Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Deploying OpenShift Data Foundation in external mode

Red Hat OpenShift Data Foundation 4.19

Instructions for deploying OpenShift Data Foundation to use an external Red Hat Ceph Storage cluster and IBM FlashSystem.

Red Hat Storage Documentation Team

Abstract

Read this document for instructions on installing Red Hat OpenShift Data Foundation to use an external Red Hat Ceph Storage cluster or IBM FlashSystem.

Providing feedback on Red Hat documentation
Copy link

We appreciate your input on our documentation. Do let us know how we can make it better.

To give feedback, create a Jira ticket:

  1. Log in to the Jira.
  2. Click Create in the top navigation bar
  3. Enter a descriptive title in the Summary field.
  4. Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
  5. Select Documentation in the Components field.
  6. Click Create at the bottom of the dialogue.

Chapter 1. Overview of deploying in external mode
Copy link

Red Hat OpenShift Data Foundation can make services from an external Red Hat Ceph Storage cluster available for consumption through OpenShift Container Platform clusters running on any platform.

See Planning your deployment for more information.

For instructions regarding how to install a RHCS cluster, see the installation guide.

Follow these steps to deploy OpenShift Data Foundation in external mode:

1.1. Disaster recovery requirements
Copy link

Disaster Recovery features supported by Red Hat OpenShift Data Foundation require all of the following prerequisites to successfully implement a disaster recovery solution:

  • A valid Red Hat OpenShift Data Foundation Advanced subscription
  • A valid Red Hat Advanced Cluster Management for Kubernetes subscription

For more information, see the knowledgebase article on OpenShift Data Foundation subscriptions.

For detailed disaster recovery solution requirements, see Configuring OpenShift Data Foundation Disaster Recovery for OpenShift Workloads guide, and Requirements and recommendations section of the Install guide in Red Hat Advanced Cluster Management for Kubernetes documentation.

The following features related to external mode are not supported when using Metro-DR:

  • StorageClasses using non-default RADOS namespace
  • User created StorageClasses, even when using default RADOS namespace
  • Multiple StorageClasses

List of TCP ports, source OpenShift Container Platform and destination RHCS

Expand
TCP portsTo be used for

6789, 3300

Ceph Monitor

6800 - 7300

Ceph OSD, MGR, MDS

9283

Ceph MGR Prometheus Exporter

For more information about why these ports are required, see Chapter 2. Ceph network configuration of RHCS Configuration Guide.

Red Hat OpenShift Data Foundation can make services from an external Red Hat Ceph Storage cluster available for consumption through OpenShift Container Platform clusters. You need to install the OpenShift Data Foundation operator and then create an OpenShift Data Foundation cluster for the external Ceph storage system.

You can install Red Hat OpenShift Data Foundation Operator using the Red Hat OpenShift Container Platform Operator Hub.

Prerequisites

  • Access to an OpenShift Container Platform cluster using an account with cluster-admin and operator installation permissions.
  • For additional resource requirements, see the Planning your deployment guide.
Important

  • When you need to override the cluster-wide default node selector for OpenShift Data Foundation, you can use the following command to specify a blank node selector for the openshift-storage namespace (create openshift-storage namespace in this case): 

    $ oc annotate namespace openshift-storage openshift.io/node-selector=
    Copy to Clipboard Toggle word wrap

Procedure

  1. Log in to the OpenShift Web Console.
  2. Click Operators → OperatorHub.
  3. Scroll or type OpenShift Data Foundation into the Filter by keyword box to find the OpenShift Data Foundation Operator.
  4. Click Install.

  5. Set the following options on the Install Operator page:

    1. Update Channel as stable-4.19.
    2. Installation Mode as A specific namespace on the cluster.
    3. Installed Namespace as Operator recommended namespace openshift-storage. If Namespace openshift-storage does not exist, it is created during the operator installation.

    4. Select Approval Strategy as Automatic or Manual.

      If you select Automatic updates, then the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention.

      If you select Manual updates, then the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to update the Operator to a newer version.

    5. Ensure that the Enable option is selected for the Console plugin.
    6. Click Install.

Verification steps

  • After the operator is successfully installed, a pop-up with a message, Web console update is available appears on the user interface. Click Refresh web console from this pop-up for the console changes to reflect.

  • In the Web Console:

    • Navigate to Installed Operators and verify that the OpenShift Data Foundation Operator shows a green tick indicating successful installation.
    • Navigate to Storage and verify if the Data Foundation dashboard is available.

You need to create a new OpenShift Data Foundation cluster after you install OpenShift Data Foundation operator on OpenShift Container Platform deployed on VMware vSphere or user-provisioned bare metal infrastructures.

Prerequisites

Procedure

  1. In the OpenShift Web Console, click StorageData FoundationStorage SystemsCreate StorageSystem.

  2. In the Backing storage page, select the following options:

    1. Select Full deployment for the Deployment type option.
    2. Select Connect an external storage platform from the available options.
    3. Select Red Hat Ceph Storage for Storage platform.
    4. Click Next.

  3. In the Connection details page, provide the necessary information:

    1. Click on the Download Script link to download the python script for extracting Ceph cluster details.

    2. For extracting the Red Hat Ceph Storage (RHCS) cluster details, contact the RHCS administrator to run the downloaded python script on a Red Hat Ceph Storage node with the admin key.

      1. Run the following command on the RHCS node to view the list of available arguments: 

        # python3 ceph-external-cluster-details-exporter.py --help
        Copy to Clipboard Toggle word wrap
        Important

        Use python instead of python3 if the Red Hat Ceph Storage 4.x cluster is deployed on Red Hat Enterprise Linux 7.x (RHEL 7.x) cluster.

        You can also run the script from inside a MON container (containerized deployment) or from a MON node (RPM deployment).

        Note

        Use the yum install cephadm command and then the cephadm command to deploy your RHCS cluster using containers. You must pull the RHCS container images using the cephadm command, rather than using yum for installing the Ceph packages onto nodes. For more information, see RHCS product documentation.

      2. To retrieve the external cluster details from the RHCS cluster, choose one of the following two options, either a configuration file or command-line flags.

        1. Configuration file

          Use config-file flag. This stores the parameters used during deployment.

          In new deployments, you can save the parameters used during deployment in a configuration file. This file can then be used during upgrade to preserve the parameters as well as adding any additional parameters. Use config-file to set the path to the configuration file.

          Example configuration file saved in /config.ini: 

          [Configurations]
format = bash
cephfs-filesystem-name = <filesystem-name>
rbd-data-pool-name = <pool_name>
...
          Copy to Clipboard Toggle word wrap

          Set the path to the config.ini file using config-file: 

          # python3 ceph-external-cluster-details-exporter.py --config-file /config.ini
          Copy to Clipboard Toggle word wrap

        2. Command-line flags

          Retrieve the external cluster details from the RHCS cluster, and pass the parameters for your deployment. 

          # python3 ceph-external-cluster-details-exporter.py \
--rbd-data-pool-name <rbd block pool name>  [optional arguments]
          Copy to Clipboard Toggle word wrap

          For example: 

          # python3 ceph-external-cluster-details-exporter.py --rbd-data-pool-name ceph-rbd --monitoring-endpoint xxx.xxx.xxx.xxx --monitoring-endpoint-port xxxx --rgw-endpoint xxx.xxx.xxx.xxx:xxxx --run-as-user client.ocs
          Copy to Clipboard Toggle word wrap

          RBD parameters

          rbd-data-pool-name
          A mandatory parameter that is used for providing block storage in OpenShift Data Foundation.
          rados-namespace
          Divides an RBD data pool into separate logical namespaces, used for creating RBD PVC in a radosNamespace. Flags required with rados-namespace are restricted-auth-permission and k8s-cluster-name.
          rbd-metadata-ec-pool-name
          (Optional) The name of the erasure coded RBD metadata pool.

          RGW parameters

          rgw-endpoint

          (Optional) This parameter is required only if the object storage is to be provisioned through Ceph Rados Gateway for OpenShift Data Foundation. Provide the endpoint in the following format: <ip_address>:<port>

          Note

          A fully-qualified domain name (FQDN) is also supported in the format <FQDN>:<PORT>.

          rgw-pool-prefix
          (Optional) The prefix of the RGW pools. If not specified, the default prefix is default.
          rgw-tls-cert-path

          (Optional) The file path of the RADOS Gateway endpoint TLS certificate.

          • To provide the TLS certificate and RGW endpoint details to the helper script, ceph-external-cluster-details-exporter.py, run the following command: 

            # python3 ceph-external-clustergw-endpoint r-details-exporter.py --rbd-data-pool-name <rbd block pool name> --rgw-endpoint <ip_address>:<port> --rgw-tls-cert-path <file path containing cert>
            Copy to Clipboard Toggle word wrap

            This creates a resource to create a Ceph Object Store CR such as Kubernetes secret containing the TLS certificate. All the intermediate certificates including private keys need to be stored in the certificate file.

          rgw-skip-tls
          (Optional) This parameter ignores the TLS certification validation when a self-signed certificate is provided (not recommended).

          Monitoring parameters

          monitoring-endpoint
          (Optional) This parameter accepts comma-separated list of IP addresses of active and standby mgrs reachable from the OpenShift Container Platform cluster. If not provided, the value is automatically populated.
          monitoring-endpoint-port
          (Optional) It is the port associated with the ceph-mgr Prometheus exporter specified by --monitoring-endpoint. If not provided, the value is automatically populated.

          Ceph parameters

          ceph-conf
          (Optional) The name of the Ceph configuration file.
          run-as-user

          (Optional) This parameter is used for providing name for the Ceph user which is created by the script. If this parameter is not specified, a default user name client.healthchecker is created. The permissions for the new user is set as:

          • caps: [mgr] allow command config
          • caps: [mon] allow r, allow command quorum_status, allow command version
          • caps: [osd] allow rwx pool=RGW_POOL_PREFIX.rgw.meta, allow r pool=.rgw.root, allow rw pool=RGW_POOL_PREFIX.rgw.control, allow rx pool=RGW_POOL_PREFIX.rgw.log, allow x pool=RGW_POOL_PREFIX.rgw.buckets.index

          CephFS parameters

          cephfs-metadata-pool-name
          (Optional) The name of the CephFS metadata pool.
          cephfs-data-pool-name
          (Optional) The name of the CephFS data pool.
          cephfs-filesystem-name
          (Optional) The name of the CephFS filesystem.

          Output parameters

          dry-run
          (Optional) This parameter helps to print the executed commands without running them.
          output
          (Optional) The file where the output is required to be stored.

          Multicluster parameters

          k8s-cluster-name
          (Optional) Kubernetes cluster name.
          cluster-name
          (Optional) The Ceph cluster name.
          restricted-auth-permission
          (Optional) This parameter restricts cephCSIKeyrings auth permissions to specific pools and clusters. Mandatory flags that need to be set with this are rbd-data-pool-name and cluster-name. You can also pass the cephfs-filesystem-name flag if there is CephFS user restriction so that permission is restricted to a particular CephFS filesystem.
          Note

          This parameter must be applied only for the new deployments. To restrict csi-users per pool and per cluster, you need to create new csi-users and new secrets for those csi-users.

          Example with restricted auth permission:

          # python3 /etc/ceph/create-external-cluster-resources.py --cephfs-filesystem-name myfs --rbd-data-pool-name replicapool --cluster-name rookStorage --restricted-auth-permission true
          Copy to Clipboard Toggle word wrap

          Example of JSON output generated using the python script:

          [{"name": "rook-ceph-mon-endpoints", "kind": "ConfigMap", "data": {"data": "xxx.xxx.xxx.xxx:xxxx", "maxMonId": "0", "mapping": "{}"}}, {"name": "rook-ceph-mon", "kind": "Secret", "data": {"admin-secret": "admin-secret", "fsid": "<fs-id>", "mon-secret": "mon-secret"}}, {"name": "rook-ceph-operator-creds", "kind": "Secret", "data": {"userID": "<user-id>", "userKey": "<user-key>"}}, {"name": "rook-csi-rbd-node", "kind": "Secret", "data": {"userID": "csi-rbd-node", "userKey": "<user-key>"}}, {"name": "ceph-rbd", "kind": "StorageClass", "data": {"pool": "<pool>"}}, {"name": "monitoring-endpoint", "kind": "CephCluster", "data": {"MonitoringEndpoint": "xxx.xxx.xxx.xxx", "MonitoringPort": "xxxx"}}, {"name": "rook-ceph-dashboard-link", "kind": "Secret", "data": {"userID": "ceph-dashboard-link", "userKey": "<user-key>"}}, {"name": "rook-csi-rbd-provisioner", "kind": "Secret", "data": {"userID": "csi-rbd-provisioner", "userKey": "<user-key>"}}, {"name": "rook-csi-cephfs-provisioner", "kind": "Secret", "data": {"adminID": "csi-cephfs-provisioner", "adminKey": "<admin-key>"}}, {"name": "rook-csi-cephfs-node", "kind": "Secret", "data": {"adminID": "csi-cephfs-node", "adminKey": "<admin-key>"}}, {"name": "cephfs", "kind": "StorageClass", "data": {"fsName": "cephfs", "pool": "cephfs_data"}}, {"name": "ceph-rgw", "kind": "StorageClass", "data": {"endpoint": "xxx.xxx.xxx.xxx:xxxx", "poolPrefix": "default"}}, {"name": "rgw-admin-ops-user", "kind": "Secret", "data": {"accessKey": "<access-key>", "secretKey": "<secret-key>"}}]
          Copy to Clipboard Toggle word wrap

      3. Save the JSON output to a file with .json extension

        Note

        For OpenShift Data Foundation to work seamlessly, ensure that the parameters (RGW endpoint, CephFS details, RBD pool, and so on) to be uploaded using the JSON file remain unchanged on the RHCS external cluster after the storage cluster creation.

      4. Run the command when there is a multi-tenant deployment in which the RHCS cluster is already connected to OpenShift Data Foundation deployment with a lower version. 

        # python3 ceph-external-cluster-details-exporter.py --upgrade
        Copy to Clipboard Toggle word wrap

    3. Click Browse to select and upload the JSON file.

      The content of the JSON file is populated and displayed in the text box.

    4. Click Next

      The Next button is enabled only after you upload the .json file.

  4. In the Review and create page, review if all the details are correct:

    • To modify any configuration settings, click Back to go back to the previous configuration page.
  5. Click Create StorageSystem.

Verification steps

To verify the final Status of the installed storage cluster:

  1. In the OpenShift Web Console, navigate to StorageData FoundationStorage Systemocs-external-storagecluster.
  2. Verify that Status of StorageCluster is Ready and has a green tick.
  3. To verify that OpenShift Data Foundation, pods and StorageClass are successfully installed, see Verifying your external mode OpenShift Data Foundation installation for external Ceph storage system.

Procedure

  1. Apply Encryption in-transit settings. 

    root@ceph-client ~]# ceph config set global ms_client_mode secure
[root@ceph-client ~]# ceph config set global ms_cluster_mode secure
[root@ceph-client ~]# ceph config set global ms_service_mode secure
[root@ceph-client ~]# ceph config set global rbd_default_map_options ms_mode=secure
    Copy to Clipboard Toggle word wrap

  2. Check the settings. 

    [root@ceph-client ~]# ceph config dump | grep ms_
global                                       basic     ms_client_mode                         secure                                                                                                                                                                                                                                   *
global                                       basic     ms_cluster_mode                        secure                                                                                                                                                                                                                                   *
global                                       basic     ms_service_mode                        secure                                                                                                                                                                                                                                   *
global                                       advanced  rbd_default_map_options                ms_mode=secure                                                                                                                                                                                                                           *
    Copy to Clipboard Toggle word wrap

  3. Restart all Ceph daemons. 

    [root@ceph-client ~]# ceph orch ps
NAME                       HOST   PORTS             STATUS        REFRESHED  AGE  MEM USE  MEM LIM  VERSION           IMAGE ID      CONTAINER ID
alertmanager.osd-0         osd-0  *:9093,9094       running (7h)     5m ago   7h    24.6M        -  0.24.0            3d2ad4f34549  6ef813aed5ef
ceph-exporter.osd-0        osd-0                    running (7h)     5m ago   7h    17.7M        -  18.2.0-192.el9cp  6e4e34f038b9  179301cc7840
ceph-exporter.osd-1        osd-1                    running (7h)     5m ago   7h    17.8M        -  18.2.0-192.el9cp  6e4e34f038b9  1084517c5d27
ceph-exporter.osd-2        osd-2                    running (7h)     5m ago   7h    17.9M        -  18.2.0-192.el9cp  6e4e34f038b9  c933e31dc7b7
ceph-exporter.osd-3        osd-3                    running (7h)     5m ago   7h    17.7M        -  18.2.0-192.el9cp  6e4e34f038b9  9981004a7169
crash.osd-0                osd-0                    running (7h)     5m ago   7h    6895k        -  18.2.0-192.el9cp  6e4e34f038b9  9276199810a6
crash.osd-1                osd-1                    running (7h)     5m ago   7h    6895k        -  18.2.0-192.el9cp  6e4e34f038b9  43aee09f1f00
crash.osd-2                osd-2                    running (7h)     5m ago   7h    6903k        -  18.2.0-192.el9cp  6e4e34f038b9  adba2172546d
crash.osd-3                osd-3                    running (7h)     5m ago   7h    6899k        -  18.2.0-192.el9cp  6e4e34f038b9  3a788ea496f3
grafana.osd-0              osd-0  *:3000            running (7h)     5m ago   7h    65.5M        -  <unknown>         f142b583a1b1  c299328455cc
mds.fsvol001.osd-0.lpciqk  osd-0                    running (7h)     5m ago   7h    24.8M        -  18.2.0-192.el9cp  6e4e34f038b9  8790381f177c
mds.fsvol001.osd-2.wocnxz  osd-2                    running (7h)     5m ago   7h    32.1M        -  18.2.0-192.el9cp  6e4e34f038b9  2c66e36e19fc
mgr.osd-0.dtkyni           osd-0  *:9283,8765,8443  running (7h)     5m ago   7h     535M        -  18.2.0-192.el9cp  6e4e34f038b9  41f5bed2d18a
mgr.osd-2.kqcxwu           osd-2  *:8443,9283,8765  running (7h)     5m ago   7h     440M        -  18.2.0-192.el9cp  6e4e34f038b9  d8413a809b1f
mon.osd-1                  osd-1                    running (7h)     5m ago   7h     350M    2048M  18.2.0-192.el9cp  6e4e34f038b9  fb3b5c186e38
mon.osd-2                  osd-2                    running (7h)     5m ago   7h     363M    2048M  18.2.0-192.el9cp  6e4e34f038b9  f5314c164e89
mon.osd-3                  osd-3                    running (7h)     5m ago   7h     361M    2048M  18.2.0-192.el9cp  6e4e34f038b9  3522f972ed7d
node-exporter.osd-0        osd-0  *:9100            running (7h)     5m ago   7h    25.1M        -  1.4.0             508050f8c316  43845647bc06
node-exporter.osd-1        osd-1  *:9100            running (7h)     5m ago   7h    21.4M        -  1.4.0             508050f8c316  e84c3e2206c9
node-exporter.osd-2        osd-2  *:9100            running (7h)     5m ago   7h    25.4M        -  1.4.0             508050f8c316  071580052c80
node-exporter.osd-3        osd-3  *:9100            running (7h)     5m ago   7h    21.8M        -  1.4.0             508050f8c316  317205f34647
osd.0                      osd-2                    running (7h)     5m ago   7h     525M    4096M  18.2.0-192.el9cp  6e4e34f038b9  5247dd9d7ac3
osd.1                      osd-0                    running (7h)     5m ago   7h     652M    4096M  18.2.0-192.el9cp  6e4e34f038b9  17c66fee9f13
osd.2                      osd-3                    running (7h)     5m ago   7h     801M    1435M  18.2.0-192.el9cp  6e4e34f038b9  39b272b56fbe
osd.3                      osd-1                    running (7h)     5m ago   7h     538M     923M  18.2.0-192.el9cp  6e4e34f038b9  f595858a1ca3
osd.4                      osd-0                    running (7h)     5m ago   7h     532M    4096M  18.2.0-192.el9cp  6e4e34f038b9  c4f57cc9eda6
osd.5                      osd-2                    running (7h)     5m ago   7h     761M    4096M  18.2.0-192.el9cp  6e4e34f038b9  d80ba180c940
osd.6                      osd-3                    running (7h)     5m ago   7h     415M    1435M  18.2.0-192.el9cp  6e4e34f038b9  9ec319187e25
osd.7                      osd-1                    running (7h)     5m ago   7h     427M     923M  18.2.0-192.el9cp  6e4e34f038b9  816731470d87
prometheus.osd-0           osd-0  *:9095            running (7h)     5m ago   7h    84.0M        -  2.39.1            716dd9df3cf3  29db12cb1a5a
rgw.rgw.ssl.osd-1.smzpfj   osd-1  *:80              running (7h)     5m ago   7h     110M        -  18.2.0-192.el9cp  6e4e34f038b9  57faaff4e425
    Copy to Clipboard Toggle word wrap

    Wait for the restarting of all the daemons.

Use this section to verify that OpenShift Data Foundation is deployed correctly.

2.3.1. Verifying the state of the pods
Copy link

  1. Click Workloads → Pods from the left pane of the OpenShift Web Console.

  2. Select openshift-storage from the Project drop-down list.

    Note

    If the Show default projects option is disabled, use the toggle button to list all the default projects.

    For more information on the expected number of pods for each component and how it varies depending on the number of nodes, see Table 2.1, “Pods corresponding to OpenShift Data Foundation components”

  3. Verify that the following pods are in running state:

    Expand
    Table 2.1. Pods corresponding to OpenShift Data Foundation components
    ComponentCorresponding pods

    OpenShift Data Foundation Operator

    • ocs-operator-* (1 pod on any worker node)
    • ocs-metrics-exporter-* (1 pod on any worker node)
    • odf-operator-controller-manager-* (1 pod on any worker node)
    • odf-console-* (1 pod on any worker node)
    • csi-addons-controller-manager-* (1 pod on any worker node)

    Rook-ceph Operator

    rook-ceph-operator-*

    (1 pod on any worker node)

    Multicloud Object Gateway

    • noobaa-operator-* (1 pod on any worker node)
    • noobaa-core-* (1 pod on any worker node)
    • noobaa-db-pg-cluster-1 and noobaa-db-pg-cluster-2 (2 instances of MCG DB pod on any storage node)
    • noobaa-endpoint-* (1 pod on any storage node)
    • cnpg-controller-manager-* (1 pod on any storage node)

    CSI

    • cephfs

      • openshift-storage.cephfs.csi.ceph.com-ctrlplugin-* (2 pods distributed across storage nodes)
      • openshift-storage.cephfs.csi.ceph.com-nodeplugin-* (1 pod on each storage node)
    Note

    If an MDS is not deployed in the external cluster, the openshift-storage.cephfs.csi.ceph.com-ctrlplugin and openshift-storage.cephfs.csi.ceph.com-nodeplugin-* pods are not created.

    • nfs

      • openshift-storage.nfs.csi.ceph.com-ctrlplugin-* (2 pods distributed across storage nodes)
      • openshift-storage.nfs.csi.ceph.com-nodeplugin-* (1 pod on each storage node)

    • rbd

      • openshift-storage.rbd.csi.ceph.com-ctrlplugin-* (2 pods distributed across storage nodes)
      • openshift-storage.rbd.csi.ceph.com-nodeplugin-* (1 pod on each storage node)
  1. In the OpenShift Web Console, click StorageData Foundation.
  2. In the Status card of the Overview tab, click Storage System and then click the storage system link from the pop up that appears.
  3. In the Status card of the Block and File tab, verify that the Storage Cluster has a green tick.
  4. In the Details card, verify that the cluster information is displayed.

For more information on the health of OpenShift Data Foundation cluster using the Block and File dashboard, see Monitoring OpenShift Data Foundation.

  1. In the OpenShift Web Console, click StorageData Foundation.

  2. In the Status card of the Overview tab, click Storage System and then click the storage system link from the pop up that appears.

    1. In the Status card of the Object tab, verify that both Object Service and Data Resiliency have a green tick.
    2. In the Details card, verify that the Multicloud Object Gateway (MCG) information is displayed.
Note

The RADOS Object Gateway is only listed in case RADOS Object Gateway endpoint details are included while deploying OpenShift Data Foundation in external mode.

For more information on the health of OpenShift Data Foundation cluster using the object dashboard, see Monitoring OpenShift Data Foundation.

  1. Click Storage → Storage Classes from the left pane of the OpenShift Web Console.

  2. Verify that the following storage classes are created with the OpenShift Data Foundation cluster creation:

    • ocs-external-storagecluster-ceph-rbd
    • ocs-external-storagecluster-ceph-rgw
    • ocs-external-storagecluster-cephfs
    • openshift-storage.noobaa.io
Note
  • If an MDS is not deployed in the external cluster, ocs-external-storagecluster-cephfs storage class will not be created.
  • If RGW is not deployed in the external cluster, the ocs-external-storagecluster-ceph-rgw storage class will not be created.

For more information regarding MDS and RGW, see Red Hat Ceph Storage documentation

2.3.5. Verifying that Ceph cluster is connected
Copy link

Run the following command to verify if the OpenShift Data Foundation cluster is connected to the external Red Hat Ceph Storage cluster. 

$ oc get cephcluster -n openshift-storage
NAME                                      DATADIRHOSTPATH   MONCOUNT   AGE   PHASE       MESSAGE                          HEALTH      EXTERNAL
ocs-external-storagecluster-cephcluster                                30m   Connected   Cluster connected successfully   HEALTH_OK   true
Copy to Clipboard Toggle word wrap

2.3.6. Verifying that storage cluster is ready
Copy link

Run the following command to verify if the storage cluster is ready and the External option is set to true. 

$ oc get storagecluster -n openshift-storage
NAME                          AGE   PHASE   EXTERNAL   CREATED AT             VERSION
ocs-external-storagecluster   30m   Ready   true       2021-11-17T09:09:52Z   4.19.0
Copy to Clipboard Toggle word wrap

Run the following command to verify if the Ceph Object Store CRD is created in the external Red Hat Ceph Storage cluster. 

$ oc get cephobjectstore -n openshift-storage"
NAME               PHASE     ENDPOINT               SECUREENDPOINT      AGE
object-store1      Ready     <http://IP/FQDN:port>                      15m
Copy to Clipboard Toggle word wrap

OpenShift Data Foundation can use IBM FlashSystem storage available for consumption through OpenShift Container Platform clusters. You need to install the OpenShift Data Foundation operator and then create an OpenShift Data Foundation cluster for IBM FlashSystem storage.

You can install Red Hat OpenShift Data Foundation Operator using the Red Hat OpenShift Container Platform Operator Hub.

Prerequisites

  • Access to an OpenShift Container Platform cluster using an account with cluster-admin and operator installation permissions.
  • For additional resource requirements, see the Planning your deployment guide.
Important

  • When you need to override the cluster-wide default node selector for OpenShift Data Foundation, you can use the following command to specify a blank node selector for the openshift-storage namespace (create openshift-storage namespace in this case): 

    $ oc annotate namespace openshift-storage openshift.io/node-selector=
    Copy to Clipboard Toggle word wrap

Procedure

  1. Log in to the OpenShift Web Console.
  2. Click Operators → OperatorHub.
  3. Scroll or type OpenShift Data Foundation into the Filter by keyword box to find the OpenShift Data Foundation Operator.
  4. Click Install.

  5. Set the following options on the Install Operator page:

    1. Update Channel as stable-4.19.
    2. Installation Mode as A specific namespace on the cluster.
    3. Installed Namespace as Operator recommended namespace openshift-storage. If Namespace openshift-storage does not exist, it is created during the operator installation.

    4. Select Approval Strategy as Automatic or Manual.

      If you select Automatic updates, then the Operator Lifecycle Manager (OLM) automatically upgrades the running instance of your Operator without any intervention.

      If you select Manual updates, then the OLM creates an update request. As a cluster administrator, you must then manually approve that update request to update the Operator to a newer version.

    5. Ensure that the Enable option is selected for the Console plugin.
    6. Click Install.

Verification steps

  • After the operator is successfully installed, a pop-up with a message, Web console update is available appears on the user interface. Click Refresh web console from this pop-up for the console changes to reflect.

  • In the Web Console:

    • Navigate to Installed Operators and verify that the OpenShift Data Foundation Operator shows a green tick indicating successful installation.
    • Navigate to Storage and verify if the Data Foundation dashboard is available.

You need to create a new OpenShift Data Foundation cluster after you install the OpenShift Data Foundation operator on the OpenShift Container Platform.

Prerequisites

  • A valid Red Hat OpenShift Data Foundation Advanced subscription. For more information, see the knowledgebase article on OpenShift Data Foundation subscriptions.
  • For Red Hat Enterprise Linux® operating system, ensure that there is iSCSI connectivity and then configure Linux multipath devices on the host.
  • For Red Hat Enterprise Linux CoreOS or when the packages are already installed, configure Linux multipath devices on the host.
  • Ensure to configure each worker with storage connectivity according to your storage system instructions. For the latest supported FlashSystem storage systems and versions, see IBM ODF FlashSystem driver documentation.

  • Make sure that ibm-storage-odf-operator operator is installed with the following subscription: 

    apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: ibm-storage-odf-operator
  namespace: openshift-storage
spec:
  channel: stable-v1.8
  installPlanApproval: Automatic
  name: ibm-storage-odf-operator
  source: certified-operators
  sourceNamespace: openshift-marketplace
    Copy to Clipboard Toggle word wrap

Procedure

  1. In the OpenShift Web Console, click StorageData FoundationStorage SystemsCreate StorageSystem.

  2. In the Backing storage page, select the following options:

    1. Select Full deployment for the Deployment type option.
    2. Select Connect an external storage platform from the available options.
    3. Select IBM FlashSystem Storage from the Storage platform list.
    4. Click Next.

  3. In the Create storage class page, provide the following information:

    1. Enter a name for the storage class.

      When creating block storage persistent volumes, select the storage class <storage_class_name> for best performance. The storage class allows direct I/O path to the FlashSystem.

    2. Enter the following details of IBM FlashSystem connection:

      • IP address
      • User name
      • Password
      • Pool name
    3. Select thick or thin for the Volume mode.
    4. Click Next.

  1. In the Capacity and nodes page, provide the necessary details:

    1. Select a value for Requested capacity.

      The available options are 0.5 TiB, 2 TiB, and 4 TiB. The requested capacity is dynamically allocated on the infrastructure storage class.

    2. Select at least three nodes in three different zones.

      It is recommended to start with at least 14 CPUs and 34 GiB of RAM per node. If the nodes selected do not match the OpenShift Data Foundation cluster requirement of an aggregated 30 CPUs and 72 GiB of RAM, a minimal cluster will be deployed. For minimum starting node requirements, see the Resource requirements section in the Planning guide.

    3. Click Next.

  2. Optional: In the Security and network page, provide the necessary details:

    1. To enable encryption, select Enable data encryption for block and file storage.

      1. Choose any one or both Encryption level:

        • Cluster-wide encryption to encrypt the entire cluster (block and file).
        • StorageClass encryption to create encrypted persistent volume (block only) using encryption enabled storage class.

      2. Select the Connect to an external key management service checkbox. This is optional for cluster-wide encryption.

        1. Key Management Service Provider is set to Vault by default.
        2. Enter Vault Service Name, host Address of Vault server ('https://<hostname or ip>'), Port number, and Token.

      3. Expand Advanced Settings to enter additional settings and certificate details based on your Vault configuration:

        1. Enter the Key Value secret path in the Backend Path that is dedicated and unique to OpenShift Data Foundation.
        2. Optional: Enter TLS Server Name and Vault Enterprise Namespace.
        3. Provide CA Certificate, Client Certificate, and Client Private Key by uploading the respective PEM encoded certificate file.
      4. Click Save.

      5. Select Default (SDN) if you are using a single network or Custom (Multus) if you are using multiple network interfaces.

        1. Select a Public Network Interface from the dropdown.
        2. Select a Cluster Network Interface from the dropdown. NOTE: If you are using only one additional network interface, select the single NetworkAttachementDefinition, that is, ocs-public-cluster for the Public Network Interface, and leave the Cluster Network Interface blank.
      6. Click Next.

    2. To enable in-transit encryption, select In-transit encryption.

      1. Select a Network.
      2. Click Next.

  3. In the Review and create page, review if all the details are correct:

    • To modify any configuration settings, click Back to go back to the previous configuration page.
  4. Click Create StorageSystem.

Verification Steps

Verifying the state of the pods
  1. Click WorkloadsPods from the left pane of the OpenShift Web Console.

  2. Select openshift-storage from the Project drop-down list.

    Note

    If the Show default projects option is disabled, use the toggle button to list all the default projects.

    Expand
    Table 3.1. Pods corresponding to OpenShift Data Foundation components
    ComponentCorresponding pods

    OpenShift Data Foundation Operator

    • ocs-operator-* (1 pod on any worker node)
    • ocs-metrics-exporter-* (1 pod on any worker node)
    • odf-operator-controller-manager-* (1 pod on any worker node)
    • odf-console-* (1 pod on any worker node)
    • csi-addons-controller-manager-* (1 pod on any worker node)

    ibm-storage-odf-operator

    • ibm-storage-odf-operator-* (2 pods on any worker nodes)
    • ibm-odf-console-*

    ibm-flashsystem-storage

    ibm-flashsystem-storage-* (1 pod on any worker node)

    rook-ceph Operator

    rook-ceph-operator-* (1 pod on any worker node)

    Multicloud Object Gateway

    • noobaa-operator-* (1 pod on any worker node)
    • noobaa-core-* (1 pod on any worker node)
    • noobaa-db-pg-cluster-1 and noobaa-db-pg-cluster-2 (2 instances of MCG DB pod on any storage node)
    • noobaa-endpoint-* (1 pod on any storage node)
    • cnpg-controller-manager-* (1 pod on any storage node)

    CSI

    • ibm-block-csi-* (1 pod on any worker node)
Verifying that the OpenShift Data Foundation cluster is healthy
  1. In the Web Console, click StorageData Foundation.
  2. In the Status card of the Overview tab, verify that the Storage System has a green tick mark.
  3. In the Details card, verify that the cluster information is displayed.

For more information on the health of the OpenShift Data Foundation cluster using the Block and File dashboard, see Monitoring OpenShift Data Foundation.

Verifying that the Multicloud Object Gateway is healthy
  1. In the Web Console, click StorageData Foundation.
  2. In the Status card of the Overview tab, click Storage System and then click the storage system link from the pop up.
  3. In the Status card of the Object tab, verify that both Object Service and Data Resiliency have a green tick.
  4. In the Details card, verify that the MCG information is displayed.

For more information on the health of the OpenShift Data Foundation cluster using the object dashboard, see Monitoring OpenShift Data Foundation.

Verifying that IBM FlashSystem is connected and the storage cluster is ready
  • Run the following command to verify if the OpenShift Data Foundation cluster is connected to the external IBM FlashSystem. 
$ oc get flashsystemclusters.odf.ibm.com
NAME                               AGE   PHASE   CREATED AT
ibm-flashsystem-storage-fab3p-60   46h   Ready   2025-06-30T12:17:06Z
Copy to Clipboard Toggle word wrap
Verifying the StorageSystem of the storage
  • Run the following command to verify the storageSystem of IBM FlashSystem storage cluster. 
$ oc get storagesystems.odf.openshift.io
NAME                                   STORAGE-SYSTEM-KIND                       STORAGE-SYSTEM-NAME
ibm-flashsystemcluster-storagesystem   flashsystemcluster.odf.ibm.com/v1alpha1   ibm-flashsystemcluster
ocs-storagecluster                     storagecluster.ocs.openshift.io/v1        ocs-storagecluster
Copy to Clipboard Toggle word wrap
Verifying the subscription of the IBM operator
  • Run the following command to verify the subscription: 
$ oc get subscriptions.operators.coreos.com
NAME                                                                         PACKAGE                    SOURCE                    CHANNEL
cephcsi-operator-stable-4.19-redhat-operators-openshift-marketplace          cephcsi-operator           redhat-operators          stable-4.19
ibm-block-csi-operator-stable-certified-operators-openshift-marketplace      ibm-block-csi-operator     certified-operators       stable
ibm-storage-odf-operator                                                     ibm-storage-odf-operator   ibm-storage-odf-catalog   stable-v1.7
mcg-operator-stable-4.19-redhat-operators-openshift-marketplace              mcg-operator               redhat-operators          stable-4.19
ocs-client-operator-stable-4.19-redhat-operators-openshift-marketplace       ocs-client-operator        redhat-operators          stable-4.19
ocs-operator-stable-4.19-redhat-operators-openshift-marketplace              ocs-operator               redhat-operators          stable-4.19
odf-csi-addons-operator-stable-4.19-redhat-operators-openshift-marketplace   odf-csi-addons-operator    redhat-operators          stable-4.19
odf-dependencies                                                             odf-dependencies           redhat-operators          stable-4.19
odf-operator                                                                 odf-operator               redhat-operators          stable-4.19
odf-prometheus-operator-stable-4.19-redhat-operators-openshift-marketplace   odf-prometheus-operator    redhat-operators          stable-4.19
recipe-stable-4.19-redhat-operators-openshift-marketplace                    recipe                     redhat-operators          stable-4.19
rook-ceph-operator-stable-4.19-redhat-operators-openshift-marketplace        rook-ceph-operator         redhat-operators          stable-4.19                                                         odf-operator               odf-catalogsource     alpha
Copy to Clipboard Toggle word wrap
Verifying the CSVs
  • Run the following command to verify that the CSVs are in the succeeded state. 
$ oc get csv
NAME                                    DISPLAY                                 VERSION        REPLACES                                PHASE
cephcsi-operator.v4.19-rhodf          CephCSI operator                          4.19-rhodf   cephcsi-operator.v4.19-rhodf          Succeeded
ibm-block-csi-operator.v1.12.4          IBM block storage CSI driver operator   1.12.4                                                 Succeeded
ibm-storage-odf-operator.v1.7.1         IBM Storage ODF operator                1.7.1          ibm-storage-odf-operator.v1.7.0         Succeeded
mcg-operator.v4.19-rhodf              NooBaa Operator                           4.19-rhodf   mcg-operator.v4.19-rhodf              Succeeded
ocs-client-operator.v4.19-rhodf       OpenShift Data Foundation Client          4.19-rhodf   ocs-client-operator.v4.19-rhodf       Succeeded
ocs-operator.v4.19-rhodf              OpenShift Container Storage               4.19-rhodf   ocs-operator.v4.19-rhodf              Succeeded
odf-csi-addons-operator.v4.19-rhodf   CSI Addons                                4.19-rhodf   odf-csi-addons-operator.v4.19-rhodf   Succeeded
odf-dependencies.v4.19-rhodf          Data Foundation Dependencies              4.19-rhodf   odf-dependencies.v4.19-rhodf          Succeeded
odf-operator.v4.19-rhodf              OpenShift Data Foundation                 4.19-rhodf   odf-operator.v4.19-rhodf              Succeeded
odf-prometheus-operator.v4.19-rhodf   Prometheus Operator                       4.19-rhodf   odf-prometheus-operator.v4.19-rhodf   Succeeded
recipe.v4.19-rhodf                    Recipe                                    4.19-rhodf   recipe.v4.19-rhodf                    Succeeded
rook-ceph-operator.v4.19-rhodf        Rook-Ceph
Copy to Clipboard Toggle word wrap
Verifying the IBM operator and CSI pods
  • Run the following command to verify the IBM operator and CSI pods: 
$ oc get pods
NAME                                                              READY   STATUS                 RESTARTS   AGE
ceph-csi-controller-manager-65f4bc4cd5-9qbp4                      2/2     Running                0          46h
csi-addons-controller-manager-757d9c6748-94nrt                    2/2     Running                0          46h
csi-cephfsplugin-b642k                                            3/3     Running                0          46h
csi-cephfsplugin-l75pt                                            3/3     Running                0          46h
csi-cephfsplugin-provisioner-847f7c54d8-52nz9                     7/7     Running                0          46h
csi-cephfsplugin-provisioner-847f7c54d8-xtp5j                     7/7     Running                0          46h
csi-cephfsplugin-vh485                                            3/3     Running                0          46h
csi-rbdplugin-9hss7                                               4/4     Running                0          46h
csi-rbdplugin-9q9qd                                               4/4     Running                0          46h
csi-rbdplugin-9vkqh                                               4/4     Running                0          46h
csi-rbdplugin-provisioner-7f4b8d946f-ngz65                        7/7     Running                0          46h
csi-rbdplugin-provisioner-7f4b8d946f-x8l8t                        7/7     Running                0          46h
ibm-block-csi-controller-0                                        8/8     Running                0          41h
ibm-block-csi-node-6vmpq                                          3/3     Running                0          46h
ibm-block-csi-node-fw7xc                                          3/3     Running                0          41h
ibm-block-csi-node-k57sv                                          3/3     Running                0          46h
ibm-block-csi-operator-867c54df5d-2t968                           1/1     Running                0          46h
ibm-flashsystem-storage-deployment-5958ffd56b-tj6zw               1/1     Running                0          46h
ibm-odf-console-6d64dcc46c-bkknx                                  1/1     Running                0          41h
ibm-storage-odf-operator-787c67c7bf-nzp9w                         2/2     Running                0          41h
noobaa-core-0                                                     2/2     Running                0          46h
noobaa-db-pg-0                                                    1/1     Running                0          46h
noobaa-endpoint-5d94d888fc-bj28x                                  1/1     Running                0          46h
noobaa-operator-67b569fc76-rk99d                                  1/1     Running                0          46h
ocs-metrics-exporter-6f7f79fcf9-xm6pq                             2/3     Running                0          46h
ocs-operator-676c964c58-nsb7g                                     1/1     Running                0          46h
odf-console-75dc785696-n97sk                                      1/1     Running                0          46h
odf-operator-controller-manager-785ddcd999-tf245                  2/2     Running                0          46h
rook-ceph-crashcollector-worker-node1-b95b5cd54-7qbhb             1/1     Running                0          46h
rook-ceph-crashcollector-worker-node2-757d746d5f-jsfrx            1/1     Running                0          46h
rook-ceph-crashcollector-worker-node3-6d4f8f7848-xvvw2            1/1     Running                0          46h
rook-ceph-exporter-worker-node1-5dcf74b647-t5rg7                  1/1     Running                0          46h
rook-ceph-exporter-worker-node2-66c694f5b6-n96g5                  1/1     Running                0          46h
rook-ceph-exporter-worker-node3-58fd7ffcfc-vpzfr                  1/1     Running                0          46h
rook-ceph-mds-ocs-storagecluster-cephfilesystem-a-557b4cc9gsx65   2/2     Running                0          46h
rook-ceph-mds-ocs-storagecluster-cephfilesystem-b-5d8748dfmrhfn   2/2     Running                0          46h
rook-ceph-mgr-a-f56c6866b-tzl2s                                   3/3     Running                0          46h
rook-ceph-mgr-b-796d5f69bf-f54qr                                  3/3     Running                0          46h
rook-ceph-mon-a-6b5dc9dd6c-f4dvn                                  2/2     Running                0          46h
rook-ceph-mon-b-8d458fbdf-wjgzm                                   2/2     Running                0          46h
rook-ceph-mon-c-5b78749887-mcpjl                                  2/2     Running                0          46h
rook-ceph-operator-578dfdd8dd-mn9vn                               1/1     Running                0          46h
rook-ceph-osd-0-754499c4bd-2nrs2                                  2/2     Running                0          46h
rook-ceph-osd-1-5566ff6d99-dc6l4                                  2/2     Running                0          46h
rook-ceph-osd-2-8567c9f9f7-wr66b                                  2/2     Running                0          46h
rook-ceph-osd-prepare-667012a10f7f0800994523ce6731b5d1-n7fgb      0/1     Completed              0          46h
rook-ceph-osd-prepare-ab6be2d13c76aad7123b793996562bf0-wpqsv      0/1     Completed              0          46h
rook-ceph-osd-prepare-baf6cafc480b4e046c337c49601633b8-zllnx      0/1     Completed              0          46h
rook-ceph-rgw-ocs-storagecluster-cephobjectstore-a-5f4dfd9wlbvn   2/2     Running                0          46h
ux-backend-server-db4c5b7bd-hn9jx                                 2/2     Running                0          46h
Copy to Clipboard Toggle word wrap

Use the steps in this section to uninstall OpenShift Data Foundation. Uninstalling OpenShift Data Foundation does not remove the RBD pool from the external cluster, or uninstall the external Red Hat Ceph Storage cluster.

Uninstall Annotations

Annotations on the Storage Cluster are used to change the behavior of the uninstall process. To define the uninstall behavior, the following two annotations have been introduced in the storage cluster:

  • uninstall.ocs.openshift.io/cleanup-policy: delete
  • uninstall.ocs.openshift.io/mode: graceful
Note

The uninstall.ocs.openshift.io/cleanup-policy is not applicable for external mode.

The below table provides information on the different values that can used with these annotations:

Expand
Table 4.1. uninstall.ocs.openshift.io uninstall annotations descriptions
AnnotationValueDefaultBehavior

cleanup-policy

delete

Yes

Rook cleans up the physical drives and the DataDirHostPath

cleanup-policy

retain

No

Rook does not clean up the physical drives and the DataDirHostPath

mode

graceful

Yes

Rook and NooBaa pauses the uninstall process until the PVCs and the OBCs are removed by the administrator/user

mode

forced

No

Rook and NooBaa proceeds with uninstall even if PVCs/OBCs provisioned using Rook and NooBaa exist respectively

You can change the uninstall mode by editing the value of the annotation by using the following commands: 

$ oc annotate storagecluster ocs-external-storagecluster -n openshift-storage uninstall.ocs.openshift.io/mode="forced" --overwrite
storagecluster.ocs.openshift.io/ocs-external-storagecluster annotated
Copy to Clipboard Toggle word wrap

Prerequisites

  • Ensure that the OpenShift Data Foundation cluster is in a healthy state. The uninstall process can fail when some of the pods are not terminated successfully due to insufficient resources or nodes. In case the cluster is in an unhealthy state, contact Red Hat Customer Support before uninstalling OpenShift Data Foundation.
  • Ensure that applications are not consuming persistent volume claims (PVCs) or object bucket claims (OBCs) using the storage classes provided by OpenShift Data Foundation.

Procedure

  1. Delete the volume snapshots that are using OpenShift Data Foundation.

    1. List the volume snapshots from all the namespaces 

      $ oc get volumesnapshot --all-namespaces
      Copy to Clipboard Toggle word wrap

    2. From the output of the previous command, identify and delete the volume snapshots that are using OpenShift Data Foundation. 

      $ oc delete volumesnapshot <VOLUME-SNAPSHOT-NAME> -n <NAMESPACE>
      Copy to Clipboard Toggle word wrap

  2. Delete PVCs and OBCs that are using OpenShift Data Foundation.

    In the default uninstall mode (graceful), the uninstaller waits till all the PVCs and OBCs that use OpenShift Data Foundation are deleted.

    If you wish to delete the Storage Cluster without deleting the PVCs beforehand, you may set the uninstall mode annotation to "forced" and skip this step. Doing so will result in orphan PVCs and OBCs in the system.

    1. Delete OpenShift Container Platform monitoring stack PVCs using OpenShift Data Foundation.

      See Removing monitoring stack from OpenShift Data Foundation

    2. Delete OpenShift Container Platform Registry PVCs using OpenShift Data Foundation.

      Removing OpenShift Container Platform registry from OpenShift Data Foundation

    3. Delete OpenShift Container Platform logging PVCs using OpenShift Data Foundation.

      Removing the cluster logging operator from OpenShift Data Foundation

    4. Delete other PVCs and OBCs provisioned using OpenShift Data Foundation.

      • Given below is a sample script to identify the PVCs and OBCs provisioned using OpenShift Data Foundation. The script ignores the PVCs and OBCs that are used internally by OpenShift Data Foundation. 

        #!/bin/bash

RBD_PROVISIONER="openshift-storage.rbd.csi.ceph.com"
CEPHFS_PROVISIONER="openshift-storage.cephfs.csi.ceph.com"
NOOBAA_PROVISIONER="openshift-storage.noobaa.io/obc"
RGW_PROVISIONER="openshift-storage.ceph.rook.io/bucket"

NOOBAA_DB_PG_1_PVC="noobaa-db-pg-cluster-1"
NOOBAA_DB_PG_2_PVC="noobaa-db-pg-cluster-2”
NOOBAA_BACKINGSTORE_PVC="noobaa-default-backing-store-noobaa-pvc"

# Find all the OCS StorageClasses
OCS_STORAGECLASSES=$(oc get storageclasses | grep -e "$RBD_PROVISIONER" -e "$CEPHFS_PROVISIONER" -e "$NOOBAA_PROVISIONER" -e "$RGW_PROVISIONER" | awk '{print $1}')

# List PVCs in each of the StorageClasses
for SC in $OCS_STORAGECLASSES
do
        echo "======================================================================"
        echo "$SC StorageClass PVCs and OBCs"
        echo "======================================================================"
        oc get pvc  --all-namespaces --no-headers 2>/dev/null | grep $SC | grep -v -e "$NOOBAA_DB_PVC" -e "$NOOBAA_BACKINGSTORE_PVC"
        oc get obc  --all-namespaces --no-headers 2>/dev/null | grep $SC
        echo
done
        Copy to Clipboard Toggle word wrap

      • Delete the OBCs. 

        $ oc delete obc <obc name> -n <project name>
        Copy to Clipboard Toggle word wrap

      • Delete the PVCs. 

        $ oc delete pvc <pvc name> -n <project-name>
        Copy to Clipboard Toggle word wrap

        Ensure that you have removed any custom backing stores, bucket classes, and so on that are created in the cluster.

  3. Delete the Storage Cluster object and wait for the removal of the associated resources. 

    $ oc delete -n openshift-storage storagesystem --all --wait=true
    Copy to Clipboard Toggle word wrap

  4. Delete the namespace and wait until the deletion is complete. You will need to switch to another project if openshift-storage is the active project.

    For example: 

    $ oc project default
$ oc delete project openshift-storage --wait=true --timeout=5m
    Copy to Clipboard Toggle word wrap

    The project is deleted if the following command returns a NotFound error. 

    $ oc get project openshift-storage
    Copy to Clipboard Toggle word wrap
    Note

    While uninstalling OpenShift Data Foundation, if the namespace is not deleted completely and remains in Terminating state, perform the steps in Troubleshooting and deleting remaining resources during Uninstall to identify objects that are blocking the namespace from being terminated.

  5. Confirm all PVs provisioned using OpenShift Data Foundation are deleted. If there is any PV left in the Released state, delete it. 

    $ oc get pv
$ oc delete pv <pv name>
    Copy to Clipboard Toggle word wrap

  6. Remove CustomResourceDefinitions. 

    $ oc delete crd backingstores.noobaa.io bucketclasses.noobaa.io cephblockpools.ceph.rook.io cephclusters.ceph.rook.io cephfilesystems.ceph.rook.io cephnfses.ceph.rook.io cephobjectstores.ceph.rook.io cephobjectstoreusers.ceph.rook.io noobaas.noobaa.io ocsinitializations.ocs.openshift.io storageclusters.ocs.openshift.io cephclients.ceph.rook.io cephobjectrealms.ceph.rook.io cephobjectzonegroups.ceph.rook.io cephobjectzones.ceph.rook.io cephrbdmirrors.ceph.rook.io storagesystems.odf.openshift.io --wait=true --timeout=5m
    Copy to Clipboard Toggle word wrap

  7. To ensure that OpenShift Data Foundation is uninstalled completely:

    1. In the OpenShift Container Platform Web Console, click Storage.
    2. Verify that OpenShift Data Foundation no longer appears under Storage.

Use this section to clean up the monitoring stack from OpenShift Data Foundation.

The PVCs that are created as a part of configuring the monitoring stack are in the openshift-monitoring namespace.

Prerequisites

Procedure

  1. List the pods and PVCs that are currently running in the openshift-monitoring namespace. 

    $ oc get pod,pvc -n openshift-monitoring
NAME                           READY   STATUS    RESTARTS   AGE
pod/alertmanager-main-0         3/3     Running   0          8d
pod/alertmanager-main-1         3/3     Running   0          8d
pod/alertmanager-main-2         3/3     Running   0          8d
pod/cluster-monitoring-
operator-84457656d-pkrxm        1/1     Running   0          8d
pod/grafana-79ccf6689f-2ll28    2/2     Running   0          8d
pod/kube-state-metrics-
7d86fb966-rvd9w                 3/3     Running   0          8d
pod/node-exporter-25894         2/2     Running   0          8d
pod/node-exporter-4dsd7         2/2     Running   0          8d
pod/node-exporter-6p4zc         2/2     Running   0          8d
pod/node-exporter-jbjvg         2/2     Running   0          8d
pod/node-exporter-jj4t5         2/2     Running   0          6d18h
pod/node-exporter-k856s         2/2     Running   0          6d18h
pod/node-exporter-rf8gn         2/2     Running   0          8d
pod/node-exporter-rmb5m         2/2     Running   0          6d18h
pod/node-exporter-zj7kx         2/2     Running   0          8d
pod/openshift-state-metrics-
59dbd4f654-4clng                3/3     Running   0          8d
pod/prometheus-adapter-
5df5865596-k8dzn                1/1     Running   0          7d23h
pod/prometheus-adapter-
5df5865596-n2gj9                1/1     Running   0          7d23h
pod/prometheus-k8s-0            6/6     Running   1          8d
pod/prometheus-k8s-1            6/6     Running   1          8d
pod/prometheus-operator-
55cfb858c9-c4zd9                1/1     Running   0          6d21h
pod/telemeter-client-
78fc8fc97d-2rgfp                3/3     Running   0          8d

NAME                                                              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                  AGE
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-0   Bound    pvc-0d519c4f-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-1   Bound    pvc-0d5a9825-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-alertmanager-claim-alertmanager-main-2   Bound    pvc-0d6413dc-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-prometheus-claim-prometheus-k8s-0        Bound    pvc-0b7c19b0-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   8d
persistentvolumeclaim/my-prometheus-claim-prometheus-k8s-1        Bound    pvc-0b8aed3f-15a5-11ea-baa0-026d231574aa   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   8d
    Copy to Clipboard Toggle word wrap

  2. Edit the monitoring configmap. 

    $ oc -n openshift-monitoring edit configmap cluster-monitoring-config
    Copy to Clipboard Toggle word wrap

    Remove any config sections that reference the OpenShift Data Foundation storage classes as shown in the following example and save it.

    Expand

    Before editing

    .
.
.
apiVersion: v1
data:
  config.yaml: |
    alertmanagerMain:
      volumeClaimTemplate:
        metadata:
          name: my-alertmanager-claim
        spec:
          resources:
            requests:
              storage: 40Gi
          storageClassName: ocs-external-storagecluster-ceph-rbd
    prometheusK8s:
      volumeClaimTemplate:
        metadata:
          name: my-prometheus-claim
        spec:
          resources:
            requests:
              storage: 40Gi
          storageClassName: ocs-external-storagecluster-ceph-rbd
kind: ConfigMap
metadata:
  creationTimestamp: "2019-12-02T07:47:29Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "22110"
  selfLink: /api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config
  uid: fd6d988b-14d7-11ea-84ff-066035b9efa8


.
.
.
    Copy to Clipboard Toggle word wrap

    After editing

    .
.
.
apiVersion: v1
data:
  config.yaml: |
kind: ConfigMap
metadata:
  creationTimestamp: "2019-11-21T13:07:05Z"
  name: cluster-monitoring-config
  namespace: openshift-monitoring
  resourceVersion: "404352"
  selfLink: /api/v1/namespaces/openshift-monitoring/configmaps/cluster-monitoring-config
  uid: d12c796a-0c5f-11ea-9832-063cd735b81c
.
.
.
    Copy to Clipboard Toggle word wrap

    In this example, alertmanagerMain and prometheusK8s monitoring components are using the OpenShift Data Foundation PVCs.

  3. List the pods consuming the PVC.

    In this example, the alertmanagerMain and prometheusK8s pods that were consuming the PVCs are in the Terminating state. You can delete the PVCs once these pods are no longer using OpenShift Data Foundation PVC. 

    $ oc get pod,pvc -n openshift-monitoring
NAME                                               READY   STATUS      RESTARTS AGE
pod/alertmanager-main-0                            3/3     Terminating   0      10h
pod/alertmanager-main-1                            3/3     Terminating   0      10h
pod/alertmanager-main-2                            3/3     Terminating   0      10h
pod/cluster-monitoring-operator-84cd9df668-zhjfn   1/1     Running       0      18h
pod/grafana-5db6fd97f8-pmtbf                       2/2     Running       0      10h
pod/kube-state-metrics-895899678-z2r9q             3/3     Running       0      10h
pod/node-exporter-4njxv                            2/2     Running       0      18h
pod/node-exporter-b8ckz                            2/2     Running       0      11h
pod/node-exporter-c2vp5                            2/2     Running       0      18h
pod/node-exporter-cq65n                            2/2     Running       0      18h
pod/node-exporter-f5sm7                            2/2     Running       0      11h
pod/node-exporter-f852c                            2/2     Running       0      18h
pod/node-exporter-l9zn7                            2/2     Running       0      11h
pod/node-exporter-ngbs8                            2/2     Running       0      18h
pod/node-exporter-rv4v9                            2/2     Running       0      18h
pod/openshift-state-metrics-77d5f699d8-69q5x       3/3     Running       0      10h
pod/prometheus-adapter-765465b56-4tbxx             1/1     Running       0      10h
pod/prometheus-adapter-765465b56-s2qg2             1/1     Running       0      10h
pod/prometheus-k8s-0                               6/6     Terminating   1      9m47s
pod/prometheus-k8s-1                               6/6     Terminating   1      9m47s
pod/prometheus-operator-cbfd89f9-ldnwc             1/1     Running       0      43m
pod/telemeter-client-7b5ddb4489-2xfpz              3/3     Running       0      10h

NAME                                                      STATUS  VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                  AGE
persistentvolumeclaim/ocs-alertmanager-claim-alertmanager-main-0   Bound    pvc-2eb79797-1fed-11ea-93e1-0a88476a6a64   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   19h
persistentvolumeclaim/ocs-alertmanager-claim-alertmanager-main-1   Bound    pvc-2ebeee54-1fed-11ea-93e1-0a88476a6a64   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   19h
persistentvolumeclaim/ocs-alertmanager-claim-alertmanager-main-2   Bound    pvc-2ec6a9cf-1fed-11ea-93e1-0a88476a6a64   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   19h
persistentvolumeclaim/ocs-prometheus-claim-prometheus-k8s-0        Bound    pvc-3162a80c-1fed-11ea-93e1-0a88476a6a64   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   19h
persistentvolumeclaim/ocs-prometheus-claim-prometheus-k8s-1        Bound    pvc-316e99e2-1fed-11ea-93e1-0a88476a6a64   40Gi       RWO            ocs-external-storagecluster-ceph-rbd   19h
    Copy to Clipboard Toggle word wrap

  4. Delete relevant PVCs. Make sure you delete all the PVCs that are consuming the storage classes. 

    $ oc delete -n openshift-monitoring pvc <pvc-name> --wait=true --timeout=5m
    Copy to Clipboard Toggle word wrap

Use this section to clean up the OpenShift Container Platform registry from OpenShift Data Foundation. If you want to configure an alternative storage, see image registry

The PVCs that are created as a part of configuring OpenShift Container Platform registry are in the openshift-image-registry namespace.

Prerequisites

  • The image registry should have been configured to use an OpenShift Data Foundation PVC.

Procedure

  1. Edit the configs.imageregistry.operator.openshift.io object and remove the content in the storage section. 

    $ oc edit configs.imageregistry.operator.openshift.io
    Copy to Clipboard Toggle word wrap
    Expand

    Before editing 

    .
.
.
storage:
  pvc:
    claim: registry-cephfs-rwx-pvc
.
.
.
    Copy to Clipboard Toggle word wrap

    After editing 

    .
.
.
storage:
  emptyDir: {}
.
.
.
    Copy to Clipboard Toggle word wrap

    In this example, the PVC is called registry-cephfs-rwx-pvc, which is now safe to delete.

  2. Delete the PVC. 

    $ oc delete pvc <pvc-name> -n openshift-image-registry --wait=true --timeout=5m
    Copy to Clipboard Toggle word wrap

Use this section to clean up the cluster logging operator from OpenShift Data Foundation.

The Persistent Volume Claims (PVCs) that are created as a part of configuring the cluster logging operator are in the openshift-logging namespace.

Prerequisites

  • The cluster logging instance should have been configured to use the OpenShift Data Foundation PVCs.

Procedure

  1. Remove the ClusterLogging instance in the namespace. 

    $ oc delete clusterlogging instance -n openshift-logging --wait=true --timeout=5m
    Copy to Clipboard Toggle word wrap

    The PVCs in the openshift-logging namespace are now safe to delete.

  2. Delete the PVCs. 

    $ oc delete pvc <pvc-name> -n openshift-logging --wait=true --timeout=5m
    Copy to Clipboard Toggle word wrap
    <pvc-name>
    Is the name of the PVC

4.4. Removing external IBM FlashSystem secret
Copy link

You need to clean up the FlashSystem secret from OpenShift Data Foundation while uninstalling. This secret is created when you configure the external IBM FlashSystem Storage. For more information, see Creating an OpenShift Data Foundation Cluster for external IBM FlashSystem storage.

Procedure

  • Remove the IBM FlashSystem secret by using the following command: 

    $ oc delete secret -n openshift-storage ibm-flashsystem-storage
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat