- Notes, cautions, and warnings
- Revision history
- About using this guide
- Overview
- Getting Started with ObjectScale
- IAM accounts and account entities
- Introduction to Identity and Access Management
- Accounts
- New Accounts
- View the summary of an account
- Edit Account
- Enable or Disable an Account
- Delete an account
- Users
- Groups
- Roles
- Policies
- Create a new customer-managed policy
- Edit a customer-managed policy
- Delete a customer-managed policy
- Attach a policy to an account entity
- Detach a policy from an account entity
- Attach a permission boundary to an account entity
- Detach a permission boundary from an account entity
- Actions in IAM Policy
- Principal types in IAM Policies
- Identity Provider
- Root Access Keys
- Notification Destinations
- Object stores
- About ObjectScale object stores
- Creating a new object store
- Edit the settings of an object store
- Delete an object store
- View the Summary of an object store
- View the Dashboard of an Object Store
- Understand object store space reclamation
- Set capacity alerts for an object store
- Add additional accounts to an object store
- Edit an account values for an object store
- Remove an account from an object store
- View the certificates for an object store
- Monitor and manage replication for an object store
- View the health of an object store
- Metrics
- Buckets
- About ObjectScale buckets
- Create a bucket
- Edit a bucket
- View the summary of a bucket
- Delete a bucket
- Configure Bucket Logging
- About bucket policies
- Setting up bucket event notifications
- View the Bucket Summary
- Managing Bucket Replication
- Federate ObjectScale Systems
- ObjectScale Replication
- Platform settings
- Management Users and Roles in ObjectScale
- Authentication Providers in ObjectScale Software Bundle
- ObjectScale Administration
- About the Administration section of the ObjectScale Portal
- Installing and maintaining the health of ObjectScale
- Licensing ObjectScale
- System support
- SAML Service Provider Metadata
- Manage ObjectScale Certificates
- Security settings
- Active sessions
- ObjectScale Upgrades
- ObjectScale 1.3 upgrade considerations
- Upgrade ObjectScale on OpenShift
- Upgrade Considerations for OpenShift Container Platform from 4.12 to 4.13
- Prerequisites for OpenShift Container Platform Upgrade from 4.12 to 4.13
- Upgrade Procedure for OpenShift Container Platform from 4.12 to 4.13
- Upgrade ObjectScale on Software Bundle
- Upgrade ObjectScale on Appliance
- Troubleshooting Object store upgrade status in progress after failed node repair
- ObjectScale Management REST API
- Accessing data with IAM and S3
- ObjectScale IAM overview
- Amazon S3 API support in ObjectScale
- Alerts
- About ObjectScale instance event and issue monitoring
- Monitoring Events, Audits, and Alerts
- CSI-01
- CSI-03
- CSI-05
- DECKS-HC-1000
- DECKS-LIC-1002
- DECKS-LIC-1005
- DECKS-LIC-1006
- DECKS-LIC-1008
- DECKS-LIC-1011
- DECKS-SA-1023
- DECKS-SA-1024
- KAHM-HC-1000
- OBJSC-CO-0000
- OBJSC-CO-0001
- OBJSC-CO-0002
- OBJSC-CO-0003
- OBJSC-CO-0004
- NVMF-1389
- NVMF-1390
- NVMF-1393
- NVMF-1395
- NVMF-1396
- OBJPRECHK-2000
- OBJPRECHK-2001
- OBJPRECHK-2002
- OBJPRECHK-2003
- OBJPRECHK-2004
- OBJPRECHK-2005
- OBJPRECHK-2006
- OBJPRECHK-2007
- OBJPRECHK-2008
- OBJPRECHK-2009
- OBJPRECHK-2010
- OBJPSTCHK-3000
- OBJPSTCHK-3001
- OBJPSTCHK-3002
- OBJPSTCHK-3003
- OBJSC-FED-1001
- OBJSC-IAM-1004
- OBJSC-LIC-0004
- OBJSC-MGR-3000
- OBJSC-MGR-HC-1000
- OBJSC-MON-1111
- OBJSC-MON-1112
- OBJSC-MON-1113
- OBJSC-MON-3002
- OBJSC-MON-3003
- OBJSC-MON-4019
- OBJSC-MON-4020
- OBJSC-MON-4021
- OBJSC-MON-4022
- OBJSC-MON-4025
- OBJSC-MON-4028
- OBJSC-SP-0000
- OBJSC-SP-0001
- OBJSC-SP-0002
- OBJSC-SP-0003
- OBJSC-SP-0004
- OBJSC-TARGET-01
- OBJSOP-1000
- OBJSOP-1001
- OBJSOP-1002
- OBJSOP-1003
- OBJSOP-1004
- OBJSOP-1005
- OBJSOP-1006
- OBJSOP-2001
- OBJSOP-2002
- OBJST-1006
- OBJST-1008
- OBJST-12001
- OBJST-12003
- OBJST-12004
- OBJST-12005
- OBJST-12006
- OBJST-12007
- OBJST-12008
- OBJST-12010
- OBJST-12011
- OBJST-13000
- OBJST-13001
- OBJST-13002
- OBJST-13003
- OBJST-13004
- OBJST-13005
- OBJST-13006
- OBJST-13007
- OBJST-13008
- OBJST-13009
- OBJST-13010
- OBJST-13011
- OBJSTEPUPD-4000
- OBJSTEPUPD-4001
- OBJSTEPUPD-4002
- OBJSTEPUPD-4003
- OBJSTEPUPD-4004
- OBJSTEPUPD-4005
- OBJSTEPUPD–4006
- OBJSTEPUPD–4007
- OBJSTEPUPD–4008
- OBJST-1320
- OBJST-1321
- OBJST-1324
- OBJST-1325
- OBJST-1328
- OBJST-1329
- OBJST-1332
- OBJST-1333
- OBJST-1336
- OBJST-1337
- OBJST-1340
- OBJST-1341
- OBJST-1344
- OBJST-1345
- OBJST-1352
- OBJST-1354
- OBJST-1364
- OBJST-1365
- OBJST-1366
- OBJST-1389
- OBJST-1390
- OBJST-1392
- OBJST-1600
- OBJST-1601
- OBJST-1602
- OBJST-1603
- OBJST-1604
- OBJST-1605
- OBJST-1700
- OBJST-1701
- OBJST-2100
- OBJST-2101
- OBJST-MON-4016
- OBJST-MON-4019
- OBJST-MON-4020
- OBJSTORE-HC-1000
- OBJUPD-1000
- SNMPNOTI-1000
- TEST TRAP
- Metrics for ObjectScale and object stores
- Maintain ObjectScale
- About ObjectScale service procedures
- About ObjectScale capacity expansion procedures
- About ObjectScale maintenance modes
- Maintenance mode in ObjectScale on OpenShift
- Place a node into temporary maintenance mode (ObjectScale on OpenShift)
- Remove a node from temporary maintenance mode (ObjectScale on OpenShift)
- Place a healthy node into permanent maintenance mode (ObjectScale on OpenShift)
- Place a failed node into permanent maintenance mode (ObjectScale on OpenShift)
- Temporary maintenance mode for ObjectScale Software Bundle
- Maintenance mode in ObjectScale on Appliance
- Disk replacement service procedure
- Perform a node replacement service procedure (ObjectScale on OpenShift)
- Add a node (ObjectScale Software Bundle)
- Remove a node (ObjectScale Software Bundle)
- Prepare a failed node for node hardware or software maintenance (ObjectScale Software Bundle)
- Prepare a healthy node for node hardware or software maintenance (ObjectScale Software Bundle)
- Replace a healthy node within the ObjectScale Software Bundle
- Replace a failed node within the ObjectScale Software Bundle
- Add a node (ObjectScale Appliance)
- Node Replacement on ObjectScale Appliance
- Node Repair on ObjectScale Appliance
- Failed Node Repair on ObjectScale Appliance
- View service procedure status
- Updating iDRAC IPs Using Server Patch API for ObjectScale Appliance
- Shutting Down and Restarting ObjectScale
- About ObjectScale service procedures
Dell ObjectScale 1.3 Administration Guide
Prepare a healthy node for node hardware or software maintenance (ObjectScale Software Bundle)
Follow this Node Reparation procedure to repair a healthy node to fix a system disk, issues with node hardware or software, or upgrade the node Operating System.
Steps
-
The ObjectScale Software Bundle CMO Platform Manager APIs require a keycloak token to authenticate the requests for cluster management tasks.
The ObjectScale Software Bundle contains a CMO Platform Manager running on Kubernetes within the cluster that is used to request cluster management tasks, like service procedures.
-
Collect the keycloak account information from the secret:
export KEYCLOAK_USER=$(kubectl get secret keycloak-pm-auth-info -n cmo -o json | jq -r '.data["keycloak-username"]' | base64 --decode) export KEYCLOAK_PASSWORD=$(kubectl get secret keycloak-pm-auth-info -n cmo -o json | jq -r '.data["keycloak-password"]' | base64 --decode) export KEYCLOAK_REALM=$(kubectl get secret keycloak-pm-auth-info -n cmo -o json | jq -r '.data["keycloak-realm"]' | base64 --decode) export KEYCLOAK_CLIENT=$(kubectl get secret keycloak-pm-auth-info -n cmo -o json | jq -r '.data["keycloak-client"]' | base64 --decode) export KEYCLOAK_CLIENT_SECRET=$(kubectl get secret keycloak-pm-auth-info -n cmo -o json | jq -r '.data["keycloak-credentials-secret"]' | base64 --decode)
-
Set an environment variable for the access token:
export TOKEN=$(curl -L -X POST https://keycloak-http.atlantic/auth/realms/$KEYCLOAK_REALM/protocol/openid-connect/token -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode client_id=$KEYCLOAK_CLIENT --data-urlencode 'grant_type=password' --data-urlencode client_secret=$KEYCLOAK_CLIENT_SECRET --data-urlencode 'scope=openid' --data-urlencode username=$KEYCLOAK_USER --data-urlencode password=$KEYCLOAK_PASSWORD | jq -r '.access_token')
-
Collect the keycloak account information from the secret:
-
Collect the IP address of the CMO Platform Manager.
kubectl get services -n cmo platform-manager -o jsonpath='{.spec.clusterIP}' -
Apply a taint to the node to be placed into ObjectScale temporary maintenance mode:
kubectl taint node <NODE_NAME> node.dell.com/drain=planned-downtime:NoSchedule
-
Verify that the PHASE of the cluster now displays
Maintenance.
kubectl -n <OBJECTSCALE_NAMESPACE> get ecs-cluster
NAME PHASE READY COMPONENTS S3 ENDPOINT MGMT API ecs-cluster Maintenance 22/23 10.236.228.53:443 10.236.228.52:4443
The ObjectScale Portal UI shows the object store status as Maintenance.
-
Once the taint has been applied to a node, the ObjectScale Operator creates the ObjectScale TMM service procedure. Retrieve the list of service procedures and locate the TMM service procedure with
tmm- prefixed to the service procedure name:
kubectl -n <OBJECTSCALE_NAMESPACE> get serviceprocedures
NOTE:To obtain details about a service procedure, including its status, use:kubectl -n <OBJECTSCALE_NAMESPACE> describe serviceprocedures <SP_NAME>
NOTE:Do not delete the service procedure while it is running. -
Monitor the status of the service procedure with the following command:
while true; do kubectl -n <OBJECTSCALE_NAMESPACE> get serviceprocedures -o custom-columns=Name:metadata.name,Node:spec.nodeInfo.name,Type:spec.type,Time:metadata.managedFields[0].time,Reason:status.reason,Message:status.message; echo; sleep 5; done
The service procedure transitions through various phases as it progresses. The Reason value for the TMM service procedure should progress from NotStarted, In Progress, PostCheck, Waiting, and finally to Success. A reason of Success or Waiting indicates that the service procedure has completed without error, and the node is now in TMM.
-
Next, place the node into maintenance mode within the CMO Platform within the ObjectScale Software Bundle.
kubectl cordon <NODE_NAME>
-
Safely evict all your pods from the node:
kubectl drain <NODE_NAME> --ignore-daemonsets --delete-emptydir-data --force
For example:
# kubectl drain hostname6 --ignore-daemonsets --delete-emptydir-data --force WAINING: ignoring DaemonSet-managed Pods: cmo/metallb-speaker-ggrkq, cmo/whereabout-whereabouts-58dss, calico-system/calico-node-8rmcp, default/csi-baremetal-node-9wg5w, kube-system/rke2-ingress-nginx-controller-zvbnw, kube-system/rke2-multus-ds-5bv2x evicting pod cmo/decks-support-store-0 pod/decks-support-store-0 evicted node/hostname6 drained
-
Verify the status of the drained node:
kubectl get node <NODE_NAME>
For example:
# kubectl get node hostname6 NAME STATUS ROLES AGE VERSION hostname14 Ready,SchedulingDisabled <none> 6d19h v1.24.7+rke2r1
-
Verify that all CMO component pods have been rescheduled to the other nodes.
kubectl get pod -n cmo | grep Pending
- Verify the ObjectScale Portal UI shows that the node has entered TMM by reviewing the tab.
-
Create the
scaledown.json with the details of the node that you are removing from the ObjectScale Software Bundle cluster.
Place this JSON payload in a controlplane node where you are going to perform the scale down of the node.
{ "hosts": [{ "hostname": "<NODE_HOSTNAME>" }], "remove_os_packages": "false" } -
Scale down the node using the CMO Platform Manager scale down API.
NOTE: If the node is unreachable (the logs read "Unreachable=1"), a scale down operation would report failure, even though the scale down happens successfully.
curl --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --request DELETE --data @scaledown.json https://<CMO_PLATFORM_MANAGER_IP>/v3/clusters/nodes -v -k | json_pp
For example:...... { "created_at" : "2023-04-15T11:35:35Z", "completed_tasks" : 0, "total_tasks" : 273, "recap" : { "hosts" : {} }, "id" : "ac2324c5-0112-45f3-83e9-4f018d24ca57", "link" : { "href" : "https://0.0.0.0:8080/v1/status/ac2324c5-0112-45f3-83e9-4f018d24ca57", "rel" : "self" }, "logs" : "", "state" : "created", "updated_at" : "2023-04-15T11:35:36Z", "playbook_id" : "remove-node" } -
Collect the
"id" value from the returned output. You will use this value in the next step.
For previous example, the "id" value is ac2324c5-0112-45f3-83e9-4f018d24ca57.
-
After performing the scale down API, check the status of the operation through the API below:
NOTE:The CMO Platform Manager TOKEN may expire, and be refreshed by running:
export TOKEN=$(curl -L -X POST https://keycloak-http.atlantic/auth/realms/$KEYCLOAK_REALM/protocol/openid-connect/token -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode client_id=$KEYCLOAK_CLIENT --data-urlencode 'grant_type=password' --data-urlencode client_secret=$KEYCLOAK_CLIENT_SECRET --data-urlencode 'scope=openid' --data-urlencode username=$KEYCLOAK_USER --data-urlencode password=$KEYCLOAK_PASSWORD | jq -r '.access_token')
curl --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --request GET https://<CMO_PLATFORM_MANAGER_IP>/v1/status/<ID> -k | jq
When the operation is finished, the operation "state" is marked as "complete".NOTE:In certain situations, the status may show as Failed when the failure node was removed successfully. Check the node status. -
Confirm that the node has been removed from the node list.
kubectl get node
- Perform any necessary maintenance on the node.
-
On the node, create the
scaleup.json file with the necessary details for the node.
NOTE:When a node is added to a cluster, a situation may occur whereby the /etc/hosts file for the added node is not updated correctly, which causes issues when the cluster is upgraded. To avoid failures during the upgrade process, perform the following steps after adding a node:
-
Retrieve the helmrepo service IP address.
kubectl -n cmo get svc helmrepo
For example:kubectl -n cmo get svc helmrepo NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE helmrepo ClusterIP 172.43.174.187 <none> 30036/TCP 12d
-
Add an entry for the service to the /etc/hosts file of the added node. For example:
<CLUSTER_IP> helmrepo
For example:172.43.174.187 helmrepo
Place this JSON payload in the node where we are going to perform the scale up of the node.{ "credentials": [{ "name": "<HOSTNAME>", "type": "password", "password": "<PASSWORD>" }], "hosts": [{ "hostname": "<NODE_HOSTNAME>", "managementhost": "<HOST_IP>", "kuberneteshost": "<HOST_IP>", "hostCredentials": "<HOST_CREDS>", "topology": { "role": "controlplane" or "worker" } }] }For example:{ "credentials": [{ "name": "mykey1", "type": "password", "password": "ChangeMe" }], "hosts": [{ "hostname": "hostname6", "managementhost": "10.236.227.213", "kuberneteshost": "10.236.227.213", "hostCredentials": "mykey1", "topology": { "role": "controlplane" } }] } -
-
Call the CMO Platform Manager API to initiate the scaling-up operation.
Run this command from the directory where the scaleup.json file exists.
curl --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --request POST --data @scaleup.json https://<CMO_PLATFORM_MANAGER_IP>/v3/clusters/nodes -v -k | json_pp
For example:curl --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --request POST --data @scaleup.json https://10.43.78.77:7070/v3/clusters/nodes -v -k | json_pp ...... { "created_at" : "2023-04-15T11:35:35Z", "completed_tasks" : 0, "total_tasks" : 273, "recap" : { "hosts" : {} }, "id" : "286bdb32-ff07-4e46-947e-e4c9e9b98338", "link" : { "href" : "https://0.0.0.0:8080/v1/status/286bdb32-ff07-4e46-947e-e4c9e9b98338", "rel" : "self" }, "logs" : "", "state" : "created", "updated_at" : "2023-04-15T11:35:36Z", "playbook_id" : "scale" } -
Collect the
"id" value from the returned output. You will use this value in the next step.
For previous example, the "id" value is 286bdb32-ff07-4e46-947e-e4c9e9b98338.
-
After performing the scale up API, check the status of the operation:
NOTE:The CMO Platform Manager TOKEN may expire, and need to be refreshed by running:
export TOKEN=$(curl -L -X POST https://keycloak-http.atlantic/auth/realms/$KEYCLOAK_REALM/protocol/openid-connect/token -H 'Content-Type: application/x-www-form-urlencoded' --data-urlencode client_id=$KEYCLOAK_CLIENT --data-urlencode 'grant_type=password' --data-urlencode client_secret=$KEYCLOAK_CLIENT_SECRET --data-urlencode 'scope=openid' --data-urlencode username=$KEYCLOAK_USER --data-urlencode password=$KEYCLOAK_PASSWORD | jq -r '.access_token')
curl --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --request GET https://<CMO_PLATFORM_MANAGER_IP>/v1/status/<ID> -k | jq
When the operation is finished, the operation "state" is marked as "complete".
-
Confirm that the new node appears in the node list.
kubectl get node
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\