Page MenuHomeDevCentral
Files F25456660

D4034.id10569.diff
No OneTemporary
Actions

D4034.id10569.diff
View Options

diff --git a/roles/router/carp/files/debug_check_vip_ovh b/roles/router/carp/files/debug_check_vip_ovh
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_check_vip_ovh
@@ -0,0 +1,111 @@
+#!/usr/local/bin/python3
+
+# -------------------------------------------------------------
+# Network — CARP OVH check VIP-MAC
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_check_vip_ovh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import ovh
+import secretsmith
+from secretsmith.vault import secrets
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+with open("/usr/local/libexec/carp/config.yaml", "r") as f:
+ config = yaml.safe_load(f)
+
+SERVICE = config['ovh']["service"]
+
+VIP = config['ovh']["vip"]
+
+MAC_TO_ROUTER = config['routers']["mac_to_router"]
+
+VAULT_CONFIG = config['vault']["config"]
+
+
+# -------------------------------------------------------------
+# Helper functions
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def build_ovh_client():
+ """
+ Build an OVH API client from credentials stored in Vault.
+ """
+ vault_client = secretsmith.login(config_path=VAULT_CONFIG)
+ secret = secrets.read_secret(vault_client, "apps", "network/carp-hyper-001-switch")
+
+ return ovh.Client(
+ endpoint="ovh-eu",
+ application_key=secret["application_key"],
+ application_secret=secret["application_secret"],
+ consumer_key=secret["consumer_key"],
+ )
+
+
+def get_ips(client,mac):
+ """
+ Get the list of IPs associated with a MAC via the OVH API.
+ Used to check in which MAC the VIP is assigned.
+ """
+ url = f"/dedicated/server/{SERVICE}/virtualMac/{mac}/virtualAddress"
+
+ try:
+ result = client.get(url)
+ return result
+ except Exception as e:
+ raise
+
+
+# -------------------------------------------------------------
+# Main function
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ """
+ Check which router (MAC) currently holds the VIP on OVH.
+ """
+ client = build_ovh_client()
+
+ print(f"Checking VIP {VIP} on OVH...\n")
+
+ found = False
+
+ for mac in MAC_TO_ROUTER:
+ ips = get_ips(client, mac)
+
+ router = MAC_TO_ROUTER.get(mac, "unknown")
+
+ print(f"{router} ({mac}): {ips}\n")
+
+ if VIP in ips:
+ print(f"VIP {VIP} is attached to {router} ({mac})\n")
+ found = True
+
+ if not found:
+ print(f"VIP {VIP} was not found on any configured MAC\n")
+
+
+# -------------------------------------------------------------
+# Entry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/files/debug_connection_vault b/roles/router/carp/files/debug_connection_vault
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_connection_vault
@@ -0,0 +1,56 @@
+#!/usr/local/bin/python3
+
+# -------------------------------------------------------------
+# Network — CARP connection to VAULT
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_connection_vault
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import secretsmith
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+with open("/usr/local/libexec/carp/config.yaml", "r") as f:
+ config = yaml.safe_load(f)
+
+
+VAULT_CONFIG = config['vault']["config"]
+
+
+# -------------------------------------------------------------
+# Main function
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ try:
+ vault_client = secretsmith.login(config_path=VAULT_CONFIG)
+
+ print("OK connected to Vault")
+ print("token :", vault_client.token)
+
+ except Exception as e:
+ print(f"ERROR: {e}")
+
+
+# -------------------------------------------------------------
+# Entry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/files/debug_vault_ovh_credentials b/roles/router/carp/files/debug_vault_ovh_credentials
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_vault_ovh_credentials
@@ -0,0 +1,76 @@
+#!/usr/local/bin/python3
+
+# -------------------------------------------------------------
+# Network — CARP OVH credentials and client setup
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_vault_ovh_credentials
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import secretsmith
+from secretsmith.vault import secrets
+import ovh
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+with open("/usr/local/libexec/carp/config.yaml", "r") as f:
+ config = yaml.safe_load(f)
+
+
+VAULT_CONFIG = config['vault']["config"]
+
+
+# -------------------------------------------------------------
+# Main function
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ try:
+ vault_client = secretsmith.login(config_path=VAULT_CONFIG)
+
+ print("OK connected to Vault\n")
+
+ print("token :", vault_client.token, "\n")
+
+ secret = secrets.read_secret(
+ vault_client,
+ "apps",
+ "network/carp-hyper-001-switch",
+ )
+
+ print("OVH credentials :", secret, "\n")
+
+ ovh.Client(
+ endpoint="ovh-eu",
+ application_key=secret["application_key"],
+ application_secret=secret["application_secret"],
+ consumer_key=secret["consumer_key"],
+ )
+
+ print("OVH client created successfully\n")
+
+ except Exception as e:
+ print(f"ERROR: {e}")
+
+
+# -------------------------------------------------------------
+# Entry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/init.sls b/roles/router/carp/init.sls
--- a/roles/router/carp/init.sls
+++ b/roles/router/carp/init.sls
@@ -40,3 +40,21 @@
vault:
approle: {{ salt["credentials.read_secret"]("network/router/vault") }}
addr: {{ pillar["nasqueron_services"]["vault_url"] }}
+
+/usr/local/libexec/carp/debug_check_vip_ovh :
+ file.managed:
+ - source: salt://roles/router/carp/files/debug_check_vip_ovh
+ - makedirs: True
+ - mode: 755
+
+/usr/local/libexec/carp/debug_connection_vault :
+ file.managed:
+ - source: salt://roles/router/carp/files/debug_connection_vault
+ - makedirs: True
+ - mode: 755
+
+/usr/local/libexec/carp/debug_vault_ovh_credentials :
+ file.managed:
+ - source: salt://roles/router/carp/files/debug_vault_ovh_credentials
+ - makedirs: True
+ - mode: 755

File Metadata

Mime Type
text/plain
Expires
Wed, Apr 15, 09:15 (4 h, 21 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3613899
Default Alt Text
D4034.id10569.diff (8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator