Storage File Locking

Supported:

• Enterprise File Fabric - since version 2006.02
• Providers:

  • SMB/CIFS Connector (Single User)
  • SMB/CIFS Connector (Multiuser)
  • Nasuni Connector

The File Fabric provides File Locking for files edited through the File Fabric and can extend these file locks to the underlying storage to enhance protection when users may also be editing from the storage directly.

When a file is edited through Cloud Edit, for example, a write-lock is placed on the file in storage before the file is downloaded and opened for editing. Other users opening the file whether inside or outside of the File Fabric will be able to view the file (read-only) but not make changes. When the file is closed the storage lock is released. If the file had been already locked, then Cloud Edit will instead open the file in read-only mode.

To enable the locking service for the File Fabric login to your appladmin account and visit Site Functionality. You should enable the “SMB - Storage Locking Enabled” option and set the value field to, for example:

https://127.0.0.1:2201/

127.0.0.1 is the IP address to use on a single node File Fabric installation. If you are configuring this on a H/A multi-node system, you should alter the host name or IP address as appropriate so that it only points to the node on which the locking service is running.

For v2106 and above Provider File Locking must also be enabled per-provider from Provider Settings.

The Storage Level Locking feature is available for the following connectors:

• SMB/CIFS Connector (Single User)
• SMB/CIFS Connector (Multiuser)
• Nasuni Connector

Provider locks are created through through the File Fabric's Storage Locking Service. The service runs as a container within the File Fabric appliance or cluster. If the locking service is not running, it will be unable to acquire file locks. Likewise stopping or restarting the service will drop any locks currently acquired.

When a user opens a file for editing via a File Fabric app the app first requests that a file lock. The same approach is taken by the Cloud Drive and for files edited through Microsoft Online - a lock is requested first.

If the File Fabric has not already locked the file, and provider locking integration is enabled, it requests that a write-lock (also called a share lock) be created on the provider file. There are two possible outcomes:

• Success - If the write-lock is successful the File Fabric marks the file as locked, granting the lock request to the app. The user can open the file for editing! Because of the write-lock other users will not be able to edit the file on the provider - they will be able to open it for viewing.
• Failure - If the write-lock fails the File Fabric denies the lock request to the app and the app only lets the user only open the file for viewing. Other users will not be able to edit the file either, as there is a lock on the provider and they won't be able to lock it through the File Fabric.

Once the File Fabric lock is released, after either the file is closed, the lock is released manually or the lock times out in some circumstances, the locking service will release the file lock on the provider.

Provider locks are also released if the locked file is renamed or moved through either the File Fabric or through the storage directly.

The File Fabric also creates lock files for OpenOffice files preventing OpenOffice users from opening files that are locked by Microsoft Office or other users. These files are created on the provider storage in the following format:

.~lock.Marketing Newsletter.docx#

Check provider locking is configured for the appliance. Log in as the Appliance Admin and check Site Functionality.

Check provider file locking is enabled for the provider:

To check that the locking service is running, log in to the File Fabric console as root and execute:

docker ps | grep ff-cifs-locker

The locking service should be running automatically, however if it is not, you can run:

cd /var/www/smestorage/containers/cifs-locker
/usr/local/bin/docker-compose up -d

If you are running a multi-node system, the locking service should only be run on one node.

Check the appliance logs for issues connecting to the locking service.

For debugging the debug filter 'cifslock|cifslockext' can be enabled in /var/www/smestorage/public_html/config.inc.php. Note that the File Fabric's command line config editing tool, new in File Fabric version 2006, can be used to set and clear these flags.

Check logits.txt.

From the console as root you can log into the container by running

docker exec -it ff-cifs-locker bash

From within the container you can view a more detailed log:

/var/log/ff-cifs-locker/ff-cifs-locker.log

You can also look at currently active locks

lslocks -u