PowerScale OneFS 9.5.0.

0 API Reference
Guide
9.5.0.0

January 2023
Rev. 01
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2015-2023 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
 Contents

Chapter 1: Introduction to this guide............................................................................................. 5

About this guide................................................................................................................................................................... 5
About the PowerScale SDK.............................................................................................................................................. 5
Scale-out NAS overview....................................................................................................................................................5
Where to get help................................................................................................................................................................6
Additional options for getting help............................................................................................................................ 6

Chapter 2: Introduction to the OneFS API..................................................................................... 7

OneFS API overview........................................................................................................................................................... 7
OneFS API architecture................................................................................................................................................7
OneFS API terminology ............................................................................................................................................... 8
OneFS API access............................................................................................................................................................... 9
HTTP methods..............................................................................................................................................................10
OneFS API authentication................................................................................................................................................10
HTTP Basic Authentication........................................................................................................................................10
Session cookies.............................................................................................................................................................12
Authentication with CSRF protection..................................................................................................................... 15

Chapter 3: System configuration API........................................................................................... 17

System configuration API overview...............................................................................................................................17
Collection patterns.......................................................................................................................................................17
API versions inOneFS................................................................................................................................................. 20
API directory and browsing URIs............................................................................................................................. 23
OneFS API self-documentation................................................................................................................................26
Code samples for file system configuration................................................................................................................27
System configuration API resources............................................................................................................................ 28
Authentication and access control..........................................................................................................................28
Auditing..........................................................................................................................................................................50
Access zones................................................................................................................................................................54
NFS................................................................................................................................................................................. 56
SMB................................................................................................................................................................................ 65
S3.................................................................................................................................................................................... 70
FTP..................................................................................................................................................................................74
HTTP and HTTPS security........................................................................................................................................ 75
HDFS...............................................................................................................................................................................76
OpenStack Swift.......................................................................................................................................................... 81
Networking....................................................................................................................................................................82
Host-based firewall..................................................................................................................................................... 90
IPMI remote power...................................................................................................................................................... 91
System jobs...................................................................................................................................................................93
Cluster statistics..........................................................................................................................................................98
FSA.................................................................................................................................................................................101
Events and alerts....................................................................................................................................................... 104
HealthCheck................................................................................................................................................................108

Contents 3
 Snapshots.....................................................................................................................................................................110
NDMP backup and recovery.................................................................................................................................... 115
SyncIQ backup and recovery................................................................................................................................... 119
SmartLock....................................................................................................................................................................134
Deduplication.............................................................................................................................................................. 136
Data Mover (SmartSync).........................................................................................................................................138
General cluster configuration.................................................................................................................................. 141
Licensing...................................................................................................................................................................... 160
Security hardening.....................................................................................................................................................160
Security Check and Verification.............................................................................................................................162
External key management for SEDs using KMIP............................................................................................... 163
Upgrading OneFS.......................................................................................................................................................169
Cluster date and time................................................................................................................................................174
Managing SNMP settings........................................................................................................................................ 175
Hardware......................................................................................................................................................................175
File pools.......................................................................................................................................................................177
Storage pools.............................................................................................................................................................. 179
CloudPools...................................................................................................................................................................185
SmartQuotas............................................................................................................................................................... 189
Common Anti-Virus Agent (CAVA)....................................................................................................................... 194
ICAP anti-virus........................................................................................................................................................... 196
Performance............................................................................................................................................................... 198

Chapter 4: File system access API..............................................................................................201

File system access API overview................................................................................................................................. 201
Common response headers..................................................................................................................................... 201
Common request headers....................................................................................................................................... 202
Common namespace attributes.............................................................................................................................202
Troubleshooting...............................................................................................................................................................203
File system access operations..................................................................................................................................... 204
Access points.............................................................................................................................................................205
Directory operations..................................................................................................................................................212
File operations............................................................................................................................................................226
Access control lists...................................................................................................................................................239
Query operations.......................................................................................................................................................260
SmartLock settings...................................................................................................................................................264

4 Contents
 1
Introduction to this guide
The OneFS API reference guide is an introduction to the OneFS API, and documents the system configuration API resource
handlers and the file system API.
Topics:
• About this guide
• About the PowerScale SDK
• Scale-out NAS overview
• Where to get help

About this guide

This guide describes how the PowerScale OneFS Application Programming Interface (API) provides access to cluster
configuration and access to cluster data. This guide also provides a list of all available API resource URLs, HTTP methods,
and parameter and object descriptions.

About the PowerScale SDK

Information about the PowerScale SDK documentation and resources.
Discover PowerScale APIs from Dell Technologies Developer Portal. The PowerScale API provides access to cluster
configuration and access to cluster data. Access the Dell Technologies Developer Portal to find PowerScale API reference
documentation and tutorials to help get you building.
The PowerScale software development kit (PowerScale SDK) is a collection of documentation, resources, tools, and code
samples that allow the creation of applications for the PowerScale family of products.

Table 1. PowerScale SDK documentation and resources

Resource Location
PowerScale support https://www.dell.com/support/home/en-us/product-
support/product/
GitHub repository for the PowerScale SDK https://github.com/isilon/isilon_sdk

Table 2. PowerScale SDK code samples

Resource Location
Python Language Bindings https://github.com/Isilon/isilon_sdk_python
Stat Browser https://github.com/Isilon/isilon_stat_browser

Scale-out NAS overview

The scale-out NAS storage platform combines modular hardware with unified software to harness unstructured data. The
OneFS operating system powers the platform to deliver a scalable pool of storage with a global namespace.
The unified software platform supports centralized administration through OneFS and through Dell Technologies APEX File
Storage Services (File Services). OneFS administrators and Dell Technologies APEX File Storage Services administrators
manage:
● A cluster that runs a distributed file system

Introduction to this guide 5

● Scale-out nodes that add capacity and performance
● Storage options that manage files and tiering
● Flexible data protection and high availability
● Software modules that control costs and optimize resources.
If you are a File Services storage administrator or application owner, you request services through your Dell Technologies
APEX File Storage Services service provider. As a File Services storage administrator or application owner, you can perform
self-service cluster data management tasks such as:
● Managing folders and the file hierarchy structure
● Monitoring SMB shares, NFS exports, and HDFS access
● Managing storage pools policies
● Monitoring quotas
● Monitoring snapshots
● Viewing reports
● Managing users
See the PowerScale APEX File Storage Services Administration Guide for details.

Where to get help

The Dell Technologies Support site (https://www.dell.com/support) contains important information about products and
services including drivers, installation packages, product documentation, knowledge base articles, and advisories.
A valid support contract and account might be required to access all the available information about a specific Dell Technologies
product or service.

Additional options for getting help

This section contains resources for getting answers to questions about PowerScale products.

Dell Technologies Support ● https://www.dell.com/support/incidents-online/en-us/contactus/product/

isilon-onefs
Telephone support ● United States: 1-800-SVC-4EMC (1-800-782-4362)
● Canada: 1-800-543-4782
● Worldwide: 1-508-497-7901
● Local phone numbers for a specific country or region are available at https://
www.dell.com/support/incidents-online/en-us/contactus/product/isilon-onefs.
PowerScale OneFS Documentation Info ● https://www.dell.com/support/kbdoc/en-us/000152189/powerscale-onefs-info-
Hubs hubs
Dell Community Board for self-help ● https://www.dell.com/community

6 Introduction to this guide

 2
Introduction to the OneFS API
The OneFS application programming interface (API) is divided into two functional areas: One area enables cluster configuration,
management, and monitoring functionality, and the other area enables operations on files and directories on the cluster.
Topics:
• OneFS API overview
• OneFS API access
• OneFS API authentication

OneFS API overview

The OneFS Application Programming Interface (API) is divided into two functional areas: One area enables cluster configuration,
management, and monitoring functionality, and the other area enables operations on files and directories on the cluster. You
can send requests to the OneFS API through a Representational State Transfer (REST) interface, which is accessed through
resource URIs and standard HTTP methods.
An API request is sent over HTTPS to a cluster IP address or hostname. That request is authenticated and then authorized
through Role Based Access Control (RBAC). After the request is approved, access is provided to either file system configuration
libraries or directories and files on the cluster.

OneFS API architecture

When you send an HTTP request through the OneFS API, your request is sent to an Apache server. The Apache server verifies
your username and password. The credentials are verified either through HTTP Basic Authentication for single requests or
through an established session to a single node for multiple requests.
After the user account is authenticated, the role-based access control (RBAC) verifies the privileges that are associated with
the user account that generated the request. If the user account has the required privileges, the request enables access to files
and directories on the cluster or to system configuration libraries, as per the resource URL provided in the request.
The following simplified diagram shows the basic flow of the two types of OneFS API requests:

Introduction to the OneFS API 7

 API request through
HTTPS/URI

HTTP Basic or Session

Apache Server
Authentication

/namespace RBAC /platform

(file system access API) (Authorization) (system configuration API)

Directories and files

System configuration libraries
on the cluster

OneFS API terminology

The following terms are relevant to understanding the OneFS API.

Term Definition
Access point Root path of the URL to the file system. You can define an
access point for any directory in the file system.
Collection Group of objects of a similar type. For example, all the user-
defined quotas in the system make up a collection of quotas.
Data object An object that contains content data, such as a file on the
system
Namespace The file system structure on the cluster
Object Containers or data objects
This term is also known as system configuration data that a
user creates, or a global setting on the system.
For example, a user-created object can be a file system
snapshot, quota, share, export, logical unit, or synchronization
policy.

8 Introduction to the OneFS API

Term Definition

An object can also be global settings on the system, such

as default share settings, HTTP server settings, snapshot
subsystem settings, and so on.

Resource An object, collection, or function that you can access by a

URI.

OneFS API access

By applying standard HTTP methods to resource URIs, you can modify file system settings or access content on any node in
a cluster through the OneFS API. When making multiple changes through the OneFS API, it is recommended that you send all
requests to a single node to avoid configuration collisions.
OneFS API resource URIs are composed of the following components.

Component Definition
my_cluster The IPv4 or IPv6 address or hostname for the cluster.
obj_port The number of the port. The default setting is 8080.

access_point The name of the access point, such as /ifs.

resource_path The file path to the directory that you want to access.
api_version The version of the OneFS API. It is an optional component, as
OneFS automatically uses the latest API.
collection_pattern The namespace, collection name, and object ID of the
resource that you want to configure.

In both types of API requests, you can append query parameters to the end of resource URIs to refine your request. For
example, you can revise a GET request to return only a set number of entries. In the following example, a maximum of 1,000
SMB shares are returned:

GET https://192.168.1.100:8080/platform/16/protocols/smb/shares?limit="1000"

File system configuration API requests

For file system configuration API requests, the resource URI is composed of the following components:

https://<my_cluster>:<obj_port>/<api-version>/<collection_pattern>

For example, you can send a GET request to the following URI to retrieve all SMB shares on a cluster. Where protocols is the
namespace, SMB is the collection name, and shares is the object ID:

GET https://192.168.1.100:8080/platform/16/protocols/smb/shares

File system access API requests

For file system access APIs requests, the resource URI is composed of the following components:

https://<my_cluster>:<obj_port>/namespace/<access_point>/<resource_path>

For example, you can send a GET request to the following URI to view files that are stored in the folder at /ifs/users/
folder1:

GET https://192.168.0.25:8443/namespace/ifs/users/folder1

Introduction to the OneFS API 9

For example, you can send a PUT request to the following URI to copy files that are stored in the folder to another location:

PUT https://10.7.146.164:8443/namespace/user1store/dir6

If you specify the header x-isi-ifs-mode-mask value as preserve, then it copies the file/dir mode, ownership, ACL,
timestamps information along with file data.
Also, in file system access API requests, you can indicate a special operation in your request by appending a predefined keyword
to the end of the resource URI. These keywords must be placed first in the argument list and must not contain any value. If
these keywords are placed in any other position in the argument list, the keywords are ignored. Predefined keywords are acl,
metadata, worm, and query. For example:

GET https://192.168.0.25:8443/namespace/ifs/users/folder1?acl

HTTP methods
You can apply certain HTTP methods to resource URIs through the OneFS API to modify file system settings or to access file
system content.
The following conditions apply to the HTTP methods available for the OneFS API:
● The GET method returns an object or collection.
● The HEAD method returns response header metadata without the response body content.
● The DELETE method removes an object from a collection.
● The POST method creates objects.
● The POST method returns a document indicating the success of the request and the location of the created resource.
● The PUT method enables partial modification of a resource.
● The PUT and POST methods do not return full resource entity bodies upon success; these methods return success or failure
codes.

OneFS API authentication

You can authenticate to OneFS API resource URIs by establishing a session with a cookie or through HTTP Basic Authentication,
though HTTP Basic Authentication is disabled by default. You can only authenticate to resources for which you have privileges.
You can establish a session by creating a session cookie through the session resource. HTTP Basic Authentication requires more
system processing resources and is slower than authentication with a session cookie. If you want to initiate multiple requests
over a time, it is recommended that you create a session cookie.

HTTP Basic Authentication

With HTTP Basic Authentication (RFC 2617), you can create a standard Authorization header with a valid username and
password and send your request to the server. If the server authenticates your username and password, you can access the
resource.
The following example shows a sample HTTP Basic Authentication request.

GET https://<cluster-ip-or-host-name>:<port>/<resource_uri> HTTP/1.1

Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Privileges
Privileges permit users to complete tasks on a cluster.
Privileges are associated with an area of cluster administration such as Job Engine, SMB, Quotas, or statistics. Privileges enable
you to control the actions that a user or role can perform within a particular area of cluster administration.

10 Introduction to the OneFS API

In OneFS 9.3.0.0 and later, privileges are granular: each area of cluster administration is associated with a top-level privilege,
the feature or parent privilege. Each parent privilege can have one or more subprivileges, which can also have subprivileges.
Granular privileges enable you to control the specific actions that a user can perform within a cluster administration area in a
detailed way.
Privilege levels are as follows:
● Feature: the top-level privilege associated with an area of cluster administration, such as quotas (ISI_PRIV_QUOTA).
● Entity (sub-feature): a subprivilege associated with a specific function of an area of cluster administration. For example,
quota reports (ISI_PRIV_QUOTA_REPORTS), quota settings (ISI_PRIV_QUOTA_SETTINGS), or quota management
(ISI_PRIV_QUOTA_QUOTAMANAGEMENT). Entity-level privileges can have subprivileges.
● Attribute (properties of a feature or sub-feature): the properties associated with an area of cluster administration. For
example, quotas' physical usage of the file system (ISI_PRIV_QUOTA_QUOTAMANAGEMENT_USAGE_FSPHYSICAL), the
quota threshold size on which to enforce limits (ISI_PRIV_QUOTA_QUOTAMANAGEMENT_THRESHOLDON), the ratio of
logical space to physical space used for quotas (ISI_PRIV_QUOTA_QUOTAMANAGEMENT_EFFICIENCYRATIO). Attribute-
level privileges can also have subprivileges.
For example, the feature-level (parent) privilege ISI_PRIV_QUOTA enables monitoring and enforcing storage limits. Grant
entity-level privileges (subprivileges) to control the specific quota management-related actions that a user or role can
perform. Grant attribute-level privileges to control access to specific properties of quota management-related actions, including
management, tracking, and limiting storage of an entity or directory, or configuring the ratio of logical space to physical space.
Grant the feature-level privilege first. Granting the feature-level privilege to a user or role grants all privileges, subprivileges,
and permissions associated with that privilege. Granting subprivileges is optional. Grant subprivileges to restrict or fine-tune the
access and activities allowed to users or roles. If a subprivilege also has subprivileges, grant the parent subprivilege before you
grant the lower-level subprivileges. Subprivileges cannot be higher than their parent privilege or subprivilege.
Privileges have the following forms:

Write (w) Grants write, execute, and read access privileges to a role or user. Allows a role or user to view, create,
modify, and delete a configuration subsystem such as statistics, snapshots, or quotas. For example,
the ISI_PRIV_QUOTA privilege with write permission allows an administrator to create, schedule, and
run quota reports and to configure quota notification rules. Write permission allows performing the API
operations GET, PUT, POST, and DELETE.
Execute (x) Grants execute and read access privileges to a role or user. Allows a role or user to initiate API operations
such as PUT, POST or Delete for specific URIs on a configuration subsystem without granting write
privileges to that role or user. The specific URIs on which execute privileges can be granted do not
perform write operations. The specific URIs are /sync/policies/<POLICY>, /sync/jobs, /sync/
jobs/<JOB>, /sync/policies/<POLICY>/reset, and /sync/rules/<RULE>.
Read (r) Grants the read access privilege to a role or user. Allows a role or user to view a configuration subsystem.
The role or user cannot modify configuration settings. Read permission allows performing the API
operation GET.
No permission (-) The privilege is not granted to the role or user. The role or user has no access to the privilege.

Privileges are granted to the user on login to a cluster through the OneFS API, the web administration interface, SSH, or a
console session. A token is generated for the user that includes a list of all privileges that are granted to that user. Each
URI, web-administration interface page, and command requires a specific privilege to view or modify the information available
through any of these interfaces.
Sometimes, privileges cannot be granted or there are privilege limitations.
● Privileges are not granted to users that do not connect to the System Zone during login or to users that connect through
the deprecated Telnet service, even if they are members of a role.
● Privileges do not provide administrative access to configuration paths outside of the OneFS API. For example, the
ISI_PRIV_SMB privilege does not grant a user the right to configure SMB shares using the Microsoft Management Console
(MMC).
● Privileges do not provide administrative access to all log files. Most log files require root access.
● Privileges can be denied to users and roles using No permission.
The privilege ISI_PRIV_RESTRICTED_AUTH and its subprivileges ISI_PRIV_RESTRICTED_AUTH_GROUPS and
ISI_PRIV_RESTRICTED_AUTH_USERS provide limited administrative privileges for groups and users. Administrators with
the ISI_PRIV_RESTRICTED_AUTH privilege can modify only those groups and users with the same or less privilege as
the administrator. Administrators with the ISI_PRIV_RESTRICTED_AUTH_GROUPS or ISI_PRIV_RESTRICTED_AUTH_USERS
privileges can modify only those groups or users with the same privilege as the administrator. For example, you can grant the
ISI_PRIV_RESTRICTED_AUTH privilege to a help desk administrator to perform basic user management operations without
having the full abilities of the ISI_PRIV_AUTH privilege.

Introduction to the OneFS API 11

Session cookies
Establish a session by creating a session cookie through the session resource.
You can create a session cookie by sending credentials to a session service resource along with a "referer" header, which
responds with a Set-Cookie header, an anti-CSRF token (see section below on Authentication with CSRF protection), and other
details about the session such as the inactive and absolute timeout values.
NOTE: New with OneFS 9.3 and later, API activity will not reset or extend the inactive timeout value. Alternatively, a unique
replacement cookie will be proactively included in all responses to the client when the inactive timeout value reaches 450
seconds or less; the default starting value is 900 seconds (15 minutes). The inactive timeout value will begin its countdown
in each replacement cookie as each is offered to the client and the absolute timeout value will be synchronized and continue
to countdown in the original and all replacement cookies with the same value, from its initial default value of 14,400 seconds
(4 hours). Any and/or all replacement cookie can be used to continue the session until the inactive timeout value in each
cookie expires or the absolute timeout value expires the session.

Session resource overview

You can set a session cookie that provides extended authentication to the entire cluster.

Object properties

Property Type Description

username String Specifies the username for the account requesting access
to the cluster
password String Specifies the password for the username requesting
access to the cluster
services Array Specifies a list of services to obtain access to
timeout_absolute Integer Retrieves the number of seconds before the session
expires in a GET request.
timeout_inactive Integer Retrieves the number of seconds of inactivity before the
session expires in a GET request.

Create a session
You can authenticate to a OneFS API resource URI by creating a session cookie and a session. When you create a session, you
extend your authentication to all nodes in a cluster for multiple requests over a time.

About this task

Session cookies are for all the nodes in a cluster; request can me made from any node (part of the same cluster) irrespective of
the node from which the session cookie is obtained.

Steps
1. Send a POST request to /session/1/session by specifying the JSON content-type in the request header and a referer
header. Also specify your username, password, and the service that you want to access in the request body. In the
services property, specify platform for system configuration or namespace for file system access.

Content-type: application/json
Body:
{
"username": "<string>",
"password": "<string>",
"services": ["platform" | “namespace”]
}

If the server validates your username and password, a Set-Cookie header is returned.

12 Introduction to the OneFS API

2. Obtain the isisessid value from the Set-Cookie header.

201 Created
Content-Length:104
Content-Type:application/json
Date:Fri, 22 Feb 2013 19:08:36 GMT
Set-Cookie:isisessid=12345678-abcd-1234-abcd-1234567890ab; path=/;
HttpOnly; Secure
Response Body:
{
"services":[
"platform",
"namespace"
],
"timeout_absolute":14400,
"timeout_inactive":900,
"username":"user123"
}

This value authenticates the session when you send a request through a session cookie.

Results
A session is created on the node on which the POST request was performed and it is available to all the nodes which are part of
the same cluster.

Send a request for access through a session cookie

Authenticate to a session through a session cookie.

Prerequisites
Create a session and obtain an isisessid value from the Set-Cookie header.

About this task

Do not specify a WWW-AUTHENTICATE header.

Steps
● Send a GET request to any API resource by typing the isisessid value in the Cookie request header.
If the server validates your username and password, access is granted.

Results
Authentication is granted for future requests on the specified node.
Example
Request example

GET 10.10.111.120:8080/platform/1/quota/quotas
Cookie: isisessid=12345678-abcd-1234-abcd-1234567890ab

Response example

200 OK
Content-Type:application/json
{
//JSON content
}

Introduction to the OneFS API 13

Get information about the current session
You can send a GET request to obtain information about the current session. If the server validates your session cookie, the
system returns a JSON document that contains information about the session. If the server does not validate the session ID
contained in the cookie, the server returns an error message.

Request syntax

GET /session/1/session
Cookie: isisessid=12345678-abcd-1234-abcd-1234567890ab

Response body
If authorization is successful:

"username": <string>
"services": [<string>, ...]
"timeout_absolute": <integer>,
"timeout_inactive": <integer>

{
"services":[
"platform",
"namespace"
],
"timeout_absolute":14396,
"timeout_inactive":900,
"username":"user123"
}

If authorization fails:

401 Unauthorized
Content-Type: application/json
{
"errors":[
{
"message":"authorization required"
}
]
}

Log out of a session

If you no longer required to stay authenticated to a cluster, you can log out of a session by deleting the session cookie. A log out
of any valid cookie, the original or any replacement cookies, will invalidate all remaining valid cookies for that session.

Request syntax

DELETE /session/1/session
Cookie: isisessid=12345678-abcd-1234-abcd-1234567890ab

Response body
If authorization is successful:

204 No Content
Set-Cookie:isisessid=deleted; path=/; Expires=Thu, 01-Jan-1970 00:00:01 GMT; HttpOnly;
Secure
Content-Length: 0

14 Introduction to the OneFS API

If authorization fails:

401 Unauthorized
Content-Type: application/json
{
"errors":[
{
"message":"authorization required"
}
]
}

Authentication with CSRF protection

To protect OneFS APIs from Cross-Site Request Forgery (CSRF) attacks, the OneFS API enforces an additional anti-CSRF
token header be passed by the client with each request to the API. The anti-CSRF token is obtained from the server on the
initial API authentication request and, to pass authentication checks, must be included with all API requests along with the
session token. The same anti-CSRF token should be included in all requests with all cookies for the session, the initial session
cookie and all replacement cookies that are used. The anti-CSRF token does not get updated or replaced for a session.

Implement CSRF authentication

Obtain a CSRF token to submit with each OneFS API request.

Steps
1. Send an authentication request with credentials to the OneFS session API (/session/1/session).

$ curl -vk https://XX.X.X.X:8080/session/1/session -X POST \

-H 'Content-Type: application/json' \
-d '{ "username": "testuser",
"password": "A_Pa$$word",
"services": ["platform"]
}'

The server validates supplied credentials and performs global API authorization checks. If client identity is confirmed and
authorization checks pass, the server responds with two tokens: a session token (isisessid) and an anti-CSRF token
(isicsrf). Save both tokens and submit them on subsequent API requests to pass authentication checks. If authentication
fails, then an appropriate HTTP error code is returned.
Response:

HTTP/1.1 201 Created

Date: Thu, 25 Jan 2020 22:34:20 GMT
Server: Apache/2.2.34 (FreeBSD) mod_ssl/2.2.34 OpenSSL/1.0.2k-fips
mod_fastcgi/2.4.6
Set-Cookie: isisessid=924bb64a-cffd-4d98-9ccc-6703fabc3210; path=/;
HttpOnly; Secure; SameSite=strict
Set-Cookie: isicsrf=8c5da1e4-5508-4609-9978-4a6d283e4c3a; path=/;
Secure
Content-Length: 96
Content-Type: application/json

{"services":
["platform"],"timeout_absolute":14400,"timeout_inactive":900,"username":"testuser"}

2. For authenticated requests to the OneFS platform API, the client sends their OneFS session cookie. For successful CSRF
request validation checks, the client also sends the CSRF token cookie that is obtained at initial authentication in a special
header (X-CSRF-Token). Also send a populated Referrer header matching the connecting host.

$ curl -vk https://XX.X.X.X:8080/platform/14/auth/id \

-b 'isisessid=924bb64a-cffd-4d98-9ccc-6703fabc3210' \
-H 'X-CSRF-Token: 8c5da1e4-5508-4609-9978-4a6d283e4c3a' \
--referer https://00.0.0.0:8080

Introduction to the OneFS API 15

 Response:

HTTP/1.1 200 Ok
Date: Wed, 17 Nov 2021 13:48:28 GMT
Server: Apache
Allow: GET, HEAD
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data:;
script-src 'self' 'unsafe-eval';
style-src 'unsafe-inline' 'self';
Transfer-Encoding: chunked
Content-Type: application/json

{
"ntoken" :
{
"additional_id" :
[

{
"id" : "SID:S-1-5-11"
},

{
"id" : "GID:5"
},
],
"gid":
{
"id": "GID:0"
},
"group_sid":
{
"id": "SID:S-1-22-2-0"
},
"ifs_restricted": false,
"local_address": "10.224.36.234",
"on_disk_group_id":
{
"id": "GID:0"
},
"on_disk_user_id":
{
"id": "UID:0"
},
"privilege":
[

{
"id": "ISI_PRIV_LOGIN_CONSOLE",
"name": "Console",
"permission": "r"
}
],
"protocol": 10,
"remote_address": "10.91.79.227",
"uid":
{
"id": "UID:0"
},
"user_sid":
{
"id": "SID:S-1-22-1-0"
},
"zid": 1,
"zone_id": "System"
}
}

16 Introduction to the OneFS API

 3
System configuration API
You can access cluster configuration, status information, and file system content through objects and collections of objects.
These objects and collections are exposed as resource URIs, which are represented as JavaScript Object Notation (JSON)
formatted documents.
Topics:
• System configuration API overview
• Code samples for file system configuration
• System configuration API resources

System configuration API overview

You can access cluster configuration, status information, and file system content through objects and collections of objects.
These objects and collections are exposed as resource URIs, which are represented as JavaScript Object Notation (JSON)
formatted documents.

Collection patterns
You can configure the file system on your cluster through the OneFS API. You can do so by applying HTTP methods to resource
URIs according to a set of collection patterns.
NOTE:

The OneFS API supports a maximum URI length of 8,198 characters.

Read a system object

You can read a system object that has a unique identifier through the GET method; the identifier is the name or system-
generated id for that object.
Request pattern:

GET https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<object-id>

Response:

Content-Type: application/json
{
"<object>": {
"<property>": <value>,
...
}
}

Modify a system object

You can modify an object by sending one or more of the object properties through the PUT method. Only the specified
properties are modified on the resource, which leaves all other properties in their current state.
Request pattern:

PUT https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<object-id>
Content-Type: application/json

System configuration API 17

 {
"<property>": <value>
...
}

Response:

{Standard JSON success or error response}

Read an entire collection

You can read all the objects in a collection through the GET method.
Request pattern:

GET https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-name>

Response:

Content-Type: application/json
{
"<collection>": [
"<property>": <value>
...
]
}

Read an object from a collection

You can read an object in a collection through the GET method.
Request pattern:

GET https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-name>/
<object-id>

Response:

Content-Type: application/json

{
"<collection>": [
"<property>": <value>
...
]
}

Create an object in a collection

You can create a user object in a collection through the POST method. The system responds with the final URI where the new
object is located.
Request pattern:

POST https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-
name>
Content-Type: application/json
{
"<property>": <value>,
...
}

18 System configuration API

Response:

Location: https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-
name>/<new-object-id>

Content-Type: application/json

{Standard JSON success or error response}

Modify an object in a collection

You can modify an object in a collection through the PUT method.
Request pattern:

PUT https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-name>/
<object-id>

Content-Type: application/json
{
"parameter_name": <value>
...
}

Response:

{Standard JSON success or error response}

Delete an object from a collection

You can delete a user object from a collection through the DELETE method.
Request pattern:

DELETE https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-
name>/<object-id>

Response:

{Standard JSON success or error response}

Filter a collection
You can apply a filter to a collection to retrieve user objects that match some common criteria.
Request pattern:

GET https://<cluster-ip-or-host-name>:<port>/<api-version>/<namespace>/<collection-name>?
<parameter_name>=<match-pattern>&...

Response:

Content-Type: application/json
{
"count": <integer>,
"<collection-name>": [
{
"<parameter-name>":
<matched-value>,
...
},
...
]
}

System configuration API 19

API versions inOneFS
OneFS provides version control of API resources.
To use the latest API version, retrieve the latest API version at the URI /platform/latest. In OneFS 9.5.0.0, the API
version is 16.
In OneFS 9.5.0.0, you can access the latest version of any configuration API resource at:

/platform/16/<path-to-resource>

Where resources have older versions, the older versions can be accessed at:

/platform/<version>/<path-to-resource>

The functionality of each resource is preserved, even with subsequent API versions. For example, if /resource/x is
introduced in API version 1, updated in API version 3, and then updated again in API version 8, the following URI-to-resource
mapping applies:

/platform/1/resource/x -> resource from API version 1

/platform/2/resource/x -> resource from API version 1
/platform/3/resource/x -> resource from API version 3
/platform/4/resource/x -> resource from API version 3
/platform/5/resource/x -> resource from API version 3
/platform/8/resource/x -> resource from API version 8

You are guaranteed that when you write code to a specific resource version, that behavior continues to function even if
subsequent API versions are released.
These are the OneFS API versions and their corresponding releases:

OneFS version API version

9.5.0.0 16
9.4.0.0 15
9.3.0.0 14
9.2.1.0 13
9.2.0.0 12
9.1.0.0 11
9.0.0.0 10
8.2.2 9
8.2.1 8
8.2 7
8.1.1 6
8.1 5
8.0.1 4
8.0 3

In future OneFS releases, when the configuration API version is incremented, the /platform/latest URI returns the latest
version number. You are guaranteed to access to the latest version of any resource by using the applicable version number in
the resource URI.
Older versions of certain resources might be deprecated in the future. Large changes in the underlying OneFS system and
configuration can cause certain fields or sets of fields to no longer be applicable. PowerScale only deprecates resources when
necessary. If an old version of a resource can function, it is accessible at its original API version number URI.

20 System configuration API

Changes to the OneFS API across releases

The following table lists deprecated APIs, by OneFS version, that are removed from OneFS when upgrading to a newer version.

Release API Deleted APIs

version
9.5.0.0 16 N/A
9.4.0.0 15 N/A
9.3.0.0 14 N/A
9.2.1.0 13 N/A
9.2.0.0 12 N/A
9.1.0.0 11 N/A
9.0.0.0 10 N/A
8.2.2 9 N/A
8.2.1 8 N/A
8.2.0 7 /1/cluster/smartconnect_zones
/2/versiontest/other/
/4/performance/workload-categories
/4/performance/workload-categories/<WORKLOAD-CATEGORY>
/4/performance/workload-categories/<WORKLOAD-CATEGORY>/workloads
/4/performance/workload-categories/<WORKLOAD-CATEGORY>/workloads /<WORKLOAD>
/4/performance/category-elements
/4/performance/category-elements/<CATEGORY-ELEMENT>
/6/cluster/branding

8.1.1.X 6 N/A
8.1.2.X
8.1.3.X

8.1.0.X 5 N/A
8.0.1.X 4 N/A
8.0.0.X 3 Upgrade supported from 8.0.0.X.

The following table lists deleted APIs that have been replaced with newer versions in later OneFS releases.

Release API Deleted APIs available in latest version

version
9.5.0.0 16 N/A
9.4.0.0 15 N/A
9.3.0.0 14 N/A
9.2.1.0 13 N/A
9.2.0.0 12 N/A
9.1.0.0 11 N/A
9.0.0.0 10 N/A
8.2.2 9 N/A
8.2.1 8 N/A

System configuration API 21

Release API Deleted APIs available in latest version
version
8.2.0 7
/3/cloud/accounts
/4/cloud/accounts
/4/network/interfaces
/3/network/interfaces
/3/network/groupnets/<GROUPNET>/subnets/<SUBNET>/pools/<POOL>/interfaces
/4/network/groupnets/<GROUPNET>/subnets/<SUBNET>/pools/<POOL>/interfaces
/3/cloud/accounts/<ACCOUNT>
/3/cloud/pools
/3/cloud/pools/<POOL>
/4/performance/settings
/4/cloud/accounts/<ACCOUNT>

8.1.1.X 6 N/A
8.1.2.X
8.1.3.X

8.1.0.X 5 N/A
8.0.1.X 4 N/A
8.0.0.X 3 Upgrade supported from 8.0.0.X.

The following table shows deleted APIs that were replaced in a later API version.

Deleted APIs Same APIs with updated version

/3/cloud/accounts /3.1/cloud/accounts
/4/cloud/accounts /4.1/cloud/accounts
7/cloud/accounts

/4/network/interfaces /7/network/interfaces
/3/network/interfaces

/3/network/groupnets/<GROUPNET>/subnets/<SUBNET>/ /7/network/groupnets/<GROUPNET>/subnets/
pools/<POOL>/interfaces <SUBNET>/pools/<POOL>/interfaces
/4/network/groupnets/<GROUPNET>/subnets/<SUBNET>/
pools/<POOL>/interfaces

/3/cloud/accounts/<ACCOUNT> /3.1/cloud/accounts/<ACCOUNT>
/4/cloud/accounts/<ACCOUNT> /4.1/cloud/accounts/<ACCOUNT>
/7/cloud/accounts/<ACCOUNT>

/3/cloud/pools /3.1/cloud/pools
/7/cloud/pools

/3/cloud/pools/<POOL> /3.1/cloud/pools/<POOL>
/7/cloud/pools/<POOL>

/4/performance/settings /7/performance/settings

22 System configuration API

API directory and browsing URIs
There are special URIs that you can use to get more information about system configuration API resources and their versions.

List all API URIs

You can list all URIs for the system configuration API.
To retrieve a list of all system configuration API URIs:

https://<cluster-ip>:<port>/platform/?describe&list

The example above retrieves a separate listing for every update of each resource. For example, the resource for /cluster/
config was introduced in API version 1 and updated in version 3, so /platform/?describe&list lists both:

"/1/cluster/config"
"/3/cluster/config"

NOTE: /2/cluster/config is also a valid URI, and forwards the same resource as /1/cluster/config, because
there were no updates to the resource in API version 2.

List all URIs for a specific API version

You can list all the URIs for a specific version of the system configuration API.
To retrieve a list of all URIs available for the specified API version:

https://<cluster-ip>:<port>/platform/<version>/?describe&list

For example, the following retrieves all URIs available for API version 16:

https://<cluster-ip>:<port>/platform/16/?describe&list

The above query generates an output like the following example:

{
"directory" :
[
"/16/api/settings/sessions"
"/16/audit/certificates/syslog"
"/16/audit/certificates/syslog/<ID>"
"/16/audit/settings"
"/16/audit/settings/global"
.
.
.
.

"/16/supportassist/terms"
"/16/sync/settings"
"/16/sync/settings/advanced",
"/16/upgrade/cluster/mixed-mode",
"/16/upgrade/cluster/patch/patches"
"/16/upgrade/cluster/patch/patches/<ID>"
]
}

System configuration API 23

List all URIs updated and newly created in a specific API version
You can list all the URIs that changed in a specific version of the system configuration API.
To retrieve a list of changed URIs that were updated for a specific API version:

https://<cluster-ip>:<port>/platform/changed/<version>

The previous example also returns a list of any removed URIs that were originally introduced or updated at the specified version.
But that now have been permanently deprecated and can no longer be accessed.
NOTE: Usually there is at least one new resource that provides the current functionality to replace any deprecated
resources.
For example, to list all URIs that changed in API version 16:

https://<cluster-ip>:<port>/platform/changed/16

The above query generates an output like the following example:

{
"changed" :
[
"/16/api/settings/sessions"
"/16/audit/certificates/syslog"
"/16/audit/certificates/syslog/<ID>"
"/16/audit/settings"
"/16/audit/settings/global"
"/16/auth/mapping/users/lookup",
"/16/auth/providers/ads/<ID>"
"/16/auth/providers/file"
"/16/auth/providers/file/<ID>"
"/16/auth/providers/ldap"
"/16/auth/providers/ldap/<ID>"
"/16/auth/providers/local"
"/16/auth/providers/local/<ID>"
"/16/auth/providers/saml-services/cert-extract"
"/16/auth/providers/saml-services/idps"
"/16/auth/providers/saml-services/idps/<ID>"
"/16/auth/providers/saml-services/metadata-extract"
"/16/auth/providers/saml-services/settings"
"/16/auth/providers/saml-services/sp"
"/16/auth/providers/saml-services/sp/signing-key/rekey"
"/16/auth/providers/saml-services/sp/signing-key/settings"
"/16/auth/providers/saml-services/sp/signing-key/status"
"/16/auth/settings/global"
"/16/auth/settings/krb5/defaults"
"/16/auth/users"
"/16/auth/users/<USER>"
"/16/auth/users/<USER>/reset-password"
"/16/cluster/diagnostics/gather/settings",
"/16/cluster/diagnostics/gather/start",
"/16/cluster/iceage/settings"
"/16/cluster/nodes",
"/16/cluster/nodes/<LNN>",
"/16/cluster/nodes/<LNN>/drives",
"/16/cluster/nodes/<LNN>/drives/<DRIVEID>",
"/16/cluster/nodes/<LNN>/status",
"/16/cluster/nodes/<LNN>/status/drive_security_level",
"/16/datamover/certificates/settings"
"/16/hardening/apply"
"/16/hardening/disable"
"/16/hardening/list"
"/16/hardening/reports"
"/16/hardening/state"
"/16/hardening/test"
"/16/healthcheck/checklists",
"/16/healthcheck/definitions",
"/16/healthcheck/definitions/<ID>",
"/16/healthcheck/evaluations",
"/16/healthcheck/evaluations/<ID>",

24 System configuration API

 "/16/healthcheck/items",
"/16/healthcheck/items/<ID>",
"/16/healthcheck/schedules",
"/16/healthcheck/schedules/<ID>",
"/16/job/job-summary"
"/16/keymanager/cluster"
"/16/keymanager/cluster/rekey"
"/16/keymanager/cluster/status"
"/16/keymanager/sed/rekey"
"/16/keymanager/sed/status"
"/16/keymanager/sed/status/<LNN>"
"/16/local/cluster/nodes",
"/16/local/cluster/nodes/<LNN>",
"/16/local/cluster/nodes/<LNN>/drives",
"/16/local/cluster/nodes/<LNN>/drives/<DRIVEID>",
"/16/local/cluster/nodes/<LNN>/status",
"/16/local/cluster/nodes/<LNN>/status/drive_security_level",
"/16/local/keymanager/sed/status",
"/16/local/keymanager/sed/status/<LNN>",
"/16/local/os/security"
"/16/local/protocols/nfs/locks",
"/16/local/protocols/nfs/waiters",
"/16/os/security"
"/16/performance/datasets/<DATASET>/workloads",
"/16/performance/datasets/<DATASET>/workloads/<WORKLOAD>",
"/16/performance/datasets/<DATASET>/workloads/<WORKLOAD>/limits/<LIMIT>",
"/16/performance/settings"
"/16/protocols/ftp/settings",
"/16/protocols/http/settings"
"/16/protocols/http/settings/general"
"/16/protocols/nfs/locks"
"/16/protocols/nfs/waiters"
"/16/protocols/snmp/settings"
"/16/security/settings"
"/16/storagepool/nodepools",
"/16/storagepool/nodepools/<NID>",
"/16/storagepool/settings"
"/16/storagepool/storagepools",
"/16/storagepool/tiers"
"/16/storagepool/tiers/<TID>"
"/16/supportassist/data"
"/16/supportassist/license"
"/16/supportassist/payload"
"/16/supportassist/settings"
"/16/supportassist/status"
"/16/supportassist/task"
"/16/supportassist/task/<ID>"
"/16/supportassist/terms"
"/16/sync/settings"
"/16/sync/settings/advanced",
"/16/upgrade/cluster/mixed-mode",
"/16/upgrade/cluster/patch/patches"
"/16/upgrade/cluster/patch/patches/<ID>"
],
"removed" : []
}

List URI introduction or update version

You can retrieve a list of URIs detailing when a resource was introduced or updated in the system configuration API.
To retrieve a list of URIs representing the API versions in which a specified resource was introduced or updated:

https://<cluster-ip>:<port>/platform/updated/<path-to-resource>

For example, to retrieve information about when the API resource for OneFS audit settings was introduced or updated:

https://<cluster-ip>:<port>/platform/updated/audit/settings

System configuration API 25

The above query generates an output like the following example:

{
"removed" : [],
"updated" : [ "/1/audit/settings", "/3/audit/settings", "/7/audit/settings" ]
}

List API resource versions

You can list all the versions in which a resource exists.
To retrieve a list of URIs representing all API versions in which the specified resource exists as a valid resource in any form,
including versions in which the resource was not updated, but excluding versions before the resource existed:

https://<cluster-ip>:<port>/platform/versions/<path-to-resource>

For example, to list the versions of the resource for NFS NLM sessions:

https://<cluster-ip>:<port>/platform/versions/protocols/nfs/nlm/sessions

The above query generates an output like the following example:

{
"versions" :
[
"/1/protocols/nfs/nlm/sessions",
"/2/protocols/nfs/nlm/sessions",
"/3/protocols/nfs/nlm/sessions",
"/3.0/protocols/nfs/nlm/sessions",
"/3.1/protocols/nfs/nlm/sessions",
"/3.2/protocols/nfs/nlm/sessions",
"/4/protocols/nfs/nlm/sessions",
"/4.0/protocols/nfs/nlm/sessions",
"/4.1/protocols/nfs/nlm/sessions",
"/5/protocols/nfs/nlm/sessions",
"/5.0/protocols/nfs/nlm/sessions",
"/5.1/protocols/nfs/nlm/sessions",
"/6/protocols/nfs/nlm/sessions",
"/7/protocols/nfs/nlm/sessions",
"/8/protocols/nfs/nlm/sessions",
"/9/protocols/nfs/nlm/sessions",
"/10/protocols/nfs/nlm/sessions",
"/11/protocols/nfs/nlm/sessions"
]
}

OneFS API self-documentation

The system configuration API is self-documenting. You can access detailed information about each URI by appending the ?
describe query parameter. This self-documentation includes URI descriptions, query arguments, allowable HTTP methods, and
the request and response JSON representation structures.
To access the OneFS API self-documentation through any /platform resource URI, append the ?describe query parameter
as follows:

https://<cluster-ip>:<port>/platform/<version>/<path-to-resource>?describe

For example, the following retrieves the API version 12 JSON schema documentation for upgrading nodes on a OneFS cluster:

https://<cluster-ip>:<port>/platform/12/upgrade/cluster/nodes?describe

The above query generates an output like the following example:

Resource URL: /platform/12/upgrade/cluster/nodes

26 System configuration API

 Overview: View information about nodes during an upgrade, rollback, or
pre-upgrade assessment.

Methods: GET

********************************************************************************

Method GET: View information about nodes during an upgrade, rollback, or

pre-upgrade assessment.

URL: GET /platform/12/upgrade/cluster/nodes

Query arguments:
by_domain=<boolean> If true, tag nodes that are assigned to like-failure domains

GET response body schema:

{
"type": [
{
"additionalProperties": false,
"type": "object",
"description": "A list of errors that may be returned.",
"properties": {
"errors": {
"minItems": 1,
"items": {
"additionalProperties": false,
"type": "object",
"description": "An object describing a single error.",
"properties": {
"field": {
"minLength": 1,
"type": "string",
"description": "The field with the error if applicable.",
"maxLength": 8192
},
.
.
.

You can retrieve a list of all the resources for a feature by appending the describe, list, and all query parameters. The
content is returned as mime-type text or plain. For example, to return a list of all resource URIs for snapshots, type the following
URL:

https://<cluster-ip-or-host-name>:<port>/platform/12/snapshot/snapshots?describe&list&all

You can retrieve a list of all the resource URIs on your cluster by typing the following URL:

https://<cluster-ip-or-host-name>:<port>/platform?describe&list

You can retrieve the JSON-formatted documents that are in the self-documentation through any resource URI by appending the
query parameters describe and json. This content is returned as mime-type application/json.
For example, to obtain the JSON-formatted document for the quotas resource, type the following URL:

https://<cluster-ip-or-host-name>:<port>/platform/12/quota/quotas?describe&json

If you include any values for either the describe or json parameters, the values are ignored.

Code samples for file system configuration

Code samples illustrate the basic syntax of OneFS API requests for file system configuration.
You can access a .zip file to download that contains code samples for the Python programming language and for curl commands.
The sample code provides brief examples on how to access, modify, and delete configuration settings on your cluster through
OneFS API requests.

System configuration API 27

System configuration API resources
You can make requests through the OneFS API to access system configuration resources.

Authentication and access control overview

OneFS supports several methods for ensuring that your cluster remains secure. It includes UNIX- and Windows-style
permissions for data-level access control, access zones for data isolation, and role-based administration control access to
system configuration settings.
OneFS is designed for a mixed environment that allows you to configure both Access Control Lists (ACLs) and standard UNIX
permissions on the cluster file system.
NOTE: In most situations, the default settings are sufficient. You can configure additional access zones, custom roles, and
permissions policies as necessary for your particular environment.

Authentication classes
Authentication classes define values for the object properties in authentication resources.

<persona-id>
The <persona-id> class must be set in the following format: user:<string>, group:<string>, SID:<string>,
UID:<string>, GID:<string>, such as: GID:2003 or user:johndoe.

<persona>
The <persona> class must be set with either the persona-id or the type and name parameters, as follows:

Property Type Description

id <persona-id> Specifies the serialized form of the persona.
type String Specifies the type of persona which is combined with
a name. The type of the persona can be set to user,
group, or wellknown.
name String Specifies the persona name, which is combined with a
type.

<user-id>
The <user-id> class must be set in the following format: user:<string>, SID:<string>, UID:<string>, such as:
UID:2283 or user:johndoe.

<user>
The <user> class contains the following properties:

Property Type Description

dn String Specifies the distinguished name for the user.
dns_domain String Specifies the DNS domain.
domain String Specifies the domain that the object is part of.
email String Specifies an email address.

28 System configuration API

Property Type Description
enabled Boolean True if the user is enabled.
expired Boolean True if the password for the user has expired.
expiry Integer Specifies the UNIX Epoch time at which the user account
expires.
gecos String Specifies the GECOS value, which is usually the full name.
generated_gid Boolean Indicates if the GID was generated.
generated_uid Boolean Indicates if the UID was generated.
gid <persona> Specifies the group ID.
home_directory String Specifies the home directory for the user.
id String Specifies the system ID given to the user or group. In a
POST request, this value is the ID that indicates the item
in the collection item resource path.
locked Boolean Specifies if the account is locked.
max_password_age Integer Specifies the maximum age in seconds allowed for the
password before the password expires.
member_of Array of [<persona>] Specifies groups that this user or group is members of.
name String Specifies a user or group name.
password_expired Boolean Specifies whether the password has expired.
password_expires Boolean Specifies whether the password is allowed to expire.
password_last_set Integer Specifies the last time that the password was set.
primary_group_sid <persona> Specifies the security ID of the primary group for the user.
prompt_password_change Boolean Prompts a password change for the user at the next login.
provider String Specifies the authentication provider the object belongs
to.
sam_account_name String Specifies a user or group name.
shell String Specifies the path to the shell for the user.
sid <persona> Specifies the security identifier.
type String Indicates the object type.
uid <persona> Specifies the user ID.
upn String Specifies the principal name for the user.
user_can_change_password Boolean Specifies whether the user can change their own
password.
password-chars-changed String Specifies the minimum position change of current when
modifying an existing user password.
password-percent-changed String Specifies the minimum percent change of total characters
when modifying an existing user password.

<group-id>
The <group-id> class must be set in the following format: group:<string>, SID:<string>, GID:<string>, such as:
GID:2003 or group:admins.

System configuration API 29

<group>
The <group> class contains the following properties:

Property Type Type Property of

dn String Specifies the distinguished name for the group or groups
object.
dns_domain String Specifies the DNS domain for the object. groups
domain String Specifies the domain of the group. groups
generated_gid Boolean Indicates if the GID was generated. groups
gid <persona> Specifies properties for the persona. groups
id String Specifies the system ID given to the user or groups
group. In a POST request, this value indicates the
item in the collection item resource path.
member_of Array of Specifies properties for groups that this user or groups
[<persona>] group is member of.
name String Specifies a user or group name. groups
provider String Specifies an authentication provider. groups
sam_account_name String Specifies a user or group name. groups
sid <persona> Specifies properties for the security identifier. groups
type String Indicates the object type. groups

<privilege>
The <privilege> class must be set as follows:

Property Type Description

id String Specifies the formal name of the privilege.
name String Specifies the name of the privilege.
permission String Determines if the privilege is specified as no-permission,
read, execute, or write.

Authentication resources
You can retrieve, create, modify, or delete authentication providers, users, groups, and other configurations and settings
through authentication resource URIs.

Authentication access token resource

Retrieve information about the access token for the authenticated user.

Operation Method and URI

Retrieve the security token for the authenticated user. GET <cluster-ip:port>/platform/16/auth/id

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/id?
information about query parameters and object properties. describe

30 System configuration API

Authentication user access resource
Retrieve the access rights that a specified user has for a file.

Operation Method and URI

Retrieve the access rights that a user has for a specified file. GET <cluster-ip:port>/platform/16/auth/
access/<user-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. access/<user-id>?describe

Security objects cache resource

Flush the security objects cache.

Operation Method and URI

Flush objects from the security objects cache POST <cluster-ip:port>/platform/16/auth/cache
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/cache?describe
information about query parameters and object properties.

Authentication user password resource

Enable users to change their password on a local authentication provider.

Operation Method and URI

Change the password for a user. PUT <cluster-ip:port>/platform/16/auth/
users/<user-id>/change_password

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. users/<user-id>/change_password?describe

Authentication users resource

Create, modify, delete, or retrieve information about users who are authenticated through a local authentication provider.
Remote users are restricted to read-only operations.

Operation Method and URI

Get all users. GET <cluster-ip:port>/platform/16/auth/users

Get one user. GET <cluster-ip:port>/platform/16/auth/

users/<user-id>

Modify a user. PUT <cluster-ip:port>/platform/16/auth/

users/<user-id>

Create a user. POST <cluster-ip:port>/platform/16/auth/

users

Flush the users cache. DELETE <cluster-ip:port>/platform/16/auth/

users

Delete a user. DELETE <cluster-ip:port>/platform/16/auth/

users/<user-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. users?describe

System configuration API 31

Authentication users member of resource
Create, retrieve, or remove group membership for a user who is authenticated through a local authentication provider. Remote
users are restricted to read operations.

Operation Method and URI

Retrieve the groups that a user is a member of. GET <cluster-ip:port>/platform/16/auth/
users/<user-id>/member_of

Add a group membership for a user. POST <cluster-ip:port>/platform/16/auth/

users/<user-id>/member_of

Remove a group membership from a user. DELETE <cluster-ip:port>/platform/16/auth/

users/<user-id>/member_of/<group-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. users/<user-id>/member_of?describe

Authentication groups resource

Create, modify, delete, or retrieve information about groups that are authenticated through a local or remote authentication
provider.

Operation Method and URI

Retrieve all groups. GET <cluster-ip:port>/platform/16/auth/
groups

Flush the groups cache. DELETE <cluster-ip:port>/platform/16/auth/

groups

Retrieve a group. GET <cluster-ip:port>/platform/16/auth/

groups/<group-id>

Create a group. POST <cluster-ip:port>/platform/16/auth/

groups

Modify a group. PUT <cluster-ip:port>/platform/16/auth/

groups/<group-id>

Delete a group. DELETE <cluster-ip:port>/platform/16/auth/

groups/<group-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. groups?describe

Authentication groups members resource

Add, remove, or retrieve information about the members of a group who are authenticated through a local or remote
authentication provider.

Operation Method and URI

Retrieve the members of a group. GET <cluster-ip:port>/platform/16/auth/
groups/<group-id>/members

Add a member to a group. POST <cluster-ip:port>/platform/16/auth/

groups/<group-id>/members

Remove a member from a group. DELETE <cluster-ip:port>/platform/16/auth/

groups/<group-id>/members/<persona-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. groups/<group-id>/members?describe

32 System configuration API

Authentication netgroups resource
Retrieve information about the members of a netgroup that are specified through a local or remote authentication provider.

Operation Method and URI

Retrieve the members of a netgroup. GET <cluster-ip:port>/platform/16/auth/
netgroups/<netgroup>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. netgroups/<netgroup>?describe

Authentication settings mapping resource

Modify or retrieve information about identity mapping settings.

Operation Method and URI

Retrieve default identity mapping settings. GET <cluster-ip:port>/platform/16/auth/
settings/mapping/defaults

Modify the default identity mapping settings. PUT <cluster-ip:port>/platform/16/auth/

settings/mapping/defaults

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. settings/mapping/defaults?describe

Authentication mapping identities resource

Set, modify, delete, or retrieve information about identity mappings.

Operation Method and URI

Retrieve identity mapping (UID, GID, SID, and on-disk) for the GET <cluster-ip:port>/platform/16/auth/
specified source persona. mapping/identities/<identity>

Flush the identity mappings cache. DELETE <cluster-ip:port>/platform/16/auth/

mapping/identities?remove=true

Flush the identity mapping. DELETE <cluster-ip:port>/platform/16/auth/

mapping/identities/<identity>?remove=true

Manually set or modify the mapping between two personae. POST <cluster-ip:port>/platform/16/auth/
mapping/identities

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. mapping/identities?describe
GET <cluster-ip:port>/platform/16/auth/
mapping/identities/<identity>?describe

Authentication mapping users rules resource

Retrieve the rules for user mapping. User mapping rules define how access tokens are created during authentication.

Operation Method and URI

Retrieve the user mapping rules. GET <cluster-ip:port>/platform/16/auth/
mapping/users/rules

Replace all user mapping rules. PUT <cluster-ip:port>/platform/16/auth/

mapping/users/rules

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. mapping/users/rules?describe

System configuration API 33

Authentication mapping users lookup resource
Retrieve the access token for any authenticated user.

Operation Method and URI

Look up a user through the usermapper. GET <cluster-ip:port>/platform/16/auth/
mapping/users/lookup

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. mapping/users/lookup?describe

Authentication providers summary resource

Retrieve a summary of all the authentication providers that are configured on the cluster.

Operation Method and URI

Retrieve a summary of authentication providers. GET <cluster-ip:port>/platform/16/auth/

providers/summary

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/summary?describe

Authentication Kerberos providers resource

Create, modify, delete, or retrieve information about Kerberos authentication providers.

Operation Method and URI

Retrieve all Kerberos providers. GET <cluster-ip:port>/platform/16/auth/
providers/krb5

Retrieve a Kerberos provider. GET <cluster-ip:port>/platform/16/auth/

providers/krb5/<PROVIDER-ID>

Create a Kerberos provider. POST <cluster-ip:port>/platform/16/auth/

providers/krb5

Modify a Kerberos provider. PUT <cluster-ip:port>/platform/16/auth/

providers/krb5/<PROVIDER-ID>

Delete a Kerberos provider. DELETE <cluster-ip:port>/platform/16/auth/

providers/krb5/<PROVIDER-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/krb5?describe
GET <cluster-ip:port>/platform/16/auth/
providers/krb5/<PROVIDER-ID>?describe

Authentication settings krb5 defaults resource

Retrieve or modify default Kerberos authentication settings.

Operation Method and URI

Retrieve the default Kerberos authentication settings. GET <cluster-ip:port>/platform/16/auth/
settings/krb5/default

Modify the default Kerberos authentication settings. PUT <cluster-ip:port>/platform/16/auth/

settings/krb5/default

34 System configuration API

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. settings/krb5/default?describe

Authentication settings krb5 realms resource

Create, modify, delete, or retrieve information about a Kerberos authentication realm.

Operation Method and URI

Retrieve Kerberos authentication settings for realm. GET <cluster-ip:port>/platform/16/auth/
settings/krb5/realms

Retrieve Kerberos authentication settings for a specific realm. GET <cluster-ip:port>/platform/16/auth/

settings/krb5/realms/<realm name or ID>

Create a Kerberos authentication realm. POST <cluster-ip:port>/platform/16/auth/

settings/krb5/realms

Modify Kerberos authentication realm settings. PUT <cluster-ip:port>/platform/16/auth/

settings/krb5/realms/<realm name or ID>

Delete a Kerberos authentication realm. DELETE <cluster-ip:port>/platform/16/auth/

settings/krb5/realms/<realm name or ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. settings/krb5/realms?describe
GET <cluster-ip:port>/platform/16/auth/
settings/krb5/realms/<realm name or ID>?
describe

Authentication settings krb5 domains resource

Create, modify, delete, or retrieve information about a Kerberos authentication domain.

Operation Method and URI

Retrieve Kerberos authentication settings for domains. GET <cluster-ip:port>/platform/16/auth/
settings/krb5/domains

Retrieve Kerberos authentication settings for a specific GET <cluster-ip:port>/platform/16/auth/

domain. settings/krb5/domains/<domain name or ID>

Create a Kerberos authentication domain. POST <cluster-ip:port>/platform/16/auth/

settings/krb5/domains

Modify Kerberos authentication domain settings. PUT <cluster-ip:port>/platform/16/auth/

settings/krb5/domains/<domain name or ID>

Delete a Kerberos authentication domain. DELETE <cluster-ip:port>/platform/16/auth/

settings/krb5/domains/<domain name or ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. settings/krb5/domains?describe
GET <cluster-ip:port>/platform/16/auth/
settings/krb5/domains/<domain name or ID>?
describe

System configuration API 35

LDAP provider template resources
Retrieve a list of all LDAP provider templates.

Operation Method and URI

Retrieve a list of all LDAP provider templates. GET <cluster-ip:port>/platform/16/auth/ldap-
templates

Retrieve a specific LDAP provider template. GET <cluster-ip:port>/platform/16/auth/ldap-

templates/<USERID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/ldap-
information about query parameters and object properties. templates?describe

Authentication ADS providers domains resource

Retrieve information about the trusted domains of configured ADS providers.

Operation Method and URI

List all trusted domains of ADS providers. GET <cluster-ip:port>/platform/16/auth/
providers/ads/<ID>/domains

View the trusted domains of a single ADS provider. GET <cluster-ip:port>/platform/16/auth/

providers/ads/<ID>/domains/<ADS-DOMAIN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/ads/<ID>/domains?describe
GET <cluster-ip:port>/
platform/16/auth/providers/ads/<ID>/domains/
<ADS-DOMAIN>?describe

Authentication ADS providers resource

View, modify, create, or delete ADS providers.

Operation Method and URI

List all ADS providers. GET <cluster-ip:port>/platform/16/auth/
providers/ads

View an ADS provider. GET <cluster-ip:port>/platform/16/auth/

providers/ads/<PROVIDER-ID>

Create an ADS provider. POST <cluster-ip:port>/platform/16/auth/

providers/ads

Modify an ADS provider. PUT <cluster-ip:port>/platform/16/auth/

providers/ads/<PROVIDER-ID>

Delete an ADS provider. DELETE <cluster-ip:port>/platform/16/auth/

providers/ads/<PROVIDER-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/ads?describe
GET <cluster-ip:port>/platform/16/auth/
providers/ads/<PROVIDER-ID>?describe

36 System configuration API

Authentication ADS providers controllers resource
Retrieve information about all the domain controllers for a trusted ADS domain.

Operation Method and URI

Get all domain controllers for a trusted ADS domain. GET <cluster-ip:port>/platform/16/auth/
providers/ads/<domain-id>/controllers

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/
information about query parameters and object properties. platform/16/auth/providers/ads/<domain-id>/
controllers?describe

Authentication ADS providers search resource

Perform searches within Active Directory service (ADS) providers for users, groups, and system accounts.

Operation Method and URI

Get objects that are searchable in domains. GET <cluster-ip:port>/platform/16/auth/
providers/ads/<OBJECT>/search

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/ads/<OBJECT>/search?describe

Authentication Duo provider resource

View or modify the Duo provider settings.

Operation Method and URI

View a Duo provider. GET <cluster-ip:port>/platform/16/auth/
providers/duo

Modify a Duo provider. PUT <cluster-ip:port>/platform/16/auth/

providers/duo

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/duo?describe

Authentication file providers resource

Create, modify, delete, or retrieve information about an authentication file provider.

Operation Method and URI

Retrieve all file providers. GET <cluster-ip:port>/platform/16/auth/
providers/file

Retrieve one file provider. GET <cluster-ip:port>/platform/16/auth/

providers/file/<provider-id>

Create a file provider. POST <cluster-ip:port>/platform/16/auth/

providers/file

Modify a file provider. PUT <cluster-ip:port>/platform/16/auth/

providers/file/<provider-id>

Delete a file provider. DELETE <cluster-ip:port>/platform/16/auth/

providers/file/<provider-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/file?describe

System configuration API 37

Authentication LDAP providers resource
Create, modify, delete, or retrieve information about a Lightweight Directory Access Protocol (LDAP) provider.

Operation Method and URI

Retrieve all LDAP providers. GET <cluster-ip:port>/platform/16/auth/
providers/ldap

Retrieve one LDAP provider. GET <cluster-ip:port>/platform/16/auth/

providers/ldap/<PROVIDER-ID>

Create an LDAP provider. POST <cluster-ip:port>/platform/16/auth/

providers/ldap

Modify an LDAP provider. PUT <cluster-ip:port>/platform/16/auth/

providers/ldap/<PROVIDER-ID>

Delete an LDAP provider. DELETE <cluster-ip:port>/platform/16/auth/

providers/ldap/<PROVIDER-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/ldap?describe
GET <cluster-ip:port>/platform/16/auth/
providers/ldap/<PROVIDER-ID>?describe

Authentication local providers resource

Create, modify, delete, or retrieve information about a local authentication provider.

Operation Method and URI

Retrieve all local providers. GET <cluster-ip:port>/platform/16/auth/
providers/local

Retrieve one local provider. GET <cluster-ip:port>/platform/16/auth/

providers/local/<PROVIDER-ID>

Create a local provider. POST <cluster-ip:port>/platform/16/auth/

providers/local

Modify a local provider. PUT <cluster-ip:port>/platform/16/auth/

providers/local/<PROVIDER-ID>

Delete a local provider. DELETE <cluster-ip:port>/platform/16/auth/

providers/local/<PROVIDER-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/local?describe
GET <cluster-ip:port>/platform/16/auth/
providers/local/<PROVIDER-ID>?describe

Authentication NIS providers resource

Create, modify, delete, or retrieve information about a Network Information Service (NIS) authentication provider.

Operation Method and URI

Retrieve all NIS providers. GET <cluster-ip:port>/platform/16/auth/
providers/nis

Retrieve one NIS provider. GET <cluster-ip:port>/platform/16/auth/

providers/nis/<PROVIDER-ID>

38 System configuration API

 Operation Method and URI
Create an NIS provider. POST <cluster-ip:port>/platform/16/auth/
providers/nis

Modify an NIS provider. PUT <cluster-ip:port>/platform/16/auth/

providers/nis/<PROVIDER-ID>

Delete an NIS provider. DELETE <cluster-ip:port>/platform/16/auth/

providers/nis/<PROVIDER-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. providers/nis?describe
GET <cluster-ip:port>/platform/16/auth/
providers/nis/<PROVIDER-ID>?describe

Authentication settings ACL resource

View or modify ACL policy settings and preset configurations.

Operation Method and URI

List ACL policy settings. GET <cluster-ip:port>/platform/16/auth/
settings/acls

Modify ACL policy settings. PUT <cluster-ip:port>/platform/16/auth/

settings/acls

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. settings/acls?describe

Authentication privileges resource

List all privileges.

Operation Method and URI

List authentication privileges. GET <cluster-ip:port>/platform/16/auth/
privileges

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. privileges?describe

Authentication roles resource

Create, modify, delete, or retrieve information about roles that are assigned to authenticated users.

Operation Method and URI

Get all roles. GET <cluster-ip:port>/platform/16/auth/roles

Get one role. GET <cluster-ip:port>/platform/16/auth/

roles/<ROLE-ID>

Create a role. POST <cluster-ip:port>/platform/16/auth/

roles

Modify a role. PUT <cluster-ip:port>/platform/16/auth/

roles/<ROLE-ID>

Delete a role. DELETE <cluster-ip:port>/platform/16/auth/

roles/<ROLE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. roles?describe

System configuration API 39

Authentication roles members resource
Add, modify, remove, or retrieve information about the members that are assigned to a role.

Operation Method and URI

Retrieve the members of a role. GET <cluster-ip:port>/platform/16/auth/
roles/<ROLE-ID>/members

Add a member to a role. POST <cluster-ip:port>/platform/16/auth/

roles/<ROLE-ID>/members

Remove a member from a role. DELETE <cluster-ip:port>/platform/16/auth/

roles/<ROLE-ID>/members/<persona-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. roles/<ROLE-ID>/members?describe

Authentication roles privileges resource

Add, modify, remove, or retrieve information about the privileges that are assigned to a role.

Operation Method and URI

Retrieve the privileges of a role. GET <cluster-ip:port>/platform/16/auth/
roles/<ID>/privileges

Add a privilege to a role. POST <cluster-ip:port>/platform/16/auth/

roles/<ID>/privileges

Remove a privilege from a role. DELETE <cluster-ip:port>/platform/16/auth/

roles/<ID>/privileges/<PRIVILEGE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. roles/<ID>/privileges?describe

Authentication global settings resource

Retrieve or modify the global authentication settings on the cluster.

Operation Method and URI

Retrieve global settings. GET <cluster-ip:port>/platform/16/auth/
settings/global

Modify global settings. PUT <cluster-ip:port>/platform/16/auth/

settings/global

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. settings/global?describe

Authentication shells resource

Retrieve a list of user shells that are supported on the cluster.

Operation Method and URI

Retrieve a list of user shells that are supported on the cluster. GET <cluster-ip:port>/platform/16/auth/
shells

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. shells?describe

40 System configuration API

Authentication well-known resource
Retrieve well-known personas from the cluster.

Operation Method and URI

Retrieve all well-known personas. GET <cluster-ip:port>/platform/16/auth/
wellknowns

Retrieve a well-known persona. GET <cluster-ip:port>/platform/16/auth/

wellknowns/<WELLKNOWN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. wellknowns?describe

Configured TLS certificate authority resource

View, import, modify, or delete one or more TLS certificate authorities.

Operation Method and URI

Retrieve a list of all configured TLS certificate authorities. GET <cluster-ip:port>/platform/16/
certificate/authority

Retrieve a single configured TLS certificate authority. GET <cluster-ip:port>/platform/16/

certificate/authority/<AUTHORITY-ID>

Modify a TLS certificate authority. PUT <cluster-ip:port>/platform/16/

certificate/authority/<AUTHORITY-ID>

Delete a TLS certificate authority. DELETE <cluster-ip:port>/platform/16/

certificate/authority/<AUTHORITY-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. certificate/authority?describe
GET <cluster-
ip:port>/platform/16/certificate/authority/
<AUTHORITY-ID>?describe

Configured TLS server certificate resources

Retrieve a list of all configured TLS server certificates.

Operation Method and URI

Retrieve a list of all configured TLS server certificates. GET <cluster-ip:port>/platform/16/
certificate/server

Retrieve a single TLS server certificate. GET <cluster-ip:port>/platform/16/

certificate/server/<CERTIFICATE-ID>

Modify a TLS server certificate. PUT <cluster-ip:port>/platform/16/

certificate/server/<CERTIFICATE-ID>

Delete a TLS server certificate. DELETE <cluster-ip:port>/platform/16/

certificate/server/<CERTIFICATE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. certificate/server?describe
GET <cluster-ip:port>/platform/16/
certificate/server/<CERTIFICATE-ID>?describe

System configuration API 41

Configured TLS certificate settings resource
Retrieve and modify system-wide TLS certificate settings.

Operation Method and URI

View a configured TLS certificate setting. GET <cluster-ip:port>/platform/16/
certificate/settings

Modify a configured TLS certificate setting. PUT <cluster-ip:port>/platform/16/

certificate/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. certificate/settings?describe

Syslog TLS server certificate resources

You can configure forwarding of audit logs to remote syslog servers. Both one-way and two-way authentication are supported.
For two-way authentication, an additional certificate is required on the OneFS cluster for syslog server.

Operation Method and URI

List syslog TLS server certificates. GET <cluster-ip:port>/platform/16/audit/
certificates/syslog

Import a syslog TLS server certificate. POST <cluster-ip:port>/platform/16/audit/

certificates/syslog

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. certificate/settings?describe

Authentication error resource

View authentication error details.

Operation Method and URI

View authentication error. GET <cluster-ip:port>/platform/16/auth/
error/<error-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/auth/
information about query parameters and object properties. error/<error-id>?describe

ID resolution resource
Retrieves Logical Inode Numbers (LIN) and their file path mappings.

Operation Method and URI

Resolve all LIN to file path mappings. GET <cluster-ip:port>/platform/16/id-
resolution/paths

Resolve a specific LIN to file path mapping. GET <cluster-ip:port>/platform/16/id-

resolution/paths/<LIN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/id-
information about query parameters and object properties. resolution/paths?describe
GET <cluster-ip:port>/platform/16/id-
resolution/paths/<LIN>?describe

42 System configuration API

ID resolution domains resource
List domain to path mappings for one or more domains.

Operation Method and URI

List domain to path mappings. GET <cluster-ip:port>/platform/16/id-
resolution/domains

List a path mapping for a specific domain. GET <cluster-ip:port>/platform/16/id-

resolution/domains/<DOMAIN-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/id-
information about query parameters and object properties. resolution/domains/<DOMAIN-ID>?describe

ID resolution LIN resource

List LIN to path mappings.

Operation Method and URI

List LIN to path mappings. GET <cluster-ip:port>/platform/16/id-
resolution/lins

List a specific LIN to path mapping. GET <cluster-ip:port>/platform/16/id-

resolution/lins/<LIN-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/id-
information about query parameters and object properties. resolution/lins/<LIN-ID>?describe

ID resolution zones resource

List zone ID to zone name mappings.

Operation Method and URI

List zone ID to zone name mappings. GET <cluster-ip:port>/platform/16/id-
resolution/zones

List a specific zone ID to zone name mapping. GET <cluster-ip:port>/platform/16/id-

resolution/zones/<ZONE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/id-
information about query parameters and object properties. resolution/zones/<ZONE-ID>?describe

ID resolution zone groups resource

List GIDs/GSIDs to group name mappings.

Operation Method and URI

List GID/GSID mappings for a zone to a group name. GET <cluster-ip:port>/platform/16/id-
resolution/zones/<ZONE-ID>/groups

List a specific GID/GSID mapping for a zone to a group. GET <cluster-ip:port>/platform/16/id-

resolution/zones/<ZONE-ID>/groups/<GROUP-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/id-
information about query parameters and object properties. resolution/zones/<ZONE-ID>/groups?describe

System configuration API 43

ID resolution zones users resource
List mappings between UIDs/SIDs and username.

Operation Method and URI

List mappings between UIDs/SIDs and username. GET <cluster-ip:port>/platform/16/id-
resolution/zones/<ZONE-ID>/users

List mappings between UIDs/SIDs and a specific username. GET <cluster-ip:port>/platform/16/id-

resolution/zones/<ZONE-ID>/users/<USER-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/id-
information about query parameters and object properties. resolution/zones/<ZONE-ID>/users?describe

Authentication API examples

You can see examples for some authentication API requests.

Change a user password

Change a user password.

Request example
Specify both the new and old password.

PUT /platform/16/auth/users/USER:johndoe/change_password
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"new_password":"ABC12345",
"old_password":"12345ABC"}

Response example

204 No Content
Content-type: text/plain

Create a local group

Create a local group.

Request example

POST /platform/16/auth/group
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name": "mygroup", “type”: “GROUP”}

Response example

201 Created
Content-type: application/json

{
"id" : "SID:S-1-5-21-4224731515-2571109568-2823010237-1003"
}

44 System configuration API

Modify a local group
Modify a local group.

Request example
Include the force parameter when modifying an authentication group.

PUT /platform/16/auth/groups/GROUP:mygroup?force=true
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"gid": 2004}

Response example

204 No Content
Content-type: text/plain

Add a member to a local group

Add a member to a local group.

Request example

POST /platform/16/auth/groups/GROUP:mygroup/members
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"id": "USER:user01"}

Response example

201 Created
Content-type: application/json

{"id" : "SID:S-1-5-21-4224731515-2571109568-2823010237-1003"}

Create a user
Create a user and add the user to a local group.

Request example
Create the user "user123" through the following request:

POST /platform/16/auth/users
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name": "user123", “type”: “USER”}

Response example

201 Created
Content-type: application/json

{
"id" : "SID:S-1-5-21-4224731515-2571109568-2823010237-1005"
}

System configuration API 45

Request example
Then, add "user123" to a group called "administrators" through the following request:

POST /platform/16/auth/groups/administrators/members
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name": "user123", “type”: “USER”}

Response example

201 Created
Content-type: application/json

{
"id" : "SID:S-7-6-25-4784731515-2575609568-2323010237-2005"
}

Modify a user
Modify the properties for a user.

Request example
In this example, an email address is added for the user.

PUT /platform/16/auth/users/USER:user123
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"email": "[email protected]"}

Response example

204 No Content
Content-type: application/json

Join a domain
Join an Active Directory server domain.

Request example

POST /platform/16/auth/providers/ads
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"server.company.com",
"user":"Administrator",
"password":"abc123"}

Response example

201 Created
Content-type: application/json

{
"id" : "SERVER.COMPANY.COM"
}

46 System configuration API

Modify an ADS provider
Modify an Active Directory authentication provider.

Request example

PUT /platform/16/auth/providers/ads/server1.company.com
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"home_directory_template":"/ifs/home/ads"}

Response example

204 No Content
Content-type: text/plain

Create an LDAP provider

Create an LDAP provider.

Request example

POST /platform/16/auth/providers/ldap
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"ldaptest",
"server_uris":["ldap://ldaptest.company.com"],
"base_dn":"dc=company,dc=com"}

Response example

201 Created
Content-type: application/json

{
"id" : "ldaptest"
}

Modify an LDAP provider

Modify an LDAP provider.

Request example

PUT /platform/16/auth/providers/ldap/ldaptest
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"ldaptest2",
"server_uris":["ldap://ldaptest.company.com"],
"base_dn":"dc=company,dc=com"}

Response example

204 No Content
Content-type: text/plain

System configuration API 47

Modify a local provider
Modify a local provider.

Request example

PUT /platform/16/auth/providers/local/zone1
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"home_directory_template" : "/ifs/home/%Z/%U"}

Response example

204 No Content
Content-type: text/plain

Create an authentication role

Create an authentication role.

Request example

POST /platform/16/auth/roles
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"dba"}

Response example

201 Created
Content-type: application/json

{
"id" : "dba"
}

Modify an authentication role

Modify an authentication role.

Request example

PUT /platform/16/auth/roles/dba
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"dba2"}

Response example

204 No Content
Content-type: text/plain

48 System configuration API

Modify global authentication settings
Modify global authentication settings.

Request example

PUT /platform/16/auth/settings/global
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"send_ntlmv2":"true"}

Response example

204 No Content
Content-type: text/plain

Create a krb5 realm

Create a krb5 authentication realm.

Request example

POST /platform/16/auth/settings/krb5/realms
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"realm":"test_realm"}

Response example

201 Created
Content-type: application/json

{"id" : "2024839292}

Create a krb5 domain

Create a krb5 authentication domain.

Request example

POST /platform/16/auth/settings/krb5/domains
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"domain":"test_domain",
"realm":"test_realm"
}

Response example

201 Created
Content-type: application/json

{
"id" : "29274939282"
}

System configuration API 49

Modify krb5 domains
Modify a krb5 authentication domain.

Request example

PUT /platform/16/auth/settings/krb5/domains/test_domain
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"domain":"test_domain2",
"realm":"test_realm4"
}

Response example

204 No Content
Content-type: application/json

Modify krb5 settings

Modify default krb5 authentication settings.

Request example

PUT /platform/16/auth/settings/krb5/defaults
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"dns_lookup_realm":"true"
"dns_lookup_kdc":"true"
}

Response example

204 No Content
Content-type: application/json

Auditing overview
You can enable auditing for configuration changes, protocol activity, and high-level system platform events on the cluster.
Auditing can detect many potential sources of data loss, including fraudulent activities, inappropriate entitlements, and
unauthorized access attempts. Customers in financial services, health care, life sciences, media and entertainment, and
governmental agencies must meet stringent regulatory requirements that protect against these sources of data loss.
All audit data is stored and protected in the cluster file system. You can optionally configure forwarding of auditing logs to
remote syslog servers. You can optionally configure encrypted forwarding with TLS. Each audit topic type can be configured
separately regarding remote servers, whether to use TLS forwarding, and whether to use one- or two-way TLS verification.
To configure auditing, you must either be a root user or you must be assigned to an administrative role that includes auditing
privileges (ISI_PRIV_AUDIT).
OneFS internally manages the audit log files. Some configurable options related to log file management are retention period and
whether to implement automatic purging.
The audit topic types are:
● Configuration change auditing
● Protocol activity auditing
● System auditing

50 System configuration API

Configuration change auditing
Configuration change auditing tracks and records all configuration events from the OneFS platform API. The process audits the
command-line interface (CLI), web administration interface, and OneFS APIs.
Configuration change logs are populated in the config topic in the audit back-end store under /ifs/.ifsvar/audit/
logs/node<nnn>/config. The logs automatically roll over to a new file after the size reaches 1 GB.
You can enable configuration auditing using the Web UI or the CLI. If you enable configuration auditing, no additional
configuration is required. You can optionally configure syslog forwarding using the CLI.

Protocol auditing
Protocol auditing tracks and stores activity through SMB, NFS, S3, and HDFS protocol connections. You can enable and
configure protocol auditing for one or more access zones in a cluster. If you enable protocol auditing for an access zone,
file-access events through the SMB, NFS, S3, and HDFS protocols are recorded in the protocol audit topic directories. You can
specify which events to log in each access zone. For example, you can audit the default set of protocol events in the System
access zone but audit only successful attempts to delete files in a different access zone.
The audit events are logged on the individual nodes where the SMB, NFS, S3, or HDFS client initiated the activity. The events
are stored in a binary file under /ifs/.ifsvar/audit/logs/node<nnn>/<protocol>. The logs automatically roll over to
a new file after the size reaches 1 GB. The logs are compressed to reduce space.
The protocol audit logs are consumable by auditing applications that support the Common Event Enabler (CEE).
You can enable protocol auditing using the Web UI or CLI. To configure syslog forwarding, use the CLI.

System auditing
System auditing tracks system platform events and events that are related to account management. Two services manage
system auditing. Both services log events per node. Both services manage their own log rotations and rollovers. The two system
auditing services are syslogd and OpenBSM.
● The syslogd service collects logs that are generated by other applications and stores them in /var/log/audit/
<audit files>. The syslogd service is always enabled and cannot be disabled. It collects audit logs from the following
application logs.

Application log Description

isi_pw.log Logs account changes that were made with the isi_pw command.

pw.log Logs account changes that were made with the pw command.

auth.log Logs authentication events.

httpd.log Logs access to the HTTP server.

● The OpenBSM service is predefined to log high-level cluster events. This service is disabled by default. If enabled, it collects
the following events and stores them in /var/audit/<audit files>.
○ Module loads and unloads
○ System boot up and reboots
○ User logins and logouts
○ System shutdowns and power off
○ OpenSSH logins
Use the CLI to configure system auditing. You can enable and disable the OpenBSM service. You can configure forwarding of all
system auditing logs from both services to remote syslog servers.

Audit resources
You can retrieve and modify OneFS audit topics and settings.

System configuration API 51

Audit settings resource
Modify or retrieve information about audit settings per access zone.

Operation Method and URI

Retrieve audit settings. GET <cluster-ip:port>/platform/16/audit/
settings

Modify audit settings. PUT <cluster-ip:port>/platform/16/audit/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/audit/
information about query parameters and object properties. settings?describe

Audit global settings resource

Modify or retrieve information about audit global settings.

Operation Method and URI

Retrieve audit global settings. GET <cluster-ip:port>/platform/16/audit/
settings/global

Modify audit global settings. PUT <cluster-ip:port>/platform/16/audit/

settings/global

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/audit/
information about query parameters and object properties. settings/global?describe

Audit logs resource

Delete out-of-data audit logs, and retrieve the status of deleted logs.

Operation Method and URI

Retrieve status of audit log deletion. GET <cluster-ip:port>/platform/16/audit/logs

Delete audit logs. DELETE <cluster-ip:port>/platform/16/audit/

logs

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/audit/
information about query parameters and object properties. logs?describe

Audit topic resource

Modify or retrieve information about audit topics.

Operation Method and URI

Retrieve all audit topics. GET <cluster-ip:port>/platform/16/audit/
topics

Retrieve an audit topic. GET <cluster-ip:port>/platform/16/audit/

topics/<name>

Modify an audit topic. PUT <cluster-ip:port>/platform/16/audit/

topics/<name>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/audit/
information about query parameters and object properties. topics?describe

52 System configuration API

Audit progress resource
View the current audit log time.

Operation Method and URI

Retrieve the current audit log time by node. GET <cluster-ip:port>/platform/16/audit/
progress

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/audit/
information about query parameters and object properties. progress?describe

Audit progress global resource

View the global audit log time.

Operation Method and URI

Retrieve the current global audit log time. GET <cluster-ip:port>/platform/16/audit/
progress /global

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/audit/
information about query parameters and object properties. progress/global?describe

Audit API examples

You can see examples for some audit API calls.

Enable protocol auditing

You can enable SMB protocol auditing on the system for specified zones.

Request example
In the following example, protocol auditing is enabled for the "myZone" and "System" zones.

PUT /platform/16/audit/settings
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'audited_zones': ['myZone', 'System'],
'protocol_auditing_enabled': True
}

Response example
In the following example, the request was successful, and protocol auditing is enabled on the system for the specified zones. No
message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

System configuration API 53

Enable configuration auditing
You can enable configuration auditing on the system.

Request example

PUT /platform/16/audit/settings
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'config_auditing_enabled': True
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Modify an audit topic

You can modify an audit topic on the system.

Request example

PUT /16/audit/topics/protocol
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"max_cached_messages": 1000
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Data Security overview

The default view of a PowerScale cluster is that of one physical machine. But you can partition a cluster into multiple virtual
containers called access zones. Access zones allow you to isolate data and control who can access data in each zone.
Access zones support configuration settings for authentication and identity management services on a cluster. Access zones
enable you to configure authentication providers and provision protocol directories such as SMB shares and NFS exports on a
zone-by-zone basis. Creating an access zone automatically creates a local provider, which allows you to configure each access
zone with a list of local users and groups. You can also authenticate through a different authentication provider in each access
zone.
To control data access, you associate the access zone with a groupnet. A groupnet is a top-level networking container that
manages DNS client connection settings and contains subnets and IP address pools. When you create an access zone, you
must specify a groupnet. If a groupnet is not specified, the access zone references the default groupnet. Multiple access zones
can reference a single groupnet. You can direct incoming connections to the access zone through a specific IP address pool in
the groupnet. Associating an access zone with an IP address pool restricts authentication to the associated access zone and
reduces the number of available and accessible SMB shares and NFS exports.

54 System configuration API

An advantage to multiple access zones is the ability to configure audit protocol access for individual access zones. You can
modify the default list of successful and failed protocol audit events and then generate reports through a third-party tool for an
individual access zone.
A cluster includes an access zone that is named System where you manage all aspects of a cluster and other access zones. By
default, all cluster IP addresses connect to the System zone. Role-based access, which primarily allows configuration actions,
is available through only the System zone. All administrators, including those given privileges by a role, must connect to the
System zone to configure a cluster. The System zone is automatically configured to reference the default groupnet on the
cluster, which is groupnet0.
Configuration management of a non-System access zone is not permitted through SSH, the OneFS API, or the web
administration interface. However, you can create and delete SMB shares in an access zone through the Microsoft Management
Console (MMC).

Access zone resources

Retrieve, create, modify, or delete access zone configurations and settings.

Access zones resource

Create, modify, delete, or retrieve information about the access zones on a cluster.

Operation Method and URI

Retrieve all access zones. GET <cluster-ip:port>/platform/16/zones

Retrieve one access zone. GET <cluster-ip:port>/platform/16/zones/

<ZONE-ID>

Create an access zone. POST <cluster-ip:port>/platform/16/zones

Modify an access zone. PUT <cluster-ip:port>/platform/16/zones/

<ZONE-ID>

Delete an access zone. DELETE <cluster-ip:port>/platform/16/zones/

<ZONE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/zones?
information about query parameters and object properties. describe
GET <cluster-ip:port>/platform/16/zones/
<ZONE-ID>?describe

Access zones summary resource

Retrieve summary information about the access zones on a cluster.

Operation Method and URI

Retrieve information about all access zones. GET <cluster-ip:port>/platform/16/zones-
summary

Retrieve nonprivileged information about a specific access GET <cluster-ip:port>/platform/16/zones-

zone. summary/<ZONE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/zones-
information about query parameters and object properties. summary?describe
GET <cluster-ip:port>/platform/16/zones-
summary/<ZONE>?describe

System configuration API 55

Access zone API examples
You can see examples for some access zone API calls.

Create an access zone

Create an access zone on the cluster.

Request example

POST /platform/16/zones
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"MyZone", "path":"/ifs/data/myzone"}

Response example

201 Created
Content-type: application/json

{"id":"MyZone"}

Modify an access zone

Modify the properties for an access zone on the cluster.

Request example
In the following example, the name for ZoneA is changed to ZoneB.

PUT /platform/16/zones/ZoneA
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"ZoneB"}

Response example

204 No Content
Content-type: 'text/plain

NFS security
OneFS provides an NFS server so you can share files on your cluster with NFS clients that adhere to the RFC1813 (NFSv3) and
RFC3530 (NFSv4) specifications.
NFS is disabled by default. To enable NFS, use the following command:

isi services nfs enable

In OneFS, the NFS server is fully optimized as a multithreaded service running in user space instead of the kernel. This
architecture load balances the NFS service across all nodes of the cluster, providing the stability and scalability necessary to
manage up to thousands of connections across multiple NFS clients.
NFS mounts run and refresh quickly, and the server constantly monitors fluctuating demands on NFS services and makes
adjustments across all nodes to ensure continuous, reliable performance. Using an integrated process scheduler, OneFS helps
ensure fair allocation of node resources so that no client can seize more than its fair share of NFS services.

56 System configuration API

The NFS server also supports access zones that are defined in OneFS, so that clients can access only the exports appropriate
to their zone. For example, if NFS exports are specified for Zone 2, only clients that are assigned to Zone 2 can access these
exports.
To simplify client connections, especially for exports with large path names, the NFS server also supports aliases, which are
shortcuts to mount points that clients can specify directly.
For secure NFS file sharing, OneFS supports NIS and LDAP authentication providers.

NFS classes
NFS classes define values for the object properties in NFS resources.

<user-mapping>
The <user-mapping> class must be set as follows:

Property Type Description

enabled Boolean True if the user mapping is applied.
user <persona> Specifies the name of the privilege
primary_group <persona> Specifies persona properties for the primary user group. A
persona consists of either a type and name, or an ID.
secondary_group Array of <persona> Specifies persona properties for the secondary user group.
A persona consists of either a type and name, or an ID.

<persona>
The <persona> class must be set with either the <persona-id> or the <type> and <name> parameters, as follows:

Property Type Description

id <persona-id> Specifies the serialized form of the persona
type String Specifies the type of persona, which must be combined
with a name. The type of the persona can be set to user,
group, or wellknown.

name String Specifies the persona name, which must be combined with
a type

<persona-id>
The <persona-id> class must be set in the following format: user:<string>, group:<string>, SID:<string>,
UID:<string>, GID:<string>, such as: GID:2003 or user:johndoe.

NFS resources
You can retrieve, create, modify, or delete NFS export configurations and settings.

NFS exports summary resource

Retrieve summary information for NFS exports.

Operations Method and URI

Retrieve the NFS exports summary. GET <cluster-ip:port>/platform/16/protocols/nfs/
exports-summary

System configuration API 57

Operations Method and URI
View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/nfs/
which has information about query parameters and exports-summary?describe
object properties.

NFS exports resource

Create, modify, delete, or retrieve information about NFS exports.

Operation Method and URI

Retrieve all NFS exports. GET <cluster-ip:port>/platform/16/protocols/nfs/
exports

Retrieve one NFS export. GET <cluster-ip:port>/platform/16/protocols/nfs/

exports/<EID>

Create an NFS export. POST <cluster-ip:port>/platform/16/protocols/nfs/

exports

Modify an NFS export. PUT <cluster-ip:port>/platform/16/protocols/nfs/

exports/<EID>

Delete an NFS export. DELETE <cluster-ip:port>/platform/16/protocols/nfs/

exports/<EID>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/nfs/
which has information about query parameters exports?describe
and object properties.
GET <cluster-ip:port>/platform/16/protocols/nfs/
exports/<EID>?describe

NFS check resource

Retrieve NFS export validation information.

Operation Method and URI

Retrieve NFS export validation information. GET <cluster-ip:port>/platform/16/
protocols/nfs/check

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/nfs/check?describe

NFS aliases resource

Create, modify, delete, or retrieve information about NFS aliases. Aliases are names for physical paths in the file system. You are
retrieving, deleting, or modifying aliases with forward slashes "/" in their names, and you must substitute the URI encoding. For
example, if the alias name is /username, you must substitute %2fusername in the call.

Operation Method and URI

Retrieve all NFS aliases. GET <cluster-ip:port>/platform/16/
protocols/nfs/aliases

Retrieve an NFS alias. GET <cluster-ip:port>/platform/16/

protocols/nfs/aliases/<AID>

Create an NFS alias. POST <cluster-ip:port>/platform/16/

protocols/nfs/aliases

Modify an NFS alias. PUT <cluster-ip:port>/platform/16/

protocols/nfs/aliases/<AID>

58 System configuration API

Operation Method and URI
Delete an NFS alias. DELETE <cluster-ip:port>/platform/16/
protocols/nfs/aliases/<AID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/nfs/aliases?describe
GET <cluster-ip:port>/platform/16/
protocols/nfs/aliases/<AID>?describe

NFS NLM locks resource

Retrieve information about NFS Network Lock Manager (NLM) advisory locks.

Operation Method and URI

Get a list of NFS advisory locks. GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/
locks

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/

resource, which has information about query locks?describe
parameters and object properties.

NFS NLM lock waiters resource

Retrieve information about NFS Network Lock Manager (NLM) lock waiters.

Operation Method and URI

Get a list of NLM lock waiters on NFS. GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/
waiters

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/
which has information about query parameters and waiters?describe
object properties.

NFS NLM sessions resource

Delete or retrieve information about NFS Network Lock Manager (NLM) sessions.

Operation Method and URI

Retrieve all NFS NLM sessions. GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/
sessions

Retrieve all lock states for a specific NFS GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/

NLM session. sessions/<ID>

Delete all lock states for a specific NFS NLM DELETE <cluster-ip:port>/platform/16/protocols/nfs/nlm/
session. sessions/<ID>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/

resource, which has information about query sessions?describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/
sessions/<ID>?describe

System configuration API 59

NFS NLM sessions check resource
Perform an active scan for lost NFSv3 locks.

Operation Method and URI

Scan for lost NFSv3 locks. POST <cluster-ip:port>/platform/16/protocols/nfs/nlm/
sessions-check

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/nfs/nlm/

resource, which has information about query sessions-check?describe
parameters and object properties.

NFS log level resource

Retrieve or set the current NFS logging level.

Operation Method and URI

Retrieve the current NFS logging level. GET <cluster-ip:port>/platform/16/
protocols/nfs/log-level

Set the NFS logging level. PUT <cluster-ip:port>/platform/16/

protocols/nfs/log-level

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/nfs/log-level?describe

NFS netgroup resource

Get or modify the current NFS netgroup cache settings.

Operation Method and URI

Retrieve the current NFS netgroup cache settings. GET <cluster-ip:port>/platform/16/
protocols/nfs/netgroup

Modify the current NFS netgroup cache settings. PUT <cluster-ip:port>/platform/16/

protocols/nfs/netgroup

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/nfs/netgroup?describe

NFS netgroup check resource

Update the NFS netgroups in the cache.

Operation Method and URI

Update the NFS netgroups. POST <cluster-ip:port>/platform/16/
protocols/nfs/netgroup/check

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/nfs/netgroup/check?describe

60 System configuration API

NFS netgroup flush resource
Flush the NFS netgroups in the cache.

Operation Method and URI

Flush the NFS netgroups. POST <cluster-ip:port>/platform/16/
protocols/nfs/netgroup/flush

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/nfs/netgroup/flush?describe

NFS default export settings resource

Modify or retrieve information about the default NFS export settings.

Operation Method and URI

Get default NFS export settings. GET <cluster-ip:port>/platform/16/protocols/nfs/
settings/export

Modify default NFS export settings. PUT <cluster-ip:port>/platform/16/protocols/nfs/

settings/export

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/nfs/
which has information about query parameters settings/export?describe
and object properties.

NFS global settings resource

Retrieve or modify global configuration settings for NFS exports.

Operation Method and URI

Get default NFS export settings. GET <cluster-ip:port>/platform/16/protocols/nfs/settings/
global

Modify default NFS export settings. PUT <cluster-ip:port>/platform/16/protocols/nfs/settings/

global

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/nfs/settings/

resource, which has information about global?describe
query parameters and object properties.

NFS exports configuration check resource

Retrieve information about the status and validity of current NFS exports. Each export with an error is reported along with the
first error that is encountered during the check.

Operation Method and URI

Check NFS exports for configuration errors. GET <cluster-ip:port>/platform/16/protocols/nfs/
check

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/nfs/
which has information about query parameters and check?describe
object properties.

System configuration API 61

NFS zone settings resource
Retrieve or modify zone configuration settings for NFS exports.

Operation Method and URI

Retrieve NFS server settings for a zone. GET <cluster-ip:port>/platform/16/protocols/nfs/settings/
zone

Modify NFS server settings for a zone. PUT <cluster-ip:port>/platform/16/protocols/nfs/settings/

zone

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/nfs/settings/

resource, which has information about zone?describe
query parameters and object properties.

NFS reload resource

Reload cached export information. If the time to live (TTL) has expired, the netgroup cache is updated against the remote
provider and hosts are updated against the DNS. Netgroups are automatically refreshed on an interval that is specified by the
netgroup expiration option. DNS hosts are intermittently refreshed. Local export information, such as options that are specified
with exports create or exports modify, is updated immediately following the action.

Operation Method and URI

Reload NFS exports. POST <cluster-ip:port>/platform/16/
protocols/nfs/reload

View the detailed JSON schema for this resource, which GET <cluster-ip:port>/platform/16/
has information about query parameters and object protocols/nfs/reload?describe
properties.

NFS API examples

You can see examples for some NFS API requests.

Create NFS alias

Create an NFS alias.

Request example

POST /platform/16/protocols/nfs/aliases
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"name":"nfs_alias_01","path":"/ifs/nfs/aliases"
}

Response example

201 Created
Content-type: application/json

{
"id":"204"
}

62 System configuration API

Modify NFS alias
Modify an NFS alias.

Request example

PUT /platform/16/protocols/nfs/aliases/204
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"nfs_alias_02"}

Response example

204 No Content
Content-type: text/plain

Create NFS export

Create an NFS export.

Request example

POST /platform/16/protocols/nfs/exports
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"paths":[
"/ifs/nfs/exports/test",
"/ifs/nfs/exports/test2"
]
}

Response example

201 Created
Content-type: application/json

{
"id":24
}

Modify NFS export

Modify an NFS export.

Request example

PUT /platform/16/protocols/nfs/exports/24
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"write_transfer_max_size":1024,
"write_transfer_multiple":512
}

Response example

204 No Content
Content-type: text/plain

System configuration API 63

Modify default NFS settings
Modify the default NFS settings on the cluster.

Request example

PUT /platform/16/protocols/nfs/settings/export
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"block_size":512,
"can_set_time":true,
"case_insensitive":false
}

Response example

204 No Content
Content-type: text/plain

Modify global NFS settings

Modify the global NFS settings on the cluster.

Request example

PUT /platform/16/protocols/nfs/settings/global
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

GLOBAL_SETTINGS_V14 ['properties']['nfsv41_enabled'] = {
"description": "True if NFSv4.1 is enabled.",
"type": "boolean",}

GLOBAL_SETTINGS_V14 ['properties']['nfsv42_enabled'] = {
"description": "True if NFSv4.2 is enabled.",
"type": "boolean",}

Response example

204 No Content
Content-type: text/plain

Modify NFS zone settings

Modify the settings for an NFS access zone.

Request example

PUT /platform/16/protocols/nfs/settings/zone
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"nfsv4_allow_numeric_ids":true,
"nfsv4_domain":"test_domain"
}

64 System configuration API

Response example

204 No Content
Content-type: text/plain

SMB
OneFS includes a configurable SMB service to create and manage SMB shares. SMB shares provide Windows clients network
access to file system resources on the cluster. You can grant permissions to users and groups to carry out operations such as
reading, writing, and setting access permissions on SMB shares.
SMB shares act as checkpoints, and users must have access to a share in order to access objects in a file system on a share.
If the user security mode is enabled, users who connect to a share from an SMB client must provide a valid username with
proper credentials. If a user has access that is granted to a file system, but not to the share on which it resides, that user
cannot access the file system regardless of privileges. For example, assume a share that is named ABCDocs contains a file that
is named file1.txt in a path such as: /ifs/data/ABCDocs/file1.txt. If a user attempting to access file1.txt does
not have share privileges on ABCDocs, that user cannot access the file even if originally granted write privileges to the file.
The SMB protocol uses security identifiers (SIDs) for authorization data. All identities are converted to SIDs during retrieval and
are converted back to their on-disk representation before they are stored on the cluster.
When a file or directory is created, OneFS checks the access control list (ACL) of its parent directory. If the ACL contains any
inheritable access control entries (ACEs), a new ACL is generated from those ACEs. Otherwise, OneFS creates an ACL from the
combined file and directory create mask and create mode settings.

Supported clients
The table lists the clients that are supported by OneFS.
OneFS supports the following clients. Clients running Operating System X can connect to a Isilon cluster using the NFS or SMB
protocol.

Supported Clients
Any NFS client that complies with NFSv3 or NFSv4.0 client implementations compliant with RFC1813 and RFC3530
respectively.
Implementations of SMB1 provided in Microsoft Windows operating systems, and SMB2/3 systems compliant with the Open
Specifications document MS-SMB2.

EMC Isilon tests SMB clients that are covered under Extended Support Policy of Microsoft and the following:
● Operating system X 10.9
● Operating system X 10.10
● Operating system X 10.11

MacOS X
Clients running MacOS X can connect to a Isilon cluster using the NFS or SMB protocol. To take advantage of Apple-specific
SMB2 features such as color tagging, enable the Apple extensions for SMB2.

SMB resources
You can retrieve, create, modify, or delete SMB share configurations and settings.

System configuration API 65

SMB shares summary resource
Retrieve summary information for SMB shares.

Operation Method and URI

Retrieve the SMB shares summary GET <cluster-ip:port>/platform/16/protocols/smb/shares-
summary
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/smb/shares-
information about query parameters and object properties. summary?describe

SMB shares resource

Modify, delete, and create SMB shares; and retrieve information about SMB shares.
When creating a share, specify the ID of the access zone where the share is to be created. The zone specification is in the URI,
for example:

POST <cluster-ip:port>/platform/16/protocols/smb/shares?zid=2

Specify the share name, path, and other properties in the JSON body of the request.

Operation Method and URI

Retrieve a single SMB share. GET <cluster-ip:port>/platform/16/
protocols/smb/shares/<SHARE>

Retrieve a list of SMB shares. GET <cluster-ip:port>/platform/16/

protocols/smb/shares

Create an SMB share. POST <cluster-ip:port>/platform/16/

protocols/smb/shares/<ZONE-ID>

Modify an SMB share. PUT <cluster-ip:port>/platform/16/

protocols/smb/shares/<SHARE>

Delete an SMB share. DELETE <cluster-ip:port>/platform/16/

protocols/smb/shares/<SHARE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/shares?describe
GET <cluster-ip:port>/platform/16/
protocols/smb/shares/<SHARE>?describe

SMB share settings resource

Modify or retrieve information about default SMB share settings.

Operation Method and URI

Retrieve SMB share settings. GET <cluster-ip:port>/platform/16/
protocols/smb/settings/share

Modify SMB share settings. PUT <cluster-ip:port>/platform/16/

protocols/smb/settings/share

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/settings/share?describe

66 System configuration API

SMB global settings resource
Modify or retrieve information about global SMB share settings.

Operation Method and URI

Retrieve the global SMB settings. GET <cluster-ip:port>/platform/16/
protocols/smb/settings/global

Modify the global SMB settings. PUT <cluster-ip:port>/platform/16/

protocols/smb/settings/global

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/settings/global?describe

SMB open files resource

Retrieve a listing of all files that are open through SMB on the queried node or close an open file.

Operation Method and URI

Retrieve a list of files opened through SMB. GET <cluster-ip:port>/platform/16/
protocols/smb/openfiles

Close a file opened through SMB. DELETE <cluster-ip:port>/platform/16/

protocols/smb/openfiles/<FILE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/openfiles?describe
GET <cluster-ip:port>/platform/16/
protocols/smb/openfiles/<FILE-ID>?describe

SMB sessions resource

Close or retrieve a listing of all SMB user sessions that are open on the queried node.

Operation Method and URI

Retrieve a list of SMB sessions. GET <cluster-ip:port>/platform/16/
protocols/smb/sessions

Close an SMB session user. DELETE <cluster-ip:port>/platform/16/

protocols/smb/sessions/<COMPUTER>/<USER>

Close an SMB session system. DELETE <cluster-ip:port>/platform/16/

protocols/smb/sessions/<COMPUTER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/sessions?describe
GET <cluster-
ip:port>/platform/16/protocols/smb/sessions/
<COMPUTER>/<USER>?describe
GET <cluster-ip:port>/platform/16/
protocols/smb/sessions/<COMPUTER>?describe

NOTE: The node-lnn is optional for /protocols/smb/sessions . With this parameter, the output lists the
connected client's information of interested node. When the parameter is missing, it is assumed as local node.

System configuration API 67

SMB log level resource
List or modify the SMB logging level.

Operation Method and URI

Retrieve the SMB logging level. GET <cluster-ip:port>/platform/16/
protocols/smb/log-level

Modify the SMB logging level. PUT <cluster-ip:port>/platform/16/

protocols/smb/log-level

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/log-level?describe

SMB log level filters resource

Retrieve, add, or delete SMB logging level filter information.

Operation Method and URI

View all SMB log filters. GET <cluster-ip:port>/platform/16/protocols/smb/log-
level/filters

View a specific SMB log filter. GET <cluster-ip:port>/platform/16/protocols/smb/log-

level/filters/<ID>

Add an SMB log filter. POST <cluster-ip:port>/platform/16/protocols/smb/log-

level/filters

Delete existing SMB log filters. DELETE <cluster-ip:port>/platform/16/protocols/smb/log-

level/filters

Delete a specific SMB log filter. DELETE <cluster-ip:port>/platform/16/protocols/smb/log-

level/filters/<ID>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/smb/log-

resource, which has information about query level/filters?describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/protocols/smb/log-
level/filters/<ID>?describe

SMB zone settings resource

Modify or retrieve information about SMB share settings on a per-zone basis.

Operation Method and URI

Retrieve the SMB settings for an access zone. GET <cluster-ip:port>/platform/16/
protocols/smb/settings/zone

Modify the SMB settings for an access zone. PUT <cluster-ip:port>/platform/16/

protocols/smb/settings/zone

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/smb/settings/zone?describe

68 System configuration API

SMB API example
You can see an example of creating an SMB share.

Create an SMB share

When creating an SMB share, obtain and specify the access zone that contains the share in the URI.

Request to obtain the access zone ID

POST /platform/16/zones
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response

{
"zones": [
{
"alternate_system_provider": "lsa-file-provider:System",
"auth_providers": [
"lsa-local-provider:System",
"lsa-file-provider:System"
],
"cache_entry_expiry": 14400,
"groupnet": "groupnet0",
"home_directory_umask": 63,
"id": "System",
"ifs_restricted": [],
"map_untrusted": "",
"name": "System",
"negative_cache_entry_expiry": 60,
"netbios_name": "",
"path": "/ifs",
"skeleton_directory": "/usr/share/skel",
"system": true,
"system_provider": "lsa-file-provider:System",
"user_mapping_rules": [],
"zone_id": 1
},
{
"alternate_system_provider": "lsa-file-provider:MinimumRequired",
"auth_providers": [
"lsa-local-provider:home-admin"
],
"cache_entry_expiry": 14400,
"groupnet": "groupnet0",
"home_directory_umask": 63,
"id": "home-admin",
"ifs_restricted": [],
"map_untrusted": "",
"name": "home-admin",
"negative_cache_entry_expiry": 60,
"netbios_name": "",
"path": "/ifs/home/admin",
"skeleton_directory": "/usr/share/skel",
"system": false,
"system_provider": "lsa-file-provider:System",
"user_mapping_rules": [],
"zone_id": 2
}
]
}

System configuration API 69

Request to create share

POST /platform/16/protocols/smb/shares?zid=2
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"MyShare", "path":"/ifs/home/admin/share"}

Response

201 Created
Content-type: application/json

{"id": "MyShare"}

S3
OneFS supports the Simple Storage Service (S3) protocol for reading data from and writing data to the PowerScale platform.
The OneFS API for the S3 protocol supplements the S3 API.
The S3 objects map to the PowerScale file system as follows:
● Bucket = base directory
● Object prefix = directory path within bucket
● Object = file
The S3 object key maps directly to a file system path.
The S3 protocol supports bucket and object creation, retrieving, updating, and deletion. Object retrievals and updates are
atomic. Bucket properties can be updated.
Objects are accessible using NFS and SMB as normal files, providing cross-protocol support. The S3 access control lists (ACLs)
translate into SMB ACLs as follows:
● The S3 Predefined group AllUsers translates to SMB well known 'Everyone'.
● The S3 Predefined group AllAuthenticatedUsers translates to SMB well-known 'Authenticated Users'.
● An S3 request without a signature is treated as if they were the user 'nobody'.
Administrators generate access IDs and secret keys for authenticated users for access to use S3. Secret keys expire, and when
an administrator generates a new secret key, the old key validity overlaps briefly with the new key validity.
See the Amazon Simple Storage Service documentation for more information.

S3 resources
You can retrieve, create, modify, or delete S3 configurations and settings.

S3 buckets resource
Retrieve a list of buckets and retrieve, create, modify, and delete a bucket. When creating a bucket, AWS S3 restrictions apply.

Operation Method and URI

Retrieve a list of buckets. GET <cluster-ip:port>/platform/16/
protocols/s3/buckets

Retrieve a bucket. GET <cluster-ip:port>/platform/16/

protocols/s3/buckets/<BUCKET>

Create a bucket. POST <cluster-ip:port>/platform/16/

protocols/s3/buckets

Modify a bucket. PUT <cluster-ip:port>/platform/16/

protocols/s3/buckets/<BUCKET>

70 System configuration API

Operation Method and URI
Delete a bucket. DELETE <cluster-ip:port>/platform/16/
protocols/s3/buckets/<BUCKET>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/s3/buckets?describe
GET <cluster-ip:port>/platform/16/
protocols/s3/buckets/<BUCKET>?describe

S3 keys user resource

Retrieve, create, or delete a user secret key.

Operation Method and URI

Retrieve a user key. GET <cluster-ip:port>/platform/16/
protocols/s3/keys/<USER>

Create a user key. POST <cluster-ip:port>/platform/16/

protocols/s3/keys/<USER>

Delete a user key. DELETE <cluster-ip:port>/platform/16/

protocols/s3/keys/<USER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/s3/keys/<USER>?describe

S3 log level resource

Retrieve and set the S3 log level.

Operation Method and URI

Retrieve the log level. GET <cluster-ip:port>/platform/16/
protocols/s3/log-level

Set the log level. PUT <cluster-ip:port>/platform/16/

protocols/s3/log-level

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/s3/log-level?describe

S3 mykeys resource
Retrieve, generate, and delete the secret key information of the current requestor.

Operation Method and URI

Retrieve user secret key information. GET <cluster-ip:port>/platform/16/
protocols/s3/mykeys

Generate user secret key information. POST <cluster-ip:port>/platform/16/

protocols/s3/mykeys

Delete user secret key information. DELETE <cluster-ip:port>/platform/16/

protocols/s3/mykeys

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/s3/mykeys?describe

System configuration API 71

S3 settings global resource
Retrieve and modify global S3 bucket configuration.

Operation Method and URI

Retrieve the global S3 configuration. GET <cluster-ip:port>/platform/16/
protocols/s3/settings/global

Set the global S3 configuration. PUT <cluster-ip:port>/platform/16/

protocols/s3/settings/global

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/s3/settings/global?describe

S3 settings zone resource

Retrieve and modify S3 zone configuration.

Operation Method and URI

Retrieve the zone S3 configuration. GET <cluster-ip:port>/platform/16/
protocols/s3/settings/zone

Set the zone S3 configuration. PUT <cluster-ip:port>/platform/16/

protocols/s3/settings/zone

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/s3/settings/zone?describe

S3 API examples
Code samples for using S3 protocol with OneFS.

Generate a key
Create a key for S3 object access.

Request example

POST /platform/16/protocols/s3/keys/admin
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

{
"keys" :
{
"access_id" : "1_admin_accid",
"old_key_expiry" : 1584753428,
"old_key_timestamp" : 1584742174,
"old_secret_key" : "jegc8mY7vI93SGBiLDdsnRYqGdCB",
"secret_key" : "E3DyE_-aQtMrhGPqPZ22AczK_z6j",
"secret_key_timestamp" : 1584752828
}
}

72 System configuration API

Retrieve a bucket
Retrieve an S3 bucket.

Request example

GET /platform/16/protocols/s3/buckets/mybucket
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

{
"buckets" :
[

{
"acl" : [],
"bucketid" : 844424930230273,
"clients" : [],
"creationtime" : "2020-03-19T21:28:31.000Z",
"description" : "Objects for user12",
"id" : "mybucket",
"name" : "mybucket",
"object_acl_policy" : "replace",
"owner" : "admin",
"path" : "/ifs/home/user12",
"zid" : 1
}
]
}

Create a bucket
Create a bucket.

Request example

POST /platform/16/protocols/s3/buckets
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"create_path": true,
"description" : "New bucket",
"name" : "bucket123",
"owner" : "admin",
"path" : "/ifs/home/user13"
}

Response example

{
"buckets" :
[

{
"acl" : [],
"description" : "",
"id" : "mybucket",
"name" : "mybucket",
"object_acl_policy" : "replace",
"owner" : "root",
"path" : "/ifs/mybucket",
"zid" : 1
}

System configuration API 73

 ]
}

Manage S3 settings
Retrieve and set S3 settings.

Request example
Retrieve the zone settings.

GET /platform/16/protocols/s3/settings/zone
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

{
"settings" :
{
"base_domain" : "",
"bucket_directory_create_mode" : 511,
"object_acl_policy" : "replace",
"root_path" : "/ifs",
"use_md5_for_etag" : true,
"validate_content_md5" : true
}
}

Request example
Set the root path of the zone.

put /platform/16/protocols/s3/settings/zone
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"root_path" : "/ifs/home"
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain

FTP
OneFS includes a secure FTP service that is called Very Secure FTP Daemon (VSFTPD), that you can configure for standard
FTP and FTPS file transfers.
FTP is disabled by default, as users should be using secure FTP (FTPs) or HTTPs for file transfers.

FTP resources
You can retrieve or modify global FTP configuration settings.

74 System configuration API

FTP settings resource
Retrieve and modify global FTP configuration settings.

Operation Method and URI

Retrieve global FTP configuration settings. GET <cluster-ip:port>/platform/16/
protocols/ftp/settings

Modify global FTP configuration settings. PUT <cluster-ip:port>/platform/16/

protocols/ftp/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/ftp/settings?describe

HTTP and HTTPS security

OneFS includes a configurable Hypertext Transfer Protocol (HTTP) service. Use HTTP to request files that are stored on the
cluster and to interact with the web administration interface.
HTTP and HTTPS are disabled by default. To enable them, use the following commands:

isi http settings modify --service=enabled

isi http settings modify --https=true

NOTE: Set the file and directory permissions to allow HTTP or HTTPS to access them.

OneFS supports both HTTP and its secure variant, HTTPS. Each node in the cluster runs an instance of the Apache HTTP
Server to provide HTTP access. You can configure the HTTP service to run in different modes.
Both HTTP and HTTPS are supported for file transfer, but only HTTPS is supported for API calls. The HTTPS-only requirement
includes the web administration interface. OneFS supports a form of the web-based DAV (WebDAV) protocol that enables users
to modify and manage files on remote web servers. OneFS performs distributed authoring, but does not support versioning and
does not perform security checks. You can enable DAV in the web administration interface.

HTTP resources
You can retrieve and modify global HTTP configuration settings.

HTTP settings resource

Retrieve and modify global HTTP configuration settings.

Operation Method and URI

Retrieve global HTTP configuration settings. GET <cluster-ip:port>/platform/16/protocols/
http/settings

Modify global HTTP configuration settings. PUT <cluster-ip:port>/platform/16/protocols/

http/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. http/settings?describe

System configuration API 75

HTTP services settings resources
List or modify all HTTP services.

Operation Method and URI

List all HTTP services. GET <cluster-ip:port>/platform/16/protocols/
http/settings/services

Modify an HTTP service. PUT <cluster-ip:port>/platform/16/protocols/

http/settings/services

Get details of an HTTP service. GET <cluster-ip:port>/platform/16/protocols/

http/settings/services/<service>

Modify an HTTP service. PUT <cluster-ip:port>/platform/16/protocols/

http/settings/services/<service>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. http/settings/services?describe

HDFS security
Aside from what is contained in the OneFS PowerScale HDFS Reference Guide, the only additional security consideration is that
Cloudera Data Platform (CDP) Hadoop supports only secure URLs.

HDFS resources
You can retrieve, create, modify, or delete HDFS configurations and settings.

HDFS access zone settings resource

Modify or retrieve information about HDFS settings for a specified access zone. When no zone is specified, settings for the
system zone are returned or modified.

Operation Method and URI

Retrieve access zone HDFS settings. GET <cluster-ip:port>/platform/16/protocols/
hdfs/settings

Modify access zone HDFS settings. PUT <cluster-ip:port>/platform/16/protocols/

hdfs/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/settings?describe

HDFS global settings resource

Modify or retrieve information about global HDFS settings.

Operation Method and URI

Retrieve the global HDFS settings. GET <cluster-ip:port>/platform/16/protocols/
hdfs/settings/global

Modify the global HDFS settings. PUT <cluster-ip:port>/platform/16/protocols/

hdfs/settings/global

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/settings/global?describe

76 System configuration API

HDFS racks resource
Create, modify, delete, or retrieve information about HDFS racks.

Operation Method and URI

Retrieve all HDFS racks. GET <cluster-ip:port>/platform/16/protocols/
hdfs/racks

Create an HDFS rack. POST <cluster-ip:port>/platform/16/

protocols/hdfs/racks

Get an HDFS rack. GET <cluster-ip:port>/platform/16/protocols/

hdfs/racks/<rack ID>

Modify an HDFS rack. PUT <cluster-ip:port>/platform/16/protocols/

hdfs/racks/<rack ID>

Delete an HDFS rack. DELETE <cluster-ip:port>/platform/16/

protocols/hdfs/racks/<rack ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/racks?describe
GET <cluster-ip:port>/platform/16/protocols/
hdfs/racks/<rack ID>?describe

HDFS proxy users resource

Create, delete, or retrieve information about HDFS proxy users.

Operation Method and URI

Retrieve all HDFS proxy users. GET <cluster-ip:port>/platform/16/protocols/
hdfs/proxyusers

Retrieve an HDFS proxy user. GET <cluster-ip:port>/platform/16/protocols/

hdfs/proxyusers/<NAME>

Create an HDFS proxy user. POST <cluster-ip:port>/platform/16/

protocols/hdfs/proxyusers/ or
PUT <cluster-ip:port>/platform/16/protocols/
hdfs/proxyusers/<NAME>

Delete an HDFS proxy user. DELETE <cluster-ip:port>/platform/16/

protocols/hdfs/proxyusers/<NAME>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/proxyusers?describe
GET <cluster-ip:port>/platform/16/protocols/
hdfs/proxyusers/<NAME>?describe

HDFS proxy users name members resource

Add, delete, or retrieve information about HDFS proxy user members.

Operation Method and URI

Get all members of the HDFS proxy users. GET <cluster-ip:port>/platform/16/protocols/
hdfs/proxyusers/<NAME>/members

Add a member to the HDFS proxy user. POST <cluster-ip:port>/platform/16/

protocols/hdfs/proxyusers/<NAME>/members/ or

System configuration API 77

Operation Method and URI
PUT <cluster-ip:port>/platform/16/protocols/
hdfs/proxyusers/<NAME>/members/<MEMBER>

Remove a member from the HDFS proxy user. DELETE <cluster-ip:port>/platform/16/

protocols/hdfs/proxyusers/<NAME>/members/
<MEMBER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/proxyusers/<NAME>/members?describe

HDFS log level resource

Retrieve or modify the HDFS service logging level for a node.

Operation Method and URI

Retrieve the HDFS logging level. GET <cluster-ip:port>/platform/16/protocols/
hdfs/log-level

Modify the HDFS logging level. PUT <cluster-ip:port>/platform/16/protocols/

hdfs/log-level

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/log-level?describe

HDFS Apache Ranger plug-in settings resource

Retrieve and modify the HDFS Apache Ranger plug-in properties.

Operation Method and URI

Retrieve the HDFS Range plug-in properties. GET <cluster-ip:port>/platform/16/protocols/
hdfs/ranger-plugin/settings

Modify the HDFS Range plug-in properties. PUT <cluster-ip:port>/platform/16/protocols/

hdfs/ranger-plugin/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/ranger-plugin/settings?describe

HDFS crypto settings resource

List or modify HDFS crypto settings.

Operation Method and URI

List HDFS crypto settings. GET <cluster-ip:port>/platform/16/protocols/
hdfs/crypto/settings

Modify HDFS crypto settings. PUT <cluster-ip:port>/platform/16/protocols/

hdfs/crypto/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/crypto/settings?describe

78 System configuration API

HDFS crypto encryption zones resource
List encryption zones, or turn an empty directory into an encryption zone.

Operation Method and URI

List HDFS encryption zones. GET <cluster-ip:port>/platform/16/protocols/
hdfs/crypto/encryption-zones

Create an HDFS encryption zone. POST <cluster-ip:port>/platform/16/

protocols/hdfs/crypto/encryption-zones

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. hdfs/crypto/encryption-zones?describe

HDFS API examples

You can see examples for some HDFS API requests.

Create an HDFS rack

You can create an HDFS rack.

Request example
Put a forward slash (/) before the rack name.

POST /platform/16/protocols/hdfs/racks
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"name":"/racktest"
}

Response example

201 Created
Content-type: application/json

{
"id" : "1-5-21-4224731515-2571109568-2823010237-1003"
}

Modify an HDFS rack

You can modify the properties for an HDFS rack.

Request example
Put a forward slash (/) before the rack name. In the URL, replace the forward slash with the escape character %2F.

PUT /platform/16/protocols/hdfs/racks/%2Fracktest

Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"name":"/rack2test"
}

System configuration API 79

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Modify global HDFS settings

You can modify the properties of global HDFS settings. This example enables the HDFS service.

Request example

PUT /platform/16/protocols/hdfs/settings/global
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"service_enabled":true
hdfs-acl-enabled:true
hadoop-version-3-or-later:true
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Modify access zone HDFS settings

You can modify the properties for access zone HDFS settings. Specify the access zone in the URI.

Request example

PUT /platform/16/protocols/hdfs/settings?zone=MyZone
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"default_checksum_type":"crc32"
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Create HDFS proxy users

Create an HDFS proxy user.

Request example

POST /platform/16/protocols/hdfs/proxyusers
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

80 System configuration API

 {"name":"proxy_user_test"}

Response example

201 Created
Content-type: application/json

You can also create an HDFS proxy user through the PUT method.

Request example

PUT /platform/16/protocols/hdfs/proxyusers/proxy_user_test
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{}

Response example

204 No Content
Content-type: text/plain

Create HDFS proxy user member

Create an HDFS proxy user member.

Request example

POST /platform/16/protocols/hdfs/proxyusers/proxy_user_test/members
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"name":"proxy_user_member_test"}

Response example

201 Created
Content-type: application/json

You can also create an HDFS proxy user member through the PUT method.

Request example

PUT /platform/16/protocols/hdfs/proxyusers/proxy_user_test/members/
USER:proxy_user_member_test
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{}

Response example

204 No Content
Content-type: text/plain

OpenStack Swift
OneFS supports OpenStack Swift, an object storage interface compatible with the OpenStack Swift 1.0 Application
Programming Interface (API). Through OpenStack Swift, you can access file-based data that is stored on your cluster as

System configuration API 81

objects. The Swift API is implemented as a set of Representational State Transfer (REST) web services over HTTP or
secure HTTP (HTTPS). Since the Swift API is considered as a protocol, content and metadata can be ingested as objects
and concurrently accessed through protocols that are configured on the cluster. The cluster requires a licensed to support
OpenStack Swift.
NOTE: Support for OpenStack Swift will be removed for OneFS in a future release. Dell Technologies recommends using
the OneFS S3 protocol support instead. See KB#542999 for more information.
The OpenStack Swift protocol service is a licensed feature. Contact your Dell Technologies representative to obtain a license
key to access the Swift protocol and RESTful APIs for object storage operations.

Swift resources
You can list, create, modify, or delete Swift account information.

Swift accounts resource

List, modify, create, or delete Swift accounts.

Operation Method and URI

List all Swift accounts. GET <cluster-ip:port>/platform/16/protocols/swift/
accounts

List a specific Swift account. GET <cluster-ip:port>/platform/16/protocols/swift/

accounts/<ACCOUNT>

Create a Swift account. POST <cluster-ip:port>/platform/16/protocols/swift/

accounts

Modify a Swift account. PUT <cluster-ip:port>/platform/16/protocols/swift/

accounts/<ACCOUNT>

Delete a Swift account. DELETE <cluster-ip:port>/platform/16/protocols/swift/

accounts/<ACCOUNT>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/swift/

resource, which has information about query accounts?describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/protocols/swift/
accounts/<ACCOUNT>?describe

Networking
After you determine the topology of your network, you can set up and manage your internal and external networks.
There are two types of networks on the PowerScale cluster:

Internal Nodes communicate with each other using a high-speed low latency InfiniBand network. You can
optionally configure a second Ethernet or InfiniBand network to enable failover for redundancy.
External Clients connect to the cluster through the external network with Ethernet. The cluster supports standard
network communication protocols, including NFS, SMB, HDFS, HTTP, and FTP. The cluster includes
various external Ethernet connections, providing flexibility for a wide variety of network configurations.

Network resources
List, create, modify, or delete information specific to OneFS networks.

82 System configuration API

Network external resource
View or modify external network settings.

Operation Method and URI

View external network settings. GET <cluster-ip:port>/platform/16/network/
external

Modify external network settings. PUT <cluster-ip:port>/platform/16/network/

external

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. external?describe

Network subnets resource

List OneFS network subnets.

Operation Method and URI

List OneFS network subnets. GET <cluster-ip:port>/platform/16/network/
subnets

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. subnets?describe

Network DNS cache resource

View or modify network DNS cache settings.

Operation Method and URI

View DNS cache settings. GET <cluster-ip:port>/platform/16/network/
dnscache

Modify DNS cache settings. PUT <cluster-ip:port>/platform/16/network/

dnscache

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. dnscache?describe

Network DNS cache flush resource

Flush the DNS cache.

Operation Method and URI

Flush the DNS cache. POST <cluster-ip:port>/platform/16/network/
dnscache/flush

View the detailed JSON schema for this resource, which has GET<cluster-ip:port>/platform/16/network/
information about query parameters and object properties. dnscache/flush?describe

System configuration API 83

Network interfaces resource
List OneFS network interfaces. The /network/interfaces API shows you the live status of the interfaces, allowing you to
monitor or view the status of the network interfaces within your PowerScale cluster. Using the API, you can find information
regarding the overall status, VLAN status, what IPs belong to which network pools, and more.

Operation Method and URI

List all OneFS network interfaces. GET <cluster-ip:port>/platform/16/network/
interfaces

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. interfaces?describe

Request query parameters

View the various query parameters for network interface API requests.

Query Parameter Accepted Values Description Example

lnn Integer Filter the list of Network GET /12/
interfaces to the interfaces network/interfaces?
belonging to the specified lnns lnn=1&lnn=2
type Enum Filter the returned IPs GET /12/
● static and owners by specifying network/interfaces?
the required IP type. To type=network_pool_ips
● dynamic
get similar results to past
● smartconnect_service versions of this API, use
● ipv6_link_local network_pool_ips as it
● internal returns only IPs from Network
● network_pool_ips Pools
● all
The default query returns
all non IPv6 Link Local
IPs.

owner String Filter by the specified owner GET /12/

ID which can be an exact network/interfaces?
match, or a partial match. An owner=subnet0.pool0
exact match is an identifier
such as GET /12/network/
groupnet0.subnet0.poo interfaces?
l0, while a partial match is owner=groupnet0.subne
'groupnet0.subnet0'. Partial t.pool0
match includes the following
in the output: GET /12/
● groupnet0.subnet0.p network/interfaces?
ool0 owner=groupnet0
● other pools in the subnet
● SmartConnect Service IPs
configured in the subnet
network Enum Allows for specifying which GET /12/
● all network to filter results by network/interfaces?
● external (DEFAULT) network=external
● internal
cache Enum /12/network/ GET /12/network/
● cache-only interfaces by default interfaces?cache=no-
● no-cache attempts to gather cache
● nodes-first (DEFAULT) live results from
nodes to reply to requests.
As this is not wanted, this

84 System configuration API

Query Parameter Accepted Values Description Example
query parameter allows the
caller to specify the behavior.
cache-only: Fetches
results that are cached
Cached results are unable to
display:
● Mtu
● Gateway information
● SmartConnect Service IPs
● IPv6 Link Local IPs
no-cache: Returns results
from nodes that give
responses. If there is no
response from a node, an
error occurs in the errors
array.
nodes-first: Queries
nodes, and on failure falls
back to grab results from the
cache

include_vlans Boolean. If you do not want to see any GET /12/

VLAN results in the output, network/interfaces?
Default: true
setting this parameter to false include_vlans=false
filters out any VLANs
vlan_id Integer If you want to view VLANs GET /12/
of a certain VLAN ID, network/interfaces?
this parameter allows you vlan_id=101
to filter the list down to
the specified VLAN ID. The
physical interface the VLAN is
configured on, is returned.

Network interfaces examples

View examples regarding selective network interface API requests.

Request example

GET /platform/12/network/interfaces?
lnn=1&type=network_pool_ips&owner=groupnet0.subnet0.pool0 HTTP/1.1
Host: <CLUSTER_IP>:8080
User-Agent: curl/7.73.0
Accept: */*

* Mark bundle as not supporting multiuse

HTTP/1.1 200 Ok
Date: Fri, 26 Feb 2021 17:20:55 GMT
Server: Apache
Allow: GET, HEAD
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;
Transfer-Encoding: chunked
Content-Type: application/json

Response example

{
"errors" : null,

System configuration API 85

 "interfaces" :
[

{
"flags" : [ "ACCEPT_ROUTER_ADVERT" ],
"id" : "1:ext-1",
"ip_addrs" : [ "<IP>" ],
"ipv4_gateway" : "<IP>",
"ipv6_gateway" : "<IP>",
"lnn" : 1,
"mtu" : 1500,
"name" : "ext-1",
"nic_name" : "em1",
"owners" :
[

{
"access_zone" : "System",
"groupnet" : "groupnet0",
"id" : "groupnet0.subnet0.pool0",
"ip_addrs" : [ "<IP>" ],
"pool" : "pool0",
"subnet" : "subnet0",
"type" : "static",
"vlan_id" : null
}
],
"status" : "up",
"type" : "gige",
"vlans" : []
}
],
"resume" : null,
"total" : 1
}

Network pools resource

List OneFS network pools.

Operation Method and URI

List OneFS network pools. GET <cluster-ip:port>/platform/16/network/
pools

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. pools?describe

Network rules resource

List OneFS network rules.

Operation Method and URI

List OneFS network rules. GET <cluster-ip:port>/platform/16/network/
rules

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. rules?describe

86 System configuration API

Network SmartConnect rebalance all IP resource
Rebalance IP addresses in all pools.

Operation Method and URI

Rebalance IP addresses in all pools. POST <cluster-ip:port>/platform/16/network/
sc-rebalance-all

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. sc-rebalance-all?describe

Network groupnets resource

List, create, modify, or delete OneFS network groupnets.

Operation Method and URI

List all groupnets. GET <cluster-ip:port>/platform/16/network/
groupnets

View a specific groupnet. GET <cluster-ip:port>/platform/16/network/

groupnets/<GROUPNET>

Create a groupnet. POST <cluster-ip:port>/platform/16/network/

groupnets

Modify a groupnet. PUT <cluster-ip:port>/platform/16/network/

groupnets/<GROUPNET>

Delete a groupnet. DELETE <cluster-ip:port>/platform/16/

network/groupnets/<GROUPNET>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets?describe
GET <cluster-ip:port>/platform/16/network/
groupnets/<GROUPNET>?describe

Network groupnets subnets resource

List, create, modify, or delete OneFS network subnets.

Operation Method and URI

List all subnets. GET <cluster-ip:port>/platform/16/network/
groupnets/<groupnet>/subnets

View a specific subnet. GET <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>

Create a subnet. POST <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets

Modify a subnet. PUT <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>

Delete a groupnet. DELETE <cluster-ip:port>/

platform/16/network/groupnets/<groupnet>/
subnets/<subnet>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets/<groupnet>/subnets?describe
GET <cluster-ip:port>/
platform/16/network/groupnets/<groupnet>/
subnets/<subnet>?describe

System configuration API 87

Network groupnets subnets pools resource
Retrieve, create, modify, or delete OneFS network pools.

Operation Method and URI

Retrieve all pools. GET <cluster-ip:port>/platform/16/network/
groupnets/<groupnet>/subnets/<subnet>/pools

Get network pool status GET <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/status

View a specific subnet pool. GET <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>

Create a pool. POST <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets<subnet>/pools

Modify a pool. PUT <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>

Delete a pool. DELETE <cluster-ip:port>/

platform/16/network/groupnets/<groupnet>/
subnets/<subnet>/pools/<pool>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets/<groupnet>/subnets/<subnet>/pools?
describe
GET <cluster-ip:port>/platform/16/network/
groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>?describe

Network groupnets subnets pools interfaces resource

List OneFS network interfaces within a pool.
NOTE:

In OneFS 9.2, this functionality has been merged into the /12/network/interfaces API. This endpoint will no longer
receive new functionality. To upgrade to /12/network/interfaces from this API, replace:

/7/network/groupnets/<GROUPNET>/subnets/<SUBNET>/pools/<POOL>/interfaces

with
/12/network/interfaces?owner=<GROUPNET>.<SUBNET>.<POOL>

Operation Method and URI

List all OneFS network interfaces within a pool. GET <cluster-ip:port>/platform/7/network/
groupnets/<GROUPNET>/subnets/<SUBNET>/pools/
<POOL>/interfaces

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/7/network/
information about query parameters and object properties. groupnets/<GROUPNET>/subnets/<SUBNET>/pools/
<POOL>/interfaces?describe

88 System configuration API

Network groupnets subnets pools rebalance IP resource
Rebalance IP addresses in a specified pool.

Operation Method and URI

Rebalance IP addresses in a specified pool. POST <cluster-ip:port>/platform/16/network/
groupnets/<GROUPNET>/subnets<SUBNET>/pools/
<POOL>/rebalance-ips

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets/<GROUPNET>/subnets/<SUBNET>/pools/
<POOL>/rebalance-ips?describe

Network groupnets subnets pools rules resource

List, create, modify, or delete OneFS network rules within a pool.

Operation Method and URI

List all OneFS network rules within a pool. GET <cluster-ip:port>/platform/16/network/
groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/rules

View a specific OneFS network rule within a pool. GET <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/rules/<name>

Create a OneFS network rule within a pool. POST <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets<subnet>/pools/
<pool>/rules

Modify a OneFS network rule within a pool. PUT <cluster-ip:port>/platform/16/network/

groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/rules/<name>

Delete a OneFS network rule within a pool. DELETE <cluster-ip:port>/

platform/16/network/groupnets/<groupnet>/
subnets/<subnet>/pools/<pool>/rules/<name>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/rules?describe
GET <cluster-ip:port>/platform/16/network/
groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/rules/<name>?describe

Network groupnets subnets pools SmartConnect suspend nodes resource

Suspend SmartConnect DNS query responses for a list of nodes.

Operation Method and URI

Suspend SmartConnect DNS query responses for a list of POST <cluster-ip:port>/platform/16/network/
nodes. groupnets/<groupnet>/subnets<subnet>/pools/
<pool>/sc-suspend-nodes

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/sc-suspend-nodes?describe

System configuration API 89

Network groupnets subnets pools SmartConnect resume nodes resource
Resume SmartConnect DNS query responses for a list of nodes.

Operation Method and URI

Resume SmartConnect DNS query responses for a list of POST <cluster-ip:port>/platform/16/network/
nodes. groupnets/<groupnet>/subnets<subnet>/pools/
<pool>/sc-resume-nodes

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. groupnets/<groupnet>/subnets/<subnet>/pools/
<pool>/sc-resume-nodes?describe

Host-based firewall
The OneFS host-based firewall controls inbound traffic on the front-end network. You can enable default global firewall policies
that provide basic protection on the OneFS default ports. You can create custom policies and custom rules that define a firewall
for your specific network management and security requirements.

Host-based firewall resources

List, create, and modify host-based firewall rules and policies.
The following privileges are required to read or modify the host-based firewall configuration:
● ISI_PRIV_FIREWALL Write permission to modify firewall configuration.
● ISI_PRIV_FIREWALL Read permission to read firewall configuration.

Host-based firewall policy resources

List, create, and modify firewall policies.

Operation Method and URI

Display the global configuration for firewall service. GET <cluster-ip:port>/platform/16/network/
firewall/settings

Enable/disable firewall. PUT <cluster-ip:port>/platform/16/network/

firewall/settings

Reset all global policies to default. POST <cluster-ip:port>/platform/16/network/

firewall/reset-global-policy

List default services built into default global policies. GET <cluster-ip:port>/platform/16/network/
firewall/services

View a firewall policy. GET <cluster-ip:port>/platform/16/network/

firewall/policies/<policy ID>

List all firewall policies. GET <cluster-ip:port>/platform/16/network/

firewall/policies

Create a firewall policy. POST <cluster-ip:port>/platform/16/network/

firewall/policies

Modify a firewall policy. PUT <cluster-ip:port>/platform/16/network/

firewall/policies/<policy ID>

Delete a firewall policy. DELETE <cluster-ip:port>/platform/16/

network/firewall/policies/<policy ID>

Add a rule into firewall policy. POST <cluster-ip:port>/platform/16/network/

firewall/policies/<policy ID>/rules

90 System configuration API

Operation Method and URI
Clone an existing policy and its rules. PUT <cluster-ip:port>/platform/16/network/
firewall/policies/<existing policy ID>/
clone/<New policy name>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. firewall?describe

Host-based firewall rule resources

List, create, and modify firewall rules.

Operation Method and URI

Modify a rule in firewall policy. PUT <cluster-ip:port>/platform/16/network/
firewall/policies/<policy ID>/rule/<rule ID>

Delete a rule from firewall policy. DELETE <cluster-ip:port>/platform/16/

network/firewall/policies/<policy ID>/rules/
<rule ID>

View a firewall rule. GET <cluster-ip:port>/platform/16/network/

firewall/policies/<policy ID>/rules/<rule
ID>

List all rules that are defined for both global and custom GET <cluster-ip:port>/platform/16/network/
policies. firewall/rules

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. firewall?describe

Apply host-based firewall policy resources

Apply firewall policy to network pool or network subnet. Each policy has its membership with network subnets and pools. When
a network pool is added into a policy's members, that policy is applied to that network pool.

Operation Method and URI

Apply a network policy to network pool. PUT <cluster-ip:port>/platform/16/network/
firewall/policies/<policy ID>/pools/
<pool_1ID, pool2_2ID>

Apply a network policy to network subnet. PUT <cluster-ip:port>/platform/16/network/

firewall/policies/<policy ID>/subnet/
<subnet_1ID,subnet_2ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/network/
information about query parameters and object properties. firewall?describe

IPMI remote power

The intelligent platform management interface (IPMI) lets you issue remote power control commands and serial over LAN (SOL)
functionality for platforms that support it. The baseboard management controller local area network (BMC LAN) manages IPMI
request messages. Allocated network IP addresses, either static or DHCP, are required for the BMC LAN channel.

IMPI configuration features resources

Retrieve, create, modify, or delete remote IPMI configurations and settings.

System configuration API 91

IPMI feature configuration resource
Retrieve detailed information about all IPMI features, retrieve feature configuration, and set feature configuration.

Operation Method and URI

Retrieve feature information. GET <cluster-ip:port>/platform/16/ipmi/
config/features

Retrieve a feature configuration. GET <cluster-ip:port>/platform/16/ipmi/

config/features/<FEATURE>

Modify a feature configuration. PUT <cluster-ip:port>/platform/16/ipmi/

config/features/<FEATURE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/ipmi/
information about query parameters and object properties. config/features?describe
GET <cluster-ip:port>/platform/16/ipmi/
config/features/<FEATURE>?describe

IPMI configuration network resources

Retrieve and modify the static network configuration.

Operation Method and URI

Retrieve the static network configuration. GET <cluster-ip:port>/platform/16/ipmi/
config/network

Modify the static network configuration. PUT <cluster-ip:port>/platform/16/ipmi/

config/network

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/ipmi/
information about query parameters and object properties. config/network?describe

IPMI configuration nodes

Retrieve the remote IPMI management nodes configuration and the configuration of a specific node.

Operation Method and URI

Retrieve the configuration of all nodes. GET <cluster-ip:port>/platform/16/ipmi/
config/nodes

Retrieve the configuration of a specific node. GET <cluster-ip:port>/platform/16/ipmi/

config/nodes/<LNN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/ipmi/
information about query parameters and object properties. config/nodes?describe
GET <cluster-ip:port>/platform/16/ipmi/
config/nodes/<LNN>?describe

IPMI configuration settings resource

Retrieve and modify remote IPMI management configuration settings.

Operation Method and URI

Retrieve the remote IPMI management configuration settings. GET <cluster-ip:port>/platform/16/ipmi/
config/settings

Modify the remote IPMI management configuration settings. PUT <cluster-ip:port>/platform/16/ipmi/

config/settings

92 System configuration API

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/ipmi/
information about query parameters and object properties. config/settings?describe

IPMI configuration user resources

Retrieve and modify the remote IPMI management user.

Operation Method and URI

Retrieve the remote IPMI management user. GET <cluster-ip:port>/platform/16/ipmi/
config/user

Modify the remote IPMI management user. PUT <cluster-ip:port>/platform/16/ipmi/

config/user

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/ipmi/
information about query parameters and object properties. config/user?describe

System jobs overview

The most critical function of OneFS is maintaining the integrity of data on your PowerScale cluster. Other important system
maintenance functions include monitoring and optimizing performance, detecting and mitigating drive and node failures, and
freeing up available space.
Maintenance functions use system resources and can take hours to run. This section describes the system maintenance
functions, called jobs, that are managed by the Job Engine. Jobs run in the background.
NOTE: Job Engine does not manage all maintenance function jobs: system components such as SyncIQ and CloudPools
manage some maintenance functions. For example, SyncIQ creates jobs to synchronize source and target content, and
CloudPools creates jobs to upload and download data to and from the cloud.
The time that it takes for a job to run can vary depending on several factors, including:
● Other system jobs that are running.
● Other processes that are taking up CPU and I/O cycles while the job is running.
● The configuration of your cluster
● The size of your dataset
● How long since the last iteration of the job was run.
It is recommended that you have no more than three jobs running simultaneously.
Job Engine evaluates jobs to enable higher priority jobs and administrator tasks to proceed. Job evaluation includes:
● Ensuring that jobs that have the same exclusion sets do not run simultaneously.
● Running jobs at different priority and impact levels
● Temporarily suspending jobs (with no loss of progress)
● How balanced your diskpools are
● How much free space is left in your cluster
If a power failure occurs, the Job Engine checkpoint system resumes jobs as close as possible to the point at which they were
interrupted. The checkpoint system monitors the tasks in the current job phase until they are completed. When the cluster is
back up and available, Job Engine resumes the job phase from the last checkpoint.
As system administrator, through the Job Engine service, you can monitor, schedule, run, terminate, and apply other controls
to system maintenance jobs. The Job Engine provides statistics and reporting tools that you can use to determine how long
different system jobs take to run in your OneFS environment.

NOTE: To initiate any Job Engine tasks, you must have the role of SystemAdmin in the OneFS system.

System configuration API 93

Maintenance job resources
You can enable or disable the maintenance mode of a system.

Operation Method and URI

Determine if maintenance mode is enabled or disabled. GET /platform/16/event/maintenance

List the maintenance mode history. GET /platform/16/event/maintenance?

history=true

Enable or disable maintenance mode. PUT /platform/16/event/maintenance

View the detailed JSON schema for this resource, which has GET /platform/16/event/maintenance?describe
information about query parameters and object properties.

System job resources

You can retrieve, create, modify, or delete system job settings and configurations.

Jobs resource
Modify, create, or retrieve information about OneFS system jobs.

Operation Method and URI

Retrieve information about all system jobs. GET /platform/16/job/jobs

Retrieve information about a system job. GET /platform/16/job/jobs/<JID>

Create a system job. POST /platform/16/job/jobs

Modify a system job. PUT /platform/16/job/jobs/<JID>

View the detailed JSON schema for this resource, which has GET /platform/16/job/jobs?describe
information about query parameters and object properties.
GET /platform/16/job/jobs/<JID>?describe

Job types resource

Modify or retrieve information about system job types.

Operation Method and URI

Retrieve all system job types. GET <cluster-ip:port>/platform/16/job/types

Retrieve a system job type. GET <cluster-ip:port>/platform/16/job/types/

<NAME>

Modify a system job type. PUT <cluster-ip:port>/platform/16/job/type/

<NAME>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/types?
information about query parameters and object properties. describe

Job policies resource

Create, modify, delete, or retrieve information about job impact policies.

Operation Method and URI

Get all job impact policies. GET <cluster-ip:port>/platform/16/job/
policies

94 System configuration API

Operation Method and URI
Get a job impact policy. GET <cluster-ip:port>/platform/16/job/
policies/<NAME>

Create a job impact policy. POST <cluster-ip:port>/platform/16/job/

policies

Modify a job impact policy. PUT <cluster-ip:port>/platform/16/job/

policies/<NAME>

Delete a job impact policy. DELETE <cluster-ip:port>/platform/16/job/

policies/<NAME>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/
information about query parameters and object properties. policies?describe

Job reports resource

Retrieve information about system job reports.

Operation Method and URI

View all job reports. GET <cluster-ip:port>/platform/16/job/
reports

View a specific job report. GET <cluster-ip:port>/platform/16/job/

reports/<JID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/
information about query parameters and object properties. reports?describe
GET <cluster-ip:port>/platform/16/job/
reports/<JID>?describe

Job summary resource

View job engine status.

Operation Method and URI

View job engine status. GET <cluster-ip:port>/platform/16/job/job-
summary

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/job-
information about query parameters and object properties. summary?describe

Job events resource

Retrieve information about system job events.

Operation Method and URI

Get information about job events. GET <cluster-ip:port>/platform/16/job/events

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/
information about query parameters and object properties. events?describe

System configuration API 95

Job statistics resource
Retrieve statistics about system jobs and workers across the cluster.

Operation Method and URI

Retrieve system job statistics. GET <cluster-ip:port>/platform/16/job/
statistics

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/
information about query parameters and object properties. statistics?describe

Job recent resource

List recently completed jobs.

Operation Method and URI

List recently completed jobs. GET <cluster-ip:port>/platform/16/job/recent

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/job/
information about query parameters and object properties. recent?describe

System job API examples

You can see examples for some system job API calls.

Modify a job type

You can modify a system job type.

Request example

PUT /platform/16/job/types/AVScan
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'policy': 'MEDIUM',
'enabled': True
}

Response example

204 No Content
Content-type: 'text/plain',
Allow: 'GET, PUT, HEAD'

Create a job policy

You can create a system job policy.

Request example

POST /platform/16/job/policies
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'intervals': [
{

96 System configuration API

 'impact': 'High',
'begin': 'Tuesday 00:00',
'end': 'Thursday 23:59'}
],
'name': 'myPolicy',
'description': 'Custom policy'
}

Response example

201 CREATED
Content-type: application/json,
Allow: 'GET, PUT, POST, DELETE'

{
'id': 'myPolicy'
}

Modify a job policy

You can retrieve modify a system job policy.

Request example

PUT /platform/16/job/policies/myPolicy
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'intervals': [
{
'impact': 'Medium',
'begin': 'Tuesday 00:00',
'end': 'Thursday 23:59'}
],
'description': 'Custom policy - medium impact Tuesday through Thursday'
}

Response example

204 No Content
Content-type: 'text/plain',
Allow: 'GET, PUT, POST, DELETE, HEAD'

Start a new system job

You can queue a new instance of a job to run after the current job is done.

Request example

POST /platform/16/job/jobs
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'type': 'AVScan',
'allow_dup': True
}

Response example

201 CREATED
Content-type: application/json,

System configuration API 97

 Allow: 'GET, PUT, POST, HEAD'

{
"id": 1234
}

Modify a system job

You can modify, cancel, pause, or resume a running system job.

Request example

PUT /platform/16/job/jobs/AVScan
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'state': 'pause'
}

Response example

204 No Content
Content-type: 'text/plain',
Allow: 'GET, PUT, POST, HEAD'

Cluster statistics
You can view performance, historical, and in-depth usage statistics for your PowerScale cluster, and control the output for each
mode of statistics reporting.

Statistics resources
You can retrieve information about OneFS statistics through the following resources.

Statistics current resource

Query OneFS current statistics. These statistics are the most current metrics at the time of the request. For a list of
available statistics keys with descriptions, see the <cluster-ip:port>/platform/<version>/statistics/keys or
<cluster-ip:port>/platform/<version>/statistics/keys/<key> resources.

Operation Method and URI

Retrieve all current statistics. GET <cluster-ip:port>/platform/16/
statistics/current

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/current?describe

Statistics keys resource

Retrieve metadata for matching statistics keys.

Operation Method and URI

Retrieve all statistic keys. GET <cluster-ip:port>/platform/16/
statistics/keys

98 System configuration API

Operation Method and URI
Retrieve a statistics key. GET <cluster-ip:port>/platform/16/
statistics/keys/<KEY>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/keys?describe
GET <cluster-ip:port>/platform/16/
statistics/keys/<key>?describe

Statistics history resource

Query OneFS time-series statistics over custom time ranges. Not all statistics have time-series that are enabled. For
those statistics with time-series enabled, the full extent of the requested time range may not be available due to
configuration or system uptime. For a list of available statistics keys with descriptions, see the <cluster-ip:port>/
platform/<version>/statistics/keys or <cluster-ip:port>/platform/<version>/statistics/keys/
<key> resources. These resources also describe available history policies for each key.

Operation Method and URI

Retrieve all statistics history. GET <cluster-ip:port>/platform/16/
statistics/history

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/history?describe

Statistics operations resource

List all operations that are implemented for protocol and client statistics on a OneFS cluster.

Operation Method and URI

List all statistics operations. GET <cluster-ip:port>/platform/16/
statistics/operations

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/operations?describe

Statistics protocols resource

Return a list of protocol and client statistics for OneFS.

Operation Method and URI

Get all protocols. GET <cluster-ip:port>/platform/16/
statistics/protocols

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/protocols?describe

Statistics summary client resource

Display OneFS cluster usage statistics that are sorted by cluster hosts and users.

Operation Method and URI

Display cluster usage statistics that are sorted by cluster GET <cluster-ip:port>/platform/16/
hosts and users. statistics/summary/client

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/client?describe

System configuration API 99

Statistics summary drive resource
Display OneFS performance statistics by drive.

Operation Method and URI

Display performance statistics by drive. GET <cluster-ip:port>/platform/16/
statistics/summary/drive

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/drive?describe

Statistics summary heat resource

List OneFS files and directories that are considered the busiest, or hottest, sorted by various performance-related factors.

Operation Method and URI

Display the busiest, or hottest, OneFS files and directories. GET <cluster-ip:port>/platform/16/
statistics/summary/heat

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/heat?describe

Statistics summary protocol resource

Display cluster usage statistics sorted by protocol.

Operation Method and URI

Display cluster usage statistics sorted by protocol. GET <cluster-ip:port>/platform/16/
statistics/summary/protocol

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/protocol?describe

Statistics summary protocol stats resource

Display detailed statistics about protocol usage, and OneFS, CPU, network, and disk statistics.

Operation Method and URI

Display detailed statistics about protocol usage. GET <cluster-ip:port>/platform/16/
statistics/summary/protocol-stats

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/protocol-stats?describe

Statistics summary system resource

Display general cluster statistics, including operation rates for all supported protocols, and network and disk traffic in kilobytes
per second.

Operation Method and URI

Display general cluster statistics. GET <cluster-ip:port>/platform/16/
statistics/summary/system

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/system?describe

100 System configuration API

Statistics summary workload resource
This resource summarizes statistics about system processes and jobs.

Operation Method and URI

Retrieve statistics about system processes and jobs. GET <cluster-ip:port>/platform/16/
statistics/summary/workload

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/workload?describe

FSA
The FS Analyze job gathers and reports information about all files and directories beneath the /ifs path. This job requires you to
activate an InsightIQ license. You can use reports from this job to analyze the OneFS file system.
For more information, see the Isilon InsightIQ User Guide.

FSA resources
Retrieve, create, modify, or delete FSAnalyze (FSA) job-related configurations and settings.

FSA path resource

Retrieves the path to mount to access the results of the FS Analyze (FSA) job. Creates the FSA export rule if it does not
previously exist.

Operation Method and URI

Retrieve export path as plain text. GET <cluster-ip:port>/platform/16/fsa/path

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/path?
information about query parameters and object properties. describe

FSA index resource

This resource exposes all the FSA index tables available on a PowerScale cluster.

NOTE: To specify a LIN, use decimal format.

Operation Method and URI

List all the FSA index table names available on a PowerScale GET <cluster-ip:port>/platform/16/fsa/index
cluster.
List index entries from the given index table. GET <cluster-ip:port>/platform/16/fsa/index/
<NAME>/lins

List a single index entry from the index table. GET <cluster-ip:port>/platform/16/fsa/index/
<NAME>/lins/<LIN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/index?
information about query parameters and object properties. describe
GET <cluster-ip:port>/platform/16/fsa/index/
<NAME>/lins?describe

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/index/
information about query parameters and object properties. <NAME>/lins/<LIN>?describe

System configuration API 101

FSA results resource
List all FSA job result sets, or list, modify, or delete individual result sets.
Specifying 0 (zero) as the RESULT-SET-ID acts on the latest result set.

Operation Method and URI

List all FSA job result sets. GET <cluster-ip:port>/platform/16/fsa/
results

List individual FSA job result set. GET <cluster-ip:port>/platform/16/fsa/

results/<RESULT-SET-ID>

Modify the pinned property for an FSA job result set. PUT <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>

Delete an FSA job result set. DELETE <cluster-ip:port>/platform/16/fsa/

results/<RESULT-SET-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/
information about query parameters and object properties. results?describe
GET <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>?describe

FSA pool usage for a directory resource

Retrieve pool usage information for the directory that is specified by the query path argument or the directory that is specified
by the logical inode number (LIN) parameter.

NOTE: To specify a LIN, use decimal format.

Operation Method and URI

Retrieve pool usage information for the directory specified by GET <cluster-ip:port>/platform/16/fsa/
the query path argument. results/<RESULT-SET-ID>/dir_pool_usage

Retrieve results directory information for the directory GET <cluster-ip:port>/platform/16/fsa/

specified by the LIN. results/<RESULT-SET-ID>/dir_pool_usage/<LIN>

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/fsa/results/
<RESULT-SET-ID>/dir_pool_usage?describe
GET <cluster-
ip:port>/platform/16/fsa/results/<RESULT-
SET-ID>/dir_pool_usage/<LIN>?describe

FSA results directories resource

Retrieve results directory information for the directory that is specified by the query path argument or the directory that is
specified by the logical inode number (LIN) parameter.

NOTE: To specify a LIN, use decimal format.

Operation Method and URI

Retrieve results directory information for the directory GET <cluster-ip:port>/platform/16/fsa/
specified by the query path argument. results/<RESULT-SET-ID>/directories

Retrieve results directory information for the directory GET <cluster-ip:port>/platform/16/fsa/

specified by the LIN. results/<RESULT-SET-ID>/directories/<LIN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/
information about query parameters and object properties. results/<RESULT-SET-ID>/directories?describe

102 System configuration API

Operation Method and URI
GET
<cluster-ip:port>/platform/16/fsa/results/
<RESULT-SET-ID>/directories/<LIN>?describe

FSA results histogram resource

Retrieve file count histograms that are sorted by the STAT or BREAKOUT parameter.

Operation Method and URI

Retrieve a histogram of file counts for an individual FSA result GET <cluster-ip:port>/platform/16/fsa/
set. results/<RESULT-SET-ID>/histogram
GET <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>/histogram/<STAT>

Retrieve a histogram breakout for an individual FSA result set. GET <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>/histogram/<STAT>/by
GET <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>/histogram/<STAT>/by/
<BREAKOUT>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/
information about query parameters and object properties. results/<RESULT-SET-ID>/histogram?describe
GET
<cluster-ip:port>/platform/16/fsa/results/
<RESULT-SET-ID>/histogram/<STAT>?describe
GET <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>/histogram/<STAT>/by?
describe
GET <cluster-ip:port>/platform/16/fsa/
results/<RESULT-SET-ID>/histogram/<STAT>/by/
<BREAKOUT>?describe

FSA results top directories resource

Retrieves the top directories according to the stat parameter.

Operation Method and URI

Retrieve top directories. GET <cluster-ip:port>/platform/16/fsa/
<result-set-id>/top-dirs

Retrieve top directories using query parameters. GET <cluster-ip:port>/platform/16/fsa/

<result-set-id>/top-dirs/<stat>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/
information about query parameters and object properties. <result-set-id>/top-dirs?describe
GET <cluster-ip:port>/platform/16/fsa/
<result-set-id>/top-dirs/<stat>?describe

System configuration API 103

FSA results top files resource
Retrieves the top files according to the STAT parameter.

Operation Method and URI

Retrieve top files. GET <cluster-ip:port>/platform/16/fsa/
<RESULT-SET-ID>/top-files

Retrieve top directories using query parameters. GET <cluster-ip:port>/platform/16/fsa/

<RESULT-SET-ID>/top-files/<STAT>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/
information about query parameters and object properties. <RESULT-SET-ID>/top-files?describe
GET <cluster-ip:port>/platform/16/fsa/
<RESULT-SET-ID>/top-files/<STAT>?describe

FSA settings resource

List or modify FSA settings, or revert FSA settings to their default values.

Operation Method and URI

List FSA settings. GET <cluster-ip:port>/platform/16/fsa/
settings

Modify FSA settings. PUT <cluster-ip:port>/platform/16/fsa/

settings

Revert FSA settings to their defaults. DELETE <cluster-ip:port>/platform/16/fsa/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/fsa/
information about query parameters and object properties. settings?describe

Events and alerts

Events are individual occurrences or conditions that are related to the data workflow, maintenance operations, and hardware
components of your cluster. An alert is a message that describes a change that has occurred in an event group.
Throughout OneFS, there are processes that are constantly monitoring and collecting information about cluster operations.
When the status of a component or operation changes, the change is captured as an event and placed into a priority queue at
the kernel level.
Every event has two ID numbers that help to establish the context of the event:
● The event type ID identifies the type of event that has occurred.
● The event instance ID is a unique number that is specific to a particular occurrence of an event type. When an event is
submitted to the kernel queue, an event instance ID is assigned. You can reference the instance ID to determine the exact
time that an event occurred.
You can view individual events. However, you manage events and alerts at the event group level.
At any point in time, you can view event groups to track situations occurring on your cluster. However, you can also create
alerts that proactively notify you if there is a change in an event group.
For example, you can generate an alert when a new event is added to an event group, when an event group is resolved, or when
the severity of an event group changes.
You can configure your cluster to only generate alerts for specific conditions or event groups, or during limited time periods.
Alerts are delivered through channels. You can configure a channel to determine who will receive the alert and when.

104 System configuration API

Event resources
Retrieve, create, modify, or delete event-related configurations and settings.

Event alert conditions resource

List, create, modify, or delete event alert conditions.

Operation Method and URI

List all event alert conditions. GET <cluster-ip:port>/platform/16/event/
alert-conditions

List one event alert condition. GET <cluster-ip:port>/platform/16/event/

alert-conditions/<CONDITION-ID>

Create an event alert condition. POST <cluster-ip:port>/platform/16/event/

alert-conditions

Modify an event alert condition. PUT <cluster-ip:port>/platform/16/event/

alert-conditions/<CONDITION-ID>

Bulk deletes event alert conditions. DELETE <cluster-ip:port>/platform/16/event/

alert-conditions

Delete an individual alert condition. DELETE <cluster-ip:port>/platform/16/event/

alert-conditions/<CONDITION-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. alert-conditions?describe
GET <cluster-ip:port>/platform/16/event/
alert-conditions/<CONDITION-ID>?describe

Event categories resource

List one or all event categories.

Operation Method and URI

List all event categories. GET <cluster-ip:port>/platform/16/event/
categories

List one event category. GET <cluster-ip:port>/platform/16/event/

categories/<CATEGORY-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. categories?describe
GET <cluster-ip:port>/platform/16/event/
categories/<CATEGORY-ID>?describe

Event channels resource

List, create, modify, or delete event channels.

Operation Method and URI

List all event channels. GET <cluster-ip:port>/platform/16/event/
channels

List one event channel. GET <cluster-ip:port>/platform/16/event/

channels/<CHANNEL-ID>

System configuration API 105

Operation Method and URI
Create an event channel. POST <cluster-ip:port>/platform/16/event/
channels

Modify an event channel. PUT <cluster-ip:port>/platform/16/event/

channels/<CHANNEL-ID>

Delete an event channel. DELETE <cluster-ip:port>/platform/16/event/

channels/<CHANNEL-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. channels?describe
GET <cluster-ip:port>/platform/16/event/
channels/<CHANNEL-ID>?describe

Event suppress resources

List, suppress, or unsuppress an event.

Operation Method and URI

Get a list of all suppressed events. GET /platform/16/event/suppress

View if an event is suppressed. GET /platform/16/event/suppress/<event type

id>

Suppress or unsuppress an event. PUT /platform/16/event/suppress/<event type

id>

View the detailed JSON schema for this resource, which has GET /platform/16/event/suppress?describe
information about query parameters and object properties.

Event eventgroup definitions resource

List eventgroup definitions.

Operation Method and URI

List all eventgroup definitions. GET <cluster-ip:port>/platform/16/event/
eventgroup-definitions

List one eventgroup definition. GET <cluster-ip:port>/

platform/16/event/eventgroup-definitions/
<EVENTGROUP-DEFINITION-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. eventgroup-definitions?describe
GET <cluster-ip:port>/
platform/16/event/eventgroup-definitions/
<EVENTGROUP-DEFINITION-ID>?describe

Event eventgroups occurrences resource

List or modify eventgroup occurrences.

Operation Method and URI

List all eventgroup occurrences. GET <cluster-ip:port>/platform/16/event/
eventgroup-occurrences

106 System configuration API

Operation Method and URI
List one eventgroup occurrence. GET <cluster-ip:port>/
platform/16/event/eventgroup-occurrences/
<EVENTGROUP-OCCURRENCE-ID>

Modify all eventgroup occurrences (resolved or ignore all). PUT <cluster-ip:port>/platform/16/event/

eventgroup-occurrences

Modify an eventgroup occurrence. PUT <cluster-ip:port>/

platform/16/event/eventgroup-occurrences/
<EVENTGROUP-OCCURRENCE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. eventgroup-occurrences?describe
GET <cluster-ip:port>/
platform/16/event/eventgroup-occurrences/
<EVENTGROUP-OCCURRENCE-ID>?describe

Event eventlists resource

List events by eventgroup occurrence.

Operation Method and URI

List all event occurrences grouped by eventgroup GET <cluster-ip:port>/platform/16/event/
occurrences. eventlists

List all events for one eventgroup occurrence. GET <cluster-ip:port>/platform/16/event/

eventlists/<EVENT-OCCURRENCE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. eventlists?describe
GET <cluster-ip:port>/platform/16/event/
eventlists/<EVENT-OCCURRENCE-ID>?describe

Event events resource

Create a test event.

Operation Method and URI

Create a test event. POST <cluster-ip:port>/platform/16/event/
events

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. events?describe

Event settings resource

List or modify event settings.

Operation Method and URI

List all eventgroup occurrences. GET <cluster-ip:port>/platform/16/event/
settings

Modify all eventgroup occurrences (resolved or ignore all). PUT <cluster-ip:port>/platform/16/event/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/event/
information about query parameters and object properties. settings?describe

System configuration API 107

HealthCheck
The HealthCheck feature enables you to evaluate the status of specific software and hardware components of the cluster and
the cluster's environment.
Aspects of the cluster or its environment that can be evaluated are called items. Depending on the nature of the item, when
the item is evaluated, either each node in the cluster is checked or the cluster as a whole is checked. For example, an item
that evaluates the number of DIMM errors that have been logged checks the logs in to each node in the cluster. An item that
evaluates the amount of free space remaining on the cluster evaluates the cluster as a whole.
Parameters are elements of items to which you can assign specific values. For example, the item auth_ad_clock_skew
contains a parameter that is named ad_provider. You can assign a value such as win_ad to the ad_provider parameter
using the healthcheck/parameters/<ID> call.
Items and checklists can be evaluated according to a defined schedule. When an item or checklist is evaluated, the results are
saved in the /ifs/.ifsvar/modules/health-check/results/evaluations directory.

HealthCheck resources

You can retrieve, create, modify, or delete HealthCheck configurations and settings.

HealthCheck evaluations resource

List all HealthCheck evaluations. Create, retrieve, modify, and delete an evaluation.

Operation Method and URI

Retrieve all evaluations. GET <cluster-ip:port>/platform/16/
healthcheck/evaluations

Create an evaluation. POST <cluster-ip:port>/platform/16/

healthcheck/evaluations

Retrieve an evaluation. GET <cluster-ip:port>/platform/16/

healthcheck/evaluations/<ID>

Modify an evaluation. PUT <cluster-ip:port>/platform/16/

healthcheck/evaluations/<ID>

Delete an evaluation. DELETE <cluster-ip:port>/platform/16/

healthcheck/evaluations/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. healthcheck/evaluations?describe
GET <cluster-ip:port>/platform/16/
healthcheck/evaluations/<ID>?describe

HealthCheck items resource

List all HealthCheck item definitions, or view a specific item definition.

Operation Method and URI

Retrieve all items. GET <cluster-ip:port>/platform/16/
healthcheck/items

Retrieve an item. GET <cluster-ip:port>/platform/16/

healthcheck/items/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. healthcheck/items?describe
GET <cluster-ip:port>/platform/16/
healthcheck/items/<ID>?describe

108 System configuration API

HealthCheck parameters resource
List all HealthCheck parameters. Create, retrieve, modify, and delete a parameter.

Operation Method and URI

Retrieve all parameters. GET <cluster-ip:port>/platform/16/
healthcheck/parameters

Create a parameter. POST <cluster-ip:port>/platform/16/

healthcheck/parameters

Retrieve a parameter. GET <cluster-ip:port>/platform/16/

healthcheck/parameters/<ID>

Modify a parameter. PUT <cluster-ip:port>/platform/16/

healthcheck/parameters/<ID>

Delete a parameter. DELETE <cluster-ip:port>/platform/16/

healthcheck/parameters/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. healthcheck/parameters?describe
GET <cluster-ip:port>/platform/16/
healthcheck/parameters/<ID>?describe

HealthCheck schedules resource

List all HealthCheck schedules. Create, retrieve, modify, and delete a schedule.

Operation Method and URI

Retrieve a list of schedules. GET <cluster-ip:port>/platform/16/
healthcheck/schedules

Create a schedule. POST <cluster-ip:port>/platform/16/

healthcheck/schedules

Retrieve a schedule. GET <cluster-ip:port>/platform/16/

healthcheck/schedules/<ID>

Modify a schedule. PUT <cluster-ip:port>/platform/16/

healthcheck/schedules/<ID>

Delete a schedule. DELETE <cluster-ip:port>/platform/16/

healthcheck/schedules/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. healthcheck/schedules?describe
GET <cluster-ip:port>/platform/16/
healthcheck/schedules/<ID>?describe

HealthCheck definition resource

List all HealthCheck definitions, view any healthcheck definition, and install or uninstall healthcheck definitions.

Operation Method and URI

Retrieve a list of healthcheck definitions. GET <cluster-ip:port>/platform/16/
healthcheck/definitions

View a single healthcheck definition. GET <cluster-ip:port>/platform/16/

healthcheck/definitions/<definitions>

System configuration API 109

Operation Method and URI
Install a healthcheck definition. POST <cluster-ip:port>/platform/16/
healthcheck/definitions/<definitions>

Uninstall a healthcheck definition. DELETE <cluster-ip:port>/platform/16/

healthcheck/definitions/<definitions>

Snapshots overview
A OneFS snapshot is a logical pointer to data that is stored on a cluster at a specific point in time.
A snapshot references a directory on a cluster, including all data stored in the directory and its subdirectories. If the data
referenced by a snapshot is modified, the snapshot stores a physical copy of the data that was modified. Snapshots are created
according to user specifications or by OneFS, which generates them automatically to facilitate system operations. You can also
create writable copies of snapshots, useful for testing data recovery scenarios.
To create and manage snapshots, you must activate a SnapshotIQ license on the cluster. Some applications must generate
snapshots to function but do not require you to activate a SnapshotIQ license. By default, these snapshots are automatically
deleted when OneFS no longer needs them. However, if you activate a SnapshotIQ license, you can retain these snapshots. You
can view snapshots that other modules generate without activating a SnapshotIQ license.
You can identify and locate snapshots by name or ID. Users specify snapshot names, then the snapshot is assigned to the virtual
directory that contains the snapshot. A snapshot ID is a numerical identifier that OneFS automatically assigns to a snapshot.

Snapshots resources
You can retrieve, create, modify, or delete snapshot configurations and settings.

Snapshot license resource

Retrieve license information for SnapshotIQ.

Operation Method and URI

Retrieve license information for SnapshotIQ. GET <cluster-ip:port>/platform/16/snapshot/
license

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. license?describe

Snapshot summary resource

Retrieve summary information about file system snapshots.

Operation Method and URI

Get summary information about file system snapshots. GET <cluster-ip:port>/platform/16/snapshot/
snapshots-summary

View the detailed JSON schema for this resource, which GET <cluster-ip:port>/platform/16/snapshot/
has information about query parameters and object snapshots-summary?describe
properties.

Snapshots resource
Create, modify, delete, or retrieve information about file system snapshots.

Operation Method and URI

Retrieve a list of all snapshots. GET <cluster-ip:port>/platform/16/snapshot/snapshots

110 System configuration API

Operation Method and URI
Retrieve a single snapshot. GET <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|
SNAPSHOT-NAME>

Create a snapshot. POST <cluster-ip:port>/platform/16/snapshot/snapshots

Modify a snapshot. PUT <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|

SNAPSHOT-NAME>

Delete all snapshots. DELETE <cluster-ip:port>/platform/16/snapshot/snapshots

Delete a snapshot. DELETE <cluster-ip:port>/platform/16/snapshot/snapshots/

<ID|SNAPSHOT-NAME>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|

resource, which has information about SNAPSHOT-NAME>?describe
query parameters and object properties.
GET <cluster-ip:port>/platform/16/snapshot/snapshots?
describe

Snapshot schedules resource

Create, modify, delete, or retrieve information about snapshot schedules.

Operation Method and URI

Retrieve a list of all snapshot schedules. GET <cluster-ip:port>/platform/16/snapshot/schedules

Retrieve a single snapshot schedule. GET <cluster-ip:port>/platform/16/snapshot/schedules/

<SCHEDULE-ID>

Create a snapshot schedule. POST <cluster-ip:port>/platform/16/snapshot/schedules

Modify a snapshot schedule. PUT <cluster-ip:port>/platform/16/snapshot/schedules/

<SCHEDULE-ID>

Delete all snapshot schedules. DELETE <cluster-ip:port>/platform/16/snapshot/

schedules

Delete a snapshot schedule. DELETE <cluster-ip:port>/platform/16/snapshot/

schedules/<SCHEDULE-ID>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/snapshot/schedules?

resource, which has information about query describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/snapshot/schedules/
<SCHEDULE-ID>?describe

Snapshot locks resource

Create, modify, remove, or retrieve information about locks on an individual snapshot.

Operation Method and URI

Retrieve a list of locks on a snapshot. GET <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|
SNAPSHOT-NAME>/locks

Retrieve a single lock on a snapshot. GET <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|

SNAPSHOT-NAME>/locks/<LOCK-ID>

Create a lock on a snapshot. POST <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|

SNAPSHOT-NAME>/locks

Modify a lock on a snapshot. PUT <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|

SNAPSHOT-NAME>/locks/<LOCK-ID>

System configuration API 111

Operation Method and URI
Remove a lock from a snapshot. DELETE <cluster-ip:port>/platform/16/snapshot/snapshots/
<LOCK-ID>/locks

View the detailed JSON schema for GET <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|

this resource, which has information SNAPSHOT-NAME>/locks/<LOCK-ID>?describe
about query parameters and object
properties. GET <cluster-ip:port>/platform/16/snapshot/snapshots/<ID|
SNAPSHOT-NAME>/locks?describe

Snapshot pending resource

Retrieve information about scheduled snapshots.

Operation Method and URI

Retrieve a list of scheduled pending snapshots. GET <cluster-ip:port>/platform/16/snapshot/
pending

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. pending?describe

Snapshot aliases resource

Create, modify, delete, or retrieve information about snapshot aliases.

Operation Method and URI

Get all snapshot aliases. GET <cluster-ip:port>/platform/16/snapshot/
aliases

Get a snapshot alias. GET <cluster-ip:port>/platform/16/snapshot/

aliases/<ID|SNAPSHOT-NAME>

Create a snapshot alias. POST <cluster-ip:port>/platform/16/snapshot/

aliases

Modify a snapshot alias. PUT <cluster-ip:port>/platform/16/snapshot/

aliases/<ID|SNAPSHOT-NAME>

Delete all snapshot aliases. DELETE <cluster-ip:port>/platform/16/

snapshot/aliases/

Delete a snapshot alias. DELETE <cluster-ip:port>/platform/16/

snapshot/aliases/<ID|SNAPSHOT-NAME>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. aliases?describe
GET <cluster-ip:port>/platform/16/snapshot/
aliases/<ID|SNAPSHOT-NAME>?describe

Snapshot changelists resource

Delete or retrieve information about snapshot changelists.

Operation Method and URI

Retrieve all snapshot changelists. GET <cluster-ip:port>/platform/16/snapshot/
changelists

Retrieve a snapshot changelist. GET <cluster-ip:port>/platform/16/snapshot/

changelists/<changelist>

112 System configuration API

Operation Method and URI
Delete a snapshot changelist. DELETE <cluster-ip:port>/platform/16/
snapshot/changelists/<changelist>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. changelists?describe

Snapshot changelists changelist lins resource

Retrieve information about a snapshot changelist entry.

Operation Method and URI

Retrieve a collection of snapshot changelist entries. GET <cluster-ip:port>/platform/16/snapshot/
changelists/<CHANGELIST>/lins

Retrieve a snapshot changelist entry for a specific LIN. GET <cluster-ip:port>/platform/16/snapshot/

changelists/<CHANGELIST>/lins/<LIN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. changelists/<CHANGELIST>/lins?describe
GET <cluster-ip:port>platform/16/snapshot/
changelists/<CHANGELIST>/lins/<LIN>?describe

Snapshot changelists changelist resource

Retrieve information about a snapshot changelist entry.
The call snapshot/changelists/<CHANGELIST>/diff-regions/<LIN> returns information about data block changes
between two snapshot versions of a file.

Operation Method and URI

Retrieve a snapshot changelist entry. GET <cluster-ip:port>/platform/16/snapshot/
changelists/<CHANGELIST>/entries/<ID>

Retrieve a collection of snapshot changelist entries. GET <cluster-ip:port>/platform/16/snapshot/

changelists/<CHANGELIST>/entries

Retrieve a collection of snap diff regions for a specified LIN. GET <cluster-ip:port>/platform/16/snapshot/
changelists/<CHANGELIST>/diff-regions/<LIN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>platform/16/
information about query parameters and object properties. snapshot/changelists/<CHANGELIST>/entries/
<ID>?describe
GET <cluster-ip:port>/platform/16/snapshot/
changelists/<CHANGELIST>/entries?describe
GET <cluster-ip:port>/platform/16/snapshot/
changelists/<CHANGELIST>/diff-regions/<LIN>?
describe

Snapshot repstates resource

Create or retrieve information about snapshot repstates.

Operation Method and URI

Retrieve all snapshot repstates. GET <cluster-ip:port>/platform/16/snapshot/
repstates

System configuration API 113

Operation Method and URI
Retrieve a snapshot repstate. GET <cluster-ip:port>/platform/16/snapshot/
repstates/<REPSTATE>

Create a snapshot repstate. POST <cluster-ip:port>/platform/16/snapshot/

repstates/<REPSTATE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. repstates?describe
GET <cluster-ip:port>/platform/16/snapshot/
repstates/<REPSTATE>?describe

Snapshot settings resource

Modify or retrieve information about global snapshot settings.

Operation Method and URI

Retrieve the current snapshot settings. GET <cluster-ip:port>/platform/16/snapshot/
settings

Modify the current snapshot settings. PUT <cluster-ip:port>/platform/16/snapshot/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/snapshot/
information about query parameters and object properties. settings?describe

Writable snapshot resources

Create or delete writable snapshots.

Operation Method and URI

List writable snapshots. GET <cluster-ip:port>/platform/16/snapshot/
writable

Create writable snapshots. POST <cluster-ip:port>/platform/16/snapshot/

writable

Delete writable snapshots. DELETE <cluster-ip:port>/platform/16/

snapshot/writable

Snapshots API examples

You can see examples for some snapshots API requests.

Create a snapshot
You can create a snapshot.

Request example

POST /platform/16/snapshot/snapshots
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"name" : "admin_snap",
"path" : "/ifs/home/admin"
}

114 System configuration API

Response example

201 Created
Content-type: application/json

{
"created": 1589486376,
"expires": null,
"has_locks": false,
"id": 2,
"name": "admin_snap",
"path": "/ifs/home/admin",
"pct_filesystem": 6.816916993557243e-06,
"pct_reserve": 0.0,
"schedule": null,
"shadow_bytes": 0,
"size": 4096,
"state": "active",
"target_id": null,
"target_name": null
}

Modify a snapshot alias

You can modify a snapshot alias.

Request example

PUT /platform/16/snapshot/aliases/AdminSnapshot
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"name" : "InitialAdminSnapshot"
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain

NDMP backup and recovery

In OneFS, you can back up and recover file-system data through the Network Data Management Protocol (NDMP). From a
backup server, you can direct backup and recovery processes between a cluster and backup devices such as tape devices,
media servers, and virtual tape libraries (VTLs).
OneFS supports both three-way and two-way NDMP backup models.
Two-way NDMP backup is faster than the three-way NDMP backup. It is also the most efficient method in terms of cluster
resource consumption. However, a two-way NDMP backup requires that you attach one or more Backup Accelerator nodes to
the cluster.
In both the two-way and three-way NDMP backup models, file history data is transferred from the cluster to the backup server.
Before a backup begins, OneFS creates a snapshot of the targeted directory, then backs up the snapshot, which ensures that
the backup image represents a specific point in time.
You do not must activate a SnapshotIQ license on the cluster to perform NDMP backups. If you have activated a SnapshotIQ
license on the cluster, you can generate a snapshot through the SnapshotIQ tool, and then back up the same snapshot. If you
back up a SnapshotIQ snapshot, OneFS does not create another snapshot for the backup.
NOTE: If you are recovering SmartLock directories, Dell Technologies recommends that you do not specify autocommit
time periods for them.

System configuration API 115

You can also back up WORM domains through NDMP.

NDMP resources
You can retrieve, create, modify, or delete NDMP configurations and settings.

NDMP backup contexts

Retrieve information about NDMP backup contexts.

Operation Method and URI

Retrieve NDMP backup contexts. GET <cluster-ip:port>/platform/16/protocols/ndmp/
contexts/backup

Retrieve a specific NDMP backup context. GET <cluster-ip:port>/platform/16/protocols/ndmp/

contexts/backup/<ID>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters contexts/backup?describe
and object properties.

NDMP BRE contexts

Retrieve information about backup restartable extension (BRE) contexts.

Operation Method and URI

Retrieve NDMP BRE contexts. GET <cluster-ip:port>/platform/16/protocols/ndmp/
contexts/bre

Retrieve a specific NDMP BRE context. GET <cluster-ip:port>/platform/16/protocols/ndmp/

contexts/bre/<ID>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters contexts/bre?describe
and object properties.

NDMP restore contexts

Retrieve information about NDMP restore contexts.

Operation Method and URI

Retrieve NDMP restore contexts. GET <cluster-ip:port>/platform/16/protocols/ndmp/
contexts/restore

Retrieve a specific NDMP restore context. GET <cluster-ip:port>/platform/16/protocols/ndmp/

contexts/restore/<ID>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters contexts/restore?describe
and object properties.

NDMP diagnostics
Retrieve or modify NDMP diagnostic information.

Operation Method and URI

Retrieve NDMP diagnostic information. GET <cluster-ip:port>/platform/16/protocols/ndmp/
diagnostics

116 System configuration API

Operation Method and URI
Modify NDMP diagnostic information. PUT <cluster-ip:port>/platform/16/protocols/ndmp/
diagnostics

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters diagnostics?describe
and object properties.

NDMP dumpdates
Retrieve or delete information about NDMP dump dates.

Operation Method and URI

Retrieve NDMP dump date specifics. GET <cluster-ip:port>/platform/16/protocols/ndmp/
dumpdates/<path*>

Delete NDMP dump date entries. DELETE <cluster-ip:port>/platform/16/protocols/ndmp/

dumpdates/<path*>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters dumpdates/<path*>?describe
and object properties.

NDMP logs
Retrieve NDMP logs.

Operation Method and URI

Retrieve NDMP logs. GET <cluster-ip:port>/platform/16/protocols/ndmp/logs

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters logs?describe
and object properties.

NDMP sessions
Retrieve information about NDMP sessions.

Operation Method and URI

Retrieve NDMP session information. GET <cluster-ip:port>/platform/16/protocols/ndmp/
sessions

Retrieve information about a specific NDMP GET <cluster-ip:port>/platform/16/protocols/ndmp/

session. sessions/<SESSION-ID>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters sessions?describe
and object properties.

NDMP DMA settings

Retrieve a list of supported data management application (DMA) vendors.

Operation Method and URI

Retrieve a list of NDMP DMAs. GET <cluster-ip:port>/platform/16/protocols/ndmp/
settings/dmas

System configuration API 117

Operation Method and URI
View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters settings/dmas?describe
and object properties.

NDMP global settings

Retrieve or modify NDMP global settings.

Operation Method and URI

Retrieve NDMP global settings. GET <cluster-ip:port>/platform/16/protocols/ndmp/
settings/global

Modify NDMP global settings. PUT <cluster-ip:port>/platform/16/protocols/ndmp/

settings/global

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters settings/global?describe
and object properties.

NDMP preferred IP preferences resources

Retrieve, modify, create, and delete preferred IP preferences.

Operation Method and URI

Retrieve a list of preferred IP preferences. GET <cluster-ip:port>/platform/16/protocols/
ndmp/settings/preferred-ips

Retrieve a single IP preference by ID. GET <cluster-ip:port>/platform/16/protocols/

ndmp/settings/preferred-ips/<ID>

Modify a preferred IP preference. PUT <cluster-ip:port>/platform/16/protocols/

ndmp/settings/preferred-ips/<ID>

Create a preferred IP preference. POST <cluster-ip:port>/platform/16/

protocols/ndmp/settings/preferred-ips

Delete a preferred IP preference. DELETE <cluster-ip:port>/platform/16/

protocols/ndmp/settings/preferred-ips/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/protocols/
information about query parameters and object properties. ndmp/settings/preferred-ips?describe
GET <cluster-ip:port>/platform/16/protocols/
ndmp/settings/preferred-ips/<ID>?describe

NDMP variable settings

Create, modify, view, or delete NDMP environment variable settings.

Operation Method and URI

Retrieve list of preferred NDMP environment GET <cluster-ip:port>/platform/16/protocols/ndmp/
variables. settings/variables/<path*>

Modify preferred NDMP environment variables. PUT <cluster-ip:port>/platform/16/protocols/ndmp/

settings/variables/<path*>

Create preferred NDMP environment variables. POST <cluster-ip:port>/platform/16/protocols/ndmp/

settings/variables/<path*>

118 System configuration API

Operation Method and URI
Delete preferred NDMP environment variables. DELETE <cluster-ip:port>/platform/16/protocols/ndmp/
settings/variables/<path*>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters settings/variables/<path*>?describe
and object properties.

NDMP users
List, create, modify, or delete NDMP administrators.

Operation Method and URI

Retrieve list of NDMP administrators. GET <cluster-ip:port>/platform/16/protocols/ndmp/
users

Retrieve information about a specific NDMP GET <cluster-ip:port>/platform/16/protocols/ndmp/

administrator. users/<NAME>

Modify information about an NDMP administrator. PUT <cluster-ip:port>/platform/16/protocols/ndmp/

users/<NAME>

Create an NDMP administrator. POST <cluster-ip:port>/platform/16/protocols/ndmp/

users/<NAME>

Delete an NDMP administrator. DELETE <cluster-ip:port>/platform/16/protocols/ndmp/

users/<NAME>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/protocols/ndmp/
which has information about query parameters users?describe
and object properties.

SyncIQ data replication overview

OneFS enables you to replicate data from one PowerScale cluster to another through the SyncIQ software module. Activate a
SyncIQ license on both PowerScale clusters before you can replicate data between them.
You can replicate data at the directory level while optionally excluding specific files and subdirectories from being replicated.
SyncIQ creates and references snapshots to replicate a consistent point-in-time image of a source directory. Metadata, such as
access control lists (ACL) and alternate data streams (ADS), are replicated along with data.
SyncIQ enables you to maintain a consistent replica of your data on another PowerScale cluster and to control the frequency of
data replication. For example, you could configure SyncIQ to back up data from your primary cluster to a secondary cluster once
a day at 10 PM. Depending on the size of your dataset, the first replication operation could take considerable time. After that,
however, replication operations would complete more quickly.
SyncIQ also offers automated failover and failback capabilities so that you can continue operations on the secondary
PowerScale cluster should your primary cluster become unavailable.

Sync resources
You can retrieve, create, modify, or delete resources for data replication with SyncIQ.

File matching patterns

You can apply the following file matching pattern to filter specific objects in SyncIQ.

<file_matching_pattern> := {
"or_criteria" : [
{
"and_criteria": [
<file_criterion>,

System configuration API 119

 <file_criterion>,
...
]
},
{
"and_criteria": [
<file_criterion>,
<file_criterion>,
...
]
},
...
]
}

<file_criterion> = {
"type": <string>,
"operator": <string>,
"value": {<string> | <integer>}
}

The following table defines available operators.

operator Description

== Equal

!= Does not equal

> Greater than

>= Greater than or equal

< Less than

<= Less than or equal

! Not

The following table defines available file criteria types.

Type Conditions

name Paired with operators "==" or "!=".

path Paired with operators "==" or "!=".

posix_regex_name Paired with operators "==" or "!=".

accessed_time No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

accessed_before No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

accessed_after No operator is required; every operation is set to "==".

120 System configuration API

Type Conditions

The value must be in the following form: {<mm>/<dd>/

<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

birth_time No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

birth_before No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

birth_after No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

changed_time No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

changed_before No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

changed_after No operator is required; every operation is set to "==".

The value must be in the following form: {<mm>/<dd>/
<yyyy> [<HH>:<mm>] | <integer> {days | weeks | months |
years} ago}

size Paired with all operators except for "!".

The value must be in the following form: An integer, followed
by B, KB, MB, GB, or TB (such as 100B or 12TB).

file_type Paired with operators "==" or "!=".

The value must be in the following form: 'file', 'directory', or
'symlink'.

user_name Paired with operators "==" or "!=".

user_id Paired with operators "==" or "!=".

group_name Paired with operators "==" or "!=".

group_id Paired with operators "==" or "!=".

no_user Paired with operators "!".

no_group Paired with operators "!".

Does not require a value.

System configuration API 121

The following example shows a sync policy filter.

"file_matching_filter": {
"or_criteria" : [
{
"and_criteria": [
{
"type": "size",
"operator": ">=",
"value": "500000KB"
},
{
"type": "file_type",
"operator": "==",
"value": "file"
}
]
},
{
"and_criteria": [
{
"type": "posix_regex_name",
"operator": "==",
"value": "some_special_prefix_*"
}
]
},
{
"and_criteria": [
{
"type": "file_type",
"operator": "==",
"value": "symlink"
}
]
}
]
}

Sync license resource

Retrieve license information for SyncIQ.

Operation Method and URI

Get license information for SyncIQ. GET <cluster-ip:port>/platform/16/sync/
license

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. license?describe

Sync certificates server resource

Import, modify, list, view, or delete TLS server certificates.

Operation Method and URI

List all SyncIQ TLS server certificates. GET <cluster-ip:port>/platform/16/sync/
certificates/server

View a specific SyncIQ TLS server certificate. GET <cluster-ip:port>/platform/16/sync/

certificates/server/<SERVER>

Import a SyncIQ TLS server certificate. POST <cluster-ip:port>/platform/16/sync/

certificates/server

122 System configuration API

Operation Method and URI
Modify a SyncIQ TLS server certificate. PUT <cluster-ip:port>/platform/16/sync/
certificates/server/<SERVER>

Delete a SyncIQ TLS server certificate. DELETE <cluster-ip:port>/platform/16/sync/

certificates/server/<SERVER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. certificates/server?describe
GET <cluster-ip:port>/platform/16/sync/
certificates/server/<SERVER>?describe

Sync certificates peer resource

Import, modify, list, view, or delete SyncIQ peer TLS certificates.

Operation Method and URI

List all trusted SyncIQ peer TLS certificates. GET <cluster-ip:port>/platform/16/sync/
certificates/peer

View a specific SyncIQ peer TLS certificate. GET <cluster-ip:port>/platform/16/sync/

certificates/peer/<PEER>

Import a trusted SyncIQ TLS certificate. POST <cluster-ip:port>/platform/16/sync/

certificates/peer

Modify a trusted SyncIQ TLS certificate. PUT <cluster-ip:port>/platform/16/sync/

certificates/peer/<PEER>

Delete a trusted SyncIQ TLS certificate. DELETE <cluster-ip:port>/platform/16/sync/

certificates/peer/<PEER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. certificates/peer?describe
GET <cluster-ip:port>/platform/16/sync/
certificates/peer/<PEER>?describe

Sync jobs resource

Start, modify, or retrieve information about a SyncIQ replication job.

Operation Method and URI

Retrieve a list of all replication jobs. GET <cluster-ip:port>/platform/16/sync/
jobs

Retrieve the details of a replication job. GET <cluster-ip:port>/platform/16/sync/

jobs/<JOB>

Start a replication job. POST <cluster-ip:port>/platform/16/

sync/jobs

Modify an in-progress replication job. PUT <cluster-ip:port>/platform/16/sync/

jobs/<JOB>

Cancel all replication jobs. DELETE <cluster-ip:port>/platform/16/

sync/jobs

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. jobs?describe
GET <cluster-ip:port>/platform/16/sync/
jobs/<JOB>?describe

System configuration API 123

Sync policies resource
Create, modify, delete, or retrieve information about SyncIQ replication policies.

Operation Method and URI

Retrieve all replication policies. GET <cluster-ip:port>/platform/16/sync/
policies

Retrieve a replication policy. GET <cluster-ip:port>/platform/16/sync/

policies/<POLICY>

Create a replication policy. POST <cluster-ip:port>/platform/16/sync/

policies

Modify a replication policy. PUT <cluster-ip:port>/platform/16/sync/

policies/<POLICY>

Delete all replication policies. DELETE <cluster-ip:port>/platform/16/sync/

policies

Delete a replication policy. DELETE <cluster-ip:port>/platform/16/sync/

policies/<POLICY>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. policies?describe
GET <cluster-ip:port>/platform/16/sync/
policies/<POLICY>?describe

Sync policies reset resource

Reset the incremental state of a replication policy and force a full sync or copy. Post an empty object: {} to reset the policy.

Operation Method and URI

Reset a replication policy. POST <cluster-ip:port>/platform/16/sync/
policy/<POLICY>/reset

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. policy/<POLICY>/reset?describe

Sync reports resource

Retrieve SyncIQ reports and subreports.

Operation Method and URI

Retrieve all SyncIQ reports. GET <cluster-ip:port>/platform/16/sync/
reports

Retrieve a single SyncIQ report. GET <cluster-ip:port>/platform/16/sync/

reports/<REPORT>

Retrieve a list of SyncIQ subreports for a report. GET <cluster-ip:port>/platform/16/sync/

reports/<REPORT>/subreports

Retrieve a single SyncIQ subreport. GET <cluster-ip:port>/platform/16/sync/

reports/<REPORT>/subreports/<SUBREPORT-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. reports?describe
GET <cluster-ip:port>/platform/16/sync/
reports/<REPORT>?describe

124 System configuration API

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. reports/<REPORT>/subreports?describe
GET <cluster-ip:port>/platform/16/
sync/reports/<REPORT>/subreports/<SUBREPORT-
ID>?describe

Sync reports rotate resource

Rotate the records in the database and periodically remove older reports from the system.

Operation Method and URI

Retrieve information about whether the rotation is running. GET <cluster-ip:port>/platform/16/sync/
reports-rotate

Force the reports in the database to rotate. POST <cluster-ip:port>/platform/16/sync/

reports-rotate

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. reports-rotate?describe

Sync target policies resource

Retrieve information about SyncIQ target replication policies.

Operation Method and URI

Retrieve all target replication policies. GET <cluster-ip:port>/platform/16/sync/
target/policies

Retrieve a target replication policy. GET <cluster-ip:port>/platform/16/sync/

target/policies/<policy-id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. target/policies?describe

Sync target policies cancel resource

Cancels the most recent replication job for a replication policy from the target cluster.

Operation Method and URI

Cancel the most recent replication job. POST <cluster-ip:port>/platform/16/sync/
target/policies/<POLICY>/cancel

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. target/policies/<POLICY>/cancel?describe

SyncIQ target reports resource

Retrieve information about the SyncIQ reports and subreports running on a target cluster.

Operation Method and URI

Retrieve all replication target reports. GET <cluster-ip:port>/platform/16/sync/
target/reports

Retrieve a replication target report. GET <cluster-ip:port>/platform/16/sync/

target/reports/<REPORT>

System configuration API 125

Operation Method and URI
Retrieve all target subreports for a single report. GET <cluster-ip:port>/platform/16/sync/
target/reports/<REPORT>/subreports

Retrieve a single target subreport. GET

<cluster-ip:port>/platform/16/sync/target/
reports/<REPORT>/subreports/<SUBREPORT-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. target/reports?describe
GET <cluster-ip:port>/platform/16/sync/
target/reports/<REPORT>?describe

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. target/reports/<REPORT>/subreports?describe
GET
<cluster-ip:port>/platform/16/sync/target/
reports/<REPORT>/subreports/<SUBREPORT-ID>?
describe

Sync service policies resource

List, view, create, modify, or delete SyncIQ service replication policies.

Operation Method and URI

List all SyncIQ service replication policies. GET <cluster-ip:port>/platform/16/sync/
service/policies

View a specific SyncIQ service replication policy. GET <cluster-ip:port>/platform/16/sync/

service/policies/<POLICY>

Import a SyncIQ service replication policy. POST <cluster-ip:port>/platform/16/sync/

service/policies

Modify a SyncIQ service replication policy. PUT <cluster-ip:port>/platform/16/service/

policies/<POLICY>

Delete SyncIQ service replication policies. DELETE <cluster-ip:port>/platform/16/sync/

service/policies

Delete a specific SyncIQ service replication policy. DELETE <cluster-ip:port>/platform/16/sync/

service/policies/<POLICY>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. service/policies?describe
GET <cluster-ip:port>/platform/16/sync/
service/policies/<POLICY>?describe

Sync service policies reset resource

Reset a SyncIQ service replication policy incremental state, and force a full sync, or copy.

Operation Method and URI

Import a SyncIQ service replication policy. POST <cluster-ip:port>/platform/16/sync/
service/policies/<POLICY>/reset

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. service/policies/<POLICY>/reset?describe

126 System configuration API

Sync service target policies reset resource
View or break association with replication policies on the SyncIQ target.

Operation Method and URI

List all SyncIQ target service replication policies. GET <cluster-ip:port>/platform/16/sync/
service/target/policies

View a specific SyncIQ target service replication policy. GET <cluster-ip:port>/platform/16/sync/

service/target/policies/<POLICY>

Break association with a specific SyncIQ target service policy. DELETE <cluster-ip:port>/platform/16/sync/
service/target/policies/<POLICY>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. service/target/policies?describe
GET <cluster-ip:port>/platform/16/sync/
service/target/policies/<POLICY>?describe

Sync service target policies cancel resource

Cancel the most recent SyncIQ job for a service replication policy from the target.

Operation Method and URI

Cancel a SyncIQ job for a service replication policy from the POST <cluster-ip:port>/platform/16/sync/
target. service/target/policies/<POLICY>/cancel

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/sync/service/
target/policies/<POLICY>/cancel?describe

Sync rules resource

Create, delete, or retrieve information about SyncIQ replication job performance rules. Rules can restrict the amount of network
bandwidth or files that are transferred per second for replication policies.

Operation Method and URI

Retrieve all replication job performance rules. GET <cluster-ip:port>/platform/16/sync/rules

Create a replication job performance rule. POST <cluster-ip:port>/platform/16/sync/

rules

Modify a replication job performance rule. PUT <cluster-ip:port>/platform/16/sync/

rules/<RULE>

Delete all replication job performance rules. DELETE <cluster-ip:port>/platform/16/sync/

rules/

Delete all replication job performance rules by type. DELETE <cluster-ip:port>/platform/16/sync/

rules?type=<STRING>

Delete a replication job performance rule. DELETE <cluster-ip:port>/platform/16/sync/

rules/<RULE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. rules?describe
GET <cluster-ip:port>/platform/16/sync/
rules/<RULE>?describe

System configuration API 127

Sync settings resource
Modify or retrieve information about global SyncIQ settings.

Operation Method and URI

Retrieve global SyncIQ settings. GET <cluster-ip:port>/platform/16/sync/
settings

Modify global SyncIQ settings. PUT <cluster-ip:port>/platform/16/sync/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. settings?describe

NOTE: You can configure RPO alert time through preferred_rpo_alert property of SyncIQ settings. For example
when the preferred_rpo_alert is set to null, it sets preferences as Do not send RPO alerts. When the
preferred_rpo_alert is set to 172800, it sets preferences as Send RPO alerts after 2 days.

Sync advanced settings resource

Modify or retrieve information about advanced global SyncIQ settings.

Operation Method and URI

Retrieve advanced global SyncIQ settings. GET <cluster-ip:port>/platform/16/sync/
settings/advanced

Modify advanced global SyncIQ settings. PUT <cluster-ip:port>/platform/16/sync/

settings/advanced

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. settings/advanced?describe

Sync history CPU resource

Retrieve CPU performance data.

Operation Method and URI

Retrieve CPU performance data. GET <cluster-ip:port>/platform/16/sync/
history/cpu

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. history/cpu?describe

Sync history file resource

Retrieve information about OneFS replication job performance reports. These reports indicate the number of files per second
that are sent by replication policies at a given time.

Operation Method and URI

Get all replication job performance reports. GET <cluster-ip:port>/platform/16/sync/
history/file

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. history/file?describe

128 System configuration API

Sync history network resource
Retrieve information about OneFS replication job performance reports. These reports indicate the amount of network bandwidth
that is consumed by data replication policies at a given time.

Operation Method and URI

List network operations performance data. GET <cluster-ip:port>/platform/16/sync/
history/network

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. history/network?describe

Sync history worker resource

Retrieve worker performance data.

Operation Method and URI

Retrieve worker performance data. GET <cluster-ip:port>/platform/16/sync/
history/worker

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/sync/
information about query parameters and object properties. history/worker?describe

SyncIQ API examples

You can see examples for some SyncIQ API calls.

Start a replication job

Manually start a replication job on the system.

Request example

POST /platform/16/sync/jobs
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'id': 'testpol'
}

Response example

201 Created
Content-type: application/json,
Allow: 'GET, POST, HEAD'

{
"id":"testpol"
}

System configuration API 129

Modify a replication job
Pause, cancel, or restart a job.

Request example
You can only modify the state object property for a replication job. Options are pause, cancel, and restart.

PUT /platform/16/sync/jobs/testpol
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'state': cancel,
}

Response example

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT'

Create a replication policy

You can create a replication policy on the file system.

Request example

POST /platform/16/sync/policies
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'log_level': 'fatal',
'name': 'myNewPolicy',
'schedule': 'every 3 weeks',
'source_root_path': '/ifs/data/sync2',
'target_path': '/ifs/data/sync/target2',
'action': 'copy',
'report_max_count': 144,
'source_exclude_directories': ['/ifs/data/sync2/exclude'],
'source_include_directories': ['/ifs/data/sync2/include'],
'target_host': 'localhost'
}

Response examples
In the following example, the request was successful and a replication policy ID is returned for the created object.

201 Created
Content-type: application/json,
Allow: 'DELETE, GET, POST, HEAD'

{
"id":"a33006f364842eefb629fc6b95c92559"
}

In following example, the replication policy was not created and an error was returned.

500 Internal Server Error

Content-type: application/json,
Allow: 'DELETE, GET, POST, HEAD'

{
"errors":[
{

130 System configuration API

 "code":"AEC_EXCEPTION",
"message":"duplicate policy <name,type> entry with id=\'(null)\',
name=\'myNewPolicy\'"
}
]
}

Modify a replication policy

You can modify a replication policy on the file system.

Request example

PUT /platform/16/sync/policies/myNewPolicy
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'target_compare_initial_sync': True,
'enabled': True,
'description': 'New policy',
'target_host': 'newHostname'
}

Response examples
The request was successful. No message body is returned for this request.

204 No Content
content-type: text/plain,
allow: 'DELETE, GET, PUT, HEAD'

In the following example, the policy was not modified and an error message was returned.

500 Internal Server Error

Content-type: application/json,
Allow: 'DELETE, GET, PUT, HEAD'

{
"errors":[
{
"code":"AEC_BAD_REQUEST",
"field":"source_network",
"message":"Flexnet subnet not found"
}
]
}

Reset a replication policy

Reset a replication policy and force a full sync and copy replication job.

Request example

POST /platform/16/sync/policy/testPolicy/reset
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

201 Created
Content-type: application/json,
Allow: 'POST'

System configuration API 131

 "id":"5275f97ebb3892ed4a47f71de20d4609"
}

Force rotation for reports

Manually start rotation for the records in the database, which deletes reports that are older than the specified maximum
retention period.

Request example

POST /platform/16/sync/reports-rotate
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

201 Created
Content-type: application/json,
Allow: 'DELETE, GET, POST, HEAD'

{
"id":"a33006f364842eefb629fc6b95c92559"
}

Cancel a target replication policy

You can cancel a replication policy from the target cluster.

Request example

POST /platform/16/sync/target/policies/testpol/cancel
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

200 OK
Content-type: application/json,
Allow: 'DELETE, GET, PUT, HEAD'

{
"policies" :
[

{
"failover_failback_state" : "writes_disabled",
"id" : "021a24618064135c5df4c431fd132437",
"last_job_state" : "paused",
"last_source_coordinator_ip" : "127.0.0.1",
"last_update_from_source" : 1371769450,
"legacy_policy" : false,
"name" : "testpol",
"source_cluster_guid" : "005056300217c137c2512b163880cb4d843d",
"source_host" : "jgregory",
"target_path" : "/ifs/data/tgt"
}
]
}

132 System configuration API

Create a replication policy rule on the system
You can create a replication policy rule on the file system.

Request example

POST /platform/16/sync/rules
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'type': 'file_count',
'limit': 123,
'schedule':
{
'begin': '09:00',
'end': '17:00',
'monday': True,
'tuesday': True,
'friday': True,
'wednesday': True,
'thursday': True,
'sunday': False,
'saturday': False
}
}

Response example

201 Created
Content-type: application/json,
Allow: 'DELETE, GET, POST, HEAD'

{
"id":"fc-0"
}

Modify a replication policy rule

You can modify replication policy rules on the system.

Request example

PUT /platform/16/sync/rules/
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

Response example

204 No Content
Content-type: text/plain,
Allow: 'DELETE, GET, PUT, POST'

Modify SyncIQ settings

You can modify the SyncIQ settings on the system.

Request example

PUT /platform/16/sync/settings
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

System configuration API 133

 {
'report_max_count': 1234,
'service': 'on'
}

Response example

204 No Content
Content-type: text/plain,
Allow: 'DELETE, GET, PUT, HEAD'

SmartLock overview
With the SmartLock software module, you can protect files on a PowerScale cluster from being modified, overwritten, or
deleted. To protect files in this manner, you must activate a SmartLock license.
With SmartLock, you can identify a directory in OneFS as a WORM domain. WORM stands for write once, read many. All files
within the WORM domain can be committed to a WORM state, meaning that those files cannot be overwritten, modified, or
deleted.
After a file is removed from a WORM state, you can delete the file. However, you can never modify a file that has been
committed to a WORM state, even after it is removed from a WORM state.
In OneFS, SmartLock can be deployed in one of two modes: compliance mode or enterprise mode.

SmartLock resources
You can retrieve, create, or modify SmartLock configurations and settings.

SmartLock domains resource

Create, modify, or retrieve information about a SmartLock domain.

Operation Method and URI

Retrieve all SmartLock domains. GET <cluster-ip:port>/platform/16/worm/
domains

Retrieve a SmartLock domain. GET <cluster-ip:port>/platform/16/worm/

domains/<domain>

Create a SmartLock domain. POST <cluster-ip:port>/platform/16/worm/

domains

Modify a SmartLock domain. PUT <cluster-ip:port>/platform/16/worm/

domains/<domain>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/worm/
information about query parameters and object properties. domains?describe
GET <cluster-ip:port>/platform/16/worm/
domains?describe

SmartLock settings resource

Modify or retrieve information about SmartLock global settings.

Operation Method and URI

Retrieve SmartLock global settings. GET <cluster-ip:port>/platform/16/worm/
settings

134 System configuration API

Operation Method and URI
Modify SmartLock global settings. PUT <cluster-ip:port>/platform/16/worm/
settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/worm/
information about query parameters and object properties. settings?describe

SmartLock API examples

You can see examples for some SmartLock API requests.

Create a SmartLock
You can create a SmartLock domain.

Request example

POST /platform/16/worm/domains
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"path":"/ifs/test/domain_test"
}

Response example

201 Created
Content-type: application/json

{
"id" : "224731515-4837484-928237-1003"
}

Modify a SmartLock
You can modify a SmartLock domain.

Request example

PUT /platform/16/worm/domains/domaintest
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"privileged_delete":"on"}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain

System configuration API 135

Modify SmartLock settings
You can modify SmartLock settings.

Request example
In this example, you can set the compliance clock to the current system time. Do this task by sending a PUT request to this
resource with an empty JSON object {} for the cdate value. This cluster must be in compliance mode to set the compliance
clock.

PUT /platform/16/worm/domains/settings
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{"cdate" : }

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain

Deduplication overview
SmartDedupe enables you to save storage space on your cluster by reducing redundant data. Deduplication maximizes the
efficiency of your cluster by decreasing the amount of storage that is required to store multiple files with identical blocks.
The SmartDedupe software module deduplicates data by scanning a PowerScale cluster for identical data blocks. Each block is
8 KB. If SmartDedupe finds duplicate blocks, SmartDedupe moves a single copy of the blocks to a hidden file called a shadow
store. SmartDedupe then deletes the duplicate blocks from the original files and replaces the blocks with pointers to the shadow
store.
Deduplication is applied at the directory level, targeting all files and directories underneath one or more root directories.
SmartDedupe not only deduplicates identical blocks in different files, it also deduplicates identical blocks within a single file.
Before you deduplicate a directory, you can get an estimate of the amount of space you can expect to save. After you begin
deduplicating a directory, you can monitor the amount of space that deduplication is saving in real time.
To enable deduplicating two or more files, the files must have the same disk pool policy ID and protection policy. If either or both
of these attributes differ between two or more identical files, or files with identical 8 K blocks, the files are not deduplicated.
Because it is possible to specify protection policies on a per-file or per-directory basis, deduplication can be further
affected. Consider the example of two files, /ifs/data/projects/alpha/logo.jpg and /ifs/data/projects/
beta/logo.jpg. Even if the logo.jpg files in both directories are identical, they would not be deduplicated if they have
different protection policies.
If you have activated a SmartPools license on your cluster, you can also specify custom file pool policies. These file pool policies
might result in identical files or files with identical 8 K blocks being stored in different node pools. Those files would have
different disk pool policy IDs and would not be deduplicated.
SmartDedupe also does not deduplicate files that are 32 KB or smaller, because doing so would consume more cluster resources
than the storage savings are worth. The default size of a shadow store is 2 GB. Each shadow store can contain up to 256,000
blocks. Each block in a shadow store can be referenced up to 32,000 times.

Deduplication resources
You can retrieve, create, modify, or delete SmartDedupe configurations and settings.

136 System configuration API

Deduplication summary resource
Retrieve summary information about deduplication jobs.

Operation Method and URI

Retrieve a summary of deduplication jobs. GET <cluster-ip:port>platform/16/dedupe/

dedupe-summary

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/dedupe/
information about query parameters and object properties. dedupe-summary?describe

Deduplication inline settings resource

Get and modify the inline deduplication settings.

Operation Method and URI

Get the inline deduplication settings. GET <cluster-ip:port>platform/16/dedupe/
inline/settings

Modify the inline deduplication settings. PUT <cluster-ip:port>/platform/16/dedupe/

inline/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/dedupe/
information about query parameters and object properties. inline/settings?describe

Deduplication settings resource

Modify or retrieve information about OneFS deduplication settings.

Operation Method and URI

Get deduplication settings. GET <cluster-ip:port>/platform/16/dedupe/
settings

Modify deduplication settings. PUT <cluster-ip:port>/platform/16/dedupe/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/dedupe/
information about query parameters and object properties. settings?describe

Deduplication reports resource

Retrieve information about deduplication jobs.

Operation Method and URI

Retrieve a report for all deduplication jobs. GET <cluster-ip:port>/platform/16/dedupe/
reports

Retrieve a report about a single deduplication job. GET <cluster-ip:port>/platform/16/dedupe/

reports/<id>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/dedupe/
information about query parameters and object properties. reports?describe
GET <cluster-ip:port>/platform/16/dedupe/
reports/<id>?describe

System configuration API 137

Deduplication API examples
You can see examples for some deduplication API calls.

Modify deduplication settings

You can modify deduplication settings on the cluster.

Request example

PUT /platform/16/dedupe/settings
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'paths': [
'/ifs/data/dedupeme1',
'/ifs/data/dedupeme2'
]
}

Response example

204 No Content
Content-type: 'text/plain,
Allow: 'GET, PUT, HEAD'

Data Mover (SmartSync)

Data Mover (SmartSync) overview

Data Mover (SmartSync) enables you to push, pull and proxy data movement operations between S3/Object and NFS interface
from public cloud with AWS, GCP, Azure and ECS.
It also provides backup capabilities to provide incremental and full fidelity backup and restore operations. Data Mover provides
fast, accurate and low-risk data replication for Dell Technologies file and object deployment on-premises or in the cloud. Protect
your business critical data from ransom, corruption, and human error (accidental deletion). You can keep a pristine copy of your
unstructured data anywhere you decide. You can get an end-to-end, automated, heterogeneous, multiprotocol solution designed
to safely, accurately and easily replicate and restore your data.
You can perform the following primary functions with Data Mover:
● Data protection: This provides you the ability to create a re-occurring updates of the source data to a target system. After
the original baseline of the data, incremental updates are done from source to target.
● Data repurposing: This provides you the ability to create a separate copy of the data on a supported target system to use
the data for activities including but not limited to archiving the data, running analytics on the data, bursting the data, testing
new processes/procedures.
Data Mover (SmartSync) enables you to prioritize data copy jobs for OneFS. You can set the High Priority, Normal, Low to
control the amount of cycles a job gets in respect to with other jobs. This only applies to prior to the job start, not changing
priority on the fly. If any attribute of a policy is updated while a job for the policy is running, the next job will exhibit the updated
attribute.
If a file cannot be completely copied, the Data Mover logs the file and continue with the job. When the job reaches the end of
work it will AUTO-PAUSE for admin action to either RETRY or mark the job PARTIAL-COMPLETE. If PARTIAL-COMPLETE the
dataset will be annotated and the files will be retried on the next job if it is a REPEAT-COPY policy. If the number of failures
exceeds 100 or a critical error is hit, the Data Mover shall AUTO-PAUSE and provide the Admin the option to RETRY or CANCEL
the job. If cancelled the data will be invalid.
You can pause, resume or cancel a job in progress. A cancel aborts the running job and remove the movement hence forcing a
re-baseline.

138 System configuration API

Through Data Mover (SmartSync) you can copy a source dataset to multiple targets. You can also create a copy policy from a
target dataset. A chain is when source is A for a dataset and that is copied to B, which in turn is copied to C. A chain shall at a
minimum go 4 copies deep, so A > B > C > D > E.

Data Mover (SmartSync) Resources

To achieve data transfer from source to target use the following workflow and API resources:
1. Set up the source and target accounts using accounts API.
2. Use policies API to create a dataset using dataset creation policy.
3. Use datasets API to list the datasets.
4. Copy the created dataset - use policies API to create a one-time or repeat-copy policy.
5. Use jobs API to list the active or completed jobs.

Data Mover (SmartSync) account resources

Create a Data Mover account.
An account holds information to connect to a storage system. The storage system could be the source or the target or where
the job runs.

Operation Method and URI

Create a Data Mover account. POST <cluster-ip:port>platform/16/datamover/
accounts

List all Data Mover accounts. GET <cluster-ip:port>platform/16/datamover/

accounts?limit=<limit number>

Get Data Mover account details by ID POST <cluster-ip:port>platform/16/datamover/

accounts/<ACCID>

Delete Data Mover account by ID DELETE <cluster-ip:port>platform/16/

datamover/accounts/<ACCID>

Modify and Data Mover account by ID PUT <cluster-ip:port>platform/16/datamover/

accounts/<ACCID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. accounts?describe

Data Mover (SmartSync) policy resources

Create a Data Mover policy which defines important aspects like when to copy/move the data, which is the source and the
target, where to copy at the target, etc. If multiple policies need the same attribute (say schedule, priority, etc.), they can be
grouped under one base-policy.

Operation Method and URI

Create a Data Mover policy. POST <cluster-ip:port>platform/16/datamover/
policies

List all Data Mover policies GET <cluster-ip:port>platform/16/datamover/

policies

Get Data Mover policy details by ID GET <cluster-ip:port>platform/16/datamover/

policies/<POLICYID>

Delete Data Mover policy by ID DELETE <cluster-ip:port>platform/16/

datamover/policies/<POLICYID>

Modify Data Mover policy by ID PUT <cluster-ip:port>platform/16/datamover/

policies/<POLICYID>

System configuration API 139

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. policies?describe

Data Mover (SmartSync) certificate resources

Create a CA for TLS connection using openssl CLI or your favorite tool and put it in a directory on cluster. Create a Identity for
TLS connection using openssl CLI or your favorite tool and put it in a directory on cluster.

Operation Method and URI

Import CA certificate. POST <cluster-ip:port>platform/16/datamover/
certificates/ca

Import Identity certificate. POST <cluster-ip:port>platform/16/datamover/

certificates/identity

List all CA certificates. GET <cluster-ip:port>platform/16/datamover/

certificates/ca

List all Identity certificates. GET <cluster-ip:port>platform/16/datamover/

certificates/identity

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. certificates?describe

Data Mover (SmartSync) datasets resources

Defines the data that is being moved through Data Mover.

Operation Method and URI

List all datasets. GET <cluster-ip:port>platform/16/datamover/
datasets

Get datasets for a basepath. GET <cluster-ip:port>platform/16/datamover/

datasets?base_path=/ifs/data

Get datasets by ID. GET <cluster-ip:port>platform/16/datamover/

datasets/<Dataset ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. datasets?describe

Data Mover (SmartSync) job resources

Get the list of jobs that are in active or failed state.

Operation Method and URI

Get the list of active jobs. GET <cluster-ip:port>platform/16/datamover/
jobs

Get job details by job ID. GET <cluster-ip:port>platform/16/datamover/

jobs/<job id>

Get the list of completed (finished/cancelled/failed) jobs. GET <cluster-ip:port>platform/16/datamover/

historical-jobs?after_time=<year-month-date
00:00:00>

140 System configuration API

Operation Method and URI
Delete set of historical jobs. DELETE <cluster-ip:port>platform/16/
datamover/historical-jobs?after_time=<year-
month-date 00:00:00>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. historical-jobs?describe

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. jobs?describe

Data Mover (SmartSync) throttling resources

Get the throttling global settings.

Operation Method and URI

Get the throttling global settings. GET <cluster-ip:port>platform/16/datamover/
throttling/settings

Set the throttling global settings. PUT <cluster-ip:port>platform/16/datamover/

throttling/settings

Create a network bandwidth throttling rule. POST<cluster-ip:port>platform/16/datamover/

throttling/bw-rules

List all network bandwidth throttling rules. GET<cluster-ip:port>platform/16/datamover/

throttling/bw-rules

List a network bandwidth throttling rule by ID. GET<cluster-ip:port>platform/16/datamover/

throttling/bw-rules/<bwrule ID>

Modify a network bandwidth throttling rule by ID. PUT<cluster-ip:port>platform/16/datamover/

throttling/bw-rules/<bwrule ID>

Delete a network bandwidth throttling rule by ID. DELETE<cluster-ip:port>platform/16/

datamover/throttling/bw-rules/<bwrule ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/datamover/
information about query parameters and object properties. throttling-settings?describe

General cluster configuration

You can manage general OneFS settings and module licenses for the PowerScale cluster.
General cluster administration covers several areas. You can:
● Manage general settings such as cluster name, date and time, and email.
● Monitor the cluster status and performance, including hardware components.
● Configure how events and notifications are handled.
● Perform cluster maintenance such as adding, removing, and restarting nodes.
● Take backup of cluster configuration and restore the configuration in the same or different cluster.
Most management tasks are accomplished through both the web administration or command-line interface; however,
occasionally there are exceptions to that.

System configuration API 141

General cluster configuration resources
You can list, modify, create, and delete information regarding OneFS cluster configuration. You can take a backup of a cluster
configuration and restore it in the same or a different cluster.

Cluster configuration backup and restore resources

You can export and import specific cluster configurations to backup good configurations and restore them on another cluster to
re-create a functional cluster.

You can perform this action when you are:

● Taking a snapshot of the cluster configuration before trying something new
● Reverting quickly back to a configuration snapshot
● Provisioning automation

Cluster configuration backup resources

You can take a backup of a cluster configuration and view the list of configuration export tasks.

Operation Method and URI

Take a backup of cluster configuration. POST <cluster-ip-or-host-name>:<port>/
platform/16/config/exports

View the list of configuration export tasks. GET <cluster-ip-or-host-name>:<port>/

platform/16/config/exports

View a specific configuration export task. GET <cluster-ip-or-host-name>:<port>/

platform/16/config/exports/<id>

Take a backup of cluster configuration

Take a backup of cluster configuration to restore it on the same or different cluster.

Request example

POST /platform/config/exports

Response example

{
"task_id" : "fliu-9peydb2-20210223085519"
}

View the list of configuration export tasks

View the status of all exported tasks. Each task has a task id and other related information.

Request example

GET /platform/config/exports

Response example

{
"exports" :

142 System configuration API

 [
{
"done" : "['http', 'quota', 'snapshot', 'nfs', 'smb', 's3', 'ndmp']",
"failed" : "['quota', 'snapshot']",
"id" : "fliu-9peydb2-20210223085519",
"message" : "Components: ['quota', 'snapshot'] are not licensed.",
"path" : "/ifs/data/Isilon_Support/config_mgr/backup/fliu-9peydb2-20210223085519",
"pending" : "[]",
"status" : "Failed"
},
{
"done" : "['http', 'quota', 'snapshot', 'nfs', 'smb', 's3', 'ndmp']",
"failed" : "[]",
"id" : "fliu-9peydb2-20210223085829",
"message" : "",
"path" : "/ifs/data/Isilon_Support/config_mgr/backup/fliu-9peydb2-20210223085829",
"pending" : "[]",
"status" : "Successful"
}
]
}

View a specific configuration export task

View a specific configuration export task by task id.

Request example

GET /platform/config/exports/<id>

where <id> is the task id of the export

Parameter:

"id" : "fliu-9peydb2-20210223085829"

Response example

{
"exports" :
[
{
"done" : "['http', 'quota', 'snapshot', 'nfs', 'smb', 's3', 'ndmp']",
"failed" : "[]",
"id" : "fliu-9peydb2-20210223085829",
"message" : "",
"path" : "/ifs/data/Isilon_Support/config_mgr/backup/fliu-9peydb2-20210223085829",
"pending" : "[]",
"status" : "Successful"
}
]
}

Cluster configuration restore resources

You can restore a cluster configuration and view the list of configuration import tasks.

Operation Method and URI

Restore a specific cluster configuration backup. POST <cluster-ip-or-host-name>:<port>/
platform/16/config/imports

View the list of configuration import tasks. GET <cluster-ip-or-host-name>:<port>/

platform/16/config/imports

System configuration API 143

Operation Method and URI
View a specific configuration import task. GET <cluster-ip-or-host-name>:<port>/
platform/16/config/imports/<id>

Restore a specific cluster configuration backup

Restore a specific cluster configuration from the backup using the export id. After the import task is created, you get a task id
as a response.

Request example

POST /platform/config/imports

Parameter:

"export_id" : "fliu-9peydb2-20210223085829"

Response example

{
"task_id" : "fliu-9peydb2-20210223090538"
}

View the list of configuration import tasks

View the status of all imported tasks. Each task has a task id and other related information.

Request example

GET /platform/config/imports

Response example

{
"imports" :
[
{
"done" : "['http', 'quota', 'snapshot', 'nfs', 'smb', 's3', 'ndmp']",
"export_id" : "fliu-9peydb2-20210223085829",
"failed" : "[]",
"id" : "fliu-9peydb2-20210223090538",
"message" : "",
"path" : "/ifs/data/Isilon_Support/config_mgr/restore/fliu-9peydb2-20210223090538",
"pending" : "[]",
"status" : "Successful"
},
{
"done" : "['http', 'quota', 'snapshot', 'nfs', 'smb', 's3', 'ndmp']",
"export_id" : "fliu-9peydb2-20210223085829",
"failed" : "[]",
"id" : "fliu-9peydb2-20210223090613",
"message" : "",
"path" : "/ifs/data/Isilon_Support/config_mgr/restore/fliu-9peydb2-20210223090613",
"pending" : "[]",
"status" : "Successful"
}
]
}

144 System configuration API

View a specific configuration import task
View a specific configuration import task by task id.

Request example

GET /platform/config/imports/<id>

where <id> is the task id of the import

Parameter:

"id" : "fliu-9peydb2-20210223090613"

Response example

{
"imports" :
[
{
"done" : "['http', 'quota', 'snapshot', 'nfs', 'smb', 's3', 'ndmp']",
"export_id" : "fliu-9peydb2-20210223085829",
"failed" : "[]",
"id" : "fliu-9peydb2-20210223090613",
"message" : "",
"path" : "/ifs/data/Isilon_Support/config_mgr/restore/fliu-9peydb2-20210223090613",
"pending" : "[]",
"status" : "Successful"
}
]
}

Cluster configuration resource

View general information about a cluster.

Operation Method and URI

View information about a cluster. GET <cluster-ip:port>/platform/16/cluster/
config

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. config?describe

Cluster configuration join mode resource

View or set the cluster join mode.

Operation Method and URI

View information about a cluster join mode. GET <cluster-ip:port>/platform/16/cluster/
config/join-mode

Modify information about a cluster join mode. PUT <cluster-ip:port>/platform/16/cluster/

config/join-mode

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. config/join-mode?describe

System configuration API 145

Cluster email resource
View or modify cluster email notification settings.

Operation Method and URI

View cluster email notification settings. GET <cluster-ip:port>/platform/16/cluster/
email

Modify cluster email notification settings. PUT <cluster-ip:port>/platform/16/cluster/

email

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. email?describe

Cluster identity resource

View or modify cluster information that displays at login.

Operation Method and URI

View login display information. GET <cluster-ip:port>/platform/16/cluster/
identity

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. identity?describe

Cluster internal networks resource

View or modify internal network settings.

Operation Method and URI

View information about a cluster internal network. GET <cluster-ip:port>/platform/16/cluster/
internal-networks

Modify information about a cluster internal network. PUT <cluster-ip:port>/platform/16/cluster/

internal-networks

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. internal-networks?describe

Cluster nodes resource

View the nodes on a cluster.

Operation Method and URI

View the nodes on a cluster. GET <cluster-ip:port>/platform/16/cluster/
nodes

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes?describe

Cluster add node resource

Add a node to a cluster.

Operation Method and URI

Add a node to a cluster. POST <cluster-ip:port>/platform/16/cluster/
add-node

146 System configuration API

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. add-node?describe

Cluster nodes available resource

View all the nodes that are available to add to a cluster.

Operation Method and URI

List all the nodes that are available to add to a cluster. GET <cluster-ip:port>/platform/16/cluster/
nodes-available

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes-available?describe

Cluster nodes LNN resource

View node information or modify one or more node settings.

Operation Method and URI

View node information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>

Modify one or more node settings. PUT <cluster-ip:port>/platform/16/cluster/

nodes/<LNN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>?describe

Cluster update LNN resource

Modify the list of current LNNs with respective new LNNs in the configuration.

Operation Method and URI

Modify list of current LNNs to include new LNNs. PUT <cluster-ip:port>/platform/16/cluster/
update-lnns

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. update-lnns?describe

Cluster nodes LNN drive config resource

View or modify a node drive subsystem XML configuration file.

Operation Method and URI

View a node's drive subsystem XML configuration file. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/driveconfig

Modify a node's drive subsystem XML configuration file. PUT <cluster-ip:port>/platform/16/cluster/

nodes/<LNN>/driveconfig

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/driveconfig?describe

System configuration API 147

Cluster nodes LNN drives resource
List the drives on the specified node.

Operation Method and URI

List the drives on the specified node. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/drives?describe

Cluster nodes LNN drives purpose list resource

View a list of the purposes that can be applied to drives on the specified node.

Operation Method and URI

View a list of the purposes that can be applied to drives on GET <cluster-ip:port>/platform/16/cluster/
the specified node. nodes/<LNN>/drives-purposelist

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/drives-purposelist?describe

Cluster nodes LNN drive ID resource

View information about a specific drive.

Operation Method and URI

View information about a specific drive. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/drives/<DRIVEID>?describe

Cluster nodes LNN drives add drive ID resource

Add drives to a node in a OneFS cluster.

Operation Method and URI

Add drives to a node. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/add

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/drives/<DRIVEID>/add?describe

Cluster nodes LNN drives and drive ID firmware resource

View information about the firmware on the drives on a node.

Operation Method and URI

View information about the firmware on a drive. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/firmware

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/cluster/nodes/
<LNN>/drives/<DRIVEID>/firmware?describe

148 System configuration API

Cluster nodes LNN drives and drive ID firmware update resource
View firmware update information for drives on this node.

Operation Method and URI

View firmware update information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/firmware/update

Start a drive firmware update. POST <cluster-ip:port>/platform/16/cluster/

nodes/<LNN>/drives/<DRIVEID>/firmware/update

View the detailed JSON schema for this resource, which has GET <cluster-
information about query parameters and object properties. ip:port>/platform/16/cluster/nodes/<LNN>/
drives/<DRIVEID>/firmware/update?describe

Cluster nodes LNN drives and drive ID format resource

Format drives in a node on a OneFS cluster.

Operation Method and URI

Format a drive for use by OneFS. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<driveid>/format

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/drives/<driveid>/format?describe

Cluster nodes LNN drives and drive ID purpose resource

Assign drives to specific use cases on a OneFS cluster.

Operation Method and URI

Assign a drive to a specific use case. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/purpose

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/cluster/nodes/
<LNN>/drives/<DRIVEID>/purpose?describe

Cluster nodes LNN drives and drive ID smartfail resource

Remove drives from a node on a OneFS cluster.

Operation Method and URI

Remove a drive from use by OneFS. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/smartfail

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/cluster/nodes/
<LNN>/drives<DRIVEID>/smartfail?describe

Cluster nodes LNN drives and drive ID stop fail resource

Stop smart failing drives in a OneFS cluster.

Operation Method and URI

Stop smartfailing a drive. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/stopfail

System configuration API 149

Operation Method and URI
View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/cluster/nodes/
<LNN>/drives/<DRIVEID>/stopfail?describe

Cluster nodes LNN drives and drive ID suspend resource

Temporarily remove drives from a OneFS cluster.

Operation Method and URI

Temporarily remove a drive from use by OneFS. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/drives/<DRIVEID>/suspend

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/cluster/nodes/
<LNN>/drives/<DRIVEID>/suspend?describe

Cluster nodes LNN hardware resource

Retrieve node hardware identification information.

Operation Method and URI

View node hardware ID information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/hardware

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/hardware?describe

Cluster nodes LNN internal IP address resource

View node internal IP address information.

Operation Method and URI

View internal IP address information for a node. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/internal-ip-address

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/internal-ip-address?describe

Cluster nodes LNN partitions resource

Retrieve node partition information.

Operation Method and URI

View node partition information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/partition

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/partition?describe

150 System configuration API

Cluster nodes LNN reboot resource
Reboot a node specified by logical node number (LNN).

Operation Method and URI

Reboot a node specified by LNN. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/reboot

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/reboot?describe

Cluster nodes LNN sensors resource

Retrieve node sensor information.

Operation Method and URI

View node sensor information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/sensors

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/sensors?describe

Cluster nodes LNN shutdown resource

Shut down a node specified by logical node number (LNN).

Operation Method and URI

Shut down a node specified by LNN. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/shutdown

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/shutdown?describe

Cluster nodes LNN sleds resource

Get detailed information for all sleds in this node.

Operation Method and URI

View detailed information for all sleds in this node. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/sleds

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/sleds?describe

Cluster nodes LNN sleds sledid resource

Get detailed information for the sled specified by <SLEDID>, or all sleds if <SLEDID> is all, in the node specified by <LNN>.

Operation Method and URI

View detailed information for one or all sleds on the node that GET <cluster-ip:port>/platform/16/cluster/
is specified by <LNN>. nodes/<LNN>/sleds/<SLEDID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/sleds/<SLEDID>?describe

System configuration API 151

Cluster nodes LNN state resource
Retrieve node state information by specified logical node number (LNN).

Operation Method and URI

View node state information by specified LNN. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/state

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/state?describe

Cluster nodes LNN state read-only resource

Retrieve or modify node read-only state information.

Operation Method and URI

View node read-only state information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/state/readonly

Modify one or more node read-only state settings. PUT <cluster-ip:port>/platform/16/cluster/

nodes/<LNN>/state/readonly

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/state/readonly?describe

Cluster nodes LNN state service light resource

Retrieve or modify node service light state information.

Operation Method and URI

View node service light state information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/state/servicelight

Modify one or more node service light state settings. PUT <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/state/servicelight

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/state/servicelight?describe

Cluster nodes LNN state smartfail resource

Retrieve or modify node smartfail state information.

Operation Method and URI

View node smartfail state information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/state/smartfail

Modify the smartfail state of a node. PUT <cluster-ip:port>/platform/16/cluster/

nodes/<LNN>/state/smartfail

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/state/smartfail?describe

152 System configuration API

Cluster nodes LNN status
Retrieve node status information.

Operation Method and URI

View node status information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<lnn>/status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<lnn>/status?describe

Cluster nodes LNN status battery status resource

Retrieve node battery status information.

Operation Method and URI

View node battery status information. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/status/batterystatus

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/status/batterystatus?describe

Cluster nodes LNN status CPU status resource

Retrieve node CPU status information.

Operation Method and URI

Retrieve CPU status. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/status/cpu

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/status/cpu?describe

Cluster nodes LNN status nonvolatile RAM status resource

Retrieve node nonvolatile RAM status information.

Operation Method and URI

Retrieve nonvolatile RAM status. POST <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/status/nvram

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/status/nvram?describe

Cluster nodes LNN status power supplies status resource

Retrieve node power supplies status information.

Operation Method and URI

Retrieve power supplies status. GET <cluster-ip:port>/platform/16/cluster/
nodes/<LNN>/status/powersupplies

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. nodes/<LNN>/status/powersupplies?describe

System configuration API 153

Local cluster nodes resource
List the nodes on the cluster.

Operation Method and URI

List the nodes on the cluster. GET <cluster-ip:port>/platform/16/local/
cluster/nodes

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/local/
information about query parameters and object properties. cluster/nodes?describe

Local cluster nodes LNN resource

Retrieve node settings by logical node number (LNN), or modify one or more node settings.

Operation Method and URI

List node settings by LNN. GET <cluster-ip:port>/platform/16/local/
cluster/nodes/<LNN>

Modify node settings by LNN. PUT <cluster-ip:port>/platform/16/local/

cluster/nodes/<LNN>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/local/
information about query parameters and object properties. cluster/nodes/<LNN>?describe

Local cluster nodes LNN drives resource

List the drives on a node, which is specified by logical node number (LNN).

Operation Method and URI

List drives on a node by LNN. GET <cluster-ip:port>/platform/16/local/
cluster/nodes/<LNN>/drives

List a specific drive on a node by LNN. GET <cluster-ip:port>/platform/16/local/

cluster/nodes/<LNN>/drives/<DRIVE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/local/
information about query parameters and object properties. cluster/nodes/<LNN>/drives?describe
GET <cluster-ip:port>/platform/16/local/
cluster/nodes/<LNN>/drives/<DRIVE>?describe

Local cluster nodes LNN drive config resource

View or modify a local drive subsystem XML configuration file.

Operation Method and URI

View a node drive subsystem XML configuration file. GET <cluster-ip:port>/platform/16/local/
cluster/nodes/<LNN>/driveconfig

Modify a node drive subsystem XML configuration file. PUT <cluster-ip:port>/platform/16/local/

cluster/nodes/<LNN>/driveconfig

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/local/
information about query parameters and object properties. cluster/nodes/<LNN>/driveconfig?describe

154 System configuration API

Local cluster nodes LNN drives firmware resource
Retrieve firmware information for a specific drive on a node, specified by logical node number (LNN).

Operation Method and URI

Retrieve firmware information for a specific drive on a node GET <cluster-ip:port>/platform/16/local/cluster/nodes/
<LNN>/drive/<DRIVE>/firmware
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/local/cluster/nodes/
information about query parameters and object properties. <LNN>/drive/<DRIVE>/firmware?describe

Local cluster nodes LNN internal IP address resource

View internal IP addresses for a node.

Operation Method and URI

View internal IP addresses for a node. GET <cluster-ip:port>/platform/16/local/
cluster/nodes/<LNN>/internal-ip-address

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/local/cluster/
nodes/<LNN>/internal-ip-address?describe

Cluster owner resource

Retrieve cluster contact information settings.

Operation Method and URI

View cluster contact information settings. GET <cluster-ip:port>/platform/16/cluster/
owner

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. owner?describe

Cluster file system statistics resource

Retrieve file system statistics.

Operation Method and URI

View file system statistics. GET <cluster-ip:port>/platform/16/cluster/
statfs

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. statfs?describe

Cluster time resource

Retrieve the current time as reported by each node, or modify cluster time settings.
NOTE: If NTP is configured for the cluster, the cluster time is automatically synchronized to the time reported by the
configured NTP servers.

Operation Method and URI

View the current time as reported by each node. GET <cluster-ip:port>/platform/16/cluster/
time

System configuration API 155

Operation Method and URI
Set the cluster time. Time gets synchronized across nodes, PUT <cluster-ip:port>/platform/16/cluster/
but there can be slight drift. time

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. time?describe

Cluster time zone resource

View cluster time zone information, or set a new time zone for a cluster.

Operation Method and URI

View the cluster time zone. GET <cluster-ip:port>/platform/16/cluster/
timezone

Set a new time zone for a cluster. PUT <cluster-ip:port>/platform/16/cluster/

timezone

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. timezone?describe

Cluster time zone regions resource

List time zone regions.

Operation Method and URI

List time zone regions. GET <cluster-ip:port>/platform/16/cluster/
timezone/regions/<REGION>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. timezone/regions/<REGION>?describe

Cluster time zone settings resource

Retrieve or modify cluster time zone settings.

Operation Method and URI

View cluster time zone setting information. GET <cluster-ip:port>/platform/16/cluster/
timezone/settings

Modify one or more nodes read-only state settings. PUT <cluster-ip:port>/platform/16/cluster/

timezone/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. timezone/settings?describe

Local cluster time resource

View the current time on the local node.

Operation Method and URI

View the current time on the local node. GET <cluster-ip:port>/platform/16/local/
cluster/time

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/local/
information about query parameters and object properties. cluster/time?describe

156 System configuration API

Cluster version resource
Retrieve the OneFS version of each node on the cluster.

NOTE: The versions of OneFS should be the same on all nodes unless an upgrade is in progress.

Operation Method and URI

View the OneFS version on each node. GET <cluster-ip:port>/platform/16/cluster/
version

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. version

SSH settings resource

View or modify SSH settings.

Operation Method and URI

List the SSH settings. GET <cluster-ip:port>/platform/16/
protocols/ssh/settings

Modify SSH settings. PUT <cluster-ip:port>/platform/16/

protocols/ssh/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. protocols/ssh/settings?describe

IP address pools
Within a subnet, you can partition an external network interfaces a cluster into pools of IP address ranges. The pools enable you
to customize your storage network to serve different groups of users. You can configure subnets in IPv4 or IPv6.
You can associate IP address pools with a node, a group of nodes, or NIC ports. For example, you can set up one subnet for
storage nodes and another subnet for accelerator nodes. Similarly, you can allocate ranges of IP addresses on a subnet to
different teams, such as engineering and sales. These options help you create a storage topology that matches the demands of
your network.
In addition, network provisioning rules streamline the setup of external connections. After you configure the rules with network
settings, you can apply the settings to new nodes.
As a standard feature, the OneFS SmartConnect module balances connections among nodes. A round-robin policy with static
IP addresses and one IP address pool for each subnet. Activating a SmartConnect Advanced license adds features, such as
defining IP address pools to support multiple DNS zones.

Cluster external IP resource

Contains the external IP addresses for the cluster.

Operation Method and URI

Get external IP addresses for the cluster. GET <cluster-ip:port>/platform/16/cluster/
external-ips

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cluster/
information about query parameters and object properties. external-ips?describe

System configuration API 157

Structure of the file system
OneFS presents all the nodes in a cluster as a global namespace.
In the file system, directories are inode number links. An inode contains file metadata and an inode number, which identifies
location of a file. OneFS dynamically allocates inodes, and there is no limit on the number of inodes.
To distribute data among nodes, OneFS sends messages with a globally routable block address through the internal network of a
cluster. The block address identifies the node and the drive storing the block of data.
NOTE: The design of your data storage structure should be planned carefully. A well-designed directory optimizes cluster
performance and cluster administration.

File system settings character encodings resource

Modify or retrieve information about settings for character-encodings.

Operation Method and URI

Retrieve default character encodings settings for the cluster. GET <cluster-ip:port>/platform/16/
filesystem/settings/character-encodings

Modify the default character encodings settings for the PUT <cluster-ip:port>/platform/16/
cluster. filesystem/settings/character-encodings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/
information about query parameters and object properties. platform/16/filesystem/settings/character-
encodings?describe

File system settings compression resource

Modify or retrieve the file system settings for compression.

Operation Method and URI

Retrieve the settings for file system compression for the GET <cluster-ip:port>/platform/16/
cluster. filesystem/settings/compression

Modify the file system compression settings for the cluster. PUT <cluster-ip:port>/platform/16/
filesystem/settings/compression

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. filesystem/settings/compression?describe

File system settings access-time resource

Modify or retrieve information about settings for the file system access-time.

Operation Method and URI

Retrieve default access-time settings. GET <cluster-ip:port>/platform/16/
filesystem/settings/access-time

Modify the default access-time settings. PUT <cluster-ip:port>/platform/16/

filesystem/settings/access-time

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. filesystem/settings/access-time?describe

158 System configuration API

SupportAssist
SupportAssist is the remote connectivity system for transmitting events, logs, and telemetry from a PowerScale OneFS cluster
to Dell Support.
SupportAssist integrates an Embedded Service Enabler (ESE) into OneFS and, using an access key and pin, can connect directly
to Dell Support or through a supported Secure Connect Gateway (SCG).
SupportAssist is used for the following workflows:

CELOG CELOG sends alerts through the SupportAssist channel to Dell Support.
isi diagnostics The isi diagnostics gather and isi_gather_info commands have a --supportassist
gather option.
License The isi license activation start command uses SupportAssist to connect.
activation
CloudIQ Telemetry data is sent using SupportAssist.
HealthCheck HealthCheck definitions are updated using SupportAssist.
Remote Support Remote Support uses SupportAssist and the Connectivity Hub to assist customers with their clusters.

SupportAssist is recommended for all clusters that can send telemetry data off-cluster and is a replacement for the legacy
connectivity system - Secure Remote Services (SRS).
OneFS clusters can continue to use SRS and setup new connections using SRS, but administrators are encouraged to install and
use SCG v5.x or later, which supports both SRS and SupportAssist.
NOTE: Clusters using IPv6 must continue using SRS. SupportAssist does not support IPv6.

For more information, see the SupportAssist site on Dell support.

SupportAssist resources
List and view SupportAssist settings and tasks.

Operation Method and URI

List SupportAssist settings. GET <cluster-ip:port>/platform/16/
supportassist/settings

Modify one or more SupportAssist settings. PUT <cluster-ip:port>/platform/16/

supportassist/settings

Get SupportAssist status. GET <cluster-ip:port>/platform/16/

supportassist/status

Modify SupportAssist status. PUT <cluster-ip:port>/platform/16/

supportassist/status

Get all SupportAssist tasks. GET <cluster-ip:port>/platform/16/

supportassist/task

Create a SupportAssist task. POST <cluster-ip:port>/platform/16/

supportassist/task

Get terms and conditions text of SupportAssist. GET <cluster-ip:port>/platform/16/

supportassist/terms

Set terms and conditions text for SupportAssist PUT <cluster-ip:port>/platform/16/

supportassist/terms

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. supportassist?describe

System configuration API 159

Licensing
All PowerScale software and hardware must be licensed through Dell Technologies Software Licensing Central (SLC).
A license file contains a record of your active software licenses and your cluster hardware. One copy of the license file is stored
in the SLC repository, and another copy of the license file is stored on your cluster. The license file on your cluster and the
license file in the SLC repository must match. The license file contains a record of the following:
● OneFS license
● Optional software module licenses
● Hardware information

Licensing resources
You can retrieve information about OneFS feature licenses, or install a new license key.

License licenses resource

Retrieve information about OneFS feature licenses, or install a license key.

Operation Method and URI

Retrieve license information for all licensable OneFS features. GET <cluster-ip>:<port>/platform/16/license/
licenses

Retrieve license information for a specific OneFS feature. GET <cluster-ip>:<port>/platform/16/license/

licenses/<NAME>

Install a new license key. POST <cluster-ip>:<port>/platform/16/

license/licenses

View the detailed JSON schema for this resource, which has GET <cluster-ip>:<port>/platform/16/license/
information about query parameters and object properties. licenses?describe
GET <cluster-ip>:<port>/platform/16/license/
licenses/<NAME>?describe

License EULA resource

Retrieve the OneFS end user license agreement (EULA) as plain text.

Operation Method and URI

Retrieve the OneFS EULA as plain text. GET <cluster-ip>:<port>/platform/16/license/
eula

View the detailed JSON schema for this resource, which has GET <cluster-ip>:<port>/platform/16/license/
information about query parameters and object properties. eula?describe

Security hardening
Security hardening is the process of configuring a system to reduce or eliminate security risks. The OneFS Security Hardening
Module is primarily for use by United States federal government accounts.
OneFS is secure in its default configuration. The United States federal government requires configurations and limitations that
are more strict than the default.
The Security Hardening Module provides a hardening profile that you can apply to a OneFS cluster. A hardening profile is a
collection of rules that changes the cluster configuration so that the cluster complies with strict security rules.
The predefined STIG hardening profile is designed to enforce security principles that are defined in the United States
Department of Defense (DoD) Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs).
The STIG hardening profile applies controls to the OneFS cluster that reduce security vulnerabilities and attack surfaces.

160 System configuration API

For more about the STIG profile and how to apply it, see the "United States Federal and DoD Standards and Compliance"
chapter in the PowerScale OneFS Security Configuration Guide. That chapter also includes instructions for running periodic
compliance reports after applying the profile.
The Security Hardening Module is a separately licensed OneFS module. For licensing information, see the Licensing section in
the "General Cluster Administration chapter" of this guide.

Hardening resources
Apply, resolve, revert, or retrieve information about hardening on a cluster.

Hardening apply resource

Apply hardening on a cluster.

Operation Method and URI

Apply hardening on a cluster. POST <cluster-ip:port>/platform/16/
hardening/apply

Disable USB port

USB ports are enabled on all Isilon and PowerScale nodes by default. Dell recommends that you disable the USB ports on all
nodes as a security best practice. A disabled USB port prevents USB devices from interacting with OneFS. By disabling USB
ports, you prevent unauthorized copying of data onto USB storage devices.
NOTE: To enable/disable USB ports, you should have the privilege - ISI_PRIV_CLUSTER.

NOTE: You can enable/disable USB ports only on MLK or PowerEdge clusters.

Operation Method and URI

Get USB port status. GET <cluster-ip:port>/platform/16/security/
settings

Enable/disable USB ports. PUT <cluster-ip:port>/platform/16/security/

settings

Hardening resolve resource

Resolve issues that are related to hardening that are encountered in the current cluster configuration.

Operation Method and URI

Resolve hardening issues on a cluster. POST <cluster-ip:port>/platform/16/
hardening/resolve

Hardening revert resource

Revert hardening on a cluster.

Operation Method and URI

Revert hardening on a cluster. POST <cluster-ip:port>/platform/16/
hardening/revert

System configuration API 161

Hardening state resource
Retrieve the state of the current hardening operation, if one is in progress.

NOTE: This is different from the hardening status resource, which retrieves the overall hardening status on the cluster.

Operation Method and URI

Retrieve the state (apply or revert) of the current hardening GET <cluster-ip:port>/platform/16/hardening/
operation. state

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/hardening/
information about query parameters and object properties. state?describe

Hardening status resource

Retrieve a message indicating whether the cluster is hardened. This also includes node-specific hardening status if hardening is
enabled on at least one node.

NOTE: This is different from the hardening state resource, which returns that state of a specific hardening operation.

Operation Method and URI

Retrieve a message indicating if a cluster is hardened. GET <cluster-ip:port>/platform/16/hardening/
status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/hardening/
information about query parameters and object properties. status?describe

Security Check and Verification

Security check and verification overview

Security check and verification enables you to put your system under compliance and continue to monitor its compliance on an
ongoing basis.
You can monitor the security anomalies in OneFS cluster and trigger the action specified. Security check and verification runs on
every system boot expect the first boot. you can run the security check and verification on node level as well as cluster level.
Security checks and verification supports:
● Security hardening checks if security hardening is applied.
● HealthCheck’s security check.
● Periodic freebsd security check.

Security check and verification resources

Get security check and verification status and reports of failure from last run.

Operation Method and URI

Get security check status. GET <cluster-ip:port>platform/16/security/
check

List of checks. POST <cluster-ip:port>platform/16/security/

check

Display the configuration settings for security check. GET <cluster-ip:port>platform/16/security/

check/settings

Security parameter in key value pair. PUT <cluster-ip:port>platform/16/security/

check/settings

162 System configuration API

Operation Method and URI
Display the report of failures from the last run (if any). GET <cluster-ip:port>platform/16/security/
check/report

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/security/
information about query parameters and object properties. check-summary?describe

External key management for SEDs using KMIP

PowerScale can store data on Self-Encrypted Drives (SEDs). Such drives have encryption keys that are stored locally on nodes.
User can move these keys to some external key management server to store them safely.

KMIP server resources

Retrieve, create, modify, remove, and verify information about Key Management Interoperability Protocol (KMIP) servers.

Operation Method and URI

Create a KMIP server. You can configure only one POST <cluster-ip-or-host-name>:<port>/platform/16/
KMIP server. The client_cert file must have both keymanager/kmip/servers
certificate and client key in the same file.
Remove a KMIP server. A server cannot be DELETE <cluster-ip-or-host-name>:<port>/platform/16/
deleted when the KMIP feature is enabled. keymanager/kmip/servers/<id>

View the details of a specific server. GET <cluster-ip-or-host-name>:<port>/platform/16/

keymanager/kmip/servers/<id>

Get a list of available servers and the number of GET <cluster-ip-or-host-name>:<port>/platform/16/

servers. keymanager/kmip/servers/

Modify a KMIP server. PUT <cluster-ip-or-host-name>:<port>/platform/16/

keymanager/kmip/servers/<id>

Verify KMIP configuration. POST <cluster-ip-or-host-name>:<port>/platform/16/

keymanager/kmip/server/verify

Request query parameters

View the various query parameters for KMIP API requests.

Parameter Name Description Default Type Required

Id Unique KMIP server N/A string Yes
identifier
host KMIP server hostname N/A string Yes
ca_cert_path Certification Authority N/A string Yes
(CA) certificate used
to validate the server
connection during TLS
Mutual Authentication
with the external KMIP
server
client_cert_path Cluster client N/A string Yes
certificate and private
key that is used to
authenticate the cluster
during TLS Mutual

System configuration API 163

Parameter Name Description Default Type Required
Authentication with the
external KMIP server
port KMIP server host port 5696 Integer No
client_cert_password Cluster client private N/A string No
key password
minimum_tls_version Minimum TLS version The default value can No
number for KTP. only be 1.0, 1.1 or 1.2.
Needed for servers like
IBM SKLM that only
supports TLS 1.0

KMIP examples
View examples regarding selective KMIP API requests.

Verify KMIP configuration

Request example

POST /platform/12/keymanager/kmip/server/verify
Body:
{
"nodes" :
[
{
"id" : 1,
"lnn" : 1,
"message" : "Success",
"status" : true
}
],
"total" : 1
}

Response example

{
"client_cert_path": "/ifs/kmip_client_bundle.pem",
"minimum_tls_version": "1.2",
"host": "aimakmip.west.isilon.com",
"ca_cert_path": "/ifs/kmip_ca.pem"
}

View details of a specific server

Request example

GET platform/12/keymanager/kmip/servers/aimakmip

Response example

{
"servers" :

164 System configuration API

 [

{
"ca_cert" :
{
"expiration_date" : 1780854384,
"fingerprint" : "77dca16aeaf912e41fd6aed1c6e579c5c6457d80ab2db115f63e862185c36c86",
"serial" : 0,
"subject" : "C=US, ST=Washington, L=Seattle, O=Isilon, OU=AIMA, CN=KMIP CA,
emailAddress="
},
"client_cert" :
{
"expiration_date" : 1780869157,
"fingerprint" : "8c575e2e7b7019758f25781e7b1cf448e368dfe33f79e82a8912204706312b65",
"serial" : 9120,
"subject" : "C=US, ST=WA, L=Seattle, O=Isilon Engineering, OU=AIMA, CN=wctest,
[email protected]"
},
"host" : "aimakmip.west.isilon.com",
"id" : "aimakmip",
"minimum_tls_version" : "1.2",
"port" : 5696
}
]
}

Self-Encrypting Drive (SED) resources

Migrate and restore KMIP servers, and retrieve KMIP status information.

Operation Method and URI

Modify the feature enabled flag of the KMIP PUT <cluster-ip-or-host-name>:<port>/platform/16/
feature. keymanager/sed/settings

View the current KMIP settings. GET <cluster-ip-or-host-name>:<port>/platform/16/

keymanager/sed/settings

Start migration to server. This command does POST <cluster-ip-or-host-name>:<port>/platform/16/

nothing unless 'sed migrate local' has been called. keymanager/sed/migrate
Start restoration back to local. This command POST <cluster-ip-or-host-name>:<port>/platform/16/
does nothing unless 'sed migrate server' has been keymanager/sed/migrate
called.
Retry KMIP migration in the previous direction POST <cluster-ip-or-host-name>:<port>/platform/16/
for nodes that did not migrate due to errors. keymanager/sed/migrate
For example, if error occurred after migrate
with 'to_server=true', using 'sed/migrate' handler
with 'retry=true' will retry migration to
server. Similarly, if previous migration was
'to_server=false', retry tries to restore back to
local.
View the current KMIP status. Status supports GET <cluster-ip-or-host-name>:<port>/platform/16/
display options. keymanager/sed/status

View the current KMIP status for a specific node. GET <cluster-ip-or-host-name>:<port>/platform/16/
Status supports display options. keymanager/sed/status/<LNN>

System configuration API 165

SED API query parameters
View the various query parameters for SED API requests.

Parameter Name Description Default Type Required

kmip_enabled ‘true’ for kmip feature false boolean Yes
enabled, and ‘false’
otherwise. Having
feature that is enabled
does not start the
migration, but it allows
the 'sed migrate'
command to run and
migrate. When KMIP is
enabled, KMIP servers
cannot be deleted.
Moreover, the feature
cannot be disabled if
there are nodes that
are not in 'LOCAL'
status.
to_server If ‘true’, migrates keys N/A boolean Yes
to server. If ‘false’,
restores keys to local.
Ignored and not
required when 'retry' is
set to 'true'.

retry If set to ‘true’, false boolean Yes

'sed migrate retry' is
triggered.

SED examples
View examples regarding selective SED API requests.

View KMIP settings

Request example

GET platform/16/keymanager/sed/settings

Response example

{
"settings" :
{
"kmip_enabled" : true,
"kmip_server" : "aimakmip",
"supported" : true
}
}

166 System configuration API

View KMIP status

Request example

GET platform/16/keymanager/sed/status

Response example

{
"nodes" :
[

{
"error_msg" : "",
"id" : 1,
"lnn" : 1,
"location" : "Local",
"remote_key_id" : "",
"status" : "LOCAL"
},

{
"error_msg" : "",
"id" : 2,
"lnn" : 2,
"location" : "Local",
"remote_key_id" : "",
"status" : "LOCAL"
},

{
"error_msg" : "",
"id" : 3,
"lnn" : 3,
"location" : "Local",
"remote_key_id" : "",
"status" : "LOCAL"
},

{
"error_msg" : "",
"id" : 4,
"lnn" : 4,
"location" : "Local",
"remote_key_id" : "",
"status" : "LOCAL"
}
],
"total" : 4
}

Modify KMIP flag

Request example

PUT platform/12/keymanager/sed/settings

Body:

{
"kmip_enabled" : "true"
}

System configuration API 167

Response example

No content. Returns nothing.

Migrate keys to server

Request example

POST platform/12/keymanager/sed/migrate

Body:
{
"to_server" : "true"
}

Response example

{
"migration_msg" : "Migration started. Please check status for progress."
}

Key manager rekey

PowerScale OneFS allows you to change the primary passphrase of the key manager provider domain. You can generate a new
primary passphrase and re-encrypt all key entries that are stored within that provider domain.
NOTE: The rekey operation is not allowed while a migration of the primary key is being done to/from a KMIP server. The
key migration must be successfully completed before the rekey operation is allowed.

Required roles and privileges

Operation Required privilege

RekeyProvider ISI_PRIV_KEYMANAGER
Configure Rekey Rotation PeriodSetting ISI_PRIV_KEYMANAGER
View Provider Status ISI_PRIV_KEYMANAGER
View Rekey Rotation PeriodSetting ISI_PRIV_KEYMANAGER

Key manager rekey resources

List, start and configure the rekey of the provider master key and sed master key.

Operation Method and URI

Get master key rotation settings for the provider. GET <cluster-ip:port>/platform/16/
keymanager/cluster/rekey

Configure rekey rotation for the provider. PUT <cluster-ip:port>/platform/16/

keymanager/cluster/rekey

Start a rekey operation for the provider POST <cluster-ip:port>/platform/16/

keymanager/cluster/rekey

Get rekey rotation settings for the seds master key. GET <cluster-ip:port>/platform/16/
keymanager/sed/rekey

168 System configuration API

Operation Method and URI
Configure rekey rotation for the seds master key. PUT <cluster-ip:port>/platform/16/
keymanager/sed/rekey

Start a rekey operation for the seds master key. POST <cluster-ip:port>/platform/16/
keymanager/sed/rekey

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. keymanager/sed/rekey

Upgrading OneFS
Upgrading OneFS can be done using either the web interface or the command line interface and includes a series of tasks that
Administrators must perform prior to, during, and after the upgrade.
There are three options available for upgrading your OneFS cluster: parallel upgrades, rolling upgrades, or simultaneous
upgrades.
For more information about how to plan, prepare, and perform an upgrade on your OneFS cluster, see the PowerScale OneFS
Upgrade Planning and Process Guide.

Upgrade cluster resources

View, modify, create, or delete information related to OneFS cluster upgrades.

Upgrade cluster resource

Retrieve cluster-wide OneFS upgrade status information.

Operation Method and URI

Retrieve upgrade status information for the cluster. GET <cluster-ip:port>/platform/16/upgrade/
cluster

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster?describe

Upgrade cluster pause resource

Pause a running upgrade process.

Operation Method and URI

Pause a running upgrade process. GET <cluster-ip:port>/platform/16/upgrade/
cluster/pause

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/pause?describe

Upgrade cluster resume resource

Resume a paused upgrade process.

Operation Method and URI

Resume a paused upgrade process. GET <cluster-ip:port>/platform/16/upgrade/
cluster/resume

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/resume?describe

System configuration API 169

Upgrade cluster upgrade resource
Add nodes to a running upgrade, or modify settings in order to start an upgrade.

Operation Method and URI

Add nodes to a running upgrade. POST <cluster-ip:port>/platform/16/upgrade/
cluster/upgrade

Modify settings for an upgrade. PUT <cluster-ip:port>/platform/16/upgrade/

cluster/upgrade

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/upgrade?describe

Upgrade cluster assess resource

Start an upgrade assessment for the cluster.

Operation Method and URI

Start an upgrade assessment. POST <cluster-ip:port>/platform/16/upgrade/
cluster/assess

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/assess?describe

Upgrade cluster commit resource

Commit the upgrade of a cluster.

Operation Method and URI

Commit the upgrade of a cluster. POST <cluster-ip:port>/platform/16/upgrade/
cluster/commit

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/commit?describe

Upgrade cluster add remaining nodes resource

Absorb any remaining or new nodes into the existing upgrade.

Operation Method and URI

Absorb remaining or new nodes into existing upgrade. POST <cluster-ip:port>/platform/16/upgrade/
cluster/add_remaining_nodes

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/add_remaining_nodes?describe

Upgrade cluster archive resource

Start an archive of an upgrade.

Operation Method and URI

Start an archive of an upgrade. POST <cluster-ip:port>/platform/16/upgrade/
cluster/archive

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/archive?describe

170 System configuration API

Upgrade cluster nodes resource
View information about nodes during an upgrade, rollback, or preupgrade assessment.

Operation Method and URI

View information about nodes during an upgrade, rollback, or GET <cluster-ip:port>/platform/16/upgrade/
preupgrade. assessment cluster/nodes

View information about a specific node during an upgrade or GET <cluster-ip:port>/platform/16/upgrade/

assessment. cluster/nodes/<lnn>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/nodes?describe
GET <cluster-ip:port>/platform/16/upgrade/
cluster/nodes/<lnn>?describe

Upgrade cluster nodes firmware status resource

View firmware status for a specific node.

Operation Method and URI

Retrieve firmware status for a specific node. GET <cluster-ip:port>/platform/16/upgrade/
cluster/nodes/<LNN>/firmware/status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/nodes/<LNN>/firmware/status?describe

Upgrade cluster nodes patch synchronization resource

Retry all pending patch synchronization operations.

Operation Method and URI

Retry all pending patch synchronization operations. POST <cluster-ip:port>/platform/16/upgrade/
cluster/nodes/<LNN>/patch/sync

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/nodes/<LNN>/patch/sync?describe

Upgrade cluster firmware assess resource

Start a firmware upgrade assessment on the cluster.

Operation Method and URI

Start a firmware upgrade assessment. POST <cluster-ip:port>/platform/16/upgrade/
cluster/firmware/assess

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/firmware/assess?describe

Upgrade cluster firmware progress resource

Retrieve cluster-wide firmware upgrade status information.

Operation Method and URI

Retrieve cluster-wide firmware upgrade status information. GET <cluster-ip:port>/platform/16/upgrade/
cluster/firmware/progress

System configuration API 171

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/firmware/progress?describe

Upgrade cluster firmware status resource

Retrieve the firmware status for the cluster.

Operation Method and URI

Retrieve firmware status for the cluster. GET <cluster-ip:port>/platform/16/upgrade/
cluster/firmware/status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/firmware/status?describe

Upgrade cluster firmware upgrade resource

Upgrade firmware on a OneFS cluster.

Operation Method and URI

Start a firmware upgrade. POST <cluster-ip:port>/platform/16/upgrade/
cluster/firmware/upgrade

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/firmware/upgrade?describe

Upgrade cluster retry last action resource

Retry the previous upgrade action if the previous attempt failed.

Operation Method and URI

Retry the previous upgrade action. POST <cluster-ip:port>/platform/16/upgrade/
cluster/retry_last_action

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/retry_last_action?describe

Upgrade cluster rollback resource

Roll back the upgrade of a cluster.

Operation Method and URI

Roll back the upgrade of a cluster. POST <cluster-ip:port>/platform/16/upgrade/
cluster/rollback

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/rollback?describe

Upgrade cluster rolling reboot resource

Perform a rolling reboot of the cluster.

Operation Method and URI

Perform a rolling reboot of the cluster. POST <cluster-ip:port>/platform/16/upgrade/
cluster/rolling-reboot

172 System configuration API

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/rolling-reboot?describe

Upgrade cluster patch resource

List, install, or delete patches.

Operation Method and URI

List all patches. GET <cluster-ip:port>/platform/16/upgrade/
cluster/patch/patches

View a single patch. GET <cluster-ip:port>/platform/16/upgrade/

cluster/patch/patches/<patch>

Install a patch. POST <cluster-ip:port>/platform/16/upgrade/

cluster/patch/patches

Uninstall a patch. DELETE <cluster-ip:port>/platform/16/

upgrade/cluster/patch/patches/<patch>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/patch/patches?describe
GET <cluster-ip:port>/platform/16/upgrade/
cluster/patch/patches/<patch>?describe

Upgrade cluster patch abort resource

Cancel the previous action performed by the patch system.

Operation Method and URI

Cancel the previous action performed by the patch system. POST <cluster-ip:port>/platform/16/upgrade/
cluster/patch/abort

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/patch/abort?describe

Upgrade cluster drain resources

View or modify the resources that affect drain-based upgrade processes, where nodes are not reboot until all SMB clients have
disconnected.

Operation Method and URI

Modify the sets of nodes that are assigned to the skip drain PUT <cluster-ip:port>/platform/16/upgrade/
and delay drain lists. cluster/drain

Retrieve the sets of nodes that are assigned to the skip drain GET <cluster-ip:port>/platform/16/upgrade/
and delay drain lists. cluster/drain/list

Retrieve the cluster-wide drain timeout and drain alert timeout PUT <cluster-ip:port>/platform/16/upgrade/
values. cluster/drain/timeout

Modify the cluster-wide drain timeout and drain alert timeout GET <cluster-ip:port>/platform/16/upgrade/
values. cluster/drain/timeout

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. cluster/drain?describe

NOTE: The default drain-timeout value is -1, which is specified for upgrade to start without waiting for all the SMB
clients to be disconnected.

System configuration API 173

Cluster date and time
The Network Time Protocol (NTP) service is configurable manually, so you can ensure that all nodes in a cluster are
synchronized to the same time source.
The NTP method automatically synchronizes cluster date and time settings through an NTP server. Alternatively, you can set
the date and time reported by the cluster by manually configuring the service.
Windows domains provide a mechanism to synchronize members of the domain to a main clock running on the domain
controllers, so OneFS adjusts the cluster time to that of Active Directory with a service. If there are no external NTP servers
that are configured, OneFS uses the Windows domain controller as the NTP time server. When the cluster and domain time that
is become out of sync by more than 4 minutes, OneFS generates an event notification.
NOTE: If the cluster and Active Directory that is become out of sync by more than 5 minutes, authentication does not
work.

NTP resources
List, modify, create, or delete Network Time Protocol (NTP) configuration information.

NTP servers resource

Retrieve NTP servers; or create, modify, or delete NTP server entries.

Operation Method and URI

List all NTP servers. GET <cluster-ip:port>/platform/16/protocols/ntp/servers

Retrieve a specific NTP server. GET <cluster-ip:port>/platform/16/protocols/ntp/servers/

<SERVER-ID>

Create an NTP server entry. POST <cluster-ip:port>/platform/16/protocols/ntp/servers

Modify the key value for a specific NTP PUT <cluster-ip:port>/platform/16/protocols/ntp/servers/

server. <SERVER-ID>

Delete all NTP server entries. DELETE <cluster-ip:port>/platform/16/protocols/ntp/

servers

Delete a specific NTP server entry. DELETE <cluster-ip:port>/platform/16/protocols/ntp/

servers/<SERVER-ID>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/ntp/servers?

resource, which has information about query describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/protocols/ntp/servers/
<SERVER-ID>?describe

NTP settings resource

List or modify Network Time Protocol (NTP) settings information.

Operation Method and URI

List all NTP settings. GET <cluster-ip:port>/platform/16/protocols/ntp/settings

Modify NTP settings (all input fields are PUT <cluster-ip:port>/platform/16/protocols/ntp/settings

optional, but you must supply one or more).
View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/ntp/
resource, which has information about query settings?describe
parameters and object properties.

174 System configuration API

Managing SNMP settings
You can use SNMP to monitor cluster hardware and system information. You can configure settings through either the web
administration interface or the command-line interface.
The default SNMP v3 username (general) and password can be changed to anything from the CLI or the WebUI. The username
is only required when SNMP v3 is enabled and making SNMP v3 queries.
Configure a network monitoring system (NMS) to query each node directly through a static IPv4 address. If a node is configured
for IPv6, you can communicate with SNMP over IPv6.
The SNMP proxy is enabled by default, and the SNMP implementation on each node is configured automatically to proxy for all
other nodes in the cluster except itself. This proxy configuration allows the PowerScale Management Information Base (MIB)
and standard MIBs to be exposed seamlessly by using context strings for supported SNMP versions. This approach allows you
to query a node through another node by appending _node_<node number> to the community string of the query. For example,
snmpwalk -m /usr/share/snmp/mibs/ISILON-MIB.txt -v 2c -c 'I$ilonpublic_node_1' localhost
<nodename>.

SNMP settings resource

List or modify Simple Network Management Protocol (SNMP) settings.

Operation Method and URI

List SNMP settings. GET <cluster-ip:port>/platform/16/protocols/snmp/
settings

Modify SNMP settings (all input fields are PUT <cluster-ip:port>/platform/16/protocols/snmp/

optional, but you must supply one or more). settings

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/protocols/snmp/

resource, which has information about query settings?describe
parameters and object properties.

Hardware
You can update certain information about PowerScale hardware ports and tapes through the OneFS system configuration API.

Hardware resources
You can list, modify, or delete information about ports and tapes, and you can rescan tape devices.

Upgrade hardware start resource

Start the hardware upgrade process of a specified type on a specified node pool.

Operation Method and URI

Start hardware upgrade process. POST <cluster-ip:port>/platform/16/upgrade/
hardware/start

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. hardware/start?describe

System configuration API 175

Upgrade hardware status resource
View the status of hardware upgrades in progress.

Operation Method and URI

View hardware upgrade status. GET <cluster-ip:port>/platform/16/upgrade/
hardware/status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/
information about query parameters and object properties. hardware/status?describe

Upgrade hardware stop resource

Stop a hardware upgrade that is in progress.

Operation Method and URI

Stop a hardware upgrade process POST <cluster-ip:port>/platform/16/upgrade/hardware/stop
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/upgrade/hardware/stop?
information about query parameters and object properties. describe

Fibre Channel ports resource

Retrieve or modify information about Fibre Channel ports in PowerScale hardware.

Operation Method and URI

List Fibre Channel ports. GET <cluster-ip>:<port>/platform/16/
hardware/fcports

Retrieve one Fibre Channel port. GET <cluster-ip>:<port>/platform/16/

hardware/fcports/<PORTt>

Change information about Fibre Channel ports. PUT <cluster-ip>:<port>/platform/16/

hardware/fcports/<PORT>

View the detailed JSON schema for this resource, which has GET <cluster-ip>:<port>/platform/16/
information about query parameters and object properties. hardware/fcports?describe
GET <cluster-ip>:<port>/platform/16/
hardware/fcports/<PORT>?describe

Hardware tapes resource

List, modify, rescan, or remove tape or media changer devices.

Operation Method and URI

List tape and media changer devices. GET <cluster-ip>:<port>/platform/16/
hardware/tapes

Modify tape and media changer devices. PUT GET <cluster-ip>:<port>/platform/16/

hardware/tapes/<NAME*>

Rescan tape and media changer devices. POST <cluster-ip>:<port>/platform/16/

hardware/tape/<NAME*>

Remove tape and media changer devices. DELETE PUT <cluster-ip>:<port>/platform/16/

hardware/tape/<NAME*>

View the detailed JSON schema for this resource, which has GET <cluster-ip>:<port>/platform/16/
information about query parameters and object properties. hardware/tapes?describe

176 System configuration API

Operation Method and URI
GET <cluster-ip>:<port>/platform/16/
hardware/tapes/<NAME*>?describe

File pools
File pools are sets of files that you define to apply policy-based control of the storage characteristics of your data.
The initial installation of OneFS places all files in the cluster into a single file pool, which is subject to the default file pool policy.
SmartPools enables you to define additional file pools, and create policies that move files in these pools to specific node pools
and tiers.
File pool policies match specific file characteristics (such as file size, type, date of last access or a combination of these and
other factors). Then, it defines specific storage operations for files that match them. The following examples demonstrate a few
ways that you can configure file pool policies:
● You can create a file pool policy for a specific file extension that requires high availability.
● You can configure a file pool policy to store that type of data in a storage pool that provides the fastest reads or write.
● You can create another file pool policy to evaluate last accessed date. You can use this pool to store older files in storage
pool that is best suited for archiving for historical or regulatory purposes.

File pool resources

You can retrieve, create, modify, or delete file pool configurations and settings.

File pool default policy resource

Modify or retrieve information about the default file pool policy.

Operation Method and URI

Retrieve information about the default file pool policy. GET <cluster-ip:port>/platform/16/filepool/
default-policy

Modify the default file pool policy. PUT <cluster-ip:port>/platform/16/filepool/

default-policy

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/filepool/
information about query parameters and object properties. default-policy?describe

File pool policies resource

Create, modify, delete, or retrieve information about file pool policies.

Operation Method and URI

Retrieve information about all file pool policies. GET <cluster-ip:port>/platform/16/filepool/
policies

Retrieve information about a file pool policy. GET <cluster-ip:port>/platform/16/filepool/

policies/<POLICY-NAME>

Create a file pool policy. POST <cluster-ip:port>/platform/16/filepool/

policies

Modify a file pool policy. PUT <cluster-ip:port>/platform/16/filepool/

policies/<POLICY-NAME>

Delete a file pool policy. DELETE <cluster-ip:port>/platform/16/

filepool/policies/<POLICY-NAME>

System configuration API 177

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/filepool/
information about query parameters and object properties. policies?describe
GET <cluster-ip:port>/platform/16/filepool/
policies/<POLICY-NAME>?describe

File pool templates resource

Retrieve information about OneFS file pool policy templates.

Operation Method and URI

Retrieve information about file pool policy templates. GET <cluster-ip:port>/platform/16/filepool/
templates

Retrieve information about a file pool policy template. GET <cluster-ip:port>/platform/16/filepool/

templates/<TEMPLATE-NAME>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/filepool/
information about query parameters and object properties. templates?describe
GET <cluster-ip:port>/platform/16/filepool/
templates/<TEMPLATE-NAME>?describe

File pools API examples

You can see examples for some file pools API requests.

Create a file pool policy

You can create a file pool policy.

Request example

POST /platform/16/filepool/policies
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{'file_matching_pattern':
{'or_criteria':
[
{'and_criteria':
[
{'operator': '==', 'type': 'path', 'value': '/ifs/data/vms'}
]
}
]
},
'name': 'mirror_vms',
'actions':
[
{
'action_param': '8x',
'action_type': 'set_requested_protection'
}
]
}

Response example

201 Created
Content-type: application/json

178 System configuration API

 {
"id" : "mirror_vms"
}

Modify a file pool policy

You can modify a file pool policy.

Request example
In the following example, "vms_mirror" is the ID of the file pool policy.

PUT /platform/16/filepool/policies/vms_mirror
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"action_param":"false"
"action_type":"set_requested_protection"
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Modify the default file pool policy

You can modify the default file pool policy.

Request example

PUT /platform/16/filepool/policies/
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"action_param":"random"
"action_type":"set_data_access_pattern"
}

Response example
No message body is returned for this request.

204 No Content
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Storage pools overview

OneFS organizes different node types into separate node pools. You can configure node pool membership to include node types
that you specify. You can also add node types to, and remove node types from, existing node pools. You can organize these
node pools into logical tiers of storage. By activating a SmartPools license, you can create file pool policies that store files in
these tiers automatically, based on criteria that you specify.
Without an active SmartPools license, OneFS manages all node pools as a single pool of storage. File data and metadata are
striped across the entire cluster so that data is protected, secure, and readily accessible. All files belong to the default file pool

System configuration API 179

and are governed by the default file pool policy. In this mode, OneFS provides functions such as autoprovisioning, virtual hot
spare (VHS), global namespace acceleration (GNA), L3 cache, and storage tiers.
When you activate a SmartPools license, additional functions become available, including custom file pool policies and spillover
management. With a SmartPools license, you can manage your dataset with more granularity to improve the performance of
your cluster.
The following table summarizes storage pool functions based on whether a SmartPools license is active.

Function Inactive SmartPools license Active SmartPools license

Automatic storage pool provisioning Yes Yes
Virtual hot spare Yes Yes
SSD strategies Yes Yes
L3 cache Yes Yes
Tiers Yes Yes
GNA Yes Yes
File pool policies No Yes
Spillover management No Yes

Storage pools resources

You can retrieve, create, modify, or delete system storage pool settings and configurations.

Storage pool settings resource

Modify or retrieve information about storage pools.

Operation Method and URI

Retrieve storage pool settings. GET <cluster-ip:port>/platform/16/
storagepool/settings

Modify storage pool settings. PUT <cluster-ip:port>/platform/16/

storagepool/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. storagepool/settings?describe

Storage pools tiers resource

Create, delete, or retrieve information about storage pool tiers.

Operation Method and URI

Retrieve a list of all tiers. GET <cluster-ip:port>/platform/16/
storagepool/tiers

Retrieve a single tier. GET <cluster-ip:port>/platform/16/

storagepool/tiers/<NAME or ID>

Create a tier. POST <cluster-ip:port>/platform/16/

storagepool/tiers

Delete all tiers. DELETE <cluster-ip:port>/platform/16/

storagepool/tiers

Delete a single tier. DELETE <cluster-ip:port>/platform/16/

storagepool/tiers/<NAME or ID>

180 System configuration API

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. storagepool/tiers?describe

Storage pools node pools resource

Create, modify, delete, or retrieve information about node pools.

Operation Method and URI

Retrieve information for all node pools. GET <cluster-ip:port>/platform/16/
storagepool/nodepools

Retrieve information for a single node pool. GET <cluster-ip:port>/platform/16/

storagepool/nodepools/<POOL NAME or ID>

Create a node pool. POST <cluster-ip:port>/platform/16/

storagepool/nodepools

Modify a node pool. PUT <cluster-ip:port>/platform/16/

storagepool/nodepools/<POOL NAME or ID>

Delete a manually managed node pool. DELETE <cluster-ip:port>/platform/16/

storagepool/nodepools/<POOL NAME or ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. storagepool/nodepools?describe
GET <cluster-ip:port>/platform/16/
storagepool/nodepools/<POOL NAME or ID>?
describe

Storage pools resource

Retrieve information about storage pools. You can supply a toplevels argument to filter out node pools within tiers.

Operation Method and URI

Retrieve information for all storage pools. GET <cluster-ip:port>/platform/16/
storagepool/storagepools

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. storagepool/storagepools?describe

Storage pools suggested protection resource

Retrieve information about the suggested protection policy for a storage pool.

Operation Method and URI

Retrieve information about the suggested protection policy. GET <cluster-ip:port>/platform/16/
storagepool/suggested_protection/<NID>

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/storagepool/
suggested_protection/<NID>?describe

System configuration API 181

Storage pool compatibilities SSD active resource
Create, delete, modify, or view active SSD compatibilities.

Operation Method and URI

Retrieve a list of active SSD compatibilities. GET <cluster-ip:port>/platform/16/
storagepool/compatibilities/ssd/active

Retrieve an SSD compatibility by ID. GET <cluster-ip:port>/

platform/16/storagepool/compatibilities/ssd/
active/<COMPATIBILITY-ID>

Create an SSD compatibility. POST <cluster-ip:port>/platform/16/

storagepool/compatibilities/ssd/active

Modify an SSD compatibility. PUT <cluster-ip:port>/

platform/16/storagepool/compatibilities/ssd/
active/<COMPATIBILITY-ID>

Delete an SSD compatibility. DELETE <cluster-ip:port>/

platform/16/storagepool/compatibilities/ssd/
active/<COMPATIBILITY-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/
information about query parameters and object properties. platform/16/storagepool/compatibilities/ssd/
active?describe
GET <cluster-ip:port>/
platform/16/storagepool/compatibilities/ssd/
active/<COMPATIBILITY-ID>?describe

Storage pool compatibilities SSD available resource

View a list of available SSD compatibilities.

Operation Method and URI

Retrieve a list of available SSD compatibilities. GET <cluster-ip:port>/platform/16/
storagepool/compatibilities/ssd/available

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/
information about query parameters and object properties. platform/16/storagepool/compatibilities/ssd/
available?describe

Storage pool compatibilities class available resource

View a list of available class compatibilities.

Operation Method and URI

Retrieve a list of available class compatibilities. GET <cluster-ip:port>/platform/16/
storagepool/compatibilities/class/available

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. storagepool/compatibilities/class/available?
describe

182 System configuration API

Storage pool compatibilities class active resource
Create, delete, or retrieve information about a storage pool compatibility.

Operation Method and URI

Retrieve all storage pool compatibilities. GET <cluster-ip:port>/platform/16/
storagepool/compatibilities/class/active

Retrieve a storage pool compatibility by ID. GET

<cluster-ip:port>/platform/16/storagepool/
compatibilities/class/active/<ID>

Create a storage pool compatibility. POST <cluster-ip:port>/platform/16/

storagepool/compatibilities/class/active

Delete a storage pool compatibility by ID. DELETE

<cluster-ip:port>/platform/16/storagepool/
compatibilities/class/active/<ID>

View the detailed JSON schema for this resource, which has GET
information about query parameters and object properties. <cluster-ip:port>/platform/16/storagepool/
compatibilities/class/active?describe
GET
<cluster-ip:port>/platform/16/storagepool/
compatibilities/class/active/<ID>?describe

Storage pool status resource

Retrieves the heath status of the overall OneFS pool system.

Operation Method and URI

Retrieve the status of the OneFS pool system. GET <cluster-ip:port>/platform/16/
storagepool/status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. storagepool/status?describe

Storage pools API examples

You can see examples for some storage pools API calls.

Modify storage pool settings

You can modify the global storage pool settings on the system.

Request example
Specify at least one property in the request.

PUT /platform/16/storagepool/settings
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'global_namespace_acceleration_enabled': false,
'automatically_manage_protection': 'all'
}

System configuration API 183

Response example
No message body is returned for this request.

204 NO CONTENT
Content-type: text/plain,
Allow: 'GET, PUT, HEAD'

Create a tier
Create a tier on the system.

Request example

POST /platform/16/storagepool/tiers
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'name': 'myTier'
}

Response example

201 CREATED
Content-type: application/json,
Allow: 'GET, POST, HEAD, DELETE'

{
"id":"myTier"
}

Modify a tier
Modify a tier.

Request example
When you modify a set of nodes that belong to a tier, you should set the tier property on that node pool through the /
platform/16/storagepool/nodepools URI.

PUT /platform/16/storagepool/tiers/myTier
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"name": myTier
}

PUT /platform/16/storagepool/nodepools
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
"tier": myTier
}

Response example
No message body is returned for this request.

204 NO CONTENT
Content-type: application/json,
Allow: 'GET, POST, PUT, DELETE'

184 System configuration API

Create a node pool
Create and manually manage a node pool.

Request example
Specify a minimum of three LNNs. After these nodes are added to the newly created node pool and removed from their current
node pool, the number of nodes in the original node pool must either be 0 or greater than 2.

POST /platform/16/storagepool/nodepools
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'name': 'myPool',
'lnns': [2, 3, 1]
}

Response example

201 CREATED
Content-type: application/json,
Allow: 'GET, POST, HEAD, DELETE'

{
"id":"myPool"
}

Modify a node pool

You can modify a node pool on the system.

Request example
Specify at least one property in the body. Also, you can only specify LNNs for manually managed node pools and you should
specify a minimum of three LNNs when modifying a manually managed node pool. If nodes are moved to a new node pool and
removed from their current node pool, the number of nodes in the original node pool must either be 0 or greater than 2.

PUT /platform/16/storagepool/nodepools/myPool
Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

{
'tier': 'myTier',
'name': 'myNewPoolName'
}

Response example
No message body is returned for this request.

204 No Content
Content-type: application/json,
Allow: 'GET, POST, PUT, DELETE'

CloudPools
CloudPools extends the capabilities of OneFS by enabling you to specify data to be moved to lower-cost cloud storage.
CloudPools can seamlessly connect to Dell EMC EMC-based cloud storage systems and to popular third-party providers,
Amazon S3, Google, and Microsoft Azure.
CloudPools is a licensed module that is built on the SmartPools file pool policy framework, which gives you granular control
of file storage on your cluster. CloudPools extends this file storage control to one or more cloud repositories, which act as
additional tiers of OneFS storage.

System configuration API 185

Prior to the introduction of CloudPools, SmartPools enabled the grouping of nodes into storage pools that are called node
pools, and the classification of node pools as different storage tiers. SmartPools includes a policy framework that allows you to
segregate files into logical groups called file pools, and to store those file pools in specific storage tiers.
CloudPools expands the SmartPools framework by treating a cloud repository as an additional storage tier. This enables you to
move older or seldom-used data to cloud storage and free up space on your cluster.
As with SmartPools, you define files to be stored in the cloud by creating file pool policies. These policies use file matching
criteria to determine which file pools are to be moved to the cloud.

CloudPools resources
List, create, modify, or delete CloudPools information.

CloudPools pools resource

View, create, modify, or delete pools.

Operation Method and URI

List all pools. GET <cluster-ip:port>/platform/16/cloud/
pools

Retrieve information about a specific pool. GET <cluster-ip:port>/platform/16/cloud/

pools/<POOL>

Create a pool. POST <cluster-ip:port>/platform/16/cloud/

pools

Modify a pool. PUT <cluster-ip:port>/platform/16/cloud/

pools/<POOL>

Delete a pool. DELETE <cluster-ip:port>/platform/16/cloud/

pools/<POOL>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. pools?describe
GET <cluster-ip:port>/platform/16/cloud/
pools/<POOL>?describe

CloudPools access resource

View, create, or delete cluster identifiers for cloud access.

Operation Method and URI

List all accessible cluster identifiers. GET <cluster-ip:port>/platform/16/cloud/
access

List cloud access information for a specific cluster. GET <cluster-ip:port>/platform/16/cloud/

access/<GUID>

Add a cluster to the identifier list. POST <cluster-ip:port>/platform/16/cloud/

access

Delete cloud access. DELETE <cluster-ip:port>/platform/16/cloud/

access/<GUID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. access?describe
GET <cluster-ip:port>/platform/16/cloud/
access/<GUID>?describe

186 System configuration API

CloudPools account resource
View, modify, create, or delete cloud account information.

Operation Method and URI

List all cloud accounts. GET <cluster-ip:port>/platform/16/cloud/
accounts

View a specific cloud account. GET <cluster-ip:port>/platform/16/cloud/

accounts/<ACCOUNT-ID>

Create a cloud account. POST <cluster-ip:port>/platform/16/cloud/

accounts

Modify a cloud account. PUT <cluster-ip:port>/platform/16/cloud/

accounts/<ACCOUNT-ID>

Delete a cloud account. DELETE <cluster-ip:port>/platform/16/cloud/

accounts/<ACCOUNT-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. accounts?describe
GET <cluster-ip:port>/platform/16/cloud/
accounts/<ACCOUNT-ID>?describe

CloudPools TLS client certificates resource

List, import, view, modify, or delete a CloudPools TLS client certificate.

Operation Method and URI

List all cloud TLS client certificates. GET <cluster-ip:port>/platform/16/cloud/
certificates

View a specific cloud TLS client certificate. GET <cluster-ip:port>/platform/16/cloud/

certificates/<CERTIFICATE-ID>

Create a cloud TLS client certificate. POST <cluster-ip:port>/platform/16/cloud/

certificates

Modify a cloud TLS client certificate. PUT <cluster-ip:port>/platform/16/cloud/

certificates/<CERTIFICATE-ID>

Delete a cloud TLS client certificate. DELETE <cluster-ip:port>/platform/16/cloud/

certificates/<CERTIFICATE-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. certificates?describe
GET <cluster-ip:port>/platform/16/cloud/
certificates/<CERTIFICATE-ID>?describe

CloudPools jobs resource

View, modify, or create CloudPools jobs.

Operation Method and URI

List all CloudPools jobs. GET <cluster-ip:port>/platform/16/cloud/jobs

View a specific CloudPools job. GET <cluster-ip:port>/platform/16/cloud/

jobs/<JOB-ID>

Create a CloudPools job. POST <cluster-ip:port>/platform/16/cloud/

jobs

System configuration API 187

Operation Method and URI
Modify a CloudPools job. PUT <cluster-ip:port>/platform/16/cloud/
jobs/<JOB-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. jobs?describe
GET <cluster-ip:port>/platform/16/cloud/
jobs/<JOB-ID>?describe

CloudPools job files resource

Retrieve files associated with a CloudPools job.

Operation Method and URI

List files associated with a specific CloudPools job. GET <cluster-ip:port>/platform/16/cloud/
jobs-files/<JOB-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. jobs-files/<JOB-ID>?describe

CloudPools network proxy resourceCloudPools network proxy resource

View, create, modify, or delete network proxy information.

Operation Method and URI

List all cloud network proxies. GET <cluster-ip:port>/platform/16/cloud/
proxies

View a specific cloud network proxy. GET <cluster-ip:port>/platform/16/cloud/

proxies/<PROXY-ID>

Create a cloud network proxy. POST <cluster-ip:port>/platform/16/cloud/

proxies

Modify a cloud network proxy. PUT <cluster-ip:port>/platform/16/cloud/

proxies/<PROXY-ID>

Delete a cloud network proxy. DELETE <cluster-ip:port>/platform/16/cloud/

proxies/<PROXY-ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. proxies?describe
GET <cluster-ip:port>/platform/16/cloud/
proxies/<PROXY-ID> ?describe

CloudPools settings resource

View or modify cloud settings.

Operation Method and URI

List all cloud settings. GET <cluster-ip:port>/platform/16/cloud/
settings

Modify cloud settings. PUT <cluster-ip:port>/platform/16/cloud/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. settings?describe

188 System configuration API

CloudPools encryption key resource
Request creation of a new primary encryption key for cloud pool encryption.

Operation Method and URI

Create an encryption key. POST <cluster-ip:port>/platform/16/cloud/
settings/encryption_key

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. settings/encryption_key?describe

CloudPools end user license agreement resource

View, accept, or revoke end user license agreement (EULA) telemetry information.

Operation Method and URI

View telemetry collection EULA acceptance information. GET <cluster-ip:port>/platform/16/cloud/
settings/reporting_eula

Accept telemetry collection EULA. POST <cluster-ip:port>/platform/16/cloud/

settings/reporting_eula

Revoke acceptance of telemetry collection EULA. DELETE <cluster-ip:port>/platform/16/cloud/

settings/reporting_eula

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/cloud/
information about query parameters and object properties. settings/reporting_eula?describe

CloudPool statistics
You can collect statistics for CloudPool accounts and policies which can used for planning or troubleshooting CloudPool related
activities.

Operation Method and URI

List CloudPool statistics GET <cluster-ip:port>/platform/16/
statistics/summary/cloud

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. statistics/summary/cloud?describe

SmartQuotas overview
The SmartQuotas module is an optional quota-management tool that monitors and enforces administrator-defined storage limits.
Using accounting and enforcement quota limits, reporting capabilities, and automated notifications, SmartQuotas manages
storage use, monitors disk storage, and issues alerts when disk-storage limits are exceeded.
Quotas help you manage storage usage according to criteria that you define. Quotas are used for tracking—and sometimes
limiting—the amount of storage that a user, group, or directory consumes. Quotas help ensure that a user or department does
not infringe on the storage that is allocated to other users or departments. In some quota implementations, writes beyond the
defined space are denied, and in other cases, a simple notification is sent.
NOTE: Do not apply quotas to /ifs/.ifsvar/ or its subdirectories. If you limit the size of the /ifs/.ifsvar/
directory through a quota, and the directory reaches its limit, jobs such as File-System Analytics fail. A quota blocks older
job reports from being deleted from the /ifs/.ifsvar/ subdirectories to make room for newer reports.

The SmartQuotas module requires a separate license. For more information about the SmartQuotas module or to activate the
module, contact your Dell Technologies sales representative.

System configuration API 189

Quotas resources
You can retrieve, create, modify, or delete SmartQuotas configurations and settings.

Quota license resource

Retrieve license information for the SmartQuotas feature.

Operation Method and URI

Retrieve license information for SmartQuotas. GET <cluster-ip:port>/platform/16/quota/
license

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/quota/
information about query parameters and object properties. license?describe

Quota summary resource

Retrieve summary information about quotas.

Operation Method and URI

Retrieve summary information about quotas. GET <cluster-ip:port>/platform/16/quota/quotas-
summary

View the detailed JSON schema for this resource, which GET <cluster-ip:port>/platform/16/quota/quotas-
has information about query parameters and object summary?describe
properties.

Quota quotas notification rules resource

Create, modify, delete, or retrieve information about notification rules for a quota.

Operation Method and URI

Retrieve all notification rules for a quota. GET <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/
notifications

Retrieve a notification rule for a quota. GET <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/

notifications/<notification-id>

Create notification rules for a quota. POST <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/

notifications

Create empty override notification rules PUT <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/

for a quota. notifications

Modify notification rules for a quota. PUT <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/

notifications/<notification-id>

Delete all notification rules for a quota. DELETE <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-

ID>/notifications

Delete notification rules for a quota. DELETE <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-

ID>/notifications/<notification-id>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/

resource, which has information about notifications?describe
query parameters and object properties.
GET <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-ID>/
notifications/<notification-id>?describe

190 System configuration API

Quotas resource
Create, modify, delete, or retrieve information about file system quotas.

Operation Method and URI

Retrieve all quotas. GET <cluster-ip:port>/platform/16/quota/quotas

Retrieve one quota. GET <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-

ID>

Create a quota. POST <cluster-ip:port>/platform/16/quota/quotas

Modify a quota. PUT <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-

ID>

Delete all quotas. DELETE <cluster-ip:port>/platform/16/quota/quotas

Delete a quota. DELETE <cluster-ip:port>/platform/16/quota/quotas/

<QUOTA-ID>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/quota/quotas?

resource, which has information about query describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/quota/quotas/<QUOTA-
ID>?describe

Example request for retrieve all quotas

List all or matching quotas. It can also be used to retrieve quota state from existing reports. For any query argument not
supplied, the default behavior is returned all.

GET /platform/quota/quotas

Example response for retrieve all quotas

{
"quotas" :
[

{
"container" : false,
"description" : "Test Quota",
"efficiency_ratio" : null,
"enforced" : false,
"id" : "VQABAAEAAAAAAAAAAAAAQAIAAAAAAAAA",
"include_snapshots" : false,
"labels" : "abc",
"linked" : false,
"notifications" : "default",
"path" : "/ifs/home",
"persona" : null,
"ready" : false,
"reduction_ratio" : null,
"thresholds" :
{
"advisory" : null,
"advisory_exceeded" : false,
"advisory_last_exceeded" : null,
"hard" : null,
"hard_exceeded" : false,
"hard_last_exceeded" : null,
"percent_advisory" : null,
"percent_soft" : null,
"soft" : null,
"soft_exceeded" : false,
"soft_grace" : null,
"soft_last_exceeded" : null
},

System configuration API 191

 "thresholds_on" : "fslogicalsize",
"type" : "directory",
"usage" :
{
"applogical" : 0,
"applogical_ready" : false,
"fslogical" : 95,
"fslogical_ready" : false,
"fsphysical" : 2048,
"fsphysical_ready" : false,
"inodes" : 1,
"inodes_ready" : false,
"physical" : 2048,
"physical_data" : 0,
"physical_data_ready" : false,
"physical_protection" : 0,
"physical_protection_ready" : false,
"physical_ready" : false,
"shadow_refs" : 0,
"shadow_refs_ready" : false
}
}
],
"resume" : null
}

Quota reports resource

Create, delete, or retrieve information about quota reports.

Operation Method and URI

Retrieve all quota reports. GET <cluster-ip:port>/platform/16/quota/reports

Retrieve a quota report. GET <cluster-ip:port>/platform/16/quota/reports/

<REPORT-ID>?contents

Create a quota report. POST <cluster-ip:port>/platform/16/quota/reports/

<REPORT-ID>?contents

Delete a quota report. DELETE <cluster-ip:port>/platform/16/quota/reports/

<REPORT-ID>

View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/quota/reports?
which has information about query parameters and describe
object properties.
GET <cluster-ip:port>/platform/16/quota/reports/
<REPORT-ID>?describe

Quota about reports resource

Retrieve metadata for individual quota reports.

Operation Method and URI

Retrieve metadata about a report. GET <cluster-ip:port>/platform/16/quota/reports/
<REPORT-ID>/about

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/quota/reports/

resource, which has information about query <REPORT-ID>/about?describe
parameters and object properties.

192 System configuration API

Quota report settings resource
Modify or retrieve information about quota report settings.

Operation Method and URI

Retrieve quota report settings. GET <cluster-ip:port>/platform/16/quota/
settings/reports

Modify quota report settings. PUT <cluster-ip:port>/platform/16/quota/

settings/reports

View the detailed JSON schema for this resource, which GET <cluster-ip:port>/platform/16/quota/
has information about query parameters and object settings/reports?describe
properties.

Quota default notifications settings resource

Create, modify, delete, or retrieve information about default quota notification settings.

Operation Method and URI

List default global notification settings. GET <cluster-ip:port>/platform/16/quota/settings/
notifications

View a specific global notification setting. GET <cluster-ip:port>/platform/16/quota/settings/

notifications/<NOTIFICATION-ID>

Create global notification settings. POST <cluster-ip:port>/platform/16/quota/settings/

notifications

Modify a default global notification settings. PUT <cluster-ip:port>/platform/16/quota/settings/

notifications/<NOTIFICATION-ID>

Delete global notification settings. DELETE <cluster-ip:port>/platform/16/quota/settings/

notifications

Delete a specific global notification setting. DELETE <cluster-ip:port>/platform/16/quota/settings/

notifications/<NOTIFICATION-ID>

View the detailed JSON schema for this GET <cluster-ip:port>/platform/16/quota/settings/

resource, which has information about query notifications?describe
parameters and object properties.
GET <cluster-ip:port>/platform/16/quota/settings/
notifications/<NOTIFICATION-ID>?describe

Quota mappings settings resource

Create, modify, delete, or retrieve information about quota notification email-mapping rules.

Operation Method and URI

Retrieve quota email-mapping settings. GET <cluster-ip:port>/platform/16/quota/settings/
mappings

Create quota email-mapping settings. POST <cluster-ip:port>/platform/16/quota/settings/

mappings/<DOMAIN>

Modify quota email-mapping setting. PUT <cluster-ip:port>/platform/16/quota/settings/

mappings/<DOMAIN>

Delete all quota email-mapping settings. DELETE <cluster-ip:port>/platform/16/quota/

settings/mappings

Delete a quota email-mapping setting. DELETE <cluster-ip:port>/platform/16/quota/

settings/mappings/<DOMAIN>

System configuration API 193

Operation Method and URI
View the detailed JSON schema for this resource, GET <cluster-ip:port>/platform/16/quota/settings/
which has information about query parameters and mappings?describe
object properties.
GET <cluster-ip:port>/platform/16/quota/settings/
mappings/<DOMAIN>?describe

Common Anti-Virus Agent (CAVA)

Common Anti-Virus Agent (CAVA) provides an anti-virus solution for PowerScale systems. CAVA uses third-party anti-virus
software to identify and eliminate known viruses. Common Event Enabler (CEE) provides a framework for the CAVA agent.
CEE, CAVA, and a third-party anti-virus engine are installed on Windows machines. CAVA accesses node files through SMB
shares, and supports zone-specific file filters, job definitions, and job schedules.

Common anti-virus agent resources

You can retrieve, create, and modify file filters, jobs, and anti-virus server configurations.

AVScan filters resource

View and modify AVScan anti-virus settings for zones.

Operation Method and URI

List AVScan settings for zones. GET <cluster-ip:port>/platform/16/avscan/
settings

List AVScan settings for a zone. GET <cluster-ip:port>/platform/16/avscan/

settings/<ZONE>

Modify AVScan settings for a zone. PUT <cluster-ip:port>/platform/16/avscan/

settings/<ZONE>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/avscan/
information about query parameters and object properties. settings?describe
GET <cluster-ip:port>/platform/16/avscan/
settings/<ZONE>?describe

Avscan jobs resource

Retrieve all anti-virus jobs and settings, create anti-virus jobs, and delete all anti-virus jobs. Retrieve, modify, and delete an
anti-virus job.

Operation Method and URI

Retrieve avscan jobs and settings. GET <cluster-ip:port>/platform/16/avscan/
jobs

Retrieve avscan settings for a job. GET <cluster-ip:port>/platform/16/avscan/

jobs/<JOB>

Create avscan jobs. POST <cluster-ip:port>/platform/16/avscan/

jobs/

Modify an avscan job. PUT <cluster-ip:port>/platform/16/avscan/

jobs/<JOB>

Delete all avscan jobs. DELETE <cluster-ip:port>/platform/16/avscan/

jobs

194 System configuration API

Operation Method and URI
Delete an avscan job. DELETE <cluster-ip:port>/platform/16/avscan/
jobs/<JOB>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/avscan/
information about query parameters and object properties. jobs?describe
GET <cluster-ip:port>/platform/16/avscan/
jobs/<JOB>?describe

Avscan nodes LNN status

Retrieve anti-virus status of a node.

Operation Method and URI

Retrieve anti-virus status. GET <cluster-ip:port>/platform/16/avscan/
nodes/<LNN>/status

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/avscan/
information about query parameters and object properties. nodes/<LNN>/status?describe

Avscan servers resource

Retrieve all anti-virus servers and settings, create anti-virus servers, and delete all anti-virus servers. Retrieve, modify, and
delete an anti-virus server.

Operation Method and URI

Retrieve avscan servers and settings. GET <cluster-ip:port>/platform/16/avscan/
servers

Retrieve avscan settings for a server. GET <cluster-ip:port>/platform/16/avscan/

servers/<SERVER>

Create avscan servers. POST <cluster-ip:port>/platform/16/avscan/

servers/

Modify an avscan server. PUT <cluster-ip:port>/platform/16/avscan/

servers/<SERVER>

Delete all avscan servers. DELETE <cluster-ip:port>/platform/16/avscan/

servers

Delete an avscan server. DELETE <cluster-ip:port>/platform/16/avscan/

servers/<SERVER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/avscan/
information about query parameters and object properties. servers?describe
GET <cluster-ip:port>/platform/16/avscan/
servers/<SERVER>?describe

Avscan settings resource

Retrieve and modify anti-virus settings.

Operation Method and URI

Retrieve anti-virus settings. GET <cluster-ip:port>/platform/16/avscan/
settings

Modify anti-virus settings. PUT <cluster-ip:port>/platform/16/avscan/

settings

System configuration API 195

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/avscan/
information about query parameters and object properties. settings?describe

ICAP anti-virus
You can scan the files that you store on a PowerScale cluster for system viruses and other security threats by integrating with
third-party scanning services through the Internet Content Adaptation Protocol (ICAP).
OneFS sends files through ICAP to a server running third-party anti-virus scanning software. These servers are seen as ICAP
servers. ICAP servers scan files for viruses.
After an ICAP server scans a file, it informs OneFS of whether the file is a threat. If a threat is detected, OneFS informs system
administrators by creating an event, displaying near real-time summary information, and documenting the threat in an anti-virus
scan report. You can configure OneFS to request that ICAP servers attempt to repair infected files. You can also configure
OneFS to protect users against potentially dangerous files by truncating or quarantining infected files.
Before OneFS sends a file to be scanned, it ensures that the scan is not redundant. If a file has already been scanned and has
not been modified, OneFS will not send the file to be scanned unless the virus database on the ICAP server has been updated
since the last scan.

NOTE: Anti-virus scanning is available only if all nodes in the cluster are connected to the external network.

Antivirus resources
Retrieve, create, modify, or delete antivirus configurations and settings.

Anti-virus policies resource

Create, modify, delete, or retrieve information about anti-virus policies.

Operation Method and URI

Retrieve all anti-virus policies. GET <cluster-ip:port>/platform/16/antivirus/
policies

Create an anti-virus policy. POST <cluster-ip:port>/platform/16/

antivirus/policies

Delete all anti-virus policies. DELETE <cluster-ip:port>/platform/16/

antivirus/policies

Retrieve an anti-virus policy. GET <cluster-ip:port>/platform/16/antivirus/

policies/<policy-name>

Modify an anti-virus policy. PUT <cluster-ip:port>/platform/16/antivirus/

policies/<policy-name>

Delete an anti-virus policy. DELETE <cluster-ip:port>/platform/16/

antivirus/policies/<policy-name>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. policies?describe
GET <cluster-ip:port>/platform/16/antivirus/
policies/<policy-name>?describe

196 System configuration API

Anti-virus quarantine resource
Retrieve or modify information about the quarantine status of files in the /ifs directory tree.

Operation Method and URI

Get anti-virus quarantine information. GET <cluster-ip:port>/platform/16/antivirus/
quarantine/<path>

Modify anti-virus quarantine information. PUT <cluster-ip:port>/platform/16/antivirus/

quarantine/<path>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. quarantine/<path>?describe

Anti-virus scan report resource

View or delete information about anti-virus scans.

Operation Method and URI

List all anti-virus scan reports. GET <cluster-ip:port>/platform/16/antivirus/
reports/scans

View a specific anti-virus scan report. GET <cluster-ip:port>/platform/16/antivirus/

reports/scans/<ID>

Delete anti-virus scan reports, and any threat reports DELETE <cluster-ip:port>/platform/16/
associated with those scans. antivirus/reports/scans

Delete a specific anti-virus scan report, and any threat reports DELETE <cluster-ip:port>/platform/16/
associated with the scan. antivirus/reports/scans<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. reports/scans?describe
GET <cluster-ip:port>/platform/16/antivirus/
reports/scans/<ID>?describe

Anti-virus threat reports resource

List all anti-virus threat reports, or view a specific report.

Operation Method and URI

List all anti-virus threat reports. GET <cluster-ip:port>/platform/16/antivirus/
reports/threats

View a specific anti-virus threat report. GET <cluster-ip:port>/platform/16/antivirus/

reports/threats/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. reports/threats?describe
GET <cluster-ip:port>/platform/16/antivirus/
reports/threats/<ID>?describe

Anti-virus scan resource

Enable a client to run an anti-virus scan on a single file.

Operation Method and URI

Manually scan a file. POST <cluster-ip:port>/platform/16/
antivirus/scan/

System configuration API 197

Operation Method and URI
View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. scan/?describe

Anti-virus servers resource

List, create, modify, or delete all anti-virus servers or one anti-virus server entry.

Operation Method and URI

List all anti-virus servers. GET <cluster-ip:port>/platform/16/antivirus/
servers

Create an anti-virus server. POST <cluster-ip:port>/platform/16/

antivirus/servers

Delete all anti-virus servers. DELETE <cluster-ip:port>/platform/16/

antivirus/servers

View an anti-virus server entry. GET <cluster-ip:port>/platform/16/antivirus/

servers/<ID>

Modify an anti-virus server entry. PUT <cluster-ip:port>/platform/16/antivirus/

servers/<ID>

Delete an anti-virus server entry. DELETE <cluster-ip:port>/platform/16/

antivirus/servers/<ID>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. servers?describe
GET <cluster-ip:port>/platform/16/antivirus/
servers/<ID>?describe

Anti-virus settings resource

View or modify anti-virus settings.

Operation Method and URI

List anti-virus settings. GET <cluster-ip:port>/platform/16/antivirus/
settings

Modify anti-virus settings. PUT <cluster-ip:port>/platform/16/antivirus/

settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/antivirus/
information about query parameters and object properties. settings?describe

Performance
This chapter documents the performance-related resource handlers for the OneFS system configuration API.

Performance settings resource

Retrieve and configure performance settings.

Operation Method and URI

Retrieve all performance settings. GET <cluster-ip:port>/platform/16/
performance/settings

198 System configuration API

Operation Method and URI
Modify performance settings. PUT <cluster-ip:port>/platform/16/
performance/settings

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. performance/settings?describe

Performance datasets resource

List, create, modify, or delete performance metric datasets.
A dataset is a set of metrics for which performance statistics are collected. For a list of available metrics, see the /
performance/metrics API resource.

Operation Method and URI

List performance datasets. GET <cluster-ip:port>/platform/16/
performance/datasets

View a specific performance dataset. GET <cluster-ip:port>/platform/16/

performance/datasets/<DATASET>

Modify a performance dataset. PUT <cluster-ip:port>/platform/16/

performance/datasets/<DATASET>

Create a performance dataset. POST <cluster-ip:port>/platform/16/

performance/datasets

Delete a specific performance dataset. DELETE <cluster-ip:port>/platform/16/

performance/datasets/<DATASET>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. performance/datasets?describe
GET <cluster-ip:port>/platform/16/
performance/datasets/<DATASET>?describe

Performance datasets filters resource

List, create, modify, or delete performance dataset filters.

Operation Method and URI

List performance dataset filters. GET <cluster-ip:port>/platform/16/
performance/datasets/<DATASET>/filters

View a specific performance dataset filter. GET <cluster-ip:port>/

platform/16/performance/datasets/<DATASET>/
filters/<FILTER>

Modify a performance dataset filter. PUT <cluster-ip:port>/

platform/16/performance/datasets/<DATASET>/
filters/<FILTER>

Create a performance dataset filter. POST <cluster-ip:port>/platform/16/

performance/datasets/<DATASET>/filters

Delete a specific performance dataset. DELETE <cluster-ip:port>/

platform/16/performance/datasets/<DATASET>/
filters/<FILTER>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/
information about query parameters and object properties. platform/16/performance/datasets/<DATASET>/
filters?describe

System configuration API 199

Operation Method and URI
GET <cluster-ip:port>/
platform/16/performance/datasets/<DATASET>/
filters/<FILTER>?describe

Performance datasets workloads resource

List, create, modify, or delete performance dataset workloads.

Operation Method and URI

List performance dataset workloads. GET <cluster-ip:port>/platform/16/
performance/datasets/<DATASET>/workloads

View a specific performance dataset workload. GET <cluster-ip:port>/

platform/16/performance/datasets/<DATASET>/
workloads/<WORKLOAD>

Modify a performance dataset workload. PUT <cluster-ip:port>/

platform/16/performance/datasets/<DATASET>/
workloads/<WORKLOAD>

Create a performance dataset workload. POST <cluster-ip:port>/platform/16/

performance/datasets/<DATASET>/workloads

Delete a specific performance workload. DELETE <cluster-ip:port>/

platform/16/performance/datasets/<DATASET>/
workloads/<WORKLOAD>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/
information about query parameters and object properties. platform/16/performance/datasets/<DATASET>/
workloads?describe
GET <cluster-ip:port>/
platform/16/performance/datasets/<DATASET>/
workloads/<WORKLOAD>?describe

Performance metrics resource

List performance metrics for a dataset, or view a specific metric.

Operation Method and URI

List performance metrics. GET <cluster-ip:port>/platform/16/
performance/metrics

View a specific performance dataset workload. GET <cluster-ip:port>/platform/16/

performance/metrics/<METRIC>

View the detailed JSON schema for this resource, which has GET <cluster-ip:port>/platform/16/
information about query parameters and object properties. performance/metrics?describe
GET <cluster-ip:port>/platform/16/
performance/metrics/<METRIC>?describe

200 System configuration API

 4
File system access API
You can access files and directories on a cluster programmatically through the OneFS API, similar to the way you can access
files and directories through SMB or NFS protocols.

Topics:
• File system access API overview
• Troubleshooting
• File system access operations

File system access API overview

You can access files and directories on a cluster programmatically through the OneFS API, like you can access files and
directories through SMB or NFS protocols.
Through the OneFS API, you can perform the types of file system operations that are listed in the following table.

Operation Description
Access points Identify and configure access points and obtain protocol
information.
Directory List directory content; get and set directory attributes; delete
directories from the file system.
File View, move, copy, and delete files from the file system.
Access control Manage user rights; set ACL or POSIX permissions for files
and directories.
Query Search and tag files
SmartLock Allow retention dates to be set on files; commit a file to a
WORM state.

Also, you can create an external client or application to access the OneFS API in any major language, such as C, C++, Python,
Java, or .net.

Common response headers

You may see the following response headers when you send a request to the namespace.

Name Description Type

Content-length Provides the length of the body message in the response. Integer

Connection Provides the state of connection to the server. String

Date Provides the date when the object store last responded. HTTP-date

Server Provides platform and version information about the server that responded String
to the request.

x-isi-ifs-target-type Provides the resource type. This value can be a container or an object. String

File system access API 201

Common request headers
When you send a request to the OneFS API, you can access data through customized headers along with standard HTTP
headers.
The following table provides information about common HTTP request headers:

Name Description Type Required

Authorization Specifies the authentication signature. String Yes

Content-length Specifies the length of the message body. Integer Conditional

Date Specifies the current date according to the HTTP-date No. A client should only send a
requestor. Date header in a request that
includes an entity-body, such
as in PUT and POST requests.
A client without a clock must
not send a Date header in a
request.

x-isi-ifs-spec-version Specifies the protocol specification version. The String Conditional

client specifies the protocol version, and the
server determines if the protocol version is
supported. You can test backwards compatibility
with this header.

x-isi-ifs-target-type Specifies the resource type. For PUT operations, String Yes, for PUT operations.
this value can be container or object. For
Conditional, for GET
GET operations, this value can be container,
operations.
object, or any, or this parameter can be
omitted.

Common namespace attributes

The following system attributes are common to directories and files in the namespace.

Attribute Description Type

name Specifies the name of the object. String

size Specifies the size of the object in bytes. Integer

block_size Specifies the block size of the object. Integer

blocks Specifies the number of blocks that compose the object. Integer

last_modified Specifies the time when the object data was last modified in HTTP date/time format. HTTP date

create_time Specifies the date when the object data was created in HTTP date/time format. HTTP date

access_time Specifies the date when the object was last accessed in HTTP date/time format. HTTP date

change_time Specifies the date when the object was last changed (including data and metadata String
changes) in HTTP date/time format.

type Specifies the object type, which can be one of the following values: container, object, String
pipe, character_device, block_device, symbolic_link, socket, or whiteout_file.

mtime_val Specifies the time when the object data was last modified in UNIX Epoch format. Integer

202 File system access API

Attribute Description Type

btime_val Specifies the time when the object data was created in UNIX Epoch format. Integer

atime_val Specifies the time when the object was last accessed in UNIX Epoch format. Integer

ctime_val Specifies the time when the object was last changed (including data and metadata Integer
changes) in UNIX Epoch format.

owner Specifies the user name for the owner of the object. String

group Specifies the group name for the owner of the object. String

uid Specifies the UID for the owner. Integer

gid Specifies the GID for the owner. Integer

mode Specifies the UNIX mode octal number. String

id Specifies the object ID, which is also the INODE number. Integer

nlink Specifies the number of hard links to the object. Integer

is_hidden Specifies whether the file is hidden or not. Boolean

Troubleshooting
You can troubleshoot failed requests to the namespace by resolving common errors and viewing activity logs.

Common error codes

The following example shows the common JSON error format:

{
"errors":[
{
"code":"<Error code>",
"message":"<some detailed error msg>"
}
]
}

The following table shows the descriptions for common error codes.

Error Code Description HTTP status

AEC_TRANSIENT The specified request returned a transient 200 OK
error code that is treated as OK.
AEC_BAD_REQUEST The specified request returned a bad 400 Bad Request
request error.
AEC_ARG_REQUIRED The specified request requires an 400 Bad Request
argument for the operation.
AEC_ARG_SINGLE_ONLY The specified request requires only a 400 Bad Request
single argument for the operation.
AEC_UNAUTHORIZED The specified request requires user 401 Unauthorized
authentication.

File system access API 203

Error Code Description HTTP status
AEC_FORBIDDEN The specified request was denied by the 403 Forbidden
server. Typically, this response includes
permission errors on OneFS.
AEC_NOT_FOUND The specified request has a target object 404 Not Found
that was not found.
AEC_METHOD_NOT_ALLOWED The specified request sent a method that 405 Method Not Allowed
is not allowed for the target object.
AEC_NOT_ACCEPTABLE The specified request is unacceptable. 406 Not Acceptable
AEC_CONFLICT The specified request has a conflict that 409 Conflict
prevents the operation from completing.
AEC_PRE_CONDITION_FAILED The specified request has failed a 412 Precondition failed
precondition.
AEC_INVALID_REQUEST_RANGE The specified request has requested a 416 Requested Range not
range that cannot be satisfied. Satisfiable
AEC_NOT_MODIFIED The specified request was not modified. 304 Not Modified
AEC_LIMIT_EXCEEDED The specified request exceeded the limit 403 Forbidden
set on the server side.
AEC_INVALID_LICENSE The specified request has an invalid 403 Forbidden
license.
AEC_NAMETOOLONG The specified request has an object name 403 Forbidden
size that is too long.
AEC_SYSTEM_INTERNAL_ERROR The specified request has failed because 500 Internal Server Error
the server encountered an unexpected
condition.

Activity Logs
Activity logs capture server and object activity, and can help identify problems. The following table shows the location of
different types of activity logs.

Server Logs Object Daemon Log Generic Log

● /var/log/<server>/ /var/log/isi_object_d.log /var/log/message
webui_httpd_error.log
● /var/log/<server>/
webui_httpd_access.log
For <server>, type the path to the
server directory. For example: /apache2.

File system access operations

You can make requests through the OneFS API to perform operations on the file system.

204 File system access API

Access points
You can access the file system namespace through an access point. Root users can create an access point on the namespace,
and initially only the root user has privileges for that access point. The root user can create an access control list (ACL) to
provide read privileges for additional users.
Root users can create an access point on the namespace, and initially only the root user has privileges for that access point. The
root user can create an access control list (ACL) to provide read privileges for additional users.
The root user can also grant write privileges to users, but nonroot users with write privileges are unable to reconfigure the path
of an existing access point.
Also, each file or directory in an access point has its own permissions, so even if a user has privileges for an access point, the
user must still be given permissions for each file and directory.

Configure a user accounts for read privileges

Configure user accounts with read privileges before users can access an access point. User access privileges (such as read, or
write) for files and directories that are under an access point are governed by the OneFS system ACLs and permissions. Users
privileges to an access point can be modified, however, the read privilege must be given to a user, or the user cannot access the
access point.

Steps
1. Create a user account by running the following command, where user1 is the new user account name:

isi auth users create user1 --password user1 --home-directory /ifs/home/user1 --

password-expires no

2. Grant users read-privilege to a OneFS access point through by applying the PUT method to the URI.
In the following example, user1 is granted access to the ifs-ap1 access point by modifying the ACL read-privilege on the
access point.

PUT /namespace/ifs-ap1?acl&nsaccess=true HTTP/1.1

Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==
Host: 10.245.107.17:8080
Content-Type:application/json
Content-Length: 140
{"authoritative":"acl", "acl":[{"trustee": {"name":"user1","type":"user"},
"accesstype":"allow", "accessrights":["file_read"], "op":"add"}]}'

Create a namespace access point

Creates a namespace access point in the file system. Only root users can create or change namespace access points.

Request syntax

PUT /namespace/<access_point> HTTP/1.1

Host <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

{
"path" : "<absolute_filesystem_path>"
}

NOTE:

The path to the namespace access point must begin at /ifs, which is the root directory of the OneFS file system.

File system access API 205

Request query parameters
There are no query parameters for this request.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request
The following request creates an access point named 'accesspoint1' on the namespace.

PUT /namespace/accesspoint1 HTTP/1.1

Host my_cluster:8080
Date: Fri, 15 Mar 2013 21:51:50 GMT
Content-Type: text/xml

{
"path": "/ifs/home/"
}

Example response

HTTP/1.1 200 OK
Date: Fri, 15 Mar 2013 21:51:50 GMT
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Allow: DELETE, GET, HEAD, POST, PUT
x-isi-ifs-spec-version: 1.0
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=15, max=335
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

Get namespace access points

Retrieves the namespace access points available for the authenticated user.

Request syntax

GET /namespace/ HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

206 File system access API

Request query parameters
There are no query parameters for this request.

Request headers
This call sends common request headers.

Response header
This call returns common response headers.

Response body
An array of namespace access points is output in JSON. Only the access points that the user has privileges for are returned.

Example request
This example retrieves a list of all access points for the namespace on this cluster by the root user.

GET /namespace/ HTTP/1.1

Host my_cluster:8080
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Allow: GET, HEAD
Connection: Keep-Alive
Content-Type: application/json
Date: Mon, 25 Mar 2013 20:31:33 GMT
Keep-Alive: timeout=15, max=499
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Transfer-Encoding: chunked
x-isi-ifs-spec-version: 1.0

{
"namespaces": [
{
"name": "user1",
"path": "/ifs/home/user1"
},
{
"name": "ifs",
"path": "/ifs/"
}
]
}

File system access API 207

Get or set an access control list for a namespace access point
Retrieves or sets the access control list for a namespace access point.

Request syntax

GET /namespace/<access_point>?acl&nsaccess=true HTTP/1.1

Host <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

PUT /namespace/<access_point>?acl&nsaccess=true HTTP/1.1

Host <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
acl This parameter is a functional keyword that does N/A N/A Yes
not have a value.
nsaccess Indicates that the operation is on the access N/A Boolean Yes
point instead of the store path. This value must
be set to true. If set to false or left blank,
the request behaves similarly to a GET or PUT
operation.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
The access control list for the namespace access point is returned for the GET operation.
No message body is returned upon success for the PUT operation.

Example request 1
In this example, the GET operation retrieves the access control list from the namespace.

GET /namespace/ifs-ap1?acl&nsaccess=true HTTP/1.1

Host: my_cluster:8080
Authorization: <key>

208 File system access API

Example response 1

HTTP/1.1 200 OK
Date: Mon, 25 Mar 2013 18:42:16 GMT
x-isi-ifs-spec-version: 1.0
Transfer-Encoding: chunked
Content-Type: application/json

{
"acl":[
{
"accessrights":[
"file_read"
],
"accesstype":"allow",
"inherit_flags":[

],
"trustee":{
"id":"UID:2000",
"name":"user1",
"type":"user"
}
}
],
"authoritative":"acl",
"group":{
"id":"GID:0",
"name":"wheel",
"type":"group"
},
"mode":"0060",
"owner":{
"id":"UID:0",
"name":"root",
"type":"user"
}
}

Example request 2
In this example, the request sets an access control list for the access point.

PUT /namespace/ifs-ap1?acl&nsaccess=true HTTP/1.1

Authorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==
Host: 10.245.107.17:8080
Content-Type:application/json
Content-Length: 140

{
"authoritative":"acl",
"acl":[
{
"trustee":{
"name":"user1",
"type":"user"
},
"accesstype":"allow",
"accessrights":[
"file_read"
],
"op":"add"
}
]
}

File system access API 209

Example response 2

HTTP/1.1 200 OK
Date: Mon, 25 Mar 2013 17:24:55 GMT
Transfer-Encoding: chunked
Content-Type: text/plain
x-isi-ifs-spec-version: 1.0

Get version information for the namespace access protocol

Retrieves the protocol versions that are supported for the current namespace access server.

Request syntax

GET /namespace/?versions HTTP/1.1

Host <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

name
versions This parameter is a functional keyword that does N/A N/A Yes
not have a value.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
An array of version strings that are supported by the current namespace API server is output in JSON.

Example request
This example retrieves a list of all versions that are supported for the namespace access server.

GET /namespace/?versions HTTP/1.1

Host my_cluster:8080
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization:<signature>

Example response
This example shows that the namespace access server supports only version 1.0.

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT

210 File system access API

 Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

{"versions": ["1.0"]}

Delete a namespace access point

Deletes a namespace access point. Only root users can delete namespace access points. Also, the deletion of a namespace
access point does not delete the namespace resource that the access point references.

Request syntax

DELETE /namespace/<access_point> HTTP/1.1

Host <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

Request query parameters

There are no query parameters for this request.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request
This example shows the delete operation for an access point that is named 'user1.'

DELETE /namespace/user1 HTTP/1.1

Host my_cluster:8080
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

File system access API 211

Directory operations
You can perform directory operations on the namespace.

Create a directory
Creates a directory with a specified path.

Request syntax

PUT /namespace/<access_point>/<container_path>[?recursive=<boolean>][?
overwrite=<boolean>] HTTP/1.1
Host <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>
x-isi-ifs-target-type: container

Request query parameters

Parameter Description Default Type Required

Name
recursive Creates intermediate folders recursively, when False Boolean No
set to true.
overwrite Deletes and replaces the existing user attributes True Boolean No
and ACLs of the directory with user-specified
attributes and ACLS from the header, when set
to true. Returns an error if the directory exists,
when set to false. If the directory does not exist,
the directory is created and set with the user-
specified attributes and ACLs from the header. If
no ACLs are set in the header, the default mode
is set to 0700.

Request headers

Header Name Description Default Type Required

x-isi-ifs-access- Specifies a predefined ACL value or POSIX mode 0700 (read, String No
control with a string. If this parameter is not provided, write, and start
the mode for the directory is set to 0700 by with owner
default. permissions)
x-isi-ifs-node- Specifies the OneFS node pool name. When set N/A String No
pool-name to ANY, OneFS selects the pool for the directory.
Only users with root access can set this header.
x-isi-ifs-attr- Specifies extended user attributes on the N/A String No
<attr_name> directory. The attributes names are stored in
upper case, and all dashes (-) are converted to
underscores (_).

Response headers
This call returns common response headers.

212 File system access API

Response body
No message body is returned upon success.

Example request
This request creates a directory on the namespace named 'folder1/folder2'.

PUT /namespace/ifs/folder1/folder2/?recursive=true HTTP/1.1

Host my_cluster:8080
x-isi-ifs-target-type: container
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Get the attributes for a directory with the HEAD method

Retrieves the attribute information for a specified directory without transferring the contents of the directory. Attributes that
can be displayed are returned only as headers, such as x-isi-ifs-<name>=<value>.

Request syntax

HEAD /namespace/<access_point>/<container_path> HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

There are no query parameters for this request.

Request headers

Header Name Description Default Type Required

If-Modified-Since Returns directory content only if the directory None HTTP date No
was modified since the specified time. If no
directory content was modified, a 304 message
is returned.
If-Unmodified- Returns directory content only if the directory None HTTP date No
Since was not modified since the specified time. If
there is no unmodified directory content, a
412 message is returned to indicate that the
precondition failed.

File system access API 213

Response headers

Header Name Description Default Type Required

Content- Provides the content encoding that was applied None String No
Encoding to the object content, so that decoding can be
applied when retrieving the content.
Content-Type Provides a standard MIME-type description of binary/octet- String No
the content format. stream
x-isi-ifs-attr- Provides the extended attributes that were set None String No
<attr_name> in the message header. The attribute names
are stored in uppercase, and all dashes (-) are
converted to underscores (_).
x-isi-ifs-missing- Provides the number of attributes that cannot be None String No
attr displayed in the HTTP header. Missing attributes
can be retrieved through the following operation:
GET the extended attributes of a directory.
x-isi-ifs-access- Provides the access mode for the directory in None String No
control octal notation.

Response body
No message body is returned upon success.

Example request

HEAD /namespace/ifs/my_folder/ HTTP/1.1

Host my_cluster:8080
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Connection: close
Server: Apache2/2.2.19
Last-Modified: Wed, 21 Sep 2011 12:00:00 GMT
x-isi-ifs-access-control: 0600
x-isi-ifs-attr-color: red
x-isi-ifs-missing-attr: 1
x-isi-ifs-spec-version: 1.0
x-isi-ifs-target-type: container
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/xml; charset=UTF-8

Get the extended attributes of a directory

Retrieves the attribute information for a specified directory with the metadata query argument.

Request syntax

GET /namespace/<access_point>/<container_path>?metadata HTTP/1.1

Host <hostname>[:<port>]

214 File system access API

 Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
metadata This parameter is a functional keyword and does N/A N/A Yes
not have a value.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
The object attribute information is returned in JSON format.

{
"attrs":[
{
"name":"<key_name>",
"value":"<key_value>",
"namespace":"<namespace_value>"
},
...
]
}

NOTE:

The namespace parameter is optional. When this parameter is missing, the attribute is considered to be a system defined
attribute. When <namespace_value> is set to user, the attribute is considered a user-defined attribute.

Example request

GET /namespace/ifs/my_folder/?metadata HTTP/1.1

Host my_cluster:8080
Content-Length : <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <Length>
Content-Type: application/JSON
Connection: close
Server: Apache2/2.2.19

{
"attrs":[
{
"name":"is_hidden",

File system access API 215

 "value":false
},
{
"name":"size",
"value":96
},
{
"name":"block_size",
"value":8192
},
{
"name":"blocks",
"value":4
},
{
"name":"last_modified",
"value":"Fri, 23 Mar 2012 16:32:42 GMT"
},
{
"name":"change_time",
"value":"Fri, 23 Mar 2012 16:32:42 GMT"
},
{
"name":"access_time",
"value":"Fri, 23 Mar 2012 16:32:42 GMT"
},
{
"name":"create_time",
"value":"Wed, 21 Mar 2012 22:06:23 GMT"
},
{
"name":"mtime_val",
"value":1332520362
},
{
"name":"ctime_val",
"value":1332520362
},
{
"name":"atime_val",
"value":1332520362
},
{
"name":"btime_val",
"value":1332367583
},
{
"name":"owner",
"value":"root"
},
{
"name":"group",
"value":"wheel"
},
{
"name":"uid",
"value":0
},
{
"name":"gid",
"value":0
},
{
"name":"id",
"value":2
},
{
"name":"nlink",
"value":6
},
{
"name":"type",
"value":"container"

216 File system access API

 },
{
"name":"mode",
"value":511
}
]
}

Get the contents of a directory

Retrieves a list of files and subdirectories from a directory.

Request syntax

GET /namespace/<access_point>/<container_path>[?<query>] HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

NOTE:

The query argument is optional and can include the parameters in the following table.

Request query parameters

Parameter Description Default Type Required

Name
detail Specifies which object attributes are displayed. None String No
If the detail parameter is excluded, only the
name of the object is returned. You can specify
multiple attribute names in CSV format. If you set
this value to default, the following attributes are
included: name, size, owner, last_modified, type,
group, and mode.
limit Specifies the maximum number of objects to 1000 Integer No
send to the client. You can set the value to a
negative number to retrieve all objects. Also, you
can specify the maximum number of objects to
return when sorting directory entries by opening
a secure shell (SSH) connection to any node in
the cluster, logging in, and running the following
command:

isi_gconfig -t oapi
max_sort_dir_sz=<integer>

resume Specifies a token to return in the JSON result None String No

to indicate when there is a next page. The client
can include the resume token to access the next
page.
sort Specifies one or more attributes to sort on None String No
the directory entries. You can specify multiple
attributes by separating the attributes with a
comma, such as name, size, last_modified. When
sorting is on, the maximum number of objects
returned is 1000. The entries are sorted in the
order that the attributes appear in the list, from
left to right.

File system access API 217

Parameter Description Default Type Required
Name
dir Specifies the sort direction. This value can None String No
be either ascending (ASC) or descending
(DESC).
type Specifies the object type to return, which None String No
can be one of the following values: container,
object, pipe, character_device, block_device,
symbolic_link, socket, or whiteout_file.
hidden Specifies if hidden objects are returned. None Boolean No

Request headers

Header Name Description Default Type Required

If-Modified-Since Returns directory content only if the directory None HTTP date No
was modified since the specified time. If no
directory content was modified, a 304 message
is returned.
If-Unmodified- Returns directory content only if the directory None HTTP date No
Since was not modified since the specified time. If
there is no unmodified directory content, a
412 message is returned to indicate that the
precondition failed.

Response headers

Header Name Description Default Type Required

Content- Provides the content encoding that was applied None String No
Encoding to the object content, so that decoding can be
applied when retrieving the content.
Content-Type Provides a standard MIME-type description of application/json String No
the content format.
x-isi-ifs-attr- Provides the extended attributes that were set in None String No
<attr_name> the message header.
x-isi-ifs-missing- Provides the number of attributes that cannot be None Integer No
attr displayed in the HTTP header.
x-isi-ifs-access- Provides the POSIX mode in octal notation. None String No
control

Response body
An array of objects in the directory is output in JSON format.

Example request
The following request returns the contents of a directory named 'folder1/folder2'.

GET /namespace/folder1/folder2 HTTP/1.1

Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

218 File system access API

Example response

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Type: application/JSON
Connection: close
Server: Apache2/2.2.19

{
"children":[
{
"name":"cover"
},
{
"name":"f2"
},
{
"name":"cover.txt"
},
{
"name":"cover8"
}
]
}

Request example 2
This request returns object details for the directory named 'folder1/folder2'.

GET /namespace/folder1/folder2/?limit=500&detail=default HTTP/1.1

Host my_cluster:8080
Content-Length: 0
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Response example 2

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Type: application/JSON
Connection: close

{
"resume":"<the_resume_token>",
"children":[
{
"last_modified":"Fri, 18 Nov 2011 22:45:31 GMT",
"name":"cover",
"size":24,
"type":"object",

},
{
"last_modified":"Fri, 18 Nov 2011 20:01:04 GMT",
"name":"f2",
"size":4,
"type":"object",

},
{
"last_modified":"Fri, 18 Nov 2011 22:45:40 GMT",
"name":"finance",
"size":0,
"type":"container",

File system access API 219

 ]
}

Copy a directory
Recursively copies a directory to a specified destination path. Symbolic links are copied as regular files.

Request syntax

PUT /namespace/<access_point>/<container_path> HTTP/1.1

x-isi-ifs-copy-source: /namespace/<access_point>/<source_path>
Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
overwrite Specifies if the existing file should be overwritten False Boolean No
when a file with the same name exists.
merge Specifies if the contents of a directory should be False Boolean No
merged with an existing directory with the same
name.
continue Specifies whether to continue the copy operation False Boolean No
on remaining objects when there is a conflict or
error.

Request headers

Header Name Description Default Type Required

x-isi-ifs-copy- Specifies the full path to the source directory. None String Yes
source The source and destination must share the same
access point.
x-isi-ifs-mode- Copies the file/dir mode, ownership, ACL, and None String Yes
mask timestamps information along with file data

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.
For this operation, the HTTP status code 200 OK does not always indicate a complete success. If the response body contains a
JSON message, the operation has partially failed, and the error message is reported in a structured JSON array.
If the server fails to initiate a copy due to an error (such as an invalid copy source), an error is returned. If the server initiates
the copy, and then fails, "copy_errors" are returned in structured JSON format.
Because the copy operation is synchronous, the client cannot stop an ongoing copy or check the status of a copy
asynchronously.

220 File system access API

Example request 1

PUT /namespace/ifs/dest1/ / HTTP/1.1

x-isi-ifs-copy-source: /namespace/ifs/src1/
Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response 1

HTTP/1.1 200 Ok
Date: Thu, 22 Sep 2011 12:00:00 GMT
Server: Apache2/2.2.19
Content-Encoding: gzip
x-isi-ifs-spec-version: 1.0
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

Example request 2
In this example, the directory 'src1' contains files {f1, f2, f3, f4} and the directory 'dest1' exists and contains files {f1, f2}.

PUT /namespace/ifs/dest1/?merge=true&continue=true HTTP/1.1

x-isi-ifs-copy-source: /namespace/ifs/src1/
Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response 2

HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 12:00:00 GMT
Server: Apache2/2.2.19
x-isi-ifs-spec-version: 1.0
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

{
"copy_errors":[
{
"source":"/ap1/src1/f1",
"target":"/ap1/dest1/f1",
"error_src":"target side",
"message":"target exists(not copied)",

},
{
"source":"/ap1/src1/f2",
"target":"/ap1/dest1/f2",
"error_src":"target side",
"message":"target exists(not copied)"
}
],

File system access API 221

Move a directory
Moves a directory from an existing source to a new destination path.

Request syntax

POST /namespace/<access_point>/<container_path> HTTP/1.1

x-isi-ifs-set-location: /namespace/<access_point>/<dest_path>
Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

There are no query parameters for this request.

Request headers

Header Name Description Default Type Required

x-isi-ifs-set- Specifies the full path for the destination None String Yes
location directory. The source and destination directories
must be in the same access point.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request

POST /namespace/ifs/folder1/folder2/ HTTP/1.1

x-isi-ifs-set-location: /namespace/ifs/dest1/dest2/
Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 204 No Content

Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

222 File system access API

Delete a directory
Deletes the directory at the specified path.

Request syntax

DELETE /namespace/<access_point>/<container_path>[?recursive=<Boolean>] HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
recursive Deletes directories recursively, when set to true. False Boolean No
Returns an error if you attempt to delete a
directory that is not empty, when set to false.
When the recursive parameter is set to
true, and there is an error deleting a child, the
operation continues to delete other children. Only
the last error is returned.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request

DELETE /namespace/folder1/folder2 HTTP/1.1

Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 204 No Content

Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

File system access API 223

Set attributes on a directory
Sets attributes on a specified directory with the metadata query argument. You can also set attributes with a header when the
directory is created with the header format x-isi-ifs-<name>=<value>.

Request syntax

PUT /namespace/<access_point>/<container_path>?metadata HTTP/1.1

Host <hostname>[:<port>]
Content-Length : <length>
Content-Type : application/JSON
Date: <date>
Authorization: <signature>

{
"action":"<action_value>",
"attrs":[
{
"name":"<key_name>",
"value":"<key_value>",
"namespace":"<namespace_value>",
"op":"<operation_value>"
},
...
]
}

NOTE:

You can omit attribute values or enter "" for the value.

Request query parameters

Parameter Description Default Type Required

Name

metadata The metadata argument must be placed at the N/A String No

first position of the argument list in the URI.

Request body parameters

Parameter Description Default Type Required

Name

action The values for the <action_value> field update String No

are replace or update. Note that the
<action_value> field operates in conjunction with
the <operation_value> field.
To modify the existing attributes, set
both <action_value> and<operation_value> to
update.
To delete the existing attributes,
set <action_value> to update and
<operation_value> to delete.
To remove all extended attributes first,
and then replace the attributes with the
values that are specified in the attrs
parameter, set <action_value> to replace.

224 File system access API

Parameter Description Default Type Required
Name

When <action_value> is set to replace, the

<operation_value> field is ignored.

op The values for the <operation_value> field are update String No

update or delete. The <operation_value> field
is only applicable when <action_value> is set to
update.

namespace Specifies the namespace that is associated with user String No

the attributes set for the directory. The only
supported value for this parameter is user.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request

PUT /namespace/ifs/my_folder/?metadata HTTP/1.1

Host my_cluster:8080
Content-Length : <length>
Date: <date>
Authorization: <signature>

{
"action":"replace",
"attrs":[
{
"name":"Manufacture",
"value":"Foo",
"namespace":"user"
}
]
}

Example response

HTTP/1.1 200 OK
Date: Wed, 20 Mar 2013 17:19:15 GMT
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Allow: DELETE, GET, HEAD, POST, PUT
x-isi-ifs-spec-version: 1.0
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=15, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

File system access API 225

File operations
You can perform file operations on the namespace.

Create a file object

Creates a file object with a given path. The file is either successfully created in whole, or no file is created at all. Partial files
cannot be created.

Request syntax

PUT /namespace/<access_point>/<file_path>[?overwrite=<Boolean>] HTTP/1.1

Host <hostname>[:<port>]
Content-Length : <length>
Date: <date>
Authorization: <signature>

[Message Body]

Request query parameters

Parameter Description Default Type Required

Name
overwrite If the overwrite parameter is set to true, True Boolean No
the preset user attributes and ACLs of the file
are deleted and replaced with the user-specified
attributes and ACLs from the header. If the
overwrite parameter is set to false and the file
exists, an error message is returned. If the file
does not exist, the file is created and set with
the user-specified attributes and ACLs from the
header.

Request headers

Header Name Description Default Type Required

Content- Specifies the content encoding that was applied None String No
Encoding to the object content, so that decoding can be
applied when retrieving the content.
Content-Type Specifies a standard MIME-type description of binary/octet- String Conditional
the content format. stream
x-isi-ifs-target- Specifies the resource type. This value can be None String Yes.
type container or object.
The value must
be set to 'object.'

x-isi-ifs-access- Specifies a predefined ACL value or POSIX mode 0600 (read, write String No
control with a string in octal string format. with owner
permissions).
x-isi-ifs-attr- Specifies the extended attributes that were set None String No
<attr_name> in the message header. The attributes names
are stored in upper case, and all dashes (-) are
converted to underscores (_).

226 File system access API

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request

PUT /namespace/ifs/my_folder/picture.jpg HTTP/1.1

Host my_cluster:8080
x-isi-ifs-target-type: object
Content-Type: image/jpeg
Content-Length: 65536
Date: Thu Sep 22 16:06:32 GMT 2011
Authorization: <signature>

[Byte Streams of pictue.jpg]

Example response

HTTP/1.1 201 Created

Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Get the contents of a file

Retrieves the contents of a file from a specified path.

Request syntax

GET /namespace/<access_point>/<file_path> HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>
Range: bytes=<byte_range>

Request query parameters

There are no query parameters for this request.

Request headers

Header Name Description Default Type Required

Range Returns the specified range bytes of an object. None String No
Only the basic range is supported. The format is
defined as:

first-byte-pos "-" last-byte-pos

File system access API 227

Header Name Description Default Type Required

The first-byte-pos value in a byte-range-spec

gives the byte-offset of the first byte in a range.
The last-byte-pos value gives the byte-offset
of the last byte in the range; that is, the byte
positions that are specified are inclusive. Byte
offsets start at zero.

If-Modified-Since Returns only files that were modified since the None HTTP date No
specified time. If no files were modified since this
time, a 304 message is returned.
If-Unmodified- Returns only files that were not modified since None HTTP date No
Since the specified time. If there are no unmodified
files since this time, a 412 message is returned
to indicate that the precondition failed.

Response headers

Header Name Description

Content-Encoding Provides the content encoding that was applied to the object content, so that decoding
can be applied when retrieving the content.
Content-Type Provides a standard MIME-type description of the content format.
x-isi-ifs-attr-<attr_name> Provides the extended attributes that were set in the message header when the file was
created.
x-isi-ifs-missing-attr Provides the number of attributes that cannot be displayed in the HTTP header.
x-isi-ifs-access-control Provides the access mode for the file in octal number format.

Response body
No message body is returned upon success.

Example request

GET /namespace/ifs/my_folder/picture.jpg HTTP/1.1

Host my_cluster:8080
Date: Thu Sep 22 16:06:32 GMT 2011
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu Sep 22 16:06:32 GMT 2011
Content-Length: 54380
Content-Type: image/jpeg
Connection: close
Server: Apache2/2.2.19

[54380 bytes of data]

228 File system access API

Copy a file
Copies a file to the specified destination path.

Request syntax

PUT /namespace/<access_point>/<file_path>[?overwrite=<Boolean>] HTTP/1.1

x-isi-ifs-copy-source: /namespace/<access_point>/<source_path>
Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
overwrite Specifies if the existing file should be overwritten False Boolean No
when a file with the same name exists.

Request headers

Header Name Description Default Type Required

x-isi-ifs-copy- Specifies the full path of the source. N/A String Yes
source
The source and destination paths must be in the
same access point.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success. For this operation, the HTTP status code 200 OK may not indicate a complete
success.
If the response body contains a JSON message, the operation has partially failed. If the server fails to initiate a copy due to
an error (such as an invalid copy source), an error is returned. If the server initiates the copy, and then fails, "copy_errors"
are returned in structured JSON format. Because the copy operation is synchronous, the client cannot stop an ongoing copy
operation or check the status of a copy operation asynchronously.

Example request 1
This example shows a successful copy.

PUT /namespace/ifs/folder1/myfile HTTP/1.1

x-isi-ifs-copy-source: /namespace/ifs/source1/myfile
Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

File system access API 229

Example response 1

HTTP/1.1 200 Ok
Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Example request 2
This example shows a failed copy, where the file is not overwritten.

PUT /namespace/accesspoint1/directory1/file2_copy HTTP/1.1

Host 10.245.105.110:8080
x-isi-ifs-copy-source: /namespace/accesspoint1/directory1/file2
Date: Wed, 20 Mar 2013 21:33:55 GMT
Authorization: <signature>

Example response 2

HTTP/1.1 200 OK
Date: Wed, 20 Mar 2013 21:33:55 GMT
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Allow: DELETE, GET, HEAD, POST, PUT
x-isi-ifs-spec-version: 1.0
Keep-Alive: timeout=15, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

{
"copy_errors":[
{
"error_src":"target side",
"message":"target exists(not copied)",
"source":"/accesspoint1/directory1/file2",
"target":"/accesspoint1/directory1/file2_copy"
}
],
"success":false
}

Move a file
Moves a file to a destination path that does not yet exist.

Request syntax

POST /namespace/<access_point>/<file_path> HTTP/1.1

x-isi-ifs-set-location: /namespace/<access_point>/<dest_path>
Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

There are no query parameters for this request.

230 File system access API

Request headers

Header Name Description Default Type Required

x-isi-ifs-set- Specifies the full path of the destination file. The None String Yes
location source and destination paths must be in the same
access point.
If the x-isi-ifs-set-location hovers over a file
name that is different than the source file name,
the user can rename the file.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request

POST /namespace/ifs/folder1/myfile HTTP/1.1

x-isi-ifs-set-location: /namespace/ifs/dest1/myfile
Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 204 Non Content

Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Delete a file
Deletes the specified file.

Request syntax

DELETE /namespace/<access_point>/<file_path> HTTP/1.1

Host <hostname>[:<port>]
Date:<date>
Authorization: <signature>

Request query parameters

There are no query parameters for this request.

Request headers
This call sends common request headers.

File system access API 231

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request

DELETE /namespace/ifs/my_folder/test.txt HTTP/1.1

Host my_cluster:8080
Content-Length: <length>
Date: Thu, 22 Sep 2011 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 204 No Content

Date: Thu, 22 Sep 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Clone a file
Clone a file to the destination path. If the parameter is set as a snapshot name, the file is cloned from that snapshot.

Request syntax

PUT /namespace/<access_point>/<file_path>[?<clone>][&<snapshot>][&<overwrite>] HTTP/1.1

x-isi-ifs-copy-source: <source_file_path>
Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
clone Set this parameter to true in order to clone a file. False Boolean No
snapshot Specifies a snapshot name to clone the file from. N/A String No
If a snapshot name is not given, a temporary
snapshot is created. The temporary snapshot is
deleted after the cloning operation is complete.
overwrite Specifies if an existing file should be overwritten False Boolean No
by a new file with the same name.

232 File system access API

Request headers

Header Name Description Default Type Required

x-isi-ifs-copy- Specifies the full path of the source. N/A String Yes
source
The source and destination paths must be in the
same access point.

Response headers
This call returns common response headers.

Response body
No response body is returned upon success.

Example request

PUT /namespace/ifs/folder1/myfile?clone=true HTTP/1.1

x-isi-ifs-copy-source: /namespace/ifs/source1/myfile
Host my_cluster:8080
Content-Length : 0
Date: <date>
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu, 21 Mar 2013 14:33:29 GMT
Content-Length: 0
Connection: close

Set attributes on a file

Sets attributes on a specified file with the metadata query argument through the JSON body. You can also set attributes with a
header when the file is created through a header with the format: x-isi-ifs-<name>=<value>.

Request syntax

PUT /namespace/<access_point>/<file_path>?metadata HTTP/1.1

Host <hostname>[:<port>]
Content-Length : <length>
Content-Type : application/JSON
Date: <date>
Authorization: <signature>

{
"action":"<action_value>",
"attrs":[
{
"name":"<key_name>",
"value":"<key_value>",
"namespace":"<namespace_value>",
"op":"<operation_value>"
},
...

File system access API 233

 ]
}

NOTE:

You can modify only the <content_type> and user specified attributes. All other system attributes are ignored.

Request query parameters

Parameter Description Default Type Required

Name
metadata The metadata argument must be placed at the N/A String No
first position of the argument list in the URI.

Request body parameters

Parameter Description Default Type Required

Name
action The values for the <action_value> field are update String No
replace or update. The <action_value>
field operates in conjunction with the
<operation_value> field.
To modify the existing attributes, set both
<action_value> and <operation_value> fields to
update.
To delete the existing attribute, set
the <action_value> field to update and
<operation_value> to delete.
To remove all extended attributes first
and then replace the attributes with the
values that are specified in the attrs
parameter, set <action_value> to replace.
When <action_value> is set to replace, the
<operation_value> field is ignored.

op The values for the <operation_value> field are update String No

update or delete. The <operation_value> field
is only applicable when <action_value> is set to
update.

namespace Specifies the value for the namespace that user String No
the attribute associates with a directory. This
parameter must be set to user if the attributes
are specified by users.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
No response body is returned upon success.

234 File system access API

Example request

PUT /namespace/accesspoint1/my_folder/mytest.txt?metadata HTTP/1.1

Host my_cluster:8080
Content-Length : <length>
Date: <date>
Authorization: <signature>

{
"action":"replace",
"attrs":[
{
"name":"Manufacture",
"value":"Foo",
"namespace":"user"
},
{
"name":"user.Material",
"value":"Steel",
"namespace":"user"
}
]
}

Example response

HTTP/1.1 200 OK
Date: Thu, 21 Mar 2013 14:33:29 GMT
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Allow: DELETE, GET, HEAD, POST, PUT
x-isi-ifs-spec-version: 1.0
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=15, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

Get the attributes for a file with the HEAD method

Retrieves the attribute information for a specified file. Attributes are returned as headers only if they can be displayed.

Request syntax

HEAD /namespace/<access_point>/<file_path> HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

There are no query parameters for this request.

File system access API 235

Request headers

Header Name Description Default Type Required

If-Modified-Since Returns only file content that was modified None HTTP date No
since the specified time. If no file content was
modified, a 304 message is returned.
If-Unmodified- Returns only file content that was not modified None HTTP date No
Since since the specified time. If there is no unmodified
file content, a 412 message is returned to indicate
that the precondition failed.

Response headers

Header Name Description Default Type Required

Content- Provides the content encoding that was applied None String No
Encoding to the object content, so that decoding can be
applied when retrieving the content.
Content-Type Provides a standard MIME-type description of binary/octet- String No
the content format. stream
x-isi-ifs-attr- Provides the extended attributes that were set in None String No
<attr_name> the message header.
x-isi-ifs-missing- Provides the number of attributes that cannot be None Integer No
attr displayed in the HTTP header.
The missing attributes can be retrieved through
the operation: GET extended attributes of a file
operation.

x-isi-ifs-access- Provides a predefined ACL value or POSIX mode 0700 String No

control with a string, such as private, private_read,
public_read, public_read_write, or public.

Response body
No message body is returned upon success.

Example request

HEAD /namespace/ifs/my_folder/picture.jpg HTTP/1.1

Host my_cluster:8080
Date: Thu Sep 22 16:06:32 GMT 2011
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu Sep 22 16:06:32 GMT 2011
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Allow: DELETE, GET, HEAD, POST, PUT
Last-Modified: Wed, 20 Mar 2013 18:16:17 GMT
x-isi-ifs-access-control: 0600
x-isi-ifs-attr-color: red
x-isi-ifs-missing-attr: 1
x-isi-ifs-spec-version: 1.0
x-isi-ifs-target-type: object

236 File system access API

Get the extended attributes of a file
Retrieves the attribute information for a specified file with the metadata query argument.

Request syntax

GET /namespace/<access_point>/<file_path>?metadata HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
metadata The metadata argument must be placed at the N/A String No
first position of the argument list in the URI.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
The object attribute information is returned in JSON format.

{
"attrs":[
{
"name":"<key_name>",
"value":"<key_value>",
"namespace":"<namespace_value>"
},
...
]
}
}

NOTE:

The namespace parameter is optional. When this parameter is missing, the attribute is considered to be a system defined
attribute. When the <namespace_value> field is set to user, the attribute is considered a user-defined attribute.

Example request

GET /namespace/accesspoint1/directory1/file1?metadata HTTP/1.1

Host: 10.245.105.110:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: _SID_=20130321154838-cffed57ca0a91f15a7dca80fc88ed0a8;
isisessid=7651c367-71d1-4ff1-9dd0-1eee09a4b03d; legacy=1; ys-lastStatusDashView=n%3A1;
ys-monitoringView=s%3ALIVE; ys-monitoringData=s%3AAVG

File system access API 237

 Connection: keep-alive
Cache-Control: max-age=0

Example response

HTTP/1.1 200 Ok
Date: Thu, 21 Mar 2013 19:58:11 GMT
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8x mod_webkit2/1.0
mod_fastcgi/2.4.6
Allow: DELETE, GET, HEAD, POST, PUT
x-isi-ifs-spec-version: 1.0
Keep-Alive: timeout=15, max=436
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

{
"attrs": [
{
"name": "content_type",
"value": "text/xml; charset=UTF-8"
},
{
"name": "is_hidden",
"value": false
},
{
"name": "size",
"value": 27
},
{
"name": "block_size",
"value": 8192
},
{
"name": "blocks",
"value": 52
},
{
"name": "last_modified",
"value": "Wed, 20 Mar 2013 18:16:17 GMT"
},
{
"name": "change_time",
"value": "Wed, 20 Mar 2013 18:16:17 GMT"
},
{
"name": "access_time",
"value": "Wed, 20 Mar 2013 18:16:17 GMT"
},
{
"name": "create_time",
"value": "Wed, 20 Mar 2013 18:16:17 GMT"
},
{
"name": "mtime_val",
"value": 1363803377
},
{
"name": "ctime_val",
"value": 1363803377
},
{
"name": "atime_val",
"value": 1363803377
},
{
"name": "btime_val",
"value": 1363803377
},

238 File system access API

 {
"name": "owner",
"value": "root"
},
{
"name": "group",
"value": "wheel"
},
{
"name": "uid",
"value": 0
},
{
"name": "gid",
"value": 0
},
{
"name": "id",
"value": 4300276817
},
{
"name": "nlink",
"value": 1
},
{
"name": "type",
"value": "object"
},
{
"name": "mode",
"value": "0600"
},
{
"name": "Manufacture",
"namespace": "user",
"value": "Foo"
},
{
"name": "user.Material",
"namespace": "user",
"value": "Steel"
}
]
}

Access control lists

You can configure access control lists (ACLs) or permissions modes for namespace directories and files.
For detailed information on access control lists, see the OneFS Administration Guide.

Access control personas

Personas are a union of a user ID (UID), name, and type. Personas represent users and groups for access control list (ACL)
operations.
The JSON format for personas is:

{
"id":"<ID>",
"name":"<name>",
"type":"<type>"
}

File system access API 239

Where

<ID>: <"USER" | "GROUP" | "SID" | "UID" | "GID"> : <the ID string>

<name>: <the normal user name in a string>
<type>: <user, group, or wellknown>

For PUT operations, you can specify either the ID or both the name and type. The ID value takes precedence when all fields are
available.

Access rights for directories

The following table lists the access rights for directories.

Access rights Functionality

list The right to list entries
add_file The right to create a file in the directory
add_subdir The right to create a subdirectory
delete_child The right to delete children, including read-only files
traverse The right to access files in subdirectories
dir_read_attr The right to read directory attributes
dir_write_attr The right to write directory attributes
dir_read_ext_attr The right to read extended directory attributes
dir_write_ext_attr The right to write extended directory attributes
dir_gen_read The right to list entries, read attributes, read extended attributes, and read access control lists.
dir_gen_write The right to create files, create subdirectories, write attributes, write extended attributes, and read
access control lists.
dir_gen_execute The right to access files in subdirectories, and read access lists.
dir_gen_all Includes the rights that are specified in dir_gen_read, dir_gen_write, dir_gen_execute, delete_child,
std_read_dac, std_write_dac, std_write_owner, and std_delete.

Access rights for files

The following table lists the access rights for files.

Access rights Functionality

file_read The right to read file data.
file_write The right to write file data.
append The right to append to a file.
Run The right to run a file.
file_read_attr The right to read file attributes.
file_write_attr The right to write file attributes.
file_read_ext_attr The right to read extended file attributes.
file_write_ext_attr The right to write extended file attributes.
file_gen_read The right to read files, read attributes, read extended attributes, and read access control lists.
file_gen_write The right to write to the file, append to the file, write file attributes, write extended file attributes, and
read access control lists.

240 File system access API

Access rights Functionality
file_gen_execute The right to run files, and read access control lists.
file_gen_all Includes the rights that are specified by file_gen_read, file_gen_write, file_gen_execute, std_read_dac,
std_write_dac, std_write_owner, and std_delete.

Access rights for files and directories

The following table describes the access rights for both files and directories.

Access rights Functionality

std_read_dac The right to read the access control list of the directory or file.
std_write_dac The right to write the access control list of the directory or file.
std_write_owner The right to change the owner of the directory or file.
std_delete The right to delete the current directory or file.
modify Includes the following access rights for a directory: add_file, add_subdir, dir_write_ext_attr,
dir_write_attr, delete_child, std_delete, std_write_dac and std_write_owner.
Includes the following access rights for a file: file_write, append, file_write_ext_attr, file_write_attr,
std_delete, std_write_dac and std_write_owner.

Inherited access rights

The following table lists the inheritance flags for directories and subdirectories. Inheritance flags specify the access rights
inherited by the children of a directory.

Inheritance Flags Functionality

object_inherit Only files inherit access rights from their parent directory.
container_inherit Only directories inherit access rights from their parent directory.
no_prop_inherit Stops the propagation of inherited rights for directories and files.
inherit_only Access rights do not apply for the current directory, but are applied to subdirectories and files when
they are inherited.
inherited_ace Indicates that the access control list of the current directory or file was inherited from a parent
directory or file.

Get the ACL of a directory

Retrieves the access control list of the directory for the authenticated user.

Request syntax

GET /namespace/<access_point>/<container_path>/<container_name>?acl HTTP/1.1

Host: <hostname>[:<port>]
Date: <date>
Authorization: <signature>

File system access API 241

Request query parameters

Parameter Description Default Type Required

Name
acl The acl argument must be placed at the first N/A String Yes
position of the argument list in the URI.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

{
"owner":{
"id":"<owner id>",
"name":"<owner name>",
"type":"<type>"
},
"group":{
"id":"<group id>",
"name":"<group name>",
"type":"<type>"
},
"authoritative":"acl"|"mode",
"mode":"<POSIX mode>",
"acl":[
{
"trustee":{
"id":"<trustee id>",
"name":"<trustee name>",
"type":"<trustee type>"
},
"accesstype":"allow" | "deny",
"accessrights":"<accessrights_list>",
"inherit_flags":"<inherit_flags_list>"
}
]
}

Response body parameters

Parameter Name Description

owner Provides the JSON object for the owner persona.
group Provides the JSON object for the group persona of the owner.
authoritative Can be set to acl or mode.
If the directory has access rights set, then this field is returned as acl.
If the directory has POSIX permissions set, then this field is returned as mode.

242 File system access API

Parameter Name Description
mode Provides the POSIX mode.
acl Provides the JSON array of access rights.
access type Can be set to allow or deny.
allow: Allows access to the directory based on the access rights set for the trustee.
deny: Denies access to the directory based on the access rights set for the trustee.

access rights Provides the list of access rights that are defined for the directory.
inherit_flags Provides the inherit flags set for the directory.

Example request

GET /namespace/ifs/dir1/dir2/dir?acl HTTP/1.1

Host: my_cluster:8080
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

{
"owner":{
"id":"UID:0",
"name":"root",
"type":"user"
},
"group":{
"id":"GID:0",
"name":"wheel",
"type":"group"
},
"authoritative":"acl",
"mode":"0722",
"acl":[
{
"trustee":{
"id":"UID:2001",
"name":"foo1",
"type":"user"
},
"accesstype":"allow",
"accessrights":[
"dir_gen_read",
"dir_gen_write"
],
"inherit_flags":[
"container_inherit"
]
},
{
"trustee":{
"id":"GID:23",
"name":"group1",
"type":"group"
},
"accesstype":"allow",
"accessrights":[

File system access API 243

 "dir_gen_read"
]
}
]
}

Get the ACL of a file

Retrieves the access control list of the file for the authenticated user.

Request syntax

GET /namespace/<access_point>/<container_path>/<file_name>?acl HTTP/1.1

Host: <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
acl The acl argument must be placed at the first N/A String Yes
position of the argument list in the URI.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

{
"owner":{
"id":"<owner id>",
"name":"<owner name>",
"type":"<type>"
},
"group":{
"id":"<group id>",
"name":"<group name>",
"type":"<type>"
},
"authoritative":"acl"|"mode",
"mode":"<POSIX mode>",
"acl":[
{
"trustee":{
"id":"<trustee id>",
"name":"<trustee name>",
"type":"<trustee type>"

244 File system access API

 },
"accesstype":"allow"|"deny",
"accessrights":"<accessrights_list>",
"inherit_flags":"<inherit_flags>"
}
]
}

Response body parameters

Parameter Name Description

owner Provides the JSON object for the owner persona.
group Provides the JSON object for the group persona of the owner.
authoritative Can be set to acl or mode.
If the directory has access rights set, then this field is returned as acl.
If the directory has POSIX permissions set, then this field is returned as mode.

acl Provides the JSON array of access rights.

access type Can be set to allow or deny.
allow: Allows access to the file based on the access rights set for the trustee.
deny: Denies access to the file based on the access rights set for the trustee.

access rights Provides the list of access rights that are defined for the file.
inherit_flags Provides the inherit flags set for the file.

Example request

GET /namespace/ifs/dir1/dir2/file1?acl HTTP/1.1

Host: my_cluster:8080
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Thu, 12 Jan 2011 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

{
"owner":{
"id":"UID:0",
"name":"root",
"type":"user"
},
"group":{
"id":"GID:0",
"name":"wheel",
"type":"group"
},
"authoritative":"acl",
"mode":"0022",
"acl":[
{
"trustee":{
"id":"UID:2000",
"name":"foo2",

File system access API 245

 "type":"user"
},
"accesstype":"allow",
"accessrights":[
"file_gen_read",
"file_gen_write"
]
},
{
"trustee":{
"id":"GID:1001",
"name":"group2",
"type":"group"
},
"accesstype":"allow",
"accessrights":[
"file_gen_read"
]
}
]
}

Set the ACL for a directory when the directory is created

Sets the access control list for a directory by setting the headers when the directory is created.

Request syntax

PUT /namespace/<access_point>/<container_path>/<container_name> HTTP/1.1

Host: <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>
x-isi-ifs-access-control : "private_read" | "private" | "public_read" |
"public_read_write" | "public" | "<POSIX mode>"

NOTE:

The attribute x-isi-ifs-access-control can be set to a predefined ACL value or to a POSIX mode in octal string. If this header
is not specified, the directory mode is set to 0700 by default when the directory is created.

Predefined ACL value Access rights Access rights displayed

private_read The directory owner has the following rights: list Directory owner: "access rights":
entries, read attributes, read extended attributes, ["dir_gen_read","dir_gen_execute","std_write_d
access files in subdirectories, read access control ac"],"inherit_flags":[]
list, and write access control list.
private The directory owner has the following rights: list Directory owner:"access rights":
entries, read attributes, read extended attributes, ["dir_gen_all"],"inherit_flags":[]
read access control list, create files, create
subdirectories, write attributes, write extended
attributes, access files in subdirectories, delete
children (including read-only files), change owner,
write access control list, and delete current
directory.
public_read The directory owner has the following rights: list Directory owner: "access rights":
entries, read attributes, read extended attributes, ["dir_gen_all"],"inherit_flags":[]
read access control list, create files, create
All users: "access rights":
subdirectories, write attributes, write extended
["dir_gen_read","dir_gen_execute"],"inherit_flag
attributes, access files in subdirectories, delete
s":[]
children (including read-only files), change owner,
write the access control list, and delete current
directory.

246 File system access API

Predefined ACL value Access rights Access rights displayed

All users have the following rights: list entries,

read attributes, read extended attributes, read
access control lists, and access files in
subdirectories.

public_read_write The directory owner has the following rights: list Directory owner: "access rights":
entries, read attributes, read extended attributes, ["dir_gen_all"],"inherit_flags":[]
read access control list, create files, create
All users: "access rights":
subdirectories, write attributes, write extended
["dir_gen_read","dir_gen_write","dir_gen_execu
attributes, access files in subdirectories, delete
te"],"inherit_flags":[]
children (including read-only files), change owner,
write the access control list, and delete current
directory.
All users have the following rights: list entries,
read attributes, read extended attributes,
read access control lists, create files, create
subdirectories, write attributes, write extended
attributes, and access files in subdirectories.

public All users have the following rights: list entries, All users: "access rights":
read attributes, read extended attributes, ["dir_gen_all"],"inherit_flags":[]
read access control list, create files, create
subdirectories, write attributes, write extended
attributes, access files in subdirectories, delete
children (including read-only files), change owner,
write access control list, and delete current
directory.

The POSIX mode is an absolute mode that is constructed from the sum of one or more octal numbers that are listed in the
following table.

Octal Description
number
4000 The set-user-ID-on-execution bit. Executable files with this bit have their UID set to the UID of the file owner.
2000 The set-group-ID-on-execution bit. Executable files with this bit have their GID set to the GID of the file owner.
1000 The sticky bit.
0400 Allows read by owner.
0200 Allows write by owner.
0100 For files, allows execution by owner. For directories, allows directory queries by owner.
0040 Allows read by group members.
0020 Allows write by group members.
0010 For files, allows execution by group members. For directories, allows directory queries by group members.
0004 Allows read by others.
0002 Allows write by others.
0001 For files, allows execution by others. For directories, allows directory queries by others.

Request query parameters

There are no query parameters for this request.

File system access API 247

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
There is no message body for this response.

Example request

PUT /namespace/ifs/dir1/dir2/dir HTTP/1.1

Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
x-isi-ifs-access-control: "public_read"

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Set the ACL for a file when the file is created

Sets the access control list for a file by setting the headers when the file is created.

Request syntax

PUT /namespace/<access_point>/<container_path>/<file_name> HTTP/1.1

Host: <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>
x-isi-ifs-access-control : "private_read" | "private" | "public_read" |
"public_read_write" | "public" | "<POSIX mode>"

NOTE:

The attribute x-isi-ifs-access-control can be set to a predefined ACL value or to POSIX mode with octal string. By default,
the mode for the file is set to 0600.

Predefined ACL value Access rights Access rights displayed

private_read The file owner has the following rights: read files, File owner: "accessrights":
read attributes, read extended attributes, read ["file_gen_read","file_gen_execute","std_write
access control lists, run files, and write access _dac"],"inherit_flags":[]
control list.
private The file owner has the following rights: read file, File owner:"accessrights":
read attributes, read extended attributes, read ["file_gen_all"],"inherit_flags":[]
access control list, write to the file, append to

248 File system access API

Predefined ACL value Access rights Access rights displayed
the file, write file attributes, write extended file
attributes, run file, write, or modify the access
control list, change owner, and delete current file.
public_read The file owner has the following rights: read file, File owner: "accessrights":
read attributes, read extended attributes, read ["file_gen_all"],"inherit_flags":[]
access control list, write to the file, append to
All users: "accessrights":
the file, write file attributes, write extended file
["file_gen_read","file_gen_execute"],"inherit_f
attributes, run file, write, or modify the access
lags":[]
control list, change owner, and delete current file.
All users have the following rights: read files, read
attributes, read extended attributes, read access
control lists, and run files.

public_read_write The file owner has the following rights: read file, File owner: "accessrights":
read attributes, read extended attributes, read ["file_gen_all"],"inherit_flags":[]
access control list, write to the file, append to
All users: "accessrights":
the file, write file attributes, write extended file
["file_gen_read","file_gen_write","file_gen_ex
attributes, run file, write/modify the access control
ecute"],"inherit_flags":[]
list, change owner, and delete current file.
All users have the following rights: read files, read
attributes, read extended attributes, read access
control lists, write to the file, append to the file,
write file attributes, write extended file attributes,
and run files.

public All users have the following rights: read file, read All users: "accessrights":
attributes, read extended attributes, read access ["file_gen_all"],"inherit_flags":[]
control list, write to the file, append to the file,
write file attributes, write extended file attributes,
run file, write/modify the access control list,
change owner, and delete current file.

The POSIX mode is an absolute mode, which consists of an octal number that is constructed from the sum of one or more octal
numbers that are listed in the following table.

Octal Description
number
4000 The set-user-ID-on-execution bit. Executable files with this bit have their uid set to the uid of the file owner.
2000 The set-group-ID-on-execution bit. Executable files with this bit have their gd set to the gid of the file owner.
1000 The sticky bit.
0400 Allows read by owner.
0200 Allows write by owner.
0100 For files, allows execution by owner. For directories, allows directory queries by owner.
0040 Allows read by group members.
0020 Allows write by group members.
0010 For files, allows execution by group members. For directories, allows directory queries by group member.
0004 Allows read by others.
0002 Allows write by others.
0001 For files, allows execution by others. For directories, allows directory queries by others.

File system access API 249

Request query parameters
There are no query parameters for this request.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
There is no message body for this response.

Example request

PUT /namespace/ifs/dir1/dir2/file HTTP/1.1

Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
x-isi-ifs-access-control: "public_read"

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Set the ACL of a directory

Sets the access control list of the directory.

Request syntax

PUT /namespace/<access_point>/<container_path>/<container_name>?acl HTTP/1.1

Host: <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>

{
"owner":{
"id":"<owner id>",
"name":"<owner name>",
"type":"<type>"
},
"group":{
"id":"<group id>",
"name":"<group name>",
"type":"<type>"
},
"authoritative":"acl"|"mode",
"mode":"<POSIX mode>",

250 File system access API

 "action":"<action_value>",
"acl":[
{
"trustee":{
"id":"<trustee id>",
"name":"<trustee name>",
"type":"<trustee type>"
},
"accesstype":"allow"|"deny",
"accessrights":"<accessrights_list>",
"inherit_flags":"<inherit_flags_list>",
"op":"<operation_value>"
}
]
}

Request query parameters

Parameter Description Default Type Required

Name
acl The acl argument must be placed at the first N/A String Yes
position of the argument list in the URI.

Request body parameters

Parameter Description Default Type Required

Name
owner Specifies the JSON object for the owner N/A JSON object No
persona. You should only specify the owner
persona if you want to change the owner of the
target.
group Specifies the JSON object for the group persona N/A JSON object No
of the owner. You should only specify the group
persona if you want to change the group of the
target.
authoritative The authoritative field is mandatory and can take N/A String Yes
the value of either acl or mode.
acl: You can modify the owner, group
personas, or access rights for the directory by
setting the authoritative field to acl and by
setting <action_value> to update. When the
authoritative field is set to acl, access rights
are set for the directory from the acl structure.
Any value specified for the mode parameter is
ignored.
NOTE: When the authoritative field is
set to acl, the default value for the
<action_value> field is replace. If the
<action_value> field is set to replace, the
system replaces the existing access rights
of the directory with the access rights
specified in the acl structure. If the acl
structure is empty, the existing access rights
are deleted and default access rights are
provided by the system. The default access
rights for directories are read access control

File system access API 251

Parameter Description Default Type Required
Name

list (‘std_read_dac’) and write access control

list (‘std_write_dac’) for the owner.
mode: You can modify the owner and group
personas by setting the authoritative field to
mode. When the authoritative field is set
to mode, POSIX permissions are set on the
directory. The <action_value> field and acl
structure are ignored. If mode is set on a
directory that already has access rights or if
access rights are set on a directory that already
has POSIX permissions set, the result of the
operation varies based on the Global ACL Policy.

mode Specifies the POSIX mode. 0700 for Octal number, No

directories specified as a
string
0600 for files

action The <action_value> field is applied when the replace String No

authoritative field is set to acl. You can set
the <action_value> field to either update or
replace.
When set to update, the existing access control
list of the directory is modified with the access
control entries specified in the acl structure of
the JSON body.
When set to replace, the entire access control
list is deleted and replaced with the access
control entries specified in the acl structure of
the JSON body.
Additionally, when set to replace, the acl
structure is optional. If the acl structure is left
empty, the entire access control list is deleted
and replaced with the system set default access
rights. The default access rights for directories
are read access control list (‘ std_read_dac’) and
write access control list (‘ std_write_dac’) for
the owner.

acl Specifies the JSON array of access rights. N/A JSON object Conditional.
Mandatory when
the
<action_value>
field is set to
update; optional
when the
<action_value>
is set to
replace

accesstype Can be set to allow or deny. N/A String Yes, unless the
<action_value>
allow: Allows access to the directory based on
field is set to
the access rights set for the trustee. replace and
deny: Denies access to the directory based on the acl
the access rights set for the trustee. structure is
empty.

252 File system access API

Parameter Description Default Type Required
Name
accessrights Specifies the access right values defined for the N/A List of string Conditional
directory. values
Mandatory when
the
<action_value>
field is set to
update and the
<operation_value
> field is set to
either add or
replace and
the <inherit_
flags_list> field is
unspecified.
Optional when
the
<action_value>
is set to update
and the
<operation_value
> field is set to
delete, or
when the
<action_value>
field is set to
replace.

inherit_flags Specifies the inherit flag values for directories. N/A List of string Conditional
values
op The <operation_value> field is applied when the add, when String No
<action_value> field is set to update. You <action_value>
can set the <operation_value> field to add, is set to
replace, or delete. If no <operation_value> update.
field is specified, the default value is add.
add: Creates an access control entry (ACE) if
an ACE is not already present for a trustee and
trustee access type. If an entry is already present
for that trustee and trustee access type, this
operation appends the access rights list to the
current ACE for that trustee and trustee access
type.
delete: Removes the access rights list provided
from the existing ACE for a trustee and trustee
access type. If the input access rights list is
empty , the entire ACE that corresponds to the
trustee and trustee access type is deleted.
replace: Replaces the entire ACE for the
trustee and trustee access type with the input
access rights list.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

File system access API 253

Response body
There is no message body for this response.

Example request 1
This sample sets the ACL of a directory.

PUT /namespace/ifs/dir1/dir2/dir?acl HTTP/1.1

Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
Content-Type: application/json

{
"authoritative":"acl",
"action":"update",
"acl":[
{
"trustee":{
"id":"UID:1001",
"name":"user23",
"type":"user"
},
"accesstype":"allow",
"accessrights":[
"std_write_dac"
],
"inherit_flags":[
"object_inherit",
"inherit_only"
],
"op":"add"
},
{
"trustee":{
"id":"GID:1210",
"name":"group12",
"type":"group"
},
"accesstype":"allow",
"accessrights":[],
"op":"delete"
}
]
}

Example response 1

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Example request 2
This sample replaces the existing ACL of the directory with the access control entries that are specified in the acl structure. If
the acl structure is empty, the existing ACL is replaced with default system values. The directory owner has default read and
write access to the access control list.

PUT /namespace/ifs/dir1/dir2/dir?acl HTTP/1.1

Host: my_cluster:8080
Content-Length: <length>

254 File system access API

 Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
Content-Type: application/json

{
"owner":{
"id":"UID:2001",
"name":"foo1",
"type":"user"
},
"group":{
"id":"GID:0",
"name":"wheel",
"type":"group"
},
"authoritative":"acl",
"action":"replace",
"acl":[]
}

Example response 2

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

Set the ACL of a file

Sets the access control list of a file.

Request syntax

PUT /namespace/<access_point>/<container_path>/<file_name>?acl HTTP/1.1

Host: <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>
x-isi-ifs-target-type: object
Content-Type: application/json

{
"owner":{
"id":"<owner id>",
"name":"<owner name>",
"type":"<type>"
},
"group":{
"id":"<group id>",
"name":"<group name>",
"type":"<type>"
},
"authoritative":"acl"|"mode",
"mode":"<POSIX mode>",
"action":"<action_value>",
"acl":[
{
"trustee":{
"id":"<trustee id>",
"name":"<trustee name>",
"type":"<trustee type>"
},
"accesstype":"allow"|"deny",
"accessrights":"<accessrights_list>",

File system access API 255

 "op":"<operation_value>"
}
]
}

Request query parameters

Parameter Description Default Type Required

Name
acl The acl argument must be placed at the first N/A String Yes
position of the argument list in the URI.

Request body parameters

Parameter Description Default Type Required

Name
owner Specifies the JSON object for the owner N/A JSON object No
persona. You should only specify the owner or
group persona if you want to change the owner
or group of the target.
group Specifies the JSON object for the group persona N/A JSON object No
of the owner. You should only specify the owner
or group persona if you want to change the
owner or group of the target.
authoritative The authoritative field is mandatory and can take N/A String Yes
the value of either acl or mode.
acl: You can modify the owner, group
personas, or access rights for the file by
setting the authoritative field to acl and by
setting <action_value> to update. When the
authoritative field is set to acl, access rights
are set for the file from the acl structure. Any
value that is specified for the mode parameter is
ignored.
NOTE:
When the authoritative field is set to acl,
the default value for the <action_value> field
is replace. If the <action_value> field is
set to replace, the system replaces the
existing access rights of the file with the
access rights that are specified in the acl
structure. If the acl structure is empty, the
existing access rights are deleted and default
access rights are provided by the system.
The default access rights for files are read
access control list (‘std_read_dac’) and write
access control list (‘std_write_dac’) for the
owner.
mode: You can modify the owner and group
personas by setting the authoritative field to
mode. When the authoritative field is set to
mode, POSIX permissions are set on the file.
The <action_value> field and acl structure are
ignored. If mode is set on a file that already has

256 File system access API

Parameter Description Default Type Required
Name

access rights or if access rights are set on a

file that already has POSIX permissions set, the
result of the operation varies based on the Global
ACL Policy.

mode Specifies the POSIX mode. 0700 for Octal number, No

directories which is specified
as a string
0600 for files

action The <action_value> field is applied when the replace String No

authoritative field is set to acl. You can set
the <action_value> field to either update or
replace. The default value is replace.
When set to update, the existing access control
list of the file is modified with the access control
entries that are specified in the acl structure of
the JSON body.
When set to replace, the entire access control
list is deleted and replaced with the access
control entries that are specified in the acl
structure of the JSON body.
Also, when set to replace, the acl structure is
optional. If the acl structure is left empty, the
entire access control list is deleted and replaced
with the system set default access rights. The
default access rights for files are read access
control list (‘ std_read_dac’) and write access
control list (‘ std_write_dac’) for the owner.

acl Specifies the JSON array of access rights. N/A JSON object Conditional
Mandatory when
the
<action_value>
field is set to
update and
optional when
the
<action_value>
field is set to
replace.

accesstype Can be set to allow or deny. N/A String Yes, unless the
<action_value>
allow: Allows access to the file based on the
field is set to
access rights set for the trustee. replace and
deny: Denies access to the file based on the the acl
access rights set for the trustee. structure is
empty.
accessrights Specifies the access right values that are defined N/A List of string Conditional
for the file. values
Mandatory when
the
<action_value>
field is set to
update and the
<operation_value
>field is set to
either add or

File system access API 257

Parameter Description Default Type Required
Name

replace, and
when the
<inherit_flags_lis
t> field is
unspecified.
Optional when
the
<action_value>
field is set to
update and the
<operation_value
> is set to
delete.

inherit_flags Specifies the inherit flag values for the file. N/A List of string Conditional
values
Either the
<accessrights_lis
t> or
<inherit_flags_lis
t> must be
specified when
the
<action_value>
field is set to
update and the
<operation_value
> field is set to
add or
replace.

op The <operation_value> field is applied when the add, when the String No
<action_value> field is set to update. You <action_value>
can set the <operation_value> field to add, field is set to
replace, or delete. If no <operation_value> update
field is specified, the default value is add.
add: Creates an access control entry (ACE) if
an ACE is not already present for a trustee and
trustee access type. If an entry is already present
for that trustee and trustee access type, this
operation appends the access rights list to the
current ACE for that trustee and trustee access
type.
delete: Removes the access rights list provided
from the existing ACE for a trustee and trustee
access type. If the input access rights list is
empty , the entire ACE that corresponds to the
trustee and trustee access type is deleted.
replace: Replaces the entire ACE for the
trustee and trustee access type with the input
access rights list.

Request headers
This call sends common request headers.

258 File system access API

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request
This sample sets the ACL of a file named 'file1'.

PUT /namespace/ifs/dir1/dir2/ns/file1?acl HTTP/1.1

Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
Content-Type: application/json

{
"owner":{
"id":"UID:0",
"name":"root",
"type":"user"
},
"group":{
"id":"GID:0",
"name”:"wheel",
"type":"group"
},
"authoritative":"acl",
"action":"update",
"acl": [
{
"trustee":{
"id":"UID:0",
"name":"root",
"type":"user"
},
"accesstype":"allow",
"accessrights":[
"file_read",
"file_write"
],
"op":"add"
},
{
"trustee":{
"id":"GID:1201",
"name":"group12",
"type":"group"
},
"accesstype":"allow",
"accessrights":"std_write_dac"
],
"op":"replace"
}
]
}

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>

File system access API 259

 Connection: close
Server: Apache2/2.2.19

Query operations
You can search for files and directories on the namespace that matches certain criteria. Files are searched for through a
namespace traverse and a filtering mechanism.

Query an object
Query objects by system-defined and user-defined attributes in a directory.

Request syntax

POST /namespace/<access_point>/<container_path>?query[&<query_param>] HTTP/1.1

Host <hostname>[:<port>]
Date: <date>
Authorization: <signature>

[JSON BODY]

Request query parameters

The query_param argument is optional and can be one or more of the parameters in the following table, which is separated by
an “&.”

Parameter Description Default Type Required

Name
limit Specifies the maximum number of objects to 1000 String No
send to the client. You can set the value to a
negative number to retrieve all objects.
detail Specifies which object attributes are displayed. No String No
If the detail parameter is excluded, only the
name of the object is returned. If the detail
parameter is set to yes, then system information
such as name, owner, group, mode, and size is
returned.
You can specify multiple attribute names in CSV
format. For example:

detail=size,container,content_typ
e

If you set this value to default, the following

attributes are included: name, size, owner,
last_modified, type, group, and mode.

max-depth Specifies the maximum directory level depth to 0 String No

search for objects. If set to 0, only the specified
directory is searched for objects. If set to -1, the
entire hierarchy below the specified directory is
searched for objects.

Request headers
This call sends common request headers.

260 File system access API

Response headers
This call returns common response headers.

Response body
An array of the objects that match the query filter criteria are returned in the JSON body.

Example request

POST /namespace/ifs/my_folder/?query HTTP/1.1

Host my_cluster:8080
Date: <date>
Authorization: <signature>

{
"result":[
"name",
"size",
"last_modified",
"container_path",
"user.color",
"content_type"
],
"scope":{
"logic":"and",
"conditions":[
{
"operator":">=",
"attr":"last_modified",
"value":"Thu, 15 Dec 2011 06:41:04"
},
{
"operator":"like",
"attr":"name",
"value":"ta.*"
}
]
}
}

Example response

{
"children" :
[
{
"content_type " : "text/plain; charset=UTF-8",
"container_path" : "/ifs/movie",
"last_modified" : "Thu, 05 Jan 2012 04:29:56 GMT",
"name" : "fantasy",
"size" : 56
},
{
"content_type " : "text/plain; charset=UTF-8",
"container_path" : "/ifs/folder",
"last_modified" : "Thu, 15 Dec 2011 06:41:04 GMT",
"name" : "tar",
"size" : 3359,
"user.color" : "green"
}
]
}

File system access API 261

JSON query format
You can apply the following JSON query format to refine your search.
The query is defined in the following format, in Backus-Naur Form (BNF) style.

query = <scope_query> |
{
"result":<attribute_list>,
"scope":<scope_query>
}scope_query = predicate |{
"logic":"<logic_operator>",
"conditions":[
<condition>
]
}

The attribute_list is an array of attribute names, which include system attributes and user-defined attributes. For example:

["name", "last_modified", "user.color"]

In the results, the user-defined attribute is prefixed with "user."

The only logical operators that are supported are "and", "or", and "not", where "not" is an unary operator and only one condition
is valid. The "not" operator negates the condition that is evaluated in the conditions parameter. You must specify two or more
conditions for the "and" and "or" operators in the conditions parameter.

logic_operator = and|or|not

The conditions parameter includes an array of conditions. Each condition is defined as follows:

condition = scope_query|predicate

The predicate value is defined as follows:

predicate =
{
"operator":"<comparison_operator>",
"attr":"attr_name",
"value":"attr_value" | string_array
}

The <comparison_operator> value can be any of the following operators: =, !=, <, <=, >, >=, like, or in.
The arithmetic comparison operators are self-explanatory. The "like" operator matches the specified attribute with a pattern of
regular expressions. For example, the following JSON query returns all objects with the attribute "Model" prefixed with "T75":

{
"operator":"like",
"attr":"user.Model",
"value":"^T75.*"
}

If the operator is set to "in", the value must be an array of strings, with at least one element in the array. When only one element
is in the array, the "in" operator behaves the same way as the "=" operator. For example, the following query returns objects
with the attribute "color" set to either "blue", "green", or "turquoise":

{
"operator":"in",
"attr":"user.color",
"value":[
"blue",
"green",
"turquoise"
]
}

262 File system access API

The attribute name can be the name of a user-defined attribute or one of the system defined attributes, such as:

"name" : file or directory name

"size" : the object size in bytes
"last_modified" : last modified date
"content_type" : content type
"container" : the container name
"container_path" : the container full path
"owner": the owner of the object

If the attribute is the user-defined attribute, the attribute must be prefixed with "user." to differentiate the attribute from a
system attribute with the same name. For example, if there is a user-defined attribute that is called "name", you should write the
attribute as "user.name."
Multiple query predicates can be combined through logical operators. For example, the following query returns objects that
satisfy one of the following conditions: "Model" is prefixed with T75 or the "color" attribute is either "red," "green," or
"turquoise," or the "manufacture" attribute is ACME.

{
"logic":"or",
"conditions":[
{
"operator":"like",
"attr":"user.Model",
"value":"^T75.*"
},
{
"operator":"in",
"attr":"user.color",
"value":[
"red",
"green",
"turquoise"
]
},
{
"operator":"=",
"attr":"user.manufacture",
"value":"ACME"
}
]
}

Instead of basic predicates, the element of the conditions array can be a subquery, which allows more complex queries. For
example, the following query returns objects in which either the attribute "manufacture" is set to "ACME" or the "model"
attribute is set to "T750," and the "color" attribute is set to "black."

{
"logic":"or",
"conditions":[
{
"operator":"=",
"attr":"user.manufacture",
"value":"ACME"
},
{
"logic":"and",
"conditions":[
{
"operator":"=",
"attr":"user.model",
"value":"T750"
},
{
"operator":"=",
"attr":"user.color",
"value":"black"
}
]
}

File system access API 263

 ]
}

SmartLock settings
Only root users can configure SmartLock Write Once Read Many (WORM) retention dates and commit flag settings for a file in
a SmartLock directory. A SmartLock license must be active on the cluster to configure these settings.

Get the WORM properties of a file

Retrieves the WORM retention date and committed state of the file.

Request syntax

GET /namespace/<access_point>/<WORM_directory>/<file_name>?worm HTTP/1.1

Host: <hostname>[:<port>]
Date: <date>
Authorization: <signature>

Request query parameters

Parameter Description Default Type Required

Name
worm The worm argument must be placed at the first N/A String No
position of the argument list in the URI.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body

{
"worm_committed":<boolean>,
"worm_override_retention_date":<"YYYY-MM-DD hh:mm:ss GMT">|null,
"worm_override_retention_date_val":<seconds from the Epoch>|null,
"worm_retention_date":<"YYYY-MM-DD hh:mm:ss GMT">|null,
"worm_retention_date_val":<seconds from the Epoch>|null
}

Response body parameters

Parameter Name Description

worm_committed Indicates whether the file was committed to the WORM state.
worm_retention_date Provides the retention expiration date in Coordinated Universal Time (such as
UTC/GMT). If a value is not specified, the field has a null value.
worm_retention_date_val Provides the retention expiration date in seconds from UNIX Epoch or UTC.

264 File system access API

Parameter Name Description
worm_override_retention_date Provides the override retention date that is set on the SmartLock directory
where the file resides. If the date is not set or is earlier than or equal to the
existing file retention date, this field has a null value. Otherwise, the date is
expressed in UTC/GMT, and is the retention expiration date for the file if the
worm_committed parameter is also set to true.

worm_override_retention_date_val Provides the override retention date that is set on the SmartLock directory
where the file resides. If the date is not set or if the date is set to earlier than
or equal to the file retention date, this field has a null value. Otherwise, the
date is expressed in seconds from UNIX Epoch and UTC, and is the retention
expiration date set for the file if the worm_committed parameter is set to
true. This parameter is the same as worm_override_retention_date, but
is expressed in seconds from the Epoch or UTC.

Example request

GET /namespace/ifs/dir1/file?worm HTTP/1.1

Host: my_cluster:8080
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

{
"worm_committed":true,
"worm_retention_date":"2013-01-22 15:11:36 GMT",
"worm_override_retention_date":null,
"worm_retention_date_val":1358885496,
"worm_override_retention_date_val":null
}

Set the retention period and commit a file in a SmartLock directory

Sets the retention period and commits a file in a SmartLock directory.

Request syntax

PUT /namespace/<access_point>/<WORM_directory>/<file_name>?worm HTTP/1.1

Host: <hostname>[:<port>]
Date: <date>
Authorization: <signature>

{
"worm_retention_date":<"YYYY-MM-DD hh:mm:ss GMT">,
"commit_to_worm":<Boolean>
}

NOTE:

If a file is not explicitly committed and an autocommit time period is configured for the SmartLock directory where the file
resides, the file is automatically committed when the autocommit period elapses.

File system access API 265

 If the file is committed without setting a retention expiration date, the default retention period that is specified for the
SmartLock directory where the file resides is applied. The retention date on the file can also be limited by the maximum
retention period set on the SmartLock directory.

For details about SmartLock WORM behavior, see the OneFS Administration Guide.

Request query parameters

Parameter Description Default Type Required

Name
worm The worm argument must be placed at the first N/A String No
position of the argument list in the URI.

Request body parameters

Parameter Description Default Type Required

Name
worm_retention_ Specifies the retention expiration date string in N/A Time, in the No
date Coordinated Universal Time (UTC/GMT). string format of:
"YYYY-MM-DD
hh:m:ss GMT"
commit_to_wor Specifies whether to commit the file to a WORM False Boolean No
m state after the retention date is set. If the
file was committed before, the file remains
committed regardless of the value in this field.

Request headers
This call sends common request headers.

Response headers
This call returns common response headers.

Response body
No message body is returned upon success.

Example request
Set the retention date for a file in a SmartLock directory.

PUT /namespace/ifs/dir1/file?worm HTTP/1.1

Host: my_cluster:8080
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>

{
"worm_retention_date":"2013-04-11 12:00:00 GMT",
"commit_to_worm":true
}

266 File system access API

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: 0
Connection: close
Server: Apache2/2.2.19

File system access API 267