Esempio n. 1
0
// addAPIInfo adds information to the agent's configuration
// for serving the API.
func addAPIInfo(conf *agent.Conf, m *state.Machine) {
	port := testing.FindTCPPort()
	conf.APIInfo.Addrs = []string{fmt.Sprintf("localhost:%d", port)}
	conf.APIInfo.CACert = []byte(testing.CACert)
	conf.StateServerCert = []byte(testing.ServerCert)
	conf.StateServerKey = []byte(testing.ServerKey)
	conf.APIPort = port
}
Esempio n. 2
0
func (s *openSuite) TestOpenStateNormal(c *C) {
	conf := agent.Conf{
		StateInfo: s.StateInfo(c),
	}
	conf.OldPassword = "******"
	st, err := conf.OpenState()
	c.Assert(err, IsNil)
	st.Close()
}
Esempio n. 3
0
func (suite) TestCheckNoDataDir(c *C) {
	conf := agent.Conf{
		StateInfo: &state.Info{
			Addrs:    []string{"x:4"},
			CACert:   []byte("xxx"),
			Tag:      "bar",
			Password: "******",
		},
	}
	c.Assert(conf.Check(), ErrorMatches, "data directory not found in configuration")
}
Esempio n. 4
0
// EnsureAPIInfo makes sure we can connect as an agent to the API server 1.10
// did not set an API password for machine agents, 1.11 sets it the same as the
// mongo password.  1.10 also does not set any API Info at all for Unit agents.
// conf is the agent.conf for this machine/unit agent.  agentConn is the direct
// connection to the State database
func EnsureAPIInfo(conf *agent.Conf, stConn *state.State, agentConn AgentState) error {
	// In 1.10 Machine Agents will have an API Info section, but will not
	// have properly configured the Password field, so when upgrading to
	// 1.11 we must set that field
	// In 1.10 Unit Agents will not have an API Info section at all, so we
	// must set everything from the StateInfo (correcting the Addrs for API
	// port vs Mongo port)
	// A new 1.11 Unit Agent will have an OldPassword but no Password set
	// (in StateInfo or APIInfo). Because we only change the password on
	// API connect, not on DB connect. We don't want to make extra
	// SetPassword calls when we already have a valid password set
	if conf.APIInfo != nil && (conf.APIInfo.Password != "" || conf.StateInfo.Password == "") {
		// We must have set it earlier
		return nil
	}
	setter, ok := agentConn.(passwordSetter)
	if !ok {
		panic("AgentState is missing a SetPassword method?")
	}
	if conf.APIInfo == nil {
		// Unit agents didn't get any APIInfo in 1.10
		conf.APIInfo = apiInfoFromStateInfo(conf.StateInfo, stConn)
		validationLogger.Infof(
			"agent.conf APIInfo is not set. Setting to {Addrs: %s, Tag: %s}",
			conf.APIInfo.Addrs,
			conf.APIInfo.Tag,
		)
	} else {
		validationLogger.Infof("agent.conf APIInfo password is not set. Setting to state password")
		conf.APIInfo.Password = conf.StateInfo.Password
	}
	password := conf.StateInfo.Password
	if password == "" {
		// In 1.11 we don't set a new password on connect (because it is
		// done in the API code, and we don't have any API workers).
		// We want to make sure the API user has the correct password
		// (OldPassword). We *don't* want to set APIInfo.Password
		// because then when we do connect via the API we wouldn't
		// change the password. So this is only used for SetPassword
		validationLogger.Infof(
			"agent.conf StateInfo password is \"\". Setting Agent password for %s to OldPassword",
			conf.APIInfo.Tag)
		password = conf.OldPassword
	}
	// We set the actual password before writing it to disk, because
	// otherwise we would not set it correctly in the future
	if err := setter.SetPassword(password); err != nil {
		return err
	}
	if err := conf.Write(); err != nil {
		return err
	}
	return nil
}
Esempio n. 5
0
func (s *openSuite) TestOpenAPINormal(c *C) {
	conf := agent.Conf{
		APIInfo: s.APIInfo(c),
	}
	conf.OldPassword = "******"

	st, newPassword, err := conf.OpenAPI(api.DialOpts{})
	c.Assert(err, IsNil)
	defer st.Close()
	c.Assert(newPassword, Equals, "")
	c.Assert(st, NotNil)
}
Esempio n. 6
0
func (s *openSuite) TestOpenStateNoPassword(c *C) {
	conf := agent.Conf{
		StateInfo: s.StateInfo(c),
	}
	conf.OldPassword = conf.StateInfo.Password
	conf.StateInfo.Password = ""

	st, err := conf.OpenState()
	c.Assert(err, IsNil)
	c.Assert(st, NotNil)
	st.Close()
}
Esempio n. 7
0
func (suite) TestConfFile(c *C) {
	conf := agent.Conf{
		DataDir: "/foo",
		StateInfo: &state.Info{
			Addrs:    []string{"x:4"},
			CACert:   []byte("xxx"),
			Tag:      "bar",
			Password: "******",
		},
	}
	c.Assert(conf.File("x/y"), Equals, "/foo/agents/bar/x/y")
}
Esempio n. 8
0
func (s *openSuite) TestOpenStateFallbackPassword(c *gc.C) {
	conf := agent.Conf{
		StateInfo: s.StateInfo(c),
	}
	conf.OldPassword = conf.StateInfo.Password
	conf.StateInfo.Password = "******"

	st, err := conf.OpenState()
	c.Assert(err, gc.IsNil)
	c.Assert(st, gc.NotNil)
	st.Close()
}
Esempio n. 9
0
func openState(c *agent.Conf, a Agent) (*state.State, AgentState, error) {
	st, err := c.OpenState()
	if err != nil {
		return nil, nil, err
	}
	entity, err := a.Entity(st)
	if errors.IsNotFoundError(err) || err == nil && entity.Life() == state.Dead {
		err = worker.ErrTerminateAgent
	}
	if err != nil {
		st.Close()
		return nil, nil, err
	}
	return st, entity, nil
}
Esempio n. 10
0
func (s *openSuite) TestOpenAPINoPassword(c *C) {
	conf := agent.Conf{
		APIInfo: s.APIInfo(c),
	}
	conf.OldPassword = conf.APIInfo.Password
	conf.APIInfo.Password = ""

	st, newPassword, err := conf.OpenAPI(api.DialOpts{})
	c.Assert(err, IsNil)
	defer st.Close()
	c.Assert(newPassword, Matches, ".+")
	c.Assert(st, NotNil)
	p, err := utils.RandomPassword()
	c.Assert(err, IsNil)
	c.Assert(newPassword, HasLen, len(p))
	c.Assert(conf.OldPassword, Equals, s.APIInfo(c).Password)
}
Esempio n. 11
0
func (s *openSuite) TestOpenAPIFallbackPassword(c *gc.C) {
	conf := agent.Conf{
		APIInfo: s.APIInfo(c),
	}
	conf.OldPassword = conf.APIInfo.Password
	conf.APIInfo.Password = "******"

	st, newPassword, err := conf.OpenAPI(api.DialOpts{})
	c.Assert(err, gc.IsNil)
	defer st.Close()
	c.Assert(newPassword, gc.Matches, ".+")
	c.Assert(st, gc.NotNil)
	p, err := utils.RandomPassword()
	c.Assert(err, gc.IsNil)
	c.Assert(newPassword, gc.HasLen, len(p))
	c.Assert(conf.OldPassword, gc.Equals, s.APIInfo(c).Password)
}
Esempio n. 12
0
func openAPIState(c *agent.Conf, a Agent) (*api.State, AgentAPIState, error) {
	// We let the API dial fail immediately because the
	// runner's loop outside the caller of openAPIState will
	// keep on retrying. If we block for ages here,
	// then the worker that's calling this cannot
	// be interrupted.
	st, newPassword, err := c.OpenAPI(api.DialOpts{})
	if err != nil {
		return nil, nil, err
	}
	entity, err := a.APIEntity(st)
	if params.ErrCode(err) == params.CodeNotFound || err == nil && entity.Life() == params.Dead {
		err = worker.ErrTerminateAgent
	}
	if err != nil {
		st.Close()
		return nil, nil, err
	}
	if newPassword == "" {
		return st, entity, nil
	}
	// Make a copy of the configuration so that if we fail
	// to write the configuration file, the configuration will
	// still be valid.
	c1 := *c
	stateInfo := *c.StateInfo
	c1.StateInfo = &stateInfo
	apiInfo := *c.APIInfo
	c1.APIInfo = &apiInfo

	c1.StateInfo.Password = newPassword
	c1.APIInfo.Password = newPassword
	if err := c1.Write(); err != nil {
		return nil, nil, err
	}
	*c = c1
	if err := entity.SetPassword(newPassword); err != nil {
		return nil, nil, err
	}
	return st, entity, nil

}