Storage File Locking

Last Updated: January 10, 2022

Supported:

The File Fabric provides File Locking for files edited through the File Fabric and can extend these file locks to the underlying storage to enhance protection when users may also be editing from the storage directly.

When a file is edited through Cloud Edit, for example, a write-lock is placed on the file in storage before the file is downloaded and opened for editing. Other users opening the file whether inside or outside of the File Fabric will be able to view the file (read-only) but not make changes. When the file is closed the storage lock is released. If the file had been already locked, then Cloud Edit will instead open the file in read-only mode.

Enabling Storage Locking Integration

1. Appliance Settings

To enable the locking service for the File Fabric login to your appladmin account and visit Site Functionality. You should enable the “SMB - Storage Locking Enabled” option and set the value field to, for example:

https://127.0.0.1:2201/

127.0.0.1 is the IP address to use on a single node File Fabric installation. If you are configuring this on a H/A multi-node system, you should alter the host name or IP address as appropriate so that it only points to the node on which the locking service is running.

2. Provider Settings

For v2106 and above Provider File Locking must also be enabled per-provider from Provider Settings.

Supported Storage Platforms

The Storage Level Locking feature is available for the following connectors:

Implementation

Provider locks are created through through the File Fabric's Storage Locking Service. The service runs as a container within the File Fabric appliance or cluster. If the locking service is not running, it will be unable to acquire file locks. Likewise stopping or restarting the service will drop any locks currently acquired.

Providing Locking Process

When a user opens a file for editing via a File Fabric app the app first requests that a file lock. The same approach is taken by the Cloud Drive and for files edited through Microsoft Online - a lock is requested first.

If the File Fabric has not already locked the file, and provider locking integration is enabled, it requests that a write-lock (also called a share lock) be created on the provider file. There are two possible outcomes:

  • Success - If the write-lock is successful the File Fabric marks the file as locked, granting the lock request to the app. The user can open the file for editing! Because of the write-lock other users will not be able to edit the file on the provider - they will be able to open it for viewing.
  • Failure - If the write-lock fails the File Fabric denies the lock request to the app and the app only lets the user only open the file for viewing. Other users will not be able to edit the file either, as there is a lock on the provider and they won't be able to lock it through the File Fabric.

Once the File Fabric lock is released, after either the file is closed, the lock is released manually or the lock times out in some circumstances, the locking service will release the file lock on the provider.

Provider locks are also released if the locked file is renamed or moved through either the File Fabric or through the storage directly.

OpenOffice Lock Files

The File Fabric also creates lock files for OpenOffice files preventing OpenOffice users from opening files that are locked by Microsoft Office or other users. These files are created on the provider storage in the following format:

.~lock.Marketing Newsletter.docx#

Troubleshooting

Check Appliance Settings

Check provider locking is configured for the appliance. Log in as the Appliance Admin and check Site Functionality.

Check Provider Settings

Check provider file locking is enabled for the provider:

Check Locking Service

To check that the locking service is running, log in to the File Fabric console as root and execute:

docker ps | grep ff-cifs-locker

The locking service should be running automatically, however if it is not, you can run:

cd /var/www/smestorage/containers/cifs-locker
/usr/local/bin/docker-compose up -d

If you are running a multi-node system, the locking service should only be run on one node.

Check Appliance Logs

Check the appliance logs for issues connecting to the locking service.

For debugging the debug filter 'cifslock|cifslockext' can be enabled in /var/www/smestorage/public_html/config.inc.php. Note that the File Fabric's command line config editing tool, new in File Fabric version 2006, can be used to set and clear these flags.

Check logits.txt.

Check Locking Service Logs and Locks

From the console as root you can log into the container by running

docker exec -it ff-cifs-locker bash

From within the container you can view a more detailed log:

/var/log/ff-cifs-locker/ff-cifs-locker.log

You can also look at currently active locks

lslocks -u