OK, I know this is only tangentially related to ZFS, but we''re desperate and I thought someone might have a clue or idea of what kind of thing to look for. Also, this issue is holding up widespread adoption of ZFS at our shop. It''s making the powers-that-be balk a little - understandably. If we can''t back up stuff on ZFS, we can''t really use it. We have a ZFS filesystem that''s guarded by the Vormetric encryption product to prevent unauthorized users from reading it. Our backup software, HP''s Data Protector, refuses to back up this dataset even though it runs as a user with privileges to read the files. When we guard a ZFS dataset with Vormetric, we get the alerts below in HP DP and the data is not backed up. Any suggestions at all are welcome. Note that, yes - files in similarly protected directories on UFS file systems do get backed up correctly. So it has *something* to do with ZFS. Warning] From: VBDA at hostname.ourdomain.com<mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 3:02:25 AM /directoryname Directory is a mount point to a different filesystem. Backed up as empty directory. [Minor] From: VBDA at hostname.ourdomain.com<mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 3:02:25 AM [81:84] /directoryname Cannot read ACLs: ([89] Operation not applicable). ---------- Learn more about Merchant Link at www.merchantlink.com. THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20110323/973981b5/attachment.html>
On 23/03/11 12:13 PM, Linder, Doug wrote:> OK, I know this is only tangentially related to ZFS, but we?re desperate > and I thought someone might have a clue or idea of what kind of thing to > look for. Also, this issue is holding up widespread adoption of ZFS at > our shop. It?s making the powers-that-be balk a little ? > understandably. If we can?t back up stuff on ZFS, we can?t really use it. > > > > We have a ZFS filesystem that?s guarded by the Vormetric encryption > product to prevent unauthorized users from reading it. Our backup > software, HP?s Data Protector, refuses to back up this dataset even > though it runs as a user with privileges to read the files. When we > guard a ZFS dataset with Vormetric, we get the alerts below in HP DP and > the data is not backed up. Any suggestions at all are welcome. > > > > Note that, yes - files in similarly protected directories on UFS file > systems do get backed up correctly. So it has **something** to do with > ZFS. > >Wouldn''t this firstly be a question for the vendor of Vormetric? --Toby> > Warning] From: VBDA at hostname.ourdomain.com > <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 > 3:02:25 AM > > /directoryname > > Directory is a mount point to a different filesystem. > > Backed up as empty directory. > > > > [Minor] From: VBDA at hostname.ourdomain.com > <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 > 3:02:25 AM > > [ 81:84 ] /directoryname > > Cannot read ACLs: ([89] Operation not applicable). > > > > > > ---------- > Learn more about Merchant Link at www.merchantlink.com. > > THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer. > > > > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Toby Thain wrote:> Wouldn''t this firstly be a question for the vendor of Vormetric?Yes, and we''ve asked. Alas, they haven''t been able to help so far. For all we know it might be a bug in Data Protector, too. But we do know for sure that it works with UFS but not ZFS. On 23/03/11 12:13 PM, Linder, Doug wrote:> OK, I know this is only tangentially related to ZFS, but we''re > desperate and I thought someone might have a clue or idea of what kind > of thing to look for. Also, this issue is holding up widespread > adoption of ZFS at our shop. It''s making the powers-that-be balk a > little - understandably. If we can''t back up stuff on ZFS, we can''t really use it. > > We have a ZFS filesystem that''s guarded by the Vormetric encryption > product to prevent unauthorized users from reading it. Our backup > software, HP''s Data Protector, refuses to back up this dataset even > though it runs as a user with privileges to read the files. When we > guard a ZFS dataset with Vormetric, we get the alerts below in HP DP > and the data is not backed up. Any suggestions at all are welcome. > > Note that, yes - files in similarly protected directories on UFS file > systems do get backed up correctly. So it has **something** to do > with ZFS. > > Warning] From: VBDA at hostname.ourdomain.com > <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 > 3:02:25 AM > > /directoryname > > Directory is a mount point to a different filesystem. > > Backed up as empty directory. > > [Minor] From: VBDA at hostname.ourdomain.com > <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 > 3:02:25 AM > > [ 81:84 ] /directoryname > > Cannot read ACLs: ([89] Operation not applicable).---------- Learn more about Merchant Link at www.merchantlink.com. THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.
On Wed, March 23, 2011 13:31, Linder, Doug wrote:> Toby Thain wrote: >> Linder, Doug wrote: >>> Warning] From: VBDA at hostname.ourdomain.com >>> <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 >>> 3:02:25 AM >> /directoryname >>> Directory is a mount point to a different filesystem. >>> Backed up as empty directory. >>> >>> [Minor] From: VBDA at hostname.ourdomain.com >>> <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 >>> 3:02:25 AM >>> [ 81:84 ] /directoryname >>> Cannot read ACLs: ([89] Operation not applicable). >> >> Wouldn''t this firstly be a question for the vendor of Vormetric? > > Yes, and we''ve asked. Alas, they haven''t been able to help so far. For > all we know it might be a bug in Data Protector, too. But we do know for > sure that it works with UFS but not ZFS.Kick off a back up of the dataset/s in question, and run truss(1) on the processes in question to see what they''re doing. Dtrace(1M) would be another option, and you could limit the tracing to only file system operations (as opposed to every system call). The first one looks like it''s tripping up on the fact that each dataset is treated as a different mount point / file system (in the df(1M) sense). You may have to specify each data set independently. For the second, it may be that the software is calling acl(2) or acl_get(3SEC) and it doesn''t support the new NFSv4-style structures that are coming back.
On 03/24/11 07:28 AM, David Magda wrote:> On Wed, March 23, 2011 13:31, Linder, Doug wrote: >> Toby Thain wrote: >>> Linder, Doug wrote: >>>> [Minor] From: VBDA at hostname.ourdomain.com >>>> <mailto:VBDA at hostname.ourdomain.com> "/directoryname" Time: 3/23/2011 >>>> 3:02:25 AM >>>> [ 81:84 ] /directoryname >>>> Cannot read ACLs: ([89] Operation not applicable). >>> Wouldn''t this firstly be a question for the vendor of Vormetric? >> Yes, and we''ve asked. Alas, they haven''t been able to help so far. For >> all we know it might be a bug in Data Protector, too. But we do know for >> sure that it works with UFS but not ZFS. > For the second, it may be that the software is calling acl(2) or > acl_get(3SEC) and it doesn''t support the new NFSv4-style structures that > are coming back. >Error 89 (ENOSYS) is returned by (f)acl_get if the file system does not support ACLs. Again, truss or dtrace should show which function is being called and the fie. -- Ian.