SMB Lock manager for Qumulo Clusters
This project will:
* Require a Qumulo cluster running 3.0.4 or higher. Recently tested on 5.2.0.
* Provide a list of SMB file locks across an entire qumulo cluster by
communicating with a single node.
* Close a specific SMB file lock by location id. There may be several
per file/user.
It will NOT currently:
* Close all locks held on a file or directory
* Close all locks held by a username
* Close the user session a lock is associate with. This means the original
user may not be aware they have lost the lock, and you will fall back
to using a social lock (tell your user!)
The API user used to connect to the Qumulo cluster must be granted a role with at least the following rights:
PRIVILEGE_SMB_FILE_HANDLE_READ
, PRIVILEGE_SMB_FILE_HANDLE_WRITE
, PRIVILEGE_IDENTITY_READ
, PRIVILEGE_ANALYTICS_READ
, PRIVILEGE_ANALYTICS_READ
, and PRIVILEGE_ANALYTICS_READ
.
As a best practice, use an account with only this Role.
If you wish to use an admin account to create this role from the CLI, do so like this:
$ qq auth_create_role -r SMB-lock-manager --description "Manage SMB file locks"
$ qq auth_modify_role -r SMB-lock-manager -G PRIVILEGE_SMB_FILE_HANDLE_READ PRIVILEGE_SMB_FILE_HANDLE_WRITE PRIVILEGE_IDENTITY_READ PRIVILEGE_ANALYTICS_READ PRIVILEGE_FS_LOCK_READ PRIVILEGE_DNS_USE
In recent version of Qumulo Core, these roles may be defined in the WebUI under the Role Managment section.
There are three ways this script can authenticate with a cluster. They will be tried in the following order:
- Credential reuse from the qumulo_api cli. You can use 'qq login' to create a credential file. This provides interactive password entry, which is the most secure method.
- Passed as parameters to the script itself using --host, --port, --user, and --password.
- Specified by the environmental variables API_HOSTNAME, API_PORT, API_USER, and API_PASSWORD. This would be most useful for non-interactive usage.
It's a good idea to use a virtual environment to run your scripts in. For a quick start, try:
qumulo-smb-lock-manager$ virtualenv ~/qumulo_api
qumulo-smb-lock-manager$ source ~/qumulo_api/bin/activate
(qumulo_api) qumulo-smb-lock-manager$ pip install -r requirements.txt
(qumulo_api) qumulo-smb-lock-manager$ qq --host your.cluster.company.com login -u lockadmin
(qumulo_api) qumulo-smb-lock-manager$ ./smb_lock_manager.py --host your.cluster.company.com
To exit your virtual environment, you can run deactivate
.
If desired, you can replace the first line of smb_lock_manager.py with the
path to this virtualenv python, eg.:
#!/home/user/qumulo_api/bin/python
Want something even simpler? If your system has python2, pip, and python3,
you can run ./build_binary.sh
to produce a standalone package you can
distribute.