# ontap-s3-s3.sh # # https://docs.netapp.com/us-en/ontap/object-storage-management/ # https://docs.netapp.com/us-en/ontap/s3-config/workflow-concept.html # TechLab/BTIC/S.I.C. CLUSTER="nlda250" VSERVER="nldsvm31" AGGREGATE="n01a1901" ROOTVOL="svm31_vol0root" IPSPACE="ips-btic01" LIF="svm31-25" ADDRESS="172.16.25.231" GATEWAY="172.16.25.1" NODE="nlda250-01" PORT="a200a-25" BUCKET="svm31-bucket003" STOR_CLASS="performance-fixed" S3_USER="nl19471" NAS_PATH="/svm31_vol01001/svm31_bucket001" echo "Create an SVM for ONTAP S3" # vserver create -vserver svm1.example.com -rootvolume root_svm1 -aggregate aggr1 -rootvolume-security-style unix -language C.UTF-8 -data-services data-s3-server -ipspace ipspaceA # ssh ${CLUSTER} "vserver create -vserver ${VSERVER} -rootvolume ${ROOTVOL} -aggregate ${AGGREGATE} -rootvolume-security-style unix -language C.UTF-8 -data-services data-s3-server -ipspace ${IPSPACE}" ssh ${CLUSTER} "vserver show -vserver ${VSERVER} -field rootvolume,aggregate,rootvolume-security-style,language,data-services,ipspace" echo "Create and install a CA certificate on an ONTAP S3-enabled SVM" # security certificate create -vserver svm_name -type root-ca -common-name ca_cert_name # ssh ${CLUSTER} "security certificate create -vserver ${VSERVER} -type root-ca -common-name ${VSERVER}" ssh ${CLUSTER} "security certificate show -vserver ${VSERVER} -field type,common-name " ssh ${CLUSTER} "security certificate show -vserver ${VSERVER} -inst" echo "Create the ONTAP S3 service data policy" # set -privilege advanced; network interface service-policy create -vserver svm_name -policy policy_name -services data-core,data-s3-server #ssh ${CLUSTER} "set -privilege advanced; network interface service-policy create -vserver ${VSERVER} -policy ${VSERVER}-custom-s3 -services data-core,data-s3-server" ssh ${CLUSTER} "set -privilege advanced; network interface service-policy show -vserver ${VSERVER} -field policy,services" #+ Create data LIFs for ONTAP S3 # network interface create -vserver svm_name -lif lif_name -service-policy service_policy_names -home-node node_name -home-port port_name {-address IP_address -netmask IP_address | -subnet-name subnet_name} -firewall-policy data -auto-revert {true|false} #ssh ${CLUSTER} "network interface create -vserver ${VSERVER} -lif ${LIF} -service-policy ${VSERVER}-custom-s3 -home-node ${NODE} -home-port ${PORT} -address ${ADDRESS} -netmask 255.255.255.0 -firewall-policy data -auto-revert false" ssh ${CLUSTER} "network interface show -vserver ${VSERVER} " echo "Create default route" #ssh ${CLUSTER} "network route create -vserver ${VSERVER} -destination 0.0.0.0/0 -gateway ${GATEWAY}" ssh ${CLUSTER} "network route show -vserver ${VSERVER}" echo "Get server_certificate_name 1st" SRV_CERT_NAME=`ssh ${CLUSTER} "set -showseparator \";\" ; security certificate show -vserver ${VSERVER} -type server -field cert-name"|grep ${VSERVER}|awk -F\; '{print $7}'` echo "SRV_CERT_NAME=${SRV_CERT_NAME}" #+ Create the ONTAP S3 object store server # vserver object-store-server create -vserver svm_name -object-store-server s3_server_fqdn -certificate-name server_certificate_name -comment text [additional_options] #ssh ${CLUSTER} "vserver object-store-server create -vserver ${VSERVER} -object-store-server ${VSERVER} -certificate-name ${SRV_CERT_NAME} -comment \"Created by script\" " ssh ${CLUSTER} "vserver object-store-server show -vserver ${VSERVER} -field object-store-server,certificate-name,comment" echo "Create S3 buckets with the ONTAP CLI" #- https://docs.netapp.com/us-en/ontap/s3-config/create-bucket-task.html#create-s3-buckets-with-the-ontap-cli # vserver object-store-server bucket create -vserver svm_name -bucket bucket_name [-size integer[KB|MB|GB|TB|PB]] [-comment text] [additional_options] #ssh ${CLUSTER} "set -priv advanced;vserver object-store-server bucket create -vserver ${VSERVER} -bucket ${BUCKET} -type s3 -size 100GB -comment \"Bucket by script\" -aggr-list ${AGGREGATE} -qos-policy-group ${STOR_CLASS}" ssh ${CLUSTER} "vserver object-store-server bucket show -vserver ${VSERVER} -field bucket,size,logical-used,volume,qos-policy-group" ssh ${CLUSTER} "vserver object-store-server bucket show -vserver ${VSERVER} -field bucket,size,logical-used,volume,qos-policy-group" ssh ${CLUSTER} "volume show -vserver ${VSERVER} -field volume-style-extended,aggr-list,qos-policy-group,qos-adaptive-policy-group,size" echo "Create an ONTAP S3 user" # ::> vserver object-store-server user create -vserver -user #ssh ${CLUSTER} "vserver object-store-server user create -vserver ${VSERVER} -user ${S3_USER}" ssh ${CLUSTER} "set -priv advanced ; vserver object-store-server user show -vserver ${VSERVER} -user ${S3_USER} -instance" echo "Create or modify ONTAP S3 user groups to control access to buckets" #- https://docs.netapp.com/us-en/ontap/s3-config/create-modify-groups-task.html # vserver object-store-server group create -vserver svm_name -name group_name -users user_name\(s\) [-policies policy_names] [-comment text\] #ssh ${CLUSTER} "vserver object-store-server group create -vserver ${VSERVER} -name grp_${VSERVER} -users ${S3_USER} -comment \"Created by script\" -policies FullAccess" ssh ${CLUSTER} "vserver object-store-server group show -vserver ${VSERVER} " echo "Show ONTAP S3 bucket policies" ssh ${CLUSTER} "vserver object-store-server bucket policy show -vserver ${VSERVER} " echo "Cert" ssh ${CLUSTER} "security certificate show -vserver ${VSERVER} -type server -common-name ${VSERVER} -field cert-name"