rook-ceph/stx-rook-ceph/stx-rook-ceph/helm-charts/rook-ceph-provisioner/templates/job-ceph-mon-audit.yaml

{{/*
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
*/}}

{{- if .Values.global.job_ceph_mon_audit }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: ceph-mon-audit-bin
  namespace: {{ .Release.Namespace }}
data:
  audit.sh: |-
    #!/bin/bash

    source /etc/build.info
    node=$(hostname)
    stat /opt/platform/.keyring/${SW_VERSION}/.CREDENTIAL > /dev/null 2>&1
    if [ $? -ne 0 ]; then
        if [ x"$node" = x"controller-0" ]; then
            active="controller-1"
        else
            active="controller-0"
        fi
    else
        active=$node
    fi

    controller_node=$(kubectl get pods -n kube-system  --selector=app="rook-ceph-mon,ceph_daemon_id=a" -o wide | awk   '/controller/  {print $7}')
    if [ x"$active" = x"$controller_node" ]; then
        echo "mon-a pod is running on active controler"
        exit 0
    fi

    # update configmap
    cat >  endpoint.yaml << EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: rook-ceph-mon-endpoints
      namespace: $NAMESPACE
    data:
      data: a=$FLOAT_IP:6789
      mapping: '{"node":{"a":{"Name":"$active","Hostname":"$active","Address":"$FLOAT_IP"}}}'
      maxMonId: "0"
    EOF

    kubectl apply -f endpoint.yaml --overwrite=true
    rm -f endpoint.yaml

    # delete mon-a deployment and pod
    kubectl delete deployments.apps  -n kube-system rook-ceph-mon-a
    kubectl delete pods -n kube-system  --selector="app=rook-ceph-mon,ceph_daemon_id=a"

    kubectl delete  po -n kube-system  --selector="app=rook-ceph-operator"    
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: stx-ceph-mon-audit
spec:
  schedule: {{ .Values.ceph_mon_audit_jobs.audit.cron | quote }}
  successfulJobsHistoryLimit: {{ .Values.ceph_mon_audit_jobs.audit.history.success }}
  failedJobsHistoryLimit: {{ .Values.ceph_mon_audit_jobs.audit.history.failed }}
  concurrencyPolicy: Forbid
  jobTemplate:
    metadata:
      name: stx-ceph-mon-audit
      namespace: {{ .Release.Namespace }}
      labels:
        app: ceph-mon-audit
    spec:
      template:
        metadata:
          labels:
            app: ceph-mon-audit
        spec:
          serviceAccountName: {{ .Values.rbac.serviceAccount }}
          restartPolicy: OnFailure
          hostNetwork: true
          {{- if .Values.global.nodeSelector }}
          nodeSelector:
          {{ .Values.global.nodeSelector | toYaml | trim | indent 10 }}
          {{- end }}
          volumes:
          - name: ceph-mon-audit-bin
            configMap:
              name: ceph-mon-audit-bin
              defaultMode: 0555
          - name: platform
            hostPath:
              path: /opt/platform
          containers:
          - name: ceph-mon-audit
            image: {{ .Values.images.tags.ceph_config_helper | quote }}
            command: [ "/bin/bash", "/tmp/mount/audit.sh" ]
            env:
            - name: NAMESPACE
              value: {{ .Release.Namespace }}
            - name: FLOAT_IP
              value: {{ .Values.ceph_mon_audit_jobs.floatIP }}
            volumeMounts:
            - name: platform
              mountPath: /opt/platform
              readOnly: true
            - name: ceph-mon-audit-bin
              mountPath: /tmp/mount
{{- end }}