Deploying OpenShift Data Foundation using IBM Z

Red Hat OpenShift Data Foundation 4.14

Instructions on deploying Red Hat OpenShift Data Foundation to use local storage on IBM Z

Red Hat Storage Documentation Team

Abstract

Read this document for instructions about how to install Red Hat OpenShift Data Foundation to use local storage on IBM Z.

Note

While this document refers only to IBM Z, all information in it also applies to IBM(R) LinuxONE.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Providing feedback on Red Hat documentation

We appreciate your input on our documentation. Do let us know how we can make it better.

To give feedback, create a Bugzilla ticket:

Go to the Bugzilla website.
In the Component section, choose documentation.
Fill in the Description field with your suggestion for improvement. Include a link to the relevant part(s) of documentation.
Click Submit Bug.

Preface

Red Hat OpenShift Data Foundation supports deployment on existing Red Hat OpenShift Container Platform (RHOCP) IBM Z clusters in connected or disconnected environments along with out-of-the-box support for proxy environments.

Note

See Planning your deployment and Preparing to deploy OpenShift Data Foundation for more information about deployment requirements.

To deploy OpenShift Data Foundation, follow the appropriate deployment process for your environment:

Internal Attached Devices mode
- Deploy using local storage devices
External mode

Chapter 1. Preparing to deploy OpenShift Data Foundation

When you deploy OpenShift Data Foundation on OpenShift Container Platform using local storage devices, you can create internal cluster resources. This approach internally provisions base services and all applications can access additional storage classes.

Before you begin the deployment of Red Hat OpenShift Data Foundation using local storage, ensure that your resource requirements are met. See requirements for installing OpenShift Data Foundation using local storage devices.

On the external key management system (KMS),

When the Token authentication method is selected for encryption then refer to Enabling cluster-wide encryption with the Token authentication using KMS.
Ensure that you are using signed certificates on your Vault servers.

After you have addressed the above, follow these steps in the order given:

1.1. Requirements for installing OpenShift Data Foundation using local storage devices

Node requirements

The cluster must consist of at least three OpenShift Container Platform worker or infrastructure nodes with locally attached-storage devices on each of them.

Each of the three selected nodes must have at least one raw block device available. OpenShift Data Foundation uses the one or more available raw block devices.
The devices you use must be empty, the disks must not include Physical Volumes (PVs), Volume Groups (VGs), or Logical Volumes (LVs) remaining on the disk.

For more information, see the Resource requirements section in the Planning guide.

1.2. Enabling cluster-wide encryption with KMS using the Token authentication method

You can enable the key value backend path and policy in the vault for token authentication.

Prerequisites

Administrator access to the vault.
A valid Red Hat OpenShift Data Foundation Advanced subscription. For more information, see the knowledgebase article on OpenShift Data Foundation subscriptions.
Carefully, select a unique path name as the backend path that follows the naming convention since you cannot change it later.

Procedure

Enable the Key/Value (KV) backend path in the vault.
For vault KV secret engine API, version 1:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
vault secrets enable -path=odf kv
```
```
$ vault secrets enable -path=odf kv
```
For vault KV secret engine API, version 2:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
vault secrets enable -path=odf kv-v2
```
```
$ vault secrets enable -path=odf kv-v2
```

Create a policy to restrict the users to perform a write or delete operation on the secret:

Copy to Clipboard Toggle word wrap

echo '
path "odf/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}
path "sys/mounts" {
capabilities = ["read"]
}'| vault policy write odf -

echo '
path "odf/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}
path "sys/mounts" {
capabilities = ["read"]
}'| vault policy write odf -

Create a token that matches the above policy:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
vault token create -policy=odf -format json
```
```
$ vault token create -policy=odf -format json
```

Chapter 2. Deploy OpenShift Data Foundation using local storage devices

Deploying OpenShift Data Foundation on OpenShift Container Platform using local storage devices provides you with the option to create internal cluster resources. Follow this deployment method to use local storage to back persistent volumes for your OpenShift Container Platform applications.

Use this section to deploy OpenShift Data Foundation on IBM Z infrastructure where OpenShift Container Platform is already installed.

2.1. Installing Red Hat OpenShift Data Foundation Operator

You can install Red Hat OpenShift Data Foundation Operator using the Red Hat OpenShift Container Platform Operator Hub.

Prerequisites

Access to an OpenShift Container Platform cluster using an account with cluster-admin and operator installation permissions.
You must have at least three worker or infrastructure nodes in the Red Hat OpenShift Container Platform cluster.
For additional resource requirements, see the Planning your deployment guide.

Important

When you need to override the cluster-wide default node selector for OpenShift Data Foundation, you can use the following command to specify a blank node selector for the openshift-storage namespace (create openshift-storage namespace in this case):
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc annotate namespace openshift-storage openshift.io/node-selector=
```
```
$ oc annotate namespace openshift-storage openshift.io/node-selector=
```
Taint a node as infra to ensure only Red Hat OpenShift Data Foundation resources are scheduled on that node. This helps you save on subscription costs. For more information, see the How to use dedicated worker nodes for Red Hat OpenShift Data Foundation section in the Managing and Allocating Storage Resources guide.

Procedure

Log in to the OpenShift Web Console.
Click Operators → OperatorHub.
Scroll or type OpenShift Data Foundation into the Filter by keyword box to find the OpenShift Data Foundation Operator.
Click Install.
Set the following options on the Install Operator page:
1. Update Channel as stable-4.14.
2. Installation Mode as A specific namespace on the cluster.
3. Installed Namespace as Operator recommended namespace openshift-storage. If Namespace openshift-storage does not exist, it is created during the operator installation.
4. Select Approval Strategy as Automatic or Manual.
  If you select Automatic updates, then the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention.
  If you select Manual updates, then the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to update the Operator to a newer version.
5. Ensure that the Enable option is selected for the Console plugin.
6. Click Install.

Verification steps

After the operator is successfully installed, a pop-up with a message, Web console update is available appears on the user interface. Click Refresh web console from this pop-up for the console changes to reflect.
In the Web Console:
- Navigate to Installed Operators and verify that the OpenShift Data Foundation Operator shows a green tick indicating successful installation.
- Navigate to Storage and verify if the Data Foundation dashboard is available.

2.2. Installing Local Storage Operator

Install the Local Storage Operator from the Operator Hub before creating Red Hat OpenShift Data Foundation clusters on local storage devices.

Procedure

Log in to the OpenShift Web Console.
Click Operators → OperatorHub.
Type local storage in the Filter by keyword box to find the Local Storage Operator from the list of operators, and click on it.
Set the following options on the Install Operator page:
1. Update channel as stable.
2. Installation mode as A specific namespace on the cluster.
3. Installed Namespace as Operator recommended namespace openshift-local-storage.
4. Update approval as Automatic.
Click Install.

Verification steps

Verify that the Local Storage Operator shows a green tick indicating successful installation.

2.3. Finding available storage devices (optional)

This step is additional information and can be skipped as the disks are automatically discovered during storage cluster creation. Use this procedure to identify the device names for each of the three or more worker nodes that you have labeled with the OpenShift Data Foundation label cluster.ocs.openshift.io/openshift-storage='' before creating Persistent Volumes (PV) for IBM Z.

Procedure

List and verify the name of the worker nodes with the OpenShift Data Foundation label.

Copy to Clipboard Toggle word wrap

oc get nodes -l=cluster.ocs.openshift.io/openshift-storage=

$ oc get nodes -l=cluster.ocs.openshift.io/openshift-storage=

Example output:

Copy to Clipboard Toggle word wrap

NAME          STATUS   ROLES    AGE     VERSION
bmworker01    Ready    worker   6h45m   v1.16.2
bmworker02    Ready    worker   6h45m   v1.16.2
bmworker03    Ready    worker   6h45m   v1.16.2

NAME          STATUS   ROLES    AGE     VERSION
bmworker01    Ready    worker   6h45m   v1.16.2
bmworker02    Ready    worker   6h45m   v1.16.2
bmworker03    Ready    worker   6h45m   v1.16.2

Log in to each worker node that is used for OpenShift Data Foundation resources and find the unique by-id device name for each available raw block device.

Copy to Clipboard Toggle word wrap

oc debug node/<node name>

$ oc debug node/<node name>

Example output:

Copy to Clipboard Toggle word wrap

oc debug node/bmworker01

$ oc debug node/bmworker01
Starting pod/bmworker01-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.135.71
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# lsblk
NAME                         MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
loop0                          7:0    0   500G  0 loop
sda                            8:0    0   120G  0 disk
|-sda1                         8:1    0   384M  0 part /boot
`-sda4                         8:4    0 119.6G  0 part
`-coreos-luks-root-nocrypt   253:0    0 119.6G  0 dm   /sysroot
sdb                            8:16   0   500G  0 disk

In this example, for bmworker01, the available local device is sdb.

Identify the unique ID for each of the devices selected in Step 2.

Copy to Clipboard Toggle word wrap

sh-4.4#ls -l /dev/disk/by-id/  | grep sdb
lrwxrwxrwx. 1 root root  9 Feb  3 16:49 scsi-360050763808104bc2800000000000259 -> ../../sdb
lrwxrwxrwx. 1 root root  9 Feb  3 16:49 scsi-SIBM_2145_00e020412f0aXX00 -> ../../sdb
lrwxrwxrwx. 1 root root  9 Feb  3 16:49 scsi-0x60050763808104bc2800000000000259 -> ../../sdb

sh-4.4#ls -l /dev/disk/by-id/  | grep sdb
lrwxrwxrwx. 1 root root  9 Feb  3 16:49 scsi-360050763808104bc2800000000000259 -> ../../sdb
lrwxrwxrwx. 1 root root  9 Feb  3 16:49 scsi-SIBM_2145_00e020412f0aXX00 -> ../../sdb
lrwxrwxrwx. 1 root root  9 Feb  3 16:49 scsi-0x60050763808104bc2800000000000259 -> ../../sdb

In the above example, the ID for the local device sdb

Copy to Clipboard Toggle word wrap

scsi-0x60050763808104bc2800000000000259

scsi-0x60050763808104bc2800000000000259

Repeat the above step to identify the device ID for all the other nodes that have the storage devices to be used by OpenShift Data Foundation. See this Knowledge Base article for more details.

2.4. Enabling DASD devices

If you are using DASD devices, you must enable them before creating an OpenShift Data Foundation cluster on IBM Z. Once the DASD devices are available to z/VM guests, complete the following steps from the compute or infrastructure node on which an OpenShift Data Foundation storage node is being installed.

Procedure

To enable the DASD device, run the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
sudo chzdev -e <device_bus_id> 
```
```
sudo chzdev -e <device_bus_id> 
```
1
1
For <device_bus_id>, specify the ID of the DASD device bus-ID. For example, 0.0.b100.
To verify the status of the DASD device you can use the the lsdasd and lsblk commands.
To low-level format the device and specify the disk name, run the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
sudo dasdfmt /dev/<device_name> -b 4096 -p --mode=full 
```
```
sudo dasdfmt /dev/<device_name> -b 4096 -p --mode=full 
```
1
1
For <device_name>, specify the disk name. For example, dasdb.
Important
The use of DASD quick-formatting Extent Space Efficient (ESE) DASD is not supported on OpenShift Data Foundation. If you are using ESE DASDs, make sure to disable quick-formatting with the --mode=full parameter.
To auto-create one partition using the whole disk, run the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
sudo fdasd -a /dev/<device_name> 
```
```
sudo fdasd -a /dev/<device_name> 
```
1
1
For <device_name>, enter the disk name you have specified in the previous step. For example, dasdb.

Once these steps are completed, the device is available during OpenShift Data Foundation deployment as /dev/dasdb1.

Important

During LocalVolumeSet creation, make sure to select only the Part option as device type.

Additional resources

For details on the commands, see Commands for Linux on IBM Z in IBM documentation.

2.5. Creating OpenShift Data Foundation cluster on IBM Z

Use this procedure to create an OpenShift Data Foundation cluster on IBM Z.

Prerequisites

Ensure that all the requirements in the Requirements for installing OpenShift Data Foundation using local storage devices section are met.
You must have at least three worker nodes with the same storage type and size attached to each node (for example, 200 GB) to use local storage devices on IBM Z or IBM® LinuxONE.

Procedure

In the OpenShift Web Console, click Operators → Installed Operators to view all the installed operators.
Ensure that the Project selected is openshift-storage.
Click on the OpenShift Data Foundation operator and then click Create StorageSystem.
In the Backing storage page, perform the following:
1. Select the Create a new StorageClass using the local storage devices for Backing storage type option.
2. Select Full Deployment for the Deployment type option.
3. Click Next.
  Important
  You are prompted to install the Local Storage Operator if it is not already installed. Click Install, and follow the procedure as described in Installing Local Storage Operator.

In the Create local volume set page, provide the following information:

Enter a name for the LocalVolumeSet and the StorageClass.
By default, the local volume set name appears for the storage class name. You can change the name.
Choose one of the following:
- Disks on all nodes
  Uses the available disks that match the selected filters on all the nodes.
- Disks on selected nodes
  Uses the available disks that match the selected filters only on the selected nodes.
  Important
  The flexible scaling feature is enabled only when the storage cluster that you created with three or more nodes are spread across fewer than the minimum requirement of three availability zones.
  For information about flexible scaling, see knowledgebase article on Scaling OpenShift Data Foundation cluster using YAML when flexible scaling is enabled.
  Flexible scaling features get enabled at the time of deployment and can not be enabled or disabled later on.
  If the nodes selected do not match the OpenShift Data Foundation cluster requirement of an aggregated 30 CPUs and 72 GiB of RAM, a minimal cluster is deployed.
  For minimum starting node requirements, see the Resource requirements section in the Planning guide.
From the available list of Disk Type, select SSD/NVME.

Expand the Advanced section and set the following options:

Volume Mode	Block is selected by default.
Device Type	Select one or more device type from the dropdown list. By default, `Disk` and `Part` options are included in the Device Type field. Note For a multi-path device, select the `Mpath` option from the drop-down exclusively. For a DASD-based cluster, ensure that only the `Part` option is included in the Device Type and remove the `Disk` option.
Disk Size	Set a minimum size of 100GB for the device and maximum available size of the device that needs to be included.
Maximum Disks Limit	This indicates the maximum number of PVs that can be created on a node. If this field is left empty, then PVs are created for all the available disks on the matching nodes.

Click Next.
A pop-up to confirm the creation of LocalVolumeSet is displayed.
Click Yes to continue.

In the Capacity and nodes page, configure the following:
1. Available raw capacity is populated with the capacity value based on all the attached disks associated with the storage class. This takes some time to show up. The Selected nodes list shows the nodes based on the storage class.
2. You can check the box to select Taint nodes.
3. Click Next.
Optional: In the Security and network page, configure the following based on your requirement:
1. To enable encryption, select Enable data encryption for block and file storage.
2. Choose one or both of the following Encryption level:
  - Cluster-wide encryption
    Encrypts the entire cluster (block and file).
  - StorageClass encryption
    Creates encrypted persistent volume (block only) using encryption enabled storage class.
3. Select Connect to an external key management service checkbox. This is optional for cluster-wide encryption.
  1. Key Management Service Provider is set to Vault by default.
  2. Enter Vault Service Name, host Address of Vault server ('https://<hostname or ip>''), Port number and Token.
  3. Expand Advanced Settings to enter additional settings and certificate details based on your Vault configuration:
    Enter the Key Value secret path in Backend Path that is dedicated and unique to OpenShift Data Foundation.
    Optional: Enter TLS Server Name and Vault Enterprise Namespace.
    Upload the respective PEM encoded certificate file to provide CA Certificate, Client Certificate and Client Private Key.
    Click Save.
4. Select Default (SDN) as Multus is not yet supported on OpenShift Data Foundation on IBM Z.
5. Click Next.
In the Data Protection page, if you are configuring Regional-DR solution for Openshift Data Foundation then select the Prepare cluster for disaster recovery(Regional-DR only) checkbox, else click Next.
In the Review and create page::
1. Review the configuration details. To modify any configuration settings, click Back to go back to the previous configuration page.
2. Click Create StorageSystem.

Verification steps

To verify the final Status of the installed storage cluster:
1. In the OpenShift Web Console, navigate to Installed Operators → OpenShift Data Foundation → Storage System → ocs-storagecluster-storagesystem → Resources.
2. Verify that Status of StorageCluster is Ready and has a green tick mark next to it.
To verify if flexible scaling is enabled on your storage cluster, perform the following steps:
1. In the OpenShift Web Console, navigate to Installed Operators → OpenShift Data Foundation → Storage System → ocs-storagecluster-storagesystem → Resources → ocs-storagecluster.
2. In the YAML tab, search for the keys flexibleScaling in spec section and failureDomain in status section. If flexible scaling is true and failureDomain is set to host, flexible scaling feature is enabled.
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
spec:
flexibleScaling: true
[…]
status:
failureDomain: host
```
```
spec:
flexibleScaling: true
[…]
status:
failureDomain: host
```
To verify that all components for OpenShift Data Foundation are successfully installed, see Verifying your OpenShift Data Foundation deployment.

Additional resources

To expand the capacity of the initial cluster, see the Scaling Storage guide.

Chapter 3. Verifying OpenShift Data Foundation deployment for Internal-attached devices mode

Use this section to verify that OpenShift Data Foundation is deployed correctly.

3.1. Verifying the state of the pods

Procedure

Click Workloads → Pods from the OpenShift Web Console.
Select openshift-storage from the Project drop-down list.
Note
If the Show default projects option is disabled, use the toggle button to list all the default projects.
For more information on the expected number of pods for each component and how it varies depending on the number of nodes, see Table 3.1, “Pods corresponding to OpenShift Data Foundation cluster”.

Set filter for Running and Completed pods to verify that the following pods are in Running and Completed state:

Table 3.1. Pods corresponding to OpenShift Data Foundation cluster
Component	Corresponding pods
OpenShift Data Foundation Operator	`ocs-operator-` (1 pod on any storage node) `ocs-metrics-exporter-` (1 pod on any storage node) `odf-operator-controller-manager-` (1 pod on any storage node `csi-addons-controller-manager-` (1 pod on any storage node) `odf-console-*` (1 pod on any storage node)
Rook-ceph Operator	`rook-ceph-operator-*` (1 pod on any storage node)
Multicloud Object Gateway	`noobaa-operator-` (1 pod on any storage node) `noobaa-core-` (1 pod on any storage node) `noobaa-db-pg-` (1 pod on any storage node) `noobaa-endpoint-` (1 pod on any storage node)
MON	`rook-ceph-mon-*` (3 pods distributed across storage nodes)
MGR	`rook-ceph-mgr-*` (1 pod on any storage node)
MDS	`rook-ceph-mds-ocs-storagecluster-cephfilesystem-*` (2 pods distributed across storage nodes)
RGW	`rook-ceph-rgw-ocs-storagecluster-cephobjectstore-*` (1 pod on any storage node)
CSI	`cephfs` `csi-cephfsplugin-` (1 pod on each storage node) `csi-cephfsplugin-provisioner-` (2 pods distributed across storage nodes) `rbd` `csi-rbdplugin-` (1 pod on each storage node) `csi-rbdplugin-provisioner-` (2 pods distributed across storage nodes)
rook-ceph-crashcollector	`rook-ceph-crashcollector-*` (1 pod on each storage node)
OSD	`rook-ceph-osd-` (1 pod for each device) `rook-ceph-osd-prepare-ocs-deviceset-` (1 pod for each device)

3.2. Verifying the OpenShift Data Foundation cluster is healthy

Procedure

In the OpenShift Web Console, click Storage → Data Foundation.
Click the Storage Systems tab and then click on ocs-storagecluster-storagesystem.
In the Status card of Block and File dashboard under Overview tab, verify that both Storage Cluster and Data Resiliency has a green tick mark.
In the Details card, verify that the cluster information is displayed.

For more information on the health of the OpenShift Data Foundation cluster using the Block and File dashboard, see Monitoring OpenShift Data Foundation.

3.3. Verifying the Multicloud Object Gateway is healthy

Procedure

In the OpenShift Web Console, click Storage → Data Foundation.
In the Status card of the Overview tab, click Storage System and then click the storage system link from the pop up that appears.
1. In the Status card of the Object tab, verify that both Object Service and Data Resiliency have a green tick.
2. In the Details card, verify that the MCG information is displayed.

For more information on the health of the OpenShift Data Foundation cluster using the object service dashboard, see Monitoring OpenShift Data Foundation.

Important

The Multicloud Object Gateway only has a single copy of the database (NooBaa DB). This means if NooBaa DB PVC gets corrupted and we are unable to recover it, can result in total data loss of applicative data residing on the Multicloud Object Gateway. Because of this, Red Hat recommends taking a backup of NooBaa DB PVC regularly. If NooBaa DB fails and cannot be recovered, then you can revert to the latest backed-up version. For instructions on backing up your NooBaa DB, follow the steps in this knowledgabase article.

3.4. Verifying that the specific storage classes exist

Procedure

Click Storage → Storage Classes from the left pane of the OpenShift Web Console.
Verify that the following storage classes are created with the OpenShift Data Foundation cluster creation:
- ocs-storagecluster-ceph-rbd
- ocs-storagecluster-cephfs
- openshift-storage.noobaa.io
- ocs-storagecluster-ceph-rgw

Chapter 4. View OpenShift Data Foundation Topology

The topology shows the mapped visualization of the OpenShift Data Foundation storage cluster at various abstraction levels and also lets you to interact with these layers. The view also shows how the various elements compose the Storage cluster altogether.

Procedure

On the OpenShift Web Console, navigate to Storage → Data Foundation → Topology.
The view shows the storage cluster and the zones inside it. You can see the nodes depicted by circular entities within the zones, which are indicated by dotted lines. The label of each item or resource contains basic information such as status and health or indication for alerts.
Choose a node to view node details on the right-hand panel. You can also access resources or deployments within a node by clicking on the search/preview decorator icon.
To view deployment details
1. Click the preview decorator on a node. A modal window appears above the node that displays all of the deployments associated with that node along with their statuses.
2. Click the Back to main view button in the model’s upper left corner to close and return to the previous view.
3. Select a specific deployment to see more information about it. All relevant data is shown in the side panel.
Click the Resources tab to view the pods information. This tab provides a deeper understanding of the problems and offers granularity that aids in better troubleshooting.
Click the pod links to view the pod information page on OpenShift Container Platform. The link opens in a new window.

Chapter 5. Deploying standalone Multicloud Object Gateway

Deploying only the Multicloud Object Gateway component with the OpenShift Data Foundation provides the flexibility in deployment and helps to reduce the resource consumption. Use this section to deploy only the standalone Multicloud Object Gateway component, which involves the following steps:

Installing the Local Storage Operator.
Installing Red Hat OpenShift Data Foundation Operator
Creating standalone Multicloud Object Gateway

5.1. Installing Local Storage Operator

Use this procedure to install the Local Storage Operator from the Operator Hub before creating OpenShift Data Foundation clusters on local storage devices.

Procedure

Log in to the OpenShift Web Console.
Click Operators → OperatorHub.
Type local storage in the Filter by keyword… box to find the Local Storage Operator from the list of operators and select the same.
Set the following options on the Install Operator page:
1. Update channel as stable.
2. Installation Mode as A specific namespace on the cluster.
3. Installed Namespace as Operator recommended namespace openshift-local-storage.
4. Approval Strategy as Automatic.
Click Install.

Verification steps

Verify that the Local Storage Operator shows a green tick indicating successful installation.

5.2. Installing Red Hat OpenShift Data Foundation Operator

You can install Red Hat OpenShift Data Foundation Operator by using the Red Hat OpenShift Container Platform Operator Hub.

For information about the hardware and software requirements, see Planning your deployment.

Prerequisites

Access to an OpenShift Container Platform cluster using an account with cluster-admin and Operator installation permissions.
You must have at least three worker nodes in the Red Hat OpenShift Container Platform cluster.

Important

When you need to override the cluster-wide default node selector for OpenShift Data Foundation, you can use the following command in the command line interface to specify a blank node selector for the openshift-storage namespace (create openshift-storage namespace in this case):

Copy to Clipboard Toggle word wrap

oc annotate namespace openshift-storage openshift.io/node-selector=

$ oc annotate namespace openshift-storage openshift.io/node-selector=

Taint a node as infra to ensure only Red Hat OpenShift Data Foundation resources are scheduled on that node. This helps you save on subscription costs. For more information, see How to use dedicated worker nodes for Red Hat OpenShift Data Foundation chapter in the Managing and Allocating Storage Resources guide.

Procedure

Log in to the OpenShift Web Console.
Click Operators → OperatorHub.
Scroll or type OpenShift Data Foundation into the Filter by keyword box to find the OpenShift Data Foundation Operator.
Click Install.
Set the following options on the Install Operator page:
1. Update Channel as stable-4.14.
2. Installation Mode as A specific namespace on the cluster.
3. Installed Namespace as Operator recommended namespace openshift-storage. If Namespace openshift-storage does not exist, it is created during the operator installation.
Select Approval Strategy as Automatic or Manual.
If you select Automatic updates, then the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention.
If you select Manual updates, then the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to update the Operator to a newer version.
Ensure that the Enable option is selected for the Console plugin.
Click Install.

Verification steps

Verify that the OpenShift Data Foundation Operator shows a green tick indicating successful installation.
After the operator is successfully installed, a pop-up with a message Web console update is available appears on the user interface. Click Refresh web console from this pop-up for the console changes to reflect.
- In the Web Console, navigate to Storage and verify if Data Foundation is available.

5.3. Creating standalone Multicloud Object Gateway on IBM Z

You can create only the standalone Multicloud Object Gateway component while deploying OpenShift Data Foundation.

Prerequisites

Ensure that the OpenShift Data Foundation Operator is installed.
(For deploying using local storage devices only) Ensure that Local Storage Operator is installed.

To identify storage devices on each node, see Finding available storage devices.

Procedure

Log into the OpenShift Web Console.
In openshift-local-storage namespace, click Operators → Installed Operators to view the installed operators.
Click the Local Storage installed operator.
On the Operator Details page, click the Local Volume link.
Click Create Local Volume.
Click on YAML view for configuring Local Volume.

Define a LocalVolume custom resource for filesystem PVs using the following YAML.

Copy to Clipboard Toggle word wrap

apiVersion: local.storage.openshift.io/v1
kind: LocalVolume
metadata:
  name: localblock
  namespace: openshift-local-storage
spec:
  logLevel: Normal
  managementState: Managed
  nodeSelector:
    nodeSelectorTerms:
      - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values:
              - worker-0
              - worker-1
              - worker-2
  storageClassDevices:
    - devicePaths:
        - /dev/sda
      storageClassName: localblock
      volumeMode: Filesystem

apiVersion: local.storage.openshift.io/v1
kind: LocalVolume
metadata:
  name: localblock
  namespace: openshift-local-storage
spec:
  logLevel: Normal
  managementState: Managed
  nodeSelector:
    nodeSelectorTerms:
      - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values:
              - worker-0
              - worker-1
              - worker-2
  storageClassDevices:
    - devicePaths:
        - /dev/sda
      storageClassName: localblock
      volumeMode: Filesystem

The above definition selects sda local device from the worker-0, worker-1 and worker-2 nodes. The localblock storage class is created and persistent volumes are provisioned from sda.

Important

Specify appropriate values of nodeSelector as per your environment. The device name should be same on all the worker nodes. You can also specify more than one devicePaths.

Click Create.
In the OpenShift Web Console, click Operators → Installed Operators to view all the installed operators.
Ensure that the Project selected is openshift-storage.
Click OpenShift Data Foundation operator and then click Create StorageSystem.
In the Backing storage page, select Multicloud Object Gateway for Deployment type.
Select the Use an existing StorageClass option for Backing storage type.
1. Select the Storage Class that you used while installing LocalVolume.
Click Next.
Optional: In the Security page, select the Connect to an external key management service checkbox. This is optional for cluster-wide encryption.
1. From the Key Management Service Provider drop down list, either select Vault or Thales CipherTrust Manager (using KMIP). If you selected Vault, go to the next step. If you selected Thales CipherTrust Manager (using KMIP), go to step iii.
2. Select an Authentication Method.
  Using Token authentication method
  Enter a unique Connection Name, host Address of the Vault server ('https://<hostname or ip>'), Port number and Token.
  Expand Advanced Settings to enter additional settings and certificate details based on your Vault configuration:
  Enter the Key Value secret path in Backend Path that is dedicated and unique to OpenShift Data Foundation.
  Optional: Enter TLS Server Name and Vault Enterprise Namespace.
  Upload the respective PEM encoded certificate file to provide the CA Certificate, Client Certificate and Client Private Key.
  Click Save and skip to step iv.
  Using Kubernetes authentication method
  Enter a unique Vault Connection Name, host Address of the Vault server ('https://<hostname or ip>'), Port number and Role name.
  Expand Advanced Settings to enter additional settings and certificate details based on your Vault configuration:
  Enter the Key Value secret path in the Backend Path that is dedicated and unique to OpenShift Data Foundation.
  Optional: Enter TLS Server Name and Authentication Path if applicable.
  Upload the respective PEM encoded certificate file to provide the CA Certificate, Client Certificate, and Client Private Key.
  Click Save and skip to step iv.
3. To use Thales CipherTrust Manager (using KMIP) as the KMS provider, follow the steps below:
  1. Enter a unique Connection Name for the Key Management service within the project.
  2. In the Address and Port sections, enter the IP of Thales CipherTrust Manager and the port where the KMIP interface is enabled. For example:
    Address: 123.34.3.2
    Port: 5696
  3. Upload the Client Certificate, CA certificate, and Client Private Key.
  4. If StorageClass encryption is enabled, enter the Unique Identifier to be used for encryption and decryption generated above.
  5. The TLS Server field is optional and used when there is no DNS entry for the KMIP endpoint. For example, kmip_all_<port>.ciphertrustmanager.local.
4. Select a Network.
5. Click Next.
In the Review and create page, review the configuration details:
To modify any configuration settings, click Back.
Click Create StorageSystem.

Verification steps

Verifying that the OpenShift Data Foundation cluster is healthy

In the OpenShift Web Console, click Storage → Data Foundation.
Click the Storage Systems tab and then click on ocs-storagecluster-storagesystem.
1. In the Status card of the Object tab, verify that both Object Service and Data Resiliency have a green tick.
2. In the Details card, verify that the MCG information is displayed.

Verifying the state of the pods

Click Workloads → Pods from the OpenShift Web Console.

Select openshift-storage from the Project drop-down list and verify that the following pods are in Running state.

Note

If the Show default projects option is disabled, use the toggle button to list all the default projects.

Component Corresponding pods

Component	Corresponding pods
OpenShift Data Foundation Operator	`ocs-operator-` (1 pod on any storage node) `ocs-metrics-exporter-` (1 pod on any storage node) `odf-operator-controller-manager-` (1 pod on any storage node) `odf-console-` (1 pod on any storage node) `csi-addons-controller-manager-*` (1 pod on any storage node)
Rook-ceph Operator	`rook-ceph-operator-*` (1 pod on any storage node)
Multicloud Object Gateway	`noobaa-operator-` (1 pod on any storage node) `noobaa-core-` (1 pod on any storage node) `noobaa-db-pg-` (1 pod on any storage node) `noobaa-endpoint-` (1 pod on any storage node) `noobaa-default-backing-store-noobaa-pod-*` (1 pod on any storage node)

OpenShift Data Foundation Operator

ocs-operator-* (1 pod on any storage node)
ocs-metrics-exporter-* (1 pod on any storage node)
odf-operator-controller-manager-* (1 pod on any storage node)
odf-console-* (1 pod on any storage node)
csi-addons-controller-manager-* (1 pod on any storage node)

Rook-ceph Operator

rook-ceph-operator-*

(1 pod on any storage node)

Multicloud Object Gateway

noobaa-operator-* (1 pod on any storage node)
noobaa-core-* (1 pod on any storage node)
noobaa-db-pg-* (1 pod on any storage node)
noobaa-endpoint-* (1 pod on any storage node)
noobaa-default-backing-store-noobaa-pod-* (1 pod on any storage node)

Chapter 6. Uninstalling OpenShift Data Foundation

6.1. Uninstalling OpenShift Data Foundation in Internal-attached devices mode

Use the steps in this section to uninstall OpenShift Data Foundation.

Uninstall Annotations

Annotations on the Storage Cluster are used to change the behavior of the uninstall process. To define the uninstall behavior, the following two annotations have been introduced in the storage cluster:

uninstall.ocs.openshift.io/cleanup-policy: delete
uninstall.ocs.openshift.io/mode: graceful

The following table provides information on the different values that can used with these annotations:

Table 6.1. uninstall.ocs.openshift.io uninstall annotations descriptions
Annotation	Value	Default	Behavior
cleanup-policy	delete	Yes	Rook cleans up the physical drives and the `DataDirHostPath`
cleanup-policy	retain	No	Rook does not clean up the physical drives and the `DataDirHostPath`
mode	graceful	Yes	Rook and NooBaa pauses the uninstall process until the administrator/user removes the Persistent Volume Claims (PVCs) and Object Bucket Claims (OBCs)
mode	forced	No	Rook and NooBaa proceeds with uninstall even if the PVCs/OBCs provisioned using Rook and NooBaa exist respectively

Edit the value of the annotation to change the cleanup policy or the uninstall mode.

Copy to Clipboard Toggle word wrap

oc -n openshift-storage annotate storagecluster ocs-storagecluster uninstall.ocs.openshift.io/cleanup-policy="retain" --overwrite

$ oc -n openshift-storage annotate storagecluster ocs-storagecluster uninstall.ocs.openshift.io/cleanup-policy="retain" --overwrite

Copy to Clipboard Toggle word wrap

oc -n openshift-storage annotate storagecluster ocs-storagecluster uninstall.ocs.openshift.io/mode="forced" --overwrite

$ oc -n openshift-storage annotate storagecluster ocs-storagecluster uninstall.ocs.openshift.io/mode="forced" --overwrite

Expected output for both commands:

Copy to Clipboard Toggle word wrap

storagecluster.ocs.openshift.io/ocs-storagecluster annotated

storagecluster.ocs.openshift.io/ocs-storagecluster annotated

Prerequisites

Ensure that the OpenShift Data Foundation cluster is in a healthy state. The uninstall process can fail when some of the pods are not terminated successfully due to insufficient resources or nodes. In case the cluster is in an unhealthy state, contact Red Hat Customer Support before uninstalling OpenShift Data Foundation.
Ensure that applications are not consuming persistent volume claims (PVCs) or object bucket claims (OBCs) using the storage classes provided by OpenShift Data Foundation.
If any custom resources (such as custom storage classes, cephblockpools) were created by the admin, they must be deleted by the admin after removing the resources which consumed them.

Procedure

Delete the volume snapshots that are using OpenShift Data Foundation.
1. List the volume snapshots from all the namespaces.
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc get volumesnapshot --all-namespaces
```
```
$ oc get volumesnapshot --all-namespaces
```
2. From the output of the previous command, identify and delete the volume snapshots that are using OpenShift Data Foundation.
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete volumesnapshot <VOLUME-SNAPSHOT-NAME> -n <NAMESPACE>
```
```
$ oc delete volumesnapshot <VOLUME-SNAPSHOT-NAME> -n <NAMESPACE>
```
  <VOLUME-SNAPSHOT-NAME>
  Is the name of the volume snapshot
  <NAMESPACE>
  Is the project namespace
Delete PVCs and OBCs that are using OpenShift Data Foundation.
In the default uninstall mode (graceful), the uninstaller waits till all the PVCs and OBCs that use OpenShift Data Foundation are deleted.
If you want to delete the Storage Cluster without deleting the PVCs, you can set the uninstall mode annotation to forced and skip this step. Doing so results in orphan PVCs and OBCs in the system.
1. Delete OpenShift Container Platform monitoring stack PVCs using OpenShift Data Foundation.
  See Removing monitoring stack from OpenShift Data Foundation
2. Delete OpenShift Container Platform Registry PVCs using OpenShift Data Foundation.
  Removing OpenShift Container Platform registry from OpenShift Data Foundation
3. Delete OpenShift Container Platform logging PVCs using OpenShift Data Foundation.
  Removing the cluster logging operator from OpenShift Data Foundation
4. Delete the other PVCs and OBCs provisioned using OpenShift Data Foundation.
  - Given below is a sample script to identify the PVCs and OBCs provisioned using OpenShift Data Foundation. The script ignores the PVCs that are used internally by OpenShift Data Foundation.
    Copy to Clipboard Toggle word wrap
    #!/bin/bash RBD_PROVISIONER="openshift-storage.rbd.csi.ceph.com" CEPHFS_PROVISIONER="openshift-storage.cephfs.csi.ceph.com" NOOBAA_PROVISIONER="openshift-storage.noobaa.io/obc" RGW_PROVISIONER="openshift-storage.ceph.rook.io/bucket" NOOBAA_DB_PVC="noobaa-db" NOOBAA_BACKINGSTORE_PVC="noobaa-default-backing-store-noobaa-pvc" # Find all the OCS StorageClasses OCS_STORAGECLASSES=$(oc get storageclasses | grep -e "$RBD_PROVISIONER" -e "$CEPHFS_PROVISIONER" -e "$NOOBAA_PROVISIONER" -e "$RGW_PROVISIONER" | awk '{print $1}') # List PVCs in each of the StorageClasses for SC in $OCS_STORAGECLASSES do echo "======================================================================" echo "$SC StorageClass PVCs and OBCs" echo "======================================================================" oc get pvc --all-namespaces --no-headers 2>/dev/null | grep $SC | grep -v -e "$NOOBAA_DB_PVC" -e "$NOOBAA_BACKINGSTORE_PVC" oc get obc --all-namespaces --no-headers 2>/dev/null | grep $SC echo done
    Note
    Omit RGW_PROVISIONER for cloud platforms.
  - Delete the OBCs.
    Copy to Clipboard Toggle word wrap
    $ oc delete obc <obc-name> -n <project-name>
    <obc-name>
    Is the name of the OBC
    <project-name>
    Is the name of the project
  - Delete the PVCs.
    Copy to Clipboard Toggle word wrap
    $ oc delete pvc <pvc-name> -n <project-name>
    <pvc-name>
    Is the name of the PVC
    <project-name>
    Is the name of the project
    Note
    Ensure that you have removed any custom backing stores, bucket classes, etc., created in the cluster.
Delete the Storage System object and wait for the removal of the associated resources.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete -n openshift-storage storagesystem --all --wait=true
```
```
$ oc delete -n openshift-storage storagesystem --all --wait=true
```

Check the cleanup pods if the uninstall.ocs.openshift.io/cleanup-policy was set to delete(default) and ensure that their status is Completed.

Copy to Clipboard Toggle word wrap

oc get pods -n openshift-storage | grep -i cleanup

$ oc get pods -n openshift-storage | grep -i cleanup

Example output:

Copy to Clipboard Toggle word wrap

NAME                                READY   STATUS      RESTARTS   AGE
cluster-cleanup-job-<xx>        	0/1     Completed   0          8m35s
cluster-cleanup-job-<yy>     		0/1     Completed   0          8m35s
cluster-cleanup-job-<zz>     		0/1     Completed   0          8m35s

NAME                                READY   STATUS      RESTARTS   AGE
cluster-cleanup-job-<xx>        	0/1     Completed   0          8m35s
cluster-cleanup-job-<yy>     		0/1     Completed   0          8m35s
cluster-cleanup-job-<zz>     		0/1     Completed   0          8m35s

Confirm that the directory /var/lib/rook is now empty. This directory is empty only if the uninstall.ocs.openshift.io/cleanup-policy annotation was set to delete(default).

Copy to Clipboard Toggle word wrap

for i in $(oc get node -l cluster.ocs.openshift.io/openshift-storage= -o jsonpath='{ .items[*].metadata.name }'); do oc debug node/${i} -- chroot /host  ls -l /var/lib/rook; done

$ for i in $(oc get node -l cluster.ocs.openshift.io/openshift-storage= -o jsonpath='{ .items[*].metadata.name }'); do oc debug node/${i} -- chroot /host  ls -l /var/lib/rook; done

If encryption was enabled at the time of install, remove dm-crypt managed device-mapper mapping from the OSD devices on all the OpenShift Data Foundation nodes.
1. Create a debug pod and chroot to the host on the storage node.
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc debug node/<node-name>
```
```
$ oc debug node/<node-name>
```
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
chroot /host
```
```
$ chroot /host
```
  <node-name>
  Is the name of the node
2. Get Device names and make note of the OpenShift Data Foundation devices.
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
dmsetup ls
```
```
$ dmsetup ls
```
  Example output:
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
ocs-deviceset-0-data-0-57snx-block-dmcrypt (253:1)
```
```
ocs-deviceset-0-data-0-57snx-block-dmcrypt (253:1)
```
3. Remove the mapped device.
  Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
cryptsetup luksClose --debug --verbose ocs-deviceset-0-data-0-57snx-block-dmcrypt
```
```
$ cryptsetup luksClose --debug --verbose ocs-deviceset-0-data-0-57snx-block-dmcrypt
```
  Important
  If the above command gets stuck due to insufficient privileges, run the following commands:
  Press CTRL+Z to exit the above command.
  Find PID of the process which was stuck.
  Copy to Clipboard Toggle word wrap
  $ ps -ef | grep crypt
  Terminate the process using kill command.
  Copy to Clipboard Toggle word wrap
  $ kill -9 <PID>
  <PID>
  Is the process ID
  Verify that the device name is removed.
  Copy to Clipboard Toggle word wrap
  $ dmsetup ls
Delete the namespace and wait till the deletion is complete. You need to switch to another project if openshift-storage is the active project.
For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc project default
```
```
$ oc project default
```
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete project openshift-storage --wait=true --timeout=5m
```
```
$ oc delete project openshift-storage --wait=true --timeout=5m
```
The project is deleted if the following command returns a NotFound error.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc get project openshift-storage
```
```
$ oc get project openshift-storage
```
Note
While uninstalling OpenShift Data Foundation, if namespace is not deleted completely and remains in Terminating state, perform the steps in Troubleshooting and deleting remaining resources during Uninstall to identify objects that are blocking the namespace from being terminated.
Delete local storage operator configurations if you have deployed OpenShift Data Foundation using local storage devices. See Removing local storage operator configurations.

Unlabel the storage nodes.

Copy to Clipboard Toggle word wrap

oc label nodes  --all cluster.ocs.openshift.io/openshift-storage-

$ oc label nodes  --all cluster.ocs.openshift.io/openshift-storage-

Copy to Clipboard Toggle word wrap

oc label nodes  --all topology.rook.io/rack-

$ oc label nodes  --all topology.rook.io/rack-

Remove the OpenShift Data Foundation taint if the nodes were tainted.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc adm taint nodes --all node.ocs.openshift.io/storage-
```
```
$ oc adm taint nodes --all node.ocs.openshift.io/storage-
```
Confirm all the Persistent volumes (PVs) provisioned using OpenShift Data Foundation are deleted. If there is any PV left in the Released state, delete it.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc get pv
```
```
$ oc get pv
```
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete pv <pv-name>
```
```
$ oc delete pv <pv-name>
```
<pv-name>
Is the name of the PV

Remove the CustomResourceDefinitions.

Copy to Clipboard Toggle word wrap

oc delete crd backingstores.noobaa.io bucketclasses.noobaa.io cephblockpools.ceph.rook.io cephclusters.ceph.rook.io cephfilesystems.ceph.rook.io cephnfses.ceph.rook.io cephobjectstores.ceph.rook.io cephobjectstoreusers.ceph.rook.io noobaas.noobaa.io ocsinitializations.ocs.openshift.io storageclusters.ocs.openshift.io cephclients.ceph.rook.io cephobjectrealms.ceph.rook.io cephobjectzonegroups.ceph.rook.io cephobjectzones.ceph.rook.io cephrbdmirrors.ceph.rook.io storagesystems.odf.openshift.io --wait=true --timeout=5m

$ oc delete crd backingstores.noobaa.io bucketclasses.noobaa.io cephblockpools.ceph.rook.io cephclusters.ceph.rook.io cephfilesystems.ceph.rook.io cephnfses.ceph.rook.io cephobjectstores.ceph.rook.io cephobjectstoreusers.ceph.rook.io noobaas.noobaa.io ocsinitializations.ocs.openshift.io storageclusters.ocs.openshift.io cephclients.ceph.rook.io cephobjectrealms.ceph.rook.io cephobjectzonegroups.ceph.rook.io cephobjectzones.ceph.rook.io cephrbdmirrors.ceph.rook.io storagesystems.odf.openshift.io --wait=true --timeout=5m

To ensure that OpenShift Data Foundation is uninstalled completely, on the OpenShift Container Platform Web Console,
1. Click Storage.
2. Verify that OpenShift Data Foundation no longer appears under Storage.

6.1.1. Removing local storage operator configurations

Use the instructions in this section only if you have deployed OpenShift Data Foundation using local storage devices.

Note

For OpenShift Data Foundation deployments only using localvolume resources, go directly to step 8.

Procedure

Identify the LocalVolumeSet and the corresponding StorageClassName being used by OpenShift Data Foundation.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc get localvolumesets.local.storage.openshift.io -n openshift-local-storage
```
```
$ oc get localvolumesets.local.storage.openshift.io -n openshift-local-storage
```
Set the variable SC to the StorageClass providing the LocalVolumeSet.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
export SC="<StorageClassName>"
```
```
$ export SC="<StorageClassName>"
```

List and note the devices to be cleaned up later. Inorder to list the device ids of the disks, follow the procedure mentioned here, See Find the available storage devices.

Example output:

Copy to Clipboard Toggle word wrap

/dev/disk/by-id/scsi-360050763808104bc28000000000000eb
/dev/disk/by-id/scsi-360050763808104bc28000000000000ef
/dev/disk/by-id/scsi-360050763808104bc28000000000000f3

/dev/disk/by-id/scsi-360050763808104bc28000000000000eb
/dev/disk/by-id/scsi-360050763808104bc28000000000000ef
/dev/disk/by-id/scsi-360050763808104bc28000000000000f3

Delete the LocalVolumeSet.

Copy to Clipboard Toggle word wrap

oc delete localvolumesets.local.storage.openshift.io <name-of-volumeset> -n openshift-local-storage

$ oc delete localvolumesets.local.storage.openshift.io <name-of-volumeset> -n openshift-local-storage

Delete the local storage PVs for the given StorageClassName.

Copy to Clipboard Toggle word wrap

oc get pv | grep $SC | awk '{print $1}'| xargs oc delete pv

$ oc get pv | grep $SC | awk '{print $1}'| xargs oc delete pv

Delete the StorageClassName.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete sc $SC
```
```
$ oc delete sc $SC
```

Delete the symlinks created by the LocalVolumeSet.

Copy to Clipboard Toggle word wrap

[[ ! -z $SC ]] && for i in $(oc get node -l cluster.ocs.openshift.io/openshift-storage= -o jsonpath='{ .items[*].metadata.name }'); do oc debug node/${i} -- chroot /host rm -rfv /mnt/local-storage/${SC}/; done

[[ ! -z $SC ]] && for i in $(oc get node -l cluster.ocs.openshift.io/openshift-storage= -o jsonpath='{ .items[*].metadata.name }'); do oc debug node/${i} -- chroot /host rm -rfv /mnt/local-storage/${SC}/; done

Delete LocalVolumeDiscovery.

Copy to Clipboard Toggle word wrap

oc delete localvolumediscovery.local.storage.openshift.io/auto-discover-devices -n openshift-local-storage

$ oc delete localvolumediscovery.local.storage.openshift.io/auto-discover-devices -n openshift-local-storage

Remove the LocalVolume resources (if any).

Use the following steps to remove the LocalVolume resources that were used to provision PVs in the current or previous OpenShift Data Foundation version. Also, ensure that these resources are not being used by other tenants on the cluster.

For each of the local volumes, do the following:

Identify the LocalVolume and the corresponding StorageClassName being used by OpenShift Data Foundation.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc get localvolume.local.storage.openshift.io -n openshift-local-storage
```
```
$ oc get localvolume.local.storage.openshift.io -n openshift-local-storage
```
Set the variable LV to the name of the LocalVolume and variable SC to the name of the StorageClass
For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
LV=local-block
SC=localblock
```
```
$ LV=local-block
$ SC=localblock
```

List and note the devices to be cleaned up later.

Copy to Clipboard Toggle word wrap

oc get localvolume -n openshift-local-storage $LV -o jsonpath='{ .spec.storageClassDevices[].devicePaths[] }{"\n"}'

$ oc get localvolume -n openshift-local-storage $LV -o jsonpath='{ .spec.storageClassDevices[].devicePaths[] }{"\n"}'

Example output:

Copy to Clipboard Toggle word wrap

/dev/sdb
/dev/sdc
/dev/sdd
/dev/sde

/dev/sdb
/dev/sdc
/dev/sdd
/dev/sde

Delete the local volume resource.

Copy to Clipboard Toggle word wrap

oc delete localvolume -n openshift-local-storage --wait=true $LV

$ oc delete localvolume -n openshift-local-storage --wait=true $LV

Delete the remaining PVs and StorageClasses if they exist.

Copy to Clipboard Toggle word wrap

oc delete pv -l storage.openshift.com/local-volume-owner-name=${LV} --wait --timeout=5m
oc delete storageclass $SC --wait --timeout=5m

$ oc delete pv -l storage.openshift.com/local-volume-owner-name=${LV} --wait --timeout=5m
$ oc delete storageclass $SC --wait --timeout=5m

Clean up the artifacts from the storage nodes for that resource.

Copy to Clipboard Toggle word wrap

[[ ! -z $SC ]] && for i in $(oc get node -l cluster.ocs.openshift.io/openshift-storage= -o jsonpath='{ .items[*].metadata.name }'); do oc debug node/${i} -- chroot /host rm -rfv /mnt/local-storage/${SC}/; done

$ [[ ! -z $SC ]] && for i in $(oc get node -l cluster.ocs.openshift.io/openshift-storage= -o jsonpath='{ .items[*].metadata.name }'); do oc debug node/${i} -- chroot /host rm -rfv /mnt/local-storage/${SC}/; done

Example output:

Copy to Clipboard Toggle word wrap

Starting pod/node-xxx-debug ...
To use host binaries, run `chroot /host`
removed '/mnt/local-storage/localblock/nvme2n1'
removed directory '/mnt/local-storage/localblock'

Removing debug pod ...
Starting pod/node-yyy-debug ...
To use host binaries, run `chroot /host`
removed '/mnt/local-storage/localblock/nvme2n1'
removed directory '/mnt/local-storage/localblock'

Removing debug pod ...
Starting pod/node-zzz-debug ...
To use host binaries, run `chroot /host`
removed '/mnt/local-storage/localblock/nvme2n1'
removed directory '/mnt/local-storage/localblock'

Removing debug pod ...

Starting pod/node-xxx-debug ...
To use host binaries, run `chroot /host`
removed '/mnt/local-storage/localblock/nvme2n1'
removed directory '/mnt/local-storage/localblock'

Removing debug pod ...
Starting pod/node-yyy-debug ...
To use host binaries, run `chroot /host`
removed '/mnt/local-storage/localblock/nvme2n1'
removed directory '/mnt/local-storage/localblock'

Removing debug pod ...
Starting pod/node-zzz-debug ...
To use host binaries, run `chroot /host`
removed '/mnt/local-storage/localblock/nvme2n1'
removed directory '/mnt/local-storage/localblock'

Removing debug pod ...

Wipe the disks for each of the local volumesets or local volumes listed in step 1 and 8 respectively so that they can be reused.

List the storage nodes.

Copy to Clipboard Toggle word wrap

oc get nodes -l cluster.ocs.openshift.io/openshift-storage=

oc get nodes -l cluster.ocs.openshift.io/openshift-storage=

Example output:

Copy to Clipboard Toggle word wrap

NAME      STATUS   ROLES    AGE     VERSION
node-xxx  Ready    worker   4h45m  v1.18.3+6c42de8
node-yyy  Ready    worker   4h46m  v1.18.3+6c42de8
node-zzz  Ready    worker   4h45m  v1.18.3+6c42de8

NAME      STATUS   ROLES    AGE     VERSION
node-xxx  Ready    worker   4h45m  v1.18.3+6c42de8
node-yyy  Ready    worker   4h46m  v1.18.3+6c42de8
node-zzz  Ready    worker   4h45m  v1.18.3+6c42de8

Obtain the node console and execute chroot /host command when the prompt appears.

Copy to Clipboard Toggle word wrap

oc debug node/node-xxx

$ oc debug node/node-xxx
Starting pod/node-xxx-debug …
To use host binaries, run `chroot /host`
Pod IP: w.x.y.z
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host

Store the disk paths in the DISKS variable within quotes. For the list of disk paths, see step 3 and step 8.c for local volumeset and local volume respectively.

Example output:

Copy to Clipboard Toggle word wrap

DISKS="/dev/disk/by-id/scsi-360050763808104bc28000000000000eb /dev/disk/by-id/scsi-360050763808104bc28000000000000ef /dev/disk/by-id/scsi-360050763808104bc28000000000000f3 "
DISKS="/dev/sdb /dev/sdc /dev/sdd /dev/sde ".

sh-4.4# DISKS="/dev/disk/by-id/scsi-360050763808104bc28000000000000eb /dev/disk/by-id/scsi-360050763808104bc28000000000000ef /dev/disk/by-id/scsi-360050763808104bc28000000000000f3 "
or
sh-4.2# DISKS="/dev/sdb /dev/sdc /dev/sdd /dev/sde ".

Run sgdisk --zap-all on all the disks.

Copy to Clipboard Toggle word wrap

for disk in $DISKS; do sgdisk --zap-all $disk;done

sh-4.4# for disk in $DISKS; do sgdisk --zap-all $disk;done

Example output:

Copy to Clipboard Toggle word wrap

Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.

Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
Creating new GPT entries.
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.

Exit the shell and repeat for the other nodes.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
exit
exit
```
```
sh-4.4# exit
exit
sh-4.2# exit
exit
Removing debug pod ...
```

Delete the openshift-local-storage namespace and wait till the deletion is complete. You will need to switch to another project if the openshift-local-storage namespace is the active project.
For example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc project default
oc delete project openshift-local-storage --wait=true --timeout=5m
```
```
$ oc project default
$ oc delete project openshift-local-storage --wait=true --timeout=5m
```
The project is deleted if the following command returns a NotFound error.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc get project openshift-local-storage
```
```
$ oc get project openshift-local-storage
```

6.2. Removing monitoring stack from OpenShift Data Foundation

Use this section to clean up the monitoring stack from OpenShift Data Foundation.

The Persistent Volume Claims (PVCs) that are created as a part of configuring the monitoring stack are in the openshift-monitoring namespace.

Prerequisites

PVCs are configured to use the OpenShift Container Platform monitoring stack.
For more information, see configuring monitoring stack.

Procedure

List the pods and PVCs that are currently running in the openshift-monitoring namespace.

Copy to Clipboard Toggle word wrap

oc get pod,pvc -n openshift-monitoring

$ oc get pod,pvc -n openshift-monitoring

Example output:

Copy to Clipboard Toggle word wrap

NAME                           READY   STATUS    RESTARTS   AGE
pod/alertmanager-main-0         3/3     Running   0          8d
pod/alertmanager-main-1         3/3     Running   0          8d
pod/alertmanager-main-2         3/3     Running   0          8d
pod/cluster-monitoring-
operator-84457656d-pkrxm        1/1     Running   0          8d
pod/grafana-79ccf6689f-2ll28    2/2     Running   0          8d
pod/kube-state-metrics-
7d86fb966-rvd9w                 3/3     Running   0          8d
pod/node-exporter-25894         2/2     Running   0          8d
pod/node-exporter-4dsd7         2/2     Running   0          8d
pod/node-exporter-6p4zc         2/2     Running   0          8d
pod/node-exporter-jbjvg         2/2     Running   0          8d
pod/node-exporter-jj4t5         2/2     Running   0          6d18h
pod/node-exporter-k856s         2/2     Running   0          6d18h
pod/node-exporter-rf8gn         2/2     Running   0          8d
pod/node-exporter-rmb5m         2/2     Running   0          6d18h
pod/node-exporter-zj7kx         2/2     Running   0          8d
pod/openshift-state-metrics-
59dbd4f654-4clng                3/3     Running   0          8d
pod/prometheus-adapter-
5df5865596-k8dzn                1/1     Running   0          7d23h
pod/prometheus-adapter-
5df5865596-n2gj9                1/1     Running   0          7d23h
pod/prometheus-k8s-0            6/6     Running   1          8d
pod/prometheus-k8s-1            6/6     Running   1          8d
pod/prometheus-operator-
55cfb858c9-c4zd9                1/1     Running   0          6d21h
pod/telemeter-client-
78fc8fc97d-2rgfp                3/3     Running   0          8d

NAME                                                              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                  AGE
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-0   Bound    pvc-0d519c4f-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-1   Bound    pvc-0d5a9825-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-2   Bound    pvc-0d6413dc-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-prometheus-claim-prometheus-k8s-0        Bound    pvc-0b7c19b0-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-prometheus-claim-prometheus-k8s-1        Bound    pvc-0b8aed3f-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d

NAME                           READY   STATUS    RESTARTS   AGE
pod/alertmanager-main-0         3/3     Running   0          8d
pod/alertmanager-main-1         3/3     Running   0          8d
pod/alertmanager-main-2         3/3     Running   0          8d
pod/cluster-monitoring-
operator-84457656d-pkrxm        1/1     Running   0          8d
pod/grafana-79ccf6689f-2ll28    2/2     Running   0          8d
pod/kube-state-metrics-
7d86fb966-rvd9w                 3/3     Running   0          8d
pod/node-exporter-25894         2/2     Running   0          8d
pod/node-exporter-4dsd7         2/2     Running   0          8d
pod/node-exporter-6p4zc         2/2     Running   0          8d
pod/node-exporter-jbjvg         2/2     Running   0          8d
pod/node-exporter-jj4t5         2/2     Running   0          6d18h
pod/node-exporter-k856s         2/2     Running   0          6d18h
pod/node-exporter-rf8gn         2/2     Running   0          8d
pod/node-exporter-rmb5m         2/2     Running   0          6d18h
pod/node-exporter-zj7kx         2/2     Running   0          8d
pod/openshift-state-metrics-
59dbd4f654-4clng                3/3     Running   0          8d
pod/prometheus-adapter-
5df5865596-k8dzn                1/1     Running   0          7d23h
pod/prometheus-adapter-
5df5865596-n2gj9                1/1     Running   0          7d23h
pod/prometheus-k8s-0            6/6     Running   1          8d
pod/prometheus-k8s-1            6/6     Running   1          8d
pod/prometheus-operator-
55cfb858c9-c4zd9                1/1     Running   0          6d21h
pod/telemeter-client-
78fc8fc97d-2rgfp                3/3     Running   0          8d

NAME                                                              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                  AGE
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-0   Bound    pvc-0d519c4f-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-1   Bound    pvc-0d5a9825-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-2   Bound    pvc-0d6413dc-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-prometheus-claim-prometheus-k8s-0        Bound    pvc-0b7c19b0-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-prometheus-claim-prometheus-k8s-1        Bound    pvc-0b8aed3f-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-storagecluster-ceph-rbd   8d

Edit the monitoring configmap.

Copy to Clipboard Toggle word wrap

oc -n openshift-monitoring edit configmap cluster-monitoring-config

$ oc -n openshift-monitoring edit configmap cluster-monitoring-config

Remove any config sections that reference the OpenShift Data Foundation storage classes as shown in the following example and save it.

Before editing

Copy to Clipboard Toggle word wrap

.
.
.
apiVersion: v1
data:
  config.yaml: |
    alertmanagerMain:
      volumeClaimTemplate:
        metadata:
          name: my-alertmanager-claim
        spec:
          resources:
            requests:
              storage: 40Gi
          storageClassName: ocs-storagecluster-ceph-rbd
    prometheusK8s:
      volumeClaimTemplate:
        metadata:
          name: my-prometheus-claim
        spec:
          resources:
            requests:
              storage: 40Gi
          storageClassName: ocs-storagecluster-ceph-rbd
kind: ConfigMap
metadata:
  creationTimestamp: "2019-12-02T07:47:29Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "22110"
  selfLink: /api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config
  uid: fd6d988b-14d7-11ea-84ff-066035b9efa8
.
.
.

.
.
.
apiVersion: v1
data:
  config.yaml: |
    alertmanagerMain:
      volumeClaimTemplate:
        metadata:
          name: my-alertmanager-claim
        spec:
          resources:
            requests:
              storage: 40Gi
          storageClassName: ocs-storagecluster-ceph-rbd
    prometheusK8s:
      volumeClaimTemplate:
        metadata:
          name: my-prometheus-claim
        spec:
          resources:
            requests:
              storage: 40Gi
          storageClassName: ocs-storagecluster-ceph-rbd
kind: ConfigMap
metadata:
  creationTimestamp: "2019-12-02T07:47:29Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "22110"
  selfLink: /api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config
  uid: fd6d988b-14d7-11ea-84ff-066035b9efa8
.
.
.

After editing

Copy to Clipboard Toggle word wrap

.
.
.
apiVersion: v1
data:
  config.yaml: |
kind: ConfigMap
metadata:
  creationTimestamp: "2019-11-21T13:07:05Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "404352"
  selfLink: /api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config
  uid: d12c796a-0c5f-11ea-9832-063cd735b81c
.
.
.

.
.
.
apiVersion: v1
data:
  config.yaml: |
kind: ConfigMap
metadata:
  creationTimestamp: "2019-11-21T13:07:05Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "404352"
  selfLink: /api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config
  uid: d12c796a-0c5f-11ea-9832-063cd735b81c
.
.
.

In this example, alertmanagerMain and prometheusK8s monitoring components are using the OpenShift Data Foundation PVCs.

Delete the relevant PVCs. Make sure you delete all the PVCs that are consuming the storage classes.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete -n openshift-monitoring pvc <pvc-name> --wait=true --timeout=5m
```
```
$ oc delete -n openshift-monitoring pvc <pvc-name> --wait=true --timeout=5m
```
<pvc-name>
Is the name of the PVC

6.3. Removing OpenShift Container Platform registry from OpenShift Data Foundation

Use this section to clean up the OpenShift Container Platform registry from OpenShift Data Foundation. If you want to configure an alternative storage, see Image registry.

The Persistent Volume Claims (PVCs) that are created as a part of configuring the OpenShift Container Platform registry are in the openshift-image-registry namespace.

Prerequisites

The image registry must have been configured to use an OpenShift Data Foundation PVC.

Procedure

Edit the configs.imageregistry.operator.openshift.io object and remove the content in the storage section.

Copy to Clipboard Toggle word wrap

oc edit configs.imageregistry.operator.openshift.io

$ oc edit configs.imageregistry.operator.openshift.io

Before editing

Copy to Clipboard Toggle word wrap

.
.
.

storage:
    pvc:
        claim: registry-cephfs-rwx-pvc
.
.
.

.
.
.

storage:
    pvc:
        claim: registry-cephfs-rwx-pvc
.
.
.

After editing

Copy to Clipboard Toggle word wrap

.
.
.
storage:
  emptyDir: {}
.
.
.

.
.
.
storage:
  emptyDir: {}
.
.
.

In this example, the PVC is called registry-cephfs-rwx-pvc, which is now safe to delete.

Delete the PVC.

Copy to Clipboard Toggle word wrap

oc delete pvc <pvc-name> -n openshift-image-registry --wait=true --timeout=5m

$ oc delete pvc <pvc-name> -n openshift-image-registry --wait=true --timeout=5m

<pvc-name>: Is the name of the PVC

6.4. Removing the cluster logging operator from OpenShift Data Foundation

Use this section to clean up the cluster logging operator from OpenShift Data Foundation.

The Persistent Volume Claims (PVCs) that are created as a part of configuring the cluster logging operator are in the openshift-logging namespace.

Prerequisites

The cluster logging instance should have been configured to use the OpenShift Data Foundation PVCs.

Procedure

Remove the ClusterLogging instance in the namespace.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc delete clusterlogging instance -n openshift-logging --wait=true --timeout=5m
```
```
$ oc delete clusterlogging instance -n openshift-logging --wait=true --timeout=5m
```
The PVCs in the openshift-logging namespace are now safe to delete.

Delete the PVCs.

Copy to Clipboard Toggle word wrap

oc delete pvc <pvc-name> -n openshift-logging --wait=true --timeout=5m

$ oc delete pvc <pvc-name> -n openshift-logging --wait=true --timeout=5m

<pvc-name>: Is the name of the PVC

Deploying OpenShift Data Foundation using IBM Z

Instructions on deploying Red Hat OpenShift Data Foundation to use local storage on IBM Z

Making open source more inclusive

Providing feedback on Red Hat documentation

Preface

Chapter 1. Preparing to deploy OpenShift Data Foundation

1.1. Requirements for installing OpenShift Data Foundation using local storage devices

1.2. Enabling cluster-wide encryption with KMS using the Token authentication method

Chapter 2. Deploy OpenShift Data Foundation using local storage devices

2.1. Installing Red Hat OpenShift Data Foundation Operator

2.2. Installing Local Storage Operator

2.3. Finding available storage devices (optional)

2.4. Enabling DASD devices

2.5. Creating OpenShift Data Foundation cluster on IBM Z

Chapter 3. Verifying OpenShift Data Foundation deployment for Internal-attached devices mode

3.1. Verifying the state of the pods

3.2. Verifying the OpenShift Data Foundation cluster is healthy

3.3. Verifying the Multicloud Object Gateway is healthy

3.4. Verifying that the specific storage classes exist

Chapter 4. View OpenShift Data Foundation Topology

Chapter 5. Deploying standalone Multicloud Object Gateway

5.1. Installing Local Storage Operator

5.2. Installing Red Hat OpenShift Data Foundation Operator

5.3. Creating standalone Multicloud Object Gateway on IBM Z

Chapter 6. Uninstalling OpenShift Data Foundation

6.1. Uninstalling OpenShift Data Foundation in Internal-attached devices mode

6.1.1. Removing local storage operator configurations

6.2. Removing monitoring stack from OpenShift Data Foundation

6.3. Removing OpenShift Container Platform registry from OpenShift Data Foundation

6.4. Removing the cluster logging operator from OpenShift Data Foundation

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

Making open source more inclusive

About Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links