OpenShift

Make sure the prerequisites for StorageOS are satisfied before proceeding. Including the deployment of an etcd cluster.

If you have installed OpenShift in AWS ensure that the requisite ports are opened for the worker nodes’ security group.

Make sure to add a StorageOS licence after installing.

StorageOS v2 supports OpenShift v4. For more information check the OpenShift platform page.

The recommended way to run StorageOS on OpenShift is to deploy the StorageOS Cluster Operator using the Operator Lifecycle Manager (OLM) from the Red Hat OperatorHub, and bootstrap StorageOS using a Custom Resource. If that option is not suited for your use case, you can choose the “Manual” installation.

 



Operator Lifecycle Manager

The StorageOS Cluster Operator is RedHat OpenShift certified operator available from the OperatorHub.

  1. Select the OperatorHub from the Catalog sub menu and search for StorageOS

    install-1

  2. Select StorageOS and click install

    install-2

  3. Create the Operator subscription by clicking subscribe

    install-3

  4. Wait until the Upgrade Status shows 1 installed

    install-4

  5. Create a secret containing the apiUsername and an apiPassword key. The username and password defined in the secret will be used to authenticate when using the StorageOS CLI and GUI. For the communication between StorageOS and OpenShift, the CSI credentials csiProvisionUsername, csiProvisionPassword, csiControllerPublishUsername, csiControllerPublishPassword, csiNodePublishUsername, csiNodePublishPassword are needed. Take note of which project you created the secret in.

    install-5   install-6 install-7 install-8

    Alternatively the YAML input can be used with a Secret as follows:

    apiVersion: v1
    kind: Secret
    metadata:
      name: example
      namespace: openshift-operators
    type: "kubernetes.io/storageos"
    data:
      # echo -n '<secret>' | base64
      apiUsername: c3RvcmFnZW9z
      apiPassword: c3RvcmFnZW9z
      # CSI Credentials
      csiProvisionUsername: c3RvcmFnZW9z
      csiProvisionPassword: c3RvcmFnZW9z
      csiControllerPublishUsername: c3RvcmFnZW9z
      csiControllerPublishPassword: c3RvcmFnZW9z
      csiNodePublishUsername: c3RvcmFnZW9z
      csiNodePublishPassword: c3RvcmFnZW9z
    
  6. Go to Installed Operators and select the StorageOS operator. Select StorageOS Cluster and create a StorageOS cluster.

    install-9

  7. The StorageOS cluster resource describes the StorageOS cluster that will be created. The secretRefName and secretRefNamespace should reference the secret containing the apiUsername and apiPassword that was previously created.

    Additional spec parameters are available on the Cluster Operator configuration page.

    apiVersion: "storageos.com/v1"
    kind: StorageOSCluster
    metadata:
      name: storageos
      namespace: openshift-operators
    spec:
      secretRefName: "storageos-api" # Reference the Secret created in the previous step
      secretRefNamespace: "openshift-operators"  # Namespace of the Secret created in the previous step
      namespace: kube-system
      k8sDistro: "openshift"
      images:
        nodeContainer: "storageos/node:v2.0.0" # StorageOS version
      kvBackend:
        backend: 'etcd'
        address: 'storageos-etcd-client.etcd:2379' # Example address, change for your etcd endpoint
      # address: '10.42.15.23:2379,10.42.12.22:2379,10.42.13.16:2379' # You can set ETCD server ips
      csi:
        enable: true
        deploymentStrategy: deployment
        enableControllerPublishCreds: true
        enableNodePublishCreds: true
        enableProvisionCreds: true
      resources:
        requests:
        memory: "512Mi"
    

    install-8

  8. Verify that the StorageOS Resource enters a running state.

    install-9

  9. Set SELinux Permissions

    The StorageOS CSI helper needs to mount a CSI Socket into the container so on each node add the svirt_sandbox_file_t flag to the CSI socket directory and CSI socket.

    chcon -Rt svirt_sandbox_file_t /var/lib/kubelet/plugins_registry/storageos
    
  10. License cluster

    A newly installed StorageOS cluster does not include a licence. A cluster must be licensed within 24 hours of the installation. For more information, check the reference licence page.

    You can apply a Free Developer licence following the operations licensing page, or purchase a licence contacting [email protected].

Manual install

The StorageOS Cluster Operator is a Kubernetes native application developed to deploy and configure StorageOS clusters, and assist with maintenance operations. We recommend its use for standard installations.

The operator is a Kubernetes controller that watches the StorageOSCluster CRD. Once the controller is ready, a StorageOS cluster definition can be created. The operator will deploy a StorageOS cluster based on the configuration specified in the cluster definition.

 

Helm Note: If you want to use Helm to install StorageOS, follow the StorageOS Operator Helm Chart documentation.

Steps to install StorageOS:

1. Install StorageOS operator

Install the StorageOS Cluster Operator using the following yaml manifest.

oc create -f https://github.com/storageos/cluster-operator/releases/download/v2.0.0/storageos-operator.yaml

Verify the Cluster Operator Pod Status

[[email protected]]# oc -n storageos-operator get pod
NAME                                         READY     STATUS    RESTARTS   AGE
storageoscluster-operator-68678798ff-f28zw   1/1       Running   0          3m

The READY 1/1 indicates that storageoscluster resources can be created.

2. Create a Secret

Before deploying a StorageOS cluster, create a Secret defining the StorageOS API Username and Password in base64 encoding. The API username and password are used to create the default StorageOS admin account which can be used with the StorageOS CLI and to login to the StorageOS GUI. The CSI credentials are used to register the CSI accounts, so Kubernetes and StorageOS communicate over an authenticated API.

apiVersion: v1
kind: Secret
metadata:
  name: "storageos-api"
  namespace: "storageos-operator"
  labels:
    app: "storageos"
type: "kubernetes.io/storageos"
data:
  # echo -n '<secret>' | base64
  apiUsername: c3RvcmFnZW9z
  apiPassword: c3RvcmFnZW9z
  # CSI Credentials
  csiProvisionUsername: c3RvcmFnZW9z
  csiProvisionPassword: c3RvcmFnZW9z
  csiControllerPublishUsername: c3RvcmFnZW9z
  csiControllerPublishPassword: c3RvcmFnZW9z
  csiNodePublishUsername: c3RvcmFnZW9z
  csiNodePublishPassword: c3RvcmFnZW9z

This example contains a default password, for production installations, use a unique, strong password.

You can define a base64 value by echo -n "mystring" | base64.

Make sure that the encoding of the credentials doesn’t have special characters such as ‘\n’. The echo -n ensures that a trailing new line is not appended to the string.

If you wish to change the default accounts details post-install please see Managing Users

3 Trigger a StorageOS installation

This is a Cluster Definition example.

apiVersion: "storageos.com/v1"
kind: StorageOSCluster
metadata:
  name: "example-storageos"
  namespace: "storageos-operator"
spec:
  secretRefName: "storageos-api" # Reference from the Secret created in the previous step
  secretRefNamespace: "storageos-operator"  # Namespace of the Secret
  k8sDistro: "openshift"
  images:
    nodeContainer: "storageos/node:v2.0.0" # StorageOS version
  kvBackend:
    address: 'storageos-etcd-client.etcd:2379' # Example address, change for your etcd endpoint
  # address: '10.42.15.23:2379,10.42.12.22:2379,10.42.13.16:2379' # You can set ETCD server ips
  csi:
    enable: true
    deploymentStrategy: deployment
    enableControllerPublishCreds: true
    enableNodePublishCreds: true
    enableProvisionCreds: true
  resources:
    requests:
    memory: "512Mi"
#  nodeSelectorTerms:
#    - matchExpressions:
#      - key: "node-role.kubernetes.io/worker" # Compute node label will vary according to your installation
#        operator: In
#        values:
#        - "true"

Additional spec parameters are available on the Cluster Operator configuration page.

You can find more examples such as deployments referencing a external etcd kv store for StorageOS in the Cluster Operator examples page.

Verify StorageOS Installation

[[email protected]]# oc -n kube-system get pods -w
NAME                                    READY   STATUS    RESTARTS   AGE
storageos-csi-helper-5cf59b5b4-f5nwr    2/2     Running   0          3m
storageos-daemonset-75f6c               3/3     Running   0          3m
storageos-daemonset-czbqx               3/3     Running   0          3m
storageos-daemonset-zv4tq               3/3     Running   0          3m
storageos-scheduler-6d67b46f67-5c46j    1/1     Running   0          3m

The above command watches the Pods created by the Cluster Definition example. Note that pods typically take approximately 65 seconds to enter the Running Phase.

4. License cluster

A newly installed StorageOS cluster does not include a licence. A cluster must be licensed within 24 hours of the installation. For more information, check the reference licence page.

You can apply a Free Developer licence following the operations licensing page, or purchase a licence contacting [email protected].

5. Set SELinux Permissions

The StorageOS CSI helper needs to mount a CSI Socket into the container so on each node add the svirt_sandbox_file_t flag to the CSI socket directory and CSI socket.

chcon -Rt svirt_sandbox_file_t /var/lib/kubelet/plugins_registry/storageos

First StorageOS volume

If this is your first installation you may wish to follow the StorageOS Volume guide for an example of how to mount a StorageOS volume in a Pod.