Overview of the cloudkit installation options

This topic covers comprehensive command options available for deploying and managing IBM Storage Scale cluster on public cloud.

The cloudkit provides an interactive experience guiding the user through its prompts, the list of commands outlined below are the starting points. Use these commands to start the interaction with the cloudkit.

Preparation

The cloudkit needs to be installed on a Linux-based host before it can be used for an IBM Storage Scale deployment on public cloud. Such Linux-based host is referred to as installer node. For information about setting up an installer node, see Preparing the installer node. After the cloudkit setup is complete, log in to the installer node.

The cloudkit binary is found at the /usr/lpp/mmfs/<release_version>/cloudkit directory. In this directory, the IBM Storage Scale cloudkit can be invoked through the cloudkit command. Optionally, this directory can be added to the path.

Before attempting to create an IBM Storage Scale cluster on a public cloud, the cloudkit must be configured as described in the next sections.

Initialization

  1. Use the cloudkit init command to install the prerequisites needed for the utility.
    To configure, run the cloudkit init command:
    ./cloudkit init
I: Logging at /root/scale-cloudkit/logs/cloudkit-25-11-2024_0-11-59.log
? Passphrase file path for encrypting DB contents: /root/secrets/cloudkit_config.ini

    The passPhrase file need to pass during the init command run. For more information, see Preparing the cloudkit environment file.

    Note: When a new version of IBM Storage Scale data bundle is downloaded from IBM Fix Central and extracted to a node, it is mandatory to rerun the cloudkit init command even if the command was previously run for a different version of IBM Storage Scale.
  2. Use the cloudkit configure command to configure local machine to use your cloud account. For more information, see Configuring the cloudkit.

Deployment

Before deploying IBM Storage Scale on a public cloud, make sure to complete the procedures described in Initialization.

To understand the deployment option provided by the cloudkit, you need to know the way cloudkit deploys IBM Storage Scale on a cloud and the stages it goes through:

  1. Cloudkit uploads require a GPFS binary to cloud repository.
    • Use the cloudkit create repository command to optionally create a package repository on the cloud object store.
  2. Cloudkit prepares the cloud operating system image based on a cloud repository.
    • Use the cloudkit create image command to optionally create a virtual machine image containing all IBM Storage Scale packages preinstalled.
  3. Cloudkit creates a virtual private network that is later used for the deployment of an IBM Storage Scale storage cluster.
    • Use the cloudkit create network command to optionally create a virtual private network.
  4. Cloudkit creates or associates a domain name system (DNS) to facilitate hostname resolution.
    • Use the cloudkit create dns command to optionally create a DNS domain.
  5. Cloudkit creates a jump host or bastion host by using the previously created virtual private network.
    • Use the cloudkit create jumphost command to optionally create a jump host.
  6. Cloudkit deploys an IBM Storage Scale cluster using the previously created operating system image.
    • Use the cloudkit create cluster command to create an IBM Storage Scale cluster. This command can be used to create an IBM Storage Scale storage, compute or combined cluster.

To help you plan your requirement deployment architecture, refer to Planning the virtual private cloud (VPC) architecture for AWS and Planning the virtual private cloud (VPC) architecture for GCP.

Administering

The cloudkit can be used to manage a previously deployed cloudkit cluster using the following options.
  1. Use the cloudkit grant filesystem command to remote mount a filesystem from a storage cluster to a compute cluster previously created by the same instance of cloudkit.
  2. Use the cloudkit grant repository command to provide access to a package repository located on the cloud object store to a specific Virtual Private Cloud.
  3. Use the cloudkit port-forward command to provide access to the IBM Storage Scale GUI through a jump host.
  4. Use the cloudkit revoke filesystem command to remove a previous remote mount configuration.
  5. Use the cloudkit revoke repository command to remove the access from a virtual private cloud to a repository.
  6. Use the cloudkit edit cluster command to scale out cluster resources.
  7. Use the cloudkit caching setup command to set up an AFM relationship from a local scale cluster to a remote cluster or cloud object storage.

For more information, see Administering cloudkit.

To see an end-to-end process of using interactive command, see See the end-to-end process of using interactive command.End-to-end process of using interactive command .

Upgrade

The cloudkit can be used to upgrade existing package repository and an IBM Storage Scale cluster using the following options:
  1. Use cloudkit upgrade repository command to upgrade the existing repository to specified cloudkit version.
  2. Use cloudkit upgrade cluster command to upgrade the existing cluster to specified cloudkit version.
Note: Upgrade of IBM Storage Scale cluster is only supported on AWS and GCP.

For more information, see Upgrading IBM Storage Scale on cloud.

Cleanup

The cloudkit can be used to delete the resources which we provisioned:
  1. Use the cloudkit delete cluster command to delete the cluster.
  2. Use the cloudkit delete jumphost command to delete the jump host.
  3. Use the cloudkit delete dns command to delete the DNS domain.
  4. Use the cloudkit delete network command to delete the virtual private cloud or virtual network.
  5. Use the cloudkit delete image command to delete the image.
  6. Use the cloudkit delete repo command to delete the repository.
  7. Use the cloudkit delete caching-target command to delete the caching target.
Note: Cloudkit keeps track of resources created using it. When the 'cluster with a new vpc' is created by cloudkit, make sure this VPC does not contain any active resources before proceeding with deletion of cluster. As this cluster stack contains VPC resources and if there are other resources created beyond cloudkit using this VPC resources could block the cluster deletion.

In scenarios of cluster with jumphost created via cloudkit, it will be deleted as part of cluster deletion operation. If this jumphost is being used by other clusters, their access might be impacted. Hence it is advised to verify the usage of jumphost before proceeding with deletion.

The following table lists the command options to perform cloud resource provisioning, IBM Storage Scale install and configuration.

Table 1. cloudkit command options
cloudkit command option Purpose
configure Configure local machine to use your cloud account
create Create a resource from stdin
delete Delete a specific resource
describe Show details of a specific resource
edit Edit a specific resource
grant Grant access to a specific resource
help Help about any command
init Installs prerequisite(s) required for the utility
list List a resource from stdin
port-forward Redirects the IBM Storage Scale GUI access through a jump host
revoke Revoke filesystem mount access
upgrade Upgrade a resource from stdin
validate Validate resources
setup Set up features related to IBM Storage Scale
version Prints the version number of the tool

Other Considerations

Compute cluster with bastion:


-1      icmp    Allow ICMP traffic from bastion to compute instances
22      TCP     "Allow SSH traffic from bastion to compute instances"
-1      icmp    "Allow ICMP traffic within compute instances"
22      TCP     "Allow SSH traffic within compute instances"
1191    TCP     "Allow GPFS intra cluster traffic within compute instances"
60000-61000     TCP     "Allow GPFS ephemeral port range within compute instances"
47080   TCP     "Allow management GUI (http/localhost) TCP traffic within compute instances"
47443   UDP     "Allow management GUI (https/localhost) TCP traffic within compute instances"
4444    TCP     "Allow management GUI (https/localhost) TCP traffic within compute instances"
4739    TCP     "Allow management GUI (localhost) TCP traffic within compute instances"
4739    "UDP"   "Allow management GUI (localhost) UDP traffic within compute instances"
9080    TCP     "Allow performance monitoring collector traffic within compute instances"
9081    TCP     "Allow performance monitoring collector traffic within compute instances"
80      TCP     "Allow http traffic within compute instances"
443     TCP     "Allow https traffic within compute instances"
443     TCP     "Allow GUI traffic from bastion/jumphost"
Note: "Allow ICMP traffic from bastion to compute instances" and "Allow SSH traffic from bastion to compute instances" are not added if direct connect is used.
Storage cluster with bastion:

-1      icmp    Allow ICMP traffic from bastion to storage instances
22      TCP     "Allow SSH traffic from bastion to storage instances"
-1      icmp    "Allow ICMP traffic within storage instances"
22      TCP     "Allow SSH traffic within storage instances"
1191    TCP     "Allow GPFS intra cluster traffic within storage instances"
60000-61000     TCP     "Allow GPFS ephemeral port range within storage instances"
47080   TCP     "Allow management GUI (http/localhost) TCP traffic within storage instances"
47443   UDP     "Allow management GUI (https/localhost) TCP traffic within storage instances"
4444    TCP     "Allow management GUI (https/localhost) TCP traffic within storage instances"
4739    TCP     "Allow management GUI (localhost) TCP traffic within storage instances"
4739    UDP     "Allow management GUI (localhost) UDP traffic within storage instances"
9080    TCP     "Allow performance monitoring collector traffic within storage instances"
9081    TCP     "Allow performance monitoring collector traffic within storage instances"
80      TCP     "Allow http traffic within storage instances"
443     TCP     "Allow https traffic within storage instances"
443     TCP     "Allow GUI traffic from bastion/jumphost"
Note: "Allow ICMP traffic from bastion to storage instances" and "Allow SSH traffic from bastion to storage instances" are not added if direct connect is used.
Compute cluster with remote mount:
-1, ICMP, Allow ICMP traffic from spectrum scale cluster
1191, TCP, Allow GPFS intra cluster traffic from spectrum scale cluster
443, TCP, Allow management GUI (http/localhost) TCP traffic from spectrum scale cluster
60000-61000, TCP, Allow spectrum scale ephemeral port range