Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tlse] TLS database connection #402

Merged
merged 1 commit into from
Feb 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
[tlse] TLS database connection
The my.cnf file gets added to the secret holding the service configs.
The content of my.cnf is centrally managed in the mariadb-operator
and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547
  • Loading branch information
stuggi committed Feb 28, 2024
commit 39af8d40ab1eeebc95cf458174b6cdd72c31ffea
176 changes: 92 additions & 84 deletions controllers/ironic_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ import (
labels "github.com/openstack-k8s-operators/lib-common/modules/common/labels"
common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
util "github.com/openstack-k8s-operators/lib-common/modules/common/util"

ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1"
Expand Down Expand Up @@ -355,6 +356,17 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
}
}

//
// create service DB instance
//
db, result, err := r.ensureDB(ctx, helper, instance)
if err != nil {
return ctrl.Result{}, err
} else if (result != ctrl.Result{}) {
return result, nil
}
// create service DB - end

//
// Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes
//
Expand All @@ -365,7 +377,7 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
// - %-config configmap holding minimal ironic config required to get the service up, user can add additional files to be added to the service
// - parameters which has passwords gets added from the OpenStack secret via the init container
//
err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, &keystoneEndpoints)
err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, &keystoneEndpoints, db)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand Down Expand Up @@ -406,16 +418,8 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
common.AppSelector: ironic.ServiceName,
}

// Handle service init
ctrlResult, err := r.reconcileInit(ctx, instance, helper, serviceLabels)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

// Handle service update
ctrlResult, err = r.reconcileUpdate(ctx, instance, helper)
ctrlResult, err := r.reconcileUpdate(ctx, instance, helper)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
Expand Down Expand Up @@ -583,79 +587,6 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
return ctrl.Result{}, nil
}

func (r *IronicReconciler) reconcileInit(
ctx context.Context,
instance *ironicv1.Ironic,
helper *helper.Helper,
serviceLabels map[string]string,
) (ctrl.Result, error) {
Log := r.GetLogger(ctx)

Log.Info("Reconciling Ironic init")

//
// create service DB instance
//
db := mariadbv1.NewDatabase(
instance.Name,
instance.Name,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
)
// create or patch the DB
ctrlResult, err := db.CreateOrPatchDB(
ctx,
helper,
)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
}

// wait for the DB to be setup
ctrlResult, err = db.WaitForDBCreated(ctx, helper)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
}
// update Status.DatabaseHostname, used to bootstrap/config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)

// create service DB - end

Log.Info("Reconciled Ironic init successfully")
return ctrl.Result{}, nil
}

func (r *IronicReconciler) reconcileUpdate(ctx context.Context, instance *ironicv1.Ironic, helper *helper.Helper) (ctrl.Result, error) {
// Log.Info("Reconciling Ironic update")

Expand Down Expand Up @@ -817,6 +748,7 @@ func (r *IronicReconciler) generateServiceConfigMaps(
h *helper.Helper,
envVars *map[string]env.Setter,
keystoneEndpoints *ironicv1.KeystoneEndpoints,
db *mariadbv1.Database,
) error {
//
// create Configmap/Secret required for ironic input
Expand All @@ -827,11 +759,20 @@ func (r *IronicReconciler) generateServiceConfigMaps(

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

var tlsCfg *tls.Service
if instance.Spec.IronicAPI.TLS.Ca.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to /etc/ironic/ironic.conf.d
// all other files get placed into /etc/ironic to allow overwrite of e.g. policy.json
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf

}
for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
}
Expand Down Expand Up @@ -1046,3 +987,70 @@ func (r *IronicReconciler) ironicNeutronAgentDeploymentDelete(

return nil
}

func (r *IronicReconciler) ensureDB(
ctx context.Context,
h *helper.Helper,
instance *ironicv1.Ironic,
) (*mariadbv1.Database, ctrl.Result, error) {
//
// create service DB instance
//
db := mariadbv1.NewDatabase(
ironic.DatabaseName,
instance.Name,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
)

// create or patch the DB
ctrlResult, err := db.CreateOrPatchDBByName(
ctx,
h,
instance.Spec.DatabaseInstance,
)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return db, ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return db, ctrlResult, nil
}
// wait for the DB to be setup
// (ksambor) should we use WaitForDBCreatedWithTimeout instead?
ctrlResult, err = db.WaitForDBCreated(ctx, h)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return db, ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return db, ctrlResult, nil
}

// update Status.DatabaseHostname, used to config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)
return db, ctrlResult, nil
}
15 changes: 14 additions & 1 deletion controllers/ironicapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
)

// IronicAPIReconciler reconciles a IronicAPI object
Expand Down Expand Up @@ -919,10 +920,22 @@ func (r *IronicAPIReconciler) generateServiceConfigMaps(

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to be merged into /etc/ironic/ironic.conf
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
Expand Down
15 changes: 14 additions & 1 deletion controllers/ironicconductor_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/statefulset"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
)

// IronicConductorReconciler reconciles a IronicConductor object
Expand Down Expand Up @@ -758,10 +759,22 @@ func (r *IronicConductorReconciler) generateServiceConfigMaps(
Log := r.GetLogger(ctx)
cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to be merged into /etc/ironic/ironic.conf
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
Expand Down
Loading
Loading