libvirt: fix secret so that volume attach works
In addition to restoring the secret setting again this removes some redundant logic and does minimal cleanups. Change-Id: I5dbcbd393b18befd762518e3865da9e006cf5bd9
This commit is contained in:
parent
2ca580a9b4
commit
04d8ced3c4
@ -30,12 +30,12 @@ if [[ -c /dev/kvm ]]; then
|
||||
chown root:kvm /dev/kvm
|
||||
fi
|
||||
|
||||
if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
|
||||
if [ -n "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
|
||||
libvirtd --listen &
|
||||
|
||||
LIBVIRT_SECRET_DEF=$(mktemp --suffix .xml)
|
||||
tmpsecret=$(mktemp --suffix .xml)
|
||||
function cleanup {
|
||||
rm -f ${LIBVIRT_SECRET_DEF}
|
||||
rm -f "${tmpsecret}"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
@ -64,16 +64,11 @@ if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -z "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
|
||||
echo "ERROR: No libvirt Secret UUID Supplied"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
|
||||
CEPH_CINDER_KEYRING=$(sed -n 's/^[[:space:]]*key[[:blank:]]\+=[[:space:]]\(.*\)/\1/p' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
|
||||
fi
|
||||
|
||||
cat > ${LIBVIRT_SECRET_DEF} <<EOF
|
||||
cat > ${tmpsecret} <<EOF
|
||||
<secret ephemeral='no' private='no'>
|
||||
<uuid>${LIBVIRT_CEPH_SECRET_UUID}</uuid>
|
||||
<usage type='ceph'>
|
||||
@ -82,7 +77,7 @@ if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
|
||||
</secret>
|
||||
EOF
|
||||
|
||||
virsh secret-define --file ${LIBVIRT_SECRET_DEF}
|
||||
virsh secret-define --file ${tmpsecret}
|
||||
virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
|
||||
|
||||
# rejoin libvirtd
|
||||
|
@ -46,9 +46,6 @@ spec:
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
env:
|
||||
{{- if .Values.ceph.enabled }}
|
||||
- name: LIBVIRT_CEPH_ENABLED
|
||||
value: "True"
|
||||
- name: CEPH_CINDER_USER
|
||||
value: "{{ .Values.ceph.cinder_user }}"
|
||||
{{- if .Values.ceph.cinder_keyring }}
|
||||
@ -57,10 +54,6 @@ spec:
|
||||
{{ end }}
|
||||
- name: LIBVIRT_CEPH_SECRET_UUID
|
||||
value: "{{ .Values.ceph.secret_uuid }}"
|
||||
{{- else }}
|
||||
- name: LIBVIRT_CEPH_ENABLED
|
||||
value: "False"
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/ceph-keyring.sh
|
||||
volumeMounts:
|
||||
|
Loading…
Reference in New Issue
Block a user