2069314 – OCS external mode should allow specifying names for all Ceph auth principals

Bug 2069314 - OCS external mode should allow specifying names for all Ceph auth principals

Summary: OCS external mode should allow specifying names for all Ceph auth principals

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	rook
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	ODF 4.11.0
Assignee:	Parth Arora
QA Contact:	Vijay Avuthu
Docs Contact:
URL:
Whiteboard:
Depends On:	1996830
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-28 17:21 UTC by Neha Berry
Modified:	2023-08-09 17:03 UTC (History)
CC List:	15 users (show)
Fixed In Version:	4.11.0-96
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1996830
Environment:
Last Closed:	2022-08-24 13:49:54 UTC
Embargoed:
Flags:	paarora: needinfo+ paarora: needinfo+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	red-hat-storage rook pull 386	0	None	open	Bug 2069314: csi: make storage class updated with csi-users in external cluster	2022-06-09 06:45:21 UTC
Red Hat Product Errata	RHSA-2022:6156	0	None	None	None	2022-08-24 13:50:41 UTC

Comment 5 Travis Nielsen 2022-05-16 15:18:32 UTC

Parth can we move this to ON_QA?

Comment 6 Parth Arora 2022-05-17 05:58:53 UTC

Yes, @vavuthu should be testing this

Comment 8 Vijay Avuthu 2022-06-28 11:16:03 UTC

verified here: https://ocs4-jenkins-csb-odf-qe.apps.ocp-c1.prod.psi.redhat.com/job/qe-deploy-ocs-cluster/13952/console

022-06-27 15:40:30  10:10:30 - MainThread - ocs_ci.utility.connection - INFO  - Executing cmd: python3 /tmp/external-cluster-details-exporter-2kazn3tr.py --rbd-data-pool-name rbd --rgw-endpoint 10.x.xxx.xx7:8080 --cluster-name jnk-pr6046-b2994 --cephfs-filesystem-name cephfs --restricted-auth-permission true on 10.x.xxx.xx9

2022-06-27 15:40:31  10:10:31 - MainThread - ocs_ci.utility.connection - INFO  - Executing cmd: ceph auth get client.admin on 10.x.xxx.xx9
2022-06-27 15:40:31  10:10:31 - MainThread - ocs_ci.utility.templating - INFO  - apiVersion: v1

> rbd_node_secret, rbd_provisioner_secret, cephfs_node_secret and cephfs_provisioner_secret  are created as expected. 

client.csi-cephfs-node-jnk-pr6046-b2994-cephfs
	key: AQAWgrlidaf+MRAAz2jF6uQxLr5LnN9v0T7dOw==
	caps: [mds] allow rw
	caps: [mgr] allow rw
	caps: [mon] allow r, allow command 'osd blocklist'
	caps: [osd] allow rw tag cephfs *=cephfs


client.csi-cephfs-provisioner-jnk-pr6046-b2994-cephfs
	key: AQAWgrliH3dfMhAAYrfnvWePGE4+ZzecgAoHVw==
	caps: [mgr] allow rw
	caps: [mon] allow r, allow command 'osd blocklist'
	caps: [osd] allow rw tag cephfs metadata=cephfs


client.csi-rbd-node-jnk-pr6046-b2994-rbd
	key: AQAWgrligyYfMRAAq1JzoKFVfinZaiP8o8XnbQ==
	caps: [mon] profile rbd, allow command 'osd blocklist'
	caps: [osd] profile rbd pool=rbd

client.csi-rbd-provisioner-jnk-pr6046-b2994-rbd
	key: AQAWgrlikQmaMRAAkB0U/IHSYcpfok0Uj2jZbQ==
	caps: [mgr] allow rw
	caps: [mon] profile rbd, allow command 'osd blocklist'
	caps: [osd] profile rbd pool=rbd

> $ oc -n openshift-storage get StorageClass ocs-external-storagecluster-cephfs -n openshift-storage -o yaml
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    description: Provides RWO and RWX Filesystem volumes
  creationTimestamp: "2022-06-27T10:10:32Z"
  managedFields:

parameters:
  clusterID: openshift-storage
  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner-jnk-pr6046-b2994-cephfs
  csi.storage.k8s.io/controller-expand-secret-namespace: openshift-storage
  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node-jnk-pr6046-b2994-cephfs
  csi.storage.k8s.io/node-stage-secret-namespace: openshift-storage
  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner-jnk-pr6046-b2994-cephfs
  csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage
  fsName: cephfs
  pool: cephfs_data


$ oc -n openshift-storage get StorageClass ocs-external-storagecluster-ceph-rbd -n openshift-storage -o yaml
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass

parameters:
  clusterID: openshift-storage
  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner-jnk-pr6046-b2994-rbd
  csi.storage.k8s.io/controller-expand-secret-namespace: openshift-storage
  csi.storage.k8s.io/fstype: ext4
  csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node-jnk-pr6046-b2994-rbd
  csi.storage.k8s.io/node-stage-secret-namespace: openshift-storage
  csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner-jnk-pr6046-b2994-rbd
  csi.storage.k8s.io/provisioner-secret-namespace: openshift-storage
  imageFeatures: layering,deep-flatten,exclusive-lock,object-map,fast-diff
  imageFormat: "2"
  pool: rbd
provisioner: openshift-storage.rbd.csi.ceph.com

Comment 10 errata-xmlrpc 2022-08-24 13:49:54 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6156

Note You need to log in before you can comment on or make changes to this bug.