def update_nrpe_config(): plugins_dir = '/usr/local/lib/nagios/plugins' nrpe_compat = nrpe.NRPE() component_ip = common_utils.get_ip() common_utils.rsync_nrpe_checks(plugins_dir) common_utils.add_nagios_to_sudoers() check_ui_cmd = 'check_http -H {} -p 8143 -S'.format(component_ip) nrpe_compat.add_check(shortname='check_contrail_web_ui', description='Check Contrail WebUI', check_cmd=check_ui_cmd) ssl_on_backend = config.get( "ssl_enabled", False) and common_utils.is_config_analytics_ssl_available() if ssl_on_backend: check_api_cmd = 'check_http -S -H {} -p 8082'.format(component_ip) else: check_api_cmd = 'check_http -H {} -p 8082'.format(component_ip) nrpe_compat.add_check(shortname='check_contrail_api', description='Check Contrail API', check_cmd=check_api_cmd) ctl_status_shortname = 'check_contrail_status_' + MODULE nrpe_compat.add_check(shortname=ctl_status_shortname, description='Check contrail-status', check_cmd=common_utils.contrail_status_cmd( MODULE, plugins_dir)) nrpe_compat.write()
def get_context(): ctx = {} ctx["module"] = MODULE ctx["log_level"] = config.get("log-level", "SYS_NOTICE") # previous versions of charm may store next value in config as string. ssl_enabled = config.get("ssl_enabled", False) if not isinstance(ssl_enabled, bool): ssl_enabled = yaml.load(ssl_enabled) if not isinstance(ssl_enabled, bool): ssl_enabled = False ctx["ssl_enabled"] = ssl_enabled ctx["certs_hash"] = common_utils.get_certs_hash(MODULE) if ctx["ssl_enabled"] else '' ctx["analyticsdb_minimum_diskgb"] = config.get("cassandra-minimum-diskgb") ctx["jvm_extra_opts"] = config.get("cassandra-jvm-extra-opts") ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available() ctx["logging"] = docker_utils.render_logging() ctx["contrail_version"] = common_utils.get_contrail_version() ctx.update(common_utils.json_loads(config.get("orchestrator_info"), dict())) if not ctx.get("cloud_orchestrators"): ctx["cloud_orchestrators"] = [ctx.get("cloud_orchestrator")] if ctx.get("cloud_orchestrator") else list() ctx["analyticsdb_servers"] = list(common_utils.json_loads(leader_get("cluster_info"), dict()).values()) ctx.update(servers_ctx()) log("CTX: {}".format(ctx)) ctx.update(common_utils.json_loads(config.get("auth_info"), dict())) return ctx
def get_context(): ctx = {} ctx["module"] = MODULE ctx["log_level"] = config.get("log-level", "SYS_NOTICE") ctx["bgp_asn"] = config.get("bgp-asn", "64512") ctx["encap_priority"] = config.get("encap-priority") ctx["vxlan_vn_id_mode"] = config.get("vxlan-vn-id-mode") ctx["flow_export_rate"] = config.get("flow-export-rate") ctx["auth_mode"] = config.get("auth-mode") ctx["cloud_admin_role"] = config.get("cloud-admin-role") ctx["global_read_only_role"] = config.get("global-read-only-role") ctx["configdb_minimum_diskgb"] = config.get("cassandra-minimum-diskgb") ctx["jvm_extra_opts"] = config.get("cassandra-jvm-extra-opts") ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") ctx["contrail_version"] = common_utils.get_contrail_version() ctx.update(common_utils.json_loads(config.get("orchestrator_info"), dict())) ctx["ssl_enabled"] = config.get("ssl_enabled", False) ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) ctx["use_internal_endpoints"] = config.get("use_internal_endpoints", False) ctx["logging"] = docker_utils.render_logging() ips = common_utils.json_loads(leader_get("controller_ip_list"), list()) data_ips = common_utils.json_loads(leader_get("controller_data_ip_list"), list()) ctx["controller_servers"] = ips ctx["control_servers"] = data_ips ctx["analytics_servers"] = get_analytics_list() log("CTX: " + str(ctx)) ctx.update(common_utils.json_loads(config.get("auth_info"), dict())) return ctx
def update_southbound_relations(rid=None): rids = [rid] if rid else relation_ids("contrail-controller") if not rids: return # controller_ips/data_ips are already dumped json ip_list = leader_get("controller_ip_list") data_ip_list = leader_get("controller_data_ip_list") if len(common_utils.json_loads(leader_get("controller_ip_list"), list())) < config.get("min-cluster-size"): ip_list = '[]' data_ip_list = '[]' settings = { "maintenance": config.get("maintenance"), "analytics-server": json.dumps(utils.get_analytics_list()), "analyticsdb_enabled": utils.analyticsdb_enabled(), "auth-mode": config.get("auth-mode"), "auth-info": config.get("auth_info"), "orchestrator-info": config.get("orchestrator_info"), "agents-info": config.get("agents-info"), "ssl-enabled": config.get("ssl_enabled") and common_utils.is_config_analytics_ssl_available(), # base64 encoded ca-cert "ca-cert": config.get("ca_cert"), "controller_ips": ip_list, "controller_data_ips": data_ip_list, "issu_controller_ips": config.get("issu_controller_ips"), "issu_controller_data_ips": config.get("issu_controller_data_ips"), "issu_analytics_ips": config.get("issu_analytics_ips"), "rabbitmq_connection_details": json.dumps(utils.get_rabbitmq_connection_details()), "cassandra_connection_details": json.dumps(utils.get_cassandra_connection_details()), "zookeeper_connection_details": json.dumps(utils.get_zookeeper_connection_details()), } for rid in rids: relation_set(relation_id=rid, relation_settings=settings)
def config_changed(): if config.changed("nested_mode"): raise Exception('Nested mode cannot be changed after deployment.') # TODO: analyze other params and raise exception if readonly params were changed utils.update_nrpe_config() if config.changed("control-network"): settings = {'private-address': common_utils.get_ip()} rnames = ("contrail-controller", "contrail-kubernetes-config") for rname in rnames: for rid in relation_ids(rname): relation_set(relation_id=rid, relation_settings=settings) _notify_contrail_kubernetes_node() if config.changed("kubernetes_api_hostname") or config.changed( "kubernetes_api_secure_port"): _notify_controller() config[ "config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) config.save() docker_utils.config_changed() utils.update_charm_status()
def get_context(): ctx = {} ctx["module"] = MODULE ctx["log_level"] = config.get("log-level", "SYS_NOTICE") # previous versions of charm may store next value in config as string. ssl_enabled = config.get("ssl_enabled", False) if not isinstance(ssl_enabled, bool): ssl_enabled = yaml.load(ssl_enabled) if not isinstance(ssl_enabled, bool): ssl_enabled = False ctx["ssl_enabled"] = ssl_enabled ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") ctx.update(common_utils.json_loads(config.get("orchestrator_info"), dict())) if not ctx.get("cloud_orchestrators"): ctx["cloud_orchestrators"] = list( ctx.get("cloud_orchestrator")) if ctx.get( "cloud_orchestrator") else list() ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) ctx["logging"] = docker_utils.render_logging() ctx["contrail_version"] = common_utils.get_contrail_version() ctx.update(controller_ctx()) ctx.update(analytics_ctx()) ctx.update(analyticsdb_ctx()) log("CTX: {}".format(ctx)) ctx.update(common_utils.json_loads(config.get("auth_info"), dict())) return ctx
def config_changed(): utils.update_nrpe_config() auth_mode = config.get("auth-mode") if auth_mode not in ("rbac", "cloud-admin", "no-auth"): raise Exception("Config is invalid. auth-mode must one of: " "rbac, cloud-admin, no-auth.") if config.changed("control-network") or config.changed("data-network"): ip = common_utils.get_ip() data_ip = common_utils.get_ip(config_param="data-network", fallback=ip) rel_settings = {"private-address": ip} for rname in ("http-services", "https-services"): for rid in relation_ids(rname): relation_set(relation_id=rid, relation_settings=rel_settings) cluster_settings = {"unit-address": ip, "data-address": data_ip} if config.get('local-rabbitmq-hostname-resolution'): cluster_settings.update({ "rabbitmq-hostname": utils.get_contrail_rabbit_hostname(), }) # this will also take care of updating the hostname in case # control-network changes to something different although # such host reconfiguration is unlikely utils.update_rabbitmq_cluster_hostnames() for rid in relation_ids("controller-cluster"): relation_set(relation_id=rid, relation_settings=cluster_settings) if is_leader(): _address_changed(local_unit(), ip, 'ip') _address_changed(local_unit(), data_ip, 'data_ip') if config.changed("local-rabbitmq-hostname-resolution"): if config.get("local-rabbitmq-hostname-resolution"): # enabling this option will trigger events on other units # so their hostnames will be added as -changed events fire # we just need to set our hostname utils.update_rabbitmq_cluster_hostnames() else: kvstore = kv() rabbitmq_hosts = kvstore.get(key='rabbitmq_hosts', default={}) for ip, hostname in rabbitmq_hosts: utils.update_hosts_file(ip, hostname, remove_hostname=True) config[ "config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) config.save() docker_utils.config_changed() utils.update_charm_status() _notify_haproxy_services() update_northbound_relations() update_southbound_relations() update_issu_relations()
def get_context(): ctx = {} ctx["module"] = MODULE ctx["log_level"] = config.get("log-level", "SYS_NOTICE") ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") ctx["contrail_version"] = common_utils.get_contrail_version() ctx["kubemanager_servers"] = list(common_utils.json_loads(leader_get("cluster_info"), dict()).values()) # get contrail configuration from relation ips = common_utils.json_loads(config.get("controller_ips"), list()) data_ips = common_utils.json_loads(config.get("controller_data_ips"), list()) ctx["controller_servers"] = ips ctx["control_servers"] = data_ips ips = common_utils.json_loads(config.get("analytics_servers"), list()) ctx["analytics_servers"] = ips ctx["analyticsdb_enabled"] = config.get("analyticsdb_enabled", True) ctx["ssl_enabled"] = config.get("ssl_enabled", False) ctx["cluster_name"] = config.get("cluster_name") ctx["cluster_project"] = config.get("cluster_project") ctx["cluster_network"] = config.get("cluster_network") ctx["pod_subnets"] = config.get("pod_subnets") ctx["ip_fabric_subnets"] = config.get("ip_fabric_subnets") ctx["service_subnets"] = config.get("service_subnets") ctx["ip_fabric_forwarding"] = config.get("ip_fabric_forwarding") ctx["ip_fabric_snat"] = config.get("ip_fabric_snat") ctx["host_network_service"] = config.get("host_network_service") ctx["public_fip_pool"] = config.get("public_fip_pool") ctx.update(common_utils.json_loads(config.get("orchestrator_info"), dict())) if not ctx.get("cloud_orchestrators"): ctx["cloud_orchestrators"] = list(ctx.get("cloud_orchestrator")) if ctx.get("cloud_orchestrator") else list() # TODO: switch to use context for this ctx["kube_manager_token"] = leader_get("kube_manager_token") if config.get("kubernetes_api_hostname") and config.get("kubernetes_api_secure_port"): ctx["kubernetes_api_server"] = config.get("kubernetes_api_hostname") ctx["kubernetes_api_secure_port"] = config.get("kubernetes_api_secure_port") else: ctx["kubernetes_api_server"] = config.get("kubernetes_api_server") ctx["kubernetes_api_secure_port"] = config.get("kubernetes_api_port") ctx["nested_mode"] = config.get("nested_mode") if ctx["nested_mode"]: # TODO: create KUBERNETES_NESTED_VROUTER_VIP link-local services in Contrail via config API ctx["nested_mode_config"] = common_utils.json_loads(config.get("nested_mode_config"), dict()) ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available() ctx["logging"] = docker_utils.render_logging() log("CTX: {}".format(ctx)) ctx.update(common_utils.json_loads(config.get("auth_info"), dict())) return ctx
def config_changed(): utils.update_nrpe_config() # Charm doesn't support changing of some parameters. if config.changed("dpdk"): raise Exception("Configuration parameter dpdk couldn't be changed") config[ "config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) config.save() docker_utils.config_changed() utils.update_charm_status()
def config_changed(): utils.update_nrpe_config() if config.changed("control-network"): settings = {'private-address': common_utils.get_ip()} rnames = ("contrail-analyticsdb", "analyticsdb-cluster") for rname in rnames: for rid in relation_ids(rname): relation_set(relation_id=rid, relation_settings=settings) config[ "config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) config.save() docker_utils.config_changed() utils.update_charm_status()
def _http_services(vip): name = local_unit().replace("/", "-") addr = common_utils.get_ip() mode = config.get("haproxy-http-mode", "http") ssl_on_backend = config.get("ssl_enabled", False) and common_utils.is_config_analytics_ssl_available() if ssl_on_backend: servers = [[name, addr, 8082, "check inter 2000 rise 2 fall 3 ssl verify none"]] else: servers = [[name, addr, 8082, "check inter 2000 rise 2 fall 3"]] result = [ {"service_name": "contrail-api", "service_host": vip, "service_port": 8082, "servers": servers} ] if mode == 'http': result[0]['service_options'] = [ "timeout client 3m", "option nolinger", "timeout server 3m", "balance source"] else: result[0]['service_options'] = [ "timeout client 86400000", "mode http", "balance source", "timeout server 30000", "timeout connect 4000", "hash-type consistent", "http-request set-header X-Forwarded-Proto https if { ssl_fc }", "http-request set-header X-Forwarded-Proto http if !{ ssl_fc }", "option httpchk GET /", "option forwardfor", "redirect scheme https code 301 if { hdr(host) -i " + str(vip) + " } !{ ssl_fc }", "rsprep ^Location:\\ http://(.*) Location:\\ https://\\1"] result[0]['crts'] = ["DEFAULT"] return result
def config_changed(): utils.update_nrpe_config() # Charm doesn't support changing of some parameters. if config.changed("dpdk"): raise Exception("Configuration parameter dpdk couldn't be changed") config[ "config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) config.save() if not config["dpdk"]: utils.prepare_hugepages_kernel_mode() docker_utils.config_changed() utils.update_charm_status() # leave it as latest - in case of exception in previous steps # config.changed doesn't work sometimes... if config.get("saved-image-tag") != config["image-tag"]: utils.update_ziu("image-tag") config["saved-image-tag"] = config["image-tag"] config.save()
def get_context(): ctx = {} ctx["module"] = MODULE ctx["log_level"] = config.get("log-level", "SYS_NOTICE") ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") ctx["contrail_version"] = common_utils.get_contrail_version() ips = common_utils.json_loads(config.get("analytics_servers"), list()) ctx["analytics_servers"] = ips ctx["ssl_enabled"] = config.get("ssl_enabled", False) ctx["certs_hash"] = common_utils.get_certs_hash( MODULE) if ctx["ssl_enabled"] else '' ctx["rabbitmq_user"] = config.get("rabbit-user") ctx["rabbitmq_password"] = config.get("rabbit-password") ctx["rabbitmq_hostname"] = config.get("rabbit-hostname") ctx["rabbitmq_vhost"] = config.get("rabbit-vhost") ctx["ironic_notification_level"] = config.get('ironic-notification-level') ctx.update(common_utils.json_loads(config.get("orchestrator_info"), dict())) if not ctx.get("cloud_orchestrators"): ctx["cloud_orchestrators"] = [ ctx.get("cloud_orchestrator") ] if ctx.get("cloud_orchestrator") else list() ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) ctx["logging"] = docker_utils.render_logging() log("CTX: {}".format(ctx)) ctx.update(common_utils.json_loads(config.get("auth_info"), dict())) return ctx
def update_southbound_relations(rid=None): # controller_ips/data_ips are already dumped json settings = { "maintenance": config.get("maintenance"), "analytics-server": json.dumps(utils.get_analytics_list()), "auth-mode": config.get("auth-mode"), "auth-info": config.get("auth_info"), "orchestrator-info": config.get("orchestrator_info"), "agents-info": config.get("agents-info"), "ssl-enabled": config.get("ssl_enabled") and common_utils.is_config_analytics_ssl_available(), # base64 encoded ca-cert "ca-cert": config.get("ca_cert"), "controller_ips": leader_get("controller_ip_list"), "controller_data_ips": leader_get("controller_data_ip_list"), "issu_controller_ips": config.get("issu_controller_ips"), "issu_controller_data_ips": config.get("issu_controller_data_ips"), "issu_analytics_ips": config.get("issu_analytics_ips"), "rabbitmq_connection_details": json.dumps(utils.get_rabbitmq_connection_details()), "cassandra_connection_details": json.dumps(utils.get_cassandra_connection_details()), "zookeeper_connection_details": json.dumps(utils.get_zookeeper_connection_details()), } for rid in ([rid] if rid else relation_ids("contrail-controller")): relation_set(relation_id=rid, relation_settings=settings)
def get_context(): ctx = {} ctx["module"] = MODULE ctx["ssl_enabled"] = config.get("ssl_enabled", False) ctx["log_level"] = config.get("log-level", "SYS_NOTICE") ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") ctx["sriov_physical_interface"] = config.get("sriov-physical-interface") ctx["sriov_numvfs"] = config.get("sriov-numvfs") ctx["max_vm_flows"] = config.get("max-vm-flows") ctx["contrail_version"] = common_utils.get_contrail_version() # NOTE: charm should set non-fqdn hostname to be compatible with R5.0 deployments ctx["hostname"] = socket.getfqdn() if config.get("hostname-use-fqdn", True) else socket.gethostname() iface = config.get("physical-interface") ctx["physical_interface"] = iface gateway_ip = config.get("vhost-gateway") if gateway_ip == "auto": gateway_ip = _get_iface_gateway_ip(iface) ctx["vrouter_gateway"] = gateway_ip if gateway_ip else '' ctx["agent_mode"] = "dpdk" if config["dpdk"] else "kernel" if config["dpdk"]: ctx["dpdk_additional_args"] = _get_dpdk_args() ctx["dpdk_driver"] = config.get("dpdk-driver") ctx["dpdk_coremask"] = config.get("dpdk-coremask") ctx["dpdk_service_coremask"] = config.get("dpdk-service-coremask") ctx["dpdk_ctrl_thread_coremask"] = config.get("dpdk-ctrl-thread-coremask") cpuset = _convert2cpuset(config.get("dpdk-ctrl-thread-coremask")) if cpuset: ctx["agent_containers_cpuset"] = cpuset ctx["dpdk_hugepages"] = _get_hugepages() else: ctx["hugepages_1g"] = config.get("kernel-hugepages-1g") ctx["hugepages_2m"] = config.get("kernel-hugepages-2m") ctx.update(tsn_ctx()) info = common_utils.json_loads(config.get("orchestrator_info"), dict()) ctx.update(info) if not ctx.get("cloud_orchestrators"): ctx["cloud_orchestrators"] = list(ctx.get("cloud_orchestrator")) if ctx.get("cloud_orchestrator") else list() ctx["controller_servers"] = common_utils.json_loads(config.get("controller_ips"), list()) ctx["control_servers"] = common_utils.json_loads(config.get("controller_data_ips"), list()) ctx["analytics_servers"] = common_utils.json_loads(config.get("analytics_servers"), list()) ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available() ctx["analyticsdb_enabled"] = config.get("analyticsdb_enabled", True) if "plugin-ips" in config: plugin_ips = common_utils.json_loads(config["plugin-ips"], dict()) my_ip = unit_get("private-address") if my_ip in plugin_ips: ctx["plugin_settings"] = plugin_ips[my_ip] ctx["pod_subnets"] = config.get("pod_subnets") if config.get('maintenance') == 'issu': ctx["controller_servers"] = common_utils.json_loads(config.get("issu_controller_ips"), list()) ctx["control_servers"] = common_utils.json_loads(config.get("issu_controller_data_ips"), list()) ctx["analytics_servers"] = common_utils.json_loads(config.get("issu_analytics_ips"), list()) # orchestrator_info and auth_info can be taken from old relation ctx["logging"] = docker_utils.render_logging() log("CTX: " + str(ctx)) ctx.update(common_utils.json_loads(config.get("auth_info"), dict())) return ctx
def get_context(): ctx = {} ctx["module"] = MODULE ctx["log_level"] = config.get("log-level", "SYS_NOTICE") ctx["container_registry"] = config.get("docker-registry") ctx["contrail_version_tag"] = config.get("image-tag") # self IP-s kubemanager_ip_list = list() for rid in relation_ids("kubernetes-master-cluster"): for unit in related_units(rid): ip = relation_get("private-address", unit, rid) if ip: kubemanager_ip_list.append(ip) # add it's own ip address kubemanager_ip_list.append(common_utils.get_ip()) ctx["kubemanager_servers"] = kubemanager_ip_list # get contrail configuration from relation ips = common_utils.json_loads(config.get("controller_ips"), list()) data_ips = common_utils.json_loads(config.get("controller_data_ips"), list()) ctx["controller_servers"] = ips ctx["control_servers"] = data_ips ips = common_utils.json_loads(config.get("analytics_servers"), list()) ctx["analytics_servers"] = ips # TODO: add ssl ctx["cluster_name"] = config.get("cluster_name") ctx["cluster_project"] = config.get("cluster_project") ctx["cluster_network"] = config.get("cluster_network") ctx["pod_subnets"] = config.get("pod_subnets") ctx["ip_fabric_subnets"] = config.get("ip_fabric_subnets") ctx["service_subnets"] = config.get("service_subnets") ctx["ip_fabric_forwarding"] = config.get("ip_fabric_forwarding") ctx["ip_fabric_snat"] = config.get("ip_fabric_snat") ctx["host_network_service"] = config.get("host_network_service") ctx["public_fip_pool"] = config.get("public_fip_pool") ctx["cloud_orchestrator"] = "kubernetes" ctx["kube_manager_token"] = leader_get("kube_manager_token") if config.get("kubernetes_api_hostname") and config.get( "kubernetes_api_secure_port"): ctx["kubernetes_api_server"] = config.get("kubernetes_api_hostname") ctx["kubernetes_api_secure_port"] = config.get( "kubernetes_api_secure_port") else: ctx["kubernetes_api_server"] = config.get("kubernetes_api_server") ctx["kubernetes_api_secure_port"] = config.get("kubernetes_api_port") ctx["nested_mode"] = config.get("nested_mode") if ctx["nested_mode"]: # TODO: create KUBERNETES_NESTED_VROUTER_VIP link-local services in Contrail via config API ctx["nested_mode_config"] = common_utils.json_loads( config.get("nested_mode_config"), dict()) ctx["config_analytics_ssl_available"] = common_utils.is_config_analytics_ssl_available( ) ctx["logging"] = docker_utils.render_logging() log("CTX: {}".format(ctx)) return ctx