projects / osm / N2VC.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix bug 1542 to allow juju to add Azure AKS
[osm/N2VC.git] / n2vc / provisioner.py
1 # Copyright 2019 Canonical Ltd.
2 #
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
6 #
7 # http://www.apache.org/licenses/LICENSE-2.0
8 #
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
14 import logging
15 import os
16 import re
17 from subprocess import CalledProcessError
18 import tempfile
19 import uuid
20
21 from juju.client import client
22 import asyncio
23
24 arches = [
25 [re.compile(r"amd64|x86_64"), "amd64"],
26 [re.compile(r"i?[3-9]86"), "i386"],
27 [re.compile(r"(arm$)|(armv.*)"), "armhf"],
28 [re.compile(r"aarch64"), "arm64"],
29 [re.compile(r"ppc64|ppc64el|ppc64le"), "ppc64el"],
30 [re.compile(r"s390x?"), "s390x"],
31 ]
32
33
34 def normalize_arch(rawArch):
35 """Normalize the architecture string."""
36 for arch in arches:
37 if arch[0].match(rawArch):
38 return arch[1]
39
40
41 DETECTION_SCRIPT = """#!/bin/bash
42 set -e
43 os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
44 if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then
45 os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
46 echo "$os_id$os_version"
47 else
48 lsb_release -cs
49 fi
50 uname -m
51 grep MemTotal /proc/meminfo
52 cat /proc/cpuinfo
53 """
54
55 INITIALIZE_UBUNTU_SCRIPT = """set -e
56 (id ubuntu &> /dev/null) || useradd -m ubuntu -s /bin/bash
57 umask 0077
58 temp=$(mktemp)
59 echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > $temp
60 install -m 0440 $temp /etc/sudoers.d/90-juju-ubuntu
61 rm $temp
62 su ubuntu -c '[ -f ~/.ssh/authorized_keys ] || install -D -m 0600 /dev/null ~/.ssh/authorized_keys'
63 export authorized_keys="{}"
64 if [ ! -z "$authorized_keys" ]; then
65 su ubuntu -c 'echo $authorized_keys >> ~/.ssh/authorized_keys'
66 fi
67 """
68
69 IPTABLES_SCRIPT = """#!/bin/bash
70 set -e
71 [ -v `which netfilter-persistent` ] && apt update \
72 && DEBIAN_FRONTEND=noninteractive apt-get install -yqq iptables-persistent
73 iptables -t nat -A OUTPUT -p tcp -d {} -j DNAT --to-destination {}
74 netfilter-persistent save
75 """
76
77 IPTABLES_SCRIPT_RHEL = """#!/bin/bash
78 set -e
79 [ -v `which firewalld` ] && yum install -q -y firewalld
80 systemctl is-active --quiet firewalld || systemctl start firewalld \
81 && firewall-cmd --permanent --zone=public --set-target=ACCEPT
82 systemctl is-enabled --quiet firewalld || systemctl enable firewalld
83 firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \
84 -j DNAT --to-destination {}
85 firewall-cmd --reload
86 """
87
88
89 class AsyncSSHProvisioner:
90 """Provision a manually created machine via SSH."""
91
92 user = ""
93 host = ""
94 private_key_path = ""
95
96 def __init__(self, user, host, private_key_path, log=None):
97 self.host = host
98 self.user = user
99 self.private_key_path = private_key_path
100 self.log = log if log else logging.getLogger(__name__)
101
102 async def _scp(self, source_file, destination_file):
103 """Execute an scp command. Requires a fully qualified source and
104 destination.
105
106 :param str source_file: Path to the source file
107 :param str destination_file: Path to the destination file
108 """
109 cmd = [
110 "scp",
111 "-i",
112 os.path.expanduser(self.private_key_path),
113 "-o",
114 "StrictHostKeyChecking=no",
115 "-q",
116 "-B",
117 ]
118 destination = "{}@{}:{}".format(self.user, self.host, destination_file)
119 cmd.extend([source_file, destination])
120 process = await asyncio.create_subprocess_exec(*cmd)
121 await process.wait()
122 if process.returncode != 0:
123 raise CalledProcessError(returncode=process.returncode, cmd=cmd)
124
125 async def _ssh(self, command):
126 """Run a command remotely via SSH.
127
128 :param str command: The command to execute
129 :return: tuple: The stdout and stderr of the command execution
130 :raises: :class:`CalledProcessError` if the command fails
131 """
132
133 destination = "{}@{}".format(self.user, self.host)
134 cmd = [
135 "ssh",
136 "-i",
137 os.path.expanduser(self.private_key_path),
138 "-o",
139 "StrictHostKeyChecking=no",
140 "-q",
141 destination,
142 ]
143 cmd.extend([command])
144 process = await asyncio.create_subprocess_exec(
145 *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
146 )
147 stdout, stderr = await process.communicate()
148
149 if process.returncode != 0:
150 output = stderr.decode("utf-8").strip()
151 raise CalledProcessError(
152 returncode=process.returncode, cmd=cmd, output=output
153 )
154 return (stdout.decode("utf-8").strip(), stderr.decode("utf-8").strip())
155
156 async def _init_ubuntu_user(self):
157 """Initialize the ubuntu user.
158
159 :return: bool: If the initialization was successful
160 :raises: :class:`CalledProcessError` if the _ssh command fails
161 """
162 retry = 10
163 attempts = 0
164 delay = 15
165 while attempts <= retry:
166 try:
167 attempts += 1
168 # Attempt to establish a SSH connection
169 stdout, stderr = await self._ssh("sudo -n true")
170 break
171 except CalledProcessError as e:
172 self.log.debug(
173 "Waiting for VM to boot, sleeping {} seconds".format(delay)
174 )
175 if attempts > retry:
176 raise e
177 else:
178 await asyncio.sleep(delay)
179 # Slowly back off the retry
180 delay += 15
181
182 # Infer the public key
183 public_key = None
184 public_key_path = "{}.pub".format(self.private_key_path)
185
186 if not os.path.exists(public_key_path):
187 raise FileNotFoundError(
188 "Public key '{}' doesn't exist.".format(public_key_path)
189 )
190
191 with open(public_key_path, "r") as f:
192 public_key = f.readline()
193
194 script = INITIALIZE_UBUNTU_SCRIPT.format(public_key)
195
196 stdout, stderr = await self._run_configure_script(script)
197
198 return True
199
200 async def _detect_hardware_and_os(self):
201 """Detect the target hardware capabilities and OS series.
202
203 :return: str: A raw string containing OS and hardware information.
204 """
205
206 info = {
207 "series": "",
208 "arch": "",
209 "cpu-cores": "",
210 "mem": "",
211 }
212
213 stdout, stderr = await self._run_configure_script(DETECTION_SCRIPT)
214
215 lines = stdout.split("\n")
216 info["series"] = lines[0].strip()
217 info["arch"] = normalize_arch(lines[1].strip())
218
219 memKb = re.split(r"\s+", lines[2])[1]
220
221 # Convert megabytes -> kilobytes
222 info["mem"] = round(int(memKb) / 1024)
223
224 # Detect available CPUs
225 recorded = {}
226 for line in lines[3:]:
227 physical_id = ""
228 print(line)
229
230 if line.find("physical id") == 0:
231 physical_id = line.split(":")[1].strip()
232 elif line.find("cpu cores") == 0:
233 cores = line.split(":")[1].strip()
234
235 if physical_id not in recorded.keys():
236 info["cpu-cores"] += cores
237 recorded[physical_id] = True
238
239 return info
240
241 async def provision_machine(self):
242 """Perform the initial provisioning of the target machine.
243
244 :return: bool: The client.AddMachineParams
245 """
246 params = client.AddMachineParams()
247
248 if await self._init_ubuntu_user():
249 hw = await self._detect_hardware_and_os()
250 params.series = hw["series"]
251 params.instance_id = "manual:{}".format(self.host)
252 params.nonce = "manual:{}:{}".format(
253 self.host,
254 str(uuid.uuid4()),
255 ) # a nop for Juju w/manual machines
256 params.hardware_characteristics = {
257 "arch": hw["arch"],
258 "mem": int(hw["mem"]),
259 "cpu-cores": int(hw["cpu-cores"]),
260 }
261 params.addresses = [{"value": self.host, "type": "ipv4", "scope": "public"}]
262
263 return params
264
265 async def install_agent(
266 self, connection, nonce, machine_id, proxy=None, series=None
267 ):
268 """
269 :param object connection: Connection to Juju API
270 :param str nonce: The nonce machine specification
271 :param str machine_id: The id assigned to the machine
272 :param str proxy: IP of the API_PROXY
273 :param str series: OS name
274
275 :return: bool: If the initialization was successful
276 """
277 # The path where the Juju agent should be installed.
278 data_dir = "/var/lib/juju"
279
280 # Disabling this prevents `apt-get update` from running initially, so
281 # charms will fail to deploy
282 disable_package_commands = False
283
284 client_facade = client.ClientFacade.from_connection(connection)
285 results = await client_facade.ProvisioningScript(
286 data_dir=data_dir,
287 disable_package_commands=disable_package_commands,
288 machine_id=machine_id,
289 nonce=nonce,
290 )
291
292 """Get the IP of the controller
293
294 Parse the provisioning script, looking for the first apiaddress.
295
296 Example:
297 apiaddresses:
298 - 10.195.8.2:17070
299 - 127.0.0.1:17070
300 - '[::1]:17070'
301 """
302 if proxy:
303 m = re.search(
304 r"apiaddresses:\n- (\d+\.\d+\.\d+\.\d+):17070", results.script
305 )
306 apiaddress = m.group(1)
307
308 """Add IP Table rule
309
310 In order to route the traffic to the private ip of the Juju controller
311 we use a DNAT rule to tell the machine that the destination for the
312 private address is the public address of the machine where the Juju
313 controller is running in LXD. That machine will have a complimentary
314 iptables rule, routing traffic to the appropriate LXD container.
315 """
316
317 if series and ("centos" in series or "rhel" in series):
318 script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy)
319 else:
320 script = IPTABLES_SCRIPT.format(apiaddress, proxy)
321
322 # Run this in a retry loop, because dpkg may be running and cause the
323 # script to fail.
324 retry = 10
325 attempts = 0
326 delay = 15
327
328 while attempts <= retry:
329 try:
330 attempts += 1
331 stdout, stderr = await self._run_configure_script(script)
332 break
333 except Exception as e:
334 self.log.debug(
335 "Waiting for DNAT rules to be applied and saved, "
336 "sleeping {} seconds".format(delay)
337 )
338 if attempts > retry:
339 raise e
340 else:
341 await asyncio.sleep(delay)
342 # Slowly back off the retry
343 delay += 15
344
345 # self.log.debug("Running configure script")
346 await self._run_configure_script(results.script)
347 # self.log.debug("Configure script finished")
348
349 async def _run_configure_script(self, script, root=True):
350 """Run the script to install the Juju agent on the target machine.
351
352 :param str script: The script to be executed
353 """
354 _, tmpFile = tempfile.mkstemp()
355 with open(tmpFile, "w") as f:
356 f.write(script)
357 f.close()
358
359 # copy the local copy of the script to the remote machine
360 await self._scp(tmpFile, tmpFile)
361
362 # run the provisioning script
363 return await self._ssh(
364 "{} /bin/bash {}".format("sudo" if root else "", tmpFile)
365 )