Create an SVM for ONTAP S3
Although S3 can coexist with other protocols in an SVM, you might want to create a new SVM to isolate the namespace and workload.
If you are only providing S3 object storage from an SVM, the S3 server does not require any DNS configuration. However, you might want to configure DNS on the SVM if other protocols are used.
When you configure S3 access to a new storage VM using System Manager, you are prompted to enter certificate and networking information, and the storage VM and S3 object storage server are created in a single operation.
You should be prepared to enter the S3 server name as a Fully Qualified Domain Name (FQDN), which clients will use for S3 access. The S3 server FQDN must not begin with a bucket name.
You should be prepared to enter IP addresses for interface role Data.
If you are using an external-CA signed certificate, you will be prompted to enter it during this procedure; you also have the option to use a system-generated certificate.
-
Enable S3 on a storage VM.
-
Add a new storage VM: Click Storage > Storage VMs, then click Add.
If this is a new system with no existing storage VMs: Click Dashboard > Configure Protocols.
If you are adding an S3 server to an existing storage VM: Click Storage > Storage VMs, select a storage VM, click Settings, and then click under S3.
-
Click Enable S3, then enter the S3 Server Name.
-
Select the certificate type.
Whether you select system-generated certificate or one of your own, it will be required for client access.
-
Enter the network interfaces.
-
-
If you selected the system-generated certificate, you see the certificate information when the new storage VM creation is confirmed. Click Download and save it for client access.
-
The secret key will not be displayed again.
-
If you need the certificate information again: Click Storage > Storage VMs, select the storage VM, and click Settings.
-
-
Verify that S3 is licensed on your cluster:
system license show -package s3
If it is not, contact your sales representative.
-
Create an SVM:
vserver create -vserver <svm_name> -subtype default -rootvolume <root_volume_name> -aggregate <aggregate_name> -rootvolume-security-style unix -language C.UTF-8 -data-services <data-s3-server> -ipspace <ipspace_name>
-
Use the UNIX setting for the
-rootvolume-security-style
option. -
Use the default C.UTF-8
-language
option. -
The
ipspace
setting is optional.
-
-
Verify the configuration and status of the newly created SVM:
vserver show -vserver <svm_name>
The
Vserver Operational State
field must display therunning
state. If it displays theinitializing
state, it means that some intermediate operation such as root volume creation failed, and you must delete the SVM and re-create it.
The following command creates an SVM for data access in the IPspace ipspaceA:
cluster-1::> vserver create -vserver svm1.example.com -rootvolume root_svm1 -aggregate aggr1 -rootvolume-security-style unix -language C.UTF-8 -data-services _data-s3-server_ -ipspace ipspaceA [Job 2059] Job succeeded: Vserver creation completed
The following command shows that an SVM was created with a root volume of 1 GB, and it was started automatically and is in running
state. The root volume has a default export policy that does not include any rules, so the root volume is not exported upon creation. By default, the vsadmin user account is created and is in the locked
state. The vsadmin role is assigned to the default vsadmin user account.
cluster-1::> vserver show -vserver svm1.example.com Vserver: svm1.example.com Vserver Type: data Vserver Subtype: default Vserver UUID: b8375669-19b0-11e5-b9d1-00a0983d9736 Root Volume: root_svm1 Aggregate: aggr1 NIS Domain: - Root Volume Security Style: unix LDAP Client: - Default Volume Language Code: C.UTF-8 Snapshot Policy: default Comment: Quota Policy: default List of Aggregates Assigned: - Limit on Maximum Number of Volumes allowed: unlimited Vserver Admin State: running Vserver Operational State: running Vserver Operational State Stopped Reason: - Allowed Protocols: nfs, cifs Disallowed Protocols: - QoS Policy Group: - Config Lock: false IPspace Name: ipspaceA