diff --git a/controllers/amphoracontroller_controller.go b/controllers/amphoracontroller_controller.go index 15601e8d..91fad52f 100644 --- a/controllers/amphoracontroller_controller.go +++ b/controllers/amphoracontroller_controller.go @@ -260,50 +260,8 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context common.AppSelector: instance.ObjectMeta.Name, } - // Handle config map - configMapVars := make(map[string]env.Setter) - - ospSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace) - if err != nil { - if k8s_errors.IsNotFound(err) { - Log.Info(fmt.Sprintf("OpenStack secret %s not found", instance.Spec.Secret)) - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.InputReadyWaitingMessage)) - return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil - } - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.InputReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - configMapVars[ospSecret.Name] = env.SetValue(hash) - - transportURLSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Spec.TransportURLSecret, instance.Namespace) - if err != nil { - if k8s_errors.IsNotFound(err) { - Log.Info(fmt.Sprintf("TransportURL secret %s not found", instance.Spec.TransportURLSecret)) - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.InputReadyWaitingMessage)) - return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil - } - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.InputReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - configMapVars[transportURLSecret.Name] = env.SetValue(hash) + // Handle secrets + secretsVars := make(map[string]env.Setter) defaultFlavorID, err := amphoracontrollers.EnsureFlavors(ctx, instance, &r.Log, helper) if err != nil { @@ -311,23 +269,6 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context } r.Log.Info(fmt.Sprintf("Using default flavor \"%s\"", defaultFlavorID)) - templateVars := OctaviaTemplateVars{ - LbMgmtNetworkID: instance.Spec.LbMgmtNetworkID, - AmphoraDefaultFlavorID: defaultFlavorID, - LbSecurityGroupID: instance.Spec.LbSecurityGroupID, - } - - err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, templateVars, ospSecret) - if err != nil { - instance.Status.Conditions.Set(condition.FalseCondition( - condition.ServiceConfigReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.ServiceConfigReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) // @@ -362,17 +303,34 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context } if hash != "" { - configMapVars[tls.CABundleKey] = env.SetValue(hash) + secretsVars[tls.CABundleKey] = env.SetValue(hash) } } // all cert input checks out so report InputReady instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage) + templateVars := OctaviaTemplateVars{ + LbMgmtNetworkID: instance.Spec.LbMgmtNetworkID, + AmphoraDefaultFlavorID: defaultFlavorID, + LbSecurityGroupID: instance.Spec.LbSecurityGroupID, + } + + err = r.generateServiceSecrets(ctx, instance, helper, &secretsVars, templateVars) + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + condition.ServiceConfigReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.ServiceConfigReadyErrorMessage, + err.Error())) + return ctrl.Result{}, err + } + // // create hash over all the different input resources to identify if any those changed // and a restart/recreate is required. // - inputHash, err := r.createHashOfInputHashes(instance, configMapVars) + inputHash, err := r.createHashOfInputHashes(instance, secretsVars) if err != nil { return ctrl.Result{}, err } @@ -476,16 +434,58 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context return ctrl.Result{}, nil } -func (r *OctaviaAmphoraControllerReconciler) generateServiceConfigMaps( +func (r *OctaviaAmphoraControllerReconciler) generateServiceSecrets( ctx context.Context, instance *octaviav1.OctaviaAmphoraController, helper *helper.Helper, envVars *map[string]env.Setter, templateVars OctaviaTemplateVars, - ospSecret *corev1.Secret, ) error { - r.Log.Info(fmt.Sprintf("generating service config map for %s (%s)", instance.Name, instance.Kind)) + r.Log.Info(fmt.Sprintf("generating service secret for %s (%s)", instance.Name, instance.Kind)) cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(instance.ObjectMeta.Name), map[string]string{}) + + ospSecret, _, err := oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace) + if err != nil { + if k8s_errors.IsNotFound(err) { + r.Log.Info(fmt.Sprintf("OpenStack secret %s not found", instance.Spec.Secret)) + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.InputReadyWaitingMessage)) + return err + } + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.InputReadyErrorMessage, + err.Error())) + return err + } + servicePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]) + + transportURLSecret, _, err := oko_secret.GetSecret(ctx, helper, instance.Spec.TransportURLSecret, instance.Namespace) + if err != nil { + if k8s_errors.IsNotFound(err) { + r.Log.Info(fmt.Sprintf("TransportURL secret %s not found", instance.Spec.TransportURLSecret)) + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.InputReadyWaitingMessage)) + return err + } + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.InputReadyErrorMessage, + err.Error())) + return err + } + transportURL := string(transportURLSecret.Data["transport_url"]) + db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, helper, octavia.DatabaseName, instance.Spec.DatabaseAccount, instance.Namespace) if err != nil { return err @@ -614,7 +614,9 @@ func (r *OctaviaAmphoraControllerReconciler) generateServiceConfigMaps( templateParameters["TenantLogTargetList"] = strings.Join(rsyslogIPAddresses, ",") spec := instance.Spec + templateParameters["TransportURL"] = transportURL templateParameters["ServiceUser"] = spec.ServiceUser + templateParameters["Password"] = servicePassword templateParameters["KeystoneInternalURL"] = keystoneInternalURL templateParameters["KeystonePublicURL"] = keystonePublicURL templateParameters["ServiceRoleName"] = spec.Role @@ -630,12 +632,10 @@ func (r *OctaviaAmphoraControllerReconciler) generateServiceConfigMaps( // Can't do string(nil) templateParameters["ServerCAKeyPassphrase"] = "" } - // TODO(gthiemonge) store keys/passwords/passphrases in a specific config file stored in a secret templateParameters["HeartbeatKey"] = string(ospSecret.Data["OctaviaHeartbeatKey"]) // TODO(beagles): populate the template parameters cms := []util.Template{ - // ScriptsConfigMap { Name: fmt.Sprintf("%s-scripts", instance.Name), Namespace: instance.Namespace, @@ -657,11 +657,11 @@ func (r *OctaviaAmphoraControllerReconciler) generateServiceConfigMaps( err = oko_secret.EnsureSecrets(ctx, helper, instance, cms, envVars) if err != nil { - r.Log.Error(err, "unable to process config map") + r.Log.Error(err, "unable to process secrets") return err } - r.Log.Info("Service config map generated") + r.Log.Info("Service secrets generated") return nil } diff --git a/controllers/octavia_controller.go b/controllers/octavia_controller.go index 5385cda2..10606027 100644 --- a/controllers/octavia_controller.go +++ b/controllers/octavia_controller.go @@ -303,8 +303,8 @@ func (r *OctaviaReconciler) reconcileInit( Log := r.GetLogger(ctx) Log.Info("Reconciling Service init") - // ConfigMap - configMapVars := make(map[string]env.Setter) + // Secrets + secretsVars := make(map[string]env.Setter) // // check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map @@ -328,7 +328,7 @@ func (r *OctaviaReconciler) reconcileInit( err.Error())) return ctrl.Result{}, err } - configMapVars[ospSecret.Name] = env.SetValue(hash) + secretsVars[ospSecret.Name] = env.SetValue(hash) transportURLSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Status.TransportURLSecret, instance.Namespace) if err != nil { @@ -349,7 +349,7 @@ func (r *OctaviaReconciler) reconcileInit( err.Error())) return ctrl.Result{}, err } - configMapVars[transportURLSecret.Name] = env.SetValue(hash) + secretsVars[transportURLSecret.Name] = env.SetValue(hash) octaviaDb, persistenceDb, result, err := r.ensureDB(ctx, helper, instance) if err != nil { @@ -359,12 +359,11 @@ func (r *OctaviaReconciler) reconcileInit( } // - // create Configmap required for octavia input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal octavia config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the OpenStack secret via the init container + // create Secrets required for octavia input + // - %-scripts secret holding scripts to e.g. bootstrap the service + // - %-config secret holding minimal octavia config required to get the service up, user can add additional files to be added to the service // - err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, octaviaDb, persistenceDb) + err = r.generateServiceSecrets(ctx, instance, helper, &secretsVars, octaviaDb, persistenceDb) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -379,7 +378,7 @@ func (r *OctaviaReconciler) reconcileInit( // create hash over all the different input resources to identify if any those changed // and a restart/recreate is required. // - _, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configMapVars) + _, hashChanged, err := r.createHashOfInputHashes(ctx, instance, secretsVars) if err != nil { return ctrl.Result{}, err } else if hashChanged { @@ -1296,9 +1295,9 @@ func (r *OctaviaReconciler) getLocalImageURLs( return ret, nil } -// generateServiceConfigMaps - create create configmaps which hold scripts and service configuration +// generateServiceSecrets - create secrets which hold scripts and service configuration // TODO add DefaultConfigOverwrite -func (r *OctaviaReconciler) generateServiceConfigMaps( +func (r *OctaviaReconciler) generateServiceSecrets( ctx context.Context, instance *octaviav1.Octavia, h *helper.Helper, @@ -1307,10 +1306,9 @@ func (r *OctaviaReconciler) generateServiceConfigMaps( persistenceDb *mariadbv1.Database, ) error { // - // create Configmap/Secret required for octavia input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal octavia config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the ospSecret via the init container + // create Secret required for octavia input + // - %-scripts secret holding scripts to e.g. bootstrap the service + // - %-config secret holding minimal octavia config required to get the service up, user can add additional files to be added to the service // cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(octavia.ServiceName), map[string]string{}) @@ -1357,7 +1355,6 @@ func (r *OctaviaReconciler) generateServiceConfigMaps( templateParameters["ServiceUser"] = instance.Spec.ServiceUser cms := []util.Template{ - // ScriptsConfigMap { Name: fmt.Sprintf("%s-scripts", instance.Name), Namespace: instance.Namespace, @@ -1366,7 +1363,6 @@ func (r *OctaviaReconciler) generateServiceConfigMaps( AdditionalTemplate: map[string]string{"common.sh": "/common/common.sh"}, Labels: cmLabels, }, - // ConfigMap { Name: fmt.Sprintf("%s-config-data", instance.Name), Namespace: instance.Namespace, diff --git a/controllers/octaviaapi_controller.go b/controllers/octaviaapi_controller.go index bee10ee9..2fd69cc0 100644 --- a/controllers/octaviaapi_controller.go +++ b/controllers/octaviaapi_controller.go @@ -557,57 +557,8 @@ func (r *OctaviaAPIReconciler) reconcileNormal(ctx context.Context, instance *oc Log := r.GetLogger(ctx) Log.Info("Reconciling Service") - // ConfigMap - configMapVars := make(map[string]env.Setter) - - // - // check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map - // - ospSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Spec.Secret, instance.Namespace) - if err != nil { - if k8s_errors.IsNotFound(err) { - Log.Info(fmt.Sprintf("OpenStack secret %s not found", instance.Spec.Secret)) - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.InputReadyWaitingMessage)) - return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil - } - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.InputReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - configMapVars[ospSecret.Name] = env.SetValue(hash) - - transportURLSecret, hash, err := oko_secret.GetSecret(ctx, helper, instance.Spec.TransportURLSecret, instance.Namespace) - if err != nil { - if k8s_errors.IsNotFound(err) { - Log.Info(fmt.Sprintf("TransportURL secret %s not found", instance.Spec.TransportURLSecret)) - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.RequestedReason, - condition.SeverityInfo, - condition.InputReadyWaitingMessage)) - return ctrl.Result{RequeueAfter: time.Duration(10) * time.Second}, nil - } - instance.Status.Conditions.Set(condition.FalseCondition( - condition.InputReadyCondition, - condition.ErrorReason, - condition.SeverityWarning, - condition.InputReadyErrorMessage, - err.Error())) - return ctrl.Result{}, err - } - configMapVars[transportURLSecret.Name] = env.SetValue(hash) - - instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage) - - // run check OpenStack secret - end + // Secrets + secretsVars := make(map[string]env.Setter) // // TLS input validation @@ -641,7 +592,7 @@ func (r *OctaviaAPIReconciler) reconcileNormal(ctx context.Context, instance *oc } if hash != "" { - configMapVars[tls.CABundleKey] = env.SetValue(hash) + secretsVars[tls.CABundleKey] = env.SetValue(hash) } // Validate API service certs secrets @@ -664,23 +615,22 @@ func (r *OctaviaAPIReconciler) reconcileNormal(ctx context.Context, instance *oc return ctrl.Result{}, err } - configMapVars[tls.TLSHashName] = env.SetValue(certsHash) + secretsVars[tls.TLSHashName] = env.SetValue(certsHash) } // all cert input checks out so report InputReady instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage) // - // Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes + // Create Secrets required as input for the Service and calculate an overall hash of hashes // // - // create Configmap required for octavia input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal octavia config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the OpenStack secret via the init container + // create Secrets required for octavia input + // - %-scripts secret holding scripts to e.g. bootstrap the service + // - %-config secret holding minimal octavia config required to get the service up, user can add additional files to be added to the service // - err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars) + err := r.generateServiceSecrets(ctx, instance, helper, &secretsVars) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -695,7 +645,7 @@ func (r *OctaviaAPIReconciler) reconcileNormal(ctx context.Context, instance *oc // create hash over all the different input resources to identify if any those changed // and a restart/recreate is required. // - inputHash, hashChanged, err := r.createHashOfInputHashes(ctx, instance, configMapVars) + inputHash, hashChanged, err := r.createHashOfInputHashes(ctx, instance, secretsVars) if err != nil { return ctrl.Result{}, err } else if hashChanged { @@ -855,25 +805,69 @@ func (r *OctaviaAPIReconciler) reconcileNormal(ctx context.Context, instance *oc return ctrl.Result{}, nil } -// generateServiceConfigMaps - create create configmaps which hold scripts and service configuration +// generateServiceSecrets - create creates which hold scripts and service configuration // TODO add DefaultConfigOverwrite -func (r *OctaviaAPIReconciler) generateServiceConfigMaps( +func (r *OctaviaAPIReconciler) generateServiceSecrets( ctx context.Context, instance *octaviav1.OctaviaAPI, h *helper.Helper, envVars *map[string]env.Setter, ) error { Log := r.GetLogger(ctx) - Log.Info("Generating service config map") + Log.Info("Generating service secrets") // - // create Configmap/Secret required for octavia input - // - %-scripts configmap holding scripts to e.g. bootstrap the service - // - %-config configmap holding minimal octavia config required to get the service up, user can add additional files to be added to the service - // - parameters which has passwords gets added from the ospSecret via the init container + // create Secret required for octavia input + // - %-scripts secret holding scripts to e.g. bootstrap the service + // - %-config secret holding minimal octavia config required to get the service up, user can add additional files to be added to the service // cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(octavia.ServiceName), map[string]string{}) + // + // check for required OpenStack secret holding passwords for service/admin user and add hash to the vars map + // + ospSecret, _, err := oko_secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace) + if err != nil { + if k8s_errors.IsNotFound(err) { + Log.Info(fmt.Sprintf("OpenStack secret %s not found", instance.Spec.Secret)) + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.InputReadyWaitingMessage)) + return err + } + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.InputReadyErrorMessage, + err.Error())) + return err + } + servicePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]) + + transportURLSecret, _, err := oko_secret.GetSecret(ctx, h, instance.Spec.TransportURLSecret, instance.Namespace) + if err != nil { + if k8s_errors.IsNotFound(err) { + Log.Info(fmt.Sprintf("TransportURL secret %s not found", instance.Spec.TransportURLSecret)) + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + condition.InputReadyWaitingMessage)) + return err + } + instance.Status.Conditions.Set(condition.FalseCondition( + condition.InputReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + condition.InputReadyErrorMessage, + err.Error())) + return err + } + transportURL := string(transportURLSecret.Data["transport_url"]) + db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, h, octavia.DatabaseName, instance.Spec.DatabaseAccount, instance.Namespace) if err != nil { return err @@ -963,6 +957,9 @@ func (r *OctaviaAPIReconciler) generateServiceConfigMaps( ), } + templateParameters["Password"] = servicePassword + templateParameters["TransportURL"] = transportURL + templateParameters["ServiceUser"] = instance.Spec.ServiceUser templateParameters["KeystoneInternalURL"] = keystoneInternalURL templateParameters["KeystonePublicURL"] = keystonePublicURL @@ -993,7 +990,6 @@ func (r *OctaviaAPIReconciler) generateServiceConfigMaps( templateParameters["VHosts"] = httpdVhostConfig cms := []util.Template{ - // ScriptsConfigMap { Name: fmt.Sprintf("%s-scripts", instance.Name), Namespace: instance.Namespace, @@ -1002,7 +998,6 @@ func (r *OctaviaAPIReconciler) generateServiceConfigMaps( AdditionalTemplate: map[string]string{"common.sh": "/common/common.sh"}, Labels: cmLabels, }, - // ConfigMap { Name: fmt.Sprintf("%s-config-data", instance.Name), Namespace: instance.Namespace, @@ -1016,10 +1011,10 @@ func (r *OctaviaAPIReconciler) generateServiceConfigMaps( err = oko_secret.EnsureSecrets(ctx, h, instance, cms, envVars) if err != nil { - Log.Error(err, "unable to process config map") + Log.Error(err, "unable to process secrets") return err } - Log.Info("Service config map generated") + Log.Info("Service secrets generated") return nil } diff --git a/controllers/octaviarsyslog_controller.go b/controllers/octaviarsyslog_controller.go index ee60ebf6..17b152a3 100644 --- a/controllers/octaviarsyslog_controller.go +++ b/controllers/octaviarsyslog_controller.go @@ -236,10 +236,10 @@ func (r *OctaviaRsyslogReconciler) reconcileNormal(ctx context.Context, instance common.AppSelector: instance.ObjectMeta.Name, } - // Handle config map - configMapVars := make(map[string]env.Setter) + // Handle secrets + secretsVars := make(map[string]env.Setter) - err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars) + err = r.generateServiceSecrets(ctx, instance, helper, &secretsVars) if err != nil { instance.Status.Conditions.Set(condition.FalseCondition( condition.ServiceConfigReadyCondition, @@ -256,7 +256,7 @@ func (r *OctaviaRsyslogReconciler) reconcileNormal(ctx context.Context, instance // create hash over all the different input resources to identify if any those changed // and a restart/recreate is required. // - inputHash, err := r.createHashOfInputHashes(instance, configMapVars) + inputHash, err := r.createHashOfInputHashes(instance, secretsVars) if err != nil { return ctrl.Result{}, err } @@ -360,7 +360,7 @@ func (r *OctaviaRsyslogReconciler) reconcileNormal(ctx context.Context, instance return ctrl.Result{}, nil } -func (r *OctaviaRsyslogReconciler) generateServiceConfigMaps( +func (r *OctaviaRsyslogReconciler) generateServiceSecrets( ctx context.Context, instance *octaviav1.OctaviaRsyslog, helper *helper.Helper, diff --git a/pkg/amphoracontrollers/daemonset.go b/pkg/amphoracontrollers/daemonset.go index ce8e8c2d..56693615 100644 --- a/pkg/amphoracontrollers/daemonset.go +++ b/pkg/amphoracontrollers/daemonset.go @@ -162,13 +162,8 @@ func DaemonSet( } initContainerDetails := octavia.APIDetails{ - ContainerImage: instance.Spec.ContainerImage, - DatabaseHost: instance.Spec.DatabaseHostname, - DatabaseName: octavia.DatabaseName, - OSPSecret: instance.Spec.Secret, - TransportURLSecret: instance.Spec.TransportURLSecret, - UserPasswordSelector: instance.Spec.PasswordSelectors.Service, - VolumeMounts: octavia.GetInitVolumeMounts(), + ContainerImage: instance.Spec.ContainerImage, + VolumeMounts: octavia.GetInitVolumeMounts(), } daemonset.Spec.Template.Spec.InitContainers = octavia.InitContainer(initContainerDetails) diff --git a/pkg/octavia/dbsync.go b/pkg/octavia/dbsync.go index c67992bb..426e6928 100644 --- a/pkg/octavia/dbsync.go +++ b/pkg/octavia/dbsync.go @@ -87,13 +87,8 @@ func DbSyncJob( } initContainerDetails := APIDetails{ - ContainerImage: instance.Spec.OctaviaAPI.ContainerImage, - DatabaseHost: instance.Status.DatabaseHostname, - DatabaseName: DatabaseName, - PersistenceDatabaseName: PersistenceDatabaseName, - OSPSecret: instance.Spec.Secret, - UserPasswordSelector: instance.Spec.PasswordSelectors.Service, - VolumeMounts: initVolumeMounts, + ContainerImage: instance.Spec.OctaviaAPI.ContainerImage, + VolumeMounts: initVolumeMounts, } job.Spec.Template.Spec.InitContainers = InitContainer(initContainerDetails) diff --git a/pkg/octavia/initcontainer.go b/pkg/octavia/initcontainer.go index 7cd6d930..96897589 100644 --- a/pkg/octavia/initcontainer.go +++ b/pkg/octavia/initcontainer.go @@ -16,21 +16,13 @@ limitations under the License. package octavia import ( - "github.com/openstack-k8s-operators/lib-common/modules/common/env" - corev1 "k8s.io/api/core/v1" ) // APIDetails information type APIDetails struct { - ContainerImage string - DatabaseHost string - DatabaseName string - PersistenceDatabaseName string - TransportURLSecret string - OSPSecret string - UserPasswordSelector string - VolumeMounts []corev1.VolumeMount + ContainerImage string + VolumeMounts []corev1.VolumeMount } const ( @@ -47,42 +39,6 @@ func InitContainer(init APIDetails) []corev1.Container { InitContainerCommand, } - envVars := map[string]env.Setter{} - envVars["DatabaseHost"] = env.SetValue(init.DatabaseHost) - envVars["DatabaseName"] = env.SetValue(init.DatabaseName) - - envs := []corev1.EnvVar{ - { - Name: "AdminPassword", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: init.OSPSecret, - }, - Key: init.UserPasswordSelector, - }, - }, - }, - } - - // TODO(beagles): should this be conditional? It seems like it should be required. - if init.TransportURLSecret != "" { - envs = append(envs, - corev1.EnvVar{ - Name: "TransportURL", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: init.TransportURLSecret, - }, - Key: "transport_url", - }, - }, - }, - ) - } - envs = env.MergeEnvs(envs, envVars) - return []corev1.Container{ { Name: "init", @@ -94,7 +50,6 @@ func InitContainer(init APIDetails) []corev1.Container { "/bin/bash", }, Args: args, - Env: envs, VolumeMounts: GetInitVolumeMounts(), }, } diff --git a/pkg/octaviaapi/deployment.go b/pkg/octaviaapi/deployment.go index 20449fb8..9f909d2c 100644 --- a/pkg/octaviaapi/deployment.go +++ b/pkg/octaviaapi/deployment.go @@ -197,13 +197,8 @@ func Deployment( } initContainerDetails := octavia.APIDetails{ - ContainerImage: instance.Spec.ContainerImage, - DatabaseHost: instance.Spec.DatabaseHostname, - DatabaseName: octavia.DatabaseName, - OSPSecret: instance.Spec.Secret, - TransportURLSecret: instance.Spec.TransportURLSecret, - UserPasswordSelector: instance.Spec.PasswordSelectors.Service, - VolumeMounts: initVolumeMounts, + ContainerImage: instance.Spec.ContainerImage, + VolumeMounts: initVolumeMounts, } deployment.Spec.Template.Spec.InitContainers = octavia.InitContainer(initContainerDetails) diff --git a/templates/octavia/bin/init.sh b/templates/octavia/bin/init.sh index 2ce24717..759ad0c9 100755 --- a/templates/octavia/bin/init.sh +++ b/templates/octavia/bin/init.sh @@ -17,10 +17,6 @@ set -ex # This script generates the octavia.conf/logging.conf file and # copies the result to the ephemeral /var/lib/config-data/merged volume. -# -# Secrets are obtained from ENV variables. -export PASSWORD=${AdminPassword:?"Please specify a AdminPassword variable."} -export TRANSPORTURL=${TransportURL:-""} SVC_CFG=/etc/octavia/octavia.conf SVC_CFG_MERGED=/var/lib/config-data/merged/octavia.conf @@ -36,9 +32,3 @@ cp -a ${SVC_CFG} ${SVC_CFG_MERGED} for dir in /var/lib/config-data/default; do merge_config_dir ${dir} done - -# set secrets -if [ -n "$TRANSPORTURL" ]; then - crudini --set /var/lib/config-data/merged/octavia.conf DEFAULT transport_url $TRANSPORTURL -fi -crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $PASSWORD diff --git a/templates/octavia/config/octavia.conf b/templates/octavia/config/octavia.conf index 1a3b6df5..c09fa617 100644 --- a/templates/octavia/config/octavia.conf +++ b/templates/octavia/config/octavia.conf @@ -15,7 +15,6 @@ connection = {{ .DatabaseConnection }} [health_manager] health_update_threads=4 stats_update_threads=4 -# heartbeat_key=FIXMEkey1 [keystone_authtoken] username={{ .ServiceUser }} # password=FIXMEpw3 diff --git a/templates/octaviaamphoracontroller/bin/init.sh b/templates/octaviaamphoracontroller/bin/init.sh index a9602eb8..759ad0c9 100755 --- a/templates/octaviaamphoracontroller/bin/init.sh +++ b/templates/octaviaamphoracontroller/bin/init.sh @@ -17,10 +17,6 @@ set -ex # This script generates the octavia.conf/logging.conf file and # copies the result to the ephemeral /var/lib/config-data/merged volume. -# -# Secrets are obtained from ENV variables. -export PASSWORD=${AdminPassword:?"Please specify a AdminPassword variable."} -export TRANSPORTURL=${TransportURL:-""} SVC_CFG=/etc/octavia/octavia.conf SVC_CFG_MERGED=/var/lib/config-data/merged/octavia.conf @@ -36,11 +32,3 @@ cp -a ${SVC_CFG} ${SVC_CFG_MERGED} for dir in /var/lib/config-data/default; do merge_config_dir ${dir} done - -# set secrets -if [ -n "$TRANSPORTURL" ]; then - crudini --set /var/lib/config-data/merged/octavia.conf DEFAULT transport_url $TRANSPORTURL -fi -# set secrets -crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $PASSWORD -crudini --set ${SVC_CFG_MERGED} service_auth password $PASSWORD diff --git a/templates/octaviaamphoracontroller/config/octavia.conf b/templates/octaviaamphoracontroller/config/octavia.conf index f75f279d..c42936af 100644 --- a/templates/octaviaamphoracontroller/config/octavia.conf +++ b/templates/octaviaamphoracontroller/config/octavia.conf @@ -1,5 +1,6 @@ [DEFAULT] debug=True +transport_url={{ .TransportURL }} rpc_response_timeout=60 # Long timeout until jobboard is used # TODO(gthiemonge) This setting must be updated/removed when Jobboard is @@ -14,12 +15,11 @@ health_update_threads=4 stats_update_threads=4 bind_ip=:: controller_ip_port_list={{ .ControllerIPList }} -# heartbeat_key=FIXMEkey1 [keystone_authtoken] www_authenticate_uri={{ .KeystonePublicURL }} auth_url={{ .KeystoneInternalURL }} username={{ .ServiceUser }} -# password=FIXMEpw3 +password={{ .Password }} project_name=service project_domain_name=Default user_domain_name=Default @@ -69,7 +69,7 @@ disable_local_log_storage=False project_domain_name=Default project_name=service user_domain_name=Default -password=FIXMEpw3 +password={{ .Password }} username=octavia auth_type=password auth_url={{ .KeystoneInternalURL }}/v3 diff --git a/templates/octaviaapi/bin/init.sh b/templates/octaviaapi/bin/init.sh index a9602eb8..759ad0c9 100755 --- a/templates/octaviaapi/bin/init.sh +++ b/templates/octaviaapi/bin/init.sh @@ -17,10 +17,6 @@ set -ex # This script generates the octavia.conf/logging.conf file and # copies the result to the ephemeral /var/lib/config-data/merged volume. -# -# Secrets are obtained from ENV variables. -export PASSWORD=${AdminPassword:?"Please specify a AdminPassword variable."} -export TRANSPORTURL=${TransportURL:-""} SVC_CFG=/etc/octavia/octavia.conf SVC_CFG_MERGED=/var/lib/config-data/merged/octavia.conf @@ -36,11 +32,3 @@ cp -a ${SVC_CFG} ${SVC_CFG_MERGED} for dir in /var/lib/config-data/default; do merge_config_dir ${dir} done - -# set secrets -if [ -n "$TRANSPORTURL" ]; then - crudini --set /var/lib/config-data/merged/octavia.conf DEFAULT transport_url $TRANSPORTURL -fi -# set secrets -crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $PASSWORD -crudini --set ${SVC_CFG_MERGED} service_auth password $PASSWORD diff --git a/templates/octaviaapi/config/octavia.conf b/templates/octaviaapi/config/octavia.conf index 5906565a..a0b5128a 100644 --- a/templates/octaviaapi/config/octavia.conf +++ b/templates/octaviaapi/config/octavia.conf @@ -1,5 +1,6 @@ [DEFAULT] debug=True +transport_url={{ .TransportURL }} rpc_response_timeout=60 [api_settings] bind_host=192.168.1.147 @@ -15,12 +16,11 @@ connection = {{ .DatabaseConnection }} [health_manager] health_update_threads=4 stats_update_threads=4 -# heartbeat_key=FIXMEkey1 [keystone_authtoken] www_authenticate_uri={{ .KeystonePublicURL }} auth_url={{ .KeystoneInternalURL }} username={{ .ServiceUser }} -# password=FIXMEpw3 +password={{ .Password }} project_name=service project_domain_name=Default user_domain_name=Default @@ -76,7 +76,7 @@ disable_local_log_storage=False project_domain_name=Default project_name=service user_domain_name=Default -password=FIXMEpw3 +password={{ .Password }} username=octavia auth_type=password auth_url={{ .KeystoneInternalURL }}/v3 diff --git a/tests/kuttl/common/assert_sample_deployment.yaml b/tests/kuttl/common/assert_sample_deployment.yaml index 0d260c57..c073bdaf 100644 --- a/tests/kuttl/common/assert_sample_deployment.yaml +++ b/tests/kuttl/common/assert_sample_deployment.yaml @@ -152,21 +152,6 @@ spec: - /usr/local/bin/container-scripts/init.sh command: - /bin/bash - env: - - name: AdminPassword - valueFrom: - secretKeyRef: - key: OctaviaPassword - name: osp-secret - - name: TransportURL - valueFrom: - secretKeyRef: - key: transport_url - name: rabbitmq-transport-url-octavia-octavia-transport - - name: DatabaseHost - value: openstack.octavia-kuttl-tests.svc - - name: DatabaseName - value: octavia imagePullPolicy: IfNotPresent name: init resources: {} diff --git a/tests/kuttl/tests/octavia_tls/02-assert.yaml b/tests/kuttl/tests/octavia_tls/02-assert.yaml index b3505caa..6479de08 100644 --- a/tests/kuttl/tests/octavia_tls/02-assert.yaml +++ b/tests/kuttl/tests/octavia_tls/02-assert.yaml @@ -220,21 +220,6 @@ spec: - /usr/local/bin/container-scripts/init.sh command: - /bin/bash - env: - - name: AdminPassword - valueFrom: - secretKeyRef: - key: OctaviaPassword - name: osp-secret - - name: TransportURL - valueFrom: - secretKeyRef: - key: transport_url - name: rabbitmq-transport-url-octavia-octavia-transport - - name: DatabaseHost - value: openstack.octavia-kuttl-tests.svc - - name: DatabaseName - value: octavia imagePullPolicy: IfNotPresent name: init resources: {}