Merge branch 'red-hat-storage:master' into fix-wrong-filename2

.github/workflows/pr_checks.yml

@@ -8,8 +8,9 @@ jobs:
     strategy:
       matrix:
         python-version:
-          - 3.8
-          - 3.9
+          - "3.9"
+          - "3.10"
+          - "3.11"
     steps:
       - uses: actions/checkout@v2
         with:

.pre-commit-config.yaml

@@ -1,10 +1,10 @@
 repos:
 
 - repo: https://github.com/psf/black
-  rev: 22.3.0
+  rev: 24.3.0
   hooks:
     - id: black
-      language_version: python3.8
+      language_version: python3.9
 
 - repo: https://github.com/pre-commit/pre-commit-hooks
   rev: v4.0.1
@@ -25,4 +25,4 @@ repos:
   rev: v1.0.5
   hooks:
     - id: check-signoff
-      language_version: python3.8
+      language_version: python3.9

Docker_files/ocsci_container/Containerfile.ci

@@ -34,7 +34,7 @@ RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/s
     && chmod +x kubectl \
     && mv kubectl /usr/local/bin/
 
-RUN curl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz | tar -C /usr/local/bin -zxvf - oc
+RUN curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz | tar -C /usr/local/bin -zxvf - oc
 
 RUN dnf install -y --nodocs python39 git jq rsync make \
     && dnf clean all \

conf/README.md

@@ -98,6 +98,7 @@ anywhere else.
 * `openshift_install_timeout` - Time (in seconds) to wait before timing out during OCP installation
 * `local_storage` - Deploy OCS with the local storage operator (aka LSO) (Default: false)
 * `local_storage_storagedeviceset_count` - This option allows one to control `spec.storageDeviceSets[0].count` of LSO backed StorageCluster.
+* `lso_standalone_deployment` - This option allows to deploy LSO separately (without actually deploying ODF)
 * `optional_operators_image` - If provided, it is used for LSO installation on unreleased OCP version
 * `disconnected` - Set if the cluster is deployed in a disconnected environment
 * `proxy` - Set if the cluster is deployed in a proxy environment
@@ -132,20 +133,32 @@ anywhere else.
 * `ingress_ssl_key` - Path for the key for custom ingress ssl certificate. (default: `data/ingress-cert.key`)
 * `ingress_ssl_ca_cert` - Path for the CA certificate used for signing the ingress_ssl_cert. (default: `data/ca.crt`)
 * `cert_signing_service_url` - Automatic Certification Authority signing service URL.
+* `custom_ssl_cert_provider` - Provider for ssl certificate, options: `ocs-qe-ca`, `letsencrypt` (default: `ocs-qe-ca`)
+    `ocs-qe-ca` option requires `cert_signing_service_url` parameter
+    `letsencrypt` option requires `certbot_dns_plugin` parameter
+* `certbot_dns_plugin` - Certbot DNS plugin for certificate signed by Let's Encrypt, options: `dns-route53` (default: `dns-route53`)
 * `proxy_http_proxy`, `proxy_https_proxy` - proxy configuration used for installation of cluster behind proxy (vSphere deployment via Flexy)
 * `disconnected_http_proxy`, `disconnected_https_proxy`, `disconnected_no_proxy` - proxy configuration used for installation of disconnect cluster (vSphere deployment via Flexy)
 * `disconnected_env_skip_image_mirroring` - skip index image prune and mirroring on disconnected environment (this expects that all the required images will be mirrored outside of ocs-ci)
 * `disconnected_dns_server` - DNS server accessible from disconnected cluster (should be on the same network)
 * `disconnected_false_gateway` - false gateway used to make cluster effectively disconnected
 * `customized_deployment_storage_class` - Customize the storage class type in the deployment.
 * `ibmcloud_disable_addon` - Disable OCS addon
-* `in_transit_encryption` - Enable in-transit encryption.
 * `sc_encryption` - Enable StorageClass encryption.
 * `skip_ocp_installer_destroy` - Skip OCP installer to destroy the cluster -
   useful for enforcing force deploy steps only.
 * `sts_enabled` - Enable STS deployment functionality.
 * `metallb_operator` - Enable MetalLB operator installation during OCP deployment.
 * `multi_storagecluster` - Enable multi-storagecluster deployment when set to true.
+* `deploy_hosted_clusters` - Deploy hosted clusters.
+* `ssh_jump_host` - dict containing configuration for SSH jump host
+    * `host` - hostname or IP address of the SSH Jump host
+    * `user` - username for the ssh connection to the SSH jump host
+* `rosa_cli_version` - ROSA CLI version to be used for ROSA deployment
+* `ocm_cli_version` - OCM CLI version to be used for ROSA deployment
+* `force_download_rosa_cli` - Download the ROSA CLI even if one already exists in the bin_dir
+* `force_download_ocm_cli` - Download the OCM CLI even if one already exists in the bin_dir
+* `ipv6` - ipv6 single stack deployment of OCP and ODF.
 
 #### REPORTING
 
@@ -187,7 +200,7 @@ higher priority).
 * `monitoring_enabled` - For testing OCS monitoring based on Prometheus (Default: false)
 * `persistent-monitoring` - Change monitoring backend to OCS (Default: true)
 * `platform` - Platform the cluster was created in or will be created in
-* `deployment_type` - 'ipi' or 'upi', Installer provisioned installation or user provisioned installation
+* `deployment_type` - 'ipi' or 'upi', Installer provisioned installation or user provisioned installation, 'managed_cp' for managed control plane nodes deployments, e.g. ROSA HCP
 * `region` - Platform region the cluster nodes are created in
 * `base_domain` - Base domain used for routing
 * `master_instance_type` - Instance type used for master nodes
@@ -220,6 +233,7 @@ higher priority).
 * `rhcos_ami` - AMI to use for RHCOS workers, for UPI deployments
 * `skip_ntp_configuration` - Skip NTP configuration during flexy deployment (Default: false)
 * `encryption_at_rest` - Enable encryption at rest (OCS >= 4.6 only) (Default: false)
+* `in_transit_encryption` - Enable in-transit encryption.
 * `fips` - Enable FIPS (Default: false)
 * `master_num_cpus` - Number of CPUs for each master node
 * `worker_num_cpus` - Number of CPUs for each worker node
@@ -311,13 +325,31 @@ higher priority).
 * `clusters` - section for hosted clusters
     * `<cluster name>` - name of the cluster
       * `hosted_cluster_path` - path to the cluster directory to store auth_path, credentials files or cluster related files
-      * `ocp_version` - OCP version of the hosted cluster (e.g. "4.15.13")
-      * `cpu_cores_per_hosted_cluster` - number of CPU cores per hosted cluster
-      * `memory_per_hosted_cluster` - amount of memory per hosted cluster
-      * `nodepool_replicas` - number of replicas of nodepool for each cluster
-      * `hosted_odf_registry` - registry for hosted ODF
+      * `ocp_version` - OCP version of the hosted cluster in form x.y or x.y.z (e.g. "4.15.13" or "4.17")
+      * `cpu_cores_per_hosted_cluster` - number of CPU cores per hosted cluster (default: 6)
+      * `memory_per_hosted_cluster` - amount of memory per hosted cluster (default: 12Gi)
+      * `nodepool_replicas` - number of replicas of nodepool for each cluster (default: 2)
+      * `hosted_odf_registry` - registry for hosted ODF (default: quay.io/rhceph-dev/ocs-registry)
       * `hosted_odf_version` - version of ODF to be deployed on hosted clusters
+      * `cp_availability_policy` - "HighlyAvailable" or "SingleReplica"; if not provided the default value is "SingleReplica"
 * `wait_timeout_for_healthy_osd_in_minutes` - timeout waiting for healthy OSDs before continuing upgrade (see https://bugzilla.redhat.com/show_bug.cgi?id=2276694 for more details)
+* `osd_maintenance_timeout` - is a duration in minutes that determines how long an entire failureDomain like region/zone/host will be held in noout
+* `odf_provider_mode_deployment` - True if you would like to enable provider mode deployment.
+* `client_subcription_image` - ODF subscription image details for the storageclients.
+* `channel_to_client_subscription` - Channel value for the odf subscription image for storageclients.
+* `custom_vpc` - Applicable only for IMB Cloud IPI deployment where we want to create custom VPC and networking
+  with specific Address prefixes to prevent /18 CIDR to be used.
+* `ip_prefix` - Applicable only for IMB Cloud IPI deployment when custom_vpc, if not specified: 27 prefix will be used.
+* `ceph_threshold_backfill_full_ratio` - Configure backfillFullRatio the ceph osd full thresholds value in the StorageCluster CR.
+* `ceph_threshold_full_ratio` - Configure fullRatio the ceph osd full thresholds value in the StorageCluster CR.
+* `ceph_threshold_near_full_ratio` - Configure nearFullRatio the ceph osd full thresholds value in the StorageCluster CR.
+* `restrict_ssh_access_to_nodes` - Deploy and configure Ingress Node Firewall Operator to restrict SSH access to nodes.
+* `allow_ssh_access_from_subnets` - Defines a list of subnets wit allowed SSH access to nodes.
+* `skip_upgrade_checks` - If set to true Rook won't perform any upgrade checks on Ceph daemons during an upgrade.
+* `continue_upgrade_after_checks_even_if_not_healthy` -  if set to true Rook will continue the OSD daemon upgrade process even if the PGs are not clean.
+* `upgrade_osd_requires_healthy_pgs` - If set to true OSD upgrade process won't start until PGs are healthy.
+* `workaround_mark_disks_as_ssd` - WORKAROUND: mark disks as SSD (not rotational - `0` in `/sys/block/*d*/queue/rotational`)
+* `node_labels` - Comma-separated labels to be applied to the nodes in the cluster, e.g. 'cluster.ocs.openshift.io/openshift-storage="",node-role.kubernetes.io/infra=""', default - empty string
 
 #### UPGRADE
 
@@ -385,6 +417,8 @@ Configuration specific to external Ceph cluster
 * `external_cluster_details` - base64 encoded data of json output from exporter script
 * `rgw_secure` - boolean parameter which defines if external Ceph cluster RGW is secured using SSL
 * `rgw_cert_ca` - url pointing to CA certificate used to sign certificate for RGW with SSL
+* `use_rbd_namespace` - boolean parameter to use RBD namespace in pool
+* `rbd_namespace` - Name of RBD namespace to use in pool
 
 ##### login
 

conf/deployment/aws/ipi_3az_rhcos_3m_3w_3i_vault_v2_external_with_namespace.yaml

@@ -0,0 +1,38 @@
+---
+DEPLOYMENT:
+  allow_lower_instance_requirements: false
+  kms_deployment: true
+  infra_nodes: true
+ENV_DATA:
+  platform: 'aws'
+  deployment_type: 'ipi'
+  region: 'us-east-2'
+  worker_availability_zones:
+    - 'us-east-2a'
+    - 'us-east-2b'
+    - 'us-east-2c'
+  infra_availability_zones:
+    - 'us-east-2a'
+    - 'us-east-2b'
+    - 'us-east-2c'
+  master_availability_zones:
+    - 'us-east-2a'
+    - 'us-east-2b'
+    - 'us-east-2c'
+  worker_replicas: 3
+  master_replicas: 3
+  infra_replicas: 3
+  worker_instance_type: 'm5.4xlarge'
+  encryption_at_rest: true
+  vault_deploy_mode: external
+  use_vault_namespace: true
+  KMS_PROVIDER: vault
+  KMS_SERVICE_NAME: vault
+  VAULT_AUTH_METHOD: token
+  VAULT_CACERT: "ocs-kms-ca-secret"
+  VAULT_CA_ONLY: true
+  VAULT_CLIENT_CERT: "ocs-kms-client-cert"
+  VAULT_CLIENT_KEY: "ocs-kms-client-key"
+  vault_hcp: true
+  VAULT_SKIP_VERIFY: false
+  VAULT_BACKEND: "v2"

conf/deployment/aws/ipi_3az_rhcos_sts_3m_3w_thales.yaml

@@ -0,0 +1,28 @@
+---
+DEPLOYMENT:
+  allow_lower_instance_requirements: false
+  sts_enabled: true
+  kms_deployment: true
+
+ENV_DATA:
+  platform: 'aws'
+  deployment_type: 'ipi'
+  region: 'us-east-2'
+  worker_availability_zones:
+    - 'us-east-2a'
+    - 'us-east-2b'
+    - 'us-east-2c'
+  master_availability_zones:
+    - 'us-east-2a'
+    - 'us-east-2b'
+    - 'us-east-2c'
+  worker_replicas: 3
+  master_replicas: 3
+  worker_instance_type: 'm5.4xlarge'
+  encryption_at_rest: true
+  KMS_PROVIDER: kmip
+  KMS_SERVICE_NAME: ciphertrust
+  KMIP_SECRET_NAME: thales-kmip-ocs
+REPORTING:
+  polarion:
+    deployment_id: 'OCS-5468'

conf/deployment/aws/rosa_hcp_1az_3w_m5.12x.yaml

@@ -0,0 +1,29 @@
+DEPLOYMENT:
+  allow_lower_instance_requirements: false
+  sts_enabled: true
+  force_download_ocm_cli: true
+  force_download_rosa_cli: true
+  ocm_cli_version: '0.1.67'
+  rosa_cli_version: '1.2.45'
+  live_deployment: true
+  customized_deployment_storage_class: 'gp3-csi'
+RUN:
+  username: "cluster-admin"
+ENV_DATA:
+  platform: 'rosa_hcp'
+  deployment_type: 'managed_cp'
+  rosa_mode: "auto"
+  region: 'us-west-2'
+  worker_availability_zones:
+    - 'us-west-2a'
+  master_replicas: 0
+  worker_replicas: 3
+  machine_pool: "workers"
+  worker_instance_type: 'm5.12xlarge'
+  cluster_namespace: "odf-storage"
+  private_link: false
+  machine_cidr: "10.0.0.0/16"
+  ms_env_type: "staging"
+  addon_name: "ocs-converged"
+  persistent-monitoring: false
+  node_labels: cluster.ocs.openshift.io/openshift-storage=""

conf/deployment/aws/rosa_hcp_1az_6w_m5.2x.yaml

@@ -0,0 +1,29 @@
+DEPLOYMENT:
+  allow_lower_instance_requirements: false
+  sts_enabled: true
+  force_download_ocm_cli: true
+  force_download_rosa_cli: true
+  ocm_cli_version: '0.1.67'
+  rosa_cli_version: '1.2.45'
+  live_deployment: true
+  customized_deployment_storage_class: 'gp3-csi'
+RUN:
+  username: "cluster-admin"
+ENV_DATA:
+  platform: 'rosa_hcp'
+  deployment_type: 'managed_cp'
+  rosa_mode: "auto"
+  region: 'us-west-2'
+  worker_availability_zones:
+    - 'us-west-2a'
+  master_replicas: 0
+  worker_replicas: 6
+  machine_pool: "workers"
+  worker_instance_type: 'm5.2xlarge'
+  cluster_namespace: "odf-storage"
+  private_link: false
+  machine_cidr: "10.0.0.0/16"
+  ms_env_type: "staging"
+  addon_name: "ocs-converged"
+  persistent-monitoring: false
+  node_labels: cluster.ocs.openshift.io/openshift-storage=""

conf/deployment/azure/ipi_1az_rhcos_3m_3w_encryption_azure_kv.yaml

@@ -19,3 +19,7 @@ ENV_DATA:
   encryption_at_rest: true
   sc_encryption: true
   KMS_PROVIDER: azure-kv
+REPORTING:
+  polarion:
+    deployment_id: 'OCS-5798'
+

conf/deployment/baremetal/ai_1az_rhcos_compact_mode_3m_0w.yaml

@@ -0,0 +1,9 @@
+---
+DEPLOYMENT:
+  allow_lower_instance_requirements: false
+  local_storage: true
+ENV_DATA:
+  platform: 'baremetal'
+  deployment_type: 'ai'
+  worker_replicas: 0
+  master_replicas: 3

conf/deployment/baremetal/ai_1az_rhcos_nvme_intel_3m_3w.yaml

@@ -7,6 +7,3 @@ ENV_DATA:
   deployment_type: 'ai'
   worker_replicas: 3
   master_replicas: 3
-  mon_type: 'hostpath'
-  osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'

conf/deployment/baremetal/ai_1az_rhcos_nvme_intel_3m_3w_hci.yaml

@@ -0,0 +1,9 @@
+---
+DEPLOYMENT:
+  allow_lower_instance_requirements: false
+  local_storage: true
+ENV_DATA:
+  platform: 'hci_baremetal'
+  deployment_type: 'ai'
+  worker_replicas: 3
+  master_replicas: 3

conf/deployment/baremetal/upi_1az_rhcos_compact_mode.yaml

@@ -9,7 +9,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
 REPORTING:
   polarion:
     deployment_id: 'OCS-2505'

conf/deployment/baremetal/upi_1az_rhcos_multus_cluster_nvme_intel_3m_3w.yaml

@@ -9,7 +9,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
   is_multus_enabled: true
   multus_cluster_net_interface: 'enp1s0f1'
   multus_create_public_net: false

conf/deployment/baremetal/upi_1az_rhcos_multus_nvme_intel_3m_3w.yaml

@@ -9,7 +9,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
   is_multus_enabled: true
   multus_public_net_interface: 'enp1s0f1'
   multus_cluster_net_interface: 'enp1s0f1'

conf/deployment/baremetal/upi_1az_rhcos_multus_public_nvme_intel_3m_3w.yaml

@@ -9,7 +9,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
   is_multus_enabled: true
   multus_public_net_interface: 'enp1s0f1'
   multus_create_public_net: true

conf/deployment/baremetal/upi_1az_rhcos_nvme_intel_3m_3w.yaml

@@ -9,7 +9,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
 REPORTING:
   polarion:
     deployment_id: 'OCS-2381'

conf/deployment/baremetal/upi_1az_rhcos_nvme_intel_3m_4w.yaml

@@ -9,7 +9,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
 REPORTING:
   polarion:
     deployment_id: 'OCS-2381'

conf/deployment/baremetal/upi_1az_rhcos_nvme_intel_3m_5w.yaml

@@ -10,7 +10,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
 REPORTING:
   polarion:
     deployment_id: 'OCS-2381'

conf/deployment/baremetal/upi_1az_rhcos_nvme_intel_mcg_only_3m_3w.yaml

@@ -10,7 +10,6 @@ ENV_DATA:
   master_replicas: 3
   mon_type: 'hostpath'
   osd_type: 'nvme'
-  disk_pattern: 'nvme-INTEL'
 REPORTING:
   polarion:
     deployment_id: 'OCS-2702'

conf/deployment/baremetal/upi_1az_rhel_nvme_intel_3m_3w.yaml

@@ -10,7 +10,6 @@ ENV_DATA:
   mon_type: 'hostpath'
   osd_type: 'nvme'
   rhel_workers: true
-  disk_pattern: 'nvme-INTEL'
 REPORTING:
   polarion:
     deployment_id: 'OCS-2382'

conf/deployment/fusion_hci_pc/client_bm_upi_1az_rhcos_nvme_2w.yaml

@@ -8,6 +8,4 @@ ENV_DATA:
   mon_type: 'hostpath'
   osd_type: 'nvme'
 REPORTING:
-  # This is to be used in internal image for must gather on HCI
   ocs_must_gather_image: "quay.io/rhceph-dev/ocs-must-gather"
-  ocs_must_gather_latest_tag: '4.14-fusion-hci'

conf/deployment/fusion_hci_pc/client_bm_upi_1az_rhcos_nvme_3w.yaml

@@ -8,6 +8,4 @@ ENV_DATA:
   mon_type: 'hostpath'
   osd_type: 'nvme'
 REPORTING:
-  # This is to be used in internal image for must gather on HCI
   ocs_must_gather_image: "quay.io/rhceph-dev/ocs-must-gather"
-  ocs_must_gather_latest_tag: '4.14-fusion-hci'