2 # Copyright 2021 Canonical Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
23 # pylint: disable=E0213
26 from ipaddress
import ip_network
28 from typing
import NoReturn
, Optional
29 from urllib
.parse
import urlparse
32 from charms
.kafka_k8s
.v0
.kafka
import KafkaEvents
, KafkaRequires
33 from ops
.main
import main
34 from opslib
.osm
.charm
import CharmedOsmBase
, RelationsMissing
35 from opslib
.osm
.interfaces
.http
import HttpServer
36 from opslib
.osm
.interfaces
.keystone
import KeystoneClient
37 from opslib
.osm
.interfaces
.mongo
import MongoClient
38 from opslib
.osm
.interfaces
.prometheus
import PrometheusClient
39 from opslib
.osm
.pod
import (
41 IngressResourceV3Builder
,
45 from opslib
.osm
.validator
import ModelValidator
, validator
48 logger
= logging
.getLogger(__name__
)
53 class ConfigModel(ModelValidator
):
56 database_commonkey
: str
59 site_url
: Optional
[str]
60 cluster_issuer
: Optional
[str]
61 ingress_class
: Optional
[str]
62 ingress_whitelist_source_range
: Optional
[str]
63 tls_secret_name
: Optional
[str]
64 mongodb_uri
: Optional
[str]
65 image_pull_policy
: str
67 security_context
: bool
69 @validator("auth_backend")
70 def validate_auth_backend(cls
, v
):
71 if v
not in {"internal", "keystone"}:
72 raise ValueError("value must be 'internal' or 'keystone'")
75 @validator("log_level")
76 def validate_log_level(cls
, v
):
77 if v
not in {"INFO", "DEBUG"}:
78 raise ValueError("value must be INFO or DEBUG")
81 @validator("max_file_size")
82 def validate_max_file_size(cls
, v
):
84 raise ValueError("value must be equal or greater than 0")
87 @validator("site_url")
88 def validate_site_url(cls
, v
):
91 if not parsed
.scheme
.startswith("http"):
92 raise ValueError("value must start with http")
95 @validator("ingress_whitelist_source_range")
96 def validate_ingress_whitelist_source_range(cls
, v
):
101 @validator("mongodb_uri")
102 def validate_mongodb_uri(cls
, v
):
103 if v
and not v
.startswith("mongodb://"):
104 raise ValueError("mongodb_uri is not properly formed")
107 @validator("image_pull_policy")
108 def validate_image_pull_policy(cls
, v
):
111 "ifnotpresent": "IfNotPresent",
115 if v
not in values
.keys():
116 raise ValueError("value must be always, ifnotpresent or never")
120 class NbiCharm(CharmedOsmBase
):
123 def __init__(self
, *args
) -> NoReturn
:
127 vscode_workspace
=VSCODE_WORKSPACE
,
129 if self
.config
.get("debug_mode"):
130 self
.enable_debug_mode(
131 pubkey
=self
.config
.get("debug_pubkey"),
134 "hostpath": self
.config
.get("debug_nbi_local_path"),
135 "container-path": "/usr/lib/python3/dist-packages/osm_nbi",
138 "hostpath": self
.config
.get("debug_common_local_path"),
139 "container-path": "/usr/lib/python3/dist-packages/osm_common",
144 self
.kafka
= KafkaRequires(self
)
145 self
.framework
.observe(self
.on
.kafka_available
, self
.configure_pod
)
146 self
.framework
.observe(self
.on
.kafka_broken
, self
.configure_pod
)
148 self
.mongodb_client
= MongoClient(self
, "mongodb")
149 self
.framework
.observe(self
.on
["mongodb"].relation_changed
, self
.configure_pod
)
150 self
.framework
.observe(self
.on
["mongodb"].relation_broken
, self
.configure_pod
)
152 self
.prometheus_client
= PrometheusClient(self
, "prometheus")
153 self
.framework
.observe(
154 self
.on
["prometheus"].relation_changed
, self
.configure_pod
156 self
.framework
.observe(
157 self
.on
["prometheus"].relation_broken
, self
.configure_pod
160 self
.keystone_client
= KeystoneClient(self
, "keystone")
161 self
.framework
.observe(self
.on
["keystone"].relation_changed
, self
.configure_pod
)
162 self
.framework
.observe(self
.on
["keystone"].relation_broken
, self
.configure_pod
)
164 self
.http_server
= HttpServer(self
, "nbi")
165 self
.framework
.observe(self
.on
["nbi"].relation_joined
, self
._publish
_nbi
_info
)
167 def _publish_nbi_info(self
, event
):
168 """Publishes NBI information.
171 event (EventBase): RO relation event.
173 if self
.unit
.is_leader():
174 self
.http_server
.publish_info(self
.app
.name
, PORT
)
176 def _check_missing_dependencies(self
, config
: ConfigModel
):
177 missing_relations
= []
179 if not self
.kafka
.host
or not self
.kafka
.port
:
180 missing_relations
.append("kafka")
181 if not config
.mongodb_uri
and self
.mongodb_client
.is_missing_data_in_unit():
182 missing_relations
.append("mongodb")
183 if self
.prometheus_client
.is_missing_data_in_app():
184 missing_relations
.append("prometheus")
185 if config
.auth_backend
== "keystone":
186 if self
.keystone_client
.is_missing_data_in_app():
187 missing_relations
.append("keystone")
189 if missing_relations
:
190 raise RelationsMissing(missing_relations
)
192 def build_pod_spec(self
, image_info
):
194 config
= ConfigModel(**dict(self
.config
))
196 if config
.mongodb_uri
and not self
.mongodb_client
.is_missing_data_in_unit():
197 raise Exception("Mongodb data cannot be provided via config and relation")
200 self
._check
_missing
_dependencies
(config
)
202 security_context_enabled
= (
203 config
.security_context
if not config
.debug_mode
else False
206 # Create Builder for the PodSpec
207 pod_spec_builder
= PodSpecV3Builder(
208 enable_security_context
=security_context_enabled
211 # Add secrets to the pod
212 mongodb_secret_name
= f
"{self.app.name}-mongodb-secret"
213 pod_spec_builder
.add_secret(
216 "uri": config
.mongodb_uri
or self
.mongodb_client
.connection_string
,
217 "commonkey": config
.database_commonkey
,
221 # Build Init Container
222 pod_spec_builder
.add_init_container(
224 "name": "init-check",
225 "image": "alpine:latest",
229 f
"until (nc -zvw1 {self.kafka.host} {self.kafka.port} ); do sleep 3; done; exit 0",
235 container_builder
= ContainerV3Builder(
238 config
.image_pull_policy
,
239 run_as_non_root
=security_context_enabled
,
241 container_builder
.add_port(name
=self
.app
.name
, port
=PORT
)
242 container_builder
.add_tcpsocket_readiness_probe(
244 initial_delay_seconds
=5,
247 container_builder
.add_tcpsocket_liveness_probe(
249 initial_delay_seconds
=45,
252 container_builder
.add_envs(
254 # General configuration
255 "ALLOW_ANONYMOUS_LOGIN": "yes",
256 "OSMNBI_SERVER_ENABLE_TEST": config
.enable_test
,
257 "OSMNBI_STATIC_DIR": "/app/osm_nbi/html_public",
258 # Kafka configuration
259 "OSMNBI_MESSAGE_HOST": self
.kafka
.host
,
260 "OSMNBI_MESSAGE_DRIVER": "kafka",
261 "OSMNBI_MESSAGE_PORT": self
.kafka
.port
,
262 # Database configuration
263 "OSMNBI_DATABASE_DRIVER": "mongo",
264 # Storage configuration
265 "OSMNBI_STORAGE_DRIVER": "mongo",
266 "OSMNBI_STORAGE_PATH": "/app/storage",
267 "OSMNBI_STORAGE_COLLECTION": "files",
268 # Prometheus configuration
269 "OSMNBI_PROMETHEUS_HOST": self
.prometheus_client
.hostname
,
270 "OSMNBI_PROMETHEUS_PORT": self
.prometheus_client
.port
,
272 "OSMNBI_LOG_LEVEL": config
.log_level
,
275 container_builder
.add_secret_envs(
276 secret_name
=mongodb_secret_name
,
278 "OSMNBI_DATABASE_URI": "uri",
279 "OSMNBI_DATABASE_COMMONKEY": "commonkey",
280 "OSMNBI_STORAGE_URI": "uri",
283 if config
.auth_backend
== "internal":
284 container_builder
.add_env("OSMNBI_AUTHENTICATION_BACKEND", "internal")
285 elif config
.auth_backend
== "keystone":
286 keystone_secret_name
= f
"{self.app.name}-keystone-secret"
287 pod_spec_builder
.add_secret(
288 keystone_secret_name
,
290 "url": self
.keystone_client
.host
,
291 "port": self
.keystone_client
.port
,
292 "user_domain": self
.keystone_client
.user_domain_name
,
293 "project_domain": self
.keystone_client
.project_domain_name
,
294 "service_username": self
.keystone_client
.username
,
295 "service_password": self
.keystone_client
.password
,
296 "service_project": self
.keystone_client
.service
,
299 container_builder
.add_env("OSMNBI_AUTHENTICATION_BACKEND", "keystone")
300 container_builder
.add_secret_envs(
301 secret_name
=keystone_secret_name
,
303 "OSMNBI_AUTHENTICATION_AUTH_URL": "url",
304 "OSMNBI_AUTHENTICATION_AUTH_PORT": "port",
305 "OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME": "user_domain",
306 "OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME": "project_domain",
307 "OSMNBI_AUTHENTICATION_SERVICE_USERNAME": "service_username",
308 "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD": "service_password",
309 "OSMNBI_AUTHENTICATION_SERVICE_PROJECT": "service_project",
312 container
= container_builder
.build()
314 # Add container to pod spec
315 pod_spec_builder
.add_container(container
)
317 # Add ingress resources to pod spec if site url exists
319 parsed
= urlparse(config
.site_url
)
321 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
322 str(config
.max_file_size
) + "m"
323 if config
.max_file_size
> 0
324 else config
.max_file_size
326 "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
328 if config
.ingress_class
:
329 annotations
["kubernetes.io/ingress.class"] = config
.ingress_class
330 ingress_resource_builder
= IngressResourceV3Builder(
331 f
"{self.app.name}-ingress", annotations
334 if config
.ingress_whitelist_source_range
:
336 "nginx.ingress.kubernetes.io/whitelist-source-range"
337 ] = config
.ingress_whitelist_source_range
339 if config
.cluster_issuer
:
340 annotations
["cert-manager.io/cluster-issuer"] = config
.cluster_issuer
342 if parsed
.scheme
== "https":
343 ingress_resource_builder
.add_tls(
344 [parsed
.hostname
], config
.tls_secret_name
347 annotations
["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
349 ingress_resource_builder
.add_rule(parsed
.hostname
, self
.app
.name
, PORT
)
350 ingress_resource
= ingress_resource_builder
.build()
351 pod_spec_builder
.add_ingress_resource(ingress_resource
)
354 restart_policy
= PodRestartPolicy()
355 restart_policy
.add_secrets()
356 pod_spec_builder
.set_restart_policy(restart_policy
)
358 return pod_spec_builder
.build()
363 {"path": "/usr/lib/python3/dist-packages/osm_nbi"},
364 {"path": "/usr/lib/python3/dist-packages/osm_common"},
365 {"path": "/usr/lib/python3/dist-packages/osm_im"},
375 "module": "osm_nbi.nbi",
383 if __name__
== "__main__":