Installing the IBM Storage Scale container native operator and cluster
The installation of the IBM Storage Scale container native operator and cluster includes several procedures.
Labels and annotations
IBM Storage Scale Container Native automatically assigns designations (quorum, manager) to a subset of worker nodes. Since automatic assignement is recommened no additional steps will be performed here. If manual designation is required see Labels and annotations for more information.
Install IBM Storage Scale Container Native components
The installation process for IBM Storage Scale Container Native begins with applying the install.yaml to create and define Kubernetes configuration across the following namespaces:
- ibm-spectrum-scale-operator
- ibm-spectrum-scale-dns
- ibm-spectrum-scale-csi
- ibm-spectrum-scale
$ oc apply -f https://raw.githubusercontent.com/IBM/ibm-spectrum-scale-container-native/v5.2.1.x/generated/scale/install.yamlValidate that the following namespaces have been created by running the command:
$ oc get namespaces | grep ibm-spectrum-scale
ibm-spectrum-scale Active 85s
ibm-spectrum-scale-csi Active 85s
ibm-spectrum-scale-dns Active 85s
ibm-spectrum-scale-operator Active 85sValidate that operator pods are running in the ibm-spectrum-scale-operator
and ibm-spectrum-scale-csi namespaces:
$ oc get pods -n ibm-spectrum-scale-operator
NAME READY STATUS RESTARTS AGE
ibm-spectrum-scale-controller-manager-7c7b49d7c9-jpmn2 1/1 Running 0 62s
$ oc get pods -n ibm-spectrum-scale-csi
NAME READY STATUS RESTARTS AGE
ibm-spectrum-scale-csi-operator-5cc78b697-lqq5n 1/1 Running 0 45sKubernetes resources
The following sections describe Kubernetes resources that need to be defined to the Red Hat OpenShift cluster to drive features of the IBM Storage Scale container native cluster.
| Resource | Short name | Description |
|---|---|---|
cluster
|
gpfs
|
Set attributes for the IBM Storage Scale container native cluster |
callhome
|
none
|
Configures IBM Storage Scale callhome |
remoteclusters
|
remotegpfs
|
Provide configuration details to the IBM Storage Scale remote cluster. For more information, see Remote file system section |
filesystem
|
fs
|
Configure the file systems for the container native cluster |
localdisk
|
ld
|
Configure the disks or volumes to be used as storage for local file systems |
encryptionconfig
|
ec
|
Allows users to configure encryption |
- Cluster
- A cluster definition is needed to declare the properties of the IBM Storage Scale container
native cluster. The following steps describe creating a Cluster custom resource.
- Download a copy of the sample cluster.yaml from the GitHub
repository.
$ curl -fs https://raw.githubusercontent.com/IBM/ibm-spectrum-scale-container-native/v5.2.1.x/generated/scale/cr/cluster/cluster.yaml > cluster.yaml || echo "Failed to download Cluster sample CR" - Make changes specific to your installation. For more information on the Cluster specification, see Cluster spec .
- Apply the following command to set the nodeSelector label on the worker
nodes:
$ oc label nodes -lnode-role.kubernetes.io/worker= scale.spectrum.ibm.com/daemon-selector= - Apply the
cluster.yamlby entering the following command:$ oc apply -f cluster.yaml
- Download a copy of the sample cluster.yaml from the GitHub
repository.
- Callhome
-
To enable call home functionality, create a callhome custom resource to the Kubernetes cluster.
- Download the callhome.yaml file and make changes according your configuration. See callhome spec for more information.
- Apply the
callhome.yamlfile:$ oc apply -f callhome.yaml -
Verify callhome resource:
$ oc get callhome -n ibm-spectrum-scale NAME MODE COMPANY NAME COMPANY EMAIL ENABLED AGE callhome enabled ibm christian.m@ibm.com 0s
- Remote Clusters
-
To allow the IBM Storage Scale container native cluster to access remote IBM Storage Scale storage clusters, a RemoteCluster custom resources (CR) must be defined for each storage cluster.
See RemoteClusters for more information.
- Download the remotecluster.yaml from the GitHub repository and change the fields that are specific to your installation. For details on the Remote Cluster specification, see RemoteCluster spec .
- Apply the
resource:
$ oc apply -f remotecluster.yaml - View the remote cluster resources by using the following
command:
$ oc get remotecluster -n ibm-spectrum-scale
To help with fields in the
RemoteClustercustom resource specification, see: - Remote file system
- To configure a file system in the IBM Storage Scale container native cluster, a Filesystem
custom resource (CR) must be defined for each file system you want mounted. The spec.remote
section in the filesystem.remote.yaml defines the remote file system
properties and consists of two fields:
remote.cluster: This field specifies the name of the RemoteCluster CR that is defined that is serving the file system.remote.fs: This field specifies the file system name on the remote storage cluster that is mounted into the container native cluster.
See Remote file system for more information.
Note: All file systems are mounted under /mnt. The mount path cannot be changed!In the following example:
apiVersion: scale.spectrum.ibm.com/v1beta1 kind: Filesystem ... spec: remote: cluster: remotecluster-sample fs: fs1The file system
fs1provided by the remote cluster, which is defined inremotecluster-sampleis made available in the container.Follow the steps to create a Filesystem resource:
- Download the filesystem.remote.yaml from the GitHub repository and change the fields that are specific to your installation. For details on the Filesystem specification, see Filesystem spec
- Apply the resource:
$ oc apply -f filesystem.remote.yaml - Verify the Filesystem resources:
$ oc get filesystem.scale -n ibm-spectrum-scale NAME ESTABLISHED AGE remote-sample True 11m
- Encryption
- IBM Storage Scale container native supports remote mount of an encrypted filesystem. Encryption
is managed through use of encryption keys stored on key server. The following key servers are supported:
- IBM Security Guardium Key Lifecycle Manager (SKLM)
See Encryption for more information regarding EncryptionConfig spec, pre-requisites and configuring an EncryptionConfig custom resource.
Creating secrets for storage cluster GUI users
To allow the IBM Storage Scale container native cluster to access remote IBM Storage Scale storage clusters, a RemoteCluster custom resources (CR) must be defined for each storage cluster.
- Create a secret for the ContainerOperator GUI user defined on the storage
cluster:
$ oc create secret generic cnsa-remote-mount-storage-cluster-1 --from-literal=username='cnsa_storage_gui_user' \ --from-literal=password=<CNSA_STORAGE_GUI_PASSWORD> -n ibm-spectrum-scale - Create a secret for the CsiAdmin GUI user defined on the storage
cluster:
$ oc create secret generic csi-remote-mount-storage-cluster-1 --from-literal=username='csi_storage_gui_user' \ --from-literal=password=<CSI_STORAGE_GUI_PASSWORD> -n ibm-spectrum-scale-csi - Label the
secret:
$ oc label secret csi-remote-mount-storage-cluster-1 -n ibm-spectrum-scale-csi product=ibm-spectrum-scale-csi
Configuring Certificate Authority (CA) certificates
IBM Storage Scale container native uses Transport Layer Security (TLS) verification to guarantee
secure HTTPS communication with the storage cluster GUI. It verifies the server’s certificate chain
and host name. By default, the storage cluster GUI self-signs a certificate that can be used in lieu
of a CA certificate. This certificate can be obtained and used to create the cacert ConfigMap by
entering the following command. Replace GUI_HOST_NAME with the hostname of the
storage cluster GUI node.
$ oc create configmap cacert-storage-cluster-1 --from-literal=storage-cluster-1.crt="$(openssl s_client -showcerts -connect <GUI_HOST_NAME>:443 </dev/null 2>/dev/null|openssl x509 -outform PEM)" -n ibm-spectrum-scaleFollow the link to Configuring Certificate Authority (CA) certificates for more information.