projects / osm / devops.git / blob
? search:


dc4dfd90fe601aa6d87b73c1b9c921562e298cb9
[osm/devops.git] / installers / charm / grafana / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25 from ipaddress import ip_network
26 import logging
27 from pathlib import Path
28 import secrets
29 from string import Template
30 from typing import NoReturn, Optional
31 from urllib.parse import urlparse
32
33 from ops.main import main
34 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
35 from opslib.osm.interfaces.grafana import GrafanaCluster
36 from opslib.osm.interfaces.mysql import MysqlClient
37 from opslib.osm.interfaces.prometheus import PrometheusClient
38 from opslib.osm.pod import (
39 ContainerV3Builder,
40 FilesV3Builder,
41 IngressResourceV3Builder,
42 PodRestartPolicy,
43 PodSpecV3Builder,
44 )
45 from opslib.osm.validator import ModelValidator, validator
46
47
48 logger = logging.getLogger(__name__)
49
50
51 class ConfigModel(ModelValidator):
52 log_level: str
53 port: int
54 admin_user: str
55 max_file_size: int
56 osm_dashboards: bool
57 site_url: Optional[str]
58 cluster_issuer: Optional[str]
59 ingress_class: Optional[str]
60 ingress_whitelist_source_range: Optional[str]
61 tls_secret_name: Optional[str]
62 image_pull_policy: str
63 security_context: bool
64
65 @validator("log_level")
66 def validate_log_level(cls, v):
67 allowed_values = ("debug", "info", "warn", "error", "critical")
68 if v not in allowed_values:
69 separator = '", "'
70 raise ValueError(
71 f'incorrect value. Allowed values are "{separator.join(allowed_values)}"'
72 )
73 return v
74
75 @validator("max_file_size")
76 def validate_max_file_size(cls, v):
77 if v < 0:
78 raise ValueError("value must be equal or greater than 0")
79 return v
80
81 @validator("site_url")
82 def validate_site_url(cls, v):
83 if v:
84 parsed = urlparse(v)
85 if not parsed.scheme.startswith("http"):
86 raise ValueError("value must start with http")
87 return v
88
89 @validator("ingress_whitelist_source_range")
90 def validate_ingress_whitelist_source_range(cls, v):
91 if v:
92 ip_network(v)
93 return v
94
95 @validator("image_pull_policy")
96 def validate_image_pull_policy(cls, v):
97 values = {
98 "always": "Always",
99 "ifnotpresent": "IfNotPresent",
100 "never": "Never",
101 }
102 v = v.lower()
103 if v not in values.keys():
104 raise ValueError("value must be always, ifnotpresent or never")
105 return values[v]
106
107
108 class GrafanaCharm(CharmedOsmBase):
109 """GrafanaCharm Charm."""
110
111 def __init__(self, *args) -> NoReturn:
112 """Prometheus Charm constructor."""
113 super().__init__(*args, oci_image="image", mysql_uri=True)
114 # Initialize relation objects
115 self.prometheus_client = PrometheusClient(self, "prometheus")
116 self.grafana_cluster = GrafanaCluster(self, "cluster")
117 self.mysql_client = MysqlClient(self, "db")
118 # Observe events
119 event_observer_mapping = {
120 self.on["prometheus"].relation_changed: self.configure_pod,
121 self.on["prometheus"].relation_broken: self.configure_pod,
122 self.on["db"].relation_changed: self.configure_pod,
123 self.on["db"].relation_broken: self.configure_pod,
124 }
125 for event, observer in event_observer_mapping.items():
126 self.framework.observe(event, observer)
127
128 def _build_dashboard_files(self, config: ConfigModel):
129 files_builder = FilesV3Builder()
130 files_builder.add_file(
131 "dashboard_osm.yaml",
132 Path("templates/default_dashboards.yaml").read_text(),
133 )
134 if config.osm_dashboards:
135 osm_dashboards_mapping = {
136 "kafka_exporter_dashboard.json": "templates/kafka_exporter_dashboard.json",
137 "mongodb_exporter_dashboard.json": "templates/mongodb_exporter_dashboard.json",
138 "mysql_exporter_dashboard.json": "templates/mysql_exporter_dashboard.json",
139 "nodes_exporter_dashboard.json": "templates/nodes_exporter_dashboard.json",
140 "summary_dashboard.json": "templates/summary_dashboard.json",
141 }
142 for file_name, path in osm_dashboards_mapping.items():
143 files_builder.add_file(file_name, Path(path).read_text())
144 return files_builder.build()
145
146 def _build_datasources_files(self):
147 files_builder = FilesV3Builder()
148 prometheus_user = self.prometheus_client.user
149 prometheus_password = self.prometheus_client.password
150 enable_basic_auth = all([prometheus_user, prometheus_password])
151 kwargs = {
152 "prometheus_host": self.prometheus_client.hostname,
153 "prometheus_port": self.prometheus_client.port,
154 "enable_basic_auth": enable_basic_auth,
155 "user": "",
156 "password": "",
157 }
158 if enable_basic_auth:
159 kwargs["user"] = f"basic_auth_user: {prometheus_user}"
160 kwargs[
161 "password"
162 ] = f"secure_json_data:\n basicAuthPassword: {prometheus_password}"
163 files_builder.add_file(
164 "datasource_prometheus.yaml",
165 Template(Path("templates/default_datasources.yaml").read_text()).substitute(
166 **kwargs
167 ),
168 )
169 return files_builder.build()
170
171 def _check_missing_dependencies(self, config: ConfigModel, external_db: bool):
172 missing_relations = []
173
174 if self.prometheus_client.is_missing_data_in_app():
175 missing_relations.append("prometheus")
176
177 if not external_db and self.mysql_client.is_missing_data_in_unit():
178 missing_relations.append("db")
179
180 if missing_relations:
181 raise RelationsMissing(missing_relations)
182
183 def build_pod_spec(self, image_info, **kwargs):
184 # Validate config
185 config = ConfigModel(**dict(self.config))
186 mysql_config = kwargs["mysql_config"]
187 if mysql_config.mysql_uri and not self.mysql_client.is_missing_data_in_unit():
188 raise Exception("Mysql data cannot be provided via config and relation")
189
190 # Check relations
191 external_db = True if mysql_config.mysql_uri else False
192 self._check_missing_dependencies(config, external_db)
193
194 # Get initial password
195 admin_initial_password = self.grafana_cluster.admin_initial_password
196 if not admin_initial_password:
197 admin_initial_password = _generate_random_password()
198 self.grafana_cluster.set_initial_password(admin_initial_password)
199
200 # Create Builder for the PodSpec
201 pod_spec_builder = PodSpecV3Builder(
202 enable_security_context=config.security_context
203 )
204
205 # Add secrets to the pod
206 grafana_secret_name = f"{self.app.name}-admin-secret"
207 pod_spec_builder.add_secret(
208 grafana_secret_name,
209 {
210 "admin-password": admin_initial_password,
211 "mysql-url": mysql_config.mysql_uri or self.mysql_client.get_uri(),
212 },
213 )
214
215 # Build Container
216 container_builder = ContainerV3Builder(
217 self.app.name,
218 image_info,
219 config.image_pull_policy,
220 run_as_non_root=config.security_context,
221 )
222 container_builder.add_port(name=self.app.name, port=config.port)
223 container_builder.add_http_readiness_probe(
224 "/api/health",
225 config.port,
226 initial_delay_seconds=10,
227 period_seconds=10,
228 timeout_seconds=5,
229 failure_threshold=3,
230 )
231 container_builder.add_http_liveness_probe(
232 "/api/health",
233 config.port,
234 initial_delay_seconds=60,
235 timeout_seconds=30,
236 failure_threshold=10,
237 )
238 container_builder.add_volume_config(
239 "dashboards",
240 "/etc/grafana/provisioning/dashboards/",
241 self._build_dashboard_files(config),
242 )
243 container_builder.add_volume_config(
244 "datasources",
245 "/etc/grafana/provisioning/datasources/",
246 self._build_datasources_files(),
247 )
248 container_builder.add_envs(
249 {
250 "GF_SERVER_HTTP_PORT": config.port,
251 "GF_LOG_LEVEL": config.log_level,
252 "GF_SECURITY_ADMIN_USER": config.admin_user,
253 }
254 )
255 container_builder.add_secret_envs(
256 secret_name=grafana_secret_name,
257 envs={
258 "GF_SECURITY_ADMIN_PASSWORD": "admin-password",
259 "GF_DATABASE_URL": "mysql-url",
260 "PROMETHEUS_USER": self.prometheus_client.user,
261 "PROMETHEUS_PASSWORD": self.prometheus_client.password,
262 },
263 )
264 container = container_builder.build()
265 pod_spec_builder.add_container(container)
266
267 # Add Pod restart policy
268 restart_policy = PodRestartPolicy()
269 restart_policy.add_secrets(secret_names=(grafana_secret_name,))
270 pod_spec_builder.set_restart_policy(restart_policy)
271
272 # Add ingress resources to pod spec if site url exists
273 if config.site_url:
274 parsed = urlparse(config.site_url)
275 annotations = {
276 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
277 str(config.max_file_size) + "m"
278 if config.max_file_size > 0
279 else config.max_file_size
280 )
281 }
282 if config.ingress_class:
283 annotations["kubernetes.io/ingress.class"] = config.ingress_class
284 ingress_resource_builder = IngressResourceV3Builder(
285 f"{self.app.name}-ingress", annotations
286 )
287
288 if config.ingress_whitelist_source_range:
289 annotations[
290 "nginx.ingress.kubernetes.io/whitelist-source-range"
291 ] = config.ingress_whitelist_source_range
292
293 if config.cluster_issuer:
294 annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
295
296 if parsed.scheme == "https":
297 ingress_resource_builder.add_tls(
298 [parsed.hostname], config.tls_secret_name
299 )
300 else:
301 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
302
303 ingress_resource_builder.add_rule(
304 parsed.hostname, self.app.name, config.port
305 )
306 ingress_resource = ingress_resource_builder.build()
307 pod_spec_builder.add_ingress_resource(ingress_resource)
308 return pod_spec_builder.build()
309
310
311 def _generate_random_password():
312 return secrets.token_hex(16)
313
314
315 if __name__ == "__main__":
316 main(GrafanaCharm)