Skip to main content
Keystone

Configure Keystone Collector

Contributors netapp-manini
PDFs

You need to complete a few configuration tasks to enable Keystone Collector to collect usage data in your storage environment. This is a one-time activity to activate and associate the required collector component with your storage environment.

Note The Keystone Collector provides you with the Keystone Collector Management Terminal User Interface (TUI) utility to perform configuration and monitoring activities. You can use various keyboard controls, such as the Enter and arrow keys, to select the options and navigate across this TUI.
Steps

  1. Start the Keystone Collector management TUI utility:
    $ keystone-collector-tui

  2. Go to Configure > KS-Collector to open the Keystone Collector configuration screen to view the available options for update.

  3. Update the required options.

    For ONTAP

    • Collect ONTAP usage: This option enables collection of usage data for ONTAP. Add the details of the Active IQ Unified Manager (Unified Manager) server and service account.

    • Collect ONTAP Performance Data: This option enables collection of performance data for ONTAP. This is disabled by default. Enable this option if performance monitoring is required in your environment for SLA purposes. Provide the Unified Manager Database user account details. For information about creating database users, see Create Unified Manager users.

    • Remove Private Data: This option removes specific private data of customers and is enabled by default. For information about what data is excluded from the metrics if this option is enabled, see Limit collection of private data.

    For StorageGRID

    • Collect StorageGRID usage: This option enables collection of node usage details. Add the StorageGRID node address and user details.

    • Remove Private Data: This option removes specific private data of customers and is enabled by default. For information about what data is excluded from the metrics if this option is enabled, see Limit collection of private data.

  4. Toggle the Start KS-Collector with System field.

  5. Click Save.
    tui screen

  6. Ensure that Keystone Collector is in a healthy state by returning to the main screen of the TUI and verifying the Service Status information. The system should show that the services are in an Overall: Healthy status.
    tui screen

  7. Exit the Keystone Collector management TUI by selecting the Exit to Shell option on the home screen.

Configure HTTP Proxy on Keystone Collector

The Collector software supports using a HTTP proxy to communicate with the internet. This can be configured in the TUI.

Steps

  1. Restart the Keystone Collector management TUI utility if already closed:
    $ keystone-collector-tui

  2. Toggle on the HTTP Proxy field, and add the details for the HTTP proxy server, port, and credentials, if authentication is required.

  3. Click Save.
    tui screen

Limit collection of private data

The Keystone Collector gathers limited configuration, status, and performance information required to perform subscription metering. There is an option to further limit the information collected by masking sensitive information from the content uploaded. This does not impact billing calculation. However, limiting the information might impact usability of the reporting information, as some elements, which can be easily identified by users, such as volume name, is replaced with UUIDs.

Limiting the collection of specific customer data is a configurable option on the Keystone Collector TUI screen. This option, Remove Private Data, is enabled by default.

tui screen

For information about the items removed on limiting private data access in both ONTAP and StorageGRID, see List of items removed on limiting private data access.

Trust a custom root CA

Verification of certificates against a public root certificate authority (CA) is a part of the Keystone Collector security features. However, if required, you can configure Keystone Collector to trust a custom root CA.

If you use SSL/TLS inspection in your system firewall, it results in the internet-based traffic to be re-encrypted with your custom CA certificate. It is necessary to configure the settings to verify the source as a trusted CA before accepting the root certificate and allowing connections to occur. Follow these steps:

Steps

  1. Prepare the CA certificate. It should be in base64-encoded X.509 file format.

    Note The supported file extensions are .pem, .crt, .cert. Ensure that the certificate is in one of these formats.

  2. Copy the certificate to the Keystone Collector server. Make a note of the location where the file is copied.

  3. Open a terminal on the server and run the management TUI utility.
    $ keystone-collector-tui

  4. Go to Configuration > Advanced.

  5. Enable the option Enable custom root certificate.

  6. For Select custom root certificate path:, select - Unset -

  7. Press Enter. A dialog box for selecting the certificate path is displayed.

  8. Select the root certificate from the file system browser or enter the exact path.

  9. Press Enter. You return to the Advanced screen.

  10. Select Save. The configuration is applied.

TUI screen for CA customization