openstack/openstack-helm
Code Issues Proposed changes

Merge "[Cinder] Configuration for external ceph backend"

Browse Source
This commit is contained in:
Zuul 2020-09-18 15:54:56 +00:00 committed by Gerrit Code Review
commit b354f4049c
6 changed files with 80 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cinder/templates/bin/_ceph-keyring.sh.tpl
View File

@ -22,14 +22,11 @@ cat <<EOF > /etc/ceph/ceph.client.${RBD_USER}.keyring
key = $(cat /tmp/client-keyring) key = $(cat /tmp/client-keyring)
EOF EOF
if [ -f "/tmp/external-ceph-client-keyring" ]; then {{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.rbd_user }}
RBD_USER=cinder2 cat <<EOF > /etc/ceph/ceph.client.${EXTERNAL_RBD_USER}.keyring
cat <<EOF2 > /etc/ceph/ceph.client.${RBD_USER}.keyring [client.${EXTERNAL_RBD_USER}]
[client.${RBD_USER}]
key = $(cat /tmp/external-ceph-client-keyring) key = $(cat /tmp/external-ceph-client-keyring)
EOF2 EOF
{{- end }}
fi
exit 0 exit 0

3
cinder/templates/configmap-etc.yaml
View File

@ -137,4 +137,7 @@ data:
{{- if .Values.backup.external_ceph_rbd.enabled }} {{- if .Values.backup.external_ceph_rbd.enabled }}
external-backup-ceph.conf: {{ include "helm-toolkit.utils.to_ini" .Values.backup.external_ceph_rbd.conf | b64enc }} external-backup-ceph.conf: {{ include "helm-toolkit.utils.to_ini" .Values.backup.external_ceph_rbd.conf | b64enc }}
{{- end }} {{- end }}
{{- if .Values.ceph_client.enable_external_ceph_backend }}
external-ceph.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.ceph_client.external_ceph.conf | b64enc }}
{{- end }}
{{- end }} {{- end }}

31
cinder/templates/deployment-backup.yaml
View File

@ -15,6 +15,8 @@ limitations under the License.
{{- if .Values.manifests.deployment_backup }} {{- if .Values.manifests.deployment_backup }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $internal_ceph_backend := .Values.ceph_client.internal_ceph_backend }}
{{- $mounts_cinder_backup := .Values.pod.mounts.cinder_backup.cinder_backup }} {{- $mounts_cinder_backup := .Values.pod.mounts.cinder_backup.cinder_backup }}
{{- $mounts_cinder_backup_init := .Values.pod.mounts.cinder_backup.init_container }} {{- $mounts_cinder_backup_init := .Values.pod.mounts.cinder_backup.init_container }}
@ -78,6 +80,7 @@ spec:
{{ end }} {{ end }}
{{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }} {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
{{- $backend := index $envAll.Values.conf.backends $name }} {{- $backend := index $envAll.Values.conf.backends $name }}
{{- if eq $internal_ceph_backend $name }}
- name: ceph-keyring-placement-{{$name}} - name: ceph-keyring-placement-{{$name}}
{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
@ -86,6 +89,10 @@ spec:
env: env:
- name: RBD_USER - name: RBD_USER
value: {{ $backend.rbd_user | quote }} value: {{ $backend.rbd_user | quote }}
{{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
- name: EXTERNAL_RBD_USER
value: {{ $envAll.Values.ceph_client.external_ceph.rbd_user | quote }}
{{- end }}
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -99,6 +106,13 @@ spec:
mountPath: /tmp/client-keyring mountPath: /tmp/client-keyring
subPath: key subPath: key
readOnly: true readOnly: true
{{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
- name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring
subPath: key
readOnly: true
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: ceph-backup-volume-perms - name: ceph-backup-volume-perms
@ -181,6 +195,18 @@ spec:
subPath: key subPath: key
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- if .Values.ceph_client.enable_external_ceph_backend }}
- name: cinder-etc
mountPath: /etc/ceph/external-ceph.conf
subPath: external-ceph.conf
readOnly: true
{{- if .Values.ceph_client.external_ceph.rbd_user }}
- name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring
subPath: key
readOnly: true
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: cinder-backup - name: cinder-backup
@ -241,6 +267,11 @@ spec:
- name: ceph-keyring - name: ceph-keyring
secret: secret:
secretName: {{ .Values.secrets.rbd.volume | quote }} secretName: {{ .Values.secrets.rbd.volume | quote }}
{{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.rbd_user }}
- name: external-ceph-keyring
secret:
secretName: {{ .Values.secrets.rbd.volume_external | quote }}
{{ end }}
{{ end }} {{ end }}
{{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }} {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
- name: cinder-backup - name: cinder-backup

20
cinder/templates/deployment-volume.yaml
View File

@ -69,6 +69,10 @@ spec:
env: env:
- name: RBD_USER - name: RBD_USER
value: {{ $backend.rbd_user | quote }} value: {{ $backend.rbd_user | quote }}
{{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
- name: EXTERNAL_RBD_USER
value: {{ $envAll.Values.ceph_client.external_ceph.rbd_user | quote }}
{{- end }}
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -82,7 +86,7 @@ spec:
mountPath: /tmp/client-keyring mountPath: /tmp/client-keyring
subPath: key subPath: key
readOnly: true readOnly: true
{{- if $envAll.Values.ceph_client.enable_external_ceph_backend }} {{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
- name: external-ceph-keyring - name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring mountPath: /tmp/external-ceph-client-keyring
subPath: key subPath: key
@ -176,16 +180,18 @@ spec:
subPath: key subPath: key
readOnly: true readOnly: true
{{- if .Values.ceph_client.enable_external_ceph_backend }} {{- if .Values.ceph_client.enable_external_ceph_backend }}
- name: external-ceph-etc - name: cinder-etc
mountPath: /etc/ceph/external-ceph.conf mountPath: /etc/ceph/external-ceph.conf
subPath: ceph.conf subPath: external-ceph.conf
readOnly: true readOnly: true
{{- if .Values.ceph_client.external_ceph.rbd_user }}
- name: external-ceph-keyring - name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring mountPath: /tmp/external-ceph-client-keyring
subPath: key subPath: key
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
- name: cinder-coordination - name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
@ -259,14 +265,10 @@ spec:
- name: ceph-keyring - name: ceph-keyring
secret: secret:
secretName: {{ .Values.secrets.rbd.volume | quote }} secretName: {{ .Values.secrets.rbd.volume | quote }}
{{- if .Values.ceph_client.enable_external_ceph_backend }} {{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.rbd_user }}
- name: external-ceph-etc
configMap:
name: {{ .Values.ceph_client.external_ceph.configmap }}
defaultMode: 0444
- name: external-ceph-keyring - name: external-ceph-keyring
secret: secret:
secretName: {{ .Values.ceph_client.external_ceph.cinder_user_secret_name | quote }} secretName: {{ .Values.secrets.rbd.volume_external | quote }}
{{ end }} {{ end }}
{{ end }} {{ end }}
{{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}

20
cinder/templates/secret-external-ceph-keyring.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
This manifest results a secret being created which has the keyring information
needed for cinder rbd user of external managed ceph backend
*/}}
{{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.rbd_user }}
{{- $envAll := . }}
{{- $userClass := "volume_external" }}
{{- $secretName := index $envAll.Values.secrets.rbd $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
key: {{ $envAll.Values.ceph_client.external_ceph.rbd_user_keyring | b64enc }}
...
{{- end }}

14
cinder/values.yaml
View File

@ -385,9 +385,14 @@ ceph_client:
configmap: ceph-etc configmap: ceph-etc
user_secret_name: pvc-ceph-client-key user_secret_name: pvc-ceph-client-key
external_ceph: external_ceph:
configmap: ceph-etc # Only when enable_external_ceph_backend is true and rbd_user is NOT null
cinder_user_secret_name: cinder-volume-rbd-keyring # secret for external ceph keyring will be created.
rbd_user: null
rbd_user_keyring: null
conf:
global:
mon_host: null
osd: null
conf: conf:
paste: paste:
composite:osapi_volume: composite:osapi_volume:
@ -1076,7 +1081,7 @@ backup:
conf: conf:
global: global:
mon_host: null mon_host: null
osd: osd: null
posix: posix:
volume: volume:
class_name: general class_name: general
@ -1229,6 +1234,7 @@ secrets:
rbd: rbd:
backup: cinder-backup-rbd-keyring backup: cinder-backup-rbd-keyring
volume: cinder-volume-rbd-keyring volume: cinder-volume-rbd-keyring
volume_external: cinder-volume-external-rbd-keyring
oslo_messaging: oslo_messaging:
admin: cinder-rabbitmq-admin admin: cinder-rabbitmq-admin
cinder: cinder-rabbitmq-user cinder: cinder-rabbitmq-user