Release notes
Commit files to WORM
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Data protection with the CLI
-
-
Collection of separate PDF docs
Creating your file...
You can commit files to WORM (write once, read many) either manually or by committing them automatically. You can also create WORM appendable files.
Commit files to WORM manually
You commit a file to WORM manually by making the file read-only. You can use any suitable command or program over NFS or CIFS to change the read-write attribute of a file to read-only. You might choose to manually commit files if you want to ensure an application has finished writing to a file so that the file isn't committed prematurely or if there are scaling issues for the autocommit scanner because of a high number of volumes.
-
The file you want to commit must reside on a SnapLock volume.
-
The file must be writable.
The volume ComplianceClock time is written to the ctime field of the file when the command or program is executed. The ComplianceClock time determines when the retention time for the file has been reached.
-
Use a suitable command or program to change the read-write attribute of a file to read-only.
In a UNIX shell, use the following command to make a file named
document.txtread-only:chmod -w document.txt
In a Windows shell, use the following command to make a file named
document.txtread-only:attrib +r document.txt
Commit files to WORM automatically
The SnapLock autocommit feature enables you to commit files to WORM automatically. The autocommit feature commits a file to WORM state on a SnapLock volume if the file did not change for the autocommit-period duration. The autocommit feature is disabled by default.
-
The files you want to autocommit must reside on a SnapLock volume.
-
The SnapLock volume must be online.
-
The SnapLock volume must be a read-write volume.
|
The SnapLock autocommit feature scans through all of the files in the volume and commits a file if it meets the autocommit requirement. There might be a time interval between when the file is ready for autocommit and when it is actually committed by the SnapLock autocommit scanner. However, the file is still protected from modifications and deletion by the file system as soon as it is eligible for autocommit. |
The autocommit period specifies the amount of time that files must remain unchanged before they are autocommitted. Changing a file before the autocommit period has elapsed restarts the autocommit period for the file.
The following table shows the possible values for the autocommit period:
| Value | Unit | Notes |
|---|---|---|
none |
- |
The default. |
5 - 5256000 |
minutes |
- |
1 - 87600 |
hours |
- |
1 - 3650 |
days |
- |
1 - 120 |
months |
- |
1 - 10 |
years |
- |
|
|
The minimum value is 5 minutes and the maximum value is 10 years. |
-
Autocommit files on a SnapLock volume to WORM:
volume snaplock modify -vserver SVM_name -volume volume_name -autocommit-period autocommit_periodFor a complete list of options, see the man page for the command.
The following command autocommits the files on volume
vol1of SVM vs1, as long as the files remain unchanged for 5 hours:cluster1::>volume snaplock modify -vserver vs1 -volume vol1 -autocommit-period 5hours
Create a WORM appendable file
A WORM appendable file retains data written incrementally, like log entries. You can use any suitable command or program to create a WORM appendable file, or you can use the SnapLock volume append mode feature to create WORM appendable files by default.
Use a command or program to create a WORM appendable file
You can use any suitable command or program over NFS or CIFS to create a WORM appendable file. A WORM appendable file retains data written incrementally, like log entries. Data is appended to the file in 256 KB chunks. As each chunk is written, the previous chunk becomes WORM-protected. You cannot delete the file until the retention period has elapsed.
The WORM appendable file must reside on a SnapLock volume.
Data does not have to be written sequentially to the active 256 KB chunk. When data is written to byte n×256KB+1 of the file, the previous 256 KB segment becomes WORM-protected.
-
Use a suitable command or program to create a zero-length file with the desired retention time.
In a UNIX shell, use the following command to set a retention time of 21 November 2020 6:00 a.m. on a zero-length file named
document.txt:touch -a -t 202011210600 document.txt
-
Use a suitable command or program to change the read-write attribute of the file to read-only.
In a UNIX shell, use the following command to make a file named
document.txtread-only:chmod 444 document.txt
-
Use a suitable command or program to change the read-write attribute of the file back to writable.
This step is not deemed a compliance risk because there is no data in the file.
In a UNIX shell, use the following command to make a file named
document.txtwritable:chmod 777 document.txt
-
Use a suitable command or program to start writing data to the file.
In a UNIX shell, use the following command to write data to
document.txt:echo test data >> document.txt
Change the file permissions back to read-only when you no longer need to append data to the file.
Use volume append mode to create WORM appendable files
Beginning with ONTAP 9.3, you can use the SnapLock volume append mode (VAM) feature to create WORM appendable files by default. A WORM appendable file retains data written incrementally, like log entries. Data is appended to the file in 256 KB chunks. As each chunk is written, the previous chunk becomes WORM-protected. You cannot delete the file until the retention period has elapsed.
-
The WORM appendable file must reside on a SnapLock volume.
-
The SnapLock volume must be unmounted and empty of Snapshot copies and user-created files.
Data does not have to be written sequentially to the active 256 KB chunk. When data is written to byte n×256KB+1 of the file, the previous 256 KB segment becomes WORM-protected.
If you specify an autocommit period for the volume, WORM appendable files that are not modified for a period greater than the autocommit period are committed to WORM.
|
|
VAM is not supported on SnapLock audit log volumes. |
-
Enable VAM:
volume snaplock modify -vserver SVM_name -volume volume_name -is-volume-append-mode-enabled true|falseFor a complete list of options, see the man page for the command.
The following command enables VAM on volume
vol1of SVMvs1:cluster1::>volume snaplock modify -vserver vs1 -volume vol1 -is-volume-append-mode-enabled true
-
Use a suitable command or program to create files with write permissions.
The files are WORM-appendable by default.