Object Storage Creation on Netapp ONETAP
From Notes_Wiki
Home > Storage server > NetApp OneTap > Object Storage Creation on Netapp ONETAP
Object Storage Configuration on NetApp ONTAP AFF_c30
a) SVM Creation
- Login to the NetApp management console using the admin credentials.
- Navigate to Storage → Storage VM.
- Click on +Add to create a new SVM if one does not already exist.
- Provide a name for the SVM and check Enable S3 under Access Protocol.
- Provide the object server FQDN (e.g., s3.example.com).
- Select Enable TLS and specify the desired port.
- If you have a CA certificate, uncheck Use system-generated certificate and select Use external-CA signed certificate.
- Set the default language as c.utf_8.
- Select the Network Interfaces as needed.
- Once all configurations are complete, click on Save.
b) Bucket Creation
- Login to the ONTAP management console using the admin credentials.
- Navigate to Storage → Buckets, and click on +Add to create a new bucket.
- Provide a name for the bucket, select the SVM created in the previous step, and define the bucket size (minimum: 95 GB).
- To enable tiering and versioning, click on More options, and based on the IOPS, select the appropriate performance service level.
- Once the configuration is complete, click on Save to create the bucket.
c) S3 User Creation
- Access the NetApp CLI via SSH.
- Create an S3 user using the following command and safely copy the access and secret keys:
vserver object-store-server user create -vserver <SVM-NAME> -user <USER_NAME> -keep-time-to-live P1W
Example:
vserver object-store-server user create -vserver svm_s3 -user test_user -keep-time-to-live P1W
- Once the user is created, assign the required permissions to the user for accessing the bucket.
- Navigate to Storage → Buckets, select the bucket created previously, and go to the Permissions section.
- Click on Edit, then scroll down to the Permissions section.
- Click on +Add to add new permissions.
- In the new window:
- In Principal, select the S3 user created earlier.
- Set Effect to Allow.
- In Action, select the required actions for the user (e.g., read, write, delete).
- Leave the Resource section as default.
- (Optional) Define conditions if needed.
- Save the configuration and verify the permission list.
d) Client Setup
- Verify the IP address of the SVM created in step (a), and ensure it resolves to the FQDN of the object store server via DNS or `/etc/hosts`.
- Install the AWS CLI on the client machine.
- From the NetApp CLI, retrieve the root certificate using:
security certificate show -vserver <SVM_NAME> -type root -instance
This command will display the certificate details including signed date and expiry.
- Copy the public key certificate from the output and save it on the client machine.
- Configure the AWS CLI with the credentials of the S3 user created earlier:
aws configure
You will be prompted to enter:
AWS Access Key ID [None]: <ACCESS_KEY> AWS Secret Access Key [None]: <SECRET_KEY> Default region name [None]: <PRESS ENTER> Default output format [None]: <PRESS ENTER>
- To test the configuration, run the following command:
aws s3 ls s3://<BUCKET-NAME> --endpoint-url https://<FQDN-OF-S3-SERVER>
This confirms that the client can access the S3-compatible bucket via NetApp ONTAP.