e94f7882cb
When the percona-cluster charm sets an access-network but the default unit-get address is not on that network extra shared-db relations get executed. This is specifically a problem when running upgrades and trying to avoid API downtime. The root cause is that the access-network is not checked until the SharedDBContext is consulted. But then db_joined function will change it back to the wrong ip on subsequent runs. This change adds a check for access-network on the relation during the db_joined function and pushes IP selection off to get_relation_ip. Charm helpers sync to pull in changes to get_relation_ip. Partial-bug: #1677647 Change-Id: Ifd4e975d9abbb9f7a8b0f12c8f0a8cf8f78595b6 |
||
|---|---|---|
| .. | ||
| apache | ||
| audits | ||
| defaults | ||
| host | ||
| mysql | ||
| ssh | ||
| README.hardening.md | ||
| __init__.py | ||
| harden.py | ||
| templating.py | ||
| utils.py | ||
README.hardening.md
Juju charm-helpers hardening library
Description
This library provides multiple implementations of system and application hardening that conform to the standards of http://hardening.io/.
Current implementations include:
- OS
- SSH
- MySQL
- Apache
Requirements
- Juju Charms
Usage
-
Synchronise this library into your charm and add the harden() decorator (from contrib.hardening.harden) to any functions or methods you want to use to trigger hardening of your application/system.
-
Add a config option called 'harden' to your charm config.yaml and set it to a space-delimited list of hardening modules you want to run e.g. "os ssh"
-
Override any config defaults (contrib.hardening.defaults) by adding a file called hardening.yaml to your charm root containing the name(s) of the modules whose settings you want override at root level and then any settings with overrides e.g.
os: general: desktop_enable: True
-
Now just run your charm as usual and hardening will be applied each time the hook runs.