From 7529745b87f07d4c5616e4a80f7aeace10dadbb5 Mon Sep 17 00:00:00 2001 From: Francesco Pantano Date: Fri, 18 Aug 2023 12:15:30 +0200 Subject: [PATCH] Rework glance config process This patch represents an implementation of the proposal [1] and aligns the glance-operator with the work already done in Cinder and the other storage operators. There are a few relevant changes in the bootstrap process of Glance, in particular: - It stops using an init container to generate the snippet files that configure each glanceAPI service. The logic that was previously implemented in the Init Container has been moved to the Controllers, where config files are generated and stored in k8s Secrets. Init Containers are fully removed from the bootstrap process; - It uses Kolla to copy the generated content to the target directory /etc/glance/glance.conf.d, which is used by each API service to run; - The relevant content, including scripts, previously stored in a ConfigMap, are now stored in a corresponding k8s Secret, which is mounted to the GlanceAPI deployment Pods (hence no additional calls to GetVolume/GetVolumeMounts are required); - A total of 4 config snippet files are generated: - 00-config.conf contains global settings that are common to every GlanceAPI Pod, including ones that are derived from deployment secrets (e.g. database password, etc.) - 01-config.conf contains the global customServiceConfig settings that apply to every GlanceAPI service. - 02-config.conf contains the customServiceConfig settings that are specific to each service. - 03-config.conf contains secrets specified by each service's customServiceConfigSecrets. - glance-image-import.conf has been removed, and the default config has been added to 00-config.conf, which is the common file generated by the umbrella Glance controller; - logging.conf has been removed as it's no longer required in the switch to a side container approach for logging purposes; - functional tests are aligned to the use of k8s Secrets instead of the old pattern based on ConfigMaps; - kuttl tests are updated and the 'initContainer' has been removed. - dbsync now mounts only the required files (a minimal 00-config.conf) and a db-sync-config.json containing the command run through kolla. [1] https://github.com/openstack-k8s-operators/docs/pull/31 Signed-off-by: Francesco Pantano --- config/rbac/role.yaml | 12 -- controllers/glance_common.go | 61 +++++++++ controllers/glance_controller.go | 89 +++++-------- controllers/glanceapi_controller.go | 100 +++++++-------- pkg/glance/const.go | 9 ++ pkg/glance/dbsync.go | 72 +++++++---- pkg/glance/initcontainer.go | 119 ------------------ pkg/glance/volumes.go | 74 ++--------- pkg/glanceapi/deployment.go | 52 ++++---- pkg/glanceapi/volumes.go | 52 -------- templates/glance/bin/init.sh | 87 ------------- .../{glance-api.conf => 00-config.conf} | 22 +++- templates/glance/config/db-sync-config.json | 3 + .../glance/config/glance-api-config.json | 27 ++-- .../glance/config/glance-image-import.conf | 4 - templates/glance/config/logging.conf | 34 ----- tests/functional/glance_controller_test.go | 19 +-- tests/functional/glanceapi_controller_test.go | 25 ++-- tests/kuttl/tests/glance_scale/01-assert.yaml | 16 --- 19 files changed, 278 insertions(+), 599 deletions(-) create mode 100644 controllers/glance_common.go delete mode 100644 pkg/glance/initcontainer.go delete mode 100644 pkg/glanceapi/volumes.go delete mode 100755 templates/glance/bin/init.sh rename templates/glance/config/{glance-api.conf => 00-config.conf} (81%) create mode 100644 templates/glance/config/db-sync-config.json delete mode 100644 templates/glance/config/glance-image-import.conf delete mode 100644 templates/glance/config/logging.conf diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a3051c30..06d0c21c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -51,18 +51,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: diff --git a/controllers/glance_common.go b/controllers/glance_common.go new file mode 100644 index 00000000..212ce75b --- /dev/null +++ b/controllers/glance_common.go @@ -0,0 +1,61 @@ +/* +Copyright 2022. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controllers + +import ( + "context" + "fmt" + "github.com/openstack-k8s-operators/lib-common/modules/common/env" + "github.com/openstack-k8s-operators/lib-common/modules/common/helper" + "github.com/openstack-k8s-operators/lib-common/modules/common/secret" + "github.com/openstack-k8s-operators/lib-common/modules/common/util" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +func GenerateConfigsGeneric( + ctx context.Context, h *helper.Helper, + instance client.Object, + envVars *map[string]env.Setter, + templateParameters map[string]interface{}, + customData map[string]string, + cmLabels map[string]string, + scripts bool, +) error { + + cms := []util.Template{ + // Templates where the GlanceAPI config is stored + { + Name: fmt.Sprintf("%s-config-data", instance.GetName()), + Namespace: instance.GetNamespace(), + Type: util.TemplateTypeConfig, + InstanceType: instance.GetObjectKind().GroupVersionKind().Kind, + ConfigOptions: templateParameters, + CustomData: customData, + Labels: cmLabels, + }, + } + if scripts { + cms = append(cms, util.Template{ + Name: fmt.Sprintf("%s-scripts", instance.GetName()), + Namespace: instance.GetNamespace(), + Type: util.TemplateTypeScripts, + InstanceType: instance.GetObjectKind().GroupVersionKind().Kind, + Labels: cmLabels, + }) + } + return secret.EnsureSecrets(ctx, h, instance, cms, envVars) +} diff --git a/controllers/glance_controller.go b/controllers/glance_controller.go index 5dc599ea..dae7fb7a 100644 --- a/controllers/glance_controller.go +++ b/controllers/glance_controller.go @@ -21,6 +21,7 @@ import ( "fmt" "time" + "github.com/openstack-k8s-operators/lib-common/modules/common/secret" rbacv1 "k8s.io/api/rbac/v1" k8s_errors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" @@ -37,7 +38,6 @@ import ( keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1" "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" - "github.com/openstack-k8s-operators/lib-common/modules/common/configmap" "github.com/openstack-k8s-operators/lib-common/modules/common/endpoint" "github.com/openstack-k8s-operators/lib-common/modules/common/env" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" @@ -191,7 +191,6 @@ func (r *GlanceReconciler) SetupWithManager(mgr ctrl.Manager) error { Owns(&keystonev1.KeystoneService{}). Owns(&corev1.PersistentVolumeClaim{}). Owns(&batchv1.Job{}). - Owns(&corev1.ConfigMap{}). Owns(&corev1.Secret{}). Owns(&corev1.ServiceAccount{}). Owns(&rbacv1.Role{}). @@ -491,8 +490,12 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance return rbacResult, nil } - // ConfigMap - configMapVars := make(map[string]env.Setter) + configVars := make(map[string]env.Setter) + + // ServiceLabels + serviceLabels := map[string]string{ + common.AppSelector: glance.ServiceName, + } // // check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map @@ -515,21 +518,16 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance err.Error())) return ctrl.Result{}, err } - configMapVars[ospSecret.Name] = env.SetValue(hash) + configVars[ospSecret.Name] = env.SetValue(hash) instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) // run check OpenStack secret - end // - // Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes + // Create Secrets required as input for the Service and calculate an overall hash of hashes // // - // create Configmap required for glance input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal glance config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the OpenStack secret via the init container - // - err = r.generateServiceConfigMaps(ctx, helper, instance, &configMapVars) + err = r.generateServiceConfig(ctx, helper, instance, &configVars) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -540,16 +538,12 @@ func (r *GlanceReconciler) reconcileNormal(ctx context.Context, instance *glance return ctrl.Result{}, err } instance.Status.Conditions.MarkTrue(condition.ServiceConfigReadyCondition, condition.ServiceConfigReadyMessage) - // Create ConfigMaps and Secrets - end + // Create Secrets - end // // TODO check when/if Init, Update, or Upgrade should/could be skipped // - serviceLabels := map[string]string{ - common.AppSelector: glance.ServiceName, - } - // networks to attach to for _, netAtt := range instance.Spec.GlanceAPIInternal.NetworkAttachments { _, err := nad.GetNADWithName(ctx, helper, netAtt, instance.Namespace) @@ -739,61 +733,38 @@ func (r *GlanceReconciler) apiDeploymentCreateOrUpdate(ctx context.Context, inst return deployment, op, err } -// generateServiceConfigMaps - create create configmaps which hold scripts and service configuration (*used for DBSync only*) -// TODO add DefaultConfigOverwrite -func (r *GlanceReconciler) generateServiceConfigMaps( +// generateServiceConfig - create secrets which hold scripts and service configuration (*used for DBSync only*) +func (r *GlanceReconciler) generateServiceConfig( ctx context.Context, h *helper.Helper, instance *glancev1.Glance, envVars *map[string]env.Setter, ) error { - // TODO: Since these CMs are only used for the DBSync, is there further pruning that - // could be done here? + labels := labels.GetLabels(instance, labels.GetGroupLabel(glance.ServiceName), map[string]string{}) - // - // create Configmap/Secret required for glance input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal glance config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the ospSecret via the init container - // + ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace) + if err != nil { + return err + } - cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(glance.ServiceName), map[string]string{}) + // We only need a minimal 00-config.conf that is only used by db-sync job, + // hence only passing the database related parameters + templateParameters := map[string]interface{}{ + "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s", + instance.Spec.DatabaseUser, + string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), + instance.Status.DatabaseHostname, + glance.DatabaseName, + ), + } + customData := map[string]string{glance.CustomConfigFileName: instance.Spec.CustomServiceConfig} - // customData hold any customization for the service. - // custom.conf is going to /etc//.conf.d - // all other files get placed into /etc/ to allow overwrite of e.g. logging.conf or policy.json - // TODO: make sure custom.conf can not be overwritten - customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} for key, data := range instance.Spec.DefaultConfigOverwrite { customData[key] = data } - cms := []util.Template{ - // ScriptsConfigMap - { - Name: fmt.Sprintf("%s-scripts", instance.Name), - Namespace: instance.Namespace, - Type: util.TemplateTypeScripts, - InstanceType: instance.Kind, - Labels: cmLabels, - }, - // ConfigMap - { - Name: fmt.Sprintf("%s-config-data", instance.Name), - Namespace: instance.Namespace, - Type: util.TemplateTypeConfig, - InstanceType: instance.Kind, - CustomData: customData, - Labels: cmLabels, - }, - } - err := configmap.EnsureConfigMaps(ctx, h, instance, cms, envVars) - - if err != nil { - return nil - } + return GenerateConfigsGeneric(ctx, h, instance, envVars, templateParameters, customData, labels, false) - return nil } // ensureRegisteredLimits - create registered limits in keystone that will be diff --git a/controllers/glanceapi_controller.go b/controllers/glanceapi_controller.go index a6c27c0b..af8376bc 100644 --- a/controllers/glanceapi_controller.go +++ b/controllers/glanceapi_controller.go @@ -44,13 +44,13 @@ import ( keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1" "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" - "github.com/openstack-k8s-operators/lib-common/modules/common/configmap" "github.com/openstack-k8s-operators/lib-common/modules/common/deployment" "github.com/openstack-k8s-operators/lib-common/modules/common/endpoint" "github.com/openstack-k8s-operators/lib-common/modules/common/env" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/labels" nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment" + "github.com/openstack-k8s-operators/lib-common/modules/common/secret" oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret" "github.com/openstack-k8s-operators/lib-common/modules/common/util" @@ -71,7 +71,6 @@ type GlanceAPIReconciler struct { //+kubebuilder:rbac:groups=glance.openstack.org,resources=glanceapis/status,verbs=get;update;patch //+kubebuilder:rbac:groups=glance.openstack.org,resources=glanceapis/finalizers,verbs=update // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete; -// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete; // +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list; @@ -245,7 +244,6 @@ func (r *GlanceAPIReconciler) SetupWithManager(mgr ctrl.Manager) error { Owns(&keystonev1.KeystoneEndpoint{}). Owns(&corev1.Service{}). Owns(&corev1.Secret{}). - Owns(&corev1.ConfigMap{}). Owns(&appsv1.Deployment{}). Owns(&routev1.Route{}). Watches(&source.Kind{Type: &corev1.Secret{}}, @@ -409,8 +407,7 @@ func (r *GlanceAPIReconciler) reconcileUpgrade(ctx context.Context, instance *gl func (r *GlanceAPIReconciler) reconcileNormal(ctx context.Context, instance *glancev1.GlanceAPI, helper *helper.Helper, req ctrl.Request) (ctrl.Result, error) { r.Log.Info(fmt.Sprintf("Reconciling Service '%s'", instance.Name)) - // ConfigMap - configMapVars := make(map[string]env.Setter) + configVars := make(map[string]env.Setter) privileged := false // @@ -434,21 +431,15 @@ func (r *GlanceAPIReconciler) reconcileNormal(ctx context.Context, instance *gla err.Error())) return ctrl.Result{}, err } - configMapVars[ospSecret.Name] = env.SetValue(hash) + configVars[ospSecret.Name] = env.SetValue(hash) instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) // run check OpenStack secret - end // - // Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes + // Create Secrets required as input for the Service and calculate an overall hash of hashes // - // - // create Configmap required for glance input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal glance config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the OpenStack secret via the init container - // - err = r.generateServiceConfigMaps(ctx, helper, instance, &configMapVars) + err = r.generateServiceConfig(ctx, helper, instance, &configVars) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -463,7 +454,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(ctx context.Context, instance *gla // create hash over all the different input resources to identify if any those changed // and a restart/recreate is required. // - inputHash, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configMapVars) + inputHash, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configVars) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -478,7 +469,7 @@ func (r *GlanceAPIReconciler) reconcileNormal(ctx context.Context, instance *gla return ctrl.Result{}, nil } instance.Status.Conditions.MarkTrue(condition.ServiceConfigReadyCondition, condition.ServiceConfigReadyMessage) - // Create ConfigMaps and Secrets - end + // Create Secrets - end // // TODO check when/if Init, Update, or Upgrade should/could be skipped @@ -623,32 +614,35 @@ func (r *GlanceAPIReconciler) reconcileNormal(ctx context.Context, instance *gla return ctrl.Result{}, nil } -// generateServiceConfigMaps - create create configmaps which hold scripts and service configuration -// TODO add DefaultConfigOverwrite -func (r *GlanceAPIReconciler) generateServiceConfigMaps( +// generateServiceConfig - create create secrets which hold scripts and service configuration +func (r *GlanceAPIReconciler) generateServiceConfig( ctx context.Context, h *helper.Helper, instance *glancev1.GlanceAPI, envVars *map[string]env.Setter, ) error { - // - // create Configmap/Secret required for glance input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal glance config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the ospSecret via the init container - // - cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(glance.ServiceName), map[string]string{}) + labels := labels.GetLabels(instance, labels.GetGroupLabel(glance.ServiceName), map[string]string{}) - // customData hold any customization for the service. - // custom.conf is going to /etc//.conf.d - // all other files get placed into /etc/ to allow overwrite of e.g. logging.conf or policy.json - // TODO: make sure custom.conf can not be overwritten - customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} + // 02-config.conf + customData := map[string]string{glance.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} for key, data := range instance.Spec.DefaultConfigOverwrite { customData[key] = data } + // 03-config.conf + customSecrets := "" + for _, secretName := range instance.Spec.CustomServiceConfigSecrets { + secret, _, err := secret.GetSecret(ctx, h, secretName, instance.Namespace) + if err != nil { + return err + } + for _, data := range secret.Data { + customSecrets += string(data) + "\n" + } + } + customData[glance.CustomServiceConfigSecretsFileName] = customSecrets + keystoneAPI, err := keystonev1.GetKeystoneAPI(ctx, h, instance.Namespace, map[string]string{}) // KeystoneAPI not available we should not aggregate the error and continue if err != nil { @@ -662,9 +656,23 @@ func (r *GlanceAPIReconciler) generateServiceConfigMaps( if err != nil { return err } - templateParameters := make(map[string]interface{}) - templateParameters["ServiceUser"] = instance.Spec.ServiceUser - templateParameters["KeystoneAuthURL"] = keystonePublicURL + + ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace) + if err != nil { + return err + } + + templateParameters := map[string]interface{}{ + "ServiceUser": instance.Spec.ServiceUser, + "ServicePassword": string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]), + "KeystoneAuthURL": keystonePublicURL, + "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s", + instance.Spec.DatabaseUser, + string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]), + instance.Spec.DatabaseHostname, + glance.DatabaseName, + ), + } // If Quota values are defined in the top level spec (they are global values), // each GlanceAPI instance should build the config file according to @@ -682,27 +690,9 @@ func (r *GlanceAPIReconciler) generateServiceConfigMaps( templateParameters["ShowMultipleLocations"] = false } - cms := []util.Template{ - // ScriptsConfigMap - { - Name: fmt.Sprintf("%s-scripts", instance.Name), - Namespace: instance.Namespace, - Type: util.TemplateTypeScripts, - InstanceType: instance.Kind, - Labels: cmLabels, - }, - // ConfigMap - { - Name: fmt.Sprintf("%s-config-data", instance.Name), - Namespace: instance.Namespace, - Type: util.TemplateTypeConfig, - InstanceType: instance.Kind, - CustomData: customData, - ConfigOptions: templateParameters, - Labels: cmLabels, - }, - } - return configmap.EnsureConfigMaps(ctx, h, instance, cms, envVars) + // 00-default.conf will be regenerated as we have a ln -s of the + // templates/glance/config directory + return GenerateConfigsGeneric(ctx, h, instance, envVars, templateParameters, customData, labels, false) } // createHashOfInputHashes - creates a hash of hashes which gets added to the resources which requires a restart diff --git a/pkg/glance/const.go b/pkg/glance/const.go index 1bf7ff3b..0cba2c61 100644 --- a/pkg/glance/const.go +++ b/pkg/glance/const.go @@ -32,6 +32,15 @@ const ( // GlanceInternalPort - GlanceInternalPort int32 = 9292 + // DefaultsConfigFileName - + DefaultsConfigFileName = "00-config.conf" + // CustomConfigFileName - + CustomConfigFileName = "01-config.conf" + // CustomServiceConfigFileName - + CustomServiceConfigFileName = "02-config.conf" + // CustomServiceConfigSecretsFileName - + CustomServiceConfigSecretsFileName = "03-config.conf" + // GlanceExtraVolTypeUndefined can be used to label an extraMount which // is not associated with a specific backend GlanceExtraVolTypeUndefined storage.ExtraVolType = "Undefined" diff --git a/pkg/glance/dbsync.go b/pkg/glance/dbsync.go index b212cfea..a0b76eab 100644 --- a/pkg/glance/dbsync.go +++ b/pkg/glance/dbsync.go @@ -27,7 +27,7 @@ import ( const ( // DBSyncCommand - - DBSyncCommand = "/usr/local/bin/kolla_set_configs && su -s /bin/sh -c \"glance-manage db sync\" glance && glance-manage db_load_metadefs" + DBSyncCommand = "/usr/local/bin/kolla_set_configs && /usr/local/bin/kolla_start" ) // DbSyncJob func @@ -40,7 +40,46 @@ func DbSyncJob( dbSyncExtraMounts := []glancev1.GlanceExtraVolMounts{} secretNames := []string{} + var config0644AccessMode int32 = 0644 + // Unlike the individual glanceAPI services, the DbSyncJob doesn't need a + // secret that contains all of the config snippets required by every + // service, The two snippet files that it does need (DefaultsConfigFileName + // and CustomConfigFileName) can be extracted from the top-level glance + // config-data secret. + dbSyncVolume := corev1.Volume{ + Name: "db-sync-config-data", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &config0644AccessMode, + SecretName: instance.Name + "-config-data", + Items: []corev1.KeyToPath{ + { + Key: DefaultsConfigFileName, + Path: DefaultsConfigFileName, + }, + { + Key: CustomConfigFileName, + Path: CustomConfigFileName, + }, + }, + }, + }, + } + + dbSyncMounts := []corev1.VolumeMount{ + { + Name: "db-sync-config-data", + MountPath: "/etc/glance/glance.conf.d", + ReadOnly: true, + }, + { + Name: "config-data", + MountPath: "/var/lib/kolla/config_files/config.json", + SubPath: "db-sync-config.json", + ReadOnly: true, + }, + } args := []string{"-c"} if instance.Spec.Debug.DBSync { args = append(args, common.DebugCommand) @@ -78,12 +117,10 @@ func DbSyncJob( RunAsUser: &runAsUser, }, Env: env.MergeEnvs([]corev1.EnvVar{}, envVars), - VolumeMounts: GetVolumeMounts( - secretNames, - false, - dbSyncExtraMounts, - DbsyncPropagation, - ), + VolumeMounts: append(GetVolumeMounts( + secretNames, false, + dbSyncExtraMounts, DbsyncPropagation), + dbSyncMounts...), }, }, }, @@ -91,30 +128,15 @@ func DbSyncJob( }, } - job.Spec.Template.Spec.Volumes = GetVolumes( + job.Spec.Template.Spec.Volumes = append(GetVolumes( instance.Name, ServiceName, false, secretNames, dbSyncExtraMounts, - DbsyncPropagation, + DbsyncPropagation), + dbSyncVolume, ) - initContainerDetails := APIDetails{ - ContainerImage: instance.Spec.ContainerImage, - DatabaseHost: instance.Status.DatabaseHostname, - DatabaseUser: instance.Spec.DatabaseUser, - DatabaseName: DatabaseName, - OSPSecret: instance.Spec.Secret, - DBPasswordSelector: instance.Spec.PasswordSelectors.Database, - UserPasswordSelector: instance.Spec.PasswordSelectors.Service, - VolumeMounts: getInitVolumeMounts( - secretNames, - dbSyncExtraMounts, - DbsyncPropagation, - ), - } - job.Spec.Template.Spec.InitContainers = InitContainer(initContainerDetails) - return job } diff --git a/pkg/glance/initcontainer.go b/pkg/glance/initcontainer.go deleted file mode 100644 index 40a4c6cf..00000000 --- a/pkg/glance/initcontainer.go +++ /dev/null @@ -1,119 +0,0 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package glance - -import ( - "github.com/openstack-k8s-operators/lib-common/modules/common/env" - corev1 "k8s.io/api/core/v1" - "strconv" -) - -// APIDetails information -type APIDetails struct { - ContainerImage string - DatabaseHost string - DatabaseUser string - DatabaseName string - TransportURL string - OSPSecret string - DBPasswordSelector string - UserPasswordSelector string - VolumeMounts []corev1.VolumeMount - QuotaEnabled bool - Privileged bool -} - -const ( - // InitContainerCommand - - InitContainerCommand = "/usr/local/bin/container-scripts/init.sh" -) - -// InitContainer - init container for glance api pods -func InitContainer(init APIDetails) []corev1.Container { - runAsUser := int64(0) - trueVar := true - - args := []string{ - "-c", - InitContainerCommand, - } - - securityContext := &corev1.SecurityContext{ - RunAsUser: &runAsUser, - } - - if init.Privileged { - securityContext.Privileged = &trueVar - } - - envVars := map[string]env.Setter{} - envVars["DatabaseHost"] = env.SetValue(init.DatabaseHost) - envVars["DatabaseUser"] = env.SetValue(init.DatabaseUser) - envVars["DatabaseName"] = env.SetValue(init.DatabaseName) - envVars["QuotaEnabled"] = env.SetValue(strconv.FormatBool(init.QuotaEnabled)) - - envs := []corev1.EnvVar{ - { - Name: "DatabasePassword", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: init.OSPSecret, - }, - Key: init.DBPasswordSelector, - }, - }, - }, - { - Name: "GlancePassword", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: init.OSPSecret, - }, - Key: init.UserPasswordSelector, - }, - }, - }, - // TODO - // { - // Name: "TransportUrl", - // ValueFrom: &corev1.EnvVarSource{ - // SecretKeyRef: &corev1.SecretKeySelector{ - // LocalObjectReference: corev1.LocalObjectReference{ - // Name: init.OSPSecret, - // }, - // Key: "TransportUrl", - // }, - // }, - // }, - } - envs = env.MergeEnvs(envs, envVars) - - return []corev1.Container{ - { - Name: "init", - Image: init.ContainerImage, - SecurityContext: securityContext, - Command: []string{ - "/bin/bash", - }, - Args: args, - Env: envs, - VolumeMounts: init.VolumeMounts, - }, - } -} diff --git a/pkg/glance/volumes.go b/pkg/glance/volumes.go index 615398cf..91837f2b 100644 --- a/pkg/glance/volumes.go +++ b/pkg/glance/volumes.go @@ -24,38 +24,19 @@ import ( // GetVolumes - service volumes func GetVolumes(name string, pvcName string, hasCinder bool, secretNames []string, extraVol []glancev1.GlanceExtraVolMounts, svc []storage.PropagationType) []corev1.Volume { - var scriptsVolumeDefaultMode int32 = 0755 - var config0640AccessMode int32 = 0640 + //var scriptsVolumeDefaultMode int32 = 0755 + var config0644AccessMode int32 = 0644 vm := []corev1.Volume{ - { - Name: "scripts", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &scriptsVolumeDefaultMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: name + "-scripts", - }, - }, - }, - }, { Name: "config-data", VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - DefaultMode: &config0640AccessMode, - LocalObjectReference: corev1.LocalObjectReference{ - Name: name + "-config-data", - }, + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &config0644AccessMode, + SecretName: name + "-config-data", }, }, }, - { - Name: "config-data-merged", - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{Medium: ""}, - }, - }, { Name: "lib-data", VolumeSource: corev1.VolumeSource{ @@ -102,54 +83,13 @@ func GetVolumes(name string, pvcName string, hasCinder bool, secretNames []strin return vm } -// getInitVolumeMounts - general init task VolumeMounts -func getInitVolumeMounts(secretNames []string, extraVol []glancev1.GlanceExtraVolMounts, svc []storage.PropagationType) []corev1.VolumeMount { - vm := []corev1.VolumeMount{ - { - Name: "scripts", - MountPath: "/usr/local/bin/container-scripts", - ReadOnly: true, - }, - { - Name: "config-data", - MountPath: "/var/lib/config-data/default", - ReadOnly: true, - }, - { - Name: "config-data-merged", - MountPath: "/var/lib/config-data/merged", - ReadOnly: false, - }, - } - - for _, exv := range extraVol { - for _, vol := range exv.Propagate(svc) { - vm = append(vm, vol.Mounts...) - } - } - _, secretConfig := GetConfigSecretVolumes(secretNames) - vm = append(vm, secretConfig...) - return vm -} - // GetVolumeMounts - general VolumeMounts func GetVolumeMounts(secretNames []string, hasCinder bool, extraVol []glancev1.GlanceExtraVolMounts, svc []storage.PropagationType) []corev1.VolumeMount { vm := []corev1.VolumeMount{ { - Name: "scripts", - MountPath: "/usr/local/bin/container-scripts", - ReadOnly: true, - }, - { - Name: "config-data-merged", - MountPath: "/var/lib/config-data/merged", - ReadOnly: false, - }, - { - Name: "config-data-merged", - MountPath: "/var/lib/kolla/config_files/config.json", - SubPath: "glance-api-config.json", + Name: "config-data", + MountPath: "/var/lib/config-data/default", ReadOnly: true, }, { diff --git a/pkg/glanceapi/deployment.go b/pkg/glanceapi/deployment.go index 0d84f2e9..52f3a7dd 100644 --- a/pkg/glanceapi/deployment.go +++ b/pkg/glanceapi/deployment.go @@ -44,15 +44,13 @@ func Deployment( privileged bool, ) *appsv1.Deployment { runAsUser := int64(0) + var config0644AccessMode int32 = 0644 livenessProbe := &corev1.Probe{ - // TODO might need tuning - TimeoutSeconds: 5, PeriodSeconds: 3, InitialDelaySeconds: 3, } readinessProbe := &corev1.Probe{ - // TODO might need tuning TimeoutSeconds: 5, PeriodSeconds: 5, InitialDelaySeconds: 5, @@ -98,6 +96,26 @@ func Deployment( envVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS") envVars["CONFIG_HASH"] = env.SetValue(configHash) + apiVolumes := []corev1.Volume{ + { + Name: "config-data-custom", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + DefaultMode: &config0644AccessMode, + SecretName: instance.Name + "-config-data", + }, + }, + }, + } + apiVolumeMounts := []corev1.VolumeMount{ + { + Name: "config-data", + MountPath: "/var/lib/kolla/config_files/config.json", + SubPath: "glance-api-config.json", + ReadOnly: true, + }, + } + deployment := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: fmt.Sprintf("%s-api", instance.Name), @@ -128,11 +146,12 @@ func Deployment( Privileged: &privileged, }, Env: env.MergeEnvs([]corev1.EnvVar{}, envVars), - VolumeMounts: glance.GetVolumeMounts( + VolumeMounts: append(glance.GetVolumeMounts( instance.Spec.CustomServiceConfigSecrets, privileged, instance.Spec.ExtraMounts, - glance.GlanceAPIPropagation, + glance.GlanceAPIPropagation), + apiVolumeMounts..., ), Resources: instance.Spec.Resources, ReadinessProbe: readinessProbe, @@ -143,14 +162,14 @@ func Deployment( }, }, } - deployment.Spec.Template.Spec.Volumes = glance.GetVolumes( + deployment.Spec.Template.Spec.Volumes = append(glance.GetVolumes( instance.Name, glance.ServiceName, privileged, instance.Spec.CustomServiceConfigSecrets, instance.Spec.ExtraMounts, - glance.GlanceAPIPropagation, - ) + glance.GlanceAPIPropagation), + apiVolumes...) // If possible two pods of the same service should not // run on the same worker node. If this is not possible @@ -166,22 +185,5 @@ func Deployment( deployment.Spec.Template.Spec.NodeSelector = instance.Spec.NodeSelector } - initContainerDetails := glance.APIDetails{ - ContainerImage: instance.Spec.ContainerImage, - DatabaseHost: instance.Spec.DatabaseHostname, - DatabaseUser: instance.Spec.DatabaseUser, - DatabaseName: glance.DatabaseName, - OSPSecret: instance.Spec.Secret, - DBPasswordSelector: instance.Spec.PasswordSelectors.Database, - UserPasswordSelector: instance.Spec.PasswordSelectors.Service, - VolumeMounts: getInitVolumeMounts( - instance.Spec.CustomServiceConfigSecrets, - instance.Spec.ExtraMounts, - glance.GlanceAPIPropagation, - ), - QuotaEnabled: instance.Spec.Quota, - } - deployment.Spec.Template.Spec.InitContainers = glance.InitContainer(initContainerDetails) - return deployment } diff --git a/pkg/glanceapi/volumes.go b/pkg/glanceapi/volumes.go deleted file mode 100644 index e12cb277..00000000 --- a/pkg/glanceapi/volumes.go +++ /dev/null @@ -1,52 +0,0 @@ -/* - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package glanceapi - -import ( - glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" - glance "github.com/openstack-k8s-operators/glance-operator/pkg/glance" - "github.com/openstack-k8s-operators/lib-common/modules/storage" - corev1 "k8s.io/api/core/v1" -) - -// getInitVolumeMounts - general init task VolumeMounts -func getInitVolumeMounts(secretNames []string, extraVol []glancev1.GlanceExtraVolMounts, svc []storage.PropagationType) []corev1.VolumeMount { - vm := []corev1.VolumeMount{ - { - Name: "scripts", - MountPath: "/usr/local/bin/container-scripts", - ReadOnly: true, - }, - { - Name: "config-data", - MountPath: "/var/lib/config-data/default", - ReadOnly: true, - }, - { - Name: "config-data-merged", - MountPath: "/var/lib/config-data/merged", - ReadOnly: false, - }, - } - for _, exv := range extraVol { - for _, vol := range exv.Propagate(svc) { - vm = append(vm, vol.Mounts...) - } - } - _, secretConfig := glance.GetConfigSecretVolumes(secretNames) - vm = append(vm, secretConfig...) - return vm -} diff --git a/templates/glance/bin/init.sh b/templates/glance/bin/init.sh deleted file mode 100755 index 1ea3ac06..00000000 --- a/templates/glance/bin/init.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin//bash -# -# Copyright 2020 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -set -ex - -# This script generates the glance-api.conf/logging.conf file and -# copies the result to the ephemeral /var/lib/config-data/merged volume. - -export PASSWORD=${GlancePassword:?"Please specify a GlanceKeystoneAuthPassword variable."} -export DBHOST=${DatabaseHost:?"Please specify a DatabaseHost variable."} -export DBUSER=${DatabaseUser:-"glance"} -export DB=${DatabaseName:-"glance"} -export DBPASSWORD=${DatabasePassword:?"Please specify a DatabasePassword variable."} -export QUOTA_ENABLED=${QuotaEnabled:-"false"} - - -DEFAULT_DIR=/var/lib/config-data/default -CUSTOM_DIR=/var/lib/config-data/custom -MERGED_DIR=/var/lib/config-data/merged -SVC_CFG=/etc/glance/glance-api.conf -SVC_CFG_MERGED=${MERGED_DIR}/glance-api.conf -SVC_CFG_MERGED_DIR=${MERGED_DIR}/glance.conf.d - -mkdir -p ${SVC_CFG_MERGED_DIR} - -cp ${DEFAULT_DIR}/* ${MERGED_DIR} - -# Save the default service config from container image as glance-api.conf.sample, -# and create a small glance-api.conf file that directs people to files in -# glance.conf.d. - -cp -a ${SVC_CFG} ${SVC_CFG_MERGED}.sample -cat < ${SVC_CFG_MERGED} -# Service configuration snippets are stored in the glance.conf.d subdirectory. -EOF - -cp ${DEFAULT_DIR}/glance-api.conf ${SVC_CFG_MERGED_DIR}/00-default.conf - -# Generate 01-deployment-secrets.conf -DEPLOYMENT_SECRETS=${SVC_CFG_MERGED_DIR}/01-deployment-secrets.conf - -cat <> ${DEPLOYMENT_SECRETS} -[database] -connection = mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB} - -[keystone_authtoken] -password = ${PASSWORD} - -[service_user] -password = ${PASSWORD} -EOF - -# Add oslo_limit glance password if QuotaLimits are enabled -# https://docs.openstack.org/glance/latest/admin/quotas.html -if [ "$QUOTA_ENABLED" == "true" ]; then -cat <> ${DEPLOYMENT_SECRETS} -[oslo_limit] -password = ${PASSWORD} -EOF -fi - -if [ -f ${DEFAULT_DIR}/custom.conf ]; then - cp ${DEFAULT_DIR}/custom.conf ${SVC_CFG_MERGED_DIR}/02-global.conf -fi - -if [ -f ${CUSTOM_DIR}/custom.conf ]; then - cp ${CUSTOM_DIR}/custom.conf ${SVC_CFG_MERGED_DIR}/03-service.conf -fi - -SECRET_FILES="$(ls /var/lib/config-data/secret-*/* 2>/dev/null || true)" -if [ -n "${SECRET_FILES}" ]; then - cat ${SECRET_FILES} > ${SVC_CFG_MERGED_DIR}/04-secrets.conf -fi - -chown -R :glance ${SVC_CFG_MERGED_DIR} diff --git a/templates/glance/config/glance-api.conf b/templates/glance/config/00-config.conf similarity index 81% rename from templates/glance/config/glance-api.conf rename to templates/glance/config/00-config.conf index f4b202df..097a5e91 100644 --- a/templates/glance/config/glance-api.conf +++ b/templates/glance/config/00-config.conf @@ -12,11 +12,20 @@ bind_host=0.0.0.0 bind_port=9292 workers=3 image_cache_dir=/var/lib/glance/image-cache -log_config_append=/etc/glance/logging.conf enabled_backends=default_backend:file {{ if (index . "QuotaEnabled") }} use_keystone_limits = {{ .QuotaEnabled }} + +[oslo_limit] +password = {{ .ServicePassword }} +{{ end }} + +[database] +{{ if (index . "DatabaseConnection") }} +connection = {{ .DatabaseConnection }} {{ end }} +max_retries = -1 +db_max_retries = -1 [file] filesystem_store_datadir = /var/lib/glance/images @@ -33,10 +42,18 @@ auth_type=password {{ if (index . "ServiceUser") }} username={{ .ServiceUser }} {{ end }} +{{ if (index . "ServicePassword") }} +password = {{ .ServicePassword }} +{{ end }} project_domain_name=Default user_domain_name=Default project_name=service +{{ if (index . "ServicePassword") }} +[service_user] +password = {{ .ServicePassword }} +{{ end }} + [oslo_messaging_notifications] # TODO: update later once rabbit is working #driver=messagingv2 @@ -76,3 +93,6 @@ endpoint_id = {{ .EndpointID }} {{ if (index . "Region") }} region_name = {{ .Region }} {{ end }} + +[image_import_opts] +image_import_plugins = ['no_op'] diff --git a/templates/glance/config/db-sync-config.json b/templates/glance/config/db-sync-config.json new file mode 100644 index 00000000..890c24d0 --- /dev/null +++ b/templates/glance/config/db-sync-config.json @@ -0,0 +1,3 @@ +{ + "command": "glance-manage --config-dir /etc/glance/glance.conf.d db sync glance && glance-manage db_load_metadefs" +} diff --git a/templates/glance/config/glance-api-config.json b/templates/glance/config/glance-api-config.json index 8436fd76..215391cd 100644 --- a/templates/glance/config/glance-api-config.json +++ b/templates/glance/config/glance-api-config.json @@ -2,28 +2,31 @@ "command": "/usr/bin/glance-api --config-dir /etc/glance/glance.conf.d", "config_files": [ { - "source": "/var/lib/config-data/merged/glance.conf.d", - "dest": "/etc/glance/glance.conf.d", + "source": "/var/lib/config-data/default/00-config.conf", + "dest": "/etc/glance/glance.conf.d/00-config.conf", "owner": "glance", - "perm": "0750" + "perm": "0600" }, { - "source": "/var/lib/config-data/merged/glance-image-import.conf", - "dest": "/etc/glance/glance.conf.d/glance-image-import.conf", + "source": "/var/lib/config-data/default/02-config.conf", + "dest": "/etc/glance/glance.conf.d/02-config.conf", "owner": "glance", - "perm": "0600" + "perm": "0600", + "optional": true }, { - "source": "/var/lib/config-data/merged/policy.yaml", - "dest": "/etc/glance/glance.conf.d/policy.yaml", + "source": "/var/lib/config-data/default/03-config.conf", + "dest": "/etc/glance/glance.conf.d/03-config.conf", "owner": "glance", - "perm": "0600" + "perm": "0640", + "optional": true }, { - "source": "/var/lib/config-data/merged/logging.conf", - "dest": "/etc/glance/logging.conf", + "source": "/var/lib/config-data/default/policy.yaml", + "dest": "/etc/glance/glance.conf.d/policy.yaml", "owner": "glance", - "perm": "0600" + "perm": "0600", + "optional": true } ] } diff --git a/templates/glance/config/glance-image-import.conf b/templates/glance/config/glance-image-import.conf deleted file mode 100644 index f5026c5a..00000000 --- a/templates/glance/config/glance-image-import.conf +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] - -[image_import_opts] -image_import_plugins = ['no_op'] diff --git a/templates/glance/config/logging.conf b/templates/glance/config/logging.conf deleted file mode 100644 index 75cd16df..00000000 --- a/templates/glance/config/logging.conf +++ /dev/null @@ -1,34 +0,0 @@ -[loggers] -keys=root - -[handlers] -keys=stdout - -[formatters] -keys=normal - - -########### -# Loggers # -########### - -[logger_root] -level=WARNING -handlers=stdout - -################ -# Log Handlers # -################ - -[handler_stdout] -class=StreamHandler -level=WARNING -formatter=normal -args=(sys.stdout,) - -################## -# Log Formatters # -################## - -[formatter_normal] -format=(%(name)s): %(asctime)s %(levelname)s %(message)s diff --git a/tests/functional/glance_controller_test.go b/tests/functional/glance_controller_test.go index fa7733fd..ca217455 100644 --- a/tests/functional/glance_controller_test.go +++ b/tests/functional/glance_controller_test.go @@ -229,8 +229,6 @@ var _ = Describe("Glance controller", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateGlance(glanceTest.Instance, GetGlanceDefaultSpec())) // Get Default GlanceAPI (internal/external) - DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.Instance, GetDefaultGlanceAPISpec(GlanceAPITypeExternal))) - DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.Instance, GetDefaultGlanceAPISpec(GlanceAPITypeInternal))) DeferCleanup( th.DeleteDBService, th.CreateDBService( @@ -263,7 +261,6 @@ var _ = Describe("Glance controller", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateGlance(glanceTest.Instance, GetGlanceDefaultSpec())) // Get Default GlanceAPI (internal/external) - DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.Instance, GetDefaultGlanceAPISpec(GlanceAPITypeExternal))) DeferCleanup( th.DeleteDBService, th.CreateDBService( @@ -286,22 +283,8 @@ var _ = Describe("Glance controller", func() { th.DeleteInstance(GetGlance(glanceTest.Instance)) }) - It("removes the ConfigMaps", func() { - Eventually(func() corev1.ConfigMap { - return *th.GetConfigMap(glanceTest.GlanceConfigMapData) - }, timeout, interval).ShouldNot(BeNil()) - Eventually(func() corev1.ConfigMap { - return *th.GetConfigMap(glanceTest.GlanceConfigMapScripts) - }, timeout, interval).ShouldNot(BeNil()) - Eventually(func() []corev1.ConfigMap { - return th.ListConfigMaps(glanceTest.GlanceConfigMapData.Name).Items - }, timeout, interval).Should(BeEmpty()) - Eventually(func() []corev1.ConfigMap { - return th.ListConfigMaps(glanceTest.GlanceConfigMapScripts.Name).Items - }, timeout, interval).Should(BeEmpty()) - }) }) - When("Glance CR instance is built w/ NAD", func() { + When("Glance CR instance is built with NAD", func() { BeforeEach(func() { nad := th.CreateNetworkAttachmentDefinition(glanceTest.InternalAPINAD) DeferCleanup(th.DeleteInstance, nad) diff --git a/tests/functional/glanceapi_controller_test.go b/tests/functional/glanceapi_controller_test.go index 665bdc55..efe01475 100644 --- a/tests/functional/glanceapi_controller_test.go +++ b/tests/functional/glanceapi_controller_test.go @@ -26,7 +26,7 @@ import ( ) var _ = Describe("Glanceapi controller", func() { - When("a GlanceAPI CR is created", func() { + When("GlanceAPI CR is created", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateGlanceAPI(glanceTest.GlanceInternal, GetDefaultGlanceAPISpec(GlanceAPITypeInternal))) }) @@ -67,7 +67,6 @@ var _ = Describe("Glanceapi controller", func() { corev1.ConditionFalse, ) }) - }) When("the Secret is created with all the expected fields", func() { BeforeEach(func() { @@ -95,22 +94,22 @@ var _ = Describe("Glanceapi controller", func() { condition.ServiceConfigReadyCondition, corev1.ConditionTrue, ) - configDataMap := th.GetConfigMap(glanceTest.GlanceInternalConfigMapData) - Expect(configDataMap).ShouldNot(BeNil()) - Expect(configDataMap.Data).Should(HaveKey("custom.conf")) + secretDataMap := th.GetSecret(glanceTest.GlanceInternalConfigMapData) + Expect(secretDataMap).ShouldNot(BeNil()) + // We apply customServiceConfig to the GlanceAPI Pod + Expect(secretDataMap.Data).Should(HaveKey("02-config.conf")) //Double check customServiceConfig has been applied - configData := string(configDataMap.Data["custom.conf"]) + configData := string(secretDataMap.Data["02-config.conf"]) Expect(configData).Should(ContainSubstring("foo=bar")) }) It("stored the input hash in the Status", func() { Eventually(func(g Gomega) { - novaAPI := GetGlanceAPI(glanceTest.GlanceInternal) - g.Expect(novaAPI.Status.Hash).Should(HaveKeyWithValue("input", Not(BeEmpty()))) + glanceAPI := GetGlanceAPI(glanceTest.GlanceInternal) + g.Expect(glanceAPI.Status.Hash).Should(HaveKeyWithValue("input", Not(BeEmpty()))) }, timeout, interval).Should(Succeed()) }) }) - When("GlanceAPI is generated by the top-level CR", func() { BeforeEach(func() { DeferCleanup(th.DeleteInstance, CreateDefaultGlance(glanceTest.Instance)) @@ -137,11 +136,11 @@ var _ = Describe("Glanceapi controller", func() { ss := th.GetDeployment(glanceTest.GlanceInternalAPI) // Check the resulting deployment fields Expect(int(*ss.Spec.Replicas)).To(Equal(1)) - Expect(ss.Spec.Template.Spec.Volumes).To(HaveLen(4)) + Expect(ss.Spec.Template.Spec.Volumes).To(HaveLen(3)) Expect(ss.Spec.Template.Spec.Containers).To(HaveLen(1)) container := ss.Spec.Template.Spec.Containers[0] - Expect(container.VolumeMounts).To(HaveLen(4)) + Expect(container.VolumeMounts).To(HaveLen(3)) Expect(container.Image).To(Equal(glanceTest.ContainerImage)) Expect(container.LivenessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) Expect(container.ReadinessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) @@ -153,11 +152,11 @@ var _ = Describe("Glanceapi controller", func() { ss := th.GetDeployment(glanceTest.GlanceExternalAPI) // Check the resulting deployment fields Expect(int(*ss.Spec.Replicas)).To(Equal(1)) - Expect(ss.Spec.Template.Spec.Volumes).To(HaveLen(4)) + Expect(ss.Spec.Template.Spec.Volumes).To(HaveLen(3)) Expect(ss.Spec.Template.Spec.Containers).To(HaveLen(1)) container := ss.Spec.Template.Spec.Containers[0] - Expect(container.VolumeMounts).To(HaveLen(4)) + Expect(container.VolumeMounts).To(HaveLen(3)) Expect(container.Image).To(Equal(glanceTest.ContainerImage)) Expect(container.LivenessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) Expect(container.ReadinessProbe.HTTPGet.Port.IntVal).To(Equal(int32(9292))) diff --git a/tests/kuttl/tests/glance_scale/01-assert.yaml b/tests/kuttl/tests/glance_scale/01-assert.yaml index 193d803c..d2953ce5 100644 --- a/tests/kuttl/tests/glance_scale/01-assert.yaml +++ b/tests/kuttl/tests/glance_scale/01-assert.yaml @@ -99,14 +99,6 @@ spec: - /bin/bash image: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified name: glance-api - initContainers: - - args: - - -c - - /usr/local/bin/container-scripts/init.sh - command: - - /bin/bash - image: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified - name: init serviceAccount: glance-glance serviceAccountName: glance-glance status: @@ -135,14 +127,6 @@ spec: - /bin/bash image: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified name: glance-api - initContainers: - - args: - - -c - - /usr/local/bin/container-scripts/init.sh - command: - - /bin/bash - image: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified - name: init serviceAccount: glance-glance serviceAccountName: glance-glance status: