openstack/openstack-helm
Code Issues Proposed changes

Nova: Provide method for removing sections from nova compute conf

Browse Source 
This PS provides a method to redact sectionf from the nova compute
configuration file. By default this is configured to redact the
db connection strings, and sections.

Change-Id: Ifb50b932155c166634bb8a88363f6c02fbde8389
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2019-06-28 07:50:32 -05:00
parent 5d993140d7
commit fd37d61b12
3 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nova/templates/configmap-etc.yaml
View File

@ -212,6 +212,12 @@ limitations under the License.
{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}} {{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}} {{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
{{- end -}} {{- end -}}
{{ $__nova_compute := dict }}
{{ $_ := set $__nova_compute "config" .Values.conf.nova }}
{{ range .Values.conf.nova_compute_redactions }}
{{ $_ := set $__nova_compute "config" (omit $__nova_compute.config .) }}
{{ end }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -229,6 +235,7 @@ data:
{{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }} {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
{{- end }} {{- end }}
nova.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | b64enc }} nova.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova | b64enc }}
nova-compute.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $__nova_compute.config | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }} logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }} api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }} nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}

2
nova/templates/daemonset-compute.yaml
View File

@ -230,7 +230,7 @@ spec:
readOnly: true readOnly: true
- name: nova-etc - name: nova-etc
mountPath: /etc/nova/nova.conf mountPath: /etc/nova/nova.conf
subPath: nova.conf subPath: nova-compute.conf
readOnly: true readOnly: true
{{- if .Values.conf.nova.DEFAULT.log_config_append }} {{- if .Values.conf.nova.DEFAULT.log_config_append }}
- name: nova-etc - name: nova-etc

5
nova/values.yaml
View File

@ -1600,6 +1600,11 @@ conf:
hypervisor: hypervisor:
# my_ip can be set automatically through this interface name. # my_ip can be set automatically through this interface name.
host_interface: host_interface:
# This list is the keys to exclude from the config file ingested by nova-compute
nova_compute_redactions:
- database
- api_database
- cell0_database
nova: nova:
DEFAULT: DEFAULT:
log_config_append: /etc/nova/logging.conf log_config_append: /etc/nova/logging.conf