Nova: Provide method for removing sections from nova compute conf

This PS provides a method to redact sectionf from the nova compute configuration file. By default this is configured to redact the db connection strings, and sections. Change-Id: Ifb50b932155c166634bb8a88363f6c02fbde8389 Signed-off-by: Pete Birley <pete@port.direct>
2019-06-28 07:50:32 -05:00 · 2019-06-28 07:50:32 -05:00 · fd37d61b12
commit fd37d61b12
parent 5d993140d7
3 changed files with 13 additions and 1 deletions
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@ -212,6 +212,12 @@ limitations under the License.
 {{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
 {{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
 {{- end -}}
+
+{{ $__nova_compute := dict }}
+{{ $_ := set $__nova_compute "config" .Values.conf.nova  }}
+{{ range .Values.conf.nova_compute_redactions }}
+{{   $_ := set $__nova_compute "config" (omit $__nova_compute.config .) }}
+{{ end }}
 ---
 apiVersion: v1
 kind: Secret
@ -229,6 +235,7 @@ data:
  {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
 {{- end }}
  nova.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | b64enc }}
+  nova-compute.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $__nova_compute.config | b64enc }}
  logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
  api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
  nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@ -230,7 +230,7 @@ spec:
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/nova.conf
-              subPath: nova.conf
+              subPath: nova-compute.conf
              readOnly: true
            {{- if .Values.conf.nova.DEFAULT.log_config_append }}
            - name: nova-etc
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -1600,6 +1600,11 @@ conf:
  hypervisor:
    # my_ip can be set automatically through this interface name.
    host_interface:
+  # This list is the keys to exclude from the config file ingested by nova-compute
+  nova_compute_redactions:
+    - database
+    - api_database
+    - cell0_database
  nova:
    DEFAULT:
      log_config_append: /etc/nova/logging.conf