diff --git a/controllers/ironic_controller.go b/controllers/ironic_controller.go index 8be12dfe..4c7323b1 100644 --- a/controllers/ironic_controller.go +++ b/controllers/ironic_controller.go @@ -35,6 +35,7 @@ import ( labels "github.com/openstack-k8s-operators/lib-common/modules/common/labels" common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac" oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1" @@ -355,6 +356,17 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic } } + // + // create service DB instance + // + db, result, err := r.ensureDB(ctx, helper, instance) + if err != nil { + return ctrl.Result{}, err + } else if (result != ctrl.Result{}) { + return result, nil + } + // create service DB - end + // // Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes // @@ -365,7 +377,7 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic // - %-config configmap holding minimal ironic config required to get the service up, user can add additional files to be added to the service // - parameters which has passwords gets added from the OpenStack secret via the init container // - err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, &keystoneEndpoints) + err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, &keystoneEndpoints, db) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -406,16 +418,8 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic common.AppSelector: ironic.ServiceName, } - // Handle service init - ctrlResult, err := r.reconcileInit(ctx, instance, helper, serviceLabels) - if err != nil { - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - return ctrlResult, nil - } - // Handle service update - ctrlResult, err = r.reconcileUpdate(ctx, instance, helper) + ctrlResult, err := r.reconcileUpdate(ctx, instance, helper) if err != nil { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { @@ -583,79 +587,6 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic return ctrl.Result{}, nil } -func (r *IronicReconciler) reconcileInit( - ctx context.Context, - instance *ironicv1.Ironic, - helper *helper.Helper, - serviceLabels map[string]string, -) (ctrl.Result, error) { - Log := r.GetLogger(ctx) - - Log.Info("Reconciling Ironic init") - - // - // create service DB instance - // - db := mariadbv1.NewDatabase( - instance.Name, - instance.Name, - instance.Spec.Secret, - map[string]string{ - "dbName": instance.Spec.DatabaseInstance, - }, - ) - // create or patch the DB - ctrlResult, err := db.CreateOrPatchDB( - ctx, - helper, - ) - if err != nil { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.DBReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.DBReadyRunningMessage)) - return ctrlResult, nil - } - - // wait for the DB to be setup - ctrlResult, err = db.WaitForDBCreated(ctx, helper) - if err != nil { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.DBReadyErrorMessage, - err.Error())) - return ctrlResult, err - } - if (ctrlResult != ctrl.Result{}) { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.DBReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.DBReadyRunningMessage)) - return ctrlResult, nil - } - // update Status.DatabaseHostname, used to bootstrap/config the service - instance.Status.DatabaseHostname = db.GetDatabaseHostname() - instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage) - - // create service DB - end - - Log.Info("Reconciled Ironic init successfully") - return ctrl.Result{}, nil -} - func (r *IronicReconciler) reconcileUpdate(ctx context.Context, instance *ironicv1.Ironic, helper *helper.Helper) (ctrl.Result, error) { // Log.Info("Reconciling Ironic update") @@ -817,6 +748,7 @@ func (r *IronicReconciler) generateServiceConfigMaps( h *helper.Helper, envVars *map[string]env.Setter, keystoneEndpoints *ironicv1.KeystoneEndpoints, + db *mariadbv1.Database, ) error { // // create Configmap/Secret required for ironic input @@ -827,11 +759,20 @@ func (r *IronicReconciler) generateServiceConfigMaps( cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{}) + var tlsCfg *tls.Service + if instance.Spec.IronicAPI.TLS.Ca.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + // customData hold any customization for the service. // custom.conf is going to /etc/ironic/ironic.conf.d // all other files get placed into /etc/ironic to allow overwrite of e.g. policy.json // TODO: make sure custom.conf can not be overwritten - customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} + customData := map[string]string{ + common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + + } for key, data := range instance.Spec.DefaultConfigOverwrite { customData[key] = data } @@ -1046,3 +987,70 @@ func (r *IronicReconciler) ironicNeutronAgentDeploymentDelete( return nil } + +func (r *IronicReconciler) ensureDB( + ctx context.Context, + h *helper.Helper, + instance *ironicv1.Ironic, +) (*mariadbv1.Database, ctrl.Result, error) { + // + // create service DB instance + // + db := mariadbv1.NewDatabase( + ironic.DatabaseName, + instance.Name, + instance.Spec.Secret, + map[string]string{ + "dbName": instance.Spec.DatabaseInstance, + }, + ) + + // create or patch the DB + ctrlResult, err := db.CreateOrPatchDBByName( + ctx, + h, + instance.Spec.DatabaseInstance, + ) + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.DBReadyErrorMessage, + err.Error())) + return db, ctrl.Result{}, err + } + if (ctrlResult != ctrl.Result{}) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.DBReadyRunningMessage)) + return db, ctrlResult, nil + } + // wait for the DB to be setup + // (ksambor) should we use WaitForDBCreatedWithTimeout instead? + ctrlResult, err = db.WaitForDBCreated(ctx, h) + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.DBReadyErrorMessage, + err.Error())) + return db, ctrlResult, err + } + if (ctrlResult != ctrl.Result{}) { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.DBReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.DBReadyRunningMessage)) + return db, ctrlResult, nil + } + + // update Status.DatabaseHostname, used to config the service + instance.Status.DatabaseHostname = db.GetDatabaseHostname() + instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage) + return db, ctrlResult, nil +} diff --git a/controllers/ironicapi_controller.go b/controllers/ironicapi_controller.go index 2eeee310..1e634ac1 100644 --- a/controllers/ironicapi_controller.go +++ b/controllers/ironicapi_controller.go @@ -58,6 +58,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/service" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" ) // IronicAPIReconciler reconciles a IronicAPI object @@ -919,10 +920,22 @@ func (r *IronicAPIReconciler) generateServiceConfigMaps( cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{}) + db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName) + if err != nil { + return err + } + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + // customData hold any customization for the service. // custom.conf is going to be merged into /etc/ironic/ironic.conf // TODO: make sure custom.conf can not be overwritten - customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} + customData := map[string]string{ + common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } for key, data := range instance.Spec.DefaultConfigOverwrite { customData[key] = data diff --git a/controllers/ironicconductor_controller.go b/controllers/ironicconductor_controller.go index baad7227..0a7d75c1 100644 --- a/controllers/ironicconductor_controller.go +++ b/controllers/ironicconductor_controller.go @@ -60,6 +60,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" ) // IronicConductorReconciler reconciles a IronicConductor object @@ -758,10 +759,22 @@ func (r *IronicConductorReconciler) generateServiceConfigMaps( Log := r.GetLogger(ctx) cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{}) + db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName) + if err != nil { + return err + } + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + // customData hold any customization for the service. // custom.conf is going to be merged into /etc/ironic/ironic.conf // TODO: make sure custom.conf can not be overwritten - customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} + customData := map[string]string{ + common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } for key, data := range instance.Spec.DefaultConfigOverwrite { customData[key] = data diff --git a/controllers/ironicinspector_controller.go b/controllers/ironicinspector_controller.go index dbe5df1f..54d895de 100644 --- a/controllers/ironicinspector_controller.go +++ b/controllers/ironicinspector_controller.go @@ -461,6 +461,7 @@ func (r *IronicInspectorReconciler) reconcileConfigMapsAndSecrets( ctx context.Context, instance *ironicv1.IronicInspector, helper *helper.Helper, + db *mariadbv1.Database, ) (ctrl.Result, string, error) { // ConfigMap configMapVars := make(map[string]env.Setter) @@ -567,7 +568,8 @@ func (r *IronicInspectorReconciler) reconcileConfigMapsAndSecrets( ctx, instance, helper, - &configMapVars) + &configMapVars, + db) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -697,6 +699,11 @@ func (r *IronicInspectorReconciler) reconcileNormal( Log.Info("Reconciling Ironic Inspector") + serviceLabels := map[string]string{ + common.AppSelector: ironic.ServiceName, + common.ComponentSelector: ironic.InspectorComponent, + } + if ironicv1.GetOwningIronicName(instance) == "" { // Service account, role, binding rbacResult, err := common_rbac.ReconcileRbac(ctx, helper, instance, getCommonRbacRules()) @@ -725,7 +732,14 @@ func (r *IronicInspectorReconciler) reconcileNormal( return ctrlResult, nil } - ctrlResult, inputHash, err := r.reconcileConfigMapsAndSecrets(ctx, instance, helper) + db, ctrlResult, err := r.reconcileServiceDBinstance(ctx, instance, helper, serviceLabels) + if err != nil { + return ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return ctrlResult, nil + } + + ctrlResult, inputHash, err := r.reconcileConfigMapsAndSecrets(ctx, instance, helper, db) if err != nil { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { @@ -736,11 +750,6 @@ func (r *IronicInspectorReconciler) reconcileNormal( // TODO check when/if Init, Update, or Upgrade should/could be skipped // - serviceLabels := map[string]string{ - common.AppSelector: ironic.ServiceName, - common.ComponentSelector: ironic.InspectorComponent, - } - // networks to attach to for _, netAtt := range instance.Spec.NetworkAttachments { _, err := nad.GetNADWithName(ctx, helper, netAtt, instance.Namespace) @@ -910,7 +919,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance( instance *ironicv1.IronicInspector, helper *helper.Helper, serviceLabels map[string]string, -) (ctrl.Result, error) { +) (*mariadbv1.Database, ctrl.Result, error) { databaseName := strings.Replace(instance.Name, "-", "_", -1) db := mariadbv1.NewDatabase( databaseName, @@ -934,7 +943,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance( condition.SeverityWarning, condition.DBReadyErrorMessage, err.Error())) - return ctrl.Result{}, err + return db, ctrl.Result{}, err } if (ctrlResult != ctrl.Result{}) { instance.Status.Conditions.Set(condition.FalseCondition( @@ -942,7 +951,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance( condition.RequestedReason, condition.SeverityInfo, condition.DBReadyRunningMessage)) - return ctrlResult, nil + return db, ctrlResult, nil } // wait for the DB to be setup @@ -954,7 +963,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance( condition.SeverityWarning, condition.DBReadyErrorMessage, err.Error())) - return ctrlResult, err + return db, ctrlResult, err } if (ctrlResult != ctrl.Result{}) { instance.Status.Conditions.Set(condition.FalseCondition( @@ -962,7 +971,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance( condition.RequestedReason, condition.SeverityInfo, condition.DBReadyRunningMessage)) - return ctrlResult, nil + return db, ctrlResult, nil } // update Status.DatabaseHostname, used to bootstrap/config the service instance.Status.DatabaseHostname = db.GetDatabaseHostname() @@ -970,7 +979,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance( condition.DBReadyCondition, condition.DBReadyMessage) - return ctrl.Result{}, nil + return db, ctrl.Result{}, nil } func (r *IronicInspectorReconciler) reconcileServiceDBsync( @@ -1236,14 +1245,7 @@ func (r *IronicInspectorReconciler) reconcileInit( Log.Info("Reconciling Ironic Inspector init") - ctrlResult, err := r.reconcileServiceDBinstance(ctx, instance, helper, serviceLabels) - if err != nil { - return ctrlResult, err - } else if (ctrlResult != ctrl.Result{}) { - return ctrlResult, nil - } - - ctrlResult, err = r.reconcileServiceDBsync(ctx, instance, helper, serviceLabels) + ctrlResult, err := r.reconcileServiceDBsync(ctx, instance, helper, serviceLabels) if err != nil { return ctrlResult, err } else if (ctrlResult != ctrl.Result{}) { @@ -1304,6 +1306,7 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps( instance *ironicv1.IronicInspector, h *helper.Helper, envVars *map[string]env.Setter, + db *mariadbv1.Database, ) error { // // create Configmap/Secret required for ironic-inspector input @@ -1319,6 +1322,10 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps( labels.GetGroupLabel(ironic.ServiceName), map[string]string{}) Log := r.GetLogger(ctx) + var tlsCfg *tls.Service + if instance.Spec.TLS.Ca.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } // customData hold any customization for the service. // custom.conf is going to /etc/ironic-inspector/inspector.conf.d // all other files get placed into /etc/ironic-inspector to allow @@ -1326,6 +1333,7 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps( // TODO: make sure custom.conf can not be overwritten customData := map[string]string{ common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf } for key, data := range instance.Spec.DefaultConfigOverwrite { customData[key] = data diff --git a/controllers/ironicneutronagent_controller.go b/controllers/ironicneutronagent_controller.go index e524fd3b..2d2c7e1a 100644 --- a/controllers/ironicneutronagent_controller.go +++ b/controllers/ironicneutronagent_controller.go @@ -47,6 +47,7 @@ import ( keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1" endpoint "github.com/openstack-k8s-operators/lib-common/modules/common/endpoint" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" "github.com/openstack-k8s-operators/lib-common/modules/common" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" @@ -647,11 +648,22 @@ func (r *IronicNeutronAgentReconciler) generateServiceConfigMaps( cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{}) + db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName) + if err != nil { + return err + } + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + // customData hold any customization for the service. // custom.conf is going to be merged into /etc/ironic/ironic.conf // TODO: make sure custom.conf can not be overwritten - customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig} - customData[common.CustomServiceConfigFileName] = instance.Spec.CustomServiceConfig + customData := map[string]string{ + common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig, + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } keystoneAPI, err := keystonev1.GetKeystoneAPI(ctx, h, instance.Namespace, map[string]string{}) if err != nil { diff --git a/go.mod b/go.mod index 4f9c63ee..b6294012 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240214165457-55af8e58473d github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240214144842-5dcac51e5b36 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240214144842-5dcac51e5b36 - github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240214153937-3b28b9d3d09b + github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e k8s.io/api v0.28.3 k8s.io/apimachinery v0.28.3 k8s.io/client-go v0.28.3 diff --git a/go.sum b/go.sum index 71ce43af..34cb9fd8 100644 --- a/go.sum +++ b/go.sum @@ -88,8 +88,8 @@ github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.2024021 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240214144842-5dcac51e5b36/go.mod h1:8QsCFttAm+X6A8I8EQThGjNjeMAYt2hK7ivbvnR3434= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240214144842-5dcac51e5b36 h1:GXdro9f/BoLdkW1PxPlRs3e/47ml56UiJunjIO6uu3Q= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240214144842-5dcac51e5b36/go.mod h1:82nzS+DbBe1tzaMvNHH8FctmZzQ14ZAJysFGsMJiivo= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240214153937-3b28b9d3d09b h1:3A0CmqlHswSLJYwddVTfQ/ndB5DfP7W2GKFv6C3jOec= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240214153937-3b28b9d3d09b/go.mod h1:52Ja/B4RrrytMmKh+Kf+/BPe7Fq40Pi77vcFH4yJeoU= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e h1:6vqp5HZwcGvPH0MII/23iCd97T3/1HJZlONKW6LyNio= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/templates/common/bin/common.sh b/templates/common/bin/common.sh index 3dd039f9..9dd4f113 100755 --- a/templates/common/bin/common.sh +++ b/templates/common/bin/common.sh @@ -86,7 +86,7 @@ function common_ironic_config { crudini --set ${SVC_CFG_MERGED} DEFAULT transport_url $TRANSPORTURL crudini --set ${SVC_CFG_MERGED} DEFAULT rpc_transport oslo fi - crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB} + crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}?read_default_file=/etc/my.cnf crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $IRONICPASSWORD crudini --set ${SVC_CFG_MERGED} service_catalog password $IRONICPASSWORD crudini --set ${SVC_CFG_MERGED} cinder password $IRONICPASSWORD diff --git a/templates/ironic/config/db-sync-config.json b/templates/ironic/config/db-sync-config.json index 9d9fd7a8..aec295d6 100644 --- a/templates/ironic/config/db-sync-config.json +++ b/templates/ironic/config/db-sync-config.json @@ -12,6 +12,12 @@ "dest": "/etc/ironic/ironic.conf.d/custom.conf", "owner": "ironic", "perm": "0600" + }, + { + "source": "/var/lib/config-data/merged/my.cnf", + "dest": "/etc/my.cnf", + "owner": "keystone", + "perm": "0644" } ], "permissions": [ diff --git a/templates/ironicapi/config/ironic-api-config.json b/templates/ironicapi/config/ironic-api-config.json index 280cfbfb..53e29636 100644 --- a/templates/ironicapi/config/ironic-api-config.json +++ b/templates/ironicapi/config/ironic-api-config.json @@ -40,6 +40,12 @@ "perm": "0600", "optional": true, "merge": true + }, + { + "source": "/var/lib/config-data/merged/my.cnf", + "dest": "/etc/my.cnf", + "owner": "keystone", + "perm": "0644" } ], "permissions": [ diff --git a/templates/ironicconductor/config/ironic-conductor-config.json b/templates/ironicconductor/config/ironic-conductor-config.json index a08e043f..78197fc4 100644 --- a/templates/ironicconductor/config/ironic-conductor-config.json +++ b/templates/ironicconductor/config/ironic-conductor-config.json @@ -12,6 +12,12 @@ "dest": "/etc/ironic/ironic.conf.d/custom.conf", "owner": "ironic", "perm": "0600" + }, + { + "source": "/var/lib/config-data/merged/my.cnf", + "dest": "/etc/my.cnf", + "owner": "keystone", + "perm": "0644" } ], "permissions": [ diff --git a/templates/ironicinspector/config/db-sync-config.json b/templates/ironicinspector/config/db-sync-config.json index 8eb6f982..568b0072 100644 --- a/templates/ironicinspector/config/db-sync-config.json +++ b/templates/ironicinspector/config/db-sync-config.json @@ -12,6 +12,12 @@ "dest": "/etc/ironic-inspector/inspector.conf.d/custom.conf", "owner": "ironic-inspector", "perm": "0600" + }, + { + "source": "/var/lib/config-data/merged/my.cnf", + "dest": "/etc/my.cnf", + "owner": "keystone", + "perm": "0644" } ], "permissions": [ diff --git a/templates/ironicinspector/config/ironic-inspector-config.json b/templates/ironicinspector/config/ironic-inspector-config.json index dfd07109..ba02101d 100644 --- a/templates/ironicinspector/config/ironic-inspector-config.json +++ b/templates/ironicinspector/config/ironic-inspector-config.json @@ -12,6 +12,12 @@ "dest": "/etc/ironic-inspector/inspector.conf.d/custom.conf", "owner": "ironic-inspector", "perm": "0600" + }, + { + "source": "/var/lib/config-data/merged/my.cnf", + "dest": "/etc/my.cnf", + "owner": "keystone", + "perm": "0644" } ], "permissions": [ diff --git a/templates/ironicneutronagent/config/ironic-neutron-agent-config.json b/templates/ironicneutronagent/config/ironic-neutron-agent-config.json index 3f4292cf..da6c5e04 100644 --- a/templates/ironicneutronagent/config/ironic-neutron-agent-config.json +++ b/templates/ironicneutronagent/config/ironic-neutron-agent-config.json @@ -12,6 +12,12 @@ "dest": "/etc/neutron/neutron.conf.d/custom.conf", "owner": "neutron", "perm": "0600" + }, + { + "source": "/var/lib/config-data/merged/my.cnf", + "dest": "/etc/my.cnf", + "owner": "keystone", + "perm": "0644" } ], "permissions": [ diff --git a/tests/functional/base_test.go b/tests/functional/base_test.go index a4b65ba8..6582f394 100644 --- a/tests/functional/base_test.go +++ b/tests/functional/base_test.go @@ -48,6 +48,7 @@ const ( type IronicNames struct { Namespace string IronicName types.NamespacedName + IronicConfigDataName types.NamespacedName IronicRole types.NamespacedName IronicRoleBinding types.NamespacedName IronicServiceAccount types.NamespacedName @@ -61,6 +62,7 @@ type IronicNames struct { APIRoleBinding types.NamespacedName APIConfigDataName types.NamespacedName ConductorName types.NamespacedName + ConductorConfigDataName types.NamespacedName ConductorServiceAccount types.NamespacedName ConductorRole types.NamespacedName ConductorRoleBinding types.NamespacedName @@ -110,6 +112,10 @@ func GetIronicNames( Namespace: ironic.Namespace, Name: ironic.Name, }, + IronicConfigDataName: types.NamespacedName{ + Namespace: ironic.Namespace, + Name: ironic.Name + "-config-data", + }, IronicTransportURLName: types.NamespacedName{ Namespace: ironic.Namespace, Name: ironic.Name + "-transport", @@ -158,6 +164,10 @@ func GetIronicNames( Namespace: ironicConductor.Namespace, Name: ironicConductor.Name, }, + ConductorConfigDataName: types.NamespacedName{ + Namespace: ironicAPI.Namespace, + Name: "ironic-conductor-config-data", + }, ConductorServiceAccount: types.NamespacedName{ Namespace: ironicConductor.Namespace, Name: "ironicconductor-" + ironicConductor.Name, diff --git a/tests/functional/ironic_controller_test.go b/tests/functional/ironic_controller_test.go index c050d42a..8bb7f51a 100644 --- a/tests/functional/ironic_controller_test.go +++ b/tests/functional/ironic_controller_test.go @@ -133,6 +133,13 @@ var _ = Describe("Ironic controller", func() { It("Creates ConfigMaps and gets Secrets (input) and set Hash of inputs", func() { infra.GetTransportURL(ironicNames.IronicTransportURLName) infra.SimulateTransportURLReady(ironicNames.IronicTransportURLName) + mariadb.GetMariaDBDatabase(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName) + cm := th.GetConfigMap(ironicNames.IronicConfigDataName) + myCnf := cm.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) th.ExpectCondition( ironicNames.IronicName, ConditionGetterFunc(IronicConditionGetter), diff --git a/tests/functional/ironicapi_controller_test.go b/tests/functional/ironicapi_controller_test.go index 47b915ec..0d98b905 100644 --- a/tests/functional/ironicapi_controller_test.go +++ b/tests/functional/ironicapi_controller_test.go @@ -21,8 +21,10 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1" + "github.com/openstack-k8s-operators/ironic-operator/pkg/ironic" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" ) @@ -59,6 +61,10 @@ var _ = Describe("IronicAPI controller", func() { DeferCleanup( th.DeleteInstance, CreateIronicAPI(ironicNames.APIName, spec)) + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName) }) It("should have the Spec fields initialized", func() { instance := GetIronicAPI(ironicNames.APIName) @@ -136,12 +142,7 @@ var _ = Describe("IronicAPI controller", func() { condition.InputReadyCondition, corev1.ConditionTrue, ) - instance := GetIronicAPI(ironicNames.APIName) - apiConfigMapName := types.NamespacedName{ - Namespace: instance.Namespace, - Name: fmt.Sprintf("%s-config-data", instance.Name), - } - configDataMap := th.GetConfigMap(apiConfigMapName) + configDataMap := th.GetConfigMap(ironicNames.APIConfigDataName) Expect(configDataMap).ShouldNot(BeNil()) Expect(configDataMap.Data).Should(HaveKey("ironic.conf")) configData := string(configDataMap.Data["ironic.conf"]) @@ -151,6 +152,11 @@ var _ = Describe("IronicAPI controller", func() { // privileges but this is a good practice to follow and might be required in the // future Expect(configData).Should(ContainSubstring("service_token_roles_required = true")) + + Expect(configDataMap.Data).Should(HaveKey("my.cnf")) + configData = string(configDataMap.Data["my.cnf"]) + Expect(configData).To( + ContainSubstring("[client]\nssl=0")) }) It("Sets NetworkAttachmentsReady", func() { th.ExpectCondition( @@ -248,6 +254,10 @@ var _ = Describe("IronicAPI controller", func() { }, "caBundleSecretName": ironicNames.CaBundleSecretName.Name, } + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBTLSDatabaseCompleted(ironicNames.IronicDatabaseName) DeferCleanup( th.DeleteInstance, @@ -351,6 +361,11 @@ var _ = Describe("IronicAPI controller", func() { Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/internal.key\"")) Expect(configData).Should(ContainSubstring("SSLCertificateFile \"/etc/pki/tls/certs/public.crt\"")) Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/public.key\"")) + + Expect(configDataMap.Data).Should(HaveKey("my.cnf")) + configData = string(configDataMap.Data["my.cnf"]) + Expect(configData).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("TLS Endpoints are created", func() { diff --git a/tests/functional/ironicconductor_controller_test.go b/tests/functional/ironicconductor_controller_test.go index a9b72f22..ec8f14ae 100644 --- a/tests/functional/ironicconductor_controller_test.go +++ b/tests/functional/ironicconductor_controller_test.go @@ -22,8 +22,10 @@ import ( . "github.com/onsi/gomega" routev1 "github.com/openshift/api/route/v1" ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1" + "github.com/openstack-k8s-operators/ironic-operator/pkg/ironic" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" ) @@ -60,6 +62,10 @@ var _ = Describe("IronicConductor controller", func() { DeferCleanup( th.DeleteInstance, CreateIronicConductor(ironicNames.ConductorName, spec)) + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName) }) It("should have the Spec fields initialized", func() { instance := GetIronicConductor(ironicNames.ConductorName) @@ -130,6 +136,13 @@ var _ = Describe("IronicConductor controller", func() { condition.ServiceConfigReadyCondition, corev1.ConditionTrue, ) + configDataMap := th.GetConfigMap(ironicNames.ConductorConfigDataName) + Expect(configDataMap).ShouldNot(BeNil()) + Expect(configDataMap.Data).Should(HaveKey("ironic.conf")) + Expect(configDataMap.Data).Should(HaveKey("my.cnf")) + configData := string(configDataMap.Data["my.cnf"]) + Expect(configData).To( + ContainSubstring("[client]\nssl=0")) }) It("Sets NetworkAttachmentsReady", func() { th.ExpectCondition( @@ -218,6 +231,10 @@ var _ = Describe("IronicConductor controller", func() { DeferCleanup( th.DeleteInstance, CreateIronicConductor(ironicNames.ConductorName, spec)) + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBTLSDatabaseCompleted(ironicNames.IronicDatabaseName) }) It("reports that the CA secret is missing", func() { @@ -253,6 +270,14 @@ var _ = Describe("IronicConductor controller", func() { // cert volumeMounts container := depl.Spec.Template.Spec.Containers[1] th.AssertVolumeMountExists(ironicNames.CaBundleSecretName.Name, "tls-ca-bundle.pem", container.VolumeMounts) + + configDataMap := th.GetConfigMap(ironicNames.ConductorConfigDataName) + Expect(configDataMap).ShouldNot(BeNil()) + Expect(configDataMap.Data).Should(HaveKey("ironic.conf")) + Expect(configDataMap.Data).Should(HaveKey("my.cnf")) + configData := string(configDataMap.Data["my.cnf"]) + Expect(configData).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("reconfigures the deployment when CA changes", func() { diff --git a/tests/functional/ironicinspector_controller_test.go b/tests/functional/ironicinspector_controller_test.go index 0d584afc..137f3ec6 100644 --- a/tests/functional/ironicinspector_controller_test.go +++ b/tests/functional/ironicinspector_controller_test.go @@ -117,6 +117,14 @@ var _ = Describe("IronicInspector controller", func() { It("Creates ConfigMaps and gets Secrets (input)", func() { infra.GetTransportURL(ironicNames.InspectorTransportURLName) infra.SimulateTransportURLReady(ironicNames.InspectorTransportURLName) + mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName) + cm := th.GetConfigMap(ironicNames.InspectorConfigDataName) + myCnf := cm.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) + th.ExpectCondition( ironicNames.InspectorName, ConditionGetterFunc(IronicInspectorConditionGetter), @@ -295,6 +303,8 @@ var _ = Describe("IronicInspector controller", func() { infra.GetTransportURL(ironicNames.InspectorTransportURLName) infra.SimulateTransportURLReady(ironicNames.InspectorTransportURLName) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName) + mariadb.SimulateMariaDBTLSDatabaseCompleted(ironicNames.InspectorDatabaseName) }) It("reports that the CA secret is missing", func() { @@ -359,8 +369,6 @@ var _ = Describe("IronicInspector controller", func() { DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(ironicNames.PublicCertSecretName)) mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName) - mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName) - mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName) th.SimulateJobSuccess(ironicNames.InspectorDBSyncJobName) th.SimulateStatefulSetReplicaReady(ironicNames.InspectorName) @@ -399,6 +407,9 @@ var _ = Describe("IronicInspector controller", func() { Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/internal.key\"")) Expect(configData).Should(ContainSubstring("SSLCertificateFile \"/etc/pki/tls/certs/public.crt\"")) Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/public.key\"")) + configData = string(configDataMap.Data["my.cnf"]) + Expect(configData).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("TLS Endpoints are created", func() { @@ -407,8 +418,6 @@ var _ = Describe("IronicInspector controller", func() { DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(ironicNames.PublicCertSecretName)) mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName) - mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName) - mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName) th.SimulateJobSuccess(ironicNames.InspectorDBSyncJobName) th.SimulateStatefulSetReplicaReady(ironicNames.InspectorName) @@ -434,8 +443,6 @@ var _ = Describe("IronicInspector controller", func() { DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(ironicNames.PublicCertSecretName)) mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName) - mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName) - mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName) th.SimulateJobSuccess(ironicNames.InspectorDBSyncJobName) th.SimulateStatefulSetReplicaReady(ironicNames.InspectorName) diff --git a/tests/functional/ironicneutronagent_controller_test.go b/tests/functional/ironicneutronagent_controller_test.go index bcfa324d..b251af19 100644 --- a/tests/functional/ironicneutronagent_controller_test.go +++ b/tests/functional/ironicneutronagent_controller_test.go @@ -24,8 +24,10 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "github.com/openstack-k8s-operators/ironic-operator/pkg/ironic" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -41,6 +43,10 @@ var _ = Describe("IronicNeutronAgent controller", func() { ) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(ironicNames.Namespace)) DeferCleanup(th.DeleteInstance, CreateIronicNeutronAgent(ironicNames.INAName, GetDefaultIronicNeutronAgentSpec())) + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName) }) It("initializes Status fields", func() { instance := GetIronicNeutronAgent(ironicNames.INAName) @@ -103,6 +109,10 @@ var _ = Describe("IronicNeutronAgent controller", func() { infra.GetTransportURL(ironicNames.INATransportURLName) infra.SimulateTransportURLReady(ironicNames.INATransportURLName) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(ironicNames.Namespace)) + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName) }) It("is missing secret", func() { th.ExpectConditionWithDetails( @@ -210,6 +220,10 @@ var _ = Describe("IronicNeutronAgent controller", func() { infra.GetTransportURL(ironicNames.INATransportURLName) infra.SimulateTransportURLReady(ironicNames.INATransportURLName) DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(ironicNames.Namespace)) + mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName) + mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName) }) It("reports that the CA secret is missing", func() {