installers/charm/nbi/src/charm.py

   1 #!/usr/bin/env python3
   2 # Copyright 2021 Canonical Ltd.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   5 # not use this file except in compliance with the License. You may obtain
   6 # a copy of the License at
   7 #
   8 #         http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13 # License for the specific language governing permissions and limitations
  14 # under the License.
  15 #
  16 # For those usages not covered by the Apache License, Version 2.0 please
  17 # contact: legal@canonical.com
  18 #
  19 # To get in touch with the maintainers, please contact:
  20 # osm-charmers@lists.launchpad.net
  21 ##
  22
  23 # pylint: disable=E0213
  24
  25
  26 from ipaddress import ip_network
  27 import logging
  28 from typing import NoReturn, Optional
  29 from urllib.parse import urlparse
  30
  31
  32 from ops.main import main
  33 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
  34 from opslib.osm.interfaces.http import HttpServer
  35 from opslib.osm.interfaces.kafka import KafkaClient
  36 from opslib.osm.interfaces.keystone import KeystoneClient
  37 from opslib.osm.interfaces.mongo import MongoClient
  38 from opslib.osm.interfaces.prometheus import PrometheusClient
  39 from opslib.osm.pod import (
  40     ContainerV3Builder,
  41     IngressResourceV3Builder,
  42     PodSpecV3Builder,
  43 )
  44 from opslib.osm.validator import ModelValidator, validator
  45
  46
  47 logger = logging.getLogger(__name__)
  48
  49 PORT = 9999
  50
  51
  52 class ConfigModel(ModelValidator):
  53     enable_test: bool
  54     auth_backend: str
  55     database_commonkey: str
  56     log_level: str
  57     max_file_size: int
  58     site_url: Optional[str]
  59     cluster_issuer: Optional[str]
  60     ingress_class: Optional[str]
  61     ingress_whitelist_source_range: Optional[str]
  62     tls_secret_name: Optional[str]
  63     mongodb_uri: Optional[str]
  64     image_pull_policy: str
  65
  66     @validator("auth_backend")
  67     def validate_auth_backend(cls, v):
  68         if v not in {"internal", "keystone"}:
  69             raise ValueError("value must be 'internal' or 'keystone'")
  70         return v
  71
  72     @validator("log_level")
  73     def validate_log_level(cls, v):
  74         if v not in {"INFO", "DEBUG"}:
  75             raise ValueError("value must be INFO or DEBUG")
  76         return v
  77
  78     @validator("max_file_size")
  79     def validate_max_file_size(cls, v):
  80         if v < 0:
  81             raise ValueError("value must be equal or greater than 0")
  82         return v
  83
  84     @validator("site_url")
  85     def validate_site_url(cls, v):
  86         if v:
  87             parsed = urlparse(v)
  88             if not parsed.scheme.startswith("http"):
  89                 raise ValueError("value must start with http")
  90         return v
  91
  92     @validator("ingress_whitelist_source_range")
  93     def validate_ingress_whitelist_source_range(cls, v):
  94         if v:
  95             ip_network(v)
  96         return v
  97
  98     @validator("mongodb_uri")
  99     def validate_mongodb_uri(cls, v):
 100         if v and not v.startswith("mongodb://"):
 101             raise ValueError("mongodb_uri is not properly formed")
 102         return v
 103
 104     @validator("image_pull_policy")
 105     def validate_image_pull_policy(cls, v):
 106         values = {
 107             "always": "Always",
 108             "ifnotpresent": "IfNotPresent",
 109             "never": "Never",
 110         }
 111         v = v.lower()
 112         if v not in values.keys():
 113             raise ValueError("value must be always, ifnotpresent or never")
 114         return values[v]
 115
 116
 117 class NbiCharm(CharmedOsmBase):
 118     def __init__(self, *args) -> NoReturn:
 119         super().__init__(
 120             *args,
 121             oci_image="image",
 122             debug_mode_config_key="debug_mode",
 123             debug_pubkey_config_key="debug_pubkey",
 124             vscode_workspace=VSCODE_WORKSPACE,
 125         )
 126
 127         self.kafka_client = KafkaClient(self, "kafka")
 128         self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
 129         self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
 130
 131         self.mongodb_client = MongoClient(self, "mongodb")
 132         self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
 133         self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
 134
 135         self.prometheus_client = PrometheusClient(self, "prometheus")
 136         self.framework.observe(
 137             self.on["prometheus"].relation_changed, self.configure_pod
 138         )
 139         self.framework.observe(
 140             self.on["prometheus"].relation_broken, self.configure_pod
 141         )
 142
 143         self.keystone_client = KeystoneClient(self, "keystone")
 144         self.framework.observe(self.on["keystone"].relation_changed, self.configure_pod)
 145         self.framework.observe(self.on["keystone"].relation_broken, self.configure_pod)
 146
 147         self.http_server = HttpServer(self, "nbi")
 148         self.framework.observe(self.on["nbi"].relation_joined, self._publish_nbi_info)
 149
 150     def _publish_nbi_info(self, event):
 151         """Publishes NBI information.
 152
 153         Args:
 154             event (EventBase): RO relation event.
 155         """
 156         if self.unit.is_leader():
 157             self.http_server.publish_info(self.app.name, PORT)
 158
 159     def _check_missing_dependencies(self, config: ConfigModel):
 160         missing_relations = []
 161
 162         if self.kafka_client.is_missing_data_in_unit():
 163             missing_relations.append("kafka")
 164         if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
 165             missing_relations.append("mongodb")
 166         if self.prometheus_client.is_missing_data_in_app():
 167             missing_relations.append("prometheus")
 168         if config.auth_backend == "keystone":
 169             if self.keystone_client.is_missing_data_in_app():
 170                 missing_relations.append("keystone")
 171
 172         if missing_relations:
 173             raise RelationsMissing(missing_relations)
 174
 175     def build_pod_spec(self, image_info):
 176         # Validate config
 177         config = ConfigModel(**dict(self.config))
 178
 179         if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
 180             raise Exception("Mongodb data cannot be provided via config and relation")
 181
 182         # Check relations
 183         self._check_missing_dependencies(config)
 184
 185         # Create Builder for the PodSpec
 186         pod_spec_builder = PodSpecV3Builder()
 187
 188         # Build Init Container
 189         pod_spec_builder.add_init_container(
 190             {
 191                 "name": "init-check",
 192                 "image": "alpine:latest",
 193                 "command": [
 194                     "sh",
 195                     "-c",
 196                     f"until (nc -zvw1 {self.kafka_client.host} {self.kafka_client.port} ); do sleep 3; done; exit 0",
 197                 ],
 198             }
 199         )
 200
 201         # Build Container
 202         container_builder = ContainerV3Builder(
 203             self.app.name, image_info, config.image_pull_policy
 204         )
 205         container_builder.add_port(name=self.app.name, port=PORT)
 206         container_builder.add_tcpsocket_readiness_probe(
 207             PORT,
 208             initial_delay_seconds=5,
 209             timeout_seconds=5,
 210         )
 211         container_builder.add_tcpsocket_liveness_probe(
 212             PORT,
 213             initial_delay_seconds=45,
 214             timeout_seconds=10,
 215         )
 216         container_builder.add_envs(
 217             {
 218                 # General configuration
 219                 "ALLOW_ANONYMOUS_LOGIN": "yes",
 220                 "OSMNBI_SERVER_ENABLE_TEST": config.enable_test,
 221                 "OSMNBI_STATIC_DIR": "/app/osm_nbi/html_public",
 222                 # Kafka configuration
 223                 "OSMNBI_MESSAGE_HOST": self.kafka_client.host,
 224                 "OSMNBI_MESSAGE_DRIVER": "kafka",
 225                 "OSMNBI_MESSAGE_PORT": self.kafka_client.port,
 226                 # Database configuration
 227                 "OSMNBI_DATABASE_DRIVER": "mongo",
 228                 "OSMNBI_DATABASE_URI": config.mongodb_uri
 229                 or self.mongodb_client.connection_string,
 230                 "OSMNBI_DATABASE_COMMONKEY": config.database_commonkey,
 231                 # Storage configuration
 232                 "OSMNBI_STORAGE_DRIVER": "mongo",
 233                 "OSMNBI_STORAGE_PATH": "/app/storage",
 234                 "OSMNBI_STORAGE_COLLECTION": "files",
 235                 "OSMNBI_STORAGE_URI": config.mongodb_uri
 236                 or self.mongodb_client.connection_string,
 237                 # Prometheus configuration
 238                 "OSMNBI_PROMETHEUS_HOST": self.prometheus_client.hostname,
 239                 "OSMNBI_PROMETHEUS_PORT": self.prometheus_client.port,
 240                 # Log configuration
 241                 "OSMNBI_LOG_LEVEL": config.log_level,
 242             }
 243         )
 244         if config.auth_backend == "internal":
 245             container_builder.add_env("OSMNBI_AUTHENTICATION_BACKEND", "internal")
 246         elif config.auth_backend == "keystone":
 247             container_builder.add_envs(
 248                 {
 249                     "OSMNBI_AUTHENTICATION_BACKEND": "keystone",
 250                     "OSMNBI_AUTHENTICATION_AUTH_URL": self.keystone_client.host,
 251                     "OSMNBI_AUTHENTICATION_AUTH_PORT": self.keystone_client.port,
 252                     "OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME": self.keystone_client.user_domain_name,
 253                     "OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME": self.keystone_client.project_domain_name,
 254                     "OSMNBI_AUTHENTICATION_SERVICE_USERNAME": self.keystone_client.username,
 255                     "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD": self.keystone_client.password,
 256                     "OSMNBI_AUTHENTICATION_SERVICE_PROJECT": self.keystone_client.service,
 257                 }
 258             )
 259         container = container_builder.build()
 260
 261         # Add container to pod spec
 262         pod_spec_builder.add_container(container)
 263
 264         # Add ingress resources to pod spec if site url exists
 265         if config.site_url:
 266             parsed = urlparse(config.site_url)
 267             annotations = {
 268                 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
 269                     str(config.max_file_size) + "m"
 270                     if config.max_file_size > 0
 271                     else config.max_file_size
 272                 ),
 273                 "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
 274             }
 275             if config.ingress_class:
 276                 annotations["kubernetes.io/ingress.class"] = config.ingress_class
 277             ingress_resource_builder = IngressResourceV3Builder(
 278                 f"{self.app.name}-ingress", annotations
 279             )
 280
 281             if config.ingress_whitelist_source_range:
 282                 annotations[
 283                     "nginx.ingress.kubernetes.io/whitelist-source-range"
 284                 ] = config.ingress_whitelist_source_range
 285
 286             if config.cluster_issuer:
 287                 annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
 288
 289             if parsed.scheme == "https":
 290                 ingress_resource_builder.add_tls(
 291                     [parsed.hostname], config.tls_secret_name
 292                 )
 293             else:
 294                 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
 295
 296             ingress_resource_builder.add_rule(parsed.hostname, self.app.name, PORT)
 297             ingress_resource = ingress_resource_builder.build()
 298             pod_spec_builder.add_ingress_resource(ingress_resource)
 299
 300         logger.debug(pod_spec_builder.build())
 301
 302         return pod_spec_builder.build()
 303
 304
 305 VSCODE_WORKSPACE = {
 306     "folders": [
 307         {"path": "/usr/lib/python3/dist-packages/osm_nbi"},
 308         {"path": "/usr/lib/python3/dist-packages/osm_common"},
 309         {"path": "/usr/lib/python3/dist-packages/osm_im"},
 310     ],
 311     "settings": {},
 312     "launch": {
 313         "version": "0.2.0",
 314         "configurations": [
 315             {
 316                 "name": "NBI",
 317                 "type": "python",
 318                 "request": "launch",
 319                 "module": "osm_nbi.nbi",
 320                 "justMyCode": False,
 321             }
 322         ],
 323     },
 324 }
 325
 326
 327 if __name__ == "__main__":
 328     main(NbiCharm)