[Cinder] Add visibilty settings to volume types

This is to add public/private  visibility option
and project level access list to a volume type while creating.

Change-Id: Id33c8c9f10e60fcdb4b6c49e69f3b5d8f11850c6
This commit is contained in:
Vladimir Sigunov (vs422h) 2022-04-20 18:18:05 -04:00
parent 1d9e3ecc00
commit 48625ad984
5 changed files with 84 additions and 44 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Cinder
name: cinder
version: 0.2.18
version: 0.2.19
home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources:

View File

@ -22,30 +22,53 @@ export HOME=/tmp
{{- /* Create volume types defined in Values.bootstrap */}}
{{- /* Types can only be created for backends defined in Values.conf */}}
{{- $volumeTypes := .Values.bootstrap.volume_types }}
{{- /* Generating list of backends listed in .Values.conf.backends */}}
{{- $backendsList := list}}
{{- range $backend_name, $backend_properties := .Values.conf.backends }}
{{- if $backend_properties }}
{{- if and $backend_properties $backend_properties.volume_backend_name }}
{{- $backendsList = append $backendsList $backend_properties.volume_backend_name }}
{{- end }}
{{- end }}
{{- range $name, $properties := $volumeTypes }}
{{- if $properties.volume_backend_name }}
{{- if (eq $properties.volume_backend_name $backend_properties.volume_backend_name) }}
if [[ $(openstack volume type list -f value -c Name | grep -w {{ $name }}) ]]; then
if [[ ! $(openstack volume type show {{ $name }} | grep volume_backend_name) ]]; then
openstack volume type set \
{{- range $key, $value := $properties }}
--property {{ $key }}={{ $value }} \
{{- end }}
{{ $name }}
fi
else
{{- if and $properties.volume_backend_name (has $properties.volume_backend_name $backendsList) }}
{{- $access_type := $properties.access_type | default "public"}}
# Create a volume type if it doesn't exist.
# Assumption: the volume type name is unique.
openstack volume type show {{ $name }} || \
openstack volume type create \
--public \
{{- range $key, $value := $properties }}
--property {{ $key }}={{ $value }} \
{{- end }}
--{{ $access_type }} \
{{ $name }}
fi
{{/*
We will try to set or update volume type properties.
To update properties, the volume type MUST NOT BE IN USE,
and projects and domains with access to the volume type
MUST EXIST, as well.
*/}}
is_in_use=$(openstack volume list --long --all-projects -c Type -f value | grep -E "^{{ $name }}\s*$" || true)
if [[ -z ${is_in_use} ]]; then
{{- if (eq $access_type "private") }}
volumeTypeID=$(openstack volume type show {{ $name }} -f value -c id)
cinder type-update --is-public false ${volumeTypeID}
{{- end }}
{{- if and $properties.grant_access (eq $access_type "private") }}
{{- range $domain, $domainProjects := $properties.grant_access }}
{{- range $project := $domainProjects }}
project_id=$(openstack project show --domain {{ $domain }} -c id -f value {{ $project }})
if [[ -z $(openstack volume type show {{ $name }} -c access_project_ids -f value | grep ${project_id} || true) ]]; then
openstack volume type set --project-domain {{ $domain }} --project {{ $project }} {{ $name }}
fi
{{- end }}
{{- end }}
{{- end }}
{{- range $key, $value := $properties }}
{{- if and (ne $key "access_type") (ne $key "grant_access") $value }}
openstack volume type set --property {{ $key }}={{ $value }} {{ $name }}
{{- end }}
{{- end }}
fi
{{- end }}
{{- end }}
@ -53,7 +76,7 @@ fi
{{- if .Values.bootstrap.bootstrap_conf_backends }}
{{- range $name, $properties := .Values.conf.backends }}
{{- if $properties }}
openstack volume type show {{ $name }} || \
openstack volume type show {{ $name }} || \
openstack volume type create \
--public \
--property volume_backend_name={{ $properties.volume_backend_name }} \
@ -65,14 +88,14 @@ openstack volume type show {{ $name }} || \
{{- /* Create and associate volume QoS if defined */}}
{{- if .Values.bootstrap.volume_qos}}
{{- range $qos_name, $qos_properties := .Values.bootstrap.volume_qos }}
type_defined=true
type_defined=true
{{- /* If the volume type to associate with is not defined, skip the qos */}}
{{- range $qos_properties.associates }}
if ! openstack volume type show {{ . }}; then
if ! openstack volume type show {{ . }}; then
type_defined=false
fi
fi
{{- end }}
if $type_defined; then
if [[ ${type_defined} ]]; then
openstack volume qos show {{ $qos_name }} || \
openstack volume qos create \
--consumer {{ $qos_properties.consumer }} \
@ -83,14 +106,13 @@ if $type_defined; then
{{- range $qos_properties.associates }}
openstack volume qos associate {{ $qos_name }} {{ . }}
{{- end }}
fi
fi
{{- end }}
{{- end }}
{{- /* Check volume type and properties were added */}}
openstack volume type list --long
openstack volume qos list
{{- end }}
exit 0

View File

@ -368,6 +368,19 @@ bootstrap:
name:
group:
volume_backend_name:
# access_type: "private"
# If you set up access_type to private, only the creator
# will get an access to the volume type. You can extend
# the access to your volume type by providing a list of
# domain names and projects as shown below
# grant_access:
# <domain name 1>:
# - <project name 1>
# - <project name 2>
# <...>
# <domain name 2>:
# - <project name 1>
# <...>
# Volume QoS if any. By default, None QoS is created.
# Below values with a number at the end need to be replaced
# with real names.

View File

@ -22,6 +22,10 @@ bootstrap:
PURE-MULTIATTACH:
multiattach: "\"<is> True\""
volume_backend_name: "PURE_BE"
access_type: "private"
grant_access:
default:
- admin
conf:
cinder:
DEFAULT:

View File

@ -35,4 +35,5 @@ cinder:
- 0.2.16 Enable taint toleration for Openstack services
- 0.2.17 Remove unsupported values overrides
- 0.2.18 Add helm hook in bootstrap job
- 0.2.19 Add volume types visibility (public/private)
...