I would like to know how to leverage an already existing vault infrastructure in OpenStack using juju charms? The main focus of this question would be on how I could modify OpenStack charms to utilize an already existing Vault server that is set up and working.
This project might end up being a replacement charm for the existing vault charm.
The best way to implement this would probably to design a “proxy” charm that can integrate the existing service with Juju’s semantics. An example that you could look at would be the ceph-proxy charm which connects an existing Ceph cluster to the Juju model.
The core idea is that the charm performs the tasks that the charm does and is configured with admin credentials to manage the linked service.
It’s interesting to think of a charm that could either instantiate the software itself (a native charm) or administer the software remotely (a proxy charm).
Traditionally, we’ve had proxy charms and native charms as different charms in the store, which just offer up the same interface. But I can see how you could juju deploy vault --config proxy-ip .. proxy-admin ..
and basically ask the charm to act as a proxy to an existing vault. At the very least, you would have all the interface code in place I’m not sure if in the end, maintenance wouldn’t be harder for having the split personality.
Of course, ‘scaling out’ a proxy charm doesn’t do anything for the capacity of the service, because the actual service is the non-charmed instance.