cluster modify

This command modifies various cluster settings.

Usage

cluster modify [--id ID]
               [--name]
               [--psnt PSNT]
               [--motd MOTD]
               [--motd-append-to-default]               
               [--auto-logout-timeout AUTO_LOGOUT_TIMEOUT]
               [--auth-provider-refresh-interval AUTH_PROVIDER_REFRESH_INTERVAL]
               [--enable-metrics|--disable-metrics]
               [--enable-module-metrics|--disable-module-metrics]
               [--enable-trash|--disable-trash]
               [--trash-gid TRASH_GID]
               [--enable-suppressed-showmount|--disable-suppressed-showmount]
               [--smb-privileged-user-name SMB_PRIVILEGED_USER_NAME]
               [--enable-smb-privileged-user|--disable-smb-privileged-user]
               [--smb-privileged-group-sid SMB_PRIVILEGED_GROUP_SID]
               [--enable-smb-privileged-group|--disable-smb-privileged-group]
               [--smb-read-write-privileged-group-access]
               [--smb-read-only-privileged-group-access]
               [--default-others-share-level-perm FULL|CHANGE|READ]
               [--audit-dir-name  AUDIT_DIR_NAME]
               [--read-access-users]
               [--read-access-users-groups]
               [--max-file-size MAX_FILE_SIZE]
               [--max-retention-period PERIOD]
               [--max-retention-timeunit UNIT]
               [--max-audit-dir-size MAX_DIR_SIZE]
               [--keep-forever]
               {
                {
                 [--audit-protocols PROTOCOLS]
                 [--audit-operations OPERATIONS]
                 [--audit-options OPTIONS]
                 [--enable-audit-settings|--disable-audit-settings]
                }
                 | 
                  [--disable-audit]
               }
               [--enable-similarity|--disable-similarity]
               [--cluster-certificate mTLS_CERT]
               [--cluster-private-key mTLS_KEY]
               [--root-certificate ROOT_CERT]
               [--remove-mtls-certificates]
               [--remove_nfs4_certificate]

General Options

`--id ID`	The ID of the cluster.
`--name NAME`	Modifies the cluster name.
`--psnt PSNT`	Changes the PSNT of the cluster.
`--motd MOTD`	Specify a custom Message of the Day (MOTD) text. VAST OS displays this text on login.
`--motd-append-to-default`	Specify to append a custom message of the day set by `--motd` to the default. If this parameter is not specified, and a custom message is set using `--motd`, the custom message replaces the default message.
`--auto-logout-timeout AUTO_LOGOUT_TIMEOUT`	Sets the inactivity period for auto logout for VAST OS on all nodes (seconds).
`--auth-provider-refresh-interval AUTH_PROVIDER_REFRESH_INTERVAL`	Sets the Auth Provider Refresh Interval (in seconds).

NFS Options

`--enable-trash`	Enables the trash folder feature. Once enabled, trash folder access permission can be given to NFSv3 client hosts per view policy.
`--disable-trash`	Disables the trash folder feature.
`--trash-gid`	Specify the GID of a group of non-root users to allow them access to the trash folder.
`--enable-suppressed-showmount`	Suppresses output of 'showmount' command from Linux NFSv3 clients.
`--disable-suppressed-showmount`	Disables suppression of 'showmount' command output.

SMB Options

`--smb-privileged-user-name SMB_PRIVILEGED_USER_NAME`	Specify a custom username for the privileged SMB user. If not specified, the user name of the SMB privileged user is 'vastadmin'.
`--enable-smb-privileged-user`	Enables the privileged SMB user.
`--disable-smb-privileged-user`	Disables the privileged SMB user.
`--smb-privileged-group-sid SMB_PRIVILEGED_GROUP_SID`	Specify a custom SID for the privileged SMB group. If not specified, the privileged SMB group SID is the Backup Operators domain group SID (S-1-5-32-551).
`--enable-smb-privileged-group`	Enables the privileged SMB group.
`--disable-smb-privileged-group`	Disables the privileged SMB group.
`--smb-read-write-privileged-group-access`	Grants read and write control access to the privileged SMB group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.
`--smb-read-only-privileged-group-access`	Grants only read-only access control to the privileged SMB group. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.
`--default-others-share-level-perm FULL\|READ\|CHANGE`	Sets the default 'Everyone' Group SMB share-level permission for the cluster. This default permission affects all views in which share-level ACL is disabled. For more information about SMB share-level permissions, see Share-Level ACLs. Possible values: `FULL` (default). Grants all SMB users full control share-level access to views that have Share-level ACL disabled. `READ`. Grants all SMB users read share-level access to views that have Share-level ACL disabled. `CHANGE`. Grants all SMB users change share-level access to views that have Share-level ACL disabled.

S3 Options

`--remove-s3-key-pair`	Removes the current SSL server certificate key pair for the S3 service.
`--s3-certificate S3_CERTIFICATE`	Specify content of SSL server certificate file, to install SSL certificate for the S3 service, to enable S3 clients to connect to the S3 service over HTTPS. Include also the `--s3-private-key` parameter to complete the certificate installation.
`--s3-private-key S3_PRIVATE_KEY`	Specify content of SSL server key file, to install SSL certificate for the S3 service, to enable S3 clients to connect to the S3 service over HTTPS. Include also the `--s3-certificate` parameter to complete the certificate installation.

Protocol Auditing Options

`--audit-dir-name AUDIT_DIR_NAME`	Sets a name for the audit directory. A directory of this name will be created directly under the root directory of the default tenant in the Element Store. Protocol audit records are written to this directory. The default is `.vast_audit_dir`.
`--read-access-users`	Identifies users to grant them read access to all files in the audit directory. Specify users as a comma-separated list of user names. Tip To make the audit directory accessible to clients, create a view on the directory.
`--read-access-users-groups`	Identifies user groups to grant users in those groups read access to all files in the audit directory. Specify groups as a comma-separated list of user names. Tip To make the audit directory accessible to clients, create a view on the directory.
`--max-file-size MAX_FILE_SIZE`	Sets the maximum size of each file of audit records in the audit directory. Audit records are written to subdirectories of the audit directory per CNode core. Records written to each directory roll over to a new file when the file reaches this size. This setting limits the size of each audit file, but it does not limit the total size of all audit files. Specify `MAX_FILE_SIZE` with units of MB, GB, TB and so on. Default: 1024MB For example: `--max-file-size 2GB`
`--max-retention-period PERIOD`	Sets the maximum period for which the audit files are kept. The period is defined in units of measurements that you specify in the `--max-retention-timeunit` parameter. Specify an integer. The default value is 1. This option cannot be specified together with `--keep-forever`.
`--max-retention-timeunit UNIT`	Sets the unit of measurement for the period specified in `--max-retention-period`. Valid values are: `h` for hours (default) `D` for days `W` for weeks `M` for months `y` for years
`--max-audit-dir-size MAX_DIR_SIZE`	Sets a maximum size for the audit directory. No limit is set by default. Specify `MAX_DIR_SIZE` with units of MB, GB, TB and so on. Example: `--max-audit-dir-size 200 GB`
`--keep-forever`	When this option is specified, audit files are kept for an unlimited period of time. By default, this setting is disabled. This option cannot be specified together with `--max-retention-period`.
`--audit-protocols PROTOCOLS`	Lists access protocols for which you are enabling or disabling protocol auditing. Use this parameter together with `--enable-audit-settings` or `--disable-audit-settings` to enable or disable auditing of the specified protocols. When specifying `--audit-protocols` , you must also specify `--audit-operations` and/or `--audit-options`. Specify `PROTOCOLS` as a comma-separated list of values. Valid values: `NFSv3` `NFSv4.1` `SMB` `S3`
`--audit-operations OPERATIONS`	Lists categories of protocol operations for which you are enabling or disabling protocol auditing. Use this parameter together with `--audit-protocols` and either `--enable-audit-settings` or `--disable-audit-settings` to enable or disable auditing of the specified protocol operations. Specify `OPERATIONS` as a comma-separated list of values. Valid values: `create_delete_files_dirs_objects`. Operations that create or delete files, directories or objects. `modify_data_md`. Operations that modify data (this includes operations that change the file size) and metadata. `read_data`. Operations that read data and metadata. `session_create_close`. Session creation and closing operations for sessions that use Kerberos 5 authentication (`krb5` , `krb5i`, or `krb5p`). Tip For a complete list of operations, see Configuring Global Auditing Settings.
`--audit-options OPTIONS`	Lists audit options to enable or disable. Use this parameter together with `--audit-protocols` and either `--enable-audit-settings` or `--disable-audit-settings` to enable or disable the specified options for the specified protocols. Specify `OPTIONS` as a comma-separated list of values. Valid values: `log_full_path`. If enabled (default for all protocols), audit records contain the full Element Store path to the requested resource. This may affect performance. When disabled, the view path is recorded. `log_username`. Disabled by default. If enabled, audit records contain the username (if a username can be retrieved from the auth provider).
`--enable-audit-settings`	Enables audit settings specified in the same command line by the `--audit-protocols`, `--audit-operations` and `--audit-options` parameters. Any previously enabled audit settings (protocols, operations or options) remain enabled.
`--disable-audit-settings`	Disables audit settings specified in the same command line by the `--audit-protocols`, `--audit-operations` and `--audit-options` parameters. Any previously enabled audit settings (protocols, operations or options) that you do not specify in the same command line remain enabled.
`--disable-audit`	Disables protocol auditing. Tip To enable protocol auditing, run `cluster modify` with the `--audit-protocols` options specified, as well as `--audit-options` and/or `--audit-operations`.

Similarity Options

`--enable-similarity`	Enables similarity-based data reduction.
`--disable-similarity`	Disables similarity-based data reduction (enabled by default).

mTLS Options

`--cluster-certificate mTLS_CERT`	Uploads the certificate (public key) file content of a CA signed certificate for mTLS encryption. Replace each new line in the file content with `\n` and paste the file content into the command line between single quotes as `mTLS_CERT`. For example: cluster modify --cluster-certificate '-----BEGIN CERTIFICATE-----\nMIICozCCAYsCCQDnK7WmAvBFFzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdS\nb290LWNhMB4XDTIzMDEyNDA5Mzk0M1oXDTIzMDIyMzA5Mzk0M1owFTETMBEGA1UE\nAwwKc2VydmVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZN\nSznCWrye4Tad/Q5yn6jOYNqz4lbiq1PzXWjJhRrNgQWn2B40/d/8tmCLkSX7KCJ0\nmviP1EEhFfxsaUs8VMOdubZY9VkYmlc1ryvtXBDA9y5IwY+cyQ0t0BN5YPsgUEgy\nrlZ4GTaroDk84VWaFUHk6iCxx2YKHayAzeabfeimuo8xlL9X4/yAgyD2AWHHL/uz\n4YZuTuGbb/RcRRW45/VAumspZJleF3Up8gl6eHl8h/lEKafr4H5WK5lluFqM/Mcr\nkJMrRJXy1UAuvl2ZS/rhAsaFtkPynwP0faqfLdguFDZgJAJhJvChBbUz4HukGevG\ncT0cTUyUbqyO1IhvL8MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAwYoFWuHuLqhL\n5cYGnCeLGnGnzRU/gsz+OPUtmseORsNY/pXEYr3iWvSSgm+WSVGmsWChCzvYkjb3\n2caponMzu4BW/gg2iNm0/aE0gv5zbeKn8di8KNzo1S++rgDEg8+vllIOKZFqzKWA\nXnuuuSfEWt6uGWp0HHgR7UWoaCwFmoG1+gwf7RG4WnNZJcczQ41032aDEsPTmqsy\nPKwswuZjDJ1qiORU9jx8upYYOpcRXn1u5twBYxTi0rLt6d56Id6e/s47SUT/VAMY\nG+adCGDoUdp5LiQatwuW7I3PV+naFPFoMj3r1mVAbhQCRNOqDc4/5MnPZQI64UxN\nsOgX6XyC2A==\n-----END CERTIFICATE-----'
`--cluster-private-key mTLS_KEY`	Uploads the private key file content of a CA signed certificate for mTLS encryption. Replace each new line in the file content with `\n` and paste the file content into the command line between single quotes as `mTLS_KEY`.
`--root-certificate ROOT_CERT`	Uploads the CA's root certificate for mTLS encryption. Replace each new line in the file content with `\n` and paste the file content into the command line between single quotes as `ROOT_CERT`.
`--remove-mtls-certificates`	Removes mTLS certificates from the cluster.

Example

This example changes the SMB privileged user name to 'vast_backup_user'.

vcli: admin>  cluster modify --smb-privileged-user-name vast_backup_user

Articles in this section

Usage

General Options

NFS Options

SMB Options

S3 Options

Protocol Auditing Options

Tip

Tip

Tip

Tip

Similarity Options

mTLS Options

Example

Comments

Articles in this section

Usage

General Options

NFS Options

SMB Options

S3 Options

Protocol Auditing Options

Tip

Tip

Tip

Tip

Similarity Options

mTLS Options

Example

Related articles