openstack/openstack-helm-infra
Code Issues Proposed changes

feat: adding support for external-ceph keyrings to be present in libvirt deployments without local ceph needing to be available

Browse Source 
chore: updated release notes
feat: update libvirt launch script for external ceph
Change-Id: Ie44f962d1ba538f6f8badfd1a627cb99e190c7b0
This commit is contained in:
Karl Kloppenborg 2023-01-16 01:57:19 +00:00
parent 15358cebc4
commit 4035a5e4f2
4 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libvirt/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm libvirt description: OpenStack-Helm libvirt
name: libvirt name: libvirt
version: 0.1.14 version: 0.1.15
home: https://libvirt.org home: https://libvirt.org
sources: sources:
- https://libvirt.org/git/?p=libvirt.git;a=summary - https://libvirt.org/git/?p=libvirt.git;a=summary

8
libvirt/templates/bin/_libvirt.sh.tpl
View File

@ -102,7 +102,7 @@ if [ 0"$hp_count" -gt 0 ]; then
fi fi
fi fi
if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] || [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
#NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied. #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen & cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
@ -159,10 +159,12 @@ EOF
virsh secret-set-value --secret "${sec_uuid}" --base64 "${sec_ceph_keyring}" virsh secret-set-value --secret "${sec_uuid}" --base64 "${sec_ceph_keyring}"
} }
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then if [ -z "${CEPH_CINDER_KEYRING}" ] && [ -n "${CEPH_CINDER_USER}" ] ; then
CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring) CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
fi fi
create_virsh_libvirt_secret ${CEPH_CINDER_USER} ${LIBVIRT_CEPH_CINDER_SECRET_UUID} ${CEPH_CINDER_KEYRING} if [ -n "${CEPH_CINDER_USER}" ] ; then
create_virsh_libvirt_secret ${CEPH_CINDER_USER} ${LIBVIRT_CEPH_CINDER_SECRET_UUID} ${CEPH_CINDER_KEYRING}
fi
if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
EXTERNAL_CEPH_CINDER_KEYRING=$(cat /tmp/external-ceph-client-keyring) EXTERNAL_CEPH_CINDER_KEYRING=$(cat /tmp/external-ceph-client-keyring)

10
libvirt/templates/daemonset-libvirt.yaml
View File

@ -135,8 +135,8 @@ spec:
{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.libvirt | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.libvirt | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{- if .Values.conf.ceph.enabled }}
env: env:
{{- if .Values.conf.ceph.enabled }}
- name: CEPH_CINDER_USER - name: CEPH_CINDER_USER
value: "{{ .Values.conf.ceph.cinder.user }}" value: "{{ .Values.conf.ceph.cinder.user }}"
{{- if .Values.conf.ceph.cinder.keyring }} {{- if .Values.conf.ceph.cinder.keyring }}
@ -145,13 +145,13 @@ spec:
{{ end }} {{ end }}
- name: LIBVIRT_CEPH_CINDER_SECRET_UUID - name: LIBVIRT_CEPH_CINDER_SECRET_UUID
value: "{{ .Values.conf.ceph.cinder.secret_uuid }}" value: "{{ .Values.conf.ceph.cinder.secret_uuid }}"
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }} {{ end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: EXTERNAL_CEPH_CINDER_USER - name: EXTERNAL_CEPH_CINDER_USER
value: "{{ .Values.conf.ceph.cinder.external_ceph.user }}" value: "{{ .Values.conf.ceph.cinder.external_ceph.user }}"
- name: LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID - name: LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID
value: "{{ .Values.conf.ceph.cinder.external_ceph.secret_uuid }}" value: "{{ .Values.conf.ceph.cinder.external_ceph.secret_uuid }}"
{{ end }} {{ end }}
{{ end }}
{{ dict "envAll" . "component" "libvirt" "container" "libvirt" "type" "readiness" "probeTemplate" (include "libvirtReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} {{ dict "envAll" . "component" "libvirt" "container" "libvirt" "type" "readiness" "probeTemplate" (include "libvirtReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" . "component" "libvirt" "container" "libvirt" "type" "liveness" "probeTemplate" (include "libvirtLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} {{ dict "envAll" . "component" "libvirt" "container" "libvirt" "type" "liveness" "probeTemplate" (include "libvirtLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command: command:
@ -221,13 +221,13 @@ spec:
subPath: key subPath: key
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }} {{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: external-ceph-keyring - name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring mountPath: /tmp/external-ceph-client-keyring
subPath: key subPath: key
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- end }}
{{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.pod.sidecars.libvirt_exporter }} {{- if .Values.pod.sidecars.libvirt_exporter }}
- name: libvirt-exporter - name: libvirt-exporter
@ -281,12 +281,12 @@ spec:
secret: secret:
secretName: {{ .Values.ceph_client.user_secret_name }} secretName: {{ .Values.ceph_client.user_secret_name }}
{{ end }} {{ end }}
{{ end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }} {{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: external-ceph-keyring - name: external-ceph-keyring
secret: secret:
secretName: {{ .Values.conf.ceph.cinder.external_ceph.user_secret_name }} secretName: {{ .Values.conf.ceph.cinder.external_ceph.user_secret_name }}
{{ end }} {{ end }}
{{ end }}
- name: libmodules - name: libmodules
hostPath: hostPath:
path: /lib/modules path: /lib/modules

1
releasenotes/notes/libvirt.yaml
View File

@ -15,4 +15,5 @@ libvirt:
- 0.1.12 Add libvirt exporter as a sidecar - 0.1.12 Add libvirt exporter as a sidecar
- 0.1.13 Added OCI registry authentication - 0.1.13 Added OCI registry authentication
- 0.1.14 Remove use of exec in libvirt.sh - 0.1.14 Remove use of exec in libvirt.sh
- 0.1.15 Add support for libvirt to connect to external ceph without any local ceph present
... ...