2 # Copyright 2021 Canonical Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
23 # pylint: disable=E0213
26 from ipaddress
import ip_network
28 from typing
import NoReturn
, Optional
29 from urllib
.parse
import urlparse
32 from ops
.main
import main
33 from opslib
.osm
.charm
import CharmedOsmBase
, RelationsMissing
34 from opslib
.osm
.interfaces
.http
import HttpServer
35 from opslib
.osm
.interfaces
.kafka
import KafkaClient
36 from opslib
.osm
.interfaces
.keystone
import KeystoneClient
37 from opslib
.osm
.interfaces
.mongo
import MongoClient
38 from opslib
.osm
.interfaces
.prometheus
import PrometheusClient
39 from opslib
.osm
.pod
import (
41 IngressResourceV3Builder
,
44 from opslib
.osm
.validator
import ModelValidator
, validator
47 logger
= logging
.getLogger(__name__
)
52 class ConfigModel(ModelValidator
):
55 database_commonkey
: str
58 site_url
: Optional
[str]
59 cluster_issuer
: Optional
[str]
60 ingress_whitelist_source_range
: Optional
[str]
61 tls_secret_name
: Optional
[str]
63 @validator("auth_backend")
64 def validate_auth_backend(cls
, v
):
65 if v
not in {"internal", "keystone"}:
66 raise ValueError("value must be 'internal' or 'keystone'")
69 @validator("log_level")
70 def validate_log_level(cls
, v
):
71 if v
not in {"INFO", "DEBUG"}:
72 raise ValueError("value must be INFO or DEBUG")
75 @validator("max_file_size")
76 def validate_max_file_size(cls
, v
):
78 raise ValueError("value must be equal or greater than 0")
81 @validator("site_url")
82 def validate_site_url(cls
, v
):
85 if not parsed
.scheme
.startswith("http"):
86 raise ValueError("value must start with http")
89 @validator("ingress_whitelist_source_range")
90 def validate_ingress_whitelist_source_range(cls
, v
):
96 class NbiCharm(CharmedOsmBase
):
97 def __init__(self
, *args
) -> NoReturn
:
98 super().__init
__(*args
, oci_image
="image")
100 self
.kafka_client
= KafkaClient(self
, "kafka")
101 self
.framework
.observe(self
.on
["kafka"].relation_changed
, self
.configure_pod
)
102 self
.framework
.observe(self
.on
["kafka"].relation_broken
, self
.configure_pod
)
104 self
.mongodb_client
= MongoClient(self
, "mongodb")
105 self
.framework
.observe(self
.on
["mongodb"].relation_changed
, self
.configure_pod
)
106 self
.framework
.observe(self
.on
["mongodb"].relation_broken
, self
.configure_pod
)
108 self
.prometheus_client
= PrometheusClient(self
, "prometheus")
109 self
.framework
.observe(
110 self
.on
["prometheus"].relation_changed
, self
.configure_pod
112 self
.framework
.observe(
113 self
.on
["prometheus"].relation_broken
, self
.configure_pod
116 self
.keystone_client
= KeystoneClient(self
, "keystone")
117 self
.framework
.observe(self
.on
["keystone"].relation_changed
, self
.configure_pod
)
118 self
.framework
.observe(self
.on
["keystone"].relation_broken
, self
.configure_pod
)
120 self
.http_server
= HttpServer(self
, "nbi")
121 self
.framework
.observe(self
.on
["nbi"].relation_joined
, self
._publish
_nbi
_info
)
123 def _publish_nbi_info(self
, event
):
124 """Publishes NBI information.
127 event (EventBase): RO relation event.
129 if self
.unit
.is_leader():
130 self
.http_server
.publish_info(self
.app
.name
, PORT
)
132 def _check_missing_dependencies(self
, config
: ConfigModel
):
133 missing_relations
= []
135 if self
.kafka_client
.is_missing_data_in_unit():
136 missing_relations
.append("kafka")
137 if self
.mongodb_client
.is_missing_data_in_unit():
138 missing_relations
.append("mongodb")
139 if self
.prometheus_client
.is_missing_data_in_app():
140 missing_relations
.append("prometheus")
141 if config
.auth_backend
== "keystone":
142 if self
.keystone_client
.is_missing_data_in_app():
143 missing_relations
.append("keystone")
145 if missing_relations
:
146 raise RelationsMissing(missing_relations
)
148 def build_pod_spec(self
, image_info
):
150 config
= ConfigModel(**dict(self
.config
))
152 self
._check
_missing
_dependencies
(config
)
153 # Create Builder for the PodSpec
154 pod_spec_builder
= PodSpecV3Builder()
155 # Build Init Container
156 pod_spec_builder
.add_init_container(
158 "name": "init-check",
159 "image": "alpine:latest",
163 f
"until (nc -zvw1 {self.kafka_client.host} {self.kafka_client.port} ); do sleep 3; done; exit 0",
168 container_builder
= ContainerV3Builder(self
.app
.name
, image_info
)
169 container_builder
.add_port(name
=self
.app
.name
, port
=PORT
)
170 container_builder
.add_tcpsocket_readiness_probe(
172 initial_delay_seconds
=5,
175 container_builder
.add_tcpsocket_liveness_probe(
177 initial_delay_seconds
=45,
180 container_builder
.add_envs(
182 # General configuration
183 "ALLOW_ANONYMOUS_LOGIN": "yes",
184 "OSMNBI_SERVER_ENABLE_TEST": config
.enable_test
,
185 "OSMNBI_STATIC_DIR": "/app/osm_nbi/html_public",
186 # Kafka configuration
187 "OSMNBI_MESSAGE_HOST": self
.kafka_client
.host
,
188 "OSMNBI_MESSAGE_DRIVER": "kafka",
189 "OSMNBI_MESSAGE_PORT": self
.kafka_client
.port
,
190 # Database configuration
191 "OSMNBI_DATABASE_DRIVER": "mongo",
192 "OSMNBI_DATABASE_URI": self
.mongodb_client
.connection_string
,
193 "OSMNBI_DATABASE_COMMONKEY": config
.database_commonkey
,
194 # Storage configuration
195 "OSMNBI_STORAGE_DRIVER": "mongo",
196 "OSMNBI_STORAGE_PATH": "/app/storage",
197 "OSMNBI_STORAGE_COLLECTION": "files",
198 "OSMNBI_STORAGE_URI": self
.mongodb_client
.connection_string
,
199 # Prometheus configuration
200 "OSMNBI_PROMETHEUS_HOST": self
.prometheus_client
.hostname
,
201 "OSMNBI_PROMETHEUS_PORT": self
.prometheus_client
.port
,
203 "OSMNBI_LOG_LEVEL": config
.log_level
,
206 if config
.auth_backend
== "internal":
207 container_builder
.add_env("OSMNBI_AUTHENTICATION_BACKEND", "internal")
208 elif config
.auth_backend
== "keystone":
209 container_builder
.add_envs(
211 "OSMNBI_AUTHENTICATION_BACKEND": "keystone",
212 "OSMNBI_AUTHENTICATION_AUTH_URL": self
.keystone_client
.host
,
213 "OSMNBI_AUTHENTICATION_AUTH_PORT": self
.keystone_client
.port
,
214 "OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME": self
.keystone_client
.user_domain_name
,
215 "OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME": self
.keystone_client
.project_domain_name
,
216 "OSMNBI_AUTHENTICATION_SERVICE_USERNAME": self
.keystone_client
.username
,
217 "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD": self
.keystone_client
.password
,
218 "OSMNBI_AUTHENTICATION_SERVICE_PROJECT": self
.keystone_client
.service
,
221 container
= container_builder
.build()
222 # Add container to pod spec
223 pod_spec_builder
.add_container(container
)
224 # Add ingress resources to pod spec if site url exists
226 parsed
= urlparse(config
.site_url
)
228 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
229 str(config
.max_file_size
) + "m"
230 if config
.max_file_size
> 0
231 else config
.max_file_size
233 "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
235 ingress_resource_builder
= IngressResourceV3Builder(
236 f
"{self.app.name}-ingress", annotations
239 if config
.ingress_whitelist_source_range
:
241 "nginx.ingress.kubernetes.io/whitelist-source-range"
242 ] = config
.ingress_whitelist_source_range
244 if config
.cluster_issuer
:
245 annotations
["cert-manager.io/cluster-issuer"] = config
.cluster_issuer
247 if parsed
.scheme
== "https":
248 ingress_resource_builder
.add_tls(
249 [parsed
.hostname
], config
.tls_secret_name
252 annotations
["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
254 ingress_resource_builder
.add_rule(parsed
.hostname
, self
.app
.name
, PORT
)
255 ingress_resource
= ingress_resource_builder
.build()
256 pod_spec_builder
.add_ingress_resource(ingress_resource
)
257 logger
.debug(pod_spec_builder
.build())
258 return pod_spec_builder
.build()
261 if __name__
== "__main__":