[Libvirt] Add support for Cinder external ceph backend

This patchset adds a libvirt secret for the Cinder uuid of external
ceph backend when Cinder externally managed ceph backend is
enabled.

Change-Id: I3667c13c31e49f00d2be02efa6d791ce0a580a8d
This commit is contained in:
Huang, Sophie (sh879n) 2020-09-14 01:22:02 +00:00 committed by chinasubbareddy mallavarapu
parent 2bfce96304
commit b0fcd5a411
3 changed files with 49 additions and 10 deletions

View File

@ -107,8 +107,14 @@ if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then
cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
tmpsecret=$(mktemp --suffix .xml)
if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
tmpsecret2=$(mktemp --suffix .xml)
fi
function cleanup {
rm -f "${tmpsecret}"
if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
rm -f "${tmpsecret2}"
fi
}
trap cleanup EXIT
@ -137,21 +143,31 @@ if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then
fi
done
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
fi
function create_virsh_libvirt_secret {
sec_user=$1
sec_uuid=$2
sec_ceph_keyring=$3
cat > ${tmpsecret} <<EOF
<secret ephemeral='no' private='no'>
<uuid>${LIBVIRT_CEPH_CINDER_SECRET_UUID}</uuid>
<uuid>${sec_uuid}</uuid>
<usage type='ceph'>
<name>client.${CEPH_CINDER_USER}. secret</name>
<name>client.${sec_user}. secret</name>
</usage>
</secret>
EOF
virsh secret-define --file ${tmpsecret}
virsh secret-set-value --secret "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
virsh secret-set-value --secret "${sec_uuid}" --base64 "${sec_ceph_keyring}"
}
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
fi
create_virsh_libvirt_secret ${CEPH_CINDER_USER} ${LIBVIRT_CEPH_CINDER_SECRET_UUID} ${CEPH_CINDER_KEYRING}
if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
EXTERNAL_CEPH_CINDER_KEYRING=$(cat /tmp/external-ceph-client-keyring)
create_virsh_libvirt_secret ${EXTERNAL_CEPH_CINDER_USER} ${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID} ${EXTERNAL_CEPH_CINDER_KEYRING}
fi
# rejoin libvirtd
wait

View File

@ -123,6 +123,12 @@ spec:
{{ end }}
- name: LIBVIRT_CEPH_CINDER_SECRET_UUID
value: "{{ .Values.conf.ceph.cinder.secret_uuid }}"
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: EXTERNAL_CEPH_CINDER_USER
value: "{{ .Values.conf.ceph.cinder.external_ceph.user }}"
- name: LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID
value: "{{ .Values.conf.ceph.cinder.external_ceph.secret_uuid }}"
{{ end }}
{{ end }}
readinessProbe:
exec:
@ -199,6 +205,12 @@ spec:
subPath: key
readOnly: true
{{- end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring
subPath: key
readOnly: true
{{- end }}
{{- end }}
{{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
volumes:
@ -225,6 +237,11 @@ spec:
secret:
secretName: {{ .Values.ceph_client.user_secret_name }}
{{ end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: external-ceph-keyring
secret:
secretName: {{ .Values.conf.ceph.cinder.external_ceph.user_secret_name }}
{{ end }}
{{ end }}
- name: libmodules
hostPath:

View File

@ -77,6 +77,12 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
# Cinder Ceph backend that is not configured by the k8s cluter
external_ceph:
enabled: false
user: null
secret_uuid: null
user_secret_name: null
libvirt:
listen_tcp: "1"
listen_tls: "0"