From d2bf7d1dc01f15bcebc6d8f0d9c868607c121749 Mon Sep 17 00:00:00 2001
From: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
Date: Mon, 2 Feb 2026 11:23:38 -0300
Subject: [PATCH] [Cinder] mount state path volume for all NetApp backends

Currently, Cinder state path (`/var/lib/cinder`) is only mounted as an
writable `emptyDir` volume to Cinder containers when either NetApp iSCSI
or FC storage backends are enabled. However, a writable state path is
also required by NFS storage backends to be used as mount point for NFS
shares (e.g., `nfs_mount_point_base = $state_path/mnt` [1]).

This change dynamically mounts the `emptyDir` state path volume to both
Cinder Volume and Backup services whenever any of the supported NetApp
backends are enabled.

In addition, this change makes the `DEFAULT.image_conversion_dir`
override common for all the storage backends, making it possible to also
configure an Optional Image Conversion File System [2] when NetApp
backends are used without any Ceph backend available.

Test Plan:
[PASS] build packages
[PASS] upload and apply the app tarball enabling only NetApp NFS
[PASS] Check that `@netapp-nfs` volume service is `UP`
       (driver successfully initialized)
       `openstack volume service list`
[PASS] Check that `netapp-nfs` volume type is available
       `openstack volume type list`
[PASS] Check that `@netapp-nfs#<nfs_shares>` pool is available
       `cinder get-pools`
[PASS] Create Glance image
       `openstack image create --disk-format qcow2 \
       --shared --file images/my-image.img my-image`
[PASS] Create Cinder volume from Glance image
       `openstack volume create --size 1 --image my-image my-vol`
[PASS] Backup Cinder volume
       `openstack volume backup create --name my-backup my-vol`
[PASS] Launch VM from bootable volume
       `openstack server create \
        --flavor my-flavor \
        --network "my-network" \
        --block-device uuid=$VOLUME_UUID,source_type=volume,destination_type=volume,boot_index=0\
        --wait vm-netapp-nfs`

[1]https://docs.openstack.org/cinder/2025.1/_static/cinder.conf.sample
[2]https://docs.starlingx.io/r/stx.9.0/storage/openstack/configure-an-optional-cinder-file-system.html

Closes-Bug: #2139608

Change-Id: Ie3896965bfeaa93451c0994060dd53df13ad3cb7
Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
(cherry picked from commit a4504e7dbef5ea5ed3687d614d347e569d327433)
---
 .../k8sapp_openstack/common/constants.py      |  3 +
 .../k8sapp_openstack/helm/cinder.py           | 60 +++++++++++++------
 ...Add-Netapp-backend-support-to-Cinder.patch | 60 ++++---------------
 3 files changed, 57 insertions(+), 66 deletions(-)

diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py
index 94c3112c..7b0614a9 100644
--- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py
+++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/common/constants.py
@@ -142,6 +142,9 @@ ROOK_CEPH_POOL_NOVA_RBD_CHUNK_SIZE = 0
 # Keystone version used as the default value when getting service name and type
 KEYSTONE_CURRENT_VERSION = 'v3'
 
+# Cinder definitions
+CINDER_STATE_PATH = "/var/lib/cinder"
+OVERRIDE_CINDER_STATE_PATH = "cinder.DEFAULT.state_path"
 # Cinder version used as the default value when getting service name and type
 CINDER_CURRENT_VERSION = 'v3'
 
diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py
index e912b0eb..fb65e908 100644
--- a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py
+++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py
@@ -43,22 +43,41 @@ class CinderHelm(openstack.OpenstackBaseHelm):
             backend_name, app_constants.BACKUP_DEFAULT_DRIVER
         )
 
-    def _get_mount_overrides(self, netapp_enabled=False):
+    def _get_mount_overrides(self):
         overrides = {
             'volumes': [],
             'volumeMounts': []
         }
         overrides['volumes'].append({
-            'name': 'newvolume',
+            'name': 'imageconversion',
             'hostPath': {'path': tsc.IMAGE_CONVERSION_PATH}
         })
         overrides['volumeMounts'].append({
-            'name': 'newvolume',
+            'name': 'imageconversion',
             'mountPath': tsc.IMAGE_CONVERSION_PATH
         })
 
-        # Mount CA certificate for NetApp HTTPS connections
-        if netapp_enabled:
+        if self.netapp_enabled:
+            # Mount Cinder writable state path used by default for:
+            # - `$state_path/ssh_known_hosts`: file containing SSH host keys
+            # for the systems with which Cinder needs to communicate;
+            # - `$state_path/volumes`: directory used by some drivers to
+            # store volume configuration data;
+            # - `$state_path/mnt`: directory used as mount point for NFS shares.
+            state_path = _get_value_from_application(
+                default_value=app_constants.CINDER_STATE_PATH,
+                chart_name=self.CHART,
+                override_name=app_constants.OVERRIDE_CINDER_STATE_PATH
+            )
+            overrides['volumes'].append({
+                'name': 'varlibcinder',
+                'emptyDir': {}
+            })
+            overrides['volumeMounts'].append({
+                'name': 'varlibcinder',
+                'mountPath': state_path
+            })
+            # Mount CA certificate for NetApp HTTPS connections
             host_cert = _get_value_from_application(
                 default_value=app_constants.NETAPP_TLS_DEFAULT_HOST_CERT,
                 chart_name=self.CHART,
@@ -122,6 +141,7 @@ class CinderHelm(openstack.OpenstackBaseHelm):
         self._netapp_fc_enabled = bool(
             self.available_backends.get(app_constants.NETAPP_FC_BACKEND_NAME, False)
         )
+        self.netapp_enabled = any(self.available_netapp_backends)
         LOG.info(f"Cinder available backends: {self.available_backends}")
         LOG.info(f"Cinder available NetApp backends: {self.available_netapp_backends}")
         LOG.info(f"Cinder volume priority list: {self.VOLUME_PRIORITY_LIST}")
@@ -200,9 +220,10 @@ class CinderHelm(openstack.OpenstackBaseHelm):
                     },
                     'mounts': {
                         'cinder_volume': {
-                            'cinder_volume': self._get_mount_overrides(
-                                netapp_enabled=any(self.available_netapp_backends)
-                            )
+                            'cinder_volume': self._get_mount_overrides()
+                        },
+                        'cinder_backup': {
+                            'cinder_backup': self._get_mount_overrides()
                         }
                     },
                     'replicas': {
@@ -342,17 +363,6 @@ class CinderHelm(openstack.OpenstackBaseHelm):
         backends_list = list(filter(None, set(existing_backends + new_backends_list)))
         cinder_overrides['DEFAULT']['enabled_backends'] = ','.join(backends_list)
 
-        # Check if conversion overrides should be generated
-        current_host_fs_list = self.dbapi.host_fs_get_list()
-        chosts = self.dbapi.ihost_get_by_personality(constants.CONTROLLER)
-        chosts_fs = [fs for fs in current_host_fs_list
-                            if fs['name'] == constants.FILESYSTEM_NAME_IMAGE_CONVERSION]
-
-        # conversion overrides should be generated only if each controller node
-        # configured has the conversion partition added
-        if len(chosts) == len(chosts_fs):
-            cinder_overrides['DEFAULT']['image_conversion_dir'] = tsc.IMAGE_CONVERSION_PATH
-
         # Always set the default_volume_type to the volume type associated with the
         # primary Ceph backend/tier which is available on all StarlingX platform
         # configurations. This will guarantee that any Cinder API requests for
@@ -539,6 +549,7 @@ class CinderHelm(openstack.OpenstackBaseHelm):
         cinder_overrides = {
             'DEFAULT': {
                 'os_region_name': self.get_region_name(),
+                'state_path': app_constants.CINDER_STATE_PATH,
             },
         }
 
@@ -547,6 +558,17 @@ class CinderHelm(openstack.OpenstackBaseHelm):
                 'cafile': self.get_ca_file()
             }
 
+        # Check if conversion overrides should be generated
+        current_host_fs_list = self.dbapi.host_fs_get_list()
+        chosts = self.dbapi.ihost_get_by_personality(constants.CONTROLLER)
+        chosts_fs = [fs for fs in current_host_fs_list
+                    if fs['name'] == constants.FILESYSTEM_NAME_IMAGE_CONVERSION]
+
+        # conversion overrides should be generated only if each controller node
+        # configured has the conversion partition added
+        if len(chosts) == len(chosts_fs):
+            cinder_overrides['DEFAULT']['image_conversion_dir'] = tsc.IMAGE_CONVERSION_PATH
+
         return cinder_overrides
 
     def _get_common_backend_overrides(self):
diff --git a/upstream/helm-charts/openstack-helm/debian/deb_folder/patches/0041-Add-Netapp-backend-support-to-Cinder.patch b/upstream/helm-charts/openstack-helm/debian/deb_folder/patches/0041-Add-Netapp-backend-support-to-Cinder.patch
index 3b55613f..01625e36 100644
--- a/upstream/helm-charts/openstack-helm/debian/deb_folder/patches/0041-Add-Netapp-backend-support-to-Cinder.patch
+++ b/upstream/helm-charts/openstack-helm/debian/deb_folder/patches/0041-Add-Netapp-backend-support-to-Cinder.patch
@@ -1,4 +1,4 @@
-From 908c5bdc444f14639b798fb35d37d22d6d53c9d1 Mon Sep 17 00:00:00 2001
+From d0aa6062f664833204b80ee05a5d298da71d3749 Mon Sep 17 00:00:00 2001
 From: Joao Fracarolli <joao.vicentinifracarolli@windriver.com>
 Date: Wed, 26 Nov 2025 11:36:33 -0300
 Subject: [PATCH] Add Netapp backend support to Cinder
@@ -26,17 +26,23 @@ initializations.
 
 Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
 
-[ Ported to 2025.1 Epoxy ]
-Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
+[Removes Cinder state path mounts]
+Cinder state path can be mounted dynamically by overriding the
+`pod.mounts.cinder_volume` and `pod.mounts.cinder_backup` when required
+per cinder storage backend.
+
+Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
+
+[ Ported from Caracal to Epoxy]
+Signed-off-by: Alex Figueiredo <alex.fernandesfigueiredo@windriver.com>
 ---
  cinder/templates/bin/_storage-init.sh.tpl     |  5 ++++
- cinder/templates/deployment-backup.yaml       |  4 +++
- cinder/templates/deployment-volume.yaml       |  8 ++++-
+ cinder/templates/deployment-volume.yaml       |  4 ++-
  cinder/templates/job-storage-init.yaml        | 18 +++++++----
  cinder/templates/utils/_has_ceph_backend.tpl  |  4 ++-
  .../templates/utils/_has_netapp_backend.tpl   | 25 ++++++++++++++++
  .../templates/utils/_is_backend_enabled.tpl   | 30 +++++++++++++++++++
- 7 files changed, 86 insertions(+), 8 deletions(-)
+ 6 files changed, 78 insertions(+), 8 deletions(-)
  create mode 100644 cinder/templates/utils/_has_netapp_backend.tpl
  create mode 100644 cinder/templates/utils/_is_backend_enabled.tpl
 
@@ -56,30 +62,8 @@ index 53b0b071c..a04cc0856 100644
  set -x
  if [ "x$STORAGE_BACKEND" == "xcinder.volume.drivers.rbd.RBDDriver" ]; then
    SECRET=$(mktemp --suffix .yaml)
-diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
-index 6de1ae0a8..57ea9c401 100644
---- a/cinder/templates/deployment-backup.yaml
-+++ b/cinder/templates/deployment-backup.yaml
-@@ -286,6 +286,8 @@ spec:
-             - name: cinder-bin
-               mountPath: /usr/local/sbin/iscsiadm
-               subPath: iscsiadm
-+            - name: varlibcinder
-+              mountPath: /var/lib/cinder
-             {{- end }}
- {{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }}
-       volumes:
-@@ -365,6 +367,8 @@ spec:
-             path: /etc/iscsi
-         - name: usrlocalsbin
-           emptyDir: {}
-+        - name: varlibcinder
-+          emptyDir: {}
-         {{- end }}
- {{ if $mounts_cinder_backup.volumes }}{{ toYaml $mounts_cinder_backup.volumes | indent 8 }}{{ end }}
- {{- end }}
 diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
-index 9ecf7f122..0ee246a91 100644
+index 9ecf7f122..35692473f 100644
 --- a/cinder/templates/deployment-volume.yaml
 +++ b/cinder/templates/deployment-volume.yaml
 @@ -74,6 +74,7 @@ spec:
@@ -107,24 +91,6 @@ index 9ecf7f122..0ee246a91 100644
              - name: cinder-etc
                mountPath: /etc/cinder/nfs.shares
                subPath: nfs.shares
-@@ -295,6 +297,8 @@ spec:
-               {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
-               mountPropagation: HostToContainer
-               {{- end }}
-+            - name: varlibcinder
-+              mountPath: /var/lib/cinder
-             {{- end }}
- {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
- {{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
-@@ -371,6 +375,8 @@ spec:
-         - name: sys
-           hostPath:
-             path: /sys
-+        - name: varlibcinder
-+          emptyDir: {}
-         {{- end }}
- {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }}
 diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml
 index 6a63ce4a0..b1dca36bf 100755
 --- a/cinder/templates/job-storage-init.yaml