summaryrefslogtreecommitdiffstats
path: root/k8s/configure/configure.py
blob: c0dcd3f77bd0a0bd9f982a185239437d52a7ded8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# ============LICENSE_START=======================================================
# org.onap.dcae
# ================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2019 Pantheon.tech. All rights reserved.
# Copyright (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================

_CONFIG_PATH = "/opt/onap/config.txt"   # Path to config file on the Cloudify Manager host
_CONSUL_KEY = "k8s-plugin"              # Key under which CM configuration is stored in Consul

# Default configuration values
DCAE_NAMESPACE = "dcae"
CONSUL_DNS_NAME = "consul"
DEFAULT_K8S_LOCATION = "central"
DEFAULT_MAX_WAIT = 1800

FB_LOG_PATH = "/var/log/onap"
FB_DATA_PATH = "/usr/share/filebeat/data"
FB_CONFIG_PATH = "/usr/share/filebeat/filebeat.yml"
FB_CONFIG_SUBPATH = "filebeat.yml"
FB_CONFIG_MAP = "filebeat-conf"
FB_IMAGE = "docker.elastic.co/beats/filebeat:5.5.0"

TLS_CERT_PATH = "/opt/app/osaaf"
TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0"
TLS_COMP_CERT_PATH = "/opt/dcae/cacert"
TLS_CA_CONFIGMAP = "dcae-cacert-configmap"

EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0"
EXT_TLS_REQUEST_URL = "https://aaf-cert-service:8443/v1/certificate/"
EXT_TLS_TIMEOUT = "30000"
EXT_TLS_COUNTRY = "US"
EXT_TLS_ORGANIZATION = "Linux-Foundation"
EXT_TLS_STATE = "California"
EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP"
EXT_TLS_LOCATION = "San-Francisco"
EXT_TLS_KEYSTORE_PASSWORD = "secret"
EXT_TLS_TRUSTSTORE_PASSWORD = "secret"

CBS_BASE_URL = "https://config-binding-service:10443/service_component_all"

def _set_defaults():
    """ Set default configuration parameters """
    return {
        "namespace" : DCAE_NAMESPACE,                   # k8s namespace to use for DCAE
        "consul_dns_name" : CONSUL_DNS_NAME,            # k8s internal DNS name for Consul
        "default_k8s_location" : DEFAULT_K8S_LOCATION,  # default k8s location to deploy components
        "image_pull_secrets" : [],                      # list of k8s secrets for accessing Docker registries
        "max_wait": DEFAULT_MAX_WAIT,                   # Default maximum time to wait for component to become healthy (secs)
        "filebeat": {                                   # Configuration for setting up filebeat container
            "log_path" : FB_LOG_PATH,                   # mount point for log volume in filebeat container
            "data_path" : FB_DATA_PATH,                 # mount point for data volume in filebeat container
            "config_path" : FB_CONFIG_PATH,             # mount point for config volume in filebeat container
            "config_subpath" : FB_CONFIG_SUBPATH,       # subpath for config data in filebeat container
            "config_map" : FB_CONFIG_MAP,               # ConfigMap holding the filebeat configuration
            "image": FB_IMAGE                           # Docker image to use for filebeat
        },
        "tls": {                                        # Configuration for setting up TLS
            "cert_path" : TLS_CERT_PATH,                # mount point for certificate volume in TLS init container
            "image": TLS_IMAGE,                         # Docker image to use for TLS init container
            "component_cert_dir": TLS_COMP_CERT_PATH    # default mount point for certificate volume in component container
        },
        "external_cert": {
            "image_tag": EXT_TLS_IMAGE,                           # Docker image to use for external TLS init container
            "request_url" : EXT_TLS_REQUEST_URL,                  # URL to Cert Service API
            "timeout" : EXT_TLS_TIMEOUT,                          # Request timeout
            "country" : EXT_TLS_COUNTRY,                          # Country name in ISO 3166-1 alpha-2 format, for which certificate will be created
            "organization" : EXT_TLS_ORGANIZATION,                # Organization name, for which certificate will be created
            "state" : EXT_TLS_STATE,                              # State name, for which certificate will be created
            "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT,  # Organizational unit name, for which certificate will be created
            "location" : EXT_TLS_LOCATION,                        # Location name, for which certificate will be created
            "keystore_password" : EXT_TLS_KEYSTORE_PASSWORD,      # Password to keystore file
            "truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD   # Password to truststore file
        },
        "cbs": {
            "base_url" : CBS_BASE_URL                   # URL prefix for accessing config binding service
        }

    }

def configure(config_path=_CONFIG_PATH, key = _CONSUL_KEY):
    """
    Get configuration information from local file and Consul.
    Note that the Cloudify context ("ctx") isn't available at
    module load time.
    """

    from cloudify.exceptions import NonRecoverableError
    try:
        import configparser
    except ImportError:
        import ConfigParser as configparser
    from k8splugin import discovery
    config = _set_defaults()

    try:
        # Get Consul address from a config file
        c = configparser.ConfigParser()
        c.read(config_path)
        config["consul_host"] = c.get('consul','address')

        # Get the rest of the config from Consul
        conn = discovery.create_kv_conn(config["consul_host"])
        val = discovery.get_kv_value(conn, key)

        # Merge Consul results into the config
        config.update(val)

    except discovery.DiscoveryKVEntryNotFoundError as e:
        # Don't reraise error, assume defaults are wanted.
        pass

    except Exception as e:
        raise NonRecoverableError(e)

    return config