Rechercher
SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 3. Adding storage resources for hybrid or Multicloud

download PDF

3.1. Creating a new backing store

Use this procedure to create a new backing store in OpenShift Data Foundation.

Prerequisites

  • Administrator access to OpenShift Data Foundation.

Procedure

  1. In the OpenShift Web Console, click Storage Object Storage.
  2. Click the Backing Store tab.
  3. Click Create Backing Store.

  4. On the Create New Backing Store page, perform the following:

    1. Enter a Backing Store Name.
    2. Select a Provider.
    3. Select a Region.
    4. Optional: Enter an Endpoint.

    5. Select a Secret from the drop-down list, or create your own secret. Optionally, you can Switch to Credentials view which lets you fill in the required secrets.

      For more information on creating an OCP secret, see the section Creating the secret in the Openshift Container Platform documentation.

      Each backingstore requires a different secret. For more information on creating the secret for a particular backingstore, see the Section 3.3, “Adding storage resources for hybrid or Multicloud using the MCG command line interface” and follow the procedure for the addition of storage resources using a YAML.

      Note

      This menu is relevant for all providers except Google Cloud and local PVC.

    6. Enter the Target bucket. The target bucket is a container storage that is hosted on the remote cloud service. It allows you to create a connection that tells the MCG that it can use this bucket for the system.
  5. Click Create Backing Store.

Verification steps

  1. In the OpenShift Web Console, click Storage Object Storage.
  2. Click the Backing Store tab to view all the backing stores.

3.2. Overriding the default backing store

You can use the manualDefaultBackingStore flag to override the default NooBaa backing store and remove it if you do not want to use the default backing store configuration. This provides flexibility to customize your backing store configuration and tailor it to your specific needs. By leveraging this feature, you can further optimize your system and enhance its performance.

Prerequisites

  • Openshift Container Platform with OpenShift Data Foundation operator installed.
  • Download the Multicloud Object Gateway (MCG) command-line interface: 
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
Note

Specify the appropriate architecture for enabling the repositories using subscription manager.

  • For IBM Power, use the following command: 
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpms
  • For IBM Z, use the following command: 
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms

Alternatively, you can install the MCG package from the OpenShift Data Foundation RPMs found here https://access.redhat.com/downloads/content/547/ver=4/rhel---8/4/x86_64/package.

Note

Choose the correct Product Variant according to your architecture.

Procedure

  1. Check if noobaa-default-backing-store is present: 

    $ oc get backingstore
NAME TYPE PHASE AGE
noobaa-default-backing-store pv-pool Creating 102s

  2. Patch the NooBaa CR to enable manualDefaultBackingStore: 

    $ oc patch noobaa/noobaa --type json --patch='[{"op":"add","path":"/spec/manualDefaultBackingStore","value":true}]'
    Important

    Use the Multicloud Object Gateway CLI to create a new backing store and update accounts.

  3. Create a new default backing store to override the default backing store. For example: 

    $ noobaa backingstore create pv-pool _NEW-DEFAULT-BACKING-STORE_ --num-volumes 1 --pv-size-gb 16
    1. Replace NEW-DEFAULT-BACKING-STORE with the name you want for your new default backing store.

  4. Update the admin account to use the new default backing store as its default resource: 

    $ noobaa account update admin@noobaa.io --new_default_resource=_NEW-DEFAULT-BACKING-STORE_

    1. Replace NEW-DEFAULT-BACKING-STORE with the name of the backing store from the previous step.

      Updating the default resource for admin accounts ensures that the new configuration is used throughout your system.

  5. Configure the default-bucketclass to use the new default backingstore: 

    $ oc patch Bucketclass noobaa-default-bucket-class -n openshift-storage --type=json --patch='[{"op": "replace", "path": "/spec/placementPolicy/tiers/0/backingStores/0", "value": "NEW-DEFAULT-BACKING-STORE"}]'

  6. Optional: Delete the noobaa-default-backing-store.

    1. Delete all instances of and buckets associated with noobaa-default-backing-store and update the accounts using it as resource.

    2. Delete the noobaa-default-backing-store: 

      $ oc delete backingstore noobaa-default-backing-store -n openshift-storage | oc patch -n openshift-storage backingstore/noobaa-default-backing-store --type json --patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]'

      You must enable the manualDefaultBackingStore flag before proceeding. Additionally, it is crucial to update all accounts that use the default resource and delete all instances of and buckets associated with the default backing store to ensure a smooth transition.

3.3. Adding storage resources for hybrid or Multicloud using the MCG command line interface

The Multicloud Object Gateway (MCG) simplifies the process of spanning data across the cloud provider and clusters.

Add a backing storage that can be used by the MCG.

Depending on the type of your deployment, you can choose one of the following procedures to create a backing storage:

For VMware deployments, skip to Section 3.4, “Creating an s3 compatible Multicloud Object Gateway backingstore” for further instructions.

3.3.1. Creating an AWS-backed backingstore

Prerequisites

  • Download the Multicloud Object Gateway (MCG) command-line interface. 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
    Note

    Specify the appropriate architecture for enabling the repositories using the subscription manager. For instance, in case of IBM Z use the following command: 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms

  • Alternatively, you can install the MCG package from the OpenShift Data Foundation RPMs found here https://access.redhat.com/downloads/content/547/ver=4/rhel---8/4/x86_64/packages

    Note

    Choose the correct Product Variant according to your architecture.

Procedure

Using MCG command-line interface

  • From the MCG command-line interface, run the following command: 

    noobaa backingstore create aws-s3 <backingstore_name> --access-key=<AWS ACCESS KEY> --secret-key=<AWS SECRET ACCESS KEY> --target-bucket <bucket-name> -n openshift-storage
    <backingstore_name>
    The name of the backingstore.
    <AWS ACCESS KEY> and <AWS SECRET ACCESS KEY>
    The AWS access key ID and secret access key you created for this purpose.
    <bucket-name>

    The existing AWS bucket name. This argument indicates to the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

    The output will be similar to the following: 

    INFO[0001] ✅ Exists: NooBaa "noobaa"
INFO[0002] ✅ Created: BackingStore "aws-resource"
INFO[0002] ✅ Created: Secret "backing-store-secret-aws-resource"

Adding storage resources using a YAML

  1. Create a secret with the credentials: 

    apiVersion: v1
kind: Secret
metadata:
  name: <backingstore-secret-name>
  namespace: openshift-storage
type: Opaque
data:
  AWS_ACCESS_KEY_ID: <AWS ACCESS KEY ID ENCODED IN BASE64>
  AWS_SECRET_ACCESS_KEY: <AWS SECRET ACCESS KEY ENCODED IN BASE64>
    <AWS ACCESS KEY> and <AWS SECRET ACCESS KEY>
    Supply and encode your own AWS access key ID and secret access key using Base64, and use the results for <AWS ACCESS KEY ID ENCODED IN BASE64> and <AWS SECRET ACCESS KEY ENCODED IN BASE64>.
    <backingstore-secret-name>
    The name of the backingstore secret created in the previous step.

  2. Apply the following YAML for a specific backing store: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: bs
  namespace: openshift-storage
spec:
  awsS3:
    secret:
      name: <backingstore-secret-name>
      namespace: openshift-storage
    targetBucket: <bucket-name>
  type: aws-s3
    <bucket-name>
    The existing AWS bucket name.
    <backingstore-secret-name>
    The name of the backingstore secret created in the previous step.

3.3.2. Creating an AWS-STS-backed backingstore

Amazon Web Services Security Token Service (AWS STS) is an AWS feature and it is a way to authenticate using short-lived credentials. Creating an AWS-STS-backed backingstore involves the following:

  • Creating an AWS role using a script, which helps to get the temporary security credentials for the role session
  • Installing OpenShift Data Foundation operator in AWS STS OpenShift cluster
  • Creating backingstore in AWS STS OpenShift cluster

3.3.2.1. Creating an AWS role using a script

You need to create a role and pass the role Amazon resource name (ARN) while installing the OpenShift Data Foundation operator.

Prerequisites

Procedure

  • Create an AWS role using a script that matches OpenID Connect (OIDC) configuration for Multicloud Object Gateway (MCG) on OpenShift Data Foundation.

    The following example shows the details that are required to create the role: 

    {
    “Version”: “2012-10-17",
    “Statement”: [
        {
            “Effect”: “Allow”,
            “Principal”: {
                “Federated”: “arn:aws:iam::123456789123:oidc-provider/mybucket-oidc.s3.us-east-2.amazonaws.com”
            },
            “Action”: “sts:AssumeRoleWithWebIdentity”,
            “Condition”: {
                “StringEquals”: {
                    “mybucket-oidc.s3.us-east-2.amazonaws.com:sub”: [
                        “system:serviceaccount:openshift-storage:noobaa”,
                        “system:serviceaccount:openshift-storage:noobaa-endpoint”
                    ]
                }
            }
        }
    ]
}

    where

    123456789123
    Is the AWS account ID
    mybucket
    Is the bucket name (using public bucket configuration)
    us-east-2
    Is the AWS region
    openshift-storage

    Is the namespace name

    Sample script 

    #!/bin/bash
set -x

# This is a sample script to help you deploy MCG on AWS STS cluster.
# This script shows how to create role-policy and then create the role in AWS.
# For more information see: https://docs.openshift.com/rosa/authentication/assuming-an-aws-iam-role-for-a-service-account.html

# WARNING: This is a sample script. You need to adjust the variables based on your requirement.

# Variables :
# user variables - REPLACE these variables with your values:
ROLE_NAME="<role-name>" # role name that you pick in your AWS account
NAMESPACE="<namespace>" # namespace name where MCG is running. For OpenShift Data Foundation, it is openshift-storage.

# MCG variables
SERVICE_ACCOUNT_NAME_1="<service-account-name-1>" # The service account name of statefulset core and deployment operator (MCG operator)
SERVICE_ACCOUNT_NAME_2="<service-account-name-2>" # The service account name of deployment endpoint (MCG endpoint)

# AWS variables
# Make sure these values are not empty (AWS_ACCOUNT_ID, OIDC_PROVIDER)
# AWS_ACCOUNT_ID is your AWS account number
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
# If you want to create the role before using the cluster, replace this field too.
# The OIDC provider is in the structure:
# 1) <OIDC-bucket>.s3.<aws-region>.amazonaws.com. for OIDC bucket configurations are in an S3 public bucket
# 2) `<characters>.cloudfront.net` for OIDC bucket configurations in an S3 private bucket with a public CloudFront distribution URL
OIDC_PROVIDER=$(oc get authentication cluster -ojson | jq -r .spec.serviceAccountIssuer | sed -e "s/^https:\/\///")
# the permission (S3 full access)
POLICY_ARN_STRINGS="arn:aws:iam::aws:policy/AmazonS3FullAccess"

# Creating the role (with AWS command line interface)

read -r -d '' TRUST_RELATIONSHIP <<EOF
{
 "Version": "2012-10-17",
 "Statement": [
   {
 	"Effect": "Allow",
 	"Principal": {
   	"Federated": "arn:aws:iam::${AWS_ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}"
 	},
 	"Action": "sts:AssumeRoleWithWebIdentity",
 	"Condition": {
   	"StringEquals": {
    	"${OIDC_PROVIDER}:sub": [
      	"system:serviceaccount:${NAMESPACE}:${SERVICE_ACCOUNT_NAME_1}",
      	"system:serviceaccount:${NAMESPACE}:${SERVICE_ACCOUNT_NAME_2}"
      	]
   	}
 	}
   }
 ]
}
EOF

echo "${TRUST_RELATIONSHIP}" > trust.json

aws iam create-role --role-name "$ROLE_NAME" --assume-role-policy-document file://trust.json --description "role for demo"

while IFS= read -r POLICY_ARN; do
   echo -n "Attaching $POLICY_ARN ... "
   aws iam attach-role-policy \
   	--role-name "$ROLE_NAME" \
   	--policy-arn "${POLICY_ARN}"
   echo "ok."
done <<< "$POLICY_ARN_STRINGS"

3.3.2.2. Installing OpenShift Data Foundation operator in AWS STS OpenShift cluster

Prerequisites

Procedure

  • Install OpenShift Data Foundation Operator from the Operator Hub.

    • During the installation add the role ARN in the ARN Details field.
    • Make sure that the Update approval field is set to Manual.

3.3.2.3. Creating a new AWS STS backingstore

Prerequisites

Procedure

  1. Install Multicloud Object Gateway (MCG).

    It is installed with the default backingstore by using the short-lived credentials.

  2. After the MCG system is ready, you can create more backingstores of the type aws-sts-s3 using the following MCG command line interface command: 

    $ noobaa backingstore create aws-sts-s3 <backingstore-name> --aws-sts-arn=<aws-sts-role-arn> --region=<region> --target-bucket=<target-bucket>

    where

    backingstore-name
    Name of the backingstore
    aws-sts-role-arn
    The AWS STS role ARN which will assume role
    region
    The AWS bucket region
    target-bucket
    The target bucket name on the cloud

3.3.3. Creating an IBM COS-backed backingstore

Prerequisites

  • Download the Multicloud Object Gateway (MCG) command-line interface. 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
    Note

    Specify the appropriate architecture for enabling the repositories using the subscription manager. For example,

    • For IBM Power, use the following command: 
    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpms
    • For IBM Z, use the following command: 
    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms

  • Alternatively, you can install the MCG package from the OpenShift Data Foundation RPMs found here https://access.redhat.com/downloads/content/547/ver=4/rhel---8/4/x86_64/packages

    Note

    Choose the correct Product Variant according to your architecture.

Procedure

Using command-line interface

  1. From the MCG command-line interface, run the following command: 

    noobaa backingstore create ibm-cos <backingstore_name> --access-key=<IBM ACCESS KEY> --secret-key=<IBM SECRET ACCESS KEY> --endpoint=<IBM COS ENDPOINT> --target-bucket <bucket-name> -n openshift-storage
    <backingstore_name>
    The name of the backingstore.
    <IBM ACCESS KEY>, <IBM SECRET ACCESS KEY>, and <IBM COS ENDPOINT>

    An IBM access key ID, secret access key and the appropriate regional endpoint that corresponds to the location of the existing IBM bucket.

    To generate the above keys on IBM cloud, you must include HMAC credentials while creating the service credentials for your target bucket.

    <bucket-name>

    An existing IBM bucket name. This argument indicates MCG about the bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

    The output will be similar to the following: 

    INFO[0001] ✅ Exists: NooBaa "noobaa"
INFO[0002] ✅ Created: BackingStore "ibm-resource"
INFO[0002] ✅ Created: Secret "backing-store-secret-ibm-resource"

Adding storage resources using an YAML

  1. Create a secret with the credentials: 

    apiVersion: v1
kind: Secret
metadata:
  name: <backingstore-secret-name>
  namespace: openshift-storage
type: Opaque
data:
  IBM_COS_ACCESS_KEY_ID: <IBM COS ACCESS KEY ID ENCODED IN BASE64>
  IBM_COS_SECRET_ACCESS_KEY: <IBM COS SECRET ACCESS KEY ENCODED IN BASE64>
    <IBM COS ACCESS KEY ID ENCODED IN BASE64> and <IBM COS SECRET ACCESS KEY ENCODED IN BASE64>
    Provide and encode your own IBM COS access key ID and secret access key using Base64, and use the results in place of these attributes respectively.
    <backingstore-secret-name>
    The name of the backingstore secret.

  2. Apply the following YAML for a specific backing store: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: bs
  namespace: openshift-storage
spec:
  ibmCos:
    endpoint: <endpoint>
    secret:
      name: <backingstore-secret-name>
      namespace: openshift-storage
    targetBucket: <bucket-name>
  type: ibm-cos
    <bucket-name>
    an existing IBM COS bucket name. This argument indicates to MCG about the bucket to use as a target bucket for its backingstore, and subsequently, data storage and administration.
    <endpoint>
    A regional endpoint that corresponds to the location of the existing IBM bucket name. This argument indicates to MCG about the endpoint to use for its backingstore, and subsequently, data storage and administration.
    <backingstore-secret-name>
    The name of the secret created in the previous step.

3.3.4. Creating an Azure-backed backingstore

Prerequisites

  • Download the Multicloud Object Gateway (MCG) command-line interface. 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
    Note

    Specify the appropriate architecture for enabling the repositories using the subscription manager. For instance, in case of IBM Z use the following command: 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms

  • Alternatively, you can install the MCG package from the OpenShift Data Foundation RPMs found here https://access.redhat.com/downloads/content/547/ver=4/rhel---8/4/x86_64/packages

    Note

    Choose the correct Product Variant according to your architecture.

Procedure

Using the MCG command-line interface

  • From the MCG command-line interface, run the following command: 

    noobaa backingstore create azure-blob <backingstore_name> --account-key=<AZURE ACCOUNT KEY> --account-name=<AZURE ACCOUNT NAME> --target-blob-container <blob container name> -n openshift-storage
    <backingstore_name>
    The name of the backingstore.
    <AZURE ACCOUNT KEY> and <AZURE ACCOUNT NAME>
    An AZURE account key and account name you created for this purpose.
    <blob container name>

    An existing Azure blob container name. This argument indicates to MCG about the bucket to use as a target bucket for its backingstore, and subsequently, data storage and administration.

    The output will be similar to the following: 

    INFO[0001] ✅ Exists: NooBaa "noobaa"
INFO[0002] ✅ Created: BackingStore "azure-resource"
INFO[0002] ✅ Created: Secret "backing-store-secret-azure-resource"

Adding storage resources using a YAML

  1. Create a secret with the credentials: 

    apiVersion: v1
kind: Secret
metadata:
  name: <backingstore-secret-name>
type: Opaque
data:
  AccountName: <AZURE ACCOUNT NAME ENCODED IN BASE64>
  AccountKey: <AZURE ACCOUNT KEY ENCODED IN BASE64>
    <AZURE ACCOUNT NAME ENCODED IN BASE64> and <AZURE ACCOUNT KEY ENCODED IN BASE64>
    Supply and encode your own Azure Account Name and Account Key using Base64, and use the results in place of these attributes respectively.
    <backingstore-secret-name>
    A unique name of backingstore secret.

  2. Apply the following YAML for a specific backing store: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: bs
  namespace: openshift-storage
spec:
  azureBlob:
    secret:
      name: <backingstore-secret-name>
      namespace: openshift-storage
    targetBlobContainer: <blob-container-name>
  type: azure-blob
    <blob-container-name>
    An existing Azure blob container name. This argument indicates to the MCG about the bucket to use as a target bucket for its backingstore, and subsequently, data storage and administration.
    <backingstore-secret-name>
    with the name of the secret created in the previous step.

3.3.5. Creating a GCP-backed backingstore

Prerequisites

  • Download the Multicloud Object Gateway (MCG) command-line interface. 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
    Note

    Specify the appropriate architecture for enabling the repositories using the subscription manager. For instance, in case of IBM Z use the following command: 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms

  • Alternatively, you can install the MCG package from the OpenShift Data Foundation RPMs found here https://access.redhat.com/downloads/content/547/ver=4/rhel---8/4/x86_64/packages

    Note

    Choose the correct Product Variant according to your architecture.

Procedure

Using the MCG command-line interface

  • From the MCG command-line interface, run the following command: 

    noobaa backingstore create google-cloud-storage <backingstore_name> --private-key-json-file=<PATH TO GCP PRIVATE KEY JSON FILE> --target-bucket <GCP bucket name> -n openshift-storage
    <backingstore_name>
    Name of the backingstore.
    <PATH TO GCP PRIVATE KEY JSON FILE>
    A path to your GCP private key created for this purpose.
    <GCP bucket name>

    An existing GCP object storage bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

    The output will be similar to the following: 

    INFO[0001] ✅ Exists: NooBaa "noobaa"
INFO[0002] ✅ Created: BackingStore "google-gcp"
INFO[0002] ✅ Created: Secret "backing-store-google-cloud-storage-gcp"

Adding storage resources using a YAML

  1. Create a secret with the credentials: 

    apiVersion: v1
kind: Secret
metadata:
  name: <backingstore-secret-name>
type: Opaque
data:
  GoogleServiceAccountPrivateKeyJson: <GCP PRIVATE KEY ENCODED IN BASE64>
    <GCP PRIVATE KEY ENCODED IN BASE64>
    Provide and encode your own GCP service account private key using Base64, and use the results for this attribute.
    <backingstore-secret-name>
    A unique name of the backingstore secret.

  2. Apply the following YAML for a specific backing store: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: bs
  namespace: openshift-storage
spec:
  googleCloudStorage:
    secret:
      name: <backingstore-secret-name>
      namespace: openshift-storage
    targetBucket: <target bucket>
  type: google-cloud-storage
    <target bucket>
    An existing Google storage bucket. This argument indicates to the MCG about the bucket to use as a target bucket for its backing store, and subsequently, data storage dfdand administration.
    <backingstore-secret-name>
    The name of the secret created in the previous step.

3.3.6. Creating a local Persistent Volume-backed backingstore

Prerequisites

  • Download the Multicloud Object Gateway (MCG) command-line interface. 

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
    Note

    Specify the appropriate architecture for enabling the repositories using subscription manager.

    • For IBM Power, use the following command: 
    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpms
    • For IBM Z, use the following command: 
    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms

  • Alternatively, you can install the MCG package from the OpenShift Data Foundation RPMs found here https://access.redhat.com/downloads/content/547/ver=4/rhel---8/4/x86_64/packages

    Note

    Choose the correct Product Variant according to your architecture.

Procedure

Adding storage resources using the MCG command-line interface

  • From the MCG command-line interface, run the following command:

    Note

    This command must be run from within the openshift-storage namespace. 

    $ noobaa -n openshift-storage backingstore create pv-pool <backingstore_name> --num-volumes <NUMBER OF VOLUMES>  --pv-size-gb <VOLUME SIZE> --request-cpu <CPU REQUEST> --request-memory <MEMORY REQUEST> --limit-cpu <CPU LIMIT> --limit-memory <MEMORY LIMIT> --storage-class <LOCAL STORAGE CLASS>

Adding storage resources using YAML

  • Apply the following YAML for a specific backing store: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: <backingstore_name>
  namespace: openshift-storage
spec:
   pvPool:
    numVolumes: <NUMBER OF VOLUMES>
    resources:
      requests:
        storage: <VOLUME SIZE>
        cpu: <CPU REQUEST>
        memory: <MEMORY REQUEST>
      limits:
        cpu: <CPU LIMIT>
        memory: <MEMORY LIMIT>
    storageClass: <LOCAL STORAGE CLASS>
  type: pv-pool
    <backingstore_name>
    The name of the backingstore.
    <NUMBER OF VOLUMES>
    The number of volumes you would like to create. Note that increasing the number of volumes scales up the storage.
    <VOLUME SIZE>
    Required size in GB of each volume.
    <CPU REQUEST>
    Guaranteed amount of CPU requested in CPU unit m.
    <MEMORY REQUEST>
    Guaranteed amount of memory requested.
    <CPU LIMIT>
    Maximum amount of CPU that can be consumed in CPU unit m.
    <MEMORY LIMIT>
    Maximum amount of memory that can be consumed.
    <LOCAL STORAGE CLASS>

    The local storage class name, recommended to use ocs-storagecluster-ceph-rbd.

    The output will be similar to the following: 

    INFO[0001] ✅ Exists: NooBaa "noobaa"
INFO[0002] ✅ Exists: BackingStore "local-mcg-storage"

3.4. Creating an s3 compatible Multicloud Object Gateway backingstore

The Multicloud Object Gateway (MCG) can use any S3 compatible object storage as a backing store, for example, Red Hat Ceph Storage’s RADOS Object Gateway (RGW). The following procedure shows how to create an S3 compatible MCG backing store for Red Hat Ceph Storage’s RGW. Note that when the RGW is deployed, OpenShift Data Foundation operator creates an S3 compatible backingstore for MCG automatically.

Procedure

  1. From the MCG command-line interface, run the following command:

    Note

    This command must be run from within the openshift-storage namespace. 

    noobaa backingstore create s3-compatible rgw-resource --access-key=<RGW ACCESS KEY> --secret-key=<RGW SECRET KEY> --target-bucket=<bucket-name> --endpoint=<RGW endpoint> -n openshift-storage

    1. To get the <RGW ACCESS KEY> and <RGW SECRET KEY>, run the following command using your RGW user secret name: 

      oc get secret <RGW USER SECRET NAME> -o yaml -n openshift-storage
    2. Decode the access key ID and the access key from Base64 and keep them.
    3. Replace <RGW USER ACCESS KEY> and <RGW USER SECRET ACCESS KEY> with the appropriate, decoded data from the previous step.
    4. Replace <bucket-name> with an existing RGW bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.

    5. To get the <RGW endpoint>, see Accessing the RADOS Object Gateway S3 endpoint.

      The output will be similar to the following: 

      INFO[0001] ✅ Exists: NooBaa "noobaa"
INFO[0002] ✅ Created: BackingStore "rgw-resource"
INFO[0002] ✅ Created: Secret "backing-store-secret-rgw-resource"

You can also create the backingstore using a YAML:

  1. Create a CephObjectStore user. This also creates a secret containing the RGW credentials: 

    apiVersion: ceph.rook.io/v1
kind: CephObjectStoreUser
metadata:
  name: <RGW-Username>
  namespace: openshift-storage
spec:
  store: ocs-storagecluster-cephobjectstore
  displayName: "<Display-name>"
    1. Replace <RGW-Username> and <Display-name> with a unique username and display name.

  2. Apply the following YAML for an S3-Compatible backing store: 

    apiVersion: noobaa.io/v1alpha1
kind: BackingStore
metadata:
  finalizers:
  - noobaa.io/finalizer
  labels:
    app: noobaa
  name: <backingstore-name>
  namespace: openshift-storage
spec:
  s3Compatible:
    endpoint: <RGW endpoint>
    secret:
      name: <backingstore-secret-name>
      namespace: openshift-storage
    signatureVersion: v4
    targetBucket: <RGW-bucket-name>
  type: s3-compatible
    1. Replace <backingstore-secret-name> with the name of the secret that was created with CephObjectStore in the previous step.
    2. Replace <bucket-name> with an existing RGW bucket name. This argument tells the MCG which bucket to use as a target bucket for its backing store, and subsequently, data storage and administration.
    3. To get the <RGW endpoint>, see Accessing the RADOS Object Gateway S3 endpoint.

3.5. Creating a new bucket class

Bucket class is a CRD representing a class of buckets that defines tiering policies and data placements for an Object Bucket Class.

Use this procedure to create a bucket class in OpenShift Data Foundation.

Procedure

  1. In the OpenShift Web Console, click Storage Object Storage.
  2. Click the Bucket Class tab.
  3. Click Create Bucket Class.

  4. On the Create new Bucket Class page, perform the following:

    1. Select the bucket class type and enter a bucket class name.

      1. Select the BucketClass type. Choose one of the following options:

        • Standard: data will be consumed by a Multicloud Object Gateway (MCG), deduped, compressed and encrypted.

        • Namespace: data is stored on the NamespaceStores without performing de-duplication, compression or encryption.

          By default, Standard is selected.

      2. Enter a Bucket Class Name.
      3. Click Next.

    2. In Placement Policy, select Tier 1 - Policy Type and click Next. You can choose either one of the options as per your requirements.

      • Spread allows spreading of the data across the chosen resources.
      • Mirror allows full duplication of the data across the chosen resources.
      • Click Add Tier to add another policy tier.

    3. Select at least one Backing Store resource from the available list if you have selected Tier 1 - Policy Type as Spread and click Next. Alternatively, you can also create a new backing store.

      Note

      You need to select at least 2 backing stores when you select Policy Type as Mirror in previous step.

    4. Review and confirm Bucket Class settings.
    5. Click Create Bucket Class.

Verification steps

  1. In the OpenShift Web Console, click Storage Object Storage.
  2. Click the Bucket Class tab and search the new Bucket Class.

3.6. Editing a bucket class

Use the following procedure to edit the bucket class components through the YAML file by clicking the edit button on the Openshift web console.

Prerequisites

  • Administrator access to OpenShift Web Console.

Procedure

  1. In the OpenShift Web Console, click Storage Object Storage.
  2. Click the Bucket Class tab.
  3. Click the Action Menu (⋮) next to the Bucket class you want to edit.
  4. Click Edit Bucket Class.
  5. You are redirected to the YAML file, make the required changes in this file and click Save.

3.7. Editing backing stores for bucket class

Use the following procedure to edit an existing Multicloud Object Gateway (MCG) bucket class to change the underlying backing stores used in a bucket class.

Prerequisites

  • Administrator access to OpenShift Web Console.
  • A bucket class.
  • Backing stores.

Procedure

  1. In the OpenShift Web Console, click Storage Object Storage.
  2. Click the Bucket Class tab.
  3. Click the Action Menu (⋮) next to the Bucket class you want to edit.
  4. Click Edit Bucket Class Resources.

  5. On the Edit Bucket Class Resources page, edit the bucket class resources either by adding a backing store to the bucket class or by removing a backing store from the bucket class. You can also edit bucket class resources created with one or two tiers and different placement policies.

    • To add a backing store to the bucket class, select the name of the backing store.
    • To remove a backing store from the bucket class, uncheck the name of the backing store.
  6. Click Save.
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.