libvirt: fix operation when ceph is disabled

The movement of the ceph secret logic into the start script introduced
a bug that was missed in review when ceph is disabled, this PS
restores expected operation.

Closes-Bug: #1720061

Change-Id: Ie373ff94814ea396832a83101c885ebf92b6f8cc
This commit is contained in:
Pete Birley 2017-09-28 09:56:23 -05:00 committed by Chris Wedgwood
parent a2cc27ea6a
commit af1e19ef49
2 changed files with 51 additions and 40 deletions

View File

@ -30,49 +30,50 @@ if [[ -c /dev/kvm ]]; then
chown root:kvm /dev/kvm chown root:kvm /dev/kvm
fi fi
libvirtd --listen & if [ "x${LIBVIRT_CEPH_ENABLED}" == "xTrue" ] ; then
libvirtd --listen &
LIBVIRT_SECRET_DEF=$(mktemp --suffix .xml) LIBVIRT_SECRET_DEF=$(mktemp --suffix .xml)
function cleanup { function cleanup {
rm -f ${LIBVIRT_SECRET_DEF} rm -f ${LIBVIRT_SECRET_DEF}
} }
trap cleanup EXIT trap cleanup EXIT
# Wait for the libvirtd is up # Wait for the libvirtd is up
TIMEOUT=60 TIMEOUT=60
while [[ ! -f /var/run/libvirtd.pid ]]; do while [[ ! -f /var/run/libvirtd.pid ]]; do
if [[ ${TIMEOUT} -gt 0 ]]; then if [[ ${TIMEOUT} -gt 0 ]]; then
let TIMEOUT-=1 let TIMEOUT-=1
sleep 1 sleep 1
else else
echo "ERROR: libvirt did not start in time (pid file missing)" echo "ERROR: libvirt did not start in time (pid file missing)"
exit 1
fi
done
# Even though we see the pid file the socket immediately (this is
# needed for virsh)
TIMEOUT=10
while [[ ! -e /var/run/libvirt/libvirt-sock ]]; do
if [[ ${TIMEOUT} -gt 0 ]]; then
let TIMEOUT-=1
sleep 1
else
echo "ERROR: libvirt did not start in time (socket missing)"
exit 1
fi
done
if [ -z "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
echo "ERROR: No libvirt Secret UUID Supplied"
exit 1 exit 1
fi fi
done
# Even though we see the pid file the socket immediately (this is if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
# needed for virsh) CEPH_CINDER_KEYRING=$(sed -n 's/^[[:space:]]*key[[:blank:]]\+=[[:space:]]\(.*\)/\1/p' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
TIMEOUT=10
while [[ ! -e /var/run/libvirt/libvirt-sock ]]; do
if [[ ${TIMEOUT} -gt 0 ]]; then
let TIMEOUT-=1
sleep 1
else
echo "ERROR: libvirt did not start in time (socket missing)"
exit 1
fi fi
done
if [ -z "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then cat > ${LIBVIRT_SECRET_DEF} <<EOF
echo "ERROR: No libvirt Secret UUID Supplied"
exit 1
fi
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
CEPH_CINDER_KEYRING=$(sed -n 's/^[[:space:]]*key[[:blank:]]\+=[[:space:]]\(.*\)/\1/p' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
fi
cat > ${LIBVIRT_SECRET_DEF} <<EOF
<secret ephemeral='no' private='no'> <secret ephemeral='no' private='no'>
<uuid>${LIBVIRT_CEPH_SECRET_UUID}</uuid> <uuid>${LIBVIRT_CEPH_SECRET_UUID}</uuid>
<usage type='ceph'> <usage type='ceph'>
@ -81,8 +82,11 @@ cat > ${LIBVIRT_SECRET_DEF} <<EOF
</secret> </secret>
EOF EOF
virsh secret-define --file ${LIBVIRT_SECRET_DEF} virsh secret-define --file ${LIBVIRT_SECRET_DEF}
virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}" virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
# rejoin libvirtd # rejoin libvirtd
wait wait
else
exec libvirtd --listen
fi

View File

@ -46,6 +46,9 @@ spec:
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
env: env:
{{- if .Values.ceph.enabled }}
- name: LIBVIRT_CEPH_ENABLED
value: "True"
- name: CEPH_CINDER_USER - name: CEPH_CINDER_USER
value: "{{ .Values.ceph.cinder_user }}" value: "{{ .Values.ceph.cinder_user }}"
{{- if .Values.ceph.cinder_keyring }} {{- if .Values.ceph.cinder_keyring }}
@ -54,6 +57,10 @@ spec:
{{ end }} {{ end }}
- name: LIBVIRT_CEPH_SECRET_UUID - name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.ceph.secret_uuid }}" value: "{{ .Values.ceph.secret_uuid }}"
{{- else }}
- name: LIBVIRT_CEPH_ENABLED
value: "False"
{{- end }}
command: command:
- /tmp/ceph-keyring.sh - /tmp/ceph-keyring.sh
volumeMounts: volumeMounts: