Object Storage Creation on Netapp ONETAP

From Notes_Wiki

Home > Storage server > NetApp OneTap > Object Storage Creation on Netapp ONETAP

Object Storage Configuration on NetApp ONTAP AFF_c30

a) SVM Creation

  1. Login to the NetApp management console using the admin credentials.
  2. Navigate to StorageStorage VM.
  3. Click on +Add to create a new SVM if one does not already exist.
  4. Provide a name for the SVM and check Enable S3 under Access Protocol.
  5. Provide the object server FQDN (e.g., s3.example.com).
  6. Select Enable TLS and specify the desired port.
  7. If you have a CA certificate, uncheck Use system-generated certificate and select Use external-CA signed certificate.
  8. Set the default language as c.utf_8.
  9. Select the Network Interfaces as needed.
  10. Once all configurations are complete, click on Save.

b) Bucket Creation

  1. Login to the ONTAP management console using the admin credentials.
  2. Navigate to StorageBuckets, and click on +Add to create a new bucket.
  3. Provide a name for the bucket, select the SVM created in the previous step, and define the bucket size (minimum: 95 GB).
  4. To enable tiering and versioning, click on More options, and based on the IOPS, select the appropriate performance service level.
  5. Once the configuration is complete, click on Save to create the bucket.

c) S3 User Creation

  1. Access the NetApp CLI via SSH.
  2. Create an S3 user using the following command and safely copy the access and secret keys:
vserver object-store-server user create -vserver <SVM-NAME> -user <USER_NAME> -keep-time-to-live P1W

Example: 

vserver object-store-server user create -vserver svm_s3 -user test_user -keep-time-to-live P1W
  1. Once the user is created, assign the required permissions to the user for accessing the bucket.
  1. Navigate to StorageBuckets, select the bucket created previously, and go to the Permissions section.
  2. Click on Edit, then scroll down to the Permissions section.
  3. Click on +Add to add new permissions.
  4. In the new window:
    1. In Principal, select the S3 user created earlier.
    2. Set Effect to Allow.
    3. In Action, select the required actions for the user (e.g., read, write, delete).
  5. Leave the Resource section as default.
  6. (Optional) Define conditions if needed.
  7. Save the configuration and verify the permission list.

d) Client Setup

  1. Verify the IP address of the SVM created in step (a), and ensure it resolves to the FQDN of the object store server via DNS or `/etc/hosts`.
  2. Install the AWS CLI on the client machine.
  3. From the NetApp CLI, retrieve the root certificate using:
security certificate show -vserver <SVM_NAME> -type root -instance

This command will display the certificate details including signed date and expiry.

  1. Copy the public key certificate from the output and save it on the client machine.
  2. Configure the AWS CLI with the credentials of the S3 user created earlier:
aws configure

You will be prompted to enter: 

AWS Access Key ID     [None]: <ACCESS_KEY>
AWS Secret Access Key [None]: <SECRET_KEY>
Default region name   [None]: <PRESS ENTER>
Default output format [None]: <PRESS ENTER>
  1. To test the configuration, run the following command:
aws s3 ls s3://<BUCKET-NAME> --endpoint-url https://<FQDN-OF-S3-SERVER>

This confirms that the client can access the S3-compatible bucket via NetApp ONTAP.

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Object_Storage_Creation_on_Netapp_ONETAP&oldid=9327"