From c1c816062d66d1c8a8af8f6b9ade671d37562d05 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Tue, 20 Feb 2024 17:22:57 +0100 Subject: [PATCH] [tlse] TLS database connection The my.cnf file gets added to the secret holding the service configs. The content of my.cnf is centrally managed in the mariadb-operator and retrieved calling db.GetDatabaseClientConfig(tlsCfg) Depends-On: https://github.com/openstack-k8s-operators/mariadb-operator/pull/190 Depends-On: https://github.com/openstack-k8s-operators/mariadb-operator/pull/191 Jira: OSPRH-4547 --- controllers/nova_controller.go | 15 ++++++++-- controllers/novaapi_controller.go | 20 +++++++++++-- controllers/novacell_controller.go | 1 - controllers/novacompute_controller.go | 1 - controllers/novaconductor_controller.go | 14 ++++++++-- controllers/novametadata_controller.go | 24 ++++++++++++++-- controllers/novanovncproxy_controller.go | 15 ++++++++-- controllers/novascheduler_controller.go | 15 ++++++++-- go.mod | 2 +- go.sum | 4 +-- .../config/cell-mapping-config.json | 6 ++++ .../config/host-discover-config.json | 6 ++++ templates/nova.conf | 4 +-- templates/novaapi/config/nova-api-config.json | 6 ++++ .../config/nova-conductor-config.json | 6 ++++ .../config/nova-conductor-dbsync-config.json | 6 ++++ .../config/nova-metadata-config.json | 10 +++++-- .../config/nova-novncproxy-config.json | 6 ++++ .../config/nova-scheduler-config.json | 6 ++++ test/functional/nova_controller_test.go | 20 +++++++------ .../nova_metadata_controller_test.go | 25 ++++++++++++++++- test/functional/nova_multicell_test.go | 22 +++++++++------ test/functional/nova_novncproxy_test.go | 21 ++++++++++++++ test/functional/nova_reconfiguration_test.go | 3 ++ test/functional/nova_scheduler_test.go | 28 +++++++++++++++++++ test/functional/novaapi_controller_test.go | 25 +++++++++++++++++ test/functional/novacell_controller_test.go | 11 ++++++++ .../novaconductor_controller_test.go | 25 +++++++++++++++++ 28 files changed, 306 insertions(+), 41 deletions(-) diff --git a/controllers/nova_controller.go b/controllers/nova_controller.go index 64a8890c3..9a55c9c70 100644 --- a/controllers/nova_controller.go +++ b/controllers/nova_controller.go @@ -47,6 +47,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/labels" common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac" "github.com/openstack-k8s-operators/lib-common/modules/common/secret" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" @@ -656,6 +657,7 @@ func (r *NovaReconciler) ensureNovaManageJobSecret( cellTemplate novav1.NovaCellTemplate, apiDBHostname string, cellTransportURL string, + db *mariadbv1.Database, ) (map[string]env.Setter, string, string, error) { configName := fmt.Sprintf("%s-config-data", cell.Name+"-manage") scriptName := fmt.Sprintf("%s-scripts", cell.Name+"-manage") @@ -664,6 +666,15 @@ func (r *NovaReconciler) ensureNovaManageJobSecret( instance, labels.GetGroupLabel(NovaLabelPrefix), map[string]string{}, ) + var tlsCfg *tls.Service + if instance.Spec.APIServiceTemplate.TLS.Ca.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + + extraData := map[string]string{ + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } + extraTemplates := map[string]string{ "01-nova.conf": "/nova.conf", "nova-blank.conf": "/nova-blank.conf", @@ -719,7 +730,7 @@ func (r *NovaReconciler) ensureNovaManageJobSecret( InstanceType: "nova-manage", ConfigOptions: templateParameters, Labels: cmLabels, - CustomData: map[string]string{}, + CustomData: extraData, Annotations: map[string]string{}, AdditionalTemplate: extraTemplates, }, @@ -895,7 +906,7 @@ func (r *NovaReconciler) ensureCell( return cell, nova.CellDeploying, err } configHash, scriptName, configName, err := r.ensureNovaManageJobSecret(ctx, h, instance, - cell, secret, cellTemplate, apiDB.GetDatabaseHostname(), cellTransportURL) + cell, secret, cellTemplate, apiDB.GetDatabaseHostname(), cellTransportURL, cellDB) if err != nil { return cell, nova.CellFailed, err } diff --git a/controllers/novaapi_controller.go b/controllers/novaapi_controller.go index ddb2ba370..a765395c4 100644 --- a/controllers/novaapi_controller.go +++ b/controllers/novaapi_controller.go @@ -47,6 +47,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" @@ -409,7 +410,6 @@ func (r *NovaAPIReconciler) generateConfigs( "cell_db_password": string(secret.Data[CellDatabasePasswordSelector]), "cell_db_address": instance.Spec.Cell0DatabaseHostname, "cell_db_port": 3306, - "openstack_cacert": "", // fixme "openstack_region_name": "regionOne", // fixme "default_project_domain": "Default", // fixme "default_user_domain": "Default", // fixme @@ -432,7 +432,21 @@ func (r *NovaAPIReconciler) generateConfigs( httpdVhostConfig[endpt.String()] = endptConfig } templateParameters["VHosts"] = httpdVhostConfig - extraData := map[string]string{} + + db, err := mariadbv1.GetDatabaseByName(ctx, h, "nova-api") + if err != nil { + return err + } + + var tlsCfg *tls.Service + if instance.Spec.TLS.Ca.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + + extraData := map[string]string{ + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } + if instance.Spec.CustomServiceConfig != "" { extraData["02-nova-override.conf"] = instance.Spec.CustomServiceConfig } @@ -444,7 +458,7 @@ func (r *NovaAPIReconciler) generateConfigs( instance, labels.GetGroupLabel(NovaAPILabelPrefix), map[string]string{}, ) - err := r.GenerateConfigs( + err = r.GenerateConfigs( ctx, h, instance, nova.GetServiceConfigSecretName(instance.GetName()), hashes, templateParameters, extraData, cmLabels, map[string]string{}, ) diff --git a/controllers/novacell_controller.go b/controllers/novacell_controller.go index 49c59465b..5060f832a 100644 --- a/controllers/novacell_controller.go +++ b/controllers/novacell_controller.go @@ -770,7 +770,6 @@ func (r *NovaCellReconciler) generateComputeConfigs( "keystone_internal_url": instance.Spec.KeystoneAuthURL, "nova_keystone_user": instance.Spec.ServiceUser, "nova_keystone_password": string(secret.Data[ServicePasswordSelector]), - "openstack_cacert": "", // fixme "openstack_region_name": "regionOne", // fixme "default_project_domain": "Default", // fixme "default_user_domain": "Default", // fixme diff --git a/controllers/novacompute_controller.go b/controllers/novacompute_controller.go index 638f39eed..0ffd8de0e 100644 --- a/controllers/novacompute_controller.go +++ b/controllers/novacompute_controller.go @@ -314,7 +314,6 @@ func (r *NovaComputeReconciler) generateConfigs( "keystone_internal_url": instance.Spec.KeystoneAuthURL, "nova_keystone_user": instance.Spec.ServiceUser, "nova_keystone_password": string(secret.Data[ServicePasswordSelector]), - "openstack_cacert": "", // fixme "openstack_region_name": "regionOne", // fixme "default_project_domain": "Default", // fixme "default_user_domain": "Default", // fixme diff --git a/controllers/novaconductor_controller.go b/controllers/novaconductor_controller.go index 2d70bcefe..6dc235211 100644 --- a/controllers/novaconductor_controller.go +++ b/controllers/novaconductor_controller.go @@ -45,6 +45,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" "github.com/openstack-k8s-operators/nova-operator/pkg/novaconductor" ) @@ -344,7 +345,6 @@ func (r *NovaConductorReconciler) generateConfigs( "cell_db_password": string(secret.Data[CellDatabasePasswordSelector]), "cell_db_address": instance.Spec.CellDatabaseHostname, "cell_db_port": 3306, - "openstack_cacert": "", // fixme "openstack_region_name": "regionOne", // fixme "default_project_domain": "Default", // fixme "default_user_domain": "Default", // fixme @@ -358,7 +358,17 @@ func (r *NovaConductorReconciler) generateConfigs( templateParameters["api_db_port"] = 3306 } - extraData := map[string]string{} + db, err := mariadbv1.GetDatabaseByName(ctx, h, "nova-"+instance.Spec.CellName) + if err != nil { + return err + } + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + extraData := map[string]string{ + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } if instance.Spec.CustomServiceConfig != "" { extraData["02-nova-override.conf"] = instance.Spec.CustomServiceConfig } diff --git a/controllers/novametadata_controller.go b/controllers/novametadata_controller.go index 57b765f07..9bbf92bb1 100644 --- a/controllers/novametadata_controller.go +++ b/controllers/novametadata_controller.go @@ -46,6 +46,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" "github.com/openstack-k8s-operators/nova-operator/pkg/nova" "github.com/openstack-k8s-operators/nova-operator/pkg/novametadata" @@ -382,7 +383,6 @@ func (r *NovaMetadataReconciler) generateConfigs( "cell_db_password": string(secret.Data[CellDatabasePasswordSelector]), "cell_db_address": instance.Spec.CellDatabaseHostname, "cell_db_port": 3306, - "openstack_cacert": "", // fixme "openstack_region_name": "regionOne", // fixme "default_project_domain": "Default", // fixme "default_user_domain": "Default", // fixme @@ -393,6 +393,8 @@ func (r *NovaMetadataReconciler) generateConfigs( "ServerName": fmt.Sprintf("%s.%s.svc", novametadata.ServiceName, instance.Namespace), } + var err error + var db *mariadbv1.Database if instance.Spec.CellName == "" { templateParameters["api_db_name"] = NovaAPIDatabaseName templateParameters["api_db_user"] = instance.Spec.APIDatabaseUser // fixme @@ -400,9 +402,19 @@ func (r *NovaMetadataReconciler) generateConfigs( templateParameters["api_db_address"] = instance.Spec.APIDatabaseHostname templateParameters["api_db_port"] = 3306 templateParameters["local_metadata_per_cell"] = false + + db, err = mariadbv1.GetDatabaseByName(ctx, h, "nova-api") + if err != nil { + return err + } } else { templateParameters["local_metadata_per_cell"] = true templateParameters["cell_db_name"] = getCellDatabaseName(instance.Spec.CellName) + + db, err = mariadbv1.GetDatabaseByName(ctx, h, "nova-"+instance.Spec.CellName) + if err != nil { + return err + } } // create httpd tls template parameters @@ -412,7 +424,13 @@ func (r *NovaMetadataReconciler) generateConfigs( templateParameters["SSLCertificateKeyFile"] = fmt.Sprintf("/etc/pki/tls/private/%s.key", novametadata.ServiceName) } - extraData := map[string]string{} + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + extraData := map[string]string{ + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } if instance.Spec.CustomServiceConfig != "" { extraData["02-nova-override.conf"] = instance.Spec.CustomServiceConfig } @@ -424,7 +442,7 @@ func (r *NovaMetadataReconciler) generateConfigs( instance, labels.GetGroupLabel(NovaMetadataLabelPrefix), map[string]string{}, ) - err := r.GenerateConfigs( + err = r.GenerateConfigs( ctx, h, instance, nova.GetServiceConfigSecretName(instance.GetName()), hashes, templateParameters, extraData, cmLabels, map[string]string{}, ) diff --git a/controllers/novanovncproxy_controller.go b/controllers/novanovncproxy_controller.go index 199f8e721..cc24637ae 100644 --- a/controllers/novanovncproxy_controller.go +++ b/controllers/novanovncproxy_controller.go @@ -43,6 +43,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" "github.com/openstack-k8s-operators/nova-operator/pkg/nova" "github.com/openstack-k8s-operators/nova-operator/pkg/novncproxy" @@ -358,7 +359,17 @@ func (r *NovaNoVNCProxyReconciler) generateConfigs( templateParameters["SSLCertificateFile"] = fmt.Sprintf("/etc/pki/tls/certs/%s.crt", novncproxy.ServiceName) templateParameters["SSLCertificateKeyFile"] = fmt.Sprintf("/etc/pki/tls/private/%s.key", novncproxy.ServiceName) } - extraData := map[string]string{} + db, err := mariadbv1.GetDatabaseByName(ctx, h, "nova-"+instance.Spec.CellName) + if err != nil { + return err + } + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + extraData := map[string]string{ + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } if instance.Spec.CustomServiceConfig != "" { extraData["02-nova-override.conf"] = instance.Spec.CustomServiceConfig } @@ -367,7 +378,7 @@ func (r *NovaNoVNCProxyReconciler) generateConfigs( instance, labels.GetGroupLabel(NovaNoVNCProxyLabelPrefix), map[string]string{}, ) - err := r.GenerateConfigs( + err = r.GenerateConfigs( ctx, h, instance, nova.GetServiceConfigSecretName(instance.GetName()), hashes, templateParameters, extraData, cmLabels, map[string]string{}, ) diff --git a/controllers/novascheduler_controller.go b/controllers/novascheduler_controller.go index 384244692..c05126844 100644 --- a/controllers/novascheduler_controller.go +++ b/controllers/novascheduler_controller.go @@ -43,6 +43,7 @@ import ( "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset" "github.com/openstack-k8s-operators/lib-common/modules/common/tls" util "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" "github.com/openstack-k8s-operators/nova-operator/pkg/nova" @@ -423,13 +424,23 @@ func (r *NovaSchedulerReconciler) generateConfigs( "cell_db_password": string(secret.Data[CellDatabasePasswordSelector]), "cell_db_address": instance.Spec.Cell0DatabaseHostname, "cell_db_port": 3306, - "openstack_cacert": "", // fixme "openstack_region_name": "regionOne", // fixme "default_project_domain": "Default", // fixme "default_user_domain": "Default", // fixme "transport_url": string(secret.Data[TransportURLSelector]), } - extraData := map[string]string{} + + db, err := mariadbv1.GetDatabaseByName(ctx, h, "nova-api") + if err != nil { + return err + } + var tlsCfg *tls.Service + if instance.Spec.TLS.CaBundleSecretName != "" { + tlsCfg = &tls.Service{} + } + extraData := map[string]string{ + "my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf + } if instance.Spec.CustomServiceConfig != "" { extraData["02-nova-override.conf"] = instance.Spec.CustomServiceConfig } diff --git a/go.mod b/go.mod index f2f772c1a..ab928e741 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240216173409-86913e6d5885 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240216173409-86913e6d5885 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 - github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798 + github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e github.com/openstack-k8s-operators/nova-operator/api v0.0.0-20221209164002-f9e6b9363961 go.uber.org/zap v1.26.0 golang.org/x/exp v0.0.0-20240213143201-ec583247a57a diff --git a/go.sum b/go.sum index 9a8406c5b..22aba4c33 100644 --- a/go.sum +++ b/go.sum @@ -101,8 +101,8 @@ github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.2024021 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:8QsCFttAm+X6A8I8EQThGjNjeMAYt2hK7ivbvnR3434= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885 h1:ioJ2MO3vAcBkLM+0UBu5IuKW/DPXcyiNSOLq0Xvn+Nw= github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240216173409-86913e6d5885/go.mod h1:82nzS+DbBe1tzaMvNHH8FctmZzQ14ZAJysFGsMJiivo= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798 h1:zL4DdQ5HPXCLHeRMAWC2zI7ypbkZVYg3UkyEFSnzeow= -github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240219072536-62f6b4dc7798/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e h1:6vqp5HZwcGvPH0MII/23iCd97T3/1HJZlONKW6LyNio= +github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/templates/nova-manage/config/cell-mapping-config.json b/templates/nova-manage/config/cell-mapping-config.json index adac1e180..eed9b0aa8 100644 --- a/templates/nova-manage/config/cell-mapping-config.json +++ b/templates/nova-manage/config/cell-mapping-config.json @@ -25,6 +25,12 @@ "dest": "/bin/", "owner": "nova", "perm": "0700" + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ] } diff --git a/templates/nova-manage/config/host-discover-config.json b/templates/nova-manage/config/host-discover-config.json index eff838bb8..893681978 100644 --- a/templates/nova-manage/config/host-discover-config.json +++ b/templates/nova-manage/config/host-discover-config.json @@ -25,6 +25,12 @@ "dest": "/bin/", "owner": "nova", "perm": "0700" + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ] } diff --git a/templates/nova.conf b/templates/nova.conf index 7ca650a47..f7a062b36 100644 --- a/templates/nova.conf +++ b/templates/nova.conf @@ -200,13 +200,13 @@ live_migration_uri = qemu+ssh://nova@%s/system?keyfile=/var/lib/nova/.ssh/ssh-pr {{if (index . "cell_db_address")}} [database] -connection = mysql+pymysql://{{ .cell_db_user }}:{{ .cell_db_password}}@{{ .cell_db_address }}/{{ .cell_db_name }} +connection = mysql+pymysql://{{ .cell_db_user }}:{{ .cell_db_password}}@{{ .cell_db_address }}/{{ .cell_db_name }}?read_default_file=/etc/my.cnf {{end}} {{if (index . "api_db_address")}} [api_database] -connection = mysql+pymysql://{{ .api_db_user }}:{{ .api_db_password }}@{{ .api_db_address }}/{{ .api_db_name }} +connection = mysql+pymysql://{{ .api_db_user }}:{{ .api_db_password }}@{{ .api_db_address }}/{{ .api_db_name }}?read_default_file=/etc/my.cnf {{end}} [keystone_authtoken] diff --git a/templates/novaapi/config/nova-api-config.json b/templates/novaapi/config/nova-api-config.json index f3f358479..65d2df352 100644 --- a/templates/novaapi/config/nova-api-config.json +++ b/templates/novaapi/config/nova-api-config.json @@ -61,6 +61,12 @@ "owner": "nova", "perm": "0600", "optional": true + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ], "permissions": [ diff --git a/templates/novaconductor/config/nova-conductor-config.json b/templates/novaconductor/config/nova-conductor-config.json index 38916747d..a7b7c0b05 100644 --- a/templates/novaconductor/config/nova-conductor-config.json +++ b/templates/novaconductor/config/nova-conductor-config.json @@ -19,6 +19,12 @@ "owner": "nova", "perm": "0600", "optional": true + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ], "permissions": [ diff --git a/templates/novaconductor/config/nova-conductor-dbsync-config.json b/templates/novaconductor/config/nova-conductor-dbsync-config.json index ce416efd0..f4a07f452 100644 --- a/templates/novaconductor/config/nova-conductor-dbsync-config.json +++ b/templates/novaconductor/config/nova-conductor-dbsync-config.json @@ -25,6 +25,12 @@ "dest": "/bin/", "owner": "nova", "perm": "0700" + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ], "permissions": [ diff --git a/templates/novametadata/config/nova-metadata-config.json b/templates/novametadata/config/nova-metadata-config.json index 43122c9e9..11f5ab34c 100644 --- a/templates/novametadata/config/nova-metadata-config.json +++ b/templates/novametadata/config/nova-metadata-config.json @@ -54,8 +54,14 @@ "owner": "nova", "perm": "0600", "optional": true - } -], + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" + } + ], "permissions": [ { "path": "/var/log/nova", diff --git a/templates/novanovncproxy/config/nova-novncproxy-config.json b/templates/novanovncproxy/config/nova-novncproxy-config.json index 10809db01..343da632a 100644 --- a/templates/novanovncproxy/config/nova-novncproxy-config.json +++ b/templates/novanovncproxy/config/nova-novncproxy-config.json @@ -35,6 +35,12 @@ "perm": "0600", "optional": true, "merge": true + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ] } diff --git a/templates/novascheduler/config/nova-scheduler-config.json b/templates/novascheduler/config/nova-scheduler-config.json index 13c6c2fe7..f757b421b 100644 --- a/templates/novascheduler/config/nova-scheduler-config.json +++ b/templates/novascheduler/config/nova-scheduler-config.json @@ -19,6 +19,12 @@ "owner": "nova", "perm": "0600", "optional": true + }, + { + "source": "/var/lib/openstack/config/my.cnf", + "dest": "/etc/my.cnf", + "owner": "nova", + "perm": "0644" } ] } diff --git a/test/functional/nova_controller_test.go b/test/functional/nova_controller_test.go index f45832caf..46d69664a 100644 --- a/test/functional/nova_controller_test.go +++ b/test/functional/nova_controller_test.go @@ -283,10 +283,10 @@ var _ = Describe("Nova controller", func() { Expect(mappingJobConfig.Data).Should(HaveKey("01-nova.conf")) configData := string(mappingJobConfig.Data["01-nova.conf"]) Expect(configData).To( - ContainSubstring(fmt.Sprintf("[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-openstack.%s.svc/nova_cell0", novaNames.Namespace)), + ContainSubstring(fmt.Sprintf("[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-openstack.%s.svc/nova_cell0?read_default_file=/etc/my.cnf", novaNames.Namespace)), ) Expect(configData).To( - ContainSubstring(fmt.Sprintf("[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-openstack.%s.svc/nova_api", novaNames.Namespace)), + ContainSubstring(fmt.Sprintf("[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-openstack.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.Namespace)), ) // NOTE(gibi): cell mapping for cell0 should not have transport_url // configured. As the nova-manage command used to create the mapping @@ -294,6 +294,10 @@ var _ = Describe("Nova controller", func() { // we need to make sure that it is empty. Expect(configData).NotTo(ContainSubstring("transport_url")) + myCnf := mappingJobConfig.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) + mappingJobScript := th.GetSecret( types.NamespacedName{ Namespace: cell0.CellCRName.Namespace, @@ -643,13 +647,13 @@ var _ = Describe("Nova controller", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0", + "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0?read_default_file=/etc/my.cnf", cell0.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To(ContainSubstring("password = service-password")) @@ -666,13 +670,13 @@ var _ = Describe("Nova controller", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0", + "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0?read_default_file=/etc/my.cnf", cell0.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To(ContainSubstring("password = service-password")) @@ -683,13 +687,13 @@ var _ = Describe("Nova controller", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0", + "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0?read_default_file=/etc/my.cnf", cell0.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To(ContainSubstring("password = service-password")) diff --git a/test/functional/nova_metadata_controller_test.go b/test/functional/nova_metadata_controller_test.go index eafa9b97c..e28d0c318 100644 --- a/test/functional/nova_metadata_controller_test.go +++ b/test/functional/nova_metadata_controller_test.go @@ -31,10 +31,15 @@ import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" ) var _ = Describe("NovaMetadata controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("with standard spec without network interface", func() { BeforeEach(func() { spec := GetDefaultNovaMetadataSpec(novaNames.InternalTopLevelSecretName) @@ -175,10 +180,13 @@ var _ = Describe("NovaMetadata controller", func() { Expect(configData).Should(ContainSubstring("metadata_workers=1")) Expect(configData).Should( ContainSubstring( - "connection = mysql+pymysql://nova_api:api-database-password@nova-api-db-hostname/nova_api")) + "connection = mysql+pymysql://nova_api:api-database-password@nova-api-db-hostname/nova_api?read_default_file=/etc/my.cnf")) Expect(configData).Should( ContainSubstring("[upgrade_levels]\ncompute = auto")) Expect(configDataMap.Data).Should(HaveKey("02-nova-override.conf")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) extraData := string(configDataMap.Data["02-nova-override.conf"]) Expect(extraData).To(Equal("foo=bar")) @@ -327,6 +335,12 @@ var _ = Describe("NovaMetadata controller", func() { }) var _ = Describe("NovaMetadata controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.CreateMariaDBDatabase(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("configured with cell name", func() { BeforeEach(func() { spec := GetDefaultNovaMetadataSpec(cell1.InternalCellSecretName) @@ -745,6 +759,12 @@ var _ = Describe("NovaMetadata controller", func() { }) var _ = Describe("NovaMetadata controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBTLSDatabaseCompleted(novaNames.APIMariaDBDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(novaNames.APIMariaDBDatabaseName) + }) When("NovaMetadata is created with TLS CA cert secret", func() { BeforeEach(func() { DeferCleanup( @@ -832,6 +852,9 @@ var _ = Describe("NovaMetadata controller", func() { Expect(configData).Should(ContainSubstring("SSLEngine on")) Expect(configData).Should(ContainSubstring("SSLCertificateFile \"/etc/pki/tls/certs/nova-metadata.crt\"")) Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/nova-metadata.key\"")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) computeConfigData := th.GetSecret(novaNames.MetadataNeutronConfigDataName) Expect(computeConfigData).ShouldNot(BeNil()) diff --git a/test/functional/nova_multicell_test.go b/test/functional/nova_multicell_test.go index d76c60a7a..427a5e792 100644 --- a/test/functional/nova_multicell_test.go +++ b/test/functional/nova_multicell_test.go @@ -106,13 +106,13 @@ var _ = Describe("Nova multicell", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0", + "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0?read_default_file=/etc/my.cnf", cell0.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) // and that it is using the top level MQ @@ -169,13 +169,13 @@ var _ = Describe("Nova multicell", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0", + "[database]\nconnection = mysql+pymysql://nova_cell0:cell0-database-password@hostname-for-%s.%s.svc/nova_cell0?read_default_file=/etc/my.cnf", cell0.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To(ContainSubstring("transport_url=rabbit://cell0/fake")) @@ -278,17 +278,21 @@ var _ = Describe("Nova multicell", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell1:cell1-database-password@hostname-for-%s.%s.svc/nova_cell1", + "[database]\nconnection = mysql+pymysql://nova_cell1:cell1-database-password@hostname-for-%s.%s.svc/nova_cell1?read_default_file=/etc/my.cnf", cell1.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To(ContainSubstring("transport_url=rabbit://cell1/fake")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) + th.SimulateStatefulSetReplicaReady(cell1.NoVNCProxyStatefulSetName) th.SimulateJobSuccess(cell1.DBSyncJobName) th.ExpectCondition( @@ -378,7 +382,7 @@ var _ = Describe("Nova multicell", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell2:cell2-database-password@hostname-for-%s.%s.svc/nova_cell2", + "[database]\nconnection = mysql+pymysql://nova_cell2:cell2-database-password@hostname-for-%s.%s.svc/nova_cell2?read_default_file=/etc/my.cnf", cell2.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).ToNot( @@ -411,13 +415,13 @@ var _ = Describe("Nova multicell", func() { Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[database]\nconnection = mysql+pymysql://nova_cell2:cell2-database-password@hostname-for-%s.%s.svc/nova_cell2", + "[database]\nconnection = mysql+pymysql://nova_cell2:cell2-database-password@hostname-for-%s.%s.svc/nova_cell2?read_default_file=/etc/my.cnf", cell2.MariaDBDatabaseName.Name, novaNames.Namespace)), ) Expect(configData).To( ContainSubstring( fmt.Sprintf( - "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api", + "[api_database]\nconnection = mysql+pymysql://nova_api:api-database-password@hostname-for-%s.%s.svc/nova_api?read_default_file=/etc/my.cnf", novaNames.APIMariaDBDatabaseName.Name, novaNames.Namespace)), ) diff --git a/test/functional/nova_novncproxy_test.go b/test/functional/nova_novncproxy_test.go index 9902f6acb..fedd7ca8d 100644 --- a/test/functional/nova_novncproxy_test.go +++ b/test/functional/nova_novncproxy_test.go @@ -23,6 +23,7 @@ import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" "github.com/openstack-k8s-operators/lib-common/modules/common/util" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -31,6 +32,10 @@ import ( ) var _ = Describe("NovaNoVNCProxy controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("with standard spec without network interface", func() { BeforeEach(func() { spec := GetDefaultNovaNoVNCProxySpec(cell1) @@ -168,6 +173,9 @@ var _ = Describe("NovaNoVNCProxy controller", func() { Expect(configData).Should( ContainSubstring("[upgrade_levels]\ncompute = auto")) Expect(configDataMap.Data).Should(HaveKey("02-nova-override.conf")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) extraData := string(configDataMap.Data["02-nova-override.conf"]) Expect(extraData).To(Equal("foo=bar")) }) @@ -290,6 +298,10 @@ var _ = Describe("NovaNoVNCProxy controller", func() { }) var _ = Describe("NovaNoVNCProxy controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When(" is created with networkAttachments", func() { BeforeEach(func() { spec := GetDefaultNovaNoVNCProxySpec(cell1) @@ -646,6 +658,12 @@ var _ = Describe("NovaNoVNCProxy controller", func() { }) var _ = Describe("NovaNoVNCProxy controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBTLSDatabaseCompleted(cell1.MariaDBDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(cell1.MariaDBDatabaseName) + }) When("NovaNoVNCProxy is created with TLS CA cert secret", func() { BeforeEach(func() { spec := GetDefaultNovaNoVNCProxySpec(cell1) @@ -735,6 +753,9 @@ var _ = Describe("NovaNoVNCProxy controller", func() { Expect(configData).Should(ContainSubstring("ssl_only=true")) Expect(configData).Should(ContainSubstring("cert=/etc/pki/tls/certs/nova-novncproxy.crt")) Expect(configData).Should(ContainSubstring("key=/etc/pki/tls/private/nova-novncproxy.key")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("reconfigures the NovaNoVNCProxy pod when CA changes", func() { diff --git a/test/functional/nova_reconfiguration_test.go b/test/functional/nova_reconfiguration_test.go index b81d27f2e..83f62c2e5 100644 --- a/test/functional/nova_reconfiguration_test.go +++ b/test/functional/nova_reconfiguration_test.go @@ -23,6 +23,7 @@ import ( . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -80,6 +81,8 @@ func CreateNovaWith3CellsAndEnsureReady(novaNames NovaNames) { keystone.SimulateKeystoneServiceReady(novaNames.KeystoneServiceName) // END of common logic with Nova multicell test + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) mariadb.SimulateMariaDBDatabaseCompleted(novaNames.APIMariaDBDatabaseName) mariadb.SimulateMariaDBAccountCompleted(novaNames.APIMariaDBDatabaseName) mariadb.SimulateMariaDBDatabaseCompleted(cell0.MariaDBDatabaseName) diff --git a/test/functional/nova_scheduler_test.go b/test/functional/nova_scheduler_test.go index 559659ccd..d3c2b04d4 100644 --- a/test/functional/nova_scheduler_test.go +++ b/test/functional/nova_scheduler_test.go @@ -26,6 +26,7 @@ import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" "github.com/openstack-k8s-operators/lib-common/modules/common/util" api "github.com/openstack-k8s-operators/lib-common/modules/test/apis" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,6 +35,10 @@ import ( ) var _ = Describe("NovaScheduler controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) BeforeEach(func() { // Uncomment this if you need the full output in the logs from gomega // matchers @@ -205,6 +210,9 @@ var _ = Describe("NovaScheduler controller", func() { Expect(configData).Should( ContainSubstring("[upgrade_levels]\ncompute = auto")) Expect(configDataMap.Data).Should(HaveKey("02-nova-override.conf")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) extraConfigData := string(configDataMap.Data["02-nova-override.conf"]) Expect(extraConfigData).To(Equal("foo=bar")) }) @@ -294,6 +302,10 @@ var _ = Describe("NovaScheduler controller", func() { }) var _ = Describe("NovaScheduler controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("NovaScheduler is created with networkAttachments", func() { BeforeEach(func() { DeferCleanup( @@ -551,6 +563,10 @@ var _ = Describe("NovaScheduler controller", func() { }) var _ = Describe("NovaScheduler controller cleaning", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) var novaAPIFixture *NovaAPIFixture BeforeEach(func() { DeferCleanup( @@ -599,6 +615,12 @@ var _ = Describe("NovaScheduler controller cleaning", func() { }) var _ = Describe("NovaScheduler controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBTLSDatabaseCompleted(novaNames.APIMariaDBDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(novaNames.APIMariaDBDatabaseName) + }) When("NovaScheduler is created with TLS CA cert secret", func() { BeforeEach(func() { spec := GetDefaultNovaSchedulerSpec(novaNames) @@ -645,6 +667,12 @@ var _ = Describe("NovaScheduler controller", func() { apiContainer := ss.Spec.Template.Spec.Containers[0] th.AssertVolumeMountExists(novaNames.CaBundleSecretName.Name, "tls-ca-bundle.pem", apiContainer.VolumeMounts) + configDataMap := th.GetSecret(novaNames.SchedulerConfigDataName) + Expect(configDataMap).ShouldNot(BeNil()) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) + th.ExpectCondition( novaNames.SchedulerName, ConditionGetterFunc(NovaSchedulerConditionGetter), diff --git a/test/functional/novaapi_controller_test.go b/test/functional/novaapi_controller_test.go index b2f931548..4236c3828 100644 --- a/test/functional/novaapi_controller_test.go +++ b/test/functional/novaapi_controller_test.go @@ -24,6 +24,7 @@ import ( . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,6 +35,10 @@ import ( ) var _ = Describe("NovaAPI controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("a NovaAPI CR is created pointing to a non existent Secret", func() { BeforeEach(func() { spec := GetDefaultNovaAPISpec(novaNames) @@ -202,6 +207,9 @@ var _ = Describe("NovaAPI controller", func() { Expect(configDataMap.Data).Should(HaveKey("api-paste.ini")) pasteData := string(configDataMap.Data["api-paste.ini"]) Expect(pasteData).To(Equal("pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi oscomputeversionapp_v2")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) }) It("stored the input hash in the Status", func() { @@ -372,6 +380,10 @@ var _ = Describe("NovaAPI controller", func() { }) var _ = Describe("NovaAPI controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("NovaAPI is created with networkAttachments", func() { BeforeEach(func() { DeferCleanup( @@ -804,6 +816,10 @@ var _ = Describe("NovaAPI controller", func() { }) var _ = Describe("NovaAPI controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("NovaAPI CR is created without container image defined", func() { BeforeEach(func() { spec := GetDefaultNovaAPISpec(novaNames) @@ -819,6 +835,12 @@ var _ = Describe("NovaAPI controller", func() { }) var _ = Describe("NovaAPI controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(novaNames.APIMariaDBDatabaseName.Namespace, novaNames.APIMariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBTLSDatabaseCompleted(novaNames.APIMariaDBDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(novaNames.APIMariaDBDatabaseName) + }) When("NovaAPI is created with TLS cert secrets", func() { BeforeEach(func() { spec := GetDefaultNovaAPISpec(novaNames) @@ -935,6 +957,9 @@ var _ = Describe("NovaAPI controller", func() { Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/internal.key\"")) Expect(configData).Should(ContainSubstring("SSLCertificateFile \"/etc/pki/tls/certs/public.crt\"")) Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile \"/etc/pki/tls/private/public.key\"")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("TLS Endpoints are created", func() { diff --git a/test/functional/novacell_controller_test.go b/test/functional/novacell_controller_test.go index 6e38da7c2..9803f83ce 100644 --- a/test/functional/novacell_controller_test.go +++ b/test/functional/novacell_controller_test.go @@ -30,6 +30,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" ) @@ -71,6 +72,8 @@ var _ = Describe("NovaCell controller", func() { When("A NovaCell/cell0 CR instance is created", func() { BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) DeferCleanup(k8sClient.Delete, ctx, CreateDefaultCellInternalSecret(cell0)) DeferCleanup(th.DeleteInstance, CreateNovaCell(cell0.CellCRName, GetDefaultNovaCellSpec(cell0))) }) @@ -141,6 +144,8 @@ var _ = Describe("NovaCell controller", func() { }) When("A NovaCell/cell1 CR instance is created", func() { BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) DeferCleanup( k8sClient.Delete, ctx, @@ -471,6 +476,8 @@ var _ = Describe("NovaCell controller", func() { }) When("A NovaCell/cell2 CR instance is created without VNCProxy", func() { BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell2.MariaDBDatabaseName.Namespace, cell2.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell2.MariaDBDatabaseName.Namespace, cell2.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) DeferCleanup( k8sClient.Delete, ctx, @@ -822,6 +829,8 @@ var _ = Describe("NovaCell controller", func() { }) When("NovaCell/cell0 is reconfigured", func() { BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) DeferCleanup(k8sClient.Delete, ctx, CreateDefaultCellInternalSecret(cell0)) DeferCleanup(th.DeleteInstance, CreateNovaCell(cell0.CellCRName, GetDefaultNovaCellSpec(cell0))) th.SimulateJobSuccess(cell0.DBSyncJobName) @@ -910,6 +919,8 @@ var _ = Describe("NovaCell controller", func() { When("NovaCell/cell1 with metadata is reconfigured", func() { BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell1.MariaDBDatabaseName.Namespace, cell1.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) DeferCleanup(k8sClient.Delete, ctx, CreateMetadataCellInternalSecret(cell1)) spec := GetDefaultNovaCellSpec(cell1) diff --git a/test/functional/novaconductor_controller_test.go b/test/functional/novaconductor_controller_test.go index 76d9afa25..1892e7890 100644 --- a/test/functional/novaconductor_controller_test.go +++ b/test/functional/novaconductor_controller_test.go @@ -24,6 +24,8 @@ import ( keystone_helper "github.com/openstack-k8s-operators/keystone-operator/api/test/helpers" . "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers" api "github.com/openstack-k8s-operators/lib-common/modules/test/apis" + + mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1" novav1 "github.com/openstack-k8s-operators/nova-operator/api/v1beta1" corev1 "k8s.io/api/core/v1" @@ -34,6 +36,10 @@ import ( ) var _ = Describe("NovaConductor controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("a NovaConductor CR is created pointing to a non existent Secret", func() { BeforeEach(func() { DeferCleanup( @@ -172,6 +178,9 @@ var _ = Describe("NovaConductor controller", func() { Expect(configData).Should( ContainSubstring("[upgrade_levels]\ncompute = auto")) Expect(configDataMap.Data).Should(HaveKey("02-nova-override.conf")) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl=0")) extraData := string(configDataMap.Data["02-nova-override.conf"]) Expect(extraData).To(Equal("foo=bar")) @@ -399,6 +408,10 @@ var _ = Describe("NovaConductor controller", func() { }) var _ = Describe("NovaConductor controller", func() { + BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + }) When("NovaConductor is created with networkAttachments", func() { BeforeEach(func() { DeferCleanup( @@ -641,6 +654,8 @@ var _ = Describe("NovaConductor controller", func() { var _ = Describe("NovaConductor controller cleaning", func() { var novaAPIServer *NovaAPIFixture BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) novaAPIServer = NewNovaAPIFixtureWithServer(logger) novaAPIServer.Setup() f := keystone_helper.NewKeystoneAPIFixtureWithServer(logger) @@ -685,6 +700,10 @@ var _ = Describe("NovaConductor controller cleaning", func() { var _ = Describe("NovaConductor controller", func() { When("NovaConductor is created with TLS CA cert secret", func() { BeforeEach(func() { + mariadb.CreateMariaDBDatabase(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBDatabaseSpec{}) + mariadb.CreateMariaDBAccount(cell0.MariaDBDatabaseName.Namespace, cell0.MariaDBDatabaseName.Name, mariadbv1.MariaDBAccountSpec{}) + mariadb.SimulateMariaDBTLSDatabaseCompleted(cell0.MariaDBDatabaseName) + mariadb.SimulateMariaDBAccountCompleted(cell0.MariaDBDatabaseName) DeferCleanup( k8sClient.Delete, ctx, CreateDefaultCellInternalSecret(cell0)) @@ -737,6 +756,12 @@ var _ = Describe("NovaConductor controller", func() { condition.ReadyCondition, corev1.ConditionTrue, ) + + configDataMap := th.GetSecret(cell0.ConductorConfigDataName) + Expect(configDataMap).ShouldNot(BeNil()) + myCnf := configDataMap.Data["my.cnf"] + Expect(myCnf).To( + ContainSubstring("[client]\nssl-ca=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\nssl=1")) }) It("reconfigures the NovaConductor pod when CA changes", func() {