def send_vault_url_and_ca(): secrets = endpoint_from_flag('secrets.connected') vault_url_external = None hostname = config('hostname') vip = vault.get_vip() if is_flag_set('ha.available'): if hostname: vault_url = vault.get_api_url(address=hostname) else: vault_url = vault.get_api_url(address=vip) ext_vip = vault.get_vip(binding='external') if ext_vip and ext_vip != vip: vault_url_external = vault.get_api_url(address=ext_vip, binding='external') elif vip: log( "VIP is set but ha.available is not yet set, skipping " "send_vault_url_and_ca.", level=DEBUG) return else: vault_url = vault.get_api_url() vault_url_external = vault.get_api_url(binding='external') if vault_url_external == vault_url: vault_url_external = None secrets.publish_url(vault_url=vault_url, remote_binding='access') if vault_url_external: secrets.publish_url(vault_url=vault_url_external, remote_binding='external') if config('ssl-ca'): secrets.publish_ca(vault_ca=config('ssl-ca'))
def send_vault_url_and_ca(): secrets = endpoint_from_flag('secrets.connected') vault_url_external = None if is_flag_set('ha.available'): hostname = config('hostname') if hostname: vault_url = vault.get_api_url(address=hostname) else: vip = vault.get_vip() vault_url = vault.get_api_url(address=vip) ext_vip = vault.get_vip(binding='external') if ext_vip and ext_vip != vip: vault_url_external = vault.get_api_url(address=ext_vip, binding='external') else: vault_url = vault.get_api_url() vault_url_external = vault.get_api_url(binding='external') if vault_url_external == vault_url: vault_url_external = None secrets.publish_url(vault_url=vault_url, remote_binding='access') if vault_url_external: secrets.publish_url(vault_url=vault_url_external, remote_binding='external') if config('ssl-ca'): secrets.publish_ca(vault_ca=config('ssl-ca'))
def cluster_connected(hacluster): """Configure HA resources in corosync""" dns_record = config('dns-ha-access-record') vips = config('vip') or None if vips and dns_record: set_flag('config.dns_vip.invalid') log("Unsupported configuration. vip and dns-ha cannot both be set", level=ERROR) return else: clear_flag('config.dns_vip.invalid') if vips: vips = vips.split() for vip in vips: if vip == vault.get_vip(binding='external'): hacluster.add_vip('vault-ext', vip) else: hacluster.add_vip('vault', vip) elif dns_record: try: ip = network_get_primary_address('access') except NotImplementedError: ip = unit_private_ip() hacluster.add_dnsha('vault', ip, dns_record, 'access') hacluster.bind_resources()
def send_vault_url_and_ca(): secrets = endpoint_from_flag('secrets.connected') lb_provider = endpoint_from_name('lb-provider') vault_url_external = None hostname = config('hostname') vip = vault.get_vip() if is_flag_set('ha.available'): if hostname: vault_url = vault.get_api_url(address=hostname) else: vault_url = vault.get_api_url(address=vip) ext_vip = vault.get_vip(binding='external') if ext_vip and ext_vip != vip: vault_url_external = vault.get_api_url(address=ext_vip, binding='external') elif vip: log( "VIP is set but ha.available is not yet set, skipping " "send_vault_url_and_ca.", level=DEBUG) return elif lb_provider.has_response: response = lb_provider.get_response('vault') if response.error: log('Load balancer failed, skipping: ' '{}'.format(response.error_message or response.error_fields), level=ERROR) return vault_url = vault.get_api_url(address=response.address) vault_url_external = vault_url lb_provider.ack_response(response) else: vault_url = vault.get_api_url() vault_url_external = vault.get_api_url(binding='external') if vault_url_external == vault_url: vault_url_external = None secrets.publish_url(vault_url=vault_url, remote_binding='access') if vault_url_external: secrets.publish_url(vault_url=vault_url_external, remote_binding='external') if config('ssl-ca'): secrets.publish_ca(vault_ca=config('ssl-ca'))
def cluster_connected(hacluster): """Configure HA resources in corosync""" dns_record = config('dns-ha-access-record') cfg = config() vips = config('vip') or None if vips and dns_record: set_flag('config.dns_vip.invalid') log("Unsupported configuration. vip and dns-ha cannot both be set", level=ERROR) return else: clear_flag('config.dns_vip.invalid') if vips: vips = vips.split() # the `vip` config option has changed and there was a value previously # set, the principle needs to ask hacluster to remove it from # pacemaker's configuration (LP: #1952363). if cfg.changed('vip') and cfg.previous('vip'): old_vips = cfg.previous('vip').split() vips_to_del = set(old_vips) - set(vips) for vip in vips_to_del: log("Registering %s for deletion" % vip) hacluster.remove_vip('vault', vip) for vip in vips: if vip == vault.get_vip(binding='external'): hacluster.add_vip('vault-ext', vip) else: hacluster.add_vip('vault', vip) elif dns_record: try: ip = network_get_primary_address('access') except NotImplementedError: ip = unit_private_ip() hacluster.add_dnsha('vault', ip, dns_record, 'access') hacluster.bind_resources()