storage aggregate object-store config create
Define the configuration for an object store
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The storage aggregate object-store config create command is used by a cluster administrator to tell Data ONTAP how to connect to an object store. Following pre-requisites must be met before creating an object store configuration in Data ONTAP.
A valid data bucket or container must be created with the object store provider. This assumes that the user has valid account credentials with the object store provider to access the data bucket.
The Data ONTAP node must be able to connect to the object store. This includes
Fast, reliable connectivity to the object store.
An inter-cluster LIF (Logical Interface) must be configured on the cluster. Data ONTAP will verify connectivity prior to saving this configuration information.
If SSL/TLS authentication is required, then valid certificates must be installed.
FabricPool license (required for Amazon S3 and Azure object stores).
Parameters
- -object-store-name <text> - Object Store Configuration Name
- This parameter specifies the name that will be used to identify the object store configuration. The name can contain the following characters: "_", "-", A-Z, a-z, and 0-9. The first character must be one of the following: "_", A-Z, or a-z.
- -provider-type <providerType> - Type of the Object Store Provider
- This parameter specifies the type of object store provider that will be attached to the aggregate. Valid options are: AWS_S3 (Amazon S3 storage), SGWS (StorageGrid WebScale) and Azure_Cloud (Microsoft Azure Cloud).
- -server <Remote InetAddress> - Fully Qualified Domain Name of the Object Store Server
- This parameter specifies the Fully Qualified Domain Name (FQDN) of the remote object store server. For Amazon S3, server name must be an AWS regional endpoint in the format s3.amazonaws.com or s3-<region>.amazonaws.com, for example, s3-us-west-2.amazonaws.com. The region of the server and the bucket must match. For more information on AWS regions, refer to 'Amazon documentation on AWS regions and endpoints'. For Azure, if the -server is a "blob.core.windows.net" or a "blob.core.usgovcloudapi.net", then a value of -azure-account followed by a period will be added in front of the server.
- [-is-ssl-enabled {true|false}] - Is SSL/TLS Enabled
- This parameter indicates whether a secured SSL/TLS connection will be used during data access to the object store. The default value is true.
- [-port <integer>] - Port Number of the Object Store
- This parameter specifies the port number on the remote server that Data ONTAP will use while establishing connection to the object store.
- -container-name <text> - Data Bucket/Container Name Used in S3 Requests
- This parameter specifies the data bucket or container that Data ONTAP should read and write to.
- { [-access-key <text>] - Access Key ID for AWS_S3 and SGWS Provider Types
- This parameter specifies the access key (access key ID) required to authorize requests to the AWS S3 and SGWS object stores. For an Azure object store see -azure-account.
- [-secret-password <text>] - Secret Access Key for AWS_S3 and SGWS Provider Types
- This parameter specifies the password (secret access key) to authenticate requests to the AWS S3 and SGWS object stores. If the -access-key is specified but the -secret-password is not, then one will be asked to enter the -secret-password without echoing the input. For an Azure object store see -azure-private-key.
- | [-azure-account <text>] - Azure Account
- This parameter specifies the account required to authorize requests to the Azure object store. For other object store providers see access-key.
- [-ask-azure-private-key {true|false}] - Ask to Enter the Azure Access Key without Echoing
- If this parameter is true then one will be asked to enter -azure-private-key without echoing the input. Default value: true.
- [-azure-private-key <text>]} - Azure Access Key
- This parameter specifies the access key required to authenticate requests to the Azure object store. See also ask-azure-private-key. For other object store providers see -secret-password.
- [-ipspace <IPspace>] - IPspace to Use in Order to Reach the Object Store
- This optional parameter specifies the ipspace to use to connect to the object store. Default value: Default
- [-use-iam-role {true|false}] - Use IAM Role for AWS ONTAP Cloud
- This parameter specifies whether IAM credentials must be used for data access from AWS_S3 object store. This parameter is required only when setting up a AWS_S3 object store configuration in Data ONTAP. The IAM credentials required for setting up this configuration will obtained through Data ONTAP Cloud in AWS. This option is available only through ONTAPI.
- [-is-certificate-validation-enabled {true|false}] - Is SSL/TLS Certificate Validation Enabled
- This parameter indicates whether an SSL/TLS certificate of an object store server is validated whenever an SSL/TLS connection to an object store server is established. This parameter is only applicable when is-ssl-enabled is true. The default value is true. It is recommended to use the default value to make sure that Data ONTAP connects to a trusted object store server, otherwise identities of an object store server are not verified.
Examples
The following example creates a object store configuration in Data ONTAP:
cluster1::>storage aggregate object-store config create -object-store-name
my_aws_store -provider-type AWS_S3 -server s3.amazonaws.com
-container-name my-aws-bucket -access-key DXJRXHPXHYXA9X31X3JX
Give documentation feedback