Install Portworx with Pure Storage FlashArray
Prerequisites
- Have an on-premise Kubernetes cluster with FlashArray that meets the minimum requirements for Portworx.
- Have a Pure Storage FlashArray with Purity version 5.3.0 or newer.
- Use the FC, iSCSI,NVMe-oF/RoCE, or NVMe-oF/TCP protocol.
- Create a Pure secret px-pure-secretunder the STC namespace before installing Portworx.
- Enable CSI for Portworx.
- Install the latest Linux multipath software package on your operating system that include these fixes. This package also must include kpartx.
- Have the latest Filesystem utilities/drivers.
- Have the following latest package installed on all nodes (including master):
- libStorageMgmt
- device-mapper-multipath
- libstoragemgmt-udev
- iscsi-initiator-utils
 noteRed Hat only: Ensure that the second action CAPACITY_DATA_HAS_CHANGEDis uncommented in the 90-scsi-ua.rules file and you have restarted theudevservice.
- Have the latest FC initiator software for your operating system (Optional; required for FC connectivity).
Configure your physical environment
Before you install Portworx, ensure that your physical network is configured appropriately and that you meet the prerequisites. You must provide Portworx with your FlashArray configuration details during installation.
- Each FlashArray management IP address can be accessed by each node.
- Your cluster contains an up-and-running FlashArray with an existing dataplane connectivity layout (iSCSI, Fibre Channel).
- If you're using iSCSI, the storage node iSCSI initiators are on the same VLAN as the FlashArray iSCSI target ports.
- If you are using multiple network interface cards (NICs) to connect to an iSCSI host, then all of them must be accessible from the FlashArray management IP address.
- If you're using Fibre Channel, the storage node Fibre Channel WWNs have been correctly zoned to the FlashArray Fibre Channel WWN ports.
- You have an API token for a user on your FlashArray with at least storage_adminpermissions. Check the documentation on your device for information on generating an API token.
Configure your software environment
Configure your software environment within a computing infrastructure. It involves preparing both the operating system and the underlying network and storage configurations.
Follow the instructions below to set up CSI snapshot feature, disable secure boot mode, and configure the multipath.conf file appropriately. These configurations ensure that the system's software environment is properly set up to allow Portworx to interact correctly with the hardware components, like storage devices (using protocols such as iSCSI or Fibre Channel), and to function correctly within the network infrastructure.
Set up your environment to use CSI snapshot feature
To use the CSI snapshot feature, install the following:
- 
- 
You can also install the snapshot controller by adding the following lines to your StorageCluster: csi:
 enabled: true
 installSnapshotController: true
 
- 
Disable secure boot mode
Portworx requires the secure boot mode to be disabled to ensure it can operate without restrictions. Here's how to disable secure boot mode across different platforms:
- RHEL/CentOS
- VMware
For REHL/CentOS you can perform the following steps to check and disable the secure boot mode:
- 
Check the status of secure boot mode: /usr/bin/mokutil --sb-state
- 
If secure boot is enabled, disable it: /usr/bin/mokutil --disable-validation
- 
Apply changes by rebooting your system: reboot
For VMware, navigate to the Edit Setting window of the virtual machine on which you are planning to deploy Portworx. Ensure that the checkbox against the Secure Boot option under VM Options is not selected, as shown in the following screenshot:

Verify the status of the secure boot mode
Run the following command to ensure that the secure boot mode is off:
/usr/bin/mokutil --sb-state
SecureBoot disabled
Configure the multipath.conf file
- For defaults:- FlashArray and Portworx does not support user friendly names, disable it and set it to nobefore installing Portworx on your cluster. This ensures Portworx and FlashArray use consistent device naming conventions.
- Add polling 10as per the RHEL Linux recommended settings. This defines how often the system checks for path status updates.
 
- FlashArray and Portworx does not support user friendly names, disable it and set it to 
- To prevent any interference from multipathdservice on Portworx volume operations, set the pxd device denylist rule.
Your multipath.conf file should resemble the following structure:
- RHEL/CentOS
- Ubuntu
defaults {
    user_friendly_names no
    enable_foreign "^$"
    polling_interval    10
    find_multipaths yes
}
devices {
    device {
        vendor                      "NVME"
        product                     "Pure Storage FlashArray"
        path_selector               "queue-length 0"
        path_grouping_policy        group_by_prio
        prio                        ana
        failback                    immediate
        fast_io_fail_tmo            10
        user_friendly_names         no
        no_path_retry               0
        features                    0
        dev_loss_tmo                60
    }
    device {
        vendor                   "PURE"
        product                  "FlashArray"
        path_selector            "service-time 0"
        hardware_handler         "1 alua"
        path_grouping_policy     group_by_prio
        prio                     alua
        failback                 immediate
        path_checker             tur
        fast_io_fail_tmo         10
        user_friendly_names      no
        no_path_retry            0
        features                 0
        dev_loss_tmo             600
    }
}
blacklist_exceptions {
        property "(SCSI_IDENT_|ID_WWN)"
}
blacklist {
      devnode "^pxd[0-9]*"
      devnode "^pxd*"
      device {
        vendor "VMware"
        product "Virtual disk"
      }
}
defaults {
    user_friendly_names no
    find_multipaths yes
}
devices {
    device {
        vendor                      "NVME"
        product                     "Pure Storage FlashArray"
        path_selector               "queue-length 0"
        path_grouping_policy        group_by_prio
        prio                        ana
        failback                    immediate
        fast_io_fail_tmo            10
        user_friendly_names         no
        no_path_retry               0
        features                    0
        dev_loss_tmo                60
    }
    device {
        vendor                   "PURE"
        product                  "FlashArray"
        path_selector            "service-time 0"
        hardware_handler         "1 alua"
        path_grouping_policy     group_by_prio
        prio                     alua
        failback                 immediate
        path_checker             tur
        fast_io_fail_tmo         10
        user_friendly_names      no
        no_path_retry            0
        features                 0
        dev_loss_tmo             600
    }
}
blacklist {
      devnode "^pxd[0-9]*"
      devnode "^pxd*"
      device {
        vendor "VMware"
        product "Virtual disk"
      }
}
Set up user access in FlashArray
Generate an API token
To establish secure communication between Portworx and FlashArray, an API token is required. The token serves as a key for Portworx to authenticate with FlashArray and perform storage operations on behalf of authorized users. This section provides the steps to generate such a token, which encapsulates your authorization within the FlashArray environment.
Create a new user
- From your FlashArray dashboard, click Settings in the left pane. On the Settings page, click Access. Click the vertical ellipsis at the right corner of the Users section to select the Create User option, as shown in the folloiwng screenshot:
 
- In the Create User window, provide your information, set your role as Storage Admin, and click Create to add yourself as a user.
Generate an API token
- To create a token for the user you created, select the user from the Users list, click the vertical ellipsis in the right-hand corner of the username, and select Create API Token:
 
- In the API Token window, leave the Expires in field blank if you want to create a token that never expires, and click Create.
- Save this information to avoid the need to recreate the token.
Create a JSON configuration file
For Portworx to integrate with FlashArray, it requires a JSON configuration file containing essential information about the FlashArray environment. This file, typically named pure.json, includes the management endpoints and the newly generated API token.
- Management endpoints: The management endpoints are URLs or IP addresses that Portworx will use to send API calls to FlashArray. Find these by going to Settings and selecting Network within your FlashArray dashboard. Note the IP addresses or hostnames of your management interfaces, usually identified by a vir prefix, indicating virtual interfaces:
 
- API token: Generated in the previous section.
Use the above information to create JSON file. Below is a template for the configuration content, which you should populate with your specific information:
{
    "FlashArrays": [
        {
            "MgmtEndPoint": "<fa-management-endpoint>",
            "APIToken": "<fa-api-token>"
        }
    ]
}
You can add FlashBlade configuration information to this file if you're configuring both FlashArray and FlashBlade together. Refer to the JSON file reference for more information.
Create a Kubernetes Secret
The specific name px-pure-secret is required so that Portworx can correctly identify and access the Kubernetes secret upon startup. This secret securely stores the FlashArray configuration details and allows Portworx to access this information within the Kubernetes environment.
Enter the following kubectl create command to create a Kubernetes secret called px-pure-secret:
kubectl create secret generic px-pure-secret --namespace <stc-namespace> --from-file=pure.json=<file path>
secret/px-pure-secret created
(Optional) Verify the iSCSI Connection with FlashArray
The instructions in this section are using iSCSI network.
- 
Run the following command to discover your iSCSI targets. Replace <flash-array-interface-endpoint>with your FlashArray's interface, as shown in the following screenshot: iscsiadm -m discovery -t st -p <flash-array-interface-end-piont>10.13.xx.xx0:3260,207 iqn.2010-06.com.purestorage:flasharray.xxxxxxx
 10.13.xx.xx1:3260,207 iqn.2010-06.com.purestorage:flasharray.xxxxxxx
- 
Verify that each node has a unique initiator. Run the following command on each node: cat /etc/iscsi/initiatorname.iscsiInitiatorName=iqn.1994-05.com.redhat:xxxxx
- 
If the initiator names are not unique, it's necessary to assign a new unique initiator name. To do this, execute the following command: echo "InitiatorName=`/sbin/iscsi-iname`" > /etc/iscsi/initiatorname.iscsiReplace the initiator names on any nodes that have duplicates with the newly generated unique names. 
(Optional) Set up NVMe-oF/TCP protocol for FlashArray
If you are using the NVMe-oF/TCP protocol, complete the following steps to ensure that the prerequisites are met and optimize performance for FlashArray.
Prerequisites
- 
Supported Operating System: RHEL 9.4 and Ubuntu 22.04 
- 
Supported Multipath version: multipath-tools(0.8.7 or later)
- 
Supported NVMe CLI version Operating System NVMe CLI version - RHEL version earlier than 9.4
- Ubuntu version earlier than 22.04
 Version 1.16 - RHEL version 9.4 or later
- Ubuntu version 22.04 or later
 Version 2.6 or later 
- 
Ensure that device mapper multipath is used by default. To verify, check if the multipath parameter exists under /sys/module/nvme_core/parameters/. If it exists, it should be set toN, which indicates that native NVMe multipath is supported but disabled. If there is no multipath parameter, the kernel doesn’t support native NVMe multipath, and device mapper multipath is used by default, which is expected.modprobe nvme_core
 cat /sys/module/nvme_core/parameters/multipath # Should return `N`
Optimize NVMe Performance Settings
The following settings are recommended to optimize performance and ensure that NVMe storage devices function efficiently within a multipath environment:
- 
Disable I/O Scheduler: NVMe devices manage their own queuing and prioritize requests, making kernel-level I/O scheduling unnecessary. cat /sys/block/nvme0n1/queue/scheduler # Should return '[none] mq-deadline'
- 
Enable blk-mq: Enabling block multi-queue (blk-mq) for multipath devices allows the system to use multiple I/O queues, improving parallel request handling. cat /sys/module/dm_mod/parameters/use_blk_mq # Should return 'Y'
After modifying the configuration, restart the multipathd service:
systemctl restart multipathd.service
Verify NVMe Qualified Name (NQN)
After installing the NVMe CLI, verify the NVMe Qualified Name (NQN) on all nodes:
- 
Run the following command on each node to verify whether each node has a unique NVMe Qualified Name (NQN): cat /etc/nvme/hostnqnnqn.2014-08.org.nvmexpress:uuid:xxxxxxx-xxxx-xxxx-xxxx-c6412d6e0e77
- 
If the NQNs are not unique, assign a new name using the following command to prevent potential conflicts in networked environments: nvme gen-hostnqn > /etc/nvme/hostnqn
By ensuring that these settings are properly configured, you can optimize NVMe performance and maintain stable connectivity with FlashArray in an NVMe-oF/TCP environment.
Deploy Portworx
Depending upon how you want to install Portworx, select the appropriate tab:
- Spec Gen
- Helm
Generate specs
To install Portworx with Kubernetes, you must first generate Kubernetes manifests that you will deploy in your cluster:
- 
Sign in to the Portworx Central console. 
 The system displays the Welcome to Portworx Central! page.
- 
In the Portworx Enterprise section, select Generate Cluster Spec. 
 The system displays the Generate Spec page.
- 
In the Generate Spec page: - For Platform, select Pure FlashArray.
- Select None for Distribution Name, then click Save and Download to generate the specs.
 noteBy default, iSCSI is set as your protocol for data transfer. To change this option, click Customize and navigate to the Storage window. Select a different option from the Select type of storage area network dropdown. 
- 
(Optional) If you are using multiple NICs for iSCSI host, then add the following environment variable to your StorageCluster spec. Replace <nic-interface-names>with comma-separated names of NICs such as"eth1,eth2":env:
 - name: PURE_ISCSI_ALLOWED_IFACES
 value: "<nic-interface-names>"
If you have multiple NICs on your virtual machine, then FlashArray does not distinguish the NICs that include iSCSI and the others without iSCSI. This list must be provided, otherwise Portworx may potentially use only one of the provided interfaces.
Apply specs
Apply the Operator and StorageCluster specs you generated in the section above using the kubectl apply command:
- 
Deploy the Operator: kubectl apply -f 'https://install.portworx.com/<version-number>?comp=pxoperator&kbver=1.25.0&ns=portworx'serviceaccount/portworx-operator created
 podsecuritypolicy.policy/px-operator created
 clusterrole.rbac.authorization.k8s.io/portworx-operator created
 clusterrolebinding.rbac.authorization.k8s.io/portworx-operator created
 deployment.apps/portworx-operator created
- 
Deploy the StorageCluster: kubectl apply -f 'https://install.portworx.com/<version-number>?operator=true&mc=false&kbver=1.25.0&ns=portworx&b=true&iop=6&c=px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e&stork=true&csi=true&mon=true&tel=true&st=k8s&promop=true'storagecluster.core.libopenstorage.org/px-cluster-xxxxxxxx-xxxx-xxxx-xxxx-5db83030471e created
Once deployed, Portworx detects that the FlashArray secret is present when it starts up and can use the specified FlashArray as a cloud storage provider.
Note that the following section is only applicable if you are using Direct Access volumes, and not cloud drives.
Install Portworx
For this example we will deploy Portworx in the portworx namespace. If you want to install it in a different namespace, use the -n <px-namespace> flag.
- 
To install Portworx, add the portworx/helmrepository to your local Helm repository.helm repo add portworx https://raw.githubusercontent.com/portworx/helm/master/stable/"portworx" has been added to your repositories
- 
Verify that the repository has been successfully added. helm repo listNAME URL
 portworx https://raw.githubusercontent.com/portworx/helm/master/stable/
- 
Create a px_install_values.yamlfile and add the following parameters.openshiftInstall: true
 drives: size=150
 envs:
 - name: PURE_FLASHARRAY_SAN_TYPE
 value: ISCSI
- 
In many cases, you may want to customize Portworx configurations, such as enabling monitoring or specifying specific storage devices. You can pass the custom configuration to the px_install_values.yamlyaml file.note- You can refer to the Portworx Helm chart parameters for a list of configurable parameters and values.yaml file for configuration file template.
- The default clusterName is mycluster. However, it's recommended to change it to a unique identifier to avoid conflicts in multi-cluster environments.
 
- 
Install Portworx using the following command: noteTo install a specific version of Helm chart, you can use the --versionflag. Example:helm install <px-release> portworx/portworx --version <helm-chart-version>.helm install <px-release> portworx/portworx -n <portworx> -f px_install_values.yaml --debug
- 
You can check the status of your Portworx installation. helm status <px-release> -n portworxNAME: px-release
 LAST DEPLOYED: Thu Sep 26 05:53:17 2024
 NAMESPACE: portworx
 STATUS: deployed
 REVISION: 1
 TEST SUITE: None
 NOTES:
 Your Release is named "px-release"
 Portworx Pods should be running on each node in your cluster.
 Portworx would create a unified pool of the disks attached to your Kubernetes nodes.
 No further action should be required and you are ready to consume Portworx Volumes as part of your application data requirements.
Update Portworx configuration
If you need to update the configuration of Portworx, you can modify the parameters in the px_install_values.yaml file specified during the Helm installation. This allows you to change the values of configuration parameters.
- 
Create or edit the px_install_values.yamlfile to update the desired parameters.vim px_install_values.yamlmonitoring:
 telemetry: false
 grafana: true
- 
Apply the changes using the following command: helm upgrade <px-release> portworx/portworx -n <portworx> -f px_install_values.yamlRelease "px-release" has been upgraded. Happy Helming!
 NAME: px-release
 LAST DEPLOYED: Thu Sep 26 06:42:20 2024
 NAMESPACE: portworx
 STATUS: deployed
 REVISION: 2
 TEST SUITE: None
 NOTES:
 Your Release is named "px-release"
 Portworx Pods should be running on each node in your cluster.
 Portworx would create a unified pool of the disks attached to your Kubernetes nodes.
 No further action should be required and you are ready to consume Portworx Volumes as part of your application data requirements.
- 
Verify that the new values have taken effect. helm get values <px-release> -n <portworx>You should see all the custom configurations passed using the px_install_values.yamlfile.
Create FlashArray Direct Access volumes
To deploy Portworx with FlashArray using Direct Access volumes instead of cloud drives, you must create a storage class and a PVC using that storage class.
Follow the instruction in the Use FlashArray as a Direct Access volume section to create your first PVC.