Skip to content

Commit

Permalink
Fix missing transport URL config
Browse files Browse the repository at this point in the history
Recent amphora controller support changes were missing the init.sh and
initcontainer changes required for configuring the rabbitmq
transport_url.
  • Loading branch information
beagles committed Oct 6, 2023
1 parent 4607973 commit 03fe9b1
Show file tree
Hide file tree
Showing 14 changed files with 85 additions and 4 deletions.
3 changes: 3 additions & 0 deletions api/bases/octavia.openstack.org_octaviaapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,9 @@ spec:
default: octavia
description: ServiceUser - service user name
type: string
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
required:
- containerImage
- databaseInstance
Expand Down
3 changes: 3 additions & 0 deletions api/bases/octavia.openstack.org_octavias.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -428,6 +428,9 @@ spec:
default: octavia
description: ServiceUser - service user name
type: string
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
required:
- containerImage
- databaseInstance
Expand Down
4 changes: 4 additions & 0 deletions api/v1beta1/octaviaapi_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ type OctaviaAPISpec struct {
// TODO: -> implement
DefaultConfigOverwrite map[string]string `json:"defaultConfigOverwrite,omitempty"`

// +kubebuilder:validation:Optional
// TransportURLSecret - Secret containing RabbitMQ transportURL
TransportURLSecret string `json:"transportURLSecret,omitempty"`

// +kubebuilder:validation:Optional
// Resources - Compute Resources required by this service (Limits/Requests).
// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Expand Down
3 changes: 3 additions & 0 deletions config/crd/bases/octavia.openstack.org_octaviaapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,9 @@ spec:
default: octavia
description: ServiceUser - service user name
type: string
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
required:
- containerImage
- databaseInstance
Expand Down
3 changes: 3 additions & 0 deletions config/crd/bases/octavia.openstack.org_octavias.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -428,6 +428,9 @@ spec:
default: octavia
description: ServiceUser - service user name
type: string
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
required:
- containerImage
- databaseInstance
Expand Down
9 changes: 9 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,15 @@ rules:
- patch
- update
- watch
- apiGroups:
- security.openshift.io
resourceNames:
- anyuid
- hostmount-anyuid
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- security.openshift.io
resourceNames:
Expand Down
25 changes: 24 additions & 1 deletion controllers/amphoracontroller_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/util"

keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
octaviav1 "github.com/openstack-k8s-operators/octavia-operator/api/v1beta1"
"github.com/openstack-k8s-operators/octavia-operator/pkg/amphoracontrollers"
"github.com/openstack-k8s-operators/octavia-operator/pkg/octavia"
Expand Down Expand Up @@ -188,7 +189,27 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context

// Handle config map
configMapVars := make(map[string]env.Setter)
err := r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars)
transportURLSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Spec.TransportURLSecret, instance.Namespace)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("TransportURL secret %s not found", instance.Spec.TransportURLSecret)
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}
configMapVars[transportURLSecret.Name] = env.SetValue(hash)

err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand All @@ -199,6 +220,8 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context
return ctrl.Result{}, err
}

instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)

//
// create hash over all the different input resources to identify if any those changed
// and a restart/recreate is required.
Expand Down
1 change: 1 addition & 0 deletions controllers/octavia_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -749,6 +749,7 @@ func (r *OctaviaReconciler) apiDeploymentCreateOrUpdate(instance *octaviav1.Octa
deployment.Spec.DatabaseHostname = instance.Status.DatabaseHostname
deployment.Spec.DatabaseUser = instance.Spec.DatabaseUser
deployment.Spec.ServiceUser = instance.Spec.ServiceUser
deployment.Spec.TransportURLSecret = instance.Status.TransportURLSecret
deployment.Spec.Secret = instance.Spec.Secret
deployment.Spec.ServiceAccount = instance.RbacResourceName()
if len(deployment.Spec.NodeSelector) == 0 {
Expand Down
22 changes: 22 additions & 0 deletions controllers/octaviaapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ type OctaviaAPIReconciler struct {
// +kubebuilder:rbac:groups=keystone.openstack.org,resources=keystoneendpoints,verbs=get;list;watch;create;update;patch;delete;
// +kubebuilder:rbac:groups=ovn.openstack.org,resources=ovndbclusters,verbs=get;list;watch;
// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=network-attachment-definitions,verbs=get;list;watch
// +kubebuilder:rbac:groups="security.openshift.io",resourceNames=anyuid;hostmount-anyuid,resources=securitycontextconstraints,verbs=use
// +kubebuilder:rbac:groups="",resources=pods,verbs=create;delete;get;list;patch;update;watch

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down Expand Up @@ -450,6 +452,26 @@ func (r *OctaviaAPIReconciler) reconcileNormal(ctx context.Context, instance *oc
}
configMapVars[ospSecret.Name] = env.SetValue(hash)

transportURLSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Spec.TransportURLSecret, instance.Namespace)
if err != nil {
if k8s_errors.IsNotFound(err) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.InputReadyWaitingMessage))
return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, fmt.Errorf("TransportURL secret %s not found", instance.Spec.TransportURLSecret)
}
instance.Status.Conditions.Set(condition.FalseCondition(
condition.InputReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.InputReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}
configMapVars[transportURLSecret.Name] = env.SetValue(hash)

instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)

// run check OpenStack secret - end
Expand Down
1 change: 1 addition & 0 deletions pkg/amphoracontrollers/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ func Deployment(
DatabaseUser: instance.Spec.DatabaseUser,
DatabaseName: octavia.DatabaseName,
OSPSecret: instance.Spec.Secret,
TransportURLSecret: instance.Spec.TransportURLSecret,
DBPasswordSelector: instance.Spec.PasswordSelectors.Database,
UserPasswordSelector: instance.Spec.PasswordSelectors.Service,
VolumeMounts: octavia.GetInitVolumeMounts(),
Expand Down
1 change: 1 addition & 0 deletions pkg/octaviaapi/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ func Deployment(
DatabaseUser: instance.Spec.DatabaseUser,
DatabaseName: octavia.DatabaseName,
OSPSecret: instance.Spec.Secret,
TransportURLSecret: instance.Spec.TransportURLSecret,
DBPasswordSelector: instance.Spec.PasswordSelectors.Database,
UserPasswordSelector: instance.Spec.PasswordSelectors.Service,
VolumeMounts: initVolumeMounts,
Expand Down
4 changes: 1 addition & 3 deletions templates/octavia/bin/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,9 @@ for dir in /var/lib/config-data/default; do
merge_config_dir ${dir}
done

# set secrets

# set secrets
if [ -n "$TRANSPORTURL" ]; then
crudini --set /var/lib/config-data/merged/neutron.conf DEFAULT transport_url $TRANSPORTURL
crudini --set /var/lib/config-data/merged/octavia.conf DEFAULT transport_url $TRANSPORTURL
fi
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}
crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $PASSWORD
5 changes: 5 additions & 0 deletions templates/octaviaamphoracontroller/bin/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ export DBHOST=${DatabaseHost:?"Please specify a DatabaseHost variable."}
export DBUSER=${DatabaseUser:?"Please specify a DatabaseUser variable."}
export DBPASSWORD=${DatabasePassword:?"Please specify a DatabasePassword variable."}
export DB=${DatabaseName:-"octavia"}
export TRANSPORTURL=${TransportURL:-""}

SVC_CFG=/etc/octavia/octavia.conf
SVC_CFG_MERGED=/var/lib/config-data/merged/octavia.conf
Expand All @@ -40,6 +41,10 @@ for dir in /var/lib/config-data/default; do
merge_config_dir ${dir}
done

# set secrets
if [ -n "$TRANSPORTURL" ]; then
crudini --set /var/lib/config-data/merged/octavia.conf DEFAULT transport_url $TRANSPORTURL
fi
# set secrets
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}
crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $PASSWORD
Expand Down
5 changes: 5 additions & 0 deletions templates/octaviaapi/bin/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ export DBHOST=${DatabaseHost:?"Please specify a DatabaseHost variable."}
export DBUSER=${DatabaseUser:?"Please specify a DatabaseUser variable."}
export DBPASSWORD=${DatabasePassword:?"Please specify a DatabasePassword variable."}
export DB=${DatabaseName:-"octavia"}
export TRANSPORTURL=${TransportURL:-""}

SVC_CFG=/etc/octavia/octavia.conf
SVC_CFG_MERGED=/var/lib/config-data/merged/octavia.conf
Expand All @@ -40,6 +41,10 @@ for dir in /var/lib/config-data/default; do
merge_config_dir ${dir}
done

# set secrets
if [ -n "$TRANSPORTURL" ]; then
crudini --set /var/lib/config-data/merged/octavia.conf DEFAULT transport_url $TRANSPORTURL
fi
# set secrets
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}
crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $PASSWORD
Expand Down

0 comments on commit 03fe9b1

Please sign in to comment.