Blame - installers/charm/keystone/src/charm.py - osm/devops

blob: 8a5942af8282f1243d9ca2a589e5ea5b97e75b2e [file] [log] [blame]

David Garcia	009a5d6	2020-08-27 16:53:44 +0200	[diff] [blame]	1	#!/usr/bin/env python3
				2	# Copyright 2020 Canonical Ltd.
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15
				16	import logging
				17
				18	from urllib.parse import urlparse
				19
				20	from ops.charm import CharmBase
				21
				22	# from ops.framework import StoredState
				23	from ops.main import main
				24	from ops.model import (
				25	ActiveStatus,
				26	BlockedStatus,
				27	# MaintenanceStatus,
				28	WaitingStatus,
				29	# ModelError,
				30	)
				31	from ops.framework import StoredState
				32
				33	logger = logging.getLogger(__name__)
				34
				35	REQUIRED_SETTINGS = []
				36
				37	DATABASE_NAME = "keystone" # This is hardcoded in the keystone container script
				38	# We expect the keystone container to use the default port
				39	KEYSTONE_PORT = 5000
				40
				41
				42	class KeystoneCharm(CharmBase):
				43
				44	state = StoredState()
				45
				46	def __init__(self, *args):
				47	super().__init__(*args)
				48
				49	# Register all of the events we want to observe
				50	self.framework.observe(self.on.config_changed, self.configure_pod)
				51	self.framework.observe(self.on.start, self.configure_pod)
				52	self.framework.observe(self.on.upgrade_charm, self.configure_pod)
				53
				54	# Register relation events
				55	self.state.set_default(
				56	db_host=None, db_port=None, db_user=None, db_password=None
				57	)
				58	self.framework.observe(
				59	self.on.db_relation_changed, self._on_db_relation_changed
				60	)
				61	self.framework.observe(
				62	self.on.keystone_relation_joined, self._publish_keystone_info
				63	)
				64
				65	def _publish_keystone_info(self, event):
				66	config = self.model.config
				67	if self.unit.is_leader():
				68	rel_data = {
				69	"host": f"http://{self.app.name}:{KEYSTONE_PORT}/v3",
				70	"port": str(KEYSTONE_PORT),
				71	"keystone_db_password": config["keystone_db_password"],
				72	"region_id": config["region_id"],
				73	"user_domain_name": config["user_domain_name"],
				74	"project_domain_name": config["project_domain_name"],
				75	"admin_username": config["admin_username"],
				76	"admin_password": config["admin_password"],
				77	"admin_project_name": config["admin_project"],
				78	"username": config["service_username"],
				79	"password": config["service_password"],
				80	"service": config["service_project"],
				81	}
				82	for k, v in rel_data.items():
				83	event.relation.data[self.model.unit][k] = v
				84
				85	def _on_db_relation_changed(self, event):
				86	self.state.db_host = event.relation.data[event.unit].get("host")
				87	self.state.db_port = event.relation.data[event.unit].get("port", 3306)
				88	self.state.db_user = "root" # event.relation.data[event.unit].get("user")
				89	self.state.db_password = event.relation.data[event.unit].get("root_password")
				90	if self.state.db_host:
				91	self.configure_pod(event)
				92
				93	def _check_settings(self):
				94	problems = []
				95	config = self.model.config
				96
				97	for setting in REQUIRED_SETTINGS:
				98	if not config.get(setting):
				99	problem = f"missing config {setting}"
				100	problems.append(problem)
				101
				102	return ";".join(problems)
				103
				104	def _make_pod_image_details(self):
				105	config = self.model.config
				106	image_details = {
				107	"imagePath": config["image"],
				108	}
				109	if config["image_username"]:
				110	image_details.update(
				111	{
				112	"username": config["image_username"],
				113	"password": config["image_password"],
				114	}
				115	)
				116	return image_details
				117
				118	def _make_pod_ports(self):
				119	return [
				120	{"name": "keystone", "containerPort": KEYSTONE_PORT, "protocol": "TCP"},
				121	]
				122
				123	def _make_pod_envconfig(self):
				124	config = self.model.config
				125
sousaedu	126a443	2020-09-23 13:28:25 +0100	[diff] [blame]	126	envconfig = {
David Garcia	009a5d6	2020-08-27 16:53:44 +0200	[diff] [blame]	127	"DB_HOST": self.state.db_host,
				128	"DB_PORT": self.state.db_port,
				129	"ROOT_DB_USER": self.state.db_user,
				130	"ROOT_DB_PASSWORD": self.state.db_password,
				131	"KEYSTONE_DB_PASSWORD": config["keystone_db_password"],
				132	"REGION_ID": config["region_id"],
				133	"KEYSTONE_HOST": self.app.name,
				134	"ADMIN_USERNAME": config["admin_username"],
				135	"ADMIN_PASSWORD": config["admin_password"],
				136	"ADMIN_PROJECT": config["admin_project"],
				137	"SERVICE_USERNAME": config["service_username"],
				138	"SERVICE_PASSWORD": config["service_password"],
				139	"SERVICE_PROJECT": config["service_project"],
				140	}
				141
sousaedu	126a443	2020-09-23 13:28:25 +0100	[diff] [blame]	142	if config.get("ldap_enabled"):
				143	envconfig["LDAP_AUTHENTICATION_DOMAIN_NAME"] = config[
				144	"ldap_authentication_domain_name"
				145	]
				146	envconfig["LDAP_URL"] = config["ldap_url"]
				147	envconfig["LDAP_USER_OBJECTCLASS"] = config["ldap_user_objectclass"]
				148	envconfig["LDAP_USER_ID_ATTRIBUTE"] = config["ldap_user_id_attribute"]
				149	envconfig["LDAP_USER_NAME_ATTRIBUTE"] = config["ldap_user_name_attribute"]
				150	envconfig["LDAP_USER_PASS_ATTRIBUTE"] = config["ldap_user_pass_attribute"]
				151	envconfig["LDAP_USER_ENABLED_MASK"] = config["ldap_user_enabled_mask"]
				152	envconfig["LDAP_USER_ENABLED_DEFAULT"] = config["ldap_user_enabled_default"]
				153	envconfig["LDAP_USER_ENABLED_INVERT"] = config["ldap_user_enabled_invert"]
				154
				155	if config["ldap_bind_user"]:
				156	envconfig["LDAP_BIND_USER"] = config["ldap_bind_user"]
				157
				158	if config["ldap_bind_password"]:
				159	envconfig["LDAP_BIND_PASSWORD"] = config["ldap_bind_password"]
				160
				161	if config["ldap_user_tree_dn"]:
				162	envconfig["LDAP_USER_TREE_DN"] = config["ldap_user_tree_dn"]
				163
				164	if config["ldap_user_filter"]:
				165	envconfig["LDAP_USER_FILTER"] = config["ldap_user_filter"]
				166
				167	if config["ldap_user_enabled_attribute"]:
				168	envconfig["LDAP_USER_ENABLED_ATTRIBUTE"] = config[
				169	"ldap_user_enabled_attribute"
				170	]
				171
				172	if config["ldap_use_starttls"]:
				173	envconfig["LDAP_USE_STARTTLS"] = config["ldap_use_starttls"]
				174	envconfig["LDAP_TLS_CACERT_BASE64"] = config["ldap_tls_cacert_base64"]
				175	envconfig["LDAP_TLS_REQ_CERT"] = config["ldap_tls_req_cert"]
				176
				177	return envconfig
				178
David Garcia	009a5d6	2020-08-27 16:53:44 +0200	[diff] [blame]	179	def _make_pod_ingress_resources(self):
				180	site_url = self.model.config["site_url"]
				181
				182	if not site_url:
				183	return
				184
				185	parsed = urlparse(site_url)
				186
				187	if not parsed.scheme.startswith("http"):
				188	return
				189
				190	max_file_size = self.model.config["max_file_size"]
				191	ingress_whitelist_source_range = self.model.config[
				192	"ingress_whitelist_source_range"
				193	]
				194
				195	annotations = {
				196	"nginx.ingress.kubernetes.io/proxy-body-size": "{}m".format(max_file_size)
				197	}
				198
				199	if ingress_whitelist_source_range:
				200	annotations[
				201	"nginx.ingress.kubernetes.io/whitelist-source-range"
				202	] = ingress_whitelist_source_range
				203
				204	ingress_spec_tls = None
				205
				206	if parsed.scheme == "https":
				207	ingress_spec_tls = [{"hosts": [parsed.hostname]}]
				208	tls_secret_name = self.model.config["tls_secret_name"]
				209	if tls_secret_name:
				210	ingress_spec_tls[0]["secretName"] = tls_secret_name
				211	else:
				212	annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
				213
				214	ingress = {
				215	"name": "{}-ingress".format(self.app.name),
				216	"annotations": annotations,
				217	"spec": {
				218	"rules": [
				219	{
				220	"host": parsed.hostname,
				221	"http": {
				222	"paths": [
				223	{
				224	"path": "/",
				225	"backend": {
				226	"serviceName": self.app.name,
				227	"servicePort": KEYSTONE_PORT,
				228	},
				229	}
				230	]
				231	},
				232	}
				233	],
				234	},
				235	}
				236	if ingress_spec_tls:
				237	ingress["spec"]["tls"] = ingress_spec_tls
				238
				239	return [ingress]
				240
				241	def configure_pod(self, event):
				242	"""Assemble the pod spec and apply it, if possible."""
				243
				244	if not self.state.db_host:
				245	self.unit.status = WaitingStatus("Waiting for database relation")
				246	event.defer()
				247	return
				248
				249	if not self.unit.is_leader():
				250	self.unit.status = ActiveStatus()
				251	return
				252
				253	# Check problems in the settings
				254	problems = self._check_settings()
				255	if problems:
				256	self.unit.status = BlockedStatus(problems)
				257	return
				258
				259	self.unit.status = BlockedStatus("Assembling pod spec")
				260	image_details = self._make_pod_image_details()
				261	ports = self._make_pod_ports()
				262	env_config = self._make_pod_envconfig()
				263	ingress_resources = self._make_pod_ingress_resources()
				264
				265	pod_spec = {
				266	"version": 3,
				267	"containers": [
				268	{
				269	"name": self.framework.model.app.name,
				270	"imageDetails": image_details,
				271	"ports": ports,
				272	"envConfig": env_config,
				273	}
				274	],
				275	"kubernetesResources": {"ingressResources": ingress_resources or []},
				276	}
				277	self.model.pod.set_spec(pod_spec)
				278	self.unit.status = ActiveStatus()
				279
				280
				281	if __name__ == "__main__":
				282	main(KeystoneCharm)