Bug 2057637 - default VolumeSnapshotClass created by the csi-driver-manila-operator does not contain secrets
Summary: default VolumeSnapshotClass created by the csi-driver-manila-operator does no...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.10
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.12.0
Assignee: Goutham Pacha Ravi
QA Contact: Itay Matza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-23 18:52 UTC by Goutham Pacha Ravi
Modified: 2023-01-17 19:48 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
* Previously, there were missing annotations on the Manila CSI Driver Operator's VolumeSnapshotClass. Consequently, the Manila CSI snapshotter could not locate secrets, and could not create snapshots with the default VolumeSnapshotClass. This update fixes the issue so that secret names and namespace are included in the default VolumeSnapshotClass. As a result, users can now create snapshots in the Manila CSI Driver Operator using the default VolumeSnapshotClass. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2057637[*BZ#2057637*])
Clone Of:
Environment:
Last Closed: 2023-01-17 19:47:48 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift csi-driver-manila-operator issues 139 0 None open snapshotvolumeclass doesn't include secrets 2022-02-23 18:52:16 UTC
Github openshift csi-driver-manila-operator pull 156 0 None open Bug 2057637: Include secrets to VolumeSnapshotClass 2022-10-03 11:46:00 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:48:02 UTC

Description Goutham Pacha Ravi 2022-02-23 18:52:17 UTC
Description of problem:

manila-csi driver needs to have access to its provisioner secrets in order to create snapshots. The snapshotvolumeclass created by the operator doesn't include them.

Examples from the cloud-provider-openstack repo show how the VolumeSnapshotClass manifest needs to be:

https://github.com/kubernetes/cloud-provider-openstack/blob/f59b11fe7d9b7658a48dc784fc73fdb8735740ba/examples/manila-csi-plugin/nfs/snapshot/snapshotclass.yaml#L6-L8


Current manifest: https://github.com/openshift/csi-driver-manila-operator/blob/8a691874a23de9676ccf45f0c8347726d46e057b/assets/volumesnapshotclass.yaml

Comment 10 Itay Matza 2022-11-13 11:01:48 UTC
Verified with OCP 4.12.0-0.nightly-2022-11-07-181244 on top of RHOS-17.0-RHEL-9-20220909.n.0.

Verification steps:

1. The csi-manila-standard VolumeSnapshotClass includes the csi-manila-secrets and openshift-manila-csi-driver secrets:
```
	$ oc get volumesnapshotclass csi-manila-standard -o yaml
	apiVersion: snapshot.storage.k8s.io/v1
	deletionPolicy: Delete
	driver: manila.csi.openstack.org
	kind: VolumeSnapshotClass
	metadata:
	  creationTimestamp: "2022-11-10T15:03:46Z"
	  generation: 1
	  name: csi-manila-standard
	  resourceVersion: "10748"
	  uid: 4b452d9c-9e92-4a30-84be-e46b97fa477a
	parameters:
	  csi.storage.k8s.io/snapshotter-secret-name: csi-manila-secrets
	  csi.storage.k8s.io/snapshotter-secret-namespace: openshift-manila-csi-driver
	  force-create: "false"
```

2. Add the "create_share_from_snapshot_support" option: (To enable the creation of snapshots and clone them into new shares)
```
	$ manila type-key default set create_share_from_snapshot_support=True
	$ manila type-list
	+--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+
	| ID                                   | Name    | visibility | is_default | required_extra_specs                 | optional_extra_specs                      | Description |
	+--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+
	| 179be5af-bf8b-4844-86e7-b787e679f4c2 | default | public     | YES        | driver_handles_share_servers : False | snapshot_support : True                   | None        |
	|                                      |         |            |            |                                      | create_share_from_snapshot_support : True |             |
	+--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+
```


3. Create a new OCP project:
```
	$ oc new-project test1-openshift-manila-csi

```

4. Create a PVC:
```
	$ cat mypvc.yaml
	apiVersion: v1                         
	kind: PersistentVolumeClaim            
	metadata:                              
	  name: mypvc                          
	  namespace: test1-openshift-manila-csi
	spec:                                  
	  accessModes:                         
	  - ReadWriteMany                      
	  resources:                           
		requests:                          
		  storage: 1Gi                     
	  storageClassName: csi-manila-default 

	$ oc get pvc                                                                                                                              
	NAME    STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS         AGE                                                               
	mypvc   Bound    pvc-deb9d9ad-ef0f-414b-8cc8-6f3712e2c708   1Gi        RWX            csi-manila-default   7s                                                                


```

5. Create a VolumeSnapshot:
```
	$ cat mypvc.yaml
	apiVersion: snapshot.storage.k8s.io/v1        
	kind: VolumeSnapshot                          
	metadata:                                     
	  name: mypvc-snap                            
	  namespace: test1-openshift-manila-csi       
	spec:                                         
	  volumeSnapshotClassName: csi-manila-standard
	  source:                                     
		persistentVolumeClaimName: mypvc         

	$ oc apply -f mypvc-snap.yaml

	volumesnapshot.snapshot.storage.k8s.io/mypvc-snap created     
	$ oc get vs
	NAME         READYTOUSE   SOURCEPVC   SOURCESNAPSHOTCONTENT   RESTORESIZE   SNAPSHOTCLASS         SNAPSHOTCONTENT                                    CREATIONTIME   AGE
	mypvc-snap   true         mypvc                               1Gi           csi-manila-standard   snapcontent-0a695f96-76b7-4060-acd1-e77010a53253   66s            67s

```


6. Verify the shares and the associated snapshots:
```
	$ manila snapshot-list         
	+--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+
	| ID                                   | Share ID                             | Status    | Name                                          | Share Size |
	+--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+
	| 7789c2ed-4090-4731-82b9-2947ac7146c9 | bed5db7a-67d0-4854-aafe-9da7cb06d181 | available | snapshot-0a695f96-76b7-4060-acd1-e77010a53253 | 1          |
	+--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+
	$ manila snapshot-show 7789c2ed-4090-4731-82b9-2947ac7146c9
	+------------------+-----------------------------------------------+                                                                                                                                               
	| Property         | Value                                         |                                                                                                                    
	+------------------+-----------------------------------------------+
	| id               | 7789c2ed-4090-4731-82b9-2947ac7146c9          |
	| share_id         | bed5db7a-67d0-4854-aafe-9da7cb06d181          |
	| share_size       | 1                                             |
	| created_at       | 2022-11-10T15:52:29.339239                    |
	| status           | available                                     |
	| name             | snapshot-0a695f96-76b7-4060-acd1-e77010a53253 |
	| description      | snapshotted-by=manila.csi.openstack.org       |
	| size             | 1                                             |
	| share_proto      | NFS                                           |
	| user_id          | ee7582c931e541f7859d6facaa5677b3              |
	| project_id       | d8792e11d4f7417996fb4ca0b9487c43              |
	| export_locations | []                                            |
	+------------------+-----------------------------------------------+
```

Comment 12 errata-xmlrpc 2023-01-17 19:47:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399


Note You need to log in before you can comment on or make changes to this bug.