[Libvirt] Add support for Cinder external ceph backend

This patchset adds a libvirt secret for the Cinder uuid of external ceph backend when Cinder externally managed ceph backend is enabled. Change-Id: I3667c13c31e49f00d2be02efa6d791ce0a580a8d
2020-09-14 01:22:02 +00:00 · 2020-09-14 01:22:02 +00:00 · b0fcd5a411
commit b0fcd5a411
parent 2bfce96304
3 changed files with 49 additions and 10 deletions
--- a/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/libvirt/templates/bin/_libvirt.sh.tpl
@ -107,8 +107,14 @@ if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then
  cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &

  tmpsecret=$(mktemp --suffix .xml)
+  if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
+    tmpsecret2=$(mktemp --suffix .xml)
+  fi
  function cleanup {
-      rm -f "${tmpsecret}"
+    rm -f "${tmpsecret}"
+    if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
+      rm -f "${tmpsecret2}"
+    fi
  }
  trap cleanup EXIT

@ -137,21 +143,31 @@ if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then
    fi
  done

-  if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
-    CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
-  fi
-
-  cat > ${tmpsecret} <<EOF
+  function create_virsh_libvirt_secret {
+    sec_user=$1
+    sec_uuid=$2
+    sec_ceph_keyring=$3
+    cat > ${tmpsecret} <<EOF
 <secret ephemeral='no' private='no'>
-  <uuid>${LIBVIRT_CEPH_CINDER_SECRET_UUID}</uuid>
+  <uuid>${sec_uuid}</uuid>
  <usage type='ceph'>
-    <name>client.${CEPH_CINDER_USER}. secret</name>
+    <name>client.${sec_user}. secret</name>
  </usage>
 </secret>
 EOF
+    virsh secret-define --file ${tmpsecret}
+    virsh secret-set-value --secret "${sec_uuid}" --base64 "${sec_ceph_keyring}"
+  }

-  virsh secret-define --file ${tmpsecret}
-  virsh secret-set-value --secret "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
+  if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
+    CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
+  fi
+  create_virsh_libvirt_secret ${CEPH_CINDER_USER} ${LIBVIRT_CEPH_CINDER_SECRET_UUID} ${CEPH_CINDER_KEYRING}
+
+  if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
+    EXTERNAL_CEPH_CINDER_KEYRING=$(cat /tmp/external-ceph-client-keyring)
+    create_virsh_libvirt_secret ${EXTERNAL_CEPH_CINDER_USER} ${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID} ${EXTERNAL_CEPH_CINDER_KEYRING}
+  fi

  # rejoin libvirtd
  wait
--- a/libvirt/templates/daemonset-libvirt.yaml
+++ b/libvirt/templates/daemonset-libvirt.yaml
@ -123,6 +123,12 @@ spec:
            {{ end }}
            - name: LIBVIRT_CEPH_CINDER_SECRET_UUID
              value: "{{ .Values.conf.ceph.cinder.secret_uuid }}"
+            {{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
+            - name: EXTERNAL_CEPH_CINDER_USER
+              value: "{{ .Values.conf.ceph.cinder.external_ceph.user }}"
+            - name: LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID
+              value: "{{ .Values.conf.ceph.cinder.external_ceph.secret_uuid }}"
+            {{ end }}
          {{ end }}
          readinessProbe:
            exec:
@ -199,6 +205,12 @@ spec:
              subPath: key
              readOnly: true
            {{- end }}
+            {{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
+            - name: external-ceph-keyring
+              mountPath: /tmp/external-ceph-client-keyring
+              subPath: key
+              readOnly: true
+            {{- end }}
            {{- end }}
 {{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
      volumes:
@ -225,6 +237,11 @@ spec:
          secret:
            secretName: {{ .Values.ceph_client.user_secret_name }}
        {{ end }}
+        {{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
+        - name: external-ceph-keyring
+          secret:
+            secretName: {{ .Values.conf.ceph.cinder.external_ceph.user_secret_name }}
+        {{ end }}
        {{ end }}
        - name: libmodules
          hostPath:
--- a/libvirt/values.yaml
+++ b/libvirt/values.yaml
@ -77,6 +77,12 @@ conf:
      user: "cinder"
      keyring: null
      secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+      # Cinder Ceph backend that is not configured by the k8s cluter
+      external_ceph:
+        enabled: false
+        user: null
+        secret_uuid: null
+        user_secret_name: null
  libvirt:
    listen_tcp: "1"
    listen_tls: "0"