feat: adding support for external-ceph keyrings to be present in libvirt deployments without local ceph needing to be available

chore: updated release notes
feat: update libvirt launch script for external ceph
Change-Id: Ie44f962d1ba538f6f8badfd1a627cb99e190c7b0
This commit is contained in:
Karl Kloppenborg 2023-01-16 01:57:19 +00:00
parent 15358cebc4
commit 4035a5e4f2
4 changed files with 12 additions and 9 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm libvirt
name: libvirt
version: 0.1.14
version: 0.1.15
home: https://libvirt.org
sources:
- https://libvirt.org/git/?p=libvirt.git;a=summary

View File

@ -102,7 +102,7 @@ if [ 0"$hp_count" -gt 0 ]; then
fi
fi
if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] ; then
if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] || [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
#NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
@ -159,10 +159,12 @@ EOF
virsh secret-set-value --secret "${sec_uuid}" --base64 "${sec_ceph_keyring}"
}
if [ -z "${CEPH_CINDER_KEYRING}" ] ; then
if [ -z "${CEPH_CINDER_KEYRING}" ] && [ -n "${CEPH_CINDER_USER}" ] ; then
CEPH_CINDER_KEYRING=$(awk '/key/{print $3}' /etc/ceph/ceph.client.${CEPH_CINDER_USER}.keyring)
fi
if [ -n "${CEPH_CINDER_USER}" ] ; then
create_virsh_libvirt_secret ${CEPH_CINDER_USER} ${LIBVIRT_CEPH_CINDER_SECRET_UUID} ${CEPH_CINDER_KEYRING}
fi
if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
EXTERNAL_CEPH_CINDER_KEYRING=$(cat /tmp/external-ceph-client-keyring)

View File

@ -135,8 +135,8 @@ spec:
{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.libvirt | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{- if .Values.conf.ceph.enabled }}
env:
{{- if .Values.conf.ceph.enabled }}
- name: CEPH_CINDER_USER
value: "{{ .Values.conf.ceph.cinder.user }}"
{{- if .Values.conf.ceph.cinder.keyring }}
@ -145,13 +145,13 @@ spec:
{{ end }}
- name: LIBVIRT_CEPH_CINDER_SECRET_UUID
value: "{{ .Values.conf.ceph.cinder.secret_uuid }}"
{{ end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: EXTERNAL_CEPH_CINDER_USER
value: "{{ .Values.conf.ceph.cinder.external_ceph.user }}"
- name: LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID
value: "{{ .Values.conf.ceph.cinder.external_ceph.secret_uuid }}"
{{ end }}
{{ end }}
{{ dict "envAll" . "component" "libvirt" "container" "libvirt" "type" "readiness" "probeTemplate" (include "libvirtReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" . "component" "libvirt" "container" "libvirt" "type" "liveness" "probeTemplate" (include "libvirtLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
@ -221,13 +221,13 @@ spec:
subPath: key
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: external-ceph-keyring
mountPath: /tmp/external-ceph-client-keyring
subPath: key
readOnly: true
{{- end }}
{{- end }}
{{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.pod.sidecars.libvirt_exporter }}
- name: libvirt-exporter
@ -281,12 +281,12 @@ spec:
secret:
secretName: {{ .Values.ceph_client.user_secret_name }}
{{ end }}
{{ end }}
{{- if .Values.conf.ceph.cinder.external_ceph.enabled }}
- name: external-ceph-keyring
secret:
secretName: {{ .Values.conf.ceph.cinder.external_ceph.user_secret_name }}
{{ end }}
{{ end }}
- name: libmodules
hostPath:
path: /lib/modules

View File

@ -15,4 +15,5 @@ libvirt:
- 0.1.12 Add libvirt exporter as a sidecar
- 0.1.13 Added OCI registry authentication
- 0.1.14 Remove use of exec in libvirt.sh
- 0.1.15 Add support for libvirt to connect to external ceph without any local ceph present
...