Clustered DataOnTap - How to Add a NetApp C-Mode Storage Target Device and Configure Permissions

If you have installed the Storage Extension license, you can add NetApp C-Mode storage controllers as targets to your Operations Manager appliance. When you add these targets, Operations Manager can discover the disk arrays they manage, and perform actions to keep the storage environment in the optimal zone.

To add a NetApp C-Mode Storage Controller as a Target, provide the cluster management IP address, as shown below.

The Operations Manager appliance logs into the storage controller via an existing user account. You can use an account that has admin access to the OnTap application, and that uses the password authentication method, as follows:

security login create -role admin -username <User-Name> -application ontapi -authmethod password

The following image shows how to create such a user account in the NetApp user inteface.

 

Restricting Operations Manager Access Privileges

The Admin account gives Operations Manager full monitoring and execution privileges on the OnTap application. If you want to restrict these privileges, you can create a user role that accesses the Discovery and Monitoring and Execution command directories of the Data ONTAP API (ontapi). Note that the account that uses this role must authenticate via the password authentication method.

Specify Discovery and Monitoring for the Role

For read-only privileges, execute the following commands for the given role, where <Role-Name> is the name of the role you're creating, and <Cluster-Name> identifies the cluster you want the role to affect. Note that you execute these commands individually to set privileges that affect each individual cluster.

security login role create -role <Role-Name> -access readonly -cmddirname DEFAULT

 

Specify Execution for the Role

For execution privileges, execute the following commands for the given role, where <Role-Name> is the name of the role you're creating, and <Cluster-Name> identifies the cluster you want the role to affect. Note that you execute these commands individually to set privileges that affect each individual cluster.

security login role create -role <Role-Name> -access all -cmddirname "volume offline" -vserver <Cluster-Name>

security login role create -role  <Role-Name> -access all -cmddirname "volume unmount" -vserver <Cluster-Name>

security login role create -role <Role-Name> -access all -cmddirname "volume move" -vserver <Cluster-Name>

security login role create -role <Role-Name> -access all -cmddirname "volume delete" -vserver <Cluster-Name>

 

Create a User Account with the Role

Now you can create a User based on the role you created, where <Role-Name> is that role, and <User-Name> is the user name you provide. This will provide read-only (Write access to the volume if the Execution cmddirname are specified as in the above section) access to the ssh and ontapi applications.

security login create -role <Role-Name> -username <User-Name> -application ontapi -authmethod password

security login create -role <Role-Name> -username <User-Name> -application ssh -authmethod password

 

NOTE: If the user has 'read-only' access to the cluster for just the 'ontapi' application, the Storage Amount capacity of the Storage Controller is calculated as the (total disk space) - (max value min_spare_count which is 4)

To get the right value for the min_spare_count with read-only access, the user must have a role with read-only access to both the 'ontapi' and 'ssh' application

Have more questions? Submit a request

Comments