[libvirt] Allow to generate dynamic config options

It may be required to use some dynamic options such as IP address from interface where to bind service. This patch adds ability to use dynamic logic in option detection and fill it in the configuration file later. Co-Authored-By: dbiletskiy <dbiletskiy@mirantis.com> Change-Id: I8cc7da4935c11c50165a75b466d41f7d0da3e77c
2024-09-16 14:48:58 +00:00 · 2024-09-16 14:48:58 +00:00 · 96e9104066
commit 96e9104066
parent 8a108e4bcf
6 changed files with 58 additions and 4 deletions
--- a/libvirt/Chart.yaml
+++ b/libvirt/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm libvirt
 name: libvirt
-version: 0.1.35
+version: 0.1.36
 home: https://libvirt.org
 sources:
  - https://libvirt.org/git/?p=libvirt.git;a=summary
--- a/libvirt/templates/configmap-bin.yaml
+++ b/libvirt/templates/configmap-bin.yaml
@ -37,4 +37,5 @@ data:
 {{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
 {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.init_modules.script "key" "libvirt-init-modules.sh") | indent 2 }}
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.dynamic_options.script "key" "init-dynamic-options.sh") | indent 2 }}
 {{- end }}
--- a/libvirt/templates/configmap-etc.yaml
+++ b/libvirt/templates/configmap-etc.yaml
@ -24,7 +24,6 @@ metadata:
  name: {{ $configMapName }}
 type: Opaque
 data:
-  libvirtd.conf: {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.libvirt | b64enc }}
  qemu.conf: {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.qemu | b64enc }}
 {{- end }}
 {{- end }}
--- a/libvirt/templates/daemonset-libvirt.yaml
+++ b/libvirt/templates/daemonset-libvirt.yaml
@ -100,6 +100,21 @@ spec:
              subPath: libvirt-init-modules.sh
              readOnly: true
 {{- end }}
+        - name: init-dynamic-options
+{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ dict "envAll" $envAll "application" "libvirt" "container" "init_dynamic_options" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+          terminationMessagePath: /var/log/termination-log
+          command:
+            - /tmp/init-dynamic-options.sh
+          volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+            - name: libvirt-bin
+              mountPath: /tmp/init-dynamic-options.sh
+              subPath: init-dynamic-options.sh
+              readOnly: true
 {{- if eq .Values.conf.qemu.vnc_tls "1" }}
        - name: cert-init-vnc
 {{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -233,7 +248,7 @@ spec:
              mountPath: /tmp/libvirt.sh
              subPath: libvirt.sh
              readOnly: true
-            - name: libvirt-etc
+            - name: pod-shared
              mountPath: /etc/libvirt/libvirtd.conf
              subPath: libvirtd.conf
              readOnly: true
@ -381,6 +396,8 @@ spec:
          hostPath:
            path: /
            type: Directory
+        - name: pod-shared
+          emptyDir: {}
 {{ dict "envAll" $envAll "component" "libvirt" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }}
 {{ if $mounts_libvirt.volumes }}{{ toYaml $mounts_libvirt.volumes | indent 8 }}{{ end }}
 {{- end }}
--- a/libvirt/values.yaml
+++ b/libvirt/values.yaml
@ -112,9 +112,37 @@ conf:
    cert_file: "/etc/pki/libvirt/servercert.pem"
    key_file: "/etc/pki/libvirt/private/serverkey.pem"
    auth_unix_rw: "none"
-    listen_addr: 127.0.0.1
+    listen_addr: "${LISTEN_IP_ADDRESS}"
    log_level: "3"
    log_outputs: "1:file:/var/log/libvirt/libvirtd.log"
+  # Modifies the config in which value is specified as the name of a variable
+  # that is computed in the script.
+  dynamic_options:
+    libvirt:
+      listen_interface: null
+      listen_address: 127.0.0.1
+    script: |
+      #!/bin/bash
+      set -ex
+
+      LIBVIRT_CONF_PATH=/tmp/pod-shared/libvirtd.conf
+
+      {{- if .Values.conf.dynamic_options.libvirt.listen_interface }}
+
+      LISTEN_INTERFACE="{{ .Values.conf.dynamic_options.libvirt.listen_interface }}"
+      LISTEN_IP_ADDRESS=$(ip address show $LISTEN_INTERFACE | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
+      {{- else if .Values.conf.dynamic_options.libvirt.listen_address }}
+      LISTEN_IP_ADDRESS={{ .Values.conf.dynamic_options.libvirt.listen_address }}
+      {{- end }}
+
+      if [[ -z $LISTEN_IP_ADDRESS ]]; then
+          echo "LISTEN_IP_ADDRESS is not set."
+          exit 1
+      fi
+
+      tee > ${LIBVIRT_CONF_PATH} << EOF
+      {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.libvirt }}
+      EOF
  qemu:
    vnc_tls: "0"
    vnc_tls_x509_verify: "0"
@ -254,6 +282,14 @@ pod:
          capabilities:
            drop:
              - ALL
+        init_dynamic_options:
+          runAsUser: 65534
+          runAsNonRoot: true
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
  sidecars:
    libvirt_exporter: false

--- a/releasenotes/notes/libvirt.yaml
+++ b/releasenotes/notes/libvirt.yaml
@ -36,4 +36,5 @@ libvirt:
  - 0.1.33 Handle cgroupv2 correctly
  - 0.1.34 Remove hugepages creation test
  - 0.1.35 Allow to initialize virtualization modules
+  - 0.1.36 Allow to generate dynamic config options
 ...