Installing IBM Storage Scale DAS

After configuring and verifying the installation prerequisites, complete the following steps to install IBM Storage Scale DAS in your Red Hat OpenShift Container Platform (OCP) cluster.

To install IBM Storage Scale DAS, you need the manifest file from the GitHub repository.

1. To install IBM Storage Scale DAS, apply the manifest file from the GitHub repository, as shown in the following example:

   oc apply -f https://raw.githubusercontent.com/IBM/ibm-spectrum-scale-container-native/v5.1.9.x/generated/das/install.yaml

Running the preceding step sets up the Red Hat OpenShift namespace for IBM Storage Scale DAS (ibm-spectrum-scale-das) and tries to pull the operator image. The IBM Storage Scale DAS images are pulled from IBM Cloud Container Registry (ICR), using the global pull secret configured to pull IBM Storage Scale container native images. For more information, see Adding IBM Cloud container registry credentials.

2. After some time, the IBM Storage Scale DAS namespace will have three running pods, one IBM Storage Scale operator and two IBM Storage Scale DAS endpoint pods for the management of IBM Storage Scale DAS.
3. From a node configured to work with the OCP cluster, view the details of the ibm-spectrum-scale-das namespace.
   For example,

   oc get pods -n ibm-spectrum-scale-das

   A sample output is as follows:

   NAME                                                         READY   STATUS    RESTARTS   AGE
   ibm-spectrum-scale-das-controller-manager-5778d55476-9mgt9   2/2     Running   0          102s
   ibm-spectrum-scale-das-endpoint-696bc8fcb9-k7fcp             1/1     Running   0          67s
   ibm-spectrum-scale-das-endpoint-696bc8fcb9-rtkb8             1/1     Running   0          67s
   

   The IBM Storage Scale DAS operator deploys and configures Red Hat OpenShift Data Foundation (ODF). At this stage of the installation process, the IBM Storage Scale DAS operator sets up the namespace for openshift-storage and deploys the initial pods. You can view the details of the openshift-storage namespace as follows:

   oc -n openshift-storage get pods

   A sample output is as follows:

   NAME                                               READY   STATUS    RESTARTS   AGE
   csi-addons-controller-manager-5cf799f75d-wc6g4     2/2     Running   0          3m20s
   noobaa-operator-777fd9f598-k9tm6                   1/1     Running   0          3m20s
   ocs-metrics-exporter-646b65d57b-pvcwn              1/1     Running   0          3m20s
   ocs-operator-6db866c6fd-h5kgj                      1/1     Running   0          3m20s
   odf-console-5b96f969cb-xzxxv                       1/1     Running   0          3m20s
   odf-operator-controller-manager-6b47f4fb68-6t7ss   2/2     Running   0          3m20s
   rook-ceph-operator-5b5c67ff7b-7h45x                1/1     Running   0          3m20s

By default, Red Hat OpenShift sets the Security Context Constraints (SCCs) for the new Red Hat OpenShift namespaces. All pods started in a namespace inherit their SCCs from their namespace.

4. If you have enabled SELinux on the IBM Storage Scale cluster, then follow this step. Verify the Red Hat OpenShift SCCs for the openshift-storage namespace.
   For example,

   oc describe namespace openshift-storage | grep scc

   A sample output is as follows:

   Annotations:  openshift.io/sa.scc.mcs: s0:c26,c25
                 openshift.io/sa.scc.supplemental-groups: 1000700000/10000
                 openshift.io/sa.scc.uid-range: 1000700000/10000

   Note: The example output shows the SCCs for the openshift-storage namespace and its pods after initial IBM Storage Scale DAS installation. The SELinux Multi-Category Security (MCS) labels that are configured for the IBM Storage Scale file system (s0:c111,c234) are different MCS labels chosen by Red Hat OpenShift for the SCCs of the openshift-storage namespace and its pods.

   oc -n openshift-storage get pods -o yaml | grep "level: s"

   A sample output is as follows:

   level: s0:c26,c25
   level: s0:c26,c25
   level: s0:c26,c25
   level: s0:c26,c25
   level: s0:c26,c25
   level: s0:c26,c25
   

   Note: The Red Hat OpenShift SCCs for SELinux MCS labels of the pods in the openshift-storage namespace must match the SELinux MCS labels that are configured for the IBM Storage Scale file system. You can do this by updating the Red Hat OpenShift SCCs of the openshift-storage namespace and restarting all the pods in the namespace.
5. If you have enabled SELinux on the IBM Storage Scalecluster, then follow this step. Set the Red Hat OpenShift SCC of the openshift-storage namespace to the MCS labels for the IBM Storage Scale file system, which is s0:c11,c324.
   For example,

   oc annotate namespace openshift-storage --overwrite openshift.io/sa.scc.mcs="s0:c111,c234"

   1. View the Red Hat OpenShift SCCs of the openshift-storage namespace.
      For example,

      oc describe namespace openshift-storage | grep scc

      A sample output is as follows:

      Annotations:  openshift.io/sa.scc.mcs: s0:c111,c234
                    openshift.io/sa.scc.supplemental-groups: 1000700000/10000
                    openshift.io/sa.scc.uid-range: 1000700000/10000
      

      Note: Running pods retain their OpenShift SCCs. Therefore, all pods in the openshift-storage namespace must be terminated, so that they get re-created with the updated Red Hat OpenShift SCCs.
   2. Terminate all pods in the openshift-storage namespace.
      For example,

      oc -n openshift-storage delete --all pods

      A sample output is as follows:

      pod "noobaa-operator-849c98d5fc-pn4mz" deleted
      pod "ocs-metrics-exporter-6667498545-xzmjt" deleted
      pod "ocs-operator-6bffb7469d-857lb" deleted
      pod "odf-console-67cdbb6855-drdtd" deleted
      pod "odf-operator-controller-manager-64fcc74877-kbq42" deleted
      pod "rook-ceph-operator-7f9fc99d87-dmfpj" deleted
      

   3. List all re-created pods in the openshift-storage namespace.
      For example,

      oc -n openshift-storage get pods

      A sample output is as follows:

      NAME                                               READY   STATUS    RESTARTS   AGE
      csi-addons-controller-manager-5cf799f75d-r8r7s     2/2     Running   0          20s
      noobaa-operator-777fd9f598-6vrjx                   1/1     Running   0          20s
      ocs-metrics-exporter-646b65d57b-tgmg4              1/1     Running   0          20s
      ocs-operator-6db866c6fd-f586t                      1/1     Running   0          20s
      odf-console-5b96f969cb-59jsq                       1/1     Running   0          20s
      odf-operator-controller-manager-6b47f4fb68-pddtk   2/2     Running   0          20s
      rook-ceph-operator-5b5c67ff7b-77jgj                1/1     Running   0          20s

   4. If you have enabled SELinux on the IBM Storage Scale cluster, then follow this step. Verify that the SCC of the openshift-storage namespace are updated to the IBM Storage Scale MCS labels.
      For example,

      oc -n openshift-storage get pods -o yaml | grep "level: s"

      A sample output is as follows:

              level: s0:c111,c234
              level: s0:c111,c234
              level: s0:c111,c234
              level: s0:c111,c234
              level: s0:c111,c234
              level: s0:c111,c234
      

IBM Storage Scale DAS CLI and REST API require access to the IBM Storage Scale GUI of the IBM Storage Scale container native cluster. This involves configuring an administrator user for IBM Storage Scale DAS in the IBM Storage Scale GUI and a respective secret in the ibm-spectrum-scale-das namespace.

6. From a node configured to work with the OCP cluster, configure access to the IBM Storage Scale GUI.
   1. Configure an administrator user in the IBM Storage Scale GUI of the IBM Storage Scale container native cluster.
      For example,

      oc -n ibm-spectrum-scale exec -c liberty ibm-spectrum-scale-gui-0 -- /usr/lpp/mmfs/gui/cli/mkuser s3-admin -p Passw0rd -g 'ProtocolAdmin'

      A sample output is as follows:

      EFSSG0019I The user s3-admin has been successfully created.
      EFSSG1000I The command completed successfully.

   2. Configure the secret with the credentials of the administrator user in the IBM Storage Scale DAS namespace.
      For example,

      oc -n ibm-spectrum-scale-das create secret generic das-gui-user --from-literal=username='s3-admin' --from-literal=password='Passw0rd'

      A sample output is as follows:

      secret/das-gui-user created

      Note: GUI user passwords expire after 90 days by default. Changing these passwords requires you to schedule a short maintenance window for IBM Storage Scale DAS. For more information, see Changing GUI user passwords.

The IBM Storage Scale DAS CLI, mmdas, is shipped with the IBM Storage Scale DAS endpoint pods.

7. From a node configured to work with the OCP cluster, install the IBM Storage Scale DAS CLI.
   1. Verify that the IBM Storage Scale DAS endpoint pods are running.
      For example,

      oc -n ibm-spectrum-scale-das get pods -l app=das-endpoint

      A sample output is as follows:

      NAME                                               READY   STATUS    RESTARTS   AGE
      ibm-spectrum-scale-das-endpoint-696bc8fcb9-k7fcp   1/1     Running   0          16m
      ibm-spectrum-scale-das-endpoint-696bc8fcb9-rtkb8   1/1     Running   0          16m
      

   2. Copy the IBM Storage Scale DAS CLI from a running ibm-spectrum-scale-das-endpoint pod to the node configured to work with the OCP cluster.
      For example,

      oc cp ibm-spectrum-scale-das/$(oc -n ibm-spectrum-scale-das get pods -l app=das-endpoint -o=jsonpath='{.items[0].metadata.name}'):mmdas /usr/local/bin/mmdas

   3. Make the IBM Storage Scale DAS CLI executable.
      For example,

      chmod 755 /usr/local/bin/mmdas

      The IBM Storage Scale DAS CLI is now ready to use. You can try the mmdas service list command to validate that IBM Storage Scale DAS is successfully installed. The command shows that the S3 service is not found. This is expected, because IBM Storage Scale DAS is deployed but not yet configured.

      For example,

      mmdas service list

      A sample output is as follows:

      Setting up REST API endpoint URL ...
      No Service found
      

      If you get an error message such as "Something went wrong, check the das-endpoint logs", see Known issues.

   4. To check the product version of the deployed ibm-spectrum-scale-das operator, issue the command as follows:

      oc get deploy ibm-spectrum-scale-das-controller-manager -n ibm-spectrum-scale-das -o json | jq .metadata.annotations.productVersion

      The version of the ibm-spectrum-scale-das is shown as follows:

      "5.1.9.1"