457 lines
17 KiB
Python
457 lines
17 KiB
Python
# Copyright 2018 Canonical Ltd
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import base64
|
|
import collections
|
|
import json
|
|
import os
|
|
import subprocess
|
|
|
|
import charms_openstack.charm
|
|
import charms_openstack.adapters
|
|
import charms_openstack.ip as os_ip
|
|
|
|
import charms.leadership as leadership
|
|
import charms.reactive as reactive
|
|
|
|
import charmhelpers.core as ch_core
|
|
import charmhelpers.contrib.network.ip as ch_net_ip
|
|
|
|
OCTAVIA_DIR = '/etc/octavia'
|
|
OCTAVIA_CACERT_DIR = os.path.join(OCTAVIA_DIR, 'certs')
|
|
OCTAVIA_CONF = os.path.join(OCTAVIA_DIR, 'octavia.conf')
|
|
OCTAVIA_WEBSERVER_SITE = 'octavia-api'
|
|
OCTAVIA_WSGI_CONF = '/etc/apache2/sites-available/octavia-api.conf'
|
|
|
|
OCTAVIA_INT_BRIDGE = 'br-int'
|
|
OCTAVIA_MGMT_INTF = 'o-hm0'
|
|
OCTAVIA_MGMT_INTF_CONF = ('/etc/systemd/network/99-charm-octavia-{}.network'
|
|
.format(OCTAVIA_MGMT_INTF))
|
|
OCTAVIA_MGMT_NAME_PREFIX = 'lb-mgmt'
|
|
OCTAVIA_MGMT_NET = OCTAVIA_MGMT_NAME_PREFIX + '-net'
|
|
OCTAVIA_MGMT_SUBNET = OCTAVIA_MGMT_NAME_PREFIX + '-subnet'
|
|
OCTAVIA_MGMT_SECGRP = OCTAVIA_MGMT_NAME_PREFIX + '-sec-grp'
|
|
OCTAVIA_HEALTH_SECGRP = 'lb-health-mgr-sec-grp'
|
|
OCTAVIA_HEALTH_LISTEN_PORT = '5555'
|
|
|
|
OCTAVIA_ROLES = [
|
|
'load-balancer_observer',
|
|
'load-balancer_global_observer',
|
|
'load-balancer_member',
|
|
'load-balancer_quota_admin',
|
|
'load-balancer_admin',
|
|
]
|
|
|
|
charms_openstack.charm.use_defaults('charm.default-select-release')
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def health_manager_hwaddr(cls):
|
|
"""Return hardware address for Health Manager interface.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: hardware address for unit local Health Manager interface.
|
|
:rtype: str
|
|
"""
|
|
try:
|
|
external_ids = json.loads(
|
|
subprocess.check_output(['ovs-vsctl', 'get', 'Interface',
|
|
OCTAVIA_MGMT_INTF,
|
|
'external_ids:attached-mac'],
|
|
universal_newlines=True))
|
|
except (subprocess.CalledProcessError, OSError) as e:
|
|
ch_core.hookenv.log('Unable query OVS, not ready? ("{}")'
|
|
.format(e),
|
|
level=ch_core.hookenv.DEBUG)
|
|
return
|
|
return external_ids
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def health_manager_bind_ip(cls):
|
|
"""IP address health manager process should bind to.
|
|
|
|
The value is configured individually per unit and reflects the IP
|
|
address assigned to the specific units tunnel port.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: IP address of unit local Health Manager interface.
|
|
:rtype: str
|
|
"""
|
|
ip_list = []
|
|
for af in ['AF_INET6', 'AF_INET']:
|
|
try:
|
|
ip_list.extend(
|
|
(ip for ip in
|
|
ch_net_ip.get_iface_addr(iface=OCTAVIA_MGMT_INTF,
|
|
inet_type=af)
|
|
if '%' not in ip))
|
|
except Exception:
|
|
# ch_net_ip.get_iface_addr() throws an exception of type
|
|
# Exception when the requested interface does not exist or if
|
|
# it has no addresses in the requested address family.
|
|
pass
|
|
if ip_list:
|
|
return ip_list[0]
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def heartbeat_key(cls):
|
|
"""Key used to validate Amphorae heartbeat messages.
|
|
|
|
The value is generated by the charm and is shared among all units
|
|
through leader storage.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: Key as retrieved from Juju leader storage.
|
|
:rtype: str
|
|
"""
|
|
return leadership.leader_get('heartbeat-key')
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def controller_ip_port_list(cls):
|
|
"""List of ip:port pairs for Amphorae instances health reporting.
|
|
|
|
The list is built based on information from individual Octavia units
|
|
coordinated, stored and shared among all units trhough leader storage.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: Comma separated list of ip:port pairs.
|
|
:rtype: str
|
|
"""
|
|
try:
|
|
ip_list = json.loads(
|
|
leadership.leader_get('controller-ip-port-list'))
|
|
except TypeError:
|
|
return
|
|
if ip_list:
|
|
port_suffix = ':' + OCTAVIA_HEALTH_LISTEN_PORT
|
|
return (port_suffix + ', ').join(sorted(ip_list)) + port_suffix
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def amp_secgroup_list(cls):
|
|
"""List of security groups to attach to Amphorae instances.
|
|
|
|
The list is built from IDs of charm managed security groups shared
|
|
among all units through leader storage.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: Comma separated list of Neutron security group UUIDs.
|
|
:rtype: str
|
|
"""
|
|
return leadership.leader_get('amp-secgroup-list')
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def amp_boot_network_list(cls):
|
|
"""Networks to attach when creating Amphorae instances.
|
|
|
|
IDs from charm managed networks shared among all units through leader
|
|
storage.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: Comma separated list of Neutron network UUIDs.
|
|
:rtype: str
|
|
"""
|
|
return leadership.leader_get('amp-boot-network-list')
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def issuing_cacert(cls):
|
|
"""Get path to certificate provided in ``lb-mgmt-issuing-cacert`` option.
|
|
|
|
Side effect of reading this property is that the on-disk certificate
|
|
data is updated if it has changed.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
"""
|
|
config = ch_core.hookenv.config('lb-mgmt-issuing-cacert')
|
|
if config:
|
|
return cls.charm_instance.decode_and_write_cert(
|
|
'issuing_ca.pem',
|
|
config)
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def issuing_ca_private_key(cls):
|
|
"""Get path to key provided in ``lb-mgmt-issuing-ca-private-key`` option.
|
|
|
|
Side effect of reading this property is that the on-disk key
|
|
data is updated if it has changed.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
"""
|
|
config = ch_core.hookenv.config('lb-mgmt-issuing-ca-private-key')
|
|
if config:
|
|
return cls.charm_instance.decode_and_write_cert(
|
|
'issuing_ca_key.pem',
|
|
config)
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def issuing_ca_private_key_passphrase(cls):
|
|
"""Get value provided in in ``lb-mgmt-issuing-ca-key-passphrase`` option.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
"""
|
|
config = ch_core.hookenv.config('lb-mgmt-issuing-ca-key-passphrase')
|
|
if config:
|
|
return config
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def controller_cacert(cls):
|
|
"""Get path to certificate provided in ``lb-mgmt-controller-cacert`` opt.
|
|
|
|
Side effect of reading this property is that the on-disk certificate
|
|
data is updated if it has changed.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
"""
|
|
config = ch_core.hookenv.config('lb-mgmt-controller-cacert')
|
|
if config:
|
|
return cls.charm_instance.decode_and_write_cert(
|
|
'controller_ca.pem',
|
|
config)
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def controller_cert(cls):
|
|
"""Get path to certificate provided in ``lb-mgmt-controller-cert`` option.
|
|
|
|
Side effect of reading this property is that the on-disk certificate
|
|
data is updated if it has changed.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
"""
|
|
config = ch_core.hookenv.config('lb-mgmt-controller-cert')
|
|
if config:
|
|
return cls.charm_instance.decode_and_write_cert(
|
|
'controller_cert.pem',
|
|
config)
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def amp_flavor_id(cls):
|
|
"""Flavor to use when creating Amphorae instances.
|
|
|
|
ID from charm managed flavor shared among all units through leader
|
|
storage.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: Nova flavor UUID.
|
|
:rtype: str
|
|
"""
|
|
return (
|
|
ch_core.hookenv.config('custom-amp-flavor-id') or
|
|
leadership.leader_get('amp-flavor-id'))
|
|
|
|
|
|
@charms_openstack.adapters.config_property
|
|
def spare_amphora_pool_size(cls):
|
|
"""Number of spare Amphora instances to pool
|
|
|
|
Octavia can maintain a pool of Amphora instance to reduce the spin up
|
|
time for new loadbalancer services.
|
|
|
|
:param cls: charms_openstack.adapters.ConfigurationAdapter derived class
|
|
instance. Charm class instance is at cls.charm_instance.
|
|
:type: cls: charms_openstack.adapters.ConfiguartionAdapter
|
|
:returns: Number of amphora instances to pool.
|
|
:rtype: str
|
|
"""
|
|
return ch_core.hookenv.config('spare-pool-size')
|
|
|
|
|
|
class OctaviaCharm(charms_openstack.charm.HAOpenStackCharm):
|
|
"""Charm class for the Octavia charm."""
|
|
# layer-openstack-api uses service_type as service name in endpoint catalog
|
|
name = service_type = 'octavia'
|
|
release = 'rocky'
|
|
packages = ['octavia-api', 'octavia-health-manager',
|
|
'octavia-housekeeping', 'octavia-worker',
|
|
'apache2', 'libapache2-mod-wsgi-py3']
|
|
python_version = 3
|
|
api_ports = {
|
|
'octavia-api': {
|
|
os_ip.PUBLIC: 9876,
|
|
os_ip.ADMIN: 9876,
|
|
os_ip.INTERNAL: 9876,
|
|
},
|
|
}
|
|
default_service = 'octavia-api'
|
|
services = ['apache2', 'octavia-health-manager', 'octavia-housekeeping',
|
|
'octavia-worker']
|
|
required_relations = ['shared-db', 'amqp', 'identity-service',
|
|
'neutron-openvswitch']
|
|
restart_map = {
|
|
OCTAVIA_MGMT_INTF_CONF: services + ['systemd-networkd'],
|
|
OCTAVIA_CONF: services,
|
|
OCTAVIA_WSGI_CONF: ['apache2'],
|
|
}
|
|
sync_cmd = ['sudo', 'octavia-db-manage', 'upgrade', 'head']
|
|
ha_resources = ['vips', 'haproxy', 'dnsha']
|
|
release_pkg = 'octavia-common'
|
|
package_codenames = {
|
|
'octavia-common': collections.OrderedDict([
|
|
('1', 'rocky'),
|
|
]),
|
|
}
|
|
group = 'octavia'
|
|
|
|
def install(self):
|
|
"""Custom install function.
|
|
|
|
We need to add user `systemd-network` to `octavia` group so it can
|
|
read the systemd-networkd config we write.
|
|
|
|
We run octavia as a WSGI service and need to disable the `octavia-api`
|
|
service in init system so it does not steal the port from haproxy /
|
|
apache2.
|
|
"""
|
|
super().install()
|
|
ch_core.host.add_user_to_group('systemd-network', 'octavia')
|
|
ch_core.host.service_pause('octavia-api')
|
|
|
|
def states_to_check(self, required_relations=None):
|
|
"""Custom state check function for charm specific state check needs.
|
|
|
|
Interface used for ``neutron_openvswitch`` subordinate lacks a
|
|
``available`` state.
|
|
|
|
The ``Octavia`` service will not operate normally until Nova and
|
|
Neutron resources have been created, this needs to be tracked in
|
|
workload status.
|
|
"""
|
|
states_to_check = super().states_to_check(required_relations)
|
|
override_relation = 'neutron-openvswitch'
|
|
if override_relation in states_to_check:
|
|
states_to_check[override_relation] = [
|
|
("{}.connected".format(override_relation),
|
|
"blocked",
|
|
"'{}' missing".format(override_relation))]
|
|
if not leadership.leader_get('amp-boot-network-list'):
|
|
if not reactive.is_flag_set('config.default.create-mgmt-network'):
|
|
# we are configured to not create required resources and they
|
|
# are not present, prompt end-user to create them.
|
|
states_to_check['crud'] = [
|
|
('crud.available', # imaginate ``crud`` relation
|
|
'blocked',
|
|
'Awaiting end-user to create required resources and '
|
|
'execute `configure-resources` action')]
|
|
else:
|
|
if reactive.is_flag_set('leadership.is_leader'):
|
|
who = 'end-user execution of `configure-resources` action'
|
|
else:
|
|
who = 'leader'
|
|
states_to_check['crud'] = [
|
|
('crud.available', # imaginate ``crud`` relation
|
|
'blocked',
|
|
'Awaiting {} to create required resources'.format(who))]
|
|
# if these configuration options are at default value it means they are
|
|
# not set by end-user, they are required for successfull creation of
|
|
# load balancer instances.
|
|
if (reactive.is_flag_set('config.default.lb-mgmt-issuing-cacert') or
|
|
reactive.is_flag_set(
|
|
'config.default.lb-mgmt-issuing-ca-private-key') or
|
|
reactive.is_flag_set(
|
|
'config.default.lb-mgmt-issuing-ca-key-passphrase') or
|
|
reactive.is_flag_set(
|
|
'config.default.lb-mgmt-controller-cacert') or
|
|
reactive.is_flag_set(
|
|
'config.default.lb-mgmt-controller-cert')):
|
|
# set workload status to prompt end-user attention
|
|
states_to_check['config'] = [
|
|
('config._required_certs', # imaginate flag
|
|
'blocked',
|
|
'Missing required certificate configuration, please '
|
|
'examine documentation')]
|
|
return states_to_check
|
|
|
|
def get_amqp_credentials(self):
|
|
"""Configure the AMQP credentials for Octavia."""
|
|
return ('octavia', 'openstack')
|
|
|
|
def get_database_setup(self):
|
|
"""Configure the database credentials for Octavia."""
|
|
return [{'database': 'octavia',
|
|
'username': 'octavia'}]
|
|
|
|
def enable_webserver_site(self):
|
|
"""Enable Octavia API apache2 site if rendered or installed"""
|
|
if os.path.exists(OCTAVIA_WSGI_CONF):
|
|
check_enabled = subprocess.call(
|
|
['a2query', '-s', OCTAVIA_WEBSERVER_SITE]
|
|
)
|
|
if check_enabled != 0:
|
|
subprocess.check_call(['a2ensite',
|
|
OCTAVIA_WEBSERVER_SITE])
|
|
ch_core.host.service_reload('apache2',
|
|
restart_on_failure=True)
|
|
|
|
def decode_and_write_cert(self, filename, encoded_data):
|
|
"""Write certificate data to disk.
|
|
|
|
:param filename: Name of file
|
|
:type filename: str
|
|
:param group: Group ownership
|
|
:type group: str
|
|
:param encoded_data: Base64 encoded data
|
|
:type encoded_data: str
|
|
:returns: Full path to file
|
|
:rtype: str
|
|
"""
|
|
filename = os.path.join(OCTAVIA_CACERT_DIR, filename)
|
|
ch_core.host.mkdir(OCTAVIA_CACERT_DIR, group=self.group,
|
|
perms=0o750)
|
|
ch_core.host.write_file(filename, base64.b64decode(encoded_data),
|
|
group=self.group, perms=0o440)
|
|
return filename
|
|
|
|
@property
|
|
def local_address(self):
|
|
"""Return local address as provided by our ConfigurationClass."""
|
|
return self.configuration_class().local_address
|
|
|
|
@property
|
|
def local_unit_name(self):
|
|
"""Return local unit name as provided by our ConfigurationClass."""
|
|
return self.configuration_class().local_unit_name
|