// OfficialDataSources returns the simplestreams datasources where official
// image metadata can be found.
func OfficialDataSources(stream string) ([]simplestreams.DataSource, error) {
var result []simplestreams.DataSource
// New images metadata for centos and windows and existing clouds.
defaultJujuURL, err := ImageMetadataURL(DefaultJujuBaseURL, stream)
if err != nil {
return nil, err
}
if defaultJujuURL != "" {
publicKey, err := simplestreams.UserPublicSigningKey()
if err != nil {
return nil, err
}
if publicKey == "" {
publicKey = keys.JujuPublicKey
}
result = append(
result,
simplestreams.NewURLSignedDataSource("default cloud images", defaultJujuURL, publicKey, utils.VerifySSLHostnames, simplestreams.DEFAULT_CLOUD_DATA, true))
}
// Fallback to image metadata for existing Ubuntu images.
defaultUbuntuURL, err := ImageMetadataURL(DefaultUbuntuBaseURL, stream)
if err != nil {
return nil, err
}
if defaultUbuntuURL != "" {
result = append(
result,
simplestreams.NewURLSignedDataSource("default ubuntu cloud images", defaultUbuntuURL, SimplestreamsImagesPublicKey, utils.VerifySSLHostnames, simplestreams.DEFAULT_CLOUD_DATA, true))
}
return result, nil
}
// saveCustomImageMetadata reads the custom image metadata from disk,
// and saves it in controller.
func (c *BootstrapCommand) saveCustomImageMetadata(st *state.State, env environs.Environ) error {
logger.Debugf("saving custom image metadata from %q", c.ImageMetadataDir)
baseURL := fmt.Sprintf("file://%s", filepath.ToSlash(c.ImageMetadataDir))
publicKey, _ := simplestreams.UserPublicSigningKey()
datasource := simplestreams.NewURLSignedDataSource("custom", baseURL, publicKey, utils.NoVerifySSLHostnames, simplestreams.CUSTOM_CLOUD_DATA, false)
return storeImageMetadataFromFiles(st, env, datasource)
}
// setPrivateMetadataSources sets the default tools metadata source
// for tools syncing, and adds an image metadata source after verifying
// the contents.
func setPrivateMetadataSources(env environs.Environ, metadataDir string) ([]*imagemetadata.ImageMetadata, error) {
logger.Infof("Setting default tools and image metadata sources: %s", metadataDir)
tools.DefaultBaseURL = metadataDir
imageMetadataDir := filepath.Join(metadataDir, storage.BaseImagesPath)
if _, err := os.Stat(imageMetadataDir); err != nil {
if !os.IsNotExist(err) {
return nil, errors.Annotate(err, "cannot access image metadata")
}
return nil, nil
}
baseURL := fmt.Sprintf("file://%s", filepath.ToSlash(imageMetadataDir))
publicKey, _ := simplestreams.UserPublicSigningKey()
datasource := simplestreams.NewURLSignedDataSource("bootstrap metadata", baseURL, publicKey, utils.NoVerifySSLHostnames, simplestreams.CUSTOM_CLOUD_DATA, false)
// Read the image metadata, as we'll want to upload it to the environment.
imageConstraint := imagemetadata.NewImageConstraint(simplestreams.LookupParams{})
existingMetadata, _, err := imagemetadata.Fetch([]simplestreams.DataSource{datasource}, imageConstraint)
if err != nil && !errors.IsNotFound(err) {
return nil, errors.Annotate(err, "cannot read image metadata")
}
// Add an image metadata datasource for constraint validation, etc.
environs.RegisterUserImageDataSourceFunc("bootstrap metadata", func(environs.Environ) (simplestreams.DataSource, error) {
return datasource, nil
})
logger.Infof("custom image metadata added to search path")
return existingMetadata, nil
}
// ImageMetadataSources returns the sources to use when looking for
// simplestreams image id metadata for the given stream.
func ImageMetadataSources(env Environ) ([]simplestreams.DataSource, error) {
config := env.Config()
// Add configured and environment-specific datasources.
var sources []simplestreams.DataSource
if userURL, ok := config.ImageMetadataURL(); ok {
verify := utils.VerifySSLHostnames
if !config.SSLHostnameVerification() {
verify = utils.NoVerifySSLHostnames
}
publicKey, _ := simplestreams.UserPublicSigningKey()
sources = append(sources, simplestreams.NewURLSignedDataSource("image-metadata-url", userURL, publicKey, verify, simplestreams.SPECIFIC_CLOUD_DATA, false))
}
envDataSources, err := environmentDataSources(env)
if err != nil {
return nil, err
}
sources = append(sources, envDataSources...)
// Add the official image metadata datasources.
officialDataSources, err := imagemetadata.OfficialDataSources(config.ImageStream())
if err != nil {
return nil, err
}
for _, source := range officialDataSources {
sources = append(sources, source)
}
for _, ds := range sources {
logger.Debugf("obtained image datasource %q", ds.Description())
}
return sources, nil
}
func (task *provisionerTask) constructInstanceConfig(
machine *apiprovisioner.Machine,
auth authentication.AuthenticationProvider,
pInfo *params.ProvisioningInfo,
) (*instancecfg.InstanceConfig, error) {
stateInfo, apiInfo, err := auth.SetupAuthentication(machine)
if err != nil {
return nil, errors.Annotate(err, "failed to setup authentication")
}
// Generated a nonce for the new instance, with the format: "machine-#:UUID".
// The first part is a badge, specifying the tag of the machine the provisioner
// is running on, while the second part is a random UUID.
uuid, err := utils.NewUUID()
if err != nil {
return nil, errors.Annotate(err, "failed to generate a nonce for machine "+machine.Id())
}
publicKey, err := simplestreams.UserPublicSigningKey()
if err != nil {
return nil, err
}
nonce := fmt.Sprintf("%s:%s", task.machineTag, uuid)
return instancecfg.NewInstanceConfig(
machine.Id(),
nonce,
task.imageStream,
pInfo.Series,
publicKey,
task.secureServerConnection,
stateInfo,
apiInfo,
)
}
func (task *provisionerTask) constructInstanceConfig(
machine *apiprovisioner.Machine,
auth authentication.AuthenticationProvider,
pInfo *params.ProvisioningInfo,
) (*instancecfg.InstanceConfig, error) {
stateInfo, apiInfo, err := auth.SetupAuthentication(machine)
if err != nil {
return nil, errors.Annotate(err, "failed to setup authentication")
}
// Generated a nonce for the new instance, with the format: "machine-#:UUID".
// The first part is a badge, specifying the tag of the machine the provisioner
// is running on, while the second part is a random UUID.
uuid, err := utils.NewUUID()
if err != nil {
return nil, errors.Annotate(err, "failed to generate a nonce for machine "+machine.Id())
}
nonce := fmt.Sprintf("%s:%s", task.machineTag, uuid)
instanceConfig, err := instancecfg.NewInstanceConfig(
names.NewControllerTag(controller.Config(pInfo.ControllerConfig).ControllerUUID()),
machine.Id(),
nonce,
task.imageStream,
pInfo.Series,
apiInfo,
)
if err != nil {
return nil, errors.Trace(err)
}
instanceConfig.Tags = pInfo.Tags
if len(pInfo.Jobs) > 0 {
instanceConfig.Jobs = pInfo.Jobs
}
if multiwatcher.AnyJobNeedsState(instanceConfig.Jobs...) {
publicKey, err := simplestreams.UserPublicSigningKey()
if err != nil {
return nil, err
}
instanceConfig.Controller = &instancecfg.ControllerConfig{
PublicImageSigningKey: publicKey,
MongoInfo: stateInfo,
}
instanceConfig.Controller.Config = make(map[string]interface{})
for k, v := range pInfo.ControllerConfig {
instanceConfig.Controller.Config[k] = v
}
}
return instanceConfig, nil
}
// BootstrapInstance creates a new instance with the series of its choice,
// constrained to those of the available tools, and
// returns the instance result, series, and a function that
// must be called to finalize the bootstrap process by transferring
// the tools and installing the initial Juju controller.
// This method is called by Bootstrap above, which implements environs.Bootstrap, but
// is also exported so that providers can manipulate the started instance.
func BootstrapInstance(ctx environs.BootstrapContext, env environs.Environ, args environs.BootstrapParams,
) (_ *environs.StartInstanceResult, selectedSeries string, _ environs.BootstrapFinalizer, err error) {
// TODO make safe in the case of racing Bootstraps
// If two Bootstraps are called concurrently, there's
// no way to make sure that only one succeeds.
// First thing, ensure we have tools otherwise there's no point.
if args.BootstrapSeries != "" {
selectedSeries = args.BootstrapSeries
} else {
selectedSeries = config.PreferredSeries(env.Config())
}
availableTools, err := args.AvailableTools.Match(coretools.Filter{
Series: selectedSeries,
})
if err != nil {
return nil, "", nil, err
}
// Filter image metadata to the selected series.
var imageMetadata []*imagemetadata.ImageMetadata
seriesVersion, err := series.SeriesVersion(selectedSeries)
if err != nil {
return nil, "", nil, errors.Trace(err)
}
for _, m := range args.ImageMetadata {
if m.Version != seriesVersion {
continue
}
imageMetadata = append(imageMetadata, m)
}
// Get the bootstrap SSH client. Do this early, so we know
// not to bother with any of the below if we can't finish the job.
client := ssh.DefaultClient
if client == nil {
// This should never happen: if we don't have OpenSSH, then
// go.crypto/ssh should be used with an auto-generated key.
return nil, "", nil, fmt.Errorf("no SSH client available")
}
publicKey, err := simplestreams.UserPublicSigningKey()
if err != nil {
return nil, "", nil, err
}
envCfg := env.Config()
instanceConfig, err := instancecfg.NewBootstrapInstanceConfig(
args.ControllerConfig, args.BootstrapConstraints, args.ModelConstraints, selectedSeries, publicKey,
)
if err != nil {
return nil, "", nil, err
}
instanceConfig.EnableOSRefreshUpdate = env.Config().EnableOSRefreshUpdate()
instanceConfig.EnableOSUpgrade = env.Config().EnableOSUpgrade()
instanceConfig.Tags = instancecfg.InstanceTags(envCfg.UUID(), args.ControllerConfig.ControllerUUID(), envCfg, instanceConfig.Jobs)
maybeSetBridge := func(icfg *instancecfg.InstanceConfig) {
// If we need to override the default bridge name, do it now. When
// args.ContainerBridgeName is empty, the default names for LXC
// (lxcbr0) and KVM (virbr0) will be used.
if args.ContainerBridgeName != "" {
logger.Debugf("using %q as network bridge for all container types", args.ContainerBridgeName)
if icfg.AgentEnvironment == nil {
icfg.AgentEnvironment = make(map[string]string)
}
icfg.AgentEnvironment[agent.LxcBridge] = args.ContainerBridgeName
}
}
maybeSetBridge(instanceConfig)
cloudRegion := args.CloudName
if args.CloudRegion != "" {
cloudRegion += "/" + args.CloudRegion
}
fmt.Fprintf(ctx.GetStderr(), "Launching controller instance(s) on %s...\n", cloudRegion)
// Print instance status reports status changes during provisioning.
// Note the carriage returns, meaning subsequent prints are to the same
// line of stderr, not a new line.
instanceStatus := func(settableStatus status.Status, info string, data map[string]interface{}) error {
// The data arg is not expected to be used in this case, but
// print it, rather than ignore it, if we get something.
dataString := ""
if len(data) > 0 {
dataString = fmt.Sprintf(" %v", data)
}
fmt.Fprintf(ctx.GetStderr(), " - %s%s\r", info, dataString)
return nil
}
// Likely used after the final instanceStatus call to white-out the
// current stderr line before the next use, removing any residual status
// reporting output.
statusCleanup := func(info string) error {
// The leading spaces account for the leading characters
// emitted by instanceStatus above.
fmt.Fprintf(ctx.GetStderr(), " %s\r", info)
return nil
}
result, err := env.StartInstance(environs.StartInstanceParams{
ControllerUUID: args.ControllerConfig.ControllerUUID(),
Constraints: args.BootstrapConstraints,
Tools: availableTools,
InstanceConfig: instanceConfig,
Placement: args.Placement,
ImageMetadata: imageMetadata,
StatusCallback: instanceStatus,
CleanupCallback: statusCleanup,
})
if err != nil {
return nil, "", nil, errors.Annotate(err, "cannot start bootstrap instance")
}
// We need some padding below to overwrite any previous messages. We'll use a width of 40.
msg := fmt.Sprintf(" - %s", result.Instance.Id())
if len(msg) < 40 {
padding := make([]string, 40-len(msg))
msg += strings.Join(padding, " ")
}
fmt.Fprintln(ctx.GetStderr(), msg)
finalize := func(ctx environs.BootstrapContext, icfg *instancecfg.InstanceConfig, opts environs.BootstrapDialOpts) error {
icfg.Bootstrap.BootstrapMachineInstanceId = result.Instance.Id()
icfg.Bootstrap.BootstrapMachineHardwareCharacteristics = result.Hardware
envConfig := env.Config()
if result.Config != nil {
updated, err := envConfig.Apply(result.Config.UnknownAttrs())
if err != nil {
return errors.Trace(err)
}
envConfig = updated
}
if err := instancecfg.FinishInstanceConfig(icfg, envConfig); err != nil {
return err
}
maybeSetBridge(icfg)
return FinishBootstrap(ctx, client, env, result.Instance, icfg, opts)
}
return result, selectedSeries, finalize, nil
}
// BootstrapInstance creates a new instance with the series and architecture
// of its choice, constrained to those of the available tools, and
// returns the instance result, series, and a function that
// must be called to finalize the bootstrap process by transferring
// the tools and installing the initial Juju controller.
// This method is called by Bootstrap above, which implements environs.Bootstrap, but
// is also exported so that providers can manipulate the started instance.
func BootstrapInstance(ctx environs.BootstrapContext, env environs.Environ, args environs.BootstrapParams,
) (_ *environs.StartInstanceResult, selectedSeries string, _ environs.BootstrapFinalizer, err error) {
// TODO make safe in the case of racing Bootstraps
// If two Bootstraps are called concurrently, there's
// no way to make sure that only one succeeds.
// First thing, ensure we have tools otherwise there's no point.
if args.BootstrapSeries != "" {
selectedSeries = args.BootstrapSeries
} else {
selectedSeries = config.PreferredSeries(env.Config())
}
availableTools, err := args.AvailableTools.Match(coretools.Filter{
Series: selectedSeries,
})
if err != nil {
return nil, "", nil, err
}
// Filter image metadata to the selected series.
var imageMetadata []*imagemetadata.ImageMetadata
seriesVersion, err := series.SeriesVersion(selectedSeries)
if err != nil {
return nil, "", nil, errors.Trace(err)
}
for _, m := range args.ImageMetadata {
if m.Version != seriesVersion {
continue
}
imageMetadata = append(imageMetadata, m)
}
// Get the bootstrap SSH client. Do this early, so we know
// not to bother with any of the below if we can't finish the job.
client := ssh.DefaultClient
if client == nil {
// This should never happen: if we don't have OpenSSH, then
// go.crypto/ssh should be used with an auto-generated key.
return nil, "", nil, fmt.Errorf("no SSH client available")
}
publicKey, err := simplestreams.UserPublicSigningKey()
if err != nil {
return nil, "", nil, err
}
instanceConfig, err := instancecfg.NewBootstrapInstanceConfig(
args.BootstrapConstraints, args.ModelConstraints, selectedSeries, publicKey,
)
if err != nil {
return nil, "", nil, err
}
instanceConfig.EnableOSRefreshUpdate = env.Config().EnableOSRefreshUpdate()
instanceConfig.EnableOSUpgrade = env.Config().EnableOSUpgrade()
instanceConfig.Tags = instancecfg.InstanceTags(env.Config(), instanceConfig.Jobs)
maybeSetBridge := func(icfg *instancecfg.InstanceConfig) {
// If we need to override the default bridge name, do it now. When
// args.ContainerBridgeName is empty, the default names for LXC
// (lxcbr0) and KVM (virbr0) will be used.
if args.ContainerBridgeName != "" {
logger.Debugf("using %q as network bridge for all container types", args.ContainerBridgeName)
if icfg.AgentEnvironment == nil {
icfg.AgentEnvironment = make(map[string]string)
}
icfg.AgentEnvironment[agent.LxcBridge] = args.ContainerBridgeName
}
}
maybeSetBridge(instanceConfig)
fmt.Fprintln(ctx.GetStderr(), "Launching instance")
instanceStatus := func(settableStatus status.Status, info string, data map[string]interface{}) error {
fmt.Fprintf(ctx.GetStderr(), "%s \r", info)
return nil
}
result, err := env.StartInstance(environs.StartInstanceParams{
Constraints: args.BootstrapConstraints,
Tools: availableTools,
InstanceConfig: instanceConfig,
Placement: args.Placement,
ImageMetadata: imageMetadata,
StatusCallback: instanceStatus,
})
if err != nil {
return nil, "", nil, errors.Annotate(err, "cannot start bootstrap instance")
}
fmt.Fprintf(ctx.GetStderr(), " - %s\n", result.Instance.Id())
finalize := func(ctx environs.BootstrapContext, icfg *instancecfg.InstanceConfig) error {
icfg.InstanceId = result.Instance.Id()
icfg.HardwareCharacteristics = result.Hardware
envConfig := env.Config()
if result.Config != nil {
updated, err := envConfig.Apply(result.Config.UnknownAttrs())
if err != nil {
return errors.Trace(err)
}
envConfig = updated
}
if err := instancecfg.FinishInstanceConfig(icfg, envConfig); err != nil {
return err
}
maybeSetBridge(icfg)
return FinishBootstrap(ctx, client, env, result.Instance, icfg)
}
return result, selectedSeries, finalize, nil
}
}
if c.series != "" {
params.Series = c.series
}
if c.region != "" {
params.Region = c.region
}
if c.endpoint != "" {
params.Endpoint = c.endpoint
}
if c.metadataDir != "" {
dir := filepath.Join(c.metadataDir, "images")
if _, err := os.Stat(dir); err != nil {
return nil, err
}
params.Sources = imagesDataSources(dir)
}
return params, nil
}
var imagesDataSources = func(urls ...string) []simplestreams.DataSource {
dataSources := make([]simplestreams.DataSource, len(urls))
publicKey, _ := simplestreams.UserPublicSigningKey()
for i, url := range urls {
dataSources[i] = simplestreams.NewURLSignedDataSource(
"local metadata directory", "file://"+url, publicKey, utils.VerifySSLHostnames, simplestreams.CUSTOM_CLOUD_DATA, false)
}
return dataSources
}
