every weekend Sun at 10:00a.m., use:
add schedule every_sunday_10_am days sun time 10:00 retention 2mos
To schedule a snapshot every Sunday at midnight, use:
add schedule every_sunday_midnight days sun time 00:00 retention 2mos
To schedule a snapshot every 2 hours, use:
add schedule every_2_hours days daily every 2hrs retention 3days
To schedule a snapshot every hour, use:
add schedule every_hour time time 00:00-23:00 retention 3days
To schedule a snapshot every 2 hours at 15 minutes past the hour, use:
add schedule every-2h-15-past days daily time 00:15-23:15 every 2 hrs retention 3days
To schedule a snapshot every 2 hours between 8:00a.m.-5:00p.m. on weekdays, use:
add schedule wkdys-every-2-hrs-8a_to_5p days mon-fri time 08:00-17:00 every 2 hrs retention 3days
To schedule a snapshot on specific day of week at a specific time (for example, every week on Mondays and Tuesdays at 8:00a.m.), use:
add schedule ev-wk-mon-and-tu-8-am days mon,tue time 08:00 retention 3mos
To schedule a snapshot every specific day of a month at a specific time (for example, every second day in the month at 10:15a.m.), use:
add schedule ev_mo_2nd_day_1015a days 2 time 10:15 retention 3mos
To schedule a snapshot every last day in a month at 11:00p.m., use:
add schedule ev_mo_last_day_11pm days last time 23:00 retention 2yrs
To schedule a snapshot for the beginning of every month, use:
add schedule ev_mo_1st_day_1st_hr days 1 time 00:00 retention 2yrs
To schedule a snapshot every 15 minutes, use:
add schedule ev_15_mins days daily time 00:00-23:00 every 15mins retention 5days
To schedule a snapshot every weekday at 10:30a.m. and 3:30p.m., use:
add schedule ev_weekday_1030_and_1530 days mon-fri time 10:30,15:30 retention 2mos
sysadmin@dd620> help snmp
snmp -manages the use of SNMP on a Data Domain system.
DESCRIPTION
Simple Network Management Protocol (SNMP) is a standard protocol used to exchange network management information. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP provides a tool for network administrators to monitor and manage network-attached devices such as Data Domain systems.
The snmp command allows you to enable or disable SNMP access to a Data Domain system, add community strings, give contact and location information, and display configuration settings. The default port that is open when SNMP is enabled is port 161. Traps are sent out through port 162.
Note: The quickest way to change multiple settings is to first run the snmp disable command, then change the settings, and finally run snmp enable. If you change multiple settings while snmp is enabled, each command restarts snmp, which takes longer.
OPTIONS
snmp add ro-community <community-string>
Use this command to add one or more community strings to enable read-only access to the Data Domain system. A common string for read-only access is public. This command is available to administrative users only.
snmp add rw-community <community-string>
Use this command to add one or more community strings to enable read/write access to the Data Domain system. A common string for read/write access is private. This command is available to administrative users only.
For example, to add a community string of private with read/write permissions, use the command:
# snmp add rw-community private
snmp add trap-host <hostname>[:<port>]
Use this command to add one or more trap hosts (hostname or IP address) to receive SNMP traps generated by the Data Domain system. With one or more trap hosts, alerts are also sent as traps, even when the local SNMP agent is disabled. By default, port 162 is used, but another port can be assigned. This command is available to administrative users only.
For example, to add a trap host admin12, use the command:
# snmp add trap-host admin12
del ro-community <community-string>
Use this command to delete one or more community strings that enable read-only access to the Data Domain system. This command is available to administrative users only.
snmp del rw-community <community-string>
Use this command to delete one or more community strings that enable read-only access to the Data Domain system. This command is available to administrative users only.
For example, to delete the community string private that gives read/write permissions, use the command:
# snmp del rw-community private
snmp del trap-host <hostname>
Use this command to delete one or more trap hosts from the list of machines that receive SNMP traps generated by the Data Domain system. This command is available to administrative users only.
For example, to delete a trap host admin12, use the command:
# snmp del trap-host admin12
snmp disable
Use this command to disable the SNMP agent and close port 161. This command is available to administrative users only.
snmp enable
Use this command to enable the SNMP agent and open port 161. This command is available to administrative users only.
Use this command to return all SNMP values to the defaults. This command is available to administrative users only.
snmp reset ro-community
Use this command to reset the read-only community list to empty. This command is available to administrative users only.
snmp reset rw-community
Use this command to reset the read-write community list to empty. This command is available to administrative users only.
snmp reset sysContact
Use this command to reset the system contact to the system value displayed by the command system show admin-email, or to an empty string if the system value is empty. This command is available to administrative users only.
snmp reset sysLocation
Use this command to reset the system location to the system value displayed by the command system show location, or to an empty string if the system value is empty. This command is available to administrative users only.
snmp reset trap-hosts
Use this command to return the trap hosts list to the default of empty. This command is available to administrative users only.
snmp set sysContact <contact>
Use this command to set the system contact as used in the SNMP MIB II system variable sysContact. This command is available to administrative users only.
For example, to give a contact of bob-smith, use the command:
# snmp set sysContact bob-smith
snmp set sysLocation <location>
Use this command to set the system location as used in the SNMP MIB II system variable sysLocation. This command is available to administrative users only.
For example, to give a location of bldg3-rm222, use the command:
# snmp set sysLocation bldg3-rm222
snmp show config
Use this command to display all of the SNMP parameters. This command is available to administrative users only. The output is similar to the following:
# snmp show config
---------------------- -------------------
SNMP sysLocation
bldg3-rm222
SNMP sysContact
Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript
Trap Hosts
admin10 admin11
Read-only Communities
public snmpadmin23
Read-write Communities
private snmpadmin1
---------------------- -------------------
snmp show ro-communities
Use this command to display all read-only community strings.
snmp show rw-communities
Use this command to display all read/write community strings.
The output is similar to the following:
# snmp show rw-communities
RW Community Strings:
private
snmpadmin1
snmp show sysContact
Use this command to display the system contact on a Data Domain system.
snmp show sysLocation
Use this command to display the system location on a Data Domain system.
snmp show trap-hosts
Use this command to display the trap host list on a Data Domain system.
The output is similar to the following:
# snmp show trap-hosts
Trap Hosts:
admin10
admin11
snmp status
Use this command to display the status of the SNMP agent on a Data Domain system (enabled or disabled).
Important Notices
Data Domain systems support SNMP versions V1 and V2C.
SNMP management requires two primary elements: an SNMP manager and an SNMP agent.
An SNMP manager is software running on a workstation from which an administrator monitors and controls the different hardware and software systems on a network. These devices include, but are not limited to, storage systems, routers, and switches.
An SNMP agent is software running on equipment that implements the SNMP protocol. SNMP defines exactly how a SNMP manager communicates with an SNMP agent. For example, SNMP defines the format of requests that an SNMP manager sends to an agent and the format of replies the agent returns.
The SNMP feature allows a Data Domain system to respond to a set of SNMP get operations from a remote machine.
From an SNMP perspective, a Data Domain system is a read-only device with the following exception: A remote machine can set the SNMP location, contact, and system name on a Data Domain system. To configure community strings, hosts, and other SNMP variables on the Data Domain system, use the snmp command.
With one or more trap hosts defined, a Data Domain system takes the additional action of sending alert messages as SNMP traps, even when the SNMP agent is disabled.
Note: The SNMP sysLocation and the location set with the config set location command are the same. If sysLocation is not set with the SNMP command, the variable defaults to the values specified with the config set commands. However, the sysContact varibale does not default to the value set by the config set admim-email command.
sysadmin@dd620> help system
system -manages system-level actions on the Data Domain system.
DESCRIPTION
The system command:
*Displays the Data Domain hardware configuration and serial number, DD OS version, run-time system status, statistics, and performance.
*Upgrades the software.
*Sets date and banner information.
*Stops and reboots the Data Domain system.
*Restores the configuration after a head unit replacement.
*Sanitizes the system after files are deleted.
OPTIONS
system headswap
To restore the configuration to a DD690, DD690g, DD880, or DD880g system after a head unit replacement, use the system headswap command.
Note: This command is available only when you swap to DD690, DD690g, DD880, and DD880g models. For specific instructions, see the Chassis Replacement FRU document for your system. This command is available to administrative users only.
system option reset login-banner
To reset the login banner to the default of no banner, use this command. This command is available to administrative users only.
system option set login-banner <filename>
To select a text file to display whenever someone logs in, use this command.
1. Mount the Data Domain system directory /ddvar from another system.
2. Create a text file with your login message as the text on the other system.
3. From the Data Domain system, use the system option set login-banner command with the path and file name of the file that you created.
This command is available to administrative users only.
For example, to use the text from a file named banner, use the command:
# system option set login-banner /ddvar/banner
system option show
To display the location of the file that contains the login banner text, use this command. This command is available to administrative users only. The command output shows the path and file name:
# system option show
Option Value
----------------- -------------
Login Banner File /ddvar/banner
----------------- -------------
system poweroff
To shut down power to the Data Domain system, use this command. The command performs an orderly shutdown of file system processes.
The display includes a warning similar to the following:
# system poweroff
The 'system poweroff' command shuts down the system and turns off the power.
Are you sure? (yes|no|?) [no]:
This command is available to administrative users only.
Note: The system poweroff command does not power off external storage.
system reboot
To shut down and reboot a Data Domain system, use this command. The command automatically performs an orderly shutdown of file system processes.
The display includes a warning similar to the following:
# system reboot
The 'system reboot' command reboots the system.
File access is interrupted during the reboot.
Are you sure? (yes|no|?) [no]:
This command is available to administrative users only.
System sanitization, which is often required in government installations, ensures that all traces of deleted files are completely disposed of (shredded) and that the system is restored to a state as if the deleted files never existed. Its primary use is to resolve Classified Message Incidents (CMIs), in which classified data is inadvertently copied into another system, particularly one not certified to hold data of that classification. This command is available to administrative users only.
system sanitize abort
Stop the system sanitization process.
system sanitize start
Start the system sanitization process. While this command is running, vtl is temporarily disabled. Therefore, running this command during scheduled backup times might not be desirable.
system sanitize status
Check system sanitization process status.
system sanitize watch
Monitor system sanitization progress.
system set date <MMDDhhmm>[[<CC>]<YY>]
To set the system date and time, use this command. The format for the data and time is:
*Two digits for the month, <MM> (01 through 12).
*Two digits for the day of the month, <DD> (01 through 31).
*Two digits for the hour, <hh> (00 through 23).
*Two digits for minutes, <mm> (00 through 59).
*Optionally, two digits for the century.
*Optionally, two digits for the year.
The hour (hh) and minute (mm) entries are 24-hour (military) time with no colon between the hours and minutes. 2400 is not a valid entry. 0000 means midnight.
For example, use either of the following commands to set the date and time to October 22, 2009, at 9:24 a.m.:
# system set date 1022092409
# system set date 102209242009
This command is available to administrative users only.
Note: Do not use this command if Network Time Protocol (NTP) is enabled.
system show all
To display memory usage information together with other available system information, use this command. The output includes the results of the following commands:
*system show detailed-version
*system show meminfo
*system show modelno
*system show serialno
*system show uptime
*system show date
system show date
To display the system date and time, use this command.
system show detailed-stats [start | stop | ([[interval] <nsecs>] [count <count>])]
system show detailed-stats <nsecs> <count>
By default, the statistics cover the time period since the last reboot. Use the command options to specify a different interval for collecting statistics. If the system is too busy to determine a value, the column shows a dash ( - ) instead of a number.
start
Begin collecting statistics.
stop
Stop collecting statistics and report the data gathered from the time that you entered the command system show detailed-stats start.
The results are the averages per second of the statistics during the time between the start and stop commands.
<nsecs>
Run the command every nsecs seconds. The first report is for current activity. Each subsequent report is for activity in the last nsecs. The default interval is five seconds.
<count>
Generate count number of reports. To specify count without interval, you must use the count keyword. Otherwise, the keyword is optional.
The columns in this report show the following information:
CPU busy
The percentage of time CPU is busy (average for all CPUs).
CPU max
The peak CPU utilization.
State
'CDVMS'
A single character that shows whether any of the six following events is occurring. Each event can affect performance.
C
Cleaning
D
Disk reconstruction (repair of a failed disk), or RAID is resyncing (after an improper system shutdown and a restart), or RAID is degraded (a disk is missing and no reconstruction is in progress)
B
Currently unused
V
Verify data (a background process that checks for data consistency)
M
Merging of the internal fingerprint index
S
Summary vector internal checkpoint process
NFS ops/s
The number of NFS actions per second.
NFS proc
The fraction of time that the file server is busy servicing requests.
NFS recv
The proportion of NFS-busy time spent waiting for data on the NFS socket.
NFS send
The proportion of NFS-busy time spent sending data out on the socket.
NFS idle
The percentage of NFS idle time.
CIFS ops/s
The number of CIFS (Common Internet File system) operations per second.
ethx MB/s
The amount of data in megabytes per second passing through each Ethernet connection. One column appears for each Ethernet connection.
Disk KiB/s
The amount of data in kibibytes per second going to and from all disks in the Data Domain system.
Disk busy
The percentage of time that all disks in the Data Domain system are busy.
NVRAM KiB/s
The amount of data in kibibytes per second that is read from and written to all NVRAM cards.
Repl KB/s
The amount of data in kilobytes per second being replicated between one Data Domain system and another. For directory replication, the value is the total of all in and out traffic for all replication contexts.
Note: KiB = kibibytes (the binary equivalent of kilobytes)
Note: The output in Global Deduplication Array mode is different because there is more than one system.
system show detailed-version
To display the versions of Data Domain system components on your system, use this command.
The display is similar to the following:
# system show detailed-version
Data Domain OS 4.8.0.0-132588
Distribution: /auto/builds64e/distro/pinot/123033/localbld
//prod/main/app/...@132588
132588
//prod/main/platform/os/...@132387
//prod/main/platform/os/linux-2.6.12/arch/x86_64/...@61933
//prod/main/platform/os/linux-2.6.12/arch/i386/...@76935
//prod/main/platform/os/linux-2.6.12/arch/ia64/...@25442
//prod/main/platform/os/debugrpm/...@124034
//prod/main/platform/user/samba/...@132364
Version info from ddfs executable:
dd_version_timestamp=Fri Sep 25 19:56:00 2009 GMT
dd_version_checksum=1dc267628964d4029346d82038d79932
dd_version_build_level=nightly
dd_version_change_level=//prod/main/app/...@132588
dd_version_client=//ddfab:132588/app/...
dd_version_opened_files=
dd_version_release=4.8.0.0-132588
Version info from kernel:
kernel_version_release=2.6.23-ddr132588
kernel_build_level=SMP
system show hardware
To display information about the PCI cards and other hardware in a Data Domain system, use this command.
Here are a few sample lines from the display:
# system show hardware
Slot Vendor Device Ports
---- ------------------------------- ------
0 Intel80003ES2LAN GigE0a, 0b
1 Micro MemoryMM-5425CN
2 (empty) (empty)
3 LSI Logic LSISAS3442E 3a
4 LSI Logic LSISAS3442E 4a
5 IntelPRO/1000 PT DP GigE 5a, 5b
6 QLogic QLE2462 4Gb FC 6a, 6b
---- ------------------------------- ------
system show meminfo
To display a summary of the memory in a Data Domain system, use this command.
Here is an example:
# system show meminfo
Memory Usage Summary
Total memory: 7987 MiB
Free memory: 1102 MiB
Total swap: 12287 MiB
Free swap: 12287 MiB
system show modelno
To display the model number of a Data Domain system, use this command.
system show nvram
To display information about the memory and battery status of the NVRAM cards, use this command. The display is similar to the following:
# system show nvram
NVRAM Card Component Value
---------- ------------------- --------------------
1memory size 512.00 MiB
number of batteries 2
errors0 PCI, 0 memory
battery 1 100% charged, enabled
battery 2 100% charged, enabled
---------- ------------------- --------------------
Note: MiB = Mebibytes (the binary equivalent of Megabytes)
The errors entry shows the operational state of the card. If the card has one or more PCI or memory errors, an alerts email is sent and the Daily Alert Summary email includes an NVRAM entry.
Each battery entry should show 100% charged, enabled. The exceptions are for a new system or for a replacement NVRAM card. In both cases, the charge may initially be below 100%. If the charge does not reach 100% within three days (or if a battery is not enabled), replace the card.
system show performance [local] [raw | fsop] [<duration> {hr | min | sec}[<interval> {hr | min | sec}]]
To display system performance figures for data transfer for an amount of time, use this command.
local
Display the stats that are local to a Global Deduplication Array node. By default, the system show performance gives Global Deduplication Array-wide statistics.
raw
Show unformatted statistics.
fsop
Display a table of how many of each file system operation was performed per minute.
<duration>
The hours, minutes, or seconds prior to the current time for which to show data. Follow the value with one of these keywords to show the time units: hr, min, or sec.
<interval>
The time between each line in the display. Follow the value with one of these keywords to show the time units: hr, min, or sec. If you want to specify the interval, you must also specify the duration.
The output is too large to print here, but the fields are as follows:
Throughput
Read
Read throughput from the Data Domain system.
Write
Write throughput to the Data Domain system.
Repl Network
Replication network throughput into and out of the Data Domain system.
Repl Pre-comp
Replication pre-compressed (logical) throughput into and out of the Data Domain System. The value is always zero for collection replication.
Utilization
proc
Percent of time spent processing requests.
recv
Percent of time spent receiving requests over the network.
send
Percent of time spent sending requests over the network.
idle
Percent of time spent idle.
Compression
gcomp
Global compression rate.
lcomp
Local compression rate.
Note: Higher values are worse.
thra
Percent of compression units that have been read and discarded without being used. A high percent indicates cache thrashing.
unus
Percent of a compression unit's data that is unused. Since a compression unit contains multiple segments, not all segments in a compression region may be used. A high percent indicates poor data locality.
ovhd
Percent of a compression unit cache block that is unused. Compression regions are stored in fixed size (128 KB) blocks. A high ovhd relative to unus indicates that a lot of space is wasted due to cache block fragmentation. In the ideal case, ovhd should exactly equal unus.
data
Percent of data segment lookups that miss in the cache. A high percent indicates poor data prefetching.
meta
Percent of metadata segment lookups that miss in the cache. For each data access, first perform a metadata lookup followed by a data lookup. A high percent indicates poor metadata prefetching.
Servicing a file system request consists of three steps: receiving the request over the network, processing the request, and sending a reply to the request.
A high proc value indicates that the Data Domain system is already processing requests as quickly as it can and is the bottleneck. A low proc value indicates that the Data Domain system is lightly used and the performance is limited by the network, backup server, or backup server clients.
When the recv or send value is high, the Data Domain system is spending much of its time waiting to receive or send data from or to the backup server. The situation indicates that either the backup server is heavily loaded (resulting in slow network processing) or a network-related problem is slowing down sends and receives. A common problem is that the client may be trying to access the Data Domain system over a 100 Mbit rather than a gigabit link.
If the proc, recv, and send values are low (that is, idle is high), then the Data Domain system is lightly loaded. This situation indicates that the backup server cannot keep up with the Data Domain system. The backup server's disk may be heavily loaded, the backup software may require tuning, or the backup server may be waiting for data from slow backup clients.
Note: The Read, Write, and Replicate values are calculated in powers of 10 (1 KB = 1000) instead of powers of 2 (1 KiB = 1024).
system show ports
To display information about ports, use this command. The display is similar to the following:
# system show ports
Port Connection Link FirmwareHardware TypeSpeed Address
---- ---------- ------ -------------- -----------------------
0a Enet1 Gbps00:15:17:0f:6e:bd (eth1)
0b Enet1 Gbps00:15:17:0f:6e:bc (eth0)
5a VTL4.04.00 [IP] [84 00:64:a1:91:00:00:00:00 WWNN 50:06:0b:00:00:64:a1:90 WWPN
5b VTL4.04.00 [IP] [84 00:64:a1:93:00:00:00:00 WWNN 50:06:0b:00:00:64:a1:92 WWPN
6a VTL4.04.00 [IP] [84 00:64:a0:75:00:00:00:00 WWNN 50:06:0b:00:00:64:a0:74 WWPN
6b VTL4.04.00 [IP] [84 00:64:a0:77:00:00:00:00 WWNN 50:06:0b:00:00:64:a0:76 WWPN
---- ---------- ------ -------------- -----------------------
Port
The port number. See the Data Domain Hardware Guide (for older systems) or the model-specific installation and setup guide to match a slot to a port number. A DD580, for example, shows port 3a as a SAS HBA in slot 3 and port 4a as a SAS HBA in slot 4. A gateway Data Domain system with a dual-port Fibre Channel HBA always shows #a as the top port and #b as the bottom port, where # is the HBA slot number, depending on the Data Domain system model.
Link Speed
The speed in Gbps (Gigabits per second).
Firmware
The Data Domain system HBA firmware version.
Hardware Address
A MAC address, a WWN, or a WWPN/WWNN, as follows:
*An address followed by an Ethernet port number is a MAC address.
*WWN is the world-wide name of the Data Domain system SAS HBA on a system with expansion shelves.
*WWPN/WWNN is the world-wide port name or node name from the Data Domain system FC HBA on
gateway systems.
system show serialno
To display the system serial number, use this command. The display is similar to the following:
# system show serialno
Serial number: 8F46942007
system show stats [start | stop | ([interval <nsecs>][count <count>] )]
system show stats <nsecs> <count>
To display system statistics for CPUs, disks, Ethernet ports, replication, and NFS, use this command. By default, the statistics cover the time period since the last reboot. Use the command options to specify a different interval for collecting statistics. If the system is too busy to determine a value, the column shows a dash ( - ) instead of a number.
start
Begin collecting statistics.
stop
Stop collecting statistics and report the data gathered from the time that you entered the command system show stats start.
The results are the averages per second of the statistics during the time between the start and stop commands.
<nsecs>
Run the command every nsecs seconds. The first report is for current activity. Each subsequent report is for activity in the last nsecs. The default interval is five seconds.
<count>
Generate count number of reports. To specify count without an interval, you must use the count keyword. Otherwise, the keyword is optional.
Note: The output in Global Deduplication Array mode is different because there is more than one system.
system show uptime
To display the time since the last reboot and the file system uptime, use this command. The display includes the following information:
*Current time
*Time since the last reboot (in days and hours)
*The current number of users
*The average load for file system operations, disk operations, and the idle time over the preceding 1, 5, and 15 minute intervals
The Filesystem line displays the time that has passed since the file system was last started.
The output is similar to the following:
# system show uptime
12:57pm up 9 days, 18:55, 3 users, load average:
0.51, 0.42, 0.47
Filesystem has been up 9 days, 16:26
system show version
To display the Data Domain OS version, use this command. The display gives the release number and a build identification number. The display is similar to the following:
# system show version
Data Domain OS 4.8.0.0-132588
system status
To display status information about fans, internal temperatures, and power supplies, use this command.
The information is grouped separately for the Data Domain system and each expansion shelf that is connected to the system.
*The Fans section displays information about all of the cooling fans.
*The Description column tells where the fan is located in the chassis.
*The Level column gives the current operating speed range (low, medium, or high) for each fan. The operating speed changes depending on the temperature inside the chassis. See the topic "Replace Fans" in the Data Domain Hardware Guide (for older systems) or in the system-specific Cooling Fan Replacement document (newer systems) to identify the fans by name and number. All of the fans in an expansion shelf are located inside the power supply units.
*The Status column is the system view of fan operation.
*The Temperature section displays the number of degrees that each CPU is below the maximum allowable temperature and the actual temperature for the interior of the chassis. The C/F column displays temperature in degrees Celsius and Fahrenheit. The Status column shows whether or not the temperature is acceptable.
*If the overall temperature for a Data Domain system reaches 50 degrees Celsius (122 degrees Fahrenheit), a warning message is generated. If the temperature reaches 60 degrees Celsius (140 degrees Fahrenheit), the Data Domain system shuts down. A Status of Critical indicates that the temperature is above the shutdown threshold.
*The CPU temperature values depend on the Data Domain system model. With newer models, the numbers are negative when the status is OK and move toward 0 (zero) as CPU temperature increases. If a CPU temperature reaches 0 Celsius, the Data Domain system shuts down. With older models, the numbers are positive. If the CPU temperature reaches 80 Celsius (176 degrees Fahrenheit), the Data Domain system shuts down.
*The Power Supply section reports either that all power supplies are operating normally or that one or more are not operating normally. The message does not identify which power supply or supplies are not functioning (except by enclosure). Look at the back panel of the enclosure and check the LED for each power supply to identify those that need replacement.
The display is similar to the following:
# system status
Enclosure 1
Fans
Description Level Status
-------------- ------ ------
Cooling fan #1 medium OK
Cooling fan #2 medium OK
-------------- ------ ------
Temperature
DescriptionC/FStatus
--------------- -------- ------
CPU 0 Relative -56/-101 OK
Chassis Ambient 24/75 OK
--------------- -------- ------
Power Supply
DescriptionStatus
--------------- ------
Power Module #1 OK
system upgrade <filename>
To upgrade the Data Domain system software, use this command. You can get updated software from the Data Domain Support Web site.
Note: Stop any active CIFS client connections before starting an upgrade.
1. Use the cifs show active command on the Data Domain system to check for CIFS activity.
2. Disconnect any client that is active. On the client, enter the command:
net use ddbackup /delete
Keep these points in mind when performing an upgrade:
*In Global Deduplication Array mode, this command upgrades both of the nodes.
*The upgrade command shuts down the Data Domain system file system and reboots the Data Domain system. (If an upgrade fails, call customer support.)
*The upgrade command may require over an hour, depending on the amount of data on the system.
*For systems that are already part of a replication pair:
*With directory replication, first upgrade the destination and then upgrade the source.
*With collection replication, first upgrade the destination and then upgrade the destination.
*With one exception, replication is backwards compatible within release families (all 4.6.x releases, for example) and with the latest release of the previous family (4.7 is compatible with release 4.6, for example). The exception is bidirectional directory replication, which requires the source and destination to run the same release.
*Do NOT disable replication on either system in the pair.
Note: Before starting an upgrade, always read the Release Notes for the new release. DD OS changes in a release may require new upgrade procedures.
Issuing this command on the master controller upgrades all controllers in a Global Deduplication Array simultaneously with the specified <filename>. A progress bar monitors the upgrade.
After the first phase of the upgrade, which is installing the new DDOS upgrade on a secondary partition, the controllers reboot.
After all of the controllers have rebooted, the master controller checks their status and initiates the second phase of the upgrade automatically on all controllers. If the automatic upgrade checks fail for some reason, an alert is sent describing the cause of failure, and the automated upgrade process exits.
Note: You can run the second phase of the upgrade manually using the system upgrade command. If the problem is not fixable, the command allows you to rollback the upgrade to the previous version.
1. Log into a Data Domain system administrative host that mounts /ddvar from the Data Domain system.
2. On the administrative host, open a browser and navigate to the Data Domain Support Web site. Use secure HTTP (HTTPs) to connect to the Web site. For example, go to:
https://my.datadomain.ru
3. Log in with the Data Domain login name and password that you use for access to the support Web page.
4. Click Downloads. (If the Web site has updated instructions, follow those instructions.)
5. Click the Download button for the latest release.
6. Download the new release file to the Data Domain system directory /ddvar/releases.
Note: When you use Internet Explorer to download a software upgrade image, the browser may add bracket and numeric characters to the upgrade image name. Remove the added characters before running the system upgrade command.
7. To start the upgrade, log into the Data Domain system as sysadmin and enter a command similar to the following. Use the file name, not a path.
# system upgrade 4.7.0.0-95091.rpm
EXAMPLES
Display System Statistics
To display system statistics every 30 seconds for 10 iterations, use the following command:
# system show stats 30 10
Set the System Date and Time
To set the date and time to October 26, 2008, at 3:24 p.m., use either of the following commands:
# system set date 1026152408
# system set date 102615242008
Display System Performance
To show only the last 30 minutes (duration) of performance figures, use the following command:
# system show performance 30 min
To show the last 30 minutes (duration) of performance figures with an interval of 5 minutes between each reported set of figures, use the following command:
# system show performance 30 min 5 min
Display a Banner
To have a text message appear at each login, mount the Data Domain system /ddvar directory from a third-party physical disk system and create a text file with the message as the text. For example, to use text from a file named banner, use the following command on the Data Domain system:
# system option set login-banner /ddvar/banner
sysadmin@dd620> help user
user -manages the user accounts on a Data Domain system.
DESCRIPTION
The user command adds and deletes users, changes passwords, manages password aging and strength policies, and displays user accounts.
*The user privilege is for standard users who have access to a limited number of commands. Most of the commands available at the user level display information.
*The admin privilege is for administrative users who have access to all Data Domain system commands. The default administrative account is sysadmin. You can change the sysadmin password, but cannot delete the account.
OPTIONS
user add user-name [password <password>] [priv {admin | user}] [min-days-between-change <days>] [max-days-between-change <days>] {warn-days-before-expire <days>] [disable-days-after-expire <days>] [disable-date <date>]
Use this command to add a new user. If password is not specified, the system prompts for one. The default privilege level is user. A user-name must start with an alphanumeric character. Special characters cannot be used. The user names root and test are default existing names on every Data Domain system and are not available for general use.
password
Password must be at least 6 characters.
min-days-between-change
Minimum number of days allowed before the password can be changed again.
max-days-between-change
Maximum number of days before password expires.
warn-days-before-expire
Number of days of warning before a password expires.
disable-days-after-
expire
Account is disabled if inactive after N days past expiration.
disable-date
Account is disabled on this date.
The min-days-between-change, max-days-between-change, warn-days-before-expire, and disable-days-after-expire options are optional. These options control password aging. The disable-date is an optional date for password for account expiration. If this date is not specified, the account never expires. This command is available to administrative users only.
user change password [<user-name>]
Use this command to change a user's password. The admin user can change any user's password by using the user-name option. Users with the user privilege level can change only their own passwords. Passwords must comply with the password strength policy, which you can check with the command user password strength show.
user change priv <user-name> {admin | user}
Use this command to change a user privilege level to either admin or user. This command is available to users who currently have the admin privilege.
user del <user-name>
Use this command to remove a user. This command is available to administrative users only.
user disable <user-name>
Use this command to disable the specified user account. This prevents the user from logging on to the Data Domain system. This command is available to administrative users only.
user enable user [disable-date <date>]
Use this command to enable a specified user account with the optionally specified account disable date. The account must already exist on the system. If not specified, the disable-date previously assigned to the account is used. This command is available to administrative users only.
user password aging option reset {all | [min-days-between-change] [max-days-between-change] [warn-days-before-expire] [disable-days-after-expire]}
Use this command to reset one or more rules in the default password aging policy to the current default values. New accounts inherit the policy in effect at the time they are created, unless you set different aging options with the user add command. This command is available to administrative users only.
user password aging option set [min-days-between-change <days>] [max-days-between-change <days>] [warn-days-before-expire <days>] [disable-days-after-expire <days>]
Use this command to set the default values for the password aging policy. This command is available to administrative users only.
user password aging option show
Use this command to display the default password aging policy. This command is available to administrative users only.
user password aging reset <user> {all | [min-days-between-change] [max-days-between-change][warn-days-before-expire] [disable-days-after-expire]}
Use this command to reset one or more rules in the password aging policy for the specified <user> to the current default values. This command is available to administrative users only.
user password aging set <user> [min-days-between-change <days>] [max-days-between-change <days>] [warn-days-before-expire <days>] [disable-days-after-expire <days>]
Use this command to set the password aging policy for the specified <user>. This command is available to administrative users only.
user password aging show [<user>]
Use this command to show the password aging policy for all users, or for a specified <user>. Users can check the password aging policy for their own account. Administrative users can check the policies for all users.
The output of this command is similar to the following:
User PasswordMinimum Days Maximum Days Warn Days Disable Days Status
Last Changed Between Change Between Change Before Expire After Expire
------ ------------ -------------- -------------- ------------- ------------ -------
joe1 Oct 28, 2009 099999 7 never enabled
sysadmin Mar 16, 2006 099999 7 never enabled
user password strength show
Show the current password strength policy. This command is available to administrative users only.
# user password strength show
Minimum length of password: 7 Minimum number of character classes required in the
password: 2
user password strength reset {all | min-length | min-char-classes}
Reset the password strength policy to the default values. This command is available to administrative users only.
all
Reset both the minimum length and minimum number of character classes to 1.
min-length
Reset the minimum number of characters in the password to 1.
min-char-classes
Reset the minimum number of character classes to 1.
user password strength set {[min-length <length>] [min-char-classes 1|2|3|4]}
Set the password strength policy. Specify either min-length or min-char-classes, or both. This command is available to administrative users only.
min-length
The minimum number of characters in the
password
min-char-classes
The minimum number of character classes. Specify 1, 2, 3, or 4. Valid passwords must contain at least one character from the specified number of classes. The four character classes are lower-case letters, upper-case letters, digits, and special characters. When DD OS counts the number of character classes, an upper-case letter at the beginning of the password does not count as an upper-case letter. Similarly, a digit at the end of the password does not count as a digit.
# user password strength set min-length 8
Specified password policy parameters have been enforced.
user reset
Use this command to delete all users except for the sysadmin account and the current login. The password aging and password strength options also get reset to their default values. This command is available to administrative users only.
user show active
Use this command to display the currently logged-in users.
user show detailed [<user-name>]
Use this command to show detailed information for a specified user or for all users. This command is available to administrative users only.
user show list
Use this command to display a valid list of system users. This command is available to administrative users only.
EXAMPLES
Add a User
To add a user named fred with password barney and with admin privileges, run this command:
user add fred password barney priv admin
user "fred" added.
Remove a User
To delete the user named fred, run this command:
user del fred
deleted user "fred".
Change a Password
To change the password for the user named wilma, run this command:
user change password wilma
Enter new password:
Re-enter new password:
Passwords matched
Password changed for user "wilma".
Change a Privilege Level
To change the privilege level to admin for the user named wilma, run this command:
user change wilma admin
Privilege changed for user "wilma".
Reset to the Default User
To reset the user list to the sysadmin user and the current user, barney, run this command. The response looks similar to the following, which lists all removed users:
user reset
This command will delete all user accounts (except sysadmin) and reset password strength and password aging options to factory default values.
Are you sure? (yes|no|?) [no]: yes
ok, proceeding.
Resetting user accounts.....
Deleted user "joe".
Resetting user accounts.....[DONE]
Resetting password aging options.....
Password aging options have been reset.
Resetting password aging options.....[DONE]
Resetting password strength options.....
Password strength requirements reset to defaults:
- min-length: 1
- min-character-classes: 1
Resetting password strength options.....[DONE]
Display Current Users
To display the users currently on the Data Domain system, use this command:
# user show active
User list from node "localhost".NameIdle Login Time Login Fromtty Session
-------- ---- ---------------- --------------- ----- -------
sysadmin 22d Mon Dec 8 14:36 tty1 10650
fred0s Tue Dec 30 15:39 192.168.128.154 pts/0 23404
-------- ---- ---------------- --------------- ----- -------
2 users found.
The display of users currently logged into a Data Domain system includes the following information:
Name
The user's login name.
Idle
The amount of time logged in with no actions from the user.
Login Time
The date and time when the user logged in.
Login From
The address from which the user logged in.
tty
The hardware or network port through which the user is logged in or GUI for the users logged in through the Data Domain Enterprise Manager Web-based interface.
Session
The user's session number.
Display All Users
To display a list of valid user accounts on the Data Domain system.
# user show list
User list from node "localhost".
NameUid Class Last Login From Last Login Time Status Disable Date
------- --- ----- --------------- ------------------------ ------- ------------
sysadmin 100 admin 192.168.128.98 Tue Oct 27 17:15:06 2009 enabled never
joe1501 user <unknown> never enabled never
------- --- ----- --------------- ------------------------ ------- ------------
2 users found.
The display of all users known to the Data Domain system includes the following:
Name
The user's login name.
Uid
The user's ID number.
Class
The user's access level.
Last Login From
The address from which the user logged in.
Last Login Time
The date and time when the user last logged in.
Status
The user status.
Disable Date
The date on which this account is to be disabled.
|
