Skip to main content

Commit files to WORM

Contributors netapp-lenida netapp-aherbin
PDFs

You can commit files to WORM (write once, read many) either manually or by committing them automatically. You can also create WORM appendable files.

Commit files to WORM manually

You commit a file to WORM manually by making the file read-only. You can use any suitable command or program over NFS or CIFS to change the read-write attribute of a file to read-only. You might choose to manually commit files if you want to ensure an application has finished writing to a file so that the file isn't committed prematurely or if there are scaling issues for the autocommit scanner because of a high number of volumes.

What you'll need

  • The file you want to commit must reside on a SnapLock volume.

  • The file must be writable.

About this task

The volume ComplianceClock time is written to the ctime field of the file when the command or program is executed. The ComplianceClock time determines when the retention time for the file has been reached.

Steps

  1. Use a suitable command or program to change the read-write attribute of a file to read-only.

    In a UNIX shell, use the following command to make a file named document.txt read-only:

    chmod -w document.txt

    In a Windows shell, use the following command to make a file named document.txt read-only:

    attrib +r document.txt

Commit files to WORM automatically

The SnapLock autocommit feature enables you to commit files to WORM automatically. The autocommit feature commits a file to WORM state on a SnapLock volume if the file did not change for the autocommit-period duration. The autocommit feature is disabled by default.

What you'll need

  • The files you want to autocommit must reside on a SnapLock volume.

  • The SnapLock volume must be online.

  • The SnapLock volume must be a read-write volume.

Note

The SnapLock autocommit feature scans through all of the files in the volume and commits a file if it meets the autocommit requirement. There might be a time interval between when the file is ready for autocommit and when it is actually committed by the SnapLock autocommit scanner. However, the file is still protected from modifications and deletion by the file system as soon as it is eligible for autocommit.
About this task

The autocommit period specifies the amount of time that files must remain unchanged before they are autocommitted. Changing a file before the autocommit period has elapsed restarts the autocommit period for the file.

The following table shows the possible values for the autocommit period:

Value Unit Notes

none

-

The default.

5 - 5256000

minutes

-

1 - 87600

hours

-

1 - 3650

days

-

1 - 120

months

-

1 - 10

years

-
Note

The minimum value is 5 minutes and the maximum value is 10 years.
Steps

  1. Autocommit files on a SnapLock volume to WORM:

    volume snaplock modify -vserver SVM_name -volume volume_name -autocommit-period autocommit_period

    For a complete list of options, see the man page for the command.

    The following command autocommits the files on volume vol1 of SVM vs1, as long as the files remain unchanged for 5 hours:

    cluster1::>volume snaplock modify -vserver vs1 -volume vol1 -autocommit-period 5hours

Create a WORM appendable file

A WORM appendable file retains data written incrementally, like log entries. You can use any suitable command or program to create a WORM appendable file, or you can use the SnapLock volume append mode feature to create WORM appendable files by default.

Use a command or program to create a WORM appendable file

You can use any suitable command or program over NFS or CIFS to create a WORM appendable file. A WORM appendable file retains data written incrementally, like log entries. Data is appended to the file in 256 KB chunks. As each chunk is written, the previous chunk becomes WORM-protected. You cannot delete the file until the retention period has elapsed.

What you'll need

The WORM appendable file must reside on a SnapLock volume.

About this task

Data does not have to be written sequentially to the active 256 KB chunk. When data is written to byte n×256KB+1 of the file, the previous 256 KB segment becomes WORM-protected.

Any unordered writes beyond the current active 256 KB chunk will result in the active 256KB chunk being reset to the latest offset and will cause writes to older offsets to fail with a 'Read Only File System (ROFS)' error. The write offsets are dependent on the client application. A client that does not conform to the WORM append file write semantics can cause incorrect termination of the write contents. Therefore, it is recommended to either ensure that the client follows the offset restrictions for unordered writes, or to ensure synchronous writes by mounting the file system in synchronous mode.

Steps

  1. Use a suitable command or program to create a zero-length file with the desired retention time.

    In a UNIX shell, use the following command to set a retention time of 21 November 2020 6:00 a.m. on a zero-length file named document.txt:

    touch -a -t 202011210600 document.txt

  2. Use a suitable command or program to change the read-write attribute of the file to read-only.

    In a UNIX shell, use the following command to make a file named document.txt read-only:

    chmod 444 document.txt

  3. Use a suitable command or program to change the read-write attribute of the file back to writable.

    Note

    This step is not deemed a compliance risk because there is no data in the file.

    In a UNIX shell, use the following command to make a file named document.txt writable:

    chmod 777 document.txt

  4. Use a suitable command or program to start writing data to the file.

    In a UNIX shell, use the following command to write data to document.txt:

    echo test data >> document.txt
    Note

    Change the file permissions back to read-only when you no longer need to append data to the file.

Use volume append mode to create WORM appendable files

Beginning with ONTAP 9.3, you can use the SnapLock volume append mode (VAM) feature to create WORM appendable files by default. A WORM appendable file retains data written incrementally, like log entries. Data is appended to the file in 256 KB chunks. As each chunk is written, the previous chunk becomes WORM-protected. You cannot delete the file until the retention period has elapsed.

What you'll need

  • The WORM appendable file must reside on a SnapLock volume.

  • The SnapLock volume must be unmounted and empty of Snapshot copies and user-created files.

About this task

Data does not have to be written sequentially to the active 256 KB chunk. When data is written to byte n×256KB+1 of the file, the previous 256 KB segment becomes WORM-protected.

If you specify an autocommit period for the volume, WORM appendable files that are not modified for a period greater than the autocommit period are committed to WORM.

Note

VAM is not supported on SnapLock audit log volumes.
Steps

  1. Enable VAM:

    volume snaplock modify -vserver SVM_name -volume volume_name -is-volume-append-mode-enabled true|false

    For a complete list of options, see the man page for the command.

    The following command enables VAM on volume vol1 of SVMvs1:

    cluster1::>volume snaplock modify -vserver vs1 -volume vol1 -is-volume-append-mode-enabled true

  2. Use a suitable command or program to create files with write permissions.

    The files are WORM-appendable by default.