Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 1. Preparing to deploy OpenShift Container Storage

Deploying OpenShift Container Storage on OpenShift Container Platform using dynamic or local storage devices provides you with the option to create internal cluster resources. This will result in the internal provisioning of the base services, which helps to make additional storage classes available to applications.

Before you begin the deployment of Red Hat OpenShift Container Storage using dynamic or local storage, ensure that your resource requirements are met. See Planning your deployment.

  1. For Red Hat Enterprise Linux based hosts for worker nodes in a user provisioned infrastructure (UPI), enable the container access to the underlying file system. Follow the instructions on enable file system access for containers on Red Hat Enterprise Linux based nodes.

    Note

    Skip this step for Red Hat Enterprise Linux CoreOS (RHCOS).

  2. Optional: If you want to enable cluster-wide encryption using an external Key Management System (KMS):

  3. Minimum starting node requirements [Technology Preview]

    An OpenShift Container Storage cluster will be deployed with minimum configuration when the standard deployment resource requirement is not met. See Resource requirements section in Planning guide.

  4. For deploying using local storage devices, see requirements for installing OpenShift Container Storage using local storage devices. These are not applicable for deployment using dynamic storage devices.

Deploying OpenShift Container Storage on an OpenShift Container Platform with worker nodes on a Red Hat Enterprise Linux base in a user provisioned infrastructure (UPI) does not automatically provide container access to the underlying Ceph file system.

Note

Skip this step for hosts based on Red Hat Enterprise Linux CoreOS (RHCOS).

Procedure

  1. Log in to the Red Hat Enterprise Linux based node and open a terminal.

  2. For each node in your cluster:

    1. Verify that the node has access to the rhel-7-server-extras-rpms repository. 

      # subscription-manager repos --list-enabled | grep rhel-7-server
      Copy to Clipboard Toggle word wrap

      If you do not see both rhel-7-server-rpms and rhel-7-server-extras-rpms in the output, or if there is no output, run the following commands to enable each repository. 

      # subscription-manager repos --enable=rhel-7-server-rpms
# subscription-manager repos --enable=rhel-7-server-extras-rpms
      Copy to Clipboard Toggle word wrap

    2. Install the required packages. 

      # yum install -y policycoreutils container-selinux
      Copy to Clipboard Toggle word wrap

    3. Persistently enable container use of the Ceph file system in SELinux. 

      # setsebool -P container_use_cephfs on
      Copy to Clipboard Toggle word wrap

1.2. Enabling key value backend path and policy in Vault
Copia collegamento

Prerequisites

  • Administrator access to Vault.
  • Carefully, choose a unique path name as the backend path that follows the naming convention since it cannot be changed later.

Procedure

  1. Enable the Key/Value (KV) backend path in Vault.

    For Vault KV secret engine API, version 1: 

    $ vault secrets enable -path=ocs kv
    Copy to Clipboard Toggle word wrap

    For Vault KV secret engine API, version 2: 

    $ vault secrets enable -path=ocs kv-v2
    Copy to Clipboard Toggle word wrap

  2. Create a policy to restrict users to perform a write or delete operation on the secret using the following commands: 

    echo '
path "ocs/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}
path "sys/mounts" {
capabilities = ["read"]
}'| vault policy write ocs -
    Copy to Clipboard Toggle word wrap

  3. Create a token matching the above policy: 

    $ vault token create -policy=ocs -format json
    Copy to Clipboard Toggle word wrap

Node requirements

The cluster must consist of at least three OpenShift Container Platform worker nodes with locally attached-storage devices on each of them.

  • Each of the three selected nodes must have at least one raw block device available to be used by OpenShift Container Storage.
  • The devices you use must be empty; the disks must not include physical volumes (PVs), volume groups (VGs), or logical volumes (LVs) remaining on the disk.

See the Resource requirements section in Planning guide.

Arbiter stretch cluster requirements [Technology Preview]

  • You need a minimum of five nodes in three zones. Two zones include two nodes per data-center zone while the third zone includes one node. A master node can be used for the arbiter zone.
  • This solution is designed to be deployed where latencies do not exceed 4 milliseconds round-trip time (RTT) between locations. Contact Red Hat Customer Support if you are planning to deploy with higher latencies.

  • Each node must be pre-labeled with its zone label. To label the nodes use the following command: 

    $ oc label nodes <NodeNames> topology.kubernetes.io/zone='<label>'
    Copy to Clipboard Toggle word wrap

    For example, you can label the nodes as follows:

    • topology.kubernetes.io/zone=arbiter to master or worker node
    • topology.kubernetes.io/zone=datacenter1 to at least two worker nodes
    • topology.kubernetes.io/zone=datacenter2 to at least two worker nodes

Minimum starting node requirements [Technology Preview]

An OpenShift Container Storage cluster will be deployed with minimum configuration when the standard deployment resource requirement is not met. See Resource requirements section in Planning guide.

Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat