How to configure COSBench to Consume MCG Endpoint on OCS 4.x

Updated 18 Aug 2020

COSBench is a distributed benchmark tool to test cloud object storage systems, it supports a few cloud object storage systems so far (like OpenStack Swift, Ceph, Amazon S3).
COSBench automatically switches to using SSL. However, when using the OpenShift route for the S3 service, the traffic is served using the cluster Ingress certificate. If this certificate is not replaced by the admin user it defaults to a self-signed certificate which was issued by the router-ca.

Fetch Certificates From the OpenShift Cluster

Create a directory to store all the fetched certificates
```
 $ mkdir fetch-certs
 $ cd fetch-certs
```

Fetch the CA certificate and store is the file ca.crt

 $ oc get secret router-ca -o yaml -n openshift-ingress-operator | grep -i tls.crt | awk '{print $2}' | base64 -d > ca.crt

Add the Root CA to the Browser

Go to Preferences
Click the View Certificates button
Click the Authorities tab
Click the Import button at the bottom of the screen
Navigate to the ca.crt certificate and import it.

Verify that the CA Certificate is imported properly

Fetch the console URL

 $ oc get route -n openshift-console | grep ^console

While login to the OCP console and you should not see any certificate warning.

Install and Configure COSBench to connect with OCS

Install COSBench

To install COSBench on a virtual or physical machine, follow Content from usermanual.wiki is not included.COSBench User Guide
To install Containerized COSBench inside the OpenShift cluster, follow Content from docs.google.com is not included.Deploying Containerized Cosbench on OCP 4.x

Configure COSBench

If the node from where you accessed the OpenShift cluster and stored the CA certificate is different from the node where COSBench is configured. Then, copy the root CA certificate to the node where COSBench is configured.
```
 $ scp  <node-having-certificates>:<path-to-ca-cert> .
```

Import the root CA and Ingress Certificate into the trusted Keystore that JVM is using.

 # keytool -import -trustcacerts -alias root-ca -file ca.crt -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/jssecacerts -storepass changeit

Stop and Start the COSBench so that new CA is loaded in COSBench
```
 # ./stop-all.sh
 # ./start-all.sh
```

Fetch the access key, secret key and endpoint from the noobaa status command

 $ noobaa status
 ...
 #----------------#
 #- S3 Addresses -#
 #----------------#
 ExternalDNS : [https://s3-openshift-storage.apps.ocs.ocp.gsslab.pnq2.redhat.com]
 
 #------------------#
 #- S3 Credentials -#
 #------------------#
 AWS_ACCESS_KEY_ID     : cJwiBSLumto4tHnAkuJ
 AWS_SECRET_ACCESS_KEY : EnAlT2fxXerK0gDBJBbYOtRLHrDZllQ4ezzg82
 ...

Modify the workload file to include the access_key, secret_key, and endpoint from the above command.

Run the workload

 # sh cli.sh submit <workload_file.xml>

SBR

Product(s)

Red Hat OpenShift Container Storage

Article Type

General