[tlse] TLS database connection

The my.cnf file gets added to the secret holding the service configs. The content of my.cnf is centrally managed in the mariadb-operator and retrieved calling db.GetDatabaseClientConfig(tlsCfg) Depends-On: openstack-k8s-operators/mariadb-operator#190 Depends-On: openstack-k8s-operators/mariadb-operator#191 Jira: OSPRH-4547
stuggi · Mar 6, 2024 · a0781bd · a0781bd
1 parent 659a843
commit a0781bd
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 2 deletions.
diff --git a/controllers/autoscaling_controller.go b/controllers/autoscaling_controller.go
@@ -49,6 +49,7 @@ import (
 	labels "github.com/openstack-k8s-operators/lib-common/modules/common/labels"
 	common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
 	secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	util "github.com/openstack-k8s-operators/lib-common/modules/common/util"
 
 	heatv1 "github.com/openstack-k8s-operators/heat-operator/api/v1beta1"
@@ -519,7 +520,22 @@ func (r *AutoscalingReconciler) generateServiceConfig(
 	mc *memcachedv1.Memcached,
 ) error {
 	cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(autoscaling.ServiceName), map[string]string{})
-	customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.Aodh.CustomServiceConfig}
+
+	// the aodh controller currently creates the db with the user
+	db, err := mariadbv1.GetDatabaseByName(ctx, h, instance.Spec.Aodh.DatabaseUser)
+	if err != nil {
+		return err
+	}
+
+	var tlsCfg *tls.Service
+	if instance.Spec.Aodh.TLS.CaBundleSecretName != "" {
+		tlsCfg = &tls.Service{}
+	}
+
+	customData := map[string]string{
+		common.CustomServiceConfigFileName: instance.Spec.Aodh.CustomServiceConfig,
+		"my.cnf":                           db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
+	}
 	for key, data := range instance.Spec.Aodh.DefaultConfigOverwrite {
 		customData[key] = data
 	}
@@ -553,7 +569,7 @@ func (r *AutoscalingReconciler) generateServiceConfig(
 		"PrometheusPort":           instance.Status.PrometheusPort,
 		"MemcachedServers":         strings.Join(mc.Status.ServerList, ","),
 		"MemcachedServersWithInet": strings.Join(mc.Status.ServerListWithInet, ","),
-		"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s",
+		"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf",
 			instance.Spec.Aodh.DatabaseUser,
 			string(ospSecret.Data[instance.Spec.Aodh.PasswordSelectors.Database]),
 			instance.Status.DatabaseHostname,

diff --git a/templates/autoscaling/config/aodh-api-config.json b/templates/autoscaling/config/aodh-api-config.json
@@ -47,6 +47,12 @@
         "perm": "0400",
         "optional": true,
         "merge": true
+    },
+    {
+        "source": "/var/lib/config-data/config/my.cnf",
+        "dest": "/etc/my.cnf",
+        "owner": "aodh",
+        "perm": "0644"
     }
     ]
 }
diff --git a/templates/autoscaling/config/aodh-dbsync-config.json b/templates/autoscaling/config/aodh-dbsync-config.json
@@ -13,6 +13,12 @@
                         "owner": "aodh",
                         "perm": "0600",
                         "optional": true
+                },
+                {
+                        "source": "/var/lib/config-data/config/my.cnf",
+                        "dest": "/etc/my.cnf",
+                        "owner": "aodh",
+                        "perm": "0644"
                 }
         ]
 }
diff --git a/templates/autoscaling/config/aodh-evaluator-config.json b/templates/autoscaling/config/aodh-evaluator-config.json
@@ -19,6 +19,12 @@
         "dest": "/etc/openstack/prometheus.yaml",
         "owner": "aodh",
         "perm": "0600"
+      },
+      {
+        "source": "/var/lib/config-data/config/my.cnf",
+        "dest": "/etc/my.cnf",
+        "owner": "aodh",
+        "perm": "0644"
       }
     ]
   }
diff --git a/templates/autoscaling/config/aodh-listener-config.json b/templates/autoscaling/config/aodh-listener-config.json
@@ -13,6 +13,12 @@
         "owner": "aodh",
         "perm": "0600",
         "optional": true
+      },
+      {
+        "source": "/var/lib/config-data/config/my.cnf",
+        "dest": "/etc/my.cnf",
+        "owner": "aodh",
+        "perm": "0644"
       }
     ]
   }
diff --git a/templates/autoscaling/config/aodh-notifier-config.json b/templates/autoscaling/config/aodh-notifier-config.json
@@ -13,6 +13,12 @@
         "owner": "aodh",
         "perm": "0600",
         "optional": true
+      },
+      {
+        "source": "/var/lib/config-data/config/my.cnf",
+        "dest": "/etc/my.cnf",
+        "owner": "aodh",
+        "perm": "0644"
       }
     ]
   }