Home > Workload Solutions > Container Platforms > Red Hat OpenShift Container Platform > Guides > Implementation Guide—Red Hat OpenShift Container Platform 4.12 on Intel-powered Dell Infrastructure > ObjectScale deployment
ObjectScale is a software-defined object scale solution based on containerized architecture. This section describes the steps for deploying ObjectScale on a Red Hat OpenShift cluster.
Deployment consists of the following high-level steps:
Ensure that:
On each worker node:
oc debug node/<worker node>
chroot /host
Use the following code excerpt to add the parameters:
[crio.runtime]
pids_limit = 16384
[crio.image]
insecure_registries = ["0.0.0.0/0"]
sudo systemctl restart crio
To create the necessary namespaces in OpenShift, on the CSAH node:
export CSI_NS=csi-baremetal
export SSO_NS=openshift-secondary-scheduler-operator
export OBJECTSCALE_NS=objectscale-system
oc create ns $SSO_NS
oc create ns $CSI_NS
oc create ns $OBJECTSCALE_NS
oc label --overwrite ns $SSO_NS pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged security.openshift.io/scc.podSecurityLabelSync="false"
oc label --overwrite ns $CSI_NS pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged security.openshift.io/scc.podSecurityLabelSync="false"
oc label --overwrite ns $OBJECTSCALE_NS pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=privileged pod-security.kubernetes.io/warn=privileged security.openshift.io/scc.podSecurityLabelSync="false"
oc project $CSI_NS
oc create -f <role yaml file>
oc create -f <role binding yaml file>
oc create secret docker-registry dockercreds --docker-server=docker.io/objectscale --docker-username=<docker username> --docker-password=<docker password> --docker-email=<docker account email> -n $SSO_NS
kubectl create secret docker-registry dockercreds --docker-server=docker.io/objectscale --docker-username==<docker username> --docker-password=<docker password> --docker-email=<docker account email> -n $CSI_NS
kubectl create secret docker-registry dockercreds --docker-server=docker.io/objectscale --docker-username==<docker username> --docker-password=<docker password> --docker-email=<docker account email> -n $OBJECTSCALE_NS
On the CSAH node:
export REGISTRY=docker.io/objectscale
export DOCKER_REGISTRY_SECRET=dockercreds
export CSI_VERSION=1.2.0-629.b170400
export CSI_OPERATOR_VERSION=1.2.0-116.57df4c8
export CHARTS_DIR=/home/core/objectscale
tar zxf dellemc-csi-helm-charts-1.2.0-116.57df4c8.tgz
helm install secondary-scheduler-operator $CHARTS_DIR/dellemc-csi-helm-charts/secondaryscheduleroperator-$CSI_OPERATOR_VERSION.tgz -n $SSO_NS --set global.registry=$REGISTRY --set image.tag=$CSI_OPERATOR_VERSION --set global.registrySecret=$DOCKER_REGISTRY_SECRET
oc get pod -n $SSO_NS
helm install csi-baremetal-operator $CHARTS_DIR/dellemc-csi-helm-charts/csi-baremetal-operator-$CSI_OPERATOR_VERSION.tgz --set global.registry=$REGISTRY --set global.registrySecret=$DOCKER_REGISTRY_SECRET --set image.tag=$CSI_OPERATOR_VERSION --namespace $CSI_NS
oc get pod -n $CSI_NS
helm install csi-baremetal $CHARTS_DIR/dellemc-csi-helm-charts/csi-baremetal-deployment-$CSI_OPERATOR_VERSION.tgz --set image.tag=$CSI_VERSION --set global.registry=$REGISTRY --set global.registrySecret=$DOCKER_REGISTRY_SECRET --set scheduler.patcher.enable=true --set platform=openshift --set driver.drivemgr.type=halmgr --namespace $CSI_NS
The CSI bare-metal deployment starts after approximately five minutes.
oc get sc
The following is sample output from the command:
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
csi-baremetal-sc (default) csi-baremetal Delete WaitForFirstConsumer false 21d
csi-baremetal-sc-hdd csi-baremetal Delete WaitForFirstConsumer false 21d
csi-baremetal-sc-hddlvg csi-baremetal Delete WaitForFirstConsumer true 21d
csi-baremetal-sc-nvme csi-baremetal Delete WaitForFirstConsumer false 21d
csi-baremetal-sc-nvme-raw-part csi-baremetal Delete WaitForFirstConsumer false 21d
csi-baremetal-sc-nvmelvg csi-baremetal Delete WaitForFirstConsumer true 21d
csi-baremetal-sc-ssd csi-baremetal Delete WaitForFirstConsumer false 21d
csi-baremetal-sc-ssdlvg csi-baremetal Delete WaitForFirstConsumer true 21d
csi-baremetal-sc-syslvg csi-baremetal Delete WaitForFirstConsumer true 21d
oc get pod -n $CSI_NS
Follow these steps:
tar zxf objectscale-helm-charts-1.2.0.tgz
helm show readme $CHARTS_DIR/objectscale-portal-1.2.0.tgz | more
The EULA Revision Date value is shown in the last line of the readme file in the format ddMMMYYYY.
export EULA_DATE=09Sep2020
helm install objs $CHARTS_DIR/objectscale-portal-1.2.0.tgz --set global.registry=docker.io/objectscale --set global.registrySecret=$DOCKER_REGISTRY_SECRET --set global.storageClassName=csi-baremetal-sc-nvmelvg --set global.secondaryStorageClass=csi-baremetal-sc-ssdlvg --set global.platform=OpenShift --set global.schedulerName=csi-baremetal-scheduler --namespace $OBJECTSCALE_NS --set accept_eula=$EULA_DATE
This step installs the ObjectScale Portal UI, ObjectScale Manager, DECKS, and KAHM on the OpenShift cluster.
It takes 15 to 20 minutes for all the services to start.
oc get application.app
helm list --all-namespaces
helm install csi-baremetal-alerts --namespace $CSI_NS $CHARTS_DIR/csi-baremetal-alerts-1.2.0.tgz
oc edit svc objectscale-portal-external -n $OBJECTSCALE_NS
Follow this spec definition example:
spec:
clusterIP: 172.30.22.231
clusterIPs:
- 172.30.22.231
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: https
nodePort: 32096
port: 4443
protocol: TCP
targetPort: 4443
selector:
app.kubernetes.io/component: objectscale-portal
app.kubernetes.io/name: objectscale-manager
sessionAffinity: None
type: NodePort
oc get svc -A | grep objectscale-portal-external
objectscale-portal-external LoadBalancer 172.30.252.135 <pending> 4443:32467/TCP 27d
objectscale-portal-external-in NodePort 172.30.103.73 <none> 4443:32096/TCP,8080:32560/TCP 27d
To create an ObjectStore, you must:
To apply an ObjectScale license:
To create an account and a user:
Note: It is only possible to create a bucket in ObjectStore after associating one or more accounts to the ObjectStore. An access key pair for the user is needed for bucket authentication.
In the Permissions tab, you can assign policies to give the user access to different components in the ObjectScale console.
To create an ObjectStore instance:
oc new-project objectstore
This change enables http ports for an insecure connection.
When all the components are created and all the pods are running, the object store instance state changes to "Started" and Health changes to "Available."
To add accounts to the object store instance:
Leave these fields empty if no restrictions are to be applied.
All users in the account gain access to buckets in the object store instance based on the policies you attach to the individual user.
Buckets are object containers that are used to store and control access to objects.
To create a bucket: