Veritas Access Appliance Administrator's Guide
- Section I. Introducing Access Appliance
- Section II. Configuring Access Appliance
- Managing users
- Configuring the network
- Configuring authentication services
- Configuring user authentication using digital certificates or smart cards
- Section III. Managing Access Appliance storage
- Configuring storage
- Managing disks
- Access Appliance as an iSCSI target
- Configuring storage
- Section IV. Managing Access Appliance file access services
- Configuring the NFS server
- Setting up Kerberos authentication for NFS clients
- Using Access Appliance as a CIFS server
- About configuring CIFS for Active Directory (AD) domain mode
- About setting trusted domains
- About managing home directories
- About CIFS clustering modes
- About migrating CIFS shares and home directories
- About managing local users and groups
- Using Access Appliance as an Object Store server
- Configuring the NFS server
- Section V. Managing Access Appliance security
- Section VI. Monitoring and troubleshooting
- Configuring event notifications and audit logs
- About alert management
- Appliance log files
- Configuring event notifications and audit logs
- Section VII. Provisioning and managing Access Appliance file systems
- Creating and maintaining file systems
- Considerations for creating a file system
- About managing application I/O workloads using maximum IOPS settings
- Modifying a file system
- Managing a file system
- Creating and maintaining file systems
- Section VIII. Provisioning and managing Access Appliance shares
- Creating shares for applications
- Creating and maintaining NFS shares
- About the NFS shares
- Creating and maintaining CIFS shares
- About the CIFS shares
- About managing CIFS shares for Enterprise Vault
- Integrating Access Appliance with Data Insight
- Section IX. Managing Access Appliance storage services
- Configuring episodic replication
- Episodic replication job failover and failback
- Configuring continuous replication
- How Access Appliance continuous replication works
- Continuous replication failover and failback
- Using snapshots
- Using instant rollbacks
- Configuring episodic replication
- Section X. Reference
Configuring the Object Store server
This section describes how to configure the Object Store server.
To configure the Object Store server
- Log on to Access Appliance using the Access Appliance command-line interface.
- You can either use an existing pool or create a default storage pool (at least one) on the cluster.
You can see the list of existing pools using the storage pool list command.
You can create a new pool using the storage create pool command.
storage> pool create pool1 disk1,disk2,disk3,disk4
- Use the storage pool that was created in Step 2 as the default object access pool.
You need to set the default pool, as it is required for enabling the Object Store server.
objectaccess> set pools pool1
Note:
Based on your storage requirements, you can configure different types of storage pools by using the Object Store group commands.
- Verify the configured storage pool.
objectaccess> show
- Enable and start the Object Store server.
objectaccess> server enable
objectaccess> server start
- Configure the cluster using any authentication server (AD, LDAP, or NIS).
See the following manual pages for more information on configuring AD, LDAP, or NIS:
CLISH> network man ldap
CLISH> network man ad
CLISH> network man nis
- Create the access and secret keys for the authorized user, or any user in the authentication server.
You have two options for creating the access and the secret keys, either using the Access Appliance RESTful APIs or by using the Access Appliance helper script.
Create the access and secret keys using the Access Appliance RESTful APIs:
Before using the Access Appliance RESTful APIs, set the host name resolution for the host as shown in the objectaccess> show output against ADMIN_URL.
See the Access Appliance Object Access API Guide on the SORT site for accessing the Object Store server (S3) user management APIs.
After creating your access and secret key, you can create a bucket using the S3 API.
Create the access and the secret keys using the Access Appliance helper script:
Add the ADMIN_URL name in your /etc/hosts file.
Where the ADMIN_URL is admin.<cluster_name> and the port is 8144. This url should point to the Access Appliance management console IP address.
Location of the helper script:
/opt/VRTSnas/scripts/utils/objectaccess/objectaccess_client.py
The Access Appliance helper script can be used from any client system that has Python installed.
To run the script, your S3 client needs to have the argparse and requests Python modules.
If these modules are missing, install both these modules using pip or easy_install.
If the Object Store server is enabled without the SSL option, you need to add the --insecure option.
clus_01 ~# ./objectaccess_client.py --server admin.clus:8144 --username <uname> --create_key --insecure
Create the access and the secret key using the Access Appliance helper script by providing the username, password, and ADMIN_URL (check the online Help of the Access Appliance helper script for all of the provided operations like list key and delete key).
Create a secret key:
clus_01:~ # ./objectaccess_client.py --create_key --server admin.clus:8144 --username localuser1 --password root123 --insecure UserName : localuser1 AccessKeyId : Y2FkODU2NTU2MjVhYzV Status : Active SecretAccessKey : ODk0YzQxMDhkMmRjM2M5OTUzNjI5OWIzMDgyNzY
The <localuser1> is the local user created on both the Access Appliance cluster nodes with same unique ID.
List a secret key for the specified user:
clus_01:~ # ./objectaccess_client.py --list_key --server admin.clus:8144 --username localuser2 --password root123 --insecure
Delete a secret key for the specified user:
clus_01:~ # ./objectaccess_client.py --delete_key ZTkyNDdjZTViM2EyMWZ --server admin.clus:8144 --username localuser2 --password root123 --insecure
- Use the following objectaccess command to see all the existing access and secret keys in the Access Appliance cluster:
objectaccess> account user show
It is possible to change an already set parameter or set new parameters by specifying different options. For example, you can change the other Object Store server defaults, such as fs_type, fs_size, and other options.
After setting the defaults, you can verify whether the proper value is assigned or not.
objectaccess> set fs_type
mirrored mirrored-stripe simple striped striped-mirror
objectaccess> set fs_type simple ACCESS ObjectAccess INFO V-288-0 Set fs_type successful.
objectaccess> set fs_size 2G ACCESS ObjectAccess INFO V-288-0 Set operation successful.
objectaccess> show Name Value ============= ========================= Server Status Enabled Admin_URL http://endpoint1:8144 S3_URL http://dataendpoint:8143 admin_port 8144 s3_port 8143 ssl no max_s3_threads 8 pools pool_default fs_size 2g fs_type simple fs_blksize 8192 fs_pdirenable yes fs_encrypt off fs_worm yes retention_min 3600s retention_max 36000s
If you have multiple users, and you want to set different default values for different sets of users, you can use the group option.
You can also use the group option to use the existing file systems for bucket creation instead of creating a new file system for every bucket. If you set the group fs_sharing option to yes, and if any request for bucket creation comes from a user who is part of that group, then the S3 server searches for any existing file system created by the specific group user. If an existing file system is found, it uses the existing file system. Otherwise, it creates a new file system for the bucket.
To use the group option
- Create a group in the authentication server (AD/LDAP/NIS) and add the required users to that group.
- Set the group specific configuration for the group created in the authentication server.
- Set or unset the defaults per your requirements.
objectaccess> group set fs_type simple VRTS-grp ACCESS ObjectAccess INFO V-288-0 Group set fs-type successful.
objectaccess> group set pool VRTS-grp pool1 ACCESS ObjectAccess INFO V-288-0 Success.
objectaccess> group show Group Name Fs Sharing Fs Size Fs Type Pool(s) =========== =========== ======== ======== ======== VRTS-grp - - simple pool1
objectaccess> group show Group Name Fs Sharing Fs Size Fs Type Pool(s) =========== =========== ======== ======== ======== VRTS-grp - - - pool1