# ontap-s3-nas.sh, Maarten.deBoer@Atos.net, 251112 # ONTAP-S3 NAS-bucket # # https://docs.netapp.com/us-en/ontap/object-storage-management/ # https://docs.netapp.com/us-en/ontap/s3-config/workflow-concept.html # TechLab/BTIC/S.I.C. CLUSTER="nlda250" #VSERVER="nldsvm31" VSERVER="nldomi31" AGGREGATE="n01a1901" ROOTVOL="omi31_vol0root" IPSPACE="ips-btic01" LIF="svm31-25" ADDRESS="172.16.25.113" GATEWAY="172.16.25.1" NODE="nlda250-01" PORT="a200a-25" BUCKET="omi31-nas-bkt001" STOR_CLASS="performance-fixed" S3_USER="nl19471" NAS_BUCKET="${BUCKET}" NAS_VOLUME="omi31_vol01001" if [ "${1}" != "" ]; then BUCKET="${1}" NAS_BUCKET="${BUCKET}" fi # $1 NAS_PATH="/${NAS_VOLUME}/${NAS_BUCKET}" echo " CLUSTER=${CLUSTER}" echo " VSERVER=${VSERVER}" echo " ADDRESS=${ADDRESS}" echo " BUCKET(1)=${BUCKET}" echo " NAS_BUCKET=${NAS_BUCKET}" echo " NAS_VOLUME=${NAS_VOLUME}" echo " NAS_PATH=${NAS_PATH}" sleep 2 echo "===== Create/Show an SVM for ONTAP S3 =====" # vserver create -vserver svm1.example.com -rootvolume root_svm1 -aggregate aggr1 -rootvolume-security-style unix -language C.UTF-8 -data-services data-s3-server -ipspace ipspaceA #ssh ${CLUSTER} "vserver create -vserver ${VSERVER} -rootvolume ${ROOTVOL} -aggregate ${AGGREGATE} -rootvolume-security-style unix -language C.UTF-8 -data-services data-s3-server -ipspace ${IPSPACE}" ssh ${CLUSTER} "vserver show -vserver ${VSERVER} -field rootvolume,aggregate,rootvolume-security-style,language,data-services,ipspace" echo "===== Create and install / Show a CA certificate on an ONTAP S3-enabled SVM =====" # security certificate create -vserver svm_name -type root-ca -common-name ca_cert_name ##ssh ${CLUSTER} "security certificate create -vserver ${VSERVER} -type root-ca -common-name ${VSERVER}" #ssh ${CLUSTER} "security certificate create -vserver ${VSERVER} -type server -common-name ${VSERVER}" ssh ${CLUSTER} "security certificate show -vserver ${VSERVER} -field type,common-name " ssh ${CLUSTER} "security certificate show -vserver ${VSERVER} -inst" echo "===== Create/Show the ONTAP S3 service data policy =====" # set -privilege advanced; network interface service-policy create -vserver svm_name -policy policy_name -services data-core,data-s3-server #ssh ${CLUSTER} "set -privilege advanced; network interface service-policy create -vserver ${VSERVER} -policy ${VSERVER}-custom-s3 -services data-core,data-s3-server" ssh ${CLUSTER} "set -privilege advanced; network interface service-policy show -vserver ${VSERVER} -field policy,services" echo "===== Create data LIFs for ONTAP S3 =====" # network interface create -vserver svm_name -lif lif_name -service-policy service_policy_names -home-node node_name -home-port port_name {-address IP_address -netmask IP_address | -subnet-name subnet_name} -firewall-policy data -auto-revert {true|false} #ssh ${CLUSTER} "network interface create -vserver ${VSERVER} -lif ${LIF} -service-policy ${VSERVER}-custom-s3 -home-node ${NODE} -home-port ${PORT} -address ${ADDRESS} -netmask 255.255.255.0 -firewall-policy data -auto-revert false" ssh ${CLUSTER} "network interface show -vserver ${VSERVER} " echo "===== Create default route =====" #ssh ${CLUSTER} "network route create -vserver ${VSERVER} -destination 0.0.0.0/0 -gateway ${GATEWAY}" ssh ${CLUSTER} "network route show -vserver ${VSERVER}" echo "===== Get server_certificate_name 1st =====" SRV_CERT_NAME=`ssh ${CLUSTER} "set -showseparator \";\" ; security certificate show -vserver ${VSERVER} -type server -field cert-name"|grep ${VSERVER}|awk -F\; '{print $7}'|tail -1` echo "SRV_CERT_NAME=${SRV_CERT_NAME}" echo "===== Create the ONTAP S3 object store server =====" # vserver object-store-server create -vserver svm_name -object-store-server s3_server_fqdn -certificate-name server_certificate_name -comment text [additional_options] #ssh ${CLUSTER} "vserver object-store-server create -vserver ${VSERVER} -object-store-server ${VSERVER} -certificate-name ${SRV_CERT_NAME} -comment \"Created by script\" " ssh ${CLUSTER} "vserver object-store-server show -vserver ${VSERVER} -field object-store-server,certificate-name,comment" echo "===== Create/Show volume =====" ssh ${CLUSTER} "volume create -vserver ${VSERVER} -volume ${NAS_VOLUME} -aggregate ${AGGREGATE} -size 100GB -junction-path \"/${NAS_VOLUME}\" -language C.UTF-8" ssh ${CLUSTER} "volume show -vserver ${VSERVER} -field volume,aggregate,size,junction-path,language" echo "===== Create/Show Qtree =====" ssh ${CLUSTER} "qtree create -vserver ${VSERVER} -volume ${NAS_VOLUME} -qtree ${NAS_BUCKET} -security-style unix -unix-permissions ---rwxrwxrwx " ssh ${CLUSTER} "qtree show -vserver ${VSERVER} -field volume,qtree,security-style,unix-permissions" echo "===== Create/Show (NAS) S3 buckets with the ONTAP CLI =====" #- https://docs.netapp.com/us-en/ontap/s3-config/create-bucket-task.html#create-s3-buckets-with-the-ontap-cli # vserver object-store-server bucket create -vserver svm_name -bucket bucket_name [-size integer[KB|MB|GB|TB|PB]] [-comment text] [additional_options] # NAS ssh ${CLUSTER} "set -priv advanced;vserver object-store-server bucket create -vserver ${VSERVER} -bucket ${NAS_BUCKET} -type nas -comment \"Bucket by script\" -nas-path ${NAS_PATH}" ssh ${CLUSTER} "vserver object-store-server bucket show -vserver ${VSERVER} -field bucket,type,size,logical-used,volume,qos-policy-group" ssh ${CLUSTER} "volume show -vserver ${VSERVER} -field volume-style-extended,aggr-list,qos-policy-group,qos-adaptive-policy-group,size" echo "===== Create/show ONTAP S3 user =====" # ::> vserver object-store-server user create -vserver -user #ssh ${CLUSTER} "vserver object-store-server user create -vserver ${VSERVER} -user ${S3_USER}" ssh ${CLUSTER} "set -priv advanced ; vserver object-store-server user show -vserver ${VSERVER} -user ${S3_USER} -instance" echo "===== Create or modify / show ONTAP S3 user groups to control access to buckets =====" #- https://docs.netapp.com/us-en/ontap/s3-config/create-modify-groups-task.html # vserver object-store-server group create -vserver svm_name -name group_name -users user_name\(s\) [-policies policy_names] [-comment text\] ssh ${CLUSTER} "vserver object-store-server group create -vserver ${VSERVER} -name grp_${VSERVER} -users ${S3_USER} -comment \"Created by script\" -policies FullAccess" ssh ${CLUSTER} "vserver object-store-server group show -vserver ${VSERVER} " echo "===== Show ONTAP S3 bucket policies =====" ssh ${CLUSTER} "vserver object-store-server bucket policy show -vserver ${VSERVER} " echo "===== Show Cert. ===== " ssh ${CLUSTER} "security certificate show -vserver ${VSERVER} -type server -common-name ${VSERVER} -field cert-name" echo "===== Show Buckets for ${VSERVER} =====" ssh ${CLUSTER} "vserver object-store-server bucket show -vserver ${VSERVER} -field bucket,type,size,logical-used,volume,qos-policy-group"