X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Flcm%2Fsrc%2Fcharm.py;h=7c644189def38208dffaee0fc9f00c71b74fe8d7;hb=8a00e59f4f7928dfb0208c2eaa5efc8fe1666452;hp=270a5479a837a791859d2f2143eb5e71c5afb030;hpb=49379ced23b5e344a773ce77ac9cb59c1864e19b;p=osm%2Fdevops.git diff --git a/installers/charm/lcm/src/charm.py b/installers/charm/lcm/src/charm.py index 270a5479..7c644189 100755 --- a/installers/charm/lcm/src/charm.py +++ b/installers/charm/lcm/src/charm.py @@ -24,25 +24,16 @@ import logging -from typing import Optional, NoReturn +from typing import NoReturn, Optional -from ops.main import main +from charms.kafka_k8s.v0.kafka import KafkaEvents, KafkaRequires +from ops.main import main from opslib.osm.charm import CharmedOsmBase, RelationsMissing - -from opslib.osm.pod import ( - ContainerV3Builder, - PodSpecV3Builder, -) - -from opslib.osm.validator import ( - ModelValidator, - validator, -) - -from opslib.osm.interfaces.kafka import KafkaClient -from opslib.osm.interfaces.mongo import MongoClient from opslib.osm.interfaces.http import HttpClient +from opslib.osm.interfaces.mongo import MongoClient +from opslib.osm.pod import ContainerV3Builder, PodRestartPolicy, PodSpecV3Builder +from opslib.osm.validator import ModelValidator, validator logger = logging.getLogger(__name__) @@ -51,17 +42,77 @@ PORT = 9999 class ConfigModel(ModelValidator): - vca_host: str - vca_port: int - vca_user: str - vca_password: str - vca_pubkey: str - vca_cacert: str - vca_cloud: str - vca_k8s_cloud: str + vca_host: Optional[str] + vca_port: Optional[int] + vca_user: Optional[str] + vca_secret: Optional[str] + vca_pubkey: Optional[str] + vca_cacert: Optional[str] + vca_cloud: Optional[str] + vca_k8s_cloud: Optional[str] database_commonkey: str + mongodb_uri: Optional[str] log_level: str vca_apiproxy: Optional[str] + # Model-config options + vca_model_config_agent_metadata_url: Optional[str] + vca_model_config_agent_stream: Optional[str] + vca_model_config_apt_ftp_proxy: Optional[str] + vca_model_config_apt_http_proxy: Optional[str] + vca_model_config_apt_https_proxy: Optional[str] + vca_model_config_apt_mirror: Optional[str] + vca_model_config_apt_no_proxy: Optional[str] + vca_model_config_automatically_retry_hooks: Optional[bool] + vca_model_config_backup_dir: Optional[str] + vca_model_config_cloudinit_userdata: Optional[str] + vca_model_config_container_image_metadata_url: Optional[str] + vca_model_config_container_image_stream: Optional[str] + vca_model_config_container_inherit_properties: Optional[str] + vca_model_config_container_networking_method: Optional[str] + vca_model_config_default_series: Optional[str] + vca_model_config_default_space: Optional[str] + vca_model_config_development: Optional[bool] + vca_model_config_disable_network_management: Optional[bool] + vca_model_config_egress_subnets: Optional[str] + vca_model_config_enable_os_refresh_update: Optional[bool] + vca_model_config_enable_os_upgrade: Optional[bool] + vca_model_config_fan_config: Optional[str] + vca_model_config_firewall_mode: Optional[str] + vca_model_config_ftp_proxy: Optional[str] + vca_model_config_http_proxy: Optional[str] + vca_model_config_https_proxy: Optional[str] + vca_model_config_ignore_machine_addresses: Optional[bool] + vca_model_config_image_metadata_url: Optional[str] + vca_model_config_image_stream: Optional[str] + vca_model_config_juju_ftp_proxy: Optional[str] + vca_model_config_juju_http_proxy: Optional[str] + vca_model_config_juju_https_proxy: Optional[str] + vca_model_config_juju_no_proxy: Optional[str] + vca_model_config_logforward_enabled: Optional[bool] + vca_model_config_logging_config: Optional[str] + vca_model_config_lxd_snap_channel: Optional[str] + vca_model_config_max_action_results_age: Optional[str] + vca_model_config_max_action_results_size: Optional[str] + vca_model_config_max_status_history_age: Optional[str] + vca_model_config_max_status_history_size: Optional[str] + vca_model_config_net_bond_reconfigure_delay: Optional[str] + vca_model_config_no_proxy: Optional[str] + vca_model_config_provisioner_harvest_mode: Optional[str] + vca_model_config_proxy_ssh: Optional[bool] + vca_model_config_snap_http_proxy: Optional[str] + vca_model_config_snap_https_proxy: Optional[str] + vca_model_config_snap_store_assertions: Optional[str] + vca_model_config_snap_store_proxy: Optional[str] + vca_model_config_snap_store_proxy_url: Optional[str] + vca_model_config_ssl_hostname_verification: Optional[bool] + vca_model_config_test_mode: Optional[bool] + vca_model_config_transmit_vendor_metrics: Optional[bool] + vca_model_config_update_status_hook_interval: Optional[str] + vca_stablerepourl: Optional[str] + vca_helm_ca_certs: Optional[str] + image_pull_policy: str + debug_mode: bool + security_context: bool @validator("log_level") def validate_log_level(cls, v): @@ -69,14 +120,56 @@ class ConfigModel(ModelValidator): raise ValueError("value must be INFO or DEBUG") return v + @validator("mongodb_uri") + def validate_mongodb_uri(cls, v): + if v and not v.startswith("mongodb://"): + raise ValueError("mongodb_uri is not properly formed") + return v + + @validator("image_pull_policy") + def validate_image_pull_policy(cls, v): + values = { + "always": "Always", + "ifnotpresent": "IfNotPresent", + "never": "Never", + } + v = v.lower() + if v not in values.keys(): + raise ValueError("value must be always, ifnotpresent or never") + return values[v] + class LcmCharm(CharmedOsmBase): - def __init__(self, *args) -> NoReturn: - super().__init__(*args, oci_image="image") - self.kafka_client = KafkaClient(self, "kafka") - self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod) - self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod) + on = KafkaEvents() + + def __init__(self, *args) -> NoReturn: + super().__init__( + *args, + oci_image="image", + vscode_workspace=VSCODE_WORKSPACE, + ) + if self.config.get("debug_mode"): + self.enable_debug_mode( + pubkey=self.config.get("debug_pubkey"), + hostpaths={ + "LCM": { + "hostpath": self.config.get("debug_lcm_local_path"), + "container-path": "/usr/lib/python3/dist-packages/osm_lcm", + }, + "N2VC": { + "hostpath": self.config.get("debug_n2vc_local_path"), + "container-path": "/usr/lib/python3/dist-packages/n2vc", + }, + "osm_common": { + "hostpath": self.config.get("debug_common_local_path"), + "container-path": "/usr/lib/python3/dist-packages/osm_common", + }, + }, + ) + self.kafka = KafkaRequires(self) + self.framework.observe(self.on.kafka_available, self.configure_pod) + self.framework.observe(self.on.kafka_broken, self.configure_pod) self.mongodb_client = MongoClient(self, "mongodb") self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod) @@ -89,9 +182,9 @@ class LcmCharm(CharmedOsmBase): def _check_missing_dependencies(self, config: ConfigModel): missing_relations = [] - if self.kafka_client.is_missing_data_in_unit(): + if not self.kafka.host or not self.kafka.port: missing_relations.append("kafka") - if self.mongodb_client.is_missing_data_in_unit(): + if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit(): missing_relations.append("mongodb") if self.ro_client.is_missing_data_in_app(): missing_relations.append("ro") @@ -102,12 +195,40 @@ class LcmCharm(CharmedOsmBase): def build_pod_spec(self, image_info): # Validate config config = ConfigModel(**dict(self.config)) + + if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit(): + raise Exception("Mongodb data cannot be provided via config and relation") + # Check relations self._check_missing_dependencies(config) + + security_context_enabled = ( + config.security_context if not config.debug_mode else False + ) + # Create Builder for the PodSpec - pod_spec_builder = PodSpecV3Builder() + pod_spec_builder = PodSpecV3Builder( + enable_security_context=security_context_enabled + ) + + # Add secrets to the pod + mongodb_secret_name = f"{self.app.name}-mongodb-secret" + pod_spec_builder.add_secret( + mongodb_secret_name, + { + "uri": config.mongodb_uri or self.mongodb_client.connection_string, + "commonkey": config.database_commonkey, + "helm_ca_certs": config.vca_helm_ca_certs, + }, + ) + # Build Container - container_builder = ContainerV3Builder(self.app.name, image_info) + container_builder = ContainerV3Builder( + self.app.name, + image_info, + config.image_pull_policy, + run_as_non_root=security_context_enabled, + ) container_builder.add_port(name=self.app.name, port=PORT) container_builder.add_envs( { @@ -120,37 +241,100 @@ class LcmCharm(CharmedOsmBase): "OSMLCM_RO_TENANT": "osm", # Kafka configuration "OSMLCM_MESSAGE_DRIVER": "kafka", - "OSMLCM_MESSAGE_HOST": self.kafka_client.host, - "OSMLCM_MESSAGE_PORT": self.kafka_client.port, + "OSMLCM_MESSAGE_HOST": self.kafka.host, + "OSMLCM_MESSAGE_PORT": self.kafka.port, # Database configuration "OSMLCM_DATABASE_DRIVER": "mongo", - "OSMLCM_DATABASE_URI": self.mongodb_client.connection_string, - "OSMLCM_DATABASE_COMMONKEY": config.database_commonkey, # Storage configuration "OSMLCM_STORAGE_DRIVER": "mongo", "OSMLCM_STORAGE_PATH": "/app/storage", "OSMLCM_STORAGE_COLLECTION": "files", - "OSMLCM_STORAGE_URI": self.mongodb_client.connection_string, - # VCA configuration - "OSMLCM_VCA_HOST": config.vca_host, - "OSMLCM_VCA_PORT": config.vca_port, - "OSMLCM_VCA_USER": config.vca_user, - "OSMLCM_VCA_PUBKEY": config.vca_pubkey, - "OSMLCM_VCA_SECRET": config.vca_password, - "OSMLCM_VCA_CACERT": config.vca_cacert, - "OSMLCM_VCA_CLOUD": config.vca_cloud, - "OSMLCM_VCA_K8S_CLOUD": config.vca_k8s_cloud, + "OSMLCM_VCA_STABLEREPOURL": config.vca_stablerepourl, } ) - if config.vca_apiproxy: - container_builder.add_env("OSMLCM_VCA_APIPROXY", config.vca_apiproxy) - + container_builder.add_secret_envs( + secret_name=mongodb_secret_name, + envs={ + "OSMLCM_DATABASE_URI": "uri", + "OSMLCM_DATABASE_COMMONKEY": "commonkey", + "OSMLCM_STORAGE_URI": "uri", + "OSMLCM_VCA_HELM_CA_CERTS": "helm_ca_certs", + }, + ) + if config.vca_host: + vca_secret_name = f"{self.app.name}-vca-secret" + pod_spec_builder.add_secret( + vca_secret_name, + { + "host": config.vca_host, + "port": str(config.vca_port), + "user": config.vca_user, + "pubkey": config.vca_pubkey, + "secret": config.vca_secret, + "cacert": config.vca_cacert, + "cloud": config.vca_cloud, + "k8s_cloud": config.vca_k8s_cloud, + }, + ) + container_builder.add_secret_envs( + secret_name=vca_secret_name, + envs={ + # VCA configuration + "OSMLCM_VCA_HOST": "host", + "OSMLCM_VCA_PORT": "port", + "OSMLCM_VCA_USER": "user", + "OSMLCM_VCA_PUBKEY": "pubkey", + "OSMLCM_VCA_SECRET": "secret", + "OSMLCM_VCA_CACERT": "cacert", + "OSMLCM_VCA_CLOUD": "cloud", + "OSMLCM_VCA_K8S_CLOUD": "k8s_cloud", + }, + ) + if config.vca_apiproxy: + container_builder.add_env("OSMLCM_VCA_APIPROXY", config.vca_apiproxy) + + model_config_envs = { + f"OSMLCM_{k.upper()}": v + for k, v in self.config.items() + if k.startswith("vca_model_config") + } + if model_config_envs: + container_builder.add_envs(model_config_envs) container = container_builder.build() + # Add container to pod spec pod_spec_builder.add_container(container) + + # Add restart policy + restart_policy = PodRestartPolicy() + restart_policy.add_secrets() + pod_spec_builder.set_restart_policy(restart_policy) + return pod_spec_builder.build() +VSCODE_WORKSPACE = { + "folders": [ + {"path": "/usr/lib/python3/dist-packages/osm_lcm"}, + {"path": "/usr/lib/python3/dist-packages/n2vc"}, + {"path": "/usr/lib/python3/dist-packages/osm_common"}, + ], + "settings": {}, + "launch": { + "version": "0.2.0", + "configurations": [ + { + "name": "LCM", + "type": "python", + "request": "launch", + "module": "osm_lcm.lcm", + "justMyCode": False, + } + ], + }, +} + + if __name__ == "__main__": main(LcmCharm)