Page MenuHomeDevCentral
Files F25156060

D4034.diff
No OneTemporary
Actions

D4034.diff
View Options

diff --git a/roles/router/carp/files/debug_check_vip_ovh.py b/roles/router/carp/files/debug_check_vip_ovh.py
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_check_vip_ovh.py
@@ -0,0 +1,91 @@
+#!/usr/local/bin/python3
+
+# -------------------------------------------------------------
+# Network — Script to check which MAC address, router the VIP is assigned to.
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_check_vip_ovh.py
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import ovh
+import secretsmith
+from secretsmith.vault import secrets
+
+# ---------------- CONFIG ----------------
+
+SERVICE = "ns3173530.ip-51-210-99.eu"
+
+VIP = "51.68.252.230"
+
+MAC_TO_ROUTER = {
+ "00:50:56:09:3c:f2": "router-002",
+ "00:50:56:09:98:fc": "router-003",
+}
+
+VAULT_CONFIG = "/usr/local/etc/secrets/carp-secretsmith.yaml"
+
+
+# ---------------- VAULT - OVH ----------------
+
+
+def get_client():
+ """
+ Create and return an authenticated OVH client.
+ """
+ vault_client = secretsmith.login(config_path=VAULT_CONFIG)
+ secret = secrets.read_secret(vault_client, "apps", "network/carp-hyper-001-switch")
+
+ return ovh.Client(
+ endpoint="ovh-eu",
+ application_key=secret["application_key"],
+ application_secret=secret["application_secret"],
+ consumer_key=secret["consumer_key"],
+ )
+
+
+# ---------------- FUNCTIONS --------------
+
+
+def get_ips(client, mac):
+ """
+ Retrieve IP addresses associated with a given MAC address from OVH.
+ """
+ url = f"/dedicated/server/{SERVICE}/virtualMac/{mac}/virtualAddress"
+ return client.get(url)
+
+
+def run():
+ """
+ Check which router (MAC) currently holds the VIP on OVH.
+ """
+ client = get_client()
+
+ print(f"Checking VIP {VIP} on OVH...\n")
+
+ found = False
+
+ for mac in MAC_TO_ROUTER:
+ ips = get_ips(client, mac)
+
+ router = MAC_TO_ROUTER.get(mac, "unknown")
+
+ print(f"{router} ({mac}): {ips}\n")
+
+ if VIP in ips:
+ print(f"VIP {VIP} is attached to {router} ({mac})\n")
+ found = True
+
+ if not found:
+ print(f"VIP {VIP} was not found on any configured MAC\n")
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/files/debug_test_ovh.py b/roles/router/carp/files/debug_test_ovh.py
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_test_ovh.py
@@ -0,0 +1,39 @@
+# -------------------------------------------------------------
+# Network — Script to test connection to OVH
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_test_ovh.py
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import secretsmith
+from secretsmith.vault import secrets
+import ovh
+
+VAULT_CONFIG_PATH = "/usr/local/etc/secrets/carp-secretsmith.yaml"
+
+vault_client = secretsmith.login(config_path=VAULT_CONFIG_PATH)
+
+print("OK connected\n")
+
+print("token :", vault_client.token, "\n")
+
+secret = secrets.read_secret(vault_client, "apps", "network/carp-hyper-001-switch")
+
+print("OVH credentials :", secret, "\n")
+
+ovh.Client(
+ endpoint="ovh-eu",
+ application_key=secret["application_key"],
+ application_secret=secret["application_secret"],
+ consumer_key=secret["consumer_key"],
+)
+
+print("OVH client created successfully\n")
diff --git a/roles/router/carp/files/debug_test_vault.py b/roles/router/carp/files/debug_test_vault.py
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_test_vault.py
@@ -0,0 +1,24 @@
+# -------------------------------------------------------------
+# Network — Script to test connection to VAULT
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_test_vault.py
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import secretsmith
+
+VAULT_CONFIG_PATH = "/usr/local/etc/secrets/carp-secretsmith.yaml"
+
+vault_client = secretsmith.login(config_path=VAULT_CONFIG_PATH)
+
+print("OK connected to Vault")
+
+print("token :", vault_client.token)
diff --git a/roles/router/carp/init.sls b/roles/router/carp/init.sls
--- a/roles/router/carp/init.sls
+++ b/roles/router/carp/init.sls
@@ -40,3 +40,21 @@
vault:
approle: {{ salt["credentials.read_secret"]("network/router/vault") }}
addr: {{ pillar["nasqueron_services"]["vault_url"] }}
+
+/usr/local/scripts/carp/debug_check_vip_ovh.py :
+ file.managed:
+ - source: salt://roles/router/carp/files/debug_check_vip_ovh.py
+ - makedirs: True
+ - mode: '0755'
+
+/usr/local/scripts/carp/debug_test_vault.py :
+ file.managed:
+ - source: salt://roles/router/carp/files/debug_test_vault.py
+ - makedirs: True
+ - mode: '0755'
+
+/usr/local/scripts/carp/debug_test_ovh.py :
+ file.managed:
+ - source: salt://roles/router/carp/files/debug_test_ovh.py
+ - makedirs: True
+ - mode: '0755'

File Metadata

Mime Type
text/plain
Expires
Fri, Apr 3, 05:28 (22 h, 28 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3587854
Default Alt Text
D4034.diff (5 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator