Add support for Dell PowerStore

Sem-Ver: feature
Change-Id: Ia0e32c4b33a73d0e182a52c50e3d45f059c7bb8d
diff --git a/doc/source/roles/ceph_csi_rbd/index.rst b/doc/source/roles/ceph_csi_rbd/index.rst
index 3cf76af..4148d09 100644
--- a/doc/source/roles/ceph_csi_rbd/index.rst
+++ b/doc/source/roles/ceph_csi_rbd/index.rst
@@ -1,8 +1,8 @@
 .. Copyright (C) 2022 VEXXHOST, Inc.
 .. SPDX-License-Identifier: Apache-2.0
 
-``ceph_csi_rbd``
-================
+``csi``
+=======
 
 .. toctree::
    :maxdepth: 2
diff --git a/doc/source/roles/csi/index.rst b/doc/source/roles/csi/index.rst
new file mode 100644
index 0000000..3cf76af
--- /dev/null
+++ b/doc/source/roles/csi/index.rst
@@ -0,0 +1,10 @@
+.. Copyright (C) 2022 VEXXHOST, Inc.
+.. SPDX-License-Identifier: Apache-2.0
+
+``ceph_csi_rbd``
+================
+
+.. toctree::
+   :maxdepth: 2
+
+   defaults/main
\ No newline at end of file
diff --git a/docs/certificates.md b/docs/certificates.md
new file mode 100644
index 0000000..fd32d47
--- /dev/null
+++ b/docs/certificates.md
@@ -0,0 +1,13 @@
+# Certificates
+
+## Using self-signed certificates
+
+If you are in an environment which does not have a trusted certificate authority
+and it does not have access to the internet to be able to use LetsEncrypt, you
+can use self-signed certificates by adding the following to your inventory:
+
+```yaml
+cert_manager_issuer:
+  ca:
+    secretName: root-secret
+```
\ No newline at end of file
diff --git a/docs/storage.md b/docs/storage.md
new file mode 100644
index 0000000..ece7a6a
--- /dev/null
+++ b/docs/storage.md
@@ -0,0 +1,113 @@
+# Storage
+
+## External storage
+
+When using an external storage platform, it's important to create to disable Ceph
+globally by adding the following to your Ansible inventory:
+
+```yaml
+atmosphere_ceph_enabled: false
+```
+
+### Dell PowerStore
+
+In order to be able to use Dell PowerStore, you'll need to make sure that you
+setup the hosts inside of your storage array.  You'll also need to make sure
+that they are not inside a host group or otherwise individual attachments will
+not work.
+
+
+
+### CSI
+
+You'll need to enable the Kubernetes cluster to use the PowerStore driver by
+using adding the following YAML to your Ansible inventory:
+
+```yaml
+csi_driver: powerstore
+powerstore_csi_config:
+  arrays:
+    - endpoint: https://<FILL IN>/api/rest
+      globalID: <FILL IN>
+      username: <FILL IN>
+      password: <FILL IN>
+      skipCertificateValidation: true
+      isDefault: true
+      blockProtocol: <FILL IN> # FC or iSCSI
+```
+
+### Glance
+
+Since Glance does not have a native PowerStore driver, you'll need to enable
+the use of the Cinder driver by adding the following to your Ansible inventory:
+
+```yaml
+openstack_helm_glance_values:
+  storage: cinder
+  conf:
+    glance:
+      glance_store:
+        stores: cinder
+        default_store: cinder
+```
+
+Please note that Glance images will not function until the Cinder service is
+deployed.
+
+### Cinder
+
+You can enable the native PowerStore driver for Cinder with the following
+configuration inside your Ansible inventory:
+
+```yaml
+openstack_helm_cinder_values:
+  storage: powerstore
+  dependencies:
+    static:
+      api:
+        jobs:
+          - cinder-db-sync
+          - cinder-ks-user
+          - cinder-ks-endpoints
+          - cinder-rabbit-init
+      scheduler:
+        jobs:
+          - cinder-db-sync
+          - cinder-ks-user
+          - cinder-ks-endpoints
+          - cinder-rabbit-init
+      volume:
+        jobs:
+          - cinder-db-sync
+          - cinder-ks-user
+          - cinder-ks-endpoints
+          - cinder-rabbit-init
+      volume_usage_audit:
+        jobs:
+          - cinder-db-sync
+          - cinder-ks-user
+          - cinder-ks-endpoints
+          - cinder-rabbit-init
+  conf:
+    cinder:
+      DEFAULT:
+        enabled_backends: powerstore
+        default_volume_type: powerstore
+    backends:
+      rbd1: null
+      powerstore:
+        volume_backend_name: powerstore
+        volume_driver: cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver
+        san_ip: <FILL IN>
+        san_login: <FILL IN>
+        san_password: <FILL IN>
+        storage_protocol: <FILL IN> # FC or iSCSI
+  manifests:
+    deployment_backup: true
+    job_backup_storage_init: true
+    job_storage_init: false
+```
+
+It's important to note that the configuration above will disable the Cinder
+backup service.  In the future, we'll update this sample configuration to use
+the Cinder backup service.
diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml
index 58ba618..6fb2c9c 100644
--- a/playbooks/ceph.yml
+++ b/playbooks/ceph.yml
@@ -16,17 +16,21 @@
   hosts: controllers:cephs
   become: true
   roles:
-    - ceph_repository
+    - role: ceph_repository
+      when: atmosphere_ceph_enabled | default(true)
 
 - name: Deploy Ceph monitors & managers
   hosts: controllers
   become: true
   roles:
-    - ceph_mon
-    - ceph_mgr
+    - role: ceph_mon
+      when: atmosphere_ceph_enabled | default(true)
+    - role: ceph_mgr
+      when: atmosphere_ceph_enabled | default(true)
 
 - name: Deploy Ceph OSDs
   hosts: cephs
   become: true
   roles:
-    - ceph_osd
+    - role: ceph_osd
+      when: atmosphere_ceph_enabled | default(true)
diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index 3749487..9d8442b 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml
@@ -20,9 +20,9 @@
       tags:
         - cilium
 
-    - role: ceph_csi_rbd
+    - role: csi
       tags:
-        - ceph-csi-rbd
+        - csi
 
     - role: kube_prometheus_stack
       tags:
@@ -77,6 +77,7 @@
         - openstack-helm-barbican
 
     - role: openstack_helm_infra_ceph_provisioners
+      when: atmosphere_ceph_enabled | default(true)
       tags:
         - openstack-helm-infra-ceph-provisioners
 
diff --git a/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml b/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml
new file mode 100644
index 0000000..51049aa
--- /dev/null
+++ b/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Add support for multiple CSIs including PowerStore
diff --git a/roles/csi/defaults/main.yml b/roles/csi/defaults/main.yml
new file mode 100644
index 0000000..67dfc75
--- /dev/null
+++ b/roles/csi/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+csi_driver: rbd
diff --git a/roles/csi/meta/main.yml b/roles/csi/meta/main.yml
new file mode 100644
index 0000000..73bb677
--- /dev/null
+++ b/roles/csi/meta/main.yml
@@ -0,0 +1,29 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+  author: VEXXHOST, Inc.
+  description: Meta role for managing CSI
+  license: Apache-2.0
+  min_ansible_version: 5.5.0
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
+
+dependencies:
+  - role: ceph_csi_rbd
+    when: csi_driver == "rbd"
+  - role: powerstore_csi
+    when: csi_driver == "powerstore"
diff --git a/roles/openstack_helm_endpoints/vars/main.yml b/roles/openstack_helm_endpoints/vars/main.yml
index b41dbe9..799eb09 100644
--- a/roles/openstack_helm_endpoints/vars/main.yml
+++ b/roles/openstack_helm_endpoints/vars/main.yml
@@ -21,9 +21,11 @@
   - ingress
   - kube_dns
   - ldap
+  - libvirt_exporter
   - local_image_registry
   - monitoring
   - object_store
+  - oci_image_registry
   - prometheus_rabbitmq_exporter
 
 _openstack_helm_endpoints_oslo_db:
diff --git a/roles/openstack_helm_infra_libvirt/vars/main.yml b/roles/openstack_helm_infra_libvirt/vars/main.yml
index f79b2a8..232513b 100644
--- a/roles/openstack_helm_infra_libvirt/vars/main.yml
+++ b/roles/openstack_helm_infra_libvirt/vars/main.yml
@@ -20,5 +20,7 @@
       dep_check: "{{ openstack_helm_infra_libvirt_image_repository }}/kubernetes-entrypoint:latest"
       libvirt: "{{ openstack_helm_infra_libvirt_image_repository }}/libvirt:{{ openstack_helm_infra_libvirt_image_tag }}"
   conf:
+    ceph:
+      enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
     libvirt:
       listen_addr: 0.0.0.0
diff --git a/roles/openstack_helm_nova/vars/main.yml b/roles/openstack_helm_nova/vars/main.yml
index d83521d..dd0cffe 100644
--- a/roles/openstack_helm_nova/vars/main.yml
+++ b/roles/openstack_helm_nova/vars/main.yml
@@ -66,6 +66,8 @@
       novncproxy: 3
       spiceproxy: 3
   conf:
+    ceph:
+      enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
     paste:
       composite:openstack_compute_api_v21:
         keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
diff --git a/roles/powerstore_csi/meta/main.yml b/roles/powerstore_csi/meta/main.yml
new file mode 100644
index 0000000..7f03021
--- /dev/null
+++ b/roles/powerstore_csi/meta/main.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+  author: VEXXHOST, Inc.
+  description: Ansible role for PowerStore CSI
+  license: Apache-2.0
+  min_ansible_version: 5.5.0
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
diff --git a/roles/powerstore_csi/tasks/main.yml b/roles/powerstore_csi/tasks/main.yml
new file mode 100644
index 0000000..ec85eb5
--- /dev/null
+++ b/roles/powerstore_csi/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+- name: Clone PowerStore CSI from GitHub
+  ansible.builtin.git:
+    repo: https://github.com/dell/csi-powerstore.git
+    dest: /var/lib/csi-powerstore
+    version: v2.3.0
+
+- name: Create Secret
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: csi-powerstore-config
+        namespace: kube-system
+      stringData:
+        config: "{{ powerstore_csi_config | to_yaml }}"
+
+- name: Create StorageClass
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: storage.k8s.io/v1
+      kind: StorageClass
+      metadata:
+        name: general
+        annotations:
+          storageclass.kubernetes.io/is-default-class: "true"
+      provisioner: csi-powerstore.dellemc.com
+      reclaimPolicy: Delete
+      allowVolumeExpansion: true
+      volumeBindingMode: Immediate
+
+- name: Deploy Helm chart
+  kubernetes.core.helm:
+    name: csi-powerstore
+    chart_ref: /var/lib/csi-powerstore/helm/csi-powerstore
+    release_namespace: kube-system
+    kubeconfig: /etc/kubernetes/admin.conf
+    values:
+      # NOTE(mnaser): The newer versions of the Helm charts automatically detect
+      #               these values so we can drop them once we move to v2.4.0
+      images:
+        attacher: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
+        driver: dellemc/csi-powerstore:v2.3.0
+        externalhealthmonitorcontroller: gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.5.0
+        metadataretriever: dellemc/csi-metadata-retriever:v1.0.0
+        provisioner: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0
+        registrar: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1
+        resizer: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
+        snapshotter: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1