OpenStack and Clustered Data ONTAP

security

NetApp Fabric-Attached Storage (FAS) devices are pretty great. They offer dual controller config for HA setups, CIFS and NFS including pNFS as well as iSCSI and FCoE and you can populate them with drives for up to 1PB storage with a flash pool for a nice fast cache. They also have the added benefit of being backed by NetApp who are a big contributor to OpenStack storage architectures so its a generally safe assumption that they will play nicely with Cinder, Glance, Swift and now Manila.

Because I mostly blog about problems, its worth noting this one:

The Clustered Data ONTAP GUI doesn’t appear to allow you to set owner and group on volumes when you create them – you have to do this through the CLI. Normally I expect to do most things at the command line but NetApp docs are quite explicit about doing everything at the GUI as commands to create things like volumes are complex, eg:

volume create -vserver vs0 -volume user_jdoe -aggregate aggr1 -state online -policy default_expolicy –user 165 –group 165 -group dev -junction-path /user/jdoe -size 250g -space-guarantee volume -percent-snapshot-space 20 -foreground false

Note the -user and -group parameters. These allow you to set ownership on the volume and therefore when OpenStack mounts, means you can lock it down to either the cinder or glance user.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s