Red Hat OpenShift configuration on AWS

Modify the Red Hat OpenShift Service on AWS (ROSA) platform for IBM Storage Scale container native to operate correctly.

Add Scale labels to the machine pool

It is recommended to configure a minimum of 3 replicas.

Create a service account for applying Machine Config Operator (MCO)

As a regular user, you are prevented from modifying Red Hat managed resources. Therefore, it is advised to create a service account for Machine Config Operator (MCO) by following the provided steps:

  1. Create a service account for Machine Config Operator (MCO):

     oc create serviceaccount scale-mco-sa
    
  2. Add a role to service account. To add a "cluster-admin" role to a service account "scale-mco-sa", execute the following command:

     oc adm policy add-cluster-role-to-user cluster-admin -z scale-mco-sa
    
  3. To create a new token for the service account (scale-mco-sa) and store it in the MCO_SA_TOKEN environment variable, execute the following command:

     export MCO_SA_TOKEN=$(oc create token scale-mco-sa)
    
  4. Log in to OpenShift using the new token.

     oc login --token=$MCO_SA_TOKEN
    

For information on how to use service account in applications, see Using service accounts in applications in the Red Hat OpenShift documentation.

Create a new Machine Config Pool

To separate out nodes with labels "scale" and "worker" into a new machine pool, execute the following command:

echo '
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfigPool
metadata:
  name: scale-mcp
spec:
  machineConfigSelector:
    matchExpressions:
      - {key: machineconfiguration.openshift.io/role, operator: In, values: [worker,scale]}
  nodeSelector:
    matchLabels:
      node-role.kubernetes.io/scale: ""
' | oc apply -f -

Applying Machine Config Operator (MCO) settings

Apply the following MCO setting to install the kernel related packages for IBM Storage Scale to successfully build its portability layer.

echo '
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: "scale"
  name: 00-worker-ibm-spectrum-scale-kernel-devel
spec:
  selector:
    matchLabels:
      machineconfiguration.openshift.io/role: "scale"
  config:
    ignition:
      version: 3.2.0
  extensions:
     - kernel-devel
' | oc apply -f -

To validate the kernel-devel packages have been installed onto the machines, see Validate kernel packages.

Cleanup the service account

Once the Machine Config Operator task has been successfully completed, complete the following steps to clean up the service account:

  1. Log out of the OpenShift cluster:

     oc logout
    
  1. Log in to the OpenShift cluster as a regular user:

     oc login <OpenShift_URL> -u <regular_user> -p <regular_user_password>
    
  2. Delete the service account that was created for performing MCO task:

     oc delete sa scale-mco-sa
    

Authorize ROSA worker security group to allow IBM Storage Scale container native ports

Complete the following steps to authorize ROSA worker security group:

  1. In your AWS Management Console, navigate to the "EC2 Dashboard" in the region where ROSA is installed and select the "Security Groups" option from the navigation pane. Locate the Security Group for ROSA worker security group id and export the following variable.

     export AWS_ROSA_WORKER_SECURITY_GROUP=<security_group_id>
    
  2. Use the following commands to Authorize Ingress Traffic to allow ports needed by IBM Storage Scale container native.

     aws ec2 authorize-security-group-ingress --group-id ${AWS_ROSA_WORKER_SECURITY_GROUP} --protocol tcp --port 12345  --source-group ${AWS_ROSA_WORKER_SECURITY_GROUP}
     aws ec2 authorize-security-group-ingress --group-id ${AWS_ROSA_WORKER_SECURITY_GROUP} --protocol tcp --port 1191  --source-group ${AWS_ROSA_WORKER_SECURITY_GROUP}
     aws ec2 authorize-security-group-ingress --group-id ${AWS_ROSA_WORKER_SECURITY_GROUP} --protocol tcp --port 60000-61000  --source-group ${AWS_ROSA_WORKER_SECURITY_GROUP}