Vault charm does not download with the correct code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Expired
|
Undecided
|
Unassigned | ||
vault-charm |
Invalid
|
Undecided
|
Unassigned |
Bug Description
While trying to install and test a vault fix in the `1.7/edge` channel. I
realized that the code in the channel is not what ends up in the installed
deployment.
How to reproduce:
0. Install a bundle with explicit channel versions for vault[1]. Also added etdc
for comparison in the linked bundle:
```yaml
applications:
vault:
charm: vault
channel: 1.7/edge
revision: 54
series: xenial
resources:
core: -1
vault: -1
num_units: 3
```
1. Download the corresponding code from charmhub:
```sh
juju download --channel 1.7/edge ch:vault
juju download --channel 1.24/stable ch:etcd
```
2. Unzip the charms and compare the downloaded charm with the installed charm:
The vault charm has a `repo-info` file pointing to the commit the charm was
built from. Also, the last commit in the `1.7/edge`, rev 54 has the string
TOP_LEVEL_CERT_KEY added in the last commit.
```sh
unzip vault_178c710.charm
cat version
# 2ff5f11
grep -rnI TOP_LEVEL_CERT_KEY * | wc -l
# 4
juju ssh vault/3 'cat /var/lib/
commit-sha-1: b09d5aa6d5bf975
commit-short: b09d5aa
branch: HEAD
remote: https:/
info-generated: Thu Oct 21 16:54:33 UTC 2021
note: This file should exist only in a built or released charm artifact (not in the charm source code tree).
juju ssh vault/3 'sudo grep -rnI TOP_LEVEL_CERT_KEY /var/lib/
#
```
See also that the charm is installed in the mentioned version 1.7/stable, but
vault is in the 1.5 version:
```sh
juju status | grep vault | head -1
# vault 1.5.9 active 3 vault 1.7/edge 54 no Unit is ready (active: true, mlock: enabled)
```
I didnt a similar comparison with etcd, thinking that it could be something
related to the fact that both charms have a `channel` option. But the problem
only happens with vault.
I'm logging this bug here because I don't believe this is something in the
charm. But, I'm also logging this in the vault charm LP.
______________
[1] https:/
I'm not sure if this is related, but the 1.7/edge charm for vault doesn't support xenial, which is specified in the bundle. Juju info for series xenial only shows 1.5 and 1.6 supports:
$ juju info vault --series xenial vkzCs0YqdCfsOBM dO /charmhub. io/vault as-a-service, or generate AWS IAM/STS external- master: nrpe-external- master
name: vault
charm-id: u3vtXfBTJwhYCww
summary: a tool for managing secrets
publisher: OpenStack Charmers
supports: xenial, bionic, focal, groovy, hirsute, impish
tags: security
subordinate: false
store-url: https:/
description: |
Vault secures, stores, and tightly controls access to
tokens, passwords, certificates, API keys, and other
secrets in modern computing. Vault handles leasing, key
revocation, key rolling, and auditing. Through a unified
API, users can access an encrypted Key/Value store and
network encryption-
credentials, SQL/NoSQL databases, X.509 certificates,
SSH credentials, and more.
relations:
provides:
certificates: tls-certificates
nrpe-
secrets: vault-kv
requires:
db: pgsql
etcd: etcd
ha: hacluster
lb-provider: loadbalancer
shared-db: mysql-shared
channels: |
latest/stable: 54 2022-02-09 (54) 44MB
latest/candidate: ↑
latest/beta: ↑
latest/edge: ↑
1.7/stable: –
1.7/candidate: –
1.7/beta: –
1.7/edge: –
1.6/stable: –
1.6/candidate: –
1.6/beta: –
1.6/edge: 54 2022-03-04 (54) 44MB
1.5/stable: –
1.5/candidate: –
1.5/beta: –
1.5/edge: 54 2022-03-04 (54) 44MB
I suspect that revision 54 got deployed? Really, the bundle should have failed as there is no 1.7/edge vault charm for xenial. 1.7 on vault only supports focal and jammy.