func (s *workerSuite) TestKeyUpdateRetainsExisting(c *gc.C) {
authWorker := authenticationworker.NewWorker(s.keyupdaterApi, agentConfig(c, s.machine.Tag().(names.MachineTag)))
defer stop(c, authWorker)
newKey := sshtesting.ValidKeyThree.Key + " user@host"
s.setAuthorisedKeys(c, newKey)
newKeyWithCommentPrefix := sshtesting.ValidKeyThree.Key + " Juju:user@host"
s.waitSSHKeys(c, append(s.existingKeys, newKeyWithCommentPrefix))
}
func (s *workerSuite) TestWorkerRestart(c *gc.C) {
authWorker := authenticationworker.NewWorker(s.keyupdaterApi, agentConfig(c, s.machine.Tag().(names.MachineTag)))
defer stop(c, authWorker)
s.waitSSHKeys(c, append(s.existingKeys, s.existingEnvKey))
// Stop the worker and delete and add keys from the environment while it is down.
// added: key 3
// deleted: key 1 (existing env key)
stop(c, authWorker)
s.setAuthorisedKeys(c, sshtesting.ValidKeyThree.Key+" yetanother@host")
// Restart the worker and check that the ssh auth keys are as expected.
authWorker = authenticationworker.NewWorker(s.keyupdaterApi, agentConfig(c, s.machine.Tag().(names.MachineTag)))
defer stop(c, authWorker)
yetAnotherKeyWithCommentPrefix := sshtesting.ValidKeyThree.Key + " Juju:yetanother@host"
s.waitSSHKeys(c, append(s.existingKeys, yetAnotherKeyWithCommentPrefix))
}
func (s *workerSuite) TestNewKeysInJujuAreSavedOnStartup(c *gc.C) {
newKey := sshtesting.ValidKeyThree.Key + " user@host"
s.setAuthorisedKeys(c, newKey)
authWorker := authenticationworker.NewWorker(s.keyupdaterApi, agentConfig(c, s.machine.Tag()))
defer stop(c, authWorker)
newKeyWithCommentPrefix := sshtesting.ValidKeyThree.Key + " Juju:user@host"
s.waitSSHKeys(c, append(s.existingKeys, newKeyWithCommentPrefix))
}
func (s *workerSuite) TestMultipleChanges(c *gc.C) {
authWorker := authenticationworker.NewWorker(s.keyupdaterApi, agentConfig(c, s.machine.Tag().(names.MachineTag)))
defer stop(c, authWorker)
s.waitSSHKeys(c, append(s.existingKeys, s.existingEnvKey))
// Perform a set to add a key and delete a key.
// added: key 3
// deleted: key 1 (existing env key)
s.setAuthorisedKeys(c, sshtesting.ValidKeyThree.Key+" yetanother@host")
yetAnotherKeyWithComment := sshtesting.ValidKeyThree.Key + " Juju:yetanother@host"
s.waitSSHKeys(c, append(s.existingKeys, yetAnotherKeyWithComment))
}
func (s *workerSuite) TestDeleteKey(c *gc.C) {
authWorker := authenticationworker.NewWorker(s.keyupdaterApi, agentConfig(c, s.machine.Tag().(names.MachineTag)))
defer stop(c, authWorker)
// Add another key
anotherKey := sshtesting.ValidKeyThree.Key + " another@host"
s.setAuthorisedKeys(c, s.existingEnvKey, anotherKey)
anotherKeyWithCommentPrefix := sshtesting.ValidKeyThree.Key + " Juju:another@host"
s.waitSSHKeys(c, append(s.existingKeys, s.existingEnvKey, anotherKeyWithCommentPrefix))
// Delete the original key and check anotherKey plus the existing keys remain.
s.setAuthorisedKeys(c, anotherKey)
s.waitSSHKeys(c, append(s.existingKeys, anotherKeyWithCommentPrefix))
}
// APIWorker returns a Worker that connects to the API and starts any
// workers that need an API connection.
func (a *MachineAgent) APIWorker() (worker.Worker, error) {
agentConfig := a.CurrentConfig()
st, entity, err := openAPIState(agentConfig, a)
if err != nil {
return nil, err
}
reportOpenedAPI(st)
// Check if the network management is disabled.
envConfig, err := st.Environment().EnvironConfig()
if err != nil {
return nil, fmt.Errorf("cannot read environment config: %v", err)
}
disableNetworkManagement, _ := envConfig.DisableNetworkManagement()
if disableNetworkManagement {
logger.Infof("network management is disabled")
}
// Refresh the configuration, since it may have been updated after opening state.
agentConfig = a.CurrentConfig()
for _, job := range entity.Jobs() {
if job.NeedsState() {
info, err := st.Agent().StateServingInfo()
if err != nil {
return nil, fmt.Errorf("cannot get state serving info: %v", err)
}
err = a.ChangeConfig(func(config agent.ConfigSetter) error {
config.SetStateServingInfo(info)
return nil
})
if err != nil {
return nil, err
}
agentConfig = a.CurrentConfig()
break
}
}
rsyslogMode := rsyslog.RsyslogModeForwarding
runner := newRunner(connectionIsFatal(st), moreImportant)
var singularRunner worker.Runner
for _, job := range entity.Jobs() {
if job == params.JobManageEnviron {
rsyslogMode = rsyslog.RsyslogModeAccumulate
conn := singularAPIConn{st, st.Agent()}
singularRunner, err = newSingularRunner(runner, conn)
if err != nil {
return nil, fmt.Errorf("cannot make singular API Runner: %v", err)
}
break
}
}
// Before starting any workers, ensure we record the Juju version this machine
// agent is running.
currentTools := &coretools.Tools{Version: version.Current}
if err := st.Upgrader().SetVersion(agentConfig.Tag().String(), currentTools.Version); err != nil {
return nil, errors.Annotate(err, "cannot set machine agent version")
}
providerType := agentConfig.Value(agent.ProviderType)
// Run the upgrader and the upgrade-steps worker without waiting for
// the upgrade steps to complete.
runner.StartWorker("upgrader", func() (worker.Worker, error) {
return upgrader.NewUpgrader(
st.Upgrader(),
agentConfig,
a.previousAgentVersion,
a.upgradeWorkerContext.IsUpgradeRunning,
), nil
})
runner.StartWorker("upgrade-steps", func() (worker.Worker, error) {
return a.upgradeWorkerContext.Worker(a, st, entity.Jobs()), nil
})
// All other workers must wait for the upgrade steps to complete
// before starting.
a.startWorkerAfterUpgrade(runner, "machiner", func() (worker.Worker, error) {
return machiner.NewMachiner(st.Machiner(), agentConfig), nil
})
a.startWorkerAfterUpgrade(runner, "apiaddressupdater", func() (worker.Worker, error) {
return apiaddressupdater.NewAPIAddressUpdater(st.Machiner(), a), nil
})
a.startWorkerAfterUpgrade(runner, "logger", func() (worker.Worker, error) {
return workerlogger.NewLogger(st.Logger(), agentConfig), nil
})
a.startWorkerAfterUpgrade(runner, "machineenvironmentworker", func() (worker.Worker, error) {
return machineenvironmentworker.NewMachineEnvironmentWorker(st.Environment(), agentConfig), nil
})
a.startWorkerAfterUpgrade(runner, "rsyslog", func() (worker.Worker, error) {
return newRsyslogConfigWorker(st.Rsyslog(), agentConfig, rsyslogMode)
})
// TODO (mfoord 8/8/2014) improve the way we detect networking capabilities. Bug lp:1354365
writeNetworkConfig := providerType == "maas"
if disableNetworkManagement || !writeNetworkConfig {
a.startWorkerAfterUpgrade(runner, "networker", func() (worker.Worker, error) {
return newSafeNetworker(st.Networker(), agentConfig, networker.DefaultConfigDir)
})
} else if !disableNetworkManagement && writeNetworkConfig {
a.startWorkerAfterUpgrade(runner, "networker", func() (worker.Worker, error) {
return newNetworker(st.Networker(), agentConfig, networker.DefaultConfigDir)
})
}
// If not a local provider bootstrap machine, start the worker to
// manage SSH keys.
if providerType != provider.Local || a.MachineId != bootstrapMachineId {
a.startWorkerAfterUpgrade(runner, "authenticationworker", func() (worker.Worker, error) {
return authenticationworker.NewWorker(st.KeyUpdater(), agentConfig), nil
})
}
// Perform the operations needed to set up hosting for containers.
if err := a.setupContainerSupport(runner, st, entity, agentConfig); err != nil {
cause := errors.Cause(err)
if params.IsCodeDead(cause) || cause == worker.ErrTerminateAgent {
return nil, worker.ErrTerminateAgent
}
return nil, fmt.Errorf("setting up container support: %v", err)
}
for _, job := range entity.Jobs() {
switch job {
case params.JobHostUnits:
a.startWorkerAfterUpgrade(runner, "deployer", func() (worker.Worker, error) {
apiDeployer := st.Deployer()
context := newDeployContext(apiDeployer, agentConfig)
return deployer.NewDeployer(apiDeployer, context), nil
})
case params.JobManageEnviron:
a.startWorkerAfterUpgrade(singularRunner, "environ-provisioner", func() (worker.Worker, error) {
return provisioner.NewEnvironProvisioner(st.Provisioner(), agentConfig), nil
})
// TODO(axw) 2013-09-24 bug #1229506
// Make another job to enable the firewaller. Not all
// environments are capable of managing ports
// centrally.
a.startWorkerAfterUpgrade(singularRunner, "firewaller", func() (worker.Worker, error) {
return firewaller.NewFirewaller(st.Firewaller())
})
a.startWorkerAfterUpgrade(singularRunner, "charm-revision-updater", func() (worker.Worker, error) {
return charmrevisionworker.NewRevisionUpdateWorker(st.CharmRevisionUpdater()), nil
})
case params.JobManageStateDeprecated:
// Legacy environments may set this, but we ignore it.
default:
// TODO(dimitern): Once all workers moved over to using
// the API, report "unknown job type" here.
}
}
return newCloseWorker(runner, st), nil // Note: a worker.Runner is itself a worker.Worker.
}
// APIWorker returns a Worker that connects to the API and starts any
// workers that need an API connection.
func (a *MachineAgent) APIWorker() (worker.Worker, error) {
agentConfig := a.CurrentConfig()
st, entity, err := openAPIState(agentConfig, a)
if err != nil {
return nil, err
}
reportOpenedAPI(st)
// Refresh the configuration, since it may have been updated after opening state.
agentConfig = a.CurrentConfig()
for _, job := range entity.Jobs() {
if job.NeedsState() {
info, err := st.Agent().StateServingInfo()
if err != nil {
return nil, fmt.Errorf("cannot get state serving info: %v", err)
}
err = a.ChangeConfig(func(config agent.ConfigSetter) {
config.SetStateServingInfo(info)
})
if err != nil {
return nil, err
}
agentConfig = a.CurrentConfig()
break
}
}
rsyslogMode := rsyslog.RsyslogModeForwarding
runner := newRunner(connectionIsFatal(st), moreImportant)
var singularRunner worker.Runner
for _, job := range entity.Jobs() {
if job == params.JobManageEnviron {
rsyslogMode = rsyslog.RsyslogModeAccumulate
conn := singularAPIConn{st, st.Agent()}
singularRunner, err = newSingularRunner(runner, conn)
if err != nil {
return nil, fmt.Errorf("cannot make singular API Runner: %v", err)
}
break
}
}
// Run the upgrader and the upgrade-steps worker without waiting for
// the upgrade steps to complete.
runner.StartWorker("upgrader", func() (worker.Worker, error) {
return upgrader.NewUpgrader(st.Upgrader(), agentConfig), nil
})
runner.StartWorker("upgrade-steps", func() (worker.Worker, error) {
return a.upgradeWorker(st, entity.Jobs(), agentConfig), nil
})
// All other workers must wait for the upgrade steps to complete
// before starting.
a.startWorkerAfterUpgrade(runner, "machiner", func() (worker.Worker, error) {
return machiner.NewMachiner(st.Machiner(), agentConfig), nil
})
a.startWorkerAfterUpgrade(runner, "apiaddressupdater", func() (worker.Worker, error) {
return apiaddressupdater.NewAPIAddressUpdater(st.Machiner(), a), nil
})
a.startWorkerAfterUpgrade(runner, "logger", func() (worker.Worker, error) {
return workerlogger.NewLogger(st.Logger(), agentConfig), nil
})
a.startWorkerAfterUpgrade(runner, "machineenvironmentworker", func() (worker.Worker, error) {
return machineenvironmentworker.NewMachineEnvironmentWorker(st.Environment(), agentConfig), nil
})
a.startWorkerAfterUpgrade(runner, "rsyslog", func() (worker.Worker, error) {
return newRsyslogConfigWorker(st.Rsyslog(), agentConfig, rsyslogMode)
})
// If not a local provider bootstrap machine, start the worker to
// manage SSH keys.
providerType := agentConfig.Value(agent.ProviderType)
if providerType != provider.Local || a.MachineId != bootstrapMachineId {
a.startWorkerAfterUpgrade(runner, "authenticationworker", func() (worker.Worker, error) {
return authenticationworker.NewWorker(st.KeyUpdater(), agentConfig), nil
})
}
// Perform the operations needed to set up hosting for containers.
if err := a.setupContainerSupport(runner, st, entity, agentConfig); err != nil {
return nil, fmt.Errorf("setting up container support: %v", err)
}
for _, job := range entity.Jobs() {
switch job {
case params.JobHostUnits:
a.startWorkerAfterUpgrade(runner, "deployer", func() (worker.Worker, error) {
apiDeployer := st.Deployer()
context := newDeployContext(apiDeployer, agentConfig)
return deployer.NewDeployer(apiDeployer, context), nil
})
case params.JobManageEnviron:
a.startWorkerAfterUpgrade(singularRunner, "environ-provisioner", func() (worker.Worker, error) {
return provisioner.NewEnvironProvisioner(st.Provisioner(), agentConfig), nil
})
// TODO(axw) 2013-09-24 bug #1229506
// Make another job to enable the firewaller. Not all
// environments are capable of managing ports
// centrally.
a.startWorkerAfterUpgrade(singularRunner, "firewaller", func() (worker.Worker, error) {
return firewaller.NewFirewaller(st.Firewaller())
})
a.startWorkerAfterUpgrade(singularRunner, "charm-revision-updater", func() (worker.Worker, error) {
return charmrevisionworker.NewRevisionUpdateWorker(st.CharmRevisionUpdater()), nil
})
case params.JobManageStateDeprecated:
// Legacy environments may set this, but we ignore it.
default:
// TODO(dimitern): Once all workers moved over to using
// the API, report "unknown job type" here.
}
}
return newCloseWorker(runner, st), nil // Note: a worker.Runner is itself a worker.Worker.
}