// fixEnvironment undoes the work of invalidateEnvironment.
func (s *CommonProvisionerSuite) fixEnvironment(c *gc.C) error {
st, err := state.Open(s.StateInfo(c), state.DefaultDialOpts(), state.Policy(nil))
c.Assert(err, gc.IsNil)
defer st.Close()
attrs := map[string]interface{}{"type": s.cfg.AllAttrs()["type"]}
return st.UpdateEnvironConfig(attrs, nil, nil)
}
func (s *BootstrapSuite) TestSetConstraints(c *gc.C) {
tcons := constraints.Value{Mem: uint64p(2048), CpuCores: uint64p(2)}
_, cmd, err := s.initBootstrapCommand(c, nil,
"--env-config", s.envcfg,
"--instance-id", string(s.instanceId),
"--constraints", tcons.String(),
)
c.Assert(err, gc.IsNil)
err = cmd.Run(nil)
c.Assert(err, gc.IsNil)
st, err := state.Open(&state.Info{
Addrs: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
Password: testPasswordHash(),
}, state.DefaultDialOpts(), environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
defer st.Close()
cons, err := st.EnvironConstraints()
c.Assert(err, gc.IsNil)
c.Assert(cons, gc.DeepEquals, tcons)
machines, err := st.AllMachines()
c.Assert(err, gc.IsNil)
c.Assert(machines, gc.HasLen, 1)
cons, err = machines[0].Constraints()
c.Assert(err, gc.IsNil)
c.Assert(cons, gc.DeepEquals, tcons)
}
func (s *environSuite) TestInvalidConfig(c *gc.C) {
var oldType string
oldType = s.Conn.Environ.Config().AllAttrs()["type"].(string)
// Create an invalid config by taking the current config and
// tweaking the provider type.
info := s.StateInfo(c)
opts := state.DefaultDialOpts()
st2, err := state.Open(info, opts, state.Policy(nil))
c.Assert(err, gc.IsNil)
defer st2.Close()
err = st2.UpdateEnvironConfig(map[string]interface{}{"type": "unknown"}, nil, nil)
c.Assert(err, gc.IsNil)
w := st2.WatchForEnvironConfigChanges()
defer stopWatcher(c, w)
done := make(chan environs.Environ)
go func() {
env, err := worker.WaitForEnviron(w, st2, nil)
c.Check(err, gc.IsNil)
done <- env
}()
// Wait for the loop to process the invalid configuratrion
<-worker.LoadedInvalid
st2.UpdateEnvironConfig(map[string]interface{}{
"type": oldType,
"secret": "environ_test",
}, nil, nil)
env := <-done
c.Assert(env, gc.NotNil)
c.Assert(env.Config().AllAttrs()["secret"], gc.Equals, "environ_test")
}
// invalidateEnvironment alters the environment configuration
// so the Settings returned from the watcher will not pass
// validation.
func (s *CommonProvisionerSuite) invalidateEnvironment(c *gc.C) {
st, err := state.Open(s.StateInfo(c), state.DefaultDialOpts(), state.Policy(nil))
c.Assert(err, gc.IsNil)
defer st.Close()
attrs := map[string]interface{}{"type": "unknown"}
err = st.UpdateEnvironConfig(attrs, nil, nil)
c.Assert(err, gc.IsNil)
}
func (s *environSuite) TestEnvironmentChanges(c *gc.C) {
originalConfig, err := s.State.EnvironConfig()
c.Assert(err, gc.IsNil)
logc := make(logChan, 1009)
c.Assert(loggo.RegisterWriter("testing", logc, loggo.WARNING), gc.IsNil)
defer loggo.RemoveWriter("testing")
obs, err := worker.NewEnvironObserver(s.State)
c.Assert(err, gc.IsNil)
env := obs.Environ()
c.Assert(env.Config().AllAttrs(), gc.DeepEquals, originalConfig.AllAttrs())
var oldType string
oldType = env.Config().AllAttrs()["type"].(string)
info := s.StateInfo(c)
opts := state.DefaultDialOpts()
st2, err := state.Open(info, opts, state.Policy(nil))
defer st2.Close()
// Change to an invalid configuration and check
// that the observer's environment remains the same.
st2.UpdateEnvironConfig(map[string]interface{}{"type": "invalid"}, nil, nil)
st2.StartSync()
// Wait for the observer to register the invalid environment
timeout := time.After(coretesting.LongWait)
loop:
for {
select {
case msg := <-logc:
if strings.Contains(msg, "error creating Environ") {
break loop
}
case <-timeout:
c.Fatalf("timed out waiting to see broken environment")
}
}
// Check that the returned environ is still the same.
env = obs.Environ()
c.Assert(env.Config().AllAttrs(), gc.DeepEquals, originalConfig.AllAttrs())
// Change the environment back to a valid configuration
// with a different name and check that we see it.
st2.UpdateEnvironConfig(map[string]interface{}{"type": oldType, "name": "a-new-name"}, nil, nil)
st2.StartSync()
for a := coretesting.LongAttempt.Start(); a.Next(); {
env := obs.Environ()
if !a.HasNext() {
c.Fatalf("timed out waiting for new environ")
}
if env.Config().Name() == "a-new-name" {
break
}
}
}
func (*NewConnSuite) TestConnWithPassword(c *gc.C) {
attrs := dummy.SampleConfig().Merge(coretesting.Attrs{
"admin-secret": "nutkin",
})
cfg, err := config.New(config.NoDefaults, attrs)
c.Assert(err, gc.IsNil)
ctx := coretesting.Context(c)
env, err := environs.Prepare(cfg, ctx, configstore.NewMem())
c.Assert(err, gc.IsNil)
envtesting.UploadFakeTools(c, env.Storage())
err = bootstrap.Bootstrap(ctx, env, environs.BootstrapParams{})
c.Assert(err, gc.IsNil)
// Check that Bootstrap has correctly used a hash
// of the admin password.
info, _, err := env.StateInfo()
c.Assert(err, gc.IsNil)
info.Password = utils.UserPasswordHash("nutkin", utils.CompatSalt)
st, err := state.Open(info, state.DefaultDialOpts(), environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
assertClose(c, st)
// Check that we can connect with the original environment.
conn, err := juju.NewConn(env)
c.Assert(err, gc.IsNil)
assertClose(c, conn)
// Check that the password has now been changed to the original
// admin password.
info.Password = "******"
st1, err := state.Open(info, state.DefaultDialOpts(), environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
assertClose(c, st1)
// Check that we can still connect with the original
// environment.
conn, err = juju.NewConn(env)
c.Assert(err, gc.IsNil)
defer assertClose(c, conn)
// Reset the admin password so the state db can be reused.
err = conn.State.SetAdminMongoPassword("")
c.Assert(err, gc.IsNil)
}
func testOpenState(c *gc.C, info *state.Info, expectErrType error) {
st, err := state.Open(info, state.DefaultDialOpts(), environs.NewStatePolicy())
if st != nil {
st.Close()
}
if expectErrType != nil {
c.Assert(err, gc.FitsTypeOf, expectErrType)
} else {
c.Assert(err, gc.IsNil)
}
}
func (s *BootstrapSuite) TestInitializeEnvironment(c *gc.C) {
hw := instance.MustParseHardware("arch=amd64 mem=8G")
machConf, cmd, err := s.initBootstrapCommand(c, nil, "--env-config", s.envcfg, "--instance-id", string(s.instanceId), "--hardware", hw.String())
c.Assert(err, gc.IsNil)
err = cmd.Run(nil)
c.Assert(err, gc.IsNil)
c.Assert(s.fakeEnsureMongo.dataDir, gc.Equals, s.dataDir)
c.Assert(s.fakeEnsureMongo.initiateCount, gc.Equals, 1)
c.Assert(s.fakeEnsureMongo.ensureCount, gc.Equals, 1)
c.Assert(s.fakeEnsureMongo.dataDir, gc.Equals, s.dataDir)
c.Assert(s.fakeEnsureMongo.withHA, jc.IsTrue)
expectInfo, exists := machConf.StateServingInfo()
c.Assert(exists, jc.IsTrue)
c.Assert(expectInfo.SharedSecret, gc.Equals, "")
servingInfo := s.fakeEnsureMongo.info
c.Assert(len(servingInfo.SharedSecret), gc.Not(gc.Equals), 0)
servingInfo.SharedSecret = ""
c.Assert(servingInfo, jc.DeepEquals, expectInfo)
expectDialAddrs := []string{fmt.Sprintf("127.0.0.1:%d", expectInfo.StatePort)}
gotDialAddrs := s.fakeEnsureMongo.initiateParams.DialInfo.Addrs
c.Assert(gotDialAddrs, gc.DeepEquals, expectDialAddrs)
memberHost := fmt.Sprintf("%s:%d", s.bootstrapName, expectInfo.StatePort)
c.Assert(s.fakeEnsureMongo.initiateParams.MemberHostPort, gc.Equals, memberHost)
c.Assert(s.fakeEnsureMongo.initiateParams.User, gc.Equals, "")
c.Assert(s.fakeEnsureMongo.initiateParams.Password, gc.Equals, "")
st, err := state.Open(&state.Info{
Addrs: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
Password: testPasswordHash(),
}, state.DefaultDialOpts(), environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
defer st.Close()
machines, err := st.AllMachines()
c.Assert(err, gc.IsNil)
c.Assert(machines, gc.HasLen, 1)
instid, err := machines[0].InstanceId()
c.Assert(err, gc.IsNil)
c.Assert(instid, gc.Equals, instance.Id(string(s.instanceId)))
stateHw, err := machines[0].HardwareCharacteristics()
c.Assert(err, gc.IsNil)
c.Assert(stateHw, gc.NotNil)
c.Assert(*stateHw, gc.DeepEquals, hw)
cons, err := st.EnvironConstraints()
c.Assert(err, gc.IsNil)
c.Assert(&cons, jc.Satisfies, constraints.IsEmpty)
}
func (s *environSuite) TestErrorWhenEnvironIsInvalid(c *gc.C) {
// reopen the state so that we can wangle a dodgy environ config in there.
st, err := state.Open(s.StateInfo(c), state.DefaultDialOpts(), state.Policy(nil))
c.Assert(err, gc.IsNil)
defer st.Close()
err = st.UpdateEnvironConfig(map[string]interface{}{"secret": 999}, nil, nil)
c.Assert(err, gc.IsNil)
obs, err := worker.NewEnvironObserver(s.State)
c.Assert(err, gc.ErrorMatches, `cannot make Environ: secret: expected string, got int\(999\)`)
c.Assert(obs, gc.IsNil)
}
// NewConn returns a new Conn that uses the
// given environment. The environment must have already
// been bootstrapped.
func NewConn(environ environs.Environ) (*Conn, error) {
info, _, err := environ.StateInfo()
if err != nil {
return nil, err
}
password := environ.Config().AdminSecret()
if password == "" {
return nil, fmt.Errorf("cannot connect without admin-secret")
}
err = environs.CheckEnvironment(environ)
if err != nil {
return nil, err
}
info.Password = password
opts := state.DefaultDialOpts()
st, err := state.Open(info, opts, environs.NewStatePolicy())
if errors.IsUnauthorized(err) {
logger.Infof("authorization error while connecting to state server; retrying")
// We can't connect with the administrator password,;
// perhaps this was the first connection and the
// password has not been changed yet.
info.Password = utils.UserPasswordHash(password, utils.CompatSalt)
// We try for a while because we might succeed in
// connecting to mongo before the state has been
// initialized and the initial password set.
for a := redialStrategy.Start(); a.Next(); {
st, err = state.Open(info, opts, environs.NewStatePolicy())
if !errors.IsUnauthorized(err) {
break
}
}
if err != nil {
return nil, err
}
if err := st.SetAdminMongoPassword(password); err != nil {
return nil, err
}
} else if err != nil {
return nil, err
}
conn := &Conn{
Environ: environ,
State: st,
}
if err := conn.updateSecrets(); err != nil {
conn.Close()
return nil, fmt.Errorf("unable to push secrets: %v", err)
}
return conn, nil
}
func (c *BootstrapCommand) startMongo(addrs []instance.Address, agentConfig agent.Config) error {
logger.Debugf("starting mongo")
info, ok := agentConfig.StateInfo()
if !ok {
return fmt.Errorf("no state info available")
}
dialInfo, err := state.DialInfo(info, state.DefaultDialOpts())
if err != nil {
return err
}
servingInfo, ok := agentConfig.StateServingInfo()
if !ok {
return fmt.Errorf("agent config has no state serving info")
}
// Use localhost to dial the mongo server, because it's running in
// auth mode and will refuse to perform any operations unless
// we dial that address.
dialInfo.Addrs = []string{
net.JoinHostPort("127.0.0.1", fmt.Sprint(servingInfo.StatePort)),
}
logger.Debugf("calling ensureMongoServer")
withHA := shouldEnableHA(agentConfig)
err = ensureMongoServer(
agentConfig.DataDir(),
agentConfig.Value(agent.Namespace),
servingInfo,
withHA,
)
if err != nil {
return err
}
// If we are not doing HA, there is no need to set up replica set.
if !withHA {
return nil
}
peerAddr := mongo.SelectPeerAddress(addrs)
if peerAddr == "" {
return fmt.Errorf("no appropriate peer address found in %q", addrs)
}
peerHostPort := net.JoinHostPort(peerAddr, fmt.Sprint(servingInfo.StatePort))
return maybeInitiateMongoServer(peergrouper.InitiateMongoParams{
DialInfo: dialInfo,
MemberHostPort: peerHostPort,
})
}
func (s *BootstrapSuite) TestInitialPassword(c *gc.C) {
machineConf, cmd, err := s.initBootstrapCommand(c, nil, "--env-config", s.envcfg, "--instance-id", string(s.instanceId))
c.Assert(err, gc.IsNil)
err = cmd.Run(nil)
c.Assert(err, gc.IsNil)
// Check that we cannot now connect to the state without a
// password.
info := &state.Info{
Addrs: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
}
testOpenState(c, info, errors.Unauthorizedf(""))
// Check we can log in to mongo as admin.
info.Tag, info.Password = "", testPasswordHash()
st, err := state.Open(info, state.DefaultDialOpts(), environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
// Reset password so the tests can continue to use the same server.
defer st.Close()
defer st.SetAdminMongoPassword("")
// Check that the admin user has been given an appropriate
// password
u, err := st.User("admin")
c.Assert(err, gc.IsNil)
c.Assert(u.PasswordValid(testPassword), gc.Equals, true)
// Check that the machine configuration has been given a new
// password and that we can connect to mongo as that machine
// and that the in-mongo password also verifies correctly.
machineConf1, err := agent.ReadConfig(agent.ConfigPath(machineConf.DataDir(), "machine-0"))
c.Assert(err, gc.IsNil)
stateinfo, ok := machineConf1.StateInfo()
c.Assert(ok, jc.IsTrue)
st, err = state.Open(stateinfo, state.DialOpts{}, environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
defer st.Close()
m, err := st.Machine("0")
c.Assert(err, gc.IsNil)
c.Assert(m.HasVote(), jc.IsTrue)
}
func (s *BootstrapSuite) TestConfiguredMachineJobs(c *gc.C) {
jobs := []params.MachineJob{params.JobManageEnviron}
_, cmd, err := s.initBootstrapCommand(c, jobs, "--env-config", s.envcfg, "--instance-id", string(s.instanceId))
c.Assert(err, gc.IsNil)
err = cmd.Run(nil)
c.Assert(err, gc.IsNil)
st, err := state.Open(&state.Info{
Addrs: []string{testing.MgoServer.Addr()},
CACert: testing.CACert,
Password: testPasswordHash(),
}, state.DefaultDialOpts(), environs.NewStatePolicy())
c.Assert(err, gc.IsNil)
defer st.Close()
m, err := st.Machine("0")
c.Assert(err, gc.IsNil)
c.Assert(m.Jobs(), gc.DeepEquals, []state.MachineJob{state.JobManageEnviron})
}
func (*NewConnSuite) TestConnStateSecretsSideEffect(c *gc.C) {
attrs := dummy.SampleConfig().Merge(coretesting.Attrs{
"admin-secret": "side-effect secret",
"secret": "pork",
})
cfg, err := config.New(config.NoDefaults, attrs)
c.Assert(err, gc.IsNil)
ctx := coretesting.Context(c)
env, err := environs.Prepare(cfg, ctx, configstore.NewMem())
c.Assert(err, gc.IsNil)
envtesting.UploadFakeTools(c, env.Storage())
err = bootstrap.Bootstrap(ctx, env, environs.BootstrapParams{})
c.Assert(err, gc.IsNil)
info, _, err := env.StateInfo()
c.Assert(err, gc.IsNil)
info.Password = utils.UserPasswordHash("side-effect secret", utils.CompatSalt)
// Use a state without a nil policy, which will allow us to set an invalid config.
st, err := state.Open(info, state.DefaultDialOpts(), state.Policy(nil))
c.Assert(err, gc.IsNil)
defer assertClose(c, st)
// Verify we have secrets in the environ config already.
statecfg, err := st.EnvironConfig()
c.Assert(err, gc.IsNil)
c.Assert(statecfg.UnknownAttrs()["secret"], gc.Equals, "pork")
// Remove the secret from state, and then make sure it gets
// pushed back again.
err = st.UpdateEnvironConfig(map[string]interface{}{}, []string{"secret"}, nil)
c.Assert(err, gc.IsNil)
// Make a new Conn, which will push the secrets.
conn, err := juju.NewConn(env)
c.Assert(err, gc.IsNil)
defer assertClose(c, conn)
statecfg, err = conn.State.EnvironConfig()
c.Assert(err, gc.IsNil)
c.Assert(statecfg.UnknownAttrs()["secret"], gc.Equals, "pork")
// Reset the admin password so the state db can be reused.
err = conn.State.SetAdminMongoPassword("")
c.Assert(err, gc.IsNil)
}
func (a *MachineAgent) ensureMongoAdminUser(agentConfig agent.Config) (added bool, err error) {
stateInfo, ok1 := agentConfig.StateInfo()
servingInfo, ok2 := agentConfig.StateServingInfo()
if !ok1 || !ok2 {
return false, fmt.Errorf("no state serving info configuration")
}
dialInfo, err := state.DialInfo(stateInfo, state.DefaultDialOpts())
if err != nil {
return false, err
}
if len(dialInfo.Addrs) > 1 {
logger.Infof("more than one state server; admin user must exist")
return false, nil
}
return ensureMongoAdminUser(mongo.EnsureAdminUserParams{
DialInfo: dialInfo,
Namespace: agentConfig.Value(agent.Namespace),
DataDir: agentConfig.DataDir(),
Port: servingInfo.StatePort,
User: stateInfo.Tag,
Password: stateInfo.Password,
})
}
func (c *restoreCommand) Run(ctx *cmd.Context) error {
if c.showDescription {
fmt.Fprintf(ctx.Stdout, "%s\n", c.Info().Purpose)
return nil
}
if err := c.Log.Start(ctx); err != nil {
return err
}
creds, err := extractCreds(c.backupFile)
if err != nil {
return fmt.Errorf("cannot extract credentials from backup file: %v", err)
}
progress("extracted credentials from backup file")
store, err := configstore.Default()
if err != nil {
return err
}
cfg, _, err := environs.ConfigForName(c.EnvName, store)
if err != nil {
return err
}
env, err := rebootstrap(cfg, ctx, c.Constraints)
if err != nil {
return fmt.Errorf("cannot re-bootstrap environment: %v", err)
}
progress("connecting to newly bootstrapped instance")
conn, err := juju.NewAPIConn(env, api.DefaultDialOpts())
if err != nil {
return fmt.Errorf("cannot connect to bootstrap instance: %v", err)
}
progress("restoring bootstrap machine")
newInstId, machine0Addr, err := restoreBootstrapMachine(conn, c.backupFile, creds)
if err != nil {
return fmt.Errorf("cannot restore bootstrap machine: %v", err)
}
progress("restored bootstrap machine")
// Update the environ state to point to the new instance.
if err := bootstrap.SaveState(env.Storage(), &bootstrap.BootstrapState{
StateInstances: []instance.Id{newInstId},
}); err != nil {
return fmt.Errorf("cannot update environ bootstrap state storage: %v", err)
}
// Construct our own state info rather than using juju.NewConn so
// that we can avoid storage eventual-consistency issues
// (and it's faster too).
caCert, ok := cfg.CACert()
if !ok {
return fmt.Errorf("configuration has no CA certificate")
}
progress("opening state")
st, err := state.Open(&state.Info{
Addrs: []string{fmt.Sprintf("%s:%d", machine0Addr, cfg.StatePort())},
CACert: caCert,
Tag: creds.Tag,
Password: creds.Password,
}, state.DefaultDialOpts(), environs.NewStatePolicy())
if err != nil {
return fmt.Errorf("cannot open state: %v", err)
}
progress("updating all machines")
if err := updateAllMachines(st, machine0Addr); err != nil {
return fmt.Errorf("cannot update machines: %v", err)
}
return nil
}
func (e *environ) Bootstrap(ctx environs.BootstrapContext, args environs.BootstrapParams) error {
selectedTools, err := common.EnsureBootstrapTools(ctx, e, config.PreferredSeries(e.Config()), args.Constraints.Arch)
if err != nil {
return err
}
defer delay()
if err := e.checkBroken("Bootstrap"); err != nil {
return err
}
password := e.Config().AdminSecret()
if password == "" {
return fmt.Errorf("admin-secret is required for bootstrap")
}
if _, ok := e.Config().CACert(); !ok {
return fmt.Errorf("no CA certificate in environment configuration")
}
logger.Infof("would pick tools from %s", selectedTools)
cfg, err := environs.BootstrapConfig(e.Config())
if err != nil {
return fmt.Errorf("cannot make bootstrap config: %v", err)
}
estate, err := e.state()
if err != nil {
return err
}
estate.mu.Lock()
defer estate.mu.Unlock()
if estate.bootstrapped {
return fmt.Errorf("environment is already bootstrapped")
}
// Write the bootstrap file just like a normal provider. However
// we need to release the mutex for the save state to work, so regain
// it after the call.
estate.mu.Unlock()
if err := bootstrap.SaveState(e.Storage(), &bootstrap.BootstrapState{StateInstances: []instance.Id{"localhost"}}); err != nil {
logger.Errorf("failed to save state instances: %v", err)
estate.mu.Lock() // otherwise defered unlock will fail
return err
}
estate.mu.Lock() // back at it
if e.ecfg().stateServer() {
// TODO(rog) factor out relevant code from cmd/jujud/bootstrap.go
// so that we can call it here.
info := stateInfo()
st, err := state.Initialize(info, cfg, state.DefaultDialOpts(), estate.statePolicy)
if err != nil {
panic(err)
}
if err := st.SetEnvironConstraints(args.Constraints); err != nil {
panic(err)
}
if err := st.SetAdminMongoPassword(utils.UserPasswordHash(password, utils.CompatSalt)); err != nil {
panic(err)
}
_, err = st.AddUser("admin", password)
if err != nil {
panic(err)
}
estate.apiServer, err = apiserver.NewServer(st, "localhost:0", []byte(testing.ServerCert), []byte(testing.ServerKey), DataDir, LogDir)
if err != nil {
panic(err)
}
estate.apiState = st
}
estate.bootstrapped = true
estate.ops <- OpBootstrap{Context: ctx, Env: e.name, Args: args}
return nil
}
// ensureMongoServer ensures that mongo is installed and running,
// and ready for opening a state connection.
func (a *MachineAgent) ensureMongoServer(agentConfig agent.Config) error {
servingInfo, ok := agentConfig.StateServingInfo()
if !ok {
return fmt.Errorf("state worker was started with no state serving info")
}
namespace := agentConfig.Value(agent.Namespace)
withHA := shouldEnableHA(agentConfig)
// When upgrading from a pre-HA-capable environment,
// we must add machine-0 to the admin database and
// initiate its replicaset.
//
// TODO(axw) remove this when we no longer need
// to upgrade from pre-HA-capable environments.
var shouldInitiateMongoServer bool
var addrs []instance.Address
if isPreHAVersion(agentConfig.UpgradedToVersion()) {
_, err := a.ensureMongoAdminUser(agentConfig)
if err != nil {
return err
}
if servingInfo.SharedSecret == "" {
servingInfo.SharedSecret, err = mongo.GenerateSharedSecret()
if err != nil {
return err
}
if err = a.ChangeConfig(func(config agent.ConfigSetter) {
config.SetStateServingInfo(servingInfo)
}); err != nil {
return err
}
agentConfig = a.CurrentConfig()
}
st, m, err := openState(agentConfig)
if err != nil {
return err
}
if err := st.SetStateServingInfo(servingInfo); err != nil {
st.Close()
return fmt.Errorf("cannot set state serving info: %v", err)
}
st.Close()
addrs = m.Addresses()
shouldInitiateMongoServer = withHA
}
// ensureMongoServer installs/upgrades the upstart config as necessary.
if err := ensureMongoServer(
agentConfig.DataDir(),
namespace,
servingInfo,
withHA,
); err != nil {
return err
}
if !shouldInitiateMongoServer {
return nil
}
// Initiate the replicaset for upgraded environments.
//
// TODO(axw) remove this when we no longer need
// to upgrade from pre-HA-capable environments.
stateInfo, ok := agentConfig.StateInfo()
if !ok {
return fmt.Errorf("state worker was started with no state serving info")
}
dialInfo, err := state.DialInfo(stateInfo, state.DefaultDialOpts())
if err != nil {
return err
}
peerAddr := mongo.SelectPeerAddress(addrs)
if peerAddr == "" {
return fmt.Errorf("no appropriate peer address found in %q", addrs)
}
return maybeInitiateMongoServer(peergrouper.InitiateMongoParams{
DialInfo: dialInfo,
MemberHostPort: net.JoinHostPort(peerAddr, fmt.Sprint(servingInfo.StatePort)),
User: stateInfo.Tag,
Password: stateInfo.Password,
})
}
// Run initializes state for an environment.
func (c *BootstrapCommand) Run(_ *cmd.Context) error {
envCfg, err := config.New(config.NoDefaults, c.EnvConfig)
if err != nil {
return err
}
err = c.ReadConfig("machine-0")
if err != nil {
return err
}
agentConfig := c.CurrentConfig()
// agent.Jobs is an optional field in the agent config, and was
// introduced after 1.17.2. We default to allowing units on
// machine-0 if missing.
jobs := agentConfig.Jobs()
if len(jobs) == 0 {
jobs = []params.MachineJob{
params.JobManageEnviron,
params.JobHostUnits,
}
}
// Get the bootstrap machine's addresses from the provider.
env, err := environs.New(envCfg)
if err != nil {
return err
}
instanceId := instance.Id(c.InstanceId)
instances, err := env.Instances([]instance.Id{instanceId})
if err != nil {
return err
}
addrs, err := instances[0].Addresses()
if err != nil {
return err
}
// Create system-identity file
if err := agent.WriteSystemIdentityFile(agentConfig); err != nil {
return err
}
// Generate a shared secret for the Mongo replica set, and write it out.
sharedSecret, err := mongo.GenerateSharedSecret()
if err != nil {
return err
}
info, ok := agentConfig.StateServingInfo()
if !ok {
return fmt.Errorf("bootstrap machine config has no state serving info")
}
info.SharedSecret = sharedSecret
err = c.ChangeConfig(func(agentConfig agent.ConfigSetter) {
agentConfig.SetStateServingInfo(info)
})
if err != nil {
return fmt.Errorf("cannot write agent config: %v", err)
}
agentConfig = c.CurrentConfig()
if err := c.startMongo(addrs, agentConfig); err != nil {
return err
}
logger.Infof("started mongo")
// Initialise state, and store any agent config (e.g. password) changes.
var st *state.State
var m *state.Machine
err = nil
writeErr := c.ChangeConfig(func(agentConfig agent.ConfigSetter) {
st, m, err = agent.InitializeState(
agentConfig,
envCfg,
agent.BootstrapMachineConfig{
Addresses: addrs,
Constraints: c.Constraints,
Jobs: jobs,
InstanceId: instanceId,
Characteristics: c.Hardware,
SharedSecret: sharedSecret,
},
state.DefaultDialOpts(),
environs.NewStatePolicy(),
)
})
if writeErr != nil {
return fmt.Errorf("cannot write initial configuration: %v", err)
}
if err != nil {
return err
}
defer st.Close()
// bootstrap machine always gets the vote
return m.SetHasVote(true)
}