diff --git a/libvirt/templates/bin/_libvirt.sh.tpl b/libvirt/templates/bin/_libvirt.sh.tpl index 850d8df45..c419997e1 100644 --- a/libvirt/templates/bin/_libvirt.sh.tpl +++ b/libvirt/templates/bin/_libvirt.sh.tpl @@ -107,8 +107,14 @@ if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen & tmpsecret=$(mktemp --suffix .xml) + if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then + tmpsecret2=$(mktemp --suffix .xml) + fi function cleanup { - rm -f "${tmpsecret}" + rm -f "${tmpsecret}" + if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then + rm -f "${tmpsecret2}" + fi } trap cleanup EXIT @@ -137,21 +143,31 @@ if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then fi done - if [ -z "${CEPH_CINDER_KEYRING}" ] ; then - CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring) - fi - - cat > ${tmpsecret} < ${tmpsecret} < - ${LIBVIRT_CEPH_CINDER_SECRET_UUID} + ${sec_uuid} - client.${CEPH_CINDER_USER}. secret + client.${sec_user}. secret EOF + virsh secret-define --file ${tmpsecret} + virsh secret-set-value --secret "${sec_uuid}" --base64 "${sec_ceph_keyring}" + } - virsh secret-define --file ${tmpsecret} - virsh secret-set-value --secret "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}" + if [ -z "${CEPH_CINDER_KEYRING}" ] ; then + CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring) + fi + create_virsh_libvirt_secret ${CEPH_CINDER_USER} ${LIBVIRT_CEPH_CINDER_SECRET_UUID} ${CEPH_CINDER_KEYRING} + + if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then + EXTERNAL_CEPH_CINDER_KEYRING=$(cat /tmp/external-ceph-client-keyring) + create_virsh_libvirt_secret ${EXTERNAL_CEPH_CINDER_USER} ${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID} ${EXTERNAL_CEPH_CINDER_KEYRING} + fi # rejoin libvirtd wait diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index da8f01a85..749420e06 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -123,6 +123,12 @@ spec: {{ end }} - name: LIBVIRT_CEPH_CINDER_SECRET_UUID value: "{{ .Values.conf.ceph.cinder.secret_uuid }}" + {{- if .Values.conf.ceph.cinder.external_ceph.enabled }} + - name: EXTERNAL_CEPH_CINDER_USER + value: "{{ .Values.conf.ceph.cinder.external_ceph.user }}" + - name: LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID + value: "{{ .Values.conf.ceph.cinder.external_ceph.secret_uuid }}" + {{ end }} {{ end }} readinessProbe: exec: @@ -199,6 +205,12 @@ spec: subPath: key readOnly: true {{- end }} + {{- if .Values.conf.ceph.cinder.external_ceph.enabled }} + - name: external-ceph-keyring + mountPath: /tmp/external-ceph-client-keyring + subPath: key + readOnly: true + {{- end }} {{- end }} {{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }} volumes: @@ -225,6 +237,11 @@ spec: secret: secretName: {{ .Values.ceph_client.user_secret_name }} {{ end }} + {{- if .Values.conf.ceph.cinder.external_ceph.enabled }} + - name: external-ceph-keyring + secret: + secretName: {{ .Values.conf.ceph.cinder.external_ceph.user_secret_name }} + {{ end }} {{ end }} - name: libmodules hostPath: diff --git a/libvirt/values.yaml b/libvirt/values.yaml index f5f3b9156..f4564c8c4 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -77,6 +77,12 @@ conf: user: "cinder" keyring: null secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 + # Cinder Ceph backend that is not configured by the k8s cluter + external_ceph: + enabled: false + user: null + secret_uuid: null + user_secret_name: null libvirt: listen_tcp: "1" listen_tls: "0"