nova05: separate pre and post ceph OSCP configs

HCI uses edpm post ceph to also patch the OSCP which looks suboptimal.

Separate this into a two steps:
  * make post-ceph nodeset layer handling EDPM resources only (NodeSet,
    Services, Secrets, ConfigMap) - remove OSCP layer resources
  * add control-plane-post-ceph layer for OSCP with Glance RBD + Ceph
    extraMounts and secret config. Instead of re-including
    lib/control-plane (which required network-values duplication)
    provide only required values for lib/control-plane/base.
  * update README.md stages list from 4 to 6 steps, automation step
    count from 9 to 10
  * add note for defferred Ceph config for control-plane.md
  * add control-plane post-ceph doc for the dedicated Ceph
    control-plane update stage
  * remove control-plane update references for
    dataplane-post-ceph.md, add prerequisite for
    control-plane-post-ceph
  * add control-plane-post-ceph stage between pre-ceph deployment and
    post-ceph nodeset ini automation vars

Signed-off-by: Bohdan Dobrelia <bdobreli@redhat.com>

Author: bogdando

automation/vars/nova05epsilon.yaml

@@ -101,14 +101,25 @@ vas:
             type: playbook
             source: "../../hooks/playbooks/ceph.yml"
             inventory: "${HOME}/ci-framework-data/artifacts/ceph_inventory.yml"
-
-      - name: edpm-nodeset-post-ceph
-        path: examples/dt/nova/nova05epsilon
+      - name: control-plane-post-ceph
+        path: examples/dt/nova/nova05epsilon/control-plane-post-ceph
         wait_conditions:
           - >-
             oc -n openstack wait osctlplane controlplane
             --for condition=Ready
             --timeout=20m
+        values:
+          - name: network-values
+            src_file: network-values.yaml
+          - name: service-values
+            src_file: service-values.yaml
+          - name: edpm-nodeset-values-post-ceph
+            src_file: values.yaml
+        build_output: control-plane-post-ceph.yaml
+
+      - name: edpm-nodeset-post-ceph
+        path: examples/dt/nova/nova05epsilon
+        wait_conditions:
           - >-
             oc -n openstack wait osdpns
             gpu-computes-edpm

dt/nova/nova05epsilon/control-plane-post-ceph/ceph_secret.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+data:
+  ceph.client.openstack.keyring: _ignored_
+  ceph.conf: _ignored_
+kind: Secret
+metadata:
+  name: ceph-conf-files
+  namespace: openstack
+type: Opaque

dt/nova/nova05epsilon/control-plane-post-ceph/kustomization.yaml

@@ -0,0 +1,160 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: _ignored_
+      namespace: openstack
+    setRoleBindingSubjects: none
+    unsetOnly: true
+    fieldSpecs:
+      - path: metadata/name
+        kind: Namespace
+        create: true
+
+components:
+  - ../../../../lib/control-plane/base
+  - ../../../../lib/control-plane/service-endpoints
+  - ../../../../lib/control-plane/dns
+  - ../../../../lib/control-plane/storage
+  - ../../../../lib/control-plane/ovn-bridge
+  - ../../../../lib/control-plane/job-settings
+  - ../../../../lib/control-plane/tls
+  - ../../../../lib/control-plane/messaging-bus
+
+resources:
+  - ceph_secret.yaml
+
+replacements:
+  # Ceph config files -> Secret
+  - source:
+      kind: ConfigMap
+      name: edpm-nodeset-values-post-ceph
+      fieldPath: data.ceph_conf
+    targets:
+      - select:
+          kind: Secret
+          name: ceph-conf-files
+        fieldPaths:
+          - data
+        options:
+          create: true
+  # Glance RBD backend
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.glance.customServiceConfig
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.glance.template.customServiceConfig
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.glance.default.replicas
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.glance.template.glanceAPIs.default.replicas
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.extraMounts
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.extraMounts
+        options:
+          create: true
+  # Swift
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.swift.enabled
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.swift.enabled
+        options:
+          create: true
+  # Telemetry
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.telemetry
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.telemetry
+        options:
+          create: true
+  # Neutron ML2 config
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.neutron.customServiceConfig
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.neutron.template.customServiceConfig
+        options:
+          create: true
+  # Nova PCI passthrough / scheduler config
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.nova.apiServiceTemplate.customServiceConfig
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.nova.template.apiServiceTemplate.customServiceConfig
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.nova.cell0.conductorServiceTemplate.customServiceConfig
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.nova.template.cellTemplates.cell0.conductorServiceTemplate.customServiceConfig
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.nova.cell1.conductorServiceTemplate.customServiceConfig
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.nova.template.cellTemplates.cell1.conductorServiceTemplate.customServiceConfig
+        options:
+          create: true
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.nova.schedulerServiceTemplate.customServiceConfig
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.nova.template.schedulerServiceTemplate.customServiceConfig
+        options:
+          create: true

dt/nova/nova05epsilon/edpm-post-ceph/nodeset/kustomization.yaml

@@ -18,7 +18,6 @@ transformers:
         create: true
 
 components:
-  - ../../control-plane/
   - ../../../../../lib/dataplane/nodeset
 
 resources:

dt/nova/nova05epsilon/kustomization.yaml

@@ -43,17 +43,6 @@ replacements:
           - spec.ovn.template.ovnController.nicMappings
         options:
           create: true
-  - source:
-      kind: ConfigMap
-      name: service-values
-      fieldPath: data.glance.customServiceConfig
-    targets:
-      - select:
-          kind: OpenStackControlPlane
-        fieldPaths:
-          - spec.glance.template.customServiceConfig
-        options:
-          create: true
   - source:
       kind: ConfigMap
       name: service-values
@@ -131,14 +120,3 @@ replacements:
           - spec.nova.template.schedulerServiceTemplate.customServiceConfig
         options:
           create: true
-  - source:
-      kind: ConfigMap
-      name: service-values
-      fieldPath: data.extraMounts
-    targets:
-      - select:
-          kind: OpenStackControlPlane
-        fieldPaths:
-          - spec.extraMounts
-        options:
-          create: true

examples/dt/nova/nova05epsilon/README.md

@@ -28,7 +28,20 @@ This is a collection of CR templates that represent a Red Hat OpenStack Services
 
 5. Between stages 3 and 4, _it is assumed that the user installs Ceph on the compute nodes._ OpenStack K8S CRDs do not provide a way to install Ceph via any sort of combination of CRs.
 
-6. For CI automation, this DT uses `automation/vars/nova05epsilon.yaml` which maps the manual stages above to 9 granular automation steps (NNCP, networking, control-plane, DNS, baremetalhosts, pre-ceph nodeset, pre-ceph deployment, post-ceph nodeset, post-ceph deployment).
+6. In stage 5 the `control-plane-post-ceph` kustomization needs the same network values used in stage 2 to preserve endpoint IPs, service types, and DNS configuration. For manual deployment, copy your environment-customized `control-plane/networking/nncp/values.yaml` into `control-plane-post-ceph/network-values.yaml` and populate `control-plane-post-ceph/values.yaml` with base64-encoded Ceph keyring and config. In CI, `ci_gen_kustomize_values` generates `network-values.yaml` in-place using the common Jinja2 template with environment overlays. See [control-plane-post-ceph.md](control-plane-post-ceph.md) for details.
+
+7. On SNO with a single EDPM compute (single-host CephHCI), the Ceph ingress service (haproxy/keepalived) is not deployed. The default Swift endpoint (`<vip>:8080`) is unreachable because no ingress fronts the RGW daemon. Instead, clients must reach RGW directly on the compute's storage IP at port 8082 (the `rgw_frontend_port` set in the Ceph RGW spec).
+   For CI automation, set `cifmw_cephadm_rgw_port: 8082` and `cifmw_cephadm_rgw_vip: <compute_storage_ip>` in the scenario vars so that `cifmw_cephadm` creates the Keystone endpoint with the correct address.
+   For manual deployment, after installing Ceph, update the Swift endpoints in Keystone to point at the RGW daemon directly:
+
+   ```shell
+   STORAGE_IP=<compute storage network IP>
+   for ep_id in $(openstack endpoint list --service object-store -f value -c ID); do
+     openstack endpoint set --url "http://${STORAGE_IP}:8082/swift/v1/AUTH_%(tenant_id)s" "$ep_id"
+   done
+   ```
+
+8. For CI automation, this DT uses `automation/vars/nova05epsilon.yaml` which maps the manual stages above to 10 granular automation steps (NNCP, networking, control-plane, DNS, baremetalhosts, pre-ceph nodeset, pre-ceph deployment, control-plane-post-ceph, post-ceph nodeset, post-ceph deployment).
 
 ## Host Configuration
 
@@ -57,7 +70,9 @@ All stages must be executed in the order listed below. Everything is required un
 1. [Install the OpenStack K8S operators and their dependencies](../../../common/)
 2. [Configuring networking and deploy the OpenStack control plane](control-plane.md)
 3. [Configure and deploy the initial data plane to prepare for Ceph installation](dataplane-pre-ceph.md)
-4. [Update the control plane and finish deploying the data plane after Ceph has been installed](dataplane-post-ceph.md)
+4. Install Ceph on the compute nodes (without changing OpenStack CP CR)
+5. [Update the control plane with Ceph backend configuration](control-plane-post-ceph.md)
+6. [Finish deploying the data plane after Ceph has been installed](dataplane-post-ceph.md)
 
 ## Extending to a Full DCN Deployment
 

examples/dt/nova/nova05epsilon/control-plane-post-ceph.md

@@ -0,0 +1,79 @@
+# Update the control plane with Ceph backend configuration
+
+## Assumptions
+
+- The [pre-ceph data plane](dataplane-pre-ceph.md) has been deployed
+- Ceph has been installed on the compute nodes
+- The `ceph-conf-files` secret will be created during this step
+
+## Initialize
+
+Switch to the "openstack" namespace
+
+```shell
+oc project openstack
+```
+
+Change to the control-plane-post-ceph directory
+
+```shell
+cd architecture/examples/dt/nova/nova05epsilon/control-plane-post-ceph
+```
+
+## Prepare values files
+
+The kustomization requires three values files:
+
+**network-values.yaml** — Provides storageClass, bridgeName, endpoint
+annotations, and DNS options that the lib components need. This file
+must match the `network-values` used in the initial control-plane stage
+to preserve all endpoint IPs, service types, and DNS configuration.
+In CI, `ci_gen_kustomize_values` generates it from the automation vars
+(`src_file: network-values.yaml`). For manual deployment, copy the
+environment-customized file from the control-plane networking stage:
+
+```shell
+cp ../control-plane/networking/nncp/values.yaml network-values.yaml
+```
+
+Edit `network-values.yaml` and replace any remaining `CHANGEME`
+placeholders to match your environment (same values used in stage 2).
+
+**values.yaml** — Ceph configuration for the `ceph-conf-files` secret.
+Replace the `CHANGEME` placeholders with base64-encoded Ceph keyring
+and config from your Ceph deployment:
+
+```shell
+vi values.yaml
+# Set data.ceph_conf."ceph.client.openstack.keyring" to:
+#   base64 -w0 /etc/ceph/ceph.client.openstack.keyring
+# Set data.ceph_conf."ceph.conf" to:
+#   base64 -w0 /etc/ceph/ceph.conf
+```
+
+**service-values.yaml** — Edit if you need to adjust the Glance RBD
+backend or Ceph extraMounts configuration:
+
+```shell
+vi service-values.yaml
+```
+
+## Update the control plane
+
+Generate the control-plane-post-ceph CRs:
+
+```shell
+kustomize build > control-plane-post-ceph.yaml
+```
+
+Apply the CRs:
+
+```shell
+oc apply -f control-plane-post-ceph.yaml
+```
+
+Wait for the control plane to be ready:
+
+```shell
+oc wait osctlplane controlplane --for condition=Ready --timeout=1200s
+```

examples/dt/nova/nova05epsilon/control-plane-post-ceph/kustomization.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+components:
+  - ../../../../../dt/nova/nova05epsilon/control-plane-post-ceph
+
+resources:
+  - network-values.yaml
+  - values.yaml
+  - service-values.yaml