Installing the Service Connector on your premises Edit on GitHub Request doc changes

Contributors netapp-bcammett

If you want to tier cold data to AWS S3, you can deploy the Service Connector either on your premises or in an AWS VPC. This page describes how to install the on-premises Service Connector.

Understanding the relationship between the Service Connector and Cloud Manager

To install the Service Connector, you need to download and install NetApp Cloud Manager software. You need to do this because the Service Connector is part of Cloud Manager.

Verifying host requirements

The Service Connector is supported on a Linux host that meets the following requirements.

Supported operating systems
  • CentOS 7.2

  • CentOS 7.3

  • CentOS 7.4

  • Red Hat Enterprise Linux 7.2

  • Red Hat Enterprise Linux 7.3

  • Red Hat Enterprise Linux 7.4

    The Red Hat Enterprise Linux system must be registered with Red Hat Subscription Management. If it is not registered, the system cannot access repositories to update required 3rd party software during installation.

    The Service Connector software is supported on English-language versions of these operating systems.

Hypervisor

A bare metal or hosted hypervisor that is certified to run CentOS or Red Hat Enterprise Linux
Red Hat Solution: Which hypervisors are certified to run Red Hat Enterprise Linux?

CPU

2.27 GHz or higher with two cores

RAM

4 GB

Free disk space

50 GB

Ports

The following ports must be available:

  • 80 for HTTP access

  • 443 for HTTPS access

  • 3306 for the database

  • 8080 for the API proxy

    If other services are using these ports, the installation fails.

    There is a potential conflict with port 3306. If another instance of MySQL is running on the host, it uses port 3306 by default. You must change the port that the existing MySQL instance uses.

    You can change the default HTTP and HTTPS ports when you install the Service Connector. You cannot change the default port for the MySQL database. If you change the HTTP and HTTPS ports, you must ensure that users can access the web console from a remote host:

    • Modify the security group to allow inbound connections through the ports.

    • Specify the port when you enter the URL to the web console.

Preparing your networking

The Service Connector needs a connection to your ONTAP clusters, to AWS S3, and to the Cloud Tiering service.

Steps
  1. Set up an on-premises location for the Service Connector that enables the following connections:

    • An outbound internet connection to the Cloud Tiering service over port 443 (HTTPS)

    • An HTTPS connection over port 443 to S3

    • An HTTPS connection over port 443 to your ONTAP clusters

  2. Ensure that outbound internet access is allowed to those endpoints:

    • http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

    • https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

    • https://s3.amazonaws.com/aws-cli/awscli-bundle.zip

      The installer accesses these URLs during the installation process.

Providing permissions to an AWS account

After you install the Service Connector, you need to provide access keys for an AWS account. That account needs specific permissions so the Service Connector can set up data tiering to AWS S3 on your behalf.

Steps
  1. From the AWS IAM console, create an IAM policy by copying and pasting the permissions below.

    For step-by-step instructions, refer to AWS Documentation: Creating IAM Policies.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "sts:DecodeAuthorizationMessage",
                    "s3:ListBucket",
                    "ec2:DescribeRegions",
                    "cloudformation:CreateStack",
                    "cloudformation:DeleteStack",
                    "cloudformation:DescribeStacks",
                    "cloudformation:DescribeStackEvents",
                    "cloudformation:ValidateTemplate"
                ],
                "Resource": "*"
            },
            {
                "Sid": "fabricPoolPolicy",
                "Effect": "Allow",
                "Action": [
                    "s3:DeleteBucket",
                    "s3:GetLifecycleConfiguration",
                    "s3:PutLifecycleConfiguration",
                    "s3:CreateBucket",
                    "s3:GetBucketTagging",
                    "s3:PutBucketTagging"
                ],
                "Resource": "arn:aws:s3:::fabric-pool*"
            }
        ]
    }
  2. Attach the policy to an IAM role or an IAM user.

    For step-by-step instructions, refer to the following:

Result

The account now has the required permissions. You need to provide access keys for the AWS account after you install the Service Connector.

Installing the Service Connector on an on-premises Linux host

After you verify system and network requirements, download and install the software on a supported Linux host.

About this task
  • Root privileges are not required for installation.

  • The Service Connector installs the AWS command line tools (awscli) to enable recovery procedures from NetApp support.

    If you receive a message that installing the awscli failed, you can safely ignore the message. The Service Connector can operate successfully without the tools.

  • The installer that is available on the NetApp Support Site might be an earlier version. After installation, the software automatically updates itself if a new version is available.

Steps
  1. From your Linux host, download the pre-installation script.

    If the link opens in a new browser tab, right click the page and select Save As.
  2. Assign permissions to execute the script.

    Example

    chmod +x pre-install.sh

  3. Generate a refresh token for the Cloud Central API:

    1. Go to the Refresh Token Generator.

    2. Under All Cloud Central APIs, click Generate Refresh Token and copy the generated token to your clipboard.

  4. Run the pre-installation script:

    ./pre-install.sh -t W4clgk2XDKccpUEJu_xQHXH71lKzB4QS6vlRqyYnWURaD -c NetApp -i myCloudManager -a myAccount -e production

    • -t: The refresh token string from the previous step

    • -c: Your company name

    • -i: A name for the Service Connector

    • -a: The name of your Cloud Central account (will be created if there is no previous account)

    • -e: Environment: production

  5. Download the installation script for Cloud Manager 3.7 or later from the NetApp Support Site, and then copy it to the Linux host.

  6. Assign permissions to execute the script.

    Example

    chmod +x OnCommandCloudManager-V3.7.0.sh

  7. Run the installation script:

    ./OnCommandCloudManager-V3.7.0.sh [silent] [proxy=ipaddress] [proxyport=port] [proxyuser=user_name] [proxypwd=password]

    silent runs the installation without prompting you for information.

    proxy is required if the host is behind a proxy server.

    proxyport is the port for the proxy server.

    proxyuser is the user name for the proxy server, if basic authentication is required.

    proxypwd is the password for the user name that you specified.

  8. Unless you specified the silent parameter, type Y to continue the script, and then enter the HTTP and HTTPS ports when prompted.

    If you change the HTTP and HTTPS ports, you must ensure that users can access the Cloud Manager web console from a remote host:

    • Modify the security group to allow inbound connections through the ports.

    • Specify the port when you enter the URL to the web console.

      The Service Connector is now installed. At the end of the installation, the Cloud Manager service (occm) restarts twice if you specified a proxy server.

  9. Open a web browser and enter the following URL:

    https://ipaddress:port

    ipaddress can be localhost, a private IP address, or a public IP address, depending on the configuration of the host.

    port is required if you changed the default HTTP (80) or HTTPS (443) ports. For example, if the HTTPS port was changed to 8443, you would enter https://ipaddress:8443

  10. Sign up at NetApp Cloud Central or log in.

  11. After you log in, set up Cloud Manager:

    1. Specify the Cloud Central account to associate with this Cloud Manager system. This should be the same account that you specified when you ran the pre-installation script.

    2. Enter a name for the system.

      A screenshot that shows the set up Cloud Manager screen that enables you to select a Cloud Central account and name the Cloud Manager system.

After you finish

Add an AWS account to Cloud Manager that has the required permissions.

Adding the AWS account to Cloud Manager

After you provide an AWS account with the required permissions, you need to add AWS access keys to Cloud Manager. This enables the Service Connector to set up data tiering to AWS S3 on your behalf.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Cloud Provider & Support Accounts.

    A screenshot that shows the Settings icon in the upper right of the Cloud Manager console.

  2. Click Add New Account and select AWS.

  3. Select AWS keys.

  4. Confirm that the policy requirements have been met and then click Create Account.

Result

The Service Connector is now installed with the permissions that it needs to tier cold data from your ONTAP systems to AWS S3. You should now see the Service Connector when you set up tiering to a new cluster.