2057637 – default VolumeSnapshotClass created by the csi-driver-manila-operator does not contain secrets

Bug 2057637 - default VolumeSnapshotClass created by the csi-driver-manila-operator does not contain secrets

Summary: default VolumeSnapshotClass created by the csi-driver-manila-operator does no...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.12.0
Assignee:	Goutham Pacha Ravi
QA Contact:	Itay Matza
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-23 18:52 UTC by Goutham Pacha Ravi
Modified:	2023-01-17 19:48 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	* Previously, there were missing annotations on the Manila CSI Driver Operator's VolumeSnapshotClass. Consequently, the Manila CSI snapshotter could not locate secrets, and could not create snapshots with the default VolumeSnapshotClass. This update fixes the issue so that secret names and namespace are included in the default VolumeSnapshotClass. As a result, users can now create snapshots in the Manila CSI Driver Operator using the default VolumeSnapshotClass. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2057637[BZ#2057637])
Clone Of:
Environment:
Last Closed:	2023-01-17 19:47:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift csi-driver-manila-operator issues 139	None	open	snapshotvolumeclass doesn't include secrets	2022-02-23 18:52:16 UTC
Github	openshift csi-driver-manila-operator pull 156	None	open	Bug 2057637: Include secrets to VolumeSnapshotClass	2022-10-03 11:46:00 UTC
Red Hat Product Errata	RHSA-2022:7399	None	None	None	2023-01-17 19:48:02 UTC

Description Goutham Pacha Ravi 2022-02-23 18:52:17 UTC

Description of problem:

manila-csi driver needs to have access to its provisioner secrets in order to create snapshots. The snapshotvolumeclass created by the operator doesn't include them.

Examples from the cloud-provider-openstack repo show how the VolumeSnapshotClass manifest needs to be:

https://github.com/kubernetes/cloud-provider-openstack/blob/f59b11fe7d9b7658a48dc784fc73fdb8735740ba/examples/manila-csi-plugin/nfs/snapshot/snapshotclass.yaml#L6-L8


Current manifest: https://github.com/openshift/csi-driver-manila-operator/blob/8a691874a23de9676ccf45f0c8347726d46e057b/assets/volumesnapshotclass.yaml

Comment 10 Itay Matza 2022-11-13 11:01:48 UTC

Verified with OCP 4.12.0-0.nightly-2022-11-07-181244 on top of RHOS-17.0-RHEL-9-20220909.n.0.

Verification steps:

1. The csi-manila-standard VolumeSnapshotClass includes the csi-manila-secrets and openshift-manila-csi-driver secrets:
```
	$ oc get volumesnapshotclass csi-manila-standard -o yaml
	apiVersion: snapshot.storage.k8s.io/v1
	deletionPolicy: Delete
	driver: manila.csi.openstack.org
	kind: VolumeSnapshotClass
	metadata:
	  creationTimestamp: "2022-11-10T15:03:46Z"
	  generation: 1
	  name: csi-manila-standard
	  resourceVersion: "10748"
	  uid: 4b452d9c-9e92-4a30-84be-e46b97fa477a
	parameters:
	  csi.storage.k8s.io/snapshotter-secret-name: csi-manila-secrets
	  csi.storage.k8s.io/snapshotter-secret-namespace: openshift-manila-csi-driver
	  force-create: "false"
```

2. Add the "create_share_from_snapshot_support" option: (To enable the creation of snapshots and clone them into new shares)
```
	$ manila type-key default set create_share_from_snapshot_support=True
	$ manila type-list
	+--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+
	| ID                                   | Name    | visibility | is_default | required_extra_specs                 | optional_extra_specs                      | Description |
	+--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+
	| 179be5af-bf8b-4844-86e7-b787e679f4c2 | default | public     | YES        | driver_handles_share_servers : False | snapshot_support : True                   | None        |
	|                                      |         |            |            |                                      | create_share_from_snapshot_support : True |             |
	+--------------------------------------+---------+------------+------------+--------------------------------------+-------------------------------------------+-------------+
```


3. Create a new OCP project:
```
	$ oc new-project test1-openshift-manila-csi

```

4. Create a PVC:
```
	$ cat mypvc.yaml
	apiVersion: v1                         
	kind: PersistentVolumeClaim            
	metadata:                              
	  name: mypvc                          
	  namespace: test1-openshift-manila-csi
	spec:                                  
	  accessModes:                         
	  - ReadWriteMany                      
	  resources:                           
		requests:                          
		  storage: 1Gi                     
	  storageClassName: csi-manila-default 

	$ oc get pvc                                                                                                                              
	NAME    STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS         AGE                                                               
	mypvc   Bound    pvc-deb9d9ad-ef0f-414b-8cc8-6f3712e2c708   1Gi        RWX            csi-manila-default   7s                                                                


```

5. Create a VolumeSnapshot:
```
	$ cat mypvc.yaml
	apiVersion: snapshot.storage.k8s.io/v1        
	kind: VolumeSnapshot                          
	metadata:                                     
	  name: mypvc-snap                            
	  namespace: test1-openshift-manila-csi       
	spec:                                         
	  volumeSnapshotClassName: csi-manila-standard
	  source:                                     
		persistentVolumeClaimName: mypvc         

	$ oc apply -f mypvc-snap.yaml

	volumesnapshot.snapshot.storage.k8s.io/mypvc-snap created     
	$ oc get vs
	NAME         READYTOUSE   SOURCEPVC   SOURCESNAPSHOTCONTENT   RESTORESIZE   SNAPSHOTCLASS         SNAPSHOTCONTENT                                    CREATIONTIME   AGE
	mypvc-snap   true         mypvc                               1Gi           csi-manila-standard   snapcontent-0a695f96-76b7-4060-acd1-e77010a53253   66s            67s

```


6. Verify the shares and the associated snapshots:
```
	$ manila snapshot-list         
	+--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+
	| ID                                   | Share ID                             | Status    | Name                                          | Share Size |
	+--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+
	| 7789c2ed-4090-4731-82b9-2947ac7146c9 | bed5db7a-67d0-4854-aafe-9da7cb06d181 | available | snapshot-0a695f96-76b7-4060-acd1-e77010a53253 | 1          |
	+--------------------------------------+--------------------------------------+-----------+-----------------------------------------------+------------+
	$ manila snapshot-show 7789c2ed-4090-4731-82b9-2947ac7146c9
	+------------------+-----------------------------------------------+                                                                                                                                               
	| Property         | Value                                         |                                                                                                                    
	+------------------+-----------------------------------------------+
	| id               | 7789c2ed-4090-4731-82b9-2947ac7146c9          |
	| share_id         | bed5db7a-67d0-4854-aafe-9da7cb06d181          |
	| share_size       | 1                                             |
	| created_at       | 2022-11-10T15:52:29.339239                    |
	| status           | available                                     |
	| name             | snapshot-0a695f96-76b7-4060-acd1-e77010a53253 |
	| description      | snapshotted-by=manila.csi.openstack.org       |
	| size             | 1                                             |
	| share_proto      | NFS                                           |
	| user_id          | ee7582c931e541f7859d6facaa5677b3              |
	| project_id       | d8792e11d4f7417996fb4ca0b9487c43              |
	| export_locations | []                                            |
	+------------------+-----------------------------------------------+
```

Comment 12 errata-xmlrpc 2023-01-17 19:47:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399

Note You need to log in before you can comment on or make changes to this bug.