[gpfsug-discuss] Change uidNumber and gidNumber for billions of files
Paul Ward
p.ward at nhm.ac.uk
Thu Jul 2 13:00:41 BST 2020
Sorry a bit behind the discussion...
We were using GPFS's internal TBD2 method for UID and GID assignment (15 years ago GPFS was purchased for a single purpose with a handful of accounts)
I have just been through 88 million files ADDING NFSv4 ACEs with UIDs and GIDs derived from AD RIDs. We have both the TBD2 and AD RID ACEs in the ACLs.
This allowed us to do a single switch over between the authentication methods for all the data at once. The testing and prep work took months though.
We have Spectrum protect and SP Space management with a tape library in the mix, so I needed to make sure ACL changes didn't cause a backup and recall then backup for migrated files.
My scripts made use of mmgetacl and mmputacl.
I had less than 50 unique ACEs to construct and I created a spreadsheet that auto created the commands. This could have been automated, but for that number it was just as quick for me to do by hand than learn to program it.
I wrote my own scripts, with a lot of safety checks, as it went AWOL at one point and started changing permissions at the root for the GPFS file system, removing access for everyone.
We had a mix of posix only and nfsv4 ACLs. Testing them revealed a lot of skeletons in the way some systems had been set up - allow a lot of time for unknowns if you have systems using GPFS as a back end.
Some way into it to this, I discovered IBM have created code to do this - I didn't keep the link as it was too late for me.
The switch over went seamlessly btw, it had to with all the prep work!
Kindest regards,
Paul
Paul Ward
TS Infrastructure Architect
Natural History Museum
T: 02079426450
E: p.ward at nhm.ac.uk<mailto:p.ward at nhm.ac.uk>
[A picture containing drawing Description automatically generated]
From: gpfsug-discuss-bounces at spectrumscale.org <gpfsug-discuss-bounces at spectrumscale.org> On Behalf Of Lohit Valleru
Sent: 08 June 2020 18:44
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] Change uidNumber and gidNumber for billions of files
Hello Everyone,
We are planning to migrate from LDAP to AD, and one of the best solution was to change the uidNumber and gidNumber to what SSSD or Centrify would resolve.
May I know, if anyone has come across a tool/tools that can change the uidNumbers and gidNumbers of billions of files efficiently and in a reliable manner?
We could spend some time to write a custom script, but wanted to know if a tool already exists.
Please do let me know, if any one else has come across a similar situation, and the steps/tools used to resolve the same.
Regards,
Lohit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200702/1a098610/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 5356 bytes
Desc: image001.jpg
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200702/1a098610/attachment-0001.jpg>
More information about the gpfsug-discuss
mailing list