Paul Bastide

Blog

  • Setting up Local Storage Operator and OpenShift Data Foundation on IBM Power

    Here are my notes from LSO and ODF setup on Power

    Install Local Storage Operator

    1. Log in to the OpenShift Web Console.
    2. Click Operators OperatorHub.
    3. Type local storage in the Filter by keyword…​ box to find the Local Storage Operator from the list of operators and click on it.
    4. Set the following options on the Install Operator page:
      1. Update channel as stable.
      1. Installation Mode as A specific namespace on the cluster.
      1. Installed Namespace as Operator recommended namespace openshift-local-storage.
      1. Approval Strategy as Automatic.
    5. Click Install.

    Setup Labels for Storage Nodes

    1. Add label to the workers which are being used by ODF, this should be the workers where the storage are attached
    oc get nodes -l node-role.kubernetes.io/worker= -oname \
    | xargs -I {} oc label {} cluster.ocs.openshift.io/openshift-storage=
    1. Rescan the scsi bus so we get all of the devices added.
    oc get nodes -l node-role.kubernetes.io/worker= -oname \
    | xargs -I {} oc debug {} -- chroot /host rescan-scsi-bus.sh
    1. Build the by-id paths
    oc get nodes -l node-role.kubernetes.io/worker= -oname \
    | xargs -I {} oc debug {} -- chroot /host udevadm trigger --settle

    note: don’t worry about Failed to write 'change' to '/sys/devices/vio/4004/uevent', ignoring: No such device events.

    1. Discover the local volumes using LocalVolumeDiscovery
    cat << EOF | oc apply -f -
apiVersion: local.storage.openshift.io/v1alpha1
kind: LocalVolumeDiscovery
metadata:
  name: auto-discover-devices
  namespace: openshift-local-storage
spec:
  nodeSelector:
    nodeSelectorTerms:
    - matchExpressions:
      - key: cluster.ocs.openshift.io/openshift-storag
        operator: Exists
EOF
    1. Check the LocalVolumeDiscovery is started and Discovering
    oc get LocalVolumeDiscovery -n openshift-local-storage -oyaml auto-discover-devices
...
status:
  conditions:
  - lastTransitionTime: "2025-06-26T01:27:03Z"
    message: successfully running 3 out of 3 discovery daemons
    status: "True"
    type: Available
  observedGeneration: 2
  phase: Discovering
    1. Now that it’s ready, we’re going to find the disks:
    # oc get LocalVolumeDiscoveryResult -n openshift-local-storage -ojson | jq -r '.items[].status.discoveredDevices[] | select(.status.state == "Available" and .type == "disk").path' | sort -u
/dev/sde
/dev/sdf
/dev/sdg
/dev/sdh
    1. Create the Local Volume
    cat << EOF | oc apply -f -
apiVersion: local.storage.openshift.io/v1
kind: LocalVolume
metadata:
  name: localblock
  namespace: openshift-local-storage
spec:
  logLevel: Normal
  managementState: Managed
  nodeSelector:
    nodeSelectorTerms:
      - matchExpressions:
          - key: cluster.ocs.openshift.io/openshift-storage
            operator: Exists
  storageClassDevices:
    - devicePaths:
        - /dev/sde
        - /dev/sdf
        - /dev/sdg
        - /dev/sdh
      storageClassName: localblock
      volumeMode: Block
EOF
    1. Check the LocalVolume is ready oc get LocalVolume -n openshift-local-storage -oyaml
      status:
    conditions:
    - lastTransitionTime: "2025-06-26T18:40:20Z"
      message: Ready
      status: "True"
      type: Available
    generations:
    - group: apps
      hash: ""
      lastGeneration: 2
      name: diskmaker-manager
      namespace: openshift-local-storage
      resource: DaemonSet
    managementState: Managed
    observedGeneration: 1
    readyReplicas: 0

    If ready, we can proceed.

    1. Navigate to ODF Operator.

    2. Click Create StorageSystem. Select localblock.

    You can rpoceed with setup from there.

    Thanks to T K Chasan

  • Kudos to the IBM Power team for enabling Maximo Application Suite on IBM Power.

    Kudos to the IBM Power team for enabling Maximo Application Suite on IBM Power.

    IBM has enabled Maximo Application Suite (MAS) 9.x on IBM Power (ppc64le), installable on Red Hat OpenShift 4.17+, offering a resilient, secure, and sustainable platform for enterprise asset management. MAS streamlines asset lifecycles, enhances reliability, and reduces operational costs. Running MAS on Power delivers 99.9999% availability, robust security, and lower energy consumption compared to competitive systems.

    References

    1. Blog https://community.ibm.com/community/user/blogs/julie-mathew/2025/06/24/enabling-maximo-application-suite-9x-on-ibm-power
    2. Availability of MAS 9.1 on IBM Power – Announcement letter
    3. MAS documentation What’s New in MAS 9.1

  • Expanding Open Source Access: GitHub Actions Now Available for IBM Power, IBM Z and IBM LinuxONE

    Exciting news from IBM… .IBM is bringing GitHub Actions runners to IBM Power, Z, and LinuxONE platforms—streamlining CI/CD for open-source projects across diverse architectures. This milestone empowers developers with seamless cross-platform automation, eliminating the need for multiple CI tools.

    IBM actively collaborating with open-source communities and offering personalized onboarding support. Join us in shaping the future of open development—explore our GitHub repo, contribute, and grow with us! 💻🌍

    For more information reach out at https://community.ibm.com/community/user/blogs/mick-tarsel/2025/06/23/github-actions-power-z

  • 🚀 What’s New in OpenShift Container Platform 4.19

    Red Hat OpenShift 4.19 is here! This release is based on Kubernetes 1.32, uses the CRI-O 1.32 runtime, and runs on RHEL CoreOS 9.6. It brings a lots of new features and enhancements across core platform capabilities and security.

    IBM Power users can deploy a highly performance cluster with excellent features and capabilities for their workload.

    Let’s take a look at what’s new:

    🔧 Core Platform Enhancements

    • Gateway API via OpenShift Service Mesh 3
      Now GA (Generally Available), this enables more flexible and powerful ingress management using the Gateway API.
    • OVN-Kubernetes BGP Support
      Coming soon in a 4.19.z update, this will enhance networking capabilities with BGP support.
    • On-cluster Image Mode
      This allows for more flexible image management directly within the OpenShift cluster.
    • cgroups v1 Removed
      OpenShift 4.19 fully transitions to cgroups v2, aligning with modern Linux standards.

    Security Improvements

    • Cert-manager Router Integration
      Now supports loading secrets directly into the router, simplifying certificate management.
    • Bring Your Own External OIDC
      Also in Tech Preview, this allows integration with external OpenID Connect providers for authentication.

    📺 Learn More

    Check out the official video overview:
    🎥 What’s New in OpenShift 4.19

    🔗 Key Resources

    Thanks for reading, and happy upgrading!

  • Outrigger: Rethinking Kubernetes Scheduling for a Smarter Future

    At DevConf.CZ 2025, a standout session from Alessandro Di Stefano and Prashanth Sundararaman introduced the Outrigger project, a forward-thinking initiative aimed at transforming Kubernetes scheduling into a dynamic, collaborative ecosystem. Building on the success of the Multiarch Tuning Operator for OpenShift, Outrigger leverages Kubernetes’ scheduling gates to go beyond traditional multi-architecture scheduling.

    👉 Watch the full session here:

    Excellent work by that team.

  • Reshare: Help Shape HashiCorp Integration for IBM Power

    For those integrating with Power, and interested in HashiCorp, you might be interested in this post.

    IBM Power is collecting insights on how you use HashiCorp products to manage infrastructure and security—including your specific use cases. Even if you’re not currently using these tools, we’d still love to hear from you. The survey takes just 10 minutes, and your feedback will help shape the future integration of HashiCorp into IBM Power.

    Click here to take the survey [ibm.biz/hashicorp_ibmpower]

    See https://community.ibm.com/community/user/question/help-shape-hashicorp-integration-for-ibm-power-2

  • CP4D 5.2 release – IBM Knowledge Catalog (IKC) and DataStage are both now available on OpenShift on Power through Cloud Pak for Data

    Per the CP4D Leader, with CP4D 5.2 release – IBM Knowledge Catalog (IKC) and DataStage are both now available on OpenShift on Power through Cloud Pak for Data!

    – IBM Knowledge Catalog provides the methods that your enterprise needs to automate data governance so you can ensure data accessibility, trust, protection, security, and compliance

    – With DataStage, you can design and run data flows that move and transform data. You’re able to compose data flows with speed and accuracy using an intuitive graphical design interface that lets you connect to a wide range of data sources, integrate and transform data, and deliver it to your target system in batch or real time

    Read more about it at:

    1. https://www.ibm.com/docs/en/software-hub/5.2.x?topic=requirements-ppc64le-hardware#services

    2. https://community.ibm.com/community/user/blogs/jay-carman/2025/06/12/introducing-ibm-knowledge-catalog-on-ibm-power

  • prometheus hack to reduce disk pressure in non-prod environments

    Here is a script to reduce monitoring disk pressure. It prunes the db.

    cat << EOF > cluster-monitoring-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
    prometheusK8s:
      retention: 1d
EOF
oc apply -f cluster-monitoring-config.yaml

  • Using nx-gzip in your Red Hat OpenShift Container Platform on IBM Power to accelerate GZip performance

    Cross post from https://community.ibm.com/community/user/blogs/paul-bastide/2025/06/09/using-nx-gzip-in-your-red-hat-openshift-container

    The Power10 processor features an on-chip accelerator that is called the nest accelerator unit (NX unit). The coprocessor features that are available on the Power10 processor are similar to the features of the Power9 processor. These coprocessors provide specialized functions, such as the Industry-standard Gzip compression and decompressionRandom number generation and AES and Secure Hash Algorithm (SHA) cryptography.

    Block diagram of the NX unit

    This article outlines how to use nx-gzip in a non-privileged container in Red Hat OpenShift Container Platform on IBM Power. You must have deployed a cluster with workers with a processor compatibility of IBM Power 10 or higher. The Active Memory Expansion feature must be licensed.

    Build the power-gzip selftest binary

    The test binary is used to show the feature is working and you can use the selftest and sample code to integrate in your environment.

    1. Login to the PowerVM instance running Red Hat Enterprise Linux 9
    2. Install required build binaries
    dnf install make git gcc zlib-devel vim util-linux-2.37.4-11.el9.ppc64le -y
    1. Setup the Clone repository
    git clone https://github.com/libnxz/power-gzip
cd power-gzip/
    1. Run the tests
    ./configure 
cd selftests
make
    1. Find the created test files
    # ls g*test -al
-rwxr-xr-x. 1 root root 74992 Jun  9 08:24 gunz_test
-rwxr-xr-x. 1 root root 74888 Jun  9 08:24 gzfht_test

    You are ready to test it.

    Setup the NX-GZip test deployment

    Download the examples repository and setup kustomization, and configure cri-o so you can deploy and use /dev/crypto/nx-gzip in a container.

    1. Install Kustomization tool for the deployment
    curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash
sudo mv kustomize /usr/local/bin
kustomize -h
    1. Clone the ocp4-power-workload-tools repository
    git clone https://github.com/IBM/ocp4-power-workload-tools
cd ocp4-power-workload-tools
    1. Configure the worker nodes to use /dev/crypto/nx-gzip as an allowed_device.
    oc apply -f ocp4-power-workload-tools/manifests/nx-gzip/99-worker-crio-nx-gzip.yaml
    1. Export kubeconfig using export KUBECONFIG=~/.kube/config
    2. Setup the nx-gzip test Pod as below
    cd manifests/nx-gzip
kustomize build . | oc apply -f -
    1. Resulting running pod as below
    # oc get pod -n nx-gzip-demo
NAME               READY   STATUS    RESTARTS   AGE
nx-gzip-ds-2mlmh   1/1     Running   0          3s

    You are ready to test nx-gzip.

    To test with Privileged mode, you can use nx-gzip-privileged.

    Copy the Test artifact into the running Pod and Run the Test Artifact

    1. Copy the above created executable files to the running pod
    # oc cp gzfht_test nx-gzip-ds-2mlmh:/nx-test/
    1. Access the pod shell and confirm the Model name is Power10 or higher.
    # oc rsh nx-gzip-ds-2mlmh
sh-5.1# lscpu | grep Model
Model name:                           POWER10 (architected), altivec supported
Model:                                2.0 (pvr 0080 0200)
    1. Create a test file for testing
    sh-5.1# dd if=/dev/random of=/nx-test/test bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.00431494 s, 243 MB/s
sh-5.1#
    1. Run the tests in pod
    sh-5.1# /nx-test/gzfht_test /nx-test/test
file /nx-test/test read, 1048576 bytes
compressed 1048576 to 1105994 bytes total, crc32 checksum = a094fbab
sh-5.1# echo $?
0

    If it shows as compressed and the return code is 0 and as above then its considered as PASS.

    You’ve seen how the nx-gzip works in Pod. You can also combine with the Node Feature Discovery to label each Node Resource with cpu-coprocessor.nx_gzip=true

    Thank you for your time and good luck.

    Reference

    1. IBM Power10 Scale Out Servers Technical Overview S1012, S1014, S1022s, S1022 and S1024
    2. Exploitation of In-Core Acceleration of POWER Processors for AIX
    3. POWER NX zlib compliant library
    4. Db2: Hardware accelerated backup and log file compression

  • Getting the ibmvfc logs from the impacted clusters

    If you are using the IBM Virtual Fibre Channel adapter with your OpenShift on Power installation, you can use these steps to get the log details.

    Here are the steps to get the ibmvfc from the nodes which are failing:

    Grabbing the ibmvfc logs

    ibmvfc is the driver for the virtual fibre channel adapters.

    To setup ibmvfc logging:

    1. Login as a cluster-admin
    # export KUBECONFIG=/root/openstack-upi/auth/kubeconfig
# oc get MachineConfigPool -o=jsonpath='{range.items[*]}{.metadata.name} {"\t"} {.status.nodeInfo.kubeletVersion}{"\n"}{end}'
master
worker
    1. For each of these listed MachineConfigPools, let’s create 99-<mcp-name>-vfc.yaml. These systems will reboot.
    # cat << EOF > 99-worker-vfc.yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: "worker"
  name: 99-worker-vfc
spec:
  kernelArguments:
    - 'scsi_mod.scsi_logging_level=4096'
    - 'ibmvfc.debug=1'
    - 'ibmvfc.log_level=3'
EOF

    # cat << EOF > 99-master-vfc.yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: "master"
  name: 99-master-vfc
spec:
  kernelArguments:
    - 'scsi_mod.scsi_logging_level=4096'
    - 'ibmvfc.debug=1'
    - 'ibmvfc.log_level=3'
EOF
    1. Let’s apply the yamls, one at a time:
    # oc apply -f 99-worker-vfc.yaml
machineconfig.machineconfiguration.openshift.io/99-worker-vfc created
    1. Wait for the MachineConfigPool to come back up, such as worker:
    # oc wait mcp/worker --for condition=Ready --timeout=30m
    1. Verify each Machine Config Pool is done updating:

    The following shows the worker pool is updating:

    # oc get mcp worker
NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
worker   rendered-worker-b93fdaee39cd7d38a53382d3c259c8ae   False     True       True       2              1                   1                     1                      8d

    The following shows the worker pool is Ready:

    # oc get mcp worker
NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
worker   rendered-worker-b93fdaee39cd7d38a53382d3c259c8ae   True     False       False       2              2                   0                     2                      8d
    1. Spot check the updates…

    a. List the nodes oc get nodes b. Connect to one of the nodes oc debug node/worker-0 c. Change context to /host chroot /host d. verify kernel argument contain the three values we set.

    # rpm-ostree kargs
rw $ignition_firstboot  ostree=/ostree/boot.1/rhcos/d7d848ba24dcacb1aba663e9868d4bd131482d9b7fecfa33197f558c53ae5208/0 ignition.platform.id=powervs root=UUID=06207aa5-3386-4044-bcb6-750e509d7cf0 rw rootflags=prjquota boot=UUID=6c67b96e-4e01-4e01-b8e5-ffeb4041bee2 systemd.unified_cgroup_hierarchy=1 cgroup_no_v1="all" psi=0 scsi_mod.scsi_logging_level=4096 ibmvfc.debug=1 ibmvfc.log_level=3 rd.multipath=default root=/dev/disk/by-label/dm-mpath-root
    1. Wait for the error to occur, get the console logs and the journalctl --dmesg output from the node.

    You’ll end up with a bunch of messages like:

    [    2.333257] ibmvfc 30000004: Partner initialization complete
[    2.333308] ibmvfc 30000004: Sent NPIV login
[    2.333336] ibmvfc: Entering ibmvfc_alloc_mem
[    2.333340] ibmvfc: Entering ibmvfc_alloc_queue
[    2.333343] ibmvfc: Entering ibmvfc_init_event_pool
[    2.333402] ibmvfc: Leaving ibmvfc_alloc_mem
[    2.333439] ibmvfc: Entering ibmvfc_init_crq
[    2.333443] ibmvfc: Entering ibmvfc_alloc_queue
[    2.333446] ibmvfc: Entering ibmvfc_init_event_pool
[    2.333482] ibmvfc: Leaving ibmvfc_init_event_pool
[    2.333743] ibmvfc: Leaving ibmvfc_init_crq

    Once we’ve grabbed this level of detail, we can delete the MachineConfig and it’ll reboot and reset the kernel arguments.

    And you can share the logs with support.

    Please only use this under guidance.

    Reference

    https://www.ibm.com/docs/en/linux-on-systems?topic=commands-scsi-logging-level