xadrdm's picture

Huge Security Problem

Unless I am missing something, it seems like any user can throw away any folder they want to, even if they have no R/W Permissions at all, on an Xsan Drive or even a Local Drive!!

Is this correct? Is there anyway to stop this huge security problem?

I have been searching for hours on many Unix and OS X Sites, but I have not been able to find any relevant information about this issue.

Help
Kalagan

xadrdm's picture

Frequent Server Interruptions

I'm running a 3 seat xsan, 3 G5s, an Xserve Raid, and the SANBox 5200. My cat5 network is set up with 2 NIC cards on each g5 one connecting to the local network for internet, one connecting for metadata for the RAID, all static IPs, blah blah. Anyway, my main metadata controller, failed over to the secondary, and ever since it's been running on that machine, it's had frequent Server Interupptions. When I'm running spotlight, and I double click on a file it gets interrupted, and crashes finder. When I scroll over the recent documents folder in DVD Studio Pro, it interrupts, crashes dvd studio, crashes finder. Anytime this happens, I have to do a hard reset, as finder won't respond or recycle. This is very frustrating. Any help would be greatly appriciated.

xadrdm's picture

Xsan and Spotlight

Has anyone had any issues with Xsan and Spotlight?

Thanks,

John

bforcier's picture

XServe RAID 14*500 available but 14*400 no longer?

Forums: 

I wonder what kind of issues it will create with the LUN limit at 2TB?

Will we have to build XServe RAIDs with 12*500 (RAID5 of 5*500 + 1 for hot spare) in order to acheive 2TBs LUNs per controller?

What do you guys think?

aaron's picture

Xsan Tuner

Apple has released the Xsan Tuner application for testing and tuning Xsan installations.

About the Xsan Tuner Application

The Xsan Tuner application is used to test the data and video transfer capabilities of your storage area network and it’s Xsan volumes. Xsan Tuner can simulate both standard UNIX reads and writes as well as Final Cut Pro video reads and writes for a variety of common video formats.

Use Xsan Tuner to see if your SAN can handle planned workloads before you put it into production use. An Xsan Tuning Guide is provided along with the application to help understand the Xsan Tuner results as well as provide configuration suggestions to optimize your SAN performance.

To use the Xsan Tuner application, you need the following:

  • Mac OS X or Mac OS X Server v10.4.2 or later
  • Xsan 1.1 or later

abickel's picture

error: quota_update_entry

Hey guys,
So i've been working on this 2 client seat, decentralized auth xsan.
In the volume log for the san, i'm seeing variations on the following error fairly regularly:

Sep 12 11:54:47 mdc fsm[355]: Xsan FSS 'MEDIA2[0]': quota_update_entry: newsize < 0 - 0xfffffffffffbef1f

this is a SAN that had seen data corruption in the past, though it ended up being a bad Raid Controller causing I/O errors and invalid nodes. I'm just trying to ensure that this error is not still related to the previous one.

i don't have quotas enabled, so what is this pointing to? would it be avoided by centralized auth?

thanks for your input,
alex.
nyc

larspetter's picture

Forwarding authentication

Forums: 

Hi!

I´ve got an Xsan setup with 2 servers. Server 1 is the main MDC and the other as backup and ldap server. The clients are of course in a private gigabit ethernet. The second server is also connected to the inhouse network which contains a main AD/open-ldap/radius server setup (that I have no direct access to).

My challenge is that I need this second xserve to forward client autentication requests from the clients in the private network to the inhouse servers. Anyone know if open-ldap can be setup to forward? Anyone know if I can use radius to help with this?

(PS There already is a wireless network but cannot use it for login since it requires VPN autentication first).

LP<

xadrdm's picture

Slow Read/Write to RAID

Hi,

We just recently purchased a Xyratex RAID and JBOD subsystem as storage for our new Xsan setup. We have been testing these in a non-production environment and are experiencing some serious performance issues. Can anyone give any suggestions?

The storage is composed of 24 400GB SATA drives initialised as 3 7+1 Raid 5 arrays. We have tried these both direct connected over fibre and thru a QLogic 5200 to both an Xserve G5 and G4. We have also tried both using XSan and without as standard HFS+ volumes. Fibre channel HBAs are standard Apple (LSI Logic OEM) PCIX cards.

In all cases we do not seem to be able to achieve more than 15MB/s writes and 25MB/s reads. Xyratex tell us we should be achieving more like 200MB/s write and 380-400MB/s read.

The problem does not appear to be down to the storage enclosure as we also tested and enclosure with Fibre Channel disks with the Xserve G4 with almost identical results. We don't have these problems with our Xserve RAIDs, but need to change over for increased controller reliability.

Does anyone have any ideas on this???

Cheers
Dan/code

xadrdm's picture

Quark 6.5 and Xsan

Hi all Im having very strange behaviour with quark and xsan.

Desktop connects to AFP share on xserve tiger which is client to san. Whenever I try to save a doc onto the san whilst working on it Quark throws up a disk is full error.

I have 2tb space nearly in one storage pool/lun.

Two possibilities as I see it
1, disk space too much for quark when it performs a space check
2, Quark is fundementally incompatible with XSAN filesystem

Quark 4, Indesign CS and Photoshop work fine.

Any help would be appreciated!

saa2012's picture

Tiger Server AFP weirdness with XSAN 1.1

Forums: 

I have three servers on my XSAN network. Two are also MetaData controllers, the third is just a client. The one that is just a client is my main file server and is on 10.3.9. It connects through an ATTO card to three ESS LUNs through a seperate fabric. It connects to the XSAN with an Apple card through the QLogic fabric (no interconnection with the IBM fabric). It also has some local volumes.

I updated all three machines to Tiger. I soon found that most users could not see the contents of any shares that were located on the XSAN volume. The volume looks fine in Finder and WGM on the server but the shared volume mounts as empty. Shares on the ESS LUNs and local disks were fine. After spending as much time as I could on the issue (this is our main file server) I downgraded to 10.3.9 (previous backup). This fixed the issue for our main file server. On the other two I took a bit more time including several reinstalls of Tiger (both clean and upgrade). In all cases the XSAN shares would be empty but the local disk shares wouldn't.

I did cvfsck and dfsdefrag on the volume - it seems fine.

Here is the weirdness: AFP server from 10.4.2 with XSAN results in blank share for any client (Panther or Tiger). If you connect SMB to the 10.4.2 server the share appears correct. All other (non-XSAN) shares appear correct via AFP or SMB. If the server is 10.3.9 then the problem goes away.

Here is the even weirder new twist I just discovered: If the user who is the OWNER of the shared AFP volume connects he can see the contents even if it is shared from 10.4.2 AFP server and is on XSAN. If the user is merely someone who is entitled to access the volume (rw or ro) via their group membership then they get a blank share. All three servers are joined to the same OD domain and have no other sharing issues with the non XSAN shares (or even with the XSAN shares if it is via SMB or if it is the owner who is connecting).

Weird, huh? Anyone else see this? Anyone have a solution?

Pages

Subscribe to Xsanity RSS