projects / osm / devops.git / blob
? search:


9ad49ada7f74efaf05a0b3b64b3db6c252478d23
[osm/devops.git] / installers / charm / mon / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 import base64
27 import logging
28 from typing import NoReturn, Optional
29
30
31 from charms.kafka_k8s.v0.kafka import KafkaEvents, KafkaRequires
32 from ops.main import main
33 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
34 from opslib.osm.interfaces.keystone import KeystoneClient
35 from opslib.osm.interfaces.mongo import MongoClient
36 from opslib.osm.interfaces.prometheus import PrometheusClient
37 from opslib.osm.pod import (
38 ContainerV3Builder,
39 FilesV3Builder,
40 PodRestartPolicy,
41 PodSpecV3Builder,
42 )
43 from opslib.osm.validator import ModelValidator, validator
44
45
46 logger = logging.getLogger(__name__)
47
48 PORT = 8000
49
50
51 def _check_certificate_data(name: str, content: str):
52 if not name or not content:
53 raise ValueError("certificate name and content must be a non-empty string")
54
55
56 def _extract_certificates(certs_config: str):
57 certificates = {}
58 if certs_config:
59 cert_list = certs_config.split(",")
60 for cert in cert_list:
61 name, content = cert.split(":")
62 _check_certificate_data(name, content)
63 certificates[name] = content
64 return certificates
65
66
67 def decode(content: str):
68 return base64.b64decode(content.encode("utf-8")).decode("utf-8")
69
70
71 class ConfigModel(ModelValidator):
72 keystone_enabled: bool
73 vca_host: str
74 vca_user: str
75 vca_secret: str
76 vca_cacert: str
77 database_commonkey: str
78 mongodb_uri: Optional[str]
79 log_level: str
80 openstack_default_granularity: int
81 global_request_timeout: int
82 collector_interval: int
83 vm_infra_metrics: bool
84 evaluator_interval: int
85 grafana_url: str
86 grafana_user: str
87 grafana_password: str
88 certificates: Optional[str]
89 image_pull_policy: str
90 debug_mode: bool
91 security_context: bool
92
93 @validator("log_level")
94 def validate_log_level(cls, v):
95 if v not in {"INFO", "DEBUG"}:
96 raise ValueError("value must be INFO or DEBUG")
97 return v
98
99 @validator("certificates")
100 def validate_certificates(cls, v):
101 # Raises an exception if it cannot extract the certificates
102 _extract_certificates(v)
103 return v
104
105 @validator("mongodb_uri")
106 def validate_mongodb_uri(cls, v):
107 if v and not v.startswith("mongodb://"):
108 raise ValueError("mongodb_uri is not properly formed")
109 return v
110
111 @validator("image_pull_policy")
112 def validate_image_pull_policy(cls, v):
113 values = {
114 "always": "Always",
115 "ifnotpresent": "IfNotPresent",
116 "never": "Never",
117 }
118 v = v.lower()
119 if v not in values.keys():
120 raise ValueError("value must be always, ifnotpresent or never")
121 return values[v]
122
123 @property
124 def certificates_dict(cls):
125 return _extract_certificates(cls.certificates) if cls.certificates else {}
126
127
128 class MonCharm(CharmedOsmBase):
129 on = KafkaEvents()
130
131 def __init__(self, *args) -> NoReturn:
132 super().__init__(
133 *args,
134 oci_image="image",
135 vscode_workspace=VSCODE_WORKSPACE,
136 )
137 if self.config.get("debug_mode"):
138 self.enable_debug_mode(
139 pubkey=self.config.get("debug_pubkey"),
140 hostpaths={
141 "MON": {
142 "hostpath": self.config.get("debug_mon_local_path"),
143 "container-path": "/usr/lib/python3/dist-packages/osm_mon",
144 },
145 "N2VC": {
146 "hostpath": self.config.get("debug_n2vc_local_path"),
147 "container-path": "/usr/lib/python3/dist-packages/n2vc",
148 },
149 "osm_common": {
150 "hostpath": self.config.get("debug_common_local_path"),
151 "container-path": "/usr/lib/python3/dist-packages/osm_common",
152 },
153 },
154 )
155 self.kafka = KafkaRequires(self)
156 self.framework.observe(self.on.kafka_available, self.configure_pod)
157 self.framework.observe(self.on.kafka_broken, self.configure_pod)
158
159 self.mongodb_client = MongoClient(self, "mongodb")
160 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
161 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
162
163 self.prometheus_client = PrometheusClient(self, "prometheus")
164 self.framework.observe(
165 self.on["prometheus"].relation_changed, self.configure_pod
166 )
167 self.framework.observe(
168 self.on["prometheus"].relation_broken, self.configure_pod
169 )
170
171 self.keystone_client = KeystoneClient(self, "keystone")
172 self.framework.observe(self.on["keystone"].relation_changed, self.configure_pod)
173 self.framework.observe(self.on["keystone"].relation_broken, self.configure_pod)
174
175 def _check_missing_dependencies(self, config: ConfigModel):
176 missing_relations = []
177
178 if not self.kafka.host or not self.kafka.port:
179 missing_relations.append("kafka")
180 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
181 missing_relations.append("mongodb")
182 if self.prometheus_client.is_missing_data_in_app():
183 missing_relations.append("prometheus")
184 if config.keystone_enabled:
185 if self.keystone_client.is_missing_data_in_app():
186 missing_relations.append("keystone")
187
188 if missing_relations:
189 raise RelationsMissing(missing_relations)
190
191 def _build_cert_files(
192 self,
193 config: ConfigModel,
194 ):
195 cert_files_builder = FilesV3Builder()
196 for name, content in config.certificates_dict.items():
197 cert_files_builder.add_file(name, decode(content), mode=0o600)
198 return cert_files_builder.build()
199
200 def build_pod_spec(self, image_info):
201 # Validate config
202 config = ConfigModel(**dict(self.config))
203
204 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
205 raise Exception("Mongodb data cannot be provided via config and relation")
206
207 # Check relations
208 self._check_missing_dependencies(config)
209
210 security_context_enabled = (
211 config.security_context if not config.debug_mode else False
212 )
213
214 # Create Builder for the PodSpec
215 pod_spec_builder = PodSpecV3Builder(
216 enable_security_context=security_context_enabled
217 )
218
219 # Add secrets to the pod
220 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
221 pod_spec_builder.add_secret(
222 mongodb_secret_name,
223 {
224 "uri": config.mongodb_uri or self.mongodb_client.connection_string,
225 "commonkey": config.database_commonkey,
226 },
227 )
228 grafana_secret_name = f"{self.app.name}-grafana-secret"
229 pod_spec_builder.add_secret(
230 grafana_secret_name,
231 {
232 "url": config.grafana_url,
233 "user": config.grafana_user,
234 "password": config.grafana_password,
235 },
236 )
237
238 vca_secret_name = f"{self.app.name}-vca-secret"
239 pod_spec_builder.add_secret(
240 vca_secret_name,
241 {
242 "host": config.vca_host,
243 "user": config.vca_user,
244 "secret": config.vca_secret,
245 "cacert": config.vca_cacert,
246 },
247 )
248
249 # Build Container
250 container_builder = ContainerV3Builder(
251 self.app.name,
252 image_info,
253 config.image_pull_policy,
254 run_as_non_root=security_context_enabled,
255 )
256 certs_files = self._build_cert_files(config)
257
258 if certs_files:
259 container_builder.add_volume_config("certs", "/certs", certs_files)
260
261 container_builder.add_port(name=self.app.name, port=PORT)
262 container_builder.add_envs(
263 {
264 # General configuration
265 "ALLOW_ANONYMOUS_LOGIN": "yes",
266 "OSMMON_OPENSTACK_DEFAULT_GRANULARITY": config.openstack_default_granularity,
267 "OSMMON_GLOBAL_REQUEST_TIMEOUT": config.global_request_timeout,
268 "OSMMON_GLOBAL_LOGLEVEL": config.log_level,
269 "OSMMON_COLLECTOR_INTERVAL": config.collector_interval,
270 "OSMMON_COLLECTOR_VM_INFRA_METRICS": config.vm_infra_metrics,
271 "OSMMON_EVALUATOR_INTERVAL": config.evaluator_interval,
272 # Kafka configuration
273 "OSMMON_MESSAGE_DRIVER": "kafka",
274 "OSMMON_MESSAGE_HOST": self.kafka.host,
275 "OSMMON_MESSAGE_PORT": self.kafka.port,
276 # Database configuration
277 "OSMMON_DATABASE_DRIVER": "mongo",
278 # Prometheus configuration
279 "OSMMON_PROMETHEUS_URL": f"http://{self.prometheus_client.hostname}:{self.prometheus_client.port}",
280 }
281 )
282 prometheus_user = self.prometheus_client.user
283 prometheus_password = self.prometheus_client.password
284 if prometheus_user and prometheus_password:
285 container_builder.add_envs(
286 {
287 "OSMMON_PROMETHEUS_USER": prometheus_user,
288 "OSMMON_PROMETHEUS_PASSWORD": prometheus_password,
289 }
290 )
291 container_builder.add_secret_envs(
292 secret_name=mongodb_secret_name,
293 envs={
294 "OSMMON_DATABASE_URI": "uri",
295 "OSMMON_DATABASE_COMMONKEY": "commonkey",
296 },
297 )
298 container_builder.add_secret_envs(
299 secret_name=vca_secret_name,
300 envs={
301 "OSMMON_VCA_HOST": "host",
302 "OSMMON_VCA_USER": "user",
303 "OSMMON_VCA_SECRET": "secret",
304 "OSMMON_VCA_CACERT": "cacert",
305 },
306 )
307 container_builder.add_secret_envs(
308 secret_name=grafana_secret_name,
309 envs={
310 "OSMMON_GRAFANA_URL": "url",
311 "OSMMON_GRAFANA_USER": "user",
312 "OSMMON_GRAFANA_PASSWORD": "password",
313 },
314 )
315 if config.keystone_enabled:
316 keystone_secret_name = f"{self.app.name}-keystone-secret"
317 pod_spec_builder.add_secret(
318 keystone_secret_name,
319 {
320 "url": self.keystone_client.host,
321 "user_domain": self.keystone_client.user_domain_name,
322 "project_domain": self.keystone_client.project_domain_name,
323 "service_username": self.keystone_client.username,
324 "service_password": self.keystone_client.password,
325 "service_project": self.keystone_client.service,
326 },
327 )
328 container_builder.add_env("OSMMON_KEYSTONE_ENABLED", True)
329 container_builder.add_secret_envs(
330 secret_name=keystone_secret_name,
331 envs={
332 "OSMMON_KEYSTONE_URL": "url",
333 "OSMMON_KEYSTONE_DOMAIN_NAME": "user_domain",
334 "OSMMON_KEYSTONE_PROJECT_DOMAIN_NAME": "project_domain",
335 "OSMMON_KEYSTONE_SERVICE_USER": "service_username",
336 "OSMMON_KEYSTONE_SERVICE_PASSWORD": "service_password",
337 "OSMMON_KEYSTONE_SERVICE_PROJECT": "service_project",
338 },
339 )
340 container = container_builder.build()
341
342 # Add restart policy
343 restart_policy = PodRestartPolicy()
344 restart_policy.add_secrets()
345 pod_spec_builder.set_restart_policy(restart_policy)
346
347 # Add container to pod spec
348 pod_spec_builder.add_container(container)
349
350 return pod_spec_builder.build()
351
352
353 VSCODE_WORKSPACE = {
354 "folders": [
355 {"path": "/usr/lib/python3/dist-packages/osm_mon"},
356 {"path": "/usr/lib/python3/dist-packages/osm_common"},
357 {"path": "/usr/lib/python3/dist-packages/n2vc"},
358 ],
359 "settings": {},
360 "launch": {
361 "version": "0.2.0",
362 "configurations": [
363 {
364 "name": "MON Server",
365 "type": "python",
366 "request": "launch",
367 "module": "osm_mon.cmd.mon_server",
368 "justMyCode": False,
369 },
370 {
371 "name": "MON evaluator",
372 "type": "python",
373 "request": "launch",
374 "module": "osm_mon.cmd.mon_evaluator",
375 "justMyCode": False,
376 },
377 {
378 "name": "MON collector",
379 "type": "python",
380 "request": "launch",
381 "module": "osm_mon.cmd.mon_collector",
382 "justMyCode": False,
383 },
384 {
385 "name": "MON dashboarder",
386 "type": "python",
387 "request": "launch",
388 "module": "osm_mon.cmd.mon_dashboarder",
389 "justMyCode": False,
390 },
391 ],
392 },
393 }
394 if __name__ == "__main__":
395 main(MonCharm)