py-pve-cloud 0.5.16__py3-none-any.whl

pve_cloud/_version.py

@@ -0,0 +1 @@
+__version__ = "0.5.16"

pve_cloud/cli/pvcli.py

@@ -0,0 +1,159 @@
+import argparse
+import yaml
+from proxmoxer import ProxmoxAPI
+import os
+import paramiko
+from pve_cloud.cli.pvclu import get_ssh_master_kubeconfig
+
+
+def connect_cluster(args):
+  # try load current dynamic inventory
+  inv_path = os.path.expanduser("~/.pve-cloud-dyn-inv.yaml")
+  if os.path.exists(inv_path):
+    with open(inv_path, "r") as file:
+      dynamic_inventory = yaml.safe_load(file)
+  else:
+    # initialize empty
+    dynamic_inventory = {}
+
+  # connect to the cluster via paramiko and check if cloud files are already there
+  ssh = paramiko.SSHClient()
+  ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+  ssh.connect(args.pve_host, username="root")
+
+  # since we need root we cant use sftp and root via ssh is disabled
+  _, stdout, _ = ssh.exec_command("cat /etc/pve/cloud/cluster_vars.yaml")
+  cluster_vars = yaml.safe_load(stdout.read().decode('utf-8'))
+
+  if not cluster_vars:
+    # cluster has not been yet initialized
+    pve_cloud_domain = input("Cluster has not yet been fully initialized, assign the cluster a cloud domain and press ENTER:")
+  else:
+    pve_cloud_domain = cluster_vars["pve_cloud_domain"]
+  
+  # init cloud domain if not there
+  if pve_cloud_domain not in dynamic_inventory:
+    dynamic_inventory[pve_cloud_domain] = {}
+
+  # connect to the passed host
+  proxmox = ProxmoxAPI(
+    args.pve_host, user="root", backend='ssh_paramiko'
+  )
+
+  # try get the cluster name
+  cluster_name = None
+  status_resp = proxmox.cluster.status.get()
+  for entry in status_resp:
+    if entry['id'] == "cluster":
+      cluster_name = entry['name']
+      break
+
+  if cluster_name is None:
+    raise Exception("Could not get cluster name")
+  
+  if cluster_name in dynamic_inventory[pve_cloud_domain] and not args.force:
+    print(f"cluster {cluster_name} already in dynamic inventory, add --force to overwrite current local inv.")
+    return
+  
+  # overwrite on force / create fresh
+  dynamic_inventory[pve_cloud_domain][cluster_name] = {}
+  
+  # not present => add and safe the dynamic inventory
+  cluster_hosts = proxmox.nodes.get()
+
+  for node in cluster_hosts:
+    node_name = node["node"]
+
+    if node["status"] == "offline":
+      print(f"skipping offline node {node_name}")
+      continue
+    
+    # get the main ip
+    ifaces = proxmox.nodes(node_name).network.get()
+    node_ip_address = None
+    for iface in ifaces:
+      if 'gateway' in iface:
+        if node_ip_address is not None:
+          raise Exception(f"found multiple ifaces with gateways for node {node_name}")
+        node_ip_address = iface.get("address")
+
+    if node_ip_address is None:
+      raise Exception(f"Could not find ip for node {node_name}")
+    
+    dynamic_inventory[pve_cloud_domain][cluster_name][node_name] = {
+      "ansible_user": "root",
+      "ansible_host": node_ip_address
+    }
+
+  with open(inv_path, "w") as file:
+    yaml.dump(dynamic_inventory, file)
+
+
+def print_kubeconfig(args):
+  if not os.path.exists(args.inventory):
+    print("The specified inventory file does not exist!")
+    return
+
+  with open(args.inventory, "r") as f:
+    inventory = yaml.safe_load(f)
+
+  target_pve = inventory["target_pve"]
+
+  # load dyn inv to init proxmoxer
+  inv_path = os.path.expanduser("~/.pve-cloud-dyn-inv.yaml")
+  with open(inv_path, "r") as file:
+    dynamic_inventory = yaml.safe_load(file)
+
+  target_cloud = None
+  target_cluster = None
+  for cloud in dynamic_inventory:
+    for cluster in dynamic_inventory[cloud]:
+      if target_pve.endswith((cluster + "." + cloud)):
+        target_cloud = cloud
+        target_cluster = cluster
+        break
+
+  if not target_cloud:
+    print("could not find cloud in dyn inv!")
+    return
+
+  first_host = list(dynamic_inventory[target_cloud][target_cluster].keys())[0]
+
+  # connect to the first pve host in the dyn inv, assumes they are all online
+  ssh = paramiko.SSHClient()
+  ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+  ssh.connect(dynamic_inventory[target_cloud][target_cluster][first_host]["ansible_host"], username="root")
+
+  # since we need root we cant use sftp and root via ssh is disabled
+  _, stdout, _ = ssh.exec_command("cat /etc/pve/cloud/cluster_vars.yaml")
+
+  cluster_vars = yaml.safe_load(stdout.read().decode('utf-8'))
+
+  print(get_ssh_master_kubeconfig(cluster_vars, inventory["stack_name"]))
+
+
+def main():
+  parser = argparse.ArgumentParser(description="PVE general purpose cli for setting up.")
+
+  base_parser = argparse.ArgumentParser(add_help=False)
+
+  subparsers = parser.add_subparsers(dest="command", required=True)
+
+  connect_cluster_parser = subparsers.add_parser("connect-cluster", help="Add an entire pve cluster to this machine for use.", parents=[base_parser])
+  connect_cluster_parser.add_argument("--pve-host", type=str, help="PVE Host to connect to and add the entire cluster for the local machine.", required=True)
+  connect_cluster_parser.add_argument("--force", action="store_true", help="Will read the cluster if set.")
+  connect_cluster_parser.set_defaults(func=connect_cluster)
+
+
+  print_kconf_parser = subparsers.add_parser("print-kubeconfig", help="Print the kubeconfig from a k8s cluster deployed with pve cloud.", parents=[base_parser])
+  print_kconf_parser.add_argument("--inventory", type=str, help="PVE cloud kubespray inventory yaml file.", required=True)
+  print_kconf_parser.set_defaults(func=print_kubeconfig)
+
+
+  args = parser.parse_args()
+  args.func(args)
+
+
+if __name__ == "__main__":
+  main()

pve_cloud/cli/pvclu.py

@@ -0,0 +1,140 @@
+import argparse
+import yaml
+import os 
+import socket
+import paramiko
+import dns.resolver
+import base64
+import re
+
+
+def get_cloud_domain(target_pve):
+  with open(os.path.expanduser("~/.pve-cloud-dyn-inv.yaml"), "r") as f:
+    pve_inventory = yaml.safe_load(f)
+
+  for pve_cloud in pve_inventory:
+    for pve_cluster in pve_inventory[pve_cloud]:
+      if pve_cluster + "." + pve_cloud == target_pve:
+        return pve_cloud
+  
+  raise Exception(f"Could not identify cloud domain for {target_pve}")
+
+
+def get_cld_domain_prsr(args):
+  print(f"export PVE_CLOUD_DOMAIN='{get_cloud_domain(args.target_pve)}'")
+
+
+def get_online_pve_host(target_pve):
+  with open(os.path.expanduser("~/.pve-cloud-dyn-inv.yaml"), "r") as f:
+    pve_inventory = yaml.safe_load(f)
+
+  for pve_cloud in pve_inventory:
+    for pve_cluster in pve_inventory[pve_cloud]:
+      if pve_cluster + "." + pve_cloud == target_pve:
+        for pve_host in pve_inventory[pve_cloud][pve_cluster]:
+          # check if host is available
+          pve_host_ip = pve_inventory[pve_cloud][pve_cluster][pve_host]["ansible_host"]
+          try:
+              with socket.create_connection((pve_host_ip, 22), timeout=3):
+                  return pve_host_ip
+          except Exception as e:
+              # debug
+              print(e, type(e))
+              pass
+  
+  raise Exception(f"Could not find online pve host for {target_pve}")
+
+
+def get_cloud_env(pve_host):
+  ssh = paramiko.SSHClient()
+  ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+  ssh.connect(pve_host, username="root")
+
+  # since we need root we cant use sftp and root via ssh is disabled
+  _, stdout, _ = ssh.exec_command("cat /etc/pve/cloud/cluster_vars.yaml")
+
+  cluster_vars = yaml.safe_load(stdout.read().decode('utf-8'))
+
+  _, stdout, _ = ssh.exec_command("cat /etc/pve/cloud/secrets/patroni.pass")
+
+  patroni_pass = stdout.read().decode('utf-8').strip()
+
+  # fetch bind update key for ingress dns validation
+  _, stdout, _ = ssh.exec_command("sudo cat /etc/pve/cloud/secrets/internal.key")
+  bind_key_file = stdout.read().decode('utf-8')
+
+  bind_internal_key = re.search(r'secret\s+"([^"]+)";', bind_key_file).group(1)
+
+  return cluster_vars, patroni_pass, bind_internal_key
+
+
+def get_online_pve_host_prsr(args):
+  print(f"export PVE_ANSIBLE_HOST='{get_online_pve_host(args.target_pve)}'")
+
+
+def get_ssh_master_kubeconfig(cluster_vars, stack_name):
+  resolver = dns.resolver.Resolver()
+  resolver.nameservers = [cluster_vars['bind_master_ip'], cluster_vars['bind_slave_ip']]
+
+  ddns_answer = resolver.resolve(f"masters-{stack_name}.{cluster_vars['pve_cloud_domain']}")
+  ddns_ips = [rdata.to_text() for rdata in ddns_answer]
+
+  if not ddns_ips:
+    raise Exception("No master could be found via DNS!")
+
+  ssh = paramiko.SSHClient()
+  ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+
+  ssh.connect(ddns_ips[0], username="admin")
+
+  # since we need root we cant use sftp and root via ssh is disabled
+  _, stdout, _ = ssh.exec_command("sudo cat /etc/kubernetes/admin.conf")
+
+  return stdout.read().decode('utf-8').replace("https://127.0.0.1:6443", f"https://{ddns_ips[0]}:6443")
+
+
+def export_envr(args):
+  ansible_host = get_online_pve_host(args.target_pve)
+  cloud_domain = get_cloud_domain(args.target_pve)
+  cluster_vars, patroni_pass, bind_internal_key = get_cloud_env(ansible_host)
+  print(f"export PVE_ANSIBLE_HOST='{ansible_host}'")
+  print(f"export PVE_CLOUD_DOMAIN='{cloud_domain}'")
+
+  # tf vars
+  print(f"export PG_CONN_STR=\"postgres://postgres:{patroni_pass}@{cluster_vars['pve_haproxy_floating_ip_internal']}:5000/tf_states?sslmode=disable\"")
+  print(f"export TF_VAR_pve_cloud_domain='{cloud_domain}'")
+  print(f"export TF_VAR_pve_host='{ansible_host}'")
+  print(f"export TF_VAR_cluster_proxy_ip='{cluster_vars['pve_haproxy_floating_ip_internal']}'")
+  print(f"export TF_VAR_pve_cloud_pg_cstr=\"postgresql+psycopg2://postgres:{patroni_pass}@{cluster_vars['pve_haproxy_floating_ip_internal']}:5000/pve_cloud?sslmode=disable\"")
+  print(f"export TF_VAR_master_b64_kubeconf='{base64.b64encode(get_ssh_master_kubeconfig(cluster_vars, args.stack_name).encode('utf-8')).decode('utf-8')}'")
+  print(f"export TF_VAR_bind_master_ip='{cluster_vars['bind_master_ip']}'")
+  print(f"export TF_VAR_bind_internal_key='{bind_internal_key}'")
+
+  
+def main():
+  parser = argparse.ArgumentParser(description="PVE Cloud utility cli. Should be called with bash eval.")
+
+  base_parser = argparse.ArgumentParser(add_help=False)
+
+  subparsers = parser.add_subparsers(dest="command", required=True)
+
+  get_cld_domain_parser = subparsers.add_parser("get-cloud-domain", help="Get the cloud domain of a pve cluster.", parents=[base_parser])
+  get_cld_domain_parser.add_argument("--target-pve", type=str, help="The target pve cluster to get the cloud domain of.", required=True)
+  get_cld_domain_parser .set_defaults(func=get_cld_domain_prsr)
+
+  export_envr_parser = subparsers.add_parser("export-envrc", help="Export variables for k8s .envrc", parents=[base_parser])
+  export_envr_parser.add_argument("--target-pve", type=str, help="The target pve cluster.", required=True)
+  export_envr_parser.add_argument("--stack-name", type=str, help="Stack name of the deployment.", required=True)
+  export_envr_parser.set_defaults(func=export_envr)
+
+  get_online_pve_host_parser = subparsers.add_parser("get-online-host", help="Gets the ip for the first online proxmox host in the cluster.", parents=[base_parser])
+  get_online_pve_host_parser.add_argument("--target-pve", type=str, help="The target pve cluster to get the first online ip of.", required=True)
+  get_online_pve_host_parser.set_defaults(func=get_online_pve_host_prsr)
+
+  args = parser.parse_args()
+  args.func(args)
+
+
+if __name__ == "__main__":
+  main()

pve_cloud/lib/inventory.py

@@ -0,0 +1,5 @@
+
+def get_pve_cloud_inventory():
+  pass
+
+

pve_cloud/orm/alchemy.py

@@ -0,0 +1,181 @@
+from sqlalchemy import Column, Integer, String, Boolean, SmallInteger, Text
+from sqlalchemy.dialects.postgresql import MACADDR, INET, JSONB, insert
+from sqlalchemy import create_engine, MetaData, Table, select, delete, update
+from sqlalchemy.orm import declarative_base
+from alembic.config import Config
+from alembic import command
+import os
+
+Base = declarative_base()
+
+class BindDomains(Base):
+  __tablename__ = "bind_domains"
+
+  domain = Column(String(253), primary_key=True)
+  stack_fqdn = Column(String(253), primary_key=True)
+
+
+class AcmeX509(Base):
+  __tablename__ = "acme_x509"
+
+  stack_fqdn = Column(String(253), primary_key=True)
+  config = Column(JSONB)
+  ec_csr = Column(JSONB)
+  ec_crt = Column(JSONB)
+  k8s = Column(JSONB)
+
+
+class KeaReservations(Base):
+  __tablename__ = "kea_reservations"
+
+  mac = Column(MACADDR, primary_key=True)
+  ip = Column(INET) # nullable
+  hostname = Column(String(253), nullable=False)
+  client_classes = Column(String(1000)) # csv seperated client classes
+  stack_fqdn = Column(String(253), nullable=False)
+
+
+class KeaClientClassDefs(Base):
+  __tablename__ = "kea_client_class_defs"
+
+  stack_fqdn = Column(String(253), nullable=False)
+  class_name = Column(String(253), primary_key=True)
+  class_content = Column(JSONB, nullable=False)
+
+
+class K8SWorkers(Base):
+  __tablename__ = "k8s_workers"
+
+  ip = Column(INET, primary_key=True)
+  hostname = Column(String(253), nullable=False)
+  stack_fqdn = Column(String(253), nullable=False)
+  proxy_stack_fqdn = Column(String(253), nullable=False)
+
+
+class K8SMasters(Base):
+  __tablename__ = "k8s_masters"
+
+  ip = Column(INET, primary_key=True)
+  hostname = Column(String(253), nullable=False)
+  stack_fqdn = Column(String(253), nullable=False)
+  proxy_stack_fqdn = Column(String(253), nullable=False)
+
+
+class K8SIngressRules(Base):
+  __tablename__ = "k8s_ingress_rules"
+
+  zone = Column(String(253), primary_key=True)
+  name = Column(String(253), primary_key=True)
+  stack_fqdn = Column(String(253), primary_key=True)
+  proxy_stack_fqdn = Column(String(253), nullable=False)
+  external = Column(Boolean, default=False)
+  rule_len = Column(Integer, nullable=False)
+
+
+class K8STcpProxies(Base):
+  __tablename__ = "k8s_tcp_proxies"
+
+  proxy_name = Column(String(253), nullable=False)
+  haproxy_port = Column(SmallInteger, primary_key=True)
+  node_port = Column(SmallInteger, nullable=False)
+  stack_fqdn = Column(String(253), nullable=False)
+  proxy_snippet = Column(Text)
+  proxy_stack_fqdn = Column(String(253), primary_key=True)
+  external = Column(Boolean, default=False)
+
+
+class K8SExternalControlPlanes(Base):
+  __tablename__ = "k8s_ext_control_planes"
+
+  stack_fqdn = Column(String(253), primary_key=True)
+  extra_sans = Column(String(2530), nullable=False) # csvs
+  proxy_stack_fqdn = Column(String(253), nullable=False)
+
+
+# apply the migrations to the database
+def migrate(conn_str):
+  alembic_cfg = Config(os.path.join(os.path.dirname(__file__), 'alembic.ini'))
+
+  alembic_cfg.set_main_option("sqlalchemy.url", conn_str)
+  alembic_cfg.set_main_option("prepend_sys_path", os.path.dirname(__file__))
+
+  command.upgrade(alembic_cfg, "head")
+
+
+# generic read with simple where equal functionality
+def alch_read(conn_str, table_name, where_equal_args):
+  engine = create_engine(conn_str)
+  metadata = MetaData()
+
+  table = Table(table_name, metadata, autoload_with=engine)
+
+  statement = select(table)
+  for col_name, val in where_equal_args.items():
+    statement = statement.where(table.c[col_name] == val)
+
+  with engine.connect() as conn:
+    result = conn.execute(statement)
+    
+  return [dict(row._mapping) for row in result]
+
+
+def alch_write(conn_str, table_name, rows):
+  engine = create_engine(conn_str)
+  metadata = MetaData()
+
+  table = Table(table_name, metadata, autoload_with=engine)
+
+  stmt = insert(table)
+
+  with engine.begin() as conn:
+    conn.execute(stmt, rows)
+
+
+def alch_update(conn_str, table_name, values, whereclause):
+  engine = create_engine(conn_str)
+  metadata = MetaData()
+  table = Table(table_name, metadata, autoload_with=engine)
+
+  stmt = update(table).values(**values)
+
+  for col, val in whereclause.items():
+    stmt = stmt.where(table.c[col] == val)
+
+  with engine.begin() as conn:
+    conn.execute(stmt)
+
+
+def alch_upsert(conn_str, table_name, values, conflict_columns):
+  engine = create_engine(conn_str)
+  metadata = MetaData()
+  table = Table(table_name, metadata, autoload_with=engine)
+
+  stmt = insert(table).values(**values)
+
+  # update every column except conflict columns that were passed in the values
+  # this is the same as doing SET column_x = EXCLUDED.column_x
+  update_dict = {c: getattr(stmt.excluded, c) for c in values if c not in conflict_columns}
+
+  stmt = stmt.on_conflict_do_update(
+    index_elements=[table.c[c] for c in conflict_columns],
+    set_=update_dict
+  )
+
+  with engine.begin() as conn:
+    conn.execute(stmt)
+
+
+def alch_delete(conn_str, table_name, where_equal_args):
+  engine = create_engine(conn_str)
+  metadata = MetaData()
+
+  table = Table(table_name, metadata, autoload_with=engine)
+
+  stmt = delete(table)
+  for col_name, val in where_equal_args.items():
+    stmt = stmt.where(table.c[col_name] == val)
+
+  with engine.begin() as conn: 
+    result = conn.execute(stmt)
+    return result.rowcount
+  

pve_cloud/orm/alembic.ini

@@ -0,0 +1,147 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts.
+# this is typically a path given in POSIX (e.g. forward slashes)
+# format, relative to the token %(here)s which refers to the location of this
+# ini file
+script_location = %(here)s/migrations
+
+# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
+# Uncomment the line below if you want the files to be prepended with date and time
+# see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
+# for all available tokens
+# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+
+# sys.path path, will be prepended to sys.path if present.
+# defaults to the current working directory.  for multiple paths, the path separator
+# is defined by "path_separator" below.
+prepend_sys_path = .
+
+
+# timezone to use when rendering the date within the migration file
+# as well as the filename.
+# If specified, requires the python>=3.9 or backports.zoneinfo library and tzdata library.
+# Any required deps can installed by adding `alembic[tz]` to the pip requirements
+# string value is passed to ZoneInfo()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; This defaults
+# to <script_location>/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path.
+# The path separator used here should be the separator specified by "path_separator"
+# below.
+# version_locations = %(here)s/bar:%(here)s/bat:%(here)s/alembic/versions
+
+# path_separator; This indicates what character is used to split lists of file
+# paths, including version_locations and prepend_sys_path within configparser
+# files such as alembic.ini.
+# The default rendered in new alembic.ini files is "os", which uses os.pathsep
+# to provide os-dependent path splitting.
+#
+# Note that in order to support legacy alembic.ini files, this default does NOT
+# take place if path_separator is not present in alembic.ini.  If this
+# option is omitted entirely, fallback logic is as follows:
+#
+# 1. Parsing of the version_locations option falls back to using the legacy
+#    "version_path_separator" key, which if absent then falls back to the legacy
+#    behavior of splitting on spaces and/or commas.
+# 2. Parsing of the prepend_sys_path option falls back to the legacy
+#    behavior of splitting on spaces, commas, or colons.
+#
+# Valid values for path_separator are:
+#
+# path_separator = :
+# path_separator = ;
+# path_separator = space
+# path_separator = newline
+#
+# Use os.pathsep. Default configuration used for new projects.
+path_separator = os
+
+# set to 'true' to search source files recursively
+# in each "version_locations" directory
+# new in Alembic version 1.10
+# recursive_version_locations = false
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+# database URL.  This is consumed by the user-maintained env.py script only.
+# other means of configuring database URLs may be customized within the env.py
+# file.
+sqlalchemy.url = driver://user:pass@localhost/dbname
+
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks = black
+# black.type = console_scripts
+# black.entrypoint = black
+# black.options = -l 79 REVISION_SCRIPT_FILENAME
+
+# lint with attempts to fix using "ruff" - use the module runner, against the "ruff" module
+# hooks = ruff
+# ruff.type = module
+# ruff.module = ruff
+# ruff.options = check --fix REVISION_SCRIPT_FILENAME
+
+# Alternatively, use the exec runner to execute a binary found on your PATH
+# hooks = ruff
+# ruff.type = exec
+# ruff.executable = ruff
+# ruff.options = check --fix REVISION_SCRIPT_FILENAME
+
+# Logging configuration.  This is also consumed by the user-maintained
+# env.py script only.
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARNING
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARNING
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S