Create the S3 object store server
The ONTAP object store server manages data as S3 objects, as opposed to file or block storage provided by ONTAP NAS and SAN servers.
You should have a self-signed CA certificate (created in previous steps) or a certificate signed by an external CA vendor. A CA certificate is not necessary for a local tiering use case, where IP traffic is going over cluster LIFs only.
When an object store server is created, a root user with UID 0 is created. No access key or secret key is generated for this root user. The ONTAP administrator must run the
object-store-server users regenerate-keys command to set the access key and secret key for this user.
As a NetApp best practice, do not use this root user. Any client application that uses the access key or secret key of the root user has full access to all buckets and objects in the object store.
vserver object-store-server man pages for additional configuration and display options.
Create the S3 server:
vserver object-store-server create -vserver svm_name -object-store-server s3_server_name -certificate-name ca_cert_name -comment text [additional_options]
You can specify additional options when creating the S3 server or at any time later.
The SVM name can be either a data SVM or
Cluster(the system SVM name) if you are configuring local tiering.
HTTPS is enabled by default on port 443. You can change the port number with the
When HTTPS is enabled, CA certificates are required for proper integration with SSL/TLS.
HTTP is disabled by default; when enabled, the server listens on port 80. You can enable it with the
-is-http-enabledoption or change the port number with the
When HTTP is enabled, all the request and responses are sent over the network in clear text.
Verify that S3 is configured as desired:
vserver object-store-server show
The following command verifies the configuration values of all object storage servers:
cluster1::> vserver object-store-server show Vserver: vs1 Object Store Server Name: s3.example.com Administrative State: up Listener Port For HTTP: 80 Secure Listener Port For HTTPS: 443 HTTP Enabled: false HTTPS Enabled: true Certificate for HTTPS Connections: svm1_ca Comment: Server comment