Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tlse] TLS database connection #402

Merged
merged 1 commit into from
Feb 28, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
[tlse] TLS database connection
The my.cnf file gets added to the secret holding the service configs.
The content of my.cnf is centrally managed in the mariadb-operator
and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547
stuggi committed Feb 28, 2024
commit 39af8d40ab1eeebc95cf458174b6cdd72c31ffea
176 changes: 92 additions & 84 deletions controllers/ironic_controller.go
Original file line number Diff line number Diff line change
@@ -35,6 +35,7 @@ import (
labels "github.com/openstack-k8s-operators/lib-common/modules/common/labels"
common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
oko_secret "github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
util "github.com/openstack-k8s-operators/lib-common/modules/common/util"

ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1"
@@ -355,6 +356,17 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
}
}

//
// create service DB instance
//
db, result, err := r.ensureDB(ctx, helper, instance)
if err != nil {
return ctrl.Result{}, err
} else if (result != ctrl.Result{}) {
return result, nil
}
// create service DB - end

//
// Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes
//
@@ -365,7 +377,7 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
// - %-config configmap holding minimal ironic config required to get the service up, user can add additional files to be added to the service
// - parameters which has passwords gets added from the OpenStack secret via the init container
//
err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, &keystoneEndpoints)
err = r.generateServiceConfigMaps(ctx, instance, helper, &configMapVars, &keystoneEndpoints, db)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
@@ -406,16 +418,8 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
common.AppSelector: ironic.ServiceName,
}

// Handle service init
ctrlResult, err := r.reconcileInit(ctx, instance, helper, serviceLabels)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

// Handle service update
ctrlResult, err = r.reconcileUpdate(ctx, instance, helper)
ctrlResult, err := r.reconcileUpdate(ctx, instance, helper)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
@@ -583,79 +587,6 @@ func (r *IronicReconciler) reconcileNormal(ctx context.Context, instance *ironic
return ctrl.Result{}, nil
}

func (r *IronicReconciler) reconcileInit(
ctx context.Context,
instance *ironicv1.Ironic,
helper *helper.Helper,
serviceLabels map[string]string,
) (ctrl.Result, error) {
Log := r.GetLogger(ctx)

Log.Info("Reconciling Ironic init")

//
// create service DB instance
//
db := mariadbv1.NewDatabase(
instance.Name,
instance.Name,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
)
// create or patch the DB
ctrlResult, err := db.CreateOrPatchDB(
ctx,
helper,
)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
}

// wait for the DB to be setup
ctrlResult, err = db.WaitForDBCreated(ctx, helper)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
}
// update Status.DatabaseHostname, used to bootstrap/config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)

// create service DB - end

Log.Info("Reconciled Ironic init successfully")
return ctrl.Result{}, nil
}

func (r *IronicReconciler) reconcileUpdate(ctx context.Context, instance *ironicv1.Ironic, helper *helper.Helper) (ctrl.Result, error) {
// Log.Info("Reconciling Ironic update")

@@ -817,6 +748,7 @@ func (r *IronicReconciler) generateServiceConfigMaps(
h *helper.Helper,
envVars *map[string]env.Setter,
keystoneEndpoints *ironicv1.KeystoneEndpoints,
db *mariadbv1.Database,
) error {
//
// create Configmap/Secret required for ironic input
@@ -827,11 +759,20 @@ func (r *IronicReconciler) generateServiceConfigMaps(

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

var tlsCfg *tls.Service
if instance.Spec.IronicAPI.TLS.Ca.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to /etc/ironic/ironic.conf.d
// all other files get placed into /etc/ironic to allow overwrite of e.g. policy.json
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf

}
for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
}
@@ -1046,3 +987,70 @@ func (r *IronicReconciler) ironicNeutronAgentDeploymentDelete(

return nil
}

func (r *IronicReconciler) ensureDB(
ctx context.Context,
h *helper.Helper,
instance *ironicv1.Ironic,
) (*mariadbv1.Database, ctrl.Result, error) {
//
// create service DB instance
//
db := mariadbv1.NewDatabase(
ironic.DatabaseName,
instance.Name,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
)

// create or patch the DB
ctrlResult, err := db.CreateOrPatchDBByName(
ctx,
h,
instance.Spec.DatabaseInstance,
)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return db, ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return db, ctrlResult, nil
}
// wait for the DB to be setup
// (ksambor) should we use WaitForDBCreatedWithTimeout instead?
ctrlResult, err = db.WaitForDBCreated(ctx, h)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return db, ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return db, ctrlResult, nil
}

// update Status.DatabaseHostname, used to config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)
return db, ctrlResult, nil
}
15 changes: 14 additions & 1 deletion controllers/ironicapi_controller.go
Original file line number Diff line number Diff line change
@@ -58,6 +58,7 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
)

// IronicAPIReconciler reconciles a IronicAPI object
@@ -919,10 +920,22 @@ func (r *IronicAPIReconciler) generateServiceConfigMaps(

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to be merged into /etc/ironic/ironic.conf
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
15 changes: 14 additions & 1 deletion controllers/ironicconductor_controller.go
Original file line number Diff line number Diff line change
@@ -60,6 +60,7 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/statefulset"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
)

// IronicConductorReconciler reconciles a IronicConductor object
@@ -758,10 +759,22 @@ func (r *IronicConductorReconciler) generateServiceConfigMaps(
Log := r.GetLogger(ctx)
cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})

db, err := mariadbv1.GetDatabaseByName(ctx, h, ironic.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to be merged into /etc/ironic/ironic.conf
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
50 changes: 29 additions & 21 deletions controllers/ironicinspector_controller.go
Original file line number Diff line number Diff line change
@@ -461,6 +461,7 @@ func (r *IronicInspectorReconciler) reconcileConfigMapsAndSecrets(
ctx context.Context,
instance *ironicv1.IronicInspector,
helper *helper.Helper,
db *mariadbv1.Database,
) (ctrl.Result, string, error) {
// ConfigMap
configMapVars := make(map[string]env.Setter)
@@ -567,7 +568,8 @@ func (r *IronicInspectorReconciler) reconcileConfigMapsAndSecrets(
ctx,
instance,
helper,
&configMapVars)
&configMapVars,
db)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
@@ -697,6 +699,11 @@ func (r *IronicInspectorReconciler) reconcileNormal(

Log.Info("Reconciling Ironic Inspector")

serviceLabels := map[string]string{
common.AppSelector: ironic.ServiceName,
common.ComponentSelector: ironic.InspectorComponent,
}

if ironicv1.GetOwningIronicName(instance) == "" {
// Service account, role, binding
rbacResult, err := common_rbac.ReconcileRbac(ctx, helper, instance, getCommonRbacRules())
@@ -725,7 +732,14 @@ func (r *IronicInspectorReconciler) reconcileNormal(
return ctrlResult, nil
}

ctrlResult, inputHash, err := r.reconcileConfigMapsAndSecrets(ctx, instance, helper)
db, ctrlResult, err := r.reconcileServiceDBinstance(ctx, instance, helper, serviceLabels)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

ctrlResult, inputHash, err := r.reconcileConfigMapsAndSecrets(ctx, instance, helper, db)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
@@ -736,11 +750,6 @@ func (r *IronicInspectorReconciler) reconcileNormal(
// TODO check when/if Init, Update, or Upgrade should/could be skipped
//

serviceLabels := map[string]string{
common.AppSelector: ironic.ServiceName,
common.ComponentSelector: ironic.InspectorComponent,
}

// networks to attach to
for _, netAtt := range instance.Spec.NetworkAttachments {
_, err := nad.GetNADWithName(ctx, helper, netAtt, instance.Namespace)
@@ -910,7 +919,7 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance(
instance *ironicv1.IronicInspector,
helper *helper.Helper,
serviceLabels map[string]string,
) (ctrl.Result, error) {
) (*mariadbv1.Database, ctrl.Result, error) {
databaseName := strings.Replace(instance.Name, "-", "_", -1)
db := mariadbv1.NewDatabase(
databaseName,
@@ -934,15 +943,15 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance(
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
return db, ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
return db, ctrlResult, nil
}

// wait for the DB to be setup
@@ -954,23 +963,23 @@ func (r *IronicInspectorReconciler) reconcileServiceDBinstance(
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrlResult, err
return db, ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
return db, ctrlResult, nil
}
// update Status.DatabaseHostname, used to bootstrap/config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(
condition.DBReadyCondition,
condition.DBReadyMessage)

return ctrl.Result{}, nil
return db, ctrl.Result{}, nil
}

func (r *IronicInspectorReconciler) reconcileServiceDBsync(
@@ -1236,14 +1245,7 @@ func (r *IronicInspectorReconciler) reconcileInit(

Log.Info("Reconciling Ironic Inspector init")

ctrlResult, err := r.reconcileServiceDBinstance(ctx, instance, helper, serviceLabels)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

ctrlResult, err = r.reconcileServiceDBsync(ctx, instance, helper, serviceLabels)
ctrlResult, err := r.reconcileServiceDBsync(ctx, instance, helper, serviceLabels)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
@@ -1304,6 +1306,7 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps(
instance *ironicv1.IronicInspector,
h *helper.Helper,
envVars *map[string]env.Setter,
db *mariadbv1.Database,
) error {
//
// create Configmap/Secret required for ironic-inspector input
@@ -1319,13 +1322,18 @@ func (r *IronicInspectorReconciler) generateServiceConfigMaps(
labels.GetGroupLabel(ironic.ServiceName),
map[string]string{})
Log := r.GetLogger(ctx)
var tlsCfg *tls.Service
if instance.Spec.TLS.Ca.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}
// customData hold any customization for the service.
// custom.conf is going to /etc/ironic-inspector/inspector.conf.d
// all other files get placed into /etc/ironic-inspector to allow
// overwrite of e.g. policy.json.
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{
common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}
for key, data := range instance.Spec.DefaultConfigOverwrite {
customData[key] = data
1 change: 0 additions & 1 deletion controllers/ironicneutronagent_controller.go
Original file line number Diff line number Diff line change
@@ -651,7 +651,6 @@ func (r *IronicNeutronAgentReconciler) generateServiceConfigMaps(
// custom.conf is going to be merged into /etc/ironic/ironic.conf
// TODO: make sure custom.conf can not be overwritten
customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData[common.CustomServiceConfigFileName] = instance.Spec.CustomServiceConfig

keystoneAPI, err := keystonev1.GetKeystoneAPI(ctx, h, instance.Namespace, map[string]string{})
if err != nil {
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ require (
github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240219094943-9bbb46c9afba
github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885
github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e
k8s.io/api v0.28.3
k8s.io/apimachinery v0.28.3
k8s.io/client-go v0.28.3
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
@@ -101,8 +101,8 @@ github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.2024021
github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:8QsCFttAm+X6A8I8EQThGjNjeMAYt2hK7ivbvnR3434=
github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 h1:ioJ2MO3vAcBkLM+0UBu5IuKW/DPXcyiNSOLq0Xvn+Nw=
github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:82nzS+DbBe1tzaMvNHH8FctmZzQ14ZAJysFGsMJiivo=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798 h1:zL4DdQ5HPXCLHeRMAWC2zI7ypbkZVYg3UkyEFSnzeow=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e h1:6vqp5HZwcGvPH0MII/23iCd97T3/1HJZlONKW6LyNio=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
2 changes: 1 addition & 1 deletion templates/common/bin/common.sh
Original file line number Diff line number Diff line change
@@ -86,7 +86,7 @@ function common_ironic_config {
crudini --set ${SVC_CFG_MERGED} DEFAULT transport_url $TRANSPORTURL
crudini --set ${SVC_CFG_MERGED} DEFAULT rpc_transport oslo
fi
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}
crudini --set ${SVC_CFG_MERGED} database connection mysql+pymysql://${DBUSER}:${DBPASSWORD}@${DBHOST}/${DB}?read_default_file=/etc/my.cnf
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this needed to be added in ironicinspector/bin/init.sh also, and the TLS volume mounts added to ironicinspector/dbsync.go . ill fix this in my mariadbaccount patch

crudini --set ${SVC_CFG_MERGED} keystone_authtoken password $IRONICPASSWORD
crudini --set ${SVC_CFG_MERGED} service_catalog password $IRONICPASSWORD
crudini --set ${SVC_CFG_MERGED} cinder password $IRONICPASSWORD
6 changes: 6 additions & 0 deletions templates/ironic/config/db-sync-config.json
Original file line number Diff line number Diff line change
@@ -12,6 +12,12 @@
"dest": "/etc/ironic/ironic.conf.d/custom.conf",
"owner": "ironic",
"perm": "0600"
},
{
"source": "/var/lib/config-data/merged/my.cnf",
"dest": "/etc/my.cnf",
"owner": "ironic",
"perm": "0644"
}
],
"permissions": [
6 changes: 6 additions & 0 deletions templates/ironicapi/config/ironic-api-config.json
Original file line number Diff line number Diff line change
@@ -40,6 +40,12 @@
"perm": "0600",
"optional": true,
"merge": true
},
{
"source": "/var/lib/config-data/merged/my.cnf",
"dest": "/etc/my.cnf",
"owner": "ironic",
"perm": "0644"
}
],
"permissions": [
6 changes: 6 additions & 0 deletions templates/ironicconductor/config/ironic-conductor-config.json
Original file line number Diff line number Diff line change
@@ -12,6 +12,12 @@
"dest": "/etc/ironic/ironic.conf.d/custom.conf",
"owner": "ironic",
"perm": "0600"
},
{
"source": "/var/lib/config-data/merged/my.cnf",
"dest": "/etc/my.cnf",
"owner": "ironic",
"perm": "0644"
}
],
"permissions": [
6 changes: 6 additions & 0 deletions templates/ironicinspector/config/db-sync-config.json
Original file line number Diff line number Diff line change
@@ -12,6 +12,12 @@
"dest": "/etc/ironic-inspector/inspector.conf.d/custom.conf",
"owner": "ironic-inspector",
"perm": "0600"
},
{
"source": "/var/lib/config-data/merged/my.cnf",
"dest": "/etc/my.cnf",
"owner": "ironic-inspector",
"perm": "0644"
}
],
"permissions": [
6 changes: 6 additions & 0 deletions templates/ironicinspector/config/ironic-inspector-config.json
Original file line number Diff line number Diff line change
@@ -12,6 +12,12 @@
"dest": "/etc/ironic-inspector/inspector.conf.d/custom.conf",
"owner": "ironic-inspector",
"perm": "0600"
},
{
"source": "/var/lib/config-data/merged/my.cnf",
"dest": "/etc/my.cnf",
"owner": "ironic-inspector",
"perm": "0644"
}
],
"permissions": [
10 changes: 10 additions & 0 deletions tests/functional/base_test.go
Original file line number Diff line number Diff line change
@@ -48,6 +48,7 @@ const (
type IronicNames struct {
Namespace string
IronicName types.NamespacedName
IronicConfigDataName types.NamespacedName
IronicRole types.NamespacedName
IronicRoleBinding types.NamespacedName
IronicServiceAccount types.NamespacedName
@@ -61,6 +62,7 @@ type IronicNames struct {
APIRoleBinding types.NamespacedName
APIConfigDataName types.NamespacedName
ConductorName types.NamespacedName
ConductorConfigDataName types.NamespacedName
ConductorServiceAccount types.NamespacedName
ConductorRole types.NamespacedName
ConductorRoleBinding types.NamespacedName
@@ -110,6 +112,10 @@ func GetIronicNames(
Namespace: ironic.Namespace,
Name: ironic.Name,
},
IronicConfigDataName: types.NamespacedName{
Namespace: ironic.Namespace,
Name: ironic.Name + "-config-data",
},
IronicTransportURLName: types.NamespacedName{
Namespace: ironic.Namespace,
Name: ironic.Name + "-transport",
@@ -158,6 +164,10 @@ func GetIronicNames(
Namespace: ironicConductor.Namespace,
Name: ironicConductor.Name,
},
ConductorConfigDataName: types.NamespacedName{
Namespace: ironicAPI.Namespace,
Name: "ironic-conductor-config-data",
},
ConductorServiceAccount: types.NamespacedName{
Namespace: ironicConductor.Namespace,
Name: "ironicconductor-" + ironicConductor.Name,
7 changes: 7 additions & 0 deletions tests/functional/ironic_controller_test.go
Original file line number Diff line number Diff line change
@@ -133,6 +133,13 @@ var _ = Describe("Ironic controller", func() {
It("Creates ConfigMaps and gets Secrets (input) and set Hash of inputs", func() {
infra.GetTransportURL(ironicNames.IronicTransportURLName)
infra.SimulateTransportURLReady(ironicNames.IronicTransportURLName)
mariadb.GetMariaDBDatabase(ironicNames.IronicDatabaseName)
mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName)
cm := th.GetConfigMap(ironicNames.IronicConfigDataName)
myCnf := cm.Data["my.cnf"]
Expect(myCnf).To(
ContainSubstring("[client]\nssl=0"))
th.ExpectCondition(
ironicNames.IronicName,
ConditionGetterFunc(IronicConditionGetter),
27 changes: 21 additions & 6 deletions tests/functional/ironicapi_controller_test.go
Original file line number Diff line number Diff line change
@@ -21,8 +21,10 @@ import (
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1"
"github.com/openstack-k8s-operators/ironic-operator/pkg/ironic"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
. "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
)
@@ -59,6 +61,10 @@ var _ = Describe("IronicAPI controller", func() {
DeferCleanup(
th.DeleteInstance,
CreateIronicAPI(ironicNames.APIName, spec))
mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{})
mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{})
mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName)
})
It("should have the Spec fields initialized", func() {
instance := GetIronicAPI(ironicNames.APIName)
@@ -136,12 +142,7 @@ var _ = Describe("IronicAPI controller", func() {
condition.InputReadyCondition,
corev1.ConditionTrue,
)
instance := GetIronicAPI(ironicNames.APIName)
apiConfigMapName := types.NamespacedName{
Namespace: instance.Namespace,
Name: fmt.Sprintf("%s-config-data", instance.Name),
}
configDataMap := th.GetConfigMap(apiConfigMapName)
configDataMap := th.GetConfigMap(ironicNames.APIConfigDataName)
Expect(configDataMap).ShouldNot(BeNil())
Expect(configDataMap.Data).Should(HaveKey("ironic.conf"))
configData := string(configDataMap.Data["ironic.conf"])
@@ -151,6 +152,11 @@ var _ = Describe("IronicAPI controller", func() {
// privileges but this is a good practice to follow and might be required in the
// future
Expect(configData).Should(ContainSubstring("service_token_roles_required = true"))

Expect(configDataMap.Data).Should(HaveKey("my.cnf"))
configData = string(configDataMap.Data["my.cnf"])
Expect(configData).To(
ContainSubstring("[client]\nssl=0"))
})
It("Sets NetworkAttachmentsReady", func() {
th.ExpectCondition(
@@ -248,6 +254,10 @@ var _ = Describe("IronicAPI controller", func() {
},
"caBundleSecretName": ironicNames.CaBundleSecretName.Name,
}
mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{})
mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{})
mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName)
mariadb.SimulateMariaDBTLSDatabaseCompleted(ironicNames.IronicDatabaseName)

DeferCleanup(
th.DeleteInstance,
@@ -351,6 +361,11 @@ var _ = Describe("IronicAPI controller", func() {
Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/internal.key\""))
Expect(configData).Should(ContainSubstring("SSLCertificateFile \"/etc/pki/tls/certs/public.crt\""))
Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/public.key\""))

Expect(configDataMap.Data).Should(HaveKey("my.cnf"))
configData = string(configDataMap.Data["my.cnf"])
Expect(configData).To(
ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1"))
})

It("TLS Endpoints are created", func() {
25 changes: 25 additions & 0 deletions tests/functional/ironicconductor_controller_test.go
Original file line number Diff line number Diff line change
@@ -22,8 +22,10 @@ import (
. "github.com/onsi/gomega"
routev1 "github.com/openshift/api/route/v1"
ironicv1 "github.com/openstack-k8s-operators/ironic-operator/api/v1beta1"
"github.com/openstack-k8s-operators/ironic-operator/pkg/ironic"
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
. "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
)
@@ -60,6 +62,10 @@ var _ = Describe("IronicConductor controller", func() {
DeferCleanup(
th.DeleteInstance,
CreateIronicConductor(ironicNames.ConductorName, spec))
mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{})
mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{})
mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.IronicDatabaseName)
})
It("should have the Spec fields initialized", func() {
instance := GetIronicConductor(ironicNames.ConductorName)
@@ -130,6 +136,13 @@ var _ = Describe("IronicConductor controller", func() {
condition.ServiceConfigReadyCondition,
corev1.ConditionTrue,
)
configDataMap := th.GetConfigMap(ironicNames.ConductorConfigDataName)
Expect(configDataMap).ShouldNot(BeNil())
Expect(configDataMap.Data).Should(HaveKey("ironic.conf"))
Expect(configDataMap.Data).Should(HaveKey("my.cnf"))
configData := string(configDataMap.Data["my.cnf"])
Expect(configData).To(
ContainSubstring("[client]\nssl=0"))
})
It("Sets NetworkAttachmentsReady", func() {
th.ExpectCondition(
@@ -218,6 +231,10 @@ var _ = Describe("IronicConductor controller", func() {
DeferCleanup(
th.DeleteInstance,
CreateIronicConductor(ironicNames.ConductorName, spec))
mariadb.CreateMariaDBDatabase(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBDatabaseSpec{})
mariadb.CreateMariaDBAccount(ironicNames.Namespace, ironic.DatabaseName, mariadbv1.MariaDBAccountSpec{})
mariadb.SimulateMariaDBAccountCompleted(ironicNames.IronicDatabaseName)
mariadb.SimulateMariaDBTLSDatabaseCompleted(ironicNames.IronicDatabaseName)
})

It("reports that the CA secret is missing", func() {
@@ -253,6 +270,14 @@ var _ = Describe("IronicConductor controller", func() {
// cert volumeMounts
container := depl.Spec.Template.Spec.Containers[1]
th.AssertVolumeMountExists(ironicNames.CaBundleSecretName.Name, "tls-ca-bundle.pem", container.VolumeMounts)

configDataMap := th.GetConfigMap(ironicNames.ConductorConfigDataName)
Expect(configDataMap).ShouldNot(BeNil())
Expect(configDataMap.Data).Should(HaveKey("ironic.conf"))
Expect(configDataMap.Data).Should(HaveKey("my.cnf"))
configData := string(configDataMap.Data["my.cnf"])
Expect(configData).To(
ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1"))
})

It("reconfigures the deployment when CA changes", func() {
19 changes: 13 additions & 6 deletions tests/functional/ironicinspector_controller_test.go
Original file line number Diff line number Diff line change
@@ -117,6 +117,14 @@ var _ = Describe("IronicInspector controller", func() {
It("Creates ConfigMaps and gets Secrets (input)", func() {
infra.GetTransportURL(ironicNames.InspectorTransportURLName)
infra.SimulateTransportURLReady(ironicNames.InspectorTransportURLName)
mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName)
cm := th.GetConfigMap(ironicNames.InspectorConfigDataName)
myCnf := cm.Data["my.cnf"]
Expect(myCnf).To(
ContainSubstring("[client]\nssl=0"))

th.ExpectCondition(
ironicNames.InspectorName,
ConditionGetterFunc(IronicInspectorConditionGetter),
@@ -295,6 +303,8 @@ var _ = Describe("IronicInspector controller", func() {

infra.GetTransportURL(ironicNames.InspectorTransportURLName)
infra.SimulateTransportURLReady(ironicNames.InspectorTransportURLName)
mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBTLSDatabaseCompleted(ironicNames.InspectorDatabaseName)
})

It("reports that the CA secret is missing", func() {
@@ -359,8 +369,6 @@ var _ = Describe("IronicInspector controller", func() {
DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(ironicNames.PublicCertSecretName))

mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName)
th.SimulateJobSuccess(ironicNames.InspectorDBSyncJobName)

th.SimulateStatefulSetReplicaReady(ironicNames.InspectorName)
@@ -399,6 +407,9 @@ var _ = Describe("IronicInspector controller", func() {
Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/internal.key\""))
Expect(configData).Should(ContainSubstring("SSLCertificateFile \"/etc/pki/tls/certs/public.crt\""))
Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/public.key\""))
configData = string(configDataMap.Data["my.cnf"])
Expect(configData).To(
ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1"))
})

It("TLS Endpoints are created", func() {
@@ -407,8 +418,6 @@ var _ = Describe("IronicInspector controller", func() {
DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(ironicNames.PublicCertSecretName))

mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName)
th.SimulateJobSuccess(ironicNames.InspectorDBSyncJobName)

th.SimulateStatefulSetReplicaReady(ironicNames.InspectorName)
@@ -434,8 +443,6 @@ var _ = Describe("IronicInspector controller", func() {
DeferCleanup(k8sClient.Delete, ctx, th.CreateCertSecret(ironicNames.PublicCertSecretName))

mariadb.GetMariaDBDatabase(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBAccountCompleted(ironicNames.InspectorDatabaseName)
mariadb.SimulateMariaDBDatabaseCompleted(ironicNames.InspectorDatabaseName)
th.SimulateJobSuccess(ironicNames.InspectorDBSyncJobName)

th.SimulateStatefulSetReplicaReady(ironicNames.InspectorName)