This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Storage Backend Management

1: Managing Storage Backends

1.1: Creating a Storage Backend

1.1.1: Examples of Storage Backend Configuration Files in Typical Scenarios
1.1.2: Storage Backend Parameters

1.2: Querying a Storage Backend
1.3: Updating a Storage Backend

1.3.1: Updating the Password of a Storage Backend Using oceanctl
1.3.2: Update the Login Authentication Type of a Storage Backend Using oceanctl
1.3.3: Manually Updating a Storage Backend

1.4: Deleting a Storage Backend

2: Adding a Certificate to a Storage Backend

2.1: Creating a Certificate for a Storage Backend
2.2: Querying a Storage Backend Certificate
2.3: Updating a Storage Backend Certificate
2.4: Deleting a Storage Backend Certificate

3: Description of oceanctl Commands

Backend is an abstract concept of Huawei storage resources. Each Huawei storage device can abstract multiple backend resources using features such as tenants, storage pools, and protocols. Each backend exists independently and defines Huawei storage information required for providing persistent volumes for Kubernetes clusters.

This chapter describes how to use the oceanctl tool to manage storage backends, including creating, querying, updating, and deleting backends.

Description of the oceanctl Tool

You have obtained the oceanctl tool, copied the oceanctl tool to the environment directory, for example, /usr/local/bin, and obtained the execute permission. The oceanctl tool is stored in /bin/oceanctl of the software package.
The oceanctl tool depends on kubectl (for the Kubernetes platform) or oc (for the OpenShift platform) commands. Therefore, you need to run the tool on a node where kubectl or oc commands can be executed.
By default, the user who runs oceanctl commands must have the read and write permissions on the /var/log directory. If you do not have the permissions on the directory, run the –log-dir=/path/to/custom command to specify a directory on which you have the permissions as the log file directory.
huawei-csi is the default namespace used by oceanctl to create a backend.
For details about oceanctl commands, see Description of oceanctl Commands .

1 - Managing Storage Backends

This section describes how to create a storage backend. Currently, you can create a backend based on the configured backend yaml file or the exported configmap.json file.

If you create a backend by adding a backend yaml file, configure the backend file by referring to Examples of Storage Backend Configuration Files in Typical Scenarios .

If the exported configmap.json file exists, create a storage backend by referring to Creating a Storage Backend .

1.1 - Creating a Storage Backend

When oceanctl is used to create a storage backend, the entered account and key information is stored in the Secret object. It is recommended that the customer container platform encrypt the Secret object based on the suggestions of the supplier or K8s community. For details about how to encrypt the Secret object in the K8s community, see Enable Encryption at Rest .
When a backend is created using a .json file, the backend name of an earlier version may contain uppercase letters or underscores (_). In this case, the old name is remapped to a new name. The mapping process automatically occurs and does not affect the original functions. For example, ABC_123 is mapped to abc-123-fd68e. The mapping rules are as follows:
Uppercase letters are converted to lowercase letters.
An underscore (_) is converted to a hyphen (-).
A 5-digit hash code is added to the end.
If a storage backend is connected to a vStore, the vStore name cannot be changed after the storage backend is created.

Procedure

Prepare the backend configuration file, for example, backend.yaml. For details, see Examples of Storage Backend Configuration Files in Typical Scenarios . To create multiple backends, separate them with —.

storage: "oceanstor-san"
name: "backend-1"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.157:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "roce"
  portals:
    - "10.10.30.20"
    - "10.10.30.21"
maxClientThreads: "30"
---
storage: "oceanstor-san"
name: "backend-2"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.158:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "roce"
  portals:
    - "10.10.30.20"
    - "10.10.30.21"
maxClientThreads: "30"

Run the following command to create a storage backend.

oceanctl create backend -f /path/to/backend.yaml -i yaml

The following is an example of the command output.

NUMBER  CONFIGURED    NAME        STORAGE              URLS                
1       false         backend-1   oceanstor-san        https://192.168.129.157:8088 
2       false         backend-2   oceanstor-san        https://192.168.129.158:8088 
Please enter the backend number to configure (Enter 'exit' to exit):

Enter the serial number of the backend to be created and enter the account and password.

Please enter the backend number to configure (Enter 'exit' to exit):1
Please enter this backend user name:admin
Please enter this backend password:

Backend backend-1 is configured
NUMBER  CONFIGURED    NAME         STORAGE              URLS               
1       true          backend-1    oceanstor-san        https://192.168.129.157:8088 
2       false         backend-2    oceanstor-san        https://192.168.129.158:8088 
Please enter the backend number to configure (Enter 'exit' to exit):

Check the storage backend creation result.

oceanctl get backend

The following is an example of the command output. If the backend status is Bound, the creation is successful.

NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088

1.1.1 - Examples of Storage Backend Configuration Files in Typical Scenarios

For details about the backend configuration in typical scenarios, see the following examples. For details about the parameter configuration, see Storage Backend Parameters .

Configuring a Storage Backend of the iSCSI Type
Configuring a Storage Backend of the FC Type
Configuring a Storage Backend of the NVMe over RoCE Type
Configuring a Storage Backend of the NVMe over FC Type
Configuring a Storage Backend of the NFS Type
Configuring a Storage Backend of the NFS+ Type
Configuring a Storage Backend of the SCSI Type
Configuring a Storage Backend of the DPC Type
Configuring Storage Backends of the Dtree Type
Configuring Storage Backends of the HyperMetro Type
Configuring Storage Backends of the IPv6 Type

Configuring a Storage Backend of the iSCSI Type

If you want to use the iSCSI protocol, ensure that the iSCSI client has been installed on the host before installing Huawei CSI. You can check whether the client has been installed on the host by referring to Checking the Status of Host-Dependent Software . If the iSCSI client is not installed, restart the huawei-csi-node service after installing the iSCSI client. During the restart, do not use Huawei CSI to create new resources or mount or unmount an existing PVC. The following command is used as an example:
kubectl delete pods -n huawei-csi -l app=huawei-csi-node

The following is an example of the backend configuration file of the iSCSI type for enterprise storage:

storage: "oceanstor-san"
name: "dorado-iscsi-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "iscsi"
  portals:
    - "192.168.128.120"                
    - "192.168.128.121"
maxClientThreads: "30"

The following is an example of the backend configuration file of the iSCSI type for distributed storage:

storage: "fusionstorage-san"
name: "pacific-iscsi-125"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.125:8088"
  - "https://192.168.129.126:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "iscsi"
  portals:
    - "192.168.128.122"
    - "192.168.128.123"
maxClientThreads: "30"

The following is an example of the backend configuration file of the iSCSI type for OceanDisk storage:

storage: "oceandisk-san"
name: "oceandisk-iscsi-125"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.125:8088"
  - "https://192.168.129.126:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "iscsi"
  portals:
    - "192.168.128.122"
    - "192.168.128.123"
maxClientThreads: "30"

Configuring a Storage Backend of the FC Type

If you want to use the FC protocol, ensure that the FC network between the host and the storage device is connected before installing Huawei CSI. If the FC network is not connected, connect the FC network and then restart the huawei-csi-node service. During the restart, do not use Huawei CSI to create new resources or mount or unmount an existing PVC. The following command is used as an example:
kubectl delete pods -n huawei-csi -l app=huawei-csi-node

The following is an example of the backend configuration file of the FC type for enterprise storage:

storage: "oceanstor-san"
name: "fc-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "fc"
maxClientThreads: "30"

The following is an example of the backend configuration file of the FC type for OceanDisk storage:

storage: "oceandisk-san"
name: "fc-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "fc"
maxClientThreads: "30"

Configuring a Storage Backend of the NVMe over RoCE Type

If you want to use the NVMe over RoCE protocol, ensure that the NVMe over RoCE network between the host and the storage device is connected before installing Huawei CSI. If the NVMe over RoCE network is not connected, connect the NVMe over RoCE network and then restart the huawei-csi-node service. During the restart, do not use Huawei CSI to create new resources or mount or unmount an existing PVC. The following command is used as an example:
kubectl delete pods -n huawei-csi -l app=huawei-csi-node

The following is an example of the backend configuration file of the NVMe over RoCE type for enterprise storage:

storage: "oceanstor-san"
name: "roce-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "roce"
  portals:
    - "192.168.128.120"        
    - "192.168.128.121"
maxClientThreads: "30"

The following is an example of the backend configuration file of the NVMe over RoCE type for OceanDisk storage:

storage: "oceandisk-san"
name: "roce-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "roce"
  portals:
    - "192.168.128.120"        
    - "192.168.128.121"
maxClientThreads: "30"

Configuring a Storage Backend of the NVMe over FC Type

The following is an example of the backend configuration file of the NVMe over FC type for enterprise storage:

storage: "oceanstor-san"
name: "fc-nvme-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "fc-nvme"
maxClientThreads: "30"

Configuring a Storage Backend of the NFS Type

The following is an example of the backend configuration file of the NFS type for enterprise storage:

storage: "oceanstor-nas"
name: "nfs-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "nfs"
  portals:        
    - "192.168.128.155"
maxClientThreads: "30"

The following is an example of the backend configuration file of the NFS type for distributed storage:

storage: "fusionstorage-nas"
name: "nfs-126"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.125:8088"
  - "https://192.168.129.126:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "nfs"
  portals:
    - "192.168.128.123"
maxClientThreads: "30"

Configuring a Storage Backend of the NFS+ Type

The following is an example of the backend configuration file of the NFS+ type for enterprise storage:

storage: "oceanstor-nas"
name: "nfs-plus-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "nfs+"
  portals:        
    - "192.168.128.155"
    - "192.168.128.156"
maxClientThreads: "30"

Configuring a Storage Backend of the SCSI Type

The following is an example of the backend configuration file of the SCSI type for distributed storage:

storage: "fusionstorage-san"
name: "scsi-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "scsi"
  portals:
    - {"hostname01": "192.168.125.21","hostname02": "192.168.125.22"}
maxClientThreads: "30"

Configuring a Storage Backend of the DPC Type

The following is an example of the backend configuration file of the DPC type for distributed NAS storage:

storage: "fusionstorage-nas"
name: "dpc-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
parameters:      
  protocol: "dpc"
maxClientThreads: "30"

The following is an example of the backend configuration file of the DPC type for distributed dtree storage:

storage: "fusionstorage-dtree"
name: "dpc-dtree"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
parameters:      
  protocol: "dpc"
  parentname: "parent-filesystem" # This field is optional and can be configured in a StorageClass.
maxClientThreads: "30"

Configuring Storage Backends of the Dtree Type

The following is an example of the backend configuration file of the Dtree type for enterprise storage:

storage: "oceanstor-dtree"
name: "nfs-dtree"
namespace: "huawei-csi"
urls:
- "https://192.168.129.155:8088"
parameters:
  protocol: "nfs"
  parentname: "parent-filesystem" # This field is optional and can be configured in a StorageClass.
  portals:
    - "192.168.128.155"
maxClientThreads: "30"

The following is an example of the backend configuration file of the Dtree type for distributed storage:

storage: "fusionstorage-dtree"
name: "nfs-dtree"
namespace: "huawei-csi"
urls:
- "https://192.168.129.155:8088"
parameters:
  protocol: "nfs"
  parentname: "parent-filesystem" # This field is optional and can be configured in a StorageClass.
  portals:
    - "192.168.128.155"
maxClientThreads: "30"

Configuring Storage Backends of the HyperMetro Type

Before configuring NAS HyperMetro, you need to configure the HyperMetro relationship between two storage devices, including the remote device, HyperMetro domain, and the like. The HyperMetro domain of the file system can only work in HyperMetro active-active (AA) mode. For details about the configuration operation, see the product documentation of the corresponding storage model.
The accounts for connecting to NAS HyperMetro backends must be the administrator accounts of the storage vStores.
Except NAS HyperMetro backends, the management URLs of other backends cannot be the URL of a logical management port of a vStore that has established the HyperMetro relationship.
When a HyperMetro storage backend is used, do not provision common file systems. Otherwise, services may be interrupted in logical port failover scenarios.

CSI allows you to connect to OceanStor or OceanStor Dorado and provision HyperMetro volumes of the NFS type on the storage side. You need to configure storage backends that work in HyperMetro mode. The procedure is as follows: Create two configuration files and create backends one by one.

This example shows how to configure backends of the HyperMetro type for Huawei OceanStor or OceanStor Dorado. First, create local storage backend configuration file nfs-hypermetro-155.yaml.

storage: "oceanstor-nas"
name: "nfs-hypermetro-155"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.155:8088"
  - "https://192.168.129.156:8088"
pools:
  - "StoragePool001"
metrovStorePairID: "f09838237b93c000"
metroBackend: "nfs-hypermetro-157"
parameters:
  protocol: "nfs"
  portals:
    - "192.168.129.155"
maxClientThreads: "30"

After the local backend is created, create remote storage backend configuration file nfs-hypermetro-157.yaml.

storage: "oceanstor-nas"
name: "nfs-hypermetro-157"
namespace: "huawei-csi"
urls:
  - "https://192.168.129.157:8088"
  - "https://192.168.129.158:8088"
pools:
  - "StoragePool001"
metrovStorePairID: "f09838237b93c000"
metroBackend: "nfs-hypermetro-155"
parameters:
  protocol: "nfs"
  portals:
    - "192.168.129.157"
maxClientThreads: "30"

Configuring Storage Backends of the IPv6 Type

The following is an example of the backend configuration file when the management URL is of the IPv6 type (an NFS backend is used as an example):

storage: "oceanstor-nas"
name: "nfs-155"
namespace: "huawei-csi"
urls:
  - "https://[192:168:129::155]:8088"
pools:
  - "StoragePool001"
parameters:
  protocol: "nfs"
  portals:        
    - "192:168:128::155"
maxClientThreads: "30"

1.1.2 - Storage Backend Parameters

An example template of the backend configuration file is /examples/backend/backend.yaml. The following table lists the parameters.

Table 1 backend parameters

Parameter	Description	Mandatory	Default Value	Remarks
storage	Storage service type. If enterprise storage provides SAN, set this parameter to oceanstor-san. If enterprise storage provides NAS, set this parameter to oceanstor-nas. If enterprise storage provides NAS of the Dtree type, set this parameter to oceanstor-dtree. If distributed storage provides SAN, set this parameter to fusionstorage-san. If distributed storage provides NAS, set this parameter to fusionstorage-nas. If distributed storage provides NAS of the Dtree type, set this parameter to fusionstorage-dtree. If OceanDisk storage is used, set this parameter to oceandisk-san.	Yes	oceanstor-nas	One backend can provide only one storage service. If a single Huawei storage system can provide both SAN and NAS storage services, you can configure multiple backends and use different storage service types for each backend.
name	Storage backend name. The value can contain a maximum of 63 characters, including lowercase letters, digits, and hyphens (-). It must start with a letter or digit.	Yes	-	Ensure that the storage backend name is unique.
namespace	Namespace.	No	-	The storage backend must be in the same namespace as Huawei CSI.
vstoreName	vStore name on the storage side. This parameter needs to be specified when the connected backend is OceanStor V5 and resources need to be provisioned under a specified vStore.	Conditionally mandatory	-	This parameter needs to be specified only when the backend is OceanStor V5 and vStores need to be supported.
accountName	Account name on the storage side. This parameter is mandatory when OceanStor Pacific NAS or an OceanStor Pacific dtree is connected and NAS resources need to be provisioned under a specified account.	Conditionally mandatory	-	This parameter needs to be specified when the connected backend is OceanStor Pacific NAS or OceanStor Pacific dtree and accounts need to be supported.
urls	Management URLs of storage device. The value format is a list. The value can be a domain name or an IP address + port number.	Yes	-	If the connected backend is OceanStor or OceanStor Dorado storage and resources need to be provisioned under a specified vStore, set this parameter to the URL of the logical management port of the vStore. If the management URL is of the IPv6 type, the URL format is https://[IPv6 address]:Port number. Currently, only enterprise storage supports IPv6.
pools	Storage pools of storage devices. The value format is a list.	Conditionally mandatory	-	This parameter is optional when storage is set to oceanstor-dtree or fusionstorage-dtree.
parameters.protocol	Storage protocol. The value is a character string. iscsi fc roce fc-nvme nfs nfs+ dpc scsi	Yes	-	If the value is set to iscsi, ensure that an iSCSI client has been installed on the connected compute node. If the value is set to nfs, ensure that an NFS client tool has been installed on the connected compute node. If the value is set to nfs+, ensure that an NFS+ client tool has been installed on the connected compute node. If the value is set to fc-nvme or roce, ensure that the nvme-cli tool has been installed on the connected compute node. The tool version must be 1.x and not earlier than 1.9. If the value is set to dpc, ensure that DPC has been installed on the connected compute node and the node has been added as a DPC compute node on the storage device to be connected. If the value is set to scsi, ensure that a distributed storage VBS client has been installed on the connected compute node.
parameters.portals	Service access port. Nodes will use this port to read and write storage resources. The value format is a list. Multiple ports can be configured if the protocol is iscsi, roce, or nfs+. If the protocol is nfs, only one port can be configured. If the protocol is fc, fc-nvme, or dpc, service ports do not need to be configured. If the protocol is scsi, the port is in dictionary format where the key indicates the name of the host where the VBS client is deployed and the value indicates the IP address of the host where the VBS client is deployed.	Conditionally mandatory	-	If a vStore or account is used to connect to a backend, portals must be set to the logical port information of the vStore or account. If nfs or nfs+ is used, the value can be a domain name. Currently, only enterprise storage supports IPv6.
parameters.ALUA	ALUA configuration of the storage backend. If the worker node uses the native multipathing software provided by the OS and ALUA is enabled, you need to configure this parameter.	Conditionally mandatory	-	If ALUA is enabled for the host multipathing software, ensure that the backend ALUA configuration is the same as that of the host ALUA configuration. For details about the ALUA configuration, see Configuring ALUA Using Helm.
parameters.parentname	Name of a file system on the current storage device. Dtree is created in the file system. This parameter is optional when storage is set to oceanstor-dtree or fusionstorage-dtree.	No	-	Query the name on the File Systems page of DeviceManager.
metrovStorePairID	HyperMetro vStore pair ID. This parameter is mandatory when a PV to be created on the storage side needs to support the NAS HyperMetro feature. In this case, you need to enter the ID of the HyperMetro vStore pair to which the PV to be created belongs.	Conditionally mandatory	-	You can query the HyperMetro vStore pair ID on DeviceManager.
metroBackend	Backend name of the HyperMetro peer. The value is a character string. This parameter is mandatory when a PV to be created on the storage side needs to support the NAS HyperMetro feature. In this case, you need to enter the name of the other backend to form a HyperMetro pair with the current backend.	Conditionally mandatory	-	The names of the two backends in the pair must be entered. After the two backends form a HyperMetro relationship, they cannot form a HyperMetro relationship with other backends.
supportedTopologies	Storage topology awareness configuration. The parameter format is JSON of the list type.	Conditionally mandatory	-	This parameter is mandatory if storage topology awareness is enabled. For details, see Configuring Storage Topology Awareness Using Helm.
maxClientThreads	Maximum number of concurrent connections to a storage backend.	No	30	The value ranges from 1 to 30. If this parameter is not set or the value is not in the specified range, the default value 30 is used.
authenticationMode	Authentication mode for logging in to a storage backend. The following modes are supported: local: local authentication ldap: LDAP authentication	No	local	LDAP authentication is supported when storage is set to oceanstor-san, oceanstor-nas, or oceanstor-dtree. When Huawei enterprise storage is OceanStor V5, the ID of the LDAP domain authentication server must be 0.

1.2 - Querying a Storage Backend

Run the oceanctl commands in Querying a Storage Backend to query the storage backend information.

1.3 - Updating a Storage Backend

When oceanctl is used to update storage backend information, only the storage backend password can be updated.
If the backend account password is updated on the storage device, the CSI plug-in will retry due to login failures. As a result, the account may be locked. If the account is locked, change the password by referring to An Account Is Locked After the Password Is Updated on the Storage Device .

1.3.1 - Updating the Password of a Storage Backend Using oceanctl

Obtaining the Help Information About Updating a Backend

Run the following command to obtain the help information about updating a storage backend.

oceanctl update backend -h

The following is an example of the command output.

Update a backend for Ocean Storage in Kubernetes

Usage:
  oceanctl update backend <name> [flags]

Examples:
  # Update backend account information in default(huawei-csi) namespace
  oceanctl update backend <name>  --password

  # Update backend account information in specified namespace
  oceanctl update backend <name> -n namespace --password

  # Update backend account information with ldap authentication mode in default(huawei-csi) namespace
  oceanctl update backend <name> --password --authenticationMode=ldap

  # Update backend account information with local authentication mode in default(huawei-csi) namespace
  oceanctl update backend <name> --password --authenticationMode=local

  # Update backend account information with ldap authentication mode in specified namespace
  oceanctl update backend <name> -n namespace --password --authenticationMode=ldap

Flags:
      --authenticationMode string   Specify authentication mode
  -h, --help                        help for backend
  -n, --namespace string            namespace of resources
      --password                    Update account password

Global Flags:
      --log-dir string   Specify the directory for printing log files. (default "/var/log/huawei")

Example of Updating the Password of a Backend

Run the following command to update a storage backend. In the command, backend-name indicates the name of the storage backend to be updated.
```
oceanctl update backend backend-name --password
```
Enter the user name and new password as prompted:
```
Please enter this backend user name:admin
Please enter this backend password:

backend/backend-name updated
```

1.3.2 - Update the Login Authentication Type of a Storage Backend Using oceanctl

Example of Updating the Backend Login Authentication Type to LDAP

Run the following command to update a storage backend. In the command, backend-name indicates the name of the storage backend to be updated.

oceanctl update backend backend-name --password --authenticationMode=ldap

Enter the user name and new password as prompted:

Please enter this backend user name:admin
Please enter this backend password:

backend/backend-name updated

1.3.3 - Manually Updating a Storage Backend

PVC provisioning must be based on a configured storage backend. Therefore, if a PVC has been provisioned on a storage backend, do not change the storage backend.
The name uniquely identifies a storage backend. The name of a storage backend with a PVC provisioned cannot be changed.
After a storage backend is modified, the new configuration applies only to volumes to be provisioned.
Do not perform volume management operations during the modification of a storage backend.

Procedure

Delete the storage backend to be modified. For details, see Deleting a Storage Backend .
Create a storage backend with the same name. For details, see Creating a Storage Backend . The storage backend name cannot be changed.

1.4 - Deleting a Storage Backend

Do not delete a storage backend when a volume management operation is being performed on it.

Example of Deleting a Backend

Run the following command to obtain information about a storage backend.

oceanctl get backend

The following is an example of the command output.

NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088

Run the following command to delete the specified storage backend.
```
oceanctl delete backend backend-1
```
Run the following command to check the deletion result.
```
oceanctl get backend backend-1
```
The following is an example of the command output. If not found is displayed, the deletion is successful.
```
Error from server (NotFound): backend "backend-1" not found
```

2 - Adding a Certificate to a Storage Backend

This section describes how to create a certificate for a storage backend. If certificate verification is required for logging in to the storage, you can add a certificate by referring to this section. Currently, you can create a certificate for a storage backend based on the specified .crt or .pem file.

Before creating a certificate for a storage backend, import the prepared certificate to the storage array.

2.1 - Creating a Certificate for a Storage Backend

Prerequisites

A certificate has been created. Take OceanStor Dorado as an example. For details about how to create a certificate, click here .

Example of Creating a Certificate

Prepare a certificate file in advance, for example, cert.crt.

Run the following command to obtain information about a storage backend.

oceanctl get backend

The following is an example of the command output.

NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088

Run the following command to create a certificate for the specified storage backend.
```
oceanctl create cert cert-1 -b backend-1 -f /path/to/cert.crt
```

Check the certificate creation result.

oceanctl get cert -b backend-1

The following is an example of the command output.

NAMESPACE    NAME    BOUNDBACKEND   
huawei-csi   cert-1  backend-1

2.2 - Querying a Storage Backend Certificate

Query storage backend certificates using the commands in Querying a Storage Backend Certificate .

2.3 - Updating a Storage Backend Certificate

Before updating a certificate, prepare a new certificate file and update the storage backend certificate by following the instructions provided in this section. If the certificate is no longer used, delete the certificate from the storage backend by referring to Deleting a Storage Backend Certificate .

Procedure

Run the following command to obtain information about a storage backend.

oceanctl get backend

The following is an example of the command output.

NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088

Run the following command to check whether the specified storage backend has a certificate.
```
oceanctl get cert -b backend-1
```
The following is an example of the command output.
```
NAMESPACE   NAME    BOUNDBACKEND    
huawei-csi  cert-1  backend-1  
```
Run the following command to update the certificate of the specified storage backend.
```
oceanctl update cert -b backend-1 -f /path/to/cert.crt
```

2.4 - Deleting a Storage Backend Certificate

Procedure

Run the following command to obtain information about a storage backend.

oceanctl get backend

The following is an example of the command output.

NAMESPACE     NAME         PROTOCOL    STORAGETYPE      SN                    STATUS  ONLINE  URL                 
huawei-csi    backend-1    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.157:8088   
huawei-csi    backend-2    roce        oceanstor-san    xxxxxxxxxxxxxxxxxxxx  Bound   true    https://192.168.129.158:8088

Run the following command to obtain information about the certificate of the specified storage backend.
```
oceanctl get cert -b backend-1
```
The following is an example of the command output.
```
NAMESPACE   NAME    BOUNDBACKEND    
huawei-csi  cert-1  backend-1  
```
Run the following command to delete the certificate of the specified storage backend.
```
oceanctl delete cert -b backend-1
```
Check the deletion result.
```
oceanctl get cert -b backend-1
```
The following is an example of the command output. If no cert found is displayed, the deletion is successful.
```
Error from server (NotFound): no cert found on backend backend-1 in huawei-csi namespace
```

3 - Description of oceanctl Commands

Obtaining Help Information

Obtain the oceanctl help information.
```
oceanctl --help
```
Check the oceanctl version.
```
oceanctl version
```
Specify the custom log file directory. The following example describes how to check the oceanctl version.
```
oceanctl version --log-dir=/path/to/custom
```

Creating a Storage Backend

Run the following command to obtain the help information about creating a backend.
```
oceanctl create backend -h
```
Run the following command to create a storage backend based on the specified yaml file.
```
oceanctl create backend -f /path/to/backend.yaml -i yaml
```
Run the following command to create a storage backend based on the specified json file. The huawei-csi-configmap file can be exported only in json format.
```
oceanctl create backend -f /path/to/configmap.json -i json
```
Run the following command to create a storage backend in the specified namespace.
```
oceanctl create backend -f /path/to/backend.yaml -i yaml -n <namespace>
```
Run the following command to create a storage backend and ignore the storage backend name verification, for example, uppercase letters and underscores (_). Do not run this command unless necessary.
```
oceanctl create backend -f /path/to/backend.yaml -i yaml --not-validate-name
```
Run the following command to create a storage backend and specify provisioner. csi.oceanstor.com is the driver name specified during installation. For details, see 4 .

This command is used only when a backend is created on the CCE or CCE Agile platform.
```
oceanctl create backend -f /path/to/backend.yaml  -i yaml --provisioner=csi.oceanstor.com
```

Querying a Storage Backend

Run the following command to obtain the help information about querying a backend.
```
oceanctl get backend -h
```
Run the following command to query a single storage backend in the default namespace.
```
oceanctl get backend <backend-name>
```
Run the following command to query all storage backends in the specified namespace.
```
oceanctl get backend -n <namespace>
```
Run the following command to format the output. Currently, json, yaml, and wide are supported.
```
oceanctl get backend <backend-name> -o json
```

Updating a Storage Backend

Run the following command to obtain the help information about updating a backend.
```
oceanctl update backend -h
```
Run the following command to update the specified storage backend in the default namespace.
```
oceanctl update backend <backend-name> --password
```
Run the following command to update a storage backend in the specified namespace.
```
oceanctl update backend <backend-name> -n <namespace> --password
```

Deleting a Storage Backend

Run the following command to obtain the help information about deleting a backend.
```
oceanctl delete backend -h
```
Run the following command to delete the specified storage backend in the default namespace.
```
oceanctl delete backend <backend-name> 
```
Run the following command to delete all storage backends in the default namespace.
```
oceanctl delete backend  --all
```
Run the following command to delete a storage backend in the specified namespace.
```
oceanctl delete backend <backend-name...> -n <namespace>
```

Creating a Storage Backend Certificate

Run the following command to obtain the help information about querying a certificate.
```
oceanctl create cert -h
```
Run the following command to create a certificate for a single storage backend in the default namespace based on the specified .crt certificate file.
```
oceanctl create cert <name> -f /path/to/cert.crt -b <backend-name> 
```
Run the following command to create a certificate for a single storage backend in the specified namespace based on the specified .crt certificate file.
```
oceanctl create cert <name> -f /path/to/cert.crt -b <backend-name> -n <namespace>
```
Run the following command to create a certificate for a single storage backend in the specified namespace based on the specified .pem certificate file.
```
oceanctl create cert <name> -f /path/to/cert.pem -b <backend-name> -n <namespace>
```

Querying a Storage Backend Certificate

Run the following command to obtain the help information about querying a certificate.
```
oceanctl get cert -h
```
Run the following command to query the certificate of a specified storage backend in the default namespace.
```
oceanctl get cert -b <backend-name>
```
Run the following command to query the certificate of a specified storage backend in the specified namespace.
```
oceanctl get cert -b <backend-name> -n <namespace>
```

Updating a Storage Backend Certificate

Run the following command to obtain the help information about updating a certificate.
```
oceanctl update cert -h
```
Run the following command to update a certificate for a specified storage backend in the default namespace based on the specified .crt certificate file.
```
oceanctl update cert -b <backend-name> -f /path/to/cert.crt
```
Run the following command to update a certificate for a specified storage backend in the specified namespace based on the specified .crt certificate file.
```
oceanctl update cert -b <backend-name> -n <namespace> -f /path/to/cert.crt
```
Run the following command to update a certificate for a specified storage backend in the specified namespace based on the specified .pem certificate file.
```
oceanctl update cert -b <backend-name> -n <namespace> -f /path/to/cert.pem
```

Deleting a Storage Backend Certificate

Run the following command to obtain the help information about deleting a certificate.
```
oceanctl delete cert -h
```
Run the following command to delete the certificate of a specified storage backend in the default namespace.
```
oceanctl delete cert -b <backend-name> 
```
Run the following command to delete the certificate of a specified storage backend in the specified namespace.
```
oceanctl delete cert -b <backend-name> -n <namespace>
```