Add ADVERTISE_ADDRESS env variable

pinecrypt/server/cli.py

@@ -350,13 +350,8 @@ def pinecone_provision():
     from pinecrypt.server import authority
     authority.self_enroll(skip_notify=True)
 
-    myips = set()
-    for fam, _, _, _, addrs in socket.getaddrinfo(const.FQDN, None):
-        if fam in(2, 10):
-            myips.add(addrs[0])
-
     # Insert/update DNS records for the replica itself
-    click.echo("Updating self DNS records: %s -> %s" % (const.FQDN, repr(myips)))
+    click.echo("Advertising via DNS: %s -> %s" % (const.FQDN, repr(const.ADVERTISE_ADDRESS)))
     db.certificates.update_one({
         "common_name": const.FQDN,
         "status": "signed",
@@ -366,7 +361,7 @@ def pinecone_provision():
                 "fqdn": const.FQDN,
                 "san": const.AUTHORITY_NAMESPACE,
             },
-            "ip": list(myips),
+            "ip": list(const.ADVERTISE_ADDRESS),
         }
     })
 

pinecrypt/server/const.py

@@ -78,6 +78,14 @@ AUTHORITY_COMMON_NAME = "Pinecrypt Gateway at %s" % AUTHORITY_NAMESPACE
 AUTHORITY_ORGANIZATION = os.getenv("AUTHORITY_ORGANIZATION")
 AUTHORITY_LIFETIME_DAYS = 20*365
 
+# Advertise following IP addresses via DNS record
+ADVERTISE_ADDRESS = os.getenv("ADVERTISE_ADDRESS", "").split(",")
+if not ADVERTISE_ADDRESS:
+    ADVERTISE_ADDRESS = set()
+    for fam, _, _, _, addrs in socket.getaddrinfo(const.FQDN, None):
+        if fam in(2, 10):
+            ADVERTISE_ADDRESS.add(addrs[0])
+
 # Mailer settings
 SMTP_HOST = os.getenv("SMTP_HOST", "localhost")
 SMTP_PORT = os.getenv("SMTP_PORT", 25)