Add some useful debug scripts for Vault access, OVH credentials access and client setup, and VIP assignment checks
- debug_connection_vault.py
- debug_vault_ovh_credentials.py
- debug_check_vip_ovh.py
Details
Details
On /usr/local/libexec/carp :
- sudo python3 debug_connection_vault.py : to verify Vault connection
- sudo python3 debug_vault_ovh_credentials.py : to verify that we can access to OVH credentials and create ovh client
- sudo python3 debug_check_vip_ovh.py : to check which router MAC currently holds the VIP on OVH
Diff Detail
Diff Detail
- Repository
- rOPS Nasqueron Operations
- Lint
Lint Skipped - Unit
No Test Coverage - Branch
- arcpatch-D4034
- Build Status
Buildable 6640 Build 6926: arc lint + arc unit
Event Timeline
| roles/router/carp/files/debug_check_vip_ovh.py | ||
|---|---|---|
| 23 | Should be provisioned by Salt. We've two strategies for that. (1) older strategy was to templatize Python scripts, ie treat this as Jinja templates (2) newer strategy is usually to provision a YAML template with Salt, and keep this as a pure Python script reading that YAML I've checked, PyYAML is installed on router role, so second strategy works: dereckson in 🌐 router-002 in ~ ❯ python3 Python 3.11.14 (main, Feb 7 2026, 01:06:44) [Clang 19.1.7 (https://github.com/llvm/llvm-project.git llvmorg-19.1.7-0-gcd7080 on freebsd15 Type "help", "copyright", "credits" or "license" for more information. >>> import yaml >>> | |
| roles/router/carp/init.sls | ||
| 44 | Don't put .py prefix Put everything in {{ dirs.bin }}/ directly. That's the convention on UNIX machines. | |
Comment Actions
Many changes:
- Adapt the debug scripts on how should an executable UNIX be : https://github.com/nasqueron/snippets/blob/main/python/command.py
- Improved scripts structure by separating configuration, helper functions, main function and entry point.
- According to https://man.freebsd.org/cgi/man.cgi?query=hier&sektion=7, /usr/libexec contains utilities executed by programs, making it the appropriate location for the debug scripts.
- Set correct permissions (not 0 in front and string (like '0644') for Salt (more like 644), only on Ansible) for the debug scripts.
- Executable files do not require extensions on Unix systems, as execution is determined by the shebang.
- Using a YAML file (method PyYAML) to get the value of VAULT_CONFIG (created on D4033)
| roles/router/carp/files/debug_check_vip_ovh | ||
|---|---|---|
| 1 ↗ | (On Diff #10569) | |
| 32 ↗ | (On Diff #10569) | Apply black to format Python Also, it could be easier to maintain if we DIRECTLY use the config dictionary in the code: that way, we know where in the configuration file that variable is set. |
| 51 ↗ | (On Diff #10569) | secret could be in config too |
| roles/router/carp/init.sls | ||
| 43 |
{% for script in ["debug_check_vip_ovh", ...] %}
/usr/local/libexec/carp/{{ script }}:
file.managed:
- source: salt://roles/router/carp/files/{{ script }}.py
- makedirs: True
- mode: 755 | |
Comment Actions
So to clarify for executable scripts files:
- in Salt, we put the extension: .sh, .php, .py, .tcl, etc.
- on the server, we provision without the extension
Comment Actions
- use /usr/bin/env python3 shebang
- use config dictionary directly instead of intermediate variables
- rename scripts to .py in repository
- refactor init.sls to use a loop for script deployment