Warning message

Log in to add comments or rate this document.

SAP Data Intelligence on OpenShift 4 with NetApp Trident and StorageGRID

Updated 2021-02-24T12:39:26+00:00

For the general requirements and installation instructions, please refer to the related installation guides:

1. OpenShift Container Platform validation version matrix

The following version combinations of SAP Data Hub (SDH) 2.X or SAP Data Intelligence (SDI) 3.X, OCP and NetApp Trident have been validated:

SAP Product OpenShift Container Platform Infrastructure and (Storage) [Object Storage]
SAP Data Hub 2.7 4.2 VMware vSphere (NetApp Trident 20.04 (iSCSI LUNs))
SAP Data Intelligence 3.0 4.4 VMware vSphere (NetApp Trident 20.04 (iSCSI LUNs)) [StorageGRID 11.3]
SAP Data Intelligence 3.1 4.6 VMware vSphere (NetApp Trident 20.10 (iSCSI LUNs)) [StorageGRID 11.4 ]

The referenced OCP release is no longer supported by Red Hat!
Object storage has not been covered.

1.1. Supportability matrix

The following version combinations are supported:

SAP Data Intelligence OpenShift Container Platform Infrastructure Storage (PVs) Object Storage
3.0 4.4 VMware vSphere OCS 4, NetApp Trident 20.04 or newer (iSCSI LUNs) StorageGRID 11.3 or newer
SAP Data Intelligence 3.1 4.6 VMware vSphere OCS 4, NetApp Trident 20.10 (iSCSI LUNs) StorageGRID 11.4 or newer

To enable SDI's backup&restore functionality on StorageGRID 11.4, a hotfix called "content-length in the header" needs to be requested from NetApp for this release. Please contact the NetApp support.

1.2. Supportability note

The validation of NetApp Trident storage is done not by Red Hat but a NetApp team which is assisted and supported by Red Hat. Red Hat supports directly neither NetApp Trident software nor NetApp hardware.

If you encounter issues regarding Trident and the integration into NetApp storage solutions, existing NetApp customers can directly place a support case in the NetApp support portal. All architecture and pre-sales related questions should be addressed to NetApp through the corresponding NetApp account manager.

2. Requirements

2.1. Hardware/VM and OS Requirements

For OCP and SDH requirements, please refer to Hardware/VM and OS Requirements.

We will assume there is a management host available.

NepApp requirements:

  • FAS/AFF/Select 9.1 or later
  • HCI/SolidFire Element OS 8 or later
  • E/EF-Series SANtricity

For more information, please consult Supported backends (storage).

2.2. Software Requirements

OCP cluster installed and configured.

Please refer to the Prepare the Management host (4.4) / ((4.2)) for more details.

3. NetApp Trident installation

The installation shall be performed from the management host.

3.1. OCP nodes preparation

  1. iSCSI Inititor IDs must be determined for all the OCP nodes.

    # # no need to modify the command - copy and paste should work
    # oc get nodes -o jsonpath=$'{range .items[*]}{.metadata.name}\n{end}' | xargs -inode ssh core@node sudo cat /etc/iscsi/initiatorname.iscsi
    InitiatorName=iqn.1994-05.com.redhat:71709e90c4f5
    InitiatorName=iqn.1994-05.com.redhat:6f4afcfd5c4
    InitiatorName=iqn.1994-05.com.redhat:a6ea80966d1
    InitiatorName=iqn.1994-05.com.redhat:bdf7a54bbff
    InitiatorName=iqn.1994-05.com.redhat:aec6f2b095c
    InitiatorName=iqn.1994-05.com.redhat:937a83a4596f
    
  2. Create initiator group composed of the initiators on the NetApp ONTAP System:

    # ssh admin@<ClusterIP>
    grenada::> igroup create -vserver svm-sap01 -igroup trident -protocol iscsi -ostype linux -initiator iqn.1994-05.com.redhat:71709e90c4f
    grenada::> igroup add trident -vserver svm-sap01 -initiator iqn.1994-05.com.redhat:6f4afcfd5c4 iqn.1994-05.com.redhat:a6ea80966d1 iqn.1994-05.com.redhat:bdf7a54bbff iqn.1994-05.com.redhat:aec6f2b095c iqn.1994-05.com.redhat:937a83a4596f
    grenada::> igroup show -vserver svm-sap01
    Vserver   Igroup       Protocol OS Type  Initiators
    --------- ------------ -------- -------- ------------------------------------
    svm-sap01 trident      iscsi    linux    iqn.1994-05.com.redhat:6f4afcfd5c4
                                             iqn.1994-05.com.redhat:71709e90c4f5
                                             iqn.1994-05.com.redhat:937a83a4596f
                                             iqn.1994-05.com.redhat:a6ea80966d1
                                             iqn.1994-05.com.redhat:aec6f2b095c
                                             iqn.1994-05.com.redhat:bdf7a54bbff
    
  3. Verify that the previous operation succeeded by performing a discovery on the OCP nodes. In this example, the 192.168.10.17 is the (logical) interface which offers the iSCSI protocol and therefore the iSCSI LUNs on the NetApp system.

    # TARGET=192.168.10.17
    # # no need to modify the command - copy and paste should work
    # oc get nodes -o jsonpath=$'{range .items[*]}{.metadata.name}\n{end}' | xargs -inode ssh core@node sudo iscsiadm -m discovery -t st -p "${TARGET}"
    192.168.10.17:3260,1050 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.18:3260,1051 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.17:3260,1050 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.18:3260,1051 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.17:3260,1050 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.18:3260,1051 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.17:3260,1050 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.18:3260,1051 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.17:3260,1050 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.18:3260,1051 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.17:3260,1050 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    192.168.10.18:3260,1051 iqn.1992-08.com.netapp:sn.ae6d72f0054211eaa55200a0989df7a0:vs.10
    

3.1.1. Re-configure Nodes with MachineConfig

Please make sure to first complete SDI compute nodes configuration.

In a previous version of this article it was suggested to start the iscsci.service on the nodes as a pre-requisite to utilizing the storage. This is no longer necessary. You can now remove the labels and machine configs configured earlier by following the steps below.

  1. Unlabel the nodes:

    1. Make sure that each node has at least one additional role (e.g. worker role) before removing the netapp role:

      # # the following adds the worker role label to all the nodes that do not have any additional role assigned
      # oc get nodes -o json | jq -r '.items[] | .metadata as $md |
          select([$md.labels | keys [] | test("^node-role\\.kubernetes\\.io/(?!netapp$)")] |
              any | not) | "node/\($md.name)"' | xargs -r -i oc label '{}' node-role.kubernetes.io/worker=""
      
    2. Remove the netapp role label:

      # oc label nodes --all node-role.kubernetes.io/netapp-
      
  2. Remove the *-netapp MachineConfigPool:

    # oc get mcp -o name | grep -- '-netapp$' | xargs -r oc delete
    
  3. Remove the netapp MachineConfig 76-enable-iscsi-service created last time or any other targetting solely the netapp nodes:

    # oc get mc -o json | jq -r '.items[] | .metadata as $md | select($md.name ==
        "76-enable-iscsi-service" or $md.labels == {
            "machineconfiguration.openshift.io/role": "netapp"}) | "mc/\($md.name)"' | \
            xargs -r oc delete
    
  4. Wait until the nodes get reconfigured:

    # oc wait mcp --all --for=condition=updated
    

3.1.2. Verify ONTAP Cluster

Verify on the ONTAP Cluster that the OCP nodes are registered:

grenada::> igroup show -vserver svm-sap01 -igroup trident
          Vserver Name: svm-sap01
           Igroup Name: trident
              Protocol: iscsi
               OS Type: linux
Portset Binding Igroup: -
           Igroup UUID: 0577fa8c-9f4a-11ea-a4ea-00a0989e2cde
                  ALUA: true
            Initiators: iqn.1994-05.com.redhat:6f4afcfd5c4 (logged in)
iqn.1994-05.com.redhat: 71709e90c4f5 (logged in)
iqn.1994-05.com.redhat: 937a83a4596f (logged in)
iqn.1994-05.com.redhat: a6ea80966d1 (logged in)
iqn.1994-05.com.redhat: aec6f2b095c (logged in)
iqn.1994-05.com.redhat: bdf7a54bbff (logged in)

3.2. Install NetApp Trident

The following is an alternation of the official installation method. Please consult the official documentation if you hit issues.

  1. Still on the management host, download the Trident Installer

    # curl -O -L https://github.com/NetApp/trident/releases/download/v20.10.1/trident-installer-20.10.1.tar.gz
    # tar -xf trident-installer-20.10.1.tar.gz
    # cd trident-installer
    
  2. Start the installation:

    # ./tridentctl install -n trident
    INFO Starting Trident installation. namespace=trident
    INFO Created namespace. namespace=trident
    INFO Created service account.
    INFO Created cluster role.
    INFO Created cluster role binding.
    INFO Created Trident's security context constraint. scc=trident user=trident-csi
    INFO Created custom resource definitions. namespace=trident
    INFO Created Trident pod security policy.
    INFO Added finalizers to custom resource definitions.
    INFO Created Trident service.
    INFO Created Trident secret.
    INFO Created Trident deployment.
    INFO Created Trident daemonset.
    INFO Waiting for Trident pod to start.
    INFO Trident pod started. namespace=trident pod=trident-csi-656c78477f-x4dmm
    INFO Waiting for Trident REST interface.
    INFO Trident REST interface is up. version=20.10.1
    INFO Trident installation succeeded.
    
  3. Verify the deployment:

    # oc get pods -n trident
    NAME                         READY STATUS  RESTARTS AGE
    trident-csi-26s2z            2/2   Running 0        65s
    trident-csi-5f9xb            2/2   Running 0        65s
    trident-csi-656c78477f-x4dmm 3/3   Running 0        65s
    trident-csi-kz7tz            2/2   Running 0        65s
    trident-csi-qzfg2            2/2   Running 0        65s
    trident-csi-sc5qs            2/2   Running 0        65s
    trident-csi-wgbfg            2/2   Running 0        65s
    
  4. Check the Trident version:

    # ./tridentctl -n trident version
    +----------------+----------------+
    | SERVER VERSION | CLIENT VERSION |
    +----------------+----------------+
    | 20.10.1        | 20.10.1        |
    +----------------+----------------+
    
  5. Create the Trident NAS backend:

    # cat >jsons/backend_nas.json <<EOF
    {
      "version": 1,
      "storageDriverName": "ontap-nas",
      "backendName": "<Backend Name, z.B. svm-sap01-nas>",
      "managementLIF": "<Cluster Management LIF>",
      "dataLIF": "<Data LIF>",
      "svm": "<SVM Name, z.B. svm-sap01>",
      "username": "<Cluster Admin User>",
      "password": "<Cluster Admin User Passwort>"
    }
    EOF
    # ./tridentctl -n trident create backend -f jsons/backend_nas.json
    +---------------+----------------+--------------------------------------+--------+---------+
    | NAME          | STORAGE DRIVER | UUID                                 | STATE  | VOLUMES |
    +---------------+----------------+--------------------------------------+--------+---------+
    | svm-sap01-nas | ontap-nas      | ccdac84f-84fa-47b1-9ca4-2b9798c7554d | online | 0       |
    +---------------+----------------+--------------------------------------+--------+---------+
    
  6. Create the Trident iSCSI backend:

    • Simple (not multipath) version:

      # cat jsons/backend_iscsi.json
      {
        "version": 1,
        "storageDriverName": "ontap-san",
        "backendName": "<Backend Name, z.B. svm-sap01-san-192.168.10.17>",
        "managementLIF": "<Cluster Management LIF>",
        "dataLIF": "<Data LIF>",
        "svm": "<SVM Name, z.B. svm-sap01>",
        "igroupName": "<Name der erzeugten igroup, z.B. trident>",
        "username": "<Cluster Admin User>",
        "password": "<Cluster Admin User Passwort>"
      }
      
    • Multipath version (dataLIF key is missing):

      # cat jsons/backend_iscsi.json
      {
        "version": 1,
        "storageDriverName": "ontap-san",
        "backendName": "<Backend Name, z.B. svm-sap01-san>",
        "managementLIF": "<Cluster Management LIF>",
        "svm": "<SVM Name, z.B. svm-sap01>",
        "igroupName": "<Name der erzeugten igroup, z.B. trident>",
        "username": "<Cluster Admin User>",
        "password": "<Cluster Admin User Passwort>"
      }
      

    Then create the iSCSI backend of your choice:

        # ./tridentctl -n trident create backend -f jsons/backend_iscsi.json
        + -----------------------------+----------------+--------------------------------------+--------+---------+
        | NAME                         | STORAGE DRIVER | UUID                                 | STATE  | VOLUMES |
        + -----------------------------+----------------+--------------------------------------+--------+---------+
        | svm-sap01-san-192.168.10.17  | ontap-san      | 3b6d471a-843b-47c0-8e20-8345b9554986 | online | 0       |
        + -----------------------------+----------------+--------------------------------------+--------+---------+
    
  7. Verify successful deployment of the backends:

    # ./tridentctl -n trident get backend
    +-----------------------------+----------------+--------------------------------------+--------+---------+
    | NAME                        | STORAGE DRIVER | UUID                                 | STATE  | VOLUMES |
    +-----------------------------+----------------+--------------------------------------+--------+---------+
    | svm-sap01-nas               | ontap-nas      | ccdac84f-84fa-47b1-9ca4-2b9798c7554d | online | 0       |
    | svm-sap01-san-192.168.10.17 | ontap-san      | 3b6d471a-843b-47c0-8e20-8345b9554986 | online | 0       |
    +-----------------------------+----------------+--------------------------------------+--------+---------+
    
  8. Create NAS storage class:

    # cat >yamls/storage-class-basic_nas.yaml <<EOF
    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
      name: svm-sap01-nas
    provisioner: netapp.io/trident
    parameters:
      backendType: ontap-nas
    EOF
    # oc create -f yamls/storage-class-basic_nas.yaml
    storageclass.storage.k8s.io/svm-sap01-nas created
    
  9. Create the iSCSI Storage Class:

    # cat >yamls/storage-class-basic_iscsi.yaml <<EOF
    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
      name: <Storage Class Name, z.B. svm-sap01-san>
    provisioner: netapp.io/trident
    parameters:
      backendType: ontap-san
      fsType: "<Default Filesystem, z.B. xfs>"
    mountOptions:
    - discard
    EOF
    # oc create -f yamls/storage-class-basic_iscsi.yaml
    storageclass.storage.k8s.io/svm-sap01-san-192.168.10.17 created
    
  10. (optional) Mark one of the new storage classes as the default:

    # # clean existing default flag if any
    # oc annotate sc --all storageclass.kubernetes.io/is-default-class- storageclass.beta.kubernetes.io/is-default-class-
    # oc annotate sc/svm-sap01-san storageclass.kubernetes.io/is-default-class=true
    
  11. Verify that the Storage Classes have been created:

    # oc get sc
    NAME                                   PROVISIONER                   AGE
    svm-sap01-nas                          csi.trident.netapp.io         160m
    svm-sap01-san-192.168.10.17 (default)  csi.trident.netapp.io         17s
    thin                                   kubernetes.io/vsphere-volume  4d21h
    

4. NetApp StorageGRID preparation

Object storage is required for checkpoint store and for running AI/ML scenarios. NetApp StorageGRID can be utilized to service as the object storage backend.

To use StorageGRID as an object store for SAP Data Intelligence, complete the following installation (if StorageGRID is not used an appliance) and configuration steps:

  1. Use the instructions at Deploying StorageGRID in a Kubernetes Cluster to install StorageGRID in the cluster.
  2. Select Manage Certificates, and make sure that the certificates being used are issued from an official Trust Center: NetApp-StorageGRID/SSL-Certificate-Configuration.
  3. Following the instructions in Configuring tenant accounts and connections, configure a tenant.
  4. Following the instructions in Creating an S3 bucket, log in to the created tenant and create a bucket (such as sdi-checkpoint-store and sdi-data-lake).
  5. Use the instructions in Creating another user's S3 access keys to define an access key; then save the generated access key and the corresponding secret.

5. Continue with SAP Data Intelligence installation

Proceed where you left off in preparation for SAP Data Intelligence installation, e.g. SDI Observer.