Background
The Elastifile legacy systems migration to Filestore requires some preparations for having a smoother and easier process.
Those preparations include system settings which should be configured at the target system before the data migration itself.
Since the Elastifile systems have the user settings, a tool that automates the copying configuration process for the customer is useful, minimizing the manual toil.
Introduction
Elastifile offers its users to define ACLs (access control list) on the share/ export level.
The ACL defines a subnet or specific IP which will allow access to the export based on different access permission levels, e.g. no-access, list-only, read-only, read-write.
The ACLs migration tool exports the existing access list configuration of a given data container and its shares/ exports, which can be used for defining the Filestore share configuration such as:
- Filestore Share Name
- Filestore Share Capacity
- Filestore Access Control List
The tool allows the user to consolidate multi Elastifile shares’ ACLs into a single share in Filestore.
Overview
The ACL migration tool is executed on the Elastifile system EMS.
The tool checks the data container settings as well as its exports’ configurations and creates a new JSON configuration file.
The JSON configuration file can be used as a flag of the gcloud command to manage a Filestore instance.
The configuration file defines the fileShares Filestore attribute.
fileShares attribute consists the following settings:
- Share Name
- Share Capacity
- Share NFS Exports options
The NFS exports option is generated based on the data container ACLs configured with the relevant access permissions.
The share name and capacity settings are given by the user and are not fetched from the existing Elastifile data container.
For more information about the Filestore IP based Access Control refer here.
Known Limitations and Notes
- Elastifile shares support a block list mode and allow list mode, while Filestore ScaleOut supports allow list mode only.
- Elastifile has a list_only access type permission which doesn’t exist in Filestore. list_only permission in Elastifile will be mapped into read_only mode in Filestore, to keep allowing clients to list the share.
- no_access permission will not be mapped in Filestore, since this is the GCP Filestore default.
- Filestore share name cannot be updated.
- The configuration of UID and GID settings is not being considered by the tool.
- If the provided Filestore share capacity size is different than the configured one, it will lead to capacity changes other than permission only.
Tool Usage
# python acl_migration.py --help
Usage: acl_migration.py [options]
Options:
-h, --help
show this help message and exit
-u USER, --user=USER
Enter the user name. [Default: admin]
-p PASSWORD, --password=PASSWORD
Enter the user name password. [Default: changeme]
-d DC_ID, --data-container-id=DC_ID
Specify the data container ID you would like to export.
-e EXPORT_IDS, --export-ids=EXPORT_IDS
Specify the export IDs you would like to export.
use comma separated for specifying multiple ones
-n SHARE_NAME, --name=SHARE_NAME
Specify the Filestore share name.
-c SHARE_CAPACITY, --capacity=SHARE_CAPACITY
Specify the Filestore share capacity in GiB.
- SSH into the EMS machine of your Elastifile cluster
- Download the tool
# wget https://storage.googleapis.com/elastifile-software-repo/scripts/acl_migration.py
- Execute the tool. For example:
# python acl_migration.py -d 2 -e 2,3 -n share -c 1024 -p password
The file is at /tmp/share-options.json
- From a GCP Cloud Shell, use the output file in order to
- Create a new Filestore instance:
gcloud filestore instances create <FILESTORE_INSTANCE_NAME> --network=name=<VPC_NAME> --location=<GCP_ZONE/REGION> --tier=<FILESTORE_TIER> --flags-file=share-options.json --project <PROJECT_ID>
- Update an existing Filestore instance:
gcloud filestore instances update <FILESTORE_INSTANCE_NAME> --location=<GCP_ZONE/REGION> --flags-file=/tmp/share-options.json --project <PROJECT_ID>
- Create a new Filestore instance: