def test_0060_config_valid(config):
"""Test that configs with valid keys and value types pass validation."""
try:
get_validated_config(env.ACTIVE_CONFIG_FILEPATH)
except (KeyError, TypeError, ValueError):
assert False, f"{env.ACTIVE_CONFIG_FILEPATH} did not pass validation" \
f" when it should have"
def test_0050_config_invalid_value_types(config):
"""Test that configs with invalid value types don't pass validation."""
bad_values_config1 = testutils.yaml_to_dict(env.ACTIVE_CONFIG_FILEPATH)
bad_values_config1['vcd'] = True
bad_values_config1['vcs'] = 'a'
bad_values_config2 = testutils.yaml_to_dict(env.ACTIVE_CONFIG_FILEPATH)
bad_values_config2['vcd']['username'] = True
bad_values_config2['vcd']['api_version'] = 123
bad_values_config2['vcd']['port'] = 'a'
bad_values_config3 = testutils.yaml_to_dict(env.ACTIVE_CONFIG_FILEPATH)
bad_values_config3['vcs'][0]['username'] = True
bad_values_config3['vcs'][0]['password'] = 123
bad_values_config3['vcs'][0]['verify'] = 'a'
bad_values_config4 = testutils.yaml_to_dict(env.ACTIVE_CONFIG_FILEPATH)
bad_values_config4['broker']['remote_template_cookbook_url'] = 1
configs = [
bad_values_config1, bad_values_config2, bad_values_config3,
bad_values_config4
]
for config in configs:
testutils.dict_to_yaml_file(config, env.ACTIVE_CONFIG_FILEPATH)
try:
get_validated_config(env.ACTIVE_CONFIG_FILEPATH,
skip_config_decryption=True)
assert False, f"{env.ACTIVE_CONFIG_FILEPATH} passed validation " \
f"when it should not have"
except TypeError:
pass
def check(ctx, config, check_install):
"""Validate CSE config file."""
try:
check_python_version(ConsoleMessagePrinter())
except Exception as err:
click.secho(str(err), fg='red')
sys.exit(1)
config_dict = None
try:
config_dict = get_validated_config(
config, msg_update_callback=ConsoleMessagePrinter())
except (NotAcceptableException, VcdException, ValueError,
KeyError, TypeError) as err:
click.secho(str(err), fg='red')
except AmqpConnectionError as err:
click.secho(str(err), fg='red')
click.secho("check config file amqp section.", fg='red')
except requests.exceptions.ConnectionError as err:
click.secho(f"Cannot connect to {err.request.url}.", fg='red')
except vim.fault.InvalidLogin:
click.secho("vCenter login failed (check config file vCenter "
"username/password).", fg='red')
if check_install and config_dict:
try:
check_cse_installation(
config_dict, msg_update_callback=ConsoleMessagePrinter())
except Exception as err:
click.secho(f"Error : {err}")
click.secho("CSE installation is invalid", fg='red')
def test_0040_config_missing_keys(config):
"""Test that config files with missing keys don't pass validation."""
bad_key_config1 = testutils.yaml_to_dict(env.ACTIVE_CONFIG_FILEPATH)
del bad_key_config1['amqp']
bad_key_config2 = testutils.yaml_to_dict(env.ACTIVE_CONFIG_FILEPATH)
del bad_key_config2['vcs'][0]['username']
configs = [bad_key_config1, bad_key_config2]
for config in configs:
testutils.dict_to_yaml_file(config, env.ACTIVE_CONFIG_FILEPATH)
try:
get_validated_config(env.ACTIVE_CONFIG_FILEPATH)
assert False, f"{env.ACTIVE_CONFIG_FILEPATH} passed validation " \
f"when it should not have"
except KeyError:
pass
def check(ctx, config, pks_config, skip_config_decryption, check_install):
"""Validate CSE config file."""
if skip_config_decryption:
password = None
else:
password = os.getenv('CSE_CONFIG_PASSWORD') or prompt_text(
PASSWORD_FOR_CONFIG_DECRYPTION_MSG, color='green', hide_input=True)
try:
check_python_version(ConsoleMessagePrinter())
except Exception as err:
click.secho(str(err), fg='red')
sys.exit(1)
config_dict = None
try:
config_dict = get_validated_config(
config,
pks_config_file_name=pks_config,
skip_config_decryption=skip_config_decryption,
decryption_password=password,
msg_update_callback=ConsoleMessagePrinter())
except (NotAcceptableException, VcdException, ValueError, KeyError,
TypeError) as err:
click.secho(str(err), fg='red')
except AmqpConnectionError as err:
click.secho(str(err), fg='red')
click.secho("check config file amqp section.", fg='red')
except requests.exceptions.ConnectionError as err:
click.secho(f"Cannot connect to {err.request.url}.", fg='red')
except cryptography.fernet.InvalidToken:
click.secho(CONFIG_DECRYPTION_ERROR_MSG, fg='red')
except vim.fault.InvalidLogin:
click.secho(
"vCenter login failed (check config file vCenter "
"username/password).",
fg='red')
if check_install and config_dict:
try:
check_cse_installation(config_dict,
msg_update_callback=ConsoleMessagePrinter())
except Exception as err:
click.secho(f"Error : {err}")
click.secho("CSE installation is invalid", fg='red')
def run(self, msg_update_callback=utils.NullPrinter()):
self.config = get_validated_config(
self.config_file,
pks_config_file_name=self.pks_config_file,
skip_config_decryption=self.skip_config_decryption,
decryption_password=self.decryption_password,
log_wire_file=logger.SERVER_DEBUG_WIRELOG_FILEPATH,
logger_debug=logger.SERVER_LOGGER,
msg_update_callback=msg_update_callback)
populate_vsphere_list(self.config['vcs'])
# Load def entity-type and interface
self._load_def_schema(msg_update_callback=msg_update_callback)
# Read k8s catalog definition from catalog item metadata and append
# the same to to server run-time config
self._load_template_definition_from_catalog(
msg_update_callback=msg_update_callback)
if float(self.config['vcd']['api_version']) < float(
vCDApiVersion.VERSION_35.value): # noqa: E501
# Read templates rules from config and update template deinfition
# in server run-time config
self._process_template_rules(
msg_update_callback=msg_update_callback)
# Make sure that all vms in templates are compliant with the
# compute policy specified in template definition (can be affected
# by rules).
self._process_template_compute_policy_compliance(
msg_update_callback=msg_update_callback)
else:
msg = "Template rules are not supported by CSE for vCD api " \
"version 35.0 or above. Skipping template rule processing."
msg_update_callback.info(msg)
logger.SERVER_LOGGER.debug(msg)
if self.should_check_config:
check_cse_installation(self.config,
msg_update_callback=msg_update_callback)
if self.config.get('pks_config'):
pks_config = self.config.get('pks_config')
self.pks_cache = PksCache(
pks_servers=pks_config.get('pks_api_servers', []),
pks_accounts=pks_config.get('pks_accounts', []),
pvdcs=pks_config.get('pvdcs', []),
orgs=pks_config.get('orgs', []),
nsxt_servers=pks_config.get('nsxt_servers', []))
amqp = self.config['amqp']
num_consumers = self.config['service']['listeners']
for n in range(num_consumers):
try:
c = MessageConsumer(amqp['host'], amqp['port'], amqp['ssl'],
amqp['vhost'], amqp['username'],
amqp['password'], amqp['exchange'],
amqp['routing_key'])
name = 'MessageConsumer-%s' % n
t = Thread(name=name, target=consumer_thread, args=(c, ))
t.daemon = True
t.start()
msg = f"Started thread '{name} ({t.ident})'"
msg_update_callback.general(msg)
logger.SERVER_LOGGER.info(msg)
self.threads.append(t)
self.consumers.append(c)
time.sleep(0.25)
except KeyboardInterrupt:
break
except Exception:
logger.SERVER_LOGGER.error(traceback.format_exc())
logger.SERVER_LOGGER.info(
f"Number of threads started: {len(self.threads)}") # noqa: E501
self._state = ServerState.RUNNING
message = f"Container Service Extension for vCloud Director" \
f"\nServer running using config file: {self.config_file}" \
f"\nLog files: {logger.SERVER_INFO_LOG_FILEPATH}, " \
f"{logger.SERVER_DEBUG_LOG_FILEPATH}" \
f"\nwaiting for requests (ctrl+c to close)"
signal.signal(signal.SIGINT, signal_handler)
msg_update_callback.general_no_color(message)
logger.SERVER_LOGGER.info(message)
# Record telemetry on user action and details of operation.
cse_params = {
PayloadKey.WAS_DECRYPTION_SKIPPED:
bool(self.skip_config_decryption), # noqa: E501
PayloadKey.WAS_PKS_CONFIG_FILE_PROVIDED:
bool(self.pks_config_file), # noqa: E501
PayloadKey.WAS_INSTALLATION_CHECK_SKIPPED:
bool(self.should_check_config) # noqa: E501
}
record_user_action_details(cse_operation=CseOperation.SERVICE_RUN,
cse_params=cse_params)
record_user_action(cse_operation=CseOperation.SERVICE_RUN)
while True:
try:
time.sleep(1)
if self._state == ServerState.STOPPING and \
self.active_requests_count() == 0:
break
except KeyboardInterrupt:
break
except Exception:
msg_update_callback.general_no_color(traceback.format_exc())
logger.SERVER_LOGGER.error(traceback.format_exc())
sys.exit(1)
logger.SERVER_LOGGER.info("Stop detected")
logger.SERVER_LOGGER.info("Closing connections...")
for c in self.consumers:
try:
c.stop()
except Exception:
logger.SERVER_LOGGER.error(traceback.format_exc())
self._state = ServerState.STOPPED
logger.SERVER_LOGGER.info("Done")
def run(self, msg_update_callback=None):
configure_server_logger()
self.config = get_validated_config(
self.config_file, msg_update_callback=msg_update_callback)
populate_vsphere_list(self.config['vcs'])
# Read k8s catalog definition from catalog item metadata and append
# the same to to server run-time config
self._load_template_definition_from_catalog(
msg_update_callback=msg_update_callback)
# Read templates rules from config and update template deinfition in
# server run-time config
self._process_template_rules(msg_update_callback=msg_update_callback)
# Make sure that all vms in templates are compliant with the compute
# policy specified in template definition (can be affected by rules).
self._process_template_compute_policy_compliance(
msg_update_callback=msg_update_callback)
if self.should_check_config:
check_cse_installation(self.config,
msg_update_callback=msg_update_callback)
if self.config.get('pks_config'):
pks_config = self.config.get('pks_config')
self.pks_cache = PksCache(
pks_servers=pks_config.get('pks_api_servers', []),
pks_accounts=pks_config.get('pks_accounts', []),
pvdcs=pks_config.get('pvdcs', []),
orgs=pks_config.get('orgs', []),
nsxt_servers=pks_config.get('nsxt_servers', []))
amqp = self.config['amqp']
num_consumers = self.config['service']['listeners']
for n in range(num_consumers):
try:
c = MessageConsumer(amqp['host'], amqp['port'], amqp['ssl'],
amqp['vhost'], amqp['username'],
amqp['password'], amqp['exchange'],
amqp['routing_key'])
name = 'MessageConsumer-%s' % n
t = Thread(name=name, target=consumer_thread, args=(c, ))
t.daemon = True
t.start()
msg = f"Started thread '{name} ({t.ident})'"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
self.threads.append(t)
self.consumers.append(c)
time.sleep(0.25)
except KeyboardInterrupt:
break
except Exception:
LOGGER.error(traceback.format_exc())
LOGGER.info(f"Number of threads started: {len(self.threads)}")
self._state = ServerState.RUNNING
message = f"Container Service Extension for vCloud Director" \
f"\nServer running using config file: {self.config_file}" \
f"\nLog files: {SERVER_INFO_LOG_FILEPATH}, " \
f"{SERVER_DEBUG_LOG_FILEPATH}" \
f"\nwaiting for requests (ctrl+c to close)"
signal.signal(signal.SIGINT, signal_handler)
if msg_update_callback:
msg_update_callback.general_no_color(message)
LOGGER.info(message)
while True:
try:
time.sleep(1)
if self._state == ServerState.STOPPING and \
self.active_requests_count() == 0:
break
except KeyboardInterrupt:
break
except Exception:
if msg_update_callback:
msg_update_callback.general_no_color(
traceback.format_exc())
LOGGER.error(traceback.format_exc())
sys.exit(1)
LOGGER.info("Stop detected")
LOGGER.info("Closing connections...")
for c in self.consumers:
try:
c.stop()
except Exception:
LOGGER.error(traceback.format_exc())
self._state = ServerState.STOPPED
LOGGER.info("Done")
def install_template(template_name,
template_revision,
config_file_name,
force_create,
retain_temp_vapp,
ssh_key,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=None):
"""Install a particular template in CSE.
If template_name and revision are wild carded to *, all templates defined
in remote template cookbook will be installed.
:param str template_name:
:param str template_revision:
:param str config_file_name: config file name.
:param bool force_create: if True and template already exists in vCD,
overwrites existing template.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
"""
configure_install_logger()
config = get_validated_config(
config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing template '{template_name}' at revision " \
f"'{template_revision}' on vCloud Director using config file " \
f"'{config_file_name}'"
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.info(msg)
client = None
try:
log_filename = None
log_wire = str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
# read remote template cookbook
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
found_template = False
for template in remote_template_cookbook['templates']:
template_name_matched = template_name in (
template[RemoteTemplateKey.NAME], '*') # noqa: E501
template_revision_matched = str(template_revision) in (str(
template[RemoteTemplateKey.REVISION]), '*') # noqa: E501
if template_name_matched and template_revision_matched:
found_template = True
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_create,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
if not found_template:
msg = f"Template '{template_name}' at revision " \
f"'{template_revision}' not found in remote template " \
"cookbook."
if msg_update_callback:
msg_update_callback.error(msg)
LOGGER.error(msg, exc_info=True)
except Exception:
if msg_update_callback:
msg_update_callback.error(
"Template Installation Error. Check CSE install logs")
LOGGER.error("Template Installation Error", exc_info=True)
finally:
if client is not None:
client.logout()
def install_cse(config_file_name,
skip_template_creation,
force_update,
ssh_key,
retain_temp_vapp,
pks_config_file_name=None,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=None):
"""Handle logistics for CSE installation.
Handles decision making for configuring AMQP exchange/settings,
extension registration, catalog setup, and template creation.
:param str config_file_name: config file name.
:param bool skip_template_creation: If True, skip creating the templates.
:param bool force_update: if True and templates already exist in vCD,
overwrites existing templates.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param str pks_config_file_name: pks config file name.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
:raises AmqpError: if AMQP exchange could not be created.
"""
configure_install_logger()
config = get_validated_config(
config_file_name,
pks_config_file_name=pks_config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing CSE on vCloud Director using config file " \
f"'{config_file_name}'"
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.info(msg)
client = None
try:
log_filename = None
log_wire = str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
# create amqp exchange if it doesn't exist
amqp = config['amqp']
_create_amqp_exchange(amqp['exchange'],
amqp['host'],
amqp['port'],
amqp['vhost'],
amqp['ssl'],
amqp['username'],
amqp['password'],
msg_update_callback=msg_update_callback)
# register or update cse on vCD
_register_cse(client,
amqp['routing_key'],
amqp['exchange'],
msg_update_callback=msg_update_callback)
# register rights to vCD
# TODO() should also remove rights when unregistering CSE
_register_right(client,
right_name=CSE_NATIVE_DEPLOY_RIGHT_NAME,
description=CSE_NATIVE_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_NATIVE_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_NATIVE_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
_register_right(client,
right_name=CSE_PKS_DEPLOY_RIGHT_NAME,
description=CSE_PKS_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_PKS_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_PKS_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
# set up cse catalog
org = get_org(client, org_name=config['broker']['org'])
create_and_share_catalog(org,
config['broker']['catalog'],
catalog_desc='CSE templates',
msg_update_callback=msg_update_callback)
if skip_template_creation:
msg = "Skipping creation of templates."
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.warning(msg)
else:
# read remote template cookbook, download all scripts
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
# create all templates defined in cookbook
for template in remote_template_cookbook['templates']:
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_update,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
# if it's a PKS setup, setup NSX-T constructs
if config.get('pks_config'):
nsxt_servers = config.get('pks_config')['nsxt_servers']
for nsxt_server in nsxt_servers:
msg = f"Configuring NSX-T server ({nsxt_server.get('name')})" \
" for CSE. Please check install logs for details."
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
nsxt_client = NSXTClient(host=nsxt_server.get('host'),
username=nsxt_server.get('username'),
password=nsxt_server.get('password'),
http_proxy=nsxt_server.get('proxy'),
https_proxy=nsxt_server.get('proxy'),
verify_ssl=nsxt_server.get('verify'),
logger_instance=LOGGER,
log_requests=True,
log_headers=True,
log_body=True)
setup_nsxt_constructs(
nsxt_client=nsxt_client,
nodes_ip_block_id=nsxt_server.get('nodes_ip_block_ids'),
pods_ip_block_id=nsxt_server.get('pods_ip_block_ids'),
ncp_boundary_firewall_section_anchor_id=nsxt_server.get(
'distributed_firewall_section_anchor_id')
) # noqa: E501
except Exception:
if msg_update_callback:
msg_update_callback.error(
"CSE Installation Error. Check CSE install logs")
LOGGER.error("CSE Installation Error", exc_info=True)
raise # TODO() need installation relevant exceptions for rollback
finally:
if client is not None:
client.logout()
def install_template(template_name,
template_revision,
config_file_name,
force_create,
retain_temp_vapp,
ssh_key,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=utils.NullPrinter()):
"""Install a particular template in CSE.
If template_name and revision are wild carded to *, all templates defined
in remote template cookbook will be installed.
:param str template_name:
:param str template_revision:
:param str config_file_name: config file name.
:param bool force_create: if True and template already exists in vCD,
overwrites existing template.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object.
"""
config = get_validated_config(
config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
log_wire_file=INSTALL_WIRELOG_FILEPATH,
logger_debug=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing template '{template_name}' at revision " \
f"'{template_revision}' on vCloud Director using config file " \
f"'{config_file_name}'"
msg_update_callback.info(msg)
INSTALL_LOGGER.info(msg)
client = None
try:
# Telemetry data construction
cse_params = {
PayloadKey.TEMPLATE_NAME: template_name,
PayloadKey.TEMPLATE_REVISION: template_revision,
PayloadKey.WAS_DECRYPTION_SKIPPED: bool(skip_config_decryption),
PayloadKey.WERE_TEMPLATES_FORCE_UPDATED: bool(force_create),
PayloadKey.WAS_TEMP_VAPP_RETAINED: bool(retain_temp_vapp),
PayloadKey.WAS_SSH_KEY_SPECIFIED: bool(ssh_key)
}
# Record telemetry data
record_user_action_details(
cse_operation=CseOperation.TEMPLATE_INSTALL,
cse_params=cse_params,
telemetry_settings=config['service']['telemetry'])
log_filename = None
log_wire = utils.str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
server_constants.SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
msg_update_callback.general(msg)
INSTALL_LOGGER.info(msg)
# read remote template cookbook
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
found_template = False
for template in remote_template_cookbook['templates']:
template_name_matched = template_name in (
template[server_constants.RemoteTemplateKey.NAME], '*'
) # noqa: E501
template_revision_matched = \
str(template_revision) in (str(template[server_constants.RemoteTemplateKey.REVISION]), '*') # noqa: E501
if template_name_matched and template_revision_matched:
found_template = True
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_create,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
if not found_template:
msg = f"Template '{template_name}' at revision " \
f"'{template_revision}' not found in remote template " \
"cookbook."
msg_update_callback.error(msg)
INSTALL_LOGGER.error(msg, exc_info=True)
raise Exception(msg)
# Record telemetry data on successful template install
record_user_action(
cse_operation=CseOperation.TEMPLATE_INSTALL,
status=OperationStatus.SUCCESS,
telemetry_settings=config['service']['telemetry']) # noqa: E501
except Exception:
msg_update_callback.error(
"Template Installation Error. Check CSE install logs")
INSTALL_LOGGER.error("Template Installation Error", exc_info=True)
# Record telemetry data on template install failure
record_user_action(cse_operation=CseOperation.TEMPLATE_INSTALL,
status=OperationStatus.FAILED,
telemetry_settings=config['service']['telemetry'])
finally:
if client is not None:
client.logout()
def install_cse(config_file_name,
skip_template_creation,
force_update,
ssh_key,
retain_temp_vapp,
pks_config_file_name=None,
skip_config_decryption=False,
decryption_password=None,
msg_update_callback=utils.NullPrinter()):
"""Handle logistics for CSE installation.
Handles decision making for configuring AMQP exchange/settings,
defined entity schema registration for vCD api version >= 35,
extension registration, catalog setup and template creation.
Also records telemetry data on installation details.
:param str config_file_name: config file name.
:param bool skip_template_creation: If True, skip creating the templates.
:param bool force_update: if True and templates already exist in vCD,
overwrites existing templates.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param str pks_config_file_name: pks config file name.
:param bool skip_config_decryption: do not decrypt the config file.
:param str decryption_password: password to decrypt the config file.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object.
:raises cse_exception.AmqpError: if AMQP exchange could not be created.
"""
config = get_validated_config(
config_file_name,
pks_config_file_name=pks_config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
log_wire_file=INSTALL_WIRELOG_FILEPATH,
logger_debug=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing CSE on vCloud Director using config file " \
f"'{config_file_name}'"
msg_update_callback.info(msg)
INSTALL_LOGGER.info(msg)
client = None
try:
# Telemetry - Construct telemetry data
telemetry_data = {
PayloadKey.WAS_DECRYPTION_SKIPPED:
bool(skip_config_decryption), # noqa: E501
PayloadKey.WAS_PKS_CONFIG_FILE_PROVIDED:
bool(pks_config_file_name), # noqa: E501
PayloadKey.WERE_TEMPLATES_SKIPPED:
bool(skip_template_creation), # noqa: E501
PayloadKey.WERE_TEMPLATES_FORCE_UPDATED:
bool(force_update), # noqa: E501
PayloadKey.WAS_TEMP_VAPP_RETAINED:
bool(retain_temp_vapp), # noqa: E501
PayloadKey.WAS_SSH_KEY_SPECIFIED: bool(ssh_key) # noqa: E501
}
# Telemetry - Record detailed telemetry data on install
record_user_action_details(
CseOperation.SERVICE_INSTALL,
telemetry_data,
telemetry_settings=config['service']['telemetry']) # noqa: E501
log_filename = None
log_wire = utils.str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = INSTALL_WIRELOG_FILEPATH
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
server_constants.SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
msg_update_callback.general(msg)
INSTALL_LOGGER.info(msg)
# create amqp exchange if it doesn't exist
amqp = config['amqp']
_create_amqp_exchange(amqp['exchange'],
amqp['host'],
amqp['port'],
amqp['vhost'],
amqp['ssl'],
amqp['username'],
amqp['password'],
msg_update_callback=msg_update_callback)
# register or update cse on vCD
_register_cse(client,
amqp['routing_key'],
amqp['exchange'],
msg_update_callback=msg_update_callback)
# register cse def schema on VCD
# schema should be located at
# ~/.cse-schema/api-v<API VERSION>/schema.json
_register_def_schema(client,
msg_update_callback=msg_update_callback,
log_wire=log_wire)
# Since we use CSE extension id as our telemetry instance_id, the
# validated config won't have the instance_id yet. Now that CSE has
# been registered as an extension, we should update the telemetry
# config with the correct instance_id
if config['service']['telemetry']['enable']:
store_telemetry_settings(config)
# register rights to vCD
# TODO() should also remove rights when unregistering CSE
_register_right(
client,
right_name=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_NAME, # noqa: E501
description=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_DESCRIPTION, # noqa: E501
category=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_CATEGORY, # noqa: E501
bundle_key=server_constants.
CSE_NATIVE_DEPLOY_RIGHT_BUNDLE_KEY, # noqa: E501
msg_update_callback=msg_update_callback)
_register_right(
client,
right_name=server_constants.
CSE_PKS_DEPLOY_RIGHT_NAME, # noqa: E501
description=server_constants.
CSE_PKS_DEPLOY_RIGHT_DESCRIPTION, # noqa: E501
category=server_constants.
CSE_PKS_DEPLOY_RIGHT_CATEGORY, # noqa: E501
bundle_key=server_constants.
CSE_PKS_DEPLOY_RIGHT_BUNDLE_KEY, # noqa: E501
msg_update_callback=msg_update_callback)
# set up placement policies for all types of clusters
_setup_placement_policies(
client,
policy_list=server_constants.
CLUSTER_PLACEMENT_POLICIES, # noqa: E501
msg_update_callback=msg_update_callback,
log_wire=log_wire)
# set up cse catalog
org = vcd_utils.get_org(client, org_name=config['broker']['org'])
vcd_utils.create_and_share_catalog(
org,
config['broker']['catalog'],
catalog_desc='CSE templates',
logger=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
if skip_template_creation:
msg = "Skipping creation of templates."
msg_update_callback.info(msg)
INSTALL_LOGGER.warning(msg)
else:
# read remote template cookbook, download all scripts
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=INSTALL_LOGGER,
msg_update_callback=msg_update_callback)
remote_template_cookbook = rtm.get_remote_template_cookbook()
# create all templates defined in cookbook
for template in remote_template_cookbook['templates']:
# TODO tag created templates with placement policies
_install_template(
client=client,
remote_template_manager=rtm,
template=template,
org_name=config['broker']['org'],
vdc_name=config['broker']['vdc'],
catalog_name=config['broker']['catalog'],
network_name=config['broker']['network'],
ip_allocation_mode=config['broker']['ip_allocation_mode'],
storage_profile=config['broker']['storage_profile'],
force_update=force_update,
retain_temp_vapp=retain_temp_vapp,
ssh_key=ssh_key,
msg_update_callback=msg_update_callback)
# if it's a PKS setup, setup NSX-T constructs
if config.get('pks_config'):
nsxt_servers = config['pks_config']['nsxt_servers']
wire_logger = NULL_LOGGER
if log_wire:
wire_logger = SERVER_NSXT_WIRE_LOGGER
for nsxt_server in nsxt_servers:
msg = f"Configuring NSX-T server ({nsxt_server.get('name')})" \
" for CSE. Please check install logs for details."
msg_update_callback.general(msg)
INSTALL_LOGGER.info(msg)
nsxt_client = NSXTClient(host=nsxt_server.get('host'),
username=nsxt_server.get('username'),
password=nsxt_server.get('password'),
logger_debug=INSTALL_LOGGER,
logger_wire=wire_logger,
http_proxy=nsxt_server.get('proxy'),
https_proxy=nsxt_server.get('proxy'),
verify_ssl=nsxt_server.get('verify'))
setup_nsxt_constructs(
nsxt_client=nsxt_client,
nodes_ip_block_id=nsxt_server.get('nodes_ip_block_ids'),
pods_ip_block_id=nsxt_server.get('pods_ip_block_ids'),
ncp_boundary_firewall_section_anchor_id=nsxt_server.get(
'distributed_firewall_section_anchor_id')
) # noqa: E501
# Telemetry - Record successful install action
record_user_action(CseOperation.SERVICE_INSTALL,
telemetry_settings=config['service']['telemetry'])
except Exception:
msg_update_callback.error(
"CSE Installation Error. Check CSE install logs")
INSTALL_LOGGER.error("CSE Installation Error", exc_info=True)
# Telemetry - Record failed install action
record_user_action(CseOperation.SERVICE_INSTALL,
status=OperationStatus.FAILED,
telemetry_settings=config['service']['telemetry'])
raise # TODO() need installation relevant exceptions for rollback
finally:
if client is not None:
client.logout()
def convert_cluster(ctx, config_file_name, skip_config_decryption,
cluster_name, admin_password, org_name, vdc_name,
skip_wait_for_gc):
if skip_config_decryption:
decryption_password = None
else:
decryption_password = os.getenv('CSE_CONFIG_PASSWORD') or prompt_text(
PASSWORD_FOR_CONFIG_DECRYPTION_MSG, color='green', hide_input=True)
try:
check_python_version()
except Exception as err:
click.secho(str(err), fg='red')
sys.exit(1)
client = None
try:
console_message_printer = ConsoleMessagePrinter()
config = get_validated_config(
config_file_name,
skip_config_decryption=skip_config_decryption,
decryption_password=decryption_password,
msg_update_callback=console_message_printer)
log_filename = None
log_wire = str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = 'cluster_convert_wire.log'
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
console_message_printer.general(msg)
cluster_records = get_all_clusters(client=client,
cluster_name=cluster_name,
org_name=org_name,
ovdc_name=vdc_name)
if len(cluster_records) == 0:
console_message_printer.info(f"No clusters were found.")
return
vms = []
for cluster in cluster_records:
console_message_printer.info(
f"Processing cluster '{cluster['name']}'.")
vapp_href = cluster['vapp_href']
vapp = VApp(client, href=vapp_href)
# this step removes the old 'cse.template' metadata and adds
# cse.template.name and cse.template.revision metadata
# using hard-coded values taken from github history
console_message_printer.info("Processing metadata of cluster.")
metadata_dict = metadata_to_dict(vapp.get_metadata())
old_template_name = metadata_dict.get(
ClusterMetadataKey.BACKWARD_COMPATIBILE_TEMPLATE_NAME
) # noqa: E501
new_template_name = None
cse_version = metadata_dict.get(ClusterMetadataKey.CSE_VERSION)
if old_template_name:
console_message_printer.info(
"Determining k8s version on cluster.")
if 'photon' in old_template_name:
new_template_name = 'photon-v2'
if cse_version in ('1.0.0'):
new_template_name += '_k8s-1.8_weave-2.0.5'
elif cse_version in ('1.1.0', '1.2.0', '1.2.1', '1.2.2',
'1.2.3', '1.2.4'): # noqa: E501
new_template_name += '_k8s-1.9_weave-2.3.0'
elif cse_version in (
'1.2.5',
'1.2.6',
'1.2.7',
): # noqa: E501
new_template_name += '_k8s-1.10_weave-2.3.0'
elif cse_version in ('2.0.0'):
new_template_name += '_k8s-1.12_weave-2.3.0'
elif 'ubuntu' in old_template_name:
new_template_name = 'ubuntu-16.04'
if cse_version in ('1.0.0'):
new_template_name += '_k8s-1.9_weave-2.1.3'
elif cse_version in ('1.1.0', '1.2.0', '1.2.1', '1.2.2',
'1.2.3', '1.2.4', '1.2.5', '1.2.6',
'1.2.7'): # noqa: E501
new_template_name += '_k8s-1.10_weave-2.3.0'
elif cse_version in ('2.0.0'):
new_template_name += '_k8s-1.13_weave-2.3.0'
if new_template_name:
console_message_printer.info("Updating metadata of cluster.")
task = vapp.remove_metadata(
ClusterMetadataKey.BACKWARD_COMPATIBILE_TEMPLATE_NAME
) # noqa: E501
client.get_task_monitor().wait_for_success(task)
new_metadata_to_add = {
ClusterMetadataKey.TEMPLATE_NAME: new_template_name,
ClusterMetadataKey.TEMPLATE_REVISION: 0
}
task = vapp.set_multiple_metadata(new_metadata_to_add)
client.get_task_monitor().wait_for_success(task)
# this step uses hard-coded data from the newly updated
# cse.template.name and cse.template.revision metadata fields as
# well as github history to add [cse.os, cse.docker.version,
# cse.kubernetes, cse.kubernetes.version, cse.cni, cse.cni.version]
# to the clusters
vapp.reload()
metadata_dict = metadata_to_dict(vapp.get_metadata())
template_name = metadata_dict.get(ClusterMetadataKey.TEMPLATE_NAME)
template_revision = str(
metadata_dict.get(ClusterMetadataKey.TEMPLATE_REVISION,
'0')) # noqa: E501
if template_name:
k8s_version, docker_version = get_k8s_and_docker_versions(
template_name,
template_revision=template_revision,
cse_version=cse_version) # noqa: E501
tokens = template_name.split('_')
new_metadata = {
ClusterMetadataKey.OS: tokens[0],
ClusterMetadataKey.DOCKER_VERSION: docker_version,
ClusterMetadataKey.KUBERNETES: 'upstream',
ClusterMetadataKey.KUBERNETES_VERSION: k8s_version,
ClusterMetadataKey.CNI: tokens[2].split('-')[0],
ClusterMetadataKey.CNI_VERSION: tokens[2].split('-')[1],
}
task = vapp.set_multiple_metadata(new_metadata)
client.get_task_monitor().wait_for_success(task)
console_message_printer.general(
"Finished processing metadata of cluster.")
reset_admin_pw = False
vm_resources = vapp.get_all_vms()
for vm_resource in vm_resources:
try:
vapp.get_admin_password(vm_resource.get('name'))
except EntityNotFoundException:
reset_admin_pw = True
break
if reset_admin_pw:
try:
console_message_printer.info(
f"Undeploying the vApp '{cluster['name']}'")
task = vapp.undeploy()
client.get_task_monitor().wait_for_success(task)
console_message_printer.general(
"Successfully undeployed the vApp.")
except Exception as err:
console_message_printer.error(str(err))
for vm_resource in vm_resources:
console_message_printer.info(
f"Processing vm '{vm_resource.get('name')}'.")
vm = VM(client, href=vm_resource.get('href'))
vms.append(vm)
console_message_printer.info("Updating vm admin password")
task = vm.update_guest_customization_section(
enabled=True,
admin_password_enabled=True,
admin_password_auto=not admin_password,
admin_password=admin_password,
)
client.get_task_monitor().wait_for_success(task)
console_message_printer.general("Successfully updated vm")
console_message_printer.info("Deploying vm.")
task = vm.power_on_and_force_recustomization()
client.get_task_monitor().wait_for_success(task)
console_message_printer.general("Successfully deployed vm")
console_message_printer.info("Deploying cluster")
task = vapp.deploy(power_on=True)
client.get_task_monitor().wait_for_success(task)
console_message_printer.general(
"Successfully deployed cluster") # noqa: E501
console_message_printer.general(
f"Successfully processed cluster '{cluster['name']}'")
if skip_wait_for_gc:
return
while True:
to_remove = []
for vm in vms:
status = vm.get_guest_customization_status()
if status != 'GC_PENDING':
to_remove.append(vm)
for vm in to_remove:
vms.remove(vm)
console_message_printer.info(
f"Waiting on guest customization to finish on {len(vms)} vms.")
if not len(vms) == 0:
time.sleep(5)
else:
break
except cryptography.fernet.InvalidToken:
click.secho(CONFIG_DECRYPTION_ERROR_MSG, fg='red')
except Exception as err:
click.secho(str(err), fg='red')
finally:
if client:
client.logout()
def install_cse(ctx,
config_file_name='config.yaml',
skip_template_creation=True,
force_update=False,
ssh_key=None,
retain_temp_vapp=False,
msg_update_callback=None):
"""Handle logistics for CSE installation.
Handles decision making for configuring AMQP exchange/settings,
extension registration, catalog setup, and template creation.
:param click.core.Context ctx:
:param str config_file_name: config file name.
:param bool skip_template_creation: If True, skip creating the templates.
:param bool force_update: if True and templates already exist in vCD,
overwrites existing templates.
:param str ssh_key: public ssh key to place into template vApp(s).
:param bool retain_temp_vapp: if True, temporary vApp will not destroyed,
so the user can ssh into and debug the vm.
:param utils.ConsoleMessagePrinter msg_update_callback: Callback object
that writes messages onto console.
:raises AmqpError: if AMQP exchange could not be created.
"""
configure_install_logger()
config = get_validated_config(config_file_name,
msg_update_callback=msg_update_callback)
populate_vsphere_list(config['vcs'])
msg = f"Installing CSE on vCloud Director using config file " \
f"'{config_file_name}'"
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.info(msg)
client = None
try:
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=INSTALL_WIRELOG_FILEPATH,
log_requests=True,
log_headers=True,
log_bodies=True)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
# create amqp exchange if it doesn't exist
amqp = config['amqp']
_create_amqp_exchange(amqp['exchange'],
amqp['host'],
amqp['port'],
amqp['vhost'],
amqp['ssl'],
amqp['username'],
amqp['password'],
msg_update_callback=msg_update_callback)
# register or update cse on vCD
_register_cse(client,
amqp['routing_key'],
amqp['exchange'],
msg_update_callback=msg_update_callback)
# register rights to vCD
# TODO() should also remove rights when unregistering CSE
_register_right(client,
right_name=CSE_NATIVE_DEPLOY_RIGHT_NAME,
description=CSE_NATIVE_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_NATIVE_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_NATIVE_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
_register_right(client,
right_name=CSE_PKS_DEPLOY_RIGHT_NAME,
description=CSE_PKS_DEPLOY_RIGHT_DESCRIPTION,
category=CSE_PKS_DEPLOY_RIGHT_CATEGORY,
bundle_key=CSE_PKS_DEPLOY_RIGHT_BUNDLE_KEY,
msg_update_callback=msg_update_callback)
org_name = config['broker']['org']
catalog_name = config['broker']['catalog']
# set up cse catalog
org = get_org(client, org_name=org_name)
create_and_share_catalog(org,
catalog_name,
catalog_desc='CSE templates',
msg_update_callback=msg_update_callback)
if skip_template_creation:
msg = "Skipping creation of templates."
if msg_update_callback:
msg_update_callback.info(msg)
LOGGER.warning(msg)
else:
# read remote template cookbook, download all scripts
rtm = RemoteTemplateManager(
remote_template_cookbook_url=config['broker']
['remote_template_cookbook_url'], # noqa: E501
logger=LOGGER,
msg_update_callback=ConsoleMessagePrinter())
remote_template_cookbook = rtm.get_remote_template_cookbook()
# create all templates defined in cookbook
for template in remote_template_cookbook['templates']:
rtm.download_template_scripts(
template_name=template[RemoteTemplateKey.NAME],
revision=template[RemoteTemplateKey.REVISION],
force_overwrite=force_update)
catalog_item_name = get_revisioned_template_name(
template[RemoteTemplateKey.NAME],
template[RemoteTemplateKey.REVISION])
build_params = {
'template_name':
template[RemoteTemplateKey.NAME],
'template_revision':
template[RemoteTemplateKey.REVISION],
'source_ova_name':
template[RemoteTemplateKey.SOURCE_OVA_NAME], # noqa: E501
'source_ova_href':
template[RemoteTemplateKey.SOURCE_OVA_HREF], # noqa: E501
'source_ova_sha256':
template[
RemoteTemplateKey.SOURCE_OVA_SHA256], # noqa: E501
'org_name':
org_name,
'vdc_name':
config['broker']['vdc'],
'catalog_name':
catalog_name,
'catalog_item_name':
catalog_item_name,
'catalog_item_description':
template[RemoteTemplateKey.DESCRIPTION], # noqa: E501
'temp_vapp_name':
template[RemoteTemplateKey.NAME] + '_temp', # noqa: E501
'cpu':
template[RemoteTemplateKey.CPU],
'memory':
template[RemoteTemplateKey.MEMORY],
'network_name':
config['broker']['network'],
'ip_allocation_mode':
config['broker']['ip_allocation_mode'], # noqa: E501
'storage_profile':
config['broker']['storage_profile']
}
builder = TemplateBuilder(
client,
client,
build_params,
ssh_key=ssh_key,
logger=LOGGER,
msg_update_callback=ConsoleMessagePrinter())
builder.build(force_recreate=force_update,
retain_temp_vapp=retain_temp_vapp)
# remote definition is a super set of local definition, barring
# the key 'catalog_item_name'
template_definition = dict(template)
template_definition['catalog_item_name'] = catalog_item_name
save_k8s_local_template_definition_as_metadata(
client=client,
catalog_name=catalog_name,
catalog_item_name=catalog_item_name,
template_definition=template_definition,
org_name=org_name)
# if it's a PKS setup, setup NSX-T constructs
if config.get('pks_config'):
nsxt_servers = config.get('pks_config')['nsxt_servers']
for nsxt_server in nsxt_servers:
msg = f"Configuring NSX-T server ({nsxt_server.get('name')})" \
" for CSE. Please check install logs for details."
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
nsxt_client = NSXTClient(host=nsxt_server.get('host'),
username=nsxt_server.get('username'),
password=nsxt_server.get('password'),
http_proxy=nsxt_server.get('proxy'),
https_proxy=nsxt_server.get('proxy'),
verify_ssl=nsxt_server.get('verify'),
logger_instance=LOGGER,
log_requests=True,
log_headers=True,
log_body=True)
setup_nsxt_constructs(
nsxt_client=nsxt_client,
nodes_ip_block_id=nsxt_server.get('nodes_ip_block_ids'),
pods_ip_block_id=nsxt_server.get('pods_ip_block_ids'),
ncp_boundary_firewall_section_anchor_id=nsxt_server.get(
'distributed_firewall_section_anchor_id')
) # noqa: E501
except Exception:
if msg_update_callback:
msg_update_callback.error(
"CSE Installation Error. Check CSE install logs")
LOGGER.error("CSE Installation Error", exc_info=True)
raise # TODO() need installation relevant exceptions for rollback
finally:
if client is not None:
client.logout()
def run(self, msg_update_callback=None):
configure_server_logger()
self.config = get_validated_config(
self.config_file, msg_update_callback=msg_update_callback)
populate_vsphere_list(self.config['vcs'])
# Read K8 catalog definition from catalog item metadata and append
# to server config
client = None
try:
client = Client(self.config['vcd']['host'],
api_version=self.config['vcd']['api_version'],
verify_ssl_certs=self.config['vcd']['verify'],
log_file=SERVER_DEBUG_WIRELOG_FILEPATH,
log_requests=True,
log_headers=True,
log_bodies=True)
credentials = BasicLoginCredentials(self.config['vcd']['username'],
SYSTEM_ORG_NAME,
self.config['vcd']['password'])
client.set_credentials(credentials)
org_name = self.config['broker']['org']
catalog_name = self.config['broker']['catalog']
k8_templates = get_all_k8s_local_template_definition(
client=client, catalog_name=catalog_name, org_name=org_name)
if not k8_templates:
msg = "No valid K8 templates were found in catalog " \
f"'{catalog_name}'. Unable to start CSE server."
if msg_update_callback:
msg_update_callback.error(msg)
LOGGER.error(msg)
sys.exit(1)
# Check that deafult K8 template exists in vCD at the correct
# revision
default_template_name = \
self.config['broker']['default_template_name']
default_template_revision = \
str(self.config['broker']['default_template_revision'])
found_default_template = False
for template in k8_templates:
if str(template['revision']) == default_template_revision \
and template['name'] == default_template_name:
found_default_template = True
msg = f"Found K8 template '{template['name']}' at revision " \
f"{template['revision']} in catalog '{catalog_name}'"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
if not found_default_template:
msg = f"Default template {default_template_name} with " \
f"revision {default_template_revision} not found." \
" Unable to start CSE server."
if msg_update_callback:
msg_update_callback.error(msg)
LOGGER.error(msg)
sys.exit(1)
self.config['broker']['templates'] = k8_templates
finally:
if client:
client.logout()
# TODO Rule framework, update config with rules
if self.should_check_config:
check_cse_installation(self.config,
msg_update_callback=msg_update_callback)
if self.config.get('pks_config'):
pks_config = self.config.get('pks_config')
self.pks_cache = PksCache(
pks_servers=pks_config.get('pks_api_servers', []),
pks_accounts=pks_config.get('pks_accounts', []),
pvdcs=pks_config.get('pvdcs', []),
orgs=pks_config.get('orgs', []),
nsxt_servers=pks_config.get('nsxt_servers', []))
amqp = self.config['amqp']
num_consumers = self.config['service']['listeners']
for n in range(num_consumers):
try:
c = MessageConsumer(amqp['host'], amqp['port'], amqp['ssl'],
amqp['vhost'], amqp['username'],
amqp['password'], amqp['exchange'],
amqp['routing_key'])
name = 'MessageConsumer-%s' % n
t = Thread(name=name, target=consumer_thread, args=(c, ))
t.daemon = True
t.start()
msg = f"Started thread '{name} ({t.ident})'"
if msg_update_callback:
msg_update_callback.general(msg)
LOGGER.info(msg)
self.threads.append(t)
self.consumers.append(c)
time.sleep(0.25)
except KeyboardInterrupt:
break
except Exception:
LOGGER.error(traceback.format_exc())
LOGGER.info(f"Number of threads started: {len(self.threads)}")
self._state = ServerState.RUNNING
message = f"Container Service Extension for vCloud Director" \
f"\nServer running using config file: {self.config_file}" \
f"\nLog files: {SERVER_INFO_LOG_FILEPATH}, " \
f"{SERVER_DEBUG_LOG_FILEPATH}" \
f"\nwaiting for requests (ctrl+c to close)"
signal.signal(signal.SIGINT, signal_handler)
if msg_update_callback:
msg_update_callback.general_no_color(message)
LOGGER.info(message)
while True:
try:
time.sleep(1)
if self._state == ServerState.STOPPING and \
self.active_requests_count() == 0:
break
except KeyboardInterrupt:
break
except Exception:
if msg_update_callback:
msg_update_callback.general_no_color(
traceback.format_exc())
LOGGER.error(traceback.format_exc())
sys.exit(1)
LOGGER.info("Stop detected")
LOGGER.info("Closing connections...")
for c in self.consumers:
try:
c.stop()
except Exception:
pass
self._state = ServerState.STOPPED
LOGGER.info("Done")
def convert_cluster(ctx, config_file_name, cluster_name, password, org_name,
vdc_name, skip_wait_for_gc):
try:
check_python_version()
except Exception as err:
click.secho(str(err), fg='red')
sys.exit(1)
client = None
try:
console_message_printer = ConsoleMessagePrinter()
config = get_validated_config(
config_file_name, msg_update_callback=console_message_printer)
log_filename = None
log_wire = str_to_bool(config['service'].get('log_wire'))
if log_wire:
log_filename = 'cluster_convert_wire.log'
client = Client(config['vcd']['host'],
api_version=config['vcd']['api_version'],
verify_ssl_certs=config['vcd']['verify'],
log_file=log_filename,
log_requests=log_wire,
log_headers=log_wire,
log_bodies=log_wire)
credentials = BasicLoginCredentials(config['vcd']['username'],
SYSTEM_ORG_NAME,
config['vcd']['password'])
client.set_credentials(credentials)
msg = f"Connected to vCD as system administrator: " \
f"{config['vcd']['host']}:{config['vcd']['port']}"
console_message_printer.general(msg)
cluster_records = get_all_clusters(client=client,
cluster_name=cluster_name,
org_name=org_name,
ovdc_name=vdc_name)
if len(cluster_records) == 0:
console_message_printer.info(f"No clusters were found.")
return
vms = []
for cluster in cluster_records:
console_message_printer.info(
f"Processing cluster '{cluster['name']}'.")
vapp_href = cluster['vapp_href']
vapp = VApp(client, href=vapp_href)
console_message_printer.info("Processing metadata of cluster.")
metadata = metadata_to_dict(vapp.get_metadata())
old_template_name = None
new_template_name = None
if ClusterMetadataKey.BACKWARD_COMPATIBILE_TEMPLATE_NAME in metadata: # noqa: E501
old_template_name = metadata.pop(ClusterMetadataKey.BACKWARD_COMPATIBILE_TEMPLATE_NAME) # noqa: E501
version = metadata.get(ClusterMetadataKey.CSE_VERSION)
if old_template_name:
console_message_printer.info(
"Determining k8s version on cluster.")
if 'photon' in old_template_name:
new_template_name = 'photon-v2'
if '1.0.0' in version:
new_template_name += '_k8s-1.8_weave-2.0.5'
elif any(ver in version for ver in ('1.1.0', '1.2.0', '1.2.1', '1.2.2', '1.2.3', '1.2.4',)): # noqa: E501
new_template_name += '_k8s-1.9_weave-2.3.0'
elif any(ver in version for ver in ('1.2.5', '1.2.6', '1.2.7',)): # noqa: E501
new_template_name += '_k8s-1.10_weave-2.3.0'
elif '2.0.0' in version:
new_template_name += '_k8s-1.12_weave-2.3.0'
elif 'ubuntu' in old_template_name:
new_template_name = 'ubuntu-16.04'
if '1.0.0' in version:
new_template_name += '_k8s-1.9_weave-2.1.3'
elif any(ver in version for ver in ('1.1.0', '1.2.0', '1.2.1', '1.2.2', '1.2.3', '1.2.4', '1.2.5', '1.2.6', '1.2.7')): # noqa: E501
new_template_name += '_k8s-1.10_weave-2.3.0'
elif '2.0.0' in version:
new_template_name += '_k8s-1.13_weave-2.3.0'
if new_template_name:
console_message_printer.info("Updating metadata of cluster.")
task = vapp.remove_metadata(ClusterMetadataKey.BACKWARD_COMPATIBILE_TEMPLATE_NAME) # noqa: E501
client.get_task_monitor().wait_for_success(task)
new_metadata_to_add = {
ClusterMetadataKey.TEMPLATE_NAME: new_template_name,
ClusterMetadataKey.TEMPLATE_REVISION: 0
}
task = vapp.set_multiple_metadata(new_metadata_to_add)
client.get_task_monitor().wait_for_success(task)
console_message_printer.general(
"Finished processing metadata of cluster.")
try:
console_message_printer.info(
f"Undeploying the vApp '{cluster['name']}'")
task = vapp.undeploy()
client.get_task_monitor().wait_for_success(task)
console_message_printer.general(
"Successfully undeployed the vApp.")
except Exception as err:
console_message_printer.error(str(err))
vm_resources = vapp.get_all_vms()
for vm_resource in vm_resources:
console_message_printer.info(
f"Processing vm '{vm_resource.get('name')}'.")
vm = VM(client, href=vm_resource.get('href'))
vms.append(vm)
console_message_printer.info("Updating vm admin password.")
task = vm.update_guest_customization_section(
enabled=True,
admin_password_enabled=True,
admin_password_auto=not password,
admin_password=password,
)
client.get_task_monitor().wait_for_success(task)
console_message_printer.general("Successfully updated vm .")
console_message_printer.info("Deploying vm.")
task = vm.power_on_and_force_recustomization()
client.get_task_monitor().wait_for_success(task)
console_message_printer.general("Successfully deployed vm.")
console_message_printer.info("Deploying cluster")
task = vapp.deploy(power_on=True)
client.get_task_monitor().wait_for_success(task)
console_message_printer.general("Successfully deployed cluster.")
console_message_printer.general(
f"Successfully processed cluster '{cluster['name']}'.")
if skip_wait_for_gc:
return
while True:
for vm in vms:
status = vm.get_guest_customization_status()
if status != 'GC_PENDING':
vms.remove(vm)
console_message_printer.info(
f"Waiting on guest customization to finish on {len(vms)} vms.")
if not len(vms) == 0:
time.sleep(5)
else:
break
except Exception as err:
click.secho(str(err), fg='red')
finally:
if client:
client.logout()
