Fix lint
Reviewed-on: https://code.launchpad.net/~gnuoy/vault-charm/+git/vault-charm/+merge/337113 Reviewed-by: Stuart Bishop <stuart.bishop@canonical.com>
This commit is contained in:
commit
ea847b1f96
@ -15,8 +15,6 @@ import sys
|
||||
from textwrap import dedent
|
||||
from urllib.request import urlopen
|
||||
|
||||
#VAULT_HEALTH_URL = 'https://vault.staging.admin.canonical.com:8200/v1/sys/health'
|
||||
#VAULT_VERIFY_SSL = True
|
||||
VAULT_HEALTH_URL = 'https://127.0.0.1:8200/v1/sys/health'
|
||||
VAULT_VERIFY_SSL = False
|
||||
|
||||
@ -34,7 +32,8 @@ def get_vault_snap_version():
|
||||
snapd.connect(SNAPD_SOCKET)
|
||||
snapd.sendall(SNAPD_INFO_REQUEST.format(snap='vault').encode('utf-8'))
|
||||
# TODO(pjdc): This should be a loop.
|
||||
info = json.loads(snapd.recv(1024 * 1024).decode('utf-8').split('\n')[-1])
|
||||
info = json.loads(
|
||||
snapd.recv(1024 * 1024).decode('utf-8').split('\n')[-1])
|
||||
version = info['result']['version']
|
||||
if version.startswith('v'):
|
||||
version = version[1:]
|
||||
|
@ -16,7 +16,6 @@ from charmhelpers.core.hookenv import (
|
||||
|
||||
from charmhelpers.core.host import (
|
||||
service_start,
|
||||
service_stop,
|
||||
write_file,
|
||||
)
|
||||
|
||||
@ -33,7 +32,7 @@ from charms.reactive import (
|
||||
when_not,
|
||||
)
|
||||
|
||||
# as per https://www.vaultproject.io/docs/configuration/storage/postgresql.html
|
||||
# See https://www.vaultproject.io/docs/configuration/storage/postgresql.html
|
||||
|
||||
VAULT_TABLE_DDL = """
|
||||
CREATE TABLE IF NOT EXISTS vault_kv_store (
|
||||
@ -49,6 +48,7 @@ VAULT_INDEX_DDL = """
|
||||
CREATE INDEX IF NOT EXISTS parent_path_idx ON vault_kv_store (parent_path);
|
||||
"""
|
||||
|
||||
|
||||
def ssl_available(config):
|
||||
if '' in (config['ssl-cert'], config['ssl-key']):
|
||||
return False
|
||||
@ -67,16 +67,26 @@ def configure_vault(psql):
|
||||
'ssl_available': is_state('vault.ssl.available'),
|
||||
}
|
||||
status_set('maintenance', 'creating vault config')
|
||||
render('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', context, perms=0o600)
|
||||
render(
|
||||
'vault.hcl.j2',
|
||||
'/var/snap/vault/common/vault.hcl',
|
||||
context,
|
||||
perms=0o600)
|
||||
status_set('maintenance', 'creating vault unit file')
|
||||
render('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644)
|
||||
render(
|
||||
'vault.service.j2',
|
||||
'/etc/systemd/system/vault.service',
|
||||
{},
|
||||
perms=0o644)
|
||||
status_set('maintenance', 'starting vault')
|
||||
service_start('vault') # restart seals the vault
|
||||
status_set('maintenance', 'opening vault port')
|
||||
open_port(8200)
|
||||
set_state('configured')
|
||||
if config()['disable-mlock']:
|
||||
status_set('active', 'WARNING: DISABLE-MLOCK IS SET -- SECRETS MAY BE LEAKED')
|
||||
status_set(
|
||||
'active',
|
||||
'WARNING: DISABLE-MLOCK IS SET -- SECRETS MAY BE LEAKED')
|
||||
else:
|
||||
status_set('active', '=^_^=')
|
||||
|
||||
@ -165,8 +175,10 @@ def update_nagios(svc):
|
||||
current_unit = get_nagios_unit_name()
|
||||
nrpe = NRPE(hostname=hostname)
|
||||
add_init_service_checks(nrpe, ['vault'], current_unit)
|
||||
write_file('/usr/lib/nagios/plugins/check_vault_version.py',
|
||||
open('files/nagios/check_vault_version.py', 'rb').read(), perms=0o755)
|
||||
write_file(
|
||||
'/usr/lib/nagios/plugins/check_vault_version.py',
|
||||
open('files/nagios/check_vault_version.py', 'rb').read(),
|
||||
perms=0o755)
|
||||
nrpe.add_check(
|
||||
'vault_version',
|
||||
'Check running vault server version is same as installed snap',
|
||||
|
Loading…
Reference in New Issue
Block a user