Skip to content

Added support for ocs provider server to fetch noobaa client resources#2680

Closed
ezio-auditore wants to merge 2 commits intored-hat-storage:mainfrom
ezio-auditore:noobaa_obc
Closed

Added support for ocs provider server to fetch noobaa client resources#2680
ezio-auditore wants to merge 2 commits intored-hat-storage:mainfrom
ezio-auditore:noobaa_obc

Conversation

@ezio-auditore
Copy link
Contributor

@ezio-auditore ezio-auditore commented Jul 2, 2024
edited
Loading

  1. Added an annotation is-local-client:true for local storage client
  2. Create a Noobaa Account CR for auth_token generation of remote noobaa client
    a.Added support to join external noobaa system from hosted clusters noobaa/noobaa-operator#1389
  3. Assemble noobaa remote auth token and management address to be sent via GetStorageConfig
  4. Updated test cases

Part of : RHSTOR-5187

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 2, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 2, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 2, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ezio-auditore
Once this PR has been reviewed and has the lgtm label, please assign obnoxxx for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ezio-auditore ezio-auditore force-pushed the noobaa_obc branch 4 times, most recently from 9b30587 to 6113607 Compare July 18, 2024 07:02
@ezio-auditore ezio-auditore marked this pull request as ready for review July 18, 2024 09:02
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 18, 2024
rewantsoni
rewantsoni suggested changes Jul 18, 2024
View reviewed changes
rewantsoni
rewantsoni reviewed Jul 18, 2024
View reviewed changes
rchikatw
rchikatw reviewed Jul 22, 2024
View reviewed changes
rewantsoni
rewantsoni suggested changes Jul 22, 2024
View reviewed changes
@ezio-auditore ezio-auditore force-pushed the noobaa_obc branch 3 times, most recently from ddc88b6 to 94ea6f2 Compare July 22, 2024 18:20
rchikatw
rchikatw reviewed Jul 23, 2024
View reviewed changes
This was referenced Jul 23, 2024
Open
Merged
Closed
@ezio-auditore ezio-auditore force-pushed the noobaa_obc branch 2 times, most recently from a6fe781 to cede821 Compare July 24, 2024 12:26
@ezio-auditore
Copy link
Contributor Author

ezio-auditore commented Jul 24, 2024

/test ocs-operator-bundle-e2e-aws

Kaustav Majumder added 2 commits July 25, 2024 11:51
added support for ocs provider server to fetch noobaa resources
79eb451 
Signed-off-by: Kaustav Majumder <kaustav.majumder@ibm.com>
generated changes
b54dab3 
Signed-off-by: Kaustav Majumder <kaustav.majumder@ibm.com>
nb-ohad
nb-ohad requested changes Aug 1, 2024
View reviewed changes
services/provider/server/server.go
Comment on lines +152 to +153
if err := s.consumerManager.CreateNoobaaAccount(ctx, req.StorageConsumerUUID); err != nil {
return nil, status.Errorf(codes.Internal, "Failed to create noobaa account for storageconsumer. %v", err)
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. We should not run create operations inside the ack operation, and even more importantly, after we already enabled the consumer.

  2. Creation of the noobaa account is a detail of storage consumer reconciliation, not of the onboard call.

Please remove this call from here.

services/provider/server/server.go
Comment on lines +195 to +198
err := s.consumerManager.DeleteNoobaaAccount(ctx, req.StorageConsumerUUID)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to delete noobaaAccount resource with the provided UUID. %v", err)
}
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The noobaa account should be owned (via an owner ref) by the consumer object.
If it is, there will be no need for manual deletion as k8s GC will take care of it.

services/provider/server/consumer.go
Comment on lines +233 to +256
func (c *ocsConsumerManager) CreateNoobaaAccount(ctx context.Context, id string) error {

consumerObj, err := c.Get(ctx, id)
if err != nil {
return err
}
consumerClusterID := strings.TrimPrefix(consumerObj.Name, "storageconsumer-")
if consumerClusterID != "" && len(consumerClusterID) == 0 {
return fmt.Errorf("failed to get clusterID from consumerResource Name: %s %v", consumerObj.Name, err)
}

noobaaAccountName := fmt.Sprintf("noobaa-remote-%s", consumerClusterID)
nbAccountObj := &nbv1.NooBaaAccount{}
nbAccountObj.Name = noobaaAccountName
nbAccountObj.Namespace = consumerObj.Namespace
// the following annotation will enable noobaa-operator to create a auth_token secret based on this account
util.AddAnnotation(nbAccountObj, "remote-operator", "true")

err = c.client.Create(ctx, nbAccountObj)
if err != nil {
return fmt.Errorf("failed to create noobaa account for storageConsumer %v: %v", consumerObj.Name, err)
}
return nil
}
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are we creating the noobaa account in the server and not part of the reconciliation of the StorageConsumer CR?

The server does not implement reconciliation logic and every operation is considered a one-time operation.

services/provider/server/consumer.go
Comment on lines +258 to +275
func (c *ocsConsumerManager) DeleteNoobaaAccount(ctx context.Context, id string) error {
consumerObj, err := c.Get(ctx, id)
if err != nil {
return err
}
clusterID := strings.TrimPrefix(consumerObj.Name, "storageconsumer-")
if clusterID != "" && len(clusterID) == 0 {
return fmt.Errorf("failed to get clusterID from consumerResource Name: %s %v", consumerObj.Name, err)
}
noobaaAccountName := fmt.Sprintf("noobaa-remote-%s", clusterID)
nbAccountObj := &nbv1.NooBaaAccount{}
nbAccountObj.Name = noobaaAccountName
nbAccountObj.Namespace = consumerObj.Namespace
if err := c.client.Delete(ctx, nbAccountObj); err != nil {
return fmt.Errorf("failed to delete Noobaa account %q. %v", nbAccountObj.Name, err)
}
return nil
}
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noobaa account should be just GC collected via storage consumer ownership. This code is unnecessary

services/provider/server/server.go

// Fetch noobaa remote secret and management address and append to extResources
noobaaOperatorSecret := &v1.Secret{}
clusterID := strings.TrimPrefix(consumerResource.Name, "storageconsumer-")
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. We should not fetch based on naming conventions. Always fetch by ownership or by labels.
  2. Consumer's name is decided by the client, don't assume it will contain the clusterID
  3. Cluster ID is available as part of the consumer's status section, if you need it (Which I don't understand why), fetch it from there

services/provider/server/server.go
}

// Fetch noobaa remote secret and management address and append to extResources
noobaaOperatorSecret := &v1.Secret{}
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Define the var just above the code that uses it

services/provider/server/server.go
Comment on lines +446 to +449
noobaaMgmtAddress := noobaMgmtRoute.Status.Ingress[0].Host
if noobaaMgmtAddress == "" {
return nil, fmt.Errorf("no Host found in noobaa-mgmt route Ingress")
}
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we assuming a default port always? is it always 8080?

services/provider/server/server.go
joinSecret := &corev1.Secret{
Data: map[string][]byte{
"auth_token": authToken,
"mgmt_addr": []byte(noobaaMgmtAddress),
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the Byte encoding?

services/provider/server/server.go
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote-join-secret",
Kind: "Secret",
Data: mustMarshal(joinSecret),
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is wrong, for secrets, we only send the data section, not the entire secret.

Suggested change
Data: mustMarshal(joinSecret),
Data: mustMarshal(map[string][]byte{
"auth_token": authToken,
"mgmt_addr": []byte(noobaaMgmtAddress),
}),

services/provider/server/server.go
Comment on lines +462 to +471
noobaaSpec := &nbv1.NooBaaSpec{
JoinSecret: &v1.SecretReference{
Name: "noobaa-remote-join-secret",
},
}
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote",
Kind: "Noobaa",
Data: mustMarshal(noobaaSpec),
})
Copy link
Contributor

@nb-ohad nb-ohad Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec is very small, please inline it.

Suggested change
noobaaSpec := &nbv1.NooBaaSpec{
JoinSecret: &v1.SecretReference{
Name: "noobaa-remote-join-secret",
},
}
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote",
Kind: "Noobaa",
Data: mustMarshal(noobaaSpec),
})
noobaaSpec :=
extR = append(extR, &pb.ExternalResource{
Name: "noobaa-remote",
Kind: "Noobaa",
Data: mustMarshal(&nbv1.NooBaaSpec{
JoinSecret: &v1.SecretReference{
Name: "noobaa-remote-join-secret",
},
}),
})

@bernerhat bernerhat mentioned this pull request Aug 7, 2024
Merged
@leelavg
Copy link
Contributor

leelavg commented Aug 9, 2024

possible to mention the relation b/n this PR and #2733?

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 12, 2024
@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Aug 12, 2024

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nb-ohad nb-ohad nb-ohad requested changes

+2 more reviewers

@rchikatw rchikatw rchikatw left review comments

@rewantsoni rewantsoni rewantsoni requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

@nb-ohad nb-ohad

@rewantsoni rewantsoni

Labels

needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ezio-auditore @leelavg @openshift-merge-robot @nb-ohad @rewantsoni @rchikatw