Configuring Data Foundation dynamic storage
From the Data Foundation user interface page, you can configure dynamic storage for Fusion Data Foundation.
About this task
Procedure
- Go to the Data Foundation page.
- Click Configure storage. IBM Fusion automatically detects the device type as dynamic storage.
- In the Configure storage page, select the following values in the
Storage capacity:
- Disk size (TiB)
- Select from the available storage capacities listed in the Disk size (TiB) drop down menu.
- Cloud volume storage class
- Select a storage class value.
- Usable capacity (TiB)
- After you select a value in Disk size (TiB), the Usable capacity is enabled. Click the + or - to select a value that is increments of the disk drive.
- In the Select storage nodes section, select the nodes based on the
recommendation displayed on the page. You can also use the Data Foundation sizer tool to come up with your calculations. The table includes Name, Zone, CPU, and Memory (GiB) details about the node. For example, the recommendation can be select a minimum of 3 nodes with an aggregation of at least 30 CPUs and 72 GiB memory. Additionally, a message also prompts you to select nodes from each of the available zones.
- In the Additional settings section, you can toggle to enable
dedicated nodes for infrastructure. These nodes get tainted to only allow Fusion Data Foundation workload to be deployed on them. Also, these dedicated nodes for infrastructure option changes the selected compute nodes to infrastructure nodes, and you can save subscription costs of OpenShift® Container Platform for these Data Foundation nodes. When the Global Data Platform service is enabled, the Dedicated nodes for infrastructure button is not visible.
- In the Summary section, check the capacity configuration. Note: Sometimes, it can take up to five minutes to show the summary of Usable capacity and Health sections.
- Usable capacity
- The amount of capacity that is available for storing data on a system after the RAID or mirroring technology is applied. In Fusion Data Foundation, it is 1/3 of the raw capacity when you use three replicas. Usable capacity is represented in a line graph. The block, file and object are distinguished by different colors.
- Health
- It includes Storage cluster and Data resiliency. The status gets displayed only after the provisioning is complete. You can check in the Storage > Data Foundation. Go to Storage Systems to see the created storage file system. Open the file system and in the Overview tab. In the Storage > Persistent Volumes page, you can view the local persistent volumes based on the selected disk.
- Storage nodes
- It includes the list of all nodes used in your local storage configuration. The node details listed in the table are Name, Status, Disks, Disk size (TiB), CPU, and Memory (GiB). You can use the search option to filter and search for nodes. You can add nodes to scale up. For the procedure to add nodes, see Adding nodes to your Fusion Data Foundation storage
- Click Next. The Specify encryption for the storage configuration page is displayed.
- In the Specify encryption for the storage
configuration page, enter the following details:
- In the Encryption settings section, select a
- Store the encryption key as a secret in the cluster
- Store the encryption key in an external KMS
- None
If you select Store the encryption key in an external KMS option, then enter the following connection settings:- Enter the Hostname/ IP address of your KMS server.
- Enter the value of Port of your KMS server.
- Select a Provider type. It can be Vault or
Thales CipherTrust Manager.
Table 1. Provider type options Provider type Procedure Vault For Vault, enter the following details. - Select an Authentication method. It can be Token
or Kubernetes.
- Token method
- If you select the method as Token, then enter value for token. For more information on how to create token in vault server, see Enabling encryption with the token authentication using HashiCorp Vault(manual part) in Preparing to connect to an external KMS server in Fusion Data Foundation.
- Kubernetes method
- If you select the method as Kubernetes, then enter value for role. After you click
Configure in the next step, manually do the steps that are defined in the
Enabling encryption with the Kubernetes authentication using HashiCorp Vault (manual part). The role will be generated with
rook-ceph-system
,rook-ceph-osd,noobaa
asbound_service_account_names
in the Vault by the manual steps.
- Enter the Backend path that you defined in step 1 in Enabling encryption with the token authentication using HashiCorp Vault(manual part) or step 3.b that defined in Enabling encryption with the Kubernetes authentication using HashiCorp Vault (manual part).
- Optionally, enter the CA certificate, Client
certificate, Client private key (optional) in pem
format.Note: Client certificate and client private key need to be provided as a pair, or neither of them. Only providing one of them is invalid.
- Optionally, enter TLS server name
- Optionally, if authentication method is Token, enter the Vault enterprise namespace.
- Optionally, if authentication method is Kubernetes, enter Authentication path.
Thales CipherTrust Manager For Thales CipherTrust Manager, enter the following details: - Enter the CA certificate generated in step 6 in Enabling encryption using Thales CipherTrust Manager (manual part).
- Enter the Client certificate and the private key generated in step 4 of Enabling encryption using Thales CipherTrust Manager (manual part).
- Optionally, enter TLS server name.
- Select an Authentication method. It can be Token
or Kubernetes.
- In the Encryption settings section, select a
- Click Configure.
- The Data Foundation page is displayed. After the configuration is complete, the Data Foundation loads the Usable capacity, Health, and Storage nodes.
- If Kubernetes authentication method is used in an external KMS, installation will be pending until the user finishes the manual steps in the Vault server.
What to do next
- For Kubernetes method, finish the manual steps that are defined in Enable encryption with KMS using the Kubernetes authentication method.
- You can now add nodes and capacity.
- If you have encryption settings, you can edit the details.