def _validate_broker_config(broker_dict, msg_update_callback=None):
"""Ensure that 'broker' section of config is correct.
Checks that 'broker' section of config has correct keys and value
types. Also checks that 'default_broker' property is a valid template.
:param dict broker_dict: 'broker' section of config file as a dict.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
:raises KeyError: if @broker_dict has missing or extra properties.
:raises TypeError: if the value type for a @broker_dict property is
incorrect.
:raises ValueError: if 'ip_allocation_mode' is not 'dhcp' or 'pool'. Or
if remote_template_cookbook_url is invalid.
"""
check_keys_and_value_types(broker_dict,
SAMPLE_BROKER_CONFIG['broker'],
location="config file 'broker' section",
msg_update_callback=msg_update_callback)
valid_ip_allocation_modes = ['dhcp', 'pool']
if broker_dict['ip_allocation_mode'] not in valid_ip_allocation_modes:
raise ValueError(f"IP allocation mode is "
f"'{broker_dict['ip_allocation_mode']}' when it "
f"should be either 'dhcp' or 'pool'")
rtm = RemoteTemplateManager(remote_template_cookbook_url=broker_dict[
'remote_template_cookbook_url']) # noqa: E501
remote_template_cookbook = rtm.get_remote_template_cookbook()
if not remote_template_cookbook:
raise Exception("Remote template cookbook is invalid.")
def init_environment(config_filepath=BASE_CONFIG_FILEPATH):
"""Set up module variables according to config dict.
:param str config_filepath:
"""
global AMQP_USERNAME, AMQP_PASSWORD, CLIENT, ORG_HREF, VDC_HREF, \
CATALOG_NAME, TEARDOWN_INSTALLATION, TEARDOWN_CLUSTERS, \
TEMPLATE_DEFINITIONS, TEST_ALL_TEMPLATES, SYS_ADMIN_LOGIN_CMD, \
ORG_ADMIN_LOGIN_CMD, VAPP_AUTHOR_LOGIN_CMD, USER_LOGIN_CMD_MAP
config = testutils.yaml_to_dict(config_filepath)
rtm = RemoteTemplateManager(
config['broker']['remote_template_cookbook_url'])
template_cookbook = rtm.get_remote_template_cookbook()
TEMPLATE_DEFINITIONS = template_cookbook['templates']
rtm.download_all_template_scripts(force_overwrite=True)
CLIENT = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'])
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
CLIENT.set_credentials(credentials)
org = pyvcloud_utils.get_org(CLIENT, org_name=config['broker']['org'])
vdc = pyvcloud_utils.get_vdc(CLIENT,
vdc_name=config['broker']['vdc'],
org=org)
ORG_HREF = org.href
VDC_HREF = vdc.href
CATALOG_NAME = config['broker']['catalog']
AMQP_USERNAME = config['amqp']['username']
AMQP_PASSWORD = config['amqp']['password']
SYS_ADMIN_LOGIN_CMD = f"login {config['vcd']['host']} system " \
f"{config['vcd']['username']} " \
f"-iwp {config['vcd']['password']} " \
f"-V {config['vcd']['api_version']}"
ORG_ADMIN_LOGIN_CMD = f"login {config['vcd']['host']} " \
f"{config['broker']['org']}" \
f" {ORG_ADMIN_NAME} -iwp {ORG_ADMIN_PASSWORD} " \
f"-V {config['vcd']['api_version']}"
VAPP_AUTHOR_LOGIN_CMD = f"login {config['vcd']['host']} " \
f"{config['broker']['org']} " \
f"{VAPP_AUTHOR_NAME} -iwp {VAPP_AUTHOR_PASSWORD}" \
f" -V {config['vcd']['api_version']}"
USER_LOGIN_CMD_MAP = {
'sys_admin': SYS_ADMIN_LOGIN_CMD,
'org_admin': ORG_ADMIN_LOGIN_CMD,
'vapp_author': VAPP_AUTHOR_LOGIN_CMD
}
test_config = config.get('test')
if test_config is not None:
TEARDOWN_INSTALLATION = test_config.get('teardown_installation', True)
TEARDOWN_CLUSTERS = test_config.get('teardown_clusters', True)
TEST_ALL_TEMPLATES = test_config.get('test_all_templates', False)
def init_environment(config_filepath=BASE_CONFIG_FILEPATH):
"""Set up module variables according to config dict.
:param str config_filepath:
"""
global AMQP_USERNAME, AMQP_PASSWORD, CLIENT, ORG_HREF, VDC_HREF, \
CATALOG_NAME, TEARDOWN_INSTALLATION, TEARDOWN_CLUSTERS, \
TEMPLATE_DEFINITIONS, TEST_ALL_TEMPLATES, SYS_ADMIN_LOGIN_CMD, \
ORG_ADMIN_LOGIN_CMD, VAPP_AUTHOR_LOGIN_CMD, USERNAME_TO_LOGIN_CMD, \
USERNAME_TO_CLUSTER_NAME
config = testutils.yaml_to_dict(config_filepath)
rtm = \
RemoteTemplateManager(config['broker']['remote_template_cookbook_url'])
template_cookbook = rtm.get_remote_template_cookbook()
TEMPLATE_DEFINITIONS = template_cookbook['templates']
rtm.download_all_template_scripts(force_overwrite=True)
CLIENT = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'])
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
CLIENT.set_credentials(credentials)
org = pyvcloud_utils.get_org(CLIENT, org_name=config['broker']['org'])
vdc = pyvcloud_utils.get_vdc(CLIENT,
vdc_name=config['broker']['vdc'],
org=org)
ORG_HREF = org.href
VDC_HREF = vdc.href
CATALOG_NAME = config['broker']['catalog']
AMQP_USERNAME = config['amqp']['username']
AMQP_PASSWORD = config['amqp']['password']
SYS_ADMIN_LOGIN_CMD = f"login {config['vcd']['host']} system " \
f"{config['vcd']['username']} " \
f"-iwp {config['vcd']['password']} " \
f"-V {config['vcd']['api_version']}"
ORG_ADMIN_LOGIN_CMD = f"login {config['vcd']['host']} " \
f"{config['broker']['org']}" \
f" {ORG_ADMIN_NAME} -iwp {ORG_ADMIN_PASSWORD} " \
f"-V {config['vcd']['api_version']}"
VAPP_AUTHOR_LOGIN_CMD = f"login {config['vcd']['host']} " \
f"{config['broker']['org']} " \
f"{VAPP_AUTHOR_NAME} -iwp {VAPP_AUTHOR_PASSWORD}" \
f" -V {config['vcd']['api_version']}"
USERNAME_TO_LOGIN_CMD = {
'sys_admin': SYS_ADMIN_LOGIN_CMD,
'org_admin': ORG_ADMIN_LOGIN_CMD,
'vapp_author': VAPP_AUTHOR_LOGIN_CMD
}
USERNAME_TO_CLUSTER_NAME = {
'sys_admin': SYS_ADMIN_TEST_CLUSTER_NAME,
'org_admin': ORG_ADMIN_TEST_CLUSTER_NAME,
'vapp_author': VAPP_AUTHOR_TEST_CLUSTER_NAME
}
test_config = config.get('test')
if test_config is not None:
TEARDOWN_INSTALLATION = test_config.get('teardown_installation', True)
TEARDOWN_CLUSTERS = test_config.get('teardown_clusters', True)
TEST_ALL_TEMPLATES = test_config.get('test_all_templates', False)
if not TEST_ALL_TEMPLATES:
specified_templates_str = test_config.get('test_templates', "")
specified_templates = specified_templates_str.split(",")
specified_templates_def = []
for template in specified_templates:
tokens = template.split(":")
# ToDo: log missing/bad specified templates
if len(tokens) == 2:
template_name = tokens[0]
template_revision = tokens[1]
for template_def in TEMPLATE_DEFINITIONS:
if (template_name, int(template_revision)) == (
template_def['name'],
int(template_def['revision'])): # noqa: E501
specified_templates_def.append(template_def)
break
TEMPLATE_DEFINITIONS = specified_templates_def
def install_template(template_name,
template_revision,
config_file_name,
force_create,
retain_temp_vapp,
ssh_key,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=None):
"""Install a particular template in CSE.
If template_name and revision are wild carded to *, all templates defined
in remote template cookbook will be installed.
:param str template_name:
:param str template_revision:
:param str config_file_name: config file name.
:param bool force_create: if True and template already exists in vCD,
overwrites existing template.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
"""
configure_install_logger()
config = get_validated_config(
config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing template '{template_name}' at revision " \
f"'{template_revision}' on vCloud Director using config file " \
f"'{config_file_name}'"
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.info(msg)
client = None
try:
log_filename = None
log_wire = str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
# read remote template cookbook
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
found_template = False
for template in remote_template_cookbook['templates']:
template_name_matched = template_name in (
template[RemoteTemplateKey.NAME], '*') # noqa: E501
template_revision_matched = str(template_revision) in (str(
template[RemoteTemplateKey.REVISION]), '*') # noqa: E501
if template_name_matched and template_revision_matched:
found_template = True
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_create,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
if not found_template:
msg = f"Template '{template_name}' at revision " \
f"'{template_revision}' not found in remote template " \
"cookbook."
if msg_update_callback:
msg_update_callback.error(msg)
LOGGER.error(msg, exc_info=True)
except Exception:
if msg_update_callback:
msg_update_callback.error(
"Template Installation Error. Check CSE install logs")
LOGGER.error("Template Installation Error", exc_info=True)
finally:
if client is not None:
client.logout()
def install_cse(config_file_name,
skip_template_creation,
force_update,
ssh_key,
retain_temp_vapp,
pks_config_file_name=None,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=None):
"""Handle logistics for CSE installation.
Handles decision making for configuring AMQP exchange/settings,
extension registration, catalog setup, and template creation.
:param str config_file_name: config file name.
:param bool skip_template_creation: If True, skip creating the templates.
:param bool force_update: if True and templates already exist in vCD,
overwrites existing templates.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param str pks_config_file_name: pks config file name.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
:raises AmqpError: if AMQP exchange could not be created.
"""
configure_install_logger()
config = get_validated_config(
config_file_name,
pks_config_file_name=pks_config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing CSE on vCloud Director using config file " \
f"'{config_file_name}'"
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.info(msg)
client = None
try:
log_filename = None
log_wire = str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
# create amqp exchange if it doesn't exist
amqp = config['amqp']
_create_amqp_exchange(amqp['exchange'],
amqp['host'],
amqp['port'],
amqp['vhost'],
amqp['ssl'],
amqp['username'],
amqp['password'],
msg_update_callback=msg_update_callback)
# register or update cse on vCD
_register_cse(client,
amqp['routing_key'],
amqp['exchange'],
msg_update_callback=msg_update_callback)
# register rights to vCD
# TODO() should also remove rights when unregistering CSE
_register_right(client,
right_name=CSE_NATIVE_DEPLOY_RIGHT_NAME,
description=CSE_NATIVE_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_NATIVE_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_NATIVE_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
_register_right(client,
right_name=CSE_PKS_DEPLOY_RIGHT_NAME,
description=CSE_PKS_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_PKS_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_PKS_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
# set up cse catalog
org = get_org(client, org_name=config['broker']['org'])
create_and_share_catalog(org,
config['broker']['catalog'],
catalog_desc='CSE templates',
msg_update_callback=msg_update_callback)
if skip_template_creation:
msg = "Skipping creation of templates."
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.warning(msg)
else:
# read remote template cookbook, download all scripts
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
# create all templates defined in cookbook
for template in remote_template_cookbook['templates']:
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_update,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
# if it's a PKS setup, setup NSX-T constructs
if config.get('pks_config'):
nsxt_servers = config.get('pks_config')['nsxt_servers']
for nsxt_server in nsxt_servers:
msg = f"Configuring NSX-T server ({nsxt_server.get('name')})" \
" for CSE. Please check install logs for details."
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
nsxt_client = NSXTClient(host=nsxt_server.get('host'),
username=nsxt_server.get('username'),
password=nsxt_server.get('password'),
http_proxy=nsxt_server.get('proxy'),
https_proxy=nsxt_server.get('proxy'),
verify_ssl=nsxt_server.get('verify'),
logger_instance=LOGGER,
log_requests=True,
log_headers=True,
log_body=True)
setup_nsxt_constructs(
nsxt_client=nsxt_client,
nodes_ip_block_id=nsxt_server.get('nodes_ip_block_ids'),
pods_ip_block_id=nsxt_server.get('pods_ip_block_ids'),
ncp_boundary_firewall_section_anchor_id=nsxt_server.get(
'distributed_firewall_section_anchor_id')
) # noqa: E501
except Exception:
if msg_update_callback:
msg_update_callback.error(
"CSE Installation Error. Check CSE install logs")
LOGGER.error("CSE Installation Error", exc_info=True)
raise # TODO() need installation relevant exceptions for rollback
finally:
if client is not None:
client.logout()
def install_template(template_name,
template_revision,
config_file_name,
force_create,
retain_temp_vapp,
ssh_key,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=utils.NullPrinter()):
"""Install a particular template in CSE.
If template_name and revision are wild carded to *, all templates defined
in remote template cookbook will be installed.
:param str template_name:
:param str template_revision:
:param str config_file_name: config file name.
:param bool force_create: if True and template already exists in vCD,
overwrites existing template.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object.
"""
config = get_validated_config(
config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
log_wire_file=INSTALL_WIRELOG_FILEPATH,
logger_debug=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing template '{template_name}' at revision " \
f"'{template_revision}' on vCloud Director using config file " \
f"'{config_file_name}'"
msg_update_callback.info(msg)
INSTALL_LOGGER.info(msg)
client = None
try:
# Telemetry data construction
cse_params = {
PayloadKey.TEMPLATE_NAME: template_name,
PayloadKey.TEMPLATE_REVISION: template_revision,
PayloadKey.WAS_DECRYPTION_SKIPPED: bool(skip_config_decryption),
PayloadKey.WERE_TEMPLATES_FORCE_UPDATED: bool(force_create),
PayloadKey.WAS_TEMP_VAPP_RETAINED: bool(retain_temp_vapp),
PayloadKey.WAS_SSH_KEY_SPECIFIED: bool(ssh_key)
}
# Record telemetry data
record_user_action_details(
cse_operation=CseOperation.TEMPLATE_INSTALL,
cse_params=cse_params,
telemetry_settings=config['service']['telemetry'])
log_filename = None
log_wire = utils.str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
server_constants.SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
msg_update_callback.general(msg)
INSTALL_LOGGER.info(msg)
# read remote template cookbook
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
found_template = False
for template in remote_template_cookbook['templates']:
template_name_matched = template_name in (
template[server_constants.RemoteTemplateKey.NAME], '*'
) # noqa: E501
template_revision_matched = \
str(template_revision) in (str(template[server_constants.RemoteTemplateKey.REVISION]), '*') # noqa: E501
if template_name_matched and template_revision_matched:
found_template = True
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_create,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
if not found_template:
msg = f"Template '{template_name}' at revision " \
f"'{template_revision}' not found in remote template " \
"cookbook."
msg_update_callback.error(msg)
INSTALL_LOGGER.error(msg, exc_info=True)
raise Exception(msg)
# Record telemetry data on successful template install
record_user_action(
cse_operation=CseOperation.TEMPLATE_INSTALL,
status=OperationStatus.SUCCESS,
telemetry_settings=config['service']['telemetry']) # noqa: E501
except Exception:
msg_update_callback.error(
"Template Installation Error. Check CSE install logs")
INSTALL_LOGGER.error("Template Installation Error", exc_info=True)
# Record telemetry data on template install failure
record_user_action(cse_operation=CseOperation.TEMPLATE_INSTALL,
status=OperationStatus.FAILED,
telemetry_settings=config['service']['telemetry'])
finally:
if client is not None:
client.logout()
def install_cse(config_file_name,
skip_template_creation,
force_update,
ssh_key,
retain_temp_vapp,
pks_config_file_name=None,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=utils.NullPrinter()):
"""Handle logistics for CSE installation.
Handles decision making for configuring AMQP exchange/settings,
defined entity schema registration for vCD api version >= 35,
extension registration, catalog setup and template creation.
Also records telemetry data on installation details.
:param str config_file_name: config file name.
:param bool skip_template_creation: If True, skip creating the templates.
:param bool force_update: if True and templates already exist in vCD,
overwrites existing templates.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param str pks_config_file_name: pks config file name.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object.
:raises cse_exception.AmqpError: if AMQP exchange could not be created.
"""
config = get_validated_config(
config_file_name,
pks_config_file_name=pks_config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
log_wire_file=INSTALL_WIRELOG_FILEPATH,
logger_debug=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing CSE on vCloud Director using config file " \
f"'{config_file_name}'"
msg_update_callback.info(msg)
INSTALL_LOGGER.info(msg)
client = None
try:
# Telemetry - Construct telemetry data
telemetry_data = {
PayloadKey.WAS_DECRYPTION_SKIPPED:
bool(skip_config_decryption), # noqa: E501
PayloadKey.WAS_PKS_CONFIG_FILE_PROVIDED:
bool(pks_config_file_name), # noqa: E501
PayloadKey.WERE_TEMPLATES_SKIPPED:
bool(skip_template_creation), # noqa: E501
PayloadKey.WERE_TEMPLATES_FORCE_UPDATED:
bool(force_update), # noqa: E501
PayloadKey.WAS_TEMP_VAPP_RETAINED:
bool(retain_temp_vapp), # noqa: E501
PayloadKey.WAS_SSH_KEY_SPECIFIED: bool(ssh_key) # noqa: E501
}
# Telemetry - Record detailed telemetry data on install
record_user_action_details(
CseOperation.SERVICE_INSTALL,
telemetry_data,
telemetry_settings=config['service']['telemetry']) # noqa: E501
log_filename = None
log_wire = utils.str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
server_constants.SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
msg_update_callback.general(msg)
INSTALL_LOGGER.info(msg)
# create amqp exchange if it doesn't exist
amqp = config['amqp']
_create_amqp_exchange(amqp['exchange'],
amqp['host'],
amqp['port'],
amqp['vhost'],
amqp['ssl'],
amqp['username'],
amqp['password'],
msg_update_callback=msg_update_callback)
# register or update cse on vCD
_register_cse(client,
amqp['routing_key'],
amqp['exchange'],
msg_update_callback=msg_update_callback)
# register cse def schema on VCD
# schema should be located at
# ~/.cse-schema/api-v<API VERSION>/schema.json
_register_def_schema(client,
msg_update_callback=msg_update_callback,
log_wire=log_wire)
# Since we use CSE extension id as our telemetry instance_id, the
# validated config won't have the instance_id yet. Now that CSE has
# been registered as an extension, we should update the telemetry
# config with the correct instance_id
if config['service']['telemetry']['enable']:
store_telemetry_settings(config)
# register rights to vCD
# TODO() should also remove rights when unregistering CSE
_register_right(
client,
right_name=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_NAME, # noqa: E501
description=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_DESCRIPTION, # noqa: E501
category=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_CATEGORY, # noqa: E501
bundle_key=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_BUNDLE_KEY, # noqa: E501
msg_update_callback=msg_update_callback)
_register_right(
client,
right_name=server_constants.
CSE_PKS_DEPLOY_RIGHT_NAME, # noqa: E501
description=server_constants.
CSE_PKS_DEPLOY_RIGHT_DESCRIPTION, # noqa: E501
category=server_constants.
CSE_PKS_DEPLOY_RIGHT_CATEGORY, # noqa: E501
bundle_key=server_constants.
CSE_PKS_DEPLOY_RIGHT_BUNDLE_KEY, # noqa: E501
msg_update_callback=msg_update_callback)
# set up placement policies for all types of clusters
_setup_placement_policies(
client,
policy_list=server_constants.
CLUSTER_PLACEMENT_POLICIES, # noqa: E501
msg_update_callback=msg_update_callback,
log_wire=log_wire)
# set up cse catalog
org = vcd_utils.get_org(client, org_name=config['broker']['org'])
vcd_utils.create_and_share_catalog(
org,
config['broker']['catalog'],
catalog_desc='CSE templates',
logger=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
if skip_template_creation:
msg = "Skipping creation of templates."
msg_update_callback.info(msg)
INSTALL_LOGGER.warning(msg)
else:
# read remote template cookbook, download all scripts
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
# create all templates defined in cookbook
for template in remote_template_cookbook['templates']:
# TODO tag created templates with placement policies
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_update,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
# if it's a PKS setup, setup NSX-T constructs
if config.get('pks_config'):
nsxt_servers = config['pks_config']['nsxt_servers']
wire_logger = NULL_LOGGER
if log_wire:
wire_logger = SERVER_NSXT_WIRE_LOGGER
for nsxt_server in nsxt_servers:
msg = f"Configuring NSX-T server ({nsxt_server.get('name')})" \
" for CSE. Please check install logs for details."
msg_update_callback.general(msg)
INSTALL_LOGGER.info(msg)
nsxt_client = NSXTClient(host=nsxt_server.get('host'),
username=nsxt_server.get('username'),
password=nsxt_server.get('password'),
logger_debug=INSTALL_LOGGER,
logger_wire=wire_logger,
http_proxy=nsxt_server.get('proxy'),
https_proxy=nsxt_server.get('proxy'),
verify_ssl=nsxt_server.get('verify'))
setup_nsxt_constructs(
nsxt_client=nsxt_client,
nodes_ip_block_id=nsxt_server.get('nodes_ip_block_ids'),
pods_ip_block_id=nsxt_server.get('pods_ip_block_ids'),
ncp_boundary_firewall_section_anchor_id=nsxt_server.get(
'distributed_firewall_section_anchor_id')
) # noqa: E501
# Telemetry - Record successful install action
record_user_action(CseOperation.SERVICE_INSTALL,
telemetry_settings=config['service']['telemetry'])
except Exception:
msg_update_callback.error(
"CSE Installation Error. Check CSE install logs")
INSTALL_LOGGER.error("CSE Installation Error", exc_info=True)
# Telemetry - Record failed install action
record_user_action(CseOperation.SERVICE_INSTALL,
status=OperationStatus.FAILED,
telemetry_settings=config['service']['telemetry'])
raise # TODO() need installation relevant exceptions for rollback
finally:
if client is not None:
client.logout()
def list_template(ctx, config_file_name, skip_config_decryption,
display_option):
"""List CSE k8s templates."""
if skip_config_decryption:
password = None
else:
password = os.getenv('CSE_CONFIG_PASSWORD') or prompt_text(
PASSWORD_FOR_CONFIG_DECRYPTION_MSG, color='green', hide_input=True)
try:
console_message_printer = ConsoleMessagePrinter()
try:
check_python_version()
except Exception as err:
click.secho(str(err), fg='red')
sys.exit(1)
# We don't want to validate config file, because server startup or
# installation is not being perfomred. If values in config file are
# missing or bad, appropriate exception will be raised while accessing
# or using them.
if skip_config_decryption:
with open(config_file_name) as config_file:
config_dict = yaml.safe_load(config_file) or {}
else:
console_message_printer.info(f"Decrypting '{config_file_name}'")
config_dict = yaml.safe_load(
get_decrypted_file_contents(config_file_name, password)) or {}
local_templates = []
if display_option in (DISPLAY_ALL, DISPLAY_DIFF, DISPLAY_LOCAL):
client = None
try:
# To suppress the warning message that pyvcloud prints if
# ssl_cert verification is skipped.
if not config_dict['vcd']['verify']:
requests.packages.urllib3.disable_warnings()
client = Client(config_dict['vcd']['host'],
api_version=config_dict['vcd']['api_version'],
verify_ssl_certs=config_dict['vcd']['verify'])
credentials = BasicLoginCredentials(
config_dict['vcd']['username'], SYSTEM_ORG_NAME,
config_dict['vcd']['password'])
client.set_credentials(credentials)
org_name = config_dict['broker']['org']
catalog_name = config_dict['broker']['catalog']
local_template_definitions = \
get_all_k8s_local_template_definition(
client=client,
catalog_name=catalog_name,
org_name=org_name)
default_template_name = \
config_dict['broker']['default_template_name']
default_template_revision = \
str(config_dict['broker']['default_template_revision'])
for definition in local_template_definitions:
template = {}
template['name'] = definition[LocalTemplateKey.NAME]
template['revision'] = \
definition[LocalTemplateKey.REVISION]
template['compute_policy'] = \
definition[LocalTemplateKey.COMPUTE_POLICY]
template['local'] = True
template['remote'] = False
if str(definition[LocalTemplateKey.REVISION]
) == default_template_revision and definition[
LocalTemplateKey.
NAME] == default_template_name: # noqa: E501
template['default'] = True
else:
template['default'] = False
template['deprecated'] = \
str_to_bool(definition[LocalTemplateKey.DEPRECATED])
template['cpu'] = definition[LocalTemplateKey.CPU]
template['memory'] = definition[LocalTemplateKey.MEMORY]
template['description'] = \
definition[LocalTemplateKey.DESCRIPTION]
local_templates.append(template)
finally:
if client:
client.logout()
remote_templates = []
if display_option in (DISPLAY_ALL, DISPLAY_DIFF, DISPLAY_REMOTE):
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config_dict['broker']
['remote_template_cookbook_url'], # noqa: E501
msg_update_callback=ConsoleMessagePrinter())
remote_template_cookbook = rtm.get_remote_template_cookbook()
remote_template_definitions = remote_template_cookbook['templates']
for definition in remote_template_definitions:
template = {}
template['name'] = definition[RemoteTemplateKey.NAME]
template['revision'] = definition[RemoteTemplateKey.REVISION]
template['compute_policy'] = \
definition[RemoteTemplateKey.COMPUTE_POLICY]
template['local'] = False
template['remote'] = True
template['default'] = False
template['deprecated'] = \
str_to_bool(definition[RemoteTemplateKey.DEPRECATED])
template['cpu'] = definition[RemoteTemplateKey.CPU]
template['memory'] = definition[RemoteTemplateKey.MEMORY]
template['description'] = \
definition[RemoteTemplateKey.DESCRIPTION]
remote_templates.append(template)
result = []
if display_option is DISPLAY_ALL:
result = remote_templates
# If local copy of template exists, update the remote definition
# with relevant values, else add the local definition to the result
# list.
for local_template in local_templates:
found = False
for remote_template in remote_templates:
if str(local_template[LocalTemplateKey.REVISION]) == str(
remote_template[RemoteTemplateKey.REVISION]
) and local_template[
LocalTemplateKey.NAME] == remote_template[
RemoteTemplateKey.NAME]: # noqa: E501
remote_template['compute_policy'] = \
local_template['compute_policy']
remote_template['local'] = local_template['local']
remote_template['default'] = local_template['default']
found = True
break
if not found:
result.append(local_template)
elif display_option in DISPLAY_DIFF:
for remote_template in remote_templates:
found = False
for local_template in local_templates:
if str(local_template[LocalTemplateKey.REVISION]) == str(
remote_template[RemoteTemplateKey.REVISION]
) and local_template[
LocalTemplateKey.NAME] == remote_template[
RemoteTemplateKey.NAME]: # noqa: E501
found = True
break
if not found:
result.append(remote_template)
elif display_option in DISPLAY_LOCAL:
result = local_templates
elif display_option in DISPLAY_REMOTE:
result = remote_templates
stdout(result, ctx, sort_headers=False)
except cryptography.fernet.InvalidToken:
click.secho(CONFIG_DECRYPTION_ERROR_MSG, fg='red')
except Exception as err:
click.secho(str(err), fg='red')
def install_cse(ctx,
config_file_name='config.yaml',
skip_template_creation=True,
force_update=False,
ssh_key=None,
retain_temp_vapp=False,
msg_update_callback=None):
"""Handle logistics for CSE installation.
Handles decision making for configuring AMQP exchange/settings,
extension registration, catalog setup, and template creation.
:param click.core.Context ctx:
:param str config_file_name: config file name.
:param bool skip_template_creation: If True, skip creating the templates.
:param bool force_update: if True and templates already exist in vCD,
overwrites existing templates.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
:raises AmqpError: if AMQP exchange could not be created.
"""
configure_install_logger()
config = get_validated_config(config_file_name,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing CSE on vCloud Director using config file " \
f"'{config_file_name}'"
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.info(msg)
client = None
try:
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=INSTALL_WIRELOG_FILEPATH,
log_requests=True,
log_headers=True,
log_bodies=True)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
# create amqp exchange if it doesn't exist
amqp = config['amqp']
_create_amqp_exchange(amqp['exchange'],
amqp['host'],
amqp['port'],
amqp['vhost'],
amqp['ssl'],
amqp['username'],
amqp['password'],
msg_update_callback=msg_update_callback)
# register or update cse on vCD
_register_cse(client,
amqp['routing_key'],
amqp['exchange'],
msg_update_callback=msg_update_callback)
# register rights to vCD
# TODO() should also remove rights when unregistering CSE
_register_right(client,
right_name=CSE_NATIVE_DEPLOY_RIGHT_NAME,
description=CSE_NATIVE_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_NATIVE_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_NATIVE_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
_register_right(client,
right_name=CSE_PKS_DEPLOY_RIGHT_NAME,
description=CSE_PKS_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_PKS_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_PKS_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
org_name = config['broker']['org']
catalog_name = config['broker']['catalog']
# set up cse catalog
org = get_org(client, org_name=org_name)
create_and_share_catalog(org,
catalog_name,
catalog_desc='CSE templates',
msg_update_callback=msg_update_callback)
if skip_template_creation:
msg = "Skipping creation of templates."
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.warning(msg)
else:
# read remote template cookbook, download all scripts
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=LOGGER,
msg_update_callback=ConsoleMessagePrinter())
remote_template_cookbook = rtm.get_remote_template_cookbook()
# create all templates defined in cookbook
for template in remote_template_cookbook['templates']:
rtm.download_template_scripts(
template_name=template[RemoteTemplateKey.NAME],
revision=template[RemoteTemplateKey.REVISION],
force_overwrite=force_update)
catalog_item_name = get_revisioned_template_name(
template[RemoteTemplateKey.NAME],
template[RemoteTemplateKey.REVISION])
build_params = {
'template_name':
template[RemoteTemplateKey.NAME],
'template_revision':
template[RemoteTemplateKey.REVISION],
'source_ova_name':
template[RemoteTemplateKey.SOURCE_OVA_NAME], # noqa: E501
'source_ova_href':
template[RemoteTemplateKey.SOURCE_OVA_HREF], # noqa: E501
'source_ova_sha256':
template[
RemoteTemplateKey.SOURCE_OVA_SHA256], # noqa: E501
'org_name':
org_name,
'vdc_name':
config['broker']['vdc'],
'catalog_name':
catalog_name,
'catalog_item_name':
catalog_item_name,
'catalog_item_description':
template[RemoteTemplateKey.DESCRIPTION], # noqa: E501
'temp_vapp_name':
template[RemoteTemplateKey.NAME] + '_temp', # noqa: E501
'cpu':
template[RemoteTemplateKey.CPU],
'memory':
template[RemoteTemplateKey.MEMORY],
'network_name':
config['broker']['network'],
'ip_allocation_mode':
config['broker']['ip_allocation_mode'], # noqa: E501
'storage_profile':
config['broker']['storage_profile']
}
builder = TemplateBuilder(
client,
client,
build_params,
ssh_key=ssh_key,
logger=LOGGER,
msg_update_callback=ConsoleMessagePrinter())
builder.build(force_recreate=force_update,
retain_temp_vapp=retain_temp_vapp)
# remote definition is a super set of local definition, barring
# the key 'catalog_item_name'
template_definition = dict(template)
template_definition['catalog_item_name'] = catalog_item_name
save_k8s_local_template_definition_as_metadata(
client=client,
catalog_name=catalog_name,
catalog_item_name=catalog_item_name,
template_definition=template_definition,
org_name=org_name)
# if it's a PKS setup, setup NSX-T constructs
if config.get('pks_config'):
nsxt_servers = config.get('pks_config')['nsxt_servers']
for nsxt_server in nsxt_servers:
msg = f"Configuring NSX-T server ({nsxt_server.get('name')})" \
" for CSE. Please check install logs for details."
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
nsxt_client = NSXTClient(host=nsxt_server.get('host'),
username=nsxt_server.get('username'),
password=nsxt_server.get('password'),
http_proxy=nsxt_server.get('proxy'),
https_proxy=nsxt_server.get('proxy'),
verify_ssl=nsxt_server.get('verify'),
logger_instance=LOGGER,
log_requests=True,
log_headers=True,
log_body=True)
setup_nsxt_constructs(
nsxt_client=nsxt_client,
nodes_ip_block_id=nsxt_server.get('nodes_ip_block_ids'),
pods_ip_block_id=nsxt_server.get('pods_ip_block_ids'),
ncp_boundary_firewall_section_anchor_id=nsxt_server.get(
'distributed_firewall_section_anchor_id')
) # noqa: E501
except Exception:
if msg_update_callback:
msg_update_callback.error(
"CSE Installation Error. Check CSE install logs")
LOGGER.error("CSE Installation Error", exc_info=True)
raise # TODO() need installation relevant exceptions for rollback
finally:
if client is not None:
client.logout()