Use peer addrs directly

dragomirp · dragomirp · commit d12515f3d2fe · 2025-06-03T18:44:22.000+03:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -36,16 +36,16 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      # - name: Install tox & poetry
-      #   run: |
-      #     pipx install tox
-      #     pipx install poetry
-      # - name: Run tests
-      #   run: tox run -e unit
-      # - name: Upload Coverage to Codecov
-      #   uses: codecov/codecov-action@v5
-      #   env:
-      #     CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      - name: Install tox & poetry
+        run: |
+          pipx install tox
+          pipx install poetry
+      - name: Run tests
+        run: tox run -e unit
+      - name: Upload Coverage to Codecov
+        uses: codecov/codecov-action@v5
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
   build:
     name: Build charm
diff --git a/src/charm.py b/src/charm.py
@@ -618,16 +618,6 @@ def primary_endpoint(self) -> str | None:
         else:
             return primary_endpoint
 
-    def get_hostname_by_unit(self, _) -> str:
-        """Create a DNS name for a PostgreSQL unit.
-
-        Returns:
-            A string representing the hostname of the PostgreSQL unit.
-        """
-        # For now, as there is no DNS hostnames on VMs, and it would also depend on
-        # the underlying provider (LXD, MAAS, etc.), the unit IP is returned.
-        return self._unit_ip
-
     def _on_get_primary(self, event: ActionEvent) -> None:
         """Get primary instance."""
         try:
@@ -1011,7 +1001,7 @@ def _update_member_ip(self) -> bool:
         # hook, the configuration is updated and the service is started - or only
         # reloaded in the other units).
         stored_ip = self.unit_peer_data.get("ip")
-        current_ip = self.get_hostname_by_unit(None)
+        current_ip = self._unit_ip
         if stored_ip is None:
             self.unit_peer_data.update({"ip": current_ip})
             return False
@@ -1584,7 +1574,7 @@ def _on_start(self, event: StartEvent) -> None:
         if not self.get_secret(UNIT_SCOPE, "internal-cert"):
             self.tls.generate_internal_peer_cert()
 
-        self.unit_peer_data.update({"ip": self.get_hostname_by_unit(None)})
+        self.unit_peer_data.update({"ip": self._unit_ip})
 
         # Open port
         try:
@@ -1980,10 +1970,6 @@ def _can_run_on_update_status(self) -> bool:
             logger.debug("on_update_status early exit: Unit is in Blocked status")
             return False
 
-        # Don't update this member before it's part of the members list.
-        if self._unit_ip not in self.members_ips:
-            logger.debug("on_update_status early exit: Unit not in the members list")
-            return False
         return True
 
     def _handle_processes_failures(self) -> bool:
@@ -2334,6 +2320,7 @@ def update_config(
                 logger.debug(
                     "Early exit update_config: patroni not responding but TLS is enabled."
                 )
+                self._handle_postgresql_restart_need()
                 return True
             logger.debug("Early exit update_config: Patroni not started yet")
             return False
diff --git a/src/relations/tls.py b/src/relations/tls.py
@@ -49,36 +49,47 @@ class TLS(Object):
 
     refresh_tls_certificates_event = EventSource(RefreshTLSCertificatesEvent)
 
+    def _get_client_addrs(self):
+        client_addrs = {
+            self.charm.unit_peer_data.get("database-address"),
+        }
+        client_addrs -= {None}
+        return client_addrs
+
+    def _get_peer_addrs(self):
+        peer_addrs = {
+            self.charm.unit_peer_data.get("database-peers-address"),
+            self.charm.unit_peer_data.get("replication-address"),
+            self.charm.unit_peer_data.get("replication-offer-address"),
+            self.charm.unit_peer_data.get("private-address"),
+        }
+        peer_addrs -= {None}
+        return peer_addrs
+
+    def _get_common_name(self):
+        return self.charm.unit_peer_data.get("database-address") or self.host
+
     def __init__(self, charm: "PostgresqlOperatorCharm", peer_relation: str):
         super().__init__(charm, "client-relations")
         self.charm = charm
         self.peer_relation = peer_relation
         unit_id = self.charm.unit.name.split("/")[1]
         self.host = f"{self.charm.app.name}-{unit_id}"
         if self.charm.unit_peer_data:
-            self.common_name = self.charm.unit_peer_data.get("database-address") or self.host
-            client_addresses = {
-                self.charm.unit_peer_data.get("database-address"),
-            }
-            self.peer_addresses = {
-                self.charm.unit_peer_data.get("database-peers-address"),
-                self.charm.unit_peer_data.get("replication-address"),
-                self.charm.unit_peer_data.get("replication-offer-address"),
-                self.charm.unit_peer_data.get("private-address"),
-            }
-            client_addresses -= {None}
-            self.peer_addresses -= {None}
+            common_name = self._get_common_name()
+            client_addresses = self._get_client_addrs()
+            peer_addresses = self._get_peer_addrs()
         else:
-            self.common_name = self.host
+            common_name = self.host
             client_addresses = set()
-            self.peer_addresses = set()
+            peer_addresses = set()
 
         self.client_certificate = TLSCertificatesRequiresV4(
             self.charm,
             TLS_CLIENT_RELATION,
             certificate_requests=[
                 CertificateRequestAttributes(
-                    common_name=self.common_name,
+                    common_name=common_name,
                     sans_ip=frozenset(client_addresses),
                     sans_dns=frozenset({
                         self.host,
@@ -96,14 +107,14 @@ def __init__(self, charm: "PostgresqlOperatorCharm", peer_relation: str):
             TLS_PEER_RELATION,
             certificate_requests=[
                 CertificateRequestAttributes(
-                    common_name=self.common_name,
-                    sans_ip=frozenset(self.peer_addresses),
+                    common_name=common_name,
+                    sans_ip=frozenset(self._get_peer_addrs()),
                     sans_dns=frozenset({
                         self.host,
                         socket.getfqdn(),
                         # IP address need to be part of the DNS SANs list due to
                         # https://github.com/pgbackrest/pgbackrest/issues/1977.
-                        *self.peer_addresses,
+                        *peer_addresses,
                     }),
                 ),
             ],
@@ -219,14 +230,14 @@ def generate_internal_peer_cert(self) -> None:
         private_key = generate_private_key()
         csr = generate_csr(
             private_key,
-            common_name=self.common_name,
-            sans_ip=frozenset(self.peer_addresses),
+            common_name=self._get_common_name(),
+            sans_ip=frozenset(self._get_peer_addrs()),
             sans_dns=frozenset({
                 self.host,
                 socket.getfqdn(),
                 # IP address need to be part of the DNS SANs list due to
                 # https://github.com/pgbackrest/pgbackrest/issues/1977.
-                *self.peer_addresses,
+                *self._get_peer_addrs(),
             }),
         )
         cert = generate_certificate(csr, ca, ca_key, validity=timedelta(days=7300))
