Page MenuHomeDevCentral
Files F26407203

D4034.id10669.diff
No OneTemporary
Actions

D4034.id10669.diff
View Options

diff --git a/roles/router/carp/files/debug_check_vip_ovh.py b/roles/router/carp/files/debug_check_vip_ovh.py
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_check_vip_ovh.py
@@ -0,0 +1,110 @@
+#!/usr/bin/env python3
+
+# -------------------------------------------------------------
+# Network — CARP OVH check VIP-MAC
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_check_vip_ovh.py
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import ovh
+import secretsmith
+from secretsmith.vault import secrets
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+with open("/usr/local/libexec/carp/config.yaml", "r") as f:
+ config = yaml.safe_load(f)
+
+
+# -------------------------------------------------------------
+# Helper functions
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def build_ovh_client():
+ """
+ Build an OVH API client from credentials stored in Vault.
+ """
+ vault_client = secretsmith.login(config_path=config["vault"]["config"])
+ secret = secrets.read_secret(
+ vault_client,
+ "apps",
+ config["vault"]["secret_path"],
+ )
+
+ return ovh.Client(
+ endpoint="ovh-eu",
+ application_key=secret["application_key"],
+ application_secret=secret["application_secret"],
+ consumer_key=secret["consumer_key"],
+ )
+
+
+def get_ips(client, mac):
+ """
+ Get the list of IPs associated with a MAC via the OVH API.
+ Used to check in which MAC the VIP is assigned.
+ """
+ url = (
+ f"/dedicated/server/{config['ovh']['service']}"
+ f"/virtualMac/{mac}/virtualAddress"
+ )
+
+ try:
+ result = client.get(url)
+ print(f"OVH returned: {result}")
+ return result
+ except Exception as e:
+ print(f"Error in get_ips for {mac}: {repr(e)}")
+ return []
+
+
+# -------------------------------------------------------------
+# Main function
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ """
+ Check which router (MAC) currently holds the VIP on OVH.
+ """
+ client = build_ovh_client()
+
+ print(f"Checking VIP {config['ovh']['vip']} on OVH...\n")
+
+ found = False
+
+ for mac, router in config["routers"]["mac_to_router"].items():
+ ips = get_ips(client, mac)
+
+ print(f"{router} ({mac}): {ips}\n")
+
+ if config["ovh"]["vip"] in ips:
+ print(f"VIP {config['ovh']['vip']} is attached to {router} ({mac})\n")
+ found = True
+
+ if not found:
+ print(f"VIP {config['ovh']['vip']} was not found on any configured MAC\n")
+
+
+# -------------------------------------------------------------
+# Entry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/files/debug_connection_vault.py b/roles/router/carp/files/debug_connection_vault.py
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_connection_vault.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+
+# -------------------------------------------------------------
+# Network — CARP connection to VAULT
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_connection_vault.py
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import secretsmith
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+with open("/usr/local/libexec/carp/config.yaml", "r") as f:
+ config = yaml.safe_load(f)
+
+
+# -------------------------------------------------------------
+# Main function
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ try:
+ vault_client = secretsmith.login(config_path=config["vault"]["config"])
+
+ print("OK connected to Vault")
+ print("token :", vault_client.token)
+
+ except Exception as e:
+ print(f"ERROR: {e}")
+
+
+# -------------------------------------------------------------
+# Entry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/files/debug_vault_ovh_credentials.py b/roles/router/carp/files/debug_vault_ovh_credentials.py
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/debug_vault_ovh_credentials.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+
+# -------------------------------------------------------------
+# Network — CARP OVH credentials and client setup
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/router/carp/files/debug_vault_ovh_credentials.py
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+import secretsmith
+from secretsmith.vault import secrets
+import ovh
+import yaml
+
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+with open("/usr/local/libexec/carp/config.yaml", "r") as f:
+ config = yaml.safe_load(f)
+
+
+# -------------------------------------------------------------
+# Main function
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def run():
+ try:
+ vault_client = secretsmith.login(config_path=config["vault"]["config"])
+
+ print("OK connected to Vault\n")
+
+ print("token :", vault_client.token, "\n")
+
+ secret = secrets.read_secret(
+ vault_client,
+ "apps",
+ config["vault"]["secret_path"],
+ )
+
+ print("OVH credentials :", secret, "\n")
+
+ ovh.Client(
+ endpoint="ovh-eu",
+ application_key=secret["application_key"],
+ application_secret=secret["application_secret"],
+ consumer_key=secret["consumer_key"],
+ )
+
+ print("OVH client created successfully\n")
+
+ except Exception as e:
+ print(f"ERROR: {e}")
+
+
+# -------------------------------------------------------------
+# Entry point
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+if __name__ == "__main__":
+ run()
diff --git a/roles/router/carp/init.sls b/roles/router/carp/init.sls
--- a/roles/router/carp/init.sls
+++ b/roles/router/carp/init.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% from "map.jinja" import packages_prefixes with context %}
+{% from "map.jinja" import dirs, packages_prefixes with context %}
/etc/rc.conf.d/netif/carp:
file.managed:
@@ -40,3 +40,17 @@
vault:
approle: {{ salt["credentials.read_secret"]("network/router/vault") }}
addr: {{ pillar["nasqueron_services"]["vault_url"] }}
+
+{% for script in [
+ "debug_check_vip_ovh",
+ "debug_connection_vault",
+ "debug_vault_ovh_credentials"
+] %}
+
+{{ dirs.bin }}/{{ script }}:
+ file.managed:
+ - source: salt://roles/router/carp/files/{{ script }}.py
+ - makedirs: True
+ - mode: 755
+
+{% endfor %}

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 23, 16:02 (17 h, 1 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3651284
Default Alt Text
D4034.id10669.diff (8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator