Ibm fussion access

content/storage/ibm-fusion-access-san/index.md

@@ -0,0 +1,137 @@
+---
+title: IBM Fusion Access SAN
+linktitle: IBM Fusion Access SAN
+description: IBM Fusion Access SAN
+tags: ['storage','v4.20']
+icon: ibm/logo
+---
+# IBM Fusion Access SAN
+
+Official documentation:
+
+* <https://www.ibm.com/docs/en/fusion-software/2.12.0?topic=san-deploying-fusion-access>
+
+Tested with:
+
+|Component|Version|
+|---|---|
+|OpenShift|v4.20.4|
+|OpenShift Virt|v4.20.x|
+|IBM Fussion Access for SAN|2.12.0|
+
+# Prerequisites
+
+## Create an IBMid
+
+<https://www.ibm.com/account/reg/us-en/signup?formid=urx-19776>
+
+## Request a 60day IBM Storage Fusion trail version
+
+<https://www.ibm.com/docs/en/storage-fusion/storage/2.6.0?topic=overview-storage-fusion-trial-version>
+
+## Create an Entitlement key
+
+<https://myibm.ibm.com/products-services/containerlibrary>
+
+## Create an OpenShift cluster
+
+* With at least 3 worker nodes each with ~32 GB memory
+* All nodes need a shared disk. Via iSCSI, FC and KVM
+* OpenShift internal registry is running with storage
+
+!!! warning
+
+    OpenShift internal registry is mandatory because IBM Fusion Access for SAN builds via Kernel Module Management a container image with the kernel module.
+
+    It means you need highly available storage for the internal registry to start highly available storage.
+
+## At this point, there is a demo video available
+
+<https://www.youtube.com/watch?v=ayXgD4e61K4>
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/ayXgD4e61K4?si=27io6kIPJ3obqi2Z" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+
+## Install Operator
+
+<https://www.ibm.com/docs/en/fusion-software/2.12.0?topic=san-installing-fusion-access-operator>
+
+## Create a Kubernetes pull secret
+
+with the entitlement key from above:
+
+```shell
+oc create secret -n ibm-fusion-access generic fusion-pullsecret \
+--from-literal=ibm-entitlement-key=<ibm-entitlement-key>
+```
+
+## Creating the FusionAccess CR
+
+<https://www.ibm.com/docs/en/fusion-software/2.12.0?topic=san-creating-fusionaccess-cr>
+
+## Creating a storage cluster
+
+<https://www.ibm.com/docs/en/fusion-software/2.12.0?topic=san-creating-storage-cluster>
+
+After creating the storage cluster, it's building the kernel module container image. Check builds in ibm-fusion-access project.
+
+Check the pods i folowing projects
+
+* `ibm-fusion-access`
+* `ibm-spectrum-scale`
+
+more details around the deployment.
+
+## Creating a filesystem
+
+<https://www.ibm.com/docs/en/fusion-software/2.12.0?topic=san-creating-filesystem>
+
+# Notes for various lab environments
+
+Add a shared disk to all worker nodes
+
+## Plain KVM environment
+
+I deployed via <https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4>. Now let's add a shared lvm disk becaus all is running on one node.
+
+!!! warning
+
+    In my lab environment, I had following issue during the load of gpfs related kernel modules:
+
+    ```log
+    I0105 18:25:24.083670 1 funcs_kmod.go:12] "Starting worker" logger="kmm-worker" version="" git commit=""
+    I0105 18:25:24.083696 1 funcs_kmod.go:24] "Reading config" logger="kmm-worker" path="/etc/kmm-worker/config.yaml"
+    I0105 18:25:24.083968 1 worker.go:77] "preparing firmware for loading" logger="kmm-worker" image directory="/tmp/opt/lxtrace" host mount directory="/var/lib/firmware"
+    I0105 18:25:24.084219 1 modprobe.go:33] "Running modprobe" logger="kmm-worker" command="/usr/sbin/modprobe -vd /tmp/opt mmfs26"
+    I0105 18:25:24.086346 1 cmdlog.go:70] "modprobe: ERROR: could not insert 'mmfs26': Key was rejected by service" logger="kmm-worker.modprobe.stderr"
+    I0105 18:25:24.086394 1 cmdlog.go:70] "insmod /tmp/opt/lib/modules/5.14.0-570.72.1.el9_6.x86_64/tracedev.ko " logger="kmm-worker.modprobe.stdout"
+    E0105 18:25:24.086679 1 cmdutils.go:11] "Fatal error" err="error while waiting on the command: exit status 1" logger="kmm-worker"
+    ```
+
+    Tested with following CPUs `Intel(R) Xeon(R) W-2145 CPU @ 3.70GHz` or `AMD Ryzen 9 3900 12-Core Processor`
+
+```shell
+lvcreate -L1T -n fusion vg0
+```
+
+```shell
+export CLUSTER_NAME=demo
+for node in ${CLUSTER_NAME}-compute-0  ${CLUSTER_NAME}-compute-1  ${CLUSTER_NAME}-compute-2 ; do
+    virsh attach-disk $node /dev/mapper/vg0-fusion sdb --targetbus scsi --cache none --persistent --live --wwn 5000c500155a3456
+done
+```
+
+## iSCSI & RHCOS
+
+This is ugly as hel, but works for quick testing.
+
+=== "Apply iscsi helper"
+
+    ```
+    oc apply -f {{ page.canonical_url }}iscsi-helper.yaml
+    ```
+
+=== "iscsi-helper.yaml"
+
+    ```yaml
+    --8<-- "content/storage/ibm-fusion-access-san/iscsi-helper.yaml"
+    ```

content/storage/ibm-fusion-access-san/iscsi-helper.yaml

@@ -0,0 +1,86 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: iscsi-helper
+spec: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: iscsi-helper
+  namespace: iscsi-helper
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:privileged
+  namespace: iscsi-helper
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+  - kind: ServiceAccount
+    name: iscsi-helper
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: iscsi-helper
+  namespace: iscsi-helper
+spec:
+  selector:
+    matchLabels:
+      name: iscsi-helper
+  template:
+    metadata:
+      annotations:
+        openshift.io/required-scc: "privileged"
+      labels:
+        name: iscsi-helper
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/worker: ""
+      serviceAccountName: iscsi-helper
+      tolerations:
+        - key: "node-role.kubernetes.io/master"
+          operator: "Exists"
+          effect: "NoSchedule"
+      containers:
+        - name: iscsi-helper
+          image: registry.access.redhat.com/ubi10-micro:10.1
+          securityContext:
+            privileged: true
+            capabilities:
+              add:
+                - SYS_CHROOT
+            runAsGroup: 0
+            runAsUser: 0
+          env:
+            - name: ISCSI_HELPER_TARGET
+              value: "iqn.1992-08.com.netapp:sn.4f0586e4962411efb20d00a0987cd31a:vs.19"
+          command:
+            - /usr/sbin/chroot
+            - /host
+            - sh
+            - -c
+            - |
+
+              iscsiadm --mode discovery --op update --type sendtargets --portal   10.32.97.20
+              for i in $(seq 20 23); do  iscsiadm -m node --targetname ${ISCSI_HELPER_TARGET} -p 10.32.97.${i} --login ; done
+
+              multipath -ll
+              sleep infinity
+          volumeMounts:
+            - name: host-root
+              mountPath: /host
+              readOnly: false
+      hostNetwork: true
+      hostPID: true
+      hostIPC: true
+      volumes:
+        - name: host-root
+          hostPath:
+            path: /
+            type: Directory

content/storage/index.md

@@ -0,0 +1,25 @@
+---
+title: Storage
+linktitle: Storage
+description: Storage
+tags: ['storage',]
+icon: fontawesome/solid/database
+---
+# Storage
+
+## Content
+
+{% set current_page_title = page.title %}
+{% for n in navigation if n.title == current_page_title %}
+{% for c in n.children if c.title != current_page_title %}
+{% if c.abs_url is string %}
+
+- [{{ c.title }}]({{c.canonical_url}})
+
+{% else %}
+
+- **[{{ c.title }}]({{ c.children[0].canonical_url }})**
+
+{% endif %}
+{% endfor %}
+{% endfor %}

mkdocs.yml

@@ -193,6 +193,10 @@ nav:
       - control-plane/index.md
       - Restoring etcd quorum: control-plane/lost-quorum/index.md
 
+  - Storage:
+      - storage/index.md
+      - IBM Fussion Access SAN: storage/ibm-fusion-access-san/index.md
+
   - Troubleshooting: troubleshooting/index.md
 
   - Client: client/index.md

new-page-template.md

@@ -3,6 +3,7 @@ title: New Page
 linktitle: New Page
 description: Some information
 tags: ['tagA','tagB','v4.17']
+icon: redhat/Technology_icon-Red_Hat-OpenShift_Virtualization-Standard-RGB
 ---
 # Some information