purestorage/docker-plugin
See certified image at https://store.docker.com/plugins/pure-docker-volume-plugin
10K+
Seamless integration of Docker containers and All Flash Storage. Run stateful applications using industry leading FlashArray and FlashBlade storage products.
Operating Systems Supported*:
Environments Supported*:
Other software dependencies:
Supported Hardware:
* Please see release notes for details
The plugin manages all Pure backends that are advertised in a pure.json. A fleet of backends (more than one backend) can be managed by the plugin. The following is an example of a pure.json file that advertises two FlashArrays and a FlashBlade:
(substitute values for the MgmtEndPoint, NFSEndPoint and APIToken fields with values specific to your FlashArray/FlashBlade installation)
{
"FlashArrays":[
{
"MgmtEndPoint":"1.2.3.4",
"APIToken":"661f9687-0b1e-7b0d-e07d-1e776d50f9eb",
"Labels":{
"env": "production",
"rack": "1b"
}
},
{
"MgmtEndPoint":"5.6.7.8",
"APIToken":"661f9687-0b1e-7b0d-e07d-1e776d50f9eb",
"Labels":{
"env": "staging",
"rack": "2a"
}
}
],
"FlashBlades":[
{
"MgmtEndPoint":"1.2.3.4",
"NFSEndPoint":"1.2.3.5",
"APIToken":"T-661f9687-0b1e-7b0d-e07d-1e776d50f9eb"
}
]
}
When provisioning a volume, a backend is automatically chosen based on the following criteria:
Labels can be used to filter the list of backends. Labels are arbitrary (key, value) pairs that can be added to any backend as seen in the example above. More than one backend can have the same (key, value) pair. When creating a new volume, label (key = value) pairs can be specified to filter the list of backends to a given set. The plugin also provides the following well known labels that can be used:
See below for an example of how to use labels.
Create and populate a configuration file /etc/pure-docker-plugin/pure.json as described above
Install the plugin by running this command :
docker plugin install purestorage/docker-plugin:v3.10 --alias pure
Review (and grant access) to the permissions requested.
Arrange to have /etc/pure-docker-plugin/pure.json to be created and deployed on all your docker nodes. The content of pure.json is as described above.
For a scripted install, you can agree to grant all permissions on the command line, like this
docker plugin install purestorage/docker-plugin:v3.10 --alias pure --grant-all-permissions
Upgrading Managed Plugin Versions
Follow the instructions to upgrade here: https://docs.docker.com/engine/reference/commandline/plugin_upgrade/
Upgrading PURE's Docker Volume plugin from legacy mode to managed mode.
Starting with Docker v1.13, Docker supports enhanced plugin infrastructure. Details about this new managed plugin mode are here : https://docs.docker.com/engine/extend/ Docker versions 1.12 and below runs volume plugins in "legacy mode". If you are upgrading Docker in your environment, you might want to switch PURE's volume plugin from legacy mode to the new managed plugin mode.
Here are steps to do this upgrade :
A docker volume driver called “pure” is now available for use with all docker commands involving volumes. Examples :
Create a volume
docker volume create -—driver=pure -o size=32GB testvol1
Create a volume filtering backends using labels (see the pure.json example above):
Using custom labels
docker volume create --driver=pure -o size=32GB -o volume_label_selector='env=staging' stagingvol1
docker volume create --driver=pure -o size=32GB -o volume_label_selector='rack=2a' rackvol1
Using well known lables
docker volume create --driver=pure -o size=32GB -o volume_label_selector='purestorage.com/backend=file' bladevol1
docker volume create --driver=pure -o size=32GB -o volume_label_selector='purestorage.com/hostname=hostname' testvol1
Create a volume, import an existing volume (not created by the pure plugin) volume
docker volume create --driver=pure --name testvol3 -o import_from_src=<original-volume-name>
Create a volume, clone an existing pure volume
docker volume create --driver=pure --name testvol3 -o source=<original-volume-name>
Run a container and attach a volume
docker run -ti -v testvol1:/data ubuntu:16.04 /bin/bash -i
Run a container, create and attach a volume
docker run -ti --volume-driver=pure -v testvol2:/data ubuntu:16.04 /bin/bash -i
In a cluster, it is required for all docker plugin installations to see all the cluster shared volumes from FlashArray and FlashBlade filesystems, so that the clustering software can mount any volume (FlashArray) or any filesystem (FlashBlade) on any node in the cluster. To get this behavior, set an environment variable for the plugin using the “docker plugin set” command.
docker plugin set pure PURE_DOCKER_NAMESPACE=<clusterid>
Here <clusterid> is a cluster-wide unique string that identifies your cluster from the rest of your infrastructure. To see the current value of this variable, you can run
docker plugin inspect --format "{{ .Settings.Env }}" pure
Name | Default | Description |
---|---|---|
PURE_DOCKER_NAMESPACE | Cluster namespace to use for the plugin to operate in. | |
PURE_DEFAULT_SIZE | 32 | Value (in GiB) for volumes to be created if no size option is specified. |
PURE_DISCOVERY_LOCAL_CONF | /etc/pure-docker-plugin/pure.json | Path to discovery config file. |
PURE_FLASHARRAY_SAN_TYPE | ISCSI | Change the FlashArray configuration for an initiator between ISCSI and FC |
PURE_DEFAULT_BLOCK_FS_TYPE | xfs | Override the default filesystem for block devices provisioned. It is not recommended to change this |
PURE_DEFAULT_BLOCK_FS_OPT | -q | Override the default filesystem creation options (opts for mkfs). It is not recommended to change this |
PURE_DEFAULT_BLOCK_MNT_OPT | Add custom mount options beyond defaults for the storage device. It is not recommended to change this | |
PURE_DEFAULT_ENABLE_FB_NFS_SNAPSHOT | false | Setting for enabling/disabling FlashBlade NFS snapshot feature |
PURE_ISCSI_LOGIN_TIMEOUT | 20 | The iscsi login timeout in seconds |
PURE_ISCSI_ALLOWED_CIDRS | "" | The list of CIDR blocks allowed as the iscsi targets, e.g. 10.0.0.0/24,10.1.0.0/16. Use comma (,) as the separator, and empty string means allowing all addresses. |
PURE_LOG_LEVEL | "debug" | The log level of the plugin. Can be one of debug , info , warn , error , fatal , or panic . |
mkfs.<type>
utilities that correspond to the value
of PURE_DEFAULT_BLOCK_FS_TYPE
.unix:///run/docker/plugins/<plugin-id>/pure.sock
to file /etc/docker/plugins/pure.spec
findmnt
result on hosts would cause docker log parsing failure and buffer overflow, which would cause docker plugin not starting properly.docker plugin set [plugin name or ID] PURE_LOG_LEVEL=[level]
, where level
is one of debug
, info
, warn
, error
, fatal
, or panic
.Mitigated the known CVEs by removing the dependency on Alpine image.
Added the following configuration environment variables.
For example, to adjust the iscsi target login timeout to 10 seconds, you may run:
docker plugin set pure PURE_ISCSI_LOGIN_TIMEOUT=10
To only allow the docker plugin to use iscsi targets in particular subnets, you could run:
docker plugin set pure PURE_ISCSI_ALLOWED_CIDRS=10.1.2.0/24,10.2.0.0/16
See Configuration Options for details.
docker plugin install purestorage/docker-plugin