Red Hat SummitOpenShift Container Storage is now OpenShift Data Foundation starting with version 4.9.
Chapter 2. Dynamically provisioned OpenShift Data Foundation deployed on VMware
2.1. Replacing operational or failed storage devices on VMware infrastructure
Create a new Persistent Volume Claim (PVC) on a new volume, and remove the old object storage device (OSD) when one or more virtual machine disks (VMDK) needs to be replaced in OpenShift Data Foundation which is deployed dynamically on VMware infrastructure.
Prerequisites
Ensure that the data is resilient.
-
In the OpenShift Web Console, click Storage
OpenShift Data Foundation. -
Click the Storage Systems tab, and then click
ocs-storagecluster-storagesystem. - In the Status card of Block and File dashboard, under the Overview tab, verify that Data Resiliency has a green tick mark.
-
In the OpenShift Web Console, click Storage
Procedure
Identify the OSD that needs to be replaced and the OpenShift Container Platform node that has the OSD scheduled on it.
oc get -n openshift-storage pods -l app=rook-ceph-osd -o wide
$ oc get -n openshift-storage pods -l app=rook-ceph-osd -o wideCopy to Clipboard Copied! Example output:
rook-ceph-osd-0-6d77d6c7c6-m8xj6 0/1 CrashLoopBackOff 0 24h 10.129.0.16 compute-2 <none> <none> rook-ceph-osd-1-85d99fb95f-2svc7 1/1 Running 0 24h 10.128.2.24 compute-0 <none> <none> rook-ceph-osd-2-6c66cdb977-jp542 1/1 Running 0 24h 10.130.0.18 compute-1 <none> <none>
rook-ceph-osd-0-6d77d6c7c6-m8xj6 0/1 CrashLoopBackOff 0 24h 10.129.0.16 compute-2 <none> <none> rook-ceph-osd-1-85d99fb95f-2svc7 1/1 Running 0 24h 10.128.2.24 compute-0 <none> <none> rook-ceph-osd-2-6c66cdb977-jp542 1/1 Running 0 24h 10.130.0.18 compute-1 <none> <none>Copy to Clipboard Copied! In this example,
rook-ceph-osd-0-6d77d6c7c6-m8xj6needs to be replaced andcompute-2is the OpenShift Container platform node on which the OSD is scheduled.NoteIf the OSD to be replaced is healthy, the status of the pod will be
Running.Scale down the OSD deployment for the OSD to be replaced.
Each time you want to replace the OSD, update the
osd_id_to_removeparameter with the OSD ID, and repeat this step.osd_id_to_remove=0
$ osd_id_to_remove=0Copy to Clipboard Copied! oc scale -n openshift-storage deployment rook-ceph-osd-${osd_id_to_remove} --replicas=0$ oc scale -n openshift-storage deployment rook-ceph-osd-${osd_id_to_remove} --replicas=0Copy to Clipboard Copied! where,
osd_id_to_removeis the integer in the pod name immediately after therook-ceph-osdprefix. In this example, the deployment name isrook-ceph-osd-0.Example output:
deployment.extensions/rook-ceph-osd-0 scaled
deployment.extensions/rook-ceph-osd-0 scaledCopy to Clipboard Copied! Verify that the
rook-ceph-osdpod is terminated.oc get -n openshift-storage pods -l ceph-osd-id=${osd_id_to_remove}$ oc get -n openshift-storage pods -l ceph-osd-id=${osd_id_to_remove}Copy to Clipboard Copied! Example output:
No resources found.
No resources found.Copy to Clipboard Copied! ImportantIf the
rook-ceph-osdpod is interminatingstate, use theforceoption to delete the pod.oc delete pod rook-ceph-osd-0-6d77d6c7c6-m8xj6 --force --grace-period=0
$ oc delete pod rook-ceph-osd-0-6d77d6c7c6-m8xj6 --force --grace-period=0Copy to Clipboard Copied! Example output:
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely. pod "rook-ceph-osd-0-6d77d6c7c6-m8xj6" force deleted
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely. pod "rook-ceph-osd-0-6d77d6c7c6-m8xj6" force deletedCopy to Clipboard Copied! Remove the old OSD from the cluster so that you can add a new OSD.
Delete any old
ocs-osd-removaljobs.oc delete -n openshift-storage job ocs-osd-removal-job
$ oc delete -n openshift-storage job ocs-osd-removal-jobCopy to Clipboard Copied! Example output:
job.batch "ocs-osd-removal-job" deleted
job.batch "ocs-osd-removal-job" deletedCopy to Clipboard Copied! Navigate to the
openshift-storageproject.oc project openshift-storage
$ oc project openshift-storageCopy to Clipboard Copied! Remove the old OSD from the cluster.
oc process -n openshift-storage ocs-osd-removal \ -p FAILED_OSD_IDS=<failed_osd_id> FORCE_OSD_REMOVAL=false | oc create -n openshift-storage -f -
$ oc process -n openshift-storage ocs-osd-removal \ -p FAILED_OSD_IDS=<failed_osd_id> FORCE_OSD_REMOVAL=false | oc create -n openshift-storage -f -Copy to Clipboard Copied! <failed_osd_id>Is the integer in the pod name immediately after the
rook-ceph-osdprefix. You can add comma separated OSD IDs in the command to remove more than one OSD, for example,FAILED_OSD_IDS=0,1,2.The
FORCE_OSD_REMOVALvalue must be changed totruein clusters that only have three OSDs, or clusters with insufficient space to restore all three replicas of the data after the OSD is removed.WarningThis step results in OSD being completely removed from the cluster. Ensure that the correct value of
osd_id_to_removeis provided.
Verify that the OSD was removed successfully by checking the status of the
ocs-osd-removal-jobpod.A status of
Completedconfirms that the OSD removal job succeeded.oc get pod -l job-name=ocs-osd-removal-job -n openshift-storage
# oc get pod -l job-name=ocs-osd-removal-job -n openshift-storageCopy to Clipboard Copied! Ensure that the OSD removal is completed.
oc logs -l job-name=ocs-osd-removal-job -n openshift-storage --tail=-1 | egrep -i 'completed removal'
$ oc logs -l job-name=ocs-osd-removal-job -n openshift-storage --tail=-1 | egrep -i 'completed removal'Copy to Clipboard Copied! Example output:
2022-05-10 06:50:04.501511 I | cephosd: completed removal of OSD 0
2022-05-10 06:50:04.501511 I | cephosd: completed removal of OSD 0Copy to Clipboard Copied! ImportantIf the
ocs-osd-removal-jobfails and the pod is not in the expectedCompletedstate, check the pod logs for further debugging.For example:
oc logs -l job-name=ocs-osd-removal-job -n openshift-storage --tail=-1
# oc logs -l job-name=ocs-osd-removal-job -n openshift-storage --tail=-1Copy to Clipboard Copied! If encryption was enabled at the time of install, remove
dm-cryptmanageddevice-mappermapping from the OSD devices that are removed from the respective OpenShift Data Foundation nodes.Get the PVC name(s) of the replaced OSD(s) from the logs of
ocs-osd-removal-jobpod.oc logs -l job-name=ocs-osd-removal-job -n openshift-storage --tail=-1 |egrep -i ‘pvc|deviceset’
$ oc logs -l job-name=ocs-osd-removal-job -n openshift-storage --tail=-1 |egrep -i ‘pvc|deviceset’Copy to Clipboard Copied! Example output:
2021-05-12 14:31:34.666000 I | cephosd: removing the OSD PVC "ocs-deviceset-xxxx-xxx-xxx-xxx"
2021-05-12 14:31:34.666000 I | cephosd: removing the OSD PVC "ocs-deviceset-xxxx-xxx-xxx-xxx"Copy to Clipboard Copied! For each of the previously identified nodes, do the following:
Create a
debugpod andchrootto the host on the storage node.oc debug node/<node name>
$ oc debug node/<node name>Copy to Clipboard Copied! <node name>Is the name of the node.
chroot /host
$ chroot /hostCopy to Clipboard Copied!
Find a relevant device name based on the PVC names identified in the previous step.
dmsetup ls| grep <pvc name>
$ dmsetup ls| grep <pvc name>Copy to Clipboard Copied! <pvc name>Is the name of the PVC.
Example output:
ocs-deviceset-xxx-xxx-xxx-xxx-block-dmcrypt (253:0)
ocs-deviceset-xxx-xxx-xxx-xxx-block-dmcrypt (253:0)Copy to Clipboard Copied!
Remove the mapped device.
cryptsetup luksClose --debug --verbose ocs-deviceset-xxx-xxx-xxx-xxx-block-dmcrypt
$ cryptsetup luksClose --debug --verbose ocs-deviceset-xxx-xxx-xxx-xxx-block-dmcryptCopy to Clipboard Copied! ImportantIf the above command gets stuck due to insufficient privileges, run the following commands:
-
Press
CTRL+Zto exit the above command. Find the PID of the process which was stuck.
ps -ef | grep crypt
$ ps -ef | grep cryptCopy to Clipboard Copied! Terminate the process using the
killcommand.kill -9 <PID>
$ kill -9 <PID>Copy to Clipboard Copied! <PID>- Is the process ID.
Verify that the device name is removed.
dmsetup ls
$ dmsetup lsCopy to Clipboard Copied!
-
Press
Delete the
ocs-osd-removaljob.oc delete -n openshift-storage job ocs-osd-removal-job
$ oc delete -n openshift-storage job ocs-osd-removal-jobCopy to Clipboard Copied! Example output:
job.batch "ocs-osd-removal-job" deleted
job.batch "ocs-osd-removal-job" deletedCopy to Clipboard Copied!
When using an external key management system (KMS) with data encryption, the old OSD encryption key can be removed from the Vault server as it is now an orphan key.
Verfication steps
Verify that there is a new OSD running.
oc get -n openshift-storage pods -l app=rook-ceph-osd
$ oc get -n openshift-storage pods -l app=rook-ceph-osdCopy to Clipboard Copied! Example output:
rook-ceph-osd-0-5f7f4747d4-snshw 1/1 Running 0 4m47s rook-ceph-osd-1-85d99fb95f-2svc7 1/1 Running 0 1d20h rook-ceph-osd-2-6c66cdb977-jp542 1/1 Running 0 1d20h
rook-ceph-osd-0-5f7f4747d4-snshw 1/1 Running 0 4m47s rook-ceph-osd-1-85d99fb95f-2svc7 1/1 Running 0 1d20h rook-ceph-osd-2-6c66cdb977-jp542 1/1 Running 0 1d20hCopy to Clipboard Copied! Verify that there is a new PVC created which is in
Boundstate.oc get -n openshift-storage pvc
$ oc get -n openshift-storage pvcCopy to Clipboard Copied! Example output:
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE ocs-deviceset-0-0-2s6w4 Bound pvc-7c9bcaf7-de68-40e1-95f9-0b0d7c0ae2fc 512Gi RWO thin 5m ocs-deviceset-1-0-q8fwh Bound pvc-9e7e00cb-6b33-402e-9dc5-b8df4fd9010f 512Gi RWO thin 1d20h ocs-deviceset-2-0-9v8lq Bound pvc-38cdfcee-ea7e-42a5-a6e1-aaa6d4924291 512Gi RWO thin 1d20h
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE ocs-deviceset-0-0-2s6w4 Bound pvc-7c9bcaf7-de68-40e1-95f9-0b0d7c0ae2fc 512Gi RWO thin 5m ocs-deviceset-1-0-q8fwh Bound pvc-9e7e00cb-6b33-402e-9dc5-b8df4fd9010f 512Gi RWO thin 1d20h ocs-deviceset-2-0-9v8lq Bound pvc-38cdfcee-ea7e-42a5-a6e1-aaa6d4924291 512Gi RWO thin 1d20hCopy to Clipboard Copied! Optional: If cluster-wide encryption is enabled on the cluster, verify that the new OSD devices are encrypted.
Identify the node(s) where the new OSD pod(s) are running.
oc get -o=custom-columns=NODE:.spec.nodeName pod/<OSD pod name>
$ oc get -o=custom-columns=NODE:.spec.nodeName pod/<OSD pod name>Copy to Clipboard Copied! <OSD pod name>Is the name of the OSD pod.
For example:
oc get -o=custom-columns=NODE:.spec.nodeName pod/rook-ceph-osd-0-544db49d7f-qrgqm
oc get -o=custom-columns=NODE:.spec.nodeName pod/rook-ceph-osd-0-544db49d7f-qrgqmCopy to Clipboard Copied!
For each of the nodes identified in the previous step, do the following:
Create a debug pod and open a chroot environment for the selected host(s).
oc debug node/<node name>
$ oc debug node/<node name>Copy to Clipboard Copied! <node name>Is the name of the node.
chroot /host
$ chroot /hostCopy to Clipboard Copied!
Check for the
cryptkeyword beside theocs-devicesetname(s).lsblk
$ lsblkCopy to Clipboard Copied!
- Log in to OpenShift Web Console and view the storage dashboard.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}