Skip to main content

Create a backup relationship for a new bucket (cloud target)

Contributors netapp-forry netapp-barbe netapp-lenida netapp-manini netapp-ahibbard netapp-aherbin
PDFs

When you create new S3 buckets, you can back them up immediately to an SnapMirror S3 target bucket on an object store provider, which can be a StorageGRID system or an Amazon S3 deployment.

Before you begin

  • You have valid account credentials and configuration information for the object store provider.

  • Intercluster network interfaces and an IPspace have been configured on the source system.

  • • The DNS configuration for the source storage VM must be able to resolve the target’s FQDN.

System Manager

  1. Edit the storage VM to add users, and to add users to groups:

    1. Click Storage > storage VMs, click the storage VM, click Settings and then click Edit icon under S3.

      See Add S3 users and groups for more information.

  2. Add a Cloud Object Store on the source system:

    1. Click Protection > Overview, then select Cloud Object Stores.

    2. Click Add, then select Amazon S3 or StorageGRID.

    3. Enter the following values:

      • Cloud object store name

      • URL style (path or virtual-hosted)

      • storage VM (enabled for S3)

      • Object store server name (FQDN)

      • Object store certificate

      • Access key

      • Secret key

      • Container (bucket) name

  3. Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:

    1. Click Protection > Overview, and then click Local Policy Settings.

    2. Click Arrow icon next to Protection Policies, then click Add.

      • Enter the policy name and description.

      • Select the policy scope, cluster or SVM

      • Select Continuous for SnapMirror S3 relationships.

      • Enter your Throttle and Recovery Point Objective values.

  4. Create a bucket with SnapMirror protection:

    1. Click Storage > Buckets, then click Add.

    2. Enter a name, select the storage VM, enter a size, then click More Options.

    3. Under Permissions, click Add. Verifying permissions is optional but recommended.

      • Principal and Effect - select values corresponding to your user group settings or accept the defaults.

      • Actions - make sure the following values are shown:

        `GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts`

      • Resources - use the defaults _(bucketname, bucketname/*) or other values you need.

        See Manage user access to buckets for more information about these fields.

    4. Under Protection, check Enable SnapMirror (ONTAP or Cloud), select Cloud Storage, then select the Cloud Object Store.

When you click Save, a new bucket is created in the source storage VM, and it is backed up to the cloud object store.

CLI

  1. If this is the first SnapMirror S3 relationship for this SVM, verify that root user keys exist for both source and destination SVMs and regenerate them if they do not:
    vserver object-store-server user show

    Confirm that there is an access key for the root user. If there is not, enter:
    vserver object-store-server user regenerate-keys -vserver svm_name -user root

    Do not regenerate the key if one already exists.

  2. Create a bucket in the source SVM:
    vserver object-store-server bucket create -vserver svm_name -bucket bucket_name [-size integer[KB|MB|GB|TB|PB]] [-comment text] [additional_options]

  3. Add access rules to the default bucket policy:
    vserver object-store-server bucket policy add-statement -vserver svm_name -bucket bucket_name -effect {allow|deny} -action object_store_actions -principal user_and_group_names -resource object_store_resources [-sid text] [-index integer]

    Example
    clusterA::> vserver object-store-server bucket policy add-statement -bucket test-bucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts -principal - -resource test-bucket, test-bucket /*

  4. Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:
    snapmirror policy create -vserver svm_name -policy policy_name -type continuous [-rpo integer] [-throttle throttle_type] [-comment text] [additional_options]

    Parameters:
    * type continuous – the only policy type for SnapMirror S3 relationships (required).
    * -rpo – specifies the time for recovery point objective, in seconds (optional).
    * -throttle – specifies the upper limit on throughput/bandwidth, in kilobytes/seconds (optional).

    Example
    clusterA::> snapmirror policy create -vserver vs0 -type continuous -rpo 0 -policy test-policy

  5. If the target is a StorageGRID system, install the StorageGRID CA server certificate on the admin SVM of the source cluster:
    security certificate install -type server-ca -vserver src_admin_svm -cert-name storage_grid_server_certificate

    See the security certificate install man page for details.

  6. Define the SnapMirror S3 destination object store:
    snapmirror object-store config create -vserver svm_name -object-store-name target_store_name -usage data -provider-type {AWS_S3|SGWS} -server target_FQDN -container-name remote_bucket_name -is-ssl-enabled true -port port_number -access-key target_access_key -secret-password target_secret_key

    Parameters:
    * -object-store-name – the name of the object store target on the local ONTAP system.
    * -usage – use data for this workflow.
    * -provider-typeAWS_S3 and SGWS (StorageGRID) targets are supported.
    * -server – the target server’s FQDN or IP address.
    * -is-ssl-enabled –enabling SSL is optional but recommended.

    See the snapmirror object-store config create man page for details.

    Example
    src_cluster::> snapmirror object-store config create -vserver vs0 -object-store-name sgws-store -usage data -provider-type SGWS -server sgws.example.com -container-name target-test-bucket -is-ssl-enabled true -port 443 -access-key abc123 -secret-password xyz890

  7. Create an SnapMirror S3 relationship:
    snapmirror create -source-path svm_name:/bucket/bucket_name -destination-path object_store_name:/objstore -policy policy_name

    Parameters:
    * -destination-path - the object store name you created in the previous step and the fixed value objstore.

    You can use a policy you created or accept the default.

    Example
    src_cluster::> snapmirror create -source-path vs0:/bucket/test-bucket -destination-path sgws-store:/objstore -policy test-policy

  8. Verify that mirroring is active:
    snapmirror show -policy-type continuous -fields status