Enable NetApp as a volume backend for Cinder

This commit introduces support for using NetApp as a volume backend for
Cinder in STX-OpenStack Helm, adding compatibility with both NFS and
iSCSI protocols. The motivation for this enhancement is to provide
greater flexibility for deployments that leverage NetApp storage
solutions, allowing users to configure and manage their storage backends
more effectively. The implementation is designed to be modular, ensuring
that the NetApp backend is not enabled by default but can be activated
through user-defined overrides.

The code introduces configuration templates for the NetApp drivers in
the `values.yaml` file for the Cinder Helm chart. Two backends are
defined: `netapp-nfs`, which uses the NFS protocol, and `netapp-iscsi`,
which relies on iSCSI. These configurations include key parameters like
the NetApp storage protocol, server hostname, and authentication
credentials described in [1] and [2]. However, by default, these backends
are not included in the `enabled_backends` list, ensuring that they
remain inactive unless explicitly enabled by the user or the plugins.
The NetApp backends will be automatically added to the deployment of
Cinder if the plugin verifies that it is available in the cluster. If an
user has NetApp but don't want to use it in STX-Openstack, an override
can be defined for `conf.cinder.DEFAULT.enabled_backends`, which will
have a higher priority than the system overrides generated by the
plugin.

To support the NFS backend specifically, a new `nfs.shares` file was
introduced in the Cinder ConfigMap, providing a location to define NFS
shares for the NetApp driver. The Cinder volume deployment is updated to
mount this file, ensuring that it is accessible to the Cinder service.
The deployment templates now include logic to handle the mounting of
this file dynamically.

Utility functions are enhanced to improve the detection of available
NetApp backends. The function `check_netapp_backends`, which executes the
`tridentctl` command to determine if the required NetApp drivers
(`ontap-nas` for NFS or `ontap-san` for iSCSI) are available. This
function returns a dictionary indicating the availability of these
backends, which is then used to dynamically adjust the Cinder Helm
overrides. The existing `is_netapp_available` function now uses this
enhanced logic to provide a simplified check for whether any NetApp
backend is available.

In the Helm configuration logic, overrides for the NetApp backends were
added dynamically based on the results of these utility checks. If either
the NFS or iSCSI backend is available, the necessary parameters are
appended to the backend overrides, ensuring that they are included in the
final deployment configuration. This approach avoids hardcoding and
allows the deployment to adapt to the specific NetApp backends detected
in the environment.

The implementation ensures that NetApp backends are disabled by default,
preventing unintended configurations while enabling users to activate
them seamlessly when needed.

[1] https://netapp.github.io/openstack-deploy-ops-guide/juno/content/cinder.examples.cinder_conf.html
[2] https://wiki.openstack.org/wiki/How_to_deploy_cinder_with_NetApp

Test Plan:
PASS: Build / Upload / Apply STX-Openstack

Not using NetApp:
PASS: Verify that the NetApp backends are not enabled in cinder.conf
PASS: Create a volume and verify that it was stored in Ceph

Using NetApp NFS:
PASS: Apply Helm overrides with the configuration pointing to the
      NetApp cluster using an NFS backend
PASS: Verify that the netapp-nfs backend is enabled in cinder.conf
FAIL: Create a volume and verify that it was stored in NetApp by
      accessing the ONTAP dashboard

Using NetApp iSCSI:
PASS: Apply Helm overrides with the configuration pointing to the
      NetApp cluster using an iSCSI backend
PASS: Verify that the netapp-iscsi backend is enabled in cinder.conf

Failed test case is due to bug #2090845, which is already being worked
on.

Story: 2011281
Task: 51411
Task: 51412

Change-Id: I46cb68c5950e3343a3ed3a644981f558542e53d1
Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>

openstack-helm/debian/deb_folder/patches/0024-Define-values-for-NetApp-volume-backend.patch

@@ -0,0 +1,97 @@
+From 790882f068d747320bb8adf50007a0d0e418eb4c Mon Sep 17 00:00:00 2001
+From: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
+Date: Tue, 12 Nov 2024 10:17:18 -0300
+Subject: [PATCH] Define values for NetApp volume backend
+
+This patch creates the required values, updates the configmap and the
+volume deployment to allow the usage of the NetApp as a volume backend
+using either NFS or iSCSI
+
+This patch defines some values by default, but it does not add the
+netapp backend to the conf.cinder.DEFAULT.enabled_backends, so, by
+default, it won't be used. If an user wants to enable it, he can set
+some overrides to the conf.cinder.backends.netapp-nfs and
+conf.nfs_shares or the conf.cinder.backends.netapp-iscsi values, and
+add the netapp drivers to the enabled_backends list.
+
+Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
+---
+ cinder/templates/configmap-etc.yaml     |  1 +
+ cinder/templates/deployment-volume.yaml |  4 ++++
+ cinder/values.yaml                      | 26 +++++++++++++++++++++++++
+ 3 files changed, 31 insertions(+)
+
+diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
+index 1b1b4f02..7c2dcb7d 100644
+--- a/cinder/templates/configmap-etc.yaml
++++ b/cinder/templates/configmap-etc.yaml
+@@ -169,6 +169,7 @@ data:
+   cinder_sudoers: {{ $envAll.Values.conf.cinder_sudoers | b64enc }}
+   rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
+   resource_filters.json: {{ toJson .Values.conf.resource_filters | b64enc }}
++  nfs.shares: {{ $envAll.Values.conf.nfs_shares | b64enc }}
+ {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+ {{- $filePrefix := replace "_" "-"  $key }}
+   {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
+diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
+index 63eb2422..567009ce 100755
+--- a/cinder/templates/deployment-volume.yaml
++++ b/cinder/templates/deployment-volume.yaml
+@@ -187,6 +187,10 @@ spec:
+               mountPath: /etc/cinder/conf/backends.conf
+               subPath: backends.conf
+               readOnly: true
++            - name: cinder-etc
++              mountPath: /etc/cinder/nfs.shares
++              subPath: nfs.shares
++              readOnly: true
+             {{- if eq "true" (include "cinder.utils.has_ceph_backend" $envAll) }}
+             - name: etcceph
+               mountPath: /etc/ceph
+diff --git a/cinder/values.yaml b/cinder/values.yaml
+index ba1189e3..293c94a2 100644
+--- a/cinder/values.yaml
++++ b/cinder/values.yaml
+@@ -773,6 +773,10 @@ conf:
+ 
+         # initiator/connector.py:
+         drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
++
++  nfs_shares: |
++    # This file is used to host the NFS Shares for the NetApp volume backend
++    127.0.0.1:/nfs_volume
+   ceph:
+     override:
+     append:
+@@ -945,6 +949,28 @@ conf:
+       image_volume_cache_enabled: true
+       image_volume_cache_max_size_gb: 200
+       image_volume_cache_max_count: 50
++    netapp-nfs:
++      volume_driver: cinder.volume.drivers.netapp.common.NetAppDriver
++      volume_backend_name: netapp-nfs
++      netapp_storage_protocol: nfs
++      netapp_server_hostname: 127.0.0.1
++      netapp_server_port: 80
++      netapp_login: netapp-login
++      netapp_password: netapp-password
++      netapp_vserver: netapp-vserver
++      netapp_storage_family: ontap_cluster
++      nfs_shares_config: /etc/cinder/nfs.shares
++      nfs_mount_options: nolock
++    netapp-iscsi:
++      volume_driver: cinder.volume.drivers.netapp.common.NetAppDriver
++      volume_backend_name: netapp-iscsi
++      netapp_storage_protocol: iscsi
++      netapp_server_hostname: 127.0.0.1
++      netapp_server_port: 80
++      netapp_login: netapp-login
++      netapp_password: netapp-password
++      netapp_vserver: netapp-vserver
++      netapp_storage_family: ontap_cluster
+   rally_tests:
+     run_tempest: false
+     clean_up: |
+-- 
+2.34.1
+

openstack-helm/debian/deb_folder/patches/series

@@ -21,3 +21,4 @@
 0021-Add-app.starlingx.io-component-label-to-pods.patch
 0022-Add-missing-initial-delay-in-readiness-probes.patch
 0023-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch
+0024-Define-values-for-NetApp-volume-backend.patch

python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py

@@ -13,10 +13,14 @@ from tsconfig import tsconfig as tsc
 
 from k8sapp_openstack.common import constants as app_constants
 from k8sapp_openstack.helm import openstack
+from k8sapp_openstack.utils import check_netapp_backends
 from k8sapp_openstack.utils import get_ceph_uuid
+from k8sapp_openstack.utils import is_netapp_available
 
 
 ROOK_CEPH_BACKEND_NAME = 'ceph-store'
+NETAPP_NFS_BACKEND_NAME = 'netapp-nfs'
+NETAPP_ISCSI_BACKEND_NAME = 'netapp-iscsi'
 
 
 class CinderHelm(openstack.OpenstackBaseHelm):
@@ -62,6 +66,17 @@ class CinderHelm(openstack.OpenstackBaseHelm):
             ceph_overrides = self._get_conf_ceph_overrides()
             ceph_client_overrides = self._get_ceph_client_overrides()
 
+        # Add NetApp configuration
+        cinder_volume_read_only_filesystem = True
+        if is_netapp_available():
+            # If NetApp is using NFS, the cinder-volume pod cannot have a readOnly filesystem,
+            # as the NFS will be mounted into the pod during initialization
+            netapp_backends = check_netapp_backends()
+            cinder_volume_read_only_filesystem = not netapp_backends["nfs"]
+
+            cinder_overrides = self._get_conf_netapp_cinder_overrides(cinder_overrides)
+            backend_overrides = self._get_conf_netapp_backends_overrides(backend_overrides)
+
         overrides = {
             common.HELM_NS_OPENSTACK: {
                 'pod': {
@@ -75,7 +90,16 @@ class CinderHelm(openstack.OpenstackBaseHelm):
                         'volume': self._num_provisioned_controllers(),
                         'scheduler': self._num_provisioned_controllers(),
                         'backup': self._num_provisioned_controllers()
-                    }
+                    },
+                    'security_context': {
+                        'cinder_volume': {
+                            'container': {
+                                'cinder_volume': {
+                                    'readOnlyRootFilesystem': cinder_volume_read_only_filesystem
+                                }
+                            }
+                        }
+                    },
                 },
                 'conf': {
                     'cinder': cinder_overrides,
@@ -189,6 +213,27 @@ class CinderHelm(openstack.OpenstackBaseHelm):
 
         return cinder_overrides
 
+    def _get_conf_netapp_cinder_overrides(self, cinder_overrides):
+        # Ensure 'DEFAULT' key exists in cinder_overrides
+        cinder_overrides.setdefault('DEFAULT', {})
+
+        # Get available NetApp backends
+        netapp_backends = check_netapp_backends()
+        netapp_array = [
+            NETAPP_NFS_BACKEND_NAME if netapp_backends.get("nfs") else None,
+            NETAPP_ISCSI_BACKEND_NAME if netapp_backends.get("iscsi") else None,
+        ]
+
+        # Remove None values
+        netapp_array = [item for item in netapp_array if item]
+
+        # Add NetApp backends to Cinder enabled_backends list, ensuring no duplicates
+        existing_backends = cinder_overrides['DEFAULT'].get('enabled_backends', '').split(',')
+        backends_list = list(filter(None, set(existing_backends + netapp_array)))
+        cinder_overrides['DEFAULT']['enabled_backends'] = ','.join(backends_list)
+
+        return cinder_overrides
+
     def _get_conf_ceph_backends_overrides(self, backend_overrides):
         # Get tier info.
         tiers = self.dbapi.storage_tier_get_list()
@@ -232,6 +277,25 @@ class CinderHelm(openstack.OpenstackBaseHelm):
 
         return backend_overrides
 
+    def _get_conf_netapp_backends_overrides(self, backend_overrides):
+        cinder_netapp_driver = 'cinder.volume.drivers.netapp.common.NetAppDriver'
+
+        backend_overrides[NETAPP_NFS_BACKEND_NAME] = {
+            'volume_driver': cinder_netapp_driver,
+            'volume_backend_name': NETAPP_NFS_BACKEND_NAME,
+            'netapp_storage_family': 'ontap_cluster',
+            'netapp_storage_protocol': 'nfs',
+            'nfs_shares_config': '/etc/cinder/nfs.shares'
+        }
+        backend_overrides[NETAPP_ISCSI_BACKEND_NAME] = {
+            'volume_driver': cinder_netapp_driver,
+            'volume_backend_name': NETAPP_ISCSI_BACKEND_NAME,
+            'netapp_storage_family': 'ontap_cluster',
+            'netapp_storage_protocol': 'iscsi',
+        }
+
+        return backend_overrides
+
     def _get_endpoints_overrides(self):
         return {
             'identity': {

python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/helm/test_cinder.py

@@ -26,6 +26,10 @@ class CinderConversionTestCase(test_plugins.K8SAppOpenstackAppMixin,
 class CinderGetOverrideTest(CinderConversionTestCase,
                             dbbase.ControllerHostTestCase):
     @mock.patch('k8sapp_openstack.utils.is_openstack_https_ready', return_value=False)
+    @mock.patch(
+        'k8sapp_openstack.utils.check_netapp_backends',
+        return_value={'nfs': False, 'iscsi': False}
+    )
     def test_cinder_overrides(self, *_):
         dbutils.create_test_host_fs(name='image-conversion',
                                     forihostid=self.host.id)
@@ -71,6 +75,10 @@ class CinderGetOverrideTest(CinderConversionTestCase,
             app_constants.OPENSTACK_CERT_CA: 'fake'
         }
     )
+    @mock.patch(
+        'k8sapp_openstack.utils.check_netapp_backends',
+        return_value={'nfs': False, 'iscsi': False}
+    )
     def test_cinder_overrides_https_enabled(self, *_):
         overrides = self.operator.get_helm_chart_overrides(
             app_constants.HELM_CHART_CINDER,