Astra Trident總覽
Astra Trident是開放原始碼且完全支援的儲存協調工具、適用於Container和Kubernetes配送、包括Red Hat OpenShift。Trident可搭配整個NetApp儲存產品組合(包括NetApp ONTAP 的整套和Element儲存系統)使用、也支援NFS和iSCSI連線。Trident可讓終端使用者從NetApp儲存系統配置及管理儲存設備、而無需儲存管理員介入、進而加速DevOps工作流程。
系統管理員可根據專案需求和儲存系統模型來設定多個儲存後端、以啟用進階儲存功能、包括壓縮、特定磁碟類型或QoS層級、以保證特定層級的效能。定義後端後端之後、開發人員可在專案中使用這些後端來建立持續磁碟區宣告(PVCS)、並視需要將持續儲存附加至容器。
Astra Trident的開發週期很快、就像Kubernetes一樣、每年發行四次。
最新版的Astra Trident於2022年1月推出22.01版。支援對照表、顯示哪些版本的Trident已通過測試、可找到Kubernetes經銷產品 "請按這裡"。
從20.04版本開始、Trident設定由Trident操作員執行。營運者讓大規模部署變得更簡單、並提供額外支援、包括在Trident安裝過程中部署的Pod自我修復。
有了21.01版、我們提供了Helm圖表、方便您安裝Trident操作員。
下載Astra Trident
若要在已部署的使用者叢集上安裝Trident並佈建持續磁碟區、請完成下列步驟:
-
將安裝歸檔檔案下載至管理工作站、並擷取內容。目前的Trident版本為22.01、可下載 "請按這裡"。
[netapp-user@rhel7 ~]$ wget https://github.com/NetApp/trident/releases/download/v22.01.0/trident-installer-22.01.0.tar.gz --2021-05-06 15:17:30-- https://github.com/NetApp/trident/releases/download/v22.01.0/trident-installer-22.01.0.tar.gz Resolving github.com (github.com)... 140.82.114.3 Connecting to github.com (github.com)|140.82.114.3|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://github-releases.githubusercontent.com/77179634/a4fa9f00-a9f2-11eb-9053-98e8e573d4ae?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210506T191643Z&X-Amz-Expires=300&X-Amz-Signature=8a49a2a1e08c147d1ddd8149ce45a5714f9853fee19bb1c507989b9543eb3630&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=77179634&response-content-disposition=attachment%3B%20filename%3Dtrident-installer-22.01.0.tar.gz&response-content-type=application%2Foctet-stream [following] --2021-05-06 15:17:30-- https://github-releases.githubusercontent.com/77179634/a4fa9f00-a9f2-11eb-9053-98e8e573d4ae?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210506T191643Z&X-Amz-Expires=300&X-Amz-Signature=8a49a2a1e08c147d1ddd8149ce45a5714f9853fee19bb1c507989b9543eb3630&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=77179634&response-content-disposition=attachment%3B%20filename%3Dtrident-installer-22.01.0.tar.gz&response-content-type=application%2Foctet-stream Resolving github-releases.githubusercontent.com (github-releases.githubusercontent.com)... 185.199.108.154, 185.199.109.154, 185.199.110.154, ... Connecting to github-releases.githubusercontent.com (github-releases.githubusercontent.com)|185.199.108.154|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 38349341 (37M) [application/octet-stream] Saving to: ‘trident-installer-22.01.0.tar.gz’ 100%[==================================================================================================================>] 38,349,341 88.5MB/s in 0.4s 2021-05-06 15:17:30 (88.5 MB/s) - ‘trident-installer-22.01.0.tar.gz’ saved [38349341/38349341]
-
從下載的套裝組合中擷取Trident安裝。
[netapp-user@rhel7 ~]$ tar -xzf trident-installer-22.01.0.tar.gz [netapp-user@rhel7 ~]$ cd trident-installer/ [netapp-user@rhel7 trident-installer]$
使用Helm安裝Trident運算子
-
首先將使用者叢集的「kubeconfig」檔案位置設定為環境變數、這樣您就不需要參考它、因為Trident沒有傳遞此檔案的選項。
[netapp-user@rhel7 trident-installer]$ export KUBECONFIG=~/ocp-install/auth/kubeconfig
-
在使用者叢集中建立Trident命名空間時、請執行Helm命令、從Lm目錄的tar安裝Trident運算子。
[netapp-user@rhel7 trident-installer]$ helm install trident helm/trident-operator-22.01.0.tgz --create-namespace --namespace trident NAME: trident LAST DEPLOYED: Fri May 7 12:54:25 2021 NAMESPACE: trident STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Thank you for installing trident-operator, which will deploy and manage NetApp's Trident CSI storage provisioner for Kubernetes. Your release is named 'trident' and is installed into the 'trident' namespace. Please note that there must be only one instance of Trident (and trident-operator) in a Kubernetes cluster. To configure Trident to manage storage resources, you will need a copy of tridentctl, which is available in pre-packaged Trident releases. You may find all Trident releases and source code online at https://github.com/NetApp/trident. To learn more about the release, try: $ helm status trident $ helm get all trident
-
您可以檢查在命名空間中執行的Pod、或使用tridentctl二進位檔檢查安裝的版本、以驗證Trident是否已成功安裝。
[netapp-user@rhel7 trident-installer]$ oc get pods -n trident NAME READY STATUS RESTARTS AGE trident-csi-5z45l 1/2 Running 2 30s trident-csi-696b685cf8-htdb2 6/6 Running 0 30s trident-csi-b74p2 2/2 Running 0 30s trident-csi-lrw4n 2/2 Running 0 30s trident-operator-7c748d957-gr2gw 1/1 Running 0 36s [netapp-user@rhel7 trident-installer]$ ./tridentctl -n trident version +----------------+----------------+ | SERVER VERSION | CLIENT VERSION | +----------------+----------------+ | 22.01.0 | 22.01.0 | +----------------+----------------+
在某些情況下、客戶環境可能需要自訂Trident部署。在這些情況下、您也可以手動安裝Trident運算子、並更新隨附的資訊清單、以自訂部署。 |
手動安裝Trident運算子
-
首先、將使用者叢集的「kubeconfig」檔案位置設定為環境變數、這樣您就不需要參考、因為Trident沒有傳遞此檔案的選項。
[netapp-user@rhel7 trident-installer]$ export KUBECONFIG=~/ocp-install/auth/kubeconfig
-
「Trident安裝程式」目錄包含定義所有必要資源的資訊清單。使用適當的資訊清單、建立「TridentOrchestrator」自訂資源定義。
[netapp-user@rhel7 trident-installer]$ oc create -f deploy/crds/trident.netapp.io_tridentorchestrators_crd_post1.16.yaml customresourcedefinition.apiextensions.k8s.io/tridentorchestrators.trident.netapp.io created
-
如果不存在、請使用提供的資訊清單、在叢集中建立Trident命名空間。
[netapp-user@rhel7 trident-installer]$ oc apply -f deploy/namespace.yaml namespace/trident created
-
建立Trident營運者部署所需的資源、例如營運者的「服務帳戶」、專屬的「PodSecurity Policy」、或營運者本身的「ClusterROLTE」和「ClusterROLESTBinding」。
[netapp-user@rhel7 trident-installer]$ oc create -f deploy/bundle.yaml serviceaccount/trident-operator created clusterrole.rbac.authorization.k8s.io/trident-operator created clusterrolebinding.rbac.authorization.k8s.io/trident-operator created deployment.apps/trident-operator created podsecuritypolicy.policy/tridentoperatorpods created
-
您可以使用下列命令來檢查部署後的操作員狀態:
[netapp-user@rhel7 trident-installer]$ oc get deployment -n trident NAME READY UP-TO-DATE AVAILABLE AGE trident-operator 1/1 1 1 23s [netapp-user@rhel7 trident-installer]$ oc get pods -n trident NAME READY STATUS RESTARTS AGE trident-operator-66f48895cc-lzczk 1/1 Running 0 41s
-
部署營運者之後、我們就可以使用它來安裝Trident。這需要建立「TridentOrchestrator」。
[netapp-user@rhel7 trident-installer]$ oc create -f deploy/crds/tridentorchestrator_cr.yaml tridentorchestrator.trident.netapp.io/trident created [netapp-user@rhel7 trident-installer]$ oc describe torc trident Name: trident Namespace: Labels: <none> Annotations: <none> API Version: trident.netapp.io/v1 Kind: TridentOrchestrator Metadata: Creation Timestamp: 2021-05-07T17:00:28Z Generation: 1 Managed Fields: API Version: trident.netapp.io/v1 Fields Type: FieldsV1 fieldsV1: f:spec: .: f:debug: f:namespace: Manager: kubectl-create Operation: Update Time: 2021-05-07T17:00:28Z API Version: trident.netapp.io/v1 Fields Type: FieldsV1 fieldsV1: f:status: .: f:currentInstallationParams: .: f:IPv6: f:autosupportHostname: f:autosupportimage: f:autosupportProxy: f:autosupportSerialNumber: f:debug: f:enableNodePrep: f:imagePullSecrets: f:imageRegistry: f:k8sTimeout: f:kubeletDir: f:logFormat: f:silenceAutosupport: f:tridentimage: f:message: f:namespace: f:status: f:version: Manager: trident-operator Operation: Update Time: 2021-05-07T17:00:28Z Resource Version: 931421 Self Link: /apis/trident.netapp.io/v1/tridentorchestrators/trident UID: 8a26a7a6-dde8-4d55-9b66-a7126754d81f Spec: Debug: true Namespace: trident Status: Current Installation Params: IPv6: false Autosupport Hostname: Autosupport image: netapp/trident-autosupport:21.01 Autosupport Proxy: Autosupport Serial Number: Debug: true Enable Node Prep: false Image Pull Secrets: Image Registry: k8sTimeout: 30 Kubelet Dir: /var/lib/kubelet Log Format: text Silence Autosupport: false Trident image: netapp/trident:22.01.0 Message: Trident installed Namespace: trident Status: Installed Version: v22.01.0 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Installing 80s trident-operator.netapp.io Installing Trident Normal Installed 68s trident-operator.netapp.io Trident installed
-
您可以檢查在命名空間中執行的Pod、或使用tridentctl二進位檔檢查安裝的版本、以驗證Trident是否已成功安裝。
[netapp-user@rhel7 trident-installer]$ oc get pods -n trident NAME READY STATUS RESTARTS AGE trident-csi-bb64c6cb4-lmd6h 6/6 Running 0 82s trident-csi-gn59q 2/2 Running 0 82s trident-csi-m4szj 2/2 Running 0 82s trident-csi-sb9k9 2/2 Running 0 82s trident-operator-66f48895cc-lzczk 1/1 Running 0 2m39s [netapp-user@rhel7 trident-installer]$ ./tridentctl -n trident version +----------------+----------------+ | SERVER VERSION | CLIENT VERSION | +----------------+----------------+ | 22.01.0 | 22.01.0 | +----------------+----------------+
準備工作節點以供儲存
NFS
大多數Kubernetes發佈版本都隨附套件和公用程式、可在預設情況下安裝NFS後端、包括Red Hat OpenShift。
不過、對於NFSv3、用戶端與伺服器之間沒有協調並行的機制。因此、用戶端SUNRPC插槽表項目的最大數量必須以伺服器上支援的值手動同步、以確保NFS連線的最佳效能、而無需伺服器減少連線的視窗大小。
對於支援的SUNRPC插槽表項目數量上限為128、亦即、支援的每次可同時處理128個NFS要求。ONTAP ONTAP不過、根據預設、每個連線的Red Hat CoreOS/Red Hat Enterprise Linux最多可有65536個SUNRPC插槽表項目。我們需要將此值設為128、這可透過OpenShift中的機器組態操作員(MCO)來完成。
若要修改OpenShift工作節點中的最大社工PC插槽表格項目、請完成下列步驟:
-
登入OCP網路主控台、然後瀏覽至「運算」>「機器組態」。按一下「Create Machine Config(建立機器組複製並貼上Yaml檔案、然後按一下「Create(建立)」。
apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: name: 98-worker-nfs-rpc-slot-tables labels: machineconfiguration.openshift.io/role: worker spec: config: ignition: version: 3.2.0 storage: files: - contents: source: data:text/plain;charset=utf-8;base64,b3B0aW9ucyBzdW5ycGMgdGNwX21heF9zbG90X3RhYmxlX2VudHJpZXM9MTI4Cg== filesystem: root mode: 420 path: /etc/modprobe.d/sunrpc.conf
-
建立MCO之後、必須在所有工作節點上套用組態、然後逐一重新開機。整個程序約需20至30分鐘。使用「oce Get MCP」確認是否套用機器組態、並確認已更新員工的機器組態集區。
[netapp-user@rhel7 openshift-deploy]$ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED master rendered-master-a520ae930e1d135e0dee7168 True False False worker rendered-worker-de321b36eeba62df41feb7bc True False False
iSCSI
若要準備工作節點、以便透過iSCSI傳輸協定對應區塊儲存磁碟區、您必須安裝必要的套件、才能支援該功能。
在Red Hat OpenShift中、這是在叢集部署之後、將MCO(機器組態操作員)套用至叢集來處理。
若要設定工作節點以執行iSCSI服務、請完成下列步驟:
-
登入OCP網路主控台、然後瀏覽至「運算」>「機器組態」。按一下「Create Machine Config(建立機器組複製並貼上Yaml檔案、然後按一下「Create(建立)」。
不使用多重路徑時:
apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: worker name: 99-worker-element-iscsi spec: config: ignition: version: 3.2.0 systemd: units: - name: iscsid.service enabled: true state: started osImageURL: ""
使用多重路徑時:
apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: name: 99-worker-ontap-iscsi labels: machineconfiguration.openshift.io/role: worker spec: config: ignition: version: 3.2.0 storage: files: - contents: source: data:text/plain;charset=utf-8;base64,ZGVmYXVsdHMgewogICAgICAgIHVzZXJfZnJpZW5kbHlfbmFtZXMgbm8KICAgICAgICBmaW5kX211bHRpcGF0aHMgbm8KfQoKYmxhY2tsaXN0X2V4Y2VwdGlvbnMgewogICAgICAgIHByb3BlcnR5ICIoU0NTSV9JREVOVF98SURfV1dOKSIKfQoKYmxhY2tsaXN0IHsKfQoK verification: {} filesystem: root mode: 400 path: /etc/multipath.conf systemd: units: - name: iscsid.service enabled: true state: started - name: multipathd.service enabled: true state: started osImageURL: ""
-
建立組態之後、將組態套用至工作節點並重新載入大約需要20到30分鐘的時間。使用「oce Get MCP」確認是否套用機器組態、並確認已更新員工的機器組態集區。您也可以登入工作者節點、確認iscsid服務正在執行(如果使用多重路徑、則多路徑服務正在執行)。
[netapp-user@rhel7 openshift-deploy]$ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED master rendered-master-a520ae930e1d135e0dee7168 True False False worker rendered-worker-de321b36eeba62df41feb7bc True False False [netapp-user@rhel7 openshift-deploy]$ ssh core@10.61.181.22 sudo systemctl status iscsid ● iscsid.service - Open-iSCSI Loaded: loaded (/usr/lib/systemd/system/iscsid.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2021-05-26 13:36:22 UTC; 3 min ago Docs: man:iscsid(8) man:iscsiadm(8) Main PID: 1242 (iscsid) Status: "Ready to process requests" Tasks: 1 Memory: 4.9M CPU: 9ms CGroup: /system.slice/iscsid.service └─1242 /usr/sbin/iscsid -f [netapp-user@rhel7 openshift-deploy]$ ssh core@10.61.181.22 sudo systemctl status multipathd ● multipathd.service - Device-Mapper Multipath Device Controller Loaded: loaded (/usr/lib/systemd/system/multipathd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-05-26 13:36:22 UTC; 3 min ago Main PID: 918 (multipathd) Status: "up" Tasks: 7 Memory: 13.7M CPU: 57ms CGroup: /system.slice/multipathd.service └─918 /sbin/multipathd -d -s
此外、您也可以使用適當的旗標來執行「occ偵錯」命令、確認機器組態已成功套用、服務已如預期般啟動。
建立儲存系統後端
完成Astra Trident操作員安裝之後、您必須為所使用的特定NetApp儲存平台設定後端。請依照下列連結繼續Astra Trident的設定與組態。