2 # Copyright 2021 Canonical Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
23 # pylint: disable=E0213
28 from typing
import NoReturn
, Optional
31 from charms
.kafka_k8s
.v0
.kafka
import KafkaEvents
, KafkaRequires
32 from ops
.main
import main
33 from opslib
.osm
.charm
import CharmedOsmBase
, RelationsMissing
34 from opslib
.osm
.interfaces
.keystone
import KeystoneClient
35 from opslib
.osm
.interfaces
.mongo
import MongoClient
36 from opslib
.osm
.interfaces
.prometheus
import PrometheusClient
37 from opslib
.osm
.pod
import (
43 from opslib
.osm
.validator
import ModelValidator
, validator
46 logger
= logging
.getLogger(__name__
)
51 def _check_certificate_data(name
: str, content
: str):
52 if not name
or not content
:
53 raise ValueError("certificate name and content must be a non-empty string")
56 def _extract_certificates(certs_config
: str):
59 cert_list
= certs_config
.split(",")
60 for cert
in cert_list
:
61 name
, content
= cert
.split(":")
62 _check_certificate_data(name
, content
)
63 certificates
[name
] = content
67 def decode(content
: str):
68 return base64
.b64decode(content
.encode("utf-8")).decode("utf-8")
71 class ConfigModel(ModelValidator
):
72 keystone_enabled
: bool
77 database_commonkey
: str
78 mongodb_uri
: Optional
[str]
80 openstack_default_granularity
: int
81 global_request_timeout
: int
82 collector_interval
: int
83 evaluator_interval
: int
87 certificates
: Optional
[str]
88 image_pull_policy
: str
90 security_context
: bool
92 @validator("log_level")
93 def validate_log_level(cls
, v
):
94 if v
not in {"INFO", "DEBUG"}:
95 raise ValueError("value must be INFO or DEBUG")
98 @validator("certificates")
99 def validate_certificates(cls
, v
):
100 # Raises an exception if it cannot extract the certificates
101 _extract_certificates(v
)
104 @validator("mongodb_uri")
105 def validate_mongodb_uri(cls
, v
):
106 if v
and not v
.startswith("mongodb://"):
107 raise ValueError("mongodb_uri is not properly formed")
110 @validator("image_pull_policy")
111 def validate_image_pull_policy(cls
, v
):
114 "ifnotpresent": "IfNotPresent",
118 if v
not in values
.keys():
119 raise ValueError("value must be always, ifnotpresent or never")
123 def certificates_dict(cls
):
124 return _extract_certificates(cls
.certificates
) if cls
.certificates
else {}
127 class MonCharm(CharmedOsmBase
):
131 def __init__(self
, *args
) -> NoReturn
:
135 vscode_workspace
=VSCODE_WORKSPACE
,
137 if self
.config
.get("debug_mode"):
138 self
.enable_debug_mode(
139 pubkey
=self
.config
.get("debug_pubkey"),
142 "hostpath": self
.config
.get("debug_mon_local_path"),
143 "container-path": "/usr/lib/python3/dist-packages/osm_mon",
146 "hostpath": self
.config
.get("debug_n2vc_local_path"),
147 "container-path": "/usr/lib/python3/dist-packages/n2vc",
150 "hostpath": self
.config
.get("debug_common_local_path"),
151 "container-path": "/usr/lib/python3/dist-packages/osm_common",
155 self
.kafka
= KafkaRequires(self
)
156 self
.framework
.observe(self
.on
.kafka_available
, self
.configure_pod
)
157 self
.framework
.observe(self
.on
.kafka_broken
, self
.configure_pod
)
159 self
.mongodb_client
= MongoClient(self
, "mongodb")
160 self
.framework
.observe(self
.on
["mongodb"].relation_changed
, self
.configure_pod
)
161 self
.framework
.observe(self
.on
["mongodb"].relation_broken
, self
.configure_pod
)
163 self
.prometheus_client
= PrometheusClient(self
, "prometheus")
164 self
.framework
.observe(
165 self
.on
["prometheus"].relation_changed
, self
.configure_pod
167 self
.framework
.observe(
168 self
.on
["prometheus"].relation_broken
, self
.configure_pod
171 self
.keystone_client
= KeystoneClient(self
, "keystone")
172 self
.framework
.observe(self
.on
["keystone"].relation_changed
, self
.configure_pod
)
173 self
.framework
.observe(self
.on
["keystone"].relation_broken
, self
.configure_pod
)
175 def _check_missing_dependencies(self
, config
: ConfigModel
):
176 missing_relations
= []
178 if not self
.kafka
.host
or not self
.kafka
.port
:
179 missing_relations
.append("kafka")
180 if not config
.mongodb_uri
and self
.mongodb_client
.is_missing_data_in_unit():
181 missing_relations
.append("mongodb")
182 if self
.prometheus_client
.is_missing_data_in_app():
183 missing_relations
.append("prometheus")
184 if config
.keystone_enabled
:
185 if self
.keystone_client
.is_missing_data_in_app():
186 missing_relations
.append("keystone")
188 if missing_relations
:
189 raise RelationsMissing(missing_relations
)
191 def _build_cert_files(
195 cert_files_builder
= FilesV3Builder()
196 for name
, content
in config
.certificates_dict
.items():
197 cert_files_builder
.add_file(name
, decode(content
), mode
=0o600)
198 return cert_files_builder
.build()
200 def build_pod_spec(self
, image_info
):
202 config
= ConfigModel(**dict(self
.config
))
204 if config
.mongodb_uri
and not self
.mongodb_client
.is_missing_data_in_unit():
205 raise Exception("Mongodb data cannot be provided via config and relation")
208 self
._check
_missing
_dependencies
(config
)
210 security_context_enabled
= (
211 config
.security_context
if not config
.debug_mode
else False
214 # Create Builder for the PodSpec
215 pod_spec_builder
= PodSpecV3Builder(
216 enable_security_context
=security_context_enabled
219 # Add secrets to the pod
220 mongodb_secret_name
= f
"{self.app.name}-mongodb-secret"
221 pod_spec_builder
.add_secret(
224 "uri": config
.mongodb_uri
or self
.mongodb_client
.connection_string
,
225 "commonkey": config
.database_commonkey
,
228 grafana_secret_name
= f
"{self.app.name}-grafana-secret"
229 pod_spec_builder
.add_secret(
232 "url": config
.grafana_url
,
233 "user": config
.grafana_user
,
234 "password": config
.grafana_password
,
238 vca_secret_name
= f
"{self.app.name}-vca-secret"
239 pod_spec_builder
.add_secret(
242 "host": config
.vca_host
,
243 "user": config
.vca_user
,
244 "secret": config
.vca_secret
,
245 "cacert": config
.vca_cacert
,
250 container_builder
= ContainerV3Builder(
253 config
.image_pull_policy
,
254 run_as_non_root
=security_context_enabled
,
256 certs_files
= self
._build
_cert
_files
(config
)
259 container_builder
.add_volume_config("certs", "/certs", certs_files
)
261 container_builder
.add_port(name
=self
.app
.name
, port
=PORT
)
262 container_builder
.add_envs(
264 # General configuration
265 "ALLOW_ANONYMOUS_LOGIN": "yes",
266 "OSMMON_OPENSTACK_DEFAULT_GRANULARITY": config
.openstack_default_granularity
,
267 "OSMMON_GLOBAL_REQUEST_TIMEOUT": config
.global_request_timeout
,
268 "OSMMON_GLOBAL_LOGLEVEL": config
.log_level
,
269 "OSMMON_COLLECTOR_INTERVAL": config
.collector_interval
,
270 "OSMMON_EVALUATOR_INTERVAL": config
.evaluator_interval
,
271 # Kafka configuration
272 "OSMMON_MESSAGE_DRIVER": "kafka",
273 "OSMMON_MESSAGE_HOST": self
.kafka
.host
,
274 "OSMMON_MESSAGE_PORT": self
.kafka
.port
,
275 # Database configuration
276 "OSMMON_DATABASE_DRIVER": "mongo",
277 # Prometheus configuration
278 "OSMMON_PROMETHEUS_URL": f
"http://{self.prometheus_client.hostname}:{self.prometheus_client.port}",
281 prometheus_user
= self
.prometheus_client
.user
282 prometheus_password
= self
.prometheus_client
.password
283 if prometheus_user
and prometheus_password
:
284 container_builder
.add_envs(
286 "OSMMON_PROMETHEUS_USER": prometheus_user
,
287 "OSMMON_PROMETHEUS_PASSWORD": prometheus_password
,
290 container_builder
.add_secret_envs(
291 secret_name
=mongodb_secret_name
,
293 "OSMMON_DATABASE_URI": "uri",
294 "OSMMON_DATABASE_COMMONKEY": "commonkey",
297 container_builder
.add_secret_envs(
298 secret_name
=vca_secret_name
,
300 "OSMMON_VCA_HOST": "host",
301 "OSMMON_VCA_USER": "user",
302 "OSMMON_VCA_SECRET": "secret",
303 "OSMMON_VCA_CACERT": "cacert",
306 container_builder
.add_secret_envs(
307 secret_name
=grafana_secret_name
,
309 "OSMMON_GRAFANA_URL": "url",
310 "OSMMON_GRAFANA_USER": "user",
311 "OSMMON_GRAFANA_PASSWORD": "password",
314 if config
.keystone_enabled
:
315 keystone_secret_name
= f
"{self.app.name}-keystone-secret"
316 pod_spec_builder
.add_secret(
317 keystone_secret_name
,
319 "url": self
.keystone_client
.host
,
320 "user_domain": self
.keystone_client
.user_domain_name
,
321 "project_domain": self
.keystone_client
.project_domain_name
,
322 "service_username": self
.keystone_client
.username
,
323 "service_password": self
.keystone_client
.password
,
324 "service_project": self
.keystone_client
.service
,
327 container_builder
.add_env("OSMMON_KEYSTONE_ENABLED", True)
328 container_builder
.add_secret_envs(
329 secret_name
=keystone_secret_name
,
331 "OSMMON_KEYSTONE_URL": "url",
332 "OSMMON_KEYSTONE_DOMAIN_NAME": "user_domain",
333 "OSMMON_KEYSTONE_PROJECT_DOMAIN_NAME": "project_domain",
334 "OSMMON_KEYSTONE_SERVICE_USER": "service_username",
335 "OSMMON_KEYSTONE_SERVICE_PASSWORD": "service_password",
336 "OSMMON_KEYSTONE_SERVICE_PROJECT": "service_project",
339 container
= container_builder
.build()
342 restart_policy
= PodRestartPolicy()
343 restart_policy
.add_secrets()
344 pod_spec_builder
.set_restart_policy(restart_policy
)
346 # Add container to pod spec
347 pod_spec_builder
.add_container(container
)
349 return pod_spec_builder
.build()
354 {"path": "/usr/lib/python3/dist-packages/osm_mon"},
355 {"path": "/usr/lib/python3/dist-packages/osm_common"},
356 {"path": "/usr/lib/python3/dist-packages/n2vc"},
363 "name": "MON Server",
366 "module": "osm_mon.cmd.mon_server",
370 "name": "MON evaluator",
373 "module": "osm_mon.cmd.mon_evaluator",
377 "name": "MON collector",
380 "module": "osm_mon.cmd.mon_collector",
384 "name": "MON dashboarder",
387 "module": "osm_mon.cmd.mon_dashboarder",
393 if __name__
== "__main__":