Exemple #1
0
func (s *FirewallerGlobalModeSuite) TestGlobalModeRestartUnexposedService(c *gc.C) {
	// Start firewaller and open ports.
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	u, m := s.addUnit(c, svc)
	s.startInstance(c, m)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)

	s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}})

	// Stop firewaller and clear exposed flag on service.
	err = fw.Stop()
	c.Assert(err, gc.IsNil)

	err = svc.ClearExposed()
	c.Assert(err, gc.IsNil)

	// Start firewaller and check port.
	fw, err = firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	s.assertEnvironPorts(c, nil)
}
Exemple #2
0
func (s *FirewallerGlobalModeSuite) TestGlobalModeRestartPortCount(c *gc.C) {
	// Start firewaller and open ports.
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)

	svc1 := s.AddTestingService(c, "wordpress", s.charm)
	err = svc1.SetExposed()
	c.Assert(err, gc.IsNil)

	u1, m1 := s.addUnit(c, svc1)
	s.startInstance(c, m1)
	err = u1.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u1.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)

	s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}})

	// Stop firewaller and add another service using the port.
	err = fw.Stop()
	c.Assert(err, gc.IsNil)

	svc2 := s.AddTestingService(c, "moinmoin", s.charm)
	err = svc2.SetExposed()
	c.Assert(err, gc.IsNil)

	u2, m2 := s.addUnit(c, svc2)
	s.startInstance(c, m2)
	err = u2.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	// Start firewaller and check port.
	fw, err = firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}})

	// Closing a port opened by a different unit won't touch the environment.
	err = u1.ClosePort("tcp", 80)
	c.Assert(err, gc.IsNil)
	s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}})

	// Closing a port used just once changes the environment.
	err = u1.ClosePort("tcp", 8080)
	c.Assert(err, gc.IsNil)
	s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}})

	// Closing the last port also modifies the environment.
	err = u2.ClosePort("tcp", 80)
	c.Assert(err, gc.IsNil)
	s.assertEnvironPorts(c, nil)
}
Exemple #3
0
func (s *FirewallerSuite) TestRemoveMachine(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	u, m := s.addUnit(c, svc)
	inst := s.startInstance(c, m)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}})

	// Remove unit.
	err = u.EnsureDead()
	c.Assert(err, gc.IsNil)
	err = u.Remove()
	c.Assert(err, gc.IsNil)

	// Remove machine. Nothing bad should happen, but can't
	// assert port state since the machine must have been
	// destroyed and we lost its reference.
	err = m.Refresh()
	c.Assert(err, gc.IsNil)
	err = m.EnsureDead()
	c.Assert(err, gc.IsNil)
	err = m.Remove()
	c.Assert(err, gc.IsNil)
}
Exemple #4
0
func (s *FirewallerGlobalModeSuite) TestGlobalModeStartWithUnexposedService(c *gc.C) {
	m, err := s.State.AddMachine("quantal", state.JobHostUnits)
	c.Assert(err, gc.IsNil)
	s.startInstance(c, m)

	svc := s.AddTestingService(c, "wordpress", s.charm)
	u, err := svc.AddUnit()
	c.Assert(err, gc.IsNil)
	err = u.AssignToMachine(m)
	c.Assert(err, gc.IsNil)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	// Starting the firewaller, no open ports.
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	s.assertEnvironPorts(c, nil)

	// Expose service.
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)
	s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}})
}
Exemple #5
0
func (s *FirewallerSuite) TestRemoveService(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	u, m := s.addUnit(c, svc)
	inst := s.startInstance(c, m)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}})

	// Remove service.
	err = u.EnsureDead()
	c.Assert(err, gc.IsNil)
	err = u.Remove()
	c.Assert(err, gc.IsNil)
	err = svc.Destroy()
	c.Assert(err, gc.IsNil)
	s.assertPorts(c, inst, m.Id(), nil)
}
Exemple #6
0
func (s *FirewallerSuite) TestDeadMachine(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	u, m := s.addUnit(c, svc)
	inst := s.startInstance(c, m)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}})

	// Remove unit and service, also tested without. Has no effect.
	err = u.EnsureDead()
	c.Assert(err, gc.IsNil)
	err = u.Remove()
	c.Assert(err, gc.IsNil)
	err = svc.Destroy()
	c.Assert(err, gc.IsNil)

	// Kill machine.
	err = m.Refresh()
	c.Assert(err, gc.IsNil)
	err = m.EnsureDead()
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), nil)
}
Exemple #7
0
func (s *FirewallerSuite) TestSetClearExposedService(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)

	u, m := s.addUnit(c, svc)
	inst := s.startInstance(c, m)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)

	// Not exposed service, so no open port.
	s.assertPorts(c, inst, m.Id(), nil)

	// SeExposed opens the ports.
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}})

	// ClearExposed closes the ports again.
	err = svc.ClearExposed()
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), nil)
}
Exemple #8
0
func (s *FirewallerSuite) TestRemoveUnit(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	u1, m1 := s.addUnit(c, svc)
	inst1 := s.startInstance(c, m1)
	err = u1.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	u2, m2 := s.addUnit(c, svc)
	inst2 := s.startInstance(c, m2)
	err = u2.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 80}})
	s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}})

	// Remove unit.
	err = u1.EnsureDead()
	c.Assert(err, gc.IsNil)
	err = u1.Remove()
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst1, m1.Id(), nil)
	s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}})
}
Exemple #9
0
func (s *FirewallerSuite) TestStartWithState(c *gc.C) {
	svc := s.AddTestingService(c, "wordpress", s.charm)
	err := svc.SetExposed()
	c.Assert(err, gc.IsNil)
	u, m := s.addUnit(c, svc)
	inst := s.startInstance(c, m)

	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)

	// Nothing open without firewaller.
	s.assertPorts(c, inst, m.Id(), nil)

	// Starting the firewaller opens the ports.
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}})

	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)
}
Exemple #10
0
func (s *FirewallerSuite) TestStartWithPartialState(c *gc.C) {
	m, err := s.State.AddMachine("quantal", state.JobHostUnits)
	c.Assert(err, gc.IsNil)
	inst := s.startInstance(c, m)

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)

	// Starting the firewaller, no open ports.
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	s.assertPorts(c, inst, m.Id(), nil)

	// Complete steps to open port.
	u, err := svc.AddUnit()
	c.Assert(err, gc.IsNil)
	err = u.AssignToMachine(m)
	c.Assert(err, gc.IsNil)
	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}})
}
Exemple #11
0
func (s *FirewallerSuite) TestNotExposedService(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)
	u, m := s.addUnit(c, svc)
	inst := s.startInstance(c, m)

	err = u.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), nil)

	err = u.ClosePort("tcp", 80)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst, m.Id(), nil)
}
Exemple #12
0
func (s *FirewallerSuite) TestMultipleExposedServices(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc1 := s.AddTestingService(c, "wordpress", s.charm)
	err = svc1.SetExposed()
	c.Assert(err, gc.IsNil)

	u1, m1 := s.addUnit(c, svc1)
	inst1 := s.startInstance(c, m1)
	err = u1.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u1.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)

	svc2 := s.AddTestingService(c, "mysql", s.charm)
	c.Assert(err, gc.IsNil)
	err = svc2.SetExposed()
	c.Assert(err, gc.IsNil)

	u2, m2 := s.addUnit(c, svc2)
	inst2 := s.startInstance(c, m2)
	err = u2.OpenPort("tcp", 3306)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}})
	s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 3306}})

	err = u1.ClosePort("tcp", 80)
	c.Assert(err, gc.IsNil)
	err = u2.ClosePort("tcp", 3306)
	c.Assert(err, gc.IsNil)

	s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 8080}})
	s.assertPorts(c, inst2, m2.Id(), nil)
}
Exemple #13
0
func (s *FirewallerSuite) TestMachineWithoutInstanceId(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	defer func() { c.Assert(fw.Stop(), gc.IsNil) }()

	svc := s.AddTestingService(c, "wordpress", s.charm)
	err = svc.SetExposed()
	c.Assert(err, gc.IsNil)
	// add a unit but don't start its instance yet.
	u1, m1 := s.addUnit(c, svc)

	// add another unit and start its instance, so that
	// we're sure the firewaller has seen the first instance.
	u2, m2 := s.addUnit(c, svc)
	inst2 := s.startInstance(c, m2)
	err = u2.OpenPort("tcp", 80)
	c.Assert(err, gc.IsNil)
	s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}})

	inst1 := s.startInstance(c, m1)
	err = u1.OpenPort("tcp", 8080)
	c.Assert(err, gc.IsNil)
	s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 8080}})
}
Exemple #14
0
func (s *FirewallerSuite) TestStartStop(c *gc.C) {
	fw, err := firewaller.NewFirewaller(s.firewaller)
	c.Assert(err, gc.IsNil)
	c.Assert(fw.Stop(), gc.IsNil)
}
Exemple #15
0
// APIWorker returns a Worker that connects to the API and starts any
// workers that need an API connection.
func (a *MachineAgent) APIWorker() (worker.Worker, error) {
	agentConfig := a.CurrentConfig()
	st, entity, err := openAPIState(agentConfig, a)
	if err != nil {
		return nil, err
	}
	reportOpenedAPI(st)

	// Refresh the configuration, since it may have been updated after opening state.
	agentConfig = a.CurrentConfig()

	for _, job := range entity.Jobs() {
		if job.NeedsState() {
			info, err := st.Agent().StateServingInfo()
			if err != nil {
				return nil, fmt.Errorf("cannot get state serving info: %v", err)
			}
			err = a.ChangeConfig(func(config agent.ConfigSetter) {
				config.SetStateServingInfo(info)
			})
			if err != nil {
				return nil, err
			}
			agentConfig = a.CurrentConfig()
			break
		}
	}

	rsyslogMode := rsyslog.RsyslogModeForwarding
	runner := newRunner(connectionIsFatal(st), moreImportant)
	var singularRunner worker.Runner
	for _, job := range entity.Jobs() {
		if job == params.JobManageEnviron {
			rsyslogMode = rsyslog.RsyslogModeAccumulate
			conn := singularAPIConn{st, st.Agent()}
			singularRunner, err = newSingularRunner(runner, conn)
			if err != nil {
				return nil, fmt.Errorf("cannot make singular API Runner: %v", err)
			}
			break
		}
	}

	// Run the upgrader and the upgrade-steps worker without waiting for
	// the upgrade steps to complete.
	runner.StartWorker("upgrader", func() (worker.Worker, error) {
		return upgrader.NewUpgrader(st.Upgrader(), agentConfig), nil
	})
	runner.StartWorker("upgrade-steps", func() (worker.Worker, error) {
		return a.upgradeWorker(st, entity.Jobs(), agentConfig), nil
	})

	// All other workers must wait for the upgrade steps to complete
	// before starting.
	a.startWorkerAfterUpgrade(runner, "machiner", func() (worker.Worker, error) {
		return machiner.NewMachiner(st.Machiner(), agentConfig), nil
	})
	a.startWorkerAfterUpgrade(runner, "apiaddressupdater", func() (worker.Worker, error) {
		return apiaddressupdater.NewAPIAddressUpdater(st.Machiner(), a), nil
	})
	a.startWorkerAfterUpgrade(runner, "logger", func() (worker.Worker, error) {
		return workerlogger.NewLogger(st.Logger(), agentConfig), nil
	})
	a.startWorkerAfterUpgrade(runner, "machineenvironmentworker", func() (worker.Worker, error) {
		return machineenvironmentworker.NewMachineEnvironmentWorker(st.Environment(), agentConfig), nil
	})
	a.startWorkerAfterUpgrade(runner, "rsyslog", func() (worker.Worker, error) {
		return newRsyslogConfigWorker(st.Rsyslog(), agentConfig, rsyslogMode)
	})

	// If not a local provider bootstrap machine, start the worker to
	// manage SSH keys.
	providerType := agentConfig.Value(agent.ProviderType)
	if providerType != provider.Local || a.MachineId != bootstrapMachineId {
		a.startWorkerAfterUpgrade(runner, "authenticationworker", func() (worker.Worker, error) {
			return authenticationworker.NewWorker(st.KeyUpdater(), agentConfig), nil
		})
	}

	// Perform the operations needed to set up hosting for containers.
	if err := a.setupContainerSupport(runner, st, entity, agentConfig); err != nil {
		return nil, fmt.Errorf("setting up container support: %v", err)
	}
	for _, job := range entity.Jobs() {
		switch job {
		case params.JobHostUnits:
			a.startWorkerAfterUpgrade(runner, "deployer", func() (worker.Worker, error) {
				apiDeployer := st.Deployer()
				context := newDeployContext(apiDeployer, agentConfig)
				return deployer.NewDeployer(apiDeployer, context), nil
			})
		case params.JobManageEnviron:
			a.startWorkerAfterUpgrade(singularRunner, "environ-provisioner", func() (worker.Worker, error) {
				return provisioner.NewEnvironProvisioner(st.Provisioner(), agentConfig), nil
			})
			// TODO(axw) 2013-09-24 bug #1229506
			// Make another job to enable the firewaller. Not all
			// environments are capable of managing ports
			// centrally.
			a.startWorkerAfterUpgrade(singularRunner, "firewaller", func() (worker.Worker, error) {
				return firewaller.NewFirewaller(st.Firewaller())
			})
			a.startWorkerAfterUpgrade(singularRunner, "charm-revision-updater", func() (worker.Worker, error) {
				return charmrevisionworker.NewRevisionUpdateWorker(st.CharmRevisionUpdater()), nil
			})
		case params.JobManageStateDeprecated:
			// Legacy environments may set this, but we ignore it.
		default:
			// TODO(dimitern): Once all workers moved over to using
			// the API, report "unknown job type" here.
		}
	}
	return newCloseWorker(runner, st), nil // Note: a worker.Runner is itself a worker.Worker.
}