Skip to main content
Keystone

Requirements for ONTAP and StorageGRID

Contributors netapp-manini netapp-shwetav netapp-bcammett

Before you get started with Keystone, you need to ensure that ONTAP clusters and StorageGRID systems meet a few requirements.

ONTAP
Software versions
  1. ONTAP 9.8 or later

  2. Active IQ Unified Manager (Unified Manager) 9.10 or later

Before you begin
  1. Ensure that Unified Manager 9.10 or later is configured. For information about installing Unified Manager, see these links:

  2. Ensure that the ONTAP cluster has been added to Unified Manager. For information about adding clusters, see Adding clusters.

  3. Create Unified Manager users with specific roles for usage and performance data collection. Perform these steps. For information about user roles, see Definitions of user roles.

    1. Log into the Unified Manager web UI with the default application administrator user credentials that are generated during installation. See Accessing the Unified Manager web UI.

    2. Create a service account for Keystone Collector with Operator user role. The Keystone Collector service APIs use this service account to communicate with Unified Manager and collect usage data. See Adding users.

    3. Create a Database user account, with the Report Schema role. This user is required for performance data collection. See Creating a database user.

      Note The default port for MySQL, 3306, is restricted only to localhost during a fresh installation of Unified Manager, which prevents the collection of performance data for Keystone ONTAP. This configuration can be modified, and the connection can be made available to other hosts using the Control access to MySQL port 3306 option on the Unified Manager maintenance console. For information, see Additional menu options.
  4. Enable API Gateway in Unified Manager. Keystone Collector makes use of the API Gateway feature to communicate with ONTAP clusters. You can enable API Gateway either from the web UI, or by running a few commands through Unified Manager CLI.

    Web UI

    To enable API Gateway from the Unified Manager web UI, log into the Unified Manager web UI and enable API Gateway. For information, see Enabling API Gateway.

    CLI

    To enable API Gateway through Unified Manager CLI, follow these steps:

    1. On the Unified Manager server, begin an SSH session and log into Unified Manager CLI.
      um cli login -u <umadmin>
      For information about CLI commands, see Supported Unified Manager CLI commands.

    2. Verify whether API Gateway is already enabled.
      um option list api.gateway.enabled
      A true value indicates that the API Gateway is enabled.

    3. If the value returned is false, run this command:
      um option set api.gateway.enabled=true

    4. Restart the Unified Manager server:

StorageGRID

The following configurations are required for installing Keystone Collector on StorageGRID.

  • StorageGRID 11.6.0 or later should be installed. For information about upgrading StorageGRID, see Upgrade StorageGRID software: Overview.

  • A StorageGRID local admin user account should be created for usage data collection. This service account is used by the Keystone Collector service for communicating with StorageGRID through administrator node APIs.

    Steps
    1. Log into the Grid Manager. See Sign in to the Grid Manager.

    2. Create a local admin group with Access mode: Read-only. See Create an admin group.

    3. Add the following permissions:

      • Tenant Accounts

      • Maintenance

      • Metrics Query

    4. Create a Keystone service account user and associate it with the admin group. See Manage users.