Hide Forgot
Description of problem: manila-csi driver needs to have access to its provisioner secrets in order to create snapshots. The snapshotvolumeclass created by the operator doesn't include them. Examples from the cloud-provider-openstack repo show how the VolumeSnapshotClass manifest needs to be: https://github.com/kubernetes/cloud-provider-openstack/blob/f59b11fe7d9b7658a48dc784fc73fdb8735740ba/examples/manila-csi-plugin/nfs/snapshot/snapshotclass.yaml#L6-L8 Current manifest: https://github.com/openshift/csi-driver-manila-operator/blob/8a691874a23de9676ccf45f0c8347726d46e057b/assets/volumesnapshotclass.yaml
Verified with OCP 4.12.0-0.nightly-2022-11-07-181244 on top of RHOS-17.0-RHEL-9-20220909.n.0. Verification steps: 1. The csi-manila-standard VolumeSnapshotClass includes the csi-manila-secrets and openshift-manila-csi-driver secrets: ``` $ oc get volumesnapshotclass csi-manila-standard -o yaml apiVersion: snapshot.storage.k8s.io/v1 deletionPolicy: Delete driver: manila.csi.openstack.org kind: VolumeSnapshotClass metadata: creationTimestamp: "2022-11-10T15:03:46Z" generation: 1 name: csi-manila-standard resourceVersion: "10748" uid: 4b452d9c-9e92-4a30-84be-e46b97fa477a parameters: csi.storage.k8s.io/snapshotter-secret-name: csi-manila-secrets csi.storage.k8s.io/snapshotter-secret-namespace: openshift-manila-csi-driver force-create: "false" ``` 2. Add the "create_share_from_snapshot_support" option: (To enable the creation of snapshots and clone them into new shares) ``` $ manila type-key default set create_share_from_snapshot_support=True $ manila type-list +--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+ | ID | Name | visibility | is_default | required_extra_specs | optional_extra_specs | Description | +--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+ | 179be5af-bf8b-4844-86e7-b787e679f4c2 | default | public | YES | driver_handles_share_servers : False | snapshot_support : True | None | | | | | | | create_share_from_snapshot_support : True | | +--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+ ``` 3. Create a new OCP project: ``` $ oc new-project test1-openshift-manila-csi ``` 4. Create a PVC: ``` $ cat mypvc.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mypvc namespace: test1-openshift-manila-csi spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: csi-manila-default $ oc get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE mypvc Bound pvc-deb9d9ad-ef0f-414b-8cc8-6f3712e2c708 1Gi RWX csi-manila-default 7s ``` 5. Create a VolumeSnapshot: ``` $ cat mypvc.yaml apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: mypvc-snap namespace: test1-openshift-manila-csi spec: volumeSnapshotClassName: csi-manila-standard source: persistentVolumeClaimName: mypvc $ oc apply -f mypvc-snap.yaml volumesnapshot.snapshot.storage.k8s.io/mypvc-snap created $ oc get vs NAME READYTOUSE SOURCEPVC SOURCESNAPSHOTCONTENT RESTORESIZE SNAPSHOTCLASS SNAPSHOTCONTENT CREATIONTIME AGE mypvc-snap true mypvc 1Gi csi-manila-standard snapcontent-0a695f96-76b7-4060-acd1-e77010a53253 66s 67s ``` 6. Verify the shares and the associated snapshots: ``` $ manila snapshot-list +--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+ | ID | Share ID | Status | Name | Share Size | +--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+ | 7789c2ed-4090-4731-82b9-2947ac7146c9 | bed5db7a-67d0-4854-aafe-9da7cb06d181 | available | snapshot-0a695f96-76b7-4060-acd1-e77010a53253 | 1 | +--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+ $ manila snapshot-show 7789c2ed-4090-4731-82b9-2947ac7146c9 +------------------+-----------------------------------------------+ | Property | Value | +------------------+-----------------------------------------------+ | id | 7789c2ed-4090-4731-82b9-2947ac7146c9 | | share_id | bed5db7a-67d0-4854-aafe-9da7cb06d181 | | share_size | 1 | | created_at | 2022-11-10T15:52:29.339239 | | status | available | | name | snapshot-0a695f96-76b7-4060-acd1-e77010a53253 | | description | snapshotted-by=manila.csi.openstack.org | | size | 1 | | share_proto | NFS | | user_id | ee7582c931e541f7859d6facaa5677b3 | | project_id | d8792e11d4f7417996fb4ca0b9487c43 | | export_locations | [] | +------------------+-----------------------------------------------+ ```
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399