def send_vault_url_and_ca():
secrets = endpoint_from_flag('secrets.connected')
vault_url_external = None
hostname = config('hostname')
vip = vault.get_vip()
if is_flag_set('ha.available'):
if hostname:
vault_url = vault.get_api_url(address=hostname)
else:
vault_url = vault.get_api_url(address=vip)
ext_vip = vault.get_vip(binding='external')
if ext_vip and ext_vip != vip:
vault_url_external = vault.get_api_url(address=ext_vip,
binding='external')
elif vip:
log(
"VIP is set but ha.available is not yet set, skipping "
"send_vault_url_and_ca.",
level=DEBUG)
return
else:
vault_url = vault.get_api_url()
vault_url_external = vault.get_api_url(binding='external')
if vault_url_external == vault_url:
vault_url_external = None
secrets.publish_url(vault_url=vault_url, remote_binding='access')
if vault_url_external:
secrets.publish_url(vault_url=vault_url_external,
remote_binding='external')
if config('ssl-ca'):
secrets.publish_ca(vault_ca=config('ssl-ca'))
def send_vault_url_and_ca():
secrets = endpoint_from_flag('secrets.connected')
vault_url_external = None
if is_flag_set('ha.available'):
hostname = config('hostname')
if hostname:
vault_url = vault.get_api_url(address=hostname)
else:
vip = vault.get_vip()
vault_url = vault.get_api_url(address=vip)
ext_vip = vault.get_vip(binding='external')
if ext_vip and ext_vip != vip:
vault_url_external = vault.get_api_url(address=ext_vip,
binding='external')
else:
vault_url = vault.get_api_url()
vault_url_external = vault.get_api_url(binding='external')
if vault_url_external == vault_url:
vault_url_external = None
secrets.publish_url(vault_url=vault_url, remote_binding='access')
if vault_url_external:
secrets.publish_url(vault_url=vault_url_external,
remote_binding='external')
if config('ssl-ca'):
secrets.publish_ca(vault_ca=config('ssl-ca'))
def cluster_connected(hacluster):
"""Configure HA resources in corosync"""
dns_record = config('dns-ha-access-record')
vips = config('vip') or None
if vips and dns_record:
set_flag('config.dns_vip.invalid')
log("Unsupported configuration. vip and dns-ha cannot both be set",
level=ERROR)
return
else:
clear_flag('config.dns_vip.invalid')
if vips:
vips = vips.split()
for vip in vips:
if vip == vault.get_vip(binding='external'):
hacluster.add_vip('vault-ext', vip)
else:
hacluster.add_vip('vault', vip)
elif dns_record:
try:
ip = network_get_primary_address('access')
except NotImplementedError:
ip = unit_private_ip()
hacluster.add_dnsha('vault', ip, dns_record, 'access')
hacluster.bind_resources()
def send_vault_url_and_ca():
secrets = endpoint_from_flag('secrets.connected')
lb_provider = endpoint_from_name('lb-provider')
vault_url_external = None
hostname = config('hostname')
vip = vault.get_vip()
if is_flag_set('ha.available'):
if hostname:
vault_url = vault.get_api_url(address=hostname)
else:
vault_url = vault.get_api_url(address=vip)
ext_vip = vault.get_vip(binding='external')
if ext_vip and ext_vip != vip:
vault_url_external = vault.get_api_url(address=ext_vip,
binding='external')
elif vip:
log(
"VIP is set but ha.available is not yet set, skipping "
"send_vault_url_and_ca.",
level=DEBUG)
return
elif lb_provider.has_response:
response = lb_provider.get_response('vault')
if response.error:
log('Load balancer failed, skipping: '
'{}'.format(response.error_message or response.error_fields),
level=ERROR)
return
vault_url = vault.get_api_url(address=response.address)
vault_url_external = vault_url
lb_provider.ack_response(response)
else:
vault_url = vault.get_api_url()
vault_url_external = vault.get_api_url(binding='external')
if vault_url_external == vault_url:
vault_url_external = None
secrets.publish_url(vault_url=vault_url, remote_binding='access')
if vault_url_external:
secrets.publish_url(vault_url=vault_url_external,
remote_binding='external')
if config('ssl-ca'):
secrets.publish_ca(vault_ca=config('ssl-ca'))
def cluster_connected(hacluster):
"""Configure HA resources in corosync"""
dns_record = config('dns-ha-access-record')
cfg = config()
vips = config('vip') or None
if vips and dns_record:
set_flag('config.dns_vip.invalid')
log("Unsupported configuration. vip and dns-ha cannot both be set",
level=ERROR)
return
else:
clear_flag('config.dns_vip.invalid')
if vips:
vips = vips.split()
# the `vip` config option has changed and there was a value previously
# set, the principle needs to ask hacluster to remove it from
# pacemaker's configuration (LP: #1952363).
if cfg.changed('vip') and cfg.previous('vip'):
old_vips = cfg.previous('vip').split()
vips_to_del = set(old_vips) - set(vips)
for vip in vips_to_del:
log("Registering %s for deletion" % vip)
hacluster.remove_vip('vault', vip)
for vip in vips:
if vip == vault.get_vip(binding='external'):
hacluster.add_vip('vault-ext', vip)
else:
hacluster.add_vip('vault', vip)
elif dns_record:
try:
ip = network_get_primary_address('access')
except NotImplementedError:
ip = unit_private_ip()
hacluster.add_dnsha('vault', ip, dns_record, 'access')
hacluster.bind_resources()
