This section provides the commands to upgrade the NSS pools to AD or Trustee Index media.
All NSS32 pools must be AD media upgraded in order to support AD users. NSS64 pools are by default Trustee Index media (includes AD media) upgraded. Use the nsscon commands in this section to upgrade the existing NSS32 media to support AD users or to enable all future NSS32 pool creation to be automatically created with the AD user support.
Upgrades the specified NSS pool to support AD media.
NOTE:Media upgrading a shared NSS pool in a mixed-node cluster environment is not recommended. You can still force the upgrade using the /ForceMedia switch. After the forceful media upgrade, the pool will not load in nodes older than OES 2015.
The following commands can also be used to upgrade the existing NSS32 pool media to support AD users.
Upgrades the file system media format of a particular NSS32 pool to support AD users.
Any NSS32 shared pools created after running this command will be AD media enabled.
Any NSS32 local pools created after running this command will be AD media enabled.
Any NSS32 pools (shared or local) created after running this command will be AD media enabled.
NOTE:Media upgrading a shared NSS32 pool in a mixed-node cluster environment is not recommended. You can still force the upgrade using the /ForceADMedia switch. After the forceful media upgrade, the pool will not load in nodes older than OES 2015. For more information, see Behavior of an NSS Pool Resource with Media Version 44.03 and Above in Mixed Node Cluster
in the OES 23.4: OES Cluster Services for Linux Administration Guide.
The commands placed in the nssstart.cfg file persists across server reboots. If the NSS commands are added in the nssstart.cfg file, ensure those commands are not prefixed with nss.
If these commands are issued from the command line, it persists only till a server reboot.
Sets the file system media format of all the newly created pools (shared or local) to support AD media.
Sets the file system media format of all the newly created shared pools to support AD media.
Sets the file system media format of all the newly created local pools to support AD media.
NOTE:Media upgrading a shared NSS pool in a mixed-node cluster environment is not recommended. You can still force the upgrade using the /ForceMedia switch. After the forceful media upgrade, the pool will not load in nodes older than OES 2015.
The following commands can also be used to enable all future NSS32 pool creation to be automatically created with the AD user support.
Upgrades the file system media format of all the newly created NSS32 pools (shared or local) to support AD users.
Upgrades the file system media format of all the newly created NSS32 shared pools to support AD users.
Upgrades the file system media format of all the newly created NSS32 local pools to support AD users.
NOTE:Media upgrading a shared NSS32 pool in a mixed-node cluster environment is not recommended. You can still force the upgrade using the /ForceADMedia switch. After the forceful media upgrade, the pool will not load in nodes older than OES 2015. For more information, see Behavior of an NSS Pool Resource with Media Version 44.03 and Above in Mixed Node Cluster
in the OES 23.4: OES Cluster Services for Linux Administration Guide.
Media upgrading an NSS32 pool can also be done using Unified Management Console (Section 10.1, Unified Management Console), NSSMU (Section 10.3, NSS Management Utility (NSSMU) Quick Reference), and iManager (Section 16.4.1, Creating a Pool).
Use the following commands to AD-enable the volumes. Only after AD-enabling, the AD users will be able to access the NSS resources based on the access rights assignment. Before running these commands, ensure that the pools on which these volumes exist are NSS AD media-upgraded.
AD-enables the specified volume.
AD-enables all the volumes. The volumes whose pools are not AD media-upgraded are ignored.
Enables or disables the automatic AD-enabling of new volumes.
The commands placed in the nssstart.cfg file persists across server reboots. If this NSS command is added in the nssstart.cfg file, ensure this command is not prefixed with nss.
If this command is issued from the command line, it persists only till a server reboot.
Default: Off
Range: On or Off
Examples
To enable automatic AD-enabling of new volumes, enter
nss /EnableNewVolumeToAD
To disable automatic AD-enabling of new volumes, enter
nss /NoEnableNewVolumeToAD
AD-enabling of volumes can also be done using Unified Management Console (Section 10.1, Unified Management Console), NSSMU (Section 10.3, NSS Management Utility (NSSMU) Quick Reference), and iManager (Section 19.1, Understanding Volume Properties).
The Storage Services (NSS) volumes use the Trustee Model to secure access to directories and files. The Trustee Model allows you to assign users as trustees of directories and files on the NSS volumes. The model’s inheritance function allows subdirectories and files to inherit rights from a parent directory or masks the rights that should not be inherited. The Trustee Index tree stores the list of directories and files in the NSS volumes that are having trustees and IRF (Inherited Rights Filter). The ZIDs (iNode number) in NSS consists of ACLs (with trustees and IRFs) that are stored in volumes in the Trustee Index tree. These ZIDs helps you to scan the trustee information for NFARM at any given path in NSS volume. Therefore, NSS requires a media upgrade to pool and volume to support Trustee Index. For more information on Trustee Model, see Section 6.5.3, OES Trustee Model.
Use the nsscon commands in this section to upgrade the existing NSS media to support Trustee Index or to enable all future NSS pool creation to be automatically created with the Trustee Index support.
Upgrades the specified pool to support Trustee Index media.
The commands placed in the nssstart.cfg file persists across server reboots. If the NSS commands are added in the nssstart.cfg file, ensure those commands are not prefixed with nss.
If these commands are issued from the command line, it persists only till a server reboot.
Sets the file system media format of all the newly created pools (shared or local) to support Trustee Index media.
Sets the file system media format of all the newly created shared pools to support Trustee Index media.
Sets the file system media format of all the newly created local pools to support Trustee Index media.
NOTE:Media upgrading a shared NSS pool in a mixed-node cluster environment is not recommended. You can still force the upgrade using the /ForceMedia switch. After the forceful media upgrade, the pool will not load in nodes older than OES 2015 SP1.
To create encrypted volumes with an AES-256 encryption algorithm, use the NSS64 pool type with pool media upgraded to AES. The AES-256 encryption algorithm has longer key size and provides additional security compared to AES-128. Use the nsscon commands in this section to upgrade the existing NSS media to support AES or to enable all future NSS pool creation to be automatically created with the AES Index support.
Upgrades the specified pool to support AES media.
The commands placed in the nssstart.cfg file persists across server reboots. If the NSS commands are added in the nssstart.cfg file, ensure those commands are not prefixed with nss.
If these commands are issued from the command line, it persists only till a server reboot.
Sets the file system media format of all the newly created pools (shared or local) to support AES media.
Sets the file system media format of all the newly created shared pools to support AES media.
Sets the file system media format of all the newly created local pools to support AES media.
NOTE:Media upgrading a shared NSS pool in a mixed-node cluster environment is not recommended. You can still force the upgrade using the /ForceMedia switch. After the forceful media upgrade, the pool will not load in nodes older than OES 24.4.