2 # Copyright 2021 Canonical Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
23 # pylint: disable=E0213
25 from ipaddress
import ip_network
27 from pathlib
import Path
29 from string
import Template
30 from typing
import NoReturn
, Optional
31 from urllib
.parse
import urlparse
33 from ops
.main
import main
34 from opslib
.osm
.charm
import CharmedOsmBase
, RelationsMissing
35 from opslib
.osm
.interfaces
.grafana
import GrafanaCluster
36 from opslib
.osm
.interfaces
.mysql
import MysqlClient
37 from opslib
.osm
.interfaces
.prometheus
import PrometheusClient
38 from opslib
.osm
.pod
import (
41 IngressResourceV3Builder
,
45 from opslib
.osm
.validator
import ModelValidator
, validator
48 logger
= logging
.getLogger(__name__
)
51 class ConfigModel(ModelValidator
):
57 site_url
: Optional
[str]
58 cluster_issuer
: Optional
[str]
59 ingress_class
: Optional
[str]
60 ingress_whitelist_source_range
: Optional
[str]
61 tls_secret_name
: Optional
[str]
62 image_pull_policy
: str
63 security_context
: bool
65 @validator("log_level")
66 def validate_log_level(cls
, v
):
67 allowed_values
= ("debug", "info", "warn", "error", "critical")
68 if v
not in allowed_values
:
71 f
'incorrect value. Allowed values are "{separator.join(allowed_values)}"'
75 @validator("max_file_size")
76 def validate_max_file_size(cls
, v
):
78 raise ValueError("value must be equal or greater than 0")
81 @validator("site_url")
82 def validate_site_url(cls
, v
):
85 if not parsed
.scheme
.startswith("http"):
86 raise ValueError("value must start with http")
89 @validator("ingress_whitelist_source_range")
90 def validate_ingress_whitelist_source_range(cls
, v
):
95 @validator("image_pull_policy")
96 def validate_image_pull_policy(cls
, v
):
99 "ifnotpresent": "IfNotPresent",
103 if v
not in values
.keys():
104 raise ValueError("value must be always, ifnotpresent or never")
108 class GrafanaCharm(CharmedOsmBase
):
109 """GrafanaCharm Charm."""
111 def __init__(self
, *args
) -> NoReturn
:
112 """Prometheus Charm constructor."""
113 super().__init
__(*args
, oci_image
="image", mysql_uri
=True)
114 # Initialize relation objects
115 self
.prometheus_client
= PrometheusClient(self
, "prometheus")
116 self
.grafana_cluster
= GrafanaCluster(self
, "cluster")
117 self
.mysql_client
= MysqlClient(self
, "db")
119 event_observer_mapping
= {
120 self
.on
["prometheus"].relation_changed
: self
.configure_pod
,
121 self
.on
["prometheus"].relation_broken
: self
.configure_pod
,
122 self
.on
["db"].relation_changed
: self
.configure_pod
,
123 self
.on
["db"].relation_broken
: self
.configure_pod
,
125 for event
, observer
in event_observer_mapping
.items():
126 self
.framework
.observe(event
, observer
)
128 def _build_dashboard_files(self
, config
: ConfigModel
):
129 files_builder
= FilesV3Builder()
130 files_builder
.add_file(
131 "dashboard_osm.yaml",
132 Path("templates/default_dashboards.yaml").read_text(),
134 if config
.osm_dashboards
:
135 osm_dashboards_mapping
= {
136 "kafka_exporter_dashboard.json": "templates/kafka_exporter_dashboard.json",
137 "mongodb_exporter_dashboard.json": "templates/mongodb_exporter_dashboard.json",
138 "mysql_exporter_dashboard.json": "templates/mysql_exporter_dashboard.json",
139 "nodes_exporter_dashboard.json": "templates/nodes_exporter_dashboard.json",
140 "summary_dashboard.json": "templates/summary_dashboard.json",
142 for file_name
, path
in osm_dashboards_mapping
.items():
143 files_builder
.add_file(file_name
, Path(path
).read_text())
144 return files_builder
.build()
146 def _build_datasources_files(self
):
147 files_builder
= FilesV3Builder()
148 prometheus_user
= self
.prometheus_client
.user
149 prometheus_password
= self
.prometheus_client
.password
150 enable_basic_auth
= all([prometheus_user
, prometheus_password
])
152 "prometheus_host": self
.prometheus_client
.hostname
,
153 "prometheus_port": self
.prometheus_client
.port
,
154 "enable_basic_auth": enable_basic_auth
,
158 if enable_basic_auth
:
159 kwargs
["user"] = f
"basic_auth_user: {prometheus_user}"
162 ] = f
"secure_json_data:\n basicAuthPassword: {prometheus_password}"
163 files_builder
.add_file(
164 "datasource_prometheus.yaml",
165 Template(Path("templates/default_datasources.yaml").read_text()).substitute(
169 return files_builder
.build()
171 def _check_missing_dependencies(self
, config
: ConfigModel
, external_db
: bool):
172 missing_relations
= []
174 if self
.prometheus_client
.is_missing_data_in_app():
175 missing_relations
.append("prometheus")
177 if not external_db
and self
.mysql_client
.is_missing_data_in_unit():
178 missing_relations
.append("db")
180 if missing_relations
:
181 raise RelationsMissing(missing_relations
)
183 def build_pod_spec(self
, image_info
, **kwargs
):
185 config
= ConfigModel(**dict(self
.config
))
186 mysql_config
= kwargs
["mysql_config"]
187 if mysql_config
.mysql_uri
and not self
.mysql_client
.is_missing_data_in_unit():
188 raise Exception("Mysql data cannot be provided via config and relation")
191 external_db
= True if mysql_config
.mysql_uri
else False
192 self
._check
_missing
_dependencies
(config
, external_db
)
194 # Get initial password
195 admin_initial_password
= self
.grafana_cluster
.admin_initial_password
196 if not admin_initial_password
:
197 admin_initial_password
= _generate_random_password()
198 self
.grafana_cluster
.set_initial_password(admin_initial_password
)
200 # Create Builder for the PodSpec
201 pod_spec_builder
= PodSpecV3Builder(
202 enable_security_context
=config
.security_context
205 # Add secrets to the pod
206 grafana_secret_name
= f
"{self.app.name}-admin-secret"
207 pod_spec_builder
.add_secret(
210 "admin-password": admin_initial_password
,
211 "mysql-url": mysql_config
.mysql_uri
or self
.mysql_client
.get_uri(),
216 container_builder
= ContainerV3Builder(
219 config
.image_pull_policy
,
220 run_as_non_root
=config
.security_context
,
222 container_builder
.add_port(name
=self
.app
.name
, port
=config
.port
)
223 container_builder
.add_http_readiness_probe(
226 initial_delay_seconds
=10,
231 container_builder
.add_http_liveness_probe(
234 initial_delay_seconds
=60,
236 failure_threshold
=10,
238 container_builder
.add_volume_config(
240 "/etc/grafana/provisioning/dashboards/",
241 self
._build
_dashboard
_files
(config
),
243 container_builder
.add_volume_config(
245 "/etc/grafana/provisioning/datasources/",
246 self
._build
_datasources
_files
(),
249 container_builder
.add_envs(
251 "GF_SERVER_HTTP_PORT": config
.port
,
252 "GF_LOG_LEVEL": config
.log_level
,
253 "GF_SECURITY_ADMIN_USER": config
.admin_user
,
256 container_builder
.add_secret_envs(
257 secret_name
=grafana_secret_name
,
259 "GF_SECURITY_ADMIN_PASSWORD": "admin-password",
260 "GF_DATABASE_URL": "mysql-url",
263 container
= container_builder
.build()
264 pod_spec_builder
.add_container(container
)
266 # Add Pod restart policy
267 restart_policy
= PodRestartPolicy()
268 restart_policy
.add_secrets(secret_names
=(grafana_secret_name
,))
269 pod_spec_builder
.set_restart_policy(restart_policy
)
271 # Add ingress resources to pod spec if site url exists
273 parsed
= urlparse(config
.site_url
)
275 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
276 str(config
.max_file_size
) + "m"
277 if config
.max_file_size
> 0
278 else config
.max_file_size
281 if config
.ingress_class
:
282 annotations
["kubernetes.io/ingress.class"] = config
.ingress_class
283 ingress_resource_builder
= IngressResourceV3Builder(
284 f
"{self.app.name}-ingress", annotations
287 if config
.ingress_whitelist_source_range
:
289 "nginx.ingress.kubernetes.io/whitelist-source-range"
290 ] = config
.ingress_whitelist_source_range
292 if config
.cluster_issuer
:
293 annotations
["cert-manager.io/cluster-issuer"] = config
.cluster_issuer
295 if parsed
.scheme
== "https":
296 ingress_resource_builder
.add_tls(
297 [parsed
.hostname
], config
.tls_secret_name
300 annotations
["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
302 ingress_resource_builder
.add_rule(
303 parsed
.hostname
, self
.app
.name
, config
.port
305 ingress_resource
= ingress_resource_builder
.build()
306 pod_spec_builder
.add_ingress_resource(ingress_resource
)
307 return pod_spec_builder
.build()
310 def _generate_random_password():
311 return secrets
.token_hex(16)
314 if __name__
== "__main__":