#multi-admin-verification snapshot deletion

1 messages · Page 1 of 1 (latest)

oblique turtle
#

Hello folks,
I want to forbid snapshot deletion for all volumes (so far, so easy) except for volumes named esx1* and all Snapshots Veeam* in those volumes
Example
Volume esx1a Snapshot Veeam1 - no approval needed
Volume esx1a Snapshot Test1 - approval needed
Volume otherVolume Snapshot Test1 - approval needed
Volume otherVolume Snapshot Veeam1 - approval needed

How should I design the rules to achieve that?

woeful hollow
#

Not sure if that's possible since you can only create one MAV rule per CMD.
You could try snapshot delete -volume !esx1* -snapshot !Veeam*
But I think that would result in no approval needed for your last example. Not sure though...

Did you try it?

oblique turtle
#

Yes, I've tried that, but without success:
Rule:

            volume snapshot delete                     -         -
              Query: -volume !esx1* -snapshot !Veeam*

Result:

-volume esx1a -snapshot Veeam1       -> no approval request
-volume esx1a -snapshot Test1        -> no approval request
-volume otherVolume -snapshot Test1  -> approval request
-volume otherVolume -snapshot Veeam1 -> no approval

The two conditions in the query are not tied together

ashen dock
#

I am interrested in how you end up fixing this, because we have the same issues... even with NetApp's own SnapManager products which also delete snapshots and even delete volumes(clones) and I also think that Veeam can be setup in a way where it creates a clone, maps it to a host to index, and the needs to delete it... so maybe you also have a problem regarding this? We use Snapshot snaplock from snapcenter, which "fixes" some of the converns about volume deletion as you cannot delete a volume with a locked snapshot on it... but still I think a better solution is needed to allow MAV and backup applications to work together...

vital sun
#

I don't think there is a way to fix it. The only options are a) use only the -volume query (i.e. exclude all ESX volumes, and all their asnapshots), b) use only the -snapshot query (i.e. exclude all Veeam snapshots but on all volumes), c) exclude the whole SVM, or d) use a different naming convention for the Veeam ESX snapshots that uses unique names, and only exclude those names