diff --git a/cinder/values.yaml b/cinder/values.yaml index b7c031e575..b298096013 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -748,6 +748,7 @@ conf: rbd_store_chunk_size: 4 rados_connect_timeout: -1 rbd_user: cinder + rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 rally_tests: run_tempest: false tests: diff --git a/glance/templates/bin/_ceph-admin-keyring.sh.tpl b/glance/templates/bin/_ceph-admin-keyring.sh.tpl index f3c0a521db..fa416c05d2 100644 --- a/glance/templates/bin/_ceph-admin-keyring.sh.tpl +++ b/glance/templates/bin/_ceph-admin-keyring.sh.tpl @@ -19,7 +19,7 @@ limitations under the License. set -ex export HOME=/tmp -cat < /etc/ceph/ceph.client.admin.keyring +cat > /etc/ceph/ceph.client.admin.keyring << EOF [client.admin] {{- if .Values.conf.ceph.admin_keyring }} key = {{ .Values.conf.ceph.admin_keyring }} diff --git a/glance/templates/bin/_ceph-keyring.sh.tpl b/glance/templates/bin/_ceph-keyring.sh.tpl index f02b294e40..202987cc59 100644 --- a/glance/templates/bin/_ceph-keyring.sh.tpl +++ b/glance/templates/bin/_ceph-keyring.sh.tpl @@ -19,7 +19,7 @@ limitations under the License. set -ex export HOME=/tmp -cat < /etc/ceph/ceph.client.${RBD_STORE_USER}.keyring +cat > /etc/ceph/ceph.client.${RBD_STORE_USER}.keyring < /etc/ceph/ceph.client.admin.keyring << EOF +[client.admin] +{{- if .Values.conf.ceph.admin_keyring }} + key = {{ .Values.conf.ceph.admin_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/libvirt/templates/bin/_ceph-keyring.sh.tpl b/libvirt/templates/bin/_ceph-keyring.sh.tpl index f4c3f63aa7..418a40c27d 100644 --- a/libvirt/templates/bin/_ceph-keyring.sh.tpl +++ b/libvirt/templates/bin/_ceph-keyring.sh.tpl @@ -19,13 +19,21 @@ limitations under the License. set -ex export HOME=/tmp -cat < /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring -[client.{{ .Values.ceph.cinder_user }}] -{{- if .Values.ceph.cinder_keyring }} - key = {{ .Values.ceph.cinder_keyring }} -{{- else }} - key = $(cat /tmp/client-keyring) -{{- end }} +KEYRING=/etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring +{{- if .Values.conf.ceph.cinder.keyring }} +cat > ${KEYRING} < ${tmpsecret} < - ${LIBVIRT_CEPH_SECRET_UUID} + ${LIBVIRT_CEPH_CINDER_SECRET_UUID} client.${CEPH_CINDER_USER}. secret @@ -86,7 +86,7 @@ if [ -n "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then EOF virsh secret-define --file ${tmpsecret} - virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}" + virsh secret-set-value --secret "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}" # rejoin libvirtd wait diff --git a/libvirt/templates/configmap-bin.yaml b/libvirt/templates/configmap-bin.yaml index 917d11adad..1c872dd9d5 100644 --- a/libvirt/templates/configmap-bin.yaml +++ b/libvirt/templates/configmap-bin.yaml @@ -24,8 +24,10 @@ metadata: data: libvirt.sh: | {{ tuple "bin/_libvirt.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} -{{- if .Values.ceph.enabled }} +{{- if .Values.conf.ceph.enabled }} ceph-keyring.sh: | {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ceph-admin-keyring.sh: | +{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index 9b4467e76c..4bdd0bcb71 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -44,9 +44,31 @@ spec: hostNetwork: true hostPID: true dnsPolicy: ClusterFirstWithHostNet -{{- if .Values.ceph.enabled }} initContainers: {{ tuple $envAll $dependencies $mounts_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if .Values.conf.ceph.enabled }} + {{- if empty .Values.conf.ceph.cinder.keyring }} + - name: ceph-admin-keyring-placement + image: {{ .Values.images.tags.libvirt }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + runAsUser: 0 + command: + - /tmp/ceph-admin-keyring.sh + volumeMounts: + - name: etcceph + mountPath: /etc/ceph + - name: libvirt-bin + mountPath: /tmp/ceph-admin-keyring.sh + subPath: ceph-admin-keyring.sh + readOnly: true + {{- if empty .Values.conf.ceph.admin_keyring }} + - name: ceph-keyring + mountPath: /tmp/client-keyring + subPath: key + readOnly: true + {{ end }} + {{ end }} - name: ceph-keyring-placement image: {{ .Values.images.tags.libvirt }} imagePullPolicy: {{ .Values.images.pull_policy }} @@ -54,13 +76,13 @@ spec: runAsUser: 0 env: - name: CEPH_CINDER_USER - value: "{{ .Values.ceph.cinder_user }}" - {{- if .Values.ceph.cinder_keyring }} + value: "{{ .Values.conf.ceph.cinder.user }}" + {{- if .Values.conf.ceph.cinder.keyring }} - name: CEPH_CINDER_KEYRING - value: "{{ .Values.ceph.cinder_keyring }}" + value: "{{ .Values.conf.ceph.cinder.keyring }}" {{ end }} - - name: LIBVIRT_CEPH_SECRET_UUID - value: "{{ .Values.ceph.secret_uuid }}" + - name: LIBVIRT_CEPH_CINDER_SECRET_UUID + value: "{{ .Values.conf.ceph.cinder.secret_uuid }}" command: - /tmp/ceph-keyring.sh volumeMounts: @@ -70,12 +92,10 @@ spec: mountPath: /tmp/ceph-keyring.sh subPath: ceph-keyring.sh readOnly: true - {{- if empty .Values.ceph.cinder_keyring }} - - name: ceph-keyring - mountPath: /tmp/client-keyring - subPath: key + - name: ceph-etc + mountPath: /etc/ceph/ceph.conf + subPath: ceph.conf readOnly: true - {{ end }} {{- end }} containers: - name: libvirt @@ -85,16 +105,16 @@ spec: securityContext: privileged: true runAsUser: 0 - {{- if .Values.ceph.enabled }} + {{- if .Values.conf.ceph.enabled }} env: - name: CEPH_CINDER_USER - value: "{{ .Values.ceph.cinder_user }}" - {{- if .Values.ceph.cinder_keyring }} + value: "{{ .Values.conf.ceph.cinder.user }}" + {{- if .Values.conf.ceph.cinder.keyring }} - name: CEPH_CINDER_KEYRING - value: "{{ .Values.ceph.cinder_keyring }}" + value: "{{ .Values.conf.ceph.cinder.keyring }}" {{ end }} - - name: LIBVIRT_CEPH_SECRET_UUID - value: "{{ .Values.ceph.secret_uuid }}" + - name: LIBVIRT_CEPH_CINDER_SECRET_UUID + value: "{{ .Values.conf.ceph.cinder.secret_uuid }}" {{ end }} command: - /tmp/libvirt.sh @@ -129,14 +149,14 @@ spec: - name: machine-id mountPath: /etc/machine-id readOnly: true - {{- if .Values.ceph.enabled }} + {{- if .Values.conf.ceph.enabled }} - name: etcceph mountPath: /etc/ceph - name: ceph-etc mountPath: /etc/ceph/ceph.conf subPath: ceph.conf readOnly: true - {{- if empty .Values.ceph.cinder_keyring }} + {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring mountPath: /tmp/client-keyring subPath: key @@ -153,14 +173,14 @@ spec: configMap: name: libvirt-etc defaultMode: 0444 - {{- if .Values.ceph.enabled }} + {{- if .Values.conf.ceph.enabled }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: ceph-etc defaultMode: 0444 - {{- if empty .Values.ceph.cinder_keyring }} + {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring secret: secretName: pvc-ceph-client-key diff --git a/libvirt/values.yaml b/libvirt/values.yaml index da35e24082..ff04f28982 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -31,14 +31,15 @@ images: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 pull_policy: "IfNotPresent" -ceph: - enabled: true - monitors: [] - cinder_user: "admin" - cinder_keyring: null - secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 conf: + ceph: + enabled: true + admin_keyring: null + cinder: + user: "cinder" + keyring: null + secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 libvirt: listen_tcp: "1" listen_tls: "0" diff --git a/nova/templates/bin/_ceph-admin-keyring.sh.tpl b/nova/templates/bin/_ceph-admin-keyring.sh.tpl new file mode 100644 index 0000000000..fa416c05d2 --- /dev/null +++ b/nova/templates/bin/_ceph-admin-keyring.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +export HOME=/tmp + +cat > /etc/ceph/ceph.client.admin.keyring << EOF +[client.admin] +{{- if .Values.conf.ceph.admin_keyring }} + key = {{ .Values.conf.ceph.admin_keyring }} +{{- else }} + key = $(cat /tmp/client-keyring) +{{- end }} +EOF + +exit 0 diff --git a/nova/templates/bin/_ceph-keyring.sh.tpl b/nova/templates/bin/_ceph-keyring.sh.tpl index df5401dc4b..418a40c27d 100644 --- a/nova/templates/bin/_ceph-keyring.sh.tpl +++ b/nova/templates/bin/_ceph-keyring.sh.tpl @@ -19,10 +19,21 @@ limitations under the License. set -ex export HOME=/tmp -CEPH_CINDER_KEYRING_FILE="/etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring" -echo "[client.${CEPH_CINDER_USER}]" > ${CEPH_CINDER_KEYRING_FILE} -if ! [ -z "${CEPH_CINDER_KEYRING}" ] ; then - echo " key = ${CEPH_CINDER_KEYRING}" >> ${CEPH_CINDER_KEYRING_FILE} -else - echo " key = $(cat /tmp/client-keyring)" >> ${CEPH_CINDER_KEYRING_FILE} +KEYRING=/etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring +{{- if .Values.conf.ceph.cinder.keyring }} +cat > ${KEYRING} </tmp/pod-shared/nova-vnc.ini + cat > /tmp/pod-shared/nova-console.conf </tmp/pod-shared/nova-spice.ini + cat > /tmp/pod-shared/nova-console.conf <