Skip to content

Commit

Permalink
interim migrate to MariaDBAccount generation
Browse files Browse the repository at this point in the history
  • Loading branch information
zzzeek committed Feb 5, 2024
1 parent 7c87bfa commit d0326ff
Show file tree
Hide file tree
Showing 28 changed files with 130 additions and 56 deletions.
6 changes: 3 additions & 3 deletions api/bases/glance.openstack.org_glanceapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,11 @@ spec:
items:
type: string
type: array
databaseHostname:
type: string
databaseUser:
databaseAccount:
default: glance
type: string
databaseHostname:
type: string
extraMounts:
items:
properties:
Expand Down
6 changes: 3 additions & 3 deletions api/bases/glance.openstack.org_glances.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,11 @@ spec:
items:
type: string
type: array
databaseInstance:
type: string
databaseUser:
databaseAccount:
default: glance
type: string
databaseInstance:
type: string
dbPurge:
properties:
age:
Expand Down
12 changes: 8 additions & 4 deletions api/v1beta1/glance_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,16 @@ type GlanceSpec struct {

// +kubebuilder:validation:Optional
// +kubebuilder:default=glance
// DatabaseUser - optional username used for glance DB, defaults to glance
// TODO: -> implement needs work in mariadb-operator, right now only glance
DatabaseUser string `json:"databaseUser"`
// DatabaseAccount - name of MariaDBAccount which will be used to connect.
// As an interim solution, glance-controller will
// generate the MariaDBAccount object of the given name if it's not
// present in the cluster. Later, openstack-operator will perform this
// generation and also populate this field for the Glance objects it creates
DatabaseAccount string `json:"databaseAccount"`

// +kubebuilder:validation:Required
// Secret containing OpenStack password information for glance GlanceDatabasePassword
// Secret containing OpenStack password information for glance's keystone
// password; no longer used for database password
Secret string `json:"secret"`

// +kubebuilder:validation:Optional
Expand Down
9 changes: 6 additions & 3 deletions api/v1beta1/glanceapi_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,12 @@ type GlanceAPISpec struct {

// +kubebuilder:validation:Optional
// +kubebuilder:default=glance
// DatabaseUser - optional username used for glance DB, defaults to glance
// TODO: -> implement needs work in mariadb-operator, right now only glance
DatabaseUser string `json:"databaseUser"`
// DatabaseAccount - name of MariaDBAccount which will be used to connect.
// As an interim solution, glance-controller will
// generate the MariaDBAccount object of the given name if it's not
// present in the cluster. Later, openstack-operator will perform this
// generation and also populate this field for the Glance objects it creates
DatabaseAccount string `json:"databaseAccount"`

// +kubebuilder:validation:Required
// Secret containing OpenStack password information for glance AdminPassword
Expand Down
6 changes: 3 additions & 3 deletions config/crd/bases/glance.openstack.org_glanceapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,11 @@ spec:
items:
type: string
type: array
databaseHostname:
type: string
databaseUser:
databaseAccount:
default: glance
type: string
databaseHostname:
type: string
extraMounts:
items:
properties:
Expand Down
6 changes: 3 additions & 3 deletions config/crd/bases/glance.openstack.org_glances.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,11 @@ spec:
items:
type: string
type: array
databaseInstance:
type: string
databaseUser:
databaseAccount:
default: glance
type: string
databaseInstance:
type: string
dbPurge:
properties:
age:
Expand Down
2 changes: 1 addition & 1 deletion config/samples/backends/ceph/ceph.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ spec:
rbd_store_pool = images
rbd_store_user = openstack
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
secret: osp-secret
storageClass: ""
storageRequest: 1G
Expand Down
2 changes: 1 addition & 1 deletion config/samples/backends/multistore/multistore.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
swift_store_user = service:glance
swift_store_endpoint_type = internalURL
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
glanceAPIs:
default:
debug:
Expand Down
2 changes: 1 addition & 1 deletion config/samples/glance_v1beta1_glance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
debug = true
enabled_backends=foo:bar,foo1:bar1
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
secret: osp-secret
storageClass: local-storage
storageRequest: 10G
23 changes: 22 additions & 1 deletion config/samples/glance_v1beta1_glanceapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
here-foo-config
[foo1]
here-foo1-config
databaseUser: glance
databaseAccount: glance
databaseHostname: glance
debug:
dbSync: false
Expand All @@ -34,3 +34,24 @@ spec:
# secretName: cert-public-svc
# # secret holding the tls-ca-bundle.pem to be used as a deploymend env CA bundle
# caBundleSecretName: combined-ca-bundle

---

apiVersion: mariadb.openstack.org/v1beta1
kind: MariaDBAccount
metadata:
name: glance
spec:
userName: glance
secret: glancedb-secret

---

apiVersion: v1
data:
# neutron123
DatabasePassword: bmV1dHJvbjEyMw==
kind: Secret
metadata:
name: glancedb-secret
type: Opaque
2 changes: 1 addition & 1 deletion config/samples/image_cache/image-cache.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
store_description = "RBD backend"
rbd_store_pool = images
rbd_store_user = openstack
databaseUser: glance
databaseAccount: glance
glanceAPIs:
default:
debug:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ spec:
[image_conversion]
output_format = raw
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
glanceAPI:
debug:
service: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
[image_import_opts]
image_import_plugins = [image_decompression]
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
glanceAPI:
debug:
service: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ spec:
ignore_user_roles = admin,user1
inject = "property1":"value1","property2":"value2"
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
glanceAPI:
debug:
service: false
Expand Down
2 changes: 1 addition & 1 deletion config/samples/layout/base/glance_v1beta1_glance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
debug = true
enabled_backends=foo:bar
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
secret: osp-secret
storageClass: local-storage
storageRequest: 10G
2 changes: 1 addition & 1 deletion config/samples/layout/edge/glance_v1beta1_glance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
[DEFAULT]
debug = true
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
keystoneEndpoint: central
glanceAPIs:
central:
Expand Down
2 changes: 1 addition & 1 deletion config/samples/layout/multiple/glance_v1beta1_glance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
[DEFAULT]
debug = true
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
keystoneEndpoint: api1
glanceAPIs:
api1:
Expand Down
2 changes: 1 addition & 1 deletion config/samples/layout/single/glance_v1beta1_glance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
serviceUser: glance
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
keystoneEndpoint: default
customServiceConfig: |
[DEFAULT]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
serviceUser: glance
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
keystoneEndpoint: default
customServiceConfig: |
[DEFAULT]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
enforce_scope=true
enforce_new_defaults=true
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
glanceAPI:
preserveJobs: false
replicas: 1
Expand Down
2 changes: 1 addition & 1 deletion config/samples/quotas/glance_v1beta1_glance_quota.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
spec:
serviceUser: glance
databaseInstance: openstack
databaseUser: glance
databaseAccount: glance
keystoneEndpoint: default
glanceAPIs:
default:
Expand Down
56 changes: 43 additions & 13 deletions controllers/glance_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,7 @@ func (r *GlanceReconciler) SetupWithManager(mgr ctrl.Manager) error {
For(&glancev1.Glance{}).
Owns(&glancev1.GlanceAPI{}).
Owns(&mariadbv1.MariaDBDatabase{}).
Owns(&mariadbv1.MariaDBAccount{}).
Owns(&keystonev1.KeystoneService{}).
Owns(&corev1.PersistentVolumeClaim{}).
Owns(&batchv1.Job{}).
Expand Down Expand Up @@ -263,7 +264,7 @@ func (r *GlanceReconciler) reconcileDelete(ctx context.Context, instance *glance
r.Log.Info(fmt.Sprintf("Reconciling Service '%s' delete", instance.Name))

// remove db finalizer first
db, err := mariadbv1.GetDatabaseByName(ctx, helper, instance.Name)
db, err := mariadbv1.GetDatabaseByNameAndAccount(ctx, helper, instance.Name, instance.Spec.DatabaseAccount, instance.Namespace)
if err != nil && !k8s_errors.IsNotFound(err) {
return ctrl.Result{}, err
}
Expand Down Expand Up @@ -364,19 +365,21 @@ func (r *GlanceReconciler) reconcileInit(
//
// create service DB instance
//
db := mariadbv1.NewDatabase(
instance.Name,
instance.Spec.DatabaseUser,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
db := mariadbv1.NewDatabaseForAccount(
instance.Spec.DatabaseInstance, // mariadb/galera service to target
instance.Name, // name used in CREATE DATABASE in mariadb
instance.Name, // CR name for MariaDBDatabase
instance.Spec.DatabaseAccount, // CR name for MariaDBAccount
instance.Namespace, // namespace
)

// create or patch the DB
ctrlResult, err := db.CreateOrPatchDB(
ctrlResult, err := db.CreateOrPatchDBByName(
ctx,
helper,
instance.Spec.DatabaseInstance,
)

if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
Expand Down Expand Up @@ -806,7 +809,7 @@ func (r *GlanceReconciler) apiDeploymentCreateOrUpdate(
GlanceAPITemplate: apiTemplate,
APIType: apiType,
DatabaseHostname: instance.Status.DatabaseHostname,
DatabaseUser: instance.Spec.DatabaseUser,
DatabaseAccount: instance.Spec.DatabaseAccount,
Secret: instance.Spec.Secret,
ExtraMounts: instance.Spec.ExtraMounts,
PasswordSelectors: instance.Spec.PasswordSelectors,
Expand Down Expand Up @@ -886,7 +889,34 @@ func (r *GlanceReconciler) generateServiceConfig(
) error {
labels := labels.GetLabels(instance, labels.GetGroupLabel(glance.ServiceName), serviceLabels)

ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace)
// create a new MariaDBAccount CR to be populated here.
//
// Note that we are only looking for a MariaDBAccount CR with a name
// and associated Secret, but **not** an actual mariadb username in a galera
// database. The account
// has not yet been linked to a MariaDBDatabase, so it will only exist as a
// CR in the cluster. Once linked to a MariaDBDatabase, the mariadb-operator
// will ensure it exists with rights for that database.
//
// This is an **interim** step, where later openstack-operator will
// ensure that MariaDBAccounts are created for all the services it
// initializes, and this block would no longer be present here.
// At that point the DatabaseAccount field can be set to be required.
err := mariadbv1.InterimCreateNewAccount(
ctx, h, instance.Spec.DatabaseAccount, "glance", instance.Namespace,
)

if err != nil {
return err
}
// end section that would be done by openstack-operator eventually

databaseAccount, err := mariadbv1.GetAccount(ctx, h, instance.Spec.DatabaseAccount, instance.Namespace)
if err != nil {
return err
}

dbSecret, _, err := secret.GetSecret(ctx, h, databaseAccount.Spec.Secret, instance.Namespace)
if err != nil {
return err
}
Expand All @@ -896,8 +926,8 @@ func (r *GlanceReconciler) generateServiceConfig(
templateParameters := map[string]interface{}{
"MinimalConfig": true, // This tells the template to generate a minimal config
"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s",
instance.Spec.DatabaseUser,
string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]),
databaseAccount.Spec.UserName,
string(dbSecret.Data["DatabasePassword"]),
instance.Status.DatabaseHostname,
glance.DatabaseName,
),
Expand Down
15 changes: 13 additions & 2 deletions controllers/glanceapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"strings"
"time"

mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/resource"
"k8s.io/apimachinery/pkg/fields"
Expand Down Expand Up @@ -809,6 +810,16 @@ func (r *GlanceAPIReconciler) generateServiceConfig(
return err
}

databaseAccount, err := mariadbv1.GetAccount(ctx, h, instance.Spec.DatabaseAccount, instance.Namespace)
if err != nil {
return err
}

dbSecret, _, err := secret.GetSecret(ctx, h, databaseAccount.Spec.Secret, instance.Namespace)
if err != nil {
return err
}

glanceEndpoints := glanceapi.GetGlanceEndpoints(instance.Spec.APIType)
httpdVhostConfig := map[string]interface{}{}
for endpt := range glanceEndpoints {
Expand All @@ -829,8 +840,8 @@ func (r *GlanceAPIReconciler) generateServiceConfig(
"KeystoneInternalURL": keystoneInternalURL,
"KeystonePublicURL": keystonePublicURL,
"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s",
instance.Spec.DatabaseUser,
string(ospSecret.Data[instance.Spec.PasswordSelectors.Database]),
databaseAccount.Spec.UserName,
string(dbSecret.Data["DatabasePassword"]),
instance.Spec.DatabaseHostname,
glance.DatabaseName,
),
Expand Down
Loading

0 comments on commit d0326ff

Please sign in to comment.