installers/charm/ro/src/charm.py

   1 #!/usr/bin/env python3
   2 # Copyright 2021 Canonical Ltd.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   5 # not use this file except in compliance with the License. You may obtain
   6 # a copy of the License at
   7 #
   8 #         http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13 # License for the specific language governing permissions and limitations
  14 # under the License.
  15 #
  16 # For those usages not covered by the Apache License, Version 2.0 please
  17 # contact: legal@canonical.com
  18 #
  19 # To get in touch with the maintainers, please contact:
  20 # osm-charmers@lists.launchpad.net
  21 ##
  22
  23 # pylint: disable=E0213
  24
  25 import base64
  26 import logging
  27 from typing import Dict, NoReturn, Optional
  28
  29 from ops.main import main
  30 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
  31 from opslib.osm.interfaces.kafka import KafkaClient
  32 from opslib.osm.interfaces.mongo import MongoClient
  33 from opslib.osm.interfaces.mysql import MysqlClient
  34 from opslib.osm.pod import (
  35     ContainerV3Builder,
  36     FilesV3Builder,
  37     PodRestartPolicy,
  38     PodSpecV3Builder,
  39 )
  40 from opslib.osm.validator import ModelValidator, validator
  41
  42 logger = logging.getLogger(__name__)
  43
  44 PORT = 9090
  45
  46
  47 def _check_certificate_data(name: str, content: str):
  48     if not name or not content:
  49         raise ValueError("certificate name and content must be a non-empty string")
  50
  51
  52 def _extract_certificates(certs_config: str):
  53     certificates = {}
  54     if certs_config:
  55         cert_list = certs_config.split(",")
  56         for cert in cert_list:
  57             name, content = cert.split(":")
  58             _check_certificate_data(name, content)
  59             certificates[name] = content
  60     return certificates
  61
  62
  63 def decode(content: str):
  64     return base64.b64decode(content.encode("utf-8")).decode("utf-8")
  65
  66
  67 class ConfigModel(ModelValidator):
  68     enable_ng_ro: bool
  69     database_commonkey: str
  70     mongodb_uri: Optional[str]
  71     log_level: str
  72     mysql_host: Optional[str]
  73     mysql_port: Optional[int]
  74     mysql_user: Optional[str]
  75     mysql_password: Optional[str]
  76     mysql_root_password: Optional[str]
  77     vim_database: str
  78     ro_database: str
  79     openmano_tenant: str
  80     certificates: Optional[str]
  81     image_pull_policy: str
  82     debug_mode: bool
  83     security_context: bool
  84
  85     @validator("log_level")
  86     def validate_log_level(cls, v):
  87         if v not in {"INFO", "DEBUG"}:
  88             raise ValueError("value must be INFO or DEBUG")
  89         return v
  90
  91     @validator("certificates")
  92     def validate_certificates(cls, v):
  93         # Raises an exception if it cannot extract the certificates
  94         _extract_certificates(v)
  95         return v
  96
  97     @validator("mongodb_uri")
  98     def validate_mongodb_uri(cls, v):
  99         if v and not v.startswith("mongodb://"):
 100             raise ValueError("mongodb_uri is not properly formed")
 101         return v
 102
 103     @validator("mysql_port")
 104     def validate_mysql_port(cls, v):
 105         if v and (v <= 0 or v >= 65535):
 106             raise ValueError("Mysql port out of range")
 107         return v
 108
 109     @validator("image_pull_policy")
 110     def validate_image_pull_policy(cls, v):
 111         values = {
 112             "always": "Always",
 113             "ifnotpresent": "IfNotPresent",
 114             "never": "Never",
 115         }
 116         v = v.lower()
 117         if v not in values.keys():
 118             raise ValueError("value must be always, ifnotpresent or never")
 119         return values[v]
 120
 121     @property
 122     def certificates_dict(cls):
 123         return _extract_certificates(cls.certificates) if cls.certificates else {}
 124
 125
 126 class RoCharm(CharmedOsmBase):
 127     """GrafanaCharm Charm."""
 128
 129     def __init__(self, *args) -> NoReturn:
 130         """Prometheus Charm constructor."""
 131         super().__init__(
 132             *args,
 133             oci_image="image",
 134             vscode_workspace=VSCODE_WORKSPACE,
 135         )
 136         if self.config.get("debug_mode"):
 137             self.enable_debug_mode(
 138                 pubkey=self.config.get("debug_pubkey"),
 139                 hostpaths={
 140                     "osm_common": {
 141                         "hostpath": self.config.get("debug_common_local_path"),
 142                         "container-path": "/usr/lib/python3/dist-packages/osm_common",
 143                     },
 144                     **_get_ro_host_paths(self.config.get("debug_ro_local_path")),
 145                 },
 146             )
 147         self.kafka_client = KafkaClient(self, "kafka")
 148         self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
 149         self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
 150
 151         self.mysql_client = MysqlClient(self, "mysql")
 152         self.framework.observe(self.on["mysql"].relation_changed, self.configure_pod)
 153         self.framework.observe(self.on["mysql"].relation_broken, self.configure_pod)
 154
 155         self.mongodb_client = MongoClient(self, "mongodb")
 156         self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
 157         self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
 158
 159         self.framework.observe(self.on["ro"].relation_joined, self._publish_ro_info)
 160
 161     def _publish_ro_info(self, event):
 162         """Publishes RO information.
 163
 164         Args:
 165             event (EventBase): RO relation event.
 166         """
 167         if self.unit.is_leader():
 168             rel_data = {
 169                 "host": self.model.app.name,
 170                 "port": str(PORT),
 171             }
 172             for k, v in rel_data.items():
 173                 event.relation.data[self.app][k] = v
 174
 175     def _check_missing_dependencies(self, config: ConfigModel):
 176         missing_relations = []
 177
 178         if config.enable_ng_ro:
 179             if (
 180                 self.kafka_client.is_missing_data_in_unit()
 181                 and self.kafka_client.is_missing_data_in_app()
 182             ):
 183                 missing_relations.append("kafka")
 184             if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
 185                 missing_relations.append("mongodb")
 186         else:
 187             if not config.mysql_host and self.mysql_client.is_missing_data_in_unit():
 188                 missing_relations.append("mysql")
 189         if missing_relations:
 190             raise RelationsMissing(missing_relations)
 191
 192     def _validate_mysql_config(self, config: ConfigModel):
 193         invalid_values = []
 194         if not config.mysql_user:
 195             invalid_values.append("Mysql user is empty")
 196         if not config.mysql_password:
 197             invalid_values.append("Mysql password is empty")
 198         if not config.mysql_root_password:
 199             invalid_values.append("Mysql root password empty")
 200
 201         if invalid_values:
 202             raise ValueError("Invalid values: " + ", ".join(invalid_values))
 203
 204     def _build_cert_files(
 205         self,
 206         config: ConfigModel,
 207     ):
 208         cert_files_builder = FilesV3Builder()
 209         for name, content in config.certificates_dict.items():
 210             cert_files_builder.add_file(name, decode(content), mode=0o600)
 211         return cert_files_builder.build()
 212
 213     def build_pod_spec(self, image_info):
 214         # Validate config
 215         config = ConfigModel(**dict(self.config))
 216
 217         if config.enable_ng_ro:
 218             if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
 219                 raise Exception(
 220                     "Mongodb data cannot be provided via config and relation"
 221                 )
 222         else:
 223             if config.mysql_host and not self.mysql_client.is_missing_data_in_unit():
 224                 raise Exception("Mysql data cannot be provided via config and relation")
 225
 226             if config.mysql_host:
 227                 self._validate_mysql_config(config)
 228
 229         # Check relations
 230         self._check_missing_dependencies(config)
 231
 232         security_context_enabled = (
 233             config.security_context if not config.debug_mode else False
 234         )
 235
 236         # Create Builder for the PodSpec
 237         pod_spec_builder = PodSpecV3Builder(
 238             enable_security_context=security_context_enabled
 239         )
 240
 241         # Build Container
 242         container_builder = ContainerV3Builder(
 243             self.app.name,
 244             image_info,
 245             config.image_pull_policy,
 246             run_as_non_root=security_context_enabled,
 247         )
 248         certs_files = self._build_cert_files(config)
 249
 250         if certs_files:
 251             container_builder.add_volume_config("certs", "/certs", certs_files)
 252
 253         container_builder.add_port(name=self.app.name, port=PORT)
 254         container_builder.add_http_readiness_probe(
 255             "/ro/" if config.enable_ng_ro else "/openmano/tenants",
 256             PORT,
 257             initial_delay_seconds=10,
 258             period_seconds=10,
 259             timeout_seconds=5,
 260             failure_threshold=3,
 261         )
 262         container_builder.add_http_liveness_probe(
 263             "/ro/" if config.enable_ng_ro else "/openmano/tenants",
 264             PORT,
 265             initial_delay_seconds=600,
 266             period_seconds=10,
 267             timeout_seconds=5,
 268             failure_threshold=3,
 269         )
 270         container_builder.add_envs(
 271             {
 272                 "OSMRO_LOG_LEVEL": config.log_level,
 273             }
 274         )
 275
 276         if config.enable_ng_ro:
 277             # Add secrets to the pod
 278             mongodb_secret_name = f"{self.app.name}-mongodb-secret"
 279             pod_spec_builder.add_secret(
 280                 mongodb_secret_name,
 281                 {
 282                     "uri": config.mongodb_uri or self.mongodb_client.connection_string,
 283                     "commonkey": config.database_commonkey,
 284                 },
 285             )
 286             container_builder.add_envs(
 287                 {
 288                     "OSMRO_MESSAGE_DRIVER": "kafka",
 289                     "OSMRO_MESSAGE_HOST": self.kafka_client.host,
 290                     "OSMRO_MESSAGE_PORT": self.kafka_client.port,
 291                     # MongoDB configuration
 292                     "OSMRO_DATABASE_DRIVER": "mongo",
 293                 }
 294             )
 295             container_builder.add_secret_envs(
 296                 secret_name=mongodb_secret_name,
 297                 envs={
 298                     "OSMRO_DATABASE_URI": "uri",
 299                     "OSMRO_DATABASE_COMMONKEY": "commonkey",
 300                 },
 301             )
 302             restart_policy = PodRestartPolicy()
 303             restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
 304             pod_spec_builder.set_restart_policy(restart_policy)
 305
 306         else:
 307             container_builder.add_envs(
 308                 {
 309                     "RO_DB_HOST": config.mysql_host or self.mysql_client.host,
 310                     "RO_DB_OVIM_HOST": config.mysql_host or self.mysql_client.host,
 311                     "RO_DB_PORT": config.mysql_port or self.mysql_client.port,
 312                     "RO_DB_OVIM_PORT": config.mysql_port or self.mysql_client.port,
 313                     "RO_DB_USER": config.mysql_user or self.mysql_client.user,
 314                     "RO_DB_OVIM_USER": config.mysql_user or self.mysql_client.user,
 315                     "RO_DB_PASSWORD": config.mysql_password
 316                     or self.mysql_client.password,
 317                     "RO_DB_OVIM_PASSWORD": config.mysql_password
 318                     or self.mysql_client.password,
 319                     "RO_DB_ROOT_PASSWORD": config.mysql_root_password
 320                     or self.mysql_client.root_password,
 321                     "RO_DB_OVIM_ROOT_PASSWORD": config.mysql_root_password
 322                     or self.mysql_client.root_password,
 323                     "RO_DB_NAME": config.ro_database,
 324                     "RO_DB_OVIM_NAME": config.vim_database,
 325                     "OPENMANO_TENANT": config.openmano_tenant,
 326                 }
 327             )
 328         container = container_builder.build()
 329
 330         # Add container to pod spec
 331         pod_spec_builder.add_container(container)
 332
 333         return pod_spec_builder.build()
 334
 335
 336 VSCODE_WORKSPACE = {
 337     "folders": [
 338         {"path": "/usr/lib/python3/dist-packages/osm_ng_ro"},
 339         {"path": "/usr/lib/python3/dist-packages/osm_common"},
 340         {"path": "/usr/lib/python3/dist-packages/osm_ro_plugin"},
 341         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_arista_cloudvision"},
 342         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_dpb"},
 343         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_dynpac"},
 344         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_floodlightof"},
 345         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_ietfl2vpn"},
 346         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_juniper_contrail"},
 347         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_odlof"},
 348         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_onos_vpls"},
 349         {"path": "/usr/lib/python3/dist-packages/osm_rosdn_onosof"},
 350         {"path": "/usr/lib/python3/dist-packages/osm_rovim_aws"},
 351         {"path": "/usr/lib/python3/dist-packages/osm_rovim_azure"},
 352         {"path": "/usr/lib/python3/dist-packages/osm_rovim_gcp"},
 353         {"path": "/usr/lib/python3/dist-packages/osm_rovim_fos"},
 354         # {"path": "/usr/lib/python3/dist-packages/osm_rovim_opennebula"},
 355         {"path": "/usr/lib/python3/dist-packages/osm_rovim_openstack"},
 356         {"path": "/usr/lib/python3/dist-packages/osm_rovim_openvim"},
 357         {"path": "/usr/lib/python3/dist-packages/osm_rovim_vmware"},
 358     ],
 359     "launch": {
 360         "configurations": [
 361             {
 362                 "module": "osm_ng_ro.ro_main",
 363                 "name": "NG RO",
 364                 "request": "launch",
 365                 "type": "python",
 366                 "justMyCode": False,
 367             }
 368         ],
 369         "version": "0.2.0",
 370     },
 371     "settings": {},
 372 }
 373
 374
 375 def _get_ro_host_paths(ro_host_path: str) -> Dict:
 376     """Get RO host paths"""
 377     return (
 378         {
 379             "NG-RO": {
 380                 "hostpath": f"{ro_host_path}/NG-RO",
 381                 "container-path": "/usr/lib/python3/dist-packages/osm_ng_ro",
 382             },
 383             "RO-plugin": {
 384                 "hostpath": f"{ro_host_path}/RO-plugin",
 385                 "container-path": "/usr/lib/python3/dist-packages/osm_ro_plugin",
 386             },
 387             "RO-SDN-arista_cloudvision": {
 388                 "hostpath": f"{ro_host_path}/RO-SDN-arista_cloudvision",
 389                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_arista_cloudvision",
 390             },
 391             "RO-SDN-dpb": {
 392                 "hostpath": f"{ro_host_path}/RO-SDN-dpb",
 393                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_dpb",
 394             },
 395             "RO-SDN-dynpac": {
 396                 "hostpath": f"{ro_host_path}/RO-SDN-dynpac",
 397                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_dynpac",
 398             },
 399             "RO-SDN-floodlight_openflow": {
 400                 "hostpath": f"{ro_host_path}/RO-SDN-floodlight_openflow",
 401                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_floodlightof",
 402             },
 403             "RO-SDN-ietfl2vpn": {
 404                 "hostpath": f"{ro_host_path}/RO-SDN-ietfl2vpn",
 405                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_ietfl2vpn",
 406             },
 407             "RO-SDN-juniper_contrail": {
 408                 "hostpath": f"{ro_host_path}/RO-SDN-juniper_contrail",
 409                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_juniper_contrail",
 410             },
 411             "RO-SDN-odl_openflow": {
 412                 "hostpath": f"{ro_host_path}/RO-SDN-odl_openflow",
 413                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_odlof",
 414             },
 415             "RO-SDN-onos_openflow": {
 416                 "hostpath": f"{ro_host_path}/RO-SDN-onos_openflow",
 417                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_onosof",
 418             },
 419             "RO-SDN-onos_vpls": {
 420                 "hostpath": f"{ro_host_path}/RO-SDN-onos_vpls",
 421                 "container-path": "/usr/lib/python3/dist-packages/osm_rosdn_onos_vpls",
 422             },
 423             "RO-VIM-aws": {
 424                 "hostpath": f"{ro_host_path}/RO-VIM-aws",
 425                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_aws",
 426             },
 427             "RO-VIM-azure": {
 428                 "hostpath": f"{ro_host_path}/RO-VIM-azure",
 429                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_azure",
 430             },
 431             "RO-VIM-gcp": {
 432                 "hostpath": f"{ro_host_path}/RO-VIM-gcp",
 433                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_gcp",
 434             },
 435             "RO-VIM-fos": {
 436                 "hostpath": f"{ro_host_path}/RO-VIM-fos",
 437                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_fos",
 438             },
 439             "RO-VIM-opennebula": {
 440                 "hostpath": f"{ro_host_path}/RO-VIM-opennebula",
 441                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_opennebula",
 442             },
 443             "RO-VIM-openstack": {
 444                 "hostpath": f"{ro_host_path}/RO-VIM-openstack",
 445                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_openstack",
 446             },
 447             "RO-VIM-openvim": {
 448                 "hostpath": f"{ro_host_path}/RO-VIM-openvim",
 449                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_openvim",
 450             },
 451             "RO-VIM-vmware": {
 452                 "hostpath": f"{ro_host_path}/RO-VIM-vmware",
 453                 "container-path": "/usr/lib/python3/dist-packages/osm_rovim_vmware",
 454             },
 455         }
 456         if ro_host_path
 457         else {}
 458     )
 459
 460
 461 if __name__ == "__main__":
 462     main(RoCharm)