Gitiles
Code Review Sign In
osm.etsi.org / osm / LCM / 8058d00795a872902bdc39e51a29c67722d75750 / . / osm_lcm / odu_libs / cluster_mgmt.py
blob: 0a19de106938d0bd5ab8703363f51e9d445ad561 [file] [log] [blame]
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]1#######################################################################################
2# Copyright ETSI Contributors and Others.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13# implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#######################################################################################
17
18
19from pyrage import x25519
20import yaml
21import base64
22
23
24def gather_age_key(cluster):
25 pubkey = cluster.get("age_pubkey")
26 privkey = cluster.get("age_privkey")
27 # return both public and private key
28 return pubkey, privkey
29
30
31def generate_age_key():
32 ident = x25519.Identity.generate()
33 # gets the public key
34 pubkey = ident.to_public()
35 # gets the private key
36 privkey = str(ident)
37 # return both public and private key
38 return pubkey, privkey
39
40
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]41async def create_cluster(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]42 self.logger.info(f"create_cluster Enter. Operation {op_id}. Params: {op_params}")
43 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]44
45 db_cluster = content["cluster"]
46 db_vim_account = content["vim_account"]
47
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]48 workflow_template = "launcher-create-crossplane-cluster-and-bootstrap.j2"
49 workflow_name = f"create-cluster-{db_cluster['_id']}"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]50 cluster_name = db_cluster["git_name"].lower()
51
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]52 # Get age key
53 public_key_new_cluster, private_key_new_cluster = gather_age_key(db_cluster)
54 self.logger.debug(f"public_key_new_cluster={public_key_new_cluster}")
55 self.logger.debug(f"private_key_new_cluster={private_key_new_cluster}")
56
57 # Test kubectl connection
58 self.logger.debug(self._kubectl._get_kubectl_version())
59
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]60 # Create temporal secret with agekey
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]61 secret_name = f"secret-age-{cluster_name}"
62 secret_namespace = "osm-workflows"
63 secret_key = "agekey"
64 secret_value = private_key_new_cluster
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]65 try:
66 await self.create_secret(
67 secret_name,
68 secret_namespace,
69 secret_key,
70 secret_value,
71 )
72 except Exception as e:
73 self.logger.info(f"Cannot create secret {secret_name}: {e}")
74 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]75
76 # Additional params for the workflow
77 cluster_kustomization_name = cluster_name
78 osm_project_name = "osm_admin" # TODO: get project name from content
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]79 vim_account_id = db_cluster["vim_account"]
80 providerconfig_name = f"{vim_account_id}-config"
81 vim_type = db_vim_account["vim_type"]
garciadeblasfe8449c2024-11-06 12:56:33 +0100[diff] [blame]82 if db_cluster.get("bootstrap", True):
83 skip_bootstrap = "false"
84 else:
85 skip_bootstrap = "true"
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]86 if vim_type == "azure":
87 cluster_type = "aks"
88 elif vim_type == "aws":
89 cluster_type = "eks"
90 elif vim_type == "gcp":
91 cluster_type = "gke"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]92 else:
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]93 raise Exception("Not suitable VIM account to register cluster")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]94
95 # Render workflow
96 # workflow_kwargs = {
97 # "git_fleet_url": f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
98 # "git_sw_catalogs_url": f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
99 # }
100 # manifest = self.render_jinja_template(
101 # workflow_template,
102 # output_file=None,
103 # **workflow_kwargs
104 # )
105 manifest = self.render_jinja_template(
106 workflow_template,
107 output_file=None,
108 workflow_name=workflow_name,
109 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
110 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
111 cluster_name=cluster_name,
112 cluster_type=cluster_type,
113 cluster_kustomization_name=cluster_kustomization_name,
114 providerconfig_name=providerconfig_name,
115 public_key_mgmt=self._pubkey,
116 public_key_new_cluster=public_key_new_cluster,
117 secret_name_private_key_new_cluster=secret_name,
118 vm_size=db_cluster["node_size"],
119 node_count=db_cluster["node_count"],
120 k8s_version=db_cluster["k8s_version"],
121 cluster_location=db_cluster["region_name"],
122 osm_project_name=osm_project_name,
123 rg_name=db_cluster["resource_group"],
garciadeblasfe8449c2024-11-06 12:56:33 +0100[diff] [blame]124 skip_bootstrap=skip_bootstrap,
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]125 workflow_debug=self._workflow_debug,
126 workflow_dry_run=self._workflow_dry_run,
127 )
128 self.logger.debug(f"Workflow manifest: {manifest}")
129
130 # Submit workflow
131 self._kubectl.create_generic_object(
132 namespace="osm-workflows",
133 manifest_dict=yaml.safe_load(manifest),
134 api_group="argoproj.io",
135 api_plural="workflows",
136 api_version="v1alpha1",
137 )
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]138 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]139
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]140
141async def update_cluster(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]142 self.logger.info(f"update_cluster Enter. Operation {op_id}. Params: {op_params}")
143 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]144
145 db_cluster = content["cluster"]
146 db_vim_account = content["vim_account"]
garciadeblas618c5162024-11-06 10:45:22 +0100[diff] [blame]147 cluster_name = db_cluster["git_name"].lower()
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]148
149 workflow_template = "launcher-update-crossplane-cluster.j2"
garciadeblas8058d002024-11-13 12:36:13 +0100[diff] [blame^]150 workflow_name = f"update-cluster-{op_id}"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]151 # cluster_name = db_cluster["name"].lower()
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]152
153 # Get age key
154 public_key_cluster, private_key_cluster = gather_age_key(db_cluster)
155 self.logger.debug(f"public_key_new_cluster={public_key_cluster}")
156 self.logger.debug(f"private_key_new_cluster={private_key_cluster}")
157
158 # Create secret with agekey
159 secret_name = f"secret-age-{cluster_name}"
160 secret_namespace = "osm-workflows"
161 secret_key = "agekey"
162 secret_value = private_key_cluster
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]163 try:
164 await self.create_secret(
165 secret_name,
166 secret_namespace,
167 secret_key,
168 secret_value,
169 )
170 except Exception as e:
171 self.logger.info(f"Cannot create secret {secret_name}: {e}")
172 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]173
174 # Additional params for the workflow
175 cluster_kustomization_name = cluster_name
176 osm_project_name = "osm_admin" # TODO: get project name from db_cluster
177 vim_account_id = db_cluster["vim_account"]
178 providerconfig_name = f"{vim_account_id}-config"
179 vim_type = db_vim_account["vim_type"]
garciadeblas618c5162024-11-06 10:45:22 +0100[diff] [blame]180 vm_size = op_params.get("node_size", db_cluster["node_size"])
181 node_count = op_params.get("node_count", db_cluster["node_count"])
182 k8s_version = op_params.get("k8s_version", db_cluster["k8s_version"])
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]183 if vim_type == "azure":
184 cluster_type = "aks"
185 elif vim_type == "aws":
186 cluster_type = "eks"
187 elif vim_type == "gcp":
188 cluster_type = "gke"
189 else:
190 raise Exception("Not suitable VIM account to update cluster")
191
192 # Render workflow
193 manifest = self.render_jinja_template(
194 workflow_template,
195 output_file=None,
196 workflow_name=workflow_name,
197 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
198 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
199 cluster_name=cluster_name,
200 cluster_type=cluster_type,
201 cluster_kustomization_name=cluster_kustomization_name,
202 providerconfig_name=providerconfig_name,
203 public_key_mgmt=self._pubkey,
204 public_key_new_cluster=public_key_cluster,
205 secret_name_private_key_new_cluster=secret_name,
garciadeblas618c5162024-11-06 10:45:22 +0100[diff] [blame]206 vm_size=vm_size,
207 node_count=node_count,
208 k8s_version=k8s_version,
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]209 cluster_location=db_cluster["region_name"],
210 osm_project_name=osm_project_name,
211 workflow_debug=self._workflow_debug,
212 workflow_dry_run=self._workflow_dry_run,
213 )
214 self.logger.info(manifest)
215
216 # Submit workflow
217 self._kubectl.create_generic_object(
218 namespace="osm-workflows",
219 manifest_dict=yaml.safe_load(manifest),
220 api_group="argoproj.io",
221 api_plural="workflows",
222 api_version="v1alpha1",
223 )
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]224 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]225
226
227async def delete_cluster(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]228 self.logger.info(f"delete_cluster Enter. Operation {op_id}. Params: {op_params}")
229 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]230
231 db_cluster = content["cluster"]
232
233 workflow_template = "launcher-delete-cluster.j2"
234 workflow_name = f"delete-cluster-{db_cluster['_id']}"
235 # cluster_name = db_cluster["name"].lower()
236 cluster_name = db_cluster["git_name"].lower()
237
238 # Additional params for the workflow
239 cluster_kustomization_name = cluster_name
240 osm_project_name = "osm_admin" # TODO: get project name from DB
241
242 # Render workflow
243 manifest = self.render_jinja_template(
244 workflow_template,
245 output_file=None,
246 workflow_name=workflow_name,
247 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
248 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
249 cluster_name=cluster_name,
250 cluster_kustomization_name=cluster_kustomization_name,
251 osm_project_name=osm_project_name,
252 workflow_debug=self._workflow_debug,
253 workflow_dry_run=self._workflow_dry_run,
254 )
255 self.logger.info(manifest)
256
257 # Submit workflow
258 self._kubectl.create_generic_object(
259 namespace="osm-workflows",
260 manifest_dict=yaml.safe_load(manifest),
261 api_group="argoproj.io",
262 api_plural="workflows",
263 api_version="v1alpha1",
264 )
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]265 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]266
267
268async def register_cluster(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]269 self.logger.info(f"register_cluster Enter. Operation {op_id}. Params: {op_params}")
270 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]271
272 db_cluster = content["cluster"]
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]273 cluster_name = db_cluster["git_name"].lower()
274
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]275 workflow_template = "launcher-bootstrap-cluster.j2"
276 workflow_name = f"register-cluster-{db_cluster['_id']}"
277
278 # Get age key
279 public_key_new_cluster, private_key_new_cluster = gather_age_key(db_cluster)
280 self.logger.debug(f"public_key_new_cluster={public_key_new_cluster}")
281 self.logger.debug(f"private_key_new_cluster={private_key_new_cluster}")
282
283 # Create temporal secret with agekey
284 secret_name = f"secret-age-{cluster_name}"
285 secret_namespace = "osm-workflows"
286 secret_key = "agekey"
287 secret_value = private_key_new_cluster
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]288 try:
289 await self.create_secret(
290 secret_name,
291 secret_namespace,
292 secret_key,
293 secret_value,
294 )
295 except Exception as e:
296 self.logger.info(
297 f"Cannot create secret {secret_name} in namespace {secret_namespace}: {e}"
298 )
299 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]300
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]301 # Create secret with kubeconfig
302 secret_name2 = f"kubeconfig-{cluster_name}"
303 secret_namespace2 = "managed-resources"
304 secret_key2 = "kubeconfig"
305 secret_value2 = yaml.safe_dump(
306 db_cluster["credentials"], indent=4, default_flow_style=False, sort_keys=False
307 )
308 await self.create_secret(
309 secret_name2,
310 secret_namespace2,
311 secret_key2,
312 secret_value2,
313 )
314
315 # Additional params for the workflow
316 cluster_kustomization_name = cluster_name
317 osm_project_name = "osm_admin" # TODO: get project name from content
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]318
319 manifest = self.render_jinja_template(
320 workflow_template,
321 output_file=None,
322 workflow_name=workflow_name,
323 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
324 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
325 cluster_name=cluster_name,
326 cluster_kustomization_name=cluster_kustomization_name,
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]327 public_key_mgmt=self._pubkey,
328 public_key_new_cluster=public_key_new_cluster,
329 secret_name_private_key_new_cluster=secret_name,
330 osm_project_name=osm_project_name,
331 workflow_debug=self._workflow_debug,
332 workflow_dry_run=self._workflow_dry_run,
333 )
334 self.logger.debug(f"Workflow manifest: {manifest}")
335
336 # Submit workflow
337 self._kubectl.create_generic_object(
338 namespace="osm-workflows",
339 manifest_dict=yaml.safe_load(manifest),
340 api_group="argoproj.io",
341 api_plural="workflows",
342 api_version="v1alpha1",
343 )
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]344 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]345
346
347async def deregister_cluster(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]348 self.logger.info(
349 f"deregister_cluster Enter. Operation {op_id}. Params: {op_params}"
350 )
351 # self.logger.debug(f"Content: {content}")
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]352
353 db_cluster = content["cluster"]
354 cluster_name = db_cluster["git_name"].lower()
355
356 workflow_template = "launcher-disconnect-flux-remote-cluster.j2"
357 workflow_name = f"deregister-cluster-{db_cluster['_id']}"
358
359 # Additional params for the workflow
360 cluster_kustomization_name = cluster_name
361 osm_project_name = "osm_admin" # TODO: get project name from DB
362
363 # Render workflow
364 manifest = self.render_jinja_template(
365 workflow_template,
366 output_file=None,
367 workflow_name=workflow_name,
368 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
369 cluster_kustomization_name=cluster_kustomization_name,
370 osm_project_name=osm_project_name,
371 workflow_debug=self._workflow_debug,
372 workflow_dry_run=self._workflow_dry_run,
373 )
374 self.logger.info(manifest)
375
376 # Submit workflow
377 self._kubectl.create_generic_object(
378 namespace="osm-workflows",
379 manifest_dict=yaml.safe_load(manifest),
380 api_group="argoproj.io",
381 api_plural="workflows",
382 api_version="v1alpha1",
383 )
garciadeblas869131a2024-11-08 01:11:46 +0100[diff] [blame]384 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]385
386
387async def get_cluster_credentials(self, db_cluster):
388 """
389 returns the kubeconfig file of a K8s cluster in a dictionary
390 """
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]391 self.logger.info("get_cluster_credentials Enter")
392 # self.logger.debug(f"Content: {db_cluster}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]393
394 secret_name = f"kubeconfig-{db_cluster['git_name'].lower()}"
395 secret_namespace = "managed-resources"
396 secret_key = "kubeconfig"
397
398 self.logger.info(f"Checking content of secret {secret_name} ...")
399 try:
400 returned_secret_data = await self._kubectl.get_secret_content(
401 name=secret_name,
402 namespace=secret_namespace,
403 )
404 returned_secret_value = base64.b64decode(
405 returned_secret_data[secret_key]
406 ).decode("utf-8")
407 return True, yaml.safe_load(returned_secret_value)
408 except Exception as e:
409 message = f"Not possible to get the credentials of the cluster. Exception: {e}"
410 self.logger.critical(message)
411 return False, message
412
413
garciadeblas4d26e292024-09-16 12:53:07 +0200[diff] [blame]414async def clean_items_cluster_create(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]415 self.logger.info(
416 f"clean_items_cluster_create Enter. Operation {op_id}. Params: {op_params}"
417 )
418 self.logger.debug(f"Content: {content}")
garciadeblas4d26e292024-09-16 12:53:07 +0200[diff] [blame]419 items = {
420 "secrets": [
421 {
422 "name": f"secret-age-{content['cluster']['git_name'].lower()}",
423 "namespace": "osm-workflows",
424 }
425 ]
426 }
427 try:
428 await self.clean_items(items)
429 return True, "OK"
430 except Exception as e:
431 return False, f"Error while cleaning items: {e}"
432
433
434async def clean_items_cluster_update(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]435 self.logger.info(
436 f"clean_items_cluster_update Enter. Operation {op_id}. Params: {op_params}"
437 )
438 # self.logger.debug(f"Content: {content}")
garciadeblas4d26e292024-09-16 12:53:07 +0200[diff] [blame]439 return await self.clean_items_cluster_create(op_id, op_params, content)
440
441
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]442async def clean_items_cluster_register(self, op_id, op_params, content):
garciadeblas1f71bab2024-10-22 14:04:36 +0200[diff] [blame]443 self.logger.info(
444 f"clean_items_cluster_register Enter. Operation {op_id}. Params: {op_params}"
445 )
446 # self.logger.debug(f"Content: {content}")
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]447 # Clean secrets
448 cluster_name = content["cluster"]["git_name"].lower()
449 items = {
450 "secrets": [
451 {
452 "name": f"secret-age-{cluster_name}",
453 "namespace": "osm-workflows",
454 },
455 ]
456 }
457
458 try:
459 await self.clean_items(items)
garciadeblas105ec222024-10-15 13:14:39 +0200[diff] [blame]460 return True, "OK"
garciadeblasf1458032024-09-17 13:25:06 +0200[diff] [blame]461 except Exception as e:
462 return False, f"Error while cleaning items: {e}"