The NetApp cookbook manages Clustered Data ONTAP clusters using the NetApp Manageability SDK. Both cluster-wide and Storage Virtual Machine (SVM, formerly known as Vservers) specific operations are supported.
The NetApp cookbook may also be used to manage the netapp_role
, netapp_volume
, and netapp_qtree
resources on Cloud ONTAP on Amazon Web Services.
You may download it from NetApp after you have created an account on NetApp NOW
-
Save the NetApp SDK to this NetApp cookbook in the "libraries" dir.
-
Update the NaServer.rb to specify the path of NaElement. Replace the line:
require NaElement
With -require File.dirname(__FILE__) + "/NaElement"
The ZAPI connection is made over HTTP or HTTPS, with a user account that exists on the NetApp storage cluster. If you specify an account that only has SVM administration privileges (rather than cluster administration privileges), some features of the NetApp cookbook will not work. The connection settings are managed by attributes in the cookbook but are also exposed in Common attributes for the NetApp resources.
['netapp']['url'] = 'https://root:[email protected]/svm01'
or
['netapp']['https'] boolean, default is 'true'.
['netapp']['user'] string
['netapp']['password'] string
['netapp']['fqdn'] string
['netapp']['vserver'] string
['netapp']['asup'] boolean, default is 'true'.
or Optional - Encrypted Data Bag
['netapp']['fqdn'] string
['netapp']['passwords']['secret_path'] string, Encrypted Data Bag key
['netapp']['secret_credentials'] string, Data bag item name. **Data Bag name must be _netapp_**
['netapp']['https'] boolean, default is 'true'.
['netapp']['vserver'] string
['netapp']['asup'] boolean, default is 'true'.
The ASUP option, if set to 'true', will cause a log message to be sent to the storage cluster. This log message will be included in ASUP bundles that are sent back to NetApp, if configured to do so on the system. If ASUP is not enabled on the system or on the attribute listed above, no log message will be sent to NetApp.
Support for direct Storage Virtual Machine (SVM) connections can be added by replacing the FQDN attribute with the SVM Management Interface (LIF) address. Otherwise, the node attribute vserver is used to pass-thru calls from the Cluster Management interface.
vserver is not a required attribute when connecting directly to the Storage Virtual Machine
In addition to those provided by Chef itself (ignore_failure
, retries
, retry_delay
, etc.), the connection attribute(s) are exposed all NetApp Resources even though they are typically set by attributes.
The :nothing
action is provided by Chef for all Resources for use with notifications and subscriptions.
Cluster management of user creation, modification and deletion.
This resource has the following actions:
:create
Default.:delete
Removes the user
This resource has the following attributes:
name
User name. Requiredpassword
Required for non-snmp usersapplication
Name of the application. Possible values: 'console', 'http', 'ontapi', 'rsh', 'snmp', 'sp', 'ssh', 'telnet'comment
role
Array of rolessnmpv3-login-info
SNMPv3 user login information for 'usm' authentication methodvserver
Name of vserverauthentication
Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'
netapp_user "clogeny" do
vserver "my-vserver"
role "admin"
application "ontapi"
authentication "password"
password "my-password1"
action :create
end
netapp_user "clogeny" do
vserver "my-vserver"
application "ontapi"
authentication "password"
action :delete
end
Cluster management of group creation, modification and deletion.
This resource has the following actions:
:create
Default.:delete
Removes the group
This resource has the following attributes:
name
string, name attribute. Requiredcomment
string.roles
Array of roles for this group.
netapp_group 'admins' do
comments 'keep the trains on time'
roles ['security']
action :create
end
netapp_group 'read-only' do
action :delete
end
Cluster management of role creation, modification and deletion.
The netapp_role
resource may be used to manage roles on Cloud ONTAP instances as well.
This resource has the following actions:
:create
Default.:delete
Removes the role
This resource has the following attributes:
name
Name attribute. Requiredsvm
Name of vserver. Requiredcommand_directory
The command or command directory to which the role has an access. Requiredaccess_level
Access level for the role. Possible values: 'none', 'readonly', 'all'. The default value is 'all'.return_record
If set to true, returns the security login role on successful creation. Default: falserole_query
Example: The command is 'volume show' and the query is '-volume vol1'
netapp_role 'security' do
svm 'my-vserver'
command_directory 'volume'
action :create
end
netapp_role 'superusers' do
svm 'my-vserver'
command_directory 'DEFAULT'
action :delete
end
Cluster management of NetApp features by license. See API docs for "license-v2".
This resource has the following action:
:enable
Default. Ensures the NetApp provides this feature.
This resource has the following attributes:
codes
Array, license code when adding a package. 24 or 48 uppercase alpha only characters.
netapp_feature 'iscsi' do
codes ['ABCDEFGHIJKLMNOPQRSTUVWX']
action :enable
end
Cluster-level management of a data Storage Virtual Machines (SVMs). SVM-level management is done through other resources. After the cluster setup, a cluster administrator must create data SVMs and add volumes to these SVMs to facilitate data access from the cluster. A cluster must have at least one data SVM to serve data to its clients.
This resource has the following actions:
:create
Default.:delete
Removes the svm
This resource has the following attributes:
name
name attribute. Required. SVM names can contain a period (.), a hyphen (-), or an underscore (_), but must not start with a hyphen, period, or number. The maximum number of characters allowed in SVM names is 47.nsswitch
Required.volume
Requiredaggregate
Required. Aggregate on which you want to create the root volume for the SVM. The default aggregate name is used if you do not specify one.security
Required. Determines the type of permissions that can be used to control data access to a volume. Default isunix
.comment
is_repository_vserver
language
If you do not specify the language, the default languageC.UTF-8
orPOSIX.UTF-8
is used.???nmswitch
quota_policy
return_record
snapshot_policy
netapp_svm "example-svm" do
security "unix"
aggregate "aggr1"
volume "vol1"
nsswitch ["nis"]
action :create
end
SVM-management of volume creation, modification and deletion including auto-increment, snapshot schedules and volume options.
The netapp_volume
resource provisions additional volumes on Cloud ONTAP instances. It Creates the volume on an existing aggregate that has sufficient free space.
This resource has the following actions:
:create
Default.:delete
Removes the volume
This resource has the following attributes:
name
string, name attribute. Volume name. Required.svm
string. Name of managed SVM. Requiredaggregate
string. Requiredsize
string (1-9kmgt). Required
netapp_volume '/foo' do
svm 'vs1.example.com'
aggregate 'aggr1'
size '5t'
action :create
end
netapp_volume 'bar' do
action :delete
end
SVM-management of logical interface (LIF) creation, modification and deletion.
This resource has the following actions:
:create
Default. Ensures the lif is in this state.:delete
Removes the lif
This resource has the following attributes:
name
name attribute. LIF name. Requiredsvm
Name of managed SVM. Requiredaddress
administrative_status
valid values "up", "down", "unknown"comment
data_protocols
dns_domain_name
failover_group
failover_policy
valid values "nextavail", "priority", "disabled"firewall_policy
home_node
home_port
is_auto_revert
is_ipv4_link_local
listen_for_dns_query
netmask
netmask_length
return_record
role
valid values "undef", "cluster", "data", "node_mgmt", "intercluster", "cluster_mgmt"routing_group_name
use_failover_group
valid values "system_defined", "disabled", "enabled"
netapp_lif 'private' do
svm 'vs1.example.com'
action :create
end
netapp_lif 'public' do
action :delete
end
SVM-management of iSCSI target creation, modification and deletion.
This resource has the following actions:
:create
Default. Creates iSCSI service.:delete
Removes the target
This resource has the following attributes:
svm
Name of managed SVM. Requiredalias
node
start
True or False. True by default.
netapp_iscsi 'foo' do
svm 'vs1.example.com'
action :create
end
netapp_iscsi 'bar' do
action :delete
end
SVM-management of NFS export rule creation, modification and deletion including NFS export security. Rule changes are persistent.
You do not need to enter any information to configure NFS on the SVM. The NFS configuration is created when you specify the protocol value as nfs
.
This resource has the following actions:
:create
Default. Ensures the NFS export is in this state.:delete
Removes the NFS export
This resource has the following attributes:
pathname
string, name attribute. Requiredsvm
string. Name of managed SVM. Requiredsecurity_rules
hash. Access block information for lists of hosts.
netapp_nfs '/vol/vol0' do
svm 'vs1.example.com'
action :create
end
netapp_export '/vol/vol1' do
svm 'vs1.example.com'
action :delete
end
SVM-management of NFSv4 services on the selected Storage Virtual Machine.
You do not need to enter any information to configure NFS on the SVM. The NFS configuration is created when you specify the protocol value as nfs
.
This resource has the following actions:
:enable
Default. Ensures that the Storage Virtual Machine is running NFSv4.0 and NFSv4.1 services.:disable
Disables and Stops NFSv4.0 and NFSv4.1 services on the Storage Virtual Machine
This resource has the following attributes:
svm
string, name attribute. Name of managed SVM. Required
netapp_nfsv4 'vs1.example.com' do
action :enable
end
netapp_nfsv4 'vs1.example.com' do
action :disable
end
Management of Export Policies for Storage Virtual Machines
This resource has the following actions:
:create
Default. Ensures that an Export Policy exists.:delete
Removes the Export Policy
This resource has the following attributes:
policy_name
string, name attribute. Requiredsvm
string. Name of managed SVM. Required
netapp_export_policy 'my_nfs_export' do
svm 'vs1.example.com'
action :create
end
netapp_export_policy 'my_nfs_export' do
svm 'vs1.example.com'
action :delete
end
Management of Export Rules and Client Matches for Export Policies within a Storage Virtual Machine
This resource has the following actions:
:create
Default. Ensures that an Export Rule exists in the Policy:modify
Changes or updates an Export Rule in the Policy:delete
Removes the Export Rule from the Policy
This resource has the following attributes:
######Required Attributes######
policy_name
string. Requiredsvm
string. Name of managed SVM. Required
######Required for :create, :modify, :delete######
client_match
string. Required for :create, :modify, :delete (For Modify and Delete, can be substituted with RuleIndex)
ro_rule
string. ReadOnly authentication model. Required for :create (Valid options ["any", "none","never","krb5","krb5i","ntlm","sys"] )rw_rule
string. ReadWrite authentication model. Required for :create (Valid options ["any", "none","never","krb5","krb5i","ntlm","sys"] )access_protocol
string. Network Access Protocol. Required for :create (Valid options ["any", "nfs2","nfs3","nfs","cifs","nfs4","flexcache"] )
rule_index
string. Required for :modify, :delete (For Modify and Delete, can be substituted with ClientMatch)
anonymous_user
string. Unix user mapping for anonymous access.chown_mode
string. Default restricted (Valid options ["restricted", "unrestricted"] )ntfs_unix_security_ops
string. Default fail (Valid options ["ignore", "fail"] )allow_dev
boolean.allow_set_uid
boolean.root_rule
string. Root authentication model. (Valid options ["any", "none","never","krb5","krb5i","ntlm","sys"] )
netapp_export_rule "Create rule for 10.0.0.0/24" do
svm "vs1.example.com"
policy_name "my_nfs_export"
client_match "10.0.0.0/24"
access_protocol "nfs"
ro_rule "sys"
rw_rule "sys"
root_rule "sys"
action :create
end
netapp_export_rule "Modify rule for 10.0.0.0/24" do
svm "vs1.example.com"
policy_name "my_nfs_export"
client_match "10.0.0.0/24"
root_rule "none"
action :modify
end
netapp_export_rule "Delete rule for 10.0.0.0/24" do
svm "vs1.example.com"
policy_name "my_nfs_export"
client_match "10.0.0.0/24"
action :delete
end
SVM-management of qtree creation, modification and deletion. Qtrees are a special subdirectory of the root of a volume that acts as a virtual subvolume with special attributes.
The netapp_qtree
resource may be used to create logically defined file system on Cloud ONTAP instances.
This resource has the following actions:
:create
Default. Ensures the QTree is in this state.:delete
Removes the QTree
This resource has the following attributes:
name
name attribute. The path of the qtree, relative to the volume. Requiredsvm
Name of managed SVM. Requiredvolume
Name of the volume on which to create the qtree. Required.export_policy
Export policy of the qtree. If this input is not specified, the qtree will inherit the export policy of the parent volume.mode
The file permission bits of the qtree, similar to UNIX permission bits. If this argument is missing, the permissions of the volume is used.oplocks
Opportunistic locks mode of the qtree. Possible values: "enabled", "disabled". Default value is the oplock mode of the volume.security
Security style of the qtree. Possible values: "unix", "ntfs", or "mixed". Default value is the security style of the volume.force
True or false
netapp_qtree '/share' do
svm 'vs1.example.com'
volume '/foo'
action :create
end
netapp_role '/bar' do
svm 'vs1.example.com'
volume '/foo'
action :delete
end
SVM-management of lun creation, modification and deletion. Luns are a special file type created in a volume that acts as a virtual SCSI device for SAN (ISCSI and FCP) connected hosts.
This resource has the following actions:
:create
Default. Ensures the Lun is in this state.:delete
Removes the Lun
This resource has the following attributes:
name
name attribute. The name of the Lun. Requiredsvm
Name of managed SVM. Requiredvolume
Name of the volume in which to create the Lun. Required.qtree
Name of the selected volume qtree in which to create the Lun.size_mb
Actual size of the Lun in Megabytes (MB). Requiredostype
SAN host version to which the Lun will be connected. Requiredcomment
Description text for the Lun.qos_policy_group
Existing QOS Policy to apply to the Lun.prefix_size
Manual offset for the Lun's starting partition. Advance user featurespace_reservation_enabled
True or False. If true then the Lun will consume 100% of the space on disk, otherwise the size consumed on disk is directly related to the amount of data in the Lun.force
True or false
netapp_lun 'data.lun' do
svm 'vs1.example.com'
volume 'foo'
size_mb 1024
ostype 'windows_2008'
action :create
end
netapp_lun 'data.lun' do
svm 'vs1.example.com'
volume 'foo'
action :delete
end
SVM-management of lun mapping and unmapping to initiator groups. Luns are a special file type created in a volume that acts as a virtual SCSI device for SAN (ISCSI and FCP) connected hosts.
This resource has the following actions:
:create
Default. Ensures the Lun Mapping is in this state.:delete
Removes the Lun Mapping
This resource has the following attributes:
name
name attribute. The name of the Lun. Requiredigroup
existing initiator group to which the Lun should be mapped. Requiredsvm
Name of managed SVM. Requiredvolume
Name of the volume in which to create the Lun. Required.qtree
Name of the selected volume qtree in which to create the Lun.lun_id
Lun identification number. Default will choose the next lowest number starting with 0force
True or false
netapp_lun_map 'data.lun' do
svm 'vs1.example.com'
volume 'foo'
igroup 'windows_host'
action :create
end
netapp_lun_map 'data.lun' do
svm 'vs1.example.com'
volume 'foo'
igroup 'windows_host'
action :delete
end
SVM-management of initiator group (igroup) creation, modification and deletion. Igroups allow for the mapping of Host intiators to NetApp Luns for use with SAN protocols (ISCSI and FCP).
This resource has the following actions:
:create
Default. Ensures the Igroup is in this state.:delete
Removes the Igroup
This resource has the following attributes:
name
name attribute. The name of the Lun. Requiredtype
["iscsi", "fcp", "mixed"] .Requiredsvm
Name of managed SVM. Requiredostype
SAN host version to which the Lun will be connected. Requiredbind_portset
Existing Igroup Portset nameforce
True or false
netapp_igroup 'windows_host' do
svm 'vs1.example.com'
type 'iscsi'
ostype 'windows'
action :create
end
netapp_igroup 'windows_host' do
svm 'vs1.example.com'
action :delete
end
SVM-management of initiators in an initiator group (igroup) addition and removal. Igroups allow for the mapping of Host intiators to NetApp Luns for use with SAN protocols (ISCSI and FCP).
This resource has the following actions:
:add
Default. Ensures the Initiator is associated with the Igroup:remove
Removes the Initiator from the Igroup
This resource has the following attributes:
name
name attribute. The name of the Lun. Requiredinitiator
Initiator address (IQN for ISCSI or WWPN for FCP) .Requiredsvm
Name of managed SVM. Requiredforce
True or false
netapp_igroup_initiators 'windows_host' do
svm 'vs1.example.com'
initiator 'iqn.XXXXXXXXXX'
action :create
end
netapp_igroup_initiators 'windows_host' do
svm 'vs1.example.com'
initiator 'iqn.XXXXXXXXXX'
force true
action :delete
end
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
- Authors:: Arjun Hariharan ([email protected])
Copyright 2014 Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.