config: Add global service parameter to set cri handler

This commit adds global service parameter "container_runtime" to allow setting container runtime interface (CRI) entries in the containerd configuration file for custom runTimeClass. An example usage to set the cri: system service-parameter-add \ platform container_runtime \ custom_container_runtime=my_crihandler:/absolute/path/to/my_criBinary Story: 2008434 Task: 41390 Signed-off-by: Babak Sarashki <babak.sarashki@windriver.com> Change-Id: Icc5fd16682f4cf47abff16e20a5332fc195c4afc
2021-02-17 15:28:19 +00:00 · 2021-02-17 15:28:19 +00:00 · 890b1208ca
parent 500d4e250c
commit 890b1208ca
3 changed files with 102 additions and 2 deletions
--- a/sysinv/sysinv/sysinv/sysinv/common/constants.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py
@ -1024,6 +1024,10 @@ SERVICE_PARAM_SECTION_PLATFORM_MAINTENANCE = 'maintenance'
 SERVICE_PARAM_SECTION_PLATFORM_SYSINV = 'sysinv'
 SERVICE_PARAM_SECTION_PLATFORM_CONFIG = 'config'

+# Containerd runTimeClass CRI entries
+SERVICE_PARAM_SECTION_PLATFORM_CRI_RUNTIME_CLASS = 'container_runtime'
+SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS = 'custom_container_runtime'
+
 SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT = 'worker_boot_timeout'
 SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT = 'controller_boot_timeout'
 SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD = 'heartbeat_period'
--- a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
@ -1,4 +1,4 @@
-# Copyright (c) 2017-2019 Wind River Systems, Inc.
+# Copyright (c) 2017-2021 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -9,6 +9,7 @@

 import netaddr
 import pecan
+import re
 import wsme

 from oslo_log import log
@ -22,6 +23,7 @@ LOG = log.getLogger(__name__)

 SERVICE_PARAMETER_DATA_FORMAT_ARRAY = 'array'
 SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN = 'boolean'
+SERVICE_PARAMETER_DATA_FORMAT_DICT = 'dict'
 SERVICE_PARAMETER_DATA_FORMAT_SKIP = 'skip'

 IDENTITY_CONFIG_TOKEN_EXPIRATION_MIN = 3600
@ -157,6 +159,56 @@ def _validate_oidc_issuer_url(name, value):
            "Parameter '%s' must be a valid address or domain." % name))


+def _validate_cri_class_format(name, value):
+    """
+    Validate string into cri runtimeClassName:runtimeBinary format,
+    criHandler format: Alphanumeric plus underscore,
+    criBinary format: Portable filename plus '/'.
+    For example:
+      "my_runtimeClassName:/usr/bin/my-runtimeBinary"
+    """
+
+    msg_example = "Example: my_runtimeClassName:/usr/bin/my-runtimeBinary\n"
+    msg_format = " format: runtimeClassName:runtimeBinaryName\n"
+    msg_runtimeBinaryName = "runtimeBinary: Portable filename plus \'/\'\n"
+    msg_runtimeClassName = "runtimeClassName: Alphanumeric and underscore\n"
+
+    if len(value) == 0:
+        raise wsme.exc.ClientSideError(_(
+            "syntax: custom_container_runtime=runtimeClassName:runtimeBinary"))
+    for cri in value.split(','):
+        try:
+            criHandler, criBinary = cri.split(':')
+        except ValueError:
+            raise wsme.exc.ClientSideError(_(
+                 "Parameter ValueError in %s"
+                 % (name + msg_format + msg_runtimeClassName +
+                     msg_runtimeBinaryName + msg_example)))
+
+        if (len(criHandler) == 0 or
+               (len(criBinary) == 0 or len(criBinary) > 4095)):
+                    raise wsme.exc.ClientSideError(_(
+                        "Parameter %s"
+                        % (name + msg_format + msg_runtimeClassName +
+                           msg_runtimeBinaryName + msg_example)))
+
+        # criHandler format: Alphanumeric and underscore
+        if len(re.findall(r"[^\w+]", criHandler)):
+            raise wsme.exc.ClientSideError(_(
+                "Parameter %s "
+                % (name + msg_format + msg_runtimeClassName +
+                   "Invalid Characters in runtimeClassName: " + criHandler +
+                   "\n" + msg_example)))
+
+        # criBinary format: Absolute path, portable filename
+        if len(re.findall(r"^[^/]|[^a-zA-Z0-9-_./]|\/\.|\/$", criBinary)):
+            raise wsme.exc.ClientSideError(_(
+                "Parameter %s "
+                % (name + msg_format + msg_runtimeBinaryName +
+                   "Invalid Characters in runtimeBinaryName: " + criBinary +
+                   "\n" + msg_example)))
+
+
 def _get_network_pool_from_ip_address(ip, networks):
    for name in networks:
        try:
@ -396,6 +448,25 @@ PLATFORM_MTCE_PARAMETER_MANDATORY = [

 PLATFORM_SYSINV_PARAMETER_PROTECTED = ['firewall_rules_id']

+PLATFORM_CRI_PARAMETER_OPTIONAL = [
+    constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS,
+]
+
+PLATFORM_CRI_PARAMETER_VALIDATOR = {
+    constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS:
+        _validate_cri_class_format,
+}
+
+PLATFORM_CRI_PARAMETER_RESOURCE = {
+    constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS:
+        'platform::containerd::params::custom_container_runtime',
+}
+
+PLATFORM_CRI_PARAMETER_DATA_FORMAT = {
+    constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS:
+        SERVICE_PARAMETER_DATA_FORMAT_DICT,
+}
+
 SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT_MIN = 720
 SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT_MAX = 1800
 SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT_MIN = 1200
@ -643,6 +714,7 @@ SERVICE_PARAM_READONLY = 'readonly'
 SERVICE_PARAM_PROTECTED = 'protected'
 SERVICE_VALUE_PROTECTION_MASK = "****"

+
 SERVICE_PARAMETER_SCHEMA = {
    constants.SERVICE_TYPE_IDENTITY: {
        constants.SERVICE_PARAM_SECTION_IDENTITY_CONFIG: {
@ -666,6 +738,12 @@ SERVICE_PARAMETER_SCHEMA = {
        constants.SERVICE_PARAM_SECTION_PLATFORM_SYSINV: {
            SERVICE_PARAM_PROTECTED: PLATFORM_SYSINV_PARAMETER_PROTECTED,
        },
+        constants.SERVICE_PARAM_SECTION_PLATFORM_CRI_RUNTIME_CLASS: {
+            SERVICE_PARAM_OPTIONAL: PLATFORM_CRI_PARAMETER_OPTIONAL,
+            SERVICE_PARAM_VALIDATOR: PLATFORM_CRI_PARAMETER_VALIDATOR,
+            SERVICE_PARAM_DATA_FORMAT: PLATFORM_CRI_PARAMETER_DATA_FORMAT,
+            SERVICE_PARAM_RESOURCE: PLATFORM_CRI_PARAMETER_RESOURCE,
+        },
    },
    constants.SERVICE_TYPE_HORIZON: {
        constants.SERVICE_PARAM_SECTION_HORIZON_AUTH: {
--- a/sysinv/sysinv/sysinv/sysinv/puppet/service_parameter.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/service_parameter.py
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2017 Wind River Systems, Inc.
+# Copyright (c) 2017-2021 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -14,6 +14,22 @@ LOG = logging.getLogger(__name__)
 class ServiceParamPuppet(base.BasePuppet):
    """Class to encapsulate puppet operations for service parameters"""

+    def _format_dict_parameter(self, resource, value=None):
+        parameter = {}
+        if value is None:
+            return {}
+        for p in value.split(','):
+            try:
+                key, data = p.split(':')
+                if (len(key) and len(data)):
+                    parameter.update(dict([(key.strip(), data.strip())]))
+            except ValueError:
+                LOG.error("Format error in value passed: %s" % value)
+                pass
+        if (len(parameter)):
+            return ({resource: parameter})
+        return {}
+
    def _format_array_parameter(self, resource, value):
        parameter = {}
        if value != 'undef':
@ -64,6 +80,8 @@ class ServiceParamPuppet(base.BasePuppet):
            if formatter == service_parameter.SERVICE_PARAMETER_DATA_FORMAT_SKIP:
                # Parameter is handled elsewhere
                continue
+            elif formatter == service_parameter.SERVICE_PARAMETER_DATA_FORMAT_DICT:
+                config.update(self._format_dict_parameter(resource, param.value))
            elif formatter == service_parameter.SERVICE_PARAMETER_DATA_FORMAT_ARRAY:
                config.update(self._format_array_parameter(resource, param.value))
            elif formatter == service_parameter.SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN: