PowerScale

Here are some installation failures that might be encountered and how to mitigate them.

Symptoms Prevention, Resolution or Workaround
The kubectl logs isilon-controller-0 -n isilon -c driver logs shows the driver cannot authenticate Check your secret’s username and password for corresponding cluster
The kubectl logs isilon-controller-0 -n isilon -c driver logs shows the driver failed to connect to the Isilon because it couldn’t verify the certificates Check the isilon-certs- secret and ensure it is not empty and it has the valid certificates. Set isiInsecure: "true" for insecure connection. SSL validation is recommended in the production environment.
The kubectl logs isilon-controller-0 -n isilon -c driver logs shows the driver error: create volume failed, Access denied. create directory as requested This situation can happen when the user who created the base path is different from the user configured for the driver. Make sure the user used to deploy CSI-Driver must have enough rights on the base path (i.e. isiPath) to perform all operations.
Volume/filesystem is allowed to mount by any host in the network, though that host is not a part of the export of that particular volume under /ifs directory “Dell EMC PowerScale: OneFS NFS Design Considerations and Best Practices”:
There is a default shared directory (ifs) of OneFS, which lets clients running Windows, UNIX, Linux, or Mac OS X access the same directories and files. It is recommended to disable the ifs shared directory in a production environment and create dedicated NFS exports and SMB shares for your workload.
Creating snapshot fails if the parameter IsiPath in volume snapshot class and related storage class is not the same. The driver uses the incorrect IsiPath parameter and tries to locate the source volume due to the inconsistency. Ensure IsiPath in VolumeSnapshotClass yaml and related storageClass yaml are the same.
While deleting a volume, if there are files or folders created on the volume that are owned by different users. If the Isilon credentials used are for a nonprivileged Isilon user, the delete volume action fails. It is due to the limitation in Linux permission control. To perform the delete volume action, the user account must be assigned a role that has the privilege ISI_PRIV_IFS_RESTORE. The user account must have the following set of privileges to ensure that all the CSI Isilon driver capabilities work properly:
* ISI_PRIV_LOGIN_PAPI
* ISI_PRIV_NFS
* ISI_PRIV_QUOTA
* ISI_PRIV_SNAPSHOT
* ISI_PRIV_IFS_RESTORE
* ISI_PRIV_NS_IFS_ACCESS
In some cases, ISI_PRIV_BACKUP is also required, for example, when files owned by other users have mode bits set to 700.
If the hostname is mapped to loopback IP in /etc/hosts file, and pods are created using 1.3.0.1 release, after upgrade to 1.4.0 there is a possibility of “localhost” as a stale entry in export Recommended setup: User should not map a hostname to loopback IP in /etc/hosts file
CSI Driver installation fails with the error message “error getting FQDN”. Map IP address of host with its FQDN in /etc/hosts file.
Driver node pod is in “CrashLoopBackOff” as “Node ID” generated is not with proper FQDN. This might be due to “dnsPolicy” implemented on the driver node pod which may differ with different networks.

1.This parameter is configurable in the helm installer and the user can try with different “dnsPolicy” according to the environment. (values.yaml).

2. In the case of Operator installation, this parameter is not configurable at present and will be available in upcoming release. To overcome this issue, try to use appropriate “dnsPolicy” ( ClusterFirst / ClusterFirstWithHostNet ) by patching Isilon node pods.

Example : kubectl patch daemonset isilon-node -n isilon -p ‘{“spec”: {“template”: {“spec”:{“dnsPolicy”: “ClusterFirst”}}}}’