[libvirt] Move 'ceph secret' to daemon start up

At present (Kubernetes 1.7.x) there is no logging for postStart operations, when things this causes the pod to restart. This change means we once again get logging. Change-Id: Id046968eef404c05a4215d73406a4eb604eb3ee5
2017-09-15 18:55:09 +00:00 · 2017-09-15 18:55:09 +00:00 · e12d762136
commit e12d762136
parent 4379e5aadc
4 changed files with 56 additions and 92 deletions
--- a/libvirt/templates/bin/_ceph-secret-define.sh.tpl
+++ b/libvirt/templates/bin/_ceph-secret-define.sh.tpl
@ -1,71 +0,0 @@
-#!/bin/bash
-
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -x
-LIBVIRT_SECRET_DEF=$(mktemp --suffix .xml)
-function cleanup {
-    rm -f ${LIBVIRT_SECRET_DEF}
-}
-trap cleanup EXIT
-
-set -ex
-# Wait for the libvirtd is up
-TIMEOUT=60
-while [[ ! -f /var/run/libvirtd.pid ]]; do
-  if [[ ${TIMEOUT} -gt 0 ]]; then
-    let TIMEOUT-=1
-    sleep 1
-  else
-    echo "ERROR: Libvirt did not start in time (pid file missing)"
-    exit 1
-  fi
-done
-
-# Even though we see the pid file the socket immediately (this is
-# needed for virsh)
-TIMEOUT=10
-while [[ ! -e /var/run/libvirt/libvirt-sock ]]; do
-  if [[ ${TIMEOUT} -gt 0 ]]; then
-    let TIMEOUT-=1
-    sleep 1
-  else
-    echo "ERROR: Libvirt did not start in time (socket missing)"
-    exit 1
-  fi
-done
-
-if [ -z "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
-  echo "ERROR: No Libvirt Secret UUID Supplied"
-  exit 1
-fi
-
-if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
-  CEPH_CINDER_KEYRING=$(sed -n 's/^[[:space:]]*key[[:blank:]]\+=[[:space:]]\(.*\)/\1/p' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
-fi
-
-cat > ${LIBVIRT_SECRET_DEF} <<EOF
-<secret ephemeral='no' private='no'>
-  <uuid>${LIBVIRT_CEPH_SECRET_UUID}</uuid>
-  <usage type='ceph'>
-    <name>client.${CEPH_CINDER_USER}. secret</name>
-  </usage>
-</secret>
-EOF
-
-virsh secret-define --file ${LIBVIRT_SECRET_DEF}
-virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
--- a/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/libvirt/templates/bin/_libvirt.sh.tpl
@ -30,4 +30,59 @@ if [[ -c /dev/kvm ]]; then
    chown root:kvm /dev/kvm
 fi

-exec libvirtd --listen
+libvirtd --listen &
+
+LIBVIRT_SECRET_DEF=$(mktemp --suffix .xml)
+function cleanup {
+    rm -f ${LIBVIRT_SECRET_DEF}
+}
+trap cleanup EXIT
+
+# Wait for the libvirtd is up
+TIMEOUT=60
+while [[ ! -f /var/run/libvirtd.pid ]]; do
+  if [[ ${TIMEOUT} -gt 0 ]]; then
+    let TIMEOUT-=1
+    sleep 1
+  else
+    echo "ERROR: libvirt did not start in time (pid file missing)"
+    exit 1
+  fi
+done
+
+# Even though we see the pid file the socket immediately (this is
+# needed for virsh)
+TIMEOUT=10
+while [[ ! -e /var/run/libvirt/libvirt-sock ]]; do
+  if [[ ${TIMEOUT} -gt 0 ]]; then
+    let TIMEOUT-=1
+    sleep 1
+  else
+    echo "ERROR: libvirt did not start in time (socket missing)"
+    exit 1
+  fi
+done
+
+if [ -z "${LIBVIRT_CEPH_SECRET_UUID}" ] ; then
+  echo "ERROR: No libvirt Secret UUID Supplied"
+  exit 1
+fi
+
+if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
+  CEPH_CINDER_KEYRING=$(sed -n 's/^[[:space:]]*key[[:blank:]]\+=[[:space:]]\(.*\)/\1/p' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
+fi
+
+cat > ${LIBVIRT_SECRET_DEF} <<EOF
+<secret ephemeral='no' private='no'>
+  <uuid>${LIBVIRT_CEPH_SECRET_UUID}</uuid>
+  <usage type='ceph'>
+    <name>client.${CEPH_CINDER_USER}. secret</name>
+  </usage>
+</secret>
+EOF
+
+virsh secret-define --file ${LIBVIRT_SECRET_DEF}
+virsh secret-set-value --secret "${LIBVIRT_CEPH_SECRET_UUID}" --base64 "${CEPH_CINDER_KEYRING}"
+
+# rejoin libvirtd
+wait
--- a/libvirt/templates/configmap-bin.yaml
+++ b/libvirt/templates/configmap-bin.yaml
@ -25,8 +25,6 @@ data:
  libvirt.sh: |
 {{ tuple "bin/_libvirt.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- if .Values.ceph.enabled }}
-  ceph-secret-define.sh: |
-{{ tuple "bin/_ceph-secret-define.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  ceph-keyring.sh: |+
 {{ tuple "bin/_ceph-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
--- a/libvirt/templates/daemonset-libvirt.yaml
+++ b/libvirt/templates/daemonset-libvirt.yaml
@ -87,22 +87,8 @@ spec:
            - name: LIBVIRT_CEPH_SECRET_UUID
              value: "{{ .Values.ceph.secret_uuid }}"
          {{ end }}
-          {{- if .Values.ceph.enabled }}
-          lifecycle:
-            postStart:
-              exec:
-                command:
-                  - /tmp/ceph-secret-define.sh
-          {{- end }}
          command:
            - /tmp/libvirt.sh
-          {{- if .Values.ceph.enabled }}
-          lifecycle:
-            postStart:
-              exec:
-                command:
-                  - /tmp/ceph-secret-define.sh
-          {{- end }}
          volumeMounts:
            - name: libvirt-bin
              mountPath: /tmp/libvirt.sh
@ -143,10 +129,6 @@ spec:
              mountPath: /tmp/client-keyring
              subPath: key
              readOnly: true
-            - name: libvirt-bin
-              mountPath: /tmp/ceph-secret-define.sh
-              subPath: ceph-secret-define.sh
-              readOnly: true
            {{- end }}
 {{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
      volumes: