diff --git a/internal/controller/mantlebackup_controller.go b/internal/controller/mantlebackup_controller.go index e677068e..c9ad70ea 100644 --- a/internal/controller/mantlebackup_controller.go +++ b/internal/controller/mantlebackup_controller.go @@ -7,6 +7,8 @@ import ( "fmt" "time" + _ "embed" + mantlev1 "github.com/cybozu-go/mantle/api/v1" "github.com/cybozu-go/mantle/internal/ceph" "github.com/cybozu-go/mantle/pkg/controller/proto" @@ -49,6 +51,13 @@ const ( syncModeIncremental = "incremental" ) +var ( + //go:embed script/job-export.sh + embedJobExportSh string + //go:embed script/job-upload.sh + embedJobUploadSh string +) + type ObjectStorageSettings struct { CACertConfigMap *string CACertKey *string @@ -1093,75 +1102,8 @@ func (r *MantleBackupReconciler) createOrUpdateExportJob(ctx context.Context, ta job.Spec.Template.Spec.Containers = []corev1.Container{ { - Name: "export", - Command: []string{ - "/bin/bash", - "-c", - ` -# This shell script is forked from: -# -# https://github.com/rook/rook/blob/fb02f500be4e0b80478366e973abf4e6870693a9/images/ceph/toolbox.sh -# -# It is distributed under Apache-2.0 license: -# -# Copyright 2016 The Rook Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e -set -o pipefail - -CEPH_CONFIG="/etc/ceph/ceph.conf" -MON_CONFIG="/etc/rook/mon-endpoints" -KEYRING_FILE="/etc/ceph/keyring" -# create a ceph config file in its default location so ceph/rados tools can be used -# without specifying any arguments -write_endpoints() { - endpoints=$(cat ${MON_CONFIG}) - # filter out the mon names - # external cluster can have numbers or hyphens in mon names, handling them in regex - # shellcheck disable=SC2001 - mon_endpoints=$(echo "${endpoints}"| sed 's/[a-z0-9_-]\+=//g') - DATE=$(date) - echo "$DATE writing mon endpoints to ${CEPH_CONFIG}: ${endpoints}" - cat < ${CEPH_CONFIG} -[global] -mon_host = ${mon_endpoints} -[client.admin] -keyring = ${KEYRING_FILE} -EOF -} -# read the secret from an env var (for backward compatibility), or from the secret file -ceph_secret=${ROOK_CEPH_SECRET} -if [[ "$ceph_secret" == "" ]]; then - ceph_secret=$(cat /var/lib/rook-ceph-mon/secret.keyring) -fi -# create the keyring file -cat < ${KEYRING_FILE} -[${ROOK_CEPH_USERNAME}] -key = ${ceph_secret} -EOF -# write the initial config file -write_endpoints - -# export diff -rm -f /mantle/export.bin -if [ -z "${FROM_SNAP_NAME}" ]; then - rbd export-diff -p ${POOL_NAME} ${SRC_IMAGE_NAME}@${SRC_SNAP_NAME} /mantle/export.bin -else - rbd export-diff -p ${POOL_NAME} --from-snap ${FROM_SNAP_NAME} ${SRC_IMAGE_NAME}@${SRC_SNAP_NAME} /mantle/export.bin -fi`, - }, + Name: "export", + Command: []string{"/bin/bash", "-c", embedJobExportSh}, Env: []corev1.EnvVar{ { Name: "ROOK_CEPH_USERNAME", @@ -1330,19 +1272,8 @@ func (r *MantleBackupReconciler) createOrUpdateExportDataUploadJob(ctx context.C job.Spec.Template.Spec.Containers = []corev1.Container{ { - Name: "upload", - Command: []string{ - "/bin/bash", - "-c", - ` -set -e - -if [ "${CERT_FILE}" = "" ]; then - s5cmd --endpoint-url ${OBJECT_STORAGE_ENDPOINT} cp /mantle/export.bin "s3://${BUCKET_NAME}/${OBJ_NAME}" -else - s5cmd --endpoint-url ${OBJECT_STORAGE_ENDPOINT} --credentials-file ${CERT_FILE} cp /mantle/export.bin "s3://${BUCKET_NAME}/${OBJ_NAME}" -end`, - }, + Name: "upload", + Command: []string{"/bin/bash", "-c", embedJobUploadSh}, Env: []corev1.EnvVar{ { Name: "OBJ_NAME", diff --git a/internal/controller/script/job-export.sh b/internal/controller/script/job-export.sh new file mode 100644 index 00000000..6cc981c1 --- /dev/null +++ b/internal/controller/script/job-export.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +# This shell script is forked from: +# +# https://github.com/rook/rook/blob/fb02f500be4e0b80478366e973abf4e6870693a9/images/ceph/toolbox.sh +# +# It is distributed under Apache-2.0 license: +# +# Copyright 2016 The Rook Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e +set -o pipefail + +CEPH_CONFIG="/etc/ceph/ceph.conf" +MON_CONFIG="/etc/rook/mon-endpoints" +KEYRING_FILE="/etc/ceph/keyring" +# create a ceph config file in its default location so ceph/rados tools can be used +# without specifying any arguments +write_endpoints() { + endpoints=$(cat ${MON_CONFIG}) + # filter out the mon names + # external cluster can have numbers or hyphens in mon names, handling them in regex + # shellcheck disable=SC2001 + mon_endpoints=$(echo "${endpoints}"| sed 's/[a-z0-9_-]\+=//g') + DATE=$(date) + echo "$DATE writing mon endpoints to ${CEPH_CONFIG}: ${endpoints}" + cat < ${CEPH_CONFIG} +[global] +mon_host = ${mon_endpoints} +[client.admin] +keyring = ${KEYRING_FILE} +EOF +} +# read the secret from an env var (for backward compatibility), or from the secret file +ceph_secret=${ROOK_CEPH_SECRET} +if [[ "$ceph_secret" == "" ]]; then + ceph_secret=$(cat /var/lib/rook-ceph-mon/secret.keyring) +fi +# create the keyring file +cat < ${KEYRING_FILE} +[${ROOK_CEPH_USERNAME}] +key = ${ceph_secret} +EOF +# write the initial config file +write_endpoints + +# export diff +rm -f /mantle/export.bin +if [ -z "${FROM_SNAP_NAME}" ]; then + rbd export-diff -p ${POOL_NAME} ${SRC_IMAGE_NAME}@${SRC_SNAP_NAME} /mantle/export.bin +else + rbd export-diff -p ${POOL_NAME} --from-snap ${FROM_SNAP_NAME} ${SRC_IMAGE_NAME}@${SRC_SNAP_NAME} /mantle/export.bin +fi diff --git a/internal/controller/script/job-upload.sh b/internal/controller/script/job-upload.sh new file mode 100644 index 00000000..ae40a3fe --- /dev/null +++ b/internal/controller/script/job-upload.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +if [ "${CERT_FILE}" = "" ]; then + s5cmd --endpoint-url ${OBJECT_STORAGE_ENDPOINT} cp /mantle/export.bin "s3://${BUCKET_NAME}/${OBJ_NAME}" +else + s5cmd --endpoint-url ${OBJECT_STORAGE_ENDPOINT} --credentials-file ${CERT_FILE} cp /mantle/export.bin "s3://${BUCKET_NAME}/${OBJ_NAME}" +end