ONTAP 9 Manuals ( CA08871-402 )

Create an SVM for S3

Although S3 can coexist with other protocols in an SVM, you might want to create a new SVM to isolate the namespace and workload.

About this task

If you are only providing S3 object storage from an SVM, the S3 server does not require any DNS configuration. However, you might want to configure DNS on the SVM if other protocols are used.

When you configure S3 access to a new storage VM using ONTAP System Manager, you are prompted to enter certificate and networking information, and the storage VM and S3 object storage server are created in a single operation.

ONTAP System Manager

You should be prepared to enter the S3 server name as a Fully Qualified Domain Name (FQDN), which clients will use for S3 access. The S3 server FQDN must not begin with a bucket name.

You should be prepared to enter IP addresses for interface role Data.

If you are using an external-CA signed certificate, you will be prompted to enter it during this procedure; you also have the option to use a system-generated certificate.

  1. Enable S3 on a storage VM.

    1. Add a new storage VM: Click Storage > Storage VMs, then click Add.

      If this is a new system with no existing storage VMs: Click Dashboard > Configure Protocols.

      If you are adding an S3 server to an existing storage VM: Click Storage > Storage VMs, select a storage VM, click Settings, and then click settings icon under S3.

    2. Click Enable S3, then enter the S3 Server Name.

    3. Select the certificate type.

      Whether you select system-generated certificate or one of your own, it will be required for client access.

    4. Enter the network interfaces.

  2. If you selected the system-generated certificate, you see the certificate information when the new storage VM creation is confirmed. Click Download and save it for client access.

    • The secret key will not be displayed again.

    • If you need the certificate information again: Click Storage > Storage VMs, select the storage VM, and click Settings.

CLI
  1. Verify that S3 is licensed on your cluster:

    system license show -package s3

    If it is not, contact your sales representative.

  2. Create an SVM:

    vserver create -vserver <svm_name> -subtype default -rootvolume <root_volume_name> -aggregate <aggregate_name> -rootvolume-security-style unix -language C.UTF-8 -data-services <data-s3-server> -ipspace <ipspace_name>
    • Use the UNIX setting for the -rootvolume-security-style option.

    • Use the default C.UTF-8 -language option.

    • The ipspace setting is optional.

  3. Verify the configuration and status of the newly created SVM:

    vserver show -vserver <svm_name>

    The Vserver Operational State field must display the running state. If it displays the initializing state, it means that some intermediate operation such as root volume creation failed, and you must delete the SVM and re-create it.

Examples

The following command creates an SVM for data access in the IPspace ipspaceA:

cluster-1::> vserver create -vserver svm1.example.com -rootvolume root_svm1 -aggregate aggr1 -rootvolume-security-style unix -language C.UTF-8 -data-services _data-s3-server_ -ipspace ipspaceA

[Job 2059] Job succeeded:
Vserver creation completed

The following command shows that an SVM was created with a root volume of 1 GB, and it was started automatically and is in running state. The root volume has a default export policy that does not include any rules, so the root volume is not exported upon creation. By default, the vsadmin user account is created and is in the locked state. The vsadmin role is assigned to the default vsadmin user account.

cluster-1::> vserver show -vserver svm1.example.com
                                    Vserver: svm1.example.com
                               Vserver Type: data
                            Vserver Subtype: default
                               Vserver UUID: b8375669-19b0-11e5-b9d1-00a0983d9736
                                Root Volume: root_svm1
                                  Aggregate: aggr1
                                 NIS Domain: -
                 Root Volume Security Style: unix
                                LDAP Client: -
               Default Volume Language Code: C.UTF-8
                            Snapshot Policy: default
                                    Comment:
                               Quota Policy: default
                List of Aggregates Assigned: -
 Limit on Maximum Number of Volumes allowed: unlimited
                        Vserver Admin State: running
                  Vserver Operational State: running
   Vserver Operational State Stopped Reason: -
                          Allowed Protocols: nfs, cifs
                       Disallowed Protocols: -
                           QoS Policy Group: -
                                Config Lock: false
                               IPspace Name: ipspaceA
Top of Page