libvirt: fix secret so that volume attach works

In addition to restoring the secret setting again this removes some
redundant logic and does minimal cleanups.

Change-Id: I5dbcbd393b18befd762518e3865da9e006cf5bd9
This commit is contained in:
Chris Wedgwood 2017-10-03 20:35:37 +00:00
parent 2ca580a9b4
commit 04d8ced3c4
2 changed files with 5 additions and 17 deletions

View File

@ -30,12 +30,12 @@ if [[ -c /dev/kvm ]]; then
chown root:kvm /dev/kvm
fi
if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
if [ -n "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
libvirtd --listen &
LIBVIRT_SECRET_DEF=$(mktemp --suffix .xml)
tmpsecret=$(mktemp --suffix .xml)
function cleanup {
rm -f ${LIBVIRT_SECRET_DEF}
rm -f "${tmpsecret}"
}
trap cleanup EXIT
@ -64,16 +64,11 @@ if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
fi
done
if [ -z "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
echo "ERROR: No libvirt Secret UUID Supplied"
exit 1
fi
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
CEPH_CINDER_KEYRING=$(sed -n 's/^[[:space:]]*key[[:blank:]]\+=[[:space:]]\(.*\)/\1/p' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
fi
cat > ${LIBVIRT_SECRET_DEF} <<EOF
cat > ${tmpsecret} <<EOF
<secret ephemeral='no' private='no'>
<uuid>${LIBVIRT_CEPH_SECRET_UUID}</uuid>
<usage type='ceph'>
@ -82,7 +77,7 @@ if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
</secret>
EOF
virsh secret-define --file ${LIBVIRT_SECRET_DEF}
virsh secret-define --file ${tmpsecret}
virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
# rejoin libvirtd

View File

@ -46,9 +46,6 @@ spec:
securityContext:
runAsUser: 0
env:
{{- if .Values.ceph.enabled }}
- name: LIBVIRT_CEPH_ENABLED
value: "True"
- name: CEPH_CINDER_USER
value: "{{ .Values.ceph.cinder_user }}"
{{- if .Values.ceph.cinder_keyring }}
@ -57,10 +54,6 @@ spec:
{{ end }}
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.ceph.secret_uuid }}"
{{- else }}
- name: LIBVIRT_CEPH_ENABLED
value: "False"
{{- end }}
command:
- /tmp/ceph-keyring.sh
volumeMounts: