projects / osm / devops.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
(charmed-osm) Add auth to prometheus and update kafka/zk
[osm/devops.git] / installers / charm / ro / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25 import base64
26 import logging
27 from typing import NoReturn, Optional
28
29 from ops.main import main
30 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
31 from opslib.osm.interfaces.kafka import KafkaClient
32 from opslib.osm.interfaces.mongo import MongoClient
33 from opslib.osm.interfaces.mysql import MysqlClient
34 from opslib.osm.pod import (
35 ContainerV3Builder,
36 FilesV3Builder,
37 PodRestartPolicy,
38 PodSpecV3Builder,
39 )
40 from opslib.osm.validator import ModelValidator, validator
41
42 logger = logging.getLogger(__name__)
43
44 PORT = 9090
45
46
47 def _check_certificate_data(name: str, content: str):
48 if not name or not content:
49 raise ValueError("certificate name and content must be a non-empty string")
50
51
52 def _extract_certificates(certs_config: str):
53 certificates = {}
54 if certs_config:
55 cert_list = certs_config.split(",")
56 for cert in cert_list:
57 name, content = cert.split(":")
58 _check_certificate_data(name, content)
59 certificates[name] = content
60 return certificates
61
62
63 def decode(content: str):
64 return base64.b64decode(content.encode("utf-8")).decode("utf-8")
65
66
67 class ConfigModel(ModelValidator):
68 enable_ng_ro: bool
69 database_commonkey: str
70 mongodb_uri: Optional[str]
71 log_level: str
72 mysql_host: Optional[str]
73 mysql_port: Optional[int]
74 mysql_user: Optional[str]
75 mysql_password: Optional[str]
76 mysql_root_password: Optional[str]
77 vim_database: str
78 ro_database: str
79 openmano_tenant: str
80 certificates: Optional[str]
81 image_pull_policy: str
82 debug_mode: bool
83 security_context: bool
84
85 @validator("log_level")
86 def validate_log_level(cls, v):
87 if v not in {"INFO", "DEBUG"}:
88 raise ValueError("value must be INFO or DEBUG")
89 return v
90
91 @validator("certificates")
92 def validate_certificates(cls, v):
93 # Raises an exception if it cannot extract the certificates
94 _extract_certificates(v)
95 return v
96
97 @validator("mongodb_uri")
98 def validate_mongodb_uri(cls, v):
99 if v and not v.startswith("mongodb://"):
100 raise ValueError("mongodb_uri is not properly formed")
101 return v
102
103 @validator("mysql_port")
104 def validate_mysql_port(cls, v):
105 if v and (v <= 0 or v >= 65535):
106 raise ValueError("Mysql port out of range")
107 return v
108
109 @validator("image_pull_policy")
110 def validate_image_pull_policy(cls, v):
111 values = {
112 "always": "Always",
113 "ifnotpresent": "IfNotPresent",
114 "never": "Never",
115 }
116 v = v.lower()
117 if v not in values.keys():
118 raise ValueError("value must be always, ifnotpresent or never")
119 return values[v]
120
121 @property
122 def certificates_dict(cls):
123 return _extract_certificates(cls.certificates) if cls.certificates else {}
124
125
126 class RoCharm(CharmedOsmBase):
127 """GrafanaCharm Charm."""
128
129 def __init__(self, *args) -> NoReturn:
130 """Prometheus Charm constructor."""
131 super().__init__(
132 *args,
133 oci_image="image",
134 debug_mode_config_key="debug_mode",
135 debug_pubkey_config_key="debug_pubkey",
136 vscode_workspace=VSCODE_WORKSPACE,
137 )
138
139 self.kafka_client = KafkaClient(self, "kafka")
140 self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
141 self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
142
143 self.mysql_client = MysqlClient(self, "mysql")
144 self.framework.observe(self.on["mysql"].relation_changed, self.configure_pod)
145 self.framework.observe(self.on["mysql"].relation_broken, self.configure_pod)
146
147 self.mongodb_client = MongoClient(self, "mongodb")
148 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
149 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
150
151 self.framework.observe(self.on["ro"].relation_joined, self._publish_ro_info)
152
153 def _publish_ro_info(self, event):
154 """Publishes RO information.
155
156 Args:
157 event (EventBase): RO relation event.
158 """
159 if self.unit.is_leader():
160 rel_data = {
161 "host": self.model.app.name,
162 "port": str(PORT),
163 }
164 for k, v in rel_data.items():
165 event.relation.data[self.app][k] = v
166
167 def _check_missing_dependencies(self, config: ConfigModel):
168 missing_relations = []
169
170 if config.enable_ng_ro:
171 if (
172 self.kafka_client.is_missing_data_in_unit()
173 and self.kafka_client.is_missing_data_in_app()
174 ):
175 missing_relations.append("kafka")
176 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
177 missing_relations.append("mongodb")
178 else:
179 if not config.mysql_host and self.mysql_client.is_missing_data_in_unit():
180 missing_relations.append("mysql")
181 if missing_relations:
182 raise RelationsMissing(missing_relations)
183
184 def _validate_mysql_config(self, config: ConfigModel):
185 invalid_values = []
186 if not config.mysql_user:
187 invalid_values.append("Mysql user is empty")
188 if not config.mysql_password:
189 invalid_values.append("Mysql password is empty")
190 if not config.mysql_root_password:
191 invalid_values.append("Mysql root password empty")
192
193 if invalid_values:
194 raise ValueError("Invalid values: " + ", ".join(invalid_values))
195
196 def _build_cert_files(
197 self,
198 config: ConfigModel,
199 ):
200 cert_files_builder = FilesV3Builder()
201 for name, content in config.certificates_dict.items():
202 cert_files_builder.add_file(name, decode(content), mode=0o600)
203 return cert_files_builder.build()
204
205 def build_pod_spec(self, image_info):
206 # Validate config
207 config = ConfigModel(**dict(self.config))
208
209 if config.enable_ng_ro:
210 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
211 raise Exception(
212 "Mongodb data cannot be provided via config and relation"
213 )
214 else:
215 if config.mysql_host and not self.mysql_client.is_missing_data_in_unit():
216 raise Exception("Mysql data cannot be provided via config and relation")
217
218 if config.mysql_host:
219 self._validate_mysql_config(config)
220
221 # Check relations
222 self._check_missing_dependencies(config)
223
224 security_context_enabled = (
225 config.security_context if not config.debug_mode else False
226 )
227
228 # Create Builder for the PodSpec
229 pod_spec_builder = PodSpecV3Builder(
230 enable_security_context=security_context_enabled
231 )
232
233 # Build Container
234 container_builder = ContainerV3Builder(
235 self.app.name,
236 image_info,
237 config.image_pull_policy,
238 run_as_non_root=security_context_enabled,
239 )
240 certs_files = self._build_cert_files(config)
241
242 if certs_files:
243 container_builder.add_volume_config("certs", "/certs", certs_files)
244
245 container_builder.add_port(name=self.app.name, port=PORT)
246 container_builder.add_http_readiness_probe(
247 "/ro/" if config.enable_ng_ro else "/openmano/tenants",
248 PORT,
249 initial_delay_seconds=10,
250 period_seconds=10,
251 timeout_seconds=5,
252 failure_threshold=3,
253 )
254 container_builder.add_http_liveness_probe(
255 "/ro/" if config.enable_ng_ro else "/openmano/tenants",
256 PORT,
257 initial_delay_seconds=600,
258 period_seconds=10,
259 timeout_seconds=5,
260 failure_threshold=3,
261 )
262 container_builder.add_envs(
263 {
264 "OSMRO_LOG_LEVEL": config.log_level,
265 }
266 )
267
268 if config.enable_ng_ro:
269 # Add secrets to the pod
270 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
271 pod_spec_builder.add_secret(
272 mongodb_secret_name,
273 {
274 "uri": config.mongodb_uri or self.mongodb_client.connection_string,
275 "commonkey": config.database_commonkey,
276 },
277 )
278 container_builder.add_envs(
279 {
280 "OSMRO_MESSAGE_DRIVER": "kafka",
281 "OSMRO_MESSAGE_HOST": self.kafka_client.host,
282 "OSMRO_MESSAGE_PORT": self.kafka_client.port,
283 # MongoDB configuration
284 "OSMRO_DATABASE_DRIVER": "mongo",
285 }
286 )
287 container_builder.add_secret_envs(
288 secret_name=mongodb_secret_name,
289 envs={
290 "OSMRO_DATABASE_URI": "uri",
291 "OSMRO_DATABASE_COMMONKEY": "commonkey",
292 },
293 )
294 restart_policy = PodRestartPolicy()
295 restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
296 pod_spec_builder.set_restart_policy(restart_policy)
297
298 else:
299 container_builder.add_envs(
300 {
301 "RO_DB_HOST": config.mysql_host or self.mysql_client.host,
302 "RO_DB_OVIM_HOST": config.mysql_host or self.mysql_client.host,
303 "RO_DB_PORT": config.mysql_port or self.mysql_client.port,
304 "RO_DB_OVIM_PORT": config.mysql_port or self.mysql_client.port,
305 "RO_DB_USER": config.mysql_user or self.mysql_client.user,
306 "RO_DB_OVIM_USER": config.mysql_user or self.mysql_client.user,
307 "RO_DB_PASSWORD": config.mysql_password
308 or self.mysql_client.password,
309 "RO_DB_OVIM_PASSWORD": config.mysql_password
310 or self.mysql_client.password,
311 "RO_DB_ROOT_PASSWORD": config.mysql_root_password
312 or self.mysql_client.root_password,
313 "RO_DB_OVIM_ROOT_PASSWORD": config.mysql_root_password
314 or self.mysql_client.root_password,
315 "RO_DB_NAME": config.ro_database,
316 "RO_DB_OVIM_NAME": config.vim_database,
317 "OPENMANO_TENANT": config.openmano_tenant,
318 }
319 )
320 container = container_builder.build()
321
322 # Add container to pod spec
323 pod_spec_builder.add_container(container)
324
325 return pod_spec_builder.build()
326
327
328 VSCODE_WORKSPACE = {
329 "folders": [
330 {"path": "/usr/lib/python3/dist-packages/osm_ng_ro"},
331 {"path": "/usr/lib/python3/dist-packages/osm_common"},
332 {"path": "/usr/lib/python3/dist-packages/osm_ro_plugin"},
333 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_arista_cloudvision"},
334 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_dpb"},
335 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_dynpac"},
336 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_floodlightof"},
337 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_ietfl2vpn"},
338 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_juniper_contrail"},
339 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_odlof"},
340 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_onos_vpls"},
341 {"path": "/usr/lib/python3/dist-packages/osm_rosdn_onosof"},
342 {"path": "/usr/lib/python3/dist-packages/osm_rovim_aws"},
343 {"path": "/usr/lib/python3/dist-packages/osm_rovim_azure"},
344 {"path": "/usr/lib/python3/dist-packages/osm_rovim_fos"},
345 {"path": "/usr/lib/python3/dist-packages/osm_rovim_opennebula"},
346 {"path": "/usr/lib/python3/dist-packages/osm_rovim_openstack"},
347 {"path": "/usr/lib/python3/dist-packages/osm_rovim_openvim"},
348 {"path": "/usr/lib/python3/dist-packages/osm_rovim_vmware"},
349 ],
350 "launch": {
351 "configurations": [
352 {
353 "module": "osm_ng_ro.ro_main",
354 "name": "NG RO",
355 "request": "launch",
356 "type": "python",
357 "justMyCode": False,
358 }
359 ],
360 "version": "0.2.0",
361 },
362 "settings": {},
363 }
364
365 if __name__ == "__main__":
366 main(RoCharm)