2 # Copyright 2021 Canonical Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
23 # pylint: disable=E0213
28 from typing
import NoReturn
, Optional
31 from ops
.main
import main
32 from opslib
.osm
.charm
import CharmedOsmBase
, RelationsMissing
33 from opslib
.osm
.interfaces
.kafka
import KafkaClient
34 from opslib
.osm
.interfaces
.keystone
import KeystoneClient
35 from opslib
.osm
.interfaces
.mongo
import MongoClient
36 from opslib
.osm
.interfaces
.prometheus
import PrometheusClient
37 from opslib
.osm
.pod
import (
43 from opslib
.osm
.validator
import ModelValidator
, validator
46 logger
= logging
.getLogger(__name__
)
51 def _check_certificate_data(name
: str, content
: str):
52 if not name
or not content
:
53 raise ValueError("certificate name and content must be a non-empty string")
56 def _extract_certificates(certs_config
: str):
59 cert_list
= certs_config
.split(",")
60 for cert
in cert_list
:
61 name
, content
= cert
.split(":")
62 _check_certificate_data(name
, content
)
63 certificates
[name
] = content
67 def decode(content
: str):
68 return base64
.b64decode(content
.encode("utf-8")).decode("utf-8")
71 class ConfigModel(ModelValidator
):
72 keystone_enabled
: bool
77 database_commonkey
: str
78 mongodb_uri
: Optional
[str]
80 openstack_default_granularity
: int
81 global_request_timeout
: int
82 collector_interval
: int
83 evaluator_interval
: int
87 certificates
: Optional
[str]
88 image_pull_policy
: str
90 security_context
: bool
92 @validator("log_level")
93 def validate_log_level(cls
, v
):
94 if v
not in {"INFO", "DEBUG"}:
95 raise ValueError("value must be INFO or DEBUG")
98 @validator("certificates")
99 def validate_certificates(cls
, v
):
100 # Raises an exception if it cannot extract the certificates
101 _extract_certificates(v
)
104 @validator("mongodb_uri")
105 def validate_mongodb_uri(cls
, v
):
106 if v
and not v
.startswith("mongodb://"):
107 raise ValueError("mongodb_uri is not properly formed")
110 @validator("image_pull_policy")
111 def validate_image_pull_policy(cls
, v
):
114 "ifnotpresent": "IfNotPresent",
118 if v
not in values
.keys():
119 raise ValueError("value must be always, ifnotpresent or never")
123 def certificates_dict(cls
):
124 return _extract_certificates(cls
.certificates
) if cls
.certificates
else {}
127 class MonCharm(CharmedOsmBase
):
128 def __init__(self
, *args
) -> NoReturn
:
132 debug_mode_config_key
="debug_mode",
133 debug_pubkey_config_key
="debug_pubkey",
134 vscode_workspace
=VSCODE_WORKSPACE
,
137 self
.kafka_client
= KafkaClient(self
, "kafka")
138 self
.framework
.observe(self
.on
["kafka"].relation_changed
, self
.configure_pod
)
139 self
.framework
.observe(self
.on
["kafka"].relation_broken
, self
.configure_pod
)
141 self
.mongodb_client
= MongoClient(self
, "mongodb")
142 self
.framework
.observe(self
.on
["mongodb"].relation_changed
, self
.configure_pod
)
143 self
.framework
.observe(self
.on
["mongodb"].relation_broken
, self
.configure_pod
)
145 self
.prometheus_client
= PrometheusClient(self
, "prometheus")
146 self
.framework
.observe(
147 self
.on
["prometheus"].relation_changed
, self
.configure_pod
149 self
.framework
.observe(
150 self
.on
["prometheus"].relation_broken
, self
.configure_pod
153 self
.keystone_client
= KeystoneClient(self
, "keystone")
154 self
.framework
.observe(self
.on
["keystone"].relation_changed
, self
.configure_pod
)
155 self
.framework
.observe(self
.on
["keystone"].relation_broken
, self
.configure_pod
)
157 def _check_missing_dependencies(self
, config
: ConfigModel
):
158 missing_relations
= []
160 if self
.kafka_client
.is_missing_data_in_unit():
161 missing_relations
.append("kafka")
162 if not config
.mongodb_uri
and self
.mongodb_client
.is_missing_data_in_unit():
163 missing_relations
.append("mongodb")
164 if self
.prometheus_client
.is_missing_data_in_app():
165 missing_relations
.append("prometheus")
166 if config
.keystone_enabled
:
167 if self
.keystone_client
.is_missing_data_in_app():
168 missing_relations
.append("keystone")
170 if missing_relations
:
171 raise RelationsMissing(missing_relations
)
173 def _build_cert_files(
177 cert_files_builder
= FilesV3Builder()
178 for name
, content
in config
.certificates_dict
.items():
179 cert_files_builder
.add_file(name
, decode(content
), mode
=0o600)
180 return cert_files_builder
.build()
182 def build_pod_spec(self
, image_info
):
184 config
= ConfigModel(**dict(self
.config
))
186 if config
.mongodb_uri
and not self
.mongodb_client
.is_missing_data_in_unit():
187 raise Exception("Mongodb data cannot be provided via config and relation")
190 self
._check
_missing
_dependencies
(config
)
192 security_context_enabled
= (
193 config
.security_context
if not config
.debug_mode
else False
196 # Create Builder for the PodSpec
197 pod_spec_builder
= PodSpecV3Builder(
198 enable_security_context
=security_context_enabled
201 # Add secrets to the pod
202 mongodb_secret_name
= f
"{self.app.name}-mongodb-secret"
203 pod_spec_builder
.add_secret(
206 "uri": config
.mongodb_uri
or self
.mongodb_client
.connection_string
,
207 "commonkey": config
.database_commonkey
,
210 grafana_secret_name
= f
"{self.app.name}-grafana-secret"
211 pod_spec_builder
.add_secret(
214 "url": config
.grafana_url
,
215 "user": config
.grafana_user
,
216 "password": config
.grafana_password
,
220 vca_secret_name
= f
"{self.app.name}-vca-secret"
221 pod_spec_builder
.add_secret(
224 "host": config
.vca_host
,
225 "user": config
.vca_user
,
226 "secret": config
.vca_secret
,
227 "cacert": config
.vca_cacert
,
232 container_builder
= ContainerV3Builder(
235 config
.image_pull_policy
,
236 run_as_non_root
=security_context_enabled
,
238 certs_files
= self
._build
_cert
_files
(config
)
241 container_builder
.add_volume_config("certs", "/certs", certs_files
)
243 container_builder
.add_port(name
=self
.app
.name
, port
=PORT
)
244 container_builder
.add_envs(
246 # General configuration
247 "ALLOW_ANONYMOUS_LOGIN": "yes",
248 "OSMMON_OPENSTACK_DEFAULT_GRANULARITY": config
.openstack_default_granularity
,
249 "OSMMON_GLOBAL_REQUEST_TIMEOUT": config
.global_request_timeout
,
250 "OSMMON_GLOBAL_LOGLEVEL": config
.log_level
,
251 "OSMMON_COLLECTOR_INTERVAL": config
.collector_interval
,
252 "OSMMON_EVALUATOR_INTERVAL": config
.evaluator_interval
,
253 # Kafka configuration
254 "OSMMON_MESSAGE_DRIVER": "kafka",
255 "OSMMON_MESSAGE_HOST": self
.kafka_client
.host
,
256 "OSMMON_MESSAGE_PORT": self
.kafka_client
.port
,
257 # Database configuration
258 "OSMMON_DATABASE_DRIVER": "mongo",
259 # Prometheus configuration
260 "OSMMON_PROMETHEUS_URL": f
"http://{self.prometheus_client.hostname}:{self.prometheus_client.port}",
263 container_builder
.add_secret_envs(
264 secret_name
=mongodb_secret_name
,
266 "OSMMON_DATABASE_URI": "uri",
267 "OSMMON_DATABASE_COMMONKEY": "commonkey",
270 container_builder
.add_secret_envs(
271 secret_name
=vca_secret_name
,
273 "OSMMON_VCA_HOST": "host",
274 "OSMMON_VCA_USER": "user",
275 "OSMMON_VCA_SECRET": "secret",
276 "OSMMON_VCA_CACERT": "cacert",
279 container_builder
.add_secret_envs(
280 secret_name
=grafana_secret_name
,
282 "OSMMON_GRAFANA_URL": "url",
283 "OSMMON_GRAFANA_USER": "user",
284 "OSMMON_GRAFANA_PASSWORD": "password",
287 if config
.keystone_enabled
:
288 keystone_secret_name
= f
"{self.app.name}-keystone-secret"
289 pod_spec_builder
.add_secret(
290 keystone_secret_name
,
292 "url": self
.keystone_client
.host
,
293 "user_domain": self
.keystone_client
.user_domain_name
,
294 "project_domain": self
.keystone_client
.project_domain_name
,
295 "service_username": self
.keystone_client
.username
,
296 "service_password": self
.keystone_client
.password
,
297 "service_project": self
.keystone_client
.service
,
300 container_builder
.add_env("OSMMON_KEYSTONE_ENABLED", True)
301 container_builder
.add_secret_envs(
302 secret_name
=keystone_secret_name
,
304 "OSMMON_KEYSTONE_URL": "url",
305 "OSMMON_KEYSTONE_DOMAIN_NAME": "user_domain",
306 "OSMMON_KEYSTONE_PROJECT_DOMAIN_NAME": "project_domain",
307 "OSMMON_KEYSTONE_SERVICE_USER": "service_username",
308 "OSMMON_KEYSTONE_SERVICE_PASSWORD": "service_password",
309 "OSMMON_KEYSTONE_SERVICE_PROJECT": "service_project",
312 container
= container_builder
.build()
315 restart_policy
= PodRestartPolicy()
316 restart_policy
.add_secrets()
317 pod_spec_builder
.set_restart_policy(restart_policy
)
319 # Add container to pod spec
320 pod_spec_builder
.add_container(container
)
322 return pod_spec_builder
.build()
327 {"path": "/usr/lib/python3/dist-packages/osm_mon"},
328 {"path": "/usr/lib/python3/dist-packages/osm_common"},
329 {"path": "/usr/lib/python3/dist-packages/n2vc"},
336 "name": "MON Server",
339 "module": "osm_mon.cmd.mon_server",
343 "name": "MON evaluator",
346 "module": "osm_mon.cmd.mon_evaluator",
350 "name": "MON collector",
353 "module": "osm_mon.cmd.mon_collector",
357 "name": "MON dashboarder",
360 "module": "osm_mon.cmd.mon_dashboarder",
366 if __name__
== "__main__":