Data ONTAP Configuration

 Data ONTAP Prerequisites

The prerequisites for Data ONTAP (both clustered Data ONTAP and Data ONTAP operating in 7-Mode) are:

  • The driver requires a storage controller running Data ONTAP 8.1.1 or later.
  • The storage system should have the following licenses applied:

    • Base
    • NFS (if the NFS storage protocol is to be used)
    • iSCSI (if the iSCSI storage protocol is to be used)
    • FCP (if the Fibre Channel protocol is to be used)
    • FlexClone
    • MultiStore (if vFiler units are used with Data ONTAP operating in 7-Mode)

 Storage Virtual Machine Considerations

  1. Ensure the appropriate licenses (as described previously) are enabled on the storage system for the desired use case.
  2. The SVM must be created (and associated with aggregates) before it can be utilized as a provisioning target for Cinder.
  3. FlexVol volumes must be created before the integration with Cinder is configured, as there is a many-to-one relationship between Cinder volumes and FlexVol volumes (see the section called “Theory of Operation & Deployment Choices” for more information).
  4. Regardless of the storage protocol used, data LIFs must be created and assigned to SVMs before configuring Cinder.
  5. If NFS is used as the storage protocol:

    1. Be sure to enable the NFS service on the SVM.
    2. Be sure to enable the desired version of the NFS protocol (e.g. v4.0, v4.1-pnfs) on the SVM.
    3. Be sure to define junction paths from the FlexVol volumes and refer to them in the file referenced by the nfs_shares_config configuration option in cinder.conf.
  6. If iSCSI is used as the storage protocol:

    1. Be sure to enable the iSCSI service on the SVM.
    2. Be sure to set iSCSI as the data protocol on the data LIF.
    3. Note that iSCSI LUNs will be created by Cinder; therefore, it is not necessary to create LUNs or igroups before configuring Cinder.
  7. If Fibre Channel is used as the storage protocol:

    1. Be sure to enable the FCP service on the SVM.
    2. Be sure to set FCP as the data protocol on the data LIF.
    3. Note that Fibre Channel LUNs will be created by Cinder; therefore, it is not necessary to create LUNs or igroups before configuring Cinder.
  8. Once FlexVol volumes have been created, be sure to configure the desired features (e.g. deduplication, compression, SnapMirror® relationships, etc) before configuring Cinder. While Cinder will periodically poll Data ONTAP to discover changes in configuration and/or features, there is a delay in time between when changes are performed and when they are reflected within Cinder.
  9. NetApp recommends that the autogrow capability for FlexVol volumes within Data ONTAP not be used with a Cinder deployment.

 Account Permission Considerations

When configuring the NetApp unified driver to interact with a clustered Data ONTAP instance, you must specify the administrative account to use when operations are invoked by the Cinder driver. While an account with cluster-level administrative permissions is normally utilized, it is possible to use a Cluster-wide scoped account with the appropriate privileges. In order to use an Cluster-scoped account with the Cinder driver and clustered Data ONTAP and have access to the full set of features (including Cinder Volume Type Extra Specs support) availed by the Cinder driver, be sure to add the access levels for the commands shown in Table 4.15, “Common Access Level Permissions Required with Cluster Account”, Table 4.16, “Access Level Permissions Required For Extra Specs Support with SVM Administrative Account”, Table 4.17, “Access Level Permissions Required For iSCSI Support with SVM Administrative Account”, and Table 4.19, “Access Level Permissions Required For NFS Support with SVM Administrative Account”.

Table 4.15. Common Access Level Permissions Required with Cluster Account
Command Access Level
vserver readonly
event all
security readonly
Table 4.16. Access Level Permissions Required For Extra Specs Support with SVM Administrative Account
Command Access Level
snapmirror readonly
storage aggregate readonly
storage disk readonly
volume readonly
volume efficiency readonly
Table 4.17. Access Level Permissions Required For iSCSI Support with SVM Administrative Account
Command Access Level
lun create all
lun delete all
lun resize all
lun readonly
lun map all
lun unmap all
lun mapped readonly
lun igroup modify all
lun igroup add all
lun igroup create all
lun igroup readonly
network interface readonly
vserver iscsi readonly
vserver iscsi interface readonly
version all
volume readonly
volume file clone create all
Table 4.18. Access Level Permissions Required For Fibre Channel Support with SVM Administrative Account
Command Access Level
fcp initiator show readonly
fcp portname show readonly
lun create all
lun delete all
lun resize all
lun readonly
lun map all
lun unmap all
lun mapped readonly
lun igroup modify all
lun igroup add all
lun igroup create all
lun igroup readonly
vserver fcp readonly
vserver fcp interface readonly
version all
volume readonly
volume file clone create all
Table 4.19. Access Level Permissions Required For NFS Support with SVM Administrative Account
Command Access Level
network interface readonly
version all
volume readonly
volume file clone create all
volume file modify all
volume file show-disk-usage readonly

Creating Role for Cluster-Scoped Account.  To create a role with the necessary privilege’s required, with access via ONTAP API only, use the following command syntax to create the role and the cDOT ONTAP user:

  1. Create role with appropriate command directory permissions (note you will need to execute this command for each of the required access levels as described in the earlier tables).

    security login role create –role openstack –cmddirname [required command from earlier tables] -access [Required Access Level]
                            
  2. Command to create user with appropriate role

    security login create –username openstack –application ontapi –authmethod password –role openstack
                            

Creating Role for SVM-Scoped Account.  To create a role with the necessary privileges required, with access via ONTAP API only, use the following command syntax to create the role and the cDOT ONTAP user:

  1. Create role with appropriate command directory permissions (note you will need to execute this command for each of the required access levels as described in the earlier tables).

    security login role create –role openstack -vserver [vserver_name] –cmddirname [required command from earlier tables] -access [Required Access Level]
                            
  2. Command to create user with appropriate role

    security login create –username openstack –application ontapi –authmethod password –role openstack -vserver [vserver_name]
                            

[Tip]Tip

For more information on how to grant these access level permissions to a role, and then assign the role to an SVM administrative account, please refer to the System Administration Guide for Cluster Administrators document in the Clustered DATA ONTAP documentation.

 Storage Networking Considerations

  1. Ensure there is segmented network connectivity between the hypervisor nodes and the Data LIF interfaces from Data ONTAP.
  2. When NFS is used as the storage protocol with Cinder, the node running the cinder-volume process will attempt to mount the NFS shares listed in the file referred to within the nfs_shares_config configuration option in cinder.conf. Ensure that there is appropriate network connectivity between the cinder-volume node and the Data LIF interfaces, as well as the cluster/SVM management interfaces.



loading table of contents...