Gitiles
Code Review Sign In
osm.etsi.org / osm / LCM / 2f39b8a4f0b38541b63e288a4517e82997003bd8 / . / osm_lcm / odu_libs / cluster_mgmt.py
blob: bed2781d64b457af4db4b8f74d993a2a50744903 [file] [log] [blame]
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]1#######################################################################################
2# Copyright ETSI Contributors and Others.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13# implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#######################################################################################
17
18
19from pyrage import x25519
20import yaml
21import base64
22
23
24def gather_age_key(cluster):
25 pubkey = cluster.get("age_pubkey")
26 privkey = cluster.get("age_privkey")
27 # return both public and private key
28 return pubkey, privkey
29
30
31def generate_age_key():
32 ident = x25519.Identity.generate()
33 # gets the public key
34 pubkey = ident.to_public()
35 # gets the private key
36 privkey = str(ident)
37 # return both public and private key
38 return pubkey, privkey
39
40
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]41async def create_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]42 self.logger.info(f"create_cluster Enter. Operation {op_id}. Params: {op_params}")
43 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]44
45 db_cluster = content["cluster"]
46 db_vim_account = content["vim_account"]
47
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]48 workflow_template = "launcher-create-crossplane-cluster-and-bootstrap.j2"
49 workflow_name = f"create-cluster-{db_cluster['_id']}"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]50 cluster_name = db_cluster["git_name"].lower()
51
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]52 # Get age key
53 public_key_new_cluster, private_key_new_cluster = gather_age_key(db_cluster)
54 self.logger.debug(f"public_key_new_cluster={public_key_new_cluster}")
55 self.logger.debug(f"private_key_new_cluster={private_key_new_cluster}")
56
57 # Test kubectl connection
58 self.logger.debug(self._kubectl._get_kubectl_version())
59
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]60 # Create temporal secret with agekey
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]61 secret_name = f"secret-age-{cluster_name}"
62 secret_namespace = "osm-workflows"
63 secret_key = "agekey"
64 secret_value = private_key_new_cluster
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]65 try:
66 await self.create_secret(
67 secret_name,
68 secret_namespace,
69 secret_key,
70 secret_value,
71 )
72 except Exception as e:
73 self.logger.info(f"Cannot create secret {secret_name}: {e}")
74 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]75
76 # Additional params for the workflow
77 cluster_kustomization_name = cluster_name
78 osm_project_name = "osm_admin" # TODO: get project name from content
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]79 vim_account_id = db_cluster["vim_account"]
80 providerconfig_name = f"{vim_account_id}-config"
81 vim_type = db_vim_account["vim_type"]
garciadeblas753b1e32024-11-06 12:56:33 +0100[diff] [blame]82 if db_cluster.get("bootstrap", True):
83 skip_bootstrap = "false"
84 else:
85 skip_bootstrap = "true"
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]86 if vim_type == "azure":
87 cluster_type = "aks"
88 elif vim_type == "aws":
89 cluster_type = "eks"
90 elif vim_type == "gcp":
91 cluster_type = "gke"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]92 else:
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]93 raise Exception("Not suitable VIM account to register cluster")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]94
95 # Render workflow
96 # workflow_kwargs = {
97 # "git_fleet_url": f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
98 # "git_sw_catalogs_url": f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
99 # }
100 # manifest = self.render_jinja_template(
101 # workflow_template,
102 # output_file=None,
103 # **workflow_kwargs
104 # )
105 manifest = self.render_jinja_template(
106 workflow_template,
107 output_file=None,
108 workflow_name=workflow_name,
109 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
110 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
111 cluster_name=cluster_name,
112 cluster_type=cluster_type,
113 cluster_kustomization_name=cluster_kustomization_name,
114 providerconfig_name=providerconfig_name,
115 public_key_mgmt=self._pubkey,
116 public_key_new_cluster=public_key_new_cluster,
117 secret_name_private_key_new_cluster=secret_name,
118 vm_size=db_cluster["node_size"],
119 node_count=db_cluster["node_count"],
120 k8s_version=db_cluster["k8s_version"],
121 cluster_location=db_cluster["region_name"],
122 osm_project_name=osm_project_name,
garciadeblasd84808e2024-11-18 17:10:00 +0100[diff] [blame]123 rg_name=db_cluster.get("resource_group", "''"),
124 preemptible_nodes=db_cluster.get("preemptible_nodes", "false"),
garciadeblas753b1e32024-11-06 12:56:33 +0100[diff] [blame]125 skip_bootstrap=skip_bootstrap,
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]126 workflow_debug=self._workflow_debug,
127 workflow_dry_run=self._workflow_dry_run,
128 )
129 self.logger.debug(f"Workflow manifest: {manifest}")
130
131 # Submit workflow
132 self._kubectl.create_generic_object(
133 namespace="osm-workflows",
134 manifest_dict=yaml.safe_load(manifest),
135 api_group="argoproj.io",
136 api_plural="workflows",
137 api_version="v1alpha1",
138 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]139 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]140
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]141
142async def update_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]143 self.logger.info(f"update_cluster Enter. Operation {op_id}. Params: {op_params}")
144 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]145
146 db_cluster = content["cluster"]
147 db_vim_account = content["vim_account"]
garciadeblas73cd5a22024-11-06 10:45:22 +0100[diff] [blame]148 cluster_name = db_cluster["git_name"].lower()
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]149
150 workflow_template = "launcher-update-crossplane-cluster.j2"
garciadeblasc8c75d42024-11-13 12:36:13 +0100[diff] [blame]151 workflow_name = f"update-cluster-{op_id}"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]152 # cluster_name = db_cluster["name"].lower()
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]153
154 # Get age key
155 public_key_cluster, private_key_cluster = gather_age_key(db_cluster)
156 self.logger.debug(f"public_key_new_cluster={public_key_cluster}")
157 self.logger.debug(f"private_key_new_cluster={private_key_cluster}")
158
159 # Create secret with agekey
160 secret_name = f"secret-age-{cluster_name}"
161 secret_namespace = "osm-workflows"
162 secret_key = "agekey"
163 secret_value = private_key_cluster
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]164 try:
165 await self.create_secret(
166 secret_name,
167 secret_namespace,
168 secret_key,
169 secret_value,
170 )
171 except Exception as e:
172 self.logger.info(f"Cannot create secret {secret_name}: {e}")
173 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]174
175 # Additional params for the workflow
176 cluster_kustomization_name = cluster_name
177 osm_project_name = "osm_admin" # TODO: get project name from db_cluster
178 vim_account_id = db_cluster["vim_account"]
179 providerconfig_name = f"{vim_account_id}-config"
180 vim_type = db_vim_account["vim_type"]
garciadeblas73cd5a22024-11-06 10:45:22 +0100[diff] [blame]181 vm_size = op_params.get("node_size", db_cluster["node_size"])
182 node_count = op_params.get("node_count", db_cluster["node_count"])
183 k8s_version = op_params.get("k8s_version", db_cluster["k8s_version"])
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]184 if vim_type == "azure":
185 cluster_type = "aks"
186 elif vim_type == "aws":
187 cluster_type = "eks"
188 elif vim_type == "gcp":
189 cluster_type = "gke"
190 else:
191 raise Exception("Not suitable VIM account to update cluster")
192
193 # Render workflow
194 manifest = self.render_jinja_template(
195 workflow_template,
196 output_file=None,
197 workflow_name=workflow_name,
198 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
199 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
200 cluster_name=cluster_name,
201 cluster_type=cluster_type,
202 cluster_kustomization_name=cluster_kustomization_name,
203 providerconfig_name=providerconfig_name,
204 public_key_mgmt=self._pubkey,
205 public_key_new_cluster=public_key_cluster,
206 secret_name_private_key_new_cluster=secret_name,
garciadeblas73cd5a22024-11-06 10:45:22 +0100[diff] [blame]207 vm_size=vm_size,
208 node_count=node_count,
209 k8s_version=k8s_version,
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]210 cluster_location=db_cluster["region_name"],
211 osm_project_name=osm_project_name,
garciadeblasd84808e2024-11-18 17:10:00 +0100[diff] [blame]212 rg_name=db_cluster.get("resource_group", "''"),
213 preemptible_nodes=db_cluster.get("preemptible_nodes", "false"),
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]214 workflow_debug=self._workflow_debug,
215 workflow_dry_run=self._workflow_dry_run,
216 )
217 self.logger.info(manifest)
218
219 # Submit workflow
220 self._kubectl.create_generic_object(
221 namespace="osm-workflows",
222 manifest_dict=yaml.safe_load(manifest),
223 api_group="argoproj.io",
224 api_plural="workflows",
225 api_version="v1alpha1",
226 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]227 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]228
229
230async def delete_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]231 self.logger.info(f"delete_cluster Enter. Operation {op_id}. Params: {op_params}")
232 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]233
234 db_cluster = content["cluster"]
235
236 workflow_template = "launcher-delete-cluster.j2"
237 workflow_name = f"delete-cluster-{db_cluster['_id']}"
238 # cluster_name = db_cluster["name"].lower()
239 cluster_name = db_cluster["git_name"].lower()
240
241 # Additional params for the workflow
242 cluster_kustomization_name = cluster_name
243 osm_project_name = "osm_admin" # TODO: get project name from DB
244
245 # Render workflow
246 manifest = self.render_jinja_template(
247 workflow_template,
248 output_file=None,
249 workflow_name=workflow_name,
250 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
251 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
252 cluster_name=cluster_name,
253 cluster_kustomization_name=cluster_kustomization_name,
254 osm_project_name=osm_project_name,
255 workflow_debug=self._workflow_debug,
256 workflow_dry_run=self._workflow_dry_run,
257 )
258 self.logger.info(manifest)
259
260 # Submit workflow
261 self._kubectl.create_generic_object(
262 namespace="osm-workflows",
263 manifest_dict=yaml.safe_load(manifest),
264 api_group="argoproj.io",
265 api_plural="workflows",
266 api_version="v1alpha1",
267 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]268 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]269
270
271async def register_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]272 self.logger.info(f"register_cluster Enter. Operation {op_id}. Params: {op_params}")
273 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]274
275 db_cluster = content["cluster"]
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]276 cluster_name = db_cluster["git_name"].lower()
277
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]278 workflow_template = "launcher-bootstrap-cluster.j2"
279 workflow_name = f"register-cluster-{db_cluster['_id']}"
280
281 # Get age key
282 public_key_new_cluster, private_key_new_cluster = gather_age_key(db_cluster)
283 self.logger.debug(f"public_key_new_cluster={public_key_new_cluster}")
284 self.logger.debug(f"private_key_new_cluster={private_key_new_cluster}")
285
286 # Create temporal secret with agekey
287 secret_name = f"secret-age-{cluster_name}"
288 secret_namespace = "osm-workflows"
289 secret_key = "agekey"
290 secret_value = private_key_new_cluster
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]291 try:
292 await self.create_secret(
293 secret_name,
294 secret_namespace,
295 secret_key,
296 secret_value,
297 )
298 except Exception as e:
299 self.logger.info(
300 f"Cannot create secret {secret_name} in namespace {secret_namespace}: {e}"
301 )
302 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]303
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]304 # Create secret with kubeconfig
305 secret_name2 = f"kubeconfig-{cluster_name}"
306 secret_namespace2 = "managed-resources"
307 secret_key2 = "kubeconfig"
308 secret_value2 = yaml.safe_dump(
garciadeblasa82300f2024-11-18 10:24:26 +0100[diff] [blame]309 db_cluster["credentials"], indent=2, default_flow_style=False, sort_keys=False
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]310 )
garciadeblas91bb2c42024-11-12 11:17:12 +0100[diff] [blame]311 try:
312 await self.create_secret(
313 secret_name2,
314 secret_namespace2,
315 secret_key2,
316 secret_value2,
317 )
318 except Exception as e:
319 self.logger.info(
320 f"Cannot create secret {secret_name} in namespace {secret_namespace}: {e}"
321 )
322 return False, ""
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]323
324 # Additional params for the workflow
325 cluster_kustomization_name = cluster_name
326 osm_project_name = "osm_admin" # TODO: get project name from content
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]327
328 manifest = self.render_jinja_template(
329 workflow_template,
330 output_file=None,
331 workflow_name=workflow_name,
332 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
333 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
334 cluster_name=cluster_name,
335 cluster_kustomization_name=cluster_kustomization_name,
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]336 public_key_mgmt=self._pubkey,
337 public_key_new_cluster=public_key_new_cluster,
338 secret_name_private_key_new_cluster=secret_name,
339 osm_project_name=osm_project_name,
340 workflow_debug=self._workflow_debug,
341 workflow_dry_run=self._workflow_dry_run,
342 )
343 self.logger.debug(f"Workflow manifest: {manifest}")
344
345 # Submit workflow
346 self._kubectl.create_generic_object(
347 namespace="osm-workflows",
348 manifest_dict=yaml.safe_load(manifest),
349 api_group="argoproj.io",
350 api_plural="workflows",
351 api_version="v1alpha1",
352 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]353 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]354
355
356async def deregister_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]357 self.logger.info(
358 f"deregister_cluster Enter. Operation {op_id}. Params: {op_params}"
359 )
360 # self.logger.debug(f"Content: {content}")
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]361
362 db_cluster = content["cluster"]
363 cluster_name = db_cluster["git_name"].lower()
364
365 workflow_template = "launcher-disconnect-flux-remote-cluster.j2"
366 workflow_name = f"deregister-cluster-{db_cluster['_id']}"
367
368 # Additional params for the workflow
369 cluster_kustomization_name = cluster_name
370 osm_project_name = "osm_admin" # TODO: get project name from DB
371
372 # Render workflow
373 manifest = self.render_jinja_template(
374 workflow_template,
375 output_file=None,
376 workflow_name=workflow_name,
377 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
378 cluster_kustomization_name=cluster_kustomization_name,
379 osm_project_name=osm_project_name,
380 workflow_debug=self._workflow_debug,
381 workflow_dry_run=self._workflow_dry_run,
382 )
383 self.logger.info(manifest)
384
385 # Submit workflow
386 self._kubectl.create_generic_object(
387 namespace="osm-workflows",
388 manifest_dict=yaml.safe_load(manifest),
389 api_group="argoproj.io",
390 api_plural="workflows",
391 api_version="v1alpha1",
392 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]393 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]394
395
396async def get_cluster_credentials(self, db_cluster):
397 """
398 returns the kubeconfig file of a K8s cluster in a dictionary
399 """
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]400 self.logger.info("get_cluster_credentials Enter")
401 # self.logger.debug(f"Content: {db_cluster}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]402
403 secret_name = f"kubeconfig-{db_cluster['git_name'].lower()}"
404 secret_namespace = "managed-resources"
405 secret_key = "kubeconfig"
406
407 self.logger.info(f"Checking content of secret {secret_name} ...")
408 try:
409 returned_secret_data = await self._kubectl.get_secret_content(
410 name=secret_name,
411 namespace=secret_namespace,
412 )
413 returned_secret_value = base64.b64decode(
414 returned_secret_data[secret_key]
415 ).decode("utf-8")
416 return True, yaml.safe_load(returned_secret_value)
417 except Exception as e:
418 message = f"Not possible to get the credentials of the cluster. Exception: {e}"
419 self.logger.critical(message)
420 return False, message
421
422
garciadeblas28bff0f2024-09-16 12:53:07 +0200[diff] [blame]423async def clean_items_cluster_create(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]424 self.logger.info(
425 f"clean_items_cluster_create Enter. Operation {op_id}. Params: {op_params}"
426 )
427 self.logger.debug(f"Content: {content}")
garciadeblas28bff0f2024-09-16 12:53:07 +0200[diff] [blame]428 items = {
429 "secrets": [
430 {
431 "name": f"secret-age-{content['cluster']['git_name'].lower()}",
432 "namespace": "osm-workflows",
433 }
434 ]
435 }
436 try:
437 await self.clean_items(items)
438 return True, "OK"
439 except Exception as e:
440 return False, f"Error while cleaning items: {e}"
441
442
443async def clean_items_cluster_update(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]444 self.logger.info(
445 f"clean_items_cluster_update Enter. Operation {op_id}. Params: {op_params}"
446 )
447 # self.logger.debug(f"Content: {content}")
garciadeblas28bff0f2024-09-16 12:53:07 +0200[diff] [blame]448 return await self.clean_items_cluster_create(op_id, op_params, content)
449
450
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]451async def clean_items_cluster_register(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]452 self.logger.info(
453 f"clean_items_cluster_register Enter. Operation {op_id}. Params: {op_params}"
454 )
455 # self.logger.debug(f"Content: {content}")
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]456 # Clean secrets
457 cluster_name = content["cluster"]["git_name"].lower()
458 items = {
459 "secrets": [
460 {
461 "name": f"secret-age-{cluster_name}",
462 "namespace": "osm-workflows",
463 },
464 ]
465 }
466
467 try:
468 await self.clean_items(items)
garciadeblas28d6e692024-10-15 13:14:39 +0200[diff] [blame]469 return True, "OK"
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]470 except Exception as e:
471 return False, f"Error while cleaning items: {e}"
garciadeblas91bb2c42024-11-12 11:17:12 +0100[diff] [blame]472
473
474async def clean_items_cluster_deregister(self, op_id, op_params, content):
475 self.logger.info(
476 f"clean_items_cluster_deregister Enter. Operation {op_id}. Params: {op_params}"
477 )
478 # self.logger.debug(f"Content: {content}")
479 # Clean secrets
480 self.logger.info("Cleaning kubeconfig")
481 cluster_name = content["cluster"]["git_name"].lower()
482 items = {
483 "secrets": [
484 {
485 "name": f"kubeconfig-{cluster_name}",
486 "namespace": "managed-resources",
487 },
488 ]
489 }
490
491 try:
492 await self.clean_items(items)
493 return True, "OK"
494 except Exception as e:
495 return False, f"Error while cleaning items: {e}"