openstack-k8s-operators · openshift-merge-bot · Apr 28, 2025 · Apr 4, 2025
diff --git a/controllers/ironicneutronagent_controller.go b/controllers/ironicneutronagent_controller.go
@@ -312,6 +312,22 @@ func (r *IronicNeutronAgentReconciler) findObjectsForSrc(ctx context.Context, sr
 	return requests
 }
 
+func (r *IronicNeutronAgentReconciler) getTransportURL(
+	ctx context.Context,
+	h *helper.Helper,
+	instance *ironicv1.IronicNeutronAgent,
+) (string, error) {
+	transportURLSecret, _, err := secret.GetSecret(ctx, h, instance.Status.TransportURLSecret, instance.Namespace)
+	if err != nil {
+		return "", err
+	}
+	transportURL, ok := transportURLSecret.Data["transport_url"]
+	if !ok {
+		return "", fmt.Errorf("transport_url %w Transport Secret", util.ErrNotFound)
+	}
+	return string(transportURL), nil
+}
+
 func (r *IronicNeutronAgentReconciler) reconcileTransportURL(
 	ctx context.Context,
 	instance *ironicv1.IronicNeutronAgent,
@@ -435,17 +451,13 @@ func (r *IronicNeutronAgentReconciler) reconcileConfigMapsAndSecrets(
 	// all cert input checks out so report InputReady
 	instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage)
 
-	//
-	// Create ConfigMaps required as input for the Service and calculate an overall hash of hashes
+	// Create Secrets required as input for the Service and calculate an overall hash of hashes
 	//
 
-	// create custom Configmap for IronicNeutronAgent input
-	// - %-scripts configmap holding scripts to e.g. bootstrap the service
-	// - %-config configmap holding minimal neutron config required to get the
-	//   service up, user can add additional files to be added to the service
-	// - parameters which has passwords gets added from the OpenStack secret via the init container
 	//
-	err = r.generateServiceConfigMaps(ctx, helper, instance, &configMapVars)
+	// create Secret required for ironicneutronagent input. It contains minimal ironicneutronagent config required
+	// to get the service up, user can add additional files to be added to the service.
+	err = r.generateServiceSecrets(ctx, helper, instance, &configMapVars)
 	if err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
 			condition.ServiceConfigReadyCondition,
@@ -455,7 +467,8 @@ func (r *IronicNeutronAgentReconciler) reconcileConfigMapsAndSecrets(
 			err.Error()))
 		return ctrl.Result{}, "", err
 	}
-	// Create ConfigMaps - end
+
+	// Create ConfigMaps and Secrets - end
 
 	// create hash over all the different input resources to identify if any those changed
 	// and a restart/recreate is required.
@@ -476,7 +489,6 @@ func (r *IronicNeutronAgentReconciler) reconcileConfigMapsAndSecrets(
 	instance.Status.Conditions.MarkTrue(
 		condition.ServiceConfigReadyCondition,
 		condition.ServiceConfigReadyMessage)
-	// Create ConfigMaps and Secrets - end
 
 	return ctrl.Result{}, inputHash, nil
 }
@@ -712,24 +724,25 @@ func (r *IronicNeutronAgentReconciler) reconcileUpgrade(
 	return ctrl.Result{}, nil
 }
 
-// generateServiceConfigMaps - create custom configmap to hold service-specific config
-func (r *IronicNeutronAgentReconciler) generateServiceConfigMaps(
+// generateServiceSecrets - create secrets which service configuration
+func (r *IronicNeutronAgentReconciler) generateServiceSecrets(
 	ctx context.Context,
 	h *helper.Helper,
 	instance *ironicv1.IronicNeutronAgent,
 	envVars *map[string]env.Setter,
 ) error {
-	//
-	// create custom Configmap for ironic-neutron-agnet-specific config input
-	// - %-config-data configmap holding custom config for the service config
-	//
-
-	cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironic.ServiceName), map[string]string{})
+	// Create/update secrets from templates
+	cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(ironicneutronagent.ServiceName), map[string]string{})
 
 	// customData hold any customization for the service.
-	// custom.conf is going to be merged into /etc/ironic/ironic.conf
-	// TODO: make sure custom.conf can not be overwritten
-	customData := map[string]string{common.CustomServiceConfigFileName: instance.Spec.CustomServiceConfig}
+	// 02-ironic_neutron_agent-custom.conf is going to /etc/neutron/neutron.conf.d
+	// 01-ironic_neutron_agent.conf is going to /etc/neutron/neutron.conf.d such that it gets loaded before custom one
+	customData := map[string]string{
+		"02-ironic_neutron_agent-custom.conf": instance.Spec.CustomServiceConfig,
+	}
+	for key, data := range instance.Spec.DefaultConfigOverwrite {
+		customData[key] = data
+	}
 
 	keystoneAPI, err := keystonev1.GetKeystoneAPI(ctx, h, instance.Namespace, map[string]string{})
 	if err != nil {
@@ -744,35 +757,40 @@ func (r *IronicNeutronAgentReconciler) generateServiceConfigMaps(
 		return err
 	}
 
+	transportURL, err := r.getTransportURL(ctx, h, instance)
+	if err != nil {
+		return err
+	}
+
+	ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace)
+	if err != nil {
+		return err
+	}
+
 	templateParameters := make(map[string]interface{})
 	templateParameters["ServiceUser"] = instance.Spec.ServiceUser
 	templateParameters["KeystoneInternalURL"] = keystoneInternalURL
 	templateParameters["KeystonePublicURL"] = keystonePublicURL
+	templateParameters["TransportURL"] = transportURL
+
+	// Other OpenStack services
+	servicePassword := string(ospSecret.Data[instance.Spec.PasswordSelectors.Service])
+	templateParameters["ServicePassword"] = servicePassword
+	templateParameters["keystone_authtoken"] = servicePassword
+	templateParameters["service_catalog"] = servicePassword
+	templateParameters["ironic"] = servicePassword
 
 	cms := []util.Template{
-		// Scripts ConfigMap
-		{
-			Name:         fmt.Sprintf("%s-scripts", instance.Name),
-			Namespace:    instance.Namespace,
-			Type:         util.TemplateTypeScripts,
-			InstanceType: instance.Kind,
-			AdditionalTemplate: map[string]string{
-				"common.sh": "/common/bin/common.sh",
-			},
-			Labels: cmLabels,
-		},
-		// Custom ConfigMap
 		{
 			Name:          fmt.Sprintf("%s-config-data", instance.Name),
 			Namespace:     instance.Namespace,
 			Type:          util.TemplateTypeConfig,
 			InstanceType:  instance.Kind,
 			CustomData:    customData,
-			ConfigOptions: templateParameters,
 			Labels:        cmLabels,
+			ConfigOptions: templateParameters,
 		},
 	}
-
 	return secret.EnsureSecrets(ctx, h, instance, cms, envVars)
 }
 

diff --git a/pkg/ironicneutronagent/deployment.go b/pkg/ironicneutronagent/deployment.go
@@ -67,13 +67,11 @@ func Deployment(
 
 	volumes := GetVolumes(instance.Name)
 	volumeMounts := GetVolumeMounts()
-	initVolumeMounts := GetInitVolumeMounts()
 
 	// Add the CA bundle
 	if instance.Spec.TLS.CaBundleSecretName != "" {
 		volumes = append(volumes, instance.Spec.TLS.CreateVolume())
 		volumeMounts = append(volumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
-		initVolumeMounts = append(initVolumeMounts, instance.Spec.TLS.CreateVolumeMounts(nil)...)
 	}
 
 	// Default oslo.service graceful_shutdown_timeout is 60, so align with that
@@ -137,14 +135,5 @@ func Deployment(
 		)
 	}
 
-	initContainerDetails := APIDetails{
-		ContainerImage:       instance.Spec.ContainerImage,
-		OSPSecret:            instance.Spec.Secret,
-		TransportURLSecret:   instance.Status.TransportURLSecret,
-		UserPasswordSelector: instance.Spec.PasswordSelectors.Service,
-		VolumeMounts:         initVolumeMounts,
-	}
-	deployment.Spec.Template.Spec.InitContainers = InitContainer(initContainerDetails)
-
 	return deployment
 }
diff --git a/pkg/ironicneutronagent/initcontainer.go b/pkg/ironicneutronagent/initcontainer.go
diff --git a/pkg/ironicneutronagent/volumes.go b/pkg/ironicneutronagent/volumes.go
@@ -22,56 +22,18 @@ import (
 
 // GetVolumes -
 func GetVolumes(name string) []corev1.Volume {
-	var scriptsVolumeDefaultMode int32 = 0755
 	var config0640AccessMode int32 = 0640
 
 	return []corev1.Volume{
 		{
-			Name: "scripts",
-			VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					DefaultMode: &scriptsVolumeDefaultMode,
-					SecretName:  name + "-scripts",
-				},
-			},
-		},
-		{
-			Name: "config-data",
+			Name: "config",
 			VolumeSource: corev1.VolumeSource{
 				Secret: &corev1.SecretVolumeSource{
 					DefaultMode: &config0640AccessMode,
 					SecretName:  name + "-config-data",
 				},
 			},
 		},
-		{
-			Name: "config-data-merged",
-			VolumeSource: corev1.VolumeSource{
-				EmptyDir: &corev1.EmptyDirVolumeSource{Medium: ""},
-			},
-		},
-	}
-
-}
-
-// GetInitVolumeMounts - IronicNeutronAgent init task VolumeMounts
-func GetInitVolumeMounts() []corev1.VolumeMount {
-	return []corev1.VolumeMount{
-		{
-			Name:      "scripts",
-			MountPath: "/usr/local/bin/container-scripts",
-			ReadOnly:  true,
-		},
-		{
-			Name:      "config-data",
-			MountPath: "/var/lib/config-data/default",
-			ReadOnly:  true,
-		},
-		{
-			Name:      "config-data-merged",
-			MountPath: "/var/lib/config-data/merged",
-			ReadOnly:  false,
-		},
 	}
 
 }
@@ -80,21 +42,15 @@ func GetInitVolumeMounts() []corev1.VolumeMount {
 func GetVolumeMounts() []corev1.VolumeMount {
 	return []corev1.VolumeMount{
 		{
-			Name:      "scripts",
-			MountPath: "/usr/local/bin/container-scripts",
+			Name:      "config",
+			MountPath: "/var/lib/config-data/default",
 			ReadOnly:  true,
 		},
 		{
-			Name:      "config-data-merged",
-			MountPath: "/var/lib/config-data/merged",
-			ReadOnly:  false,
-		},
-		{
-			Name:      "config-data",
+			Name:      "config",
 			MountPath: "/var/lib/kolla/config_files/config.json",
 			SubPath:   "ironic-neutron-agent-config.json",
 			ReadOnly:  true,
 		},
 	}
-
 }