Configuration refactoring and necessary changes for APEL (#22)

* EOSC accounting disabled by default and documentation update * Do not mount grid-security for APEL directly * More configurable APEL sender and simplify usage (apelSpool not needed) * Add more helm config parameters for Prometheus * Add helm config for storage class name * Explicit default range value not needed * Fix certificates setup for APEL - wait for postStart hook * Simplify certificate setup for APEL - no hook script
EGI-Federation · Nov 11, 2024 · 2363174 · 2363174
1 parent 0113088
commit 2363174
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -6,24 +6,39 @@ EGI Notebooks accounting tools.
 
 See *notebooks-accounting/values.yaml* for Helm package values.
 
-Either grid certificate for APEL is required:
+Enable APEL accounting:
 
     ssm:
+      # enable APEL sender
+      schedule: 42 1 * * *
       hostcert: ...
       hostkey: ...
 
-Or APEL needs to be disabled:
+Enable EOSC accounting:
 
-    ssm:
-      # APEL sender not scheduled
-      schedule:
-    storage:
-      # APEL dump files would be kept, this will disable APEL dumps
-      apelSpool:
+    eosc:
+      schedule: 42 1 * * *
+      tokenUrl:
+      clientId:
+      clientSecret:
+      accountingUrl:
+      installationId:
+      flavorMetrics:
+        flavor1: id1
+        ...
+
+## Debugging
+
+Verbosity:
 
-## Local database
+    debug: true
+
+Create APEL dumps even without enabled ssm:
+
+    storage:
+      apelSpool: /accounting/ssm
 
-By default local database export to */accounts/notebooks.db* is enabled. It can be disabled by setting location to empty value:
+Local database export to */accounts/notebooks.db* is enabled by default. It can be disabled by setting the location to empty value:
 
     storage:
       notebooksDb:

diff --git a/egi_notebooks_accounting/pods.py b/egi_notebooks_accounting/pods.py
@@ -18,7 +18,7 @@
 DEFAULT_FILTER = "pod=~'jupyter-.*'"
 DEFAULT_FQANS: Dict[str, List[str]] = {}
 DEFAULT_FQAN_KEY = "primary_group"
-DEFAULT_RANGE = "4h"
+DEFAULT_RANGE = "24h"
 
 
 def main():

diff --git a/notebooks-accounting/templates/accounting-config.yaml b/notebooks-accounting/templates/accounting-config.yaml
@@ -24,8 +24,10 @@ data:
     {{- if.Values.debug }}
     verbose=1
     {{- end }}
-    {{- if .Values.storage.apelSpool }}
+    {{- if hasKey .Values.storage "apelSpool" }}
     apel_spool={{ .Values.storage.apelSpool }}
+    {{- else if .Values.ssm.schedule }}
+    apel_spool={{ .Values.ssm.messaging.path }}
     {{- else }}
     # apel_spool=
     {{- end }}
@@ -41,11 +43,27 @@ data:
     {{- else }}
     # url=http://localhost:8080
     {{- end }}
+    {{- if .Values.prometheus.user }}
+    user={{ .Values.prometheus.user }}
+    {{- else }}
     # user=
+    {{- end }}
+    {{- if .Values.prometheus.password }}
+    password={{ .Values.prometheus.password }}
+    {{- else }}
     # password=
+    {{- end }}
     # verify=0
+    {{- if hasKey .Values.prometheus "filter" }}
+    filter={{ .Values.prometheus.filter }}
+    {{- else }}
     # filter=pod=~'jupyter-.*'
-    range=24h
+    {{- end }}
+    {{- if .Values.prometheus.range }}
+    range={{ .Values.prometheus.range }}
+    {{- else }}
+    # range=24h
+    {{- end }}
 
     # mapping from k8s namespace to VO
     [VO]

diff --git a/notebooks-accounting/templates/pvc.yaml b/notebooks-accounting/templates/pvc.yaml
@@ -8,6 +8,9 @@ metadata:
 spec:
   accessModes:
     - ReadWriteMany
+  {{- if hasKey .Values.storage "className" }}
+  storageClassName: {{ .Values.storage.className }}
+  {{- end }}
   resources:
     requests:
       storage: {{ .Values.storage.size }}
diff --git a/notebooks-accounting/templates/ssm-config.yaml b/notebooks-accounting/templates/ssm-config.yaml
@@ -22,8 +22,10 @@ data:
     # Alternatively, 'host' and 'port' may be set manually (with 'bdii' and
     # 'network' commented out). This option must be used for AMS.
     #host: msg-devel.argo.grnet.gr
-    host: msg.argo.grnet.gr
-    #port: 443
+    host: {{ .Values.ssm.broker.host }}
+{{- if .Values.ssm.broker.port }}
+    port:  {{ .Values.ssm.broker.port }}
+{{- end }}
     # broker authentication.  If use_ssl is set, the certificates configured
     # in the mandatory [certificates] section will be used.
     use_ssl: false
@@ -43,11 +45,11 @@ data:
     # If using AMS this is the project that SSM will connect to. Ignored for STOMP.
     ams_project: accounting
     # Queue to which SSM will send messages
-    destination: eu-egi-cloud-accounting
+    destination: {{ .Values.ssm.messaging.destination }}
     # Supplied path type ('dirq', 'directory')
     # path_type: dirq
     # Outgoing messages will be read and removed from this directory.
-    path: {{ .Values.accounting.apelSpool | default "/accounting/ssm" }}
+    path: {{ .Values.ssm.messaging.path | default "/accounting/ssm" }}
     [logging]
     logfile: /var/log/apel/ssmsend.log
     # Available logging levels:

diff --git a/notebooks-accounting/templates/ssm-cronjob.yaml b/notebooks-accounting/templates/ssm-cronjob.yaml
@@ -17,11 +17,14 @@ spec:
             - name: ssm
               image: "{{ .Values.ssm.image.repository }}:{{ .Values.ssm.image.tag }}"
               imagePullPolicy: {{ .Values.ssm.image.pullPolicy }}
-              command: ["ssmsend"]
+              command:
+                - "/bin/sh"
+                - "-c"
+                - "mkdir /etc/grid-security; install -v -m 0600 /secrets/hostkey.pem /etc/grid-security/; install -v -m 0644 /secrets/hostcert.pem /etc/grid-security/; ssmsend"
               volumeMounts:
                 - mountPath: /accounting
                   name: shared-accounting-vol
-                - mountPath: /etc/grid-security
+                - mountPath: /secrets
                   name: hostcert
                 - mountPath: /etc/apel
                   name: config

diff --git a/notebooks-accounting/values.yaml b/notebooks-accounting/values.yaml
@@ -34,13 +34,21 @@ accounting:
 # Prometheus endpoint
 prometheus:
   url: "http://prometheus-server.prometheus.svc.cluster.local"
+  # user:
+  # password:
+  # filter: "'pod=~'jupyter-.*'"
+  # range: 24h
 
 # Permanent storage, mounted at '/accounting'
 storage:
   pvcName: shared-accounting-pvc
+  # className:
   size: 2Gi
-  # directory pool for APEL dumps (empty value to disable)
-  apelSpool:
+  # directory pool for APEL dumps
+  # * empty value: forces dumps not to be created
+  # * non-empty value: forces dumps to be created
+  # * default: automatic by ssm config (schedule and messaging.path)
+  # apelSpool: /accounting/ssm
   # storage to local sqlite database (empty value to disable)
   notebooksDb: /accounting/notebooks.db
   # timestamp file (empty value to disable)
@@ -55,7 +63,7 @@ image:
 # EOSC accounting paramters
 eosc:
   # (empty value to disable)
-  schedule: 42 3 * * *
+  schedule:
   # configuration for the EOSC accounting
   tokenUrl:
   clientId:
@@ -68,10 +76,17 @@ eosc:
 ssm:
   # (empty value to disable)
   schedule:
+  broker:
+    # msg.argo.grnet.gr, msg-devel.argo.grnet.gr
+    host: msg.argo.grnet.gr
+    port:
   image:
     repository: stfc/ssm
     tag: release-3.2.1
     pullPolicy: IfNotPresent
+  messaging:
+    destination: eu-egi-cloud-accounting
+    path: /accounting/ssm
   hostcert:
   hostkey: