From 96e91040668a1273369eda3ad73cfd25af763fea Mon Sep 17 00:00:00 2001 From: Vasyl Saienko Date: Mon, 16 Sep 2024 14:48:58 +0000 Subject: [PATCH] [libvirt] Allow to generate dynamic config options It may be required to use some dynamic options such as IP address from interface where to bind service. This patch adds ability to use dynamic logic in option detection and fill it in the configuration file later. Co-Authored-By: dbiletskiy Change-Id: I8cc7da4935c11c50165a75b466d41f7d0da3e77c --- libvirt/Chart.yaml | 2 +- libvirt/templates/configmap-bin.yaml | 1 + libvirt/templates/configmap-etc.yaml | 1 - libvirt/templates/daemonset-libvirt.yaml | 19 +++++++++++- libvirt/values.yaml | 38 +++++++++++++++++++++++- releasenotes/notes/libvirt.yaml | 1 + 6 files changed, 58 insertions(+), 4 deletions(-) diff --git a/libvirt/Chart.yaml b/libvirt/Chart.yaml index 68b3f8605..94fdf01bc 100644 --- a/libvirt/Chart.yaml +++ b/libvirt/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm libvirt name: libvirt -version: 0.1.35 +version: 0.1.36 home: https://libvirt.org sources: - https://libvirt.org/git/?p=libvirt.git;a=summary diff --git a/libvirt/templates/configmap-bin.yaml b/libvirt/templates/configmap-bin.yaml index b6120196a..ef3b650ee 100644 --- a/libvirt/templates/configmap-bin.yaml +++ b/libvirt/templates/configmap-bin.yaml @@ -37,4 +37,5 @@ data: {{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} {{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.init_modules.script "key" "libvirt-init-modules.sh") | indent 2 }} +{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.dynamic_options.script "key" "init-dynamic-options.sh") | indent 2 }} {{- end }} diff --git a/libvirt/templates/configmap-etc.yaml b/libvirt/templates/configmap-etc.yaml index 1fc344f7b..68ce576b3 100644 --- a/libvirt/templates/configmap-etc.yaml +++ b/libvirt/templates/configmap-etc.yaml @@ -24,7 +24,6 @@ metadata: name: {{ $configMapName }} type: Opaque data: - libvirtd.conf: {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.libvirt | b64enc }} qemu.conf: {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.qemu | b64enc }} {{- end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index 27773d2a2..e51e8840d 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -100,6 +100,21 @@ spec: subPath: libvirt-init-modules.sh readOnly: true {{- end }} + - name: init-dynamic-options +{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ dict "envAll" $envAll "application" "libvirt" "container" "init_dynamic_options" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + terminationMessagePath: /var/log/termination-log + command: + - /tmp/init-dynamic-options.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: pod-shared + mountPath: /tmp/pod-shared + - name: libvirt-bin + mountPath: /tmp/init-dynamic-options.sh + subPath: init-dynamic-options.sh + readOnly: true {{- if eq .Values.conf.qemu.vnc_tls "1" }} - name: cert-init-vnc {{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -233,7 +248,7 @@ spec: mountPath: /tmp/libvirt.sh subPath: libvirt.sh readOnly: true - - name: libvirt-etc + - name: pod-shared mountPath: /etc/libvirt/libvirtd.conf subPath: libvirtd.conf readOnly: true @@ -381,6 +396,8 @@ spec: hostPath: path: / type: Directory + - name: pod-shared + emptyDir: {} {{ dict "envAll" $envAll "component" "libvirt" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{ if $mounts_libvirt.volumes }}{{ toYaml $mounts_libvirt.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/libvirt/values.yaml b/libvirt/values.yaml index b860e51cc..961133f84 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -112,9 +112,37 @@ conf: cert_file: "/etc/pki/libvirt/servercert.pem" key_file: "/etc/pki/libvirt/private/serverkey.pem" auth_unix_rw: "none" - listen_addr: 127.0.0.1 + listen_addr: "${LISTEN_IP_ADDRESS}" log_level: "3" log_outputs: "1:file:/var/log/libvirt/libvirtd.log" + # Modifies the config in which value is specified as the name of a variable + # that is computed in the script. + dynamic_options: + libvirt: + listen_interface: null + listen_address: 127.0.0.1 + script: | + #!/bin/bash + set -ex + + LIBVIRT_CONF_PATH=/tmp/pod-shared/libvirtd.conf + + {{- if .Values.conf.dynamic_options.libvirt.listen_interface }} + + LISTEN_INTERFACE="{{ .Values.conf.dynamic_options.libvirt.listen_interface }}" + LISTEN_IP_ADDRESS=$(ip address show $LISTEN_INTERFACE | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') + {{- else if .Values.conf.dynamic_options.libvirt.listen_address }} + LISTEN_IP_ADDRESS={{ .Values.conf.dynamic_options.libvirt.listen_address }} + {{- end }} + + if [[ -z $LISTEN_IP_ADDRESS ]]; then + echo "LISTEN_IP_ADDRESS is not set." + exit 1 + fi + + tee > ${LIBVIRT_CONF_PATH} << EOF + {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.libvirt }} + EOF qemu: vnc_tls: "0" vnc_tls_x509_verify: "0" @@ -254,6 +282,14 @@ pod: capabilities: drop: - ALL + init_dynamic_options: + runAsUser: 65534 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL sidecars: libvirt_exporter: false diff --git a/releasenotes/notes/libvirt.yaml b/releasenotes/notes/libvirt.yaml index 7505d94ea..9f333913d 100644 --- a/releasenotes/notes/libvirt.yaml +++ b/releasenotes/notes/libvirt.yaml @@ -36,4 +36,5 @@ libvirt: - 0.1.33 Handle cgroupv2 correctly - 0.1.34 Remove hugepages creation test - 0.1.35 Allow to initialize virtualization modules + - 0.1.36 Allow to generate dynamic config options ...