Gitiles
Code Review Sign In
osm.etsi.org / osm / LCM / 91bb2c42dd04d8a72bc2acb9ec5b2e8abc3534df / . / osm_lcm / odu_libs / cluster_mgmt.py
blob: 6540b71155329bcd90175625dd90c9e7a65c7c84 [file] [log] [blame]
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]1#######################################################################################
2# Copyright ETSI Contributors and Others.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13# implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#######################################################################################
17
18
19from pyrage import x25519
20import yaml
21import base64
22
23
24def gather_age_key(cluster):
25 pubkey = cluster.get("age_pubkey")
26 privkey = cluster.get("age_privkey")
27 # return both public and private key
28 return pubkey, privkey
29
30
31def generate_age_key():
32 ident = x25519.Identity.generate()
33 # gets the public key
34 pubkey = ident.to_public()
35 # gets the private key
36 privkey = str(ident)
37 # return both public and private key
38 return pubkey, privkey
39
40
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]41async def create_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]42 self.logger.info(f"create_cluster Enter. Operation {op_id}. Params: {op_params}")
43 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]44
45 db_cluster = content["cluster"]
46 db_vim_account = content["vim_account"]
47
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]48 workflow_template = "launcher-create-crossplane-cluster-and-bootstrap.j2"
49 workflow_name = f"create-cluster-{db_cluster['_id']}"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]50 cluster_name = db_cluster["git_name"].lower()
51
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]52 # Get age key
53 public_key_new_cluster, private_key_new_cluster = gather_age_key(db_cluster)
54 self.logger.debug(f"public_key_new_cluster={public_key_new_cluster}")
55 self.logger.debug(f"private_key_new_cluster={private_key_new_cluster}")
56
57 # Test kubectl connection
58 self.logger.debug(self._kubectl._get_kubectl_version())
59
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]60 # Create temporal secret with agekey
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]61 secret_name = f"secret-age-{cluster_name}"
62 secret_namespace = "osm-workflows"
63 secret_key = "agekey"
64 secret_value = private_key_new_cluster
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]65 try:
66 await self.create_secret(
67 secret_name,
68 secret_namespace,
69 secret_key,
70 secret_value,
71 )
72 except Exception as e:
73 self.logger.info(f"Cannot create secret {secret_name}: {e}")
74 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]75
76 # Additional params for the workflow
77 cluster_kustomization_name = cluster_name
78 osm_project_name = "osm_admin" # TODO: get project name from content
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]79 vim_account_id = db_cluster["vim_account"]
80 providerconfig_name = f"{vim_account_id}-config"
81 vim_type = db_vim_account["vim_type"]
garciadeblas753b1e32024-11-06 12:56:33 +0100[diff] [blame]82 if db_cluster.get("bootstrap", True):
83 skip_bootstrap = "false"
84 else:
85 skip_bootstrap = "true"
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]86 if vim_type == "azure":
87 cluster_type = "aks"
88 elif vim_type == "aws":
89 cluster_type = "eks"
90 elif vim_type == "gcp":
91 cluster_type = "gke"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]92 else:
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]93 raise Exception("Not suitable VIM account to register cluster")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]94
95 # Render workflow
96 # workflow_kwargs = {
97 # "git_fleet_url": f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
98 # "git_sw_catalogs_url": f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
99 # }
100 # manifest = self.render_jinja_template(
101 # workflow_template,
102 # output_file=None,
103 # **workflow_kwargs
104 # )
105 manifest = self.render_jinja_template(
106 workflow_template,
107 output_file=None,
108 workflow_name=workflow_name,
109 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
110 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
111 cluster_name=cluster_name,
112 cluster_type=cluster_type,
113 cluster_kustomization_name=cluster_kustomization_name,
114 providerconfig_name=providerconfig_name,
115 public_key_mgmt=self._pubkey,
116 public_key_new_cluster=public_key_new_cluster,
117 secret_name_private_key_new_cluster=secret_name,
118 vm_size=db_cluster["node_size"],
119 node_count=db_cluster["node_count"],
120 k8s_version=db_cluster["k8s_version"],
121 cluster_location=db_cluster["region_name"],
122 osm_project_name=osm_project_name,
123 rg_name=db_cluster["resource_group"],
garciadeblas753b1e32024-11-06 12:56:33 +0100[diff] [blame]124 skip_bootstrap=skip_bootstrap,
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]125 workflow_debug=self._workflow_debug,
126 workflow_dry_run=self._workflow_dry_run,
127 )
128 self.logger.debug(f"Workflow manifest: {manifest}")
129
130 # Submit workflow
131 self._kubectl.create_generic_object(
132 namespace="osm-workflows",
133 manifest_dict=yaml.safe_load(manifest),
134 api_group="argoproj.io",
135 api_plural="workflows",
136 api_version="v1alpha1",
137 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]138 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]139
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]140
141async def update_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]142 self.logger.info(f"update_cluster Enter. Operation {op_id}. Params: {op_params}")
143 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]144
145 db_cluster = content["cluster"]
146 db_vim_account = content["vim_account"]
garciadeblas73cd5a22024-11-06 10:45:22 +0100[diff] [blame]147 cluster_name = db_cluster["git_name"].lower()
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]148
149 workflow_template = "launcher-update-crossplane-cluster.j2"
garciadeblasc8c75d42024-11-13 12:36:13 +0100[diff] [blame]150 workflow_name = f"update-cluster-{op_id}"
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]151 # cluster_name = db_cluster["name"].lower()
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]152
153 # Get age key
154 public_key_cluster, private_key_cluster = gather_age_key(db_cluster)
155 self.logger.debug(f"public_key_new_cluster={public_key_cluster}")
156 self.logger.debug(f"private_key_new_cluster={private_key_cluster}")
157
158 # Create secret with agekey
159 secret_name = f"secret-age-{cluster_name}"
160 secret_namespace = "osm-workflows"
161 secret_key = "agekey"
162 secret_value = private_key_cluster
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]163 try:
164 await self.create_secret(
165 secret_name,
166 secret_namespace,
167 secret_key,
168 secret_value,
169 )
170 except Exception as e:
171 self.logger.info(f"Cannot create secret {secret_name}: {e}")
172 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]173
174 # Additional params for the workflow
175 cluster_kustomization_name = cluster_name
176 osm_project_name = "osm_admin" # TODO: get project name from db_cluster
177 vim_account_id = db_cluster["vim_account"]
178 providerconfig_name = f"{vim_account_id}-config"
179 vim_type = db_vim_account["vim_type"]
garciadeblas73cd5a22024-11-06 10:45:22 +0100[diff] [blame]180 vm_size = op_params.get("node_size", db_cluster["node_size"])
181 node_count = op_params.get("node_count", db_cluster["node_count"])
182 k8s_version = op_params.get("k8s_version", db_cluster["k8s_version"])
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]183 if vim_type == "azure":
184 cluster_type = "aks"
185 elif vim_type == "aws":
186 cluster_type = "eks"
187 elif vim_type == "gcp":
188 cluster_type = "gke"
189 else:
190 raise Exception("Not suitable VIM account to update cluster")
191
192 # Render workflow
193 manifest = self.render_jinja_template(
194 workflow_template,
195 output_file=None,
196 workflow_name=workflow_name,
197 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
198 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
199 cluster_name=cluster_name,
200 cluster_type=cluster_type,
201 cluster_kustomization_name=cluster_kustomization_name,
202 providerconfig_name=providerconfig_name,
203 public_key_mgmt=self._pubkey,
204 public_key_new_cluster=public_key_cluster,
205 secret_name_private_key_new_cluster=secret_name,
garciadeblas73cd5a22024-11-06 10:45:22 +0100[diff] [blame]206 vm_size=vm_size,
207 node_count=node_count,
208 k8s_version=k8s_version,
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]209 cluster_location=db_cluster["region_name"],
210 osm_project_name=osm_project_name,
211 workflow_debug=self._workflow_debug,
212 workflow_dry_run=self._workflow_dry_run,
213 )
214 self.logger.info(manifest)
215
216 # Submit workflow
217 self._kubectl.create_generic_object(
218 namespace="osm-workflows",
219 manifest_dict=yaml.safe_load(manifest),
220 api_group="argoproj.io",
221 api_plural="workflows",
222 api_version="v1alpha1",
223 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]224 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]225
226
227async def delete_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]228 self.logger.info(f"delete_cluster Enter. Operation {op_id}. Params: {op_params}")
229 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]230
231 db_cluster = content["cluster"]
232
233 workflow_template = "launcher-delete-cluster.j2"
234 workflow_name = f"delete-cluster-{db_cluster['_id']}"
235 # cluster_name = db_cluster["name"].lower()
236 cluster_name = db_cluster["git_name"].lower()
237
238 # Additional params for the workflow
239 cluster_kustomization_name = cluster_name
240 osm_project_name = "osm_admin" # TODO: get project name from DB
241
242 # Render workflow
243 manifest = self.render_jinja_template(
244 workflow_template,
245 output_file=None,
246 workflow_name=workflow_name,
247 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
248 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
249 cluster_name=cluster_name,
250 cluster_kustomization_name=cluster_kustomization_name,
251 osm_project_name=osm_project_name,
252 workflow_debug=self._workflow_debug,
253 workflow_dry_run=self._workflow_dry_run,
254 )
255 self.logger.info(manifest)
256
257 # Submit workflow
258 self._kubectl.create_generic_object(
259 namespace="osm-workflows",
260 manifest_dict=yaml.safe_load(manifest),
261 api_group="argoproj.io",
262 api_plural="workflows",
263 api_version="v1alpha1",
264 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]265 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]266
267
268async def register_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]269 self.logger.info(f"register_cluster Enter. Operation {op_id}. Params: {op_params}")
270 # self.logger.debug(f"Content: {content}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]271
272 db_cluster = content["cluster"]
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]273 cluster_name = db_cluster["git_name"].lower()
274
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]275 workflow_template = "launcher-bootstrap-cluster.j2"
276 workflow_name = f"register-cluster-{db_cluster['_id']}"
277
278 # Get age key
279 public_key_new_cluster, private_key_new_cluster = gather_age_key(db_cluster)
280 self.logger.debug(f"public_key_new_cluster={public_key_new_cluster}")
281 self.logger.debug(f"private_key_new_cluster={private_key_new_cluster}")
282
283 # Create temporal secret with agekey
284 secret_name = f"secret-age-{cluster_name}"
285 secret_namespace = "osm-workflows"
286 secret_key = "agekey"
287 secret_value = private_key_new_cluster
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]288 try:
289 await self.create_secret(
290 secret_name,
291 secret_namespace,
292 secret_key,
293 secret_value,
294 )
295 except Exception as e:
296 self.logger.info(
297 f"Cannot create secret {secret_name} in namespace {secret_namespace}: {e}"
298 )
299 return False, ""
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]300
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]301 # Create secret with kubeconfig
302 secret_name2 = f"kubeconfig-{cluster_name}"
303 secret_namespace2 = "managed-resources"
304 secret_key2 = "kubeconfig"
305 secret_value2 = yaml.safe_dump(
306 db_cluster["credentials"], indent=4, default_flow_style=False, sort_keys=False
307 )
garciadeblas91bb2c42024-11-12 11:17:12 +0100[diff] [blame^]308 try:
309 await self.create_secret(
310 secret_name2,
311 secret_namespace2,
312 secret_key2,
313 secret_value2,
314 )
315 except Exception as e:
316 self.logger.info(
317 f"Cannot create secret {secret_name} in namespace {secret_namespace}: {e}"
318 )
319 return False, ""
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]320
321 # Additional params for the workflow
322 cluster_kustomization_name = cluster_name
323 osm_project_name = "osm_admin" # TODO: get project name from content
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]324
325 manifest = self.render_jinja_template(
326 workflow_template,
327 output_file=None,
328 workflow_name=workflow_name,
329 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
330 git_sw_catalogs_url=f"{self._repo_base_url}/{self._repo_user}/sw-catalogs-osm.git",
331 cluster_name=cluster_name,
332 cluster_kustomization_name=cluster_kustomization_name,
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]333 public_key_mgmt=self._pubkey,
334 public_key_new_cluster=public_key_new_cluster,
335 secret_name_private_key_new_cluster=secret_name,
336 osm_project_name=osm_project_name,
337 workflow_debug=self._workflow_debug,
338 workflow_dry_run=self._workflow_dry_run,
339 )
340 self.logger.debug(f"Workflow manifest: {manifest}")
341
342 # Submit workflow
343 self._kubectl.create_generic_object(
344 namespace="osm-workflows",
345 manifest_dict=yaml.safe_load(manifest),
346 api_group="argoproj.io",
347 api_plural="workflows",
348 api_version="v1alpha1",
349 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]350 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]351
352
353async def deregister_cluster(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]354 self.logger.info(
355 f"deregister_cluster Enter. Operation {op_id}. Params: {op_params}"
356 )
357 # self.logger.debug(f"Content: {content}")
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]358
359 db_cluster = content["cluster"]
360 cluster_name = db_cluster["git_name"].lower()
361
362 workflow_template = "launcher-disconnect-flux-remote-cluster.j2"
363 workflow_name = f"deregister-cluster-{db_cluster['_id']}"
364
365 # Additional params for the workflow
366 cluster_kustomization_name = cluster_name
367 osm_project_name = "osm_admin" # TODO: get project name from DB
368
369 # Render workflow
370 manifest = self.render_jinja_template(
371 workflow_template,
372 output_file=None,
373 workflow_name=workflow_name,
374 git_fleet_url=f"{self._repo_base_url}/{self._repo_user}/fleet-osm.git",
375 cluster_kustomization_name=cluster_kustomization_name,
376 osm_project_name=osm_project_name,
377 workflow_debug=self._workflow_debug,
378 workflow_dry_run=self._workflow_dry_run,
379 )
380 self.logger.info(manifest)
381
382 # Submit workflow
383 self._kubectl.create_generic_object(
384 namespace="osm-workflows",
385 manifest_dict=yaml.safe_load(manifest),
386 api_group="argoproj.io",
387 api_plural="workflows",
388 api_version="v1alpha1",
389 )
garciadeblasadb81e82024-11-08 01:11:46 +0100[diff] [blame]390 return True, workflow_name
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]391
392
393async def get_cluster_credentials(self, db_cluster):
394 """
395 returns the kubeconfig file of a K8s cluster in a dictionary
396 """
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]397 self.logger.info("get_cluster_credentials Enter")
398 # self.logger.debug(f"Content: {db_cluster}")
garciadeblas96b94f52024-07-08 16:18:21 +0200[diff] [blame]399
400 secret_name = f"kubeconfig-{db_cluster['git_name'].lower()}"
401 secret_namespace = "managed-resources"
402 secret_key = "kubeconfig"
403
404 self.logger.info(f"Checking content of secret {secret_name} ...")
405 try:
406 returned_secret_data = await self._kubectl.get_secret_content(
407 name=secret_name,
408 namespace=secret_namespace,
409 )
410 returned_secret_value = base64.b64decode(
411 returned_secret_data[secret_key]
412 ).decode("utf-8")
413 return True, yaml.safe_load(returned_secret_value)
414 except Exception as e:
415 message = f"Not possible to get the credentials of the cluster. Exception: {e}"
416 self.logger.critical(message)
417 return False, message
418
419
garciadeblas28bff0f2024-09-16 12:53:07 +0200[diff] [blame]420async def clean_items_cluster_create(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]421 self.logger.info(
422 f"clean_items_cluster_create Enter. Operation {op_id}. Params: {op_params}"
423 )
424 self.logger.debug(f"Content: {content}")
garciadeblas28bff0f2024-09-16 12:53:07 +0200[diff] [blame]425 items = {
426 "secrets": [
427 {
428 "name": f"secret-age-{content['cluster']['git_name'].lower()}",
429 "namespace": "osm-workflows",
430 }
431 ]
432 }
433 try:
434 await self.clean_items(items)
435 return True, "OK"
436 except Exception as e:
437 return False, f"Error while cleaning items: {e}"
438
439
440async def clean_items_cluster_update(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]441 self.logger.info(
442 f"clean_items_cluster_update Enter. Operation {op_id}. Params: {op_params}"
443 )
444 # self.logger.debug(f"Content: {content}")
garciadeblas28bff0f2024-09-16 12:53:07 +0200[diff] [blame]445 return await self.clean_items_cluster_create(op_id, op_params, content)
446
447
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]448async def clean_items_cluster_register(self, op_id, op_params, content):
garciadeblas9e532812024-10-22 14:04:36 +0200[diff] [blame]449 self.logger.info(
450 f"clean_items_cluster_register Enter. Operation {op_id}. Params: {op_params}"
451 )
452 # self.logger.debug(f"Content: {content}")
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]453 # Clean secrets
454 cluster_name = content["cluster"]["git_name"].lower()
455 items = {
456 "secrets": [
457 {
458 "name": f"secret-age-{cluster_name}",
459 "namespace": "osm-workflows",
460 },
461 ]
462 }
463
464 try:
465 await self.clean_items(items)
garciadeblas28d6e692024-10-15 13:14:39 +0200[diff] [blame]466 return True, "OK"
garciadeblasdde3a312024-09-17 13:25:06 +0200[diff] [blame]467 except Exception as e:
468 return False, f"Error while cleaning items: {e}"
garciadeblas91bb2c42024-11-12 11:17:12 +0100[diff] [blame^]469
470
471async def clean_items_cluster_deregister(self, op_id, op_params, content):
472 self.logger.info(
473 f"clean_items_cluster_deregister Enter. Operation {op_id}. Params: {op_params}"
474 )
475 # self.logger.debug(f"Content: {content}")
476 # Clean secrets
477 self.logger.info("Cleaning kubeconfig")
478 cluster_name = content["cluster"]["git_name"].lower()
479 items = {
480 "secrets": [
481 {
482 "name": f"kubeconfig-{cluster_name}",
483 "namespace": "managed-resources",
484 },
485 ]
486 }
487
488 try:
489 await self.clean_items(items)
490 return True, "OK"
491 except Exception as e:
492 return False, f"Error while cleaning items: {e}"