Skip to content

Commit

Permalink
[tlse] TLS database connection
Browse files Browse the repository at this point in the history
The my.cnf file gets added to the secret holding the service configs.
The content of my.cnf is centrally managed in the mariadb-operator
and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547
  • Loading branch information
stuggi committed Feb 26, 2024
1 parent b19b1bc commit ed57cd5
Show file tree
Hide file tree
Showing 13 changed files with 230 additions and 77 deletions.
154 changes: 93 additions & 61 deletions controllers/manila_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import (
common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
manilav1beta1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
"github.com/openstack-k8s-operators/manila-operator/pkg/manila"
Expand Down Expand Up @@ -335,7 +336,7 @@ func (r *ManilaReconciler) reconcileDelete(ctx context.Context, instance *manila
r.Log.Info(fmt.Sprintf("Reconciling Service '%s' delete", instance.Name))

// remove db finalizer first
db, err := mariadbv1.GetDatabaseByName(ctx, helper, instance.Name)
db, err := mariadbv1.GetDatabaseByName(ctx, helper, manila.DatabaseName)
if err != nil && !k8s_errors.IsNotFound(err) {
return ctrl.Result{}, err
}
Expand All @@ -362,65 +363,9 @@ func (r *ManilaReconciler) reconcileInit(
) (ctrl.Result, error) {
r.Log.Info(fmt.Sprintf("Reconciling Service '%s' init", instance.Name))

//
// create service DB instance
//
db := mariadbv1.NewDatabase(
instance.Name,
instance.Spec.DatabaseUser,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
)
// create or patch the DB
ctrlResult, err := db.CreateOrPatchDB(
ctx,
helper,
)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
}
// wait for the DB to be setup
ctrlResult, err = db.WaitForDBCreated(ctx, helper)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return ctrlResult, nil
}
// update Status.DatabaseHostname, used to config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)

// TODO: why here?
// when job passed, mark NetworkAttachmentsReadyCondition ready
instance.Status.Conditions.MarkTrue(condition.NetworkAttachmentsReadyCondition, condition.NetworkAttachmentsReadyMessage)
// create service DB - end

//
// run manila db sync
Expand All @@ -434,7 +379,7 @@ func (r *ManilaReconciler) reconcileInit(
time.Duration(5)*time.Second,
dbSyncHash,
)
ctrlResult, err = dbSyncjob.DoJob(
ctrlResult, err := dbSyncjob.DoJob(
ctx,
helper,
)
Expand Down Expand Up @@ -590,6 +535,17 @@ func (r *ManilaReconciler) reconcileNormal(ctx context.Context, instance *manila
instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)
// run check OpenStack secret - end

//
// create service DB instance
//
db, result, err := r.ensureDB(ctx, helper, instance)
if err != nil {
return ctrl.Result{}, err
} else if (result != ctrl.Result{}) {
return result, nil
}
// create service DB - end

//
// Create ConfigMaps and Secrets required as input for the Service and calculate an overall hash of hashes
//
Expand All @@ -602,7 +558,7 @@ func (r *ManilaReconciler) reconcileNormal(ctx context.Context, instance *manila
// - %-config configmap holding minimal manila config required to get the service up, user can add additional files to be added to the service
// - parameters which has passwords gets added from the OpenStack secret via the init container
//
err = r.generateServiceConfig(ctx, helper, instance, &configVars, serviceLabels, memcached)
err = r.generateServiceConfig(ctx, helper, instance, &configVars, serviceLabels, memcached, db)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
Expand Down Expand Up @@ -843,6 +799,7 @@ func (r *ManilaReconciler) generateServiceConfig(
envVars *map[string]env.Setter,
serviceLabels map[string]string,
memcached *memcachedv1.Memcached,
db *mariadbv1.Database,
) error {
//
// create Secret required for manila input
Expand All @@ -853,10 +810,18 @@ func (r *ManilaReconciler) generateServiceConfig(

labels := labels.GetLabels(instance, labels.GetGroupLabel(manila.ServiceName), serviceLabels)

var tlsCfg *tls.Service
if instance.Spec.ManilaAPI.TLS.Ca.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
// custom.conf is going to /etc/<service>/<service>.conf.d
// all other files get placed into /etc/<service> to allow overwrite of e.g. policy.json
customData := map[string]string{manila.CustomConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
manila.CustomConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

keystoneAPI, err := keystonev1.GetKeystoneAPI(ctx, h, instance.Namespace, map[string]string{})
if err != nil {
Expand Down Expand Up @@ -1105,3 +1070,70 @@ func (r *ManilaReconciler) getManilaMemcached(
}
return memcached, err
}

func (r *ManilaReconciler) ensureDB(
ctx context.Context,
h *helper.Helper,
instance *manilav1beta1.Manila,
) (*mariadbv1.Database, ctrl.Result, error) {
//
// create service DB instance
//
db := mariadbv1.NewDatabase(
manila.DatabaseName,
instance.Spec.DatabaseUser,
instance.Spec.Secret,
map[string]string{
"dbName": instance.Spec.DatabaseInstance,
},
)

// create or patch the DB
ctrlResult, err := db.CreateOrPatchDBByName(
ctx,
h,
instance.Spec.DatabaseInstance,
)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return db, ctrl.Result{}, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return db, ctrlResult, nil
}
// wait for the DB to be setup
// (ksambor) should we use WaitForDBCreatedWithTimeout instead?
ctrlResult, err = db.WaitForDBCreated(ctx, h)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.DBReadyErrorMessage,
err.Error()))
return db, ctrlResult, err
}
if (ctrlResult != ctrl.Result{}) {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.DBReadyCondition,
condition.RequestedReason,
condition.SeverityInfo,
condition.DBReadyRunningMessage))
return db, ctrlResult, nil
}

// update Status.DatabaseHostname, used to config the service
instance.Status.DatabaseHostname = db.GetDatabaseHostname()
instance.Status.Conditions.MarkTrue(condition.DBReadyCondition, condition.DBReadyMessage)
return db, ctrlResult, nil
}
15 changes: 14 additions & 1 deletion controllers/manilaapi_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ import (
manilav1beta1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
"github.com/openstack-k8s-operators/manila-operator/pkg/manila"
manilaapi "github.com/openstack-k8s-operators/manila-operator/pkg/manilaapi"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
k8s_errors "k8s.io/apimachinery/pkg/api/errors"
Expand Down Expand Up @@ -940,8 +941,20 @@ func (r *ManilaAPIReconciler) generateServiceConfig(

labels := labels.GetLabels(instance, labels.GetGroupLabel(manila.ServiceName), serviceLabels)

db, err := mariadbv1.GetDatabaseByName(ctx, h, manila.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

// customData hold any customization for the service.
customData := map[string]string{manila.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
customData := map[string]string{
manila.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

customData[manila.CustomServiceConfigFileName] = instance.Spec.CustomServiceConfig

Expand Down
15 changes: 14 additions & 1 deletion controllers/manilascheduler_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ import (
manilav1beta1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
"github.com/openstack-k8s-operators/manila-operator/pkg/manila"
manilascheduler "github.com/openstack-k8s-operators/manila-operator/pkg/manilascheduler"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
)

// GetClient -
Expand Down Expand Up @@ -646,7 +647,19 @@ func (r *ManilaSchedulerReconciler) generateServiceConfig(

labels := labels.GetLabels(instance, labels.GetGroupLabel(manila.ServiceName), serviceLabels)

customData := map[string]string{manila.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
db, err := mariadbv1.GetDatabaseByName(ctx, h, manila.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

customData := map[string]string{
manila.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

customData[manila.CustomServiceConfigFileName] = instance.Spec.CustomServiceConfig

Expand Down
15 changes: 14 additions & 1 deletion controllers/manilashare_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ import (
manilav1beta1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
"github.com/openstack-k8s-operators/manila-operator/pkg/manila"
"github.com/openstack-k8s-operators/manila-operator/pkg/manilashare"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
)

// GetClient -
Expand Down Expand Up @@ -643,7 +644,19 @@ func (r *ManilaShareReconciler) generateServiceConfig(

labels := labels.GetLabels(instance, labels.GetGroupLabel(manila.ServiceName), serviceLabels)

customData := map[string]string{manila.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
db, err := mariadbv1.GetDatabaseByName(ctx, h, manila.DatabaseName)
if err != nil {
return err
}
var tlsCfg *tls.Service
if instance.Spec.TLS.CaBundleSecretName != "" {
tlsCfg = &tls.Service{}
}

customData := map[string]string{
manila.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig,
"my.cnf": db.GetDatabaseClientConfig(tlsCfg), //(mschuppert) for now just get the default my.cnf
}

customData[manila.CustomServiceConfigFileName] = instance.Spec.CustomServiceConfig

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ require (
github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240224182407-3b6c02b195f6
github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240224182407-3b6c02b195f6
github.com/openstack-k8s-operators/manila-operator/api v0.0.0-00010101000000-000000000000
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240222094307-76fef735f093
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e
k8s.io/api v0.28.7
k8s.io/apimachinery v0.28.7
k8s.io/client-go v0.28.7
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@ github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.202402241
github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240224182407-3b6c02b195f6/go.mod h1:Qg6DbOUHCzMCGhRikhN0XTWSOBOX9uB9z74jTbjyOUk=
github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240224182407-3b6c02b195f6 h1:8SbXBGb7qgvYTXF9WiaNg1esn2J7mVXkqcAC0pIZJe4=
github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240224182407-3b6c02b195f6/go.mod h1:82nzS+DbBe1tzaMvNHH8FctmZzQ14ZAJysFGsMJiivo=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240222094307-76fef735f093 h1:gmm2o5bVYIeuAVHp7WsDIpQc8vh+/9tUUYY4Wfyus/o=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240222094307-76fef735f093/go.mod h1:f9IIyWeoskWoeWaDFF3qmAJ2Kqyovfi0Ar/QUfk3qag=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e h1:6vqp5HZwcGvPH0MII/23iCd97T3/1HJZlONKW6LyNio=
github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240220132409-f96d4d040f4e/go.mod h1:PDqfLbP4ZWqQHAu1OtbjfpOGQUKSzLqRJChvE/9pcyQ=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
Expand Down
9 changes: 8 additions & 1 deletion pkg/manila/volumes.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
package manila

import (
"strconv"

"github.com/openstack-k8s-operators/lib-common/modules/storage"
manilav1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
corev1 "k8s.io/api/core/v1"
"strconv"
)

// GetVolumes -
Expand Down Expand Up @@ -86,6 +87,12 @@ func GetVolumeMounts(extraVol []manilav1.ManilaExtraVolMounts, svc []storage.Pro
MountPath: "/usr/local/bin/container-scripts",
ReadOnly: true,
},
{
Name: "config-data",
MountPath: "/etc/my.cnf",
SubPath: "my.cnf",
ReadOnly: true,
},
/*{
Name: "config-data-merged",
MountPath: "/var/lib/config-data/merged",
Expand Down
Loading

0 comments on commit ed57cd5

Please sign in to comment.