def upgrade_gluu(self):
values_file_parser = Parser(self.upgrade_values_file, True)
values_file_parser["domain"] = self.settings.get("global.fqdn")
values_file_parser["cnCacheType"] = self.settings.get(
"config.configmap.cnCacheType")
values_file_parser["cnCouchbaseUrl"] = self.settings.get(
"config.configmap.cnCouchbaseUrl")
values_file_parser["cnCouchbaseUser"] = self.settings.get(
"config.configmap.cnCouchbaseUser")
values_file_parser["cnCouchbaseSuperUser"] = self.settings.get(
"config.configmap.cnCouchbaseSuperUser")
values_file_parser["cnPersistenceLdapMapping"] = self.settings.get(
"global.cnPersistenceType")
values_file_parser["cnPersistenceType"] = self.settings.get(
"config.configmap.cnPersistenceLdapMapping")
values_file_parser["source"] = self.settings.get(
"installer-settings.currentVersion")
values_file_parser["target"] = self.settings.get(
"installer-settings.upgrade.targetVersion")
values_file_parser.dump_it()
exec_cmd(
"helm install {} -f {} ./helm/gluu-upgrade --namespace={}".format(
self.settings.get('installer-settings.releaseName'),
self.values_file,
self.settings.get("installer-settings.namespace")))
def uninstall_gluu(self):
exec_cmd("helm delete {} --namespace={}".format(
self.settings.get('installer-settings.releaseName'),
self.settings.get("installer-settings.namespace")))
exec_cmd("helm delete {} --namespace={}".format(
self.ldap_backup_release_name,
self.settings.get("installer-settings.namespace")))
def __init__(self):
self.values_file = Path("./helm/gluu/values.yaml").resolve()
self.upgrade_values_file = Path(
"./helm/gluu-upgrade/values.yaml").resolve()
self.settings = ValuesHandler()
self.kubernetes = Kubernetes()
self.ldap_backup_release_name = self.settings.get(
"installer-settings.releaseName") + "-ldap-backup"
if "gke" in self.settings.get(
"installer-settings.volumeProvisionStrategy") == "gke":
# Clusterrolebinding needs to be created for gke with CB or kubeDB installed
if self.settings.get("config.configmap.cnCacheType") == "REDIS" or \
self.settings.get("installer-settings.gluuGateway.install") or \
self.settings.get("installer-settings.couchbase.install"):
user_account, stderr, retcode = exec_cmd(
"gcloud config get-value core/account")
user_account = str(user_account, "utf-8").strip()
user, stderr, retcode = exec_cmd("whoami")
user = str(user, "utf-8").strip()
cluster_role_binding_name = "cluster-admin-{}".format(user)
self.kubernetes.create_cluster_role_binding(
cluster_role_binding_name=cluster_role_binding_name,
user_name=user_account,
cluster_role_name="cluster-admin")
def install_ldap_backup(self):
values_file = Path("./helm/ldap-backup/values.yaml").resolve()
values_file_parser = Parser(values_file, True)
values_file_parser["ldapPass"] = self.settings.get("LDAP_PW")
values_file_parser.dump_it()
exec_cmd(
"helm install {} -f ./helm/ldap-backup/values.yaml ./helm/ldap-backup --namespace={}"
.format(self.ldap_backup_release_name,
self.settings.get("CN_NAMESPACE")))
def uninstall_postgres(self):
logger.info("Removing gluu-postgres...")
logger.info("Removing postgres...")
exec_cmd("helm delete {} --namespace=jackrabbit{}".format(
"sql", self.settings.get("installer-settings.postgres.namespace")))
if self.settings.get("global.cnPersistenceType") == "sql" and \
self.settings.get("config.configmap.cnSqlDbDialect") == "pgsql":
exec_cmd("helm delete {} --namespace={}".format(
"gluu",
self.settings.get("installer-settings.postgres.namespace")))
def __init__(self):
self.settings = ValuesHandler()
self.kubernetes = Kubernetes()
self.timeout = 120
if "gke" in self.settings.get("installer-settings.volumeProvisionStrategy"):
user_account, stderr, retcode = exec_cmd("gcloud config get-value core/account")
user_account = str(user_account, "utf-8").strip()
user, stderr, retcode = exec_cmd("whoami")
user = str(user, "utf-8").strip()
cluster_role_binding_name = "cluster-admin-{}".format(user)
self.kubernetes.create_cluster_role_binding(cluster_role_binding_name=cluster_role_binding_name,
user_name=user_account,
cluster_role_name="cluster-admin")
def __init__(self):
self.settings = SettingsHandler()
self.kubernetes = Kubernetes()
self.timeout = 120
if self.settings.get("DEPLOYMENT_ARCH") == "gke":
user_account, stderr, retcode = exec_cmd(
"gcloud config get-value core/account")
user_account = str(user_account, "utf-8").strip()
user, stderr, retcode = exec_cmd("whoami")
user = str(user, "utf-8").strip()
cluster_role_binding_name = "cluster-admin-{}".format(user)
self.kubernetes.create_cluster_role_binding(
cluster_role_binding_name=cluster_role_binding_name,
user_name=user_account,
cluster_role_name="cluster-admin")
def install_gluu(self, install_ingress=True):
"""
Helm install Gluu
:param install_ingress:
"""
labels = {"app": "gluu"}
if self.settings.get("USE_ISTIO") == "Y":
labels = {"app": "gluu", "istio-injection": "enabled"}
self.kubernetes.create_namespace(
name=self.settings.get("CN_NAMESPACE"), labels=labels)
if self.settings.get(
"PERSISTENCE_BACKEND") != "ldap" and self.settings.get(
"INSTALL_COUCHBASE") == "Y":
couchbase_app = Couchbase()
couchbase_app.uninstall()
couchbase_app = Couchbase()
couchbase_app.install()
self.settings = SettingsHandler()
if self.settings.get("AWS_LB_TYPE") == "alb":
self.prepare_alb()
self.deploy_alb()
if self.settings.get("AWS_LB_TYPE") != "alb" and self.settings.get(
"USE_ISTIO_INGRESS") != "Y":
self.check_install_nginx_ingress(install_ingress)
self.analyze_global_values()
try:
exec_cmd("helm install {} -f {} ./helm/gluu --namespace={}".format(
self.settings.get('CN_HELM_RELEASE_NAME'), self.values_file,
self.settings.get("CN_NAMESPACE")))
if self.settings.get("PERSISTENCE_BACKEND") == "hybrid" or \
self.settings.get("PERSISTENCE_BACKEND") == "ldap":
values_file = Path("./helm/ldap-backup/values.yaml").resolve()
values_file_parser = Parser(values_file, True)
values_file_parser["ldapPass"] = self.settings.get("LDAP_PW")
values_file_parser.dump_it()
exec_cmd(
"helm install {} -f ./helm/ldap-backup/values.yaml ./helm/ldap-backup --namespace={}"
.format(self.ldap_backup_release_name,
self.settings.get("CN_NAMESPACE")))
except FileNotFoundError:
logger.error(
"Helm v3 is not installed. Please install it to continue "
"https://helm.sh/docs/intro/install/")
raise SystemExit(1)
def uninstall_kubedb(self):
logger.info("Deleting KubeDB...This may take a little while.")
try:
exec_cmd("helm repo add appscode https://charts.appscode.com/stable/")
exec_cmd("helm repo update")
exec_cmd("helm delete kubedb-operator --namespace gluu-kubedb")
exec_cmd("helm delete kubedb-catalog --namespace gluu-kubedb")
time.sleep(20)
except FileNotFoundError:
logger.error("Helm v3 is not installed. Please install it to continue "
"https://helm.sh/docs/intro/install/")
raise SystemExit(1)
def install_ldap_backup(self):
values_file = Path("./helm/ldap-backup/values.yaml").resolve()
values_file_parser = Parser(values_file, True)
values_file_parser["ldapPass"] = self.settings.get(
"config.ldapPassword")
if self.settings.get("global.storageClass.provisioner") not in \
("microk8s.io/hostpath", "k8s.io/minikube-hostpath"):
values_file_parser["gluuLdapSchedule"] = self.settings.get(
"installer-settings.ldap.backup.fullSchedule")
if self.settings.get("opendj.multiCluster.enabled"):
values_file_parser["multiCluster"]["enabled"] = True
values_file_parser["multiCluster"]["ldapAdvertiseAdminPort"] = \
self.settings.get("opendj.ports.tcp-admin.nodePort")
values_file_parser["multiCluster"]["serfAdvertiseAddrSuffix"] = \
self.settings.get("opendj.multiCluster.serfAdvertiseAddrSuffix")[:-6]
values_file_parser.dump_it()
exec_cmd(
"helm install {} -f ./helm/ldap-backup/values.yaml ./helm/ldap-backup --namespace={}"
.format(self.ldap_backup_release_name,
self.settings.get("installer-settings.namespace")))
def install_gluu(self, install_ingress=True):
"""
Helm install Gluu
:param install_ingress:
"""
labels = {"app": "gluu"}
if self.settings.get("global.istio.enabled"):
labels = {"app": "gluu", "istio-injection": "enabled"}
self.kubernetes.create_namespace(
name=self.settings.get("installer-settings.namespace"),
labels=labels)
if self.settings.get("global.cnPersistenceType") != "ldap" and \
self.settings.get("installer-settings.couchbase.install"):
couchbase_app = Couchbase()
couchbase_app.uninstall()
couchbase_app = Couchbase()
couchbase_app.install()
self.settings = ValuesHandler()
if self.settings.get("installer-settings.aws.lbType") == "alb":
self.prepare_alb()
self.deploy_alb()
if self.settings.get("installer-settings.aws.lbType") != "alb" and \
self.settings.get("global.istio.ingress.enabled"):
self.check_install_nginx_ingress(install_ingress)
try:
exec_cmd("helm install {} -f {} ./helm/gluu --namespace={}".format(
self.settings.get(
'installer-settings.nginxIngress.releaseName'),
self.values_file,
self.settings.get("installer-settings.namespace")))
if self.settings.get("global.cnPersistenceType") in ("hybrid",
"ldap"):
self.install_ldap_backup()
except FileNotFoundError:
logger.error(
"Helm v3 is not installed. Please install it to continue "
"https://helm.sh/docs/intro/install/")
raise SystemExit(1)
def install_mysql(self):
self.uninstall_mysql()
self.kubernetes.create_namespace(
name=self.settings.get("installer-settings.sql.namespace"),
labels={"app": "mysql"})
exec_cmd("helm repo add bitnami https://charts.bitnami.com/bitnami")
exec_cmd("helm repo update")
exec_cmd("helm install {} bitnami/mysql "
"--set auth.rootPassword={} "
"--set auth.database={} "
"--set auth.username={} "
"--set auth.password={} "
"--namespace={} ".format(
"gluu",
self.settings.get("config.configmap.cnSqldbUserPassword"),
self.settings.get("config.configmap.cnSqlDbName"),
self.settings.get("config.configmap.cnSqlDbUser"),
self.settings.get("config.configmap.cnSqldbUserPassword"),
self.settings.get("installer-settings.sql.namespace")))
if not self.settings.get("installer-settings.aws.lbType") == "alb":
self.kubernetes.check_pods_statuses(
self.settings.get("installer-settings.sql.namespace"),
"app=mysql", self.timeout)
def install_gluu_gateway_dbmode(self):
self.uninstall_gluu_gateway_dbmode()
self.kubernetes.create_namespace(
name=self.settings.get("KONG_NAMESPACE"),
labels={"app": "ingress-kong"})
encoded_kong_pass_bytes = base64.b64encode(
self.settings.get("KONG_PG_PASSWORD").encode("utf-8"))
encoded_kong_pass_string = str(encoded_kong_pass_bytes, "utf-8")
self.kubernetes.patch_or_create_namespaced_secret(
name="kong-postgres-pass",
namespace=self.settings.get("KONG_NAMESPACE"),
literal="KONG_PG_PASSWORD",
value_of_literal=encoded_kong_pass_string)
exec_cmd("helm repo add kong https://charts.konghq.com")
exec_cmd("helm repo update")
exec_cmd(
"helm install {} kong/kong "
"--set ingressController.installCRDs=false "
"--set image.repository={} "
"--set image.tag={} "
"--set env.database=postgres "
"--set env.pg_user={} "
"--set env.pg_password.valueFrom.secretKeyRef.name=kong-postgres-pass "
"--set env.pg_password.valueFrom.secretKeyRef.key=KONG_PG_PASSWORD "
"--set env.pg_host={} "
"--set admin.enabled=true "
"--set admin.type=ClusterIP "
"--namespace={}".format(
self.settings.get("KONG_HELM_RELEASE_NAME"),
self.settings.get("GLUU_GATEWAY_IMAGE_NAME"),
self.settings.get("GLUU_GATEWAY_IMAGE_TAG"),
self.settings.get("KONG_PG_USER"),
self.settings.get("POSTGRES_URL"),
self.settings.get("KONG_NAMESPACE")))
def __init__(self):
self.values_file = Path("./helm/gluu/values.yaml").resolve()
self.settings = SettingsHandler()
self.kubernetes = Kubernetes()
self.ldap_backup_release_name = self.settings.get(
'CN_HELM_RELEASE_NAME') + "-ldap-backup"
if self.settings.get("DEPLOYMENT_ARCH") == "gke":
# Clusterrolebinding needs to be created for gke with CB or kubeDB installed
if self.settings.get("INSTALL_REDIS") == "Y" or \
self.settings.get("INSTALL_GLUU_GATEWAY") == "Y" or \
self.settings.get("INSTALL_COUCHBASE") == "Y":
user_account, stderr, retcode = exec_cmd(
"gcloud config get-value core/account")
user_account = str(user_account, "utf-8").strip()
user, stderr, retcode = exec_cmd("whoami")
user = str(user, "utf-8").strip()
cluster_role_binding_name = "cluster-admin-{}".format(user)
self.kubernetes.create_cluster_role_binding(
cluster_role_binding_name=cluster_role_binding_name,
user_name=user_account,
cluster_role_name="cluster-admin")
def upgrade_gluu(self):
values_file_parser = Parser(self.upgrade_values_file, True)
values_file_parser["domain"] = self.settings.get("CN_FQDN")
values_file_parser["cnCacheType"] = self.settings.get("CN_CACHE_TYPE")
values_file_parser["cnCouchbaseUrl"] = self.settings.get(
"COUCHBASE_URL")
values_file_parser["cnCouchbaseUser"] = self.settings.get(
"COUCHBASE_USER")
values_file_parser["cnCouchbaseSuperUser"] = self.settings.get(
"COUCHBASE_SUPERUSER")
values_file_parser["cnPersistenceLdapMapping"] = self.settings.get(
"HYBRID_LDAP_HELD_DATA")
values_file_parser["cnPersistenceType"] = self.settings.get(
"PERSISTENCE_BACKEND")
values_file_parser["source"] = self.settings.get("CN_VERSION")
values_file_parser["target"] = self.settings.get(
"CN_UPGRADE_TARGET_VERSION")
values_file_parser.dump_it()
exec_cmd(
"helm install {} -f {} ./helm/gluu-upgrade --namespace={}".format(
self.settings.get('CN_HELM_RELEASE_NAME'), self.values_file,
self.settings.get("CN_NAMESPACE")))
def install_kubedb(self):
self.uninstall_kubedb()
self.kubernetes.create_namespace(name="gluu-kubedb", labels={"app": "kubedb"})
try:
exec_cmd("helm repo add appscode https://charts.appscode.com/stable/")
exec_cmd("helm repo update")
exec_cmd("helm install kubedb-operator appscode/kubedb --version v0.13.0-rc.0 "
"--namespace gluu-kubedb")
self.kubernetes.check_pods_statuses("gluu-kubedb", "app=kubedb")
exec_cmd("helm install kubedb-catalog appscode/kubedb-catalog --version v0.13.0-rc.0 "
"--namespace gluu-kubedb")
except FileNotFoundError:
logger.error("Helm v3 is not installed. Please install it to continue "
"https://helm.sh/docs/intro/install/")
raise SystemExit(1)
def install_postgres(self):
self.uninstall_postgres()
if self.settings.get(
"installer-settings.jackrabbit.clusterMode") == "Y":
self.kubernetes.create_namespace(
name=
f'jackrabbit{self.settings.get("installer-settings.postgres.namespace")}',
labels={"app": "postgres"})
exec_cmd(
"helm repo add bitnami https://charts.bitnami.com/bitnami")
exec_cmd("helm repo update")
exec_cmd(
"helm install {} bitnami/postgresql "
"--set global.postgresql.postgresqlDatabase={} "
"--set global.postgresql.postgresqlPassword={} "
"--set global.postgresql.postgresqlUsername={} "
"--namespace=jackrabbit{}".format(
"postgresql",
self.settings.get(
"config.configmap.cnJackrabbitPostgresDatabaseName"),
self.settings.get(
"jackrabbit.secrets.cnJackrabbitPostgresPassword"),
self.settings.get(
"config.configmap.cnJackrabbitPostgresUser"),
self.settings.get(
"installer-settings.postgres.namespace")))
if self.settings.get("global.cnPersistenceType") == "sql" and \
self.settings.get("config.configmap.cnSqlDbDialect") == "pgsql":
self.kubernetes.create_namespace(name=self.settings.get(
"installer-settings.postgres.namespace"),
labels={"app": "mysql"})
exec_cmd(
"helm install {} bitnami/postgresql "
"--set global.postgresql.postgresqlDatabase={} "
"--set global.postgresql.postgresqlPassword={} "
"--set global.postgresql.postgresqlUsername={} "
"--namespace={}".format(
"gluu", self.settings.get("config.configmap.cnSqlDbName"),
self.settings.get("config.configmap.cnSqldbUserPassword"),
self.settings.get("config.configmap.cnSqlDbUser"),
self.settings.get(
"installer-settings.postgres.namespace")))
if not self.settings.get("installer-settings.aws.lbType") == "alb":
self.kubernetes.check_pods_statuses(
self.settings.get("POSTGRES_NAMESPACE"), "app=postgres",
self.timeout)
def create_objects_from_dict(self, filepath, namespace=None):
"""Create kubernetes object from a yaml encapsulated inside a dictionary"""
yaml_objects = Parser(filepath).return_manifests_dict
for manifest in yaml_objects:
try:
# handle special cases of namespace injection
if namespace:
manifest["metadata"]["namespace"] = namespace
utils.create_from_dict(self.api_client, manifest)
logger.info('Created {}/{}'.format(
manifest["kind"], manifest["metadata"]["name"]))
except (client.rest.ApiException, Exception) as e:
# AttributeError: module 'kubernetes.client' has no attribute 'NetworkingIstioIoV1alpha3Api'
if "module 'kubernetes.client' has no attribute 'NetworkingIstioIoV1alpha3Api'" in str(
e):
logger.warning("Creating {} failed.".format(
manifest["kind"]))
logger.info("Trying again using kubectl...")
exec_cmd("kubectl apply -f {} -n {}".format(
filepath, namespace))
break
self.check_create_error_and_response(
e, manifest["kind"], manifest["metadata"]["name"])
def install_redis(self):
self.uninstall_redis()
self.kubernetes.create_namespace(name=self.settings.get("installer-settings.redis.namespace"),
labels={"app": "redis"})
exec_cmd("helm repo add bitnami https://charts.bitnami.com/bitnami")
exec_cmd("helm repo update")
exec_cmd("helm install {} bitnami/redis-cluster "
"--set global.redis.password={} "
"--namespace={}".format("redis-cluster",
self.settings.get("config.redisPassword"),
self.settings.get("installer-settings.redis.namespace")))
if not self.settings.get("installer-settings.aws.lbType") == "alb":
self.kubernetes.check_pods_statuses(self.settings.get("installer-settings.namespace"), "app=redis-cluster",
self.timeout)
def prompt_gke(self):
"""GKE prompts
"""
if not self.settings.get("GMAIL_ACCOUNT"):
self.settings.set(
"GMAIL_ACCOUNT",
click.prompt(
"Please enter valid email for Google Cloud account"))
if self.settings.get("APP_VOLUME_TYPE") == 11:
for node_name in self.settings.get("NODES_NAMES"):
for zone in self.settings.get("NODES_ZONES"):
response, error, retcode = exec_cmd(
"gcloud compute ssh user@{} --zone={} "
"--command='echo $HOME'".format(node_name, zone))
self.settings.set("GOOGLE_NODE_HOME_DIR",
str(response, "utf-8"))
if self.settings.get("GOOGLE_NODE_HOME_DIR"):
break
if self.settings.get("GOOGLE_NODE_HOME_DIR"):
break
def install_gluu_gateway_dbmode(self):
self.uninstall_gluu_gateway_dbmode()
self.kubernetes.create_namespace(name=self.settings.get(
"installer-settings.gluuGateway.kong.namespace"),
labels={"app": "ingress-kong"})
encoded_kong_pass_bytes = base64.b64encode(
self.settings.get(
"installer-settings.gluuGateway.kong.postgresPassword").encode(
"utf-8"))
encoded_kong_pass_string = str(encoded_kong_pass_bytes, "utf-8")
self.kubernetes.patch_or_create_namespaced_secret(
name="kong-postgres-pass",
namespace=self.settings.get(
"installer-settings.gluuGateway.kong.namespace"),
literal="CN_KONG_PG_PASSWORD",
value_of_literal=encoded_kong_pass_string)
exec_cmd("helm repo add kong https://charts.konghq.com")
exec_cmd("helm repo update")
exec_cmd(
"helm install {} kong/kong "
"--set ingressController.installCRDs=false "
"--set image.repository={} "
"--set image.tag={} "
"--set env.database=postgres "
"--set env.pg_user={} "
"--set env.pg_password.valueFrom.secretKeyRef.name=kong-postgres-pass "
"--set env.pg_password.valueFrom.secretKeyRef.key=CN_KONG_PG_PASSWORD "
"--set env.pg_host={} "
"--set admin.enabled=true "
"--set admin.type=ClusterIP "
"--namespace={}".format(
self.settings.get(
"installer-settings.gluuGateway.kong.releaseName"),
self.settings.get(
"installer-settings.gluuGateway.kong.image.repository"),
self.settings.get(
"installer-settings.gluuGateway.kong.image.tag"),
self.settings.get(
"installer-settings.gluuGateway.kong.postgresUser"),
self.settings.get("config.configmap.cnJackrabbitPostgresHost"),
self.settings.get(
"installer-settings.gluuGateway.kong.namespace")))
def install(self):
"""
Installs Couchbase
"""
self.kubernetes.create_namespace(
name=self.settings.get("CN_NAMESPACE"))
if self.settings.get("COUCHBASE_CLUSTER_FILE_OVERRIDE") == "N":
self.analyze_couchbase_cluster_yaml()
cb_namespace = self.settings.get("COUCHBASE_NAMESPACE")
storage_class_file_parser = Parser(self.storage_class_file,
"StorageClass")
if self.settings.get('DEPLOYMENT_ARCH') == "gke" or \
self.settings.get('DEPLOYMENT_ARCH') == "aks" or \
self.settings.get('DEPLOYMENT_ARCH') == "do":
try:
del storage_class_file_parser["parameters"]["encrypted"]
except KeyError:
logger.info("Key not found")
storage_class_file_parser["parameters"][
"type"] = self.settings.get("COUCHBASE_VOLUME_TYPE")
if self.settings.get('DEPLOYMENT_ARCH') == "gke":
storage_class_file_parser["provisioner"] = "kubernetes.io/gce-pd"
elif self.settings.get('DEPLOYMENT_ARCH') == "aks":
storage_class_file_parser[
"provisioner"] = "kubernetes.io/azure-disk"
elif self.settings.get('DEPLOYMENT_ARCH') == "do":
storage_class_file_parser[
"provisioner"] = "dobs.csi.digitalocean.com"
elif self.settings.get('DEPLOYMENT_ARCH') == "microk8s":
storage_class_file_parser["provisioner"] = "microk8s.io/hostpath"
try:
del storage_class_file_parser["allowVolumeExpansion"]
del storage_class_file_parser["parameters"]
except KeyError:
logger.info("Key not found")
storage_class_file_parser.dump_it()
elif self.settings.get('DEPLOYMENT_ARCH') == "minikube":
storage_class_file_parser[
"provisioner"] = "k8s.io/minikube-hostpath"
try:
del storage_class_file_parser["allowVolumeExpansion"]
del storage_class_file_parser["parameters"]
except KeyError:
logger.info("Key not found")
storage_class_file_parser.dump_it()
else:
try:
storage_class_file_parser["parameters"][
"type"] = self.settings.get("COUCHBASE_VOLUME_TYPE")
except KeyError:
logger.info("Key not found")
storage_class_file_parser.dump_it()
logger.info("Installing Couchbase...")
couchbase_crts_keys = Path("couchbase_crts_keys")
if not couchbase_crts_keys.exists():
os.mkdir(couchbase_crts_keys)
custom_cb_ca_crt = Path("./couchbase_crts_keys/ca.crt")
custom_cb_crt = Path("./couchbase_crts_keys/chain.pem")
custom_cb_key = Path("./couchbase_crts_keys/pkey.key")
if not custom_cb_ca_crt.exists() and not custom_cb_crt.exists(
) and not custom_cb_key.exists():
setup_crts(
ca_common_name=self.settings.get("COUCHBASE_CN"),
cert_common_name="couchbase-server",
san_list=self.settings.get("COUCHBASE_SUBJECT_ALT_NAME"),
ca_cert_file="./couchbase_crts_keys/ca.crt",
ca_key_file="./couchbase_crts_keys/ca.key",
cert_file="./couchbase_crts_keys/chain.pem",
key_file="./couchbase_crts_keys/pkey.key")
self.kubernetes.create_namespace(name=cb_namespace)
chain_pem_filepath = Path("./couchbase_crts_keys/chain.pem")
pkey_filepath = Path("./couchbase_crts_keys/pkey.key")
tls_cert_filepath = Path("./couchbase_crts_keys/tls-cert-file")
tls_private_key_filepath = Path(
"./couchbase_crts_keys/tls-private-key-file")
ca_cert_filepath = Path("./couchbase_crts_keys/ca.crt")
shutil.copyfile(ca_cert_filepath,
Path("./couchbase_crts_keys/couchbase.crt"))
shutil.copyfile(chain_pem_filepath, tls_cert_filepath)
shutil.copyfile(pkey_filepath, tls_private_key_filepath)
encoded_ca_crt_string = self.settings.get("COUCHBASE_CRT")
if not encoded_ca_crt_string:
with open(ca_cert_filepath) as content_file:
ca_crt_content = content_file.read()
encoded_ca_crt_bytes = base64.b64encode(
ca_crt_content.encode("utf-8"))
encoded_ca_crt_string = str(encoded_ca_crt_bytes, "utf-8")
self.settings.set("COUCHBASE_CRT", encoded_ca_crt_string)
with open(chain_pem_filepath) as content_file:
chain_pem_content = content_file.read()
encoded_chain_bytes = base64.b64encode(
chain_pem_content.encode("utf-8"))
encoded_chain_string = str(encoded_chain_bytes, "utf-8")
with open(pkey_filepath) as content_file:
pkey_content = content_file.read()
encoded_pkey_bytes = base64.b64encode(pkey_content.encode("utf-8"))
encoded_pkey_string = str(encoded_pkey_bytes, "utf-8")
self.kubernetes.patch_or_create_namespaced_secret(
name="couchbase-server-tls",
namespace=cb_namespace,
literal=chain_pem_filepath.name,
value_of_literal=encoded_chain_string,
second_literal=pkey_filepath.name,
value_of_second_literal=encoded_pkey_string)
self.kubernetes.patch_or_create_namespaced_secret(
name="couchbase-operator-tls",
namespace=cb_namespace,
literal=ca_cert_filepath.name,
value_of_literal=encoded_ca_crt_string)
encoded_cb_super_user_bytes = base64.b64encode(
self.settings.get("COUCHBASE_SUPERUSER").encode("utf-8"))
encoded_cb_super_user_string = str(encoded_cb_super_user_bytes,
"utf-8")
encoded_cb_pass_bytes = base64.b64encode(
self.settings.get("COUCHBASE_PASSWORD").encode("utf-8"))
encoded_cb_pass_string = str(encoded_cb_pass_bytes, "utf-8")
encoded_cb_super_pass_bytes = base64.b64encode(
self.settings.get("COUCHBASE_SUPERUSER_PASSWORD").encode("utf-8"))
encoded_cb_super_pass_string = str(encoded_cb_super_pass_bytes,
"utf-8")
self.create_couchbase_gluu_cert_pass_secrets(
encoded_ca_crt_string, encoded_cb_pass_string,
encoded_cb_super_pass_string)
self.kubernetes.patch_or_create_namespaced_secret(
name="gluu-couchbase-user-password",
namespace=self.settings.get("COUCHBASE_NAMESPACE"),
literal="password",
value_of_literal=encoded_cb_pass_string)
command = "./{}/bin/cbopcfg -backup=true -namespace={}".format(
self.couchbase_source_file,
self.settings.get("COUCHBASE_NAMESPACE"))
exec_cmd(command, output_file=self.couchbase_operator_dac_file)
couchbase_cluster_parser = Parser(self.couchbase_cluster_file,
"CouchbaseCluster")
couchbase_cluster_parser["spec"]["networking"]["tls"]["static"][
"serverSecret"] = "couchbase-server-tls"
couchbase_cluster_parser["spec"]["networking"]["tls"]["static"][
"operatorSecret"] = "couchbase-operator-tls"
try:
couchbase_cluster_parser["spec"]["security"]["rbac"]["selector"]["matchLabels"]["cluster"] = \
self.settings.get("COUCHBASE_CLUSTER_NAME")
couchbase_cluster_parser["spec"]["security"]["rbac"][
"managed"] = True
except KeyError:
logger.error(
"rbac section is missing or incorrect in couchbase-cluster.yaml."
" Please set spec --> security --> rbac --> managed : true"
" and set spec --> security --> rbac --> selector --> matchLabels --> "
"cluster --> to your cluster name")
logger.info(
"As a result of the above the installation will exit "
"as the gluu user will not be created causing the communication between "
"Gluu server and Couchbase to fail.")
sys.exit()
if self.settings.get("DEPLOYMENT_ARCH") == "local":
volume_claims = couchbase_cluster_parser["spec"][
"volumeClaimTemplates"]
for i, volume_claim in enumerate(volume_claims):
couchbase_cluster_parser["spec"]["volumeClaimTemplates"][i]["spec"]["storageClassName"] = \
"openebs-hostpath"
couchbase_cluster_parser.dump_it()
self.kubernetes.create_objects_from_dict(
self.couchbase_custom_resource_definition_file,
namespace=cb_namespace)
self.kubernetes.create_objects_from_dict(
self.couchbase_operator_dac_file, namespace=cb_namespace)
self.kubernetes.check_pods_statuses(cb_namespace,
"app=couchbase-operator", 700)
self.kubernetes.patch_or_create_namespaced_secret(
name="cb-auth",
namespace=cb_namespace,
literal="username",
value_of_literal=encoded_cb_super_user_string,
second_literal="password",
value_of_second_literal=encoded_cb_super_pass_string)
self.kubernetes.create_objects_from_dict(self.storage_class_file,
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_cluster_file,
group="couchbase.com",
version="v2",
plural="couchbaseclusters",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_buckets_file,
group="couchbase.com",
version="v2",
plural="couchbasebuckets",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_ephemeral_buckets_file,
group="couchbase.com",
version="v2",
plural="couchbaseephemeralbuckets",
namespace=cb_namespace)
coucbase_group_parser = Parser(self.couchbase_group_file,
"CouchbaseGroup")
coucbase_group_parser["metadata"]["labels"]["cluster"] = \
self.settings.get("COUCHBASE_CLUSTER_NAME")
coucbase_group_parser.dump_it()
coucbase_user_parser = Parser(self.couchbase_user_file,
"CouchbaseUser")
coucbase_user_parser["metadata"]["labels"]["cluster"] = \
self.settings.get("COUCHBASE_CLUSTER_NAME")
coucbase_user_parser.dump_it()
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_group_file,
group="couchbase.com",
version="v2",
plural="couchbasegroups",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_user_file,
group="couchbase.com",
version="v2",
plural="couchbaseusers",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_rolebinding_file,
group="couchbase.com",
version="v2",
plural="couchbaserolebindings",
namespace=cb_namespace)
self.kubernetes.check_pods_statuses(
cb_namespace, "couchbase_service_analytics=enabled", 700)
self.kubernetes.check_pods_statuses(cb_namespace,
"couchbase_service_data=enabled",
700)
self.kubernetes.check_pods_statuses(
cb_namespace, "couchbase_service_eventing=enabled", 700)
self.kubernetes.check_pods_statuses(cb_namespace,
"couchbase_service_index=enabled",
700)
self.kubernetes.check_pods_statuses(cb_namespace,
"couchbase_service_query=enabled",
700)
self.kubernetes.check_pods_statuses(
cb_namespace, "couchbase_service_search=enabled", 700)
# Setup couchbase backups
if self.settings.get("DEPLOYMENT_ARCH") not in ("microk8s",
"minikube"):
self.setup_backup_couchbase()
shutil.rmtree(self.couchbase_source_folder_pattern, ignore_errors=True)
if self.settings.get("DEPLOY_MULTI_CLUSTER") == "Y":
logger.info(
"Setup XDCR between the running Gluu couchbase cluster and this one"
)
def uninstall_nginx_ingress(self):
exec_cmd("helm delete {} --namespace={}".format(
self.settings.get('installer-settings.nginxIngress.releaseName'),
self.settings.get("installer-settings.nginxIngress.namespace")))
def install(self):
"""
Installs Couchbase
"""
self.kubernetes.create_namespace(
name=self.settings.get("installer-settings.namespace"))
if not self.settings.get(
"installer-settings.couchbase.customFileOverride"):
try:
self.analyze_couchbase_cluster_yaml()
except Exception:
# TODO remove this exception
logger.error(
"Looks like some of the couchbase files were misconfigured. "
"If you wish to override the couchbase files please set "
" installer-settings.couchbase.customFileOverride to true`"
)
sys.exit()
cb_namespace = self.settings.get(
"installer-settings.couchbase.namespace")
storage_class_file_parser = Parser(self.storage_class_file,
"StorageClass")
if self.settings.get('global.storageClass.provisioner') in (
"kubernetes.io/gce-pd", "dobs.csi.digitalocean.com",
"kubernetes.io/azure-disk"):
try:
del storage_class_file_parser["parameters"]["encrypted"]
except KeyError:
logger.info("Key not found")
storage_class_file_parser["parameters"]["type"] = \
self.settings.get("installer-settings.couchbase.volumeType")
storage_class_file_parser["provisioner"] = self.settings.get(
'global.storageClass.provisioner')
if self.settings.get(
'global.storageClass.provisioner') == "microk8s.io/hostpath":
try:
del storage_class_file_parser["allowVolumeExpansion"]
del storage_class_file_parser["parameters"]
except KeyError:
logger.info("Key not found")
storage_class_file_parser.dump_it()
elif self.settings.get('global.storageClass.provisioner'
) == "k8s.io/minikube-hostpath":
try:
del storage_class_file_parser["allowVolumeExpansion"]
del storage_class_file_parser["parameters"]
except KeyError:
logger.info("Key not found")
storage_class_file_parser.dump_it()
else:
try:
storage_class_file_parser["parameters"]["type"] = \
self.settings.get("installer-settings.couchbase.volumeType")
except KeyError:
logger.info("Key not found")
storage_class_file_parser.dump_it()
logger.info("Installing Couchbase...")
couchbase_crts_keys = Path("couchbase_crts_keys")
if not couchbase_crts_keys.exists():
os.mkdir(couchbase_crts_keys)
custom_cb_ca_crt = Path("./couchbase_crts_keys/ca.crt")
custom_cb_crt = Path("./couchbase_crts_keys/chain.pem")
custom_cb_key = Path("./couchbase_crts_keys/pkey.key")
if not custom_cb_ca_crt.exists() and not custom_cb_crt.exists(
) and not custom_cb_key.exists():
setup_crts(
ca_common_name=self.settings.get(
"installer-settings.couchbase.commonName"),
cert_common_name="couchbase-server",
san_list=self.settings.get(
"installer-settings.couchbase.subjectAlternativeName"),
ca_cert_file="./couchbase_crts_keys/ca.crt",
ca_key_file="./couchbase_crts_keys/ca.key",
cert_file="./couchbase_crts_keys/chain.pem",
key_file="./couchbase_crts_keys/pkey.key")
labels = {"app": "gluu-couchbase"}
if self.settings.get("global.istio.enabled"):
labels = {"app": "couchbase", "istio-injection": "enabled"}
self.kubernetes.create_namespace(name=cb_namespace, labels=labels)
chain_pem_filepath = Path("./couchbase_crts_keys/chain.pem")
pkey_filepath = Path("./couchbase_crts_keys/pkey.key")
tls_cert_filepath = Path("./couchbase_crts_keys/tls-cert-file")
tls_private_key_filepath = Path(
"./couchbase_crts_keys/tls-private-key-file")
ca_cert_filepath = Path("./couchbase_crts_keys/ca.crt")
shutil.copyfile(ca_cert_filepath,
Path("./couchbase_crts_keys/couchbase.crt"))
shutil.copyfile(chain_pem_filepath, tls_cert_filepath)
shutil.copyfile(pkey_filepath, tls_private_key_filepath)
encoded_ca_crt_string = self.settings.get(
"config.configmap.cnCouchbaseCrt")
if encoded_ca_crt_string in (None, ''):
with open(ca_cert_filepath) as content_file:
ca_crt_content = content_file.read()
encoded_ca_crt_bytes = base64.b64encode(
ca_crt_content.encode("utf-8"))
encoded_ca_crt_string = str(encoded_ca_crt_bytes, "utf-8")
self.settings.set("config.configmap.cnCouchbaseCrt",
encoded_ca_crt_string)
with open(chain_pem_filepath) as content_file:
chain_pem_content = content_file.read()
encoded_chain_bytes = base64.b64encode(
chain_pem_content.encode("utf-8"))
encoded_chain_string = str(encoded_chain_bytes, "utf-8")
with open(pkey_filepath) as content_file:
pkey_content = content_file.read()
encoded_pkey_bytes = base64.b64encode(pkey_content.encode("utf-8"))
encoded_pkey_string = str(encoded_pkey_bytes, "utf-8")
self.kubernetes.patch_or_create_namespaced_secret(
name="couchbase-server-tls",
namespace=cb_namespace,
literal=chain_pem_filepath.name,
value_of_literal=encoded_chain_string,
second_literal=pkey_filepath.name,
value_of_second_literal=encoded_pkey_string)
self.kubernetes.patch_or_create_namespaced_secret(
name="couchbase-operator-tls",
namespace=cb_namespace,
literal=ca_cert_filepath.name,
value_of_literal=encoded_ca_crt_string)
encoded_cb_super_user_bytes = base64.b64encode(
self.settings.get("config.configmap.cnCouchbaseSuperUser").encode(
"utf-8"))
encoded_cb_super_user_string = str(encoded_cb_super_user_bytes,
"utf-8")
encoded_cb_pass_bytes = base64.b64encode(
self.settings.get("config.configmap.cnCouchbasePassword").encode(
"utf-8"))
encoded_cb_pass_string = str(encoded_cb_pass_bytes, "utf-8")
encoded_cb_super_pass_bytes = base64.b64encode(
self.settings.get("config.configmap.cnCouchbaseSuperUserPassword").
encode("utf-8"))
encoded_cb_super_pass_string = str(encoded_cb_super_pass_bytes,
"utf-8")
self.create_couchbase_gluu_cert_pass_secrets(
encoded_ca_crt_string, encoded_cb_pass_string,
encoded_cb_super_pass_string)
self.kubernetes.patch_or_create_namespaced_secret(
name="gluu-couchbase-user-password",
namespace=self.settings.get(
"installer-settings.couchbase.namespace"),
literal="password",
value_of_literal=encoded_cb_pass_string)
admission_command = "./{}/bin/cbopcfg generate admission --namespace {}".format(
self.couchbase_source_file,
self.settings.get("installer-settings.couchbase.namespace"))
operator_command = "./{}/bin/cbopcfg generate operator --namespace {}".format(
self.couchbase_source_file,
self.settings.get("installer-settings.couchbase.namespace"))
backup_command = "./{}/bin/cbopcfg generate backup --namespace {}".format(
self.couchbase_source_file,
self.settings.get("installer-settings.couchbase.namespace"))
# @TODO: Remove condition and operator_command override after depreciation of couchbase operator 2.0
if self.old_couchbase:
operator_command = "./{}/bin/cbopcfg -backup=true -namespace={}".format(
self.couchbase_source_file,
self.settings.get("installer-settings.couchbase.namespace"))
exec_cmd(operator_command,
output_file=self.couchbase_operator_dac_file)
# @TODO: Remove only the condition after depreciation of couchbase operator 2.0
if not self.old_couchbase:
exec_cmd(backup_command,
output_file=self.couchbase_operator_backup_file)
exec_cmd(admission_command,
output_file=self.couchbase_admission_file)
couchbase_cluster_parser = Parser(self.couchbase_cluster_file,
"CouchbaseCluster")
couchbase_cluster_parser["spec"]["networking"]["tls"]["static"][
"serverSecret"] = "couchbase-server-tls"
couchbase_cluster_parser["spec"]["networking"]["tls"]["static"][
"operatorSecret"] = "couchbase-operator-tls"
if self.settings.get("global.istio.enabled"):
couchbase_cluster_parser["spec"]["networking"][
"networkPlatform"] = "Istio"
try:
couchbase_cluster_parser["spec"]["security"]["rbac"]["selector"]["matchLabels"]["cluster"] = \
self.settings.get("installer-settings.couchbase.clusterName")
couchbase_cluster_parser["spec"]["security"]["rbac"][
"managed"] = True
except KeyError:
logger.error(
"rbac section is missing or incorrect in couchbase-cluster.yaml."
" Please set spec --> security --> rbac --> managed : true"
" and set spec --> security --> rbac --> selector --> matchLabels --> "
"cluster --> to your cluster name")
logger.info(
"As a result of the above the installation will exit "
"as the gluu user will not be created causing the communication between "
"Gluu server and Couchbase to fail.")
sys.exit()
if "localOpenEbsHostPathDynamic" in self.settings.get(
"installer-settings.volumeProvisionStrategy"):
volume_claims = couchbase_cluster_parser["spec"][
"volumeClaimTemplates"]
for i, volume_claim in enumerate(volume_claims):
couchbase_cluster_parser["spec"]["volumeClaimTemplates"][i]["spec"]["storageClassName"] = \
"openebs-hostpath"
couchbase_cluster_parser.dump_it()
self.kubernetes.create_objects_from_dict(
self.couchbase_custom_resource_definition_file,
namespace=cb_namespace)
self.kubernetes.create_objects_from_dict(
self.couchbase_operator_dac_file, namespace=cb_namespace)
# @TODO: Remove only the condition after depreciation of couchbase operator 2.0
if not self.old_couchbase:
self.kubernetes.create_objects_from_dict(
self.couchbase_admission_file, namespace=cb_namespace)
self.kubernetes.create_objects_from_dict(
self.couchbase_operator_backup_file, namespace=cb_namespace)
self.kubernetes.check_pods_statuses(cb_namespace,
"app=couchbase-operator", 700)
self.kubernetes.patch_or_create_namespaced_secret(
name="cb-auth",
namespace=cb_namespace,
literal="username",
value_of_literal=encoded_cb_super_user_string,
second_literal="password",
value_of_second_literal=encoded_cb_super_pass_string)
self.kubernetes.create_objects_from_dict(self.storage_class_file,
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_cluster_file,
group="couchbase.com",
version="v2",
plural="couchbaseclusters",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_buckets_file,
group="couchbase.com",
version="v2",
plural="couchbasebuckets",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_ephemeral_buckets_file,
group="couchbase.com",
version="v2",
plural="couchbaseephemeralbuckets",
namespace=cb_namespace)
coucbase_group_parser = Parser(self.couchbase_group_file,
"CouchbaseGroup")
coucbase_group_parser["metadata"]["labels"]["cluster"] = \
self.settings.get("installer-settings.couchbase.clusterName")
permissions = [
"query_select", "query_update", "query_insert", "query_delete"
]
allbuckets = ["", "site", "user", "cache", "token", "session"]
roles = []
for permission in permissions:
for bucket in allbuckets:
bucket_name = self.settings.get(
"config.configmap.cnCouchbaseBucketPrefix")
if bucket:
bucket_name = bucket_name + "_" + bucket
roles.append({"name": permission, "bucket": bucket_name})
coucbase_group_parser["spec"]["roles"] = roles
coucbase_group_parser.dump_it()
coucbase_user_parser = Parser(self.couchbase_user_file,
"CouchbaseUser")
coucbase_user_parser["metadata"]["labels"]["cluster"] = \
self.settings.get("installer-settings.couchbase.clusterName")
coucbase_user_parser.dump_it()
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_group_file,
group="couchbase.com",
version="v2",
plural="couchbasegroups",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_user_file,
group="couchbase.com",
version="v2",
plural="couchbaseusers",
namespace=cb_namespace)
self.kubernetes.create_namespaced_custom_object(
filepath=self.couchbase_rolebinding_file,
group="couchbase.com",
version="v2",
plural="couchbaserolebindings",
namespace=cb_namespace)
self.kubernetes.check_pods_statuses(
cb_namespace, "couchbase_service_analytics=enabled", 700)
self.kubernetes.check_pods_statuses(cb_namespace,
"couchbase_service_data=enabled",
700)
self.kubernetes.check_pods_statuses(
cb_namespace, "couchbase_service_eventing=enabled", 700)
self.kubernetes.check_pods_statuses(cb_namespace,
"couchbase_service_index=enabled",
700)
self.kubernetes.check_pods_statuses(cb_namespace,
"couchbase_service_query=enabled",
700)
self.kubernetes.check_pods_statuses(
cb_namespace, "couchbase_service_search=enabled", 700)
# Setup couchbase backups
if self.settings.get("global.storageClass.provisioner") not in (
"microk8s.io/hostpath", "k8s.io/minikube-hostpath"):
self.setup_backup_couchbase()
shutil.rmtree(self.couchbase_source_folder_pattern, ignore_errors=True)
def uninstall_gluu_gateway_ui(self):
exec_cmd("helm delete {} --namespace={}".format(
self.settings.get('GLUU_GATEWAY_UI_HELM_RELEASE_NAME'),
self.settings.get("GLUU_GATEWAY_UI_NAMESPACE")))
def check_install_nginx_ingress(self, install_ingress=True):
"""
Helm installs nginx ingress or checks to recieve and ip or address
:param install_ingress:
"""
if install_ingress:
self.kubernetes.delete_custom_resource(
"virtualservers.k8s.nginx.org")
self.kubernetes.delete_custom_resource(
"virtualserverroutes.k8s.nginx.org")
self.kubernetes.delete_cluster_role("ingress-nginx-nginx-ingress")
self.kubernetes.delete_cluster_role_binding(
"ingress-nginx-nginx-ingress")
self.kubernetes.create_namespace(name=self.settings.get(
"installer-settings.nginxIngress.releaseName"),
labels={"app": "ingress-nginx"})
self.kubernetes.delete_cluster_role(
self.settings.get(
'installer-settings.nginxIngress.releaseName') +
"-nginx-ingress-controller")
self.kubernetes.delete_cluster_role_binding(
self.settings.get(
'installer-settings.nginxIngress.releaseName') +
"-nginx-ingress-controller")
try:
exec_cmd(
"helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx"
)
exec_cmd("helm repo add stable https://charts.helm.sh/stable")
exec_cmd("helm repo update")
except FileNotFoundError:
logger.error(
"Helm v3 is not installed. Please install it to continue "
"https://helm.sh/docs/intro/install/")
raise SystemExit(1)
command = "helm install {} ingress-nginx/ingress-nginx --namespace={} ".format(
self.settings.get('installer-settings.nginxIngress.releaseName'),
self.settings.get("installer-settings.nginxIngress.namespace"))
if self.settings.get("installer-settings.volumeProvisionStrategy"
) == "minikubeDynamic":
exec_cmd("minikube addons enable ingress")
if "aws" in self.settings.get(
"installer-settings.volumeProvisionStrategy"):
if self.settings.get("installer-settings.aws.lbType") == "nlb":
if install_ingress:
nlb_override_values_file = Path(
"./nginx/aws/aws-nlb-override-values.yaml").resolve()
nlb_values = " --values {}".format(
nlb_override_values_file)
exec_cmd(command + nlb_values)
else:
if self.settings.get("installer-settings.aws.arn.enabled"):
if install_ingress:
elb_override_values_file = Path(
"./nginx/aws/aws-elb-override-values.yaml"
).resolve()
elb_file_parser = Parser(elb_override_values_file,
True)
elb_file_parser["controller"]["service"][
"annotations"].update({
"service.beta.kubernetes.io/aws-load-balancer-ssl-cert":
self.settings.get(
"installer-settings.aws.arn.arnAcmCert")
})
elb_file_parser["controller"]["config"]["proxy-real-ip-cidr"] = \
self.settings.get("installer-settings.aws.vpcCidr")
elb_file_parser.dump_it()
elb_values = " --values {}".format(
elb_override_values_file)
exec_cmd(command + elb_values)
else:
if install_ingress:
exec_cmd(command)
volume_provision_strategy = self.settings.get(
"installer-settings.volumeProvisionStrategy")
if "gke" in volume_provision_strategy or \
"aks" in volume_provision_strategy or \
"doks" in volume_provision_strategy:
if install_ingress:
cloud_override_values_file = Path(
"./nginx/cloud/cloud-override-values.yaml").resolve()
cloud_values = " --values {}".format(
cloud_override_values_file)
exec_cmd(command + cloud_values)
elif "local" in volume_provision_strategy:
if install_ingress:
baremetal_override_values_file = Path(
"./nginx/baremetal/baremetal-override-values.yaml"
).resolve()
baremetal_values = " --values {}".format(
baremetal_override_values_file)
exec_cmd(command + baremetal_values)
if self.settings.get("global.storageClass.provisioner") not in \
("microk8s.io/hostpath", "k8s.io/minikube-hostpath"):
logger.info("Waiting for nginx to be prepared...")
time.sleep(60)
self.wait_for_nginx_add()
def prompt_openbanking(self):
"""Prompts for OpenBanking distribution .
"""
if self.settings.get("global.cnObExtSigningJwksUri") in ("None", ''):
self.settings.set("global.cnObExtSigningJwksUri",
click.prompt("Open banking external signing jwks uri. Used in SSA Validation.",
default="https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks"))
if self.settings.get("global.cnObExtSigningJwksCrt") in ("None", ''):
print(
"Place the Open banking external signing jwks AS certificate string in a file named obsigning.pem. "
"Used in SSA Validation. "
" This will be encoded using base64 so please do not encode it.")
encoded_obsigning_pem = read_file("./obsigning.pem")
self.settings.set("global.cnObExtSigningJwksCrt", encoded_obsigning_pem)
if self.settings.get("global.cnObExtSigningJwksKey") in ("None", ''):
print(
"Place the Open banking external signing jwks AS key string in a file named obsigning.key. Used in "
"SSA Validation. "
" This will be encoded using base64 so please do not encode it.")
encoded_obsigning_pem = read_file("./obsigning.key")
self.settings.set("global.cnObExtSigningJwksKey", encoded_obsigning_pem)
# TODO: its possible that there is no passphrase for the key,
# and hence the below prompt will always prompt which will affect CI/CD.
# An installer param should be prompted for that case.
if self.settings.get("global.cnObExtSigningJwksKeyPassPhrase") in ("None", ''):
self.settings.set("global.cnObExtSigningJwksKeyPassPhrase",
click.prompt(
"OOpen banking external signing jwks AS key passphrase to unlock provided key.",
default=""))
if self.settings.get("global.cnObExtSigningAlias") in ("None", ''):
self.settings.set("global.cnObExtSigningAlias",
click.prompt("Open banking external signing AS Alias. "
"This is a kid value.Used in SSA Validation, "
"kid used while encoding a JWT sent to token URL",
default="XkwIzWy44xWSlcWnMiEc8iq9s2G"))
if self.settings.get("global.cnObStaticSigningKeyKid") in ("None", ''):
self.settings.set("global.cnObStaticSigningKeyKid",
click.prompt("Open banking signing AS kid to force the AS to use a specific signing key",
default="Wy44xWSlcWnMiEc8iq9s2G"))
if self.settings.get("global.cnObTransportCrt") in ("None", ''):
print(
"Place the Open banking AS transport certificate string in a file named obtransport.pem. Used in SSA "
"Validation. "
" This will be encoded using base64 so please do not encode it.")
encoded_obtransport_pem = read_file("./obtransport.pem")
self.settings.set("global.cnObTransportCrt", encoded_obtransport_pem)
if self.settings.get("global.cnObTransportKey") in ("None", ''):
print("Place the Open banking AS transport ke string in a file named obtransport.key. Used in SSA "
"Validation. "
" This will be encoded using base64 so please do not encode it.")
encoded_obtransport_key = read_file("./obtransport.key")
self.settings.set("global.cnObTransportKey", encoded_obtransport_key)
# TODO: its possible that there is no passphrase for the key,
# and hence the below prompt will always prompt which will affect CI/CD.
# An installer param should be prompted for that case.
if self.settings.get("global.cnObTransportKeyPassPhrase") in ("None", ''):
self.settings.set("global.cnObTransportKeyPassPhrase",
click.prompt("Open banking AS transport key passphrase to unlock AS transport key.",
default=""))
if self.settings.get("global.cnObTransportAlias") in ("None", ''):
self.settings.set("global.cnObTransportAlias",
click.prompt("Open banking transport Alias used inside the JVM",
default="OpenBankingAsTransport"))
if self.settings.get("installer-settings.openbanking.hasCnObTransportTrustStore") in ("None", ''):
self.settings.set("installer-settings.openbanking.hasCnObTransportTrustStore",
click.confirm("Do you have the Open banking AS transport truststore crt. "
"This is normally generated from the OB issuing CA, "
"OB Root CA and Signing CA.",
default=False))
if self.settings.get("global.cnObTransportTrustStore") in ("None", ''):
if self.settings.get("installer-settings.openbanking.hasCnObTransportTrustStore"):
print("Place the Open banking AS transport truststore p12 in a file "
"named obtransporttruststore.p12. Used in SSA "
"Validation. "
" This will be encoded using base64 so please do not encode it.")
encoded_transport_truststore_pem = read_file_bytes("./obtransporttruststore.p12")
self.settings.set("global.cnObTransportTrustStore", encoded_transport_truststore_pem)
else:
print("Place the Open banking issuing CA, OB Root CA and Signing CA string in one file "
"named obcas.pem. Example command: cat obissuingca.pem obrootca.pem obsigningca.pem > obcas.pem "
"This will be used to generate the ob transport truststore p12 file "
" This will be encoded using base64 so please do not encode it.")
# check file is there
read_file("./obcas.pem")
if self.settings.get("installer-settings.openbanking.cnObTransportTrustStoreP12password") in ("None", ''):
self.settings.set("installer-settings.openbanking.cnObTransportTrustStoreP12password",
prompt_password("Open Banking CAs"))
try:
stdout, stderr, retcode = exec_cmd(
f'keytool -importcert -file obcas.pem -keystore ob-transport-truststore.p12 -noprompt '
f'-alias obkeystore '
f'-storepass {self.settings.get("installer-settings.openbanking.cnObTransportTrustStoreP12password")}')
except FileNotFoundError:
print("Please install keytool.")
encoded_transport_truststore_pem = read_file_bytes("./ob-transport-truststore.p12")
self.settings.set("global.cnObTransportTrustStore", encoded_transport_truststore_pem)
def check_install_nginx_ingress(self, install_ingress=True):
"""
Helm installs nginx ingress or checks to recieve and ip or address
:param install_ingress:
"""
if install_ingress:
self.kubernetes.delete_custom_resource(
"virtualservers.k8s.nginx.org")
self.kubernetes.delete_custom_resource(
"virtualserverroutes.k8s.nginx.org")
self.kubernetes.delete_cluster_role("ingress-nginx-nginx-ingress")
self.kubernetes.delete_cluster_role_binding(
"ingress-nginx-nginx-ingress")
self.kubernetes.create_namespace(
name=self.settings.get("NGINX_INGRESS_NAMESPACE"),
labels={"app": "ingress-nginx"})
self.kubernetes.delete_cluster_role(
self.settings.get('NGINX_INGRESS_RELEASE_NAME') +
"-nginx-ingress-controller")
self.kubernetes.delete_cluster_role_binding(
self.settings.get('NGINX_INGRESS_RELEASE_NAME') +
"-nginx-ingress-controller")
try:
exec_cmd(
"helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx"
)
exec_cmd("helm repo add stable https://charts.helm.sh/stable")
exec_cmd("helm repo update")
except FileNotFoundError:
logger.error(
"Helm v3 is not installed. Please install it to continue "
"https://helm.sh/docs/intro/install/")
raise SystemExit(1)
command = "helm install {} ingress-nginx/ingress-nginx --namespace={} ".format(
self.settings.get('NGINX_INGRESS_RELEASE_NAME'),
self.settings.get("NGINX_INGRESS_NAMESPACE"))
if self.settings.get("DEPLOYMENT_ARCH") == "minikube":
exec_cmd("minikube addons enable ingress")
if self.settings.get("DEPLOYMENT_ARCH") == "eks":
if self.settings.get("AWS_LB_TYPE") == "nlb":
if install_ingress:
nlb_override_values_file = Path(
"./nginx/aws/aws-nlb-override-values.yaml").resolve()
nlb_values = " --values {}".format(
nlb_override_values_file)
exec_cmd(command + nlb_values)
else:
if self.settings.get("USE_ARN") == "Y":
if install_ingress:
elb_override_values_file = Path(
"./nginx/aws/aws-elb-override-values.yaml"
).resolve()
elb_file_parser = Parser(elb_override_values_file,
True)
elb_file_parser["controller"]["service"][
"annotations"].update({
"service.beta.kubernetes.io/aws-load-balancer-ssl-cert":
self.settings.get("ARN_AWS_IAM")
})
elb_file_parser["controller"]["config"][
"proxy-real-ip-cidr"] = self.settings.get(
"VPC_CIDR")
elb_file_parser.dump_it()
elb_values = " --values {}".format(
elb_override_values_file)
exec_cmd(command + elb_values)
else:
if install_ingress:
exec_cmd(command)
if self.settings.get("DEPLOYMENT_ARCH") in ("gke", "aks", "do"):
if install_ingress:
cloud_override_values_file = Path(
"./nginx/cloud/cloud-override-values.yaml").resolve()
cloud_values = " --values {}".format(
cloud_override_values_file)
exec_cmd(command + cloud_values)
if self.settings.get("DEPLOYMENT_ARCH") == "local":
if install_ingress:
baremetal_override_values_file = Path(
"./nginx/baremetal/baremetal-override-values.yaml"
).resolve()
baremetal_values = " --values {}".format(
baremetal_override_values_file)
exec_cmd(command + baremetal_values)
if self.settings.get("DEPLOYMENT_ARCH") not in ("microk8s",
"minikube"):
logger.info("Waiting for nginx to be prepared...")
time.sleep(60)
self.wait_for_nginx_add()
def uninstall_nginx_ingress(self):
exec_cmd("helm delete {} --namespace={}".format(
self.settings.get('NGINX_INGRESS_RELEASE_NAME'),
self.settings.get("NGINX_INGRESS_NAMESPACE")))
def uninstall_gluu(self):
exec_cmd("helm delete {} --namespace={}".format(
self.settings.get('CN_HELM_RELEASE_NAME'),
self.settings.get("CN_NAMESPACE")))
exec_cmd("helm delete {} --namespace={}".format(
self.ldap_backup_release_name, self.settings.get("CN_NAMESPACE")))
