Skip to content

Commit

Permalink
t
Browse files Browse the repository at this point in the history
Signed-off-by: Martin Schuppert <[email protected]>
  • Loading branch information
stuggi committed Jan 9, 2025
1 parent 16c3ed8 commit 3950748
Show file tree
Hide file tree
Showing 7 changed files with 80 additions and 6 deletions.
8 changes: 8 additions & 0 deletions api/bases/keystone.openstack.org_keystoneapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,14 @@ spec:
httpdCustomization:
description: HttpdCustomization - customize the httpd service
properties:
overrideSecret:
description: |-
OverrideSecret - secret holding httpd conf to override/extend the vhost endpoint config.
All files get mounted into conf.d/override/ and included at the top of the vhost using
`Include conf.d/override/*.conf`
For information on how sections in httpd configuration get merged, check section
"How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
type: string
processNumber:
default: 3
description: ProcessNumber - Number of processes running in keystone
Expand Down
8 changes: 8 additions & 0 deletions api/v1beta1/keystoneapi_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,14 @@ type HttpdCustomization struct {
// +kubebuilder:validation:Minimum=1
// ProcessNumber - Number of processes running in keystone API
ProcessNumber *int32 `json:"processNumber"`

// +kubebuilder:validation:Optional
// OverrideSecret - secret holding httpd conf to override/extend the vhost endpoint config.
// All files get mounted into conf.d/override/ and included at the top of the vhost using
// `Include conf/httpdOverride_*.conf`
// For information on how sections in httpd configuration get merged, check section
// "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
OverrideSecret *string `json:"overrideSecret,omitempty"`
}

// KeystoneAPIStatus defines the observed state of KeystoneAPI
Expand Down
5 changes: 5 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions config/crd/bases/keystone.openstack.org_keystoneapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,14 @@ spec:
httpdCustomization:
description: HttpdCustomization - customize the httpd service
properties:
overrideSecret:
description: |-
OverrideSecret - secret holding httpd conf to override/extend the vhost endpoint config.
All files get mounted into conf.d/override/ and included at the top of the vhost using
`Include conf.d/override/*.conf`
For information on how sections in httpd configuration get merged, check section
"How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
type: string
processNumber:
default: 3
description: ProcessNumber - Number of processes running in keystone
Expand Down
40 changes: 36 additions & 4 deletions controllers/keystoneapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,17 +233,19 @@ func (r *KeystoneAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request)

// fields to index to reconcile when change
const (
passwordSecretField = ".spec.secret"
caBundleSecretNameField = ".spec.tls.caBundleSecretName"
tlsAPIInternalField = ".spec.tls.api.internal.secretName"
tlsAPIPublicField = ".spec.tls.api.public.secretName"
passwordSecretField = ".spec.secret"
caBundleSecretNameField = ".spec.tls.caBundleSecretName"
tlsAPIInternalField = ".spec.tls.api.internal.secretName"
tlsAPIPublicField = ".spec.tls.api.public.secretName"
httpdOverrideSecretField = ".spec.httpdCustomization.overrideSecret"
)

var allWatchFields = []string{
passwordSecretField,
caBundleSecretNameField,
tlsAPIInternalField,
tlsAPIPublicField,
httpdOverrideSecretField,
}

// SetupWithManager -
Expand Down Expand Up @@ -298,6 +300,18 @@ func (r *KeystoneAPIReconciler) SetupWithManager(ctx context.Context, mgr ctrl.M
return err
}

// index httpdOverrideSecretField
if err := mgr.GetFieldIndexer().IndexField(context.Background(), &keystonev1.KeystoneAPI{}, httpdOverrideSecretField, func(rawObj client.Object) []string {
// Extract the secret name from the spec, if one is provided
cr := rawObj.(*keystonev1.KeystoneAPI)
if cr.Spec.HttpdCustomization.OverrideSecret == nil {
return nil
}
return []string{*cr.Spec.HttpdCustomization.OverrideSecret}
}); err != nil {
return err
}

memcachedFn := func(ctx context.Context, o client.Object) []reconcile.Request {
result := []reconcile.Request{}

Expand Down Expand Up @@ -1201,6 +1215,14 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps(
"fernetMaxActiveKeys": instance.Spec.FernetMaxActiveKeys,
}

httpdOverrideSecret := &corev1.Secret{}
if instance.Spec.HttpdCustomization.OverrideSecret != nil && *instance.Spec.HttpdCustomization.OverrideSecret != "" {
httpdOverrideSecret, _, err = oko_secret.GetSecret(ctx, h, *instance.Spec.HttpdCustomization.OverrideSecret, instance.Namespace)
if err != nil {
return err
}
}

// create httpd vhost template parameters
httpdVhostConfig := map[string]interface{}{}
for _, endpt := range []service.Endpoint{service.EndpointInternal, service.EndpointPublic} {
Expand All @@ -1212,6 +1234,16 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps(
endptConfig["SSLCertificateFile"] = fmt.Sprintf("/etc/pki/tls/certs/%s.crt", endpt.String())
endptConfig["SSLCertificateKeyFile"] = fmt.Sprintf("/etc/pki/tls/private/%s.key", endpt.String())
}

endptConfig["Override"] = false
if len(httpdOverrideSecret.Data) > 0 {
endptConfig["Override"] = true
for key, data := range httpdOverrideSecret.Data {
if len(data) > 0 {
customData["httpd_override_"+endpt.String()+"_"+key] = string(data)
}
}
}
httpdVhostConfig[endpt.String()] = endptConfig
}
templateParameters["VHosts"] = httpdVhostConfig
Expand Down
6 changes: 6 additions & 0 deletions templates/keystoneapi/config/httpd.conf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ CustomLog /dev/stdout proxy env=forwarded
{{ range $endpt, $vhost := .VHosts }}
# {{ $endpt }} vhost {{ $vhost.ServerName }} configuration
<VirtualHost *:5000>

ServerName {{ $vhost.ServerName }}

## Vhost docroot
Expand Down Expand Up @@ -57,5 +58,10 @@ CustomLog /dev/stdout proxy env=forwarded
WSGIProcessGroup {{ $endpt }}
WSGIScriptAlias / "/usr/bin/keystone-wsgi-public"
WSGIPassAuthorization On

{{- if $vhost.Override }}
Include conf/httpd_override_{{ $endpt }}_*.conf
{{- end }}

</VirtualHost>
{{ end }}
11 changes: 9 additions & 2 deletions templates/keystoneapi/config/keystone-api-config.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@
{
"source": "/var/lib/config-data/default/httpd.conf",
"dest": "/etc/httpd/conf/httpd.conf",
"owner": "root",
"owner": "apache",
"perm": "0644"
},
{
"source": "/var/lib/config-data/default/ssl.conf",
"dest": "/etc/httpd/conf.d/ssl.conf",
"owner": "root",
"owner": "apache",
"perm": "0644"
},
{
Expand Down Expand Up @@ -58,6 +58,13 @@
"dest": "/etc/my.cnf",
"owner": "keystone",
"perm": "0644"
},
{
"source": "/var/lib/config-data/default/httpd_override_*",
"dest": "/etc/httpd/conf/",
"owner": "apache",
"perm": "0444",
"optional": true
}
]
}

0 comments on commit 3950748

Please sign in to comment.