Rename mariadb backup identities

Challenge:
Now remote_ks_admin and remote_rgw_user are using for user labels
of backup target openstack cloud.
When the backup user doesn't exist and we can enable job_ks_user
manifest.
But job_ks_user uses .Vaules.secrets.identity.admin and mariadb,
while secret-rgw and cron-job-backup-mariadb use .Values.secrets.
identity.remote_ks_admin and remote_rgw_user.
It requires to use same values for admin and remote_ks_admin,
and for mariadb and remote_rgw_user.
Seems it isbreaking values consistency.

Suggestion:
Now providing 2 kinds of backup - pvc and swift.
"remote_" means the swift backup.
In fact, mariadb chart has no case to access to keystone except
swift backup. So we can remove remote_xx_* prefix and there is
no confusion.

Change-Id: Ib82120611659bd36bae35f2e90054642fb8ee31f
This commit is contained in:
okozachenko 2021-03-03 20:28:05 +02:00
parent 618c064d25
commit 5db88a5fb4
5 changed files with 12 additions and 11 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.2.31 appVersion: v10.2.31
description: OpenStack-Helm MariaDB description: OpenStack-Helm MariaDB
name: mariadb name: mariadb
version: 0.1.9 version: 0.1.10
home: https://mariadb.com/kb/en/ home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources: sources:

View File

@ -97,7 +97,7 @@ spec:
value: {{ .Values.conf.backup.remote_backup.container_name | quote }} value: {{ .Values.conf.backup.remote_backup.container_name | quote }}
- name: STORAGE_POLICY - name: STORAGE_POLICY
value: "{{ .Values.conf.backup.remote_backup.storage_policy }}" value: "{{ .Values.conf.backup.remote_backup.storage_policy }}"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.remote_rgw_user }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.mariadb }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -13,11 +13,11 @@ limitations under the License.
This manifest results in two secrets being created: This manifest results in two secrets being created:
1) Keystone "remote_rgw_user" secret, which is needed to access the cluster 1) Keystone "mariadb" secret, which is needed to access the cluster
(remote or same cluster) for storing mariadb backups. If the (remote or same cluster) for storing mariadb backups. If the
cluster is remote, the auth_url would be non-null. cluster is remote, the auth_url would be non-null.
2) Keystone "remote_ks_admin" secret, which is needed to create the 2) Keystone "admin" secret, which is needed to create the
"remote_rgw_user" keystone account mentioned above. This may not "mariadb" keystone account mentioned above. This may not
be needed if the account is in a remote cluster (auth_url is non-null be needed if the account is in a remote cluster (auth_url is non-null
in that case). in that case).
*/}} */}}
@ -25,7 +25,7 @@ This manifest results in two secrets being created:
{{- if .Values.conf.backup.remote_backup.enabled }} {{- if .Values.conf.backup.remote_backup.enabled }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $userClass := "remote_rgw_user" }} {{- $userClass := "mariadb" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1
@ -50,7 +50,7 @@ data:
OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }} OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }}
... ...
{{- if .Values.manifests.job_ks_user }} {{- if .Values.manifests.job_ks_user }}
{{- $userClass := "remote_ks_admin" }} {{- $userClass := "admin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

View File

@ -466,8 +466,8 @@ monitoring:
secrets: secrets:
identity: identity:
remote_ks_admin: keystone-admin-user admin: keystone-admin-user
remote_rgw_user: mariadb-backup-user mariadb: mariadb-backup-user
mariadb: mariadb:
backup_restore: mariadb-backup-restore backup_restore: mariadb-backup-restore
tls: tls:
@ -571,7 +571,7 @@ endpoints:
name: backup-storage-auth name: backup-storage-auth
namespace: openstack namespace: openstack
auth: auth:
remote_ks_admin: admin:
# Auth URL of null indicates local authentication # Auth URL of null indicates local authentication
# HTK will form the URL unless specified here # HTK will form the URL unless specified here
auth_url: null auth_url: null
@ -581,7 +581,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
remote_rgw_user: mariadb:
# Auth URL of null indicates local authentication # Auth URL of null indicates local authentication
# HTK will form the URL unless specified here # HTK will form the URL unless specified here
auth_url: null auth_url: null

View File

@ -10,4 +10,5 @@ mariadb:
- 0.1.7 Revert - Change Issuer to ClusterIssuer - 0.1.7 Revert - Change Issuer to ClusterIssuer
- 0.1.8 Change Issuer to ClusterIssuer with logic in place to support cert-manager versioning - 0.1.8 Change Issuer to ClusterIssuer with logic in place to support cert-manager versioning
- 0.1.9 Uplift Mariadb-ingress to 0.42.0 - 0.1.9 Uplift Mariadb-ingress to 0.42.0
- 0.1.10 Rename mariadb backup identities
... ...