Skip to main content

Create FPolicy persistent stores

Contributors netapp-barbe netapp-pcarriga netapp-dbagwell
PDFs

Persistent stores can help decouple client I/O processing from FPolicy notification processing to reduce client latency. Beginning with ONTAP 9.14.1, FPolicy allows you to set up persistent stores to capture file access events for asynchronous non-mandatory policies in the SVM. Synchronous (either mandatory or non-mandatory) and asynchronous mandatory configurations are not supported.

Beginning with ONTAP 9.15.1, FPolicy persistent store configuration is simplified. The persistent-store create command automates volume creation for the SVM and configures the volume for the persistent store.

There are two ways to create a persistent store, depending on the ONTAP release:

  • ONTAP 9.15.1 or later: When you create the persistent store, ONTAP automatically creates and configures its volume at the same time. This simplifies FPolicy persistent store configuration and implements all best practices.

  • ONTAP 9.14.1: Manually create and configure a volume and then create a persistent store for the newly created volume.

Only one persistent store can be set up on each SVM. This single persistent store needs to be used for all FPolicy configurations on that SVM, even if the policies are from different partners.

Create a persistent store (ONTAP 9.15.1 or later)

Beginning with ONTAP 9.15.1, use the fpolicy persistent-store create command to create the FPolicy persistent store with inline volume creation and configuration. ONTAP automatically blocks the volume from external user protocol access (CIFS/NFS).

Before you begin

  • The SVM where you want to create the persistent store must have at least one aggregate.

  • You should have access to the aggregates available for the SVM and sufficient permissions to create volumes.

Steps

  1. Create the persistent store, which creates and configures the volume automatically:

    vserver fpolicy persistent-store create -vserver <vserver> -persistent-store <name> -volume <volume_name> -size <size> -autosize-mode <off|grow|grow_shrink>

    • The vserver parameter is the name of the SVM.

    • The persistent-store parameter is the name of the persistent store.

    • The volume parameter is the name of the persistent store volume.

      Note If you want to use an existing, empty volume, use the volume show command to find it and specify it in the volume parameter.

    • The size parameter is based on the time duration for which you want to persist the events that are not delivered to the external server (partner application).

      For example, if you want 30 minutes of events to persist in a cluster with a 30K notifications per second capacity:

      Required Volume Size = 30000 x 30 x 60 x 0.6KB (average notification record size) = 32400000 KB = ~32 GB

      To find the approximate notification rate, you can either reach out to your FPolicy partner application or utilize the FPolicy counter requests_dispatched_rate.

      Note If you are using an existing volume, the size parameter is optional. If you do provide a value for the size parameter, it will modify the volume with the size you specify.

    • The autosize-mode parameter specifies the autosize mode for the volume. The supported autosize modes are:

      • off - The volume does not grow or shrink in size in response to the amount of used space.

      • grow - The volume automatically grows when used space in the volume is above the grow threshold.

      • grow_shrink - The volume grows or shrinks in size in response to the amount of used space.

  2. Create the FPolicy policy and add the persistent store name to that policy. For more information, see Create the FPolicy policy.

Create a persistent store (ONTAP 9.14.1)

You can create a volume, and then create a persistent store to use that volume. You can then block the newly created volume from external user protocol access (CIFS/NFS).

Steps

  1. Create an empty volume on the SVM that can be provisioned for the persistent store:

    volume create -vserver <SVM Name> -volume <volume> -state <online> -policy <default> -unix-permissions <777> -size <value> -aggregate <aggregate name> -snapshot-policy <none>

    It is expected that an administrator user with sufficient RBAC privileges (to create a volume) creates a volume (using the volume cli command or REST API) of the desired size and provide the name of that volume as the -volume in the persistent store create CLI command or REST API.

    • The vserver parameter is the name of the SVM.

    • The volume parameter is the name of the persistent store volume.

    • The state parameter should be set to online so the volume is available for use.

    • The policy parameter is set to the FPolicy service policy, if you have one already configured. If not, you can use the volume modify command later to add the policy.

    • The unix-permissions parameter is optional.

    • The size parameter is based on the time duration for which you want to persist the events that are not delivered to the external server (partner application).

      For example, if you want 30 minutes of events to persist in a cluster with a 30K notifications per second capacity:

      Required Volume Size = 30000 x 30 x 60 x 0.6KB (average notification record size) = 32400000 KB = ~32 GB

      To find the approximate notification rate, you can either reach out to your FPolicy partner application or utilize the FPolicy counter requests_dispatched_rate.

    • The aggregate parameter is needed for FlexVol volumes, otherwise it is not required.

    • The snapshot-policy parameter must be set to none. This ensures that there is no accidental restore of the snapshot leading to loss of current events and prevents possible duplicate event processing.

      If you want to use an existing, empty volume, use the volume show command to find it and the volume modify command to make any needed alterations. Ensure the policy, size, and snapshot-policy parameters are set correctly for the persistent store.

  2. Create the persistent store:

    vserver fpolicy persistent store create -vserver <SVM> -persistent-store <PS_name> -volume <volume>

    • The vserver parameter is the name of the SVM.

    • The persistent-store parameter is the name of the persistent store.

    • The volume parameter is the name of the persistent store volume.

  3. Create the FPolicy policy and add the persistent store name to that policy. For more information, see Create the FPolicy policy.