59a4e926bb
This change blocks most handlers from running during the assess-status hook. It may help to alievate issues around the charm trying to do things with other services (e.g. mysql) during an assess-status hook when it, strictly speaking, should only be assessing its internal status and reporting on that. Change-Id: I5ab1eadbe7e3131526221b06454725293061ba97 Related-Bug: #1883263 |
||
---|---|---|
.. | ||
actions | ||
files/nagios | ||
lib/charm | ||
reactive | ||
templates | ||
tests | ||
README.md | ||
actions.yaml | ||
config.yaml | ||
copyright | ||
icon.svg | ||
layer.yaml | ||
metadata.yaml | ||
test-requirements.txt | ||
tox.ini | ||
wheelhouse.txt |
README.md
Overview
Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted key/value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.
The charm installs Vault from a snap.
Usage
Configuration
This section covers common configuration options. See file config.yaml
for
the full list of options, along with their descriptions and default values.
channel
The channel
option sets the snap channel to use for deployment (e.g.
'latest/edge'). The default value is 'latest/stable'.
Deployment
Deploy a single vault unit in this way:
juju deploy vault
Then relate it to either MySQL or PostgreSQL.
For MySQL 5:
juju add-relation vault:shared-db percona-cluster:shared-db
For MySQL 8:
juju deploy mysql-router vault-mysql-router
juju add-relation vault-mysql-router:db-router mysql-innodb-cluster:db-router
juju add-relation vault-mysql-router:shared-db vault:shared-db
For PostgreSQL, its version and the underlying machine series must be
compatible (e.g. 9.5/xenial or 10/bionic). Use configuration option version
with the postgresql charm to select a version. For example,
on Xenial:
juju deploy --config version=9.5 --series xenial postgresql
juju add-relation vault:db postgresql:db
Post-deployment tasks
Once the vault application is deployed the following tasks must be performed:
- Vault initialisation
- Unsealing of Vault
- Charm authorisation
These tasks are covered in appendix Vault of the OpenStack Charms Deployment Guide.
Actions
This section lists Juju actions supported by the charm. Actions allow specific operations to be performed on a per-unit basis.
authorize-charm
disable-pki
generate-root-ca
get-csr
get-root-ca
pause
refresh-secrets
reissue-certificates
resume
upload-signed-csr
To display action descriptions run juju actions vault
. If the charm
is not deployed then see file actions.yaml
.
Bugs
Please report bugs on Launchpad.
For general charm questions refer to the OpenStack Charm Guide.