Merge pull request rook#16115 from sp98/clusterCephxStatus-uninitialized

core: init cephxStatus on cephCluster

Author: BlaineEXE

Documentation/CRDs/specification.md

@@ -4547,7 +4547,7 @@ are not rotated.</p>
 <h3 id="ceph.rook.io/v1.CephxStatus">CephxStatus
 </h3>
 <p>
-(<em>Appears on:</em><a href="#ceph.rook.io/v1.LocalCephxStatus">LocalCephxStatus</a>)
+(<em>Appears on:</em><a href="#ceph.rook.io/v1.ClusterCephxStatus">ClusterCephxStatus</a>, <a href="#ceph.rook.io/v1.LocalCephxStatus">LocalCephxStatus</a>)
 </p>
 <div>
 </div>
@@ -4779,6 +4779,37 @@ Ceph cluster. Daemon CephX keys can be rotated without affecting client connecti
 </tr>
 </tbody>
 </table>
+<h3 id="ceph.rook.io/v1.ClusterCephxStatus">ClusterCephxStatus
+</h3>
+<p>
+(<em>Appears on:</em><a href="#ceph.rook.io/v1.ClusterStatus">ClusterStatus</a>)
+</p>
+<div>
+<p>ClusterCephxStatus defines the cephx key rotation status of various daemons on the cephCluster resource</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>rbdMirrorPeer</code><br/>
+<em>
+<a href="#ceph.rook.io/v1.CephxStatus">
+CephxStatus
+</a>
+</em>
+</td>
+<td>
+<p>RBDMirrorPeer show the cephx key rotation status of the <code>rbd-mirror-peer</code> user</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="ceph.rook.io/v1.ClusterSecuritySpec">ClusterSecuritySpec
 </h3>
 <p>
@@ -5352,6 +5383,18 @@ CephStatus
 </tr>
 <tr>
 <td>
+<code>cephx</code><br/>
+<em>
+<a href="#ceph.rook.io/v1.ClusterCephxStatus">
+ClusterCephxStatus
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
 <code>storage</code><br/>
 <em>
 <a href="#ceph.rook.io/v1.CephStorage">

deploy/charts/rook-ceph/templates/resources.yaml

@@ -5815,6 +5815,32 @@ spec:
                           type: object
                       type: object
                   type: object
+                cephx:
+                  description: ClusterCephxStatus defines the cephx key rotation status of various daemons on the cephCluster resource
+                  properties:
+                    rbdMirrorPeer:
+                      description: RBDMirrorPeer show the cephx key rotation status of the `rbd-mirror-peer` user
+                      properties:
+                        keyCephVersion:
+                          description: |-
+                            KeyCephVersion reports the Ceph version that created the current generation's keys. This is
+                            same string format as reported by `CephCluster.status.version.version` to allow them to be
+                            compared. E.g., `20.2.0-0`.
+                            For all newly-created resources, this field set to the version of Ceph that created the key.
+                            The special value "Uninitialized" indicates that keys are being created for the first time.
+                            An empty string indicates that the version is unknown, as expected in brownfield deployments.
+                          type: string
+                        keyGeneration:
+                          description: |-
+                            KeyGeneration represents the CephX key generation for the last successful reconcile.
+                            For all newly-created resources, this field is set to `1`.
+                            When keys are rotated due to any rotation policy, the generation is incremented or updated to
+                            the configured policy generation.
+                            Generation `0` indicates that keys existed prior to the implementation of key tracking.
+                          format: int32
+                          type: integer
+                      type: object
+                  type: object
                 conditions:
                   items:
                     description: Condition represents a status condition on any Rook-Ceph Custom Resource.

deploy/examples/crds.yaml

@@ -5813,6 +5813,32 @@ spec:
                           type: object
                       type: object
                   type: object
+                cephx:
+                  description: ClusterCephxStatus defines the cephx key rotation status of various daemons on the cephCluster resource
+                  properties:
+                    rbdMirrorPeer:
+                      description: RBDMirrorPeer show the cephx key rotation status of the `rbd-mirror-peer` user
+                      properties:
+                        keyCephVersion:
+                          description: |-
+                            KeyCephVersion reports the Ceph version that created the current generation's keys. This is
+                            same string format as reported by `CephCluster.status.version.version` to allow them to be
+                            compared. E.g., `20.2.0-0`.
+                            For all newly-created resources, this field set to the version of Ceph that created the key.
+                            The special value "Uninitialized" indicates that keys are being created for the first time.
+                            An empty string indicates that the version is unknown, as expected in brownfield deployments.
+                          type: string
+                        keyGeneration:
+                          description: |-
+                            KeyGeneration represents the CephX key generation for the last successful reconcile.
+                            For all newly-created resources, this field is set to `1`.
+                            When keys are rotated due to any rotation policy, the generation is incremented or updated to
+                            the configured policy generation.
+                            Generation `0` indicates that keys existed prior to the implementation of key tracking.
+                          format: int32
+                          type: integer
+                      type: object
+                  type: object
                 conditions:
                   items:
                     description: Condition represents a status condition on any Rook-Ceph Custom Resource.

pkg/apis/ceph.rook.io/v1/types.go

@@ -490,13 +490,14 @@ type CephExporterSpec struct {
 
 // ClusterStatus represents the status of a Ceph cluster
 type ClusterStatus struct {
-	State       ClusterState    `json:"state,omitempty"`
-	Phase       ConditionType   `json:"phase,omitempty"`
-	Message     string          `json:"message,omitempty"`
-	Conditions  []Condition     `json:"conditions,omitempty"`
-	CephStatus  *CephStatus     `json:"ceph,omitempty"`
-	CephStorage *CephStorage    `json:"storage,omitempty"`
-	CephVersion *ClusterVersion `json:"version,omitempty"`
+	State       ClusterState        `json:"state,omitempty"`
+	Phase       ConditionType       `json:"phase,omitempty"`
+	Message     string              `json:"message,omitempty"`
+	Conditions  []Condition         `json:"conditions,omitempty"`
+	CephStatus  *CephStatus         `json:"ceph,omitempty"`
+	Cephx       *ClusterCephxStatus `json:"cephx,omitempty"`
+	CephStorage *CephStorage        `json:"storage,omitempty"`
+	CephVersion *ClusterVersion     `json:"version,omitempty"`
 	// ObservedGeneration is the latest generation observed by the controller.
 	// +optional
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
@@ -712,6 +713,12 @@ type LocalCephxStatus struct {
 	Daemon CephxStatus `json:"daemon,omitempty"`
 }
 
+// ClusterCephxStatus defines the cephx key rotation status of various daemons on the cephCluster resource
+type ClusterCephxStatus struct {
+	// RBDMirrorPeer show the cephx key rotation status of the `rbd-mirror-peer` user
+	RBDMirrorPeer *CephxStatus `json:"rbdMirrorPeer,omitempty"`
+}
+
 // MonSpec represents the specification of the monitor
 // +kubebuilder:validation:XValidation:message="zones must be less than or equal to count",rule="!has(self.zones) || (has(self.zones) && (size(self.zones) <= self.count))"
 // +kubebuilder:validation:XValidation:message="stretchCluster zones must be equal to 3",rule="!has(self.stretchCluster) || (has(self.stretchCluster) && (size(self.stretchCluster.zones) > 0) && (size(self.stretchCluster.zones) == 3))"

pkg/apis/ceph.rook.io/v1/zz_generated.deepcopy.go

@@ -40,8 +40,10 @@ import (
 	"github.com/rook/rook/pkg/operator/ceph/cluster/osd"
 	"github.com/rook/rook/pkg/operator/ceph/cluster/telemetry"
 	"github.com/rook/rook/pkg/operator/ceph/config"
+	"github.com/rook/rook/pkg/operator/ceph/config/keyring"
 	"github.com/rook/rook/pkg/operator/ceph/controller"
 	"github.com/rook/rook/pkg/operator/ceph/csi"
+	"github.com/rook/rook/pkg/operator/ceph/reporting"
 	cephver "github.com/rook/rook/pkg/operator/ceph/version"
 	"github.com/rook/rook/pkg/operator/k8sutil"
 	rookversion "github.com/rook/rook/pkg/version"
@@ -791,3 +793,17 @@ func (c *cluster) fetchSecretValue(selector v1.SecretKeySelector) (string, error
 
 	return string(val), nil
 }
+
+// initClusterCephxStatus set `Uninitialized` state for the cephXstatus for new clusters.
+func initClusterCephxStatus(c *clusterd.Context, cluster *cephv1.CephCluster) error {
+	uninitializedStatus := keyring.UninitializedCephxStatus()
+	cluster.Status.Cephx = &cephv1.ClusterCephxStatus{
+		RBDMirrorPeer: &uninitializedStatus,
+	}
+
+	if err := reporting.UpdateStatus(c.Client, cluster); err != nil {
+		return errors.Wrapf(err, "failed to update cluster cephx status")
+	}
+
+	return nil
+}

pkg/operator/ceph/cluster/cluster.go

@@ -384,6 +384,13 @@ func (c *ClusterController) reconcileCephCluster(clusterObj *cephv1.CephCluster,
 		return nil
 	}
 
+	if clusterObj.Status.Cephx == nil {
+		err := initClusterCephxStatus(c.context, clusterObj)
+		if err != nil {
+			return errors.Wrap(err, "failed to initialized cluster cephx status")
+		}
+	}
+
 	cluster, ok := c.clusterMap[clusterObj.Namespace]
 	if !ok {
 		// It's a new cluster so let's populate the struct