Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tlse] TLS database connection #402

Merged
merged 1 commit into from
Feb 28, 2024
Merged

[tlse] TLS database connection #402

merged 1 commit into from
Feb 28, 2024

Conversation

stuggi
Copy link
Contributor

@stuggi stuggi commented Feb 22, 2024
edited by openshift-ci bot
Loading

The my.cnf file gets added to the secret holding the service configs. The content of my.cnf is centrally managed in the mariadb-operator and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547

@openshift-ci openshift-ci bot requested review from dprince and hjensas February 22, 2024 16:28
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/b7cc43ceb31f4bc29c483d5264e3b1df

openstack-k8s-operators-content-provider FAILURE in 7m 41s
⚠️ podified-multinode-ironic-deployment SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/76d0eae8ebfd48f59e1fdd174dacf59e

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 20m 23s
podified-multinode-ironic-deployment FAILURE in 59m 41s

@stuggi stuggi force-pushed the tls_db branch 2 times, most recently from 65a577c to 4af63b8 Compare February 26, 2024 09:28
stuggi
stuggi commented Feb 27, 2024
View reviewed changes
controllers/ironicneutronagent_controller.go Outdated
@@ -647,11 +648,22 @@ func (r *IronicNeutronAgentReconciler) generateServiceConfigMaps(

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hjensas do the neutronagent even need/has access to the db?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No direct DB access in the agent.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ack, thanks. I have reverted the change to the agent. please have a look when you get to it. right now there is an issue in ci.

@stuggi
Copy link
Contributor Author

stuggi commented Feb 27, 2024

/retest

@stuggi
Copy link
Contributor Author

stuggi commented Feb 27, 2024

/test ironic-operator-build-deploy-kuttl

@stuggi
[tlse] TLS database connection
39af8d4 
The my.cnf file gets added to the secret holding the service configs.
The content of my.cnf is centrally managed in the mariadb-operator
and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547
hjensas
hjensas approved these changes Feb 28, 2024
View reviewed changes
Copy link
Contributor

@hjensas hjensas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Martin!

LGTM

@openshift-ci openshift-ci bot added the lgtm label Feb 28, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Feb 28, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hjensas, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit c793741 into openstack-k8s-operators:main Feb 28, 2024
7 checks passed
zzzeek
zzzeek reviewed Mar 6, 2024
View reviewed changes
templates/common/bin/common.sh
@@ -86,7 +86,7 @@ function common_ironic_config {
crudini --set ${SVC_CFG_MERGED} DEFAULT transport_url $TRANSPORTURL
crudini --set ${SVC_CFG_MERGED} DEFAULT rpc_transport oslo
fi
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}?read_default_file=/etc/my.cnf
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this needed to be added in ironicinspector/bin/init.sh also, and the TLS volume mounts added to ironicinspector/dbsync.go . ill fix this in my mariadbaccount patch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zzzeek zzzeek zzzeek left review comments

@hjensas hjensas hjensas approved these changes

@dprince dprince Awaiting requested review from dprince

Assignees

@hjensas hjensas

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stuggi @zzzeek @hjensas