Dell ObjectScale Application 1.3.x Installation Guide for Red Hat OpenShift

(Optional) Verify downloaded files and the online image signatures pulled from DockerHub

When deploying ObjectScale, you can verify downloaded signature verification files and the image signatures of the software images to be pulled from DockerHub.

1. On a local Linux workstation, verify the signatures file.

   openssl dgst -sha256 -verify obs-public-1.3.0.pem -signature ./objectscale-signatures-1.3.0.tgz.signed.bin objectscale-signatures-1.3.0.tgz

   When successful, the signature validation returns Verified OK.
2. Expand the signature bundle files into a signatures subdirectory:
   1. Make a new subdirectory names signatures.

       mkdir signatures

   2. Expand the objectscale-signatures-1.3.0.tgz into this subdirectory.

      tar xvf objectscale-signatures-1.3.0.tgz -C signatures

      As an example, the output for the 1.3.0 ObjectScale release is shown:

      ./objectscale-images-1.3.0.tgz.02.signed.bin
      ./OBJECTSCALE_CE_30TB.xml.signed.bin
      ./objectscale-images-mgt-1.3.0.sh.signed.bin
      ./objectscale-images-1.3.0.tgz.05.signed.bin
      ./obs-public-1.3.0.pem.signed.bin
      ./objectscale-images-1.3.0.tgz.06.signed.bin
      ./objectscale-online-image-digests-1.3.0.txt.signed.bin
      ./dellemc-csi-helm-charts-1.3.0-121.2e006fb.tgz.signed.bin
      ./objectscale-verify-online-digests-1.3.0.sh.signed.bin
      ./objectscale-images-1.3.0.tgz.03.signed.bin
      ./objectscale-images-1.3.0.tgz.04.signed.bin
      ./objectscale-helm-charts-1.3.0.tgz.signed.bin
      ./objectscale-manifest-1.3.0.json.signed.bin
      ./objectscale-images-1.3.0.tgz.00.signed.bin
      ./objectscale-images-1.3.0.tgz.01.signed.bin

3. Verify the public key file:

   openssl dgst -sha256 -verify obs-public-1.3.0.pem -signature signatures/obs-public-1.3.0.pem.signed.bin obs-public-1.3.0.pem

   When successful, the signature validation returns Verified OK.
4. Once you have validated that the obs-public-1.3.0.pem is valid, you can use that file to verify each of the other downloaded files:

   openssl dgst -sha256 -verify obs-public-1.3.0.pem -signature signatures/<SIGNED.BIN_FILENAME> <DOWNLOADED_FILENAME>

   For example, to verify the OBJECTSCALE_CE_30TB.xml file, you would use the following command:

   openssl dgst -sha256 -verify obs-public-1.3.0.pem -signature signatures/OBJECTSCALE_CE_30TB.xml.signed.bin OBJS_FREE_30TB_5307094_18-Oct-2021.xml

   Repeat this process for all other downloaded files.

5. After verifying the downloaded files, including the public key, verify the image signatures of the software images to be pulled from DockerHub.
6. Create the netrc file with the required entries in the following format with your DockerHub username and password.

   machine auth.docker.io
   login <DOCKERHUB-USERNAME>
   password <PASSWORD>
   

7. Set perform permissions in the script:

   chmod +x objectscale-verify-online-digests-1.3.0.sh

8. Verify the images to be downloaded from DockerHub by running the command:

   ./objectscale-verify-online-digests-1.3.0.sh <netrc-file>

   When successful, the successful signature validation returns MATCHED.

   As an example, the command and output for the ObjectScale 1.3.0 release is shown:

   ./objectscale-verify-online-digests-1.3.0.sh netrc

   objectscale/atlas:2.0.1-24.gdc2ce0c - MATCHED
   objectscale/atlas-operator:1.1.0-215.196feb4 - MATCHED
   objectscale/csi-baremetal-node:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-node-kernel-5.4:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-controller:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-halmgr:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-basemgr:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-loopbackmgr:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-scheduler-extender:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-scheduler-patcher:1.3.0-648.59a295a - MATCHED
   objectscale/csi-baremetal-node-controller:1.3.0-648.59a295a - MATCHED
   objectscale/csi-provisioner:v3.1.0 - MATCHED
   objectscale/csi-node-driver-registrar:v2.5.0 - MATCHED
   objectscale/livenessprobe:v2.6.0 - MATCHED
   objectscale/csi-resizer:v1.4.0 - MATCHED
   objectscale/kube-scheduler:v0.23.10 - MATCHED
   objectscale/csi-baremetal-operator:1.3.0-121.2e006fb - MATCHED
   objectscale/csi-baremetal-pre-upgrade-crds:1.3.0-121.2e006fb - MATCHED
   objectscale/secondary-scheduler-operator:1.3.0-121.2e006fb - MATCHED
   objectscale/dcm:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/decks:3.0.2-406.31bbcb7 - MATCHED
   objectscale/supportassist-ese-notifier:3.0.2-406.31bbcb7 - MATCHED
   objectscale/ese-callback:3.0.2-406.31bbcb7 - MATCHED
   objectscale/decks-support-store:3.0.2-406.31bbcb7 - MATCHED
   objectscale/telemetry-upload:3.0.2-406.31bbcb7 - MATCHED
   objectscale/dell-supportassist-ese:3.0.2-406.31bbcb7 - MATCHED
   objectscale/base-service-tools:3.0.2-406.31bbcb7 - MATCHED
   objectscale/ecs-flex-graphql:1.3.0-1174.2e6d1085 - MATCHED
   objectscale/objectscale-portal:1.3.0-310.74d790a2 - MATCHED
   objectscale/fabric-proxy:1.3.1-53.0a30b8c - MATCHED
   objectscale/iamsvc:3.8.5.0-p3.139574.ac3145de1f6 - MATCHED
   objectscale/kahm:2.113.2-265.4a07fa1 - MATCHED
   objectscale/kahm-testapp:2.113.2-265.4a07fa1 - MATCHED
   objectscale/mock-notifier:2.113.2-265.4a07fa1 - MATCHED
   objectscale/snmp-notifier:2.113.2-265.4a07fa1 - MATCHED
   objectscale/management-gateway:1.3.0-388.a27f3b4 - MATCHED
   objectscale/influxdb:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/telegraf:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/fluxd:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/grafana:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/throttler:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/rsyslog:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/nginx:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/prometheus:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/statefuldaemonset-operator:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/logging-injector:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/influxdb-operator:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/fluent-bit:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/confd-sidecar:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/dellmon-pre-upgrade-crds:3.8.5.0-1633.83a83598 - MATCHED
   objectscale/blob-service:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/chunk-manager:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/storageserver:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/storageserver-manager:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/event-service:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/object-heads:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/diagnostic-service:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/geo-receiver:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/geoservice:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/object-control:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/record-manager:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/rep:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/resource-service:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/metering:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/space-reclaimer:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/control-service:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/storagemanagement-service:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/ons:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/nds:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/objmt:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/vnest:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/dtsm:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/nvmeengine:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/nvmetargetviewer:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/targetmgr:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/targetcfg:3.8.5.0-p3.139575.5eee936b537 - MATCHED
   objectscale/fedsvc:3.7.0.0-394.c64e8f82 - MATCHED
   objectscale/objectscale-gateway:3.7.0.0-394.c64e8f82 - MATCHED
   objectscale/objectscale-component-pre-update:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-manager-pre-update:1.3.0-351.adb9679 - MATCHED
   objectscale/objectstore-connectivity:1.3.0-351.adb9679 - MATCHED
   objectscale/objectstore-pre-update:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-inventory:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-insideiq:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-health:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-capacity:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-performance:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-license-usage:1.3.0-351.adb9679 - MATCHED
   objectscale/objectscale-lcm:1.3.0-254.437c960 - MATCHED
   objectscale/objectscale-operator:1.3.0-1188.f06d298d - MATCHED
   objectscale/objectscale-restapi:1.3.0-144.697e704 - MATCHED
   objectscale/object-service:3.8.5.0-p3.3524.1ea669c90 - MATCHED
   objectscale/pravega-operator:0.5.7-309-5fc87406 - MATCHED
   objectscale/crunchy-upgrade:ubi8-5.1.2-0 - MATCHED
   objectscale/crunchy-pgbackrest:ubi8-2.38-2 - MATCHED
   objectscale/crunchy-pgadmin4:ubi8-4.30-2 - MATCHED
   objectscale/crunchy-postgres:ubi8-14.4-0 - MATCHED
   objectscale/crunchy-pgbouncer:ubi8-1.16-4 - MATCHED
   objectscale/crunchy-postgres-exporter:ubi8-5.1.2-0 - MATCHED
   objectscale/postgres-operator:ubi8-5.2.0-114.c95664e-226 - MATCHED
   objectscale/postgres-operator-upgrade:ubi8-5.1.2-0 - MATCHED
   objectscale/objectscale-service-tools:2.96.0-389.6795989 - MATCHED
   objectscale/cmf-switch:0.6.0-389.6795989 - MATCHED
   objectscale/kubectl:v1.25.7 - MATCHED
   objectscale/zookeeper:0.2.14-256-adadecf - MATCHED
   objectscale/zookeeper-operator:0.2.14-256-adadecf - MATCHED
   objectscale/install-controller:1.3.0-4196 - MATCHED
   objectscale/objs-pre-upgrade-crds:1.3.0-4196 - MATCHED
   objectscale/install-controller:1.3.0 - MATCHED