Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for ocs provider server to fetch noobaa client resources #2680

Closed
wants to merge 2 commits into from

Conversation

ezio-auditore
Copy link
Contributor

@ezio-auditore ezio-auditore commented Jul 2, 2024

  1. Added an annotation is-local-client:true for local storage client
  2. Create a Noobaa Account CR for auth_token generation of remote noobaa client
    a.Added support to join external noobaa system from hosted clusters noobaa/noobaa-operator#1389
  3. Assemble noobaa remote auth token and management address to be sent via GetStorageConfig
  4. Updated test cases

Part of : RHSTOR-5187

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 2, 2024
Copy link
Contributor

openshift-ci bot commented Jul 2, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

Copy link
Contributor

openshift-ci bot commented Jul 2, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ezio-auditore
Once this PR has been reviewed and has the lgtm label, please assign obnoxxx for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ezio-auditore ezio-auditore force-pushed the noobaa_obc branch 4 times, most recently from 9b30587 to 6113607 Compare July 18, 2024 07:02
@ezio-auditore ezio-auditore marked this pull request as ready for review July 18, 2024 09:02
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 18, 2024
services/provider/server/server.go Outdated Show resolved Hide resolved
services/provider/server/consumer.go Show resolved Hide resolved
services/provider/server/server.go Outdated Show resolved Hide resolved
services/provider/server/server.go Outdated Show resolved Hide resolved
services/provider/server/server.go Outdated Show resolved Hide resolved
services/provider/server/server.go Outdated Show resolved Hide resolved
@ezio-auditore ezio-auditore force-pushed the noobaa_obc branch 3 times, most recently from ddc88b6 to 94ea6f2 Compare July 22, 2024 18:20
@ezio-auditore
Copy link
Contributor Author

/test ocs-operator-bundle-e2e-aws

Kaustav Majumder added 2 commits July 25, 2024 11:51
Comment on lines +152 to +153
if err := s.consumerManager.CreateNoobaaAccount(ctx, req.StorageConsumerUUID); err != nil {
return nil, status.Errorf(codes.Internal, "Failed to create noobaa account for storageconsumer. %v", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. We should not run create operations inside the ack operation, and even more importantly, after we already enabled the consumer.

  2. Creation of the noobaa account is a detail of storage consumer reconciliation, not of the onboard call.

Please remove this call from here.

Comment on lines +195 to +198
err := s.consumerManager.DeleteNoobaaAccount(ctx, req.StorageConsumerUUID)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to delete noobaaAccount resource with the provided UUID. %v", err)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The noobaa account should be owned (via an owner ref) by the consumer object.
If it is, there will be no need for manual deletion as k8s GC will take care of it.

Comment on lines +233 to +256
func (c *ocsConsumerManager) CreateNoobaaAccount(ctx context.Context, id string) error {

consumerObj, err := c.Get(ctx, id)
if err != nil {
return err
}
consumerClusterID := strings.TrimPrefix(consumerObj.Name, "storageconsumer-")
if consumerClusterID != "" && len(consumerClusterID) == 0 {
return fmt.Errorf("failed to get clusterID from consumerResource Name: %s %v", consumerObj.Name, err)
}

noobaaAccountName := fmt.Sprintf("noobaa-remote-%s", consumerClusterID)
nbAccountObj := &nbv1.NooBaaAccount{}
nbAccountObj.Name = noobaaAccountName
nbAccountObj.Namespace = consumerObj.Namespace
// the following annotation will enable noobaa-operator to create a auth_token secret based on this account
util.AddAnnotation(nbAccountObj, "remote-operator", "true")

err = c.client.Create(ctx, nbAccountObj)
if err != nil {
return fmt.Errorf("failed to create noobaa account for storageConsumer %v: %v", consumerObj.Name, err)
}
return nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we creating the noobaa account in the server and not part of the reconciliation of the StorageConsumer CR?

The server does not implement reconciliation logic and every operation is considered a one-time operation.

Comment on lines +258 to +275
func (c *ocsConsumerManager) DeleteNoobaaAccount(ctx context.Context, id string) error {
consumerObj, err := c.Get(ctx, id)
if err != nil {
return err
}
clusterID := strings.TrimPrefix(consumerObj.Name, "storageconsumer-")
if clusterID != "" && len(clusterID) == 0 {
return fmt.Errorf("failed to get clusterID from consumerResource Name: %s %v", consumerObj.Name, err)
}
noobaaAccountName := fmt.Sprintf("noobaa-remote-%s", clusterID)
nbAccountObj := &nbv1.NooBaaAccount{}
nbAccountObj.Name = noobaaAccountName
nbAccountObj.Namespace = consumerObj.Namespace
if err := c.client.Delete(ctx, nbAccountObj); err != nil {
return fmt.Errorf("failed to delete Noobaa account %q. %v", nbAccountObj.Name, err)
}
return nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noobaa account should be just GC collected via storage consumer ownership. This code is unnecessary

@@ -400,6 +416,59 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe

}

// Fetch noobaa remote secret and management address and append to extResources
noobaaOperatorSecret := &v1.Secret{}
clusterID := strings.TrimPrefix(consumerResource.Name, "storageconsumer-")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. We should not fetch based on naming conventions. Always fetch by ownership or by labels.
  2. Consumer's name is decided by the client, don't assume it will contain the clusterID
  3. Cluster ID is available as part of the consumer's status section, if you need it (Which I don't understand why), fetch it from there

@@ -400,6 +416,59 @@ func (s *OCSProviderServer) getExternalResources(ctx context.Context, consumerRe

}

// Fetch noobaa remote secret and management address and append to extResources
noobaaOperatorSecret := &v1.Secret{}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Define the var just above the code that uses it

Comment on lines +446 to +449
noobaaMgmtAddress := noobaMgmtRoute.Status.Ingress[0].Host
if noobaaMgmtAddress == "" {
return nil, fmt.Errorf("no Host found in noobaa-mgmt route Ingress")
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we assuming a default port always? is it always 8080?

joinSecret := &corev1.Secret{
Data: map[string][]byte{
"auth_token": authToken,
"mgmt_addr": []byte(noobaaMgmtAddress),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the Byte encoding?

extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote-join-secret",
Kind: "Secret",
Data: mustMarshal(joinSecret),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is wrong, for secrets, we only send the data section, not the entire secret.

Suggested change
Data: mustMarshal(joinSecret),
Data: mustMarshal(map[string][]byte{
"auth_token": authToken,
"mgmt_addr": []byte(noobaaMgmtAddress),
}),

Comment on lines +462 to +471
noobaaSpec := &nbv1.NooBaaSpec{
JoinSecret: &v1.SecretReference{
Name: "noobaa-remote-join-secret",
},
}
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote",
Kind: "Noobaa",
Data: mustMarshal(noobaaSpec),
})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec is very small, please inline it.

Suggested change
noobaaSpec := &nbv1.NooBaaSpec{
JoinSecret: &v1.SecretReference{
Name: "noobaa-remote-join-secret",
},
}
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote",
Kind: "Noobaa",
Data: mustMarshal(noobaaSpec),
})
noobaaSpec :=
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote",
Kind: "Noobaa",
Data: mustMarshal(&nbv1.NooBaaSpec{
JoinSecret: &v1.SecretReference{
Name: "noobaa-remote-join-secret",
},
}),
})

@leelavg
Copy link
Contributor

leelavg commented Aug 9, 2024

possible to mention the relation b/n this PR and #2733?

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 12, 2024
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants