Exemple #1
0
def create_keycloak_client_task(project_slug, username, repository):
    # Create Keycloak client for project with default project role.
    # The creator of the project assumes all roles by default.
    print('Creating Keycloak resources.')
    HOST = settings.DOMAIN
    print('host: '+HOST)
    RELEASE_NAME = str(project_slug)
    print('release: '+RELEASE_NAME)
    URL = 'https://{}/{}/{}'.format(HOST, username, RELEASE_NAME)
    print(URL)
    
    keylib.keycloak_setup_base_client(URL, RELEASE_NAME, username, settings.PROJECT_ROLES, settings.PROJECT_ROLES)

    print('Done Keycloak.')
Exemple #2
0
def create_session_resources(request, user, session, prefs, project):

    print("1; going for the dispatch!")

    HOST = settings.DOMAIN
    RELEASE_NAME = str(session.slug)
    
    URL = 'https://'+RELEASE_NAME+'.'+HOST
    client_id, client_secret = keylib.keycloak_setup_base_client(URL, RELEASE_NAME, user)

    parameters = {'release': str(session.slug),
                  'chart': session.chart,
                  'global.domain': settings.DOMAIN,
                  'project.name': project.slug,
                  'gatekeeper.realm': settings.KC_REALM,
                  'gatekeeper.client_secret': client_secret,
                  'gatekeeper.client_id': client_id,
                  'gatekeeper.auth_endpoint': settings.OIDC_OP_REALM_AUTH
                  }
    parameters.update(prefs)

    url = settings.CHART_CONTROLLER_URL + '/deploy'

    retval = r.get(url, parameters)
    print("CREATE_SESSION:helm chart creator returned {}".format(retval))

    if retval.status_code >= 200 or retval.status_code < 205:
        return True

    return False
Exemple #3
0
def pre_save_deployment(sender, instance, using, **kwargs):
    model = instance.model

    if model.status == 'DP':
        raise Exception('Model already deployed.')

    model_file = model.uid
    model_bucket = 'models'

    deployment_name = slugify(model.name)
    deployment_version = slugify(model.version)
    deployment_endpoint = '{}-{}.{}'.format(model.name, model.version,
                                            settings.DOMAIN)

    deployment_endpoint = settings.DOMAIN
    deployment_path = '/{}/serve/{}/{}/'.format(model.project.slug,
                                                slugify(model.name),
                                                slugify(model.version))

    instance.endpoint = deployment_endpoint
    instance.path = deployment_path

    context = instance.deployment
    context_image = context.image

    project = model.project
    project_slug = project.slug

    minio_keys = get_minio_keys(project)
    decrypted_key = minio_keys['project_key']
    decrypted_secret = minio_keys['project_secret']
    minio_access_key = decrypted_key
    minio_secret_key = decrypted_secret

    minio_host = project_slug + '-minio:9000'

    global_domain = settings.DOMAIN

    HOST = settings.DOMAIN
    RELEASE_NAME = slugify(
        str(project_slug) + '-' + str(deployment_name) + '-' +
        str(deployment_version))
    burl = os.path.join('https://', HOST)
    eurl = os.path.join(deployment_endpoint, deployment_path)
    URL = burl + eurl

    instance.appname = instance.model.project.slug + '-' + slugify(
        instance.model.name) + '-' + slugify(instance.model.version)

    # Create Keycloak client corresponding to this deployment
    print(URL)
    print(RELEASE_NAME)
    print(instance.created_by.username)
    client_id, client_secret = keylib.keycloak_setup_base_client(
        URL, RELEASE_NAME, instance.created_by.username, ['owner'], ['owner'])

    skip_tls = 0
    if not settings.OIDC_VERIFY_SSL:
        skip_tls = 1
        print("WARNING: Skipping TLS verify.")

    # Default is that access is private.
    rules = """resources:
    - uri: /*
      roles:
      - {}:owner
    """.format(client_id)

    access_rules = {"gatekeeper.rules": rules}

    if 'access' in instance.params:
        print(instance.params['access'])
        if instance.params['access'] == 'public':
            # No rule means open to anyone.
            print("Public endpoint")
            access_rules = {"gatekeeper.rules": "public"}
        del instance.params['access']

    print(instance.params)

    parameters = {
        'release': RELEASE_NAME,
        'chart': 'deploy',
        'namespace': settings.NAMESPACE,
        'appname': instance.appname,
        'replicas': '1',
        'global.domain': global_domain,
        'project.slug': project_slug,
        'deployment.version': deployment_version,
        'deployment.name': deployment_name,
        'deployment.endpoint': deployment_endpoint,
        'deployment.path': deployment_path,
        'context.image': context_image,
        'model.bucket': model_bucket,
        'model.file': model_file,
        'minio.host': minio_host,
        'minio.secret_key': minio_secret_key,
        'minio.access_key': minio_access_key,
        'gatekeeper.realm': settings.KC_REALM,
        'gatekeeper.client_secret': client_secret,
        'gatekeeper.client_id': client_id,
        'gatekeeper.auth_endpoint': settings.OIDC_OP_REALM_AUTH,
        'gatekeeper.skip_tls': str(skip_tls)
    }

    parameters.update(instance.params)
    parameters.update(access_rules)
    print('creating chart')
    helmchart = HelmResource(name=RELEASE_NAME,
                             namespace='Default',
                             chart='deploy',
                             params=parameters,
                             username=instance.created_by.username)
    helmchart.save()
    instance.helmchart = helmchart

    if helmchart.status == 'Failed':
        # If fail, clean up in Keycloak
        kc = keylib.keycloak_init()
        keylib.keycloak_delete_client(kc, RELEASE_NAME)
        scope_id = keylib.keycloak_get_client_scope_id(kc,
                                                       RELEASE_NAME + '-scope')
        keylib.keycloak_delete_client_scope(kc, scope_id)
        raise Exception('Failed to launch deploy job.')
    else:
        instance.release = RELEASE_NAME
        model.status = 'DP'
        model.save()
Exemple #4
0
def pre_save_labs(sender, instance, using, **kwargs):

    instance.slug = slugify(instance.name)

    RELEASE_NAME = str(instance.slug)
    HOST = settings.DOMAIN
    URL = 'https://'+RELEASE_NAME+'.'+HOST
    user = instance.lab_session_owner.username
    client_id, client_secret = keylib.keycloak_setup_base_client(URL, RELEASE_NAME, user, ['owner'], ['owner'])
    
    instance.keycloak_client_id = client_id
    instance.appname = '{}-{}-lab'.format(instance.slug, instance.project.slug)
    skip_tls = 0
    if not settings.OIDC_VERIFY_SSL:
        skip_tls = 1
        print("WARNING: Skipping TLS verify.")
    parameters = {'release': RELEASE_NAME,
                  'chart': 'lab',
                  'global.domain': settings.DOMAIN,
                  'project.name': instance.project.slug,
                  'appname': instance.appname,
                  'gatekeeper.realm': settings.KC_REALM,
                  'gatekeeper.client_secret': client_secret,
                  'gatekeeper.client_id': client_id,
                  'gatekeeper.auth_endpoint': settings.OIDC_OP_REALM_AUTH,
                  'gatekeeper.skip_tls': str(skip_tls)
                  }

    ingress_secret_name = 'prod-ingress'
    try:
        ingress_secret_name = settings.LABS['ingress']['secretName']
    except:
        pass
    
    project = instance.project
    minio_keys = get_minio_keys(project)
    decrypted_key = minio_keys['project_key']
    decrypted_secret = minio_keys['project_secret']

    settings_file = ProjectSerializer(project)

    settings_file = JSONRenderer().render(settings_file.data)
    settings_file = settings_file.decode('utf-8')

    settings_file = json.loads(settings_file)
    settings_file = yaml.dump(settings_file)

    user_config_file = create_user_settings(user)
    user_config_file = yaml.dump(json.loads(user_config_file))

    flavor = Flavor.objects.filter(slug=instance.flavor_slug).first()
    environment = Environment.objects.filter(slug=instance.environment_slug).first()

    prefs = {'namespace': settings.NAMESPACE,
              'labs.resources.requests.cpu': str(flavor.cpu),
              'labs.resources.limits.cpu': str(flavor.cpu),
              'labs.resources.requests.memory': str(flavor.mem),
              'labs.resources.limits.memory': str(flavor.mem),
              'labs.resources.requests.gpu': str(flavor.gpu),
              'labs.resources.limits.gpu': str(flavor.gpu),
              'labs.gpu.enabled': str("true" if flavor.gpu else "false"),
              'labs.image': environment.image,
              'ingress.secretName': ingress_secret_name,
              'minio.access_key': decrypted_key,
              'minio.secret_key': decrypted_secret,
              'settings_file': settings_file,
              'user_settings_file': user_config_file,
              'project.slug': project.slug
              }
    
    parameters.update(prefs)
    print(parameters)
    helmchart = HelmResource(name=RELEASE_NAME,
                             namespace='Default',
                             chart='lab',
                             params=parameters,
                             username=user)
    helmchart.save()
    instance.helmchart = helmchart

    l = ProjectLog(project=project, module='LA', headline='Lab Session',
                               description='A new Lab Session {name} has been created'.format(name=RELEASE_NAME))
    l.save()