Merge branch 'rackerlabs:main' into development

.github/workflows/release-cinder-netapp.yml

@@ -0,0 +1,68 @@
+#
+name: Create and publish a the Cinder RXT compatible image
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  workflow_dispatch:
+    inputs:
+      imageTag:
+        description: 'Set tag for the image'
+        required: true
+        default: 'master-ubuntu_jammy'
+        type: choice
+        options:
+          - master-ubuntu_jammy
+          - 2023.1-ubuntu_jammy
+          - 2023.2-ubuntu_jammy
+          - 2024.1-ubuntu_jammy
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # ghcr only allows lowercase repository names
+      - name: lowercase repo name
+        run: |
+          echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Dynamically set MY_DATE environment variable
+        run: echo "MY_DATE=$(date +%s)" >> $GITHUB_ENV
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: Containerfiles/Cinder-volume-netapp-Containerfile
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/cinder-volume-rxt:${{ github.event.inputs.imageTag }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/cinder-volume-rxt:${{ github.event.inputs.imageTag }}-${{ env.MY_DATE }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ github.event.inputs.imageTag }}

.github/workflows/smoke-cinder-netapp.yml

@@ -0,0 +1,45 @@
+#
+name: Run build check for the Cinder Volume Netapp RXT compatible image
+
+on:
+  pull_request:
+    paths:
+      - Containerfiles/Cinder-volume-netapp-Containerfile
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # ghcr only allows lowercase repository names
+      - name: lowercase repo name
+        run: |
+          echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
+      - name: Build Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: Containerfiles/Cinder-volume-netapp-Containerfile
+          push: false
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/keystone-rxt:master-ubuntu_jammy
+          build-args: |
+            VERSION=master-ubuntu_jammy

Containerfiles/Cinder-volume-netapp-Containerfile

@@ -0,0 +1,6 @@
+ARG VERSION=master-ubuntu_jammy
+FROM openstackhelm/cinder:$VERSION as build
+RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y systemctl open-iscsi qemu-block-extra qemu-utils multipath-tools; \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists; \
+    apt clean; /var/lib/openstack/bin/pip install pygobject; \
+    find /var/lib/openstack -regex '^.*\(__pycache__\|\.py[co]\)$' -delete

ansible/playbooks/deploy-cinder-netapp-volumes-reference.yaml

@@ -0,0 +1,216 @@
+---
+- name: Run the cinder volume reference driver deployment
+  hosts: cinder_storage_nodes
+  gather_facts: true
+  become: true
+  vars:
+    cinder_release: "2024.1"
+    cinder_storage_network_interface: ansible_br_storage
+    cinder_storage_network_interface_secondary: ansible_br_storage_secondary
+    cinder_backend_name: "block-ha-performance-at-rest-encrypted,block-ha-standard-at-rest-encrypted"
+    custom_multipath: false
+  handlers:
+    - name: Restart cinder-volume-netapp systemd services
+      ansible.builtin.systemd:
+        name: "{{ item }}"
+        state: restarted
+        daemon_reload: true
+        enabled: true
+      loop:
+        - cinder-volume-netapp
+  tasks:
+    - name: K8S Facts block
+      delegate_to: "{{ groups['kube_control_plane'][0] }}"
+      block:
+        - name: Ensure python3-kubernetes is available
+          ansible.builtin.package:
+            name: python3-kubernetes
+            state: present
+            update_cache: true
+
+        - name: Read cinder-etc secrets
+          kubernetes.core.k8s_info:
+            kind: Secret
+            name: cinder-etc
+            namespace: openstack
+          register: _kubernetes_cinder_etc_secret
+
+    - name: Install required packages
+      ansible.builtin.package:
+        name:
+          - build-essential
+          - git
+          - open-iscsi
+          - python3-venv
+          - python3-dev
+          - qemu-block-extra
+          - qemu-utils
+        state: present
+        update_cache: true
+
+    - name: Upgrade pip and install required packages
+      ansible.builtin.pip:
+        name:
+          - pip
+          - pymysql
+          - "git+https://github.com/openstack/cinder@stable/{{ cinder_release }}"
+          - "git+https://github.com/rackerlabs/cinder-rxt.git"
+        state: present
+        virtualenv: /opt/cinder
+        virtualenv_command: python3 -m venv
+
+    - name: Create the cinder system user
+      ansible.builtin.user:
+        name: cinder
+        comment: Cinder system user
+        shell: /bin/false
+        system: true
+        createhome: true
+        home: /var/lib/cinder
+
+    - name: Create the cinder system group
+      ansible.builtin.group:
+        name: cinder
+        system: true
+
+    - name: Create the cinder service directory
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: cinder
+        group: cinder
+        mode: "0755"
+      loop:
+        - /var/lib/cinder/backup
+        - /var/lib/cinder/tmp
+        - /var/lib/cinder/volumes
+
+    - name: Create symlink for the etc directory
+      ansible.builtin.file:
+        src: /opt/cinder/etc/cinder
+        dest: /etc/cinder
+        state: link
+        owner: cinder
+        group: cinder
+
+    - name: Create the cinder-volume-netapp systemd service units
+      ansible.builtin.copy:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        owner: root
+        group: root
+        mode: "{{ item.mode | default('0644') }}"
+      loop:
+        - src: "{{ playbook_dir }}/templates/cinder-netapp-volume.service"
+          dest: /etc/systemd/system/cinder-netapp-volume.service
+        - src: "{{ playbook_dir }}/templates/sudoers"
+          dest: /etc/sudoers.d/cinder-volume
+          mode: "0440"
+      notify:
+        - Restart cinder-volume-netapp systemd services
+
+    - name: Create the cinder-volume-netapp service configuration
+      ansible.builtin.copy:
+        content: "{{ _kubernetes_cinder_etc_secret.resources[0].data[item.src] | b64decode }}"
+        dest: "{{ item.dest }}"
+        owner: root
+        group: root
+        mode: "0644"
+      loop:
+        - src: "logging.conf"
+          dest: /etc/cinder/logging.conf
+        - src: "volume.filters"
+          dest: /etc/cinder/volume.filters
+      notify:
+        - Restart cinder-volume-netapp systemd services
+
+    - name: Create the cinder-volume-netapp configuration stage file
+      changed_when: false
+      ansible.builtin.copy:
+        content: "{{ _kubernetes_cinder_etc_secret.resources[0].data['cinder.conf'] | b64decode }}"
+        dest: "/etc/cinder/cinder.conf.stage"
+        owner: root
+        group: root
+        mode: "0644"
+
+    - name: Replace the host in the cinder.conf.stage with the current Ansible FQDN in the stage file
+      changed_when: false
+      community.general.ini_file:
+        path: "/etc/cinder/cinder.conf.stage"
+        section: DEFAULT
+        option: host
+        value: "{{ ansible_fqdn }}"
+        create: true
+
+    - name: Ensure the backend configuration is set to our expected value
+      changed_when: false
+      community.general.ini_file:
+        path: "/etc/cinder/cinder.conf.stage"
+        section: DEFAULT
+        option: enabled_backends
+        value: "{{ cinder_backend_name }}"
+        create: true
+
+    - name: Create the cinder-volume-netapp configuration
+      ansible.builtin.copy:
+        src: "/etc/cinder/cinder.conf.stage"
+        dest: "/etc/cinder/cinder.conf"
+        owner: root
+        group: root
+        mode: "0644"
+        remote_src: true
+      notify:
+        - Restart cinder-volume-netapp systemd services
+
+    - name: Set enabled backend fact
+      set_fact:
+        cinder_backend: |
+          {% set rendered_backend = {} %}
+          {% for backend in cinder_backend_name.split(',') %}
+          {%   set default_backend = (_kubernetes_cinder_etc_secret.resources[0].data['backends.conf'] | b64decode | community.general.from_ini)[backend] %}
+          {%   set network_interface = hostvars[inventory_hostname][cinder_storage_network_interface]['ipv4']['address'] | default(ansible_default_ipv4.address) %}
+          {%   set network_interface_secondary = hostvars[inventory_hostname][cinder_storage_network_interface_secondary]['ipv4']['address'] %}
+          {%   set _ = default_backend.__setitem__("target_ip_address", network_interface) %}
+          {%   if (custom_multipath | bool) %}
+          {%     set _ = default_backend.__setitem__("iscsi_secondary_ip_addresses", network_interface_secondary) %}
+          {%   endif %}
+          {%   set _ = rendered_backend.__setitem__(backend, default_backend) %}
+          {% endfor %}
+          {{ rendered_backend }}
+
+    - name: Create the cinder-volume-netapp backend configuration
+      ansible.builtin.copy:
+        content: "{{ cinder_backend | community.general.to_ini }}"
+        dest: "/etc/cinder/netapp-backends.conf"
+        owner: root
+        group: root
+        mode: "0644"
+      notify:
+        - Restart cinder-volume-netapp systemd services
+
+    - name: Create the cinder-volume-netapp overrides configuration
+      ansible.builtin.copy:
+        content: |
+          [DEFAULT]
+          host = cinder-volume-netapp-worker
+        dest: "/etc/cinder/netapp-cinder.conf"
+        owner: root
+        group: root
+        mode: "0644"
+      notify:
+        - Restart cinder-volume-netapp systemd services
+
+    - name: Replace exec path in rootwrap
+      community.general.ini_file:
+        path: /etc/cinder/rootwrap.conf
+        section: DEFAULT
+        option: "{{ item.key }}"
+        value: "{{ item.value }}"
+        create: true
+      loop:
+        - key: "exec_dirs"
+          value: "/opt/cinder/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/usr/lpp/mmfs/bin"
+        - key: "filters_path"
+          value: "/etc/cinder/rootwrap.d"
+      notify:
+        - Restart cinder-volume-netapp systemd services

ansible/playbooks/templates/cinder-volume-netapp.service

@@ -0,0 +1,32 @@
+[Unit]
+Description = cinder-volume-netapp service
+After = network-online.target
+After = syslog.target
+
+[Service]
+Type = simple
+User = cinder
+Group = cinder
+ExecStart = /opt/cinder/bin/cinder-volume --config-file /etc/cinder/cinder.conf --config-file /etc/cinder/netapp-cinder.conf --config-file /etc/cinder/netapp-backends.conf
+ExecReload = /bin/kill -HUP $MAINPID
+# Give a reasonable amount of time for the server to start up/shut down
+TimeoutSec = 120
+Restart = on-failure
+RestartSec = 2
+# This creates a specific slice which all services will operate from
+#  The accounting options give us the ability to see resource usage through
+#  the `systemd-cgtop` command.
+Slice = cinder.slice
+# Set Accounting
+CPUAccounting = True
+BlockIOAccounting = True
+MemoryAccounting = True
+TasksAccounting = True
+# Set Sandboxing
+PrivateTmp = False
+PrivateDevices = False
+PrivateNetwork = False
+Environment = PATH=/opt/cinder/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+[Install]
+WantedBy = multi-user.target