Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-8651

Secrets are not discovered when deploying dataplane custom services

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Blocker Blocker
    • rhos-18.0.0
    • None
    • openstack-operator
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • openstack-operator-container-1.0.0-41
    • openstack-operator-container-1.0.0-41
    • ?
    • ?
    • None
    • Release Note Not Required
    • Critical

      I am deploying multicells deployment with dedicated nova metadata instance per cell which means I should point the neutron metadata agent to the right nova metadata instance from "its" cell (I believe), I created a custom neutron-metadata OpenStackDataPlaneService - 

      ---
apiVersion: dataplane.openstack.org/v1beta1
kind: OpenStackDataPlaneService
metadata:
  name: neutron-metadata-custom-cell2
  namespace: openstack
spec:
  addCertMounts: false
  caCerts: combined-ca-bundle
  containerImageFields:
  - EdpmNeutronMetadataAgentImage
  dataSources:
  - secretRef:
      name: neutron-ovn-metadata-agent-neutron-config
  - secretRef:
      name: nova-cell2-metadata-neutron-config
  edpmServiceType: neutron-metadata
  playbook: osp.edpm.neutron_metadata
  tlsCerts:
    default:
      contents:
      - dnsnames
      - ips
      issuer: osp-rootca-issuer-ovn
      keyUsages:
      - digital signature
      - key encipherment
      - client auth
      networks:
      - ctlplane

      with nova-cell2-metadata-neutron-config Secret which was created by nova operator and contains the right configuration for neutron metadata agent pointing it to the right nova metadata instance. Once I try to deploy the Data plane the openstackansibleee container created to deploy the custom service has following mounts:

          Mounts:
      /etc/ceph from ceph (ro)
      /runner/env/ssh_key from ssh-key (rw,path="ssh_key")
      /runner/inventory/hosts from inventory (rw,path="inventory")
      /var/lib/openstack/configs/neutron-metadata-custom-cell1/05-nova-metadata.conf from nova-cell1-metadata-neutron-config-0 (rw,path="05-nova-metadata.conf")
      /var/lib/openstack/configs/neutron-metadata-custom-cell1/10-neutron-metadata.conf from neutron-ovn-metadata-agent-neutron-config-0 (rw,path="10-neutron-metadata.conf")
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-csnwl (ro)

      With the custom service name (in my case /neutron-metadata-custom-cell1) in the path. And these Secrets do not get discovered since the edpm_neutron_metadata ansible role looks for it in https://github.com/openstack-k8s-operators/edpm-ansible/blob/main/roles/edpm_neutron_metadata/defaults/main.yml#L13 - /var/lib/openstack/configs/neutron-metadata by default.
      The value of EDPMServiceType (which in my case is correctly set to neutron-metadata) should be probably used in the mount path, i.e. /var/lib/openstack/configs/neutron-metadata/05-nova-metadata.conf instead of /var/lib/openstack/configs/neutron-metadata-custom-cell1/05-nova-metadata.conf.
      (It works "out of the box" in the case of edpm_nova because It sets "edpm_nova_config_src: /var/lib/openstack/configs")

       

      The end result is that the Secret with needed configuration for the neutron metadata agent are not discovered and in my use case neutron metadata agent does not point to the right nova metadata instance within its cell.

              mkrcmari@redhat.com Marian Krcmarik
              mkrcmari@redhat.com Marian Krcmarik
              rhos-dfg-df
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: