cluster modify

This command modifies various cluster settings.

Usage

cluster modify [--id ID]
               [--name]
               [--psnt PSNT]
               [--motd MOTD]
               [--motd-append-to-default]               
               [--auto-logout-timeout AUTO_LOGOUT_TIMEOUT]
               [--auth-provider-refresh-interval AUTH_PROVIDER_REFRESH_INTERVAL]
               [--enable-metrics|--disable-metrics]
               [--enable-module-metrics|--disable-module-metrics]
               [--enable-trash|--disable-trash]
               [--trash-gid TRASH_GID]
               [--enable-suppressed-showmount|--disable-suppressed-showmount]
               [--enable-showmount-hide-slash|--disable-showmount-hide-slash]
               [--nfs-certificate CERTIFICATE]
               [--nfs-private-key KEY]
               [--remove-nfs-certificate]
               [--smb-privileged-user-name SMB_PRIVILEGED_USER_NAME]
               [--enable-smb-privileged-user|--disable-smb-privileged-user]
               [--smb-privileged-group-sid SMB_PRIVILEGED_GROUP_SID]
               [--enable-smb-privileged-group|--disable-smb-privileged-group]
               [--smb-read-write-privileged-group-access]
               [--smb-read-only-privileged-group-access]
               [--default-others-share-level-perm FULL|CHANGE|READ]
               [--audit-dir-name  AUDIT_DIR_NAME]
               [--read-access-users]
               [--read-access-users-groups]
               [--max-file-size MAX_FILE_SIZE]
               [--max-retention-period PERIOD]
               [--max-retention-timeunit UNIT]
               [--enable-vast-db-audit|--disable-vast-db-audit]
               [--enable-json-audit|--disable-json-audit]
               [--max-audit-dir-size MAX_DIR_SIZE]
               [--keep-forever]
               {
                {
                 [--audit-protocols PROTOCOLS]
                 [--audit-operations OPERATIONS]
                 [--audit-options OPTIONS]
                 [--enable-audit-settings|--disable-audit-settings]
                }
                 | 
                  [--disable-audit]
               }
               [--enable-similarity|--disable-similarity]
               [--cluster-certificate mTLS_CERT]
               [--cluster-private-key mTLS_KEY]
               [--root-certificate ROOT_CERT]
               [--remove-mtls-certificates]
               [--enable-use-flash-write-buffers|--disable-use-flash-write-buffers]
               [--enable-bucket-replication]
               [--enable-bucket-db-replication]
               [--max-cluster-write-bw-mb BW]
               [--enable-dr|--disable-dr]
               [--enable-encryption|--disable-encryption]
               [--enable-s3-cors|--disable-s3-cors]

General Options

`--id ID`	The ID of the cluster.
`--name NAME`	Modifies the cluster name.
`--psnt PSNT`	Changes the PSNT of the cluster.
`--motd MOTD`	Specify a custom Message of the Day (MOTD) text. VAST OS displays this text on login.
`--motd-append-to-default`	Specify to append a custom message of the day set by `--motd` to the default. If this parameter is not specified, and a custom message is set using `--motd`, the custom message replaces the default message.
`--auto-logout-timeout AUTO_LOGOUT_TIMEOUT`	Sets the inactivity period for auto logout for VAST OS on all nodes (seconds).
`--auth-provider-refresh-interval AUTH_PROVIDER_REFRESH_INTERVAL`	Sets the Auth Provider Refresh Interval (in seconds).

NFS Options

`--enable-trash`	Enables the trash folder feature. Once enabled, trash folder access permission can be given to NFSv3 client hosts per view policy.
`--disable-trash`	Disables the trash folder feature.
`--trash-gid`	Specify the GID of a group of non-root users to allow them access to the trash folder.
`--enable-suppressed-showmount`	Enables suppression of the output of the `showmount` command for Linux NFSv3 clients.Suppressing `showmount` Command Output on NFSv3 Clients
`--disable-suppressed-showmount`	Disables suppression of `showmount` command output.
`--enable-showmount-hide-slash`	When specified, the response to the `showmount` command does not show the root export ("/").
`--disable-showmount-hide-slash`	When specified, the response to the `showmount` command includes the root export ("/"): `'/' everyone(rw)`
`--nfs-certificate CERTIFICATE`	Enter an NFS certificate string for the cluster.
`--nfs-private-key KEY`	Enter the private key for the cluster's NFS certificate.
`--remove-nfs-certificate`	This option removes the cluster's NFS certificate.

SMB Options

`--smb-privileged-user-name SMB_PRIVILEGED_USER_NAME`	Specify a custom username for the privileged SMB user. If not specified, the user name of the SMB privileged user is 'vastadmin'.
`--enable-smb-privileged-user`	Enables the privileged SMB user.
`--disable-smb-privileged-user`	Disables the privileged SMB user.
`--smb-privileged-group-sid SMB_PRIVILEGED_GROUP_SID`	Specify a custom SID for the privileged SMB group. If not specified, the privileged SMB group SID is the Backup Operators domain group SID (S-1-5-32-551).
`--enable-smb-privileged-group`	Enables the privileged SMB group.
`--disable-smb-privileged-group`	Disables the privileged SMB group.
`--smb-read-write-privileged-group-access`	Grants read and write control access to the privileged SMB group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.
`--smb-read-only-privileged-group-access`	Grants only read-only access control to the privileged SMB group. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.
`--default-others-share-level-perm FULL\|READ\|CHANGE`	Sets the default 'Everyone' Group SMB share-level permission for the cluster. This default permission affects all views in which share-level ACL is disabled. For more information about SMB share-level permissions, see Share-Level ACLs. Share-Level ACLs Possible values: `FULL` (default). Grants all SMB users full control share-level access to views that have Share-level ACL disabled. `READ`. Grants all SMB users read share-level access to views that have Share-level ACL disabled. `CHANGE`. Grants all SMB users change share-level access to views that have Share-level ACL disabled.

S3 Options

`--remove-s3-key-pair`	Removes the current SSL server certificate key pair for the S3 service.
`--s3-certificate S3_CERTIFICATE`	Specify content of SSL server certificate file, to install SSL certificate for the S3 service, to enable S3 clients to connect to the S3 service over HTTPS. Include also the `--s3-private-key` parameter to complete the certificate installation.
`--s3-private-key S3_PRIVATE_KEY`	Specify content of SSL server key file, to install SSL certificate for the S3 service, to enable S3 clients to connect to the S3 service over HTTPS. Include also the `--s3-certificate` parameter to complete the certificate installation.
`--enable-bucket-replication`	Enables bucket replication on the cluster. If enabled, any S3 buckets on or under replicated protected paths are automatically recreated at the replication target(s), provided they are configured on the local cluster (the replication source peer) with the S3 default view policy. They also receive the following properties of the source bucket: Object versioning status s3 lock enablement status object ownership rule allow anonymous access status has db status The bucket policy If a bucket was created manually on the target with the same name as the equivalent bucket on the source peer, the source bucket's properties are applied to the manually created bucket. If this feature is not enabled, buckets must be created on the target paths in order to enable S3 access to the replicated data. Note You cannot disable this feature.
`--enable-bucket-db-replication`	When this option is specified, VAST Cluster automatically creates configuration for the replicated VAST Database bucket on the destination replication peer. If disabled, the configuration needs to be created manually. Note Once enabled, this capability cannot be disabled.
`--enable-s3-cors`	This option enables limited CORS support. If specified, the VAST cluster includes an `Access-Control-Allow-Origin: *` header with every response, which means that all origins are allowed.
`--disable-s3-cors`	If specified, the VAST cluster does not include any CORS-related headers in the response (default).

Protocol Auditing Options

`--audit-dir-name AUDIT_DIR_NAME`	Sets a name for the audit directory. A directory of this name will be created directly under the root directory of the default tenant in the Element Store. Protocol audit records are written to this directory. The default is `.vast_audit_dir`.
`--read-access-users`	Identifies users to grant them read access to all files in the audit directory. Specify users as a comma-separated list of user names. Tip To make the audit directory accessible to clients, create a view on the directory.
`--read-access-users-groups`	Identifies user groups to grant users in those groups read access to all files in the audit directory. Specify groups as a comma-separated list of user names. Tip To make the audit directory accessible to clients, create a view on the directory.
`--max-file-size MAX_FILE_SIZE`	Sets the maximum size of each file of audit records in the audit directory. Audit records are written to subdirectories of the audit directory per CNode core. Records written to each directory roll over to a new file when the file reaches this size. This setting limits the size of each audit file, but it does not limit the total size of all audit files. Specify `MAX_FILE_SIZE` with units of MB, GB, TB and so on. Default: 1024MB For example: `--max-file-size 2GB`
`--max-retention-period PERIOD`	Sets the maximum period for which the audit files are kept. The period is defined in units of measurements that you specify in the `--max-retention-timeunit` parameter. Specify an integer. The default value is 1. This option cannot be specified together with `--keep-forever`.
`--max-retention-timeunit UNIT`	Sets the unit of measurement for the period specified in `--max-retention-period`. Valid values are: `h` for hours (default) `D` for days `W` for weeks `M` for months `y` for years
`--max-audit-dir-size MAX_DIR_SIZE`	Sets a maximum size for the audit directory. No limit is set by default. Specify `MAX_DIR_SIZE` with units of MB, GB, TB and so on. Example: `--max-audit-dir-size 200 GB`
`--keep-forever`	When this option is specified, audit files are kept for an unlimited period of time. By default, this setting is disabled. This option cannot be specified together with `--max-retention-period`.
`--audit-protocols PROTOCOLS`	Lists access protocols for which you are enabling or disabling protocol auditing. Use this parameter together with `--enable-audit-settings` or `--disable-audit-settings` to enable or disable auditing of the specified protocols. When specifying `--audit-protocols` , you must also specify `--audit-operations` and/or `--audit-options`. Specify `PROTOCOLS` as a comma-separated list of values. Valid values: `NFSv3` `NFSv4.1` `SMB` `S3` `NDB` (VAST DataBase)
`--audit-operations OPERATIONS`	Lists categories of protocol operations for which you are enabling or disabling protocol auditing. Use this parameter together with `--audit-protocols` and either `--enable-audit-settings` or `--disable-audit-settings` to enable or disable auditing of the specified protocol operations. Specify `OPERATIONS` as a comma-separated list of values, each of which specifies a category of operations being audited. Valid values:Audited Protocol Operations `create_delete_files_dirs_objects`. Operations that create or delete files, directories or objects. `modify_data`. Operations that modify data. `modify_data_md`. Operations that modify metadata. `read_data`. Operations that read data. `read_data_md`. Operations that read metadata. `session_create_close`. Session creation and closing operations for sessions that use Kerberos 5 authentication (`krb5` , `krb5i`, or `krb5p`).
`--audit-options OPTIONS`	Lists audit options to enable or disable. Use this parameter together with `--audit-protocols` and either `--enable-audit-settings` or `--disable-audit-settings` to enable or disable the specified options for the specified protocols. Specify `OPTIONS` as a comma-separated list of values. Valid values: `log_full_path`. If enabled (default for all protocols), audit records contain the full Element Store path to the requested resource. This may affect performance. When disabled, the view path is recorded. `log_username`. Disabled by default. If enabled, audit records contain the username (if a username can be retrieved from the auth provider).
`--enable-audit-settings`	Enables audit settings specified in the same command line by the `--audit-protocols`, `--audit-operations` and `--audit-options` parameters. Any previously enabled audit settings (protocols, operations or options) remain enabled.
`--enable-json-audit`	Enables saving audit logs to a JSON file.
`--enable--vast-db-audit`	Enables saving audit logs to a VAST DataBase table
`--disable-audit-settings`	Disables audit settings specified in the same command line by the `--audit-protocols`, `--audit-operations` and `--audit-options` parameters. Any previously enabled audit settings (protocols, operations or options) that you do not specify in the same command line remain enabled.
`--disable-audit`	Disables protocol auditing. Tip To enable protocol auditing, run `cluster modify` with the `--audit-protocols` options specified, as well as `--audit-options` and/or `--audit-operations`.
`--disable-json-audit`	Disables saving audit logs to a JSON file. Existing records are not deleted until the `--max-retention-period` elapses.
`--disable-vast-db-audit`	Disables saving audit logs to a VAST DataBase table. Existing records are not deleted until the `--max-retention-period` elapses.

Data Reduction and Similarity Options

`--enable-dr`	Enables data reduction on the cluster (enabled by default).
`--disable-dr`	Disables data reduction on the cluster.
`--enable-similarity`	Enables similarity-based data reduction.
`--disable-similarity`	Disables similarity-based data reduction (enabled by default).

Cluster mTLS Options

`--cluster-certificate mTLS_CERT`	Uploads the certificate (public key) file content of a CA signed certificate for mTLS encryption. Replace each new line in the file content with `\n` and paste the file content into the command line between single quotes as `mTLS_CERT`. For example: `cluster modify --cluster-certificate '-----BEGIN CERTIFICATE-----<certificate_text>-----END CERTIFICATE-----'`
`--cluster-private-key mTLS_KEY`	Uploads the private key file content of a CA signed certificate for mTLS encryption. Replace each new line in the file content with `\n` and paste the file content into the command line between single quotes as `mTLS_KEY`.
`--root-certificate ROOT_CERT`	Uploads the CA's root certificate for mTLS encryption. Replace each new line in the file content with `\n` and paste the file content into the command line between single quotes as `ROOT_CERT`.
`--remove-mtls-certificates`	Removes mTLS certificates from the cluster.

Flash Write Buffer Options

`--enable-use-flash-write-buffers`	Enables the use of flash memory devices to store write buffers. This allows the total available write buffer size on the cluster to be increased.
`--disable-use-flash-write-buffers`	Disable use of flash memory devices to store write buffers. When disabled, all write buffers are flushed and allocated buffer space is returned.

QoS Options

--max-cluster-write-bw-mb BW

Sets the cluster-wide write bandwidth limit to help prevent situations where workloads controlled with prioritized QoS policies are not served at the expected QoS because of extensive media consumption by non-prioritized workloads. For more information, see QoS Overview.QoS Overview

Specify BW in MB/s. '0' (zero) means no limit is set, which is the default value.

The recommended cluster-wide maximum is 70% of the cluster’s total write bandwidth.

Encryption Options

`--enable-encryption`	Enables encryption of cluster data. This triggers a rewrite of cluster data, which may impact workloads while in progress.
`--disable-encryption`	Disables encryption of cluster data. This action cannot be undone.

Example

This example changes the SMB privileged user name to 'vast_backup_user'.

vcli: admin>  cluster modify --smb-privileged-user-name vast_backup_user