发行说明
本产品推出了新版本。
简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。
使用标准流程安装 Astra 控制中心
贡献者
建议更改
PDF
要安装 Astra 控制中心,请从 NetApp 支持站点下载安装包,并执行以下步骤在您的环境中安装 Astra 控制中心操作员和 Astra 控制中心。您可以使用此操作步骤在互联网连接或通风环境中安装 Astra 控制中心。
对于 Red Hat OpenShift 环境,您还可以使用 "备用操作步骤" 使用 OpenShift OperatorHub 安装 Astra Control Center 。
您需要的内容
-
确保所有集群操作员均处于运行状况良好且可用。
OpenShift 示例:
oc get clusteroperators
-
确保所有 API 服务均处于运行状况良好且可用:
OpenShift 示例:
oc get apiservices
-
您已在数据中心为 Astra 控制中心创建 FQDN 地址。
关于此任务
Astra 控制中心安装过程将执行以下操作:
-
将 Astra 组件安装到
NetApp-Accc(或自定义命名)命名空间中。 -
创建默认帐户。
-
为此 Astra 控制中心实例建立默认管理用户电子邮件地址和默认一次性密码
Acc-<UID_of_installation>。系统会为此用户分配所有者角色,首次登录到 UI 时需要此用户。 -
帮助您确定所有 Astra 控制中心 Pod 是否正在运行。
-
安装 Astra UI 。
|
如果您使用的是 Red Hat 的 Podman 而不是 Docker 引擎,则可以使用 Podman 命令代替 Docker 命令。 |
|
请勿在整个安装过程中执行以下命令以避免删除所有 Astra 控制中心 Pod : kubectl delete -f Astra_control_center_operator_deploy.yaml
|
步骤
要安装 Astra 控制中心,请执行以下步骤:
执行以完成部署 "设置任务"。
下载 Astra Control Center 捆绑包
-
从下载 Astra 控制中心捆绑包(
Astra-control-center-[version].tar.gz) "NetApp 支持站点"。 -
从下载 Astra 控制中心证书和密钥的 zip "NetApp 支持站点"。
-
(可选)使用以下命令验证捆绑包的签名:
openssl dgst -sha256 -verify astra-control-center[version].pub -signature <astra-control-center[version].sig astra-control-center[version].tar.gz
打开软件包的包装并更改目录
-
提取映像:
tar -vxzf astra-control-center-[version].tar.gz
-
更改为 Astra 目录。
cd astra-control-center-[version]
将映像添加到本地注册表
-
将 Astra Control Center 映像目录中的文件添加到本地注册表中。
有关自动加载映像的信息,请参见下面的示例脚本。 -
登录到注册表:
Docker :
docker login [your_registry_path]
播客:
podman login [your_registry_path]
-
使用适当的脚本加载映像,标记映像,并将这些映像推送到本地注册表:
Docker :
export REGISTRY=[Docker_registry_path] for astraImageFile in $(ls images/*.tar) ; do # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: ' astraImage=$(docker load --input ${astraImageFile} | sed 's/Loaded image: //') astraImage=$(echo ${astraImage} | sed 's!localhost/!!') # Tag with local image repo. docker tag ${astraImage} ${REGISTRY}/${astraImage} # Push to the local repo. docker push ${REGISTRY}/${astraImage} done播客:
export REGISTRY=[Registry_path] for astraImageFile in $(ls images/*.tar) ; do # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: ' astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image(s): //') astraImage=$(echo ${astraImage} | sed 's!localhost/!!') # Tag with local image repo. podman tag ${astraImage} ${REGISTRY}/${astraImage} # Push to the local repo. podman push ${REGISTRY}/${astraImage} done -
为具有身份验证要求的注册表设置命名空间和密钥
-
如果您使用的注册表需要身份验证,则需要执行以下操作:
-
创建
NetApp-Acc-operator命名空间:kubectl create ns netapp-acc-operator
响应:
namespace/netapp-acc-operator created
-
为
NetApp-Acc-operator命名空间创建一个密钥。添加 Docker 信息并运行以下命令:kubectl create secret docker-registry astra-registry-cred -n netapp-acc-operator --docker-server=[your_registry_path] --docker-username=[username] --docker-password=[token]
响应示例:
secret/astra-registry-cred created
-
创建
NetApp-Accc(或自定义命名)命名空间。kubectl create ns [netapp-acc or custom namespace]
响应示例:
namespace/netapp-acc created
-
为
NetApp-Accc(或自定义命名)命名空间创建一个密钥。添加 Docker 信息并运行以下命令:kubectl create secret docker-registry astra-registry-cred -n [netapp-acc or custom namespace] --docker-server=[your_registry_path] --docker-username=[username] --docker-password=[token]
响应
secret/astra-registry-cred created
-
安装 Astra 控制中心操作员
-
编辑 Astra 控制中心操作员部署 YAML (
Astra_control_center_operator_deploy.yaml)以参考您的本地注册表和机密。vim astra_control_center_operator_deploy.yaml
-
如果您使用的注册表需要身份验证,请将默认行
imagePullSecs : []替换为以下内容:imagePullSecrets: - name: <name_of_secret_with_creds_to_local_registry>
-
将
Kube-RBAC 代理映像的 ` [yor_registry_path]` 更改为将映像推入的注册表路径 上一步。 -
将
Acc-operator-controller-manager映像的 ` [yor_registry_path]` 更改为在中推送映像的注册表路径 上一步。 -
(对于使用 Astra 数据存储预览版的安装)请参见有关的此已知问题描述 "存储类配置程序以及需要对 YAML 进行的其他更改"。
apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: acc-operator-controller-manager namespace: netapp-acc-operator spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: [your_registry_path]/kube-rbac-proxy:v4.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect command: - /manager env: - name: ACCOP_LOG_LEVEL value: "2" image: [your_registry_path]/acc-operator:[version x.y.z] imagePullPolicy: IfNotPresent imagePullSecrets: []
-
-
安装 Astra 控制中心操作员:
kubectl apply -f astra_control_center_operator_deploy.yaml
响应示例:
namespace/netapp-acc-operator created customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io created role.rbac.authorization.k8s.io/acc-operator-leader-election-role created clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role created clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader created clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role created rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding created configmap/acc-operator-manager-config created service/acc-operator-controller-manager-metrics-service created deployment.apps/acc-operator-controller-manager created
配置 Astra 控制中心
-
编辑 Astra 控制中心自定义资源( CR )文件(
Astra_control_center_min.yaml)以进行帐户, AutoSupport ,注册表和其他必要配置:
如果您的环境需要其他自定义设置,您可以使用 Astra_control_center.yaml作为替代 CR 。Astra_control_center_min.yaml是默认 CR ,适用于大多数安装。vim astra_control_center_min.yaml
首次部署 Astra 控制中心后,无法更改 CR 配置的属性。
如果您使用的注册表不需要授权,则必须删除 imageRegistry中的secret行,否则安装将失败。-
将 ` [yor_registry_path]` 更改为上一步中用于推送映像的注册表路径。
-
将
accountName字符串更改为要与帐户关联的名称。 -
将
astraAddress字符串更改为要在浏览器中使用的 FQDN 以访问 Astra 。请勿在此地址中使用http : //或https : //。复制此 FQDN 以在中使用 后续步骤。 -
将
email字符串更改为默认的初始管理员地址。复制此电子邮件地址以在中使用 后续步骤。 -
将 AutoSupport 的
已注册更改为false对于无 Internet 连接的站点,或者将已连接站点的true保留。 -
(可选)添加与帐户关联的用户的名字
firstName和姓氏lastName。您可以在用户界面中立即或稍后执行此步骤。 -
(可选)如果您的安装需要,请将
storageClass值更改为另一个 Astra Trident StorageClass 资源。 -
(对于使用 Astra 数据存储预览版的安装)请参见适用于的此已知问题描述 "需要进行的其他更改" 向 YAML 报告。
apiVersion: astra.netapp.io/v1 kind: AstraControlCenter metadata: name: astra spec: accountName: "Example" astraVersion: "ASTRA_VERSION" astraAddress: "astra.example.com" autoSupport: enrolled: true email: "[admin@example.com]" firstName: "SRE" lastName: "Admin" imageRegistry: name: "[your_registry_path]" secret: "astra-registry-cred" storageClass: "ontap-gold" -
完成 Astra 控制中心和操作员安装
-
如果您在上一步中尚未创建,请创建
NetApp-Accc(或自定义)命名空间:kubectl create ns [netapp-acc or custom namespace]
响应示例:
namespace/netapp-acc created
-
在
NetApp-Accc(或您的自定义)命名空间中安装 Astra Control Center :kubectl apply -f astra_control_center_min.yaml -n [netapp-acc or custom namespace]
响应示例:
astracontrolcenter.astra.netapp.io/astra created
验证系统状态
|
|
如果您更喜欢使用 OpenShift ,则可以使用同等的 oc 命令执行验证步骤。 |
-
验证是否已成功安装所有系统组件。
kubectl get pods -n [netapp-acc or custom namespace]
每个 POD 的状态应为
running。部署系统 Pod 可能需要几分钟的时间。响应示例:
NAME READY STATUS RESTARTS AGE acc-helm-repo-5f75c5f564-bzqmt 1/1 Running 0 11m activity-6b8f7cccb9-mlrn4 1/1 Running 0 9m2s api-token-authentication-6hznt 1/1 Running 0 8m50s api-token-authentication-qpfgb 1/1 Running 0 8m50s api-token-authentication-sqnb7 1/1 Running 0 8m50s asup-5578bbdd57-dxkbp 1/1 Running 0 9m3s authentication-56bff4f95d-mspmq 1/1 Running 0 7m31s bucketservice-6f7968b95d-9rrrl 1/1 Running 0 8m36s cert-manager-5f6cf4bc4b-82khn 1/1 Running 0 6m19s cert-manager-cainjector-76cf976458-sdrbc 1/1 Running 0 6m19s cert-manager-webhook-5b7896bfd8-2n45j 1/1 Running 0 6m19s cloud-extension-749d9f684c-8bdhq 1/1 Running 0 9m6s cloud-insights-service-7d58687d9-h5tzw 1/1 Running 2 8m56s composite-compute-968c79cb5-nv7l4 1/1 Running 0 9m11s composite-volume-7687569985-jg9gg 1/1 Running 0 8m33s credentials-5c9b75f4d6-nx9cz 1/1 Running 0 8m42s entitlement-6c96fd8b78-zt7f8 1/1 Running 0 8m28s features-5f7bfc9f68-gsjnl 1/1 Running 0 8m57s fluent-bit-ds-h88p7 1/1 Running 0 7m22s fluent-bit-ds-krhnj 1/1 Running 0 7m23s fluent-bit-ds-l5bjj 1/1 Running 0 7m22s fluent-bit-ds-lrclb 1/1 Running 0 7m23s fluent-bit-ds-s5t4n 1/1 Running 0 7m23s fluent-bit-ds-zpr6v 1/1 Running 0 7m22s graphql-server-5f5976f4bd-vbb4z 1/1 Running 0 7m13s identity-56f78b8f9f-8h9p9 1/1 Running 0 8m29s influxdb2-0 1/1 Running 0 11m krakend-6f8d995b4d-5khkl 1/1 Running 0 7m7s license-5b5db87c97-jmxzc 1/1 Running 0 9m login-ui-57b57c74b8-6xtv7 1/1 Running 0 7m10s loki-0 1/1 Running 0 11m monitoring-operator-9dbc9c76d-8znck 2/2 Running 0 7m33s nats-0 1/1 Running 0 11m nats-1 1/1 Running 0 10m nats-2 1/1 Running 0 10m nautilus-6b9d88bc86-h8kfb 1/1 Running 0 8m6s nautilus-6b9d88bc86-vn68r 1/1 Running 0 8m35s openapi-b87d77dd8-5dz9h 1/1 Running 0 9m7s polaris-consul-consul-5ljfb 1/1 Running 0 11m polaris-consul-consul-s5d5z 1/1 Running 0 11m polaris-consul-consul-server-0 1/1 Running 0 11m polaris-consul-consul-server-1 1/1 Running 0 11m polaris-consul-consul-server-2 1/1 Running 0 11m polaris-consul-consul-twmpq 1/1 Running 0 11m polaris-mongodb-0 2/2 Running 0 11m polaris-mongodb-1 2/2 Running 0 10m polaris-mongodb-2 2/2 Running 0 10m polaris-ui-84dc87847f-zrg8w 1/1 Running 0 7m12s polaris-vault-0 1/1 Running 0 11m polaris-vault-1 1/1 Running 0 11m polaris-vault-2 1/1 Running 0 11m public-metrics-657698b66f-67pgt 1/1 Running 0 8m47s storage-backend-metrics-6848b9fd87-w7x8r 1/1 Running 0 8m39s storage-provider-5ff5868cd5-r9hj7 1/1 Running 0 8m45s telegraf-ds-dw4hg 1/1 Running 0 7m23s telegraf-ds-k92gn 1/1 Running 0 7m23s telegraf-ds-mmxjl 1/1 Running 0 7m23s telegraf-ds-nhs8s 1/1 Running 0 7m23s telegraf-ds-rj7lw 1/1 Running 0 7m23s telegraf-ds-tqrkb 1/1 Running 0 7m23s telegraf-rs-9mwgj 1/1 Running 0 7m23s telemetry-service-56c49d689b-ffrzx 1/1 Running 0 8m42s tenancy-767c77fb9d-g9ctv 1/1 Running 0 8m52s traefik-5857d87f85-7pmx8 1/1 Running 0 6m49s traefik-5857d87f85-cpxgv 1/1 Running 0 5m34s traefik-5857d87f85-lvmlb 1/1 Running 0 4m33s traefik-5857d87f85-t2xlk 1/1 Running 0 4m33s traefik-5857d87f85-v9wpf 1/1 Running 0 7m3s trident-svc-595f84dd78-zb8l6 1/1 Running 0 8m54s vault-controller-86c94fbf4f-krttq 1/1 Running 0 9m24s
-
(可选)为确保安装完成,您可以使用以下命令查看
Acc-operator日志。kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f
-
当所有 Pod 运行时,通过检索 Astra 控制中心操作员安装的
AstraControlCenter实例来验证安装是否成功。kubectl get acc -o yaml -n [netapp-acc or custom namespace]
-
s响应中的 tatus.deploymentStateD字段,查看eploy 值。如果部署失败,则会显示一条错误消息。
您将在下一步中使用 uuid。name: astra namespace: netapp-acc resourceVersion: "104424560" selfLink: /apis/astra.netapp.io/v1/namespaces/netapp-acc/astracontrolcenters/astra uid: 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f spec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin status: accConditionHistory: items: - astraVersion: 21.12.60 condition: lastTransitionTime: "2021-11-23T02:23:59Z" message: Deploying is currently in progress. reason: InProgress status: "False" type: Ready generation: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin timestamp: "2021-11-23T02:23:59Z" - astraVersion: 21.12.60 condition: lastTransitionTime: "2021-11-23T02:23:59Z" message: Deploying is currently in progress. reason: InProgress status: "True" type: Deploying generation: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin timestamp: "2021-11-23T02:23:59Z" - astraVersion: 21.12.60 condition: lastTransitionTime: "2021-11-23T02:29:41Z" message: Post Install was successful observedGeneration: 2 reason: Complete status: "True" type: PostInstallComplete generation: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin timestamp: "2021-11-23T02:29:41Z" - astraVersion: 21.12.60 condition: lastTransitionTime: "2021-11-23T02:29:41Z" message: Deploying succeeded. reason: Complete status: "False" type: Deploying generation: 2 observedGeneration: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin observedVersion: 21.12.60 timestamp: "2021-11-23T02:29:41Z" - astraVersion: 21.12.60 condition: lastTransitionTime: "2021-11-23T02:29:41Z" message: Astra is deployed reason: Complete status: "True" type: Deployed generation: 2 observedGeneration: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin observedVersion: 21.12.60 timestamp: "2021-11-23T02:29:41Z" - astraVersion: 21.12.60 condition: lastTransitionTime: "2021-11-23T02:29:41Z" message: Astra is deployed reason: Complete status: "True" type: Ready generation: 2 observedGeneration: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin observedVersion: 21.12.60 timestamp: "2021-11-23T02:29:41Z" certManager: deploy cluster: type: OCP vendorVersion: 4.7.5 version: v1.20.0+bafe72f conditions: - lastTransitionTime: "2021-12-08T16:19:55Z" message: Astra is deployed reason: Complete status: "True" type: Ready - lastTransitionTime: "2021-12-08T16:19:55Z" message: Deploying succeeded. reason: Complete status: "False" type: Deploying - lastTransitionTime: "2021-12-08T16:19:53Z" message: Post Install was successful observedGeneration: 2 reason: Complete status: "True" type: PostInstallComplete - lastTransitionTime: "2021-12-08T16:19:55Z" message: Astra is deployed reason: Complete status: "True" type: Deployed deploymentState: Deployed observedGeneration: 2 observedSpec: accountName: Example astraAddress: astra.example.com astraVersion: 21.12.60 autoSupport: enrolled: true url: https://support.netapp.com/asupprod/post/1.0/postAsup crds: {} email: admin@example.com firstName: SRE imageRegistry: name: registry_name/astra secret: astra-registry-cred lastName: Admin observedVersion: 21.12.60 postInstall: Complete uuid: 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f kind: List metadata: resourceVersion: "" selfLink: "" -
要获取登录到 Astra 控制中心时要使用的一次性密码,请从上一步的响应中复制
status.uuid值。密码为Acc-,后跟 UUID 值(Acc-[UUUUUID]或在本示例中为Acc-c49008a5-4ef1-4c5d-a53e-830daf994116)。
登录到 Astra 控制中心 UI
安装 Astra 控制中心后,您将更改默认管理员的密码并登录到 Astra 控制中心 UI 信息板。
步骤
-
在浏览器中,输入在
Astra_control_center_min.YAMLCR when 的AstraAddress中使用的 FQDN 您安装了 Astra 控制中心。 -
出现提示时接受自签名证书。
您可以在登录后创建自定义证书。 -
在 Astra Control Center 登录页面上,在
Astra_control_center_min.yamlCR when 中输入您用于email的值 您安装了 Astra 控制中心,后跟一次性密码(Acc-UUID)。
如果您输入的密码三次不正确,管理员帐户将锁定 15 分钟。 -
选择 * 登录 * 。
-
根据提示更改密码。
如果您是首次登录,但忘记了密码,并且尚未创建任何其他管理用户帐户,请联系 NetApp 支持部门以获得密码恢复帮助。 -
(可选)删除现有自签名 TLS 证书并将其替换为 "由证书颁发机构( CA )签名的自定义 TLS 证书"。
对安装进行故障排除
如果任何服务处于 Error 状态,您可以检查日志。查找 400 到 500 范围内的 API 响应代码。这些信息表示发生故障的位置。
步骤
-
要检查 Astra 控制中心操作员日志,请输入以下内容:
kubectl logs --follow -n netapp-acc-operator $(kubectl get pods -n netapp-acc-operator -o name) -c manager
下一步行动
执行以完成部署 "设置任务"。