From bccaad425f05648b8f85b2811edb0d9d38606ed9 Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Fri, 13 Apr 2018 14:29:41 +0000
Subject: [PATCH] Add support for using a vip for access

Add support for floating a vip across the vault units so that
clients are protected from the failure of a single unit.

Depends-On: I022a43df0a50a21df3c5f021dcd563da4d20db53
Change-Id: I836366c8f4102dafa34b8f596eab54d28f44ae9a
---
 .gitignore                                             |  1 +
 src/config.yaml                                        |  5 +++++
 src/layer.yaml                                         |  2 ++
 src/metadata.yaml                                      |  3 +++
 src/reactive/vault.py                                  |  8 ++++++++
 src/tests/bundles/overlays/local-charm-overlay.yaml.j2 |  3 +++
 src/tests/bundles/overlays/xenial-ha-mysql.yaml.j2     |  4 ++++
 src/tests/bundles/xenial-ha-mysql.yaml                 | 10 ++++++++--
 src/tox.ini                                            |  2 +-
 unit_tests/test_vault.py                               |  7 +++++++
 10 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 src/tests/bundles/overlays/local-charm-overlay.yaml.j2
 create mode 100644 src/tests/bundles/overlays/xenial-ha-mysql.yaml.j2

diff --git a/.gitignore b/.gitignore
index c63ffaf..7e95542 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ build/*
 .stestr/*
 __pycache__
 .unit-state.db
+interfaces
diff --git a/src/config.yaml b/src/config.yaml
index fbd8478..5176008 100644
--- a/src/config.yaml
+++ b/src/config.yaml
@@ -42,3 +42,8 @@ options:
     default: ""
     description: >-
       The SSL Root CA certificate, base64-encoded.
+  vip:
+    type: string
+    default:
+    description: |
+      Virtual IP to use api traffic
diff --git a/src/layer.yaml b/src/layer.yaml
index 9e96a0a..c9aace3 100644
--- a/src/layer.yaml
+++ b/src/layer.yaml
@@ -5,10 +5,12 @@ includes:
  - interface:pgsql
  - interface:mysql-shared
  - interface:etcd
+ - interface:hacluster
 options:
   basic:
     packages:
       - python3-psycopg2
+      - libffi-dev
   snap:
     vault:
       channel: stable
diff --git a/src/metadata.yaml b/src/metadata.yaml
index cb6be16..a683a97 100644
--- a/src/metadata.yaml
+++ b/src/metadata.yaml
@@ -23,6 +23,9 @@ requires:
     interface: mysql-shared
   etcd:
     interface: etcd
+  ha:
+    interface: hacluster
+    scope: container
 provides:
   nrpe-external-master:
     interface: nrpe-external-master
diff --git a/src/reactive/vault.py b/src/reactive/vault.py
index 349326d..e72e557 100644
--- a/src/reactive/vault.py
+++ b/src/reactive/vault.py
@@ -338,3 +338,11 @@ def _assess_status():
     if service_running('vault'):
         health = get_vault_health()
         application_version_set(health.get('version'))
+
+
+@when('ha.connected')
+def cluster_connected(hacluster):
+    """Configure HA resources in corosync"""
+    vip = config('vip')
+    hacluster.add_vip('vault', vip)
+    hacluster.bind_resources()
diff --git a/src/tests/bundles/overlays/local-charm-overlay.yaml.j2 b/src/tests/bundles/overlays/local-charm-overlay.yaml.j2
new file mode 100644
index 0000000..2411ac2
--- /dev/null
+++ b/src/tests/bundles/overlays/local-charm-overlay.yaml.j2
@@ -0,0 +1,3 @@
+applications:
+  vault:
+    charm: ../../../vault
diff --git a/src/tests/bundles/overlays/xenial-ha-mysql.yaml.j2 b/src/tests/bundles/overlays/xenial-ha-mysql.yaml.j2
new file mode 100644
index 0000000..1a2859a
--- /dev/null
+++ b/src/tests/bundles/overlays/xenial-ha-mysql.yaml.j2
@@ -0,0 +1,4 @@
+applications:
+  vault:
+    options:
+        vip: '{{ OS_VIP00 }}'
diff --git a/src/tests/bundles/xenial-ha-mysql.yaml b/src/tests/bundles/xenial-ha-mysql.yaml
index a85a2ea..07bec33 100644
--- a/src/tests/bundles/xenial-ha-mysql.yaml
+++ b/src/tests/bundles/xenial-ha-mysql.yaml
@@ -3,7 +3,11 @@ services:
   vault:
     num_units: 3
     series: xenial
-    charm: ../../../vault
+    charm: cs:vault
+    options:
+        vip: 'ADD YOUR VIP HERE'
+  hacluster:
+    charm: cs:hacluster
   mysql:
     charm: cs:mysql
     num_units: 1
@@ -12,7 +16,7 @@ services:
     num_units: 1
   etcd:
     charm: cs:etcd
-    num_units: 2
+    num_units: 3
     options:
       channel: 3.1/stable
 relations:
@@ -22,3 +26,5 @@ relations:
   - easyrsa:client
 - - etcd:db
   - vault:etcd
+- - vault:ha
+  - hacluster:ha
diff --git a/src/tox.ini b/src/tox.ini
index 6f7622b..ba390f0 100644
--- a/src/tox.ini
+++ b/src/tox.ini
@@ -6,7 +6,7 @@ skipsdist = True
 setenv = VIRTUAL_ENV={envdir}
          PYTHONHASHSEED=0
 whitelist_externals = juju
-passenv = HOME TERM CS_API_*
+passenv = HOME TERM CS_API_* OS_*
 deps = -r{toxinidir}/test-requirements.txt
 install_command =
   pip install {opts} {packages}
diff --git a/unit_tests/test_vault.py b/unit_tests/test_vault.py
index 3532708..f8fa026 100644
--- a/unit_tests/test_vault.py
+++ b/unit_tests/test_vault.py
@@ -279,3 +279,10 @@ class TestHandlers(unittest.TestCase):
         self.service_running.return_value = False
         handlers._assess_status()
         self.application_version_set.assert_not_called()
+
+    def test_cluster_connected(self):
+        self.config.return_value = '10.1.1.1'
+        hacluster_mock = mock.MagicMock()
+        handlers.cluster_connected(hacluster_mock)
+        hacluster_mock.add_vip.assert_called_once_with('vault', '10.1.1.1')
+        hacluster_mock.bind_resources.assert_called_once_with()