Add support for Dell PowerStore
Sem-Ver: feature
Change-Id: Ia0e32c4b33a73d0e182a52c50e3d45f059c7bb8d
diff --git a/doc/source/roles/ceph_csi_rbd/index.rst b/doc/source/roles/ceph_csi_rbd/index.rst
index 3cf76af..4148d09 100644
--- a/doc/source/roles/ceph_csi_rbd/index.rst
+++ b/doc/source/roles/ceph_csi_rbd/index.rst
@@ -1,8 +1,8 @@
.. Copyright (C) 2022 VEXXHOST, Inc.
.. SPDX-License-Identifier: Apache-2.0
-``ceph_csi_rbd``
-================
+``csi``
+=======
.. toctree::
:maxdepth: 2
diff --git a/doc/source/roles/csi/index.rst b/doc/source/roles/csi/index.rst
new file mode 100644
index 0000000..3cf76af
--- /dev/null
+++ b/doc/source/roles/csi/index.rst
@@ -0,0 +1,10 @@
+.. Copyright (C) 2022 VEXXHOST, Inc.
+.. SPDX-License-Identifier: Apache-2.0
+
+``ceph_csi_rbd``
+================
+
+.. toctree::
+ :maxdepth: 2
+
+ defaults/main
\ No newline at end of file
diff --git a/docs/certificates.md b/docs/certificates.md
new file mode 100644
index 0000000..fd32d47
--- /dev/null
+++ b/docs/certificates.md
@@ -0,0 +1,13 @@
+# Certificates
+
+## Using self-signed certificates
+
+If you are in an environment which does not have a trusted certificate authority
+and it does not have access to the internet to be able to use LetsEncrypt, you
+can use self-signed certificates by adding the following to your inventory:
+
+```yaml
+cert_manager_issuer:
+ ca:
+ secretName: root-secret
+```
\ No newline at end of file
diff --git a/docs/storage.md b/docs/storage.md
new file mode 100644
index 0000000..ece7a6a
--- /dev/null
+++ b/docs/storage.md
@@ -0,0 +1,113 @@
+# Storage
+
+## External storage
+
+When using an external storage platform, it's important to create to disable Ceph
+globally by adding the following to your Ansible inventory:
+
+```yaml
+atmosphere_ceph_enabled: false
+```
+
+### Dell PowerStore
+
+In order to be able to use Dell PowerStore, you'll need to make sure that you
+setup the hosts inside of your storage array. You'll also need to make sure
+that they are not inside a host group or otherwise individual attachments will
+not work.
+
+
+
+### CSI
+
+You'll need to enable the Kubernetes cluster to use the PowerStore driver by
+using adding the following YAML to your Ansible inventory:
+
+```yaml
+csi_driver: powerstore
+powerstore_csi_config:
+ arrays:
+ - endpoint: https://<FILL IN>/api/rest
+ globalID: <FILL IN>
+ username: <FILL IN>
+ password: <FILL IN>
+ skipCertificateValidation: true
+ isDefault: true
+ blockProtocol: <FILL IN> # FC or iSCSI
+```
+
+### Glance
+
+Since Glance does not have a native PowerStore driver, you'll need to enable
+the use of the Cinder driver by adding the following to your Ansible inventory:
+
+```yaml
+openstack_helm_glance_values:
+ storage: cinder
+ conf:
+ glance:
+ glance_store:
+ stores: cinder
+ default_store: cinder
+```
+
+Please note that Glance images will not function until the Cinder service is
+deployed.
+
+### Cinder
+
+You can enable the native PowerStore driver for Cinder with the following
+configuration inside your Ansible inventory:
+
+```yaml
+openstack_helm_cinder_values:
+ storage: powerstore
+ dependencies:
+ static:
+ api:
+ jobs:
+ - cinder-db-sync
+ - cinder-ks-user
+ - cinder-ks-endpoints
+ - cinder-rabbit-init
+ scheduler:
+ jobs:
+ - cinder-db-sync
+ - cinder-ks-user
+ - cinder-ks-endpoints
+ - cinder-rabbit-init
+ volume:
+ jobs:
+ - cinder-db-sync
+ - cinder-ks-user
+ - cinder-ks-endpoints
+ - cinder-rabbit-init
+ volume_usage_audit:
+ jobs:
+ - cinder-db-sync
+ - cinder-ks-user
+ - cinder-ks-endpoints
+ - cinder-rabbit-init
+ conf:
+ cinder:
+ DEFAULT:
+ enabled_backends: powerstore
+ default_volume_type: powerstore
+ backends:
+ rbd1: null
+ powerstore:
+ volume_backend_name: powerstore
+ volume_driver: cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver
+ san_ip: <FILL IN>
+ san_login: <FILL IN>
+ san_password: <FILL IN>
+ storage_protocol: <FILL IN> # FC or iSCSI
+ manifests:
+ deployment_backup: true
+ job_backup_storage_init: true
+ job_storage_init: false
+```
+
+It's important to note that the configuration above will disable the Cinder
+backup service. In the future, we'll update this sample configuration to use
+the Cinder backup service.
diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml
index 58ba618..6fb2c9c 100644
--- a/playbooks/ceph.yml
+++ b/playbooks/ceph.yml
@@ -16,17 +16,21 @@
hosts: controllers:cephs
become: true
roles:
- - ceph_repository
+ - role: ceph_repository
+ when: atmosphere_ceph_enabled | default(true)
- name: Deploy Ceph monitors & managers
hosts: controllers
become: true
roles:
- - ceph_mon
- - ceph_mgr
+ - role: ceph_mon
+ when: atmosphere_ceph_enabled | default(true)
+ - role: ceph_mgr
+ when: atmosphere_ceph_enabled | default(true)
- name: Deploy Ceph OSDs
hosts: cephs
become: true
roles:
- - ceph_osd
+ - role: ceph_osd
+ when: atmosphere_ceph_enabled | default(true)
diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index 3749487..9d8442b 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml
@@ -20,9 +20,9 @@
tags:
- cilium
- - role: ceph_csi_rbd
+ - role: csi
tags:
- - ceph-csi-rbd
+ - csi
- role: kube_prometheus_stack
tags:
@@ -77,6 +77,7 @@
- openstack-helm-barbican
- role: openstack_helm_infra_ceph_provisioners
+ when: atmosphere_ceph_enabled | default(true)
tags:
- openstack-helm-infra-ceph-provisioners
diff --git a/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml b/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml
new file mode 100644
index 0000000..51049aa
--- /dev/null
+++ b/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add support for multiple CSIs including PowerStore
diff --git a/roles/csi/defaults/main.yml b/roles/csi/defaults/main.yml
new file mode 100644
index 0000000..67dfc75
--- /dev/null
+++ b/roles/csi/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+csi_driver: rbd
diff --git a/roles/csi/meta/main.yml b/roles/csi/meta/main.yml
new file mode 100644
index 0000000..73bb677
--- /dev/null
+++ b/roles/csi/meta/main.yml
@@ -0,0 +1,29 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Meta role for managing CSI
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+
+dependencies:
+ - role: ceph_csi_rbd
+ when: csi_driver == "rbd"
+ - role: powerstore_csi
+ when: csi_driver == "powerstore"
diff --git a/roles/openstack_helm_endpoints/vars/main.yml b/roles/openstack_helm_endpoints/vars/main.yml
index b41dbe9..799eb09 100644
--- a/roles/openstack_helm_endpoints/vars/main.yml
+++ b/roles/openstack_helm_endpoints/vars/main.yml
@@ -21,9 +21,11 @@
- ingress
- kube_dns
- ldap
+ - libvirt_exporter
- local_image_registry
- monitoring
- object_store
+ - oci_image_registry
- prometheus_rabbitmq_exporter
_openstack_helm_endpoints_oslo_db:
diff --git a/roles/openstack_helm_infra_libvirt/vars/main.yml b/roles/openstack_helm_infra_libvirt/vars/main.yml
index f79b2a8..232513b 100644
--- a/roles/openstack_helm_infra_libvirt/vars/main.yml
+++ b/roles/openstack_helm_infra_libvirt/vars/main.yml
@@ -20,5 +20,7 @@
dep_check: "{{ openstack_helm_infra_libvirt_image_repository }}/kubernetes-entrypoint:latest"
libvirt: "{{ openstack_helm_infra_libvirt_image_repository }}/libvirt:{{ openstack_helm_infra_libvirt_image_tag }}"
conf:
+ ceph:
+ enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
libvirt:
listen_addr: 0.0.0.0
diff --git a/roles/openstack_helm_nova/vars/main.yml b/roles/openstack_helm_nova/vars/main.yml
index d83521d..dd0cffe 100644
--- a/roles/openstack_helm_nova/vars/main.yml
+++ b/roles/openstack_helm_nova/vars/main.yml
@@ -66,6 +66,8 @@
novncproxy: 3
spiceproxy: 3
conf:
+ ceph:
+ enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
paste:
composite:openstack_compute_api_v21:
keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
diff --git a/roles/powerstore_csi/meta/main.yml b/roles/powerstore_csi/meta/main.yml
new file mode 100644
index 0000000..7f03021
--- /dev/null
+++ b/roles/powerstore_csi/meta/main.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for PowerStore CSI
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
diff --git a/roles/powerstore_csi/tasks/main.yml b/roles/powerstore_csi/tasks/main.yml
new file mode 100644
index 0000000..ec85eb5
--- /dev/null
+++ b/roles/powerstore_csi/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+- name: Clone PowerStore CSI from GitHub
+ ansible.builtin.git:
+ repo: https://github.com/dell/csi-powerstore.git
+ dest: /var/lib/csi-powerstore
+ version: v2.3.0
+
+- name: Create Secret
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: csi-powerstore-config
+ namespace: kube-system
+ stringData:
+ config: "{{ powerstore_csi_config | to_yaml }}"
+
+- name: Create StorageClass
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: storage.k8s.io/v1
+ kind: StorageClass
+ metadata:
+ name: general
+ annotations:
+ storageclass.kubernetes.io/is-default-class: "true"
+ provisioner: csi-powerstore.dellemc.com
+ reclaimPolicy: Delete
+ allowVolumeExpansion: true
+ volumeBindingMode: Immediate
+
+- name: Deploy Helm chart
+ kubernetes.core.helm:
+ name: csi-powerstore
+ chart_ref: /var/lib/csi-powerstore/helm/csi-powerstore
+ release_namespace: kube-system
+ kubeconfig: /etc/kubernetes/admin.conf
+ values:
+ # NOTE(mnaser): The newer versions of the Helm charts automatically detect
+ # these values so we can drop them once we move to v2.4.0
+ images:
+ attacher: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
+ driver: dellemc/csi-powerstore:v2.3.0
+ externalhealthmonitorcontroller: gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.5.0
+ metadataretriever: dellemc/csi-metadata-retriever:v1.0.0
+ provisioner: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0
+ registrar: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1
+ resizer: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
+ snapshotter: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1