Create a backup relationship for an existing bucket (cloud target)

Contributors

You can begin backing up existing S3 buckets at any time; for example, if you upgraded an S3 configuration from a release earlier than ONTAP 9.10.1.

What you’ll need
  • You have valid account credentials and configuration information for the object store provider.

  • Intercluster network interfaces and an IPspace have been configured on the source system.

  • The DNS configuration for the source storage VM must be able to resolve the target’s FQDN.

System Manager procedure

  1. Verify that the users and groups are correctly defined:
    Click Storage > storage VMs, click the storage VM, click Settings and then click edit icon under S3.

    See Add S3 users and groups for more information.

  2. Create an S3 SnapMirror policy if you don’t have an existing one and you don’t want to use the default policy:

    1. Click Protection > Overview, and then click Local Policy Settings.

    2. Click right arrow next to Protection Policies, then click Add.

    3. Enter the policy name and description.

    4. Select the policy scope, cluster or SVM

    5. Select Continuous for S3 SnapMirror relationships.

    6. Enter your Throttle and Recovery Point Objective values.

  3. Add a Cloud Object Store on the source system:

    1. Click Protection > Overview, then select Cloud Object Store.

    2. Click Add, then select Amazon S3 or Others for StorageGRID Webscale.

    3. Enter the following values:

      • Cloud object store name

      • URL style (path or virtual-hosted)

      • storage VM (enabled for S3)

      • Object store server name (FQDN)

      • Object store certificate

      • Access key

      • Secret key

      • Container (bucket) name

  4. Verify that the bucket access policy of the existing bucket still meets your needs:

    1. Click Storage > Buckets and then select the bucket you want to protect.

    2. In the Permissions tab, click edit icon Edit, then click Add under Permissions.

      • Principal and Effect - select values corresponding to your user group settings or accept the defaults.

      • Actions - make sure the following values are shown: GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts

      • Resources - use the defaults (bucketname, bucketname/*) or other values you need.

        See Manage user access to buckets for more information about these fields.

  5. Back up the bucket using S3 SnapMirror:

    1. Click Storage > Buckets and then select the bucket you want to back up.

    2. Click Protect, select Cloud Storage under Target, then select the Cloud Object Store.

When you click Save, the existing bucket is backed up to the cloud object store.

CLI procedure

  1. Verify that the access rules in the default bucket policy are correct:
    vserver object-store-server bucket policy add-statement -vserver svm_name -bucket bucket_name -effect {allow|deny} -action object_store_actions -principal user_and_group_names -resource object_store_resources [-sid text] [-index integer]

    Example
    clusterA::> vserver object-store-server bucket policy add-statement -bucket test-bucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts -principal - -resource test-bucket, test-bucket /*
  2. Create an S3 SnapMirror policy if you don’t have an existing one and you don’t want to use the default policy:
    snapmirror policy create -vserver svm_name -policy policy_name -type continuous [-rpo integer] [-throttle throttle_type] [-comment text] [additional_options]

    Parameters:

    • type continuous – the only policy type for S3 SnapMirror relationships (required).

    • -rpo – specifies the time for recovery point objective, in seconds (optional).

    • -throttle – specifies the upper limit on throughput/bandwidth, in kilobytes/seconds (optional).

      Example
      clusterA::> snapmirror policy create -vserver vs0 -type continuous -rpo 0 -policy test-policy
  3. If the target is a StorageGRID system, install the StorageGRID CA server certificate on the admin SVM of the source cluster:
    security certificate install -type server-ca -vserver src_admin_svm -cert-name storage_grid_server_certificate

    See the security certificate install man page for details.

  4. Define the S3 SnapMirror destination object store:
    snapmirror object-store config create -source-path -vserver svm_name -object-store-name target_store_name -usage data -provider-type {AWS_S3|SGWS} -server target_FQDN -container-name remote_bucket_name -is-ssl-enabled true -port target_FQDN -access-key target_access_key -secret-password target_secret_key

    Example
    src_cluster::> snapmirror object-store config create -vserver vs0 -object-store-name sgws-store -usage data -provider-type SGWS -server sgws.example.com -container-name target-test-bucket -is-ssl-enabled true -port 443 -access-key abc123 -secret-password xyz890
  5. Create an S3 SnapMirror relationship:
    snapmirror create -source-path svm_name:/bucket/bucket_name -destination-path object_store_name:/objstore -policy policy_name

    -destination-path – the object store name you created in the previous step and the fixe value objstore.

    You can use a policy you created or accept the default.

    Example
    src_cluster::> snapmirror create -source-path vs0:/bucket/buck-evp -destination-path sgws-store:/objstore -policy test-policy
  6. Verify that mirroring is active:
    snapmirror show -policy-type continuous -fields status