From beaba3cb7b52154fb81c86f97cc5a2dcb7ef91eb Mon Sep 17 00:00:00 2001
From: Francesco Pantano <fpantano@redhat.com>
Date: Fri, 20 Jan 2023 11:41:09 +0100
Subject: [PATCH] Remove the old Ceph section from cinder.conf

This patch just removes the unused ceph section in cinder.conf. The
extraVolumes approach is used when cinder is configured with a Ceph
backend, so this section is not required anymore.

Signed-off-by: Francesco Pantano <fpantano@redhat.com>
---
 README.md                           | 118 +++++++++++++++++++++-------
 templates/cinder/config/cinder.conf |   9 ---
 2 files changed, 88 insertions(+), 39 deletions(-)

diff --git a/README.md b/README.md
index 385e1178..2dedfb00 100644
--- a/README.md
+++ b/README.md
@@ -44,15 +44,62 @@ make undeploy
 
 ### Configure Cinder with Ceph backend
 
-The Cinder spec API can be used to configure and customize the Ceph backend. In
-particular, the `customServiceConfig` parameter should be used, for each
-defined volume, to override the `enabled_backends` parameter, which must exist
-in `cinder.conf` to make the `cinderVolume` pod run. The global `cephBackend`
-parameter is used to specify the Ceph client-related "key/value" pairs required
-to connect the service with an external Ceph cluster. Multiple external Ceph
-clusters are not supported at the moment. The following represents an example
-of the Cinder object that can be used to trigger the Cinder service deployment,
-and enable the Cinder backend that points to an external Ceph cluster.
+The Cinder services can be configured to interact with an external Ceph cluster.
+In particular, the `customServiceConfig` parameter must be used, for each defined
+`cinder-volume` and `cinder-backup` instance, to override the `enabled_backends`
+parameter and inject the Ceph related parameters.
+The `ceph.conf` and the `client keyring` must exist as secrets, and can be
+mounted by the cinder pods using the `extraMounts` feature.
+
+Create a secret by generating the following file and then apply it using the `oc`
+cli.
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ceph-client-conf
+  namespace: openstack
+stringData:
+  ceph.client.openstack.keyring: |
+    [client.openstack]
+        key = <secret key>
+        caps mgr = "allow *"
+        caps mon = "profile rbd"
+        caps osd = "profile rbd pool=images"
+  ceph.conf: |
+    [global]
+    fsid = 7a1719e8-9c59-49e2-ae2b-d7eb08c695d4
+    mon_host = 10.1.1.2,10.1.1.3,10.1.1.4
+
+
+Add the following to the spec of the Cinder CR and then apply it using the `oc`
+cli.
+
+```
+  extraMounts:
+    - name: v1
+      region: r1
+      extraVol:
+        - propagation:
+          - CinderVolume
+          - CinderBackup
+          volumes:
+          - name: ceph
+            projected:
+              sources:
+              - secret:
+                  name: ceph-client-conf
+          mounts:
+          - name: ceph
+            mountPath: "/etc/ceph"
+            readOnly: true
+```
+
+The following represents an example of the entire Cinder object that can be used
+to trigger the Cinder service deployment, and enable the Cinder backend that
+points to an external Ceph cluster.
+
 
 ```
 apiVersion: cinder.openstack.org/v1beta1
@@ -73,6 +120,11 @@ spec:
   cinderBackup:
     replicas: 1
     containerImage: quay.io/tripleowallabycentos9/openstack-cinder-backup:current-tripleo
+    customServiceConfig: |
+      [DEFAULT]
+      backup_driver = cinder.backup.drivers.ceph.CephBackupDriver
+      backup_ceph_pool = backups
+      backup_ceph_user = admin
   secret: cinder-secret
   cinderVolumes:
     volume1:
@@ -81,29 +133,35 @@ spec:
       customServiceConfig: |
         [DEFAULT]
         enabled_backends=ceph
-  cephBackend:
-    cephFsid: <CephClusterFSID>
-    cephMons: <CephMons>
-    cephClientKey: <cephClientKey>
-    cephUser: openstack
-    cephPools:
-      cinder:
-        name: volumes
-      nova:
-        name: vms
-      glance:
-        name: images
-      cinder_backup:
-        name: backup
-      extra_pool1:
-        name: ceph_ssd_tier
-      extra_pool2:
-        name: ceph_nvme_tier
-      extra_pool3:
-        name: ceph_hdd_tier
+        [ceph]
+        volume_backend_name=ceph
+        volume_driver=cinder.volume.drivers.rbd.RBDDriver
+        rbd_ceph_conf=/etc/ceph/ceph.conf
+        rbd_user=admin
+        rbd_pool=volumes
+        rbd_flatten_volume_from_snapshot=False
+        rbd_secret_uuid=<Ceph_FSID>
+  extraMounts:
+    - name: cephfiles
+      region: r1
+      extraVol:
+      - propagation:
+        - CinderVolume
+        - CinderBackup
+        extraVolType: Ceph
+        volumes:
+        - name: ceph
+          projected:
+            sources:
+            - secret:
+                name: ceph-client-files
+        mounts:
+        - name: ceph
+          mountPath: "/etc/ceph"
+          readOnly: true
 ```
 
-When the service is up and running, it's possible to interact with the cinder
+When the service is up and running, it's possible to interact with the Cinder
 API and create the Ceph `cinder type` backend which is associated with the Ceph
 tier specified in the config file.
 
diff --git a/templates/cinder/config/cinder.conf b/templates/cinder/config/cinder.conf
index 50eac708..0a76b664 100644
--- a/templates/cinder/config/cinder.conf
+++ b/templates/cinder/config/cinder.conf
@@ -95,12 +95,3 @@ lock_path = /var/locks/openstack/os-brick
 #volume_backend_name=nfs
 #volume_driver=cinder.volume.drivers.nfs.NfsDriver
 #nfs_shares_config=/etc/cinder/nfs_shares
-
-[ceph]
-volume_backend_name=ceph
-volume_driver=cinder.volume.drivers.rbd.RBDDriver
-rbd_ceph_conf=/etc/ceph/ceph.conf
-rbd_user={{ .User }}
-rbd_pool={{ .Pool }}
-rbd_flatten_volume_from_snapshot=False
-rbd_secret_uuid={{ .ClusterFSID }}