Merge pull request #194 from vakwetu/fix_p11_prep_job

Fix permissions for barbican-p11-prep job
openstack-k8s-operators · Dec 18, 2024 · 289ce37 · 289ce37
2 parents 42e8034 + 6d6ee51
commit 289ce37
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 9 deletions.
diff --git a/pkg/barbican/p11_prep.go b/pkg/barbican/p11_prep.go
@@ -11,7 +11,7 @@ import (
 
 const (
 	// P11PrepCommand -
-	P11PrepCommand = "/usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start"
+	P11PrepCommand = "/usr/local/bin/kolla_start"
 	P11PrepConfig  = "p11-prep-config-data"
 )
 
@@ -49,7 +49,6 @@ func P11PrepJob(instance *barbicanv1beta1.Barbican, labels map[string]string, an
 	runAsUser := int64(0)
 	envVars := map[string]env.Setter{}
 	envVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS")
-	envVars["KOLLA_BOOTSTRAP"] = env.SetValue("TRUE")
 
 	job := &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{

diff --git a/pkg/barbican/volumes.go b/pkg/barbican/volumes.go
@@ -107,7 +107,7 @@ func GetLogVolume() corev1.Volume {
 func GetScriptVolumeMount() corev1.VolumeMount {
 	return corev1.VolumeMount{
 		Name:      ScriptVolume,
-		MountPath: "/var/lib/openstack/bin",
+		MountPath: "/usr/local/bin/container-scripts",
 		ReadOnly:  true,
 	}
 }

diff --git a/templates/barbican/config/Chrystoki.conf b/templates/barbican/config/Chrystoki.conf
@@ -29,7 +29,7 @@ LunaSA Client = {
    SSLConfigFile = /usr/local/luna/openssl.cnf;
    ClientPrivKeyFile = {{ .P11CertificatesMountPoint }}/{{ .P11ClientAddress }}Key.pem;
    ClientCertFile = {{ .P11CertificatesMountPoint }}/{{ .P11ClientAddress }}.pem;
-   ServerCAFile = {{ .P11CertificatesMountPoint }}/{{ .P11ServerAddress }}Cert.pem;
+   ServerCAFile = {{ .P11CertificatesMountPoint }}/CACert.pem;
    NetClient = 1;
    TCPKeepAlive = 1;
    EnableTLS1_2 = 1;

diff --git a/templates/barbican/config/barbican-p11-prep-config.json b/templates/barbican/config/barbican-p11-prep-config.json
@@ -1,11 +1,11 @@
 {
-    "command": "generate_p11_keys.sh",
+    "command": "/bin/generate_p11_keys.sh",
     "config_files": [
       {
-        "source": "/var/lib/openstack/bin/generate_p11_keys.sh",
-        "dest": "/bin/",
+        "source": "/usr/local/bin/container-scripts/generate_p11_keys.sh",
+        "dest": "/bin/generate_p11_keys.sh",
         "owner": "barbican",
-        "perm": "0700"
+        "perm": "0755"
       },
       {
         "source": "/var/lib/config-data/default/00-default.conf",
@@ -15,11 +15,18 @@
       },
       {
         "source": "/var/lib/config-data/default/Chrystoki.conf",
-        "dest": "//usr/local/luna/Chrystoki.conf",
+        "dest": "/usr/local/luna/Chrystoki.conf",
         "owner": "barbican",
         "perm": "0600",
         "optional": true,
         "merge": true
       }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/barbican",
+            "owner": "barbican:barbican",
+            "recurse": true
+        }
     ]
 }