ibm / k8s-storage-tests Goto Github PK
View Code? Open in Web Editor NEWPlaybooks for validating a Kubernetes persistent storage for IBM Cloud Paks
License: Apache License 2.0
Playbooks for validating a Kubernetes persistent storage for IBM Cloud Paks
License: Apache License 2.0
I tried this tool on two of my clusters. VPC ROKS with ODF didn't pass all the test (RWO BLOCK ocs-storagecluster-ceph-rbd and RWX FILE ocs-storagecluster-cephfs)
"msg": "######################## MOUNT TESTS PASSED FOR ReadWriteOnce Volume #################################"
"msg": "######################## MOUNT TESTS PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## SEQUENTIAL READ WRITE TEST PASSED FOR ReadWriteOnce Volume #################################"
"msg": "######################## SEQUENTIAL READ WRITE TEST PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## SINGLE THREAD PARALLEL READ WRITE TEST PASSED for ReadWriteOnce #################################"
"msg": "######################## SINGLE THREAD PARALLEL READ WRITE TEST PASSED for ReadWriteMany #################################"
"msg": "######################## MULTI NODE PARALLEL READ WRTIE TEST PASSED FOR ReadWriteOnce #################################"
"msg": "######################## MULTI NODE PARALLEL READ WRTIE TEST PASSED FOR ReadWriteMany #################################"
"msg": "######################## FILE PERMISSIONS TEST PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## SUB PATH TEST PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## FILE LOCK TESTS PASSED FOR ReadWriteMany Volume #################################"
"msg": "File UID permission tests for ReadWriteMany - FAILED"
"msg": "FSGroup GID permission tests for ReadWriteOnce - FAILED"
On the other hand a simple NFS using managed-nfs-storage on my RHEL connected to OCP on vmware fails only one
"msg": "######################## MOUNT TESTS PASSED FOR ReadWriteOnce Volume #################################"
"msg": "######################## MOUNT TESTS PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## SEQUENTIAL READ WRITE TEST PASSED FOR ReadWriteOnce Volume #################################"
"msg": "######################## SEQUENTIAL READ WRITE TEST PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## SINGLE THREAD PARALLEL READ WRITE TEST PASSED for ReadWriteOnce #################################"
"msg": "######################## SINGLE THREAD PARALLEL READ WRITE TEST PASSED for ReadWriteMany #################################"
"msg": "######################## MULTI NODE PARALLEL READ WRTIE TEST PASSED FOR ReadWriteOnce #################################"
"msg": "######################## MULTI NODE PARALLEL READ WRTIE TEST PASSED FOR ReadWriteMany #################################"
"msg": "######################## FILE PERMISSIONS TEST PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## FILE PERMISSIONS TEST PASSED FOR ReadWriteOnce Volume #################################"
"msg": "######################## SUB PATH TEST PASSED FOR ReadWriteMany Volume #################################"
"msg": "######################## FILE LOCK TESTS PASSED FOR ReadWriteMany Volume #################################"
"msg": "File UID permission tests for ReadWriteMany - FAILED"
I must say these are unexpected results. I expected ODF to pass everything. Is there an issue with the verification tool or with my ODF?
I saw at https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=requirements-storage#compute-requirements__control-plane-persistent-stg that managed-nfs-storage is also acceptable but still fails one test. Same question as for ODF.
You can also reach me on internal IBM Slack @jdusek
(.venv) alberto@thinkpad $ ansible-playbook main.yml --extra-vars "@./params.yml" | tee output.log
ERROR! Unexpected Exception, this is probably a bug: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.9/site-packages', '/usr/local/lib/python3.9/site-packages', '/usr/lib64/python3.9/site-packages', '/usr/lib/python3.9/site-packages']
the full traceback was:
Traceback (most recent call last):
File "/home/alberto/k8s-storage-tests/.venv/bin/ansible-playbook", line 92, in <module>
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
File "/home/alberto/k8s-storage-tests/.venv/lib64/python3.9/site-packages/ansible/cli/__init__.py", line 24, in <module>
from ansible.parsing.dataloader import DataLoader
File "/home/alberto/k8s-storage-tests/.venv/lib64/python3.9/site-packages/ansible/parsing/dataloader.py", line 17, in <module>
from ansible.module_utils.basic import is_executable
File "/home/alberto/k8s-storage-tests/.venv/lib64/python3.9/site-packages/ansible/module_utils/basic.py", line 77, in <module>
import selinux
File "/home/alberto/k8s-storage-tests/.venv/lib64/python3.9/site-packages/selinux/__init__.py", line 106, in <module>
check_system_sitepackages()
File "/home/alberto/k8s-storage-tests/.venv/lib64/python3.9/site-packages/selinux/__init__.py", line 102, in check_system_sitepackages
raise Exception(
Exception: Failed to detect selinux python bindings at ['/usr/local/lib64/python3.9/site-packages', '/usr/local/lib/python3.9/site-packages', '/usr/lib64/python3.9/site-packages', '/usr/lib/python3.9/site-packages']
(.venv) alberto@thinkpad $ python -V
Python 3.9.16
3.6
:(.venv36) alberto@thinkpad $ ansible-playbook main.yml --extra-vars "@./params.yml" | tee output.log
/home/alberto/k8s-storage-tests/.venv36/lib64/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.exceptions import InvalidSignature
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [ocp login using creds] ***************************************************
skipping: [localhost]
TASK [ocp login using token] ***************************************************
changed: [localhost]
TASK [debug] *******************************************************************
skipping: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"login_token.stdout_lines": [
"WARNING: Using insecure TLS client config. Setting this option is not supported!",
"",
"Logged into \"https://api.ocp-d.cpst-lab.ibm.com:6443\" as \"kube:admin\" using the token provided.",
"",
"You have access to 83 projects, the list has been suppressed. You can list all projects with 'oc projects'",
"",
"Using project \"default\"."
]
}
. . .
(.venv36) alberto@thinkpad $ python -V
Python 3.6.8
3.10
:(.venv310) alberto@thinkpad $ ansible-playbook main.yml --extra-vars "@./params.yml" | tee output.log
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [ocp login using creds] ***************************************************
skipping: [localhost]
TASK [ocp login using token] ***************************************************
changed: [localhost]
TASK [debug] *******************************************************************
skipping: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"login_token.stdout_lines": [
"WARNING: Using insecure TLS client config. Setting this option is not supported!",
"",
"Logged into \"https://api.ocp-d.cpst-lab.ibm.com:6443\" as \"kube:admin\" using the token provided.",
"",
"You have access to 84 projects, the list has been suppressed. You can list all projects with 'oc projects'",
"",
"Using project \"default\"."
]
}
TASK [Storage Readiness] *******************************************************
[WARNING]: Collection kubernetes.core does not support Ansible version 2.10.17
TASK [storage-readiness : Create namespace storage-tests if not present] *******
. . .
(.venv310) alberto@thinkpad $ python -V
Python 3.10.9
To support the airgap environment, the following images should be pulled and pushed to the private image registry.
icr.io/cpopen/cpd/k8s-storage-test:v1.0.0
quay.io/ibm-cp4d-public/storage-gcc:1.0
quay.io/ibm-cp4d-public/storage-gcc:1.0-amd64
quay.io/ibm-cp4d-public/storage-util:1.0
quay.io/ibm-cp4d-public/storage-util:1.0-amd64
quay.io/centos/amd64:latest
Can we add on section like this? https://github.com/IBM/k8s-storage-perf#pulling-and-loading-the-required-image-in-airgap-environment
Thanks!
The Ansible collection "community.kubernetes" has been deprecated and the new collection is named as "kubernetes.core". We need to update the project to use the latest maintained and supported Ansible collection.
See the deprecation notice at: https://docs.ansible.com/ansible/5/collections/community/kubernetes/docsite/deprecation.html
My ARO clusters:
pk6-aro
url: https://console-openshift-console.apps.oeq8pl8k.eastus.aroapp.io/
Contact me for the credentials
pk7-aro
url: https://console-openshift-console.apps.jce5djuj.eastus.aroapp.io/k8s/cluster/storageclasses
az aro list-credentials \
--name pk7-aro
--resource-group cpbu-sdlc-rg
Contact me for the credentials
Storage Validation tests for ODF storage classes are failing with:
run_k8s_storage_test
PLAY [localhost] ***************************************************************
TASK [ocp login using creds] ***************************************************
changed: [localhost]
TASK [ocp login using token] ***************************************************
skipping: [localhost]
TASK [debug] *******************************************************************
ok: [localhost] => {
"login_creds.stdout_lines": [
"Login successful.",
"",
"You have access to 70 projects, the list has been suppressed. You can list all projects with 'oc projects'",
"",
"Using project \"default\".",
"Welcome! See 'oc help' to get started."
]
}
TASK [debug] *******************************************************************
skipping: [localhost]
TASK [Storage Readiness] *******************************************************
TASK [storage-readiness : Create namespace k8s-validation if not present] ******
ok: [localhost]
TASK [storage-readiness : Run simple mount test for ReadWriteOnce] *************
included: /opt/ansible/roles/storage-readiness/tasks/mount-test.yaml for localhost
TASK [storage-readiness : Test mount ReadWriteOnce volumes for readiness] ******
failed: [localhost] (item={'name': 'create-volume.yaml.j2'}) => {"ansible_loop_var": "item", "changed": false, "error": 422, "item": {"name": "create-volume.yaml.j2"}, "msg": "Failed to patch object: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"PersistentVolumeClaim \\\\\"readiness-readwriteonce\\\\\" is invalid: spec: Forbidden: spec is immutable after creation except resources.requests for bound claims\\\\n\\xc2\\xa0\\xc2\\xa0core.PersistentVolumeClaimSpec{\\\\n\\xc2\\xa0\\xc2\\xa0\\\\t... // 2 identical fields\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tResources: {Requests: {s\\\\\"storage\\\\\": {i: {...}, s: \\\\\"1Gi\\\\\", Format: \\\\\"BinarySI\\\\\"}}},\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tVolumeName: \\\\\"\\\\\",\\\\n-\\xc2\\xa0\\\\tStorageClassName: \\\\u0026\\\\\"ocs-storagecluster-ceph-rbd\\\\\",\\\\n+\\xc2\\xa0\\\\tStorageClassName: \\\\u0026\\\\\"rook-ceph-block\\\\\",\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tVolumeMode: \\\\u0026\\\\\"Filesystem\\\\\",\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tDataSource: nil,\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tDataSourceRef: nil,\\\\n\\xc2\\xa0\\xc2\\xa0}\\\\n\",\"reason\":\"Invalid\",\"details\":{\"name\":\"readiness-readwriteonce\",\"kind\":\"PersistentVolumeClaim\",\"causes\":[{\"reason\":\"FieldValueForbidden\",\"message\":\"Forbidden: spec is immutable after creation except resources.requests for bound claims\\\\n\\xc2\\xa0\\xc2\\xa0core.PersistentVolumeClaimSpec{\\\\n\\xc2\\xa0\\xc2\\xa0\\\\t... // 2 identical fields\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tResources: {Requests: {s\\\\\"storage\\\\\": {i: {...}, s: \\\\\"1Gi\\\\\", Format: \\\\\"BinarySI\\\\\"}}},\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tVolumeName: \\\\\"\\\\\",\\\\n-\\xc2\\xa0\\\\tStorageClassName: \\\\u0026\\\\\"ocs-storagecluster-ceph-rbd\\\\\",\\\\n+\\xc2\\xa0\\\\tStorageClassName: \\\\u0026\\\\\"rook-ceph-block\\\\\",\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tVolumeMode: \\\\u0026\\\\\"Filesystem\\\\\",\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tDataSource: nil,\\\\n\\xc2\\xa0\\xc2\\xa0\\\\tDataSourceRef: nil,\\\\n\\xc2\\xa0\\xc2\\xa0}\\\\n\",\"field\":\"spec\"}]},\"code\":422}\\n'", "reason": "Unprocessable Entity", "status": 422}
ok: [localhost] => (item={'name': 'mount-job.yaml.j2'})
PLAY RECAP *********************************************************************
localhost : ok=4 changed=1 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
params.yml
params.yml.zip
Main Issue: If two processes with different non-root UIDs write to an EFS mount, the file ownership of one of the UIDs doesn't get maintained. It will result in one UID always be recorded in the file system. This has been observed during the EFS CSI driver certification process for Db2.
Request: EFS CSI driver needs to support two userIDs writing to a file system. The request is to include a testing feature that tests for the ability to handle maintaining mulitple UIDs in this scenario.
Installation of Ansible package "openshift" might fail on a dependent package "PyYAML" due to the existing "PyYAML" version is too old, and can't be safely removed for the update.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.