Configuring Data Foundation local storage
From the Data Foundation user interface page, you can configure Fusion Data Foundation storage.
About this task
Install service with device type as local. To know more about local storage, see Storage device requirements.
Procedure
- Go to the Data Foundation page.
- Wait for the discovery of compute nodes to complete. After the discovery process completes, the Configure storage button is enabled.
- Click Configure storage.
- If you want to change the default disk size for your storage configuration, select from the available disk size and type in the Configure storage page. The type can be HDD or SSD/NVMe. Fusion Data Foundation does not support HDD in local mode.
- In the Storage nodes section, select nodes from the node table
based on the recommendation. They are candidate nodes to be selected as Fusion Data Foundation storage nodes. Only compute nodes with
available HDD or SSD/NVMe disks can be viewed as candidate nodes and they get displayed in the
table. The table includes Name, Disks, Disk count, Disk size (TiB), CPU core, and Memory (GiB) details about the node.For example, the recommendation can be to select a minimum of 3 nodes with an aggregation of at least 30 CPUs and 72 GiB memory.
- In the Summary section, check the capacity configuration and click Next.
- In the Additional settings section, you can toggle to enable
dedicated nodes for infrastructure. These nodes get tainted to only allow Fusion Data Foundation workload to be deployed on them. Also, these dedicated nodes for infrastructure option changes the selected compute nodes to infrastructure nodes, and you can save subscription costs of OpenShift® Container Platform for these Data Foundation nodes. When the Global Data Platform service is enabled, the Dedicated nodes for infrastructure button is not visible.
- In the Specify encryption for the storage
configuration page, enter the following details:
- In the Encryption settings section, select a
- Store the encryption key as a secret in the cluster
- Store the encryption key in an external KMS
- None
If you select Store the encryption key in an external KMS option, then enter the following connection settings:- Enter the Hostname/ IP address of your KMS server.
- Enter the value of Port of your KMS server.
- Select a Provider type. It can be Vault or
Thales CipherTrust Manager.
Table 1. Provider type options Provider type Procedure Vault For Vault, enter the following details. - Select an Authentication method. It can be Token
or Kubernetes.
- Token method
- If you select the method as Token, then enter value for token. For more information on how to create token in vault server, see Enabling encryption with the token authentication using HashiCorp Vault(manual part) in Preparing to connect to an external KMS server in Fusion Data Foundation.
- Kubernetes method
- If you select the method as Kubernetes, then enter value for role. After you click
Configure in the next step, manually do the steps that are defined in the
Enabling encryption with the Kubernetes authentication using HashiCorp Vault (manual part). The role will be generated with
rook-ceph-system
,rook-ceph-osd,noobaa
asbound_service_account_names
in the Vault by the manual steps.
- Enter the Backend path that you defined in step 1 in Enabling encryption with the token authentication using HashiCorp Vault(manual part) or step 3.b that defined in Enabling encryption with the Kubernetes authentication using HashiCorp Vault (manual part).
- Optionally, enter the CA certificate, Client
certificate, Client private key (optional) in pem
format.Note: Client certificate and client private key need to be provided as a pair, or neither of them. Only providing one of them is invalid.
- Optionally, enter TLS server name
- Optionally, if authentication method is Token, enter the Vault enterprise namespace.
- Optionally, if authentication method is Kubernetes, enter Authentication path.
Thales CipherTrust Manager For Thales CipherTrust Manager, enter the following details: - Enter the CA certificate generated in step 6 in Enabling encryption using Thales CipherTrust Manager (manual part).
- Enter the Client certificate and the private key generated in step 4 of Enabling encryption using Thales CipherTrust Manager (manual part).
- Optionally, enter TLS server name.
- Select an Authentication method. It can be Token
or Kubernetes.
- In the Encryption settings section, select a
- Click Configure. The Data Foundation page now includes Usable capacity, Health, and Storage nodes sections:Important: If you use an external device, then the Storage nodes list is not available instead the following message is displayed:
External mode Data Foundation is deployed in external mode.
Note: Sometimes, it can take up to five minutes to show the summary of Usable capacity and Health sections.- Usable capacity
- The amount of capacity that is available for storing data on a system after the RAID or mirroring technology is applied. In Fusion Data Foundation, it is 1/3 of the raw capacity when you use three replicas. Usable capacity is represented in a line graph. The block, file and object are distinguished by different colors.
- Health
- It includes Storage cluster and Data resiliency. The status gets displayed only after the provisioning is complete. You can check in the Storage > Data Foundation. Go to Storage Systems to see the created storage file system. Open the file system and in the Overview tab. In the Storage > Persistent Volumes page, you can view the local persistent volumes based on the selected disk.
- Storage nodes
- It includes a list of all nodes that are used in your local storage configuration. The node details listed in the table are Name, Status, Disks, Disk size (TiB), CPU, and Memory (GiB). You can use the search option to filter and search for nodes. You can add nodes to scale up. For the procedure to add nodes, see Adding nodes to your Fusion Data Foundation storage..
What to do next
- For Kubernetes method, finish the manual steps that are defined in Enable encryption with KMS using the Kubernetes authentication method.
- You can now add nodes and disks.
- If you have encryption settings, you can edit the details.