Motofans
/
Charmed-Kubernetes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity

charmed-kubernetes-657

This commit is contained in:
AnonSaber 2023-04-10 07:30:21 +00:00
parent 2bec9748a7
commit 4b23a07088
1467 changed files with 100951 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ReadME.MD Normal file
View File

@ -0,0 +1,12 @@
# Kubernetes 1.21
cs:~containers/charmed-kubernetes-657
```Bash
charm pull cs:~containers/containerd-119
charm pull cs:~containers/kubeapi-load-balancer-786
charm pull cs:~containers/etcd-583
charm pull cs:~containers/easyrsa-373
charm pull cs:~containers/kubernetes-master-990
charm pull cs:~containers/kubernetes-worker-757
charm pull cs:~containers/calico-812
```

561
calico/.build.manifest Normal file
View File

@ -0,0 +1,561 @@
{
"layers": [
{
"branch": "refs/heads/master\nrefs/heads/stable",
"rev": "fcdcea4e5de3e1556c24e6704607862d0ba00a56",
"url": "layer:options"
},
{
"branch": "refs/heads/stable",
"rev": "0d10732a6e14ea2f940a35ab61425a97c5db6a16",
"url": "layer:basic"
},
{
"branch": "refs/heads/master\nrefs/heads/stable",
"rev": "cc5bd3f49b2fa5e6c3ab2336763c313ec8bf083f",
"url": "layer:leadership"
},
{
"branch": "refs/heads/master\nrefs/heads/stable",
"rev": "a7d7b6423db37a47611310039e6ed1929c0a2eab",
"url": "layer:status"
},
{
"branch": "refs/heads/stable",
"rev": "63c6d240f29b0366c3839dacd4e25d63a368da36",
"url": "calico"
},
{
"branch": "refs/heads/master\nrefs/heads/stable",
"rev": "44f244cbd08b86bf2b68bd71c3fb34c7c070c382",
"url": "interface:etcd"
},
{
"branch": "refs/heads/master\nrefs/heads/stable",
"rev": "b941b3b542d78ad15aa40937b26c7bf727e1b39b",
"url": "interface:kubernetes-cni"
}
],
"signatures": {
".build.manifest": [
"build",
"dynamic",
"unchecked"
],
".github/workflows/build.yml": [
"calico",
"static",
"4892e4eb72fb0d0efaa1c6b62f8f132cc69ea2b967c9604c91d4f16e0ec6e26b"
],
".github/workflows/tox.yaml": [
"calico",
"static",
"8de54f40fc8e9385b79ed8d19e6ea765bdd6c48185fbd8bd7142834990982d45"
],
".gitignore": [
"calico",
"static",
"3437c2cd90de443f44766939172b82e750e19fd474df499ffe003bb807e8cef4"
],
".travis/profile-update.yaml": [
"layer:basic",
"static",
"731e20aa59bf61c024d317ad630e478301a9386ccc0afe56e6c1c09db07ac83b"
],
"CONTRIBUTING.md": [
"calico",
"static",
"fa04ec96762f4edc071c7b0097223c121e33fd6769226562681646577d7b1146"
],
"DEVELOPING.md": [
"calico",
"static",
"ccb2d8ad4b5c328d810c53fa43b41f6641af0f002a45d548f6ed9d9f546d3dbe"
],
"LICENSE": [
"calico",
"static",
"58d1e17ffe5109a7ae296caafcadfdbe6a7d176f0bc4ab01e12a689b0499d8bd"
],
"Makefile": [
"calico",
"static",
"d49436a9eb35598691285b00e6a678ad74e391a818d55989116e264f40fcd9e6"
],
"README.md": [
"calico",
"static",
"d2d26569f5a63b1be2e23835346ed2e8b0b13cdd74a6efb161221d2462a58dc5"
],
"bin/charm-env": [
"layer:basic",
"static",
"fb6a20fac4102a6a4b6ffe903fcf666998f9a95a3647e6f9af7a1eeb44e58fd5"
],
"bin/layer_option": [
"layer:options",
"static",
"e959bf29da4c5edff28b2602c24113c4df9e25cdc9f2aa3b5d46c8577b2a40cc"
],
"build-calico-resource.sh": [
"calico",
"static",
"1c98f05945166e17cf9c530a6ee064092a323e5529639474b07f380210959acb"
],
"config.yaml": [
"calico",
"dynamic",
"c6014840f64c5c4cab24fa54735832e36ecd11de15ab6e34ecedf5839feca695"
],
"copyright": [
"layer:status",
"static",
"7c0e36e618a8544faaaa3f8e0533c2f1f4a18bcacbdd8b99b537742e6b587d58"
],
"copyright.layer-basic": [
"layer:basic",
"static",
"f6740d66fd60b60f2533d9fcb53907078d1e20920a0219afce7182e2a1c97629"
],
"copyright.layer-leadership": [
"layer:leadership",
"static",
"8ce407829378fc0f72ce44c7f624e4951c7ccb3db1cfb949bee026b701728cc9"
],
"copyright.layer-options": [
"layer:options",
"static",
"f6740d66fd60b60f2533d9fcb53907078d1e20920a0219afce7182e2a1c97629"
],
"docs/status.md": [
"layer:status",
"static",
"975dec9f8c938196e102e954a80226bda293407c4e5ae857c118bf692154702a"
],
"exec.d/docker-compose/charm-pre-install": [
"calico",
"static",
"2760db1047cdc4beeb974923c693bf824d45a9ee88fb50496efada92461aceb8"
],
"hooks/cni-relation-broken": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/cni-relation-changed": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/cni-relation-created": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/cni-relation-departed": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/cni-relation-joined": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/config-changed": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/etcd-relation-broken": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/etcd-relation-changed": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/etcd-relation-created": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/etcd-relation-departed": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/etcd-relation-joined": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/hook.template": [
"layer:basic",
"static",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/install": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/leader-elected": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/leader-settings-changed": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/post-series-upgrade": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/pre-series-upgrade": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/relations/etcd/.gitignore": [
"interface:etcd",
"static",
"cf237c7aff44efbe6e502e645c3e06da03a69d7bdeb43392108ef3348143417e"
],
"hooks/relations/etcd/README.md": [
"interface:etcd",
"static",
"93873d073f5f5302d352e09321aaf87458556e9730f89e1c682699c1d0db2386"
],
"hooks/relations/etcd/__init__.py": [
"interface:etcd",
"static",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"hooks/relations/etcd/interface.yaml": [
"interface:etcd",
"static",
"ba9f723b57a434f7efb2c06abec4167cd412c16da5f496a477dd7691e9a715be"
],
"hooks/relations/etcd/peers.py": [
"interface:etcd",
"static",
"99419c3d139fb5bb90021e0482f9e7ac2cfb776fb7af79b46209c6a75b36e834"
],
"hooks/relations/etcd/provides.py": [
"interface:etcd",
"static",
"3db1f644ab669e2dec59d59b61de63b721bc05b38fe646e525fff8f0d60982f9"
],
"hooks/relations/etcd/requires.py": [
"interface:etcd",
"static",
"8ffc1a094807fd36a1d1428b0a07b2428074134d46086066ecd6c0acd9fcd13e"
],
"hooks/relations/kubernetes-cni/.gitignore": [
"interface:kubernetes-cni",
"static",
"cf237c7aff44efbe6e502e645c3e06da03a69d7bdeb43392108ef3348143417e"
],
"hooks/relations/kubernetes-cni/.travis.yml": [
"interface:kubernetes-cni",
"static",
"c2bd1b88f26c88b883696cca155c28671359a256ed48b90a9ea724b376f2a829"
],
"hooks/relations/kubernetes-cni/README.md": [
"interface:kubernetes-cni",
"static",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"hooks/relations/kubernetes-cni/__init__.py": [
"interface:kubernetes-cni",
"static",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"hooks/relations/kubernetes-cni/interface.yaml": [
"interface:kubernetes-cni",
"static",
"03affdaf7e879adfdf8c434aa31d40faa6d2872faa7dfd93a5d3a1ebae02487d"
],
"hooks/relations/kubernetes-cni/provides.py": [
"interface:kubernetes-cni",
"static",
"4c3fc3f06a42a2f67fc03c4bc1b4c617021dc1ebb7111527ce6d9cd523b0c40e"
],
"hooks/relations/kubernetes-cni/requires.py": [
"interface:kubernetes-cni",
"static",
"c5fdd7a0eae100833ae6c79474f931803466cd5b206cf8f456cd6f2716d1d2fa"
],
"hooks/relations/kubernetes-cni/tox.ini": [
"interface:kubernetes-cni",
"static",
"bf0fb0883583bb3deebd17e7ebd4599d9f3770c19a6fc7683044654b6e982c90"
],
"hooks/start": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/stop": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/update-status": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"hooks/upgrade-charm": [
"layer:basic",
"dynamic",
"2b693cb2a11594a80cc91235c2dc219a0a6303ae62bee8aa87eb35781f7158f7"
],
"icon.svg": [
"calico",
"static",
"49b68e61506d639d3c859e9477338469d1d44f7b76ad381ff152c728c71c43d9"
],
"layer.yaml": [
"calico",
"dynamic",
"8547f11913f564feb1ca4f6674788385e237b4d8d1939c5a8675c6bbb4f1d8e3"
],
"lib/calico_common.py": [
"calico",
"static",
"ec886f86a4505148016a540652c51afd7bf8ee4ef3b21db368e10ded2b9569be"
],
"lib/calico_upgrade.py": [
"calico",
"static",
"1200e9016b1db2f2a853033d04126adff1d4d43ccb29c48a613232e06f33a8c4"
],
"lib/charms/layer/__init__.py": [
"layer:basic",
"static",
"dfe0d26c6bf409767de6e2546bc648f150e1b396243619bad3aa0553ab7e0e6f"
],
"lib/charms/layer/basic.py": [
"layer:basic",
"static",
"3126b5754ad39402ee27e64527044ddd231ed1cd137fcedaffb51e63a635f108"
],
"lib/charms/layer/execd.py": [
"layer:basic",
"static",
"fda8bd491032db1db8ddaf4e99e7cc878c6fb5432efe1f91cadb5b34765d076d"
],
"lib/charms/layer/options.py": [
"layer:options",
"static",
"8ae7a07d22542fc964f2d2bee8219d1c78a68dace70a1b38d36d4aea47b1c3b2"
],
"lib/charms/layer/status.py": [
"layer:status",
"static",
"d560a5e07b2e5f2b0f25f30e1f0278b06f3f90c01e4dbad5c83d71efc79018c6"
],
"lib/charms/leadership.py": [
"layer:leadership",
"static",
"20ffcbbc08147506759726ad51567420659ffb8a2e0121079240b8706658e332"
],
"make_docs": [
"layer:status",
"static",
"c990f55c8e879793a62ed8464ee3d7e0d7d2225fdecaf17af24b0df0e2daa8c1"
],
"metadata.yaml": [
"calico",
"dynamic",
"b1a1e252fb9eac35a8b1a10564b400a07d5c810d8ceed1a1e3460bea314886bb"
],
"pydocmd.yml": [
"layer:status",
"static",
"11d9293901f32f75f4256ae4ac2073b92ce1d7ef7b6c892ba9fbb98690a0b330"
],
"reactive/__init__.py": [
"layer:leadership",
"static",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"reactive/calico.py": [
"calico",
"static",
"3037c342634848aca03bb3a8b818102ae13e4d82942e1c8f8761c8465b808e14"
],
"reactive/leadership.py": [
"layer:leadership",
"static",
"e2b233cf861adc3b2d9e9c062134ce2f104953f03283cdddd88f49efee652e8f"
],
"reactive/status.py": [
"layer:status",
"static",
"30207fc206f24e91def5252f1c7f7c8e23c0aed0e93076babf5e03c05296d207"
],
"requirements.txt": [
"layer:basic",
"static",
"a00f75d80849e5b4fc5ad2e7536f947c25b1a4044b341caa8ee87a92d3a4c804"
],
"script/bootstrap": [
"calico",
"static",
"1985d9a07e8d764351530f6eb1b81bef6a4c035dc75422c03f4672ceaf1a4c18"
],
"script/build": [
"calico",
"static",
"e78cab1bead2e3c8f7970558f4d08a81f6cc59e5c2903e997644f7e51e7a3633"
],
"script/upload": [
"calico",
"static",
"db3cd04f1d4c2a2be12becb8d62bf879701cbca3da0d458b4c362439b32ebfc1"
],
"templates/10-calico.conflist": [
"calico",
"static",
"9332e14d9422781530cd13fef5748e3d06fcce7f4221123f625c3a7e09238abb"
],
"templates/calico-node.service": [
"calico",
"static",
"beae0c32a25f911a37363064af7bfa96a39f14ab99b3060412491382a81ddaa7"
],
"templates/calicoctl": [
"calico",
"static",
"b913dfdce8de51aa9a13950817e4101f8f4229052927a272fff5b37a4370537f"
],
"templates/policy-controller.yaml": [
"calico",
"static",
"3bd0f0f714a8c7f418fdb7556f10097d963dbf0c6232a41606163c30022f0e9e"
],
"tests/00-setup": [
"calico",
"static",
"111c079b81d260bbcd716dcf41672372a4cf4aaa14154b6c3055deeedae37a06"
],
"tests/10-deploy": [
"calico",
"static",
"e895f7720cd0ce3956082054f15b0cebce683aa44f66bb32038bab1e693bf74f"
],
"tests/conftest.py": [
"calico",
"static",
"2c58cb11bf276805f586c05c20bf4ba15a7431b5c23ea3323dc4256ddc34c4d2"
],
"tests/test_calico.py": [
"calico",
"static",
"2de748d396d66f5c581ade110a3f8a709e6aabe50f97502e1d0ac0ec817c223d"
],
"tox.ini": [
"calico",
"static",
"1ce2114e5084c1f5bc99f1768c0566f77b8216166974de3b17c47e97b54aba7d"
],
"version": [
"calico",
"dynamic",
"44a751fcf4d3ba30169f70f2b7b84b9cfc381b6f514c41fe4d3ef8afe2ff9086"
],
"wheelhouse.txt": [
"calico",
"dynamic",
"cb5ab8b42ebef8ae5adc80de0d7c39f84aeaa97207298aa453142bff87c39f8c"
],
"wheelhouse/Jinja2-2.10.1.tar.gz": [
"layer:basic",
"dynamic",
"065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013"
],
"wheelhouse/MarkupSafe-1.1.1.tar.gz": [
"layer:basic",
"dynamic",
"29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b"
],
"wheelhouse/PyYAML-5.2.tar.gz": [
"layer:basic",
"dynamic",
"c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c"
],
"wheelhouse/Tempita-0.5.2.tar.gz": [
"__pip__",
"dynamic",
"cacecf0baa674d356641f1d406b8bff1d756d739c46b869a54de515d08e6fc9c"
],
"wheelhouse/charmhelpers-0.20.22.tar.gz": [
"layer:basic",
"dynamic",
"b7550108118ce4f87488343384441797777d0da746e1346ed4e6361b4eab0ddb"
],
"wheelhouse/charms.reactive-1.4.1.tar.gz": [
"layer:basic",
"dynamic",
"bba21b4fd40b26c240c9ef2aa10c6fdf73592031c68591da4e7ccc46ca9cb616"
],
"wheelhouse/click-7.1.2.tar.gz": [
"calico",
"dynamic",
"d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a"
],
"wheelhouse/conctl-py35-0.1.2.tar.gz": [
"__pip__",
"dynamic",
"fad07dd70e04338f2df7fa5a38448223613b87b09a571ea5d2b3c780bb1eca0b"
],
"wheelhouse/netaddr-0.7.19.tar.gz": [
"layer:basic",
"dynamic",
"38aeec7cdd035081d3a4c306394b19d677623bf76fa0913f6695127c7753aefd"
],
"wheelhouse/pbr-5.6.0.tar.gz": [
"__pip__",
"dynamic",
"42df03e7797b796625b1029c0400279c7c34fd7df24a7d7818a1abb5b38710dd"
],
"wheelhouse/pip-18.1.tar.gz": [
"layer:basic",
"dynamic",
"c0a292bd977ef590379a3f05d7b7f65135487b67470f6281289a94e015650ea1"
],
"wheelhouse/pyaml-20.4.0.tar.gz": [
"__pip__",
"dynamic",
"29a5c2a68660a799103d6949167bd6c7953d031449d08802386372de1db6ad71"
],
"wheelhouse/setuptools-41.6.0.zip": [
"layer:basic",
"dynamic",
"6afa61b391dcd16cb8890ec9f66cc4015a8a31a6e1c2b4e0c464514be1a3d722"
],
"wheelhouse/setuptools_scm-1.17.0.tar.gz": [
"layer:basic",
"dynamic",
"70a4cf5584e966ae92f54a764e6437af992ba42ac4bca7eb37cc5d02b98ec40a"
],
"wheelhouse/six-1.16.0.tar.gz": [
"__pip__",
"dynamic",
"1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"
],
"wheelhouse/wheel-0.33.6.tar.gz": [
"layer:basic",
"dynamic",
"10c9da68765315ed98850f8e048347c3eb06dd81822dc2ab1d4fde9dc9702646"
]
}
}

16
calico/.github/workflows/build.yml vendored Normal file
View File

@ -0,0 +1,16 @@
name: Builds calico charm
on: [push, pull_request]
jobs:
build:
name: Build charm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Python 3.8
uses: actions/setup-python@v2
with:
python-version: '3.8'
- name: Run build
run: |
make charm

22
calico/.github/workflows/tox.yaml vendored Normal file
View File

@ -0,0 +1,22 @@
name: Run tests with Tox
on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python: [3.6, 3.7, 3.8, 3.9]
steps:
- uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python }}
- name: Install Tox and any other packages
run: pip install tox
- name: Run Tox
run: tox -e py # Run tox using the version of Python in `PATH`

3
calico/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
.tox/
__pycache__/
*.pyc

12
calico/.travis/profile-update.yaml Normal file
View File

@ -0,0 +1,12 @@
config: {}
description: Default LXD profile - updated
devices:
eth0:
name: eth0
parent: lxdbr0
nictype: bridged
type: nic
root:
path: /
pool: default
type: disk

38
calico/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,38 @@
# Contributor Guide
This Juju charm is open source ([Apache License 2.0](./LICENSE)) and we actively seek any community contibutions
for code, suggestions and documentation.
This page details a few notes, workflows and suggestions for how to make contributions most effective and help us
all build a better charm - please give them a read before working on any contributions.
## Licensing
This charm has been created under the [Apache License 2.0](./LICENSE), which will cover any contributions you may
make to this project. Please familiarise yourself with the terms of the license.
Additionally, this charm uses the Harmony CLA agreement. Its the easiest way for you to give us permission to
use your contributions.
In effect, youre giving us a license, but you still own the copyright — so you retain the right to modify your
code and use it in other projects. Please [sign the CLA here](https://ubuntu.com/legal/contributors/agreement) before
making any contributions.
## Code of conduct
We have adopted the Ubuntu code of Conduct. You can read this in full [here](https://ubuntu.com/community/code-of-conduct).
## Contributing code
The [DEVELOPING.md](./DEVELOPING.md) page has some useful information regarding building and testing. To contribute code
to this project, the workflow is as follows:
1. [Submit a bug](https://bugs.launchpad.net/charm-calico/+filebug) to explain the need for and track the change.
2. Create a branch on your fork of the repo with your changes, including a unit test covering the new or modified code.
3. Submit a PR. The PR description should include a link to the bug on Launchpad.
4. Update the Launchpad bug to include a link to the PR and the `review-needed` tag.
5. Once reviewed and merged, the change will become available on the edge channel and assigned to an appropriate milestone
for further release according to priority.
## Documentation
Documentation for this charm is currently maintained as part of the Charmed Kubernetes docs.
See [this page](https://github.com/charmed-kubernetes/kubernetes-docs/blob/master/pages/k8s/charm-calico.md)

62
calico/DEVELOPING.md Normal file
View File

@ -0,0 +1,62 @@
# Developing layer-calico
## Installing build dependencies
To install build dependencies:
```
sudo snap install charm --classic
sudo apt install docker.io
sudo usermod -aG docker $USER
```
After running these commands, terminate your shell session and start a new one
to pick up the modified user groups.
## Building the charm
To build the charm:
```
charm build
```
By default, this will build the charm and place it in
`/tmp/charm-builds/calico`.
## Building resources
To build resources:
```
./build-calico-resources.sh
```
This will produce several .tar.gz files that you will need to attach to the
charm when you deploy it.
## Testing
You can test a locally built calico charm by deploying it with Charmed
Kubernetes.
Create a file named `local-calico.yaml` that contains the following (with paths
adjusted to fit your environment):
```
applications:
calico:
charm: /tmp/charm-builds/calico
resources:
calico: /path/to/layer-calico/calico-amd64.tar.gz
calico-upgrade: /path/to/layer-calico/calico-upgrade-amd64.tar.gz
```
Then deploy Charmed Kubernetes with your locally built calico charm:
```
juju deploy cs:~containers/kubernetes-calico --overlay local-calico.yaml
```
## Helpful links
* [Getting Started with charm development](https://jaas.ai/docs/getting-started-with-charm-development)
* [Charm tools documentation](https://jaas.ai/docs/charm-tools)
* [Charmed Kubernetes Calico documentation](https://ubuntu.com/kubernetes/docs/cni-calico)

202
calico/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

18
calico/Makefile Normal file
View File

@ -0,0 +1,18 @@
CHANNEL ?= unpublished
CHARM := calico
setup-env:
bash script/bootstrap
charm: setup-env
bash script/build
upload:
ifndef NAMESPACE
$(error NAMESPACE is not set)
endif
env CHARM=$(CHARM) NAMESPACE=$(NAMESPACE) CHANNEL=$(CHANNEL) bash script/upload
.phony: charm upload setup-env
all: charm

22
calico/README.md Normal file
View File

@ -0,0 +1,22 @@
# Calico Charm
Calico is a new approach to virtual networking and network security for containers,
VMs, and bare metal services, that provides a rich set of security enforcement
capabilities running on top of a highly scalable and efficient virtual network fabric.
This charm will deploy calico as a background service, and configure CNI for
use with calico, on any principal charm that implements the [kubernetes-cni][]
interface.
This charm is a component of Charmed Kubernetes. For full information,
please visit the [official Charmed Kubernetes docs](https://www.ubuntu.com/kubernetes/docs/charm-calico).
[kubernetes-cni]: https://github.com/juju-solutions/interface-kubernetes-cni
# Developers
## Build charm
```
make charm
```

107
calico/bin/charm-env Executable file
View File

@ -0,0 +1,107 @@
#!/bin/bash
VERSION="1.0.0"
find_charm_dirs() {
# Hopefully, $JUJU_CHARM_DIR is set so which venv to use in unambiguous.
if [[ -n "$JUJU_CHARM_DIR" || -n "$CHARM_DIR" ]]; then
if [[ -z "$JUJU_CHARM_DIR" ]]; then
# accept $CHARM_DIR to be more forgiving
export JUJU_CHARM_DIR="$CHARM_DIR"
fi
if [[ -z "$CHARM_DIR" ]]; then
# set CHARM_DIR as well to help with backwards compatibility
export CHARM_DIR="$JUJU_CHARM_DIR"
fi
return
fi
# Try to guess the value for JUJU_CHARM_DIR by looking for a non-subordinate
# (because there's got to be at least one principle) charm directory;
# if there are several, pick the first by alpha order.
agents_dir="/var/lib/juju/agents"
if [[ -d "$agents_dir" ]]; then
desired_charm="$1"
found_charm_dir=""
if [[ -n "$desired_charm" ]]; then
for charm_dir in $(/bin/ls -d "$agents_dir"/unit-*/charm); do
charm_name="$(grep -o '^['\''"]\?name['\''"]\?:.*' $charm_dir/metadata.yaml 2> /dev/null | sed -e 's/.*: *//' -e 's/['\''"]//g')"
if [[ "$charm_name" == "$desired_charm" ]]; then
if [[ -n "$found_charm_dir" ]]; then
>&2 echo "Ambiguous possibilities for JUJU_CHARM_DIR matching '$desired_charm'; please run within a Juju hook context"
exit 1
fi
found_charm_dir="$charm_dir"
fi
done
if [[ -z "$found_charm_dir" ]]; then
>&2 echo "Unable to determine JUJU_CHARM_DIR matching '$desired_charm'; please run within a Juju hook context"
exit 1
fi
export JUJU_CHARM_DIR="$found_charm_dir"
export CHARM_DIR="$found_charm_dir"
return
fi
# shellcheck disable=SC2126
non_subordinates="$(grep -L 'subordinate"\?:.*true' "$agents_dir"/unit-*/charm/metadata.yaml | wc -l)"
if [[ "$non_subordinates" -gt 1 ]]; then
>&2 echo 'Ambiguous possibilities for JUJU_CHARM_DIR; please use --charm or run within a Juju hook context'
exit 1
elif [[ "$non_subordinates" -eq 1 ]]; then
for charm_dir in $(/bin/ls -d "$agents_dir"/unit-*/charm); do
if grep -q 'subordinate"\?:.*true' "$charm_dir/metadata.yaml"; then
continue
fi
export JUJU_CHARM_DIR="$charm_dir"
export CHARM_DIR="$charm_dir"
return
done
fi
fi
>&2 echo 'Unable to determine JUJU_CHARM_DIR; please run within a Juju hook context'
exit 1
}
try_activate_venv() {
if [[ -d "$JUJU_CHARM_DIR/../.venv" ]]; then
. "$JUJU_CHARM_DIR/../.venv/bin/activate"
fi
}
find_wrapped() {
PATH="${PATH/\/usr\/local\/sbin:}" which "$(basename "$0")"
}
if [[ "$1" == "--version" || "$1" == "-v" ]]; then
echo "$VERSION"
exit 0
fi
# allow --charm option to hint which JUJU_CHARM_DIR to choose when ambiguous
# NB: --charm option must come first
# NB: option must be processed outside find_charm_dirs to modify $@
charm_name=""
if [[ "$1" == "--charm" ]]; then
charm_name="$2"
shift; shift
fi
find_charm_dirs "$charm_name"
try_activate_venv
export PYTHONPATH="$JUJU_CHARM_DIR/lib:$PYTHONPATH"
if [[ "$(basename "$0")" == "charm-env" ]]; then
# being used as a shebang
exec "$@"
elif [[ "$0" == "$BASH_SOURCE" ]]; then
# being invoked as a symlink wrapping something to find in the venv
exec "$(find_wrapped)" "$@"
elif [[ "$(basename "$BASH_SOURCE")" == "charm-env" ]]; then
# being sourced directly; do nothing
/bin/true
else
# being sourced for wrapped bash helpers
. "$(find_wrapped)"
fi

22
calico/bin/layer_option Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
import sys
import argparse
from charms import layer
parser = argparse.ArgumentParser(description='Access layer options.')
parser.add_argument('section',
help='the section, or layer, the option is from')
parser.add_argument('option',
help='the option to access')
args = parser.parse_args()
value = layer.options.get(args.section, args.option)
if isinstance(value, bool):
sys.exit(0 if value else 1)
elif isinstance(value, list):
for val in value:
print(val)
else:
print(value)

112
calico/build-calico-resource.sh Executable file
View File

@ -0,0 +1,112 @@
#!/bin/bash
set -eux
# This script will fetch binaries and create resource tarballs for use by
# charm-[push|release]. The arm64 binaries are not available upsteram for
# v2.6, so we must build them and host them somewhere ourselves. The steps
# for doing that are documented here:
#
# https://gist.github.com/kwmonroe/9b5f8dac2c17f93629a1a3868b22d671
# Supported calico architectures
arches="amd64 arm64"
calicoctl_version="v3.10.1"
calico_cni_version="v3.10.1"
function fetch_and_validate() {
# fetch a binary and make sure it's what we expect (executable > 20MB)
min_bytes=20000000
location="${1-}"
if [ -z ${location} ]; then
echo "$0: Missing location parameter for fetch_and_validate"
exit 1
fi
# remove everything up until the last slash to get the filename
filename=$(echo "${location##*/}")
case ${location} in
http*)
fetch_cmd="wget ${location} -O ./${filename}"
;;
*)
fetch_cmd="scp ${location} ./${filename}"
;;
esac
${fetch_cmd}
# Make sure we fetched something big enough
actual_bytes=$(wc -c < ${filename})
if [ $actual_bytes -le $min_bytes ]; then
echo "$0: ${filename} should be at least ${min_bytes} bytes"
exit 1
fi
# Make sure we fetched a binary
if ! file ${filename} 2>&1 | grep -q 'executable'; then
echo "$0: ${filename} is not an executable"
exit 1
fi
}
for arch in ${arches}; do
rm -rf resource-build-$arch
mkdir resource-build-$arch
pushd resource-build-$arch
fetch_and_validate \
https://github.com/projectcalico/calicoctl/releases/download/$calicoctl_version/calicoctl-linux-$arch
fetch_and_validate \
https://github.com/projectcalico/cni-plugin/releases/download/$calico_cni_version/calico-$arch
fetch_and_validate \
https://github.com/projectcalico/cni-plugin/releases/download/$calico_cni_version/calico-ipam-$arch
mv calicoctl-linux-$arch calicoctl
mv calico-$arch calico
mv calico-ipam-$arch calico-ipam
chmod +x calicoctl calico calico-ipam
tar -zcvf ../calico-$arch.tar.gz .
popd
rm -rf resource-build-$arch
done
# calico-upgrade resource
for arch in ${arches}; do
rm -rf resource-build-upgrade
mkdir resource-build-upgrade
pushd resource-build-upgrade
if [ $arch = amd64 ]; then
fetch_and_validate \
https://github.com/projectcalico/calico-upgrade/releases/download/v1.0.5/calico-upgrade
chmod +x calico-upgrade
elif [ $arch = arm64 ]; then
# git clone https://github.com/projectcalico/calico-upgrade repo
# pushd repo
# git checkout 2de2f7a0f26ef3bb1c2cabf06b2dcbcc2bba1d35 # known good commit
# make build ARCH=arm64
# popd
# mv repo/dist/calico-upgrade-linux-$arch ./calico-upgrade
# arm64 builds are failing due to an upstream issue:
# https://github.com/projectcalico/calico-upgrade/issues/42
# For now, we will pull a previously built binary from the charm store.
wget https://api.jujucharms.com/charmstore/v5/~containers/calico-698/resource/calico-upgrade-arm64/462 \
-O calico-upgrade-arm64.tar.gz
tar -xf calico-upgrade-arm64.tar.gz
checksum="$(sha256sum calico-upgrade)"
if [ "$checksum" != "7a07816c26ad19f526ab2f57353043dabd708a48185268b41493e458c59b797d calico-upgrade" ]; then
echo 'ERROR: checksum does not match, aborting'
exit 1
fi
else
echo "Unsupported architecture for calico-upgrade: $arch"
exit 1
fi
tar -zcvf ../calico-upgrade-$arch.tar.gz ./calico-upgrade
popd
rm -rf resource-build-upgrade
done
# calico-upgrade arm64
rm -rf resource-build-upgrade-arm64
touch calico-node-image.tar.gz

145
calico/config.yaml Normal file
View File

@ -0,0 +1,145 @@
"options":
"calico-node-image":
"type": "string"
# Please refer to layer-canal/versioning.md before changing the version below.
"default": "rocks.canonical.com:443/cdk/calico/node:v3.10.1"
"description": |
The image id to use for calico/node.
"calico-policy-image":
"type": "string"
"default": "rocks.canonical.com:443/cdk/calico/kube-controllers:v3.10.1"
"description": |
The image id to use for calico/kube-controllers.
"ipip":
"type": "string"
"default": "Never"
"description": |
IPIP encapsulation mode. Must be one of "Always", "CrossSubnet", or "Never".
This is incompatible with VXLAN encapsulation. If VXLAN encapsulation is
enabled, then this must be set to "Never".
"vxlan":
"type": "string"
"default": "Never"
"description": |
VXLAN encapsulation mode. Must be one of "Always", "CrossSubnet", or "Never".
This is incompatible with IPIP encapsulation. If IPIP encapsulation is
enabled, then this must be set to "Never".
"veth-mtu":
"type": "int"
"default": !!null ""
"description": |
Set veth MTU size. This should be set to the MTU size of the base network.
If VXLAN is enabled, then the charm will automatically subtract 50 from the
specified MTU size.
If IPIP is enabled, then the charm will automatically subtract 20 from the
specified MTU size.
"nat-outgoing":
"type": "boolean"
"default": !!bool "true"
"description": |
NAT outgoing traffic
"cidr":
"type": "string"
"default": "192.168.0.0/16"
"description": |
Network CIDR assigned to Calico. This is applied to the default Calico
pool, and is also communicated to the Kubernetes charms for use in
kube-proxy configuration.
"manage-pools":
"type": "boolean"
"default": !!bool "true"
"description": |
If true, a default pool is created using the cidr and ipip charm
configuration values.
Warning: When manage-pools is enabled, the charm will delete any pools
that are unrecognized.
"global-as-number":
"type": "int"
"default": !!int "64512"
"description": |
Global AS number.
"subnet-as-numbers":
"type": "string"
"default": "{}"
"description": |
Mapping of subnets to AS numbers, specified as YAML. Each Calico node
will be assigned an AS number based on the entries in this mapping.
Example value: "{10.0.0.0/24: 64512, 10.0.1.0/24: 64513}"
If a node's IP matches any of the specified subnets, then the
corresponding AS number is used instead of the global one.
If a node's IP matches no subnets, then the global AS number will be
used instead.
If a node's IP matches multiple subnets, then the most specific subnet
will be used, e.g. a /24 subnet will take precedence over a /16.
"unit-as-numbers":
"type": "string"
"default": "{}"
"description": |
Mapping of unit IDs to AS numbers, specified as YAML. Each Calico node
will be assigned an AS number based on the entries in this mapping.
Example value: "{0: 64512, 1: 64513}"
This takes precedence over global-as-number and subnet-as-numbers.
"node-to-node-mesh":
"type": "boolean"
"default": !!bool "true"
"description": |
When enabled, each Calico node will peer with every other Calico node in
the cluster.
"global-bgp-peers":
"type": "string"
"default": "[]"
"description": |
List of global BGP peers. Each BGP peer is specified with an address and
an as-number.
Example value: "[{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}]"
"subnet-bgp-peers":
"type": "string"
"default": "{}"
"description": |
Mapping of subnets to lists of BGP peers. Each BGP peer is specified with
an address and an as-number.
Example value: "{10.0.0.0/24: [{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}], 10.0.1.0/24: [{address: 10.0.1.1, as-number: 65002}]}"
If a node's IP matches multiple subnets, then peerings will be added for
each matched subnet.
"unit-bgp-peers":
"type": "string"
"default": "{}"
"description": |
Mapping of unit IDs to lists of BGP peers. Each BGP peer is specified
with an address and an as-number.
Example value: "{0: [{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}], 1: [{address: 10.0.1.1, as-number: 65002}]}"
"route-reflector-cluster-ids":
"type": "string"
"default": "{}"
"description": |
Mapping of unit IDs to route reflector cluster IDs. Assigning a route
reflector cluster ID allows the node to function as a route reflector.
Example value: "{0: 224.0.0.1, 2: 224.0.0.1}"
"ignore-loose-rpf":
"type": "boolean"
"default": !!bool "false"
"description": |
Enable or disable IgnoreLooseRPF for Calico Felix. This is only used
when rp_filter is set to a value of 2.
"disable-vxlan-tx-checksumming":
"type": "boolean"
"default": !!bool "true"
"description": |
When set to true, if VXLAN encapsulation is in use, then the charm will
disable TX checksumming on the vxlan.calico network interface. This works
around an upstream issue in Calico:
https://github.com/projectcalico/calico/issues/3145

16
calico/copyright Normal file
View File

@ -0,0 +1,16 @@
Format: http://dep.debian.net/deps/dep5/
Files: *
Copyright: Copyright 2018, Canonical Ltd., All Rights Reserved.
License: Apache License 2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

16
calico/copyright.layer-basic Normal file
View File

@ -0,0 +1,16 @@
Format: http://dep.debian.net/deps/dep5/
Files: *
Copyright: Copyright 2015-2017, Canonical Ltd., All Rights Reserved.
License: Apache License 2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

15
calico/copyright.layer-leadership Normal file
View File

@ -0,0 +1,15 @@
Copyright 2015-2016 Canonical Ltd.
This file is part of the Leadership Layer for Juju.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranties of
MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

16
calico/copyright.layer-options Normal file
View File

@ -0,0 +1,16 @@
Format: http://dep.debian.net/deps/dep5/
Files: *
Copyright: Copyright 2015-2017, Canonical Ltd., All Rights Reserved.
License: Apache License 2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

91
calico/docs/status.md Normal file
View File

@ -0,0 +1,91 @@
<h1 id="charms.layer.status.WorkloadState">WorkloadState</h1>
```python
WorkloadState(self, /, *args, **kwargs)
```
Enum of the valid workload states.
Valid options are:
* `WorkloadState.MAINTENANCE`
* `WorkloadState.BLOCKED`
* `WorkloadState.WAITING`
* `WorkloadState.ACTIVE`
<h1 id="charms.layer.status.maintenance">maintenance</h1>
```python
maintenance(message)
```
Set the status to the `MAINTENANCE` state with the given operator message.
__Parameters__
- __`message` (str)__: Message to convey to the operator.
<h1 id="charms.layer.status.maint">maint</h1>
```python
maint(message)
```
Shorthand alias for
[maintenance](status.md#charms.layer.status.maintenance).
__Parameters__
- __`message` (str)__: Message to convey to the operator.
<h1 id="charms.layer.status.blocked">blocked</h1>
```python
blocked(message)
```
Set the status to the `BLOCKED` state with the given operator message.
__Parameters__
- __`message` (str)__: Message to convey to the operator.
<h1 id="charms.layer.status.waiting">waiting</h1>
```python
waiting(message)
```
Set the status to the `WAITING` state with the given operator message.
__Parameters__
- __`message` (str)__: Message to convey to the operator.
<h1 id="charms.layer.status.active">active</h1>
```python
active(message)
```
Set the status to the `ACTIVE` state with the given operator message.
__Parameters__
- __`message` (str)__: Message to convey to the operator.
<h1 id="charms.layer.status.status_set">status_set</h1>
```python
status_set(workload_state, message)
```
Set the status to the given workload state with a message.
__Parameters__
- __`workload_state` (WorkloadState or str)__: State of the workload. Should be
a [WorkloadState](status.md#charms.layer.status.WorkloadState) enum
member, or the string value of one of those members.
- __`message` (str)__: Message to convey to the operator.

4
calico/exec.d/docker-compose/charm-pre-install Normal file
View File

@ -0,0 +1,4 @@
# This stubs out charm-pre-install coming from layer-docker as a workaround for
# offline installs until https://github.com/juju/charm-tools/issues/301 is fixed.

22
calico/hooks/cni-relation-broken Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/cni-relation-changed Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/cni-relation-created Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/cni-relation-departed Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/cni-relation-joined Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/config-changed Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/etcd-relation-broken Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/etcd-relation-changed Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/etcd-relation-created Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/etcd-relation-departed Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/etcd-relation-joined Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/hook.template Normal file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/install Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/leader-elected Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/leader-settings-changed Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/post-series-upgrade Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/pre-series-upgrade Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

1
calico/hooks/relations/etcd/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.DS_Store

89
calico/hooks/relations/etcd/README.md Normal file
View File

@ -0,0 +1,89 @@
# Overview
This interface layer handles the communication with Etcd via the `etcd`
interface.
# Usage
## Requires
This interface layer will set the following states, as appropriate:
* `{relation_name}.connected` The relation is established, but Etcd may not
yet have provided any connection or service information.
* `{relation_name}.available` Etcd has provided its connection string
information, and is ready to serve as a KV store.
The provided information can be accessed via the following methods:
* `etcd.get_connection_string()`
* `etcd.get_version()`
* `{relation_name}.tls.available` Etcd has provided the connection string
information, and the tls client credentials to communicate with it.
The client credentials can be accessed via:
* `{relation_name}.get_client_credentials()` returning a dictionary of
the clinet certificate, key and CA.
* `{relation_name}.save_client_credentials(key, cert, ca)` is a convenience
method to save the client certificate, key and CA to files of your
choosing.
For example, a common application for this is configuring an applications
backend key/value storage, like Docker.
```python
@when('etcd.available', 'docker.available')
def swarm_etcd_cluster_setup(etcd):
con_string = etcd.connection_string().replace('http', 'etcd')
opts = {}
opts['connection_string'] = con_string
render('docker-compose.yml', 'files/swarm/docker-compose.yml', opts)
```
## Provides
A charm providing this interface is providing the Etcd rest api service.
This interface layer will set the following states, as appropriate:
* `{relation_name}.connected` One or more clients of any type have
been related. The charm should call the following methods to provide the
appropriate information to the clients:
* `{relation_name}.set_connection_string(string, version)`
* `{relation_name}.set_client_credentials(key, cert, ca)`
Example:
```python
@when('db.connected')
def send_connection_details(db):
cert = leader_get('client_certificate')
key = leader_get('client_key')
ca = leader_get('certificate_authority')
# Set the key, cert, and ca on the db relation
db.set_client_credentials(key, cert, ca)
port = hookenv.config().get('port')
# Get all the peers participating in the cluster relation.
addresses = cluster.get_peer_addresses()
connections = []
for address in addresses:
connections.append('http://{0}:{1}'.format(address, port))
# Set the connection string on the db relation.
db.set_connection_string(','.join(conections))
```
# Contact Information
### Maintainer
- Charles Butler <charles.butler@canonical.com>
# Etcd
- [Etcd](https://coreos.com/etcd/) home page
- [Etcd bug trackers](https://github.com/coreos/etcd/issues)
- [Etcd Juju Charm](http://jujucharms.com/?text=etcd)

0
calico/hooks/relations/etcd/__init__.py Normal file
View File

4
calico/hooks/relations/etcd/interface.yaml Normal file
View File

@ -0,0 +1,4 @@
name: etcd
summary: Interface for relating to ETCD
version: 2
maintainer: "Charles Butler <charles.butler@canonical.com>"

70
calico/hooks/relations/etcd/peers.py Normal file
View File

@ -0,0 +1,70 @@
#!/usr/bin/python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from charms.reactive import RelationBase
from charms.reactive import hook
from charms.reactive import scopes
class EtcdPeer(RelationBase):
'''This class handles peer relation communication by setting states that
the reactive code can respond to. '''
scope = scopes.UNIT
@hook('{peers:etcd}-relation-joined')
def peer_joined(self):
'''A new peer has joined, set the state on the unit so we can track
when they are departed. '''
conv = self.conversation()
conv.set_state('{relation_name}.joined')
@hook('{peers:etcd}-relation-departed')
def peers_going_away(self):
'''Trigger a state on the unit that it is leaving. We can use this
state in conjunction with the joined state to determine which unit to
unregister from the etcd cluster. '''
conv = self.conversation()
conv.remove_state('{relation_name}.joined')
conv.set_state('{relation_name}.departing')
def dismiss(self):
'''Remove the departing state from all other units in the conversation,
and we can resume normal operation.
'''
for conv in self.conversations():
conv.remove_state('{relation_name}.departing')
def get_peers(self):
'''Return a list of names for the peers participating in this
conversation scope. '''
peers = []
# Iterate over all the conversations of this type.
for conversation in self.conversations():
peers.append(conversation.scope)
return peers
def set_db_ingress_address(self, address):
'''Set the ingress address belonging to the db relation.'''
for conversation in self.conversations():
conversation.set_remote('db-ingress-address', address)
def get_db_ingress_addresses(self):
'''Return a list of db ingress addresses'''
addresses = []
# Iterate over all the conversations of this type.
for conversation in self.conversations():
address = conversation.get_remote('db-ingress-address')
if address:
addresses.append(address)
return addresses

47
calico/hooks/relations/etcd/provides.py Normal file
View File

@ -0,0 +1,47 @@
#!/usr/bin/python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from charms.reactive import RelationBase
from charms.reactive import hook
from charms.reactive import scopes
class EtcdProvider(RelationBase):
scope = scopes.GLOBAL
@hook('{provides:etcd}-relation-{joined,changed}')
def joined_or_changed(self):
''' Set the connected state from the provides side of the relation. '''
self.set_state('{relation_name}.connected')
@hook('{provides:etcd}-relation-{broken,departed}')
def broken_or_departed(self):
'''Remove connected state from the provides side of the relation. '''
conv = self.conversation()
if len(conv.units) == 1:
conv.remove_state('{relation_name}.connected')
def set_client_credentials(self, key, cert, ca):
''' Set the client credentials on the global conversation for this
relation. '''
self.set_remote('client_key', key)
self.set_remote('client_ca', ca)
self.set_remote('client_cert', cert)
def set_connection_string(self, connection_string, version=''):
''' Set the connection string on the global conversation for this
relation. '''
# Note: Version added as a late-dependency for 2 => 3 migration
# If no version is specified, consumers should presume etcd 2.x
self.set_remote('connection_string', connection_string)
self.set_remote('version', version)

80
calico/hooks/relations/etcd/requires.py Normal file
View File

@ -0,0 +1,80 @@
#!/usr/bin/python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
from charms.reactive import RelationBase
from charms.reactive import hook
from charms.reactive import scopes
class EtcdClient(RelationBase):
scope = scopes.GLOBAL
@hook('{requires:etcd}-relation-{joined,changed}')
def changed(self):
''' Indicate the relation is connected, and if the relation data is
set it is also available. '''
self.set_state('{relation_name}.connected')
if self.get_connection_string():
self.set_state('{relation_name}.available')
# Get the ca, key, cert from the relation data.
cert = self.get_client_credentials()
# The tls state depends on the existance of the ca, key and cert.
if cert['client_cert'] and cert['client_key'] and cert['client_ca']: # noqa
self.set_state('{relation_name}.tls.available')
@hook('{requires:etcd}-relation-{broken, departed}')
def broken(self):
''' Indicate the relation is no longer available and not connected. '''
self.remove_state('{relation_name}.available')
self.remove_state('{relation_name}.connected')
self.remove_state('{relation_name}.tls.available')
def connection_string(self):
''' This method is depreciated but ensures backward compatibility
@see get_connection_string(self). '''
return self.get_connection_string()
def get_connection_string(self):
''' Return the connection string, if available, or None. '''
return self.get_remote('connection_string')
def get_version(self):
''' Return the version of the etd protocol being used, or None. '''
return self.get_remote('version')
def get_client_credentials(self):
''' Return a dict with the client certificate, ca and key to
communicate with etcd using tls. '''
return {'client_cert': self.get_remote('client_cert'),
'client_key': self.get_remote('client_key'),
'client_ca': self.get_remote('client_ca')}
def save_client_credentials(self, key, cert, ca):
''' Save all the client certificates for etcd to local files. '''
self._save_remote_data('client_cert', cert)
self._save_remote_data('client_key', key)
self._save_remote_data('client_ca', ca)
def _save_remote_data(self, key, path):
''' Save the remote data to a file indicated by path creating the
parent directory if needed.'''
value = self.get_remote(key)
if value:
parent = os.path.dirname(path)
if not os.path.isdir(parent):
os.makedirs(parent)
with open(path, 'w') as stream:
stream.write(value)

1
calico/hooks/relations/kubernetes-cni/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.DS_Store

9
calico/hooks/relations/kubernetes-cni/.travis.yml Normal file
View File

@ -0,0 +1,9 @@
language: python
python:
- "3.5"
- "3.6"
- "3.7"
install:
- pip install tox-travis
script:
- tox

0
calico/hooks/relations/kubernetes-cni/README.md Normal file
View File

0
calico/hooks/relations/kubernetes-cni/__init__.py Normal file
View File

6
calico/hooks/relations/kubernetes-cni/interface.yaml Normal file
View File

@ -0,0 +1,6 @@
name: kubernetes-cni
summary: Interface for relating various CNI implementations
version: 0
maintainer: "George Kraft <george.kraft@canonical.com>"
ignore:
- tests

85
calico/hooks/relations/kubernetes-cni/provides.py Normal file
View File

@ -0,0 +1,85 @@
#!/usr/bin/python
from charmhelpers.core import hookenv
from charms.reactive import Endpoint
from charms.reactive import toggle_flag, is_flag_set, clear_flag, set_flag
class CNIPluginProvider(Endpoint):
def manage_flags(self):
toggle_flag(self.expand_name('{endpoint_name}.connected'),
self.is_joined)
toggle_flag(self.expand_name('{endpoint_name}.available'),
self.config_available())
if is_flag_set(self.expand_name('endpoint.{endpoint_name}.changed')):
clear_flag(self.expand_name('{endpoint_name}.configured'))
clear_flag(self.expand_name('endpoint.{endpoint_name}.changed'))
def set_config(self, is_master, kubeconfig_path):
''' Relays a dict of kubernetes configuration information. '''
for relation in self.relations:
relation.to_publish_raw.update({
'is_master': is_master,
'kubeconfig_path': kubeconfig_path
})
set_flag(self.expand_name('{endpoint_name}.configured'))
def config_available(self):
''' Ensures all config from the CNI plugin is available. '''
goal_state = hookenv.goal_state()
related_apps = [
app for app in goal_state.get('relations', {}).get(self.endpoint_name, '')
if '/' not in app
]
if not related_apps:
return False
configs = self.get_configs()
return all(
'cidr' in config and 'cni-conf-file' in config
for config in [
configs.get(related_app, {}) for related_app in related_apps
]
)
def get_config(self, default=None):
''' Get CNI config for one related application.
If default is specified, and there is a related application with a
matching name, then that application is chosen. Otherwise, the
application is chosen alphabetically.
Whichever application is chosen, that application's CNI config is
returned.
'''
configs = self.get_configs()
if not configs:
return {}
elif default and default not in configs:
msg = 'relation not found for default CNI %s, ignoring' % default
hookenv.log(msg, level='WARN')
return self.get_config()
elif default:
return configs.get(default, {})
else:
return configs.get(sorted(configs)[0], {})
def get_configs(self):
''' Get CNI configs for all related applications.
This returns a mapping of application names to CNI configs. Here's an
example return value:
{
'flannel': {
'cidr': '10.1.0.0/16',
'cni-conf-file': '10-flannel.conflist'
},
'calico': {
'cidr': '192.168.0.0/16',
'cni-conf-file': '10-calico.conflist'
}
}
'''
return {
relation.application_name: relation.joined_units.received_raw
for relation in self.relations if relation.application_name
}

45
calico/hooks/relations/kubernetes-cni/requires.py Normal file
View File

@ -0,0 +1,45 @@
#!/usr/bin/python
from charms.reactive import Endpoint
from charms.reactive import when_any, when_not
from charms.reactive import set_state, remove_state
class CNIPluginClient(Endpoint):
@when_any('endpoint.{endpoint_name}.joined',
'endpoint.{endpoint_name}.changed')
def changed(self):
''' Indicate the relation is connected, and if the relation data is
set it is also available. '''
set_state(self.expand_name('{endpoint_name}.connected'))
config = self.get_config()
if config['is_master'] == 'True':
set_state(self.expand_name('{endpoint_name}.is-master'))
set_state(self.expand_name('{endpoint_name}.configured'))
elif config['is_master'] == 'False':
set_state(self.expand_name('{endpoint_name}.is-worker'))
set_state(self.expand_name('{endpoint_name}.configured'))
else:
remove_state(self.expand_name('{endpoint_name}.configured'))
remove_state(self.expand_name('endpoint.{endpoint_name}.changed'))
@when_not('endpoint.{endpoint_name}.joined')
def broken(self):
''' Indicate the relation is no longer available and not connected. '''
remove_state(self.expand_name('{endpoint_name}.connected'))
remove_state(self.expand_name('{endpoint_name}.is-master'))
remove_state(self.expand_name('{endpoint_name}.is-worker'))
remove_state(self.expand_name('{endpoint_name}.configured'))
def get_config(self):
''' Get the kubernetes configuration information. '''
return self.all_joined_units.received_raw
def set_config(self, cidr, cni_conf_file):
''' Sets the CNI configuration information. '''
for relation in self.relations:
relation.to_publish_raw.update({
'cidr': cidr,
'cni-conf-file': cni_conf_file
})

23
calico/hooks/relations/kubernetes-cni/tox.ini Normal file
View File

@ -0,0 +1,23 @@
[tox]
skipsdist = True
envlist = lint,py3
[tox:travis]
3.5: lint,py3
3.6: lint,py3
3.7: lint,py3
[testenv]
basepython = python3
setenv =
PYTHONPATH={toxinidir}:{toxinidir}/lib
deps =
pyyaml
pytest
flake8
ipdb
commands = pytest --tb native -s {posargs}
[testenv:lint]
envdir = {toxworkdir}/py3
commands = flake8 --max-line-length=88 {toxinidir}

22
calico/hooks/start Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/stop Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/update-status Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

22
calico/hooks/upgrade-charm Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env python3
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer import basic # noqa
basic.bootstrap_charm_deps()
from charmhelpers.core import hookenv # noqa
hookenv.atstart(basic.init_config_states)
hookenv.atexit(basic.clear_config_states)
# This will load and run the appropriate @hook and other decorated
# handlers from $JUJU_CHARM_DIR/reactive, $JUJU_CHARM_DIR/hooks/reactive,
# and $JUJU_CHARM_DIR/hooks/relations.
#
# See https://jujucharms.com/docs/stable/authors-charm-building
# for more information on this pattern.
from charms.reactive import main # noqa
main()

1378
calico/icon.svg Normal file
View File

File diff suppressed because it is too large Load Diff
Side by Side

After

Width:  |  Height:  |  Size: 102 KiB

20
calico/layer.yaml Normal file
View File

@ -0,0 +1,20 @@
"includes":
- "layer:options"
- "interface:etcd"
- "interface:kubernetes-cni"
- "layer:basic"
- "layer:leadership"
- "layer:status"
"exclude": [".travis.yml", "tests", "tox.ini", "test-requirements.txt", "unit_tests"]
"options":
"basic":
"packages": []
"python_packages": []
"use_venv": !!bool "true"
"include_system_packages": !!bool "false"
"leadership": {}
"status":
"patch-hookenv": !!bool "true"
"calico": {}
"repo": "https://github.com/juju-solutions/layer-calico.git"
"is": "calico"

10
calico/lib/calico_common.py Normal file
View File

@ -0,0 +1,10 @@
from subprocess import check_output
def arch():
'''Return the package architecture as a string.'''
# Get the package architecture for this system.
architecture = check_output(['dpkg', '--print-architecture']).rstrip()
# Convert the binary result into a string.
architecture = architecture.decode('utf-8')
return architecture

108
calico/lib/calico_upgrade.py Normal file
View File

@ -0,0 +1,108 @@
import os
import shutil
import yaml
from subprocess import check_call, check_output, CalledProcessError
from calico_common import arch
from charms.reactive import endpoint_from_flag
from charmhelpers.core.hookenv import resource_get, status_set, log
CALICOCTL_PATH = '/opt/calicoctl'
ETCD_KEY_PATH = os.path.join(CALICOCTL_PATH, 'etcd-key')
ETCD_CERT_PATH = os.path.join(CALICOCTL_PATH, 'etcd-cert')
ETCD_CA_PATH = os.path.join(CALICOCTL_PATH, 'etcd-ca')
CALICO_UPGRADE_DIR = '/opt/calico-upgrade'
ETCD2_DATA_PATH = CALICO_UPGRADE_DIR + '/etcd2.yaml'
ETCD3_DATA_PATH = CALICO_UPGRADE_DIR + '/etcd3.yaml'
class ResourceMissing(Exception):
pass
class DryRunFailed(Exception):
pass
def cleanup():
shutil.rmtree(CALICO_UPGRADE_DIR, ignore_errors=True)
def configure():
cleanup()
os.makedirs(CALICO_UPGRADE_DIR)
# Extract calico-upgrade resource
architecture = arch()
if architecture == 'amd64':
resource_name = 'calico-upgrade'
else:
resource_name = 'calico-upgrade-' + architecture
archive = resource_get(resource_name)
if not archive:
message = 'Missing calico-upgrade resource'
status_set('blocked', message)
raise ResourceMissing(message)
check_call(['tar', '-xvf', archive, '-C', CALICO_UPGRADE_DIR])
# Configure calico-upgrade, etcd2 (data source)
etcd = endpoint_from_flag('etcd.available')
etcd_endpoints = etcd.get_connection_string()
etcd2_data = {
'apiVersion': 'v1',
'kind': 'calicoApiConfig',
'metadata': None,
'spec': {
'datastoreType': 'etcdv2',
'etcdEndpoints': etcd_endpoints,
'etcdKeyFile': ETCD_KEY_PATH,
'etcdCertFile': ETCD_CERT_PATH,
'etcdCACertFile': ETCD_CA_PATH
}
}
with open(ETCD2_DATA_PATH, 'w') as f:
yaml.dump(etcd2_data, f)
# Configure calico-upgrade, etcd3 (data destination)
etcd3_data = {
'apiVersion': 'projectcalico.org/v3',
'kind': 'CalicoAPIConfig',
'metadata': None,
'spec': {
'datastoreType': 'etcdv3',
'etcdEndpoints': etcd_endpoints,
'etcdKeyFile': ETCD_KEY_PATH,
'etcdCertFile': ETCD_CERT_PATH,
'etcdCACertFile': ETCD_CA_PATH
}
}
with open(ETCD3_DATA_PATH, 'w') as f:
yaml.dump(etcd3_data, f)
def invoke(*args):
cmd = [CALICO_UPGRADE_DIR + '/calico-upgrade'] + list(args)
cmd += [
'--apiconfigv1', ETCD2_DATA_PATH,
'--apiconfigv3', ETCD3_DATA_PATH
]
try:
return check_output(cmd)
except CalledProcessError as e:
log(e.output)
raise
def dry_run():
output = invoke('dry-run', '--output-dir', CALICO_UPGRADE_DIR)
if b'Successfully validated v1 to v3 conversion' not in output:
raise DryRunFailed()
def start():
invoke('start', '--no-prompts', '--output-dir', CALICO_UPGRADE_DIR)
def complete():
invoke('complete', '--no-prompts')

60
calico/lib/charms/layer/__init__.py Normal file
View File

@ -0,0 +1,60 @@
import sys
from importlib import import_module
from pathlib import Path
def import_layer_libs():
"""
Ensure that all layer libraries are imported.
This makes it possible to do the following:
from charms import layer
layer.foo.do_foo_thing()
Note: This function must be called after bootstrap.
"""
for module_file in Path('lib/charms/layer').glob('*'):
module_name = module_file.stem
if module_name in ('__init__', 'basic', 'execd') or not (
module_file.suffix == '.py' or module_file.is_dir()
):
continue
import_module('charms.layer.{}'.format(module_name))
# Terrible hack to support the old terrible interface.
# Try to get people to call layer.options.get() instead so
# that we can remove this garbage.
# Cribbed from https://stackoverfLow.com/a/48100440/4941864
class OptionsBackwardsCompatibilityHack(sys.modules[__name__].__class__):
def __call__(self, section=None, layer_file=None):
if layer_file is None:
return self.get(section=section)
else:
return self.get(section=section,
layer_file=Path(layer_file))
def patch_options_interface():
from charms.layer import options
if sys.version_info.minor >= 5:
options.__class__ = OptionsBackwardsCompatibilityHack
else:
# Py 3.4 doesn't support changing the __class__, so we have to do it
# another way. The last line is needed because we already have a
# reference that doesn't get updated with sys.modules.
name = options.__name__
hack = OptionsBackwardsCompatibilityHack(name)
hack.get = options.get
sys.modules[name] = hack
sys.modules[__name__].options = hack
try:
patch_options_interface()
except ImportError:
# This may fail if pyyaml hasn't been installed yet. But in that
# case, the bootstrap logic will try it again once it has.
pass

446
calico/lib/charms/layer/basic.py Normal file
View File

@ -0,0 +1,446 @@
import os
import sys
import re
import shutil
from distutils.version import LooseVersion
from pkg_resources import Requirement
from glob import glob
from subprocess import check_call, check_output, CalledProcessError
from time import sleep
from charms import layer
from charms.layer.execd import execd_preinstall
def _get_subprocess_env():
env = os.environ.copy()
env['LANG'] = env.get('LANG', 'C.UTF-8')
return env
def get_series():
"""
Return series for a few known OS:es.
Tested as of 2019 november:
* centos6, centos7, rhel6.
* bionic
"""
series = ""
# Looking for content in /etc/os-release
# works for ubuntu + some centos
if os.path.isfile('/etc/os-release'):
d = {}
with open('/etc/os-release', 'r') as rel:
for l in rel:
if not re.match(r'^\s*$', l):
k, v = l.split('=')
d[k.strip()] = v.strip().replace('"', '')
series = "{ID}{VERSION_ID}".format(**d)
# Looking for content in /etc/redhat-release
# works for redhat enterprise systems
elif os.path.isfile('/etc/redhat-release'):
with open('/etc/redhat-release', 'r') as redhatlsb:
# CentOS Linux release 7.7.1908 (Core)
line = redhatlsb.readline()
release = int(line.split("release")[1].split()[0][0])
series = "centos" + str(release)
# Looking for content in /etc/lsb-release
# works for ubuntu
elif os.path.isfile('/etc/lsb-release'):
d = {}
with open('/etc/lsb-release', 'r') as lsb:
for l in lsb:
k, v = l.split('=')
d[k.strip()] = v.strip()
series = d['DISTRIB_CODENAME']
# This is what happens if we cant figure out the OS.
else:
series = "unknown"
return series
def bootstrap_charm_deps():
"""
Set up the base charm dependencies so that the reactive system can run.
"""
# execd must happen first, before any attempt to install packages or
# access the network, because sites use this hook to do bespoke
# configuration and install secrets so the rest of this bootstrap
# and the charm itself can actually succeed. This call does nothing
# unless the operator has created and populated $JUJU_CHARM_DIR/exec.d.
execd_preinstall()
# ensure that $JUJU_CHARM_DIR/bin is on the path, for helper scripts
series = get_series()
# OMG?! is build-essentials needed?
ubuntu_packages = ['python3-pip',
'python3-setuptools',
'python3-yaml',
'python3-dev',
'python3-wheel',
'build-essential']
# I'm not going to "yum group info "Development Tools"
# omitting above madness
centos_packages = ['python3-pip',
'python3-setuptools',
'python3-devel',
'python3-wheel']
packages_needed = []
if 'centos' in series:
packages_needed = centos_packages
else:
packages_needed = ubuntu_packages
charm_dir = os.environ['JUJU_CHARM_DIR']
os.environ['PATH'] += ':%s' % os.path.join(charm_dir, 'bin')
venv = os.path.abspath('../.venv')
vbin = os.path.join(venv, 'bin')
vpip = os.path.join(vbin, 'pip')
vpy = os.path.join(vbin, 'python')
hook_name = os.path.basename(sys.argv[0])
is_bootstrapped = os.path.exists('wheelhouse/.bootstrapped')
is_charm_upgrade = hook_name == 'upgrade-charm'
is_series_upgrade = hook_name == 'post-series-upgrade'
is_post_upgrade = os.path.exists('wheelhouse/.upgraded')
is_upgrade = (not is_post_upgrade and
(is_charm_upgrade or is_series_upgrade))
if is_bootstrapped and not is_upgrade:
# older subordinates might have downgraded charm-env, so we should
# restore it if necessary
install_or_update_charm_env()
activate_venv()
# the .upgrade file prevents us from getting stuck in a loop
# when re-execing to activate the venv; at this point, we've
# activated the venv, so it's safe to clear it
if is_post_upgrade:
os.unlink('wheelhouse/.upgraded')
return
if os.path.exists(venv):
try:
# focal installs or upgrades prior to PR 160 could leave the venv
# in a broken state which would prevent subsequent charm upgrades
_load_installed_versions(vpip)
except CalledProcessError:
is_broken_venv = True
else:
is_broken_venv = False
if is_upgrade or is_broken_venv:
# All upgrades should do a full clear of the venv, rather than
# just updating it, to bring in updates to Python itself
shutil.rmtree(venv)
if is_upgrade:
if os.path.exists('wheelhouse/.bootstrapped'):
os.unlink('wheelhouse/.bootstrapped')
# bootstrap wheelhouse
if os.path.exists('wheelhouse'):
pre_eoan = series in ('ubuntu12.04', 'precise',
'ubuntu14.04', 'trusty',
'ubuntu16.04', 'xenial',
'ubuntu18.04', 'bionic')
pydistutils_lines = [
"[easy_install]\n",
"find_links = file://{}/wheelhouse/\n".format(charm_dir),
"no_index=True\n",
"index_url=\n", # deliberately nothing here; disables it.
]
if pre_eoan:
pydistutils_lines.append("allow_hosts = ''\n")
with open('/root/.pydistutils.cfg', 'w') as fp:
# make sure that easy_install also only uses the wheelhouse
# (see https://github.com/pypa/pip/issues/410)
fp.writelines(pydistutils_lines)
if 'centos' in series:
yum_install(packages_needed)
else:
apt_install(packages_needed)
from charms.layer import options
cfg = options.get('basic')
# include packages defined in layer.yaml
if 'centos' in series:
yum_install(cfg.get('packages', []))
else:
apt_install(cfg.get('packages', []))
# if we're using a venv, set it up
if cfg.get('use_venv'):
if not os.path.exists(venv):
series = get_series()
if series in ('ubuntu12.04', 'precise',
'ubuntu14.04', 'trusty'):
apt_install(['python-virtualenv'])
elif 'centos' in series:
yum_install(['python-virtualenv'])
else:
apt_install(['virtualenv'])
cmd = ['virtualenv', '-ppython3', '--never-download', venv]
if cfg.get('include_system_packages'):
cmd.append('--system-site-packages')
check_call(cmd, env=_get_subprocess_env())
os.environ['PATH'] = ':'.join([vbin, os.environ['PATH']])
pip = vpip
else:
pip = 'pip3'
# save a copy of system pip to prevent `pip3 install -U pip`
# from changing it
if os.path.exists('/usr/bin/pip'):
shutil.copy2('/usr/bin/pip', '/usr/bin/pip.save')
pre_install_pkgs = ['pip', 'setuptools', 'setuptools-scm']
# we bundle these packages to work around bugs in older versions (such
# as https://github.com/pypa/pip/issues/56), but if the system already
# provided a newer version, downgrading it can cause other problems
_update_if_newer(pip, pre_install_pkgs)
# install the rest of the wheelhouse deps (extract the pkg names into
# a set so that we can ignore the pre-install packages and let pip
# choose the best version in case there are multiple from layer
# conflicts)
pkgs = _load_wheelhouse_versions().keys() - set(pre_install_pkgs)
reinstall_flag = '--force-reinstall'
if not cfg.get('use_venv', True) and pre_eoan:
reinstall_flag = '--ignore-installed'
check_call([pip, 'install', '-U', reinstall_flag, '--no-index',
'--no-cache-dir', '-f', 'wheelhouse'] + list(pkgs),
env=_get_subprocess_env())
# re-enable installation from pypi
os.remove('/root/.pydistutils.cfg')
# install pyyaml for centos7, since, unlike the ubuntu image, the
# default image for centos doesn't include pyyaml; see the discussion:
# https://discourse.jujucharms.com/t/charms-for-centos-lets-begin
if 'centos' in series:
check_call([pip, 'install', '-U', 'pyyaml'],
env=_get_subprocess_env())
# install python packages from layer options
if cfg.get('python_packages'):
check_call([pip, 'install', '-U'] + cfg.get('python_packages'),
env=_get_subprocess_env())
if not cfg.get('use_venv'):
# restore system pip to prevent `pip3 install -U pip`
# from changing it
if os.path.exists('/usr/bin/pip.save'):
shutil.copy2('/usr/bin/pip.save', '/usr/bin/pip')
os.remove('/usr/bin/pip.save')
# setup wrappers to ensure envs are used for scripts
install_or_update_charm_env()
for wrapper in ('charms.reactive', 'charms.reactive.sh',
'chlp', 'layer_option'):
src = os.path.join('/usr/local/sbin', 'charm-env')
dst = os.path.join('/usr/local/sbin', wrapper)
if not os.path.exists(dst):
os.symlink(src, dst)
if cfg.get('use_venv'):
shutil.copy2('bin/layer_option', vbin)
else:
shutil.copy2('bin/layer_option', '/usr/local/bin/')
# re-link the charm copy to the wrapper in case charms
# call bin/layer_option directly (as was the old pattern)
os.remove('bin/layer_option')
os.symlink('/usr/local/sbin/layer_option', 'bin/layer_option')
# flag us as having already bootstrapped so we don't do it again
open('wheelhouse/.bootstrapped', 'w').close()
if is_upgrade:
# flag us as having already upgraded so we don't do it again
open('wheelhouse/.upgraded', 'w').close()
# Ensure that the newly bootstrapped libs are available.
# Note: this only seems to be an issue with namespace packages.
# Non-namespace-package libs (e.g., charmhelpers) are available
# without having to reload the interpreter. :/
reload_interpreter(vpy if cfg.get('use_venv') else sys.argv[0])
def _load_installed_versions(pip):
pip_freeze = check_output([pip, 'freeze']).decode('utf8')
versions = {}
for pkg_ver in pip_freeze.splitlines():
try:
req = Requirement.parse(pkg_ver)
except ValueError:
continue
versions.update({
req.project_name: LooseVersion(ver)
for op, ver in req.specs if op == '=='
})
return versions
def _load_wheelhouse_versions():
versions = {}
for wheel in glob('wheelhouse/*'):
pkg, ver = os.path.basename(wheel).rsplit('-', 1)
# nb: LooseVersion ignores the file extension
versions[pkg.replace('_', '-')] = LooseVersion(ver)
return versions
def _update_if_newer(pip, pkgs):
installed = _load_installed_versions(pip)
wheelhouse = _load_wheelhouse_versions()
for pkg in pkgs:
if pkg not in installed or wheelhouse[pkg] > installed[pkg]:
check_call([pip, 'install', '-U', '--no-index', '-f', 'wheelhouse',
pkg], env=_get_subprocess_env())
def install_or_update_charm_env():
# On Trusty python3-pkg-resources is not installed
try:
from pkg_resources import parse_version
except ImportError:
apt_install(['python3-pkg-resources'])
from pkg_resources import parse_version
try:
installed_version = parse_version(
check_output(['/usr/local/sbin/charm-env',
'--version']).decode('utf8'))
except (CalledProcessError, FileNotFoundError):
installed_version = parse_version('0.0.0')
try:
bundled_version = parse_version(
check_output(['bin/charm-env',
'--version']).decode('utf8'))
except (CalledProcessError, FileNotFoundError):
bundled_version = parse_version('0.0.0')
if installed_version < bundled_version:
shutil.copy2('bin/charm-env', '/usr/local/sbin/')
def activate_venv():
"""
Activate the venv if enabled in ``layer.yaml``.
This is handled automatically for normal hooks, but actions might
need to invoke this manually, using something like:
# Load modules from $JUJU_CHARM_DIR/lib
import sys
sys.path.append('lib')
from charms.layer.basic import activate_venv
activate_venv()
This will ensure that modules installed in the charm's
virtual environment are available to the action.
"""
from charms.layer import options
venv = os.path.abspath('../.venv')
vbin = os.path.join(venv, 'bin')
vpy = os.path.join(vbin, 'python')
use_venv = options.get('basic', 'use_venv')
if use_venv and '.venv' not in sys.executable:
# activate the venv
os.environ['PATH'] = ':'.join([vbin, os.environ['PATH']])
reload_interpreter(vpy)
layer.patch_options_interface()
layer.import_layer_libs()
def reload_interpreter(python):
"""
Reload the python interpreter to ensure that all deps are available.
Newly installed modules in namespace packages sometimes seemt to
not be picked up by Python 3.
"""
os.execve(python, [python] + list(sys.argv), os.environ)
def apt_install(packages):
"""
Install apt packages.
This ensures a consistent set of options that are often missed but
should really be set.
"""
if isinstance(packages, (str, bytes)):
packages = [packages]
env = _get_subprocess_env()
if 'DEBIAN_FRONTEND' not in env:
env['DEBIAN_FRONTEND'] = 'noninteractive'
cmd = ['apt-get',
'--option=Dpkg::Options::=--force-confold',
'--assume-yes',
'install']
for attempt in range(3):
try:
check_call(cmd + packages, env=env)
except CalledProcessError:
if attempt == 2: # third attempt
raise
try:
# sometimes apt-get update needs to be run
check_call(['apt-get', 'update'], env=env)
except CalledProcessError:
# sometimes it's a dpkg lock issue
pass
sleep(5)
else:
break
def yum_install(packages):
""" Installs packages with yum.
This function largely mimics the apt_install function for consistency.
"""
if packages:
env = os.environ.copy()
cmd = ['yum', '-y', 'install']
for attempt in range(3):
try:
check_call(cmd + packages, env=env)
except CalledProcessError:
if attempt == 2:
raise
try:
check_call(['yum', 'update'], env=env)
except CalledProcessError:
pass
sleep(5)
else:
break
else:
pass
def init_config_states():
import yaml
from charmhelpers.core import hookenv
from charms.reactive import set_state
from charms.reactive import toggle_state
config = hookenv.config()
config_defaults = {}
config_defs = {}
config_yaml = os.path.join(hookenv.charm_dir(), 'config.yaml')
if os.path.exists(config_yaml):
with open(config_yaml) as fp:
config_defs = yaml.safe_load(fp).get('options', {})
config_defaults = {key: value.get('default')
for key, value in config_defs.items()}
for opt in config_defs.keys():
if config.changed(opt):
set_state('config.changed')
set_state('config.changed.{}'.format(opt))
toggle_state('config.set.{}'.format(opt), config.get(opt))
toggle_state('config.default.{}'.format(opt),
config.get(opt) == config_defaults[opt])
def clear_config_states():
from charmhelpers.core import hookenv, unitdata
from charms.reactive import remove_state
config = hookenv.config()
remove_state('config.changed')
for opt in config.keys():
remove_state('config.changed.{}'.format(opt))
remove_state('config.set.{}'.format(opt))
remove_state('config.default.{}'.format(opt))
unitdata.kv().flush()

114
calico/lib/charms/layer/execd.py Normal file
View File

@ -0,0 +1,114 @@
# Copyright 2014-2016 Canonical Limited.
#
# This file is part of layer-basic, the reactive base layer for Juju.
#
# charm-helpers is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3 as
# published by the Free Software Foundation.
#
# charm-helpers is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
# This module may only import from the Python standard library.
import os
import sys
import subprocess
import time
'''
execd/preinstall
Read the layer-basic docs for more info on how to use this feature.
https://charmsreactive.readthedocs.io/en/latest/layer-basic.html#exec-d-support
'''
def default_execd_dir():
return os.path.join(os.environ['JUJU_CHARM_DIR'], 'exec.d')
def execd_module_paths(execd_dir=None):
"""Generate a list of full paths to modules within execd_dir."""
if not execd_dir:
execd_dir = default_execd_dir()
if not os.path.exists(execd_dir):
return
for subpath in os.listdir(execd_dir):
module = os.path.join(execd_dir, subpath)
if os.path.isdir(module):
yield module
def execd_submodule_paths(command, execd_dir=None):
"""Generate a list of full paths to the specified command within exec_dir.
"""
for module_path in execd_module_paths(execd_dir):
path = os.path.join(module_path, command)
if os.access(path, os.X_OK) and os.path.isfile(path):
yield path
def execd_sentinel_path(submodule_path):
module_path = os.path.dirname(submodule_path)
execd_path = os.path.dirname(module_path)
module_name = os.path.basename(module_path)
submodule_name = os.path.basename(submodule_path)
return os.path.join(execd_path,
'.{}_{}.done'.format(module_name, submodule_name))
def execd_run(command, execd_dir=None, stop_on_error=True, stderr=None):
"""Run command for each module within execd_dir which defines it."""
if stderr is None:
stderr = sys.stdout
for submodule_path in execd_submodule_paths(command, execd_dir):
# Only run each execd once. We cannot simply run them in the
# install hook, as potentially storage hooks are run before that.
# We cannot rely on them being idempotent.
sentinel = execd_sentinel_path(submodule_path)
if os.path.exists(sentinel):
continue
try:
subprocess.check_call([submodule_path], stderr=stderr,
universal_newlines=True)
with open(sentinel, 'w') as f:
f.write('{} ran successfully {}\n'.format(submodule_path,
time.ctime()))
f.write('Removing this file will cause it to be run again\n')
except subprocess.CalledProcessError as e:
# Logs get the details. We can't use juju-log, as the
# output may be substantial and exceed command line
# length limits.
print("ERROR ({}) running {}".format(e.returncode, e.cmd),
file=stderr)
print("STDOUT<<EOM", file=stderr)
print(e.output, file=stderr)
print("EOM", file=stderr)
# Unit workload status gets a shorter fail message.
short_path = os.path.relpath(submodule_path)
block_msg = "Error ({}) running {}".format(e.returncode,
short_path)
try:
subprocess.check_call(['status-set', 'blocked', block_msg],
universal_newlines=True)
if stop_on_error:
sys.exit(0) # Leave unit in blocked state.
except Exception:
pass # We care about the exec.d/* failure, not status-set.
if stop_on_error:
sys.exit(e.returncode or 1) # Error state for pre-1.24 Juju
def execd_preinstall(execd_dir=None):
"""Run charm-pre-install for each module within execd_dir."""
execd_run('charm-pre-install', execd_dir=execd_dir)

26
calico/lib/charms/layer/options.py Normal file
View File

@ -0,0 +1,26 @@
import os
from pathlib import Path
import yaml
_CHARM_PATH = Path(os.environ.get('JUJU_CHARM_DIR', '.'))
_DEFAULT_FILE = _CHARM_PATH / 'layer.yaml'
_CACHE = {}
def get(section=None, option=None, layer_file=_DEFAULT_FILE):
if option and not section:
raise ValueError('Cannot specify option without section')
layer_file = (_CHARM_PATH / layer_file).resolve()
if layer_file not in _CACHE:
with layer_file.open() as fp:
_CACHE[layer_file] = yaml.safe_load(fp.read())
data = _CACHE[layer_file].get('options', {})
if section:
data = data.get(section, {})
if option:
data = data.get(option)
return data

189
calico/lib/charms/layer/status.py Normal file
View File

@ -0,0 +1,189 @@
import inspect
import errno
import subprocess
import yaml
from enum import Enum
from functools import wraps
from pathlib import Path
from charmhelpers.core import hookenv
from charms import layer
_orig_call = subprocess.call
_statuses = {'_initialized': False,
'_finalized': False}
class WorkloadState(Enum):
"""
Enum of the valid workload states.
Valid options are:
* `WorkloadState.MAINTENANCE`
* `WorkloadState.BLOCKED`
* `WorkloadState.WAITING`
* `WorkloadState.ACTIVE`
"""
# note: order here determines precedence of state
MAINTENANCE = 'maintenance'
BLOCKED = 'blocked'
WAITING = 'waiting'
ACTIVE = 'active'
def maintenance(message):
"""
Set the status to the `MAINTENANCE` state with the given operator message.
# Parameters
`message` (str): Message to convey to the operator.
"""
status_set(WorkloadState.MAINTENANCE, message)
def maint(message):
"""
Shorthand alias for
[maintenance](status.md#charms.layer.status.maintenance).
# Parameters
`message` (str): Message to convey to the operator.
"""
maintenance(message)
def blocked(message):
"""
Set the status to the `BLOCKED` state with the given operator message.
# Parameters
`message` (str): Message to convey to the operator.
"""
status_set(WorkloadState.BLOCKED, message)
def waiting(message):
"""
Set the status to the `WAITING` state with the given operator message.
# Parameters
`message` (str): Message to convey to the operator.
"""
status_set(WorkloadState.WAITING, message)
def active(message):
"""
Set the status to the `ACTIVE` state with the given operator message.
# Parameters
`message` (str): Message to convey to the operator.
"""
status_set(WorkloadState.ACTIVE, message)
def status_set(workload_state, message):
"""
Set the status to the given workload state with a message.
# Parameters
`workload_state` (WorkloadState or str): State of the workload. Should be
a [WorkloadState](status.md#charms.layer.status.WorkloadState) enum
member, or the string value of one of those members.
`message` (str): Message to convey to the operator.
"""
if not isinstance(workload_state, WorkloadState):
workload_state = WorkloadState(workload_state)
if workload_state is WorkloadState.MAINTENANCE:
_status_set_immediate(workload_state, message)
return
layer = _find_calling_layer()
_statuses.setdefault(workload_state, []).append((layer, message))
if not _statuses['_initialized'] or _statuses['_finalized']:
# We either aren't initialized, so the finalizer may never be run,
# or the finalizer has already run, so it won't run again. In either
# case, we need to manually invoke it to ensure the status gets set.
_finalize()
def _find_calling_layer():
for frame in inspect.stack():
# switch to .filename when trusty (Python 3.4) is EOL
fn = Path(frame[1])
if fn.parent.stem not in ('reactive', 'layer', 'charms'):
continue
layer_name = fn.stem
if layer_name == 'status':
continue # skip our own frames
return layer_name
return None
def _initialize():
if not _statuses['_initialized']:
if layer.options.get('status', 'patch-hookenv'):
_patch_hookenv()
hookenv.atexit(_finalize)
_statuses['_initialized'] = True
def _finalize():
if _statuses['_initialized']:
# If we haven't been initialized, we can't truly be finalized.
# This makes things more efficient if an action sets a status
# but subsequently starts the reactive bus.
_statuses['_finalized'] = True
charm_name = hookenv.charm_name()
charm_dir = Path(hookenv.charm_dir())
with charm_dir.joinpath('layer.yaml').open() as fp:
includes = yaml.safe_load(fp.read()).get('includes', [])
layer_order = includes + [charm_name]
for workload_state in WorkloadState:
if workload_state not in _statuses:
continue
if not _statuses[workload_state]:
continue
def _get_key(record):
layer_name, message = record
if layer_name in layer_order:
return layer_order.index(layer_name)
else:
return 0
sorted_statuses = sorted(_statuses[workload_state], key=_get_key)
layer_name, message = sorted_statuses[-1]
_status_set_immediate(workload_state, message)
break
def _status_set_immediate(workload_state, message):
workload_state = workload_state.value
try:
hookenv.log('status-set: {}: {}'.format(workload_state, message),
hookenv.INFO)
ret = _orig_call(['status-set', workload_state, message])
if ret == 0:
return
except OSError as e:
# ignore status-set not available on older controllers
if e.errno != errno.ENOENT:
raise
def _patch_hookenv():
# we can't patch hookenv.status_set directly because other layers may have
# already imported it into their namespace, so we have to patch sp.call
subprocess.call = _patched_call
@wraps(_orig_call)
def _patched_call(cmd, *args, **kwargs):
if not isinstance(cmd, list) or cmd[0] != 'status-set':
return _orig_call(cmd, *args, **kwargs)
_, workload_state, message = cmd
status_set(workload_state, message)
return 0 # make hookenv.status_set not emit spurious failure logs

68
calico/lib/charms/leadership.py Normal file
View File

@ -0,0 +1,68 @@
# Copyright 2015-2016 Canonical Ltd.
#
# This file is part of the Leadership Layer for Juju.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3, as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranties of
# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from charmhelpers.core import hookenv
from charmhelpers.core import unitdata
from charms import reactive
from charms.reactive import not_unless
__all__ = ['leader_get', 'leader_set']
@not_unless('leadership.is_leader')
def leader_set(*args, **kw):
'''Change leadership settings, per charmhelpers.core.hookenv.leader_set.
Settings may either be passed in as a single dictionary, or using
keyword arguments. All values must be strings.
The leadership.set.{key} reactive state will be set while the
leadership hook environment setting remains set.
Changed leadership settings will set the leadership.changed.{key}
and leadership.changed states. These states will remain set until
the following hook.
These state changes take effect immediately on the leader, and
in future hooks run on non-leaders. In this way both leaders and
non-leaders can share handlers, waiting on these states.
'''
if args:
if len(args) > 1:
raise TypeError('leader_set() takes 1 positional argument but '
'{} were given'.format(len(args)))
else:
settings = dict(args[0])
else:
settings = {}
settings.update(kw)
previous = unitdata.kv().getrange('leadership.settings.', strip=True)
for key, value in settings.items():
if value != previous.get(key):
reactive.set_state('leadership.changed.{}'.format(key))
reactive.set_state('leadership.changed')
reactive.helpers.toggle_state('leadership.set.{}'.format(key),
value is not None)
hookenv.leader_set(settings)
unitdata.kv().update(settings, prefix='leadership.settings.')
def leader_get(attribute=None):
'''Return leadership settings, per charmhelpers.core.hookenv.leader_get.'''
return hookenv.leader_get(attribute)

20
calico/make_docs Normal file
View File

@ -0,0 +1,20 @@
#!.tox/py3/bin/python
import os
import sys
from shutil import rmtree
from unittest.mock import patch
import pydocmd.__main__
with patch('charmhelpers.core.hookenv.metadata') as metadata:
sys.path.insert(0, 'lib')
sys.path.insert(1, 'reactive')
print(sys.argv)
if len(sys.argv) == 1:
sys.argv.extend(['build'])
pydocmd.__main__.main()
rmtree('_build')
if os.path.exists('.unit-state.db'):
os.remove('.unit-state.db')

46
calico/metadata.yaml Normal file
View File

@ -0,0 +1,46 @@
"name": "calico"
"summary": "A robust Software Defined Network from Project Calico"
"maintainers":
- "Tim Van Steenburgh <tim.van.steenburgh@canonical.com>"
- "George Kraft <george.kraft@canonical.com>"
- "Konstantinos Tsakalozos <kos.tsakalozos@canonical.com>"
- "Mike Wilson <mike.wilson@canonical.com>"
- "Kevin Monroe <kevin.monroe@canonical.com>"
- "Joe Borg <joseph.borg@canonical.com>"
"description": |
Deploys Calico as a background service and configures CNI for use with
calico on any principal charm that implements the kubernetes-cni interface.
"tags":
- "networking"
"series":
- "focal"
- "bionic"
- "xenial"
"requires":
"etcd":
"interface": "etcd"
"cni":
"interface": "kubernetes-cni"
"scope": "container"
"resources":
"calico":
"type": "file"
"filename": "calico.tar.gz"
"description": "Calico resource tarball for amd64"
"calico-arm64":
"type": "file"
"filename": "calico.tar.gz"
"description": "Calico resource tarball for arm64"
"calico-upgrade":
"type": "file"
"filename": "calico-upgrade.tar.gz"
"description": "calico-upgrade tool for amd64"
"calico-upgrade-arm64":
"type": "file"
"filename": "calico-upgrade.tar.gz"
"description": "calico-upgrade tool for arm64"
"calico-node-image":
"type": "file"
"filename": "calico-node-image.tar.gz"
"description": "calico-node container image"
"subordinate": !!bool "true"

16
calico/pydocmd.yml Normal file
View File

@ -0,0 +1,16 @@
site_name: 'Status Management Layer'
generate:
- status.md:
- charms.layer.status.WorkloadState
- charms.layer.status.maintenance
- charms.layer.status.maint
- charms.layer.status.blocked
- charms.layer.status.waiting
- charms.layer.status.active
- charms.layer.status.status_set
pages:
- Status Management Layer: status.md
gens_dir: docs

0
calico/reactive/__init__.py Normal file
View File

782
calico/reactive/calico.py Normal file
View File

@ -0,0 +1,782 @@
import os
import yaml
import gzip
import traceback
import ipaddress
import calico_upgrade
from conctl import getContainerRuntimeCtl
from socket import gethostname
from subprocess import check_call, check_output, CalledProcessError, STDOUT
from charms.leadership import leader_get, leader_set
from charms.reactive import when, when_not, when_any, set_state, remove_state
from charms.reactive import hook, is_state
from charms.reactive import endpoint_from_flag
from charms.reactive import data_changed
from charmhelpers.core.hookenv import (
log,
resource_get,
network_get,
unit_private_ip,
is_leader,
local_unit,
config as charm_config,
atexit,
env_proxy_settings
)
from charmhelpers.core.host import (
arch,
service,
service_restart,
service_running
)
from charmhelpers.core.templating import render
from charms.layer import status
# TODO:
# - Handle the 'stop' hook by stopping and uninstalling all the things.
os.environ['PATH'] += os.pathsep + os.path.join(os.sep, 'snap', 'bin')
try:
CTL = getContainerRuntimeCtl()
set_state('calico.ctl.ready')
except RuntimeError:
log(traceback.format_exc())
remove_state('calico.ctl.ready')
CALICOCTL_PATH = '/opt/calicoctl'
ETCD_KEY_PATH = os.path.join(CALICOCTL_PATH, 'etcd-key')
ETCD_CERT_PATH = os.path.join(CALICOCTL_PATH, 'etcd-cert')
ETCD_CA_PATH = os.path.join(CALICOCTL_PATH, 'etcd-ca')
CALICO_UPGRADE_DIR = '/opt/calico-upgrade'
@hook('upgrade-charm')
def upgrade_charm():
remove_state('calico.binaries.installed')
remove_state('calico.cni.configured')
remove_state('calico.service.installed')
remove_state('calico.pool.configured')
remove_state('calico.npc.deployed')
remove_state('calico.image.pulled')
remove_state('calico.bgp.globals.configured')
remove_state('calico.node.configured')
remove_state('calico.bgp.peers.configured')
try:
log('Deleting /etc/cni/net.d/10-calico.conf')
os.remove('/etc/cni/net.d/10-calico.conf')
except FileNotFoundError as e:
log(e)
if is_leader() and not leader_get('calico-v3-data-ready'):
leader_set({
'calico-v3-data-migration-needed': True,
'calico-v3-npc-cleanup-needed': True,
'calico-v3-completion-needed': True
})
@when('leadership.is_leader', 'leadership.set.calico-v3-data-migration-needed',
'etcd.available', 'calico.etcd-credentials.installed')
def upgrade_v3_migrate_data():
status.maintenance('Migrating data to Calico 3')
try:
calico_upgrade.configure()
calico_upgrade.dry_run()
calico_upgrade.start()
except Exception:
log(traceback.format_exc())
message = 'Calico upgrade failed, see debug log'
status.blocked(message)
return
leader_set({'calico-v3-data-migration-needed': None})
@when('leadership.is_leader')
@when_not('leadership.set.calico-v3-data-migration-needed')
def v3_data_ready():
leader_set({'calico-v3-data-ready': True})
@when('leadership.is_leader', 'leadership.set.calico-v3-data-ready',
'leadership.set.calico-v3-npc-cleanup-needed')
def upgrade_v3_npc_cleanup():
status.maintenance('Cleaning up Calico 2 policy controller')
resources = [
('Deployment', 'kube-system', 'calico-policy-controller'),
('ClusterRoleBinding', None, 'calico-policy-controller'),
('ClusterRole', None, 'calico-policy-controller'),
('ServiceAccount', 'kube-system', 'calico-policy-controller')
]
for kind, namespace, name in resources:
args = ['delete', '--ignore-not-found', kind, name]
if namespace:
args += ['-n', namespace]
try:
kubectl(*args)
except CalledProcessError:
log('Failed to cleanup %s %s %s' % (kind, namespace, name))
return
leader_set({'calico-v3-npc-cleanup-needed': None})
@when('leadership.is_leader', 'leadership.set.calico-v3-completion-needed',
'leadership.set.calico-v3-data-ready', 'calico.binaries.installed',
'calico.service.installed', 'calico.npc.deployed')
@when_not('leadership.set.calico-v3-npc-cleanup-needed')
def upgrade_v3_complete():
status.maintenance('Completing Calico 3 upgrade')
try:
calico_upgrade.configure()
calico_upgrade.complete()
calico_upgrade.cleanup()
except Exception:
log(traceback.format_exc())
message = 'Calico upgrade failed, see debug log'
status.blocked(message)
return
leader_set({'calico-v3-completion-needed': None})
@when('leadership.set.calico-v3-data-ready')
@when_not('calico.binaries.installed')
def install_calico_binaries():
''' Unpack the Calico binaries. '''
# on intel, the resource is called 'calico'; other arches have a suffix
architecture = arch()
if architecture == "amd64":
resource_name = 'calico'
else:
resource_name = 'calico-{}'.format(architecture)
try:
archive = resource_get(resource_name)
except Exception:
message = 'Error fetching the calico resource.'
log(message)
status.blocked(message)
return
if not archive:
message = 'Missing calico resource.'
log(message)
status.blocked(message)
return
filesize = os.stat(archive).st_size
if filesize < 1000000:
message = 'Incomplete calico resource'
log(message)
status.blocked(message)
return
status.maintenance('Unpacking calico resource.')
charm_dir = os.getenv('CHARM_DIR')
unpack_path = os.path.join(charm_dir, 'files', 'calico')
os.makedirs(unpack_path, exist_ok=True)
cmd = ['tar', 'xfz', archive, '-C', unpack_path]
log(cmd)
check_call(cmd)
apps = [
{'name': 'calicoctl', 'path': CALICOCTL_PATH},
{'name': 'calico', 'path': '/opt/cni/bin'},
{'name': 'calico-ipam', 'path': '/opt/cni/bin'},
]
for app in apps:
unpacked = os.path.join(unpack_path, app['name'])
app_path = os.path.join(app['path'], app['name'])
install = ['install', '-v', '-D', unpacked, app_path]
check_call(install)
calicoctl_path = '/usr/local/bin/calicoctl'
render('calicoctl', calicoctl_path, {})
os.chmod(calicoctl_path, 0o775)
set_state('calico.binaries.installed')
@when('calico.binaries.installed', 'etcd.available')
def update_calicoctl_env():
env = get_calicoctl_env()
lines = ['export %s=%s' % item for item in sorted(env.items())]
output = '\n'.join(lines)
with open('/opt/calicoctl/calicoctl.env', 'w') as f:
f.write(output)
@when('calico.binaries.installed')
@when_not('etcd.connected')
def blocked_without_etcd():
status.blocked('Waiting for relation to etcd')
@when('etcd.tls.available')
@when_not('calico.etcd-credentials.installed')
def install_etcd_credentials():
etcd = endpoint_from_flag('etcd.available')
etcd.save_client_credentials(ETCD_KEY_PATH, ETCD_CERT_PATH, ETCD_CA_PATH)
# register initial etcd data so that we can detect changes
data_changed('calico.etcd.data', (etcd.get_connection_string(),
etcd.get_client_credentials()))
set_state('calico.etcd-credentials.installed')
@when('etcd.tls.available', 'calico.service.installed')
def check_etcd_changes():
etcd = endpoint_from_flag('etcd.available')
if data_changed('calico.etcd.data', (etcd.get_connection_string(),
etcd.get_client_credentials())):
etcd.save_client_credentials(ETCD_KEY_PATH,
ETCD_CERT_PATH,
ETCD_CA_PATH)
remove_state('calico.service.installed')
remove_state('calico.npc.deployed')
def get_mtu():
''' Get user-specified MTU size, adjusted to make room for encapsulation
headers. https://docs.projectcalico.org/networking/mtu
'''
mtu = charm_config('veth-mtu')
if not mtu:
return None
if charm_config('vxlan') != 'Never':
return mtu - 50
elif charm_config('ipip') != 'Never':
return mtu - 20
return mtu
def get_bind_address():
''' Returns a non-fan bind address for the cni endpoint '''
try:
data = network_get('cni')
except NotImplementedError:
# Juju < 2.1
return unit_private_ip()
if 'bind-addresses' not in data:
# Juju < 2.3
return unit_private_ip()
for bind_address in data['bind-addresses']:
if bind_address['interfacename'].startswith('fan-'):
continue
return bind_address['addresses'][0]['address']
# If we made it here, we didn't find a non-fan CNI bind-address, which is
# unexpected. Let's log a message and play it safe.
log('Could not find a non-fan bind-address. Using private-address.')
return unit_private_ip()
@when('calico.binaries.installed', 'etcd.available',
'calico.etcd-credentials.installed',
'leadership.set.calico-v3-data-ready')
@when_not('calico.service.installed')
def install_calico_service():
''' Install the calico-node systemd service. '''
status.maintenance('Installing calico-node service.')
etcd = endpoint_from_flag('etcd.available')
service_path = os.path.join(os.sep, 'lib', 'systemd', 'system',
'calico-node.service')
ip_versions = {net.version for net in get_networks(charm_config('cidr'))}
ip4 = get_bind_address() if 4 in ip_versions else "none"
ip6 = "autodetect" if 6 in ip_versions else "none"
render('calico-node.service', service_path, {
'connection_string': etcd.get_connection_string(),
'etcd_key_path': ETCD_KEY_PATH,
'etcd_ca_path': ETCD_CA_PATH,
'etcd_cert_path': ETCD_CERT_PATH,
'nodename': gethostname(),
# specify IP so calico doesn't grab a silly one from, say, lxdbr0
'ip': ip4,
'ip6': ip6,
'mtu': get_mtu(),
'calico_node_image': charm_config('calico-node-image'),
'ignore_loose_rpf': charm_config('ignore-loose-rpf'),
'lc_all': os.environ.get('LC_ALL', 'C.UTF-8'),
'lang': os.environ.get('LANG', 'C.UTF-8')
})
check_call(['systemctl', 'daemon-reload'])
service_restart('calico-node')
service('enable', 'calico-node')
set_state('calico.service.installed')
@when('config.changed.veth-mtu')
def configure_mtu():
remove_state('calico.service.installed')
remove_state('calico.cni.configured')
@when('config.changed.ignore-loose-rpf')
def ignore_loose_rpf_changed():
remove_state('calico.service.installed')
@when('calico.binaries.installed', 'etcd.available',
'calico.etcd-credentials.installed',
'leadership.set.calico-v3-data-ready')
@when_not('calico.pool.configured')
def configure_calico_pool():
''' Configure Calico IP pool. '''
config = charm_config()
if not config['manage-pools']:
log('Skipping pool configuration')
set_state('calico.pool.configured')
return
status.maintenance('Configuring Calico IP pool')
try:
# remove unrecognized pools, and default pool if CIDR doesn't match
pools = calicoctl_get('pool')['items']
cidrs = tuple(cidr.strip() for cidr in config['cidr'].split(','))
names = tuple('ipv{}'.format(get_network(cidr).version)
for cidr in cidrs)
pool_names_to_delete = [
pool['metadata']['name'] for pool in pools
if pool['metadata']['name'] not in names
or pool['spec']['cidr'] not in cidrs
]
for pool_name in pool_names_to_delete:
log('Deleting pool: %s' % pool_name)
calicoctl('delete', 'pool', pool_name, '--skip-not-exists')
for cidr, name in zip(cidrs, names):
# configure the default pool
pool = {
'apiVersion': 'projectcalico.org/v3',
'kind': 'IPPool',
'metadata': {
'name': name,
},
'spec': {
'cidr': cidr,
'ipipMode': config['ipip'],
'vxlanMode': config['vxlan'],
'natOutgoing': config['nat-outgoing'],
}
}
calicoctl_apply(pool)
except CalledProcessError:
log(traceback.format_exc())
if config['ipip'] != 'Never' and config['vxlan'] != 'Never':
status.blocked('ipip and vxlan configs are in conflict')
else:
status.waiting('Waiting to retry calico pool configuration')
return
set_state('calico.pool.configured')
@when_any('config.changed.ipip', 'config.changed.nat-outgoing',
'config.changed.cidr', 'config.changed.manage-pools',
'config.changed.vxlan')
def reconfigure_calico_pool():
''' Reconfigure the Calico IP pool '''
remove_state('calico.pool.configured')
@when('etcd.available', 'cni.is-worker', 'leadership.set.calico-v3-data-ready')
@when_not('calico.cni.configured')
def configure_cni():
''' Configure Calico CNI. '''
status.maintenance('Configuring Calico CNI')
cni = endpoint_from_flag('cni.is-worker')
etcd = endpoint_from_flag('etcd.available')
os.makedirs('/etc/cni/net.d', exist_ok=True)
cni_config = cni.get_config()
ip_versions = {net.version for net in get_networks(charm_config('cidr'))}
context = {
'connection_string': etcd.get_connection_string(),
'etcd_key_path': ETCD_KEY_PATH,
'etcd_cert_path': ETCD_CERT_PATH,
'etcd_ca_path': ETCD_CA_PATH,
'kubeconfig_path': cni_config['kubeconfig_path'],
'mtu': get_mtu(),
'assign_ipv4': 'true' if 4 in ip_versions else 'false',
'assign_ipv6': 'true' if 6 in ip_versions else 'false',
}
render('10-calico.conflist', '/etc/cni/net.d/10-calico.conflist', context)
config = charm_config()
cni.set_config(cidr=config['cidr'], cni_conf_file='10-calico.conflist')
set_state('calico.cni.configured')
@when('etcd.available', 'cni.is-master')
@when_not('calico.cni.configured')
def configure_master_cni():
status.maintenance('Configuring Calico CNI')
cni = endpoint_from_flag('cni.is-master')
config = charm_config()
cni.set_config(cidr=config['cidr'], cni_conf_file='10-calico.conflist')
set_state('calico.cni.configured')
@when_any('config.changed.cidr')
def reconfigure_cni():
remove_state('calico.cni.configured')
@when('etcd.available', 'calico.cni.configured',
'calico.service.installed', 'leadership.is_leader',
'leadership.set.calico-v3-data-ready')
@when_not('calico.npc.deployed')
def deploy_network_policy_controller():
''' Deploy the Calico network policy controller. '''
status.maintenance('Deploying network policy controller.')
etcd = endpoint_from_flag('etcd.available')
context = {
'connection_string': etcd.get_connection_string(),
'etcd_key_path': ETCD_KEY_PATH,
'etcd_cert_path': ETCD_CERT_PATH,
'etcd_ca_path': ETCD_CA_PATH,
'calico_policy_image': charm_config('calico-policy-image'),
'etcd_cert_last_modified': os.path.getmtime(ETCD_CERT_PATH)
}
render('policy-controller.yaml', '/tmp/policy-controller.yaml', context)
try:
kubectl('apply', '-f', '/tmp/policy-controller.yaml')
set_state('calico.npc.deployed')
except CalledProcessError as e:
status.waiting('Waiting for kubernetes')
log(str(e))
@when('calico.binaries.installed', 'etcd.available',
'leadership.set.calico-v3-data-ready')
@when_not('calico.bgp.globals.configured')
def configure_bgp_globals():
status.maintenance('Configuring BGP globals')
config = charm_config()
try:
try:
bgp_config = calicoctl_get('bgpconfig', 'default')
except CalledProcessError as e:
if b'resource does not exist' in e.output:
log('default BGPConfiguration does not exist')
bgp_config = {
'apiVersion': 'projectcalico.org/v3',
'kind': 'BGPConfiguration',
'metadata': {
'name': 'default'
},
'spec': {}
}
else:
raise
spec = bgp_config['spec']
spec['asNumber'] = config['global-as-number']
spec['nodeToNodeMeshEnabled'] = config['node-to-node-mesh']
calicoctl_apply(bgp_config)
except CalledProcessError:
log(traceback.format_exc())
status.waiting('Waiting to retry BGP global configuration')
return
set_state('calico.bgp.globals.configured')
@when_any('config.changed.global-as-number',
'config.changed.node-to-node-mesh')
def reconfigure_bgp_globals():
remove_state('calico.bgp.globals.configured')
@when('calico.binaries.installed', 'etcd.available',
'leadership.set.calico-v3-data-ready')
@when_not('calico.node.configured')
def configure_node():
status.maintenance('Configuring Calico node')
node_name = gethostname()
as_number = get_unit_as_number()
route_reflector_cluster_id = get_route_reflector_cluster_id()
try:
node = calicoctl_get('node', node_name)
node['spec']['bgp']['asNumber'] = as_number
node['spec']['bgp']['routeReflectorClusterID'] = \
route_reflector_cluster_id
calicoctl_apply(node)
except CalledProcessError:
log(traceback.format_exc())
status.waiting('Waiting to retry Calico node configuration')
return
set_state('calico.node.configured')
@when_any('config.changed.subnet-as-numbers', 'config.changed.unit-as-numbers',
'config.changed.route-reflector-cluster-ids')
def reconfigure_node():
remove_state('calico.node.configured')
@when('calico.binaries.installed', 'etcd.available',
'leadership.set.calico-v3-data-ready')
@when_not('calico.bgp.peers.configured')
def configure_bgp_peers():
status.maintenance('Configuring BGP peers')
peers = []
# Global BGP peers
config = charm_config()
peers += yaml.safe_load(config['global-bgp-peers'])
# Subnet-scoped BGP peers
subnet_bgp_peers = yaml.safe_load(config['subnet-bgp-peers'])
subnets = filter_local_subnets(subnet_bgp_peers)
for subnet in subnets:
peers += subnet_bgp_peers[str(subnet)]
# Unit-scoped BGP peers
unit_id = get_unit_id()
unit_bgp_peers = yaml.safe_load(config['unit-bgp-peers'])
if unit_id in unit_bgp_peers:
peers += unit_bgp_peers[unit_id]
# Give names to peers
safe_unit_name = local_unit().replace('/', '-')
named_peers = {
# name must consist of lower case alphanumeric characters, '-' or '.'
'%s-%s-%s' % (safe_unit_name, peer['address'].replace(':', '-'),
peer['as-number']): peer
for peer in peers
}
try:
node_name = gethostname()
for peer_name, peer in named_peers.items():
peer_def = {
'apiVersion': 'projectcalico.org/v3',
'kind': 'BGPPeer',
'metadata': {
'name': peer_name,
},
'spec': {
'node': node_name,
'peerIP': peer['address'],
'asNumber': peer['as-number']
}
}
calicoctl_apply(peer_def)
# Delete unrecognized peers
existing_peers = calicoctl_get('bgppeers')['items']
existing_peers = [peer['metadata']['name'] for peer in existing_peers]
peers_to_delete = [
peer for peer in existing_peers
if peer.startswith(safe_unit_name + '-')
and peer not in named_peers
]
for peer in peers_to_delete:
calicoctl('delete', 'bgppeer', peer)
except CalledProcessError:
log(traceback.format_exc())
status.waiting('Waiting to retry BGP peer configuration')
return
set_state('calico.bgp.peers.configured')
@when_any('config.changed.global-bgp-peers', 'config.changed.subnet-bgp-peers',
'config.changed.unit-bgp-peers')
def reconfigure_bgp_peers():
remove_state('calico.bgp.peers.configured')
@atexit
def ready():
preconditions = [
'calico.service.installed', 'calico.pool.configured',
'calico.cni.configured', 'calico.bgp.globals.configured',
'calico.node.configured', 'calico.bgp.peers.configured'
]
if is_state('upgrade.series.in-progress'):
status.blocked('Series upgrade in progress')
return
for precondition in preconditions:
if not is_state(precondition):
return
if is_leader() and not is_state('calico.npc.deployed'):
status.waiting('Waiting to retry deploying policy controller')
return
if not service_running('calico-node'):
status.waiting('Waiting for service: calico-node')
return
status.active('Calico is active')
def calicoctl(*args):
cmd = ['/opt/calicoctl/calicoctl'] + list(args)
env = os.environ.copy()
env.update(get_calicoctl_env())
try:
return check_output(cmd, env=env, stderr=STDOUT)
except CalledProcessError as e:
log(e.output)
raise
def set_http_proxy():
"""
Check if we have any values for
juju_http*_proxy and apply them.
"""
juju_environment = env_proxy_settings()
if juju_environment and not juju_environment.get('disable-juju-proxy'):
upper = ['HTTP_PROXY', 'HTTPS_PROXY', 'NO_PROXY']
lower = list(map(str.lower, upper))
keys = upper + lower
for key in keys:
from_juju = juju_environment.get(key, None)
if from_juju:
os.environ[key] = from_juju
@when_not('calico.image.pulled')
@when('calico.ctl.ready')
def pull_calico_node_image():
image = resource_get('calico-node-image')
if not image or os.path.getsize(image) == 0:
status.maintenance('Pulling calico-node image')
image = charm_config('calico-node-image')
set_http_proxy()
CTL.pull(image)
else:
status.maintenance('Loading calico-node image')
unzipped = '/tmp/calico-node-image.tar'
with gzip.open(image, 'rb') as f_in:
with open(unzipped, 'wb') as f_out:
f_out.write(f_in.read())
CTL.load(unzipped)
set_state('calico.image.pulled')
@when_any('config.changed.calico-node-image')
def repull_calico_node_image():
remove_state('calico.image.pulled')
remove_state('calico.service.installed')
@when('calico.service.installed', 'calico.pool.configured')
def disable_vxlan_tx_checksumming():
'''Workaround for https://github.com/projectcalico/calico/issues/3145'''
config = charm_config()
if config['disable-vxlan-tx-checksumming'] and config['vxlan'] != 'Never':
cmd = ['ethtool', '-K', 'vxlan.calico', 'tx-checksum-ip-generic',
'off']
try:
check_call(cmd)
except CalledProcessError:
msg = 'Waiting to retry disabling VXLAN TX checksumming'
log(msg)
status.waiting(msg)
def calicoctl_get(*args):
args = ['get', '-o', 'yaml', '--export'] + list(args)
output = calicoctl(*args)
result = yaml.safe_load(output)
return result
def calicoctl_apply(data):
path = '/tmp/calicoctl-apply.yaml'
with open(path, 'w') as f:
yaml.dump(data, f)
calicoctl('apply', '-f', path)
def kubectl(*args):
cmd = ['kubectl', '--kubeconfig=/root/.kube/config'] + list(args)
try:
return check_output(cmd)
except CalledProcessError as e:
log(e.output)
raise
def get_calicoctl_env():
etcd = endpoint_from_flag('etcd.available')
env = {}
env['ETCD_ENDPOINTS'] = etcd.get_connection_string()
env['ETCD_KEY_FILE'] = ETCD_KEY_PATH
env['ETCD_CERT_FILE'] = ETCD_CERT_PATH
env['ETCD_CA_CERT_FILE'] = ETCD_CA_PATH
return env
def get_unit_as_number():
config = charm_config()
# Check for matching unit rule
unit_id = get_unit_id()
unit_as_numbers = yaml.safe_load(config['unit-as-numbers'])
if unit_id in unit_as_numbers:
as_number = unit_as_numbers[unit_id]
return as_number
# Check for matching subnet rule
subnet_as_numbers = yaml.safe_load(config['subnet-as-numbers'])
subnets = filter_local_subnets(subnet_as_numbers)
if subnets:
subnets.sort(key=lambda subnet: -subnet.prefixlen)
subnet = subnets[0]
as_number = subnet_as_numbers[str(subnet)]
return as_number
# No AS number specified for this unit.
return None
def filter_local_subnets(subnets):
ip_address = get_bind_address()
ip_address = ipaddress.ip_address(ip_address) # IP address
subnets = [ipaddress.ip_network(subnet) for subnet in subnets]
subnets = [subnet for subnet in subnets if ip_address in subnet]
return subnets
def get_unit_id():
return int(local_unit().split('/')[1])
def get_route_reflector_cluster_id():
config = charm_config()
route_reflector_cluster_ids = yaml.safe_load(
config['route-reflector-cluster-ids']
)
unit_id = get_unit_id()
return route_reflector_cluster_ids.get(unit_id)
def get_network(cidr):
'''Convert a CIDR to a network instance.'''
return ipaddress.ip_interface(cidr.strip()).network
def get_networks(cidrs):
'''Convert a comma-separated list of CIDRs to a list of networks.'''
return [get_network(cidr) for cidr in cidrs.split(',')]

68
calico/reactive/leadership.py Normal file
View File

@ -0,0 +1,68 @@
# Copyright 2015-2016 Canonical Ltd.
#
# This file is part of the Leadership Layer for Juju.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3, as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranties of
# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from charmhelpers.core import hookenv
from charmhelpers.core import unitdata
from charms import reactive
from charms.leadership import leader_get, leader_set
__all__ = ['leader_get', 'leader_set'] # Backwards compatibility
def initialize_leadership_state():
'''Initialize leadership.* states from the hook environment.
Invoked by hookenv.atstart() so states are available in
@hook decorated handlers.
'''
is_leader = hookenv.is_leader()
if is_leader:
hookenv.log('Initializing Leadership Layer (is leader)')
else:
hookenv.log('Initializing Leadership Layer (is follower)')
reactive.helpers.toggle_state('leadership.is_leader', is_leader)
previous = unitdata.kv().getrange('leadership.settings.', strip=True)
current = hookenv.leader_get()
# Handle deletions.
for key in set(previous.keys()) - set(current.keys()):
current[key] = None
any_changed = False
for key, value in current.items():
reactive.helpers.toggle_state('leadership.changed.{}'.format(key),
value != previous.get(key))
if value != previous.get(key):
any_changed = True
reactive.helpers.toggle_state('leadership.set.{}'.format(key),
value is not None)
reactive.helpers.toggle_state('leadership.changed', any_changed)
unitdata.kv().update(current, prefix='leadership.settings.')
# Per https://github.com/juju-solutions/charms.reactive/issues/33,
# this module may be imported multiple times so ensure the
# initialization hook is only registered once. I have to piggy back
# onto the namespace of a module imported before reactive discovery
# to do this.
if not hasattr(reactive, '_leadership_registered'):
hookenv.atstart(initialize_leadership_state)
reactive._leadership_registered = True

4
calico/reactive/status.py Normal file
View File

@ -0,0 +1,4 @@
from charms import layer
layer.status._initialize()

3
calico/requirements.txt Normal file
View File

@ -0,0 +1,3 @@
mock
flake8
pytest

1
calico/revision Normal file
View File

@ -0,0 +1 @@
0

8
calico/script/bootstrap Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
set -x
sudo apt update
sudo apt install -qyf docker.io
sudo snap install charm --classic
sudo snap install yq

7
calico/script/build Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
set -x
export PATH=/snap/bin:$PATH
: "${CHARM_BUILD_DIR:=/tmp/charms}"
charm build -r --force -o "$CHARM_BUILD_DIR"

53
calico/script/upload Normal file
View File

@ -0,0 +1,53 @@
#!/bin/bash
set -x
export PATH=/snap/bin:$PATH
: "${CHARM_BUILD_DIR:=/tmp/charms}"
charm whoami
RET=$?
if ((RET > 0)); then
echo "Not logged into charmstore"
exit 1
fi
function generate::attachments
{
./build-calico-resource.sh
touch calico-node-image.tar.gz
charm attach cs:~"$NAMESPACE"/"$CHARM" --channel unpublished \
calico-node-image=calico-node-image.tar.gz
charm attach cs:~"$NAMESPACE"/"$CHARM" --channel unpublished \
calico=calico-amd64.tar.gz
charm attach cs:~"$NAMESPACE"/"$CHARM" --channel unpublished \
calico-arm64=calico-arm64.tar.gz
charm attach cs:~"$NAMESPACE"/"$CHARM" --channel unpublished \
calico-upgrade=calico-upgrade-amd64.tar.gz
charm attach cs:~"$NAMESPACE"/"$CHARM" --channel unpublished \
calico-upgrade-arm64=calico-upgrade-arm64.tar.gz
}
function generate::resource::argument
{
py_script="
import sys
import json
resources_json = json.load(sys.stdin)
resource_map = []
for item in resources_json:
resource_map.append(f\"--resource {item['Name']}-{item['Revision']}\")
print(' '.join(resource_map))
"
charm list-resources cs:~"$NAMESPACE"/"$CHARM" --channel unpublished --format json | env python3 -c "$py_script"
}
URL=$(charm push "$CHARM_BUILD_DIR"/builds/"$CHARM"/. cs:~"$NAMESPACE"/"$CHARM" | yq r - url)
generate::attachments
if [ "$CHANNEL" != unpublished ]; then
charm release "$URL" --channel "$CHANNEL" $(generate::resource::argument)
fi

33
calico/templates/10-calico.conflist Normal file
View File

@ -0,0 +1,33 @@
{
"name": "calico-k8s-network",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
"etcd_endpoints": "{{ connection_string }}",
"etcd_key_file": "{{ etcd_key_path }}",
"etcd_cert_file": "{{ etcd_cert_path }}",
"etcd_ca_cert_file": "{{ etcd_ca_path }}",
"log_level": "info",
{% if mtu -%}
"mtu": {{ mtu }},
{%- endif %}
"ipam": {
"type": "calico-ipam",
"assign_ipv4": "{{ assign_ipv4 }}",
"assign_ipv6": "{{ assign_ipv6 }}"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "{{ kubeconfig_path }}"
}
},
{
"type": "portmap",
"capabilities": {"portMappings": true},
"snat": true
}
]
}

53
calico/templates/calico-node.service Normal file
View File

@ -0,0 +1,53 @@
[Unit]
Description=calico node
[Service]
User=root
Environment=ETCD_ENDPOINTS={{ connection_string }}
# Setting LC_ALL and LANG works around a bug that only occurs on Xenial
# https://bugs.launchpad.net/bugs/1911220
Environment=LC_ALL={{ lc_all }}
Environment=LANG={{ lang }}
PermissionsStartOnly=true
ExecStartPre=-/usr/local/sbin/charm-env --charm calico conctl delete calico-node
ExecStartPre=/bin/mkdir -p /var/run/calico /var/log/calico /var/lib/calico
ExecStart=/usr/local/sbin/charm-env --charm calico conctl run \
--rm \
--net-host \
--privileged \
--env ETCD_ENDPOINTS={{ connection_string }} \
--env ETCD_CA_CERT_FILE={{ etcd_ca_path }} \
--env ETCD_CERT_FILE={{ etcd_cert_path }} \
--env ETCD_KEY_FILE={{ etcd_key_path }} \
--env NODENAME={{ nodename }} \
--env IP={{ ip }} \
{% if ipv4 == "none" -%}
--env CALICO_ROUTER_ID="hash" \
{% endif -%}
--env IP6={{ ip6 }} \
{% if ip6 != "none" -%}
--env FELIX_IPV6SUPPORT=true \
{% endif -%}
--env NO_DEFAULT_POOLS=true \
--env AS= \
--env CALICO_LIBNETWORK_ENABLED=true \
--env CALICO_NETWORKING_BACKEND=bird \
--env FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
--env FELIX_IGNORELOOSERPF={{ ignore_loose_rpf | string | lower }} \
{% if mtu -%}
--env FELIX_IPINIPMTU={{ mtu }} \
--env FELIX_VXLANMTU={{ mtu }} \
{% endif -%}
--mount /lib/modules:/lib/modules \
--mount /var/run/calico:/var/run/calico \
--mount /var/log/calico:/var/log/calico \
--mount /var/lib/calico:/var/lib/calico \
--mount /opt/calicoctl:/opt/calicoctl \
--name calico-node \
{{ calico_node_image }}
ExecStop=-/usr/local/sbin/charm-env --charm calico conctl delete calico-node
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target

4
calico/templates/calicoctl Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
set -eu
. /opt/calicoctl/calicoctl.env
exec /opt/calicoctl/calicoctl "$@"

155
calico/templates/policy-controller.yaml Normal file
View File

@ -0,0 +1,155 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-kube-controllers
namespace: kube-system
---
# Include a clusterrole for the kube-controllers component,
# and bind it to the calico-kube-controllers serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
rules:
# Pods are monitored for changing labels.
# The node controller monitors Kubernetes nodes.
# Namespace and serviceaccount labels are used for policy.
- apiGroups:
- ""
- extensions
resources:
- pods
- nodes
- namespaces
- serviceaccounts
- networkpolicies
verbs:
- watch
- list
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- watch
- list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-kube-controllers
subjects:
- kind: ServiceAccount
name: calico-kube-controllers
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
cdk-restart-on-ca-change: "true"
spec:
# Only a single instance of the this pod should be
# active at a time. Since this pod is run as a Deployment,
# Kubernetes will ensure the pod is recreated in case of failure,
# removing the need for passive backups.
selector:
matchLabels:
k8s-app: calico-kube-controllers
replicas: 1
strategy:
type: Recreate
template:
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
annotations:
# annotate etcd cert modification time, so that when it changes, k8s
# will restart the pod
cdk-etcd-cert-last-modified: "{{ etcd_cert_last_modified }}"
spec:
hostNetwork: true
serviceAccountName: calico-kube-controllers
containers:
- name: calico-kube-controllers
image: {{ calico_policy_image }}
env:
- name: ETCD_ENDPOINTS
value: {{ connection_string }}
- name: ETCD_CA_CERT_FILE
value: {{ etcd_ca_path }}
- name: ETCD_CERT_FILE
value: {{ etcd_cert_path }}
- name: ETCD_KEY_FILE
value: {{ etcd_key_path }}
volumeMounts:
- name: calicoctl
mountPath: /opt/calicoctl
volumes:
- name: calicoctl
hostPath:
path: /opt/calicoctl
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-node
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:
- kind: ServiceAccount
name: calico-node
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: namespace-reader
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nodes-namespace-reader
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:nodes
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: namespace-reader

5
calico/tests/00-setup Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
sudo add-apt-repository ppa:juju/stable -y
sudo apt-get update
sudo apt-get install amulet python-requests -y

31
calico/tests/10-deploy Executable file
View File

@ -0,0 +1,31 @@
#!/usr/bin/python3
import amulet
import requests
import unittest
class TestCharm(unittest.TestCase):
def setUp(self):
self.d = amulet.Deployment()
self.d.add('layer-calico-cni')
self.d.expose('layer-calico-cni')
self.d.setup(timeout=900)
self.d.sentry.wait()
self.unit = self.d.sentry['layer-calico-cni'][0]
def test_service(self):
# test we can access over http
page = requests.get('http://{}'.format(self.unit.info['public-address']))
self.assertEqual(page.status_code, 200)
# Now you can use self.d.sentry[SERVICE][UNIT] to address each of the units and perform
# more in-depth steps. Each self.d.sentry[SERVICE][UNIT] has the following methods:
# - .info - An array of the information of that unit from Juju
# - .file(PATH) - Get the details of a file on that unit
# - .file_contents(PATH) - Get plain text output of PATH file from that unit
# - .directory(PATH) - Get details of directory
# - .directory_contents(PATH) - List files and folders in PATH on that unit
# - .relation(relation, service:rel) - Get relation data from return service

6
calico/tests/conftest.py Normal file
View File

@ -0,0 +1,6 @@
import charms.unit_test
charms.unit_test.patch_reactive()
charms.unit_test.patch_module('conctl')
charms.unit_test.patch_module('charms.leadership')

16
calico/tests/test_calico.py Normal file
View File

@ -0,0 +1,16 @@
from charmhelpers.core.hookenv import is_leader # patched
from charmhelpers.core.host import service_running # patched
from reactive import calico
def test_series_upgrade():
calico.set_state('upgrade.series.in-progress')
is_leader.return_value = False
service_running.return_value = True
assert calico.status.blocked.call_count == 0
assert calico.status.waiting.call_count == 0
assert calico.status.active.call_count == 0
calico.ready()
assert calico.status.blocked.call_count == 1
assert calico.status.waiting.call_count == 0
assert calico.status.active.call_count == 0

18
calico/tox.ini Normal file
View File

@ -0,0 +1,18 @@
[tox]
skipsdist = True
envlist = lint,py3
[testenv]
basepython = python3
setenv =
PYTHONPATH={toxinidir}:{toxinidir}/lib
deps =
pyyaml
pytest
flake8
ipdb
git+https://github.com/juju-solutions/charms.unit_test/#egg=charms.unit_test
commands = pytest --tb native -s {posargs}
[testenv:lint]
commands = flake8 {toxinidir}/lib {toxinidir}/reactive {toxinidir}/tests

1
calico/version Normal file
View File

@ -0,0 +1 @@
0ea81f0c

23
calico/wheelhouse.txt Normal file
View File

@ -0,0 +1,23 @@
# layer:basic
# pip is pinned to <19.0 to avoid https://github.com/pypa/pip/issues/6164
# even with installing setuptools before upgrading pip ends up with pip seeing
# the older setuptools at the system level if include_system_packages is true
pip>=18.1,<19.0
# pin Jinja2, PyYAML and MarkupSafe to the last versions supporting python 3.5
# for trusty
Jinja2<=2.10.1
PyYAML<=5.2
MarkupSafe<2.0.0
setuptools<42
setuptools-scm<=1.17.0
charmhelpers>=0.4.0,<1.0.0
charms.reactive>=0.1.0,<2.0.0
wheel<0.34
# pin netaddr to avoid pulling importlib-resources
netaddr<=0.7.19
# calico
conctl-py35==0.1.2
# pin click to avoid bringing in incompatible setuptools>=42
click<8.0

BIN
calico/wheelhouse/Jinja2-2.10.1.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/MarkupSafe-1.1.1.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/PyYAML-5.2.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/Tempita-0.5.2.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/charmhelpers-0.20.22.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/charms.reactive-1.4.1.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/click-7.1.2.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/conctl-py35-0.1.2.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/netaddr-0.7.19.tar.gz Normal file
View File

Binary file not shown.

BIN
calico/wheelhouse/pbr-5.6.0.tar.gz Normal file
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More