ONTAP Discussions

Astra Trident managementLIF with ontap-nas driver backend

Lievendp
199 Views

Hi,

Since the tridentbackendconfig does not specify which service policies on the LIF are requisite for the ontap-nas backend I hope to find clarification here.

  • trident backend driver: ontap-nas
  • I create a new SVM/Vserver for trident
  • new LIF associated with the SVM for data and/or management will be created
  • ontap version is 9.12 so we use: service policies on the LIF
  • creating new account with svmadmin security role to use in the backend credentials
  • only nfs type mounts required for the kubernetes volumes

I gather following service policies are required for the DATA LIF:

  • data-core
  • data-nfs
  • data-fpolicy-client
  • management-dns-client
  • management-ad-client
  • management-ldap-client
  • management-ssh
  • management-https

Here are my questions:

  • the Trident backend config requires also a MANAGEMENT LIF and I'm unsure if I could just reuse the IP of the new dataLIF? Since the dataLIF will have management-https service policy. Will that suffice for Trident to work correctly or do I really need to enter the cluster management IP als managementLIF for the backend? 
  • svmadmin security role will avoid Trident interfering with the rest of the cluster?
  • is Trident using restapi and does that correspond with management-https service policy?

 

2 REPLIES 2

TMACMD
150 Views

The few setups I’ve assisted with were always created a svm mgmt lif (typically on e0M) and a data lif on each node. Also, be sure to modify the svm aggr-list to specifically include which aggregates are allowed. 

take note that in 9.13 (I think that is the first version) there is an svm option to limit capacity. Normally trident is allowed to use all of the aggregate(s) you tell it about.  Setting the option is basically a svm quota

Lievendp
84 Views

Thanks for your update, meanwhile, I found the info from Netapp Trident in the best practices section.

netapp trident docs use svms 

to recap: 

  1. use the cluster mgmt lif
  2. use a dedicated mgmt lif on the svm (I believe that's what you recommend)
  3. share the datalif

Apperntly, all 3 are equally valable but network security policies should align

 

Public