Beispiel #1
0
// OpenAPI tries to open the state using the given Conf.  If it
// returns a non-empty newPassword, the password used to connect
// to the state should be changed accordingly - the caller should write the
// configuration with StateInfo.Password set to newPassword, then
// set the entity's password accordingly.
func (c *Conf) OpenAPI(dialOpts api.DialOpts) (st *api.State, newPassword string, err error) {
	info := *c.APIInfo
	info.Nonce = c.MachineNonce
	if info.Password != "" {
		st, err := api.Open(&info, dialOpts)
		if err == nil {
			return st, "", nil
		}
		if params.ErrCode(err) != params.CodeUnauthorized {
			return nil, "", err
		}
		// Access isn't authorized even though we have a password
		// This can happen if we crash after saving the
		// password but before changing it, so we'll try again
		// with the old password.
	}
	info.Password = c.OldPassword
	st, err = api.Open(&info, dialOpts)
	if err != nil {
		return nil, "", err
	}
	// We've succeeded in connecting with the old password, so
	// we can now change it to something more private.
	password, err := utils.RandomPassword()
	if err != nil {
		st.Close()
		return nil, "", err
	}
	return st, password, nil
}
Beispiel #2
0
func (utilsSuite) TestRandomPassword(c *C) {
	p, err := utils.RandomPassword()
	c.Assert(err, IsNil)
	if len(p) < 18 {
		c.Errorf("password too short: %q", p)
	}
	// check we're not adding base64 padding.
	c.Assert(p[len(p)-1], Not(Equals), '=')
}
Beispiel #3
0
func (p *Provisioner) setupAuthentication(m *state.Machine) (*state.Info, *api.Info, error) {
	password, err := utils.RandomPassword()
	if err != nil {
		return nil, nil, fmt.Errorf("cannot make password for machine %v: %v", m, err)
	}
	if err := m.SetMongoPassword(password); err != nil {
		return nil, nil, fmt.Errorf("cannot set password for machine %v: %v", m, err)
	}
	stateInfo := *p.stateInfo
	stateInfo.Tag = m.Tag()
	stateInfo.Password = password
	apiInfo := *p.apiInfo
	apiInfo.Tag = m.Tag()
	apiInfo.Password = password
	return &stateInfo, &apiInfo, nil
}
Beispiel #4
0
func (s *openSuite) TestOpenAPINoPassword(c *C) {
	conf := agent.Conf{
		APIInfo: s.APIInfo(c),
	}
	conf.OldPassword = conf.APIInfo.Password
	conf.APIInfo.Password = ""

	st, newPassword, err := conf.OpenAPI(api.DialOpts{})
	c.Assert(err, IsNil)
	defer st.Close()
	c.Assert(newPassword, Matches, ".+")
	c.Assert(st, NotNil)
	p, err := utils.RandomPassword()
	c.Assert(err, IsNil)
	c.Assert(newPassword, HasLen, len(p))
	c.Assert(conf.OldPassword, Equals, s.APIInfo(c).Password)
}
Beispiel #5
0
func (s *openSuite) TestOpenAPIFallbackPassword(c *gc.C) {
	conf := agent.Conf{
		APIInfo: s.APIInfo(c),
	}
	conf.OldPassword = conf.APIInfo.Password
	conf.APIInfo.Password = "******"

	st, newPassword, err := conf.OpenAPI(api.DialOpts{})
	c.Assert(err, gc.IsNil)
	defer st.Close()
	c.Assert(newPassword, gc.Matches, ".+")
	c.Assert(st, gc.NotNil)
	p, err := utils.RandomPassword()
	c.Assert(err, gc.IsNil)
	c.Assert(newPassword, gc.HasLen, len(p))
	c.Assert(conf.OldPassword, gc.Equals, s.APIInfo(c).Password)
}
Beispiel #6
0
// ConfigureBootstrapMachine adds the initial machine into state.  As a part
// of this process the environmental constraints are saved as constraints used
// when bootstrapping are considered constraints for the entire environment.
func ConfigureBootstrapMachine(
	st *state.State,
	cons constraints.Value,
	datadir string,
	jobs []state.MachineJob,
	instId instance.Id,
	characteristics instance.HardwareCharacteristics,
) error {
	logger.Debugf("setting environment constraints")
	if err := st.SetEnvironConstraints(cons); err != nil {
		return err
	}

	logger.Debugf("create bootstrap machine in state")
	m, err := st.InjectMachine(version.Current.Series, cons, instId, characteristics, jobs...)
	if err != nil {
		return err
	}
	// Read the machine agent's password and change it to
	// a new password (other agents will change their password
	// via the API connection).
	logger.Debugf("create new random password for machine %v", m.Id())
	mconf, err := agent.ReadConf(datadir, m.Tag())
	if err != nil {
		return err
	}
	newPassword, err := utils.RandomPassword()
	if err != nil {
		return err
	}
	mconf.StateInfo.Password = newPassword
	mconf.APIInfo.Password = newPassword
	mconf.OldPassword = ""

	if err := mconf.Write(); err != nil {
		return err
	}
	if err := m.SetMongoPassword(newPassword); err != nil {
		return err
	}
	if err := m.SetPassword(newPassword); err != nil {
		return err
	}
	return nil
}
func (auth *simpleAuth) SetupAuthentication(machine *state.Machine) (*state.Info, *api.Info, error) {
	password, err := utils.RandomPassword()
	if err != nil {
		return nil, nil, fmt.Errorf("cannot make password for machine %v: %v", machine, err)
	}
	if err := machine.SetPassword(password); err != nil {
		return nil, nil, fmt.Errorf("cannot set API password for machine %v: %v", machine, err)
	}
	if err := machine.SetMongoPassword(password); err != nil {
		return nil, nil, fmt.Errorf("cannot set mongo password for machine %v: %v", machine, err)
	}
	stateInfo := *auth.stateInfo
	stateInfo.Tag = machine.Tag()
	stateInfo.Password = password
	apiInfo := *auth.apiInfo
	apiInfo.Tag = machine.Tag()
	apiInfo.Password = password
	return &stateInfo, &apiInfo, nil
}
Beispiel #8
0
// deploy will deploy the supplied unit with the deployer's manager. It will
// panic if it observes inconsistent internal state.
func (d *Deployer) deploy(unit *apideployer.Unit) error {
	unitName := unit.Name()
	if d.deployed.Contains(unit.Name()) {
		panic("must not re-deploy a deployed unit")
	}
	logger.Infof("deploying unit %q", unitName)
	initialPassword, err := utils.RandomPassword()
	if err != nil {
		return err
	}
	if err := unit.SetPassword(initialPassword); err != nil {
		return fmt.Errorf("cannot set password for unit %q: %v", unitName, err)
	}
	if err := d.ctx.DeployUnit(unitName, initialPassword); err != nil {
		return err
	}
	d.deployed.Add(unitName)
	return nil
}