starlingx/docs
Code Issues Proposed changes
docs/doc/source/storage/kubernetes/configure-an-external-netapp-deployment-as-the-storage-backend.rst
Juanita Balaraj b75988e8f8 The trident pod was in pending state after upgrade (dsr8, r8) 
Added sudo before running the ansible-playbook command
Change-Id: Id0b6f9dbff0526383a0fadb3b8855e02058a97cb
Signed-off-by: Juanita Balaraj <juanita.balaraj@windriver.com>
2023-11-10 18:53:43 +00:00

285 lines
9.6 KiB
ReStructuredText
Raw Blame History

.. Greg updates required for -High Security Vulnerability Document Updates
.. rzp1584539804482
.. _configure-an-external-netapp-deployment-as-the-storage-backend:
==============================================================
Configure an External NetApp Deployment as the Storage Backend
==============================================================
Configure an external NetApp deployment as the storage backend, after system
installation using a |prod|-provided ansible playbook.
.. note::
It is not currently possible to setup NetApp in subclouds via orchestration.
Ansible playbook install_netapp_backend.yml must be executed manually in
each host.
.. rubric:: |prereq|
|prod-long| must be installed and fully deployed before performing this
procedure.
.. xbooklink See the :ref:`Installation Overview <installation-overview>`
for more information.
.. rubric:: |proc|
#. Configure the storage network.
.. only:: starlingx
Follow the next steps to configure storage network
.. only:: partner
.. include:: /_includes/configure-external-netapp.rest
#. If you have not done so already, create an address pool for the
storage network. This can be done at any time.
.. code-block:: none
system addrpool-add --ranges <start_address>-<end_address> <name_of_address_pool> <network_address> <network_prefix>
For example:
.. code-block:: none
(keystone_admin)$ system addrpool-add --ranges 10.10.20.1-10.10.20.100 storage-pool 10.10.20.0 24
#. If you have not done so already, create the storage network using
the address pool.
For example:
.. code-block:: none
(keystone_admin)$ system addrpool-list | grep storage-pool | awk '{print$2}' | xargs system network-add storage-net storage true
#. For each host in the system, do the following:
#. Lock the host.
.. code-block:: none
(keystone_admin)$ system host-lock <hostname>
#. Create an interface using the address pool.
For example:
.. code-block:: none
(keystone_admin)$ system host-if-modify -n storage0 -c platform --ipv4-mode static --ipv4-pool storage-pool controller-0 enp0s9
#. Assign the interface to the network.
For example:
.. code-block:: none
(keystone_admin)$ system interface-network-assign controller-0 storage0 storage-net
#. Unlock the system.
.. code-block:: none
(keystone_admin)$ system host-unlock <hostname>
.. _configuring-an-external-netapp-deployment-as-the-storage-backend-mod-localhost:
#. Configure NetApps configurable parameters and run the provided
install_netapp_backend.yml ansible playbook to enable connectivity to
NetApp as a storage backend for |prod|.
#. Provide NetApp backend configurable parameters in an overrides yaml
file.
You can make changes-in-place to your existing localhost.yml file
or create another in an alternative location. In either case, you
also have the option of using an ansible vault to secure/encrypt the
localhost.yaml file containing sensitive data, i.e, using
:command:`ansible-vault create $HOME/localhost.yml` or :command:`ansible-vault edit $HOME/localhost.yml`
commands.
The following parameters are mandatory:
``ansible_become_pass``
Provide the admin password.
``netapp_backends``
**name**
A name for the storage class.
``provisioner``
This value must be ``netapp.io/trident``.
``backendType``
This value can be anything but must be the same as
StorageDriverName below.
``version``
This value must be 1.
``storageDriverName``
This value can be anything but must be the same as
backendType below.
``managementLIF``
The management IP address for the backend logical interface.
``dataLIF``
The data IP address for the backend logical interface.
``svm``
The storage virtual machine type to use.
``username``
The username for authentication against the netapp backend.
``password``
The password for authentication against the netapp backend.
The following parameters are optional:
``trident_setup_dir``
Set a staging directory for generated configuration files. The
default is /tmp/trident.
``trident_namespace``
Set this option to use an alternate Kubernetes namespace.
``trident_rest_api_port``
Use an alternate port for the Trident REST API. The default is
8000.
``trident_install_extra_params``
Add extra space-separated parameters when installing trident.
For complete listings of available parameters, see
`https://opendev.org/starlingx/ansible-playbooks/src/commit/d05785ffd9add6553662fcab43f30bf8d9f6d2e3/playbookconfig/src/playbooks/host_vars/netapp/default.yml
<https://opendev.org/starlingx/ansible-playbooks/src/commit/d05785ffd9add6553662fcab43f30bf8d9f6d2e3/playbookconfig/src/playbooks/host_vars/netapp/default.yml>`__
and
`https://opendev.org/starlingx/ansible-playbooks/src/commit/d05785ffd9add6553662fcab43f30bf8d9f6d2e3/playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/vars/main.yml
<https://opendev.org/starlingx/ansible-playbooks/src/commit/d05785ffd9add6553662fcab43f30bf8d9f6d2e3/playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/vars/main.yml>`__
The following example shows a minimal configuration in
localhost.yaml:
.. code-block:: none
ansible_become_pass: <sysadmin_password>
trident_clean_folder: true
netapp_k8s_storageclasses:
- metadata:
name: netapp-nas-backend
provisioner: netapp.io/trident
parameters:
backendType: "ontap-nas"
mountOptions: ["rw", "hard", "intr", "bg", "vers=4", "proto=tcp", "timeo=600", "rsize=65536", "wsize=65536"]
netapp_k8s_snapshotstorageclasses:
- metadata:
name: csi-snapclass
driver: csi.trident.netapp.io
deletionPolicy: Delete
netapp_backends:
- metadata:
name: backend-tbc
spec:
version: 1
storageDriverName: "ontap-nas"
backendName: "nas-backend"
managementLIF: "10.0.0.1"
dataLIF: "10.0.0.2"
svm: "svm_nfs"
credentials:
name: backend-tbc-secret
tbc_secret:
- metadata:
name: backend-tbc-secret
type: Opaque
stringData:
username: "admin"
password: "secret"
This file is sectioned into ``netapp_k8s_storageclass``,
``netapp_k8s_snapshotstorageclasses``, ``netapp_backends``, and
``tbc_secret``. You can add multiple backends and/or storage classes.
.. note::
To use IPv6 addressing, you must add the following to your
configuration:
.. code-block:: none
trident_install_extra_params: "--use-ipv6"
For more information about configuration options, see
`https://netapp-trident.readthedocs.io/en/stable-v20.04/kubernetes/operations/tasks/backends/ontap.html
<https://netapp-trident.readthedocs.io/en/stable-v20.04/kubernetes/operations/tasks/backends/ontap.html>`__.
.. note::
By default, NetApp is configured to have ``777`` as
unixPermissions. |prod| recommends changing these settings to
make it more secure, for example, ``"unixPermissions": "755"``.
Ensure that the right permissions are used, and there is no
conflict with container security.
Do NOT use ``777`` as ``unixPermissions`` to configure an external
NetApp deployment as the Storage backend. For more information,
contact NetApp, at `https://www.netapp.com/
<https://www.netapp.com/>`__.
#. Run the playbook.
The following example uses the ``-e`` option to specify a customized
location for the localhost.yml file.
.. code-block:: none
sudo ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/install_netapp_backend.yml -e "override_files_dir=</home/sysadmin/mynetappconfig>"
Upon successful launch, there will be one Trident pod running on
each node, plus an extra pod for the REST API running on one of the
controller nodes.
#. Confirm that the pods launched successfully.
In an all-in-one simplex environment you will see pods similar to the
following:
.. code-block:: none
(keystone_admin)$ kubectl -n <tridentNamespace> get pods
NAME READY STATUS RESTARTS AGE
trident-csi-c4575c987-ww49n 5/5 Running 0 0h5m
trident-csi-hv5l7 2/2 Running 0 0h5m
.. rubric:: |postreq|
To configure a persistent volume claim for the NetApp backend, add the
appropriate storage-class name you set up in step :ref:`2
<configure-an-external-netapp-deployment-as-the-storage-backend>`
\(``netapp-nas-backend`` in this example) to the persistent volume
claim's yaml configuration file. For more information about this file, see
|usertasks-doc|: :ref:`Create ReadWriteOnce Persistent Volume Claims
<kubernetes-user-tutorials-create-readwriteonce-persistent-volume-claims>`.
.. _configure-netapps-using-a-private-docker-registry:
-------------------------------------------------
Configure NetApps Using a Private Docker Registry
-------------------------------------------------
Use the ``docker_registries`` parameter to pull from the local registry rather
than public ones.
You must first push the files to the local registry.
View Git Blame Copy Permalink