NetApp Astra Control Center overview

Contributors ac-ntap kulkarnn

NetApp Astra Control Center offers a rich set of storage and application-aware data management services for stateful Kubernetes workloads deployed in an on-premises environment and powered by NetApp data protection technology.

Error: Missing Graphic Image

NetApp Astra Control Center can be installed on a Red Hat OpenShift cluster that has the Astra Trident storage orchestrator deployed and configured with storage classes and storage backends to NetApp ONTAP storage systems.

For the installation and configuration of Astra Trident to support Astra Control Center, see this document here.

In a cloud-connected environment, Astra Control Center uses Cloud Insights to provide advanced monitoring and telemetry. In the absence of a Cloud Insights connection, limited monitoring and telemetry (7-days worth of metrics) is available and exported to Kubernetes native monitoring tools (Prometheus and Grafana) through open metrics endpoints.

Astra Control Center is fully integrated into the NetApp AutoSupport and Active IQ ecosystem to provide support for users, provide assistance with troubleshooting, and display usage statistics.

In addition to the paid version of Astra Control Center, a 90-day evaluation license is available. The evaluation version is supported through the email and community (Slack channel). Customers have access to these and other knowledge-base articles and the documentation available from the in-product support dashboard.

To get started with NetApp Astra Control Center, visit the Astra website.

Astra Control Center installation prerequisites

  1. One or more Red Hat OpenShift clusters. Versions 4.6 EUS and 4.7 are currently supported.

  2. Astra Trident must already be installed and configured on each Red Hat OpenShift cluster.

  3. One or more NetApp ONTAP storage systems running ONTAP 9.5 or greater.

    Note It’s best practice for each OpenShift install at a site to have a dedicated SVM for persistent storage. Multi-site deployments require additional storage systems.
  4. A Trident storage backend must be configured on each OpenShift cluster with an SVM backed by an ONTAP cluster.

  5. A default StorageClass configured on each OpenShift cluster with Astra Trident as the storage provisioner.

  6. A load balancer must be installed and configured on each OpenShift cluster for load balancing and exposing OpenShift Services.

    Note See the link here for information about load balancers that have been validated for this purpose.
  7. A private image registry must be configured to host the NetApp Astra Control Center images.

    Note See the link here to install and configure an OpenShift private registry for this purpose.
  8. You must have Cluster Admin access to the Red Hat OpenShift cluster.

  9. You must have Admin access to NetApp ONTAP clusters.

  10. An admin workstation with docker or podman, tridentctl, and oc or kubectl tools installed and added to your $PATH.

    Note Docker installations must have docker version greater than 20.10 and Podman installations must have podman version greater than 3.0.

Install Astra Control Center

Using OperatorHub
  1. Log into the NetApp Support Site and download the latest version of NetApp Astra Control Center. To do so requires a license attached to your NetApp account. After you download the tarball, transfer it to the admin workstation.

    Note To get started with a trial license for Astra Control, visit the Astra registration site.
  2. Unpack the tar ball and change the working directory to the resulting folder.

    [netapp-user@rhel7 ~]$ tar -vxzf astra-control-center-21.12.60.tar.gz
    [netapp-user@rhel7 ~]$ cd astra-control-center-21.12.60
  3. Before starting the installation, push the Astra Control Center images to an image registry. You can choose to do this with either Docker or Podman, instructions for both are provided in this step.

    Podman
    1. Export the registry FQDN with the organization/namespace/project name as a environment variable ‘registry’.

      [netapp-user@rhel7 ~]$ export REGISTRY=astra-registry.apps.ocp-vmw.cie.netapp.com/netapp-astra
    2. Log into the registry.

      [netapp-user@rhel7 ~]$ podman login -u ocp-user -p password --tls-verify=false astra-registry.apps.ocp-vmw.cie.netapp.com
      Note If you are using kubeadmin user to log into the private registry, then use token instead of password - podman login -u ocp-user -p token --tls-verify=false astra-registry.apps.ocp-vmw.cie.netapp.com.
      Note Alternatively, you can create a service account, assign registry-editor and/or registry-viewer role (based on whether you require push/pull access) and log into the registry using service account’s token.
    3. Create a shell script file and paste the following content in it.

      [netapp-user@rhel7 ~]$ vi push-images-to-registry.sh
      
      for astraImageFile in $(ls images/*.tar) ; do
        # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: '
        astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image(s): //')
        astraImage=$(echo ${astraImage} | sed 's!localhost/!!')
        # Tag with local image repo.
        podman tag ${astraImage} ${REGISTRY}/${astraImage}
        # Push to the local repo.
        podman push ${REGISTRY}/${astraImage}
      done
      Note If you are using untrusted certificates for your registry, edit the shell script and use --tls-verify=false for the podman push command podman push $REGISTRY/$(echo $astraImage | sed 's/[\/]\+\///') --tls-verify=false.
    4. Make the file executable.

      [netapp-user@rhel7 ~]$ chmod +x push-images-to-registry.sh
    5. Execute the shell script.

      [netapp-user@rhel7 ~]$ ./push-images-to-registry.sh
    Docker
    1. Export the registry FQDN with the organization/namespace/project name as a environment variable ‘registry’.

      [netapp-user@rhel7 ~]$ export REGISTRY=astra-registry.apps.ocp-vmw.cie.netapp.com/netapp-astra
    2. Log into the registry.

      [netapp-user@rhel7 ~]$ docker login -u ocp-user -p password astra-registry.apps.ocp-vmw.cie.netapp.com
      Note If you are using kubeadmin user to log into the private registry, then use token instead of password - docker login -u ocp-user -p token astra-registry.apps.ocp-vmw.cie.netapp.com.
      Note Alternatively, you can create a service account, assign registry-editor and/or registry-viewer role (based on whether you require push/pull access) and log into the registry using service account’s token.
    3. Create a shell script file and paste the following content in it.

      [netapp-user@rhel7 ~]$ vi push-images-to-registry.sh
      
      for astraImageFile in $(ls images/*.tar) ; do
        # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: '
        astraImage=$(docker load --input ${astraImageFile} | sed 's/Loaded image: //')
        astraImage=$(echo ${astraImage} | sed 's!localhost/!!')
        # Tag with local image repo.
        docker tag ${astraImage} ${REGISTRY}/${astraImage}
        # Push to the local repo.
        docker push ${REGISTRY}/${astraImage}
      done
    4. Make the file executable.

      [netapp-user@rhel7 ~]$ chmod +x push-images-to-registry.sh
    5. Execute the shell script.

      [netapp-user@rhel7 ~]$ ./push-images-to-registry.sh
  1. When using private image registries that are not publicly trusted, upload the image registry TLS certificates to the OpenShift nodes. To do so, create a configmap in the openshift-config namespace using the TLS certificates and patch it to the cluster image config to make the certificate trusted.

    [netapp-user@rhel7 ~]$ oc create configmap default-ingress-ca -n openshift-config --from-file=astra-registry.apps.ocp-vmw.cie.netapp.com=tls.crt
    
    [netapp-user@rhel7 ~]$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"default-ingress-ca"}}}' --type=merge
    Note If you are using an OpenShift internal registry with default TLS certificates from the ingress operator with a route, you still need to follow the previous step to patch the certificates to the route hostname. To extract the certificates from ingress operator, you can use the command oc extract secret/router-ca --keys=tls.crt -n openshift-ingress-operator.
  2. Create a namespace netapp-acc-operator for Astra Control Center.

    [netapp-user@rhel7 ~]$ oc create ns netapp-acc-operator
    
    namespace/netapp-acc-operator created
  3. Create a secret with credentials to log into the image registry in netapp-acc-operator namespace.

    [netapp-user@rhel7 ~]$ oc create secret docker-registry astra-registry-cred --docker-server=astra-registry.apps.ocp-vmw.cie.netapp.com --docker-username=ocp-user --docker-password=password -n netapp-acc-operator
    
    secret/astra-registry-cred created
  4. Log into the Red Hat OpenShift GUI console with cluster-admin access.

  5. Select Administrator from the Perspective drop down.

  6. Navigate to Operators > OperatorHub and search for Astra.

    OpenShift Operator Hub
  7. Select netapp-acc-operator tile and click Install.

    ACC operator tile
  8. On the Install Operator screen, accept all default parameters and click Install.

    ACC operator details
  9. Wait for the operator installation to complete.

    ACC operator wait for install
  10. Once the operator installation succeeds, navigate to click on View Operator.

    ACC operator install complete
  11. Then click on Create Instance in Astra Control Center tile in the operator.

    Create ACC instance
  12. Fill the Create AstraControlCenter form fields and click Create.

    1. Optionally edit the Astra Control Center instance name.

    2. Optionally enable or disable Auto Support. Retaining Auto Support functionality is recommended.

    3. Enter the FQDN for Astra Control Center.

    4. Enter the Astra Control Center version; the latest is displayed by default.

    5. Enter an account name for Astra Control Center and admin details like first name, last name and email address.

    6. Enter the volume reclaim policy, default is Retain.

    7. In Image Registry, enter the FQDN for your registry along with the organization name as it was given while pushing the images to the registry (in this example, astra-registry.apps.ocp-vmw.cie.netapp.com/netapp-astra)

    8. If you use a registry that requires authentication, enter the secret name in Image Registry section.

    9. Configure scaling options for Astra Control Center resource limits.

    10. Enter the storage class name if you want to place PVCs on a non-default storage class.

    11. Define CRD handling preferences.

      Create ACC instance
      Create ACC instance
Automated [Ansible]
  1. To use Ansible playbooks to deploy Astra Control Center, you need an Ubuntu/RHEL machine with Ansible installed. Follow the procedure here for Ubuntu and the procedure here for RHEL.

  2. Clone the GitHub repository that hosts the Ansible content.

    git clone https://github.com/NetApp-Automation/na_astra_control_suite.git
  3. Log into the NetApp Support site and download the latest version of NetApp Astra Control Center. To do so requires a license attached to your NetApp account. After you download the tarball, transfer it to the workstation.

    Note To get started with a trial license for Astra Control, visit the Astra registration site.
  4. Create or obtain the kubeconfig file with admin access to the OpenShift cluster on which Astra Control Center is to be installed.

  5. Change the directory to the na_astra_control_suite.

    cd na_astra_control_suite
  6. Edit the vars/vars.yml file, and fill in the variables with the required information.

    #Define whether or not to push the Astra Control Center images to your private registry [Allowed values: yes, no]
    push_images: yes
    
    #The directory hosting the Astra Control Center installer
    installer_directory: /home/admin/
    
    #Specify the ingress type. Allowed values - "AccTraefik" or "Generic"
    #"AccTraefik" if you want the installer to create a LoadBalancer type service to access ACC, requires MetalLB or similar.
    #"Generic" if you want to create or configure ingress controller yourself, installer just creates a ClusterIP service for traefik.
    ingress_type: "AccTraefik"
    
    #Name of the Astra Control Center installer (Do not include the extension, just the name)
    astra_tar_ball_name: astra-control-center-22.04.0
    
    #The complete path to the kubeconfig file of the kubernetes/openshift cluster Astra Control Center needs to be installed to.
    hosting_k8s_cluster_kubeconfig_path: /home/admin/cluster-kubeconfig.yml
    
    #Namespace in which Astra Control Center is to be installed
    astra_namespace: netapp-astra-cc
    
    #Astra Control Center Resources Scaler. Leave it blank if you want to accept the Default setting.
    astra_resources_scaler: Default
    
    #Storageclass to be used for Astra Control Center PVCs, it must be created before running the playbook [Leave it blank if you want the PVCs to use default storageclass]
    astra_trident_storageclass: basic
    
    #Reclaim Policy for Astra Control Center Persistent Volumes [Allowed values: Retain, Delete]
    storageclass_reclaim_policy: Retain
    
    #Private Registry Details
    astra_registry_name: "docker.io"
    
    #Whether the private registry requires credentials [Allowed values: yes, no]
    require_reg_creds: yes
    
    #If require_reg_creds is yes, then define the container image registry credentials
    #Usually, the registry namespace and usernames are same for individual users
    astra_registry_namespace: "registry-user"
    astra_registry_username: "registry-user"
    astra_registry_password: "password"
    
    #Kuberenets/OpenShift secret name for Astra Control Center
    #This name will be assigned to the K8s secret created by the playbook
    astra_registry_secret_name: "astra-registry-credentials"
    
    #Astra Control Center FQDN
    acc_fqdn_address: astra-control-center.cie.netapp.com
    
    #Name of the Astra Control Center instance
    acc_account_name: ACC Account Name
    
    #Administrator details for Astra Control Center
    admin_email_address: admin@example.com
    admin_first_name: Admin
    admin_last_name: Admin
  7. Run the playbook to deploy Astra Control Center. The playbook requires root privileges for certain configurations.

    If the user running the playbook is root or has passwordless sudo configured, then run the following command to run the playbook.

    ansible-playbook install_acc_playbook.yml

    If the user has password-based sudo access configured, run the following command to run the playbook, and then enter the sudo password.

    ansible-playbook install_acc_playbook.yml -K

Post Install Steps

  1. It might take several minutes for the installation to complete. Verify that all the pods and services in the netapp-astra-cc namespace are up and running.

    [netapp-user@rhel7 ~]$ oc get all -n netapp-astra-cc
  2. Check the acc-operator-controller-manager logs to ensure that the installation is completed.

    [netapp-user@rhel7 ~]$ oc logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f
    Note The following message indicates the successful installation of Astra Control Center.
    {"level":"info","ts":1624054318.029971,"logger":"controllers.AstraControlCenter","msg":"Successfully Reconciled AstraControlCenter in [seconds]s","AstraControlCenter":"netapp-astra-cc/astra","ae.Version":"[21.12.60]"}
  3. The username for logging into Astra Control Center is the email address of the administrator provided in the CRD file and the password is a string ACC- appended to the Astra Control Center UUID. Run the following command:

    [netapp-user@rhel7 ~]$ oc get astracontrolcenters -n netapp-astra-cc
    NAME    UUID
    astra   345c55a5-bf2e-21f0-84b8-b6f2bce5e95f
    Note In this example, the password is ACC-345c55a5-bf2e-21f0-84b8-b6f2bce5e95f.
  4. Get the traefik service load balancer IP.

    [netapp-user@rhel7 ~]$ oc get svc -n netapp-astra-cc | egrep 'EXTERNAL|traefik'
    
    NAME                                       TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                                                                   AGE
    traefik                                    LoadBalancer   172.30.99.142    10.61.186.181   80:30343/TCP,443:30060/TCP                                                16m
  5. Add an entry in the DNS server pointing the FQDN provided in the Astra Control Center CRD file to the EXTERNAL-IP of the traefik service.

    Add DNS entry for ACC GUI

  6. Log into the Astra Control Center GUI by browsing its FQDN.

    Astra Control Center login

  7. When you log into Astra Control Center GUI for the first time using the admin email address provided in CRD, you need to change the password.

    Astra Control Center mandatory password change

  8. If you wish to add a user to Astra Control Center, navigate to Account > Users, click Add, enter the details of the user, and click Add.

    Astra Control Center create user

  9. Astra Control Center requires a license for all of it’s functionalities to work. To add a license, navigate to Account > License, click Add License, and upload the license file.

    Astra Control Center add license

    Note If you encounter issues with the install or configuration of NetApp Astra Control Center, the knowledge base of known issues is available here.