starlingx
/
distcloud
Code Issues Proposed changes
distcloud/distributedcloud/dcmanager/manager/subcloud_manager.py

2627 lines
113 KiB
Python
Raw Blame History

# Copyright 2017 Ericsson AB.
# Copyright (c) 2017-2023 Wind River Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
from __future__ import division
import collections
import datetime
import filecmp
import functools
import json
import os
import shutil
import threading
import time
from eventlet import greenpool
from fm_api import constants as fm_const
from fm_api import fm_api
import keyring
import netaddr
from oslo_log import log as logging
from oslo_messaging import RemoteError
from tsconfig.tsconfig import CONFIG_PATH
from tsconfig.tsconfig import SW_VERSION
from dccommon import consts as dccommon_consts
from dccommon.drivers.openstack.sdk_platform import OpenStackDriver
from dccommon.drivers.openstack.sysinv_v1 import SysinvClient
from dccommon.exceptions import PlaybookExecutionFailed
from dccommon import kubeoperator
from dccommon.subcloud_install import SubcloudInstall
from dccommon.subcloud_install import SubcloudShutdown
from dccommon.utils import run_playbook
from dccommon.utils import RunAnsible
from dcmanager.audit import rpcapi as dcmanager_audit_rpc_client
from dcmanager.common import consts
from dcmanager.common.consts import INVENTORY_FILE_POSTFIX
from dcmanager.common import context as dcmanager_context
from dcmanager.common import exceptions
from dcmanager.common.exceptions import DCManagerException
from dcmanager.common.i18n import _
from dcmanager.common import manager
from dcmanager.common import phased_subcloud_deploy as psd_common
from dcmanager.common import prestage
from dcmanager.common import utils
from dcmanager.db import api as db_api
from dcmanager.db.sqlalchemy.models import Subcloud
from dcmanager.rpc import client as dcmanager_rpc_client
from dcorch.rpc import client as dcorch_rpc_client
LOG = logging.getLogger(__name__)
# Name of our distributed cloud addn_hosts file for dnsmasq
# to read. This file is referenced in dnsmasq.conf
ADDN_HOSTS_DC = 'dnsmasq.addn_hosts_dc'
# Subcloud configuration paths
ANSIBLE_SUBCLOUD_BACKUP_CREATE_PLAYBOOK = \
'/usr/share/ansible/stx-ansible/playbooks/create_subcloud_backup.yml'
ANSIBLE_SUBCLOUD_BACKUP_DELETE_PLAYBOOK = \
'/usr/share/ansible/stx-ansible/playbooks/delete_subcloud_backup.yml'
ANSIBLE_SUBCLOUD_BACKUP_RESTORE_PLAYBOOK = \
'/usr/share/ansible/stx-ansible/playbooks/restore_subcloud_backup.yml'
ANSIBLE_SUBCLOUD_PLAYBOOK = \
'/usr/share/ansible/stx-ansible/playbooks/bootstrap.yml'
ANSIBLE_SUBCLOUD_REHOME_PLAYBOOK = \
'/usr/share/ansible/stx-ansible/playbooks/rehome_subcloud.yml'
ANSIBLE_SUBCLOUD_UPDATE_PLAYBOOK = \
'/usr/share/ansible/stx-ansible/playbooks/update_subcloud.yml'
USERS_TO_REPLICATE = [
'sysinv',
'patching',
'vim',
'mtce',
'fm',
'barbican',
'dcmanager'
]
# The timeout of the rehome playbook is set to 180 seconds as it takes a
# long time for privilege escalation before resetting the host route and
# LDAP server address in a subcloud.
REHOME_PLAYBOOK_TIMEOUT = "180" # 180 seconds
UPDATE_PLAYBOOK_TIMEOUT = "180"
SC_INTERMEDIATE_CERT_DURATION = "8760h" # 1 year = 24 hours x 365
SC_INTERMEDIATE_CERT_RENEW_BEFORE = "720h" # 30 days
CERT_NAMESPACE = "dc-cert"
TRANSITORY_STATES = {
consts.DEPLOY_STATE_NONE: consts.DEPLOY_STATE_DEPLOY_PREP_FAILED,
consts.DEPLOY_STATE_PRE_DEPLOY: consts.DEPLOY_STATE_DEPLOY_PREP_FAILED,
consts.DEPLOY_STATE_CREATING: consts.DEPLOY_STATE_CREATE_FAILED,
consts.DEPLOY_STATE_PRE_INSTALL: consts.DEPLOY_STATE_PRE_INSTALL_FAILED,
consts.DEPLOY_STATE_INSTALLING: consts.DEPLOY_STATE_INSTALL_FAILED,
consts.DEPLOY_STATE_PRE_BOOTSTRAP: consts.DEPLOY_STATE_PRE_BOOTSTRAP_FAILED,
consts.DEPLOY_STATE_BOOTSTRAPPING: consts.DEPLOY_STATE_BOOTSTRAP_FAILED,
consts.DEPLOY_STATE_PRE_CONFIG: consts.DEPLOY_STATE_PRE_CONFIG_FAILED,
consts.DEPLOY_STATE_CONFIGURING: consts.DEPLOY_STATE_CONFIG_FAILED,
consts.DEPLOY_STATE_DEPLOYING: consts.DEPLOY_STATE_DEPLOY_FAILED,
consts.DEPLOY_STATE_ABORTING_INSTALL: consts.DEPLOY_STATE_INSTALL_FAILED,
consts.DEPLOY_STATE_ABORTING_BOOTSTRAP: consts.DEPLOY_STATE_BOOTSTRAP_FAILED,
consts.DEPLOY_STATE_ABORTING_CONFIG: consts.DEPLOY_STATE_CONFIG_FAILED,
consts.DEPLOY_STATE_MIGRATING_DATA: consts.DEPLOY_STATE_DATA_MIGRATION_FAILED,
consts.DEPLOY_STATE_PRE_RESTORE: consts.DEPLOY_STATE_RESTORE_PREP_FAILED,
consts.DEPLOY_STATE_RESTORING: consts.DEPLOY_STATE_RESTORE_FAILED,
consts.PRESTAGE_STATE_PACKAGES: consts.PRESTAGE_STATE_FAILED,
consts.PRESTAGE_STATE_IMAGES: consts.PRESTAGE_STATE_FAILED,
}
TRANSITORY_BACKUP_STATES = {
consts.BACKUP_STATE_VALIDATING: consts.BACKUP_STATE_VALIDATE_FAILED,
consts.BACKUP_STATE_PRE_BACKUP: consts.BACKUP_STATE_PREP_FAILED,
consts.BACKUP_STATE_IN_PROGRESS: consts.BACKUP_STATE_FAILED
}
MAX_PARALLEL_SUBCLOUD_BACKUP_CREATE = 250
MAX_PARALLEL_SUBCLOUD_BACKUP_DELETE = 250
MAX_PARALLEL_SUBCLOUD_BACKUP_RESTORE = 100
CENTRAL_BACKUP_DIR = '/opt/dc-vault/backups'
ENDPOINT_URLS = {
dccommon_consts.ENDPOINT_TYPE_PLATFORM: "https://{}:6386/v1",
dccommon_consts.ENDPOINT_TYPE_IDENTITY: "https://{}:5001/v3",
dccommon_consts.ENDPOINT_TYPE_PATCHING: "https://{}:5492",
dccommon_consts.ENDPOINT_TYPE_FM: "https://{}:18003",
dccommon_consts.ENDPOINT_TYPE_NFV: "https://{}:4546",
dccommon_consts.ENDPOINT_TYPE_SOFTWARE: "https://{}:5498",
}
class SubcloudManager(manager.Manager):
"""Manages tasks related to subclouds."""
regionone_data = collections.defaultdict(dict)
def __init__(self, *args, **kwargs):
LOG.debug(_('SubcloudManager initialization...'))
super(SubcloudManager, self).__init__(service_name="subcloud_manager",
*args, **kwargs)
self.context = dcmanager_context.get_admin_context()
self.dcorch_rpc_client = dcorch_rpc_client.EngineClient()
self.fm_api = fm_api.FaultAPIs()
self.audit_rpc_client = dcmanager_audit_rpc_client.ManagerAuditClient()
self.state_rpc_client = dcmanager_rpc_client.SubcloudStateClient()
@staticmethod
def _get_subcloud_cert_name(subcloud_name):
cert_name = "%s-adminep-ca-certificate" % subcloud_name
return cert_name
@staticmethod
def _get_subcloud_cert_secret_name(subcloud_name):
secret_name = "%s-adminep-ca-certificate" % subcloud_name
return secret_name
@staticmethod
def _create_intermediate_ca_cert(payload):
subcloud_name = payload["name"]
cert_name = SubcloudManager._get_subcloud_cert_name(subcloud_name)
secret_name = SubcloudManager._get_subcloud_cert_secret_name(
subcloud_name)
cert = {
"apiVersion": "%s/%s" % (kubeoperator.CERT_MANAGER_GROUP,
kubeoperator.CERT_MANAGER_VERSION),
"kind": "Certificate",
"metadata": {
"namespace": CERT_NAMESPACE,
"name": cert_name
},
"spec": {
"secretName": secret_name,
"duration": SC_INTERMEDIATE_CERT_DURATION,
"renewBefore": SC_INTERMEDIATE_CERT_RENEW_BEFORE,
"issuerRef": {
"kind": "Issuer",
"name": "dc-adminep-root-ca-issuer"
},
"commonName": cert_name,
"isCA": True,
},
}
kube = kubeoperator.KubeOperator()
kube.apply_cert_manager_certificate(CERT_NAMESPACE, cert_name, cert)
for count in range(1, 20):
secret = kube.kube_get_secret(secret_name, CERT_NAMESPACE)
if not hasattr(secret, 'data'):
time.sleep(1)
LOG.debug('Wait for %s ... %s' % (secret_name, count))
continue
data = secret.data
if ('ca.crt' not in data or
'tls.crt' not in data or 'tls.key' not in data) or \
not (data['ca.crt'] and data['tls.crt'] and data['tls.key']):
# ca cert, certificate and key pair are needed and must exist
# for creating an intermediate ca. If not, certificate is not
# ready yet.
time.sleep(1)
LOG.debug('Wait for %s ... %s' % (secret_name, count))
continue
payload['dc_root_ca_cert'] = data['ca.crt']
payload['sc_ca_cert'] = data['tls.crt']
payload['sc_ca_key'] = data['tls.key']
return
raise Exception("Secret for certificate %s is not ready." % cert_name)
# TODO(kmacleod) switch to using utils.get_ansible_filename
@staticmethod
def _get_ansible_filename(subcloud_name, postfix='.yml'):
ansible_filename = os.path.join(
dccommon_consts.ANSIBLE_OVERRIDES_PATH,
subcloud_name + postfix)
return ansible_filename
def compose_install_command(self, subcloud_name,
ansible_subcloud_inventory_file,
software_version=None):
install_command = [
"ansible-playbook", dccommon_consts.ANSIBLE_SUBCLOUD_INSTALL_PLAYBOOK,
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name,
"-e", "@%s" % dccommon_consts.ANSIBLE_OVERRIDES_PATH + "/" +
subcloud_name + '/' + "install_values.yml",
"-e", "install_release_version=%s" %
software_version if software_version else SW_VERSION]
return install_command
def compose_bootstrap_command(self, subcloud_name,
ansible_subcloud_inventory_file,
software_version=None):
bootstrap_command = [
"ansible-playbook",
utils.get_playbook_for_software_version(
ANSIBLE_SUBCLOUD_PLAYBOOK, software_version),
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name
]
# Add the overrides dir and region_name so the playbook knows
# which overrides to load
bootstrap_command += [
"-e", str("override_files_dir='%s' region_name=%s") % (
dccommon_consts.ANSIBLE_OVERRIDES_PATH, subcloud_name),
"-e", "install_release_version=%s" %
software_version if software_version else SW_VERSION]
return bootstrap_command
def compose_config_command(self, subcloud_name, ansible_subcloud_inventory_file, payload):
config_command = [
"ansible-playbook", payload[consts.DEPLOY_PLAYBOOK],
"-e", "@%s" % dccommon_consts.ANSIBLE_OVERRIDES_PATH + "/" +
subcloud_name + '_deploy_values.yml',
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name
]
return config_command
def compose_backup_command(self, subcloud_name, ansible_subcloud_inventory_file):
backup_command = [
"ansible-playbook", ANSIBLE_SUBCLOUD_BACKUP_CREATE_PLAYBOOK,
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name,
"-e", "subcloud_bnr_overrides=%s" % dccommon_consts.ANSIBLE_OVERRIDES_PATH + "/" +
subcloud_name + "_backup_create_values.yml"]
return backup_command
def compose_backup_delete_command(self, subcloud_name,
ansible_subcloud_inventory_file):
backup_command = [
"ansible-playbook", ANSIBLE_SUBCLOUD_BACKUP_DELETE_PLAYBOOK,
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name,
"-e", "subcloud_bnr_overrides=%s" % dccommon_consts.ANSIBLE_OVERRIDES_PATH + "/" +
subcloud_name + "_backup_delete_values.yml"]
return backup_command
def compose_backup_restore_command(self, subcloud_name, ansible_subcloud_inventory_file):
backup_command = [
"ansible-playbook", ANSIBLE_SUBCLOUD_BACKUP_RESTORE_PLAYBOOK,
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name,
"-e", "subcloud_bnr_overrides=%s" % dccommon_consts.ANSIBLE_OVERRIDES_PATH + "/" +
subcloud_name + "_backup_restore_values.yml"]
return backup_command
def compose_update_command(self, subcloud_name, ansible_subcloud_inventory_file):
subcloud_update_command = [
"ansible-playbook", ANSIBLE_SUBCLOUD_UPDATE_PLAYBOOK,
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name,
"--timeout", UPDATE_PLAYBOOK_TIMEOUT,
"-e", "subcloud_update_overrides=%s" % dccommon_consts.ANSIBLE_OVERRIDES_PATH + "/" +
subcloud_name + "_update_values.yml"]
return subcloud_update_command
def compose_rehome_command(self, subcloud_name,
ansible_subcloud_inventory_file,
software_version):
rehome_command = [
"ansible-playbook",
utils.get_playbook_for_software_version(
ANSIBLE_SUBCLOUD_REHOME_PLAYBOOK, software_version),
"-i", ansible_subcloud_inventory_file,
"--limit", subcloud_name,
"--timeout", REHOME_PLAYBOOK_TIMEOUT,
"-e", str("override_files_dir='%s' region_name=%s") % (
dccommon_consts.ANSIBLE_OVERRIDES_PATH, subcloud_name)]
return rehome_command
def rehome_subcloud(self, context, subcloud, payload):
# Ansible inventory filename for the specified subcloud
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
rehome_command = self.compose_rehome_command(
subcloud.name,
ansible_subcloud_inventory_file,
subcloud.software_version)
self.run_deploy_thread(subcloud, payload, context,
rehome_command=rehome_command)
def add_subcloud(self, context, subcloud_id, payload):
"""Add subcloud and notify orchestrators.
:param context: request context object
:param subcloud_id: id of the subcloud
:param payload: subcloud configuration
"""
LOG.info(f"Adding subcloud {payload['name']}.")
rehoming = payload.get('migrate', '').lower() == "true"
payload['ansible_ssh_pass'] = payload['sysadmin_password']
# Create the subcloud
subcloud = self.subcloud_deploy_create(context, subcloud_id,
payload, rehoming,
return_as_dict=False)
# Return if create failed
if rehoming:
success_state = consts.DEPLOY_STATE_PRE_REHOME
else:
success_state = consts.DEPLOY_STATE_CREATED
if subcloud.deploy_status != success_state:
return
# Rehome subcloud
if rehoming:
self.rehome_subcloud(context, subcloud, payload)
return
# Define which deploy phases should be run
phases_to_run = []
if consts.INSTALL_VALUES in payload:
phases_to_run.append(consts.DEPLOY_PHASE_INSTALL)
phases_to_run.append(consts.DEPLOY_PHASE_BOOTSTRAP)
if consts.DEPLOY_CONFIG in payload:
phases_to_run.append(consts.DEPLOY_PHASE_CONFIG)
# Finish adding the subcloud by running the deploy phases
succeeded = self.run_deploy_phases(
context, subcloud_id, payload, phases_to_run)
if succeeded:
subcloud = db_api.subcloud_update(
context, subcloud_id, deploy_status=consts.DEPLOY_STATE_DONE)
LOG.info(f"Finished adding subcloud {subcloud['name']}.")
def reconfigure_subcloud(self, context, subcloud_id, payload):
"""Reconfigure subcloud
:param context: request context object
:param subcloud_id: id of the subcloud
:param payload: subcloud configuration
"""
LOG.info("Reconfiguring subcloud %s." % subcloud_id)
subcloud = db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_PRE_DEPLOY)
try:
# Ansible inventory filename for the specified subcloud
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
config_command = None
if "deploy_playbook" in payload:
self._prepare_for_deployment(payload, subcloud.name)
config_command = self.compose_config_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload)
del payload['sysadmin_password']
apply_thread = threading.Thread(
target=self.run_deploy_thread,
args=(subcloud, payload, context, None, None, config_command))
apply_thread.start()
return db_api.subcloud_db_model_to_dict(subcloud)
except Exception:
LOG.exception("Failed to create subcloud %s" % subcloud.name)
# If we failed to create the subcloud, update the
# deployment status
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_DEPLOY_PREP_FAILED)
def reinstall_subcloud(self, context, subcloud_id, payload):
"""Reinstall subcloud
:param context: request context object
:param subcloud_id: subcloud id from db
:param payload: subcloud reinstall
"""
# Retrieve the subcloud details from the database
subcloud = db_api.subcloud_get(context, subcloud_id)
LOG.info("Reinstalling subcloud %s." % subcloud_id)
try:
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
m_ks_client = OpenStackDriver(
region_name=dccommon_consts.DEFAULT_REGION_NAME,
region_clients=None).keystone_client
cached_regionone_data = self._get_cached_regionone_data(m_ks_client)
self._populate_payload_with_cached_keystone_data(
cached_regionone_data, payload)
payload['install_values']['ansible_ssh_pass'] = \
payload['sysadmin_password']
payload['install_values']['ansible_become_pass'] = \
payload['sysadmin_password']
payload['bootstrap-address'] = \
payload['install_values']['bootstrap_address']
config_command = None
if "deploy_playbook" in payload:
self._prepare_for_deployment(payload, subcloud.name)
config_command = self.compose_config_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload)
del payload['sysadmin_password']
payload['users'] = dict()
for user in USERS_TO_REPLICATE:
payload['users'][user] = \
str(keyring.get_password(
user, dccommon_consts.SERVICES_USER_NAME))
utils.create_subcloud_inventory(payload,
ansible_subcloud_inventory_file)
self._create_intermediate_ca_cert(payload)
self._write_subcloud_ansible_config(cached_regionone_data, payload)
install_command = self.compose_install_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload['software_version'])
bootstrap_command = self.compose_bootstrap_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload['software_version'])
network_reconfig = utils.has_network_reconfig(payload, subcloud)
apply_thread = threading.Thread(
target=self.run_deploy_thread,
args=(subcloud, payload, context,
install_command, bootstrap_command, config_command,
None, network_reconfig))
apply_thread.start()
return db_api.subcloud_db_model_to_dict(subcloud)
except Exception:
LOG.exception("Failed to reinstall subcloud %s" % subcloud.name)
# If we failed to reinstall the subcloud, update the
# deployment status
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_PRE_INSTALL_FAILED)
def redeploy_subcloud(self, context, subcloud_id, payload):
"""Redeploy subcloud
:param context: request context object
:param subcloud_id: subcloud id from db
:param payload: subcloud redeploy
"""
# Retrieve the subcloud details from the database
subcloud = db_api.subcloud_get(context, subcloud_id)
LOG.info("Redeploying subcloud %s." % subcloud.name)
# Define which deploy phases to run
phases_to_run = [consts.DEPLOY_PHASE_INSTALL,
consts.DEPLOY_PHASE_BOOTSTRAP]
if consts.DEPLOY_CONFIG in payload:
phases_to_run.append(consts.DEPLOY_PHASE_CONFIG)
succeeded = self.run_deploy_phases(context, subcloud_id, payload,
phases_to_run)
if succeeded:
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_DONE,
error_description=consts.ERROR_DESC_EMPTY)
LOG.info(f"Finished redeploying subcloud {subcloud['name']}.")
def create_subcloud_backups(self, context, payload):
"""Backup subcloud or group of subclouds
:param context: request context object
:param payload: subcloud backup create detail
"""
subcloud_id = payload.get('subcloud')
group_id = payload.get('group')
# Retrieve either a single subcloud or all subclouds in a group
subclouds = [db_api.subcloud_get(context, subcloud_id)] if subcloud_id\
else db_api.subcloud_get_for_group(context, group_id)
self._filter_subclouds_with_ongoing_backup(subclouds)
self._update_backup_status(context, subclouds,
consts.BACKUP_STATE_INITIAL)
# Validate the subclouds and filter the ones applicable for backup
self._update_backup_status(context, subclouds,
consts.BACKUP_STATE_VALIDATING)
subclouds_to_backup, invalid_subclouds = \
self._validate_subclouds_for_backup(subclouds, 'create')
self._mark_invalid_subclouds_for_backup(context, invalid_subclouds)
# Use thread pool to limit number of operations in parallel
backup_pool = greenpool.GreenPool(size=MAX_PARALLEL_SUBCLOUD_BACKUP_CREATE)
# Spawn threads to back up each applicable subcloud
backup_function = functools.partial(self._backup_subcloud, context,
payload)
self._run_parallel_group_operation('backup create',
backup_function,
backup_pool,
subclouds_to_backup)
LOG.info("Subcloud backup operation finished")
def delete_subcloud_backups(self, context, release_version, payload):
"""Delete backups for subcloud or group of subclouds for a given release
:param context: request context object
:param release_version Backup release version to be deleted
:param payload: subcloud backup delete detail
"""
local_delete = payload.get('local_only')
subclouds_to_delete_backup, invalid_subclouds = \
self._filter_subclouds_for_backup_delete(context, payload, local_delete)
# Spawn threads to back up each applicable subcloud
backup_delete_function = functools.partial(
self._delete_subcloud_backup, context, payload, release_version)
# Use thread pool to limit number of operations in parallel
max_parallel_operations = MAX_PARALLEL_SUBCLOUD_BACKUP_DELETE
backup_delete_pool = greenpool.GreenPool(size=max_parallel_operations)
failed_subclouds = self._run_parallel_group_operation(
'backup delete', backup_delete_function, backup_delete_pool,
subclouds_to_delete_backup)
LOG.info("Subcloud backup delete operation finished")
return self._subcloud_operation_notice('delete', subclouds_to_delete_backup,
failed_subclouds, invalid_subclouds)
def restore_subcloud_backups(self, context, payload):
"""Restore a subcloud or group of subclouds from backup data
:param context: request context object
:param payload: restore backup subcloud detail
"""
subcloud_id = payload.get('subcloud')
group_id = payload.get('group')
# Initialize subclouds lists
restore_subclouds, invalid_subclouds, failed_subclouds = (
list(), list(), list())
# Retrieve either a single subcloud or all subclouds in a group
subclouds = (
[db_api.subcloud_get(context, subcloud_id)] if subcloud_id
else db_api.subcloud_get_for_group(context, group_id)
)
restore_subclouds, invalid_subclouds = (
self._validate_subclouds_for_backup(subclouds, 'restore')
)
if restore_subclouds:
# Use thread pool to limit number of operations in parallel
restore_pool = greenpool.GreenPool(
size=MAX_PARALLEL_SUBCLOUD_BACKUP_RESTORE)
# Spawn threads to back up each applicable subcloud
restore_function = functools.partial(
self._restore_subcloud_backup, context, payload)
failed_subclouds = self._run_parallel_group_operation(
'backup restore', restore_function,
restore_pool, restore_subclouds
)
restored_subclouds = len(restore_subclouds) - len(failed_subclouds)
LOG.info("Subcloud restore backup operation finished.\n"
"Restored subclouds: %s. Invalid subclouds: %s. "
"Failed subclouds: %s." % (restored_subclouds,
len(invalid_subclouds),
len(failed_subclouds)))
return self._subcloud_operation_notice('restore', restore_subclouds,
failed_subclouds, invalid_subclouds)
def _deploy_bootstrap_prep(self, context, subcloud, payload: dict,
ansible_subcloud_inventory_file):
"""Run the preparation steps needed to run the bootstrap operation
:param context: target request context object
:param subcloud: subcloud model object
:param payload: bootstrap request parameters
:param ansible_subcloud_inventory_file: the ansible inventory file path
:return: ansible command needed to run the bootstrap playbook
"""
network_reconfig = utils.has_network_reconfig(payload, subcloud)
if network_reconfig:
self._configure_system_controller_network(context, payload, subcloud,
update_db=False)
# Regenerate the addn_hosts_dc file
self._create_addn_hosts_dc(context)
# Update subcloud
subcloud = db_api.subcloud_update(
context,
subcloud.id,
description=payload.get("description"),
management_subnet=utils.get_management_subnet(payload),
management_gateway_ip=utils.get_management_gateway_address(
payload),
management_start_ip=utils.get_management_start_address(
payload),
management_end_ip=utils.get_management_end_address(payload),
systemcontroller_gateway_ip=payload.get(
"systemcontroller_gateway_address"),
location=payload.get("location"),
deploy_status=consts.DEPLOY_STATE_PRE_BOOTSTRAP)
# Populate payload with passwords
payload['ansible_become_pass'] = payload['sysadmin_password']
payload['ansible_ssh_pass'] = payload['sysadmin_password']
payload['admin_password'] = str(keyring.get_password('CGCS', 'admin'))
payload_without_sysadmin_password = payload.copy()
if 'sysadmin_password' in payload_without_sysadmin_password:
del payload_without_sysadmin_password['sysadmin_password']
# Update the ansible overrides file
overrides_file = os.path.join(dccommon_consts.ANSIBLE_OVERRIDES_PATH,
subcloud.name + '.yml')
utils.update_values_on_yaml_file(overrides_file,
payload_without_sysadmin_password)
# Update the ansible inventory for the subcloud
utils.create_subcloud_inventory(payload,
ansible_subcloud_inventory_file)
bootstrap_command = self.compose_bootstrap_command(
subcloud.name,
ansible_subcloud_inventory_file,
subcloud.software_version)
return bootstrap_command
def _deploy_config_prep(self, subcloud, payload: dict,
ansible_subcloud_inventory_file):
"""Run the preparation steps needed to run the config operation
:param subcloud: target subcloud model object
:param payload: config request parameters
:param ansible_subcloud_inventory_file: the ansible inventory file path
:return: ansible command needed to run the config playbook
"""
self._prepare_for_deployment(payload, subcloud.name)
config_command = self.compose_config_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload)
return config_command
def _deploy_install_prep(self, subcloud, payload: dict,
ansible_subcloud_inventory_file):
"""Run the preparation steps needed to run the install operation
:param subcloud: target subcloud model object
:param payload: install request parameters
:param ansible_subcloud_inventory_file: the ansible inventory file path
:return: ansible command needed to run the install playbook
"""
payload['install_values']['ansible_ssh_pass'] = \
payload['sysadmin_password']
payload['install_values']['ansible_become_pass'] = \
payload['sysadmin_password']
# If all update_values already exists on override file or are
# the same as the existing ones, the update won't happen
# and the file will remain untouched
bootstrap_file = psd_common.get_config_file_path(subcloud.name,
consts.BOOTSTRAP_VALUES)
update_values = {'software_version': payload['software_version'],
'bmc_password': payload['bmc_password'],
'ansible_ssh_pass': payload['sysadmin_password'],
'ansible_become_pass': payload['sysadmin_password']
}
utils.update_values_on_yaml_file(bootstrap_file,
update_values)
install_command = self.compose_install_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload['software_version'])
return install_command
def subcloud_deploy_abort(self, context, subcloud_id, deploy_status):
"""Abort the subcloud deploy
:param context: request context object
:param subcloud_id: subcloud id from db
:param deploy_status: subcloud deploy status from db
"""
LOG.info("Aborting deployment of subcloud %s." % subcloud_id)
subcloud = utils.update_abort_status(context, subcloud_id, deploy_status)
try:
run_ansible = RunAnsible()
aborted = run_ansible.run_abort(subcloud.name)
if not aborted:
LOG.warning("Ansible deploy phase subprocess of %s "
"was terminated before it could be aborted"
% subcloud.name)
# let the main phase thread handle the state update
return
if subcloud.deploy_status == consts.DEPLOY_STATE_ABORTING_INSTALL:
# First delete the k8s job and pod, stopping the current
# installation attempt if exists
# Then send shutdown signal to subcloud
kube = kubeoperator.KubeOperator()
shutdown_subcloud = SubcloudShutdown(subcloud.name)
namespace = dccommon_consts.RVMC_NAME_PREFIX
jobname = '%s-%s' % (namespace, subcloud.name)
pod_basename = '%s-' % jobname
all_pods = kube.get_pods_by_namespace(namespace)
desired_pod = next((s for s in all_pods if pod_basename in s), None)
if desired_pod:
kube.kube_delete_job(jobname, namespace)
kube.kube_delete_pod(desired_pod, namespace)
while kube.pod_exists(desired_pod, namespace):
time.sleep(2)
shutdown_subcloud.send_shutdown_signal()
except Exception as ex:
LOG.error("Subcloud deploy abort failed for subcloud %s" % subcloud.name)
utils.update_abort_status(context, subcloud.id, subcloud.deploy_status,
abort_failed=True)
# exception is logged above
raise ex
LOG.info("Successfully aborted deployment of %s" % subcloud.name)
utils.update_abort_status(context, subcloud.id, subcloud.deploy_status)
def subcloud_deploy_resume(self, context, subcloud_id, subcloud_name,
payload: dict, deploy_states_to_run):
"""Resume the subcloud deployment
:param context: request context object
:param subcloud_id: subcloud id from db
:param subcloud_name: name of the subcloud
:param payload: subcloud resume payload
:param deploy_states_to_run: deploy phases pending execution
"""
LOG.info("Resuming deployment of subcloud %s. Deploy phases to be executed: %s"
% (subcloud_name, ', '.join(deploy_states_to_run)))
self.run_deploy_phases(context, subcloud_id, payload,
deploy_states_to_run)
def subcloud_deploy_create(self, context, subcloud_id, payload,
rehoming=False, return_as_dict=True):
"""Create subcloud and notify orchestrators.
:param context: request context object
:param subcloud_id: subcloud_id from db
:param payload: subcloud configuration
:param rehoming: flag indicating if this is part of a rehoming operation
:param return_as_dict: converts the subcloud DB object to a dict before returning
:return: resulting subcloud DB object or dictionary
"""
LOG.info("Creating subcloud %s." % payload['name'])
if rehoming:
deploy_state = consts.DEPLOY_STATE_PRE_REHOME
else:
deploy_state = consts.DEPLOY_STATE_CREATING
subcloud = db_api.subcloud_update(
context, subcloud_id,
deploy_status=deploy_state)
try:
# Create a new route to this subcloud on the management interface
# on both controllers.
m_ks_client = OpenStackDriver(
region_name=dccommon_consts.DEFAULT_REGION_NAME,
region_clients=None).keystone_client
subcloud_subnet = netaddr.IPNetwork(
utils.get_management_subnet(payload))
endpoint = m_ks_client.endpoint_cache.get_endpoint('sysinv')
sysinv_client = SysinvClient(dccommon_consts.DEFAULT_REGION_NAME,
m_ks_client.session,
endpoint=endpoint)
LOG.debug("Getting cached regionone data for %s" % subcloud.name)
cached_regionone_data = self._get_cached_regionone_data(
m_ks_client, sysinv_client)
for mgmt_if_uuid in cached_regionone_data['mgmt_interface_uuids']:
sysinv_client.create_route(
mgmt_if_uuid,
str(subcloud_subnet.ip),
subcloud_subnet.prefixlen,
payload['systemcontroller_gateway_address'],
1)
# Create endpoints to this subcloud on the
# management-start-ip of the subcloud which will be allocated
# as the floating Management IP of the Subcloud if the
# Address Pool is not shared. Incase the endpoint entries
# are incorrect, or the management IP of the subcloud is changed
# in the future, it will not go managed or will show up as
# out of sync. To fix this use Openstack endpoint commands
# on the SystemController to change the subcloud endpoints.
# The non-identity endpoints are added to facilitate horizon access
# from the System Controller to the subcloud.
endpoint_config = []
endpoint_ip = utils.get_management_start_address(payload)
if netaddr.IPAddress(endpoint_ip).version == 6:
endpoint_ip = '[' + endpoint_ip + ']'
for service in m_ks_client.services_list:
admin_endpoint_url = ENDPOINT_URLS.get(service.type, None)
if admin_endpoint_url:
admin_endpoint_url = admin_endpoint_url.format(endpoint_ip)
endpoint_config.append(
{"id": service.id,
"admin_endpoint_url": admin_endpoint_url})
if len(endpoint_config) < len(ENDPOINT_URLS):
raise exceptions.BadRequest(
resource='subcloud',
msg='Missing service in SystemController')
for endpoint in endpoint_config:
try:
m_ks_client.keystone_client.endpoints.create(
endpoint["id"],
endpoint['admin_endpoint_url'],
interface=dccommon_consts.KS_ENDPOINT_ADMIN,
region=subcloud.name)
except Exception as e:
# Keystone service must be temporarily busy, retry
LOG.error(str(e))
m_ks_client.keystone_client.endpoints.create(
endpoint["id"],
endpoint['admin_endpoint_url'],
interface=dccommon_consts.KS_ENDPOINT_ADMIN,
region=subcloud.name)
# Inform orchestrator that subcloud has been added
self.dcorch_rpc_client.add_subcloud(
context, subcloud.name, subcloud.software_version)
# create entry into alarm summary table, will get real values later
alarm_updates = {'critical_alarms': -1,
'major_alarms': -1,
'minor_alarms': -1,
'warnings': -1,
'cloud_status': consts.ALARMS_DISABLED}
db_api.subcloud_alarms_create(context, subcloud.name,
alarm_updates)
# Regenerate the addn_hosts_dc file
self._create_addn_hosts_dc(context)
self._populate_payload_with_cached_keystone_data(
cached_regionone_data, payload, populate_passwords=False)
if "deploy_playbook" in payload:
self._prepare_for_deployment(payload, subcloud.name,
populate_passwords=False)
payload['users'] = {}
for user in USERS_TO_REPLICATE:
payload['users'][user] = \
str(keyring.get_password(
user, dccommon_consts.SERVICES_USER_NAME))
# Ansible inventory filename for the specified subcloud
ansible_subcloud_inventory_file = utils.get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
# Create the ansible inventory for the new subcloud
utils.create_subcloud_inventory(payload,
ansible_subcloud_inventory_file)
# create subcloud intermediate certificate and pass in keys
self._create_intermediate_ca_cert(payload)
# Write this subclouds overrides to file
# NOTE: This file should not be deleted if subcloud add fails
# as it is used for debugging
self._write_subcloud_ansible_config(cached_regionone_data, payload)
if not rehoming:
deploy_state = consts.DEPLOY_STATE_CREATED
except Exception:
LOG.exception("Failed to create subcloud %s" % payload['name'])
# If we failed to create the subcloud, update the deployment status
if rehoming:
deploy_state = consts.DEPLOY_STATE_REHOME_PREP_FAILED
else:
deploy_state = consts.DEPLOY_STATE_CREATE_FAILED
subcloud = db_api.subcloud_update(
context, subcloud.id,
deploy_status=deploy_state)
# The RPC call must return the subcloud as a dictionary, otherwise it
# should return the DB object for dcmanager internal use (subcloud add)
if return_as_dict:
subcloud = db_api.subcloud_db_model_to_dict(subcloud)
return subcloud
def subcloud_deploy_install(self, context, subcloud_id, payload: dict) -> bool:
"""Install subcloud
:param context: request context object
:param subcloud_id: subcloud id from db
:param payload: subcloud Install
:return: success status
"""
# Retrieve the subcloud details from the database
subcloud = db_api.subcloud_update(
context,
subcloud_id,
software_version=payload['software_version'],
deploy_status=consts.DEPLOY_STATE_PRE_INSTALL,
data_install=json.dumps(payload['install_values']))
LOG.info("Installing subcloud %s." % subcloud.name)
try:
log_file = (
os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name)
+ "_playbook_output.log"
)
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
install_command = self._deploy_install_prep(
subcloud, payload, ansible_subcloud_inventory_file)
install_success = self._run_subcloud_install(
context, subcloud, install_command,
log_file, payload['install_values'],
abortable=True)
if install_success:
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_INSTALLED,
error_description=consts.ERROR_DESC_EMPTY)
return install_success
except Exception:
LOG.exception("Failed to install subcloud %s" % subcloud.name)
# If we failed to install the subcloud,
# update the deployment status
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_PRE_INSTALL_FAILED)
return False
def subcloud_deploy_bootstrap(self, context, subcloud_id, payload):
"""Bootstrap subcloud
:param context: request context object
:param subcloud_id: subcloud_id from db
:param payload: subcloud bootstrap configuration
:return: success status
"""
LOG.info("Bootstrapping subcloud %s." % payload['name'])
# Retrieve the subcloud details from the database
subcloud = db_api.subcloud_get(context, subcloud_id)
try:
log_file = (
os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name)
+ "_playbook_output.log"
)
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
bootstrap_command = self._deploy_bootstrap_prep(
context, subcloud, payload,
ansible_subcloud_inventory_file)
bootstrap_success = self._run_subcloud_bootstrap(
context, subcloud, bootstrap_command, log_file)
return bootstrap_success
except Exception:
LOG.exception("Failed to bootstrap subcloud %s" % payload['name'])
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_PRE_BOOTSTRAP_FAILED)
return False
def subcloud_deploy_config(self, context, subcloud_id, payload: dict) -> bool:
"""Configure subcloud
:param context: request context object
:param subcloud_id: subcloud_id from db
:param payload: subcloud configuration
:return: success status
"""
LOG.info("Configuring subcloud %s." % subcloud_id)
subcloud = db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_PRE_CONFIG)
try:
log_file = (
os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name)
+ "_playbook_output.log"
)
# Ansible inventory filename for the specified subcloud
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
self._prepare_for_deployment(payload, subcloud.name)
config_command = self.compose_config_command(
subcloud.name,
ansible_subcloud_inventory_file,
payload)
config_success = self._run_subcloud_config(subcloud, context,
config_command, log_file)
return config_success
except Exception:
LOG.exception("Failed to configure %s" % subcloud.name)
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_PRE_CONFIG_FAILED)
return False
def subcloud_deploy_complete(self, context, subcloud_id):
"""Completes the subcloud deployment.
:param context: request context object
:param subcloud_id: subcloud_id from db
:return: resulting subcloud dictionary
"""
LOG.info("Completing subcloud %s deployment." % subcloud_id)
# Just update the deploy status
subcloud = db_api.subcloud_update(context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_DONE)
LOG.info("Subcloud %s deploy status set to: %s"
% (subcloud_id, consts.DEPLOY_STATE_DONE))
return db_api.subcloud_db_model_to_dict(subcloud)
def _subcloud_operation_notice(
self, operation, restore_subclouds, failed_subclouds,
invalid_subclouds):
all_failed = ((not set(restore_subclouds) - set(failed_subclouds))
and not invalid_subclouds)
if all_failed:
LOG.error("Backup %s failed for all applied subclouds" % operation)
raise exceptions.SubcloudBackupOperationFailed(operation=operation)
if invalid_subclouds:
self._warn_for_invalid_subclouds_on_backup_operation(invalid_subclouds)
if failed_subclouds:
self._warn_for_failed_subclouds_on_backup_operation(operation,
failed_subclouds)
if invalid_subclouds or failed_subclouds:
return self._build_subcloud_operation_notice(operation,
failed_subclouds,
invalid_subclouds)
return
def _filter_subclouds_with_ongoing_backup(self, subclouds):
i = 0
while i < len(subclouds):
subcloud = subclouds[i]
if subcloud.backup_status in consts.STATES_FOR_ONGOING_BACKUP:
LOG.info(_('Subcloud %s already has a backup operation in '
'progress' % subcloud.name))
subclouds.pop(i)
else:
i += 1
def _validate_subclouds_for_backup(self, subclouds, operation):
valid_subclouds = []
invalid_subclouds = []
for subcloud in subclouds:
is_valid = False
try:
if utils.is_valid_for_backup_operation(operation, subcloud):
is_valid = True
except exceptions.ValidateFail:
is_valid = False
if is_valid:
valid_subclouds.append(subcloud)
else:
invalid_subclouds.append(subcloud)
return valid_subclouds, invalid_subclouds
@staticmethod
def _mark_invalid_subclouds_for_backup(context, invalid_subclouds):
try:
invalid_ids = {subcloud.id for subcloud in invalid_subclouds}
invalid_names = {subcloud.name for subcloud in invalid_subclouds}
if invalid_ids:
# Set state on subclouds that failed validation
LOG.warn('The following subclouds are not online and/or managed '
'and/or in a valid deploy state, and will not be backed '
'up: %s', ', '.join(list(invalid_names)))
SubcloudManager._update_backup_status_by_ids(
context, invalid_ids,
consts.BACKUP_STATE_VALIDATE_FAILED)
except DCManagerException as ex:
LOG.exception("Subcloud backup validation failed")
raise ex
@staticmethod
def _warn_for_invalid_subclouds_on_backup_operation(invalid_subclouds):
invalid_names = {subcloud.name for subcloud in invalid_subclouds}
LOG.warn('The following subclouds were not online and/or in a valid '
'deploy/management state, and thus were not be reached '
'for backup operation: %s', ', '.join(list(invalid_names)))
@staticmethod
def _warn_for_failed_subclouds_on_backup_operation(operation, failed_subclouds):
failed_names = {subcloud.name for subcloud in failed_subclouds}
LOG.warn('Backup %s operation failed for some subclouds, '
'check previous logs for details. Failed subclouds: %s' %
(operation, ', '.join(list(failed_names))))
@staticmethod
def _update_backup_status(context, subclouds, backup_status):
subcloud_ids = [subcloud.id for subcloud in subclouds]
return SubcloudManager.\
_update_backup_status_by_ids(context, subcloud_ids,
backup_status)
@staticmethod
def _update_backup_status_by_ids(context, subcloud_ids, backup_status):
validate_state_form = {
Subcloud.backup_status.name: backup_status
}
db_api.subcloud_bulk_update_by_ids(context, subcloud_ids,
validate_state_form)
@staticmethod
def _run_parallel_group_operation(op_type, op_function, thread_pool, subclouds):
failed_subclouds = []
processed = 0
for subcloud, success in thread_pool.imap(op_function, subclouds):
processed += 1
if not success:
failed_subclouds.append(subcloud)
completion = float(processed) / float(len(subclouds)) * 100
remaining = len(subclouds) - processed
LOG.info("Processed subcloud %s for %s (operation %.0f%% "
"complete, %d subcloud(s) remaining)" %
(subcloud.name, op_type, completion, remaining))
return failed_subclouds
def _backup_subcloud(self, context, payload, subcloud):
try:
# Health check validation
if not utils.is_subcloud_healthy(subcloud.name):
db_api.subcloud_update(
context,
subcloud.id,
backup_status=consts.BACKUP_STATE_VALIDATE_FAILED,
)
LOG.info(
("Subcloud %s is not in good health for subcloud-backup create")
% subcloud.name
)
return subcloud, False
db_api.subcloud_update(
context,
subcloud.id,
backup_status=consts.BACKUP_STATE_PRE_BACKUP,
)
subcloud_inventory_file = self._create_subcloud_inventory_file(subcloud)
# Prepare for backup
overrides_file = self._create_overrides_for_backup_or_restore(
'create', payload, subcloud.name
)
backup_command = self.compose_backup_command(
subcloud.name, subcloud_inventory_file)
self._clear_subcloud_backup_failure_alarm_if_exists(subcloud)
except Exception:
self._fail_subcloud_backup_prep(context, subcloud)
return subcloud, False
local_only = payload.get('local_only') or False
success = self._run_subcloud_backup_create_playbook(
subcloud, backup_command, context, local_only)
if success:
utils.delete_subcloud_inventory(overrides_file)
return subcloud, success
def _filter_subclouds_for_backup_delete(self, context, payload, local_delete):
subcloud_id = payload.get('subcloud')
group_id = payload.get('group')
# Retrieve either a single subcloud or all subclouds in a group
subclouds = [db_api.subcloud_get(context, subcloud_id)] if subcloud_id \
else db_api.subcloud_get_for_group(context, group_id)
invalid_subclouds = []
# Subcloud state validation only required for local delete
if local_delete:
# Use same criteria defined for subcloud backup create
subclouds_to_delete_backup, invalid_subclouds = \
self._validate_subclouds_for_backup(subclouds, 'delete')
else:
# Otherwise, validation is unnecessary, since connection is not required
subclouds_to_delete_backup = subclouds
return subclouds_to_delete_backup, invalid_subclouds
def _delete_subcloud_backup(self, context, payload, release_version, subcloud):
try:
overrides_file = self._create_overrides_for_backup_delete(
payload, subcloud.name, release_version
)
inventory_file = self._create_subcloud_inventory_file(subcloud)
delete_command = self.compose_backup_delete_command(
subcloud.name, inventory_file)
except Exception:
LOG.exception("Failed to prepare subcloud %s for backup delete"
% subcloud.name)
return subcloud, False
success = self._run_subcloud_backup_delete_playbook(context, subcloud,
delete_command)
if success:
utils.delete_subcloud_inventory(overrides_file)
return subcloud, success
def _restore_subcloud_backup(self, context, payload, subcloud):
log_file = (os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name) +
'_playbook_output.log')
data_install = json.loads(subcloud.data_install)
try:
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_PRE_RESTORE
)
subcloud_inventory_file = self._create_subcloud_inventory_file(
subcloud, data_install=data_install)
# Prepare for restore
overrides_file = self._create_overrides_for_backup_or_restore(
'restore', payload, subcloud.name
)
restore_command = self.compose_backup_restore_command(
subcloud.name, subcloud_inventory_file)
except Exception:
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_RESTORE_PREP_FAILED
)
LOG.exception("Failed to prepare subcloud %s for backup restore"
% subcloud.name)
return subcloud, False
if payload.get('with_install'):
software_version = payload.get('software_version')
install_command = self.compose_install_command(
subcloud.name, subcloud_inventory_file, software_version)
# Update data_install with missing data
matching_iso, _ = utils.get_vault_load_files(software_version)
data_install['software_version'] = software_version
data_install['image'] = matching_iso
data_install['ansible_ssh_pass'] = payload['sysadmin_password']
data_install['ansible_become_pass'] = payload['sysadmin_password']
install_success = self._run_subcloud_install(
context, subcloud, install_command, log_file, data_install)
if not install_success:
return subcloud, False
success = self._run_subcloud_backup_restore_playbook(
subcloud, restore_command, context, log_file)
if success:
utils.delete_subcloud_inventory(overrides_file)
return subcloud, success
@staticmethod
def _build_subcloud_operation_notice(operation, failed_subclouds, invalid_subclouds):
invalid_subcloud_names = [subcloud.name for subcloud in invalid_subclouds]
failed_subcloud_names = [subcloud.name for subcloud in failed_subclouds]
notice = "Subcloud backup %s operation completed with warnings:\n" % operation
if invalid_subclouds:
notice += ("The following subclouds were skipped for local backup "
"%s operation: %s."
% (operation, ' ,'.join(invalid_subcloud_names)))
if failed_subclouds:
notice += ("The following subclouds failed during backup "
"%s operation: %s."
% (operation, ' ,'.join(failed_subcloud_names)))
return notice
def _create_subcloud_inventory_file(self, subcloud, data_install=None):
# Ansible inventory filename for the specified subcloud
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
oam_fip = None
# Restore is restrict to Redfish enabled subclouds
if data_install:
oam_fip = data_install.get('bootstrap_address')
else:
# Use subcloud floating IP for host reachability
keystone_client = OpenStackDriver(
region_name=subcloud.name,
region_clients=None).keystone_client
oam_fip = utils.get_oam_addresses(subcloud.name, keystone_client)\
.oam_floating_ip
# Add parameters used to generate inventory
subcloud_params = {'name': subcloud.name,
'bootstrap-address': oam_fip}
utils.create_subcloud_inventory(subcloud_params,
ansible_subcloud_inventory_file)
return ansible_subcloud_inventory_file
def _create_overrides_for_backup_or_restore(self, op, payload, subcloud_name):
# Set override names as expected by the playbook
if not payload.get('override_values'):
payload['override_values'] = {}
payload['override_values']['local'] = \
payload['local_only'] or False
if op == 'create':
payload['override_values']['backup_registry_images'] = \
payload['registry_images'] or False
suffix = 'backup_create_values'
else:
payload['override_values']['restore_registry_images'] = \
payload['registry_images'] or False
suffix = 'backup_restore_values'
if not payload['local_only']:
payload['override_values']['central_backup_dir'] = CENTRAL_BACKUP_DIR
payload['override_values']['ansible_ssh_pass'] = \
payload['sysadmin_password']
payload['override_values']['ansible_become_pass'] = \
payload['sysadmin_password']
payload['override_values']['admin_password'] = \
str(keyring.get_password('CGCS', 'admin'))
if payload.get('backup_values'):
LOG.info('Backup create: Received backup_values for subcloud %s'
% subcloud_name)
for key, value in payload.get('backup_values').items():
payload['override_values'][key] = value
elif payload.get('restore_values'):
LOG.info('Backup restore: Received restore_values for subcloud %s'
% subcloud_name)
for key, value in payload.get('restore_values').items():
payload['override_values'][key] = value
return self._create_backup_overrides_file(payload, subcloud_name, suffix)
def _create_overrides_for_backup_delete(self, payload, subcloud_name,
release_version):
# Set override names as expected by the playbook
if not payload.get('override_values'):
payload['override_values'] = {}
payload['override_values']['software_version'] = release_version
payload['override_values']['local'] = \
payload['local_only'] or False
if not payload['local_only']:
payload['override_values']['central_backup_dir'] = CENTRAL_BACKUP_DIR
else:
payload['override_values']['ansible_ssh_pass'] = \
payload['sysadmin_password']
payload['override_values']['ansible_become_pass'] = \
payload['sysadmin_password']
return self._create_backup_overrides_file(
payload, subcloud_name, 'backup_delete_values'
)
def _create_backup_overrides_file(self, payload, subcloud_name, filename_suffix):
backup_overrides_file = os.path.join(
dccommon_consts.ANSIBLE_OVERRIDES_PATH, subcloud_name + '_' +
filename_suffix + '.yml')
with open(backup_overrides_file, 'w') as f_out:
f_out.write(
'---\n'
)
for k, v in payload['override_values'].items():
f_out.write("%s: %s\n" % (k, v))
return backup_overrides_file
def _run_subcloud_backup_create_playbook(self, subcloud, backup_command,
context, local_only):
log_file = os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name) + \
'_playbook_output.log'
db_api.subcloud_update(
context, subcloud.id,
backup_status=consts.BACKUP_STATE_IN_PROGRESS,
error_description=consts.ERROR_DESC_EMPTY)
# Run the subcloud backup playbook
try:
run_playbook(log_file, backup_command)
# Decide between complete-local or complete-central
if local_only:
backup_status = consts.BACKUP_STATE_COMPLETE_LOCAL
else:
backup_status = consts.BACKUP_STATE_COMPLETE_CENTRAL
db_api.subcloud_update(
context, subcloud.id,
backup_status=backup_status,
backup_datetime=datetime.datetime.utcnow())
LOG.info("Successfully backed up subcloud %s" % subcloud.name)
return True
except PlaybookExecutionFailed:
self._fail_subcloud_backup_operation(context, log_file, subcloud)
return False
@staticmethod
def _run_subcloud_backup_delete_playbook(context, subcloud, delete_command):
log_file = os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name) + \
'_playbook_output.log'
try:
# Run the subcloud backup delete playbook
run_playbook(log_file, delete_command)
# Set backup status to unknown after delete, since most recent backup may
# have been deleted
db_api.subcloud_bulk_update_by_ids(
context, [subcloud.id],
{Subcloud.backup_status.name: consts.BACKUP_STATE_UNKNOWN,
Subcloud.backup_datetime.name: None})
LOG.info("Successfully deleted backup for subcloud %s" % subcloud.name)
return True
except PlaybookExecutionFailed:
LOG.error("Failed to delete backup for subcloud %s, check individual "
"log at %s for detailed output." % (subcloud.name, log_file))
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.BACKUP_STATE_FAILED)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
return False
def _run_subcloud_backup_restore_playbook(
self, subcloud, restore_command, context, log_file):
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_RESTORING,
error_description=consts.ERROR_DESC_EMPTY
)
# Run the subcloud backup restore playbook
try:
run_playbook(log_file, restore_command)
LOG.info("Successfully restore subcloud %s" % subcloud.name)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_DONE
)
return True
except PlaybookExecutionFailed:
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.DEPLOY_STATE_RESTORING)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_RESTORE_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH]
)
return False
@staticmethod
def _fail_subcloud_backup_prep(context, subcloud):
LOG.exception("Failed to prepare subcloud %s for backup" % subcloud.name)
db_api.subcloud_update(
context, subcloud.id,
backup_status=consts.BACKUP_STATE_PREP_FAILED)
def _fail_subcloud_backup_operation(self, context, log_file, subcloud):
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.BACKUP_STATE_IN_PROGRESS)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
backup_status=consts.BACKUP_STATE_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
self._set_subcloud_backup_failure_alarm(subcloud)
def _clear_subcloud_backup_failure_alarm_if_exists(self, subcloud):
entity_instance_id = "subcloud=%s" % subcloud.name
try:
fault = self.fm_api.get_fault(
fm_const.FM_ALARM_ID_DC_SUBCLOUD_BACKUP_FAILED,
entity_instance_id)
if fault:
self.fm_api.clear_fault(
fm_const.FM_ALARM_ID_DC_SUBCLOUD_BACKUP_FAILED, # noqa
entity_instance_id)
except Exception as e:
LOG.exception(e)
def _set_subcloud_backup_failure_alarm(self, subcloud):
entity_instance_id = "subcloud=%s" % subcloud.name
try:
fault = fm_api.Fault(
alarm_id=fm_const.FM_ALARM_ID_DC_SUBCLOUD_BACKUP_FAILED, # noqa
alarm_state=fm_const.FM_ALARM_STATE_SET,
entity_type_id=fm_const.FM_ENTITY_TYPE_SUBCLOUD,
entity_instance_id=entity_instance_id,
severity=fm_const.FM_ALARM_SEVERITY_MINOR,
reason_text=("Subcloud Backup Failure (subcloud=%s)"
% subcloud.name),
alarm_type=fm_const.FM_ALARM_TYPE_3,
probable_cause=fm_const.ALARM_PROBABLE_CAUSE_UNKNOWN,
proposed_repair_action="Retry subcloud backup after checking input "
"file. If problem persists, please contact "
"next level of support.",
service_affecting=False)
self.fm_api.set_fault(fault)
except Exception as e:
LOG.exception(e)
def run_deploy_thread(self, subcloud, payload, context,
install_command=None, bootstrap_command=None,
config_command=None, rehome_command=None,
network_reconfig=None):
try:
self._run_deploy(subcloud, payload, context,
install_command, bootstrap_command,
config_command, rehome_command,
network_reconfig)
except Exception as ex:
LOG.exception("run_deploy failed")
raise ex
def _run_deploy(self, subcloud, payload, context,
install_command, bootstrap_command,
config_command, rehome_command,
network_reconfig):
log_file = (
os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud.name)
+ "_playbook_output.log"
)
if install_command:
install_success = self._run_subcloud_install(
context, subcloud, install_command,
log_file, payload['install_values']
)
if not install_success:
return
if bootstrap_command:
try:
# Update the subcloud to bootstrapping
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_BOOTSTRAPPING,
error_description=consts.ERROR_DESC_EMPTY)
except Exception:
LOG.error("DB subcloud_update failed")
# exception is logged above
raise
# Run the ansible boostrap-subcloud playbook
LOG.info("Starting bootstrap of %s" % subcloud.name)
try:
run_playbook(log_file, bootstrap_command)
except PlaybookExecutionFailed:
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.DEPLOY_STATE_BOOTSTRAPPING)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_BOOTSTRAP_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
return
LOG.info("Successfully bootstrapped %s" % subcloud.name)
if config_command:
# Run the custom deploy playbook
LOG.info("Starting deploy of %s" % subcloud.name)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_DEPLOYING,
error_description=consts.ERROR_DESC_EMPTY)
try:
run_playbook(log_file, config_command)
except PlaybookExecutionFailed:
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.DEPLOY_STATE_DEPLOYING)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_DEPLOY_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
return
LOG.info("Successfully deployed %s" % subcloud.name)
if rehome_command:
# Update the deploy status to rehoming
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_REHOMING)
# Run the rehome-subcloud playbook
try:
run_playbook(log_file, rehome_command)
except PlaybookExecutionFailed:
msg = "Failed to run the subcloud rehome playbook" \
" for subcloud %s, check individual log at " \
"%s for detailed output." % (
subcloud.name,
log_file)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_REHOME_FAILED)
return
LOG.info("Successfully rehomed subcloud %s" %
subcloud.name)
if network_reconfig:
self._configure_system_controller_network(context, payload, subcloud)
subcloud = db_api.subcloud_update(
context,
subcloud.id,
description=payload.get('description', subcloud.description),
management_subnet=utils.get_management_subnet(payload),
management_gateway_ip=utils.get_management_gateway_address(payload),
management_start_ip=utils.get_management_start_address(payload),
management_end_ip=utils.get_management_end_address(payload),
location=payload.get('location', subcloud.location),
group_id=payload.get('group_id', subcloud.group_id),
data_install=payload.get('data_install', subcloud.data_install)
)
# Regenerate the addn_hosts_dc file
self._create_addn_hosts_dc(context)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_DONE,
error_description=consts.ERROR_DESC_EMPTY)
def run_deploy_phases(self, context, subcloud_id, payload,
deploy_phases_to_run):
"""Run one or more deployment phases, ensuring correct order
:param context: request context object
:param subcloud_id: subcloud id from db
:param payload: deploy phases payload
:param deploy_phases_to_run: deploy phases that should run
"""
try:
succeeded = True
if consts.DEPLOY_PHASE_INSTALL in deploy_phases_to_run:
succeeded = self.subcloud_deploy_install(
context, subcloud_id, payload)
if succeeded and consts.DEPLOY_PHASE_BOOTSTRAP in deploy_phases_to_run:
succeeded = self.subcloud_deploy_bootstrap(
context, subcloud_id, payload)
if succeeded and consts.DEPLOY_PHASE_CONFIG in deploy_phases_to_run:
succeeded = self.subcloud_deploy_config(
context, subcloud_id, payload)
return succeeded
except Exception as ex:
LOG.exception("run_deploy_phases failed")
raise ex
def _run_subcloud_config(self, subcloud, context,
config_command, log_file):
# Run the custom deploy playbook
LOG.info("Starting deploy of %s" % subcloud.name)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_CONFIGURING,
error_description=consts.ERROR_DESC_EMPTY)
try:
run_ansible = RunAnsible()
aborted = run_ansible.exec_playbook(
log_file, config_command, subcloud.name)
except PlaybookExecutionFailed:
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.DEPLOY_STATE_CONFIGURING)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_CONFIG_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
return False
if aborted:
return False
LOG.info("Successfully deployed %s" % subcloud.name)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_DONE,
error_description=consts.ERROR_DESC_EMPTY)
@staticmethod
def _run_subcloud_install(context, subcloud, install_command,
log_file, payload, abortable=False):
software_version = str(payload['software_version'])
LOG.info("Preparing remote install of %s, version: %s",
subcloud.name, software_version)
if (subcloud.deploy_status != consts.DEPLOY_STATE_PRE_INSTALL or
subcloud.software_version != software_version):
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_PRE_INSTALL,
software_version=software_version)
try:
install = SubcloudInstall(context, subcloud.name)
install.prep(dccommon_consts.ANSIBLE_OVERRIDES_PATH, payload)
except Exception as e:
LOG.exception(e)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_PRE_INSTALL_FAILED)
LOG.error(str(e))
install.cleanup(software_version)
return False
# Run the remote install playbook
LOG.info("Starting remote install of %s" % subcloud.name)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_INSTALLING,
error_description=consts.ERROR_DESC_EMPTY)
try:
aborted = install.install(
consts.DC_ANSIBLE_LOG_DIR, install_command, abortable=abortable)
except Exception as e:
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.DEPLOY_STATE_INSTALLING)
LOG.error(str(e))
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_INSTALL_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
install.cleanup(software_version)
return False
install.cleanup(software_version)
if aborted:
return False
LOG.info("Successfully installed %s" % subcloud.name)
return True
def _run_subcloud_bootstrap(self, context, subcloud,
bootstrap_command, log_file):
# Update the subcloud deploy_status to bootstrapping
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_BOOTSTRAPPING,
error_description=consts.ERROR_DESC_EMPTY)
# Run the ansible subcloud boostrap playbook
LOG.info("Starting bootstrap of %s" % subcloud.name)
try:
run_ansible = RunAnsible()
aborted = run_ansible.exec_playbook(
log_file, bootstrap_command, subcloud.name)
except PlaybookExecutionFailed:
msg = utils.find_ansible_error_msg(
subcloud.name, log_file, consts.DEPLOY_STATE_BOOTSTRAPPING)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_BOOTSTRAP_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH])
return False
if aborted:
return False
db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_BOOTSTRAPPED,
error_description=consts.ERROR_DESC_EMPTY)
LOG.info("Successfully bootstrapped %s" % subcloud.name)
return True
def _create_addn_hosts_dc(self, context):
"""Generate the addn_hosts_dc file for hostname/ip translation"""
addn_hosts_dc = os.path.join(CONFIG_PATH, ADDN_HOSTS_DC)
addn_hosts_dc_temp = addn_hosts_dc + '.temp'
subclouds = db_api.subcloud_get_all(context)
with open(addn_hosts_dc_temp, 'w') as f_out_addn_dc_temp:
for subcloud in subclouds:
addn_dc_line = subcloud.management_start_ip + ' ' + \
subcloud.name + '\n'
f_out_addn_dc_temp.write(addn_dc_line)
# if no more subclouds, create empty file so dnsmasq does not
# emit an error log.
if not subclouds:
f_out_addn_dc_temp.write(' ')
if not filecmp.cmp(addn_hosts_dc_temp, addn_hosts_dc):
os.rename(addn_hosts_dc_temp, addn_hosts_dc)
# restart dnsmasq so it can re-read our addn_hosts file.
os.system("pkill -HUP dnsmasq")
def _write_subcloud_ansible_config(self, cached_regionone_data, payload):
"""Create the override file for usage with the specified subcloud"""
overrides_file = os.path.join(dccommon_consts.ANSIBLE_OVERRIDES_PATH,
payload['name'] + '.yml')
mgmt_pool = cached_regionone_data['mgmt_pool']
mgmt_floating_ip = mgmt_pool.floating_address
mgmt_subnet = "%s/%d" % (mgmt_pool.network, mgmt_pool.prefix)
oam_addresses = cached_regionone_data['oam_addresses']
oam_floating_ip = oam_addresses.oam_floating_ip
oam_subnet = oam_addresses.oam_subnet
with open(overrides_file, 'w') as f_out_overrides_file:
f_out_overrides_file.write(
'---'
'\nregion_config: yes'
'\ndistributed_cloud_role: subcloud'
'\nsystem_controller_subnet: ' + mgmt_subnet +
'\nsystem_controller_floating_address: ' + mgmt_floating_ip +
'\nsystem_controller_oam_subnet: ' + oam_subnet +
'\nsystem_controller_oam_floating_address: ' + oam_floating_ip
+ '\n'
)
for k, v in payload.items():
if k not in ['deploy_playbook', 'deploy_values',
'deploy_config', 'deploy_chart',
'deploy_overrides', 'install_values']:
f_out_overrides_file.write("%s: %s\n" % (k, json.dumps(v)))
def _write_deploy_files(self, payload, subcloud_name):
"""Create the deploy value files for the subcloud"""
deploy_values_file = os.path.join(
dccommon_consts.ANSIBLE_OVERRIDES_PATH, subcloud_name +
'_deploy_values.yml')
with open(deploy_values_file, 'w') as f_out_deploy_values_file:
json.dump(payload['deploy_values'], f_out_deploy_values_file)
def _prepare_for_deployment(self, payload, subcloud_name,
populate_passwords=True):
payload['deploy_values'] = dict()
if populate_passwords:
payload['deploy_values']['ansible_become_pass'] = \
payload['sysadmin_password']
payload['deploy_values']['ansible_ssh_pass'] = \
payload['sysadmin_password']
payload['deploy_values']['admin_password'] = \
str(keyring.get_password('CGCS', 'admin'))
payload['deploy_values']['deployment_config'] = \
payload[consts.DEPLOY_CONFIG]
payload['deploy_values']['deployment_manager_chart'] = \
payload[consts.DEPLOY_CHART]
payload['deploy_values']['deployment_manager_overrides'] = \
payload[consts.DEPLOY_OVERRIDES]
payload['deploy_values']['user_uploaded_artifacts'] = \
payload["user_uploaded_artifacts"]
self._write_deploy_files(payload, subcloud_name)
def _delete_subcloud_routes(self, keystone_client, subcloud):
"""Delete the routes to this subcloud"""
# Delete the route to this subcloud on the management interface on
# both controllers.
management_subnet = netaddr.IPNetwork(subcloud.management_subnet)
endpoint = keystone_client.endpoint_cache.get_endpoint('sysinv')
sysinv_client = SysinvClient(dccommon_consts.DEFAULT_REGION_NAME, keystone_client.session,
endpoint=endpoint)
cached_regionone_data = self._get_cached_regionone_data(keystone_client, sysinv_client)
for mgmt_if_uuid in cached_regionone_data['mgmt_interface_uuids']:
sysinv_client.delete_route(mgmt_if_uuid,
str(management_subnet.ip),
management_subnet.prefixlen,
str(netaddr.IPAddress(subcloud.systemcontroller_gateway_ip)),
1)
@staticmethod
def _delete_subcloud_cert(subcloud_name):
cert_name = SubcloudManager._get_subcloud_cert_name(subcloud_name)
secret_name = SubcloudManager._get_subcloud_cert_secret_name(
subcloud_name)
kube = kubeoperator.KubeOperator()
kube.delete_cert_manager_certificate(CERT_NAMESPACE, cert_name)
kube.kube_delete_secret(secret_name, CERT_NAMESPACE)
LOG.info("cert %s and secret %s are deleted" % (cert_name, secret_name))
def _remove_subcloud_details(self, context,
subcloud,
ansible_subcloud_inventory_file):
"""Remove subcloud details from database and inform orchestrators"""
# Inform orchestrators that subcloud has been deleted
try:
self.dcorch_rpc_client.del_subcloud(context, subcloud.name)
except RemoteError as e:
# TODO(kmacleod): this should be caught as explicit remote exception
# Fix when centos/python2 is no longer supported
if "SubcloudNotFound" in str(e):
pass
# delete the associated alarm entry
try:
db_api.subcloud_alarms_delete(context, subcloud.name)
except RemoteError as e:
# TODO(kmacleod): fix same with above
if "SubcloudNotFound" in str(e):
pass
# We only delete subcloud endpoints, region and user information
# in the Central Region. The subcloud is already unmanaged and powered
# down so is not accessible. Therefore set up a session with the
# Central Region Keystone ONLY.
keystone_client = OpenStackDriver(
region_name=dccommon_consts.DEFAULT_REGION_NAME,
region_clients=None).keystone_client
# Delete keystone endpoints for subcloud
keystone_client.delete_endpoints(subcloud.name)
keystone_client.delete_region(subcloud.name)
# Delete the routes to this subcloud
self._delete_subcloud_routes(keystone_client, subcloud)
# Remove the subcloud from the database
try:
db_api.subcloud_destroy(context, subcloud.id)
except Exception as e:
LOG.exception(e)
raise e
# Delete the ansible inventory for the new subcloud
utils.delete_subcloud_inventory(ansible_subcloud_inventory_file)
# Delete the subcloud intermediate certificate
SubcloudManager._delete_subcloud_cert(subcloud.name)
# Delete the subcloud backup path
self._delete_subcloud_backup_data(subcloud.name)
# Regenerate the addn_hosts_dc file
self._create_addn_hosts_dc(context)
@staticmethod
def _delete_subcloud_backup_data(subcloud_name):
try:
backup_path = os.path.join(CENTRAL_BACKUP_DIR, subcloud_name)
if os.path.exists(backup_path):
shutil.rmtree(backup_path)
except Exception as e:
LOG.exception(e)
def delete_subcloud(self, context, subcloud_id):
"""Delete subcloud and notify orchestrators.
:param context: request context object.
:param subcloud_id: id of subcloud to delete
"""
LOG.info("Deleting subcloud %s." % subcloud_id)
# Retrieve the subcloud details from the database
subcloud = db_api.subcloud_get(context, subcloud_id)
# Semantic checking
if subcloud.management_state != dccommon_consts.MANAGEMENT_UNMANAGED:
raise exceptions.SubcloudNotUnmanaged()
if subcloud.availability_status == \
dccommon_consts.AVAILABILITY_ONLINE:
raise exceptions.SubcloudNotOffline()
# Ansible inventory filename for the specified subcloud
ansible_subcloud_inventory_file = self._get_ansible_filename(
subcloud.name, INVENTORY_FILE_POSTFIX)
self._remove_subcloud_details(context,
subcloud,
ansible_subcloud_inventory_file)
# Clear any subcloud alarms.
# Note that endpoint out-of-sync alarms should have been cleared when
# the subcloud was unmanaged and the endpoint sync statuses were set to
# unknown.
#
# TODO(kmacleod): Until an API is available to clear all alarms
# for a subcloud, we manually clear the following:
# - subcloud offline
# - subloud resource out of sync
# - Subcloud Backup Failure
for alarm_id, entity_instance_id in (
(fm_const.FM_ALARM_ID_DC_SUBCLOUD_OFFLINE,
"subcloud=%s" % subcloud.name),
(fm_const.FM_ALARM_ID_DC_SUBCLOUD_RESOURCE_OUT_OF_SYNC,
"subcloud=%s.resource=%s" %
(subcloud.name, dccommon_consts.ENDPOINT_TYPE_DC_CERT)),
(fm_const.FM_ALARM_ID_DC_SUBCLOUD_BACKUP_FAILED,
"subcloud=%s" % subcloud.name)):
try:
fault = self.fm_api.get_fault(alarm_id,
entity_instance_id)
if fault:
self.fm_api.clear_fault(alarm_id,
entity_instance_id)
except Exception as e:
LOG.info(
"Problem clearing fault for subcloud %s, alarm_id=%s" %
(subcloud.name, alarm_id))
LOG.exception(e)
def update_subcloud(self,
context,
subcloud_id,
management_state=None,
description=None,
location=None,
group_id=None,
data_install=None,
force=None):
"""Update subcloud and notify orchestrators.
:param context: request context object
:param subcloud_id: id of subcloud to update
:param management_state: new management state
:param description: new description
:param location: new location
:param group_id: new subcloud group id
:param data_install: subcloud install values
:param force: force flag
"""
LOG.info("Updating subcloud %s." % subcloud_id)
# Get the subcloud details from the database
subcloud = db_api.subcloud_get(context, subcloud_id)
original_management_state = subcloud.management_state
# Semantic checking
if management_state:
if management_state == dccommon_consts.MANAGEMENT_UNMANAGED:
if subcloud.management_state == dccommon_consts.MANAGEMENT_UNMANAGED:
LOG.warning("Subcloud %s already unmanaged" % subcloud_id)
raise exceptions.BadRequest(
resource='subcloud',
msg='Subcloud is already unmanaged')
elif management_state == dccommon_consts.MANAGEMENT_MANAGED:
if subcloud.management_state == dccommon_consts.MANAGEMENT_MANAGED:
LOG.warning("Subcloud %s already managed" % subcloud_id)
raise exceptions.BadRequest(
resource='subcloud',
msg='Subcloud is already managed')
elif not force:
if (subcloud.deploy_status != consts.DEPLOY_STATE_DONE and
not prestage.is_deploy_status_prestage(
subcloud.deploy_status)):
LOG.warning("Subcloud %s can be managed only when"
"deploy_status is complete" % subcloud_id)
raise exceptions.BadRequest(
resource='subcloud',
msg='Subcloud can be managed only if deploy status is complete')
if subcloud.availability_status != \
dccommon_consts.AVAILABILITY_ONLINE:
LOG.warning("Subcloud %s is not online" % subcloud_id)
raise exceptions.SubcloudNotOnline()
else:
LOG.error("Invalid management_state %s" % management_state)
raise exceptions.InternalError()
subcloud = db_api.subcloud_update(
context,
subcloud_id,
management_state=management_state,
description=description,
location=location,
group_id=group_id,
data_install=data_install
)
# Inform orchestrators that subcloud has been updated
if management_state:
try:
# Inform orchestrator of state change
self.dcorch_rpc_client.update_subcloud_states(
context,
subcloud.name,
management_state,
subcloud.availability_status)
LOG.info('Notifying dcorch, subcloud:%s management: %s, '
'availability:%s' % (subcloud.name,
management_state,
subcloud.availability_status))
except Exception as e:
LOG.exception(e)
LOG.warn('Problem informing dcorch of subcloud '
'state change, resume to original state, subcloud: %s'
% subcloud.name)
management_state = original_management_state
subcloud = \
db_api.subcloud_update(context, subcloud_id,
management_state=management_state,
description=description,
location=location)
if management_state == dccommon_consts.MANAGEMENT_UNMANAGED:
# set all endpoint statuses to unknown, except the dc-cert
# endpoint which continues to be audited for unmanaged
# subclouds
self.state_rpc_client.update_subcloud_endpoint_status_sync(
context,
subcloud_name=subcloud.name,
endpoint_type=None,
sync_status=dccommon_consts.SYNC_STATUS_UNKNOWN,
ignore_endpoints=[dccommon_consts.ENDPOINT_TYPE_DC_CERT])
elif management_state == dccommon_consts.MANAGEMENT_MANAGED:
# Subcloud is managed
# Tell cert-mon to audit endpoint certificate
LOG.info('Request certmon audit for %s' % subcloud.name)
dc_notification = dcmanager_rpc_client.DCManagerNotifications()
dc_notification.subcloud_managed(context, subcloud.name)
return db_api.subcloud_db_model_to_dict(subcloud)
def update_subcloud_with_network_reconfig(self, context, subcloud_id, payload):
subcloud = db_api.subcloud_get(context, subcloud_id)
subcloud = db_api.subcloud_update(
context, subcloud.id,
deploy_status=consts.DEPLOY_STATE_RECONFIGURING_NETWORK
)
subcloud_name = payload['name']
try:
self._create_intermediate_ca_cert(payload)
subcloud_inventory_file = self._get_ansible_filename(
subcloud_name, INVENTORY_FILE_POSTFIX)
subcloud_params = {'name': subcloud_name,
'bootstrap-address': payload.get('bootstrap_address')}
utils.create_subcloud_inventory(subcloud_params, subcloud_inventory_file)
overrides_file = self._create_subcloud_update_overrides_file(
payload, subcloud_name, 'update_values')
update_command = self.compose_update_command(
subcloud_name, subcloud_inventory_file)
except Exception:
LOG.exception(
"Failed to prepare subcloud %s for update." % subcloud_name)
return
try:
apply_thread = threading.Thread(
target=self._run_network_reconfiguration,
args=(subcloud_name, update_command, overrides_file,
payload, context, subcloud))
apply_thread.start()
except Exception:
LOG.exception("Failed to update subcloud %s" % subcloud_name)
def _run_network_reconfiguration(
self, subcloud_name, update_command, overrides_file,
payload, context, subcloud
):
log_file = (os.path.join(consts.DC_ANSIBLE_LOG_DIR, subcloud_name) +
'_playbook_output.log')
subcloud_id = subcloud.id
try:
run_playbook(log_file, update_command)
utils.delete_subcloud_inventory(overrides_file)
except PlaybookExecutionFailed:
msg = utils.find_ansible_error_msg(
subcloud_name, log_file, consts.DEPLOY_STATE_RECONFIGURING_NETWORK)
LOG.error(msg)
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_RECONFIGURING_NETWORK_FAILED,
error_description=msg[0:consts.ERROR_DESCRIPTION_LENGTH]
)
return
self._configure_system_controller_network(context, payload, subcloud)
db_api.subcloud_update(
context, subcloud_id, deploy_status=consts.DEPLOY_STATE_DONE
)
subcloud = db_api.subcloud_update(
context,
subcloud_id,
description=payload.get('description', subcloud.description),
management_subnet=payload.get('management_subnet'),
management_gateway_ip=payload.get('management_gateway_ip'),
management_start_ip=payload.get('management_start_ip'),
management_end_ip=payload.get('management_end_ip'),
location=payload.get('location', subcloud.location),
group_id=payload.get('group_id', subcloud.group_id),
data_install=payload.get('data_install', subcloud.data_install)
)
# Regenerate the addn_hosts_dc file
self._create_addn_hosts_dc(context)
def _configure_system_controller_network(self, context, payload, subcloud,
update_db=True):
"""Configure system controller network
:param context: request context object
:param payload: subcloud bootstrap configuration
:param subcloud: subcloud model object
:param update_db: whether it should update the db on success/failure
"""
subcloud_name = subcloud.name
subcloud_id = subcloud.id
sys_controller_gw_ip = payload.get("systemcontroller_gateway_address",
subcloud.systemcontroller_gateway_ip)
try:
m_ks_client = OpenStackDriver(
region_name=dccommon_consts.DEFAULT_REGION_NAME,
region_clients=None).keystone_client
self._create_subcloud_route(payload, m_ks_client,
sys_controller_gw_ip)
except Exception:
LOG.exception(
"Failed to create route to subcloud %s." % subcloud_name)
if update_db:
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_RECONFIGURING_NETWORK_FAILED,
error_description=consts.ERROR_DESC_EMPTY
)
return
try:
self._update_services_endpoint(
context, payload, subcloud_name, m_ks_client)
except Exception:
LOG.exception("Failed to update subcloud %s endpoints" % subcloud_name)
if update_db:
db_api.subcloud_update(
context, subcloud_id,
deploy_status=consts.DEPLOY_STATE_RECONFIGURING_NETWORK_FAILED,
error_description=consts.ERROR_DESC_EMPTY
)
return
# Delete old routes
if utils.get_management_subnet(payload) != subcloud.management_subnet:
self._delete_subcloud_routes(m_ks_client, subcloud)
def _create_subcloud_route(self, payload, keystone_client,
systemcontroller_gateway_ip):
subcloud_subnet = netaddr.IPNetwork(utils.get_management_subnet(payload))
endpoint = keystone_client.endpoint_cache.get_endpoint('sysinv')
sysinv_client = SysinvClient(dccommon_consts.DEFAULT_REGION_NAME,
keystone_client.session,
endpoint=endpoint)
cached_regionone_data = self._get_cached_regionone_data(
keystone_client, sysinv_client)
for mgmt_if_uuid in cached_regionone_data['mgmt_interface_uuids']:
sysinv_client.create_route(mgmt_if_uuid,
str(subcloud_subnet.ip),
subcloud_subnet.prefixlen,
systemcontroller_gateway_ip,
1)
def _update_services_endpoint(
self, context, payload, subcloud_name, m_ks_client):
endpoint_ip = utils.get_management_start_address(payload)
if netaddr.IPAddress(endpoint_ip).version == 6:
endpoint_ip = f"[{endpoint_ip}]"
services_endpoints = {
"keystone": "https://{}:5001/v3".format(endpoint_ip),
"sysinv": "https://{}:6386/v1".format(endpoint_ip),
"fm": "https://{}:18003".format(endpoint_ip),
"patching": "https://{}:5492".format(endpoint_ip),
"vim": "https://{}:4546".format(endpoint_ip),
"usm": "https://{}:5498".format(endpoint_ip),
}
for endpoint in m_ks_client.keystone_client.endpoints.list(
region=subcloud_name):
service_type = m_ks_client.keystone_client.services.get(
endpoint.service_id).type
if service_type == dccommon_consts.ENDPOINT_TYPE_PLATFORM:
admin_endpoint_url = services_endpoints.get('sysinv')
elif service_type == dccommon_consts.ENDPOINT_TYPE_IDENTITY:
admin_endpoint_url = services_endpoints.get('keystone')
elif service_type == dccommon_consts.ENDPOINT_TYPE_PATCHING:
admin_endpoint_url = services_endpoints.get('patching')
elif service_type == dccommon_consts.ENDPOINT_TYPE_FM:
admin_endpoint_url = services_endpoints.get('fm')
elif service_type == dccommon_consts.ENDPOINT_TYPE_NFV:
admin_endpoint_url = services_endpoints.get('vim')
elif service_type == dccommon_consts.ENDPOINT_TYPE_SOFTWARE:
admin_endpoint_url = services_endpoints.get('usm')
else:
LOG.exception("Endpoint Type Error: %s" % service_type)
m_ks_client.keystone_client.endpoints.update(
endpoint, url=admin_endpoint_url)
LOG.info("Update services endpoint to %s in subcloud %s" % (
endpoint_ip, subcloud_name))
# Update service URLs in subcloud endpoint cache
self.audit_rpc_client.trigger_subcloud_endpoints_update(
context, subcloud_name, services_endpoints)
self.dcorch_rpc_client.update_subcloud_endpoints(
context, subcloud_name, services_endpoints)
# Update sysinv URL in cert-mon cache
dc_notification = dcmanager_rpc_client.DCManagerNotifications()
dc_notification.subcloud_sysinv_endpoint_update(
context, subcloud_name, services_endpoints.get("sysinv"))
def _create_subcloud_update_overrides_file(
self, payload, subcloud_name, filename_suffix):
update_overrides_file = os.path.join(
dccommon_consts.ANSIBLE_OVERRIDES_PATH, subcloud_name + '_' +
filename_suffix + '.yml')
self._update_override_values(payload)
with open(update_overrides_file, 'w', encoding='UTF-8') as f_out:
f_out.write('---\n')
for key, value in payload['override_values'].items():
if key in ['ansible_ssh_pass', 'ansible_become_pass']:
f_out.write(f"{key}: {value}\n")
else:
f_out.write(f"{key}: {json.dumps(value)}\n")
return update_overrides_file
def _update_override_values(self, payload):
if not payload.get('override_values'):
payload['override_values'] = {}
payload['override_values']['ansible_ssh_pass'] = (
payload['sysadmin_password'])
payload['override_values']['ansible_become_pass'] = (
payload['sysadmin_password'])
payload['override_values']['sc_gateway_address'] = (
payload['management_gateway_ip'])
payload['override_values']['sc_floating_address'] = (
payload['management_start_ip'])
payload['override_values']['system_controller_network'] = (
payload['system_controller_network'])
payload['override_values']['system_controller_network_prefix'] = (
payload['system_controller_network_prefix'])
payload['override_values']['sc_subnet'] = payload['management_subnet']
payload['override_values']['dc_root_ca_cert'] = payload['dc_root_ca_cert']
payload['override_values']['sc_ca_cert'] = payload['sc_ca_cert']
payload['override_values']['sc_ca_key'] = payload['sc_ca_key']
def update_subcloud_sync_endpoint_type(self, context,
subcloud_name,
endpoint_type_list,
openstack_installed):
operation = 'add' if openstack_installed else 'remove'
func_switcher = {
'add': (
self.dcorch_rpc_client.add_subcloud_sync_endpoint_type,
db_api.subcloud_status_create
),
'remove': (
self.dcorch_rpc_client.remove_subcloud_sync_endpoint_type,
db_api.subcloud_status_delete
)
}
try:
subcloud = db_api.subcloud_get_by_name(context, subcloud_name)
except Exception:
LOG.exception("Failed to get subcloud by name: %s" % subcloud_name)
raise
try:
# Notify dcorch to add/remove sync endpoint type list
func_switcher[operation][0](self.context, subcloud_name,
endpoint_type_list)
LOG.info('Notifying dcorch, subcloud: %s new sync endpoint: %s' %
(subcloud_name, endpoint_type_list))
# Update subcloud status table by adding/removing openstack sync
# endpoint types
for endpoint_type in endpoint_type_list:
func_switcher[operation][1](self.context, subcloud.id,
endpoint_type)
# Update openstack_installed of subcloud table
db_api.subcloud_update(self.context, subcloud.id,
openstack_installed=openstack_installed)
except Exception:
LOG.exception('Problem informing dcorch of subcloud sync endpoint'
' type change, subcloud: %s' % subcloud_name)
def handle_subcloud_operations_in_progress(self):
"""Identify subclouds in transitory stages and update subcloud
state to failure.
"""
LOG.info('Identifying subclouds in transitory stages.')
subclouds = db_api.subcloud_get_all(self.context)
for subcloud in subclouds:
# Identify subclouds in transitory states
new_deploy_status = TRANSITORY_STATES.get(subcloud.deploy_status)
new_backup_status = TRANSITORY_BACKUP_STATES.get(subcloud.backup_status)
# update deploy and backup states to the corresponding failure states
if new_deploy_status or new_backup_status:
if new_deploy_status:
LOG.info("Changing subcloud %s deploy status from %s to %s."
% (subcloud.name, subcloud.deploy_status,
new_deploy_status))
if new_backup_status:
LOG.info("Changing subcloud %s backup status from %s to %s."
% (subcloud.name, subcloud.backup_status,
new_backup_status))
db_api.subcloud_update(
self.context,
subcloud.id,
deploy_status=new_deploy_status or subcloud.deploy_status,
backup_status=new_backup_status or subcloud.backup_status
)
@staticmethod
def prestage_subcloud(context, payload):
"""Subcloud prestaging"""
return prestage.prestage_subcloud(context, payload)
@utils.synchronized("regionone-data-cache", external=False)
def _get_cached_regionone_data(self, regionone_keystone_client, regionone_sysinv_client=None):
if (not SubcloudManager.regionone_data or
SubcloudManager.regionone_data['expiry'] <= datetime.datetime.utcnow()):
user_list = regionone_keystone_client.get_enabled_users(id_only=False)
for user in user_list:
if user.name == dccommon_consts.ADMIN_USER_NAME:
SubcloudManager.regionone_data['admin_user_id'] = user.id
elif user.name == dccommon_consts.SYSINV_USER_NAME:
SubcloudManager.regionone_data['sysinv_user_id'] = user.id
elif user.name == dccommon_consts.DCMANAGER_USER_NAME:
SubcloudManager.regionone_data['dcmanager_user_id'] = user.id
project_list = regionone_keystone_client.get_enabled_projects(id_only=False)
for project in project_list:
if project.name == dccommon_consts.ADMIN_PROJECT_NAME:
SubcloudManager.regionone_data['admin_project_id'] = project.id
elif project.name == dccommon_consts.SERVICES_USER_NAME:
SubcloudManager.regionone_data['services_project_id'] = project.id
if regionone_sysinv_client is None:
endpoint = regionone_keystone_client.endpoint_cache.get_endpoint('sysinv')
regionone_sysinv_client = SysinvClient(
dccommon_consts.DEFAULT_REGION_NAME,
regionone_keystone_client.session,
endpoint=endpoint)
controllers = regionone_sysinv_client.get_controller_hosts()
mgmt_interface_uuids = []
for controller in controllers:
mgmt_interface = regionone_sysinv_client.get_management_interface(
controller.hostname)
if mgmt_interface is not None:
mgmt_interface_uuids.append(mgmt_interface.uuid)
SubcloudManager.regionone_data['mgmt_interface_uuids'] = mgmt_interface_uuids
SubcloudManager.regionone_data['mgmt_pool'] = \
regionone_sysinv_client.get_management_address_pool()
SubcloudManager.regionone_data['oam_addresses'] = \
regionone_sysinv_client.get_oam_addresses()
SubcloudManager.regionone_data['expiry'] = \
datetime.datetime.utcnow() + datetime.timedelta(hours=1)
LOG.info("RegionOne cached data updated %s" % SubcloudManager.regionone_data)
cached_regionone_data = SubcloudManager.regionone_data
return cached_regionone_data
def _populate_payload_with_cached_keystone_data(self, cached_data, payload,
populate_passwords=True):
payload['system_controller_keystone_admin_user_id'] = \
cached_data['admin_user_id']
payload['system_controller_keystone_admin_project_id'] = \
cached_data['admin_project_id']
payload['system_controller_keystone_services_project_id'] = \
cached_data['services_project_id']
payload['system_controller_keystone_sysinv_user_id'] = \
cached_data['sysinv_user_id']
payload['system_controller_keystone_dcmanager_user_id'] = \
cached_data['dcmanager_user_id']
if populate_passwords:
# While at it, add the admin and service user passwords to the
# payload so they get copied to the overrides file
payload['ansible_become_pass'] = payload['sysadmin_password']
payload['ansible_ssh_pass'] = payload['sysadmin_password']
payload['admin_password'] = str(keyring.get_password('CGCS',
'admin'))
View Git Blame Copy Permalink