volume modify

Modifies an existing volume. Permissions required: m or fc on the volume.

An error occurs if the name or path refers to a non-existent volume, or cannot be resolved.

Syntax

CLI 
/opt/mapr/bin/maprcli volume modify
    [ -cluster <cluster name> ]
    -name <volume name>
    [ -advisoryquota <advisory quota> ]
    [ -ae <accounting entity> ]
    [ -aetype <aetype> ]
    [ -allowgrant true|false ]
    [ -allowreadforexecute Enable reads for files with execute permission. <true|false> ]
    [-atimeUpdateInterval <days>]
    [ -auditenabled true|false ]
    [ -autooffloadthresholdgb <offload size threshold> ]
    [ -coalesce <interval in mins> ]
    [ -compactionoverheadthreshold <compaction_overhead> ]
    [ -compactionschedule <compaction_schedule_ID> ]
    [ -containerallocationfactor <positive integer> ]
    [ -criticalrereplicationtimeoutsec ]
    [ -dataauditops <+|- operations> ]
    [ -dbindexlagsecalarmthresh <threshold> ]
    [ -dbrepllagsecalarmthresh <threshold> ]
    [ -disableddataauditops <operations> ]
    [ -ecenable true|false ]
    [ -ecscheme <ec_scheme> ]
    [ -ectopology <path> ]
    [ -enforcementmode <PolicyAceAndDataAce|PolicyAceOnly|DataAceOnly|PolicyAceAuditAndDataAce> ]              
    [ -enforceminreplicationforio true|false ]
    [ -filefilter <file filter> ]
    [ -forceauditenable true|false ]
    [ -group <list of group:allowMask> ]
    [ -honorrackreliability <ec-rack-reliability : true | false>  ] 
    [ -maxinodesalarmthreshold <threshold> ]
    [ -maxnssizembalarmthreshold <threshold> ]
    [ -metricsenabled true|false ]
    [ -minreplication <minimum replication> ]
    [ -mirrorschedule <mirror schedule ID> ]
    [ -mirrorthrottle true|false ]
    [ -namecontainerdatathreshold <size>  ] (available from version 6.0.1) 
    [ -nsminreplication <minimum replication factor> ]
    [ -nsreplication <replication factor> ]
    [ -numactivecgcontainers <num containers to be assigned for a cg assign request> ]
    [ -offloadschedule <schedule ID> ]
    [ -quota <quota> ]
    [ -readAce <Access Control Expression> ]
    [ -readonly <readonly> ]
    [ -recallexpirytime <expiry time> ]
    [ -replication <replication> ]
    [ -rereplicationtimeoutsec <timeout in seconds> ]
    [ -schedule <schedule ID> ]
    [ -securitypolicy <policy1,policy2,…> ]
    [ -skipwiresecurityfortierinternalops Skip Wire level security for backend volumes <true|false> ]
    [ -source <source volume> ]
    [ -tierencryption true|false ]       
    [ -tieringrule <rule name> ]
    [ -tierkey <tier encryption key> ]
    [ -tiername <tier name> ]
    [ -type rw|mirror ]
    [ -user <list of user:allowMask> ]
    [ -wiresecurityenabled true|false ]
    [ -writeAce <Access Control Expression> ]
REST
Request Type POST
Request URL 
http[s]://<host>:<port>/rest/volume/modify?<parameters>

Parameters

Parameter: advisoryquota
Possible Values: 0 or any other integer value.
Description: The advisory quota for the volume as integer plus unit. Example: quota=500G; Units: B, K, M, G, T, P
Parameter: ae
Possible Values: Name of the entity that owns the volume.
Description: The accounting entity that owns the volume.
Parameter: aetype
Possible Values:
  • 0=user
  • 1=group
Description: Type of accounting entity.
Parameter: allowgrant
Possible Values:
  • truetrue
  • false
Description: Specifies whether the volume as a parent, grants permission for a child volume to inherit its properties.
Parameter: allowreadforexecute
Possible Values:
  • true
  • false
Description: Allows execution of SUID binaries with only their executable bit set, on a FUSE file system. This parameter works in conjunction with the fuse.mount.setuid FUSE option. For more information, see Configuring the HPE Ezmeral Data Fabric FUSE-Based POSIX Client.
Parameter: auditenabled
Possible Values:
  • true
  • false
Description: Specifies whether to turn on auditing for the volume. If you enable auditing at the cluster level with the audit data command, setting this value to true causes auditing to start for any directories, files, tables, or streams that are already enabled for auditing. If none are yet enabled, enabling auditing on any of them causes auditing of them to start.

Set auditenabled to true to enable auditing on directories, files, tables, and streams in the volume.

You must have the fc permission on the cluster to use this parameter. See acl for details about this permission.
Parameter: autooffloadthresholdgb
Possible Values: Any positive integer.
Description: The size of the volume in GB (threshold). When this threshold is reached or exceeded, volume data is automatically offloaded by the Automatic Tiering Scheduler. To use the global size threshold (of 1024 GB), set the value to 0.
Parameter: cluster
Possible Values: Any valid cluster.
Description: The cluster on which to run the command.
Parameter: coalesce
Possible Values: Set this parameter to a large number of minutes to prevent audit logs from growing quickly.
Description: The interval of time (in minutes) during which READ, WRITE, or GETATTR operations on one file from one IP address or UID are logged only once for a particular operation, if auditing is enabled.

For example, suppose that a client application reads a single file three times in 6 minutes, so that there is one read at 0 minutes, another at 3 minutes, and a final read at 6 minutes. If the coalesce interval is at least 6 minutes, then only the first read operation is logged. However, if the interval is 4 minutes, then only the first and third read operations are logged. If the interval is 2 minutes, all three read operations are logged.

Now however, if the client was also writing to the file, irrespective of the coalesce interval for the read operation in the example stated previously, the write operation is logged, as it is a different operation from reading.

Parameter: compactionoverheadthreshold
Possible Values: 0-100%
Description: Specifies the percentage of offloaded data that must have been deleted on the cluster to qualify the data for compaction (or deletion from the tier).
Parameter: compactionschedule
Possible Values: Any valid schedule ID.

Set this parameter to 0 to disable the compactor.

Description: Specifies the schedule to use for running the compactor. By default, the compactor runs on an automatic internal schedule.
Parameter: containerallocationfactor
Recommended value: 2* SP count in the volume topology.
Description: Specifies the number of containers to create when the first write from a remote client is sent to the volume. The pre-created containers are distributed equally across topologies, servers, file system instances, and storage pools. CLDB also takes into consideration the load (IO/Space) when selecting target storage pools for containers. The value must be a positive integer.
Parameter: criticalrereplicationtimeoutsec
Possible Values: Any integer between 300 and 3600 (seconds)
Description: Timeout (in seconds) before re-replicating only the critically under-replicated containers . If you set both rereplicationtimeoutsec and criticalrereplicationtimeoutsec, and if the value of:
  • rereplicationtimeoutsec is less than criticalrereplicationtimeoutsec, rereplicationtimeoutsec overrides the criticalrereplicationtimeoutsec setting for both under-replicated and critically under-replicated containers.
  • rereplicationtimeoutsec is greater than criticalrereplicationtimeoutsec, criticalrereplicationtimeoutsec overrides the rereplicationtimeoutsec setting only for critically under-replicated containers; rereplicationtimeoutsec setting is still applicable for under-replicated containers.
Parameter: dataauditops
Possible Values: Any audit operations that you want to enable.
Description: The comma separated list of file system operations to include (specified with a preceding plus sign (+)) or exclude (specified with a preceding minus sign (-)) from auditing.

To exclude the first operation in the list (of operations) from auditing, precede it by two minus (--) signs. To exclude subsequent operations, precede them by only a single minus (-) sign, irrespective of whether the first operation was included (using a plus (+) sign) or excluded (using two minus (--) signs). If neither sign is specified, the given operation is included for auditing.

The operations that can be included (+) or excluded (-) from auditing are listed here. You can, alternatively, group all the operations using the keyword all, which:
  • If included (+), cannot be specified with a list of other included operations.
  • If excluded (-), cannot be specified with a list of other excluded operations.
You can specify a mixed list of included and excluded operations. There is no change to operations that are not specified with the command.
NOTE
Enabling setattr automatically enables the following operations:
  • chown
  • chgrp
  • chperm
If you disable setattr, these operations are automatically disabled. If you do nothing with setattr (neither enable nor disable), you can enable or disable chown, chgrp, and chperm in any combination and they will not affect setattr.
TIP
For more information, see Selective Auditing of Filesystem and Table Operations.
Parameter: disableddataauditops
Possible Values: Any audit operations that you want to disable.
Description: The comma-separated list of disabled file system audit operations to set. This parameter is an alternate way of setting audit operations as compared to the dataauditops option. Plus (+) or minus signs (-) are not allowed for this option. Any audit operation that is specified with this option replaces any existing disabled audit operations configured for this security policy, while any audit operations that are not specified, are enabled.

Merging of the specified audit operations with existing audit operations is not performed, as with the dataauditops option.

Parameter: dbindexlagsecalarmthresh
Possible Values: Any integer value.
Description: Specifies the threshold (in seconds) to raise an alarm for index update lag.
Parameter: dbrepllagsecalarmthresh
Possible Values: Any integer value.
Description: Specifies the threshold (in seconds) to raise an alarm for DB replication lag.
Parameter: ecenable
Possible Values:
  • true
  • false
Description: Enable (true) warm tiering for the volume only if it is already not enabled. When specified, you cannot specify tiername to use an existing warm-tier; when the command runs, a new tier and rule are automatically created for the volume.

ecenable works only if you have set tieringenable to true at the time of volume creation.

When modifying volumes, ecenable does not automatically set tieringenable to true as in the case of volume creation.

Setting this parameter to false is the same as not specifying this parameter, and does nothing.

Parameter: ecscheme
Possible Values: Any valid EC scheme.
Description: The number of data chunks and the number of parity chunks separated by a plus (+) sign. The default scheme is 4+2. For information on the supported schemes, see Erasure Coding Scheme for Data Protection and Recovery.
NOTE
This parameter is applicable only for EC volumes, and only when you set the ecenable parameter to true.
Parameter: ectopology
Possible Values: Any topology that exists in your environment.
Description: Sets the topology of the erasure coded volume if it is not set.
NOTE
This parameter is applicable only for EC volumes.

Once set, you cannot change the topology of an erasure coded volume using this command. To change the topology of an erasure coded volume, use volume move

Parameter: enforcementmode
Possible Values:
  • PolicyAceOnly
  • PolicyAceAndDataAce
  • DataAceOnly
  • PolicyAceAuditAndDataAce
Description: The enforcement mode when evaluating authorization for data access. Permitted values are as follows:
  • PolicyAceOnly: Determines data access authorization based only on the ACEs set in security policies. Ignores POSIX mode bits and ACEs directly defined on data objects when determining access rights, if a data object is tagged with at least one security policy. If a data object is not associated with at least one security policy, the system will enforce POSIX mode bits and ACEs directly defined on the data object. Volume-level ACEs are always enforced.
  • PolicyAceAndDataAce: Determines data access authorization based on the ACEs set in security policies AND ACEs or POSIX mode bits directly set on data objects.
  • DataAceOnly: Determines data access authorization based on the ACEs or POSIX mode bits directly set on data objects. You can use this mode to switch off the policy-based security feature, on a per-volume basis, in an emergency situation.
  • PolicyAceAuditAndDataAce: Use this mode when testing security policies. In this mode:
    • ACEs defined directly on data objects are enforced.
    • Data objects associated with security policies are checked for access, and any access denied events are audited, but access itself is allowed.

See the section on Volume-Level Security Policy Enforcement Mode for a discussion on how to determine permission to access a resource, when this flag is set.

Parameter: enforceminreplicationforio
Possible Values:
  • true
  • false
Description: Specifies whether (true) or not (false) to enforce minimum number of replicas for the (read-write) volume during IO. This flag ensures that further updates (writes) to volume are successful only when the minimum number of copies of the container are available. Setting this parameter to true ensures that if writes succeed, then it has been applied to at least the minimum number of copies; if writes fail, it may have been applied to zero or more copies.

Enabling this parameter, may stall volume dump and volume snapshot create operations, if the minimum number of copies of the container are not available.

If you do not set this parameter on a volume, or if you modified this parameter from false to true, then you need to restart all the nodes where the containers associated with the volume exist, for the changes to take effect.

This flag is ignored on mirror volumes.

Parameter: filefilter
Possible Values: Any file filter.
Description: Specifies the file filter to use to prevent specific types of files from being stored on the volume. For more information, see Prevent Storage of Specified Types of Files. You can associate only one filter for each volume.
NOTE
To remove the filter from a volume, use the special filter "".
Parameter: forceauditenable
Possible Values:
  • true
  • false
Description: Specifies whether (true) or not (false) to force audit of operations on all files, tables, and streams in the volume if auditing is enabled at the cluster and volume levels, irrespective of the audit setting on the individual directory, file, table, and stream.
Parameter: group
Possible Values: Any user with Create Volume privileges.
Description: Space-separated list of group:permission pairs.
Parameter: honorrackreliability <ec-rack-reliability : true | false>
NOTE
The honorrackreliability parameter considers each rack as a site.
Description: Allocates CGs for maximized resiliency during a site failure. CG containers are spread across multiple sites so that a site does not host more parity containers for a given CG (EC scheme: D+P). Container allocations for a CG with previous software use one container per site for a CG. Managing new allocation in this manner (where honorrackreliability is set to true) ensures that CG data is available for reads, even in cases where an entire site goes down. For a given EC D+P scheme, CG allocation requires, at least, Math.ceil (D+P)/P site for CG creation, and if enough sites are unavailable, CG allocation fails.
NOTE
To use -honorrackreliability in a cluster with geographically-dispersed nodes, you must configure a topology with multiple racks having enough nodes in each rack. Specifying the configured topology as -ectopology ensures that RackReliabilitySelector allocates the most P containers per rack during CG allocations.
NOTE
If a container needs to be reallocated for rebuild, the new container is allocated in the same rack in which the old container resided. If this allocation cannot be done, a new container can be allocated from a different rack so that the number of containers for the CG in the new rack is less than or equal to the number of P containers. Otherwise, container allocation fails.
Parameter: maxinodesalarmthreshold
Possible Values: Any positive integer.
Description: The number of inodes, which when exceeded raises the INODES_EXCEEDED alarm.
Parameter: maxnssizembalarmthreshold
Possible Values: Any positive integer.
Description: The namespace container size, which when exceeded raises the INODES_EXCEEDED alarm.
Parameter: metricsenabled
Possible Values:
  • true
  • false
Description: Specifies whether (true) or not (false) to enable metrics collection for a volume.
Parameter: minreplication
Possible Values: Can be any value that you desire based on the replication you need.
Description: The minimum replication level. When the replication factor falls below this minimum, re-replication occurs as aggressively as possible to restore the replication level. If any containers in the CLDB volume fall below the minimum replication factor, writes are disabled until aggressive re-replication restores the minimum level of replication.
TIP
For more information, see Understanding Replication.
Parameter: mirrorschedule
Possible Values: 0 or a valid schedule ID.
Description: The schedule ID corresponding to the schedule to be used for mirroring. If you specify a mirror schedule ID, the mirror volume automatically syncs with its source volume on the specified schedule. Pre-assigned IDs include 1 for critical data, 2 for important data, and 3 for normal data. Custom schedules are assigned ID numbers in sequence. To determine the ID number, use the schedule list command. To disable the schedule, set this parameter to 0.
Parameter: mirrorthrottle
Possible Values:
  • true
  • false
Description: Specifies whether mirror throttling is enabled (true) or disabled (false). Throttling is set on the source volume and applies to all its mirrors.
Parameter: namecontainerdatathreshold
Possible Values: Any integer value.

If you set this parameter to 0, there is no limit on the size of user data that can be stored in the name container.

Description: Limits the size of user data that can be placed in the name container. The value is interpreted as being in MB. If the user data size limit:
  • Has not yet been reached, the first 64 KB of data is stored in name container, and the rest of the data is stored in data containers.
  • Has already been reached, only meta data is stored in the name container, and the data is stored in data containers. For example, if you set the current name container size to 200GB and the limit to 100GB, then all new user data is stored in data containers.
Parameter: nsminreplication
Possible Values: Any integer value.
Description: When the replication factor falls below this value, re-replication occurs as aggressively as possible to restore the replication level. If any containers in the CLDB volume fall below the minimum replication factor, writes are disabled until aggressive re-replication restores the minimum level of replication.

When enabled, the CLDB manages the namespace container replication separate from the data container replication. You use this capability when you have low volume replication but want to have higher namespace replication.

Set the value to be the same or larger than the value of the equivalent data replication parameter, minreplication.

See also: Understanding Replication.
Parameter: nsreplication
Possible Values: Any integer value.
Description: The desired namespace container replication level.

When the number of copies falls below the desired replication factor, but remains equal to or above the minimum replication factor, re-replication occurs after the timeout specified in the cldb.fs.mark.rereplicate.sec parameter. This timeout is the time given for a node that is down to come back online. After this timeout period, the CLDB takes the action required to restore the replication factor.

When enabled, the CLDB manages the namespace container replication separate from the data container replication. Use this capability when you have low volume replication but want to have higher namespace replication.

By default, the value of this parameter is the same or larger than the value of the equivalent data replication parameter, replication. However, to set the value of this parameter lower than the replication value, first set engg.manual.override to true in cldb.conf.

See also: Understanding Replication.
Parameter: name
Possible Values: Not Applicable.
Description: The name of the volume to modify.
Parameter: numactivecgcontainers
Possible Values: Any integer between 1 and 100.
Description: Number of containers to be assigned for a CG assign request.
Parameter: offloadschedule
Possible Values: Any valid schedule ID. To disable schedule-based offload, set this value to 0.
Description: The ID of the schedule to associate with the volume for offloading volume data to the tier.
NOTE
This parameter is required only for Cold/EC tiered volumes.
Parameter: quota
Possible Values: Any integer value along with a unit.
Description: The quota for the volume as integer plus unit. Example: quota=500G; Units: B, K, M, G, T, P

Do not use two-letter abbreviations for quota units, such as GB and MB.

When you set a quota for a tiering-enabled volume, the quota is the total space allocated for the volume irrespective of the location (cluster or tier) where the volume data is stored. For example, if you allocate 1GB of hard quota for a tiering-enabled volume, writes fail after you write 1GB of data whether or not the volume data is local (on the cluster) or offloaded (to the tier).

Note that quotas for source and mirror volumes must match.

Parameter: readAce
Possible Values: Any valid permissions.
Description: Specifies Access Control Expressions(ACEs) that grant permissions at the volume level to read files and tables in the volume. The default value is p, which grants access to all users.

See Access Control Expression (ACE)s.

Parameter: readonly
Possible Values:
  • 0
  • 1
Description: Specifies whether the volume is read-only.
  • 0 - read/write
  • 1 - read-only
Parameter: recallexpirytime
Possible Values: Any integer between 1 and 7500.
Description: The amount of time (in days) to keep the recalled data before purging or offloading it.
Parameter: replication
Possible Values: Any integer starting at 0.
Description: The desired replication level. When the number of copies falls below the desired replication factor, but remains equal to or above the minimum replication factor, re-replication occurs after the timeout specified in the cldb.fs.mark.rereplicate.sec parameter. Note that this timeout is the time given for a node that is offline to come back online. After this timeout period, the CLDB takes action to restore the replication factor.
TIP
For more information, see Understanding Replication.
Parameter: rereplicationtimeoutsec
Possible Values: Any positive integer.
Description: Timeout (in seconds) before attempting re-replication of replica containers. This volume property defines the timeout period until CLDB starts re-replicating the containers on the node of the volume after CLDB stops receiving a heartbeat from the node.

When a node is down, CLDB gives the node an hour to come back online before it takes any action for the containers on this node. You can set this parameter on volumes to reduce the default 1 hour to a shorter time period. This option is provided mainly for local volumes, so that when the file system is down, CLDB can give up quickly and decide that the container has no master. This forces the TT to give up on local containers, and take the appropriate recovery action of deleting the mapred volume and creating another one.

Parameter: schedule
Possible Values: 0 or a valid schedule ID.
Description: The ID of a schedule. Use the schedule list command to find the ID of the named schedule that you want to apply to the volume.

To disable the schedule, set this parameter to 0.

Parameter: skipwiresecurityfortierinternalops
Possible Values:
  • true
  • false
Description: Skips wire security for internal operations.
Parameter: source
Possible Values: Any volume.
Description: The source volume from which a mirror volume receives updates, specified in the format <volume>@<cluster>.
Parameter: tierencryption
Possible Values:
  • true
  • false
Description: Specifies whether to enable (true) or disable (false) encryption of data on the object store. This parameter is applicable only for cold-tier volumes. If you enable this parameter, user data is encrypted before being written to the object, and the HTTPS protocol is used for communication with the object store to ensure that data is encrypted both on the wire and on the tier.

You can set this parameter only if you specify a tier name (see the tiername parameter) as well. You cannot modify this parameter after you set it.

If you set the value to true, you can also specify a custom key using the tierkey parameter. Once set to true, the MAST Gateway uses HTTPS to upload data to the cold-tier. If the cold tier does not support HTTPS, all tier related operations fail. If the cold-tier does not support HTTPS, you must explicitly set the value for this to false at the time of associating a tier with the volume because the default value for this parameter is true.

TIP
For warm tier, use -dare option on the front-end volume to enable or disable encryption of data-at-rest.
Parameter: tieringrule
Possible Values: Name of any valid rule
Description: The name of the rule (referred to as storage policy in the Control System) to use for offloading data to the tier. If you do not specify a rule, the default rule, which is all files (p), is associated with the volume. See Creating a Rule in Creating a Storage Tier Policy for more information.
Parameter: tierkey
Possible Values:Any 32-character HEX string, or let CLDB auto-generate this string
Description: The 32-character HEX string to use for encryption only for cold tier volumes. If you do not specify a string, CLDB generates a 32 character HEX string to use for encrypting the data to offload to the tier.
RESTRICTION
You cannot modify the tierkey that is already associated with the volume.
Parameter: tiername
Possible Values: Not Applicable
Description: The name of the tier to use for offloading data. You can set this name only once and cannot modify it.

For warm tiering, you cannot specify this parameter if ecenable is set to true.

Parameter: type
Possible Values:
  • mirror
  • rw
  • 0
  • 1
Description: The type of volume to create.

The following values are accepted:

  • mirror - standard mirror (read-only) volume (promotable to standard read-write volume)
  • rw - standard (read-write) volume (convertible to standard mirror volume)
  • 0 - standard (read-write) volume (for backward compatibility)
  • 1 - non-convertible mirror (read-only) volume (for backward compatibility)
Parameter: user
Possible Values: Any valid permissions
Description: Space-separated list of user:permission pairs.

Use comma to separate permissions. For example: user:permission,permission,...

Parameter: wiresecurityenabled
Default Value: true
Possible Values:
  • true
  • false
Description: Enables (true) or disables (false) on-wire encryption for all files, tables, and streams in the volume for secure clusters. This parameter is not supported on insecure clusters.

If true, this setting overrides all file, table, and stream level encryption settings (set using the hadoop mfs command) and enables on-wire encryption for all files, tables, and streams. If you disable (false) this parameter at the volume level, but enable it at the file, table, or stream level, the file, table, or stream level encryption setting overrides this setting on those files, tables, and streams where it is enabled; for all other files, tables, and streams where encryption is not enabled at the file, table, or stream level, the on-wire encryption is disabled.

Parameter: writeAce
Possible Values: Any valid permissions
Description: Specifies Access Control Expressions (ACEs) that grant permission at the volume level to write to files and tables in the volume. The default value is p, which grants access to all users.

See ACEs.

Examples

Change the source volume of the mirror "test-mirror" and update the atime value to 2 days:

/opt/mapr/bin/maprcli volume modify -name test-mirror -source volume-2@my-cluster -atimeUpdateInterval 2
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=test-mirror&source=volume-2@my-cluster&atimeUpdateInterval=2' --user mapr:mapr

Create a volume with namespace container replicas

/opt/mapr/bin/maprcli volume modify -name testVol -nsminreplication 2 -nsreplication 4 -json
{
	"timestamp":1526528489360,
	"timeofday":"2018-05-16 08:41:29.360 GMT-0700 PM",
	"status":"OK",
	"total":0,
	"data":[
		
	]
}
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=testVol&nsminreplication=2&nsreplication=4' --user mapr:mapr
{"timestamp":1526528556748,"timeofday":"2018-05-16 08:42:36.748 GMT-0700 PM","status":"OK","total":0,"data":[]}

Modify a volume to allow inheritance by a child volume

Sub-volumes (children) can inherit properties from their parent volume. The maprcli volume create and volume modify commands provide parameters for setting the inheritance feature. For a child volume to inherit from a parent volume, the parent volume must grant permission, and the child volume must be created specifying the volume name of the parent. In the following example, the parent volume, parentVol, grants inheritance to child volumes.

/opt/mapr/bin/maprcli volume modify -name parentVol -allowgrant true
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=parentVol?allowgrant=true' --user mapr:mapr

Set and modify ACEs on a volume

In the following example, the command sets and modifies access (defined using ACEs) to the volume data. When the command runs, new values:
  • Overwrite existing values for access types that were previously set.
  • Are set for access types that were not set.
NOTE
There is no change to the readAce access type, which is not specified with the command, irrespective of whether it is set or not.
/opt/mapr/bin/maprcli volume modify -name testVol -writeAce 'g:group1&(!u:user1|!r:role1)'
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=testVol&writeAce=g%3Agroup1%26%28%21u%3Auser1%7C%21r%3Arole1%29' --user mapr:mapr

Modify the list of operations that are audited

In the following example, the create operation is included for auditing and the lookup operation is excluded from auditing. There are no changes to operations that are not specified.

/opt/mapr/bin/maprcli volume modify -name parentVol -dataauditops +create,-lookup
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=p1&dataauditops=%2Bcreate%2C-lookup' --user mapr:mapr

Modify an existing volume to enable on-wire encryption:

/opt/mapr/bin/maprcli volume modify -name local2 -wiresecurityenabled true -json
{
        "timestamp":1505205889697,
        "timeofday":"2017-09-12 01:44:49.697 GMT-0700",
        "status":"OK",
        "total":0,
        "data":[

        ]
}
# curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=p1&wiresecurityenabled=true' --user mapr:mapr
{"timestamp":1526569299139,"timeofday":"2018-05-17 08:01:39.139 GMT-0700 AM","status":"OK","total":0,"data":[]}
Associate an offload rule with a tiering-enabled volume: 
/opt/mapr/bin/maprcli volume modify -name sampleVol -tieringrule ksTestRule -json
{
	"timestamp":1526569498559,
	"timeofday":"2018-05-17 08:04:58.559 GMT-0700 AM",
	"status":"OK",
	"total":0,
	"data":[
		
	]
}
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=sampleVol&tieringrule=ksTestRule' --user mapr:mapr
{"timestamp":1526569554743,"timeofday":"2018-05-17 08:05:54.743 GMT-0700 AM","status":"OK","total":0,"data":[]}
Modify a volume to set a schedule for data offload and set number of days to three days to keep recalled data: 
/opt/mapr/bin/maprcli volume modify -name sampleVol -offloadschedule 3 -recallexpirytime 3 -json
{
	"timestamp":1526569615285,
	"timeofday":"2018-05-17 08:06:55.285 GMT-0700 AM",
	"status":"OK",
	"total":0,
	"data":[
		
	]
}
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=sampleVol&offloadschedule=3&recallexpirytime=3' --user mapr:mapr
{"timestamp":1526569653267,"timeofday":"2018-05-17 08:07:33.267 GMT-0700 AM","status":"OK","total":0,"data":[]}
Tag a volume with a security policy 
/opt/mapr/bin/maprcli volume modify -securitypolicy Lab_Security_Policy -name my_volume -json
  {
   "timestamp":1526569615285,
   "timeofday":"2019-02-15 08:06:55.285 GMT-0700 AM",
   "status":"OK",
   "total":0,
   "data":[
                        
          ]
 }
curl -k -X POST 'https://abc.sj.us:8443/rest/volume/modify?name=my_volume& \
                        securitypolicy=Lab_Security_Policy' --user mapr:mapr
                        {"timestamp":1526569653267,"timeofday":"2019-02-15 08:07:33.267 GMT-0700 AM","status":"OK","total":0,"data":[]}

The -securitypolicy option in the maprcli volume modify command sets the volume to be tagged with the specified policies, replacing any security policies that existed before the command was run. This command works as follows, depending on the security policies that are associated with this volume prior to invoking this command.

  • If the volume initially has no security policy tags before invoking this command, then it is tagged with the specified security policy (Lab_Security_Policy in our example).
  • If the volume initially has two security policy tags before invoking this command, say Lab_Security_Policy and Sensitive_Data, then the Sensitive_Data Policy security policy is disassociated from this volume, and the volume now has only the Lab_Security_Policy tag.
  • If the volume initially has one security policy tag, say Sensitive_Data, then the Sensitive_Data security policy is removed and replaced with the security policy Lab_Security_Policy.
  • If the volume has one security policy tag, say Lab_Security_Policy, which is the same as the security policy specified in the command, then modifications are not made.

Remove all security policies that are tagged to a volume

To remove all security policy tags from a volume, pass in an empty string as the value of the securitypolicy parameter.

For example:

/opt/mapr/bin/maprcli volume modify -securitypolicy "" -name my_volume

This code removes all security policy tags from the volume named my_volume.

curl -u mapr:mapr -k 'https://abc.sj.us:8443/rest/volume/modify?name=my_volume<securitypolicy=' | python -m json.tool
   % Total % Received % Xferd Average Speed Time Time Time Current
   Dload Upload Total Spent Left Speed
   100 111 100 111 0 0 184 0 --:--:-- --:--:-- --:--:-- 190
    {
      "data": [],
      "status": "OK",
      "timeofday": "2018-09-03 11:20:13.282 GMT‌-0700 PM",
      "timestamp": 1536042013282,
      "total": 0
    }

Disable scheduled snapshot creation

To disable a schedule, set the schedule parameter to 0.

For example:

/opt/mapr/bin/maprcli volume modify -name mapr.apps  -schedule 0
/opt/mapr/bin/maprcli volume info -name mapr.apps  -json | grep schedule
                        "scheduleid":"0",
                        "schedulename":"",
                        "mirrorscheduleid":"0"

Remove file filter from a volume

To remove a file filter use the special filefilter "" .

For example:

/opt/mapr/bin/maprcli volume modify -name noexec -filefilter ""