Add an inspector ramdisk-logs sidecar

This implements the runlogwatch.sh approach of metal3[1] to write any inspection ramdisk logs to the console, making them accessable to the end user via the same mechanism as other openstack service logs. As part of this change the ramdisk logs directory needs to be moved to a directory on a volume shared by the pod. This is now /var/lib/ironic/ramdisk-logs Jira: OSPRH-1947
openstack-k8s-operators · Sep 16, 2024 · 27719e8 · 27719e8
1 parent 52d00a2
commit 27719e8
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 6 deletions.
diff --git a/controllers/ironicinspector_controller.go b/controllers/ironicinspector_controller.go
@@ -1452,8 +1452,9 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps(
 			Type:         util.TemplateTypeScripts,
 			InstanceType: instance.Kind,
 			AdditionalTemplate: map[string]string{
-				"common.sh":  "/common/bin/common.sh",
-				"get_net_ip": "/common/bin/get_net_ip",
+				"common.sh":      "/common/bin/common.sh",
+				"get_net_ip":     "/common/bin/get_net_ip",
+				"runlogwatch.sh": "/common/bin/runlogwatch.sh",
 			},
 			Labels: cmLabels,
 		},

diff --git a/pkg/ironicinspector/statefulset.go b/pkg/ironicinspector/statefulset.go
@@ -145,6 +145,7 @@ func StatefulSet(
 	httpdVolumeMounts := GetVolumeMounts("httpd")
 	inspectorVolumeMounts := GetVolumeMounts("ironic-inspector")
 	dnsmasqVolumeMounts := GetVolumeMounts("dnsmasq")
+	ramdiskLogsVolumeMounts := GetVolumeMounts("ramdisk-logs")
 	initVolumeMounts := GetInitVolumeMounts()
 
 	// add CA cert if defined
@@ -154,6 +155,7 @@ func StatefulSet(
 		inspectorVolumeMounts = append(inspectorVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 		httpbootVolumeMounts = append(httpbootVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 		dnsmasqVolumeMounts = append(dnsmasqVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
+		ramdiskLogsVolumeMounts = append(ramdiskLogsVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 		initVolumeMounts = append(initVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 	}
 
@@ -240,6 +242,24 @@ func StatefulSet(
 	}
 	containers = append(containers, httpbootContainer)
 
+	ramdiskLogsEnvVars := map[string]env.Setter{}
+	ramdiskLogsEnvVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS")
+	ramdiskLogsEnvVars["CONFIG_HASH"] = env.SetValue(configHash)
+	ramdiskLogsContainer := corev1.Container{
+		Name: "ramdisk-logs",
+		Command: []string{
+			"/bin/bash",
+		},
+		Args:         args,
+		Image:        instance.Spec.ContainerImage,
+		Env:          env.MergeEnvs([]corev1.EnvVar{}, ramdiskLogsEnvVars),
+		VolumeMounts: ramdiskLogsVolumeMounts,
+		SecurityContext: &corev1.SecurityContext{
+			RunAsUser: &runAsUser,
+		},
+	}
+	containers = append(containers, ramdiskLogsContainer)
+
 	if instance.Spec.InspectionNetwork != "" {
 		// Only include dnsmasq container if there is an inspection network
 		dnsmasqEnvVars := map[string]env.Setter{}

diff --git a/templates/ironicinspector/bin/init.sh b/templates/ironicinspector/bin/init.sh
@@ -20,6 +20,10 @@ export TRANSPORTURL=${TransportURL:-""}
 
 export CUSTOMCONF=${CustomConf:-""}
 
+if [ ! -d "/var/lib/ironic/ramdisk-logs" ]; then
+    mkdir /var/lib/ironic/ramdisk-logs
+fi
+
 SVC_CFG=/etc/ironic-inspector/inspector.conf
 SVC_CFG_MERGED=/var/lib/config-data/merged/inspector.conf
 

diff --git a/templates/ironicinspector/config/inspector.conf b/templates/ironicinspector/config/inspector.conf
@@ -67,7 +67,7 @@ enforce_new_defaults=True
 [processing]
 keep_ports=all
 processing_hooks=$default_processing_hooks,extra_hardware,lldp_basic,local_link_connection,physnet_cidr_map
-ramdisk_logs_dir=/var/log/ironic-inspector/ramdisk/
+ramdisk_logs_dir=/var/lib/ironic/ramdisk-logs/
 always_store_ramdisk_logs=True
 store_data=database
 

diff --git a/templates/ironicinspector/config/ramdisk-logs-config.json b/templates/ironicinspector/config/ramdisk-logs-config.json
@@ -0,0 +1,3 @@
+{
+    "command": "/usr/local/bin/container-scripts/runlogwatch.sh"
+}
diff --git a/tests/functional/ironicinspector_controller_test.go b/tests/functional/ironicinspector_controller_test.go
@@ -199,7 +199,7 @@ var _ = Describe("IronicInspector controller", func() {
 			// Check the resulting deployment fields
 			Expect(int(*ss.Spec.Replicas)).To(Equal(1))
 			Expect(ss.Spec.Template.Spec.Volumes).To(HaveLen(6))
-			Expect(ss.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(ss.Spec.Template.Spec.Containers).To(HaveLen(4))
 
 			// Check the ironic-inspector-httpd container
 			container := ss.Spec.Template.Spec.Containers[0]
@@ -393,7 +393,7 @@ var _ = Describe("IronicInspector controller", func() {
 			// Check the resulting deployment fields
 			Expect(int(*depl.Spec.Replicas)).To(Equal(1))
 			Expect(depl.Spec.Template.Spec.Volumes).To(HaveLen(9))
-			Expect(depl.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(depl.Spec.Template.Spec.Containers).To(HaveLen(4))
 
 			// cert deployment volumes
 			th.AssertVolumeExists(ironicNames.CaBundleSecretName.Name, depl.Spec.Template.Spec.Volumes)
@@ -483,7 +483,7 @@ var _ = Describe("IronicInspector controller", func() {
 			// Check the resulting deployment fields
 			Expect(int(*depl.Spec.Replicas)).To(Equal(1))
 			Expect(depl.Spec.Template.Spec.Volumes).To(HaveLen(9))
-			Expect(depl.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(depl.Spec.Template.Spec.Containers).To(HaveLen(4))
 
 			// Grab the current config hash
 			originalHash := GetEnvVarValue(