Storageclusterpeer

[rewantsoni]

add a new CR and controller to peer two block pools with the same name

1. used the command: operator-sdk create api --group ocs --version v1 --kind StorageClusterPeer --resource --controller to create the CR and controller
2. added logic for creating and deletion of storageClusterPeer

Depends on (in Order)

1. cephblockpool: allow updation of mirroring field from different components #2480
2. add rpc call for PeerBlockPool #2457
3. add rpc call for RevokeBlockPoolPeering #2493

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rewantsoni
Once this PR has been reviewed and has the lgtm label, please assign nb-ohad for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rewantsoni]

Last 3 commits are up for review

[jarrpa]

Leave a note in the PR description saying which PR this is dependent on.

[leelavg]

reviewing in phases, will do a more thorough one at the earliest/after draft.

[leelavg]

I don't think this file is required.

[leelavg]

I think it'd be better to add the operator-sdk command that you used for generating the files to this commit msg.

[leelavg]

pls do mention what aspect of the linter we are skipping in a new line.

[leelavg]

I don't think get alone works, basically underlying infra lists the existing and keeps on updating the cache so you need list perms as well.

[rewantsoni]

During testing it, it worked with get as far as I recall, I will check it once again and update it

[rewantsoni]

Tested the changes, only using get works

[leelavg]

ack, maybe only client from runtime manager require both list & get. Pls recheck that there's no existing rbac for list of secrets and resolve the comment.

[leelavg]

storageClassRequest, a typo?

[rewantsoni]

Yes, I will fix it

[leelavg]

so mirroring on block pools is all or none?

[rewantsoni]

Yes, we decided that this will be the initial design, if required we might add annotations to whitelist/blacklist the blockpools

[leelavg]

why do we need to construct a grpc client on every reconcile?

[rewantsoni]

We need to APIServerURI, which will be different for different clusters

[rewantsoni]

Testing:

Cluster 1(primary):
[rewantsoni ] date; oc get clusterversion -oyaml | grep clusterID; oc get cephblockpool ocs-storagecluster-cephblockpool -oyaml | yq '.spec .mirroring'; oc get storageclusterpeer
Wed Mar  6 11:38:12 IST 2024
    clusterID: 4293c939-42b2-4565-b22f-81f53df19844
{}
No resources found in openshift-storage namespace.

Cluster 2(secondary):
[rewantsoni ] date; oc get clusterversion -oyaml | grep clusterID; oc get cephblockpool ocs-storagecluster-cephblockpool -oyaml | yq '.spec.mirroring'; oc get cephrbdmirror 
Wed Mar  6 11:40:37 IST 2024
    clusterID: a96546a7-5e86-4d6e-aded-b6664c3d8f3e
{}
No resources found in openshift-storage namespace.

After applying StorageClusterPeer:

Cluster 1(primary):
[rewantsoni ] date; oc get clusterversion -oyaml | grep clusterID; oc get cephblockpool ocs-storagecluster-cephblockpool -oyaml | yq '.spec .mirroring'; oc get storageclusterpeer
Wed Mar  6 11:41:48 IST 2024
    clusterID: 4293c939-42b2-4565-b22f-81f53df19844
enabled: true
mode: image
NAME                        AGE   PHASE
storageclusterpeer-sample   18s   Ready

Cluster 2(secondary):
[rewantsoni ] date; oc get clusterversion -oyaml | grep clusterID; oc get cephblockpool ocs-storagecluster-cephblockpool -oyaml | yq '.spec.mirroring'; oc get cephrbdmirror; oc get secret bootstrap-secret-e01e021da3ee4ed84ed95581cb7ae967
Wed Mar  6 11:43:16 IST 2024
    clusterID: a96546a7-5e86-4d6e-aded-b6664c3d8f3e
enabled: true
mode: image
peers:
  secretNames:
    - bootstrap-secret-e01e021da3ee4ed84ed95581cb7ae967
NAME         PHASE
rbd-mirror   Ready
NAME                                                TYPE     DATA   AGE
bootstrap-secret-e01e021da3ee4ed84ed95581cb7ae967   Opaque   2      99s

After deleting the StorageClusterpeer:

Cluster 1(primary):
[rewantsoni ] date; oc get clusterversion -oyaml | grep clusterID; oc get cephblockpool ocs-storagecluster-cephblockpool -oyaml | yq '.spec .mirroring'; oc get storageclusterpeer
Wed Mar  6 11:44:35 IST 2024
    clusterID: 4293c939-42b2-4565-b22f-81f53df19844
{}
No resources found in openshift-storage namespace.

Cluster 2(secondary):
[rewantsoni ] date; oc get clusterversion -oyaml | grep clusterID; oc get cephblockpool ocs-storagecluster-cephblockpool -oyaml | yq '.spec.mirroring'; oc get cephrbdmirror; oc get secret bootstrap-secret-e01e021da3ee4ed84ed95581cb7ae967
Wed Mar  6 11:45:27 IST 2024
    clusterID: a96546a7-5e86-4d6e-aded-b6664c3d8f3e
peers: {}
No resources found in openshift-storage namespace.
Error from server (NotFound): secrets "bootstrap-secret-e01e021da3ee4ed84ed95581cb7ae967" not found

[rewantsoni]

/test ocs-operator-bundle-e2e-aws

[leelavg]

intentionally mentioned / inplace of :?

[rewantsoni]

No, updated it. thanks for pointing it out

[leelavg]

can use ctx inplace of context

[leelavg]

so you'll have multiple scp in the same namespace? more like, if you have two blockpools and first has two peers, second has only one peer, should you enqueue all the peer CRs (all 3) or can enqueue peers corresponding to block pool only?

let me know if my understanding is incorrect.

[rewantsoni]

A single storageClusterPeer will peer all the block pools created, if we have two storageClusterPeer, it will peer all the block pools present to both peer clusters

[leelavg]

where is this SetFinalizers defined? why can't we use controllerutil.SetFinalizer and conditionally update the resource?

[rewantsoni]

SetFinalizers is a pre-defined function, it is defined as:

func (meta *ObjectMeta) SetFinalizers(finalizers []string)            { meta.Finalizers = finalizers }

Updated to use helper function

[leelavg]

redundant op?

[rewantsoni]

Yes, updated it

[leelavg]

pls use helper from controllerutil.

[leelavg]

is there any reason in enabling mirroring daemon via gRPC but not locally?

[rewantsoni]

The mirror daemon is required on the secondary Cluster not on primary cluster

[leelavg]

maybe reconcileOwnBlockPool sounds better as other one is being called reconcilePeerBlockPool 🤔?

[rewantsoni]

how about reconcileLocalBlockPool?

[leelavg]

in existing rdr how is the secret name generated?

[rewantsoni]

@vbnrh @umangachapagain could you help me in answering this question?

[leelavg]

if clusterID is required for each reconcile, why not store it in the struct itself as it's same throughout the lifetime of cluster?

on another note, I did come across this util func, seems a bit misleading, it'd have been better if it returns err on failure not sure why func dependents are ok with empty val.

[rewantsoni]

Yes, even I am not sure why we are okay with returning empty val,
@iamniting @malayparida2000 could you elaborate on why we are returning empty val?

[iamniting]

This func is called at one place earlier while constructing configmap. I am not able to recall why we were returning an empty value. As you are already checking if the value is empty and returning the reconcile that should be good.

[leelavg]

incorrect I guess, you are removing finalizer from in-memory object but not on api server, need to update here.