There are a ton of hidden gems in ONTAP that go unnoticed because they get added without a lot of fanfare. For example, the volume recovery queue got added in 8.3 and no one really knew what it was, what it did, or why the volumes they deleted didn’t seem to actually get deleted for 24 hours.

I keep my ears open for these features so I can promote them and I ran across a pretty slick, simple gem while at the NetApp Converge (sales kick off) conference, from an old colleague in my support days that now does SE work. (Shout out to Maarten Lippmann!)

But, features are only as good as their use cases.

Here’s the scenario…

Let’s say you have a Git code repository with millions of files and its files are owned by a number of different people that one of your developers wants to access and make changes to. They don’t have access to some of those files by way of permissions, but there are way too many to re-permission effectively and in a timely manner. Plus, if you change the access to these files, you might break the code repo horribly.

So, how do you:

Create a usable copy of the entire code repo in a reasonable amount of time without eating up a ton of space

Assign a new owner to all the files in the volume quickly and easily

Keep the original repo intact

It’s pretty easy in ONTAP, actually – In fact, it’s a single command. All you need is a FlexClone license and you can make an instant copy of a volume with a new file owner without impacting the source volume and without using up any new space. Additionally, if you wanted to keep those changes, you can split the clone into its own unique volume.

In the following example, I have an existing volume that has a ton of files and folders, all owned by root:

[root@XCP nfs4]# ls -la total 8012 d------r-x. 102 root root 8192 Apr 11 11:41 . drwxr-xr-x. 5 root root 4096 Apr 12 17:20 .. ----------. 1 root root 0 Apr 11 11:29 file d---------. 1002 root root 77824 Apr 11 11:47 topdir_0 d---------. 1002 root root 77824 Apr 11 11:47 topdir_1 ... d---------. 1002 root root 77824 Apr 11 11:47 topdir_99

I want the new owner of the files in the cloned volume to be a user named “prof1” and the GID to be 1101.

cluster::*> getxxbyyy getpwbyname -node ontap9-tme-8040-01 -vserver DEMO -username prof1 (vserver services name-service getxxbyyy getpwbyname) pw_name: prof1 pw_passwd: pw_uid: 1100 pw_gid: 1101 pw_gecos: pw_dir: pw_shell:

So, I do the following:

cluster::*> vol clone create -vserver DEMO -flexclone clone -type RW -parent-vserver DEMO -parent-volume flexvol -junction-active true -foreground true -junction-path /clone -uid 1100 -gid 1101 [Job 12606] Job succeeded: Successful cluster::*> vol show -vserver DEMO -volume clone -fields clone-volume,clone-parent-name,clone-parent-vserver vserver volume clone-volume clone-parent-vserver clone-parent-name ------- ------ ------------ -------------------- ----------------- DEMO clone true DEMO flexvol

That command took literally 10 seconds to complete. There are over 1.8 million objects in that volume.

cluster::*> df -i /vol/clone Filesystem iused ifree %iused Mounted on Vserver /vol/clone/ 1824430 4401487 29% /clone DEMO

Then, I check the owner of the files:

cluster::*> vserver security file-directory show -vserver DEMO /clone/nfs4 Vserver: DEMO File Path: /clone/nfs4 File Inode Number: 96 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 1100 UNIX Group Id: 1101 UNIX Mode Bits: 5 UNIX Mode Bits in Text: ------r-x ACLs: NFSV4 Security Descriptor Control:0x8014 DACL - ACEs ALLOW-user-prof1-0x1601ff-FI|DI|IO ALLOW-user-student1-0x21-FI|DI|IO ALLOW-group-ProfGroup-0x1200a9-FI|DI|IO|IG ALLOW-EVERYONE@-0x1200a9 cluster::*> vserver security file-directory show -vserver DEMO /clone/nfs4/topdir_99 Vserver: DEMO File Path: /clone/nfs4/topdir_99 File Inode Number: 3556 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 1100 UNIX Group Id: 1101 UNIX Mode Bits: 0 UNIX Mode Bits in Text: --------- ACLs: NFSV4 Security Descriptor Control:0x8004 DACL - ACEs ALLOW-user-prof1-0x1601ff-FI|DI ALLOW-user-student1-0x21-FI|DI ALLOW-group-ProfGroup-0x1200a9-FI|DI|IG

And from the client:

[root@XCP nfs4]# pwd /clone/nfs4 [root@XCP nfs4]# ls -la total 8012 d------r-x. 102 1100 1101 8192 Apr 11 11:41 . drwxr-xr-x. 5 1100 1101 4096 Apr 12 17:20 .. ----------. 1 1100 1101 0 Apr 11 11:29 file d---------. 1002 1100 1101 77824 Apr 11 11:47 topdir_0 d---------. 1002 1100 1101 77824 Apr 11 11:47 topdir_1 d---------. 1002 1100 1101 77824 Apr 11 11:47 topdir_10 d---------. 1002 1100 1101 77824 Apr 11 11:47 topdir_11 d---------. 1002 1100 1101 77824 Apr 11 11:47 topdir_12

It shouldn’t be that easy, should it?

If I wanted to split the volume off into its own volume (such as when a dev makes changes and wants to keep them, but doesn’t want to change the source volume):

cluster::*> vol clone split estimate show start status stop

If I want to delete the clone after I’m done, I just run “volume destroy.”

Questions? Hit me up in the comments!