ISD-2586 Support for ha in active/passive mode

.github/workflows/integration_test.yaml

@@ -12,4 +12,4 @@ jobs:
       juju-channel: 3.3/stable
       self-hosted-runner: true
       charmcraft-channel: latest/edge
-      modules: '["test_action.py", "test_config.py", "test_charm.py", "test_http_interface.py", "test_cos.py", "test_ingress.py"]'
+      modules: '["test_action.py", "test_config.py", "test_charm.py", "test_http_interface.py", "test_cos.py", "test_ingress.py", "test_ha.py"]'

charmcraft.yaml

@@ -15,6 +15,7 @@ parts:
       - pkg-config
       - libffi-dev
       - libssl-dev
+      - git
     build-snaps:
       - rustup
     override-build: |
@@ -51,6 +52,8 @@ requires:
     limit: 1
   reverseproxy:
     interface: http
+  ha:
+    interface: hacluster
 
 provides:
   ingress:
@@ -65,14 +68,17 @@ config:
   options:
     external-hostname:
       default: ""
-      description: Hostname of haproxy.
       type: string
+      description: Hostname of haproxy.
     global-maxconn:
       default: 4096
       type: int
       description: |
           Sets the maximum per-process number of concurrent connections to
           <number>. Must be greater than 0.
+    vip:
+      type: string
+      description: Virtual IP address, used in active-passive ha mode.
 
 actions:
   get-certificate:

requirements.txt

@@ -4,3 +4,4 @@ jsonschema==4.23.0
 ops==2.17.1
 pydantic==2.10.4
 cosl==0.0.47
+interface_hacluster @ git+https://github.com/charmed-kubernetes/charm-interface-hacluster@main

src/charm.py

@@ -24,16 +24,19 @@
     IngressPerAppDataRemovedEvent,
     IngressPerAppProvider,
 )
+from interface_hacluster.ops_ha_interface import HAServiceReadyEvent, HAServiceRequires
 from ops.charm import ActionEvent
+from ops.model import Port
 
-from haproxy import HAProxyService
+from haproxy import HAPROXY_SERVICE, HAProxyService
 from http_interface import (
     HTTPBackendAvailableEvent,
     HTTPBackendRemovedEvent,
     HTTPProvider,
     HTTPRequirer,
 )
 from state.config import CharmConfig
+from state.ha import HACLUSTER_RELATION, HAInformation
 from state.ingress import IngressRequirersInformation
 from state.tls import TLSInformation, TLSNotReadyError
 from state.validation import validate_config_and_tls
@@ -63,6 +66,19 @@ class ProxyMode(StrEnum):
     INVALID = "invalid"
 
 
+def _validate_port(port: int) -> bool:
+    """Validate if the given value is a valid TCP port.
+
+    Args:
+        port: The port number to validate.
+
+    Returns:
+        bool: True if valid, False otherwise.
+    """
+    return 0 <= port <= 65535
+
+
+# pylint: disable=too-many-instance-attributes
 class HAProxyCharm(ops.CharmBase):
     """Charm haproxy."""
 
@@ -94,6 +110,7 @@ def __init__(self, *args: typing.Any):
             dashboard_dirs=["./src/grafana_dashboards"],
         )
 
+        self.hacluster = HAServiceRequires(self, HACLUSTER_RELATION)
         self.framework.observe(self.on.install, self._on_install)
         self.framework.observe(self.on.config_changed, self._on_config_changed)
         self.framework.observe(self.on.get_certificate_action, self._on_get_certificate_action)
@@ -112,6 +129,7 @@ def __init__(self, *args: typing.Any):
         self.framework.observe(
             self._ingress_provider.on.data_removed, self._on_ingress_data_removed
         )
+        self.framework.observe(self.hacluster.on.ha_ready, self._on_ha_ready)
 
     def _on_install(self, _: typing.Any) -> None:
         """Install the haproxy package."""
@@ -163,6 +181,9 @@ def _on_http_backend_removed(self, _: HTTPBackendRemovedEvent) -> None:
 
     def _reconcile(self) -> None:
         """Render the haproxy config and restart the service."""
+        ha_information = HAInformation.from_charm(self)
+        self._reconcile_ha(ha_information)
+
         proxy_mode = self._validate_state()
         if proxy_mode == ProxyMode.INVALID:
             # We don't raise any exception/set status here as it should already be handled
@@ -176,14 +197,33 @@ def _reconcile(self) -> None:
                     self._ingress_provider
                 )
                 tls_information = TLSInformation.from_charm(self, self.certificates)
+                self.unit.set_ports(80, 443)
                 self.haproxy_service.reconcile_ingress(
                     config, ingress_requirers_information, tls_information.external_hostname
                 )
             case ProxyMode.LEGACY:
+                legacy_invalid_requested_port: list[str] = []
+                required_ports: set[Port] = set()
+                for service in self.reverseproxy_requirer.get_services_definition().values():
+                    port = service["service_port"]
+                    if not _validate_port(port):
+                        logger.error("Requested port: %s is not a valid tcp port. Skipping", port)
+                        legacy_invalid_requested_port.append(f"{service['service_name']:{port}}")
+                        continue
+                    required_ports.add(Port(protocol="tcp", port=port))
+
+                if legacy_invalid_requested_port:
+                    self.unit.status = ops.BlockedStatus(
+                        f"Invalid ports requested: {','.join(legacy_invalid_requested_port)}"
+                    )
+                    return
+
+                self.unit.set_ports(*required_ports)
                 self.haproxy_service.reconcile_legacy(
                     config, self.reverseproxy_requirer.get_services()
                 )
             case _:
+                self.unit.set_ports(80)
                 self.haproxy_service.reconcile_default(config)
         self.unit.status = ops.ActiveStatus()
 
@@ -253,6 +293,24 @@ def _validate_state(self) -> ProxyMode:
 
         return ProxyMode.NOPROXY
 
+    @validate_config_and_tls(defer=False, block_on_tls_not_ready=False)
+    def _on_ha_ready(self, _: HAServiceReadyEvent) -> None:
+        """Handle the ha-ready event."""
+        self._reconcile()
+
+    def _reconcile_ha(self, ha_information: HAInformation) -> None:
+        """Update ha configuration.
+
+        Args:
+            ha_information: HAInformation charm state component.
+        """
+        if not ha_information.integration_ready:
+            logger.info("ha integration is not ready, skipping.")
+            return
+        self.hacluster.add_vip(self.app.name, str(ha_information.vip))
+        self.hacluster.add_systemd_service(f"{self.app.name}-{HAPROXY_SERVICE}", HAPROXY_SERVICE)
+        self.hacluster.bind_resources()
+
 
 if __name__ == "__main__":  # pragma: nocover
     ops.main(HAProxyCharm)

src/state/ha.py

@@ -0,0 +1,72 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""haproxy-operator charm tls information."""
+
+import typing
+
+import ops
+from pydantic import IPvAnyAddress, ValidationError, model_validator
+from pydantic.dataclasses import dataclass
+from typing_extensions import Self
+
+from .exception import CharmStateValidationBaseError
+
+HACLUSTER_RELATION = "ha"
+
+
+class HAInformationValidationError(CharmStateValidationBaseError):
+    """Exception raised when validation of the ha_information state component failed."""
+
+
+@dataclass(frozen=True)
+class HAInformation:
+    """A component of charm state containing information about TLS.
+
+    Attributes:
+        integration_ready: Whether the ha relation is established.
+        vip: The configured virtual IP address.
+    """
+
+    integration_ready: bool
+    vip: typing.Optional[IPvAnyAddress]
+
+    @model_validator(mode="after")
+    def validate_vip_not_none_when_ha_integration_active(self) -> Self:
+        """Validate that vip is configured when ha integration is active.
+
+        Raises:
+            ValueError: When ha integration is active but vip is not configured.
+
+        Returns:
+            Self: Validated model.
+        """
+        if self.integration_ready and not self.vip:
+            raise ValueError("vip needs to be configured in ha mode.")
+        return self
+
+    @classmethod
+    def from_charm(cls, charm: ops.CharmBase) -> "HAInformation":
+        """Get ha information from a charm instance.
+
+        Args:
+            charm: The haproxy charm.
+
+        Raises:
+            HAInformationValidationError: When validation of the state component failed.
+
+        Returns:
+            HAInformation: Information needed to configure ha.
+        """
+        ha_integration = charm.model.get_relation(HACLUSTER_RELATION)
+        integration_ready = bool(ha_integration and ha_integration.units)
+        vip = charm.config.get("vip")
+
+        try:
+            # Ignore arg-type here because we want to pass a str and let pydantic do the validation
+            return cls(
+                integration_ready=integration_ready,
+                vip=vip if vip else None,  # type: ignore
+            )
+        except ValidationError as exc:
+            raise HAInformationValidationError(str(exc)) from exc