projects / osm / devops.git / blob
? search:


938a75a012e055e28eaeb2b31b2c686ded636674
[osm/devops.git] / installers / charm / nbi / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 from ipaddress import ip_network
27 import logging
28 from typing import NoReturn, Optional
29 from urllib.parse import urlparse
30
31
32 from ops.main import main
33 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
34 from opslib.osm.interfaces.http import HttpServer
35 from opslib.osm.interfaces.kafka import KafkaClient
36 from opslib.osm.interfaces.keystone import KeystoneClient
37 from opslib.osm.interfaces.mongo import MongoClient
38 from opslib.osm.interfaces.prometheus import PrometheusClient
39 from opslib.osm.pod import (
40 ContainerV3Builder,
41 IngressResourceV3Builder,
42 PodSpecV3Builder,
43 )
44 from opslib.osm.validator import ModelValidator, validator
45
46
47 logger = logging.getLogger(__name__)
48
49 PORT = 9999
50
51
52 class ConfigModel(ModelValidator):
53 enable_test: bool
54 auth_backend: str
55 database_commonkey: str
56 log_level: str
57 max_file_size: int
58 site_url: Optional[str]
59 cluster_issuer: Optional[str]
60 ingress_class: Optional[str]
61 ingress_whitelist_source_range: Optional[str]
62 tls_secret_name: Optional[str]
63 mongodb_uri: Optional[str]
64 image_pull_policy: Optional[str]
65
66 @validator("auth_backend")
67 def validate_auth_backend(cls, v):
68 if v not in {"internal", "keystone"}:
69 raise ValueError("value must be 'internal' or 'keystone'")
70 return v
71
72 @validator("log_level")
73 def validate_log_level(cls, v):
74 if v not in {"INFO", "DEBUG"}:
75 raise ValueError("value must be INFO or DEBUG")
76 return v
77
78 @validator("max_file_size")
79 def validate_max_file_size(cls, v):
80 if v < 0:
81 raise ValueError("value must be equal or greater than 0")
82 return v
83
84 @validator("site_url")
85 def validate_site_url(cls, v):
86 if v:
87 parsed = urlparse(v)
88 if not parsed.scheme.startswith("http"):
89 raise ValueError("value must start with http")
90 return v
91
92 @validator("ingress_whitelist_source_range")
93 def validate_ingress_whitelist_source_range(cls, v):
94 if v:
95 ip_network(v)
96 return v
97
98 @validator("mongodb_uri")
99 def validate_mongodb_uri(cls, v):
100 if v and not v.startswith("mongodb://"):
101 raise ValueError("mongodb_uri is not properly formed")
102 return v
103
104 @validator("image_pull_policy")
105 def validate_image_pull_policy(cls, v):
106 values = {
107 "always": "Always",
108 "ifnotpresent": "IfNotPresent",
109 "never": "Never",
110 }
111 v = v.lower()
112 if v not in values.keys():
113 raise ValueError("value must be always, ifnotpresent or never")
114 return values[v]
115
116
117 class NbiCharm(CharmedOsmBase):
118 def __init__(self, *args) -> NoReturn:
119 super().__init__(*args, oci_image="image")
120
121 self.kafka_client = KafkaClient(self, "kafka")
122 self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
123 self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
124
125 self.mongodb_client = MongoClient(self, "mongodb")
126 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
127 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
128
129 self.prometheus_client = PrometheusClient(self, "prometheus")
130 self.framework.observe(
131 self.on["prometheus"].relation_changed, self.configure_pod
132 )
133 self.framework.observe(
134 self.on["prometheus"].relation_broken, self.configure_pod
135 )
136
137 self.keystone_client = KeystoneClient(self, "keystone")
138 self.framework.observe(self.on["keystone"].relation_changed, self.configure_pod)
139 self.framework.observe(self.on["keystone"].relation_broken, self.configure_pod)
140
141 self.http_server = HttpServer(self, "nbi")
142 self.framework.observe(self.on["nbi"].relation_joined, self._publish_nbi_info)
143
144 def _publish_nbi_info(self, event):
145 """Publishes NBI information.
146
147 Args:
148 event (EventBase): RO relation event.
149 """
150 if self.unit.is_leader():
151 self.http_server.publish_info(self.app.name, PORT)
152
153 def _check_missing_dependencies(self, config: ConfigModel):
154 missing_relations = []
155
156 if self.kafka_client.is_missing_data_in_unit():
157 missing_relations.append("kafka")
158 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
159 missing_relations.append("mongodb")
160 if self.prometheus_client.is_missing_data_in_app():
161 missing_relations.append("prometheus")
162 if config.auth_backend == "keystone":
163 if self.keystone_client.is_missing_data_in_app():
164 missing_relations.append("keystone")
165
166 if missing_relations:
167 raise RelationsMissing(missing_relations)
168
169 def build_pod_spec(self, image_info):
170 # Validate config
171 config = ConfigModel(**dict(self.config))
172
173 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
174 raise Exception("Mongodb data cannot be provided via config and relation")
175
176 # Check relations
177 self._check_missing_dependencies(config)
178
179 # Create Builder for the PodSpec
180 pod_spec_builder = PodSpecV3Builder()
181
182 # Build Init Container
183 pod_spec_builder.add_init_container(
184 {
185 "name": "init-check",
186 "image": "alpine:latest",
187 "command": [
188 "sh",
189 "-c",
190 f"until (nc -zvw1 {self.kafka_client.host} {self.kafka_client.port} ); do sleep 3; done; exit 0",
191 ],
192 }
193 )
194
195 # Build Container
196 container_builder = ContainerV3Builder(
197 self.app.name, image_info, config.image_pull_policy
198 )
199 container_builder.add_port(name=self.app.name, port=PORT)
200 container_builder.add_tcpsocket_readiness_probe(
201 PORT,
202 initial_delay_seconds=5,
203 timeout_seconds=5,
204 )
205 container_builder.add_tcpsocket_liveness_probe(
206 PORT,
207 initial_delay_seconds=45,
208 timeout_seconds=10,
209 )
210 container_builder.add_envs(
211 {
212 # General configuration
213 "ALLOW_ANONYMOUS_LOGIN": "yes",
214 "OSMNBI_SERVER_ENABLE_TEST": config.enable_test,
215 "OSMNBI_STATIC_DIR": "/app/osm_nbi/html_public",
216 # Kafka configuration
217 "OSMNBI_MESSAGE_HOST": self.kafka_client.host,
218 "OSMNBI_MESSAGE_DRIVER": "kafka",
219 "OSMNBI_MESSAGE_PORT": self.kafka_client.port,
220 # Database configuration
221 "OSMNBI_DATABASE_DRIVER": "mongo",
222 "OSMNBI_DATABASE_URI": config.mongodb_uri
223 or self.mongodb_client.connection_string,
224 "OSMNBI_DATABASE_COMMONKEY": config.database_commonkey,
225 # Storage configuration
226 "OSMNBI_STORAGE_DRIVER": "mongo",
227 "OSMNBI_STORAGE_PATH": "/app/storage",
228 "OSMNBI_STORAGE_COLLECTION": "files",
229 "OSMNBI_STORAGE_URI": config.mongodb_uri
230 or self.mongodb_client.connection_string,
231 # Prometheus configuration
232 "OSMNBI_PROMETHEUS_HOST": self.prometheus_client.hostname,
233 "OSMNBI_PROMETHEUS_PORT": self.prometheus_client.port,
234 # Log configuration
235 "OSMNBI_LOG_LEVEL": config.log_level,
236 }
237 )
238 if config.auth_backend == "internal":
239 container_builder.add_env("OSMNBI_AUTHENTICATION_BACKEND", "internal")
240 elif config.auth_backend == "keystone":
241 container_builder.add_envs(
242 {
243 "OSMNBI_AUTHENTICATION_BACKEND": "keystone",
244 "OSMNBI_AUTHENTICATION_AUTH_URL": self.keystone_client.host,
245 "OSMNBI_AUTHENTICATION_AUTH_PORT": self.keystone_client.port,
246 "OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME": self.keystone_client.user_domain_name,
247 "OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME": self.keystone_client.project_domain_name,
248 "OSMNBI_AUTHENTICATION_SERVICE_USERNAME": self.keystone_client.username,
249 "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD": self.keystone_client.password,
250 "OSMNBI_AUTHENTICATION_SERVICE_PROJECT": self.keystone_client.service,
251 }
252 )
253 container = container_builder.build()
254
255 # Add container to pod spec
256 pod_spec_builder.add_container(container)
257
258 # Add ingress resources to pod spec if site url exists
259 if config.site_url:
260 parsed = urlparse(config.site_url)
261 annotations = {
262 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
263 str(config.max_file_size) + "m"
264 if config.max_file_size > 0
265 else config.max_file_size
266 ),
267 "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS",
268 }
269 if config.ingress_class:
270 annotations["kubernetes.io/ingress.class"] = config.ingress_class
271 ingress_resource_builder = IngressResourceV3Builder(
272 f"{self.app.name}-ingress", annotations
273 )
274
275 if config.ingress_whitelist_source_range:
276 annotations[
277 "nginx.ingress.kubernetes.io/whitelist-source-range"
278 ] = config.ingress_whitelist_source_range
279
280 if config.cluster_issuer:
281 annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
282
283 if parsed.scheme == "https":
284 ingress_resource_builder.add_tls(
285 [parsed.hostname], config.tls_secret_name
286 )
287 else:
288 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
289
290 ingress_resource_builder.add_rule(parsed.hostname, self.app.name, PORT)
291 ingress_resource = ingress_resource_builder.build()
292 pod_spec_builder.add_ingress_resource(ingress_resource)
293
294 logger.debug(pod_spec_builder.build())
295
296 return pod_spec_builder.build()
297
298
299 if __name__ == "__main__":
300 main(NbiCharm)