Add Storage Setup Utility Script

[Hari-Duche]

Add Storage Setup Utility Script

Overview

Adds a comprehensive storage provisioning script (utilities/setup-storage.sh) that automates the setup of isolated Ceph storage for multi-tenant environments, supporting both block and object storage configurations.

Purpose

This script provisions tenant-specific storage infrastructure for the SovereignCore platform, enabling:

• Block Storage (RBD): For Persistent Volume Claims (PVCs)
• Object Storage (RGW): For S3-compatible storage via NooBaa

Key Features

Multi-Mode Support

• Native Ceph Mode: Direct Ceph cluster access
• ODF Mode: OpenShift Data Foundation / Rook integration

Storage Provisioning (8-Phase Process)

1. Pre-flight checks: Verify Ceph access, health, and required tools
2. Ceph health check: Ensure cluster is HEALTH_OK or HEALTH_WARN
3. Create RBD pool: Tenant-specific pool with configurable quota
4. Create Ceph users: Client users and CSI users for RBD access
5. Create RGW user: Optional RGW user in main RGW for object storage
6. Create backing bucket: Optional S3 bucket for NooBaa BackingStore
7. Generate config: Run create-external-cluster-resources.py or manual config
8. Save artifacts: Write JSON configuration files to secure output directory

Security Features

• Secure credential handling with proper file permissions
• Isolated tenant storage with quota enforcement
• Support for HTTPS/TLS with CA certificate extraction
• State management for resume capability on failures

Configuration Options

• Configurable RBD pool quotas (e.g., 1T, 500G)
• Optional object storage with RGW user quotas
• Customizable placement groups (PGs)
• Region configuration for S3 compatibility
• Flexible namespace and StorageCluster naming

Usage Examples

Block storage only:

./setup-storage.sh --tenant customer-a --rbd-quota 1T --output-dir ~/ceph-configs --mode odf

Block + Object storage:

./setup-storage.sh --tenant dev-team --rbd-quota 500G --rgw-user-quota 1T --output-dir ~/odf-configs --mode odf

Resume from failure:

./setup-storage.sh --resume

Output Artifacts

• <tenant>-external-config.json: Main configuration file for Information LOB Admin UI (includes RGW credentials for Cluster-as-a-Service provisioning)
• <tenant>-rgw-credentials.txt: RGW access credentials reference file (handover to Information LOB Admin only for control plane storage setup; for Cluster-as-a-Service, object storage details are passed through the external-config.json file)
• <tenant>-ca-bundle.crt: CA certificate bundle for HTTPS (if applicable)
• <tenant>-summary.txt: Human-readable summary of provisioned resources

Integration

This script integrates with the SovereignCore Information LOB Admin UI workflow:

1. Storage admin runs this script to provision tenant storage
2. Generated config files are handed over to the control plane
3. Information LOB Admin UI deploys ODF client on tenant cluster during cluster-as-a-service creation
4. Tenant cluster gets isolated storage with enforced quotas

Technical Details

• Lines of Code: 1,797
• Language: Bash
• Dependencies: ceph CLI (native mode) or oc CLI (ODF mode)
• Error Handling: Comprehensive with resume capability
• Logging: Multi-level logging (DEBUG, INFO, WARNING, ERROR)