projects / osm / devops.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
(charmed-osm) Add auth to prometheus and update kafka/zk
[osm/devops.git] / installers / charm / mon / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 import base64
27 import logging
28 from typing import NoReturn, Optional
29
30
31 from ops.main import main
32 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
33 from opslib.osm.interfaces.kafka import KafkaClient
34 from opslib.osm.interfaces.keystone import KeystoneClient
35 from opslib.osm.interfaces.mongo import MongoClient
36 from opslib.osm.interfaces.prometheus import PrometheusClient
37 from opslib.osm.pod import (
38 ContainerV3Builder,
39 FilesV3Builder,
40 PodRestartPolicy,
41 PodSpecV3Builder,
42 )
43 from opslib.osm.validator import ModelValidator, validator
44
45
46 logger = logging.getLogger(__name__)
47
48 PORT = 8000
49
50
51 def _check_certificate_data(name: str, content: str):
52 if not name or not content:
53 raise ValueError("certificate name and content must be a non-empty string")
54
55
56 def _extract_certificates(certs_config: str):
57 certificates = {}
58 if certs_config:
59 cert_list = certs_config.split(",")
60 for cert in cert_list:
61 name, content = cert.split(":")
62 _check_certificate_data(name, content)
63 certificates[name] = content
64 return certificates
65
66
67 def decode(content: str):
68 return base64.b64decode(content.encode("utf-8")).decode("utf-8")
69
70
71 class ConfigModel(ModelValidator):
72 keystone_enabled: bool
73 vca_host: str
74 vca_user: str
75 vca_secret: str
76 vca_cacert: str
77 database_commonkey: str
78 mongodb_uri: Optional[str]
79 log_level: str
80 openstack_default_granularity: int
81 global_request_timeout: int
82 collector_interval: int
83 evaluator_interval: int
84 grafana_url: str
85 grafana_user: str
86 grafana_password: str
87 certificates: Optional[str]
88 image_pull_policy: str
89 debug_mode: bool
90 security_context: bool
91
92 @validator("log_level")
93 def validate_log_level(cls, v):
94 if v not in {"INFO", "DEBUG"}:
95 raise ValueError("value must be INFO or DEBUG")
96 return v
97
98 @validator("certificates")
99 def validate_certificates(cls, v):
100 # Raises an exception if it cannot extract the certificates
101 _extract_certificates(v)
102 return v
103
104 @validator("mongodb_uri")
105 def validate_mongodb_uri(cls, v):
106 if v and not v.startswith("mongodb://"):
107 raise ValueError("mongodb_uri is not properly formed")
108 return v
109
110 @validator("image_pull_policy")
111 def validate_image_pull_policy(cls, v):
112 values = {
113 "always": "Always",
114 "ifnotpresent": "IfNotPresent",
115 "never": "Never",
116 }
117 v = v.lower()
118 if v not in values.keys():
119 raise ValueError("value must be always, ifnotpresent or never")
120 return values[v]
121
122 @property
123 def certificates_dict(cls):
124 return _extract_certificates(cls.certificates) if cls.certificates else {}
125
126
127 class MonCharm(CharmedOsmBase):
128 def __init__(self, *args) -> NoReturn:
129 super().__init__(
130 *args,
131 oci_image="image",
132 debug_mode_config_key="debug_mode",
133 debug_pubkey_config_key="debug_pubkey",
134 vscode_workspace=VSCODE_WORKSPACE,
135 )
136
137 self.kafka_client = KafkaClient(self, "kafka")
138 self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
139 self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
140
141 self.mongodb_client = MongoClient(self, "mongodb")
142 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
143 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
144
145 self.prometheus_client = PrometheusClient(self, "prometheus")
146 self.framework.observe(
147 self.on["prometheus"].relation_changed, self.configure_pod
148 )
149 self.framework.observe(
150 self.on["prometheus"].relation_broken, self.configure_pod
151 )
152
153 self.keystone_client = KeystoneClient(self, "keystone")
154 self.framework.observe(self.on["keystone"].relation_changed, self.configure_pod)
155 self.framework.observe(self.on["keystone"].relation_broken, self.configure_pod)
156
157 def _check_missing_dependencies(self, config: ConfigModel):
158 missing_relations = []
159
160 if (
161 self.kafka_client.is_missing_data_in_unit()
162 and self.kafka_client.is_missing_data_in_app()
163 ):
164 missing_relations.append("kafka")
165 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
166 missing_relations.append("mongodb")
167 if self.prometheus_client.is_missing_data_in_app():
168 missing_relations.append("prometheus")
169 if config.keystone_enabled:
170 if self.keystone_client.is_missing_data_in_app():
171 missing_relations.append("keystone")
172
173 if missing_relations:
174 raise RelationsMissing(missing_relations)
175
176 def _build_cert_files(
177 self,
178 config: ConfigModel,
179 ):
180 cert_files_builder = FilesV3Builder()
181 for name, content in config.certificates_dict.items():
182 cert_files_builder.add_file(name, decode(content), mode=0o600)
183 return cert_files_builder.build()
184
185 def build_pod_spec(self, image_info):
186 # Validate config
187 config = ConfigModel(**dict(self.config))
188
189 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
190 raise Exception("Mongodb data cannot be provided via config and relation")
191
192 # Check relations
193 self._check_missing_dependencies(config)
194
195 security_context_enabled = (
196 config.security_context if not config.debug_mode else False
197 )
198
199 # Create Builder for the PodSpec
200 pod_spec_builder = PodSpecV3Builder(
201 enable_security_context=security_context_enabled
202 )
203
204 # Add secrets to the pod
205 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
206 pod_spec_builder.add_secret(
207 mongodb_secret_name,
208 {
209 "uri": config.mongodb_uri or self.mongodb_client.connection_string,
210 "commonkey": config.database_commonkey,
211 },
212 )
213 grafana_secret_name = f"{self.app.name}-grafana-secret"
214 pod_spec_builder.add_secret(
215 grafana_secret_name,
216 {
217 "url": config.grafana_url,
218 "user": config.grafana_user,
219 "password": config.grafana_password,
220 },
221 )
222
223 vca_secret_name = f"{self.app.name}-vca-secret"
224 pod_spec_builder.add_secret(
225 vca_secret_name,
226 {
227 "host": config.vca_host,
228 "user": config.vca_user,
229 "secret": config.vca_secret,
230 "cacert": config.vca_cacert,
231 },
232 )
233
234 # Build Container
235 container_builder = ContainerV3Builder(
236 self.app.name,
237 image_info,
238 config.image_pull_policy,
239 run_as_non_root=security_context_enabled,
240 )
241 certs_files = self._build_cert_files(config)
242
243 if certs_files:
244 container_builder.add_volume_config("certs", "/certs", certs_files)
245
246 container_builder.add_port(name=self.app.name, port=PORT)
247 container_builder.add_envs(
248 {
249 # General configuration
250 "ALLOW_ANONYMOUS_LOGIN": "yes",
251 "OSMMON_OPENSTACK_DEFAULT_GRANULARITY": config.openstack_default_granularity,
252 "OSMMON_GLOBAL_REQUEST_TIMEOUT": config.global_request_timeout,
253 "OSMMON_GLOBAL_LOGLEVEL": config.log_level,
254 "OSMMON_COLLECTOR_INTERVAL": config.collector_interval,
255 "OSMMON_EVALUATOR_INTERVAL": config.evaluator_interval,
256 # Kafka configuration
257 "OSMMON_MESSAGE_DRIVER": "kafka",
258 "OSMMON_MESSAGE_HOST": self.kafka_client.host,
259 "OSMMON_MESSAGE_PORT": self.kafka_client.port,
260 # Database configuration
261 "OSMMON_DATABASE_DRIVER": "mongo",
262 # Prometheus configuration
263 "OSMMON_PROMETHEUS_URL": f"http://{self.prometheus_client.hostname}:{self.prometheus_client.port}",
264 }
265 )
266 prometheus_user = self.prometheus_client.user
267 prometheus_password = self.prometheus_client.password
268 if prometheus_user and prometheus_password:
269 container_builder.add_envs(
270 {
271 "OSMMON_PROMETHEUS_USER": prometheus_user,
272 "OSMMON_PROMETHEUS_PASSWORD": prometheus_password,
273 }
274 )
275 container_builder.add_secret_envs(
276 secret_name=mongodb_secret_name,
277 envs={
278 "OSMMON_DATABASE_URI": "uri",
279 "OSMMON_DATABASE_COMMONKEY": "commonkey",
280 },
281 )
282 container_builder.add_secret_envs(
283 secret_name=vca_secret_name,
284 envs={
285 "OSMMON_VCA_HOST": "host",
286 "OSMMON_VCA_USER": "user",
287 "OSMMON_VCA_SECRET": "secret",
288 "OSMMON_VCA_CACERT": "cacert",
289 },
290 )
291 container_builder.add_secret_envs(
292 secret_name=grafana_secret_name,
293 envs={
294 "OSMMON_GRAFANA_URL": "url",
295 "OSMMON_GRAFANA_USER": "user",
296 "OSMMON_GRAFANA_PASSWORD": "password",
297 },
298 )
299 if config.keystone_enabled:
300 keystone_secret_name = f"{self.app.name}-keystone-secret"
301 pod_spec_builder.add_secret(
302 keystone_secret_name,
303 {
304 "url": self.keystone_client.host,
305 "user_domain": self.keystone_client.user_domain_name,
306 "project_domain": self.keystone_client.project_domain_name,
307 "service_username": self.keystone_client.username,
308 "service_password": self.keystone_client.password,
309 "service_project": self.keystone_client.service,
310 },
311 )
312 container_builder.add_env("OSMMON_KEYSTONE_ENABLED", True)
313 container_builder.add_secret_envs(
314 secret_name=keystone_secret_name,
315 envs={
316 "OSMMON_KEYSTONE_URL": "url",
317 "OSMMON_KEYSTONE_DOMAIN_NAME": "user_domain",
318 "OSMMON_KEYSTONE_PROJECT_DOMAIN_NAME": "project_domain",
319 "OSMMON_KEYSTONE_SERVICE_USER": "service_username",
320 "OSMMON_KEYSTONE_SERVICE_PASSWORD": "service_password",
321 "OSMMON_KEYSTONE_SERVICE_PROJECT": "service_project",
322 },
323 )
324 container = container_builder.build()
325
326 # Add restart policy
327 restart_policy = PodRestartPolicy()
328 restart_policy.add_secrets()
329 pod_spec_builder.set_restart_policy(restart_policy)
330
331 # Add container to pod spec
332 pod_spec_builder.add_container(container)
333
334 return pod_spec_builder.build()
335
336
337 VSCODE_WORKSPACE = {
338 "folders": [
339 {"path": "/usr/lib/python3/dist-packages/osm_mon"},
340 {"path": "/usr/lib/python3/dist-packages/osm_common"},
341 {"path": "/usr/lib/python3/dist-packages/n2vc"},
342 ],
343 "settings": {},
344 "launch": {
345 "version": "0.2.0",
346 "configurations": [
347 {
348 "name": "MON Server",
349 "type": "python",
350 "request": "launch",
351 "module": "osm_mon.cmd.mon_server",
352 "justMyCode": False,
353 },
354 {
355 "name": "MON evaluator",
356 "type": "python",
357 "request": "launch",
358 "module": "osm_mon.cmd.mon_evaluator",
359 "justMyCode": False,
360 },
361 {
362 "name": "MON collector",
363 "type": "python",
364 "request": "launch",
365 "module": "osm_mon.cmd.mon_collector",
366 "justMyCode": False,
367 },
368 {
369 "name": "MON dashboarder",
370 "type": "python",
371 "request": "launch",
372 "module": "osm_mon.cmd.mon_dashboarder",
373 "justMyCode": False,
374 },
375 ],
376 },
377 }
378 if __name__ == "__main__":
379 main(MonCharm)