Skip to main content

Create a backup relationship for an existing bucket (cloud target)

Contributors netapp-forry netapp-barbe netapp-manini netapp-lenida netapp-ahibbard netapp-aherbin
PDFs

You can begin backing up existing S3 buckets at any time; for example, if you upgraded an S3 configuration from a release earlier than ONTAP 9.10.1.

Before you begin

  • You have valid account credentials and configuration information for the object store provider.

  • Intercluster network interfaces and an IPspace have been configured on the source system.

  • The DNS configuration for the source storage VM must be able to resolve the target’s FQDN.

System Manager

  1. Verify that the users and groups are correctly defined:
    Click Storage > storage VMs, click the storage VM, click Settings and then click Edit icon under S3.

    See Add S3 users and groups for more information.

  2. Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:

    1. Click Protection > Overview, and then click Local Policy Settings.

    2. Click Arrow icon next to Protection Policies, then click Add.

    3. Enter the policy name and description.

    4. Select the policy scope, cluster or SVM

    5. Select Continuous for SnapMirror S3 relationships.

    6. Enter your Throttle and Recovery Point Objective values.

  3. Add a Cloud Object Store on the source system:

    1. Click Protection > Overview, then select Cloud Object Store.

    2. Click Add, then select Amazon S3 or Others for StorageGRID Webscale.

    3. Enter the following values:

      • Cloud object store name

      • URL style (path or virtual-hosted)

      • storage VM (enabled for S3)

      • Object store server name (FQDN)

      • Object store certificate

      • Access key

      • Secret key

      • Container (bucket) name

  4. Verify that the bucket access policy of the existing bucket still meets your needs:

    1. Click Storage > Buckets and then select the bucket you want to protect.

    2. In the Permissions tab, click Edit icon Edit, then click Add under Permissions.

      • Principal and Effect - select values corresponding to your user group settings or accept the defaults.

      • Actions - make sure the following values are shown: GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts

      • Resources - use the defaults (bucketname, bucketname/*) or other values you need.

        See Manage user access to buckets for more information about these fields.

  5. Back up the bucket using SnapMirror S3:

    1. Click Storage > Buckets and then select the bucket you want to back up.

    2. Click Protect, select Cloud Storage under Target, then select the Cloud Object Store.

When you click Save, the existing bucket is backed up to the cloud object store.

CLI

  1. Verify that the access rules in the default bucket policy are correct:
    vserver object-store-server bucket policy add-statement -vserver svm_name -bucket bucket_name -effect {allow|deny} -action object_store_actions -principal user_and_group_names -resource object_store_resources [-sid text] [-index integer]

    Example
    clusterA::> vserver object-store-server bucket policy add-statement -bucket test-bucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts -principal - -resource test-bucket, test-bucket /*

  2. Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:
    snapmirror policy create -vserver svm_name -policy policy_name -type continuous [-rpo integer] [-throttle throttle_type] [-comment text] [additional_options]

    Parameters:
    * type continuous – the only policy type for SnapMirror S3 relationships (required).
    * -rpo – specifies the time for recovery point objective, in seconds (optional).
    * -throttle – specifies the upper limit on throughput/bandwidth, in kilobytes/seconds (optional).

    Example
    clusterA::> snapmirror policy create -vserver vs0 -type continuous -rpo 0 -policy test-policy

  3. If the target is a StorageGRID system, install the StorageGRID CA certificate on the admin SVM of the source cluster:
    security certificate install -type server-ca -vserver src_admin_svm -cert-name storage_grid_server_certificate

    See the security certificate install man page for details.

  4. Define the SnapMirror S3 destination object store:
    snapmirror object-store config create -vserver svm_name -object-store-name target_store_name -usage data -provider-type {AWS_S3|SGWS} -server target_FQDN -container-name remote_bucket_name -is-ssl-enabled true -port port_number -access-key target_access_key -secret-password target_secret_key

    Parameters:
    * -object-store-name – the name of the object store target on the local ONTAP system.
    * -usage – use data for this workflow.
    * -provider-typeAWS_S3 and SGWS (StorageGRID) targets are supported.
    * -server – the target server’s FQDN or IP address.
    * -is-ssl-enabled –enabling SSL is optional but recommended.

    See the snapmirror object-store config create man page for details.

    Example
    src_cluster::> snapmirror object-store config create -vserver vs0 -object-store-name sgws-store -usage data -provider-type SGWS -server sgws.example.com -container-name target-test-bucket -is-ssl-enabled true -port 443 -access-key abc123 -secret-password xyz890

  5. Create an SnapMirror S3 relationship:
    snapmirror create -source-path svm_name:/bucket/bucket_name -destination-path object_store_name:/objstore -policy policy_name

    Parameters:
    * -destination-path - the object store name you created in the previous step and the fixed value objstore.

    You can use a policy you created or accept the default.

    Example
    src_cluster::> snapmirror create -source-path vs0:/bucket/buck-evp -destination-path sgws-store:/objstore -policy test-policy

  6. Verify that mirroring is active:
    snapmirror show -policy-type continuous -fields status