The prerequisites for Data ONTAP (both clustered Data ONTAP and Data ONTAP operating in 7-Mode) are:
- The driver requires a storage controller running Data ONTAP 8.1.1 or later.
The storage system should have the following licenses applied:
- Base
- NFS (if the NFS storage protocol is to be used)
- iSCSI (if the iSCSI storage protocol is to be used)
- FCP (if the Fibre Channel protocol is to be used)
- FlexClone
- MultiStore (if vFiler units are used with Data ONTAP operating in 7-Mode)
- Ensure the appropriate licenses (as described previously) are enabled on the storage system for the desired use case.
- The SVM must be created (and associated with aggregates) before it can be utilized as a provisioning target for Cinder.
- FlexVol volumes must be created before the integration with Cinder is configured, as there is a many-to-one relationship between Cinder volumes and FlexVol volumes (see the section called “Theory of Operation & Deployment Choices” for more information).
- Regardless of the storage protocol used, data LIFs must be created and assigned to SVMs before configuring Cinder.
If NFS is used as the storage protocol:
- Be sure to enable the NFS service on the SVM.
- Be sure to enable the desired version of the NFS protocol (e.g.
v4.0, v4.1-pnfs) on the SVM. - Be sure to define junction paths from the FlexVol volumes and refer to them in the file referenced by the
nfs_shares_configconfiguration option incinder.conf.
If iSCSI is used as the storage protocol:
- Be sure to enable the iSCSI service on the SVM.
- Be sure to set iSCSI as the data protocol on the data LIF.
- Note that iSCSI LUNs will be created by Cinder; therefore, it is not necessary to create LUNs or igroups before configuring Cinder.
If Fibre Channel is used as the storage protocol:
- Be sure to enable the FCP service on the SVM.
- Be sure to set FCP as the data protocol on the data LIF.
- Note that Fibre Channel LUNs will be created by Cinder; therefore, it is not necessary to create LUNs or igroups before configuring Cinder.
- Once FlexVol volumes have been created, be sure to configure the desired features (e.g. deduplication, compression, SnapMirror® relationships, etc) before configuring Cinder. While Cinder will periodically poll Data ONTAP to discover changes in configuration and/or features, there is a delay in time between when changes are performed and when they are reflected within Cinder.
- NetApp recommends that the autogrow capability for FlexVol volumes within Data ONTAP not be used with a Cinder deployment.
When configuring the NetApp unified driver to interact with a clustered Data ONTAP instance, you must specify the administrative account to use when operations are invoked by the Cinder driver. While an account with cluster-level administrative permissions is normally utilized, it is possible to use a Cluster-wide scoped account with the appropriate privileges. In order to use an Cluster-scoped account with the Cinder driver and clustered Data ONTAP and have access to the full set of features (including Cinder Volume Type Extra Specs support) availed by the Cinder driver, be sure to add the access levels for the commands shown in Table 4.15, “Common Access Level Permissions Required with Cluster Account”, Table 4.16, “Access Level Permissions Required For Extra Specs Support with SVM Administrative Account”, Table 4.17, “Access Level Permissions Required For iSCSI Support with SVM Administrative Account”, and Table 4.19, “Access Level Permissions Required For NFS Support with SVM Administrative Account”.
| Command | Access Level |
vserver |
readonly |
event |
all |
security |
readonly |
| Command | Access Level |
snapmirror |
readonly |
storage aggregate |
readonly |
storage disk |
readonly |
volume |
readonly |
volume efficiency |
readonly |
| Command | Access Level |
lun create |
all |
lun delete |
all |
lun resize |
all |
lun |
readonly |
lun map |
all |
lun unmap |
all |
lun mapped |
readonly |
lun igroup modify |
all |
lun igroup add |
all |
lun igroup create |
all |
lun igroup |
readonly |
network interface |
readonly |
vserver iscsi |
readonly |
vserver iscsi interface |
readonly |
version |
all |
volume |
readonly |
volume file clone create |
all |
| Command | Access Level |
fcp initiator show |
readonly |
fcp portname show |
readonly |
lun create |
all |
lun delete |
all |
lun resize |
all |
lun |
readonly |
lun map |
all |
lun unmap |
all |
lun mapped |
readonly |
lun igroup modify |
all |
lun igroup add |
all |
lun igroup create |
all |
lun igroup |
readonly |
vserver fcp |
readonly |
vserver fcp interface |
readonly |
version |
all |
volume |
readonly |
volume file clone create |
all |
| Command | Access Level |
network interface |
readonly |
version |
all |
volume |
readonly |
volume file clone create |
all |
volume file modify |
all |
volume file show-disk-usage |
readonly |
Creating Role for Cluster-Scoped Account. To create a role with the necessary privilege’s required, with access via ONTAP API only, use the following command syntax to create the role and the cDOT ONTAP user:
Create role with appropriate command directory permissions (note you will need to execute this command for each of the required access levels as described in the earlier tables).
security login role create –role openstack –cmddirname
[required command from earlier tables]-access[Required Access Level]Command to create user with appropriate role
security login create –username openstack –application ontapi –authmethod password –role openstack
Creating Role for SVM-Scoped Account. To create a role with the necessary privileges required, with access via ONTAP API only, use the following command syntax to create the role and the cDOT ONTAP user:
Create role with appropriate command directory permissions (note you will need to execute this command for each of the required access levels as described in the earlier tables).
security login role create –role openstack -vserver
[vserver_name]–cmddirname[required command from earlier tables]-access[Required Access Level]Command to create user with appropriate role
security login create –username openstack –application ontapi –authmethod password –role openstack -vserver
[vserver_name]
![[Tip]](../common/images/admon/tip.png) | Tip |
|---|---|
For more information on how to grant these access level permissions to a role, and then assign the role to an SVM administrative account, please refer to the System Administration Guide for Cluster Administrators document in the Clustered DATA ONTAP documentation. |
- Ensure there is segmented network connectivity between the hypervisor nodes and the Data LIF interfaces from Data ONTAP.
- When NFS is used as the storage protocol with Cinder, the node running the cinder-volume process will attempt to mount the NFS shares listed in the file referred to within the
nfs_shares_configconfiguration option incinder.conf. Ensure that there is appropriate network connectivity between the cinder-volume node and the Data LIF interfaces, as well as the cluster/SVM management interfaces.
