Bug 1568345 - [DOCS] Document CephFS provisioner deployment [NEEDINFO]
Summary: [DOCS] Document CephFS provisioner deployment
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.10.0
Assignee: Bob Furu
QA Contact: Jianwei Hou
Vikram Goyal
Depends On: 1586035
TreeView+ depends on / blocked
Reported: 2018-04-17 09:58 UTC by Jianwei Hou
Modified: 2020-01-08 22:00 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-01-08 22:00:51 UTC
Target Upstream Version:
bfuru: needinfo? (vigoyal)

Attachments (Terms of Use)

Description Jianwei Hou 2018-04-17 09:58:42 UTC
Description of problem:
CephFS provisioner is available, we need to document how to deploy it for admin. https://trello.com/c/e7mMPgX6

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Document URL: 

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:

Comment 1 Traci Morrison 2018-06-18 16:21:45 UTC
Is there a docs PR for this issue?

Comment 3 Traci Morrison 2018-06-20 00:55:42 UTC
Vikram, there are no doc updates for this bug. Should I close this bug? Also, move the Trello card to what list?

Comment 6 Traci Morrison 2018-06-21 19:21:08 UTC
(In reply to Jianwei Hou from comment #2)
> THere are no docs PR for this, There is only a deployment template for
> deploying CephFS provisioner.
> ---
> kind: List
> apiVersion: v1
> items:
> - kind: ClusterRole
>   apiVersion: v1
>   metadata:
>     name: cephfs-provisioner-runner
>     labels:
>       cephfs: provisioner-runner-clusterrole
>   rules:
>     - apiGroups: [""]
>       resources: ["persistentvolumes"]
>       verbs: ["get", "list", "watch", "create", "delete"]
>     - apiGroups: [""]
>       resources: ["persistentvolumeclaims"]
>       verbs: ["get", "list", "watch", "update"]
>     - apiGroups: ["storage.k8s.io"]
>       resources: ["storageclasses"]
>       verbs: ["get", "list", "watch"]
>     - apiGroups: [""]
>       resources: ["events"]
>       verbs: ["list", "watch", "create", "update", "patch"]
>     - apiGroups: [""]
>       resources: ["secrets"]
>       verbs: ["get", "create", "delete", "list"]
> - apiVersion: v1
>   kind: ServiceAccount
>   metadata:
>     name: cephfs-provisioner
>     labels:
>       cephfs: provisioner-sa
> - apiVersion: v1
>   kind: ClusterRoleBinding
>   metadata:
>     name: cephfs-provisioner
>   roleRef:
>     name: cephfs-provisioner-runner
>   subjects:
>   - kind: ServiceAccount
>     name: cephfs-provisioner
>     namespace: default
> - kind: DeploymentConfig
>   apiVersion: v1
>   metadata:
>     name: cephfs-provisioner-dc
>     labels:
>       cephfs: cephfs-dc
>     annotations:
>       description: Defines how to deploy the cephfs provisioner pod.
>   spec:
>     replicas: 1
>     selector:
>       cephfs: cephfs-provisioner
>     triggers:
>     - type: ConfigChange
>     strategy:
>       type: Recreate
>     template:
>       metadata:
>         name: cephfs-provisioner
>         labels:
>           cephfs: cephfs-provisioner
>       spec:
>         serviceAccountName: cephfs-provisioner
>         containers:
>         - name: cephfs-provisioner
>           image: openshift3/cephfs-provisioner:v0.0.2-2
>           imagePullPolicy: IfNotPresent
>           env:
>           - name: PROVISIONER_NAME
>             value: ceph.com/cephfs
>           args:
>           - "-id=cephfs-provisioner-1"
>           - "-disable-ceph-namespace=true"

Vikram, see the comment above. Changes were made in the deployment template. I am trying to determine if the docs need to updated/created b/c of this change. Yes, please ignore my ? about the Trello card since it's not on our board. 

Jianwei, are these the steps for the admin to deploy the provisioner: https://bugzilla.redhat.com/show_bug.cgi?id=1571211

I think your request is to create a docs PR, so I want to make sure I have the right information. Sorry for the confusion. Thanks.

Comment 7 Jianwei Hou 2018-07-02 00:30:27 UTC
Traci, you are right, the steps are for admin to deploy. FYI there is another CephFS provisioner bug https://bugzilla.redhat.com/show_bug.cgi?id=1586035. We haven't decided the solution to this bug yet. Possibly there is something more in 1586035 needing documentation, I'll keep you updated about it.

Comment 8 Traci Morrison 2018-07-16 13:09:51 UTC
Hi Jianwei Hou, is there any update on the status of this bug?

Comment 9 Traci Morrison 2018-07-20 13:59:25 UTC
Hi Jianwei Hou, is there any update on the status of this bug?

Comment 10 Jianwei Hou 2018-07-23 02:48:12 UTC
@tmorriso I think this depends on 1586035.

Comment 11 Traci Morrison 2018-08-21 17:22:59 UTC
Vikram, do you want me to assign this bug to Joan?

Comment 12 Vikram Goyal 2018-08-22 04:48:54 UTC
(In reply to Traci Morrison from comment #11)
> Vikram, do you want me to assign this bug to Joan?

Hey Traci - yes please.

Comment 13 Joan Hoyt 2018-09-17 14:54:28 UTC
Hi, Jianwei,

I'm the new tech writer working on OpenShift Storage, and I need to make sure I take the right approach documenting this.

Are there any more updates to this bug? 

If not, are the steps in Comment 2 here and for BZ1571211 for deploying the Ceph FS provisioner what we need to document? 

So this information 

Using "anyuid" SCC

* include the template above 
*  Deploy CephFS provisioner, 
* create storageclass, PVC and Pod
* Write to CephFS volume

Is this the right approach?


Comment 14 Jianwei Hou 2018-09-20 03:20:31 UTC
Hi, Joan

You are right, use the template above and grant 'anyuid' SCC to the 'cephfs-provisioner' serviceaccount.

oc adm policy add-scc-to-user anyuid -z cephfs-provisioner.

Once the cephfs-provisioner pod is successfully deployed, create the storageclass and PVC. Then a PV should be successfully provisioned.

Then create a Pod to write to the volume. At present writing to volume only possible with a privileged container, this is considered as a bug and is being tracked by 1571211.

Comment 15 Joan Hoyt 2019-01-24 13:18:27 UTC
Changed Assignee to chuffman@redhat.com, since Christian is now working on OCP Storage.

Note You need to log in before you can comment on or make changes to this bug.