-
Notifications
You must be signed in to change notification settings - Fork 24
/
deployment.py
1661 lines (1505 loc) · 67 KB
/
deployment.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
import http.client
from urllib3.exceptions import HTTPError
import json
import os
import sys
import zipfile
import logging
from base64 import standard_b64encode
from datetime import datetime
from io import BytesIO
from pathlib import Path
from time import sleep, strftime, gmtime
from typing import Tuple, Union, IO, Optional, List, Dict
from tenacity import retry, stop_after_attempt, wait_exponential
from datetime import timezone
import pty
import subprocess
import shlex
import select
from dateutil import parser
import time
import docker
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import ec
from vespa.application import Vespa, VESPA_CLOUD_SECRET_TOKEN
from vespa.package import ApplicationPackage
from vespa.utils.notebook import is_jupyter_notebook
# Get the Vespa home directory
VESPA_HOME = Path(os.getenv("VESPA_HOME", Path.home() / ".vespa"))
class VespaDeployment:
def read_app_package_from_disk(self, application_root: Path) -> bytes:
"""
Read the contents of an application package on disk into a zip file.
:param application_root: Application package directory root
:return: The zipped application package as bytes.
"""
tmp_zip = "tmp_app_package.zip"
orig_dir = os.getcwd()
zipf = zipfile.ZipFile(tmp_zip, "w", zipfile.ZIP_DEFLATED)
os.chdir(application_root) # Workaround to avoid the top-level directory
for root, dirs, files in os.walk("."):
for file in files:
zipf.write(os.path.join(root, file))
zipf.close()
os.chdir(orig_dir)
with open(tmp_zip, "rb") as f:
data = f.read()
os.remove(tmp_zip)
return data
class VespaDocker(VespaDeployment):
def __init__(
self,
port: int = 8080,
container_memory: Union[str, int] = 4 * (1024**3),
output_file: IO = sys.stdout,
container: Optional[docker.models.containers.Container] = None,
container_image: str = "vespaengine/vespa",
volumes: Optional[List[str]] = None,
cfgsrv_port: int = 19071,
debug_port: int = 5005,
) -> None:
"""
Manage Docker deployments.
Make sure to start the Docker daemon before instantiating this class.
Example usage::
from vespa.deployment import VespaDocker
#
vespa_docker = VespaDocker(port=8080)
# or initialize from a running container:
vespa_docker
VespaDocker('http://localhost', 8080, None, None, 4294967296, 'vespaengine/vespa')
**Note**:
It is **NOT** possible to refer to Volume Mounts in your Application Package.
This means that for example .onnx-model files that is part of the Application Package **must** be on your host machine, so
that it can be uploaded as part of the Application Package to the Vespa container.
:param port: Container port. Default is 8080.
:param cfgsrv_port: Vespa Config Server port. Default is 19071.
:param debug_port: Port to connect to, to debug the vespa container. Default is 5005.
:param output_file: Output file to write output messages.
:param container_memory: Docker container memory available to the application in bytes. Default is 4GB.
:param container: Used when instantiating VespaDocker from a running container.
:param volumes: A list of strings which each one of its elements specifies a mount volume. For example: `['/home/user1/:/mnt/vol2','/var/www:/mnt/vol1']`. NB! The Application Package can NOT refer to Volume Mount paths. See note above.
:param container_image: Docker container image.
"""
self.container = container
container_id = None
container_name = None
if container:
container_id = container.id
container_name = container.name
self.container_name = container_name
self.container_id = container_id
self.url = "http://localhost"
self.local_port = port
self.cfgsrv_port = cfgsrv_port
self.debug_port = debug_port
self.container_memory = container_memory
self.volumes = volumes
self.output = output_file
self.container_image = container_image
if os.getenv("PYVESPA_DEBUG") == "true":
logging.basicConfig(level=logging.DEBUG)
def __eq__(self, other: object) -> bool:
if not isinstance(other, self.__class__):
return NotImplemented
return (
self.container_id == other.container_id
and self.container_name == other.container_name
and self.url == other.url
and self.local_port == other.local_port
and self.container_memory == other.container_memory
and self.container_image.split(":")[0]
== other.container_image.split(":")[0]
)
def __repr__(self) -> str:
return "{0}({1}, {2}, {3}, {4}, {5}, {6})".format(
self.__class__.__name__,
repr(self.url),
repr(self.local_port),
repr(self.container_name),
repr(self.container_id),
repr(self.container_memory),
repr(self.container_image.split(":")[0]),
)
@staticmethod
def from_container_name_or_id(
name_or_id: str, output_file: IO = sys.stdout
) -> "VespaDocker":
"""
Instantiate VespaDocker from a running container.
:param name_or_id: Name or id of the container.
:param output_file: Output file to write output messages.
:raises ValueError: Exception if container not found
:return: VespaDocker instance associated with the running container.
"""
client = docker.from_env()
try:
container = client.containers.get(name_or_id)
except docker.errors.NotFound:
raise ValueError("The container does not exist.")
port = int(
container.attrs["HostConfig"]["PortBindings"]["8080/tcp"][0]["HostPort"]
)
container_memory = container.attrs["HostConfig"]["Memory"]
container_image = container.image.tags[0] # vespaengine/vespa:latest
container_image_split = container_image.split("/")
if len(container_image_split) > 2:
# Means registry is included, e.g. docker.io/vespaengine/vespa:latest
# This causes equality test to fail, so we remove the registry part
container_image = "/".join(container_image_split[-2:])
return VespaDocker(
port=port,
container_memory=container_memory,
output_file=output_file,
container=container,
container_image=container_image,
)
def deploy(
self,
application_package: ApplicationPackage,
max_wait_configserver: int = 60,
max_wait_deployment: int = 300,
max_wait_docker: int = 300,
debug: bool = False,
) -> Vespa:
"""
Deploy the application package into a Vespa container.
:param application_package: ApplicationPackage to be deployed.
:param max_wait_configserver: Seconds to wait for the config server to start.
:param max_wait_deployment: Seconds to wait for the deployment.
:param max_wait_docker: Seconds to wait for the docker container to start.
:param debug: Add the configured debug_port to the docker port mapping.
:return: a Vespa connection instance.
"""
return self._deploy_data(
application_package,
application_package.to_zip(),
max_wait_configserver=max_wait_configserver,
max_wait_application=max_wait_deployment,
docker_timeout=max_wait_docker,
debug=debug,
)
def deploy_from_disk(
self,
application_name: str,
application_root: Path,
max_wait_configserver: int = 60,
max_wait_application: int = 300,
docker_timeout: int = 300,
debug: bool = False,
) -> Vespa:
"""
Deploy from a directory tree.
Used when making changes to application package files not supported by pyvespa -
this is why this method is not found in the ApplicationPackage class.
:param application_name: Application package name.
:param application_root: Application package directory root
:param debug: Add the configured debug_port to the docker port mapping.
:return: a Vespa connection instance.
"""
data = self.read_app_package_from_disk(application_root)
return self._deploy_data(
ApplicationPackage(name=application_name),
data,
debug,
max_wait_application=max_wait_application,
max_wait_configserver=max_wait_configserver,
docker_timeout=docker_timeout,
)
def wait_for_config_server_start(self, max_wait: int = 300) -> None:
"""
Waits for Config Server to start inside the Docker image
:param max_wait: Seconds to wait for the application endpoint
:raises RuntimeError: Raises runtime error if the config server does not start within max_wait
:return:
"""
try_interval = 5
waited = 0
while not self._check_configuration_server() and (waited < max_wait):
print(
"Waiting for configuration server, {0}/{1} seconds...".format(
waited, max_wait
),
file=self.output,
)
sleep(try_interval)
waited += try_interval
if waited >= max_wait:
self.dump_vespa_log()
raise RuntimeError(
"Config server did not start, waited for {0} seconds.".format(max_wait)
)
def start_services(self, max_wait: int = 120) -> None:
"""
Start Vespa services inside the docker image, first waiting for the Config Server, then for other services.
:param max_wait: Seconds to wait for the application endpoint
:raises RuntimeError: if a container has not been set
:return: None
"""
if self.container:
start_config = self.container.exec_run(
"bash -c '/opt/vespa/bin/vespa-start-configserver'"
)
while not self._check_configuration_server():
print("Waiting for configuration server.", file=self.output)
sleep(5)
for line in start_config.output.decode("utf-8").split("\n"):
print(line, file=self.output)
start_services = self.container.exec_run(
"bash -c '/opt/vespa/bin/vespa-start-services'"
)
app = Vespa(
url=self.url,
port=self.local_port,
)
app.wait_for_application_up(max_wait=max_wait)
for line in start_services.output.decode("utf-8").split("\n"):
print(line, file=self.output)
else:
raise RuntimeError("No container found")
def stop_services(self) -> None:
"""
Stop Vespa services inside the docker image, first stopping the services, then stopping the Config Server.
:raises RuntimeError: if a container has not been set
:return: None
"""
if self.container:
stop_services = self.container.exec_run(
"bash -c '/opt/vespa/bin/vespa-stop-services'"
)
for line in stop_services.output.decode("utf-8").split("\n"):
print(line, file=self.output)
stop_config = self.container.exec_run(
"bash -c '/opt/vespa/bin/vespa-stop-configserver'"
)
for line in stop_config.output.decode("utf-8").split("\n"):
print(line, file=self.output)
else:
raise RuntimeError("No container found")
def restart_services(self) -> None:
"""
Restart Vespa services inside the docker image, it is equivalent to calling self.stop_services() followed by self.start_services().
:raises RuntimeError: if a container has not been set
:return: None
"""
self.stop_services()
self.start_services()
def dump_vespa_log(self) -> None:
log_dump = self.container.exec_run(
"bash -c 'cat /opt/vespa/logs/vespa/vespa.log'"
)
logging.debug("Dumping vespa.log:")
logging.debug(log_dump.output.decode("utf-8"))
def _deploy_data(
self,
application: ApplicationPackage,
data,
debug: bool,
max_wait_configserver: int,
max_wait_application: int,
docker_timeout: int,
) -> Vespa:
"""
Deploys an Application Package as zipped data
:param application: Application package
:param max_wait_configserver: Seconds to wait for the config server to start
:param max_wait_application: Seconds to wait for the application deployment
:raises RuntimeError: Exception if deployment fails
:return: A Vespa connection instance
"""
self._run_vespa_engine_container(
application_name=application.name,
container_memory=self.container_memory,
volumes=self.volumes,
debug=debug,
docker_timeout=docker_timeout,
)
self.wait_for_config_server_start(max_wait=max_wait_configserver)
r = requests.post(
"http://localhost:{}/application/v2/tenant/default/prepareandactivate".format(
self.cfgsrv_port
),
headers={"Content-Type": "application/zip"},
data=data,
verify=False,
)
logging.debug("Deploy status code: {}".format(r.status_code))
if r.status_code != 200:
raise RuntimeError(
"Deployment failed, code: {}, message: {}".format(
r.status_code, json.loads(r.content.decode("utf8"))
)
)
app = Vespa(url=self.url, port=self.local_port, application_package=application)
app.wait_for_application_up(max_wait=max_wait_application)
print("Finished deployment.", file=self.output)
return app
def _run_vespa_engine_container(
self,
application_name: str,
container_memory: str,
volumes: List[str],
debug: bool,
docker_timeout: int,
) -> None:
client = docker.from_env(timeout=docker_timeout)
if self.container is None:
try:
logging.debug("Try Docker container restart")
self.container = client.containers.get(application_name)
self.container.restart()
except docker.errors.NotFound:
mapped_ports = {8080: self.local_port, 19071: self.cfgsrv_port}
if debug:
mapped_ports[self.debug_port] = self.debug_port
logging.debug(
"Start a Docker container: "
"image: {image}, "
"mem_limit: {mem_limit}, "
"name: {name}, "
"hostname: {hostname}, "
"ports: {ports}, "
"volumes: {volumes}".format(
image=self.container_image,
mem_limit=container_memory,
name=application_name,
hostname=application_name,
ports=mapped_ports,
volumes=volumes,
)
)
self.container = client.containers.run(
self.container_image,
detach=True,
mem_limit=container_memory,
name=application_name,
hostname=application_name,
privileged=True,
ports=mapped_ports,
volumes=volumes,
)
self.container_name = self.container.name
self.container_id = self.container.id
else:
logging.debug("Try Docker container restart")
self.container.restart()
def _check_configuration_server(self) -> bool:
"""
Check if configuration server is running and ready for deployment
:return: True if configuration server is running.
"""
if self.container is None:
return False
output = self.container.exec_run(
"bash -c 'curl -s --head http://localhost:19071/ApplicationStatus'"
).output.decode("utf-8")
logging.debug("Config Server ApplicationStatus head response: " + output)
return output.split("\r\n")[0] == "HTTP/1.1 200 OK"
class VespaCloud(VespaDeployment):
def __init__(
self,
tenant: str,
application: str,
application_package: Optional[ApplicationPackage] = None,
key_location: Optional[str] = None,
key_content: Optional[str] = None,
auth_client_token_id: Optional[str] = None,
output_file: IO = sys.stdout,
application_root: Optional[str] = None,
) -> None:
"""
Deploy application to the Vespa Cloud (cloud.vespa.ai)
There are several ways to initialize VespaCloud:
The choices are:
- Application source: From python-defined application package or from application_root folder.
- Control plane access: With api-key (must be added to Vespa Cloud Console) or access token, obtained by interactive login.
- Data plane access: mTLS is used by default, but Vespa applications can also be configured to use token based authentication. (token must be added to Vespa Cloud Console, and corresponding auth_token_id must be provided)
Below are some examples of how to initialize VespaCloud.
Example usage::
# 1. Initialize VespaCloud with application package and existing api-key for control plane access.
vespa_cloud = VespaCloud(
tenant="my-tenant",
application="my-application",
application_package=app_package,
key_location="/path/to/private-key.pem",
)
# 2. Initialize VespaCloud from disk folder by interactive control plane auth.
vespa_cloud = VespaCloud(
tenant="my-tenant",
application="my-application",
application_root="/path/to/application",
)
# 3. Initialize VespaCloud with application package and token based data plane access.
vespa_cloud = VespaCloud(
tenant="my-tenant",
application="my-application",
application_package=app_package,
auth_client_token_id="my-token-id", # Must be added in Vespa Cloud Console
)
:param tenant: Tenant name registered in the Vespa Cloud.
:param application: Application name in the Vespa Cloud.
:param application_package: ApplicationPackage to be deployed. Either this or application_root must be set.
:param key_location: Location of the control plane key used for signing HTTP requests to the Vespa Cloud.
:param key_content: Content of the control plane key used for signing HTTP requests to the Vespa Cloud. Use only when
key file is not available.
:param auth_client_token_id: Use token based data plane authentication. This is the token name configured in the Vespa Cloud Console.
This is used to configure Vespa services.xml. The token is given read and write permissions. If initiliazing from application_root, make sure
that services.xml is configured to use the provided token_id.
:param output_file: Output file to write output messages. Default is sys.stdout
:param application_root: Directory for application root. (location of services.xml, models/, schemas/, etc.). If application is packaged with maven, use the generated <myapp>/target/application directory.
"""
self.tenant = tenant
self.application = application
self.application_package = application_package
self.application_root = application_root
if self.application_package is None and self.application_root is None:
raise ValueError(
"Either application_package or application_root must be set for deployment."
)
self.output = output_file
self.api_key = self._read_private_key(key_location, key_content)
self.control_plane_auth_method = None # "api_key" or "access_token"
self.control_plane_access_token = None
self.auth_file_path = VESPA_HOME / "auth.json"
if self._check_vespacli_available():
# Run vespa config set application
print("Setting application...")
self._set_application()
# Run vespa config set target cloud
print("Setting target cloud...")
self._set_target_cloud()
if self.api_key:
self.api_public_key_bytes = standard_b64encode(
self.api_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo,
)
)
self.control_plane_auth_method = "api_key"
print(
"Api-key found for control plane access. Using api-key.",
file=self.output,
)
else:
self.api_public_key_bytes = None
self.control_plane_auth_method = "access_token"
print(
"No api-key found for control plane access. Using access token.",
file=self.output,
)
self.control_plane_access_token = self._try_get_access_token()
print(
"Successfully obtained access token for control plane access.",
file=self.output,
)
self.data_cert_path = None
self.data_key_path = None
self.data_key, self.data_certificate = self._load_certificate_pair()
self.connection = http.client.HTTPSConnection(
"api.vespa-external.aws.oath.cloud", 4443
)
self.auth_client_token_id = auth_client_token_id
if auth_client_token_id is not None:
if self.application_package is not None:
# TODO: Should add some check to see if the auth_client_token_id is added to AuthClients.
print(
"Auth client token id set. Make sure that corresponding auth_client is configured and added to ApplicationPackage.",
file=self.output,
)
else:
print(
"Auth client token id set, but no application package provided. Make sure that services.xml is configured to use the provided token_id.",
file=self.output,
)
self.build_no = None # Build number of submitted production deployment
self.submitted_timestamp = None # Timestamp of submitted production deployment
def __enter__(self) -> "VespaCloud":
return self
def __exit__(self, exc_type, exc_val, exc_tb) -> None:
self.close()
# Add property with getter and setter for self.build_no
@property
def build_no(self) -> Optional[int]:
return self._build_no
@build_no.setter
def build_no(self, value: Optional[int]) -> None:
self._build_no = value
# Add property with getter and setter for self.submitted_timestamp
@property
def submitted_timestamp(self) -> Optional[int]:
return self._submitted_timestamp
@submitted_timestamp.setter
def submitted_timestamp(self, value: Optional[int]) -> None:
self._submitted_timestamp = value
def deploy(
self,
instance: Optional[str] = "default",
disk_folder: Optional[str] = None,
max_wait: int = 300,
) -> Vespa:
"""
Deploy the given application package as the given instance in the Vespa Cloud dev environment.
:param instance: Name of this instance of the application, in the Vespa Cloud.
:param disk_folder: Disk folder to save the required Vespa config files. Default to application name
folder within user's current working directory.
:param max_wait: Seconds to wait for the deployment.
:return: a Vespa connection instance.
"""
if not disk_folder:
disk_folder = os.path.join(os.getcwd(), self.application)
self.application_package.to_files(disk_folder)
region = self.get_dev_region()
job = "dev-" + region
run = self._start_deployment(instance, job, disk_folder, None)
self._follow_deployment(instance, job, run)
mtls_endpoint = self.get_mtls_endpoint(
instance=instance,
region=region,
environment="dev",
)
if self.auth_client_token_id is not None:
try: # May have client_token_id set but the deployed app was not configured to use it
token_endpoint = self.get_token_endpoint(
instance=instance,
region=region,
environment="dev",
)
except Exception as _:
token_endpoint = None
else:
token_endpoint = None
print(f"Connecting to {token_endpoint or mtls_endpoint}", file=self.output)
app = Vespa(
url=token_endpoint or mtls_endpoint,
cert=self.data_cert_path,
key=self.data_key_path or None,
application_package=self.application_package,
vespa_cloud_secret_token=os.environ.get(VESPA_CLOUD_SECRET_TOKEN),
)
app.wait_for_application_up(max_wait=max_wait)
print("Finished deployment.", file=self.output)
return app
def deploy_to_prod(
self,
instance: Optional[str] = "default",
application_root: Optional[str] = None,
source_url: str = "",
) -> None:
"""
Deploy the given application package as the given instance in the Vespa Cloud prod environment.
NB! This feature is experimental and may fail in unexpected ways. Expect better support in future releases.
If submitting an application that is not yet packaged, tests should be located in <application_root>/tests.
If submitting an application packaged with maven, application_root should refer to the generated <myapp>/target/application directory.
:param instance: Name of this instance of the application, in the Vespa Cloud.
:param application_root: Path to either save the required Vespa config files (if initialized with application_package) or read them from (if initialized with application_root).
:param source_url: Optional source URL (including commit hash) for the deployment. This is a URL to the source code repository, e.g. GitHub, that is used to build the application package. Example: https://github.com/vespa-cloud/vector-search/commit/474d7771bd938d35dc5dcfd407c21c019d15df3c.
The source URL will show up in the Vespa Cloud Console next to the build number.
"""
logging.warning(
"Deploying to production is in beta and may fail in unexpected ways. Expect better support in future releases."
)
if application_root is None:
if self.application_root is None:
application_root = os.path.join(os.getcwd(), self.application)
else:
application_root = self.application_root
if self.application_package is not None:
if self.application_package.deployment_config is None:
raise ValueError("Prod deployment requires a deployment_config.")
self.application_package.to_files(application_root)
self.build_no = self._start_prod_deployment(
application_root, source_url, instance
)
deploy_url = "https://console.vespa-cloud.com/tenant/{}/application/{}/prod/deployment".format(
self.tenant, self.application
)
print(f"Follow deployment at: {deploy_url}", file=self.output)
return self.build_no
def _get_last_deployable(self, build_no: int) -> int:
# This is due to optimization that some builds will not be deployable (e.g if no diff from previous build)
# May take a few seconds for the build to show up in the deployment list
max_wait = 5
start = time.time()
while time.time() - start < max_wait:
time.sleep(1)
deployments = self._request(
"GET",
f"/application/v4/tenant/{self.tenant}/application/{self.application}/deployment/",
)
if "builds" in deployments:
builds = deployments["builds"]
# Sort descending by build number
sorted_builds = sorted(builds, key=lambda x: x["build"], reverse=True)
for build in sorted_builds:
if build["build"] > build_no:
continue
if build["deployable"]:
return build["build"]
raise Exception(
"No deployable builds found within the time limit of 10 seconds."
)
def get_application(
self,
instance: str = "default",
environment: str = "dev",
region: Optional[str] = None,
max_wait: int = 60,
) -> Vespa:
"""
Get a connection to the Vespa application instance.
Will only work if the application is already deployed.
Example usage::
vespa_cloud = VespaCloud(...)
app: Vespa = vespa_cloud.get_application()
# Feed, query, visit, etc.
:param instance: Name of this instance of the application, in the Vespa Cloud. Default is "default".
:param environment: Environment of the application. Default is "dev". Options are "dev" or "prod".
:param region: Region of the application in Vespa cloud, eg "aws-us-east-1c". If not provided, the first region from the environment will be used.
:param max_wait: Seconds to wait for the application to be up. Default is 60 seconds.
:return: Vespa application instance.
"""
if environment == "dev":
region = self.get_dev_region()
print(
f"Only region: {region} available in dev environment.", file=self.output
)
elif environment == "prod":
valid_regions = self.get_prod_regions(instance=instance)
if region is not None:
if region not in valid_regions:
raise ValueError(
f"Region {region} not found in production regions: {valid_regions}"
)
else:
region = valid_regions[0]
else:
raise ValueError("Environment must be 'dev' or 'prod'.")
mtls_endpoint = self.get_mtls_endpoint(
instance=instance, region=region, environment=environment
)
if self.auth_client_token_id is not None:
try: # May have client_token_id set but the deployed app was not configured to use it
token_endpoint = self.get_token_endpoint(
instance=instance, region=region, environment=environment
)
except Exception as _:
token_endpoint = None
else:
token_endpoint = None
if token_endpoint is None and mtls_endpoint is None:
raise ValueError(
"No token endpoint or mtls endpoint found. Please check your deployment."
)
print(f"Connecting to {token_endpoint or mtls_endpoint}", file=self.output)
app: Vespa = Vespa(
url=token_endpoint or mtls_endpoint,
cert=self.data_cert_path,
key=self.data_key_path,
application_package=self.application_package,
vespa_cloud_secret_token=os.environ.get(VESPA_CLOUD_SECRET_TOKEN),
)
return app
def check_production_build_status(self, build_no: Optional[int]) -> dict:
"""
Check the status of a production build.
Useful for example in CI/CD pipelines to check when a build has converged.
Example usage::
vespa_cloud = VespaCloud(...)
build_no = vespa_cloud.deploy_to_prod()
status = vespa_cloud.check_production_build_status(build_no)
# This can yield one of three responses:
1. If the revision (build_no), or higher, has successfully converged everywhere, and nothing older has then been deployed on top of that again. Nothing more will happen in this case.
{
"deployed": True,
"status": "done"
}
2. If the revision (build_no), or newer, has not yet converged, but the system is (most likely) still trying to deploy it. There is a point in polling again later when this is the response.
{
"deployed": False,
"status": "deploying"
}
3. If the revision, or newer, has not yet converged everywhere, and it's never going to, because it was similar to the previous build, or marked obsolete by a user. There is no point in asking again for this revision.
{
"deployed": False,
"status": "done"
}
:param build_no: The build number to check.
:return: dict with the aggregated status of all deployment jobs for the given build number.
"""
if build_no is None:
if self.build_no is None:
raise ValueError("No build number provided, and no build number set.")
else:
build_no = int(self.build_no)
print(f"Checking status of build number: {build_no}", file=self.output)
status = self._request(
"GET",
f"/application/v4/tenant/{self.tenant}/application/{self.application}/build-status/{build_no}",
)
return status
def wait_for_prod_deployment(
self,
build_no: Optional[int] = None,
max_wait: int = 3600,
poll_interval: int = 5,
) -> bool:
"""
Wait for a production deployment to finish.
Useful for example in CI/CD pipelines to wait for a deployment to finish.
Example usage::
vespa_cloud = VespaCloud(...)
build_no = vespa_cloud.deploy_to_prod()
success = vespa_cloud.wait_for_prod_deployment(build_no, max_wait=3600, poll_interval=5)
print(success)
True
:param build_no: The build number to check.
:param max_wait: Maximum time to wait for the deployment in seconds. Default is 3600 (1 hour).
:param poll_interval: Polling interval in seconds. Default is 5 seconds.
:return: True if the deployment is done and converged. False if the deployment has failed.
:raises TimeoutError: If the deployment did not finish within max_wait seconds.
"""
start_time = time.time()
while time.time() - start_time < max_wait:
status = self.check_production_build_status(build_no)
if status["status"] == "done":
return status["deployed"]
time.sleep(poll_interval)
raise TimeoutError(f"Deployment did not finish within {max_wait} seconds. ")
def deploy_from_disk(
self, instance: str, application_root: Path, max_wait: int = 300
) -> Vespa:
"""
Deploy to dev from a directory tree.
Used when making changes to application package files not supported by pyvespa.
NB: Requires certificate and key to be generated with 'vespa auth cert'.
:param instance: Name of the instance where the application is to be run
:param application_root: Application package directory root
:param max_wait: Seconds to wait for the deployment.
:return: a Vespa connection instance.
"""
data = BytesIO(self.read_app_package_from_disk(application_root))
# Deploy the zipped application package
disk_folder = os.path.join(os.getcwd(), self.application)
region = self.get_dev_region()
job = "dev-" + region
run = self._start_deployment(
instance, job, disk_folder, application_zip_bytes=data
)
self._follow_deployment(instance, job, run)
mtls_endpoint = self.get_mtls_endpoint(instance=instance, region=region)
if self.auth_client_token_id is not None:
try: # May have client_token_id set but the deployed app was not configured to use it
token_endpoint = self.get_token_endpoint(
instance=instance, region=region
)
except Exception as _:
token_endpoint = None
else:
token_endpoint = None
app = Vespa(
url=token_endpoint or mtls_endpoint,
cert=self.data_cert_path,
key=self.data_key_path,
application_package=self.application_package,
vespa_cloud_secret_token=os.environ.get(VESPA_CLOUD_SECRET_TOKEN),
)
app.wait_for_application_up(max_wait=max_wait)
print("Finished deployment.", file=self.output)
return app
def close(self) -> None:
self.connection.close()
def delete(self, instance: Optional[str] = "default") -> None:
"""
Delete the specified instance from the dev environment in the Vespa Cloud.
(To delete a production instance, you need to submit a new deployment with `deployment-removal` added to 'validation-overrides.xml', see
https://cloud.vespa.ai/en/deleting-applications)
:param instance: Name of the instance to delete.
:return:
"""
print(
self._request(
"DELETE",
"/application/v4/tenant/{}/application/{}/instance/{}/environment/dev/region/{}".format(
self.tenant, self.application, instance, self.get_dev_region()
),
)["message"],
file=self.output,
)
print(
self._request(
"DELETE",
"/application/v4/tenant/{}/application/{}/instance/{}".format(
self.tenant, self.application, instance
),
)["message"],
file=self.output,
)
@staticmethod
def _read_private_key(
key_location: Optional[str] = None, key_content: Optional[str] = None
) -> Optional[ec.EllipticCurvePrivateKey]:
if key_content:
key_content = bytes(key_content, "ascii")
elif key_location:
with open(key_location, "rb") as key_data:
key_content = key_data.read()
else:
return None
key = serialization.load_pem_private_key(key_content, None, default_backend())
if not isinstance(key, ec.EllipticCurvePrivateKey):
raise TypeError("Key must be an elliptic curve private key")
return key
def _check_vespacli_available(self) -> bool:
try:
vespa_version = subprocess.run(
shlex.split("vespa version"),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
).stdout.decode("utf-8")
is_available = "Vespa CLI" in vespa_version
except FileNotFoundError:
print(
"Vespa CLI not found. Run `pip install vespacli`.",
)
is_available = False
return is_available
def _set_target_cloud(self):
print("Running: vespa config set target cloud")
output = subprocess.run(
shlex.split("vespa config set target cloud"),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
if output.returncode != 0:
raise RuntimeError(
f"Failed to set target cloud with 'vespa config set target cloud'. Return code: {output.returncode}"
)
else:
print(output.stdout.decode("utf-8"))
def _vespa_auth_login(self):
is_notebook = is_jupyter_notebook()
# Open a new pseudo-terminal
master, slave = pty.openpty()
# Start the subprocess with its input/output connected to the PTY
p = subprocess.Popen(
shlex.split("vespa auth login"),
stdin=slave,
stdout=slave,
stderr=slave,
universal_newlines=True,
)
# Close the slave end in the parent process
os.close(slave)
finished = False
try: