The prerequisites for Data ONTAP (both clustered Data ONTAP and Data ONTAP operating in 7-Mode) are:
- The driver requires a storage controller running Data ONTAP 8.1.1 or later.
The storage system should have the following licenses applied:
- Base
- NFS (if the NFS storage protocol is to be used)
- iSCSI (if the iSCSI storage protocol is to be used)
- FCP (if the Fibre Channel protocol is to be used)
- FlexClone
- MultiStore (if vFiler units are used with Data ONTAP operating in 7-Mode)
- Ensure the appropriate licenses (as described previously) are enabled on the storage system for the desired use case.
- The SVM must be created (and associated with aggregates) before it can be utilized as a provisioning target for Cinder.
- FlexVol volumes must be created before the integration with Cinder is configured, as there is a many-to-one relationship between Cinder volumes and FlexVol volumes (see the section called “Theory of Operation & Deployment Choices” for more information).
- Regardless of the storage protocol used, data LIFs must be created and assigned to SVMs before configuring Cinder.
If NFS is used as the storage protocol:
- Be sure to enable the NFS service on the SVM.
- Be sure to enable the desired version of the NFS protocol (e.g.
v4.0, v4.1-pnfs
) on the SVM. - Be sure to define junction paths from the FlexVol volumes and refer to them in the file referenced by the
nfs_shares_config
configuration option incinder.conf
.
If iSCSI is used as the storage protocol:
- Be sure to enable the iSCSI service on the SVM.
- Be sure to set iSCSI as the data protocol on the data LIF.
- Note that iSCSI LUNs will be created by Cinder; therefore, it is not necessary to create LUNs or igroups before configuring Cinder.
If Fibre Channel is used as the storage protocol:
- Be sure to enable the FCP service on the SVM.
- Be sure to set FCP as the data protocol on the data LIF.
- Note that Fibre Channel LUNs will be created by Cinder; therefore, it is not necessary to create LUNs or igroups before configuring Cinder.
- Once FlexVol volumes have been created, be sure to configure the desired features (e.g. deduplication, compression, SnapMirror® relationships, etc) before configuring Cinder. While Cinder will periodically poll Data ONTAP to discover changes in configuration and/or features, there is a delay in time between when changes are performed and when they are reflected within Cinder.
- NetApp does not recommend using the autogrow capability for Data ONTAP FlexVol volumes within a Cinder deployment. A FlexVol only reports its current size, so the Cinder scheduler is never made aware of the autogrow limit that may or may not be enabled for the FlexVol.
The NetApp unified driver talks to ONTAP via ONTAP API and HTTP(S). At a minumum, the ONTAP SVM administrator (vsadmin) role is required. The cinder driver requires cluster level rights to support scheduling based on some of the more advanced features. Such rights cannot be granted to even the SVM administrators. The following limitations apply when using a SVM admin role:
cinder volume type extra specs which cannot be used, for further details, see the section called “API Overview” and the section called “Theory of Operation & Deployment Choices”
- QoS support will be disabled and hence QOS specs cannot be used when creating volumes (QoS_support)
- Disk types considerations will not be possible when creating volumes (netapp_disk_type)
- Space Efficieny will not be considered when creating volumes (netapp_dedup, netapp_compression)
- Headroom considerations cannot be made when creating volumes, effectively, goodness and filter functions are disabled. (filter_function, goodness_function)
- Disk protection leves will not be considered when creating volume (netapp_raid_type)
Creating least privileged role for a Cluster-Scoped Account.
Create role with appropriate command directory permissions for cinder
Assign the following persmissions which are exclusive of DR, replication, and protocols, each of which will be added next.
security login role create -role cl-limited -cmddirname vserver -access readonly security login role create -role cl-limited -cmddirname "system node" -access readonly security login role create -role cl-limited -cmddirname security -access readonly security login role create -role cl-limited -cmddirname "security login role" -access readonly security login role create -role cl-limited -cmddirname statistics -access readonly security login role create -role cl-limited -cmddirname "statistics catalog counter" -access readonly security login role create -role cl-limited -cmddirname "statistics catalog instance" -access readonly security login role create -role cl-limited -cmddirname "statistics catalog" -access readonly security login role create -role cl-limited -cmddirname "storage disk" -access readonly security login role create -role cl-limited -cmddirname "storage aggregate" -access readonly security login role create -role cl-limited -cmddirname "network interface" -access readonly security login role create -role cl-limited -cmddirname "volume efficiency" -access all security login role create -role cl-limited -cmddirname "qos policy-group" -access all security login role create -role cl-limited -cmddirname version -access all security login role create -role cl-limited -cmddirname event -access all security login role create -role cl-limited -cmddirname "volume file clone" -access readonly security login role create -role cl-limited -cmddirname "volume file clone split" -access readonly security login role create -role cl-limited -cmddirname "volume snapshot" -access all
Assign the following permissions if NetApp cinder driver is to support NFS
security login role create -role cl-limited -cmddirname "volume file" -access all
Assign the following permissions if NetApp cinder driver is to support iSCSI and or FC
security login role create -role cl-limited -cmddirname "lun" -access all security login role create -role cl-limited -cmddirname "lun mapping" -access all security login role create -role cl-limited -cmddirname "lun igroup" -access all
Assign the following permissions if NetApp cinder driver is to support iSCSI
security login role create -role cl-limited -cmddirname "vserver iscsi interface" -access all security login role create -role cl-limited -cmddirname "vserver iscsi security" -access all security login role create -role cl-limited -cmddirname "vserver iscsi" -access readonly
Assign the following permissions if NetApp cinder driver is to support FC
security login role create -role cl-limited -cmddirname "vserver fcp portname" -access all security login role create -role cl-limited -cmddirname "vserver fcp interface" -access readonly security login role create -role cl-limited -cmddirname "vserver fcp" -access readonly
Assign the following permissions if NetApp cinder driver is to support replication but not cheesecake DR
security login role create -role cl-limited -cmddirname snapmirror -access readonly security login role create -role cl-limited -cmddirname volume -access readonly
Assign the following permissions if NetApp cinder driver is to support replication along with cheesecake DR
security login role create -role cl-limited -cmddirname "cluster peer" -access all security login role create -role cl-limited -cmddirname "cluster peer policy" -access all security login role create -role cl-limited -cmddirname "vserver peer" -access all security login role create -role cl-limited -cmddirname snapmirror -access all security login role create -role cl-limited -cmddirname volume -access all
Command to create user with appropriate role for api access
security login create -user-or-group-name openstack –application ontapi -authentication-method password –role cl-limited
Command to create user with appropriate role for ssh access, ssh access is required for iSCSI CHAP authentication. Access via ssh is optional otherwise.
security login create -user-or-group-name openstack –application ssh -authentication-method password –role cl-limited
- Ensure there is segmented network connectivity between the hypervisor nodes and the Data LIF interfaces from Data ONTAP.
- When NFS is used as the storage protocol with Cinder, the node running the cinder-volume process will attempt to mount the NFS shares listed in the file referred to within the
nfs_shares_config
configuration option incinder.conf
. Ensure that there is appropriate network connectivity between the cinder-volume node and the Data LIF interfaces, as well as the cluster/SVM management interfaces.