func (s *bootstrapSuite) TestInitializeStateFailsSecondTime(c *gc.C) {
dataDir := c.MkDir()
pwHash := utils.UserPasswordHash(testing.DefaultMongoPassword, utils.CompatSalt)
configParams := agent.AgentConfigParams{
DataDir: dataDir,
Tag: "machine-0",
UpgradedToVersion: version.Current.Number,
StateAddresses: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
Password: pwHash,
}
cfg, err := agent.NewAgentConfig(configParams)
c.Assert(err, gc.IsNil)
cfg.SetStateServingInfo(params.StateServingInfo{
APIPort: 5555,
StatePort: testing.MgoServer.Port(),
Cert: "foo",
PrivateKey: "bar",
SharedSecret: "baz",
SystemIdentity: "qux",
})
expectConstraints := constraints.MustParse("mem=1024M")
expectHW := instance.MustParseHardware("mem=2048M")
mcfg := agent.BootstrapMachineConfig{
Constraints: expectConstraints,
Jobs: []params.MachineJob{params.JobHostUnits},
InstanceId: "i-bootstrap",
Characteristics: expectHW,
}
envAttrs := dummy.SampleConfig().Delete("admin-secret").Merge(testing.Attrs{
"agent-version": version.Current.Number.String(),
"state-id": "1", // needed so policy can Open config
})
envCfg, err := config.New(config.NoDefaults, envAttrs)
c.Assert(err, gc.IsNil)
st, _, err := agent.InitializeState(cfg, envCfg, mcfg, state.DialOpts{}, environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
err = st.SetAdminMongoPassword("")
c.Check(err, gc.IsNil)
st.Close()
st, _, err = agent.InitializeState(cfg, envCfg, mcfg, state.DialOpts{}, environs.NewStatePolicy())
if err == nil {
st.Close()
}
c.Assert(err, gc.ErrorMatches, "failed to initialize state: cannot create log collection: unauthorized mongo access: unauthorized")
}
func (s *bootstrapSuite) TestInitializeStateWithStateServingInfoNotAvailable(c *gc.C) {
configParams := agent.AgentConfigParams{
DataDir: c.MkDir(),
Tag: "machine-0",
UpgradedToVersion: version.Current.Number,
StateAddresses: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
Password: "******",
}
cfg, err := agent.NewAgentConfig(configParams)
c.Assert(err, gc.IsNil)
_, available := cfg.StateServingInfo()
c.Assert(available, gc.Equals, false)
_, _, err = agent.InitializeState(cfg, nil, agent.BootstrapMachineConfig{}, state.DialOpts{}, environs.NewStatePolicy())
// InitializeState will fail attempting to get the api port information
c.Assert(err, gc.ErrorMatches, "state serving information not available")
}
func (s *bootstrapSuite) TestInitializeState(c *gc.C) {
dataDir := c.MkDir()
pwHash := utils.UserPasswordHash(testing.DefaultMongoPassword, utils.CompatSalt)
configParams := agent.AgentConfigParams{
DataDir: dataDir,
Tag: "machine-0",
UpgradedToVersion: version.Current.Number,
StateAddresses: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
Password: pwHash,
}
servingInfo := params.StateServingInfo{
Cert: testing.ServerCert,
PrivateKey: testing.ServerKey,
APIPort: 1234,
StatePort: testing.MgoServer.Port(),
SystemIdentity: "def456",
}
cfg, err := agent.NewStateMachineConfig(configParams, servingInfo)
c.Assert(err, gc.IsNil)
_, available := cfg.StateServingInfo()
c.Assert(available, gc.Equals, true)
expectConstraints := constraints.MustParse("mem=1024M")
expectHW := instance.MustParseHardware("mem=2048M")
mcfg := agent.BootstrapMachineConfig{
Addresses: instance.NewAddresses("0.1.2.3", "zeroonetwothree"),
Constraints: expectConstraints,
Jobs: []params.MachineJob{params.JobHostUnits},
InstanceId: "i-bootstrap",
Characteristics: expectHW,
SharedSecret: "abc123",
}
envAttrs := dummy.SampleConfig().Delete("admin-secret").Merge(testing.Attrs{
"agent-version": version.Current.Number.String(),
"state-id": "1", // needed so policy can Open config
})
envCfg, err := config.New(config.NoDefaults, envAttrs)
c.Assert(err, gc.IsNil)
st, m, err := agent.InitializeState(cfg, envCfg, mcfg, state.DialOpts{}, environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
defer st.Close()
err = cfg.Write()
c.Assert(err, gc.IsNil)
// Check that initial admin user has been set up correctly.
s.assertCanLogInAsAdmin(c, pwHash)
user, err := st.User("admin")
c.Assert(err, gc.IsNil)
c.Assert(user.PasswordValid(testing.DefaultMongoPassword), jc.IsTrue)
// Check that environment configuration has been added.
newEnvCfg, err := st.EnvironConfig()
c.Assert(err, gc.IsNil)
c.Assert(newEnvCfg.AllAttrs(), gc.DeepEquals, envCfg.AllAttrs())
// Check that the bootstrap machine looks correct.
c.Assert(m.Id(), gc.Equals, "0")
c.Assert(m.Jobs(), gc.DeepEquals, []state.MachineJob{state.JobHostUnits})
c.Assert(m.Series(), gc.Equals, version.Current.Series)
c.Assert(m.CheckProvisioned(state.BootstrapNonce), jc.IsTrue)
c.Assert(m.Addresses(), gc.DeepEquals, mcfg.Addresses)
gotConstraints, err := m.Constraints()
c.Assert(err, gc.IsNil)
c.Assert(gotConstraints, gc.DeepEquals, expectConstraints)
c.Assert(err, gc.IsNil)
gotHW, err := m.HardwareCharacteristics()
c.Assert(err, gc.IsNil)
c.Assert(*gotHW, gc.DeepEquals, expectHW)
gotAddrs := m.Addresses()
c.Assert(gotAddrs, gc.DeepEquals, mcfg.Addresses)
// Check that the API host ports are initialised correctly.
apiHostPorts, err := st.APIHostPorts()
c.Assert(err, gc.IsNil)
c.Assert(apiHostPorts, gc.DeepEquals, [][]instance.HostPort{
instance.AddressesWithPort(mcfg.Addresses, 1234),
})
// Check that the state serving info is initialised correctly.
stateServingInfo, err := st.StateServingInfo()
c.Assert(err, gc.IsNil)
c.Assert(stateServingInfo, jc.DeepEquals, params.StateServingInfo{
APIPort: 1234,
StatePort: testing.MgoServer.Port(),
Cert: testing.ServerCert,
PrivateKey: testing.ServerKey,
SharedSecret: "abc123",
SystemIdentity: "def456",
})
// Check that the machine agent's config has been written
// and that we can use it to connect to the state.
newCfg, err := agent.ReadConfig(agent.ConfigPath(dataDir, "machine-0"))
c.Assert(err, gc.IsNil)
c.Assert(newCfg.Tag(), gc.Equals, "machine-0")
c.Assert(agent.Password(newCfg), gc.Not(gc.Equals), pwHash)
c.Assert(agent.Password(newCfg), gc.Not(gc.Equals), testing.DefaultMongoPassword)
info, ok := cfg.StateInfo()
c.Assert(ok, jc.IsTrue)
st1, err := state.Open(info, state.DialOpts{}, environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
defer st1.Close()
}
// Run initializes state for an environment.
func (c *BootstrapCommand) Run(_ *cmd.Context) error {
envCfg, err := config.New(config.NoDefaults, c.EnvConfig)
if err != nil {
return err
}
err = c.ReadConfig("machine-0")
if err != nil {
return err
}
agentConfig := c.CurrentConfig()
// agent.Jobs is an optional field in the agent config, and was
// introduced after 1.17.2. We default to allowing units on
// machine-0 if missing.
jobs := agentConfig.Jobs()
if len(jobs) == 0 {
jobs = []params.MachineJob{
params.JobManageEnviron,
params.JobHostUnits,
}
}
// Get the bootstrap machine's addresses from the provider.
env, err := environs.New(envCfg)
if err != nil {
return err
}
instanceId := instance.Id(c.InstanceId)
instances, err := env.Instances([]instance.Id{instanceId})
if err != nil {
return err
}
addrs, err := instances[0].Addresses()
if err != nil {
return err
}
// Create system-identity file
if err := agent.WriteSystemIdentityFile(agentConfig); err != nil {
return err
}
// Generate a shared secret for the Mongo replica set, and write it out.
sharedSecret, err := mongo.GenerateSharedSecret()
if err != nil {
return err
}
info, ok := agentConfig.StateServingInfo()
if !ok {
return fmt.Errorf("bootstrap machine config has no state serving info")
}
info.SharedSecret = sharedSecret
err = c.ChangeConfig(func(agentConfig agent.ConfigSetter) {
agentConfig.SetStateServingInfo(info)
})
if err != nil {
return fmt.Errorf("cannot write agent config: %v", err)
}
agentConfig = c.CurrentConfig()
if err := c.startMongo(addrs, agentConfig); err != nil {
return err
}
logger.Infof("started mongo")
// Initialise state, and store any agent config (e.g. password) changes.
var st *state.State
var m *state.Machine
err = nil
writeErr := c.ChangeConfig(func(agentConfig agent.ConfigSetter) {
st, m, err = agent.InitializeState(
agentConfig,
envCfg,
agent.BootstrapMachineConfig{
Addresses: addrs,
Constraints: c.Constraints,
Jobs: jobs,
InstanceId: instanceId,
Characteristics: c.Hardware,
SharedSecret: sharedSecret,
},
state.DefaultDialOpts(),
environs.NewStatePolicy(),
)
})
if writeErr != nil {
return fmt.Errorf("cannot write initial configuration: %v", err)
}
if err != nil {
return err
}
defer st.Close()
// bootstrap machine always gets the vote
return m.SetHasVote(true)
}
