X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Flcm%2Fsrc%2Fcharm.py;h=7c644189def38208dffaee0fc9f00c71b74fe8d7;hb=8a00e59f4f7928dfb0208c2eaa5efc8fe1666452;hp=01ac0bf5c4c94b6115a9653c8c60eec4f07bb03b;hpb=0dc25b3c932a7831f23e8d93d6d75be5c284877e;p=osm%2Fdevops.git diff --git a/installers/charm/lcm/src/charm.py b/installers/charm/lcm/src/charm.py index 01ac0bf5..7c644189 100755 --- a/installers/charm/lcm/src/charm.py +++ b/installers/charm/lcm/src/charm.py @@ -27,12 +27,12 @@ import logging from typing import NoReturn, Optional +from charms.kafka_k8s.v0.kafka import KafkaEvents, KafkaRequires from ops.main import main from opslib.osm.charm import CharmedOsmBase, RelationsMissing from opslib.osm.interfaces.http import HttpClient -from opslib.osm.interfaces.kafka import KafkaClient from opslib.osm.interfaces.mongo import MongoClient -from opslib.osm.pod import ContainerV3Builder, PodSpecV3Builder +from opslib.osm.pod import ContainerV3Builder, PodRestartPolicy, PodSpecV3Builder from opslib.osm.validator import ModelValidator, validator @@ -111,6 +111,8 @@ class ConfigModel(ModelValidator): vca_stablerepourl: Optional[str] vca_helm_ca_certs: Optional[str] image_pull_policy: str + debug_mode: bool + security_context: bool @validator("log_level") def validate_log_level(cls, v): @@ -138,17 +140,36 @@ class ConfigModel(ModelValidator): class LcmCharm(CharmedOsmBase): + + on = KafkaEvents() + def __init__(self, *args) -> NoReturn: super().__init__( *args, oci_image="image", - debug_mode_config_key="debug_mode", - debug_pubkey_config_key="debug_pubkey", vscode_workspace=VSCODE_WORKSPACE, ) - self.kafka_client = KafkaClient(self, "kafka") - self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod) - self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod) + if self.config.get("debug_mode"): + self.enable_debug_mode( + pubkey=self.config.get("debug_pubkey"), + hostpaths={ + "LCM": { + "hostpath": self.config.get("debug_lcm_local_path"), + "container-path": "/usr/lib/python3/dist-packages/osm_lcm", + }, + "N2VC": { + "hostpath": self.config.get("debug_n2vc_local_path"), + "container-path": "/usr/lib/python3/dist-packages/n2vc", + }, + "osm_common": { + "hostpath": self.config.get("debug_common_local_path"), + "container-path": "/usr/lib/python3/dist-packages/osm_common", + }, + }, + ) + self.kafka = KafkaRequires(self) + self.framework.observe(self.on.kafka_available, self.configure_pod) + self.framework.observe(self.on.kafka_broken, self.configure_pod) self.mongodb_client = MongoClient(self, "mongodb") self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod) @@ -161,7 +182,7 @@ class LcmCharm(CharmedOsmBase): def _check_missing_dependencies(self, config: ConfigModel): missing_relations = [] - if self.kafka_client.is_missing_data_in_unit(): + if not self.kafka.host or not self.kafka.port: missing_relations.append("kafka") if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit(): missing_relations.append("mongodb") @@ -181,12 +202,32 @@ class LcmCharm(CharmedOsmBase): # Check relations self._check_missing_dependencies(config) + security_context_enabled = ( + config.security_context if not config.debug_mode else False + ) + # Create Builder for the PodSpec - pod_spec_builder = PodSpecV3Builder() + pod_spec_builder = PodSpecV3Builder( + enable_security_context=security_context_enabled + ) + + # Add secrets to the pod + mongodb_secret_name = f"{self.app.name}-mongodb-secret" + pod_spec_builder.add_secret( + mongodb_secret_name, + { + "uri": config.mongodb_uri or self.mongodb_client.connection_string, + "commonkey": config.database_commonkey, + "helm_ca_certs": config.vca_helm_ca_certs, + }, + ) # Build Container container_builder = ContainerV3Builder( - self.app.name, image_info, config.image_pull_policy + self.app.name, + image_info, + config.image_pull_policy, + run_as_non_root=security_context_enabled, ) container_builder.add_port(name=self.app.name, port=PORT) container_builder.add_envs( @@ -200,36 +241,54 @@ class LcmCharm(CharmedOsmBase): "OSMLCM_RO_TENANT": "osm", # Kafka configuration "OSMLCM_MESSAGE_DRIVER": "kafka", - "OSMLCM_MESSAGE_HOST": self.kafka_client.host, - "OSMLCM_MESSAGE_PORT": self.kafka_client.port, + "OSMLCM_MESSAGE_HOST": self.kafka.host, + "OSMLCM_MESSAGE_PORT": self.kafka.port, # Database configuration "OSMLCM_DATABASE_DRIVER": "mongo", - "OSMLCM_DATABASE_URI": config.mongodb_uri - or self.mongodb_client.connection_string, - "OSMLCM_DATABASE_COMMONKEY": config.database_commonkey, # Storage configuration "OSMLCM_STORAGE_DRIVER": "mongo", "OSMLCM_STORAGE_PATH": "/app/storage", "OSMLCM_STORAGE_COLLECTION": "files", - "OSMLCM_STORAGE_URI": config.mongodb_uri - or self.mongodb_client.connection_string, "OSMLCM_VCA_STABLEREPOURL": config.vca_stablerepourl, - "OSMLCM_VCA_HELM_CA_CERTS": config.vca_helm_ca_certs, } ) + container_builder.add_secret_envs( + secret_name=mongodb_secret_name, + envs={ + "OSMLCM_DATABASE_URI": "uri", + "OSMLCM_DATABASE_COMMONKEY": "commonkey", + "OSMLCM_STORAGE_URI": "uri", + "OSMLCM_VCA_HELM_CA_CERTS": "helm_ca_certs", + }, + ) if config.vca_host: - container_builder.add_envs( + vca_secret_name = f"{self.app.name}-vca-secret" + pod_spec_builder.add_secret( + vca_secret_name, { + "host": config.vca_host, + "port": str(config.vca_port), + "user": config.vca_user, + "pubkey": config.vca_pubkey, + "secret": config.vca_secret, + "cacert": config.vca_cacert, + "cloud": config.vca_cloud, + "k8s_cloud": config.vca_k8s_cloud, + }, + ) + container_builder.add_secret_envs( + secret_name=vca_secret_name, + envs={ # VCA configuration - "OSMLCM_VCA_HOST": config.vca_host, - "OSMLCM_VCA_PORT": config.vca_port, - "OSMLCM_VCA_USER": config.vca_user, - "OSMLCM_VCA_PUBKEY": config.vca_pubkey, - "OSMLCM_VCA_SECRET": config.vca_secret, - "OSMLCM_VCA_CACERT": config.vca_cacert, - "OSMLCM_VCA_CLOUD": config.vca_cloud, - "OSMLCM_VCA_K8S_CLOUD": config.vca_k8s_cloud, - } + "OSMLCM_VCA_HOST": "host", + "OSMLCM_VCA_PORT": "port", + "OSMLCM_VCA_USER": "user", + "OSMLCM_VCA_PUBKEY": "pubkey", + "OSMLCM_VCA_SECRET": "secret", + "OSMLCM_VCA_CACERT": "cacert", + "OSMLCM_VCA_CLOUD": "cloud", + "OSMLCM_VCA_K8S_CLOUD": "k8s_cloud", + }, ) if config.vca_apiproxy: container_builder.add_env("OSMLCM_VCA_APIPROXY", config.vca_apiproxy) @@ -246,13 +305,18 @@ class LcmCharm(CharmedOsmBase): # Add container to pod spec pod_spec_builder.add_container(container) + # Add restart policy + restart_policy = PodRestartPolicy() + restart_policy.add_secrets() + pod_spec_builder.set_restart_policy(restart_policy) + return pod_spec_builder.build() VSCODE_WORKSPACE = { "folders": [ {"path": "/usr/lib/python3/dist-packages/osm_lcm"}, - {"path": "/usr/lib/python3/dist-packages/osm_n2vc"}, + {"path": "/usr/lib/python3/dist-packages/n2vc"}, {"path": "/usr/lib/python3/dist-packages/osm_common"}, ], "settings": {},