From 414c9b0ab7fd6471bfeb82bcef55bd9eba741c5b Mon Sep 17 00:00:00 2001
From: Teoman ONAY <tonay@ibm.com>
Date: Wed, 24 Apr 2024 21:32:39 +0200
Subject: [PATCH] ceph_orch_spec: Add ceph orch apply spec feature

Add new module ceph_orch_spec which applies ceph spec files.
This feature was needed to bind extra mount points to the RGW
container (/etc/pki/ca-trust/).

Also fixes cephadm-adopt test scenario by configuring rbd application
on test and test2 pools. Otherwise cephadm-adopt failed at task
"Check pools have an application enabled"

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2262133

Signed-off-by: Teoman ONAY <tonay@ibm.com>
---
 infrastructure-playbooks/cephadm-adopt.yml    |  24 ++-
 library/ceph_orch_spec.py                     | 192 ++++++++++++++++++
 module_utils/ca_common.py                     |  28 +++
 .../all_daemons/container/group_vars/clients  |   2 +
 tests/requirements.txt                        |   1 +
 5 files changed, 239 insertions(+), 8 deletions(-)
 create mode 100644 library/ceph_orch_spec.py

diff --git a/infrastructure-playbooks/cephadm-adopt.yml b/infrastructure-playbooks/cephadm-adopt.yml
index 3922e07901..c5dd4c0392 100644
--- a/infrastructure-playbooks/cephadm-adopt.yml
+++ b/infrastructure-playbooks/cephadm-adopt.yml
@@ -931,14 +931,22 @@
         - radosgw_address_block != 'subnet'
 
     - name: Update the placement of radosgw hosts
-      ansible.builtin.command: >
-        {{ cephadm_cmd }} shell -k /etc/ceph/{{ cluster }}.client.admin.keyring --fsid {{ fsid }} --
-        ceph orch apply rgw {{ ansible_facts['hostname'] }}
-        --placement='count-per-host:{{ radosgw_num_instances }} {{ ansible_facts['nodename'] }}'
-        {{ rgw_subnet if rgw_subnet is defined else '' }}
-        --port={{ radosgw_frontend_port }}
-        {{ '--ssl' if radosgw_frontend_ssl_certificate else '' }}
-      changed_when: false
+      ceph_orch_spec:
+        fsid: "{{ fsid }}"
+        spec: |
+          service_type: rgw
+          service_id: {{ ansible_facts['hostname'] }}
+          placement:
+            count_per_host: {{ radosgw_num_instances }}
+            hosts:
+              - {{ ansible_facts['nodename'] }}
+          networks: {{ rgw_subnet if rgw_subnet is defined else '' }}
+          spec:
+            rgw_frontend_port: {{ radosgw_frontend_port }}
+            ssl: {{ 'true' if radosgw_frontend_ssl_certificate else 'false'}}
+          extra_container_args:
+            - "-v"
+            - "/etc/pki/ca-trust:/etc/pki/ca-trust:ro"
       delegate_to: "{{ groups[mon_group_name][0] }}"
       environment:
         CEPHADM_IMAGE: '{{ ceph_docker_registry }}/{{ ceph_docker_image }}:{{ ceph_docker_image_tag }}'
diff --git a/library/ceph_orch_spec.py b/library/ceph_orch_spec.py
new file mode 100644
index 0000000000..ff02f8b8a6
--- /dev/null
+++ b/library/ceph_orch_spec.py
@@ -0,0 +1,192 @@
+#!/usr/bin/python
+
+# Copyright: (c) 2024, Teoman Onay <tonay@ibm.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+from ansible.module_utils.basic import AnsibleModule
+
+try:
+    from ansible.module_utils.ca_common import exit_module, build_base_cmd_orch
+except ImportError:
+    from module_utils.ca_common import exit_module, build_base_cmd_orch
+
+import datetime
+import yaml
+from typing import Tuple, List, Dict
+
+
+ANSIBLE_METADATA = {
+    'metadata_version': '1.0',
+    'status': ['preview'],
+    'supported_by': 'community'
+}
+
+DOCUMENTATION = r'''
+---
+module: ceph_orch_spec
+
+short_description: This is my test module
+
+# If this is part of a collection, you need to use semantic versioning,
+# i.e. the version is of the form "2.5.0" and not "2.4".
+version_added: "1.0.0"
+
+description: This is my longer description explaining my test module.
+
+options:
+    spec:
+        description: This is the message to send to the test module.
+        required: true
+        type: str
+# Specify this value according to your collection
+# in format of namespace.collection.doc_fragment_name
+# extends_documentation_fragment:
+#     - my_namespace.my_collection.my_doc_fragment_name
+
+author:
+    - Teoman ONAY (tonay@ibm.com)
+'''
+
+EXAMPLES = r'''
+# Pass in a message
+- name: Test with a message
+  my_namespace.my_collection.ceph_orch_spec:
+    spec: >-
+        service_type: rgw
+        service_id: realm.zone
+        placement:
+          hosts:
+            - host1
+            - host2
+            - host3
+        config:
+          param_1: val_1
+          ...
+          param_N: val_N
+        unmanaged: false
+        networks:
+        - 192.169.142.0/24
+
+# pass in a message and have changed true
+- name: Test with a message and changed output
+  my_namespace.my_collection.ceph_orch_spec:
+    name: hello world
+    new: true
+
+# fail the module
+- name: Test failure of the module
+  my_namespace.my_collection.ceph_orch_spec:
+    name: fail me
+'''
+
+RETURN = r'''
+# These are examples of possible return values, and in general should use other names for return values.
+original_message:
+    description: The original name param that was passed in.
+    type: str
+    returned: always
+    sample: 'hello world'
+message:
+    description: The output message that the test module generates.
+    type: str
+    returned: always
+    sample: 'goodbye'
+'''
+
+
+def parse_spec(spec: str) -> Dict:
+    """ parse spec string to yaml """
+    yaml_spec: yaml = yaml.safe_load(spec)
+    return yaml_spec
+
+
+def retrieve_current_spec(module: AnsibleModule, expected_spec: Dict) -> Dict:
+    """ retrieve current config of the service """
+    service: str = expected_spec["service_type"]
+    cmd = build_base_cmd_orch(module)
+    cmd.extend(['ls', service, '--format=yaml'])
+    out = module.run_command(cmd)
+    if not isinstance(out, Dict):
+        # if there is no existing service, cephadm returns the string 'No services reported'
+        return {}
+    else:
+        return yaml.safe_load(out[1])
+
+
+def change_required(current: Dict, expected: Dict) -> bool:
+    """ checks if a config change is required """
+    if current:
+        for key, value in expected.items():
+            if current[key] != value:
+                return True
+            else:
+                continue
+        return False
+    else:
+        return True
+
+
+def apply_spec(module: "AnsibleModule",
+               data: str) -> Tuple[int, List[str], str, str]:
+    cmd = build_base_cmd_orch(module)
+    cmd.extend(['apply', '-i', '-'])
+    rc, out, err = module.run_command(cmd, data=data)
+
+    if rc:
+        raise RuntimeError(err)
+
+    return rc, cmd, out, err
+
+
+def run_module():
+
+    module_args = dict(
+        spec=dict(type='str', required=True),
+        fsid=dict(type='str', required=False),
+    )
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        supports_check_mode=True
+    )
+
+    startd = datetime.datetime.now()
+    spec = module.params.get('spec')
+
+    if module.check_mode:
+        exit_module(
+            module=module,
+            out='',
+            rc=0,
+            cmd=[],
+            err='',
+            startd=startd,
+            changed=False
+        )
+
+    # Idempotency check
+    expected = parse_spec(module.params.get('spec'))
+    current_spec = retrieve_current_spec(module, expected)
+
+    if change_required(current_spec, expected):
+        rc, cmd, out, err = apply_spec(module, spec)
+        changed = True
+
+    exit_module(
+        module=module,
+        out=out,
+        rc=rc,
+        cmd=cmd,
+        err=err,
+        startd=startd,
+        changed=changed
+    )
+
+
+def main():
+    run_module()
+
+
+if __name__ == '__main__':
+    main()
diff --git a/module_utils/ca_common.py b/module_utils/ca_common.py
index 32c0cbdbed..cfbf55a434 100644
--- a/module_utils/ca_common.py
+++ b/module_utils/ca_common.py
@@ -1,5 +1,7 @@
 import os
 import datetime
+from typing import List
+from ansible.module_utils.basic import AnsibleModule
 
 
 def generate_cmd(cmd='ceph',
@@ -94,6 +96,32 @@ def exec_command(module, cmd, stdin=None, check_rc=False):
     return rc, cmd, out, err
 
 
+def build_base_cmd(module: "AnsibleModule") -> List[str]:
+    cmd = ['cephadm']
+    docker = module.params.get('docker')
+    image = module.params.get('image')
+    fsid = module.params.get('fsid')
+
+    if docker:
+        cmd.append('--docker')
+    if image:
+        cmd.extend(['--image', image])
+
+    cmd.append('shell')
+
+    if fsid:
+        cmd.extend(['--fsid', fsid])
+
+    return cmd
+
+
+def build_base_cmd_orch(module: "AnsibleModule") -> List[str]:
+    cmd = build_base_cmd(module)
+    cmd.extend(['ceph', 'orch'])
+
+    return cmd
+
+
 def exit_module(module, out, rc, cmd, err, startd, changed=False, diff=dict(before="", after="")):  # noqa: E501
     endd = datetime.datetime.now()
     delta = endd - startd
diff --git a/tests/functional/all_daemons/container/group_vars/clients b/tests/functional/all_daemons/container/group_vars/clients
index ec0bb3e099..33add855f4 100644
--- a/tests/functional/all_daemons/container/group_vars/clients
+++ b/tests/functional/all_daemons/container/group_vars/clients
@@ -5,9 +5,11 @@ test:
   name: "test"
   rule_name: "HDD"
   size: 1
+  application: "rbd"
 test2:
   name: "test2"
   size: 1
+  application: "rbd"
 pools:
   - "{{ test }}"
   - "{{ test2 }}"
diff --git a/tests/requirements.txt b/tests/requirements.txt
index b24770e4ff..2ddd5e2756 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -8,3 +8,4 @@ mock
 jmespath
 pytest-rerunfailures
 pytest-cov
+setuptools