#!/usr/bin/env python3
# Copyright 2020 Canonical Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import sys
import logging
import base64
sys.path.append("lib")
from ops.charm import CharmBase
from ops.framework import StoredState, Object
from ops.main import main
from ops.model import (
ActiveStatus,
MaintenanceStatus,
BlockedStatus,
ModelError,
WaitingStatus,
)
from glob import glob
from pathlib import Path
from string import Template
logger = logging.getLogger(__name__)
class NGUICharm(CharmBase):
state = StoredState()
def __init__(self, framework, key):
super().__init__(framework, key)
self.state.set_default(spec=None)
self.state.set_default(nbi_host=None)
self.state.set_default(nbi_port=None)
# Observe Charm related events
self.framework.observe(self.on.config_changed, self.on_config_changed)
self.framework.observe(self.on.start, self.on_start)
self.framework.observe(self.on.upgrade_charm, self.on_upgrade_charm)
self.framework.observe(
self.on.nbi_relation_changed, self.on_nbi_relation_changed
)
# SSL Certificate path
self.ssl_folder = "/certs"
self.ssl_crt_name = "ssl_certificate.crt"
self.ssl_key_name = "ssl_certificate.key"
def _apply_spec(self):
# Only apply the spec if this unit is a leader.
unit = self.model.unit
if not unit.is_leader():
unit.status = ActiveStatus("ready")
return
if not self.state.nbi_host or not self.state.nbi_port:
unit.status = WaitingStatus("Waiting for NBI")
return
unit.status = MaintenanceStatus("Applying new pod spec")
new_spec = self.make_pod_spec()
if new_spec == self.state.spec:
unit.status = ActiveStatus("ready")
return
self.framework.model.pod.set_spec(new_spec)
self.state.spec = new_spec
unit.status = ActiveStatus("ready")
def make_pod_spec(self):
config = self.framework.model.config
config_spec = {
"http_port": config["port"],
"https_port": config["https_port"],
"server_name": config["server_name"],
"client_max_body_size": config["client_max_body_size"],
"nbi_host": self.state.nbi_host or config["nbi_host"],
"nbi_port": self.state.nbi_port or config["nbi_port"],
"ssl_crt": "",
"ssl_crt_key": "",
}
ssl_certificate = None
ssl_certificate_key = None
ssl_enabled = False
if "ssl_certificate" in config and "ssl_certificate_key" in config:
# Get bytes of cert and key
cert_b = base64.b64decode(config["ssl_certificate"])
key_b = base64.b64decode(config["ssl_certificate_key"])
# Decode key and cert
ssl_certificate = cert_b.decode("utf-8")
ssl_certificate_key = key_b.decode("utf-8")
# Get paths
cert_path = "{}/{}".format(self.ssl_folder, self.ssl_crt_name)
key_path = "{}/{}".format(self.ssl_folder, self.ssl_key_name)
config_spec["port"] = "{} ssl".format(config["https_port"])
config_spec["ssl_crt"] = "ssl_certificate {};".format(cert_path)
config_spec["ssl_crt_key"] = "ssl_certificate_key {};".format(key_path)
ssl_enabled = True
else:
config_spec["ssl_crt"] = ""
config_spec["ssl_crt_key"] = ""
files = [
{
"name": "configuration",
"mountPath": "/etc/nginx/sites-available/",
"files": {
Path(filename)
.name: Template(Path(filename).read_text())
.substitute(config_spec)
for filename in glob("files/*")
},
}
]
port = config["https_port"] if ssl_enabled else config["port"]
ports = [
{"name": "port", "containerPort": port, "protocol": "TCP", },
]
kubernetes = {
"readinessProbe": {
"tcpSocket": {"port": port},
"timeoutSeconds": 5,
"periodSeconds": 5,
"initialDelaySeconds": 10,
},
"livenessProbe": {
"tcpSocket": {"port": port},
"timeoutSeconds": 5,
"initialDelaySeconds": 45,
},
}
if ssl_certificate and ssl_certificate_key:
files.append(
{
"name": "ssl",
"mountPath": self.ssl_folder,
"files": {
self.ssl_crt_name: ssl_certificate,
self.ssl_key_name: ssl_certificate_key,
},
}
)
logger.debug(files)
spec = {
"version": 2,
"containers": [
{
"name": self.framework.model.app.name,
"image": "{}".format(config["image"]),
"ports": ports,
"kubernetes": kubernetes,
"files": files,
}
],
}
return spec
def on_config_changed(self, event):
"""Handle changes in configuration"""
self._apply_spec()
def on_start(self, event):
"""Called when the charm is being installed"""
self._apply_spec()
def on_upgrade_charm(self, event):
"""Upgrade the charm."""
unit = self.model.unit
unit.status = MaintenanceStatus("Upgrading charm")
self.on_start(event)
def on_nbi_relation_changed(self, event):
unit = self.model.unit
if not unit.is_leader():
return
self.state.nbi_host = event.relation.data[event.unit].get("host")
self.state.nbi_port = event.relation.data[event.unit].get("port")
self._apply_spec()
if __name__ == "__main__":
main(NGUICharm)