Make tcpsocket readiness and liveness configurable
[osm/devops.git] / installers / charm / mon / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 import base64
27 import logging
28 from typing import NoReturn, Optional
29
30
31 from charms.kafka_k8s.v0.kafka import KafkaEvents, KafkaRequires
32 from ops.main import main
33 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
34 from opslib.osm.interfaces.keystone import KeystoneClient
35 from opslib.osm.interfaces.mongo import MongoClient
36 from opslib.osm.interfaces.prometheus import PrometheusClient
37 from opslib.osm.pod import (
38 ContainerV3Builder,
39 FilesV3Builder,
40 PodRestartPolicy,
41 PodSpecV3Builder,
42 )
43 from opslib.osm.validator import ModelValidator, validator
44
45
46 logger = logging.getLogger(__name__)
47
48 PORT = 8000
49
50
51 def _check_certificate_data(name: str, content: str):
52 if not name or not content:
53 raise ValueError("certificate name and content must be a non-empty string")
54
55
56 def _extract_certificates(certs_config: str):
57 certificates = {}
58 if certs_config:
59 cert_list = certs_config.split(",")
60 for cert in cert_list:
61 name, content = cert.split(":")
62 _check_certificate_data(name, content)
63 certificates[name] = content
64 return certificates
65
66
67 def decode(content: str):
68 return base64.b64decode(content.encode("utf-8")).decode("utf-8")
69
70
71 class ConfigModel(ModelValidator):
72 keystone_enabled: bool
73 vca_host: str
74 vca_user: str
75 vca_secret: str
76 vca_cacert: str
77 database_commonkey: str
78 mongodb_uri: Optional[str]
79 log_level: str
80 openstack_default_granularity: int
81 global_request_timeout: int
82 collector_interval: int
83 evaluator_interval: int
84 grafana_url: str
85 grafana_user: str
86 grafana_password: str
87 certificates: Optional[str]
88 image_pull_policy: str
89 debug_mode: bool
90 security_context: bool
91
92 @validator("log_level")
93 def validate_log_level(cls, v):
94 if v not in {"INFO", "DEBUG"}:
95 raise ValueError("value must be INFO or DEBUG")
96 return v
97
98 @validator("certificates")
99 def validate_certificates(cls, v):
100 # Raises an exception if it cannot extract the certificates
101 _extract_certificates(v)
102 return v
103
104 @validator("mongodb_uri")
105 def validate_mongodb_uri(cls, v):
106 if v and not v.startswith("mongodb://"):
107 raise ValueError("mongodb_uri is not properly formed")
108 return v
109
110 @validator("image_pull_policy")
111 def validate_image_pull_policy(cls, v):
112 values = {
113 "always": "Always",
114 "ifnotpresent": "IfNotPresent",
115 "never": "Never",
116 }
117 v = v.lower()
118 if v not in values.keys():
119 raise ValueError("value must be always, ifnotpresent or never")
120 return values[v]
121
122 @property
123 def certificates_dict(cls):
124 return _extract_certificates(cls.certificates) if cls.certificates else {}
125
126
127 class MonCharm(CharmedOsmBase):
128 on = KafkaEvents()
129
130 def __init__(self, *args) -> NoReturn:
131 super().__init__(
132 *args,
133 oci_image="image",
134 vscode_workspace=VSCODE_WORKSPACE,
135 )
136 if self.config.get("debug_mode"):
137 self.enable_debug_mode(
138 pubkey=self.config.get("debug_pubkey"),
139 hostpaths={
140 "MON": {
141 "hostpath": self.config.get("debug_mon_local_path"),
142 "container-path": "/usr/lib/python3/dist-packages/osm_mon",
143 },
144 "N2VC": {
145 "hostpath": self.config.get("debug_n2vc_local_path"),
146 "container-path": "/usr/lib/python3/dist-packages/n2vc",
147 },
148 "osm_common": {
149 "hostpath": self.config.get("debug_common_local_path"),
150 "container-path": "/usr/lib/python3/dist-packages/osm_common",
151 },
152 },
153 )
154 self.kafka = KafkaRequires(self)
155 self.framework.observe(self.on.kafka_available, self.configure_pod)
156 self.framework.observe(self.on.kafka_broken, self.configure_pod)
157
158 self.mongodb_client = MongoClient(self, "mongodb")
159 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
160 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
161
162 self.prometheus_client = PrometheusClient(self, "prometheus")
163 self.framework.observe(
164 self.on["prometheus"].relation_changed, self.configure_pod
165 )
166 self.framework.observe(
167 self.on["prometheus"].relation_broken, self.configure_pod
168 )
169
170 self.keystone_client = KeystoneClient(self, "keystone")
171 self.framework.observe(self.on["keystone"].relation_changed, self.configure_pod)
172 self.framework.observe(self.on["keystone"].relation_broken, self.configure_pod)
173
174 def _check_missing_dependencies(self, config: ConfigModel):
175 missing_relations = []
176
177 if not self.kafka.host or not self.kafka.port:
178 missing_relations.append("kafka")
179 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
180 missing_relations.append("mongodb")
181 if self.prometheus_client.is_missing_data_in_app():
182 missing_relations.append("prometheus")
183 if config.keystone_enabled:
184 if self.keystone_client.is_missing_data_in_app():
185 missing_relations.append("keystone")
186
187 if missing_relations:
188 raise RelationsMissing(missing_relations)
189
190 def _build_cert_files(
191 self,
192 config: ConfigModel,
193 ):
194 cert_files_builder = FilesV3Builder()
195 for name, content in config.certificates_dict.items():
196 cert_files_builder.add_file(name, decode(content), mode=0o600)
197 return cert_files_builder.build()
198
199 def build_pod_spec(self, image_info):
200 # Validate config
201 config = ConfigModel(**dict(self.config))
202
203 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
204 raise Exception("Mongodb data cannot be provided via config and relation")
205
206 # Check relations
207 self._check_missing_dependencies(config)
208
209 security_context_enabled = (
210 config.security_context if not config.debug_mode else False
211 )
212
213 # Create Builder for the PodSpec
214 pod_spec_builder = PodSpecV3Builder(
215 enable_security_context=security_context_enabled
216 )
217
218 # Add secrets to the pod
219 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
220 pod_spec_builder.add_secret(
221 mongodb_secret_name,
222 {
223 "uri": config.mongodb_uri or self.mongodb_client.connection_string,
224 "commonkey": config.database_commonkey,
225 },
226 )
227 grafana_secret_name = f"{self.app.name}-grafana-secret"
228 pod_spec_builder.add_secret(
229 grafana_secret_name,
230 {
231 "url": config.grafana_url,
232 "user": config.grafana_user,
233 "password": config.grafana_password,
234 },
235 )
236
237 vca_secret_name = f"{self.app.name}-vca-secret"
238 pod_spec_builder.add_secret(
239 vca_secret_name,
240 {
241 "host": config.vca_host,
242 "user": config.vca_user,
243 "secret": config.vca_secret,
244 "cacert": config.vca_cacert,
245 },
246 )
247
248 # Build Container
249 container_builder = ContainerV3Builder(
250 self.app.name,
251 image_info,
252 config.image_pull_policy,
253 run_as_non_root=security_context_enabled,
254 )
255 certs_files = self._build_cert_files(config)
256
257 if certs_files:
258 container_builder.add_volume_config("certs", "/certs", certs_files)
259
260 container_builder.add_port(name=self.app.name, port=PORT)
261 container_builder.add_envs(
262 {
263 # General configuration
264 "ALLOW_ANONYMOUS_LOGIN": "yes",
265 "OSMMON_OPENSTACK_DEFAULT_GRANULARITY": config.openstack_default_granularity,
266 "OSMMON_GLOBAL_REQUEST_TIMEOUT": config.global_request_timeout,
267 "OSMMON_GLOBAL_LOGLEVEL": config.log_level,
268 "OSMMON_COLLECTOR_INTERVAL": config.collector_interval,
269 "OSMMON_EVALUATOR_INTERVAL": config.evaluator_interval,
270 # Kafka configuration
271 "OSMMON_MESSAGE_DRIVER": "kafka",
272 "OSMMON_MESSAGE_HOST": self.kafka.host,
273 "OSMMON_MESSAGE_PORT": self.kafka.port,
274 # Database configuration
275 "OSMMON_DATABASE_DRIVER": "mongo",
276 # Prometheus configuration
277 "OSMMON_PROMETHEUS_URL": f"http://{self.prometheus_client.hostname}:{self.prometheus_client.port}",
278 }
279 )
280 prometheus_user = self.prometheus_client.user
281 prometheus_password = self.prometheus_client.password
282 if prometheus_user and prometheus_password:
283 container_builder.add_envs(
284 {
285 "OSMMON_PROMETHEUS_USER": prometheus_user,
286 "OSMMON_PROMETHEUS_PASSWORD": prometheus_password,
287 }
288 )
289 container_builder.add_secret_envs(
290 secret_name=mongodb_secret_name,
291 envs={
292 "OSMMON_DATABASE_URI": "uri",
293 "OSMMON_DATABASE_COMMONKEY": "commonkey",
294 },
295 )
296 container_builder.add_secret_envs(
297 secret_name=vca_secret_name,
298 envs={
299 "OSMMON_VCA_HOST": "host",
300 "OSMMON_VCA_USER": "user",
301 "OSMMON_VCA_SECRET": "secret",
302 "OSMMON_VCA_CACERT": "cacert",
303 },
304 )
305 container_builder.add_secret_envs(
306 secret_name=grafana_secret_name,
307 envs={
308 "OSMMON_GRAFANA_URL": "url",
309 "OSMMON_GRAFANA_USER": "user",
310 "OSMMON_GRAFANA_PASSWORD": "password",
311 },
312 )
313 if config.keystone_enabled:
314 keystone_secret_name = f"{self.app.name}-keystone-secret"
315 pod_spec_builder.add_secret(
316 keystone_secret_name,
317 {
318 "url": self.keystone_client.host,
319 "user_domain": self.keystone_client.user_domain_name,
320 "project_domain": self.keystone_client.project_domain_name,
321 "service_username": self.keystone_client.username,
322 "service_password": self.keystone_client.password,
323 "service_project": self.keystone_client.service,
324 },
325 )
326 container_builder.add_env("OSMMON_KEYSTONE_ENABLED", True)
327 container_builder.add_secret_envs(
328 secret_name=keystone_secret_name,
329 envs={
330 "OSMMON_KEYSTONE_URL": "url",
331 "OSMMON_KEYSTONE_DOMAIN_NAME": "user_domain",
332 "OSMMON_KEYSTONE_PROJECT_DOMAIN_NAME": "project_domain",
333 "OSMMON_KEYSTONE_SERVICE_USER": "service_username",
334 "OSMMON_KEYSTONE_SERVICE_PASSWORD": "service_password",
335 "OSMMON_KEYSTONE_SERVICE_PROJECT": "service_project",
336 },
337 )
338 container = container_builder.build()
339
340 # Add restart policy
341 restart_policy = PodRestartPolicy()
342 restart_policy.add_secrets()
343 pod_spec_builder.set_restart_policy(restart_policy)
344
345 # Add container to pod spec
346 pod_spec_builder.add_container(container)
347
348 return pod_spec_builder.build()
349
350
351 VSCODE_WORKSPACE = {
352 "folders": [
353 {"path": "/usr/lib/python3/dist-packages/osm_mon"},
354 {"path": "/usr/lib/python3/dist-packages/osm_common"},
355 {"path": "/usr/lib/python3/dist-packages/n2vc"},
356 ],
357 "settings": {},
358 "launch": {
359 "version": "0.2.0",
360 "configurations": [
361 {
362 "name": "MON Server",
363 "type": "python",
364 "request": "launch",
365 "module": "osm_mon.cmd.mon_server",
366 "justMyCode": False,
367 },
368 {
369 "name": "MON evaluator",
370 "type": "python",
371 "request": "launch",
372 "module": "osm_mon.cmd.mon_evaluator",
373 "justMyCode": False,
374 },
375 {
376 "name": "MON collector",
377 "type": "python",
378 "request": "launch",
379 "module": "osm_mon.cmd.mon_collector",
380 "justMyCode": False,
381 },
382 {
383 "name": "MON dashboarder",
384 "type": "python",
385 "request": "launch",
386 "module": "osm_mon.cmd.mon_dashboarder",
387 "justMyCode": False,
388 },
389 ],
390 },
391 }
392 if __name__ == "__main__":
393 main(MonCharm)