Skip to content

Commit

Permalink
Modified code to test devcluster
Browse files Browse the repository at this point in the history
  • Loading branch information
Shifna12Zarnaz committed Sep 15, 2023
1 parent 98261f2 commit 5fc2621
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 112 deletions.
6 changes: 3 additions & 3 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ type Configuration struct {

type VaultEnv struct {
HAEnabled bool `envconfig:"HA_ENABLED" default:"true"`
Address string `envconfig:"VAULT_ADDR" default:"http://vault-hash:8200"`
Address2 string `envconfig:"VAULT_ADDR2" default:"http://capten-dev-vault-1:8200"`
Adddress3 string `envconfig:"VAULT_ADDR3" default:"http://capten-dev-vault-2:8200"`
Address string `envconfig:"VAULT_ADDR" default:"http://vault-hash-0:8200"`
Address2 string `envconfig:"VAULT_ADDR2" default:"http://vault-hash-1:8200"`
Adddress3 string `envconfig:"VAULT_ADDR3" default:"http://vault-hash-2:8200"`
CACert string `envconfig:"VAULT_CACERT" required:"false"`
ReadTimeout time.Duration `envconfig:"VAULT_READ_TIMEOUT" default:"60s"`
MaxRetries int `envconfig:"VAULT_MAX_RETRIES" default:"5"`
Expand Down
135 changes: 49 additions & 86 deletions internal/job/vault_seal_watcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,59 +30,59 @@ func (v *VaultSealWatcher) CronSpec() string {

func (v *VaultSealWatcher) Run() {
v.log.Debug("started vault seal watcher job")
vc, err := client.NewVaultClient(v.log, v.conf)
if err != nil {
v.log.Errorf("%s", err)
return
}
// addresses := []string{
// v.conf.Address,
// v.conf.Address2,
// v.conf.Adddress3,
// vc, err := client.NewVaultClient(v.log, v.conf)
// if err != nil {
// v.log.Errorf("%s", err)
// return
// }
addresses := []string{
v.conf.Address,
v.conf.Address2,
v.conf.Adddress3,
}
servicename := []string{"vault-hash-0", "vault-hash-1", "vault-hash-2"}

// var vc *client.VaultClient
// var vaultClients []*client.VaultClient
// for _, address := range addresses {
// conf := config.VaultEnv{
// Address: address,
// ReadTimeout: 30,
// MaxRetries: 3,
var vc *client.VaultClient
var vaultClients []*client.VaultClient
for _, address := range addresses {
conf := config.VaultEnv{
Address: address,
ReadTimeout: 30,
MaxRetries: 3,

// // Set other configuration options as needed
// }
// v.log.Debug("Address Configuration", conf)
}
v.log.Debug("Address Configuration", conf)

// vc, err := client.NewVaultClient(v.log, v.conf)
vc, err := client.NewVaultClient(v.log, v.conf)

// if err != nil {
// v.log.Errorf("%s", err)
// return
// }
if err != nil {
v.log.Errorf("%s", err)
return
}

// vaultClients = append(vaultClients, vc)
// }
// v.log.Debug("Vault Clients", vaultClients)
vaultClients = append(vaultClients, vc)
}
v.log.Debug("Vault Clients", vaultClients)

if v.conf.HAEnabled {

v.log.Infof("HA ENABLED", v.conf.HAEnabled)

for _, svc := range servicename {
// switch svc {
// case "capten-dev-vault-0":
// vc = vaultClients[0]
switch svc {
case "vault-hash-0":
vc = vaultClients[0]

// case "capten-dev-vault-1":
// vc = vaultClients[1]
case "vault-hash-1":
vc = vaultClients[1]

// case "capten-dev-vault-2":
// vc = vaultClients[2]
case "vault-hash-2":
vc = vaultClients[2]

// default:
// // Handle the case where the service name doesn't match any of the instances
// }
default:
// Handle the case where the service name doesn't match any of the instances
}
podip, err := vc.GetPodIP(svc, "default")
if err != nil {
v.log.Errorf("failed to retrieve pod ip, %s", err)
Expand All @@ -98,20 +98,10 @@ func (v *VaultSealWatcher) Run() {
if res {
v.log.Info("vault is sealed, trying to unseal")
if svc == "vault-hash-0" {
// _, unsealKeys, err := vc.GetVaultSecretValuesforMultiInstance()
// v.log.Debug("Unseal Keys", unsealKeys)
// if err != nil {
// v.log.Errorf("Failed to fetch the credential: %v\n", err)
// return
// }
// podip, err := vc.GetPodIP(svc, "default")
// if err != nil {
// v.log.Errorf("failed to retrieve pod ip, %s", err)
// return
// }

v.log.Info("Unsealing for first instance")
err = vc.Unseal()
// err = vc.UnsealVaultInstance(podip, unsealKeys)

if err != nil {
v.log.Errorf("failed to unseal vault, %s", err)
return
Expand All @@ -125,58 +115,31 @@ func (v *VaultSealWatcher) Run() {
v.log.Errorf("failed to retrieve pod ip, %s", err)
return
}
err = vc.JoinRaftCluster(podip)
if err != nil {
v.log.Errorf("Failed to join the HA cluster: %v\n", err)
return

}
_, unsealKeys, err := vc.GetVaultSecretValuesforMultiInstance()
v.log.Debug("Unseal Keys", unsealKeys)
if err != nil {
v.log.Errorf("Failed to fetch the credential: %v\n", err)
return
}
//podip,err:=vc.GetPodIP(svc,"platform")
// if err != nil {
// v.log.Errorf("failed to retrieve pod ip, %s", err)
// return
// }

err = vc.UnsealVaultInstance(podip, unsealKeys)
//err = vc.Unseal()

if err != nil {
v.log.Errorf("failed to unseal vault, %s", err)
return
}
// v.log.Info("vault unsealed executed")
err = vc.JoinRaftCluster(podip)
if err != nil {
v.log.Errorf("Failed to join the HA cluster: %v\n", err)
return

}


}

// err := vc.Unseal()
// if err != nil {
// v.log.Errorf("failed to unseal vault, %s", err)
// return
// }

// res, err := vc.IsVaultSealed()
// if res {

// err := vc.Unseal()
// if err != nil {
// v.log.Errorf("failed to unseal vault, %s", err)
// return
// }

// }
// if err != nil {
// v.log.Errorf("failed to get vault seal status, %s", err)
// return
// }
// v.log.Infof("vault sealed status: %v", res)

// } else {
// v.log.Debug("vault is in unsealed status")
// }

}

}
Expand Down
46 changes: 23 additions & 23 deletions server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,28 +75,28 @@ func initScheduler(log logging.Logger, cfg config.Configuration) (s *job.Schedul
}
}

// if cfg.VaultPolicyWatchInterval != "" {
// pj, err := job.NewVaultPolicyWatcher(log, cfg.VaultPolicyWatchInterval)
// if err != nil {
// log.Fatal("failed to init policy watcher job", err)
// }

// err = s.AddJob("vault-policy-watcher", pj)
// if err != nil {
// log.Fatal("failed to add policy watcher job", err)
// }
// }

// if cfg.VaultCredSyncInterval != "" {
// pj, err := job.NewVaultCredSync(log, cfg.VaultCredSyncInterval)
// if err != nil {
// log.Fatal("failed to init cred sync job", err)
// }

// err = s.AddJob("vault-cred-sync", pj)
// if err != nil {
// log.Fatal("failed to add cred sync job", err)
// }
// }
if cfg.VaultPolicyWatchInterval != "" {
pj, err := job.NewVaultPolicyWatcher(log, cfg.VaultPolicyWatchInterval)
if err != nil {
log.Fatal("failed to init policy watcher job", err)
}

err = s.AddJob("vault-policy-watcher", pj)
if err != nil {
log.Fatal("failed to add policy watcher job", err)
}
}

if cfg.VaultCredSyncInterval != "" {
pj, err := job.NewVaultCredSync(log, cfg.VaultCredSyncInterval)
if err != nil {
log.Fatal("failed to init cred sync job", err)
}

err = s.AddJob("vault-cred-sync", pj)
if err != nil {
log.Fatal("failed to add cred sync job", err)
}
}
return
}

0 comments on commit 5fc2621

Please sign in to comment.