// Bootstrap bootstraps the given environment. The supplied constraints are
// used to provision the instance, and are also set within the bootstrapped
// environment.
func Bootstrap(ctx environs.BootstrapContext, environ environs.Environ, args environs.BootstrapParams) error {
cfg := environ.Config()
if secret := cfg.AdminSecret(); secret == "" {
return fmt.Errorf("environment configuration has no admin-secret")
}
if authKeys := ssh.SplitAuthorisedKeys(cfg.AuthorizedKeys()); len(authKeys) == 0 {
// Apparently this can never happen, so it's not tested. But, one day,
// Config will act differently (it's pretty crazy that, AFAICT, the
// authorized-keys are optional config settings... but it's impossible
// to actually *create* a config without them)... and when it does,
// we'll be here to catch this problem early.
return fmt.Errorf("environment configuration has no authorized-keys")
}
if _, hasCACert := cfg.CACert(); !hasCACert {
return fmt.Errorf("environment configuration has no ca-cert")
}
if _, hasCAKey := cfg.CAPrivateKey(); !hasCAKey {
return fmt.Errorf("environment configuration has no ca-private-key")
}
// Write out the bootstrap-init file, and confirm storage is writeable.
if err := environs.VerifyStorage(environ.Storage()); err != nil {
return err
}
logger.Debugf("environment %q supports service/machine networks: %v", environ.Name(), environ.SupportNetworks())
logger.Infof("bootstrapping environment %q", environ.Name())
return environ.Bootstrap(ctx, args)
}
func assertEnvironDestroyed(c *gc.C, env environs.Environ, store configstore.Storage) {
_, err := store.ReadInfo(env.Name())
c.Assert(err, jc.Satisfies, errors.IsNotFound)
_, err = env.Instances([]instance.Id{"invalid"})
c.Assert(err, gc.ErrorMatches, "environment has been destroyed")
}
// handleBootstrapError cleans up after a failed bootstrap.
func handleBootstrapError(err error, ctx environs.BootstrapContext, inst instance.Instance, env environs.Environ) {
if err == nil {
return
}
logger.Errorf("bootstrap failed: %v", err)
ch := make(chan os.Signal, 1)
ctx.InterruptNotify(ch)
defer ctx.StopInterruptNotify(ch)
defer close(ch)
go func() {
for _ = range ch {
fmt.Fprintln(ctx.GetStderr(), "Cleaning up failed bootstrap")
}
}()
if inst != nil {
fmt.Fprintln(ctx.GetStderr(), "Stopping instance...")
if stoperr := env.StopInstances(inst.Id()); stoperr != nil {
logger.Errorf("cannot stop failed bootstrap instance %q: %v", inst.Id(), stoperr)
} else {
// set to nil so we know we can safely delete the state file
inst = nil
}
}
// We only delete the bootstrap state file if either we didn't
// start an instance, or we managed to cleanly stop it.
if inst == nil {
if rmerr := bootstrap.DeleteStateFile(env.Storage()); rmerr != nil {
logger.Errorf("cannot delete bootstrap state file: %v", rmerr)
}
}
}
func makeTestMetadata(c *gc.C, env environs.Environ, series, location string, im []*imagemetadata.ImageMetadata) {
cloudSpec := simplestreams.CloudSpec{
Region: location,
Endpoint: "https://management.core.windows.net/",
}
err := imagemetadata.MergeAndWriteMetadata(series, im, &cloudSpec, env.Storage())
c.Assert(err, gc.IsNil)
}
func assertEnvironNotDestroyed(c *gc.C, env environs.Environ, store configstore.Storage) {
info, err := store.ReadInfo(env.Name())
c.Assert(err, gc.IsNil)
c.Assert(info.Initialized(), jc.IsTrue)
_, err = environs.NewFromName(env.Name(), store)
c.Assert(err, gc.IsNil)
}
func findInstanceTools(env environs.Environ, series, arch string) (*tools.Tools, error) {
agentVersion, ok := env.Config().AgentVersion()
if !ok {
return nil, fmt.Errorf("no agent version set in environment configuration")
}
possibleTools, err := envtools.FindInstanceTools(env, agentVersion, series, &arch)
if err != nil {
return nil, err
}
return possibleTools[0], nil
}
// EnsureNotBootstrapped returns nil if the environment is not
// bootstrapped, and an error if it is or if the function was not able
// to tell.
func EnsureNotBootstrapped(env environs.Environ) error {
_, err := LoadState(env.Storage())
// If there is no error loading the bootstrap state, then we are
// bootstrapped.
if err == nil {
return fmt.Errorf("environment is already bootstrapped")
}
if err == environs.ErrNotBootstrapped {
return nil
}
return err
}
func publicAttrs(e environs.Environ) map[string]interface{} {
cfg := e.Config()
secrets, err := e.Provider().SecretAttrs(cfg)
if err != nil {
panic(err)
}
attrs := cfg.AllAttrs()
for attr := range secrets {
delete(attrs, attr)
}
return attrs
}
// NewConn returns a new Conn that uses the
// given environment. The environment must have already
// been bootstrapped.
func NewConn(environ environs.Environ) (*Conn, error) {
info, _, err := environ.StateInfo()
if err != nil {
return nil, err
}
password := environ.Config().AdminSecret()
if password == "" {
return nil, fmt.Errorf("cannot connect without admin-secret")
}
err = environs.CheckEnvironment(environ)
if err != nil {
return nil, err
}
info.Password = password
opts := state.DefaultDialOpts()
st, err := state.Open(info, opts, environs.NewStatePolicy())
if errors.IsUnauthorized(err) {
logger.Infof("authorization error while connecting to state server; retrying")
// We can't connect with the administrator password,;
// perhaps this was the first connection and the
// password has not been changed yet.
info.Password = utils.UserPasswordHash(password, utils.CompatSalt)
// We try for a while because we might succeed in
// connecting to mongo before the state has been
// initialized and the initial password set.
for a := redialStrategy.Start(); a.Next(); {
st, err = state.Open(info, opts, environs.NewStatePolicy())
if !errors.IsUnauthorized(err) {
break
}
}
if err != nil {
return nil, err
}
if err := st.SetAdminMongoPassword(password); err != nil {
return nil, err
}
} else if err != nil {
return nil, err
}
conn := &Conn{
Environ: environ,
State: st,
}
if err := conn.updateSecrets(); err != nil {
conn.Close()
return nil, fmt.Errorf("unable to push secrets: %v", err)
}
return conn, nil
}
func environAPIInfo(environ environs.Environ) (*api.Info, error) {
_, info, err := environ.StateInfo()
if err != nil {
return nil, err
}
info.Tag = "user-admin"
password := environ.Config().AdminSecret()
if password == "" {
return nil, fmt.Errorf("cannot connect without admin-secret")
}
info.Password = password
return info, nil
}
// validateUploadAllowed returns an error if an attempt to upload tools should
// not be allowed.
func validateUploadAllowed(env environs.Environ, toolsArch *string, forceVersion bool) error {
if !forceVersion {
// First, check that there isn't already an agent version specified.
if _, hasAgentVersion := env.Config().AgentVersion(); hasAgentVersion {
return fmt.Errorf(noToolsNoUploadMessage)
}
}
// Now check that the architecture for which we are setting up an
// environment matches that from which we are bootstrapping.
hostArch := arch.HostArch()
// We can't build tools for a different architecture if one is specified.
if toolsArch != nil && *toolsArch != hostArch {
return fmt.Errorf("cannot build tools for %q using a machine running on %q", *toolsArch, hostArch)
}
// If no architecture is specified, ensure the target provider supports instances matching our architecture.
supportedArchitectures, err := env.SupportedArchitectures()
if err != nil {
return fmt.Errorf(
"no packaged tools available and cannot determine environment's supported architectures: %v", err)
}
archSupported := false
for _, arch := range supportedArchitectures {
if hostArch == arch {
archSupported = true
break
}
}
if !archSupported {
envType := env.Config().Type()
return fmt.Errorf(
"environment %q of type %s does not support instances running on %q", env.Name(), envType, hostArch)
}
return nil
}
// EnsureToolsAvailability verifies the tools are available. If no tools are
// found, it will automatically synchronize them.
func EnsureToolsAvailability(ctx environs.BootstrapContext, env environs.Environ, series string, toolsArch *string) (coretools.List, error) {
cfg := env.Config()
var vers *version.Number
if agentVersion, ok := cfg.AgentVersion(); ok {
vers = &agentVersion
}
logger.Debugf(
"looking for bootstrap tools: series=%q, arch=%v, version=%v",
series, toolsArch, vers,
)
params := envtools.BootstrapToolsParams{
Version: vers,
Arch: toolsArch,
Series: series,
// If vers.Build>0, the tools may have been uploaded in this session.
// Allow retries, so we wait until the storage has caught up.
AllowRetry: vers != nil && vers.Build > 0,
}
toolsList, err := envtools.FindBootstrapTools(env, params)
if err == nil {
return toolsList, nil
} else if !errors.IsNotFound(err) {
return nil, err
}
// Only automatically upload tools for dev versions.
if !version.Current.IsDev() {
return nil, fmt.Errorf("cannot upload bootstrap tools: %v", noToolsNoUploadMessage)
}
// No tools available so our only hope is to build locally and upload.
logger.Warningf("no prepackaged tools available")
uploadSeries := SeriesToUpload(cfg, nil)
if series != "" {
uploadSeries = append(uploadSeries, series)
}
if err := UploadTools(ctx, env, toolsArch, false, uploadSeries...); err != nil {
logger.Errorf("%s", noToolsMessage)
return nil, fmt.Errorf("cannot upload bootstrap tools: %v", err)
}
// TODO(axw) have uploadTools return the list of tools in the target, and use that.
params.AllowRetry = true
if toolsList, err = envtools.FindBootstrapTools(env, params); err != nil {
return nil, fmt.Errorf("cannot find bootstrap tools: %v", err)
}
return toolsList, nil
}
// StartInstanceWithConstraintsAndNetworks is a test helper function that
// starts an instance with the given networks, and a plausible but invalid
// configuration, and returns the result of Environ.StartInstance.
func StartInstanceWithConstraintsAndNetworks(
env environs.Environ, machineId string, cons constraints.Value,
includeNetworks, excludeNetworks []string,
) (
instance.Instance, *instance.HardwareCharacteristics, []network.Info, error,
) {
series := config.PreferredSeries(env.Config())
agentVersion, ok := env.Config().AgentVersion()
if !ok {
return nil, nil, nil, fmt.Errorf("missing agent version in environment config")
}
possibleTools, err := tools.FindInstanceTools(env, agentVersion, series, cons.Arch)
if err != nil {
return nil, nil, nil, err
}
machineNonce := "fake_nonce"
stateInfo := FakeStateInfo(machineId)
apiInfo := FakeAPIInfo(machineId)
machineConfig := environs.NewMachineConfig(
machineId, machineNonce,
includeNetworks, excludeNetworks,
stateInfo, apiInfo)
return env.StartInstance(environs.StartInstanceParams{
Constraints: cons,
Tools: possibleTools,
MachineConfig: machineConfig,
})
}
// StateInfo is a reusable implementation of Environ.StateInfo, available to
// providers that also use the other functionality from this file.
func StateInfo(env environs.Environ) (*state.Info, *api.Info, error) {
st, err := bootstrap.LoadState(env.Storage())
if err != nil {
return nil, nil, err
}
config := env.Config()
if _, hasCert := config.CACert(); !hasCert {
return nil, nil, fmt.Errorf("no CA certificate in environment configuration")
}
// Wait for the addresses of at least one of the instances to become available.
logger.Debugf("waiting for addresses of state server instances %v", st.StateInstances)
var addresses []string
for a := LongAttempt.Start(); len(addresses) == 0 && a.Next(); {
insts, err := env.Instances(st.StateInstances)
if err != nil && err != environs.ErrPartialInstances {
logger.Debugf("error getting state instances: %v", err.Error())
return nil, nil, err
}
addresses = getAddresses(insts)
}
if len(addresses) == 0 {
return nil, nil, fmt.Errorf("timed out waiting for addresses from %v", st.StateInstances)
}
stateInfo, apiInfo := getStateInfo(config, addresses)
return stateInfo, apiInfo, nil
}
// SetBootstrapTools returns the newest tools from the given tools list,
// and updates the agent-version configuration attribute.
func SetBootstrapTools(environ environs.Environ, possibleTools coretools.List) (coretools.List, error) {
if len(possibleTools) == 0 {
return nil, fmt.Errorf("no bootstrap tools available")
}
var newVersion version.Number
newVersion, toolsList := possibleTools.Newest()
logger.Infof("newest version: %s", newVersion)
cfg := environ.Config()
if agentVersion, _ := cfg.AgentVersion(); agentVersion != newVersion {
cfg, err := cfg.Apply(map[string]interface{}{
"agent-version": newVersion.String(),
})
if err == nil {
err = environ.SetConfig(cfg)
}
if err != nil {
return nil, fmt.Errorf("failed to update environment configuration: %v", err)
}
}
bootstrapVersion := newVersion
// We should only ever bootstrap the exact same version as the client,
// or we risk bootstrap incompatibility. We still set agent-version to
// the newest version, so the agent will immediately upgrade itself.
if !isCompatibleVersion(newVersion, version.Current.Number) {
compatibleVersion, compatibleTools := findCompatibleTools(possibleTools, version.Current.Number)
if len(compatibleTools) == 0 {
logger.Warningf(
"failed to find %s tools, will attempt to use %s",
version.Current.Number, newVersion,
)
} else {
bootstrapVersion, toolsList = compatibleVersion, compatibleTools
}
}
logger.Infof("picked bootstrap tools version: %s", bootstrapVersion)
return toolsList, nil
}
// Destroy is a common implementation of the Destroy method defined on
// environs.Environ; we strongly recommend that this implementation be
// used when writing a new provider.
func Destroy(env environs.Environ) error {
logger.Infof("destroying environment %q", env.Name())
instances, err := env.AllInstances()
switch err {
case nil:
ids := make([]instance.Id, len(instances))
for i, inst := range instances {
ids[i] = inst.Id()
}
if err := env.StopInstances(ids...); err != nil {
return err
}
fallthrough
case environs.ErrNoInstances:
return env.Storage().RemoveAll()
}
return err
}
// Bootstrap is a common implementation of the Bootstrap method defined on
// environs.Environ; we strongly recommend that this implementation be used
// when writing a new provider.
func Bootstrap(ctx environs.BootstrapContext, env environs.Environ, args environs.BootstrapParams) (err error) {
// TODO make safe in the case of racing Bootstraps
// If two Bootstraps are called concurrently, there's
// no way to make sure that only one succeeds.
var inst instance.Instance
defer func() { handleBootstrapError(err, ctx, inst, env) }()
// First thing, ensure we have tools otherwise there's no point.
selectedTools, err := EnsureBootstrapTools(ctx, env, config.PreferredSeries(env.Config()), args.Constraints.Arch)
if err != nil {
return err
}
// Get the bootstrap SSH client. Do this early, so we know
// not to bother with any of the below if we can't finish the job.
client := ssh.DefaultClient
if client == nil {
// This should never happen: if we don't have OpenSSH, then
// go.crypto/ssh should be used with an auto-generated key.
return fmt.Errorf("no SSH client available")
}
privateKey, err := GenerateSystemSSHKey(env)
if err != nil {
return err
}
machineConfig := environs.NewBootstrapMachineConfig(privateKey)
fmt.Fprintln(ctx.GetStderr(), "Launching instance")
inst, hw, _, err := env.StartInstance(environs.StartInstanceParams{
Constraints: args.Constraints,
Tools: selectedTools,
MachineConfig: machineConfig,
Placement: args.Placement,
})
if err != nil {
return fmt.Errorf("cannot start bootstrap instance: %v", err)
}
fmt.Fprintf(ctx.GetStderr(), " - %s\n", inst.Id())
machineConfig.InstanceId = inst.Id()
machineConfig.HardwareCharacteristics = hw
err = bootstrap.SaveState(
env.Storage(),
&bootstrap.BootstrapState{
StateInstances: []instance.Id{inst.Id()},
})
if err != nil {
return fmt.Errorf("cannot save state: %v", err)
}
return FinishBootstrap(ctx, client, inst, machineConfig)
}
// UploadTools uploads tools for the specified series and any other relevant series to
// the environment storage, after which it sets the agent-version. If forceVersion is true,
// we allow uploading even when the agent-version is already set in the environment.
func UploadTools(ctx environs.BootstrapContext, env environs.Environ, toolsArch *string, forceVersion bool, bootstrapSeries ...string) error {
logger.Infof("checking that upload is possible")
// Check the series are valid.
for _, series := range bootstrapSeries {
if _, err := ubuntu.SeriesVersion(series); err != nil {
return err
}
}
// See that we are allowed to upload the tools.
if err := validateUploadAllowed(env, toolsArch, forceVersion); err != nil {
return err
}
// Make storage interruptible.
interrupted := make(chan os.Signal, 1)
interruptStorage := make(chan struct{})
ctx.InterruptNotify(interrupted)
defer ctx.StopInterruptNotify(interrupted)
defer close(interrupted)
go func() {
defer close(interruptStorage) // closing interrupts all uploads
if _, ok := <-interrupted; ok {
ctx.Infof("cancelling tools upload")
}
}()
stor := newInterruptibleStorage(env.Storage(), interruptStorage)
cfg := env.Config()
explicitVersion := uploadVersion(version.Current.Number, nil)
uploadSeries := SeriesToUpload(cfg, bootstrapSeries)
ctx.Infof("uploading tools for series %s", uploadSeries)
tools, err := sync.Upload(stor, &explicitVersion, uploadSeries...)
if err != nil {
return err
}
cfg, err = cfg.Apply(map[string]interface{}{
"agent-version": tools.Version.Number.String(),
})
if err == nil {
err = env.SetConfig(cfg)
}
if err != nil {
return fmt.Errorf("failed to update environment configuration: %v", err)
}
return nil
}
// GenerateSystemSSHKey creates a new key for the system identity. The
// authorized_keys in the environment config is updated to include the public
// key for the generated key.
func GenerateSystemSSHKey(env environs.Environ) (privateKey string, err error) {
logger.Debugf("generate a system ssh key")
// Create a new system ssh key and add that to the authorized keys.
privateKey, publicKey, err := ssh.GenerateKey(config.JujuSystemKey)
if err != nil {
return "", fmt.Errorf("failed to create system key: %v", err)
}
authorized_keys := config.ConcatAuthKeys(env.Config().AuthorizedKeys(), publicKey)
newConfig, err := env.Config().Apply(map[string]interface{}{
config.AuthKeysConfig: authorized_keys,
})
if err != nil {
return "", fmt.Errorf("failed to create new config: %v", err)
}
if err = env.SetConfig(newConfig); err != nil {
return "", fmt.Errorf("failed to set new config: %v", err)
}
return privateKey, nil
}
// RemoveAllTools deletes all tools from the supplied environment.
func RemoveAllTools(c *gc.C, env environs.Environ) {
c.Logf("clearing private storage")
RemoveTools(c, env.Storage())
}
// setParams sets parameters based on the environment configuration
// for those which have not been explicitly specified.
func (c *ImageMetadataCommand) setParams(context *cmd.Context) error {
c.privateStorage = "<private storage name>"
var environ environs.Environ
if store, err := configstore.Default(); err == nil {
if environ, err = environs.PrepareFromName(c.EnvName, context, store); err == nil {
logger.Infof("creating image metadata for environment %q", environ.Name())
// If the user has not specified region and endpoint, try and get it from the environment.
if c.Region == "" || c.Endpoint == "" {
var cloudSpec simplestreams.CloudSpec
if inst, ok := environ.(simplestreams.HasRegion); ok {
if cloudSpec, err = inst.Region(); err != nil {
return err
}
} else {
return fmt.Errorf("environment %q cannot provide region and endpoint", environ.Name())
}
// If only one of region or endpoint is provided, that is a problem.
if cloudSpec.Region != cloudSpec.Endpoint && (cloudSpec.Region == "" || cloudSpec.Endpoint == "") {
return fmt.Errorf("cannot generate metadata without a complete cloud configuration")
}
if c.Region == "" {
c.Region = cloudSpec.Region
}
if c.Endpoint == "" {
c.Endpoint = cloudSpec.Endpoint
}
}
cfg := environ.Config()
if c.Series == "" {
c.Series = config.PreferredSeries(cfg)
}
if v, ok := cfg.AllAttrs()["control-bucket"]; ok {
c.privateStorage = v.(string)
}
} else {
logger.Warningf("environment %q could not be opened: %v", c.EnvName, err)
}
}
if environ == nil {
logger.Infof("no environment found, creating image metadata using user supplied data")
}
if c.Series == "" {
c.Series = config.LatestLtsSeries()
}
if c.ImageId == "" {
return fmt.Errorf("image id must be specified")
}
if c.Region == "" {
return fmt.Errorf("image region must be specified")
}
if c.Endpoint == "" {
return fmt.Errorf("cloud endpoint URL must be specified")
}
if c.Dir == "" {
logger.Infof("no destination directory specified, using current directory")
var err error
if c.Dir, err = os.Getwd(); err != nil {
return err
}
}
return nil
}