Enable backup of storage associated with Pulp custom resource

* Add storage information to pulp status in CRD to enable backup
* Add storage type to pulpbackup status in CRD to enable restore
* Update CSV with new status items
* Gather storage type from pulp CRD
* Collect objectstorage secret or PVC name depending on storage type
* Check PVC for RWM accessMode
* Create management pod with mounted PVC if storage type is RWM file system
* Write objectstorage secret to backup PVC
* Add templated secrets
* Add storage tasks to copy file contents when file storage is used
* Update backup status with storage type
* Don't use fqcn

fixes #8474
https://pulp.plan.io/issues/8474

CHANGES/8474.feature

@@ -0,0 +1 @@
+Enable backup of storage associated with Pulp custom resource

deploy/crds/pulpproject_v1beta1_pulp_cr.object_storage.aws.yaml

@@ -10,4 +10,21 @@ spec:
     debug: "True"
   pulp_storage_type: S3
   pulp_object_storage_s3_secret: example-pulp-object-storage
-
+  pulp_content:
+    replicas: 1
+    resource_requirements:
+      requests:
+        cpu: 150m
+        memory: 256Mi
+  pulp_worker:
+    replicas: 1
+    resource_requirements:
+      requests:
+        cpu: 150m
+        memory: 256Mi
+  pulp_web:
+    replicas: 1
+    resource_requirements:
+      requests:
+        cpu: 100m
+        memory: 256Mi

deploy/crds/pulpproject_v1beta1_pulp_cr.object_storage.azure.yaml

@@ -10,3 +10,21 @@ spec:
     debug: "True"
   pulp_storage_type: Azure
   pulp_object_storage_azure_secret: example-pulp-object-storage
+  pulp_content:
+    replicas: 1
+    resource_requirements:
+      requests:
+        cpu: 150m
+        memory: 256Mi
+  pulp_worker:
+    replicas: 1
+    resource_requirements:
+      requests:
+        cpu: 150m
+        memory: 256Mi
+  pulp_web:
+    replicas: 1
+    resource_requirements:
+      requests:
+        cpu: 100m
+        memory: 256Mi

deploy/crds/pulpproject_v1beta1_pulp_crd.yaml

@@ -374,6 +374,15 @@ spec:
               databaseConfigruationSecret:
                 description: Database configuration secret used by the deployed instance
                 type: string
+              storageType:
+                description: The type of storage being used by the deployed instance
+                type: string
+              storagePersistentVolumeClaim:
+                description: The name of the persistent volume claim used for storage
+                type: string
+              storageSecret:
+                description: The name of the secret used for object storage
+                type: string
               deployedVersion:
                 description: Version of the deployed instance
                 type: string

deploy/crds/pulpproject_v1beta1_pulpbackup_crd.yaml

@@ -51,6 +51,9 @@ spec:
                 pulpBackupDirectory:
                   description: The directory data is backed up to on the PVC
                   type: string
+                pulpDeploymentStorageType:
+                  description: The deployment storage type
+                  type: string
                 conditions:
                   description: The resulting conditions when a Service Telemetry is instantiated
                   items:

deploy/olm-catalog/pulp-operator/manifests/pulp-operator.clusterserviceversion.yaml

@@ -273,6 +273,21 @@ spec:
         path: databaseConfigruationSecret
         x-descriptors:
           - urn:alm:descriptor:io.kubernetes:Secret
+      - displayName: Storage Type
+        description: The type of storage being used by the deployed instance
+        path: storageType
+        x-descriptors:
+          - urn:alm:descriptor:com.tectonic.ui:text
+      - displayName: File Storage
+        description: The name of the persistent volume claim used for storage
+        path: storagePersistentVolumeClaim
+        x-descriptors:
+          - urn:alm:descriptor:com.tectonic.ui:text
+      - displayName: Objectstorage Secret
+        description: Configuration secret for objectstorage
+        path: storageSecret
+        x-descriptors:
+          - urn:alm:descriptor:io.kubernetes:Secret
       - displayName: Version
         description: Version of the instance deployed
         path: deployedVersion
@@ -329,6 +344,11 @@ spec:
         path: pulpBackupDirectory
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:text
+      - displayName: Deployment Storage Type
+        description: The deployment storage type
+        path: pulpDeploymentStorageType
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
   description: Pulp operator
   displayName: Pulp
   icon:

deploy/olm-catalog/pulp-operator/manifests/pulp.pulpproject.org_pulpbackups_crd.yml

@@ -50,6 +50,9 @@ spec:
                 pulpBackupDirectory:
                   description: The directory data is backed up to on the PVC
                   type: string
+                pulpDeploymentStorageType:
+                  description: The deployment storage type
+                  type: string
                 conditions:
                   description: The resulting conditions when a Service Telemetry is instantiated
                   items:

deploy/olm-catalog/pulp-operator/manifests/pulp.pulpproject.org_pulps_crd.yml

@@ -374,6 +374,15 @@ spec:
               databaseConfigruationSecret:
                 description: Database configuration secret used by the deployed instance
                 type: string
+              storageType:
+                description: The type of storage being used by the deployed instance
+                type: string
+              storagePersistentVolumeClaim:
+                description: The name of the persistent volume claim used for storage
+                type: string
+              storageSecret:
+                description: The name of the secret used for object storage
+                type: string
               deployedVersion:
                 description: Version of the deployed instance
                 type: string

roles/backup/defaults/main.yml

@@ -16,3 +16,7 @@ pulp_admin_password_secret: "{{ pulp_name }}-admin-password"
 postgres_configuration_secret: "{{ pulp_name }}-postgres-configuration"
 
 custom_resource_key: '_pulp_pulpproject_org_pulpbackup'
+
+database_type: 'unmanaged'
+
+azure_container_path: ''

roles/backup/tasks/cleanup.yml

@@ -2,12 +2,12 @@
 
 # After copying secret files to the PVC, delete the local tmp copies
 - name: Clean up _secrets directory
-  ansible.builtin.file:
+  file:
     path: "{{ playbook_dir }}/_secrets"
     state: absent
 
 - name: Delete any existing management pod
-  community.kubernetes.k8s:
+  k8s:
     name: "{{ meta.name }}-db-management"
     kind: Pod
     namespace: "{{ meta.namespace }}"

roles/backup/tasks/error_handling.yml

@@ -10,7 +10,6 @@
     now: '{{ lookup("pipe", "date +%FT%TZ") }}'
 
 - name: Emit ocp event with error
-  community.kubernetes.k8s:
-    kind: Event
-    namespace: "{{ meta.namespace }}"
-    template: "event.yml.j2"
+  k8s:
+    state: present
+    definition: "{{ lookup('template', 'templates/event.yaml.j2') | from_yaml }}"

roles/backup/tasks/init.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Delete any existing management pod
-  community.kubernetes.k8s:
+  k8s:
     name: "{{ meta.name }}-db-management"
     kind: Pod
     namespace: "{{ meta.namespace }}"
@@ -46,20 +46,14 @@
     backup_pvc: "{{ pulp_backup_pvc | default(_default_backup_pvc, true) }}"
 
 - name: Create persistent volume claim for backup
-  community.kubernetes.k8s:
+  k8s:
     state: present
     definition: "{{ lookup('template', 'templates/' + item + '.pvc.yaml.j2') | from_yaml }}"
   with_items:
     - backup
   when:
     - pulp_backup_pvc == '' or pulp_backup_pvc is not defined
 
-- name: Create management pod from templated deployment config
-  community.kubernetes.k8s:
-    state: present
-    definition: "{{ lookup('template', 'templates/management-pod.yaml.j2') | from_yaml }}"
-    wait: true
-
 - name: Get Pulp custom resource object
   k8s_info:
     version: v1beta1
@@ -98,3 +92,62 @@
     - pulp_status['databaseConfigruationSecret'] is defined
     - pulp_status['databaseConfigruationSecret'] | length
 
+- name: Set pulp storage type if found
+  set_fact:
+    pulp_storage_type: "{{ pulp_status['storageType'] }}"
+  when:
+    - pulp_status['storageType'] is defined
+    - pulp_status['storageType'] | length
+
+- name: Set pulp file storage claim if found
+  set_fact:
+    pulp_storage_claim: "{{ pulp_status['storagePersistentVolumeClaim'] }}"
+  when:
+    - pulp_status['storagePersistentVolumeClaim'] is defined
+    - pulp_status['storagePersistentVolumeClaim'] | length
+
+- name: Set pulp object storage secret if found
+  set_fact:
+    pulp_storage_secret: "{{ pulp_status['storageSecret'] }}"
+  when:
+    - pulp_status['storageSecret'] is defined
+    - pulp_status['storageSecret'] | length
+
+- name: Get PVC information
+  k8s_info:
+    kind: PersistentVolumeClaim
+    namespace: '{{ meta.namespace }}'
+    name: '{{ pulp_storage_claim }}'
+  register: _storage_claim
+  when: pulp_storage_claim is defined
+
+- name: Set storage claim access mode
+  set_fact:
+    pvc_access_mode: "{{ _storage_claim['resources'][0]['spec']['accessModes'][0] }}"
+  when:
+    - _storage_claim['resources'][0]['spec'] is defined
+    - _storage_claim['resources'][0]['spec']['accessModes'] is defined
+    - _storage_claim['resources'][0]['spec']['accessModes'][0] is defined
+    - _storage_claim['resources'][0]['spec']['accessModes'][0] | length
+
+- name: Surface error to user
+  block:
+    - name: Set error message
+      set_fact:
+        error_msg: "PersistentVolumeClaim accessMode {{ pvc_access_mode }} is not supported for backup, must be ReadWriteMany."
+
+    - name: Handle error
+      import_tasks: error_handling.yml
+
+    - name: Fail if file storge claim access mode is not ReadWriteMany
+      fail:
+        msg: " {{ error_msg }}"
+  when:
+    - pvc_access_mode is defined
+    - pvc_access_mode | lower != "readwritemany"
+
+- name: Create management pod from templated deployment config
+  k8s:
+    state: present
+    definition: "{{ lookup('template', 'templates/management-pod.yaml.j2') | from_yaml }}"
+    wait: true

roles/backup/tasks/main.yml

@@ -12,6 +12,9 @@
 
     - include_tasks: secrets.yml
 
+    - include_tasks: storage.yml
+      when: pulp_storage_type | lower == 'file'
+
     - name: Set flag signifying this backup was successful
       set_fact:
         pulp_backup_complete: "{{ _backup_dir }}"

roles/backup/tasks/postgres.yml

@@ -56,21 +56,21 @@
     _backup_dir: "/backups/pulp-openshift-backup-{{ now }}"
 
 - name: Create directory for backup
-  community.kubernetes.k8s_exec:
+  k8s_exec:
     namespace: "{{ meta.namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-
       mkdir -p {{ _backup_dir }}
 
 - name: Precreate file for database dump
-  community.kubernetes.k8s_exec:
+  k8s_exec:
     namespace: "{{ meta.namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-
       touch {{ _backup_dir }}/pulp.db
 
 - name: Set permissions on file for database dump
-  community.kubernetes.k8s_exec:
+  k8s_exec:
     namespace: "{{ meta.namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-
@@ -86,7 +86,7 @@
       -p {{ postgres_port }}
 
 - name: Write pg_dump to backup on PVC
-  community.kubernetes.k8s_exec:
+  k8s_exec:
     namespace: "{{ meta.namespace }}"
     pod: "{{ meta.name }}-db-management"
     command: >-