Resolve "feature/ETQ Admin, je veux que ssham selle le vault au signal de fin"

Closes #37 (closed)

ssham/lib/vault.py

@@ -47,11 +47,17 @@ class Vault(metaclass=MetaSingleton):
         This step unseal vault and configure _root_token and _vault_keys. If keys are not exists, Vault need them to recovery.
         """
         self._lg.debug("vault.start - Start")
-        if not self._client.sys.is_initialized():
-            print(" Initializing Vault...")
-            self.initialize()   # Vault is initialized and sealed
+        try:
+            if not self._client.sys.is_initialized():
+                print(" Initializing Vault...")
+                self.initialize()   # Vault is initialized and sealed
+        except hvac.exceptions.VaultDown:
+             self._lg.critical("Vault is_initialized failed")
+             self._lg.debug("vault.start - Vault URL : " + self._vault_address)
+             exit(0)
         print(" Unsealing Vault...")
         self.unseal()       # Unseal Vault
+        self._lg.debug("vault.start - status : init=" + str(self._vault_status['init']) + " - sealed =" + str(self._vault_status['sealed']))
         self._lg.debug("vault.start - End")
 
     def initialize(self):
@@ -94,11 +100,13 @@ class Vault(metaclass=MetaSingleton):
         print(" ... please wait ...")
 
         self._vault_status['init'] = True
+        self._lg.debug("vault.initialize - status1 : init=" + str(self._vault_status['init']) + " - sealed =" + str(self._vault_status['sealed']))
 
         self._client.sys.submit_unseal_keys(self._vault_keys)
 
         self._vault_status['sealed'] = False
         self._lg.info('Vault is unsealed')
+        self._lg.debug("vault.initialize - status2 : init=" + str(self._vault_status['init']) + " - sealed =" + str(self._vault_status['sealed']))
         self._lg.info('Performing CA setup')
         # Setup ssh-client-signer endpoint
         self._vault_headers = {'X-Vault-Token': self._root_token}
@@ -121,6 +129,8 @@ class Vault(metaclass=MetaSingleton):
         if self._client.sys.is_sealed():
             self._vault_status['init'] = True
             self._vault_status['sealed'] = True
+            self._lg.debug("vault.unseal - status : init=" + str(self._vault_status['init']) + " - sealed =" + str(self._vault_status['sealed']))
+
             if len(self._vault_keys) == 0:
                 self.set_secrets()
             else:
@@ -143,7 +153,7 @@ class Vault(metaclass=MetaSingleton):
                 self._vault_headers = {'X-Vault-Token': self._root_token}
 
         if not self._client.sys.is_sealed() and self._client.sys.is_initialized() and self._root_token == "":
-            print("Failed - Vault is already unsealed but without root_token, please restart vault and restart SSHAM")
+            lg.critical("Vault is already unsealed but without root_token, please restart vault and restart SSHAM")
             exit()
         self._lg.debug("vault.unseal - End")