func destroyEnvironment(st *state.State, environTag names.EnvironTag, destroyHostedEnvirons bool) error {
var err error
if environTag != st.EnvironTag() {
if st, err = st.ForEnviron(environTag); err != nil {
return errors.Trace(err)
}
defer st.Close()
}
if destroyHostedEnvirons {
envs, err := st.AllEnvironments()
if err != nil {
return errors.Trace(err)
}
for _, env := range envs {
envSt, err := st.ForEnviron(env.EnvironTag())
defer envSt.Close()
if err != nil {
return errors.Trace(err)
}
check := NewBlockChecker(envSt)
if err = check.DestroyAllowed(); err != nil {
return errors.Trace(err)
}
}
} else {
check := NewBlockChecker(st)
if err = check.DestroyAllowed(); err != nil {
return errors.Trace(err)
}
}
env, err := st.Environment()
if err != nil {
return errors.Trace(err)
}
if destroyHostedEnvirons {
if err := env.DestroyIncludingHosted(); err != nil {
return err
}
} else {
if err = env.Destroy(); err != nil {
return errors.Trace(err)
}
}
err = sendMetrics(st)
if err != nil {
logger.Warningf("failed to send leftover metrics: %v", err)
}
// Return to the caller. If it's the CLI, it will finish up by calling the
// provider's Destroy method, which will destroy the state servers, any
// straggler instances, and other provider-specific resources. Once all
// resources are torn down, the Undertaker worker handles the removal of
// the environment.
return nil
}
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade.
func NewProvisionerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*ProvisionerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
isEnvironManager := authorizer.AuthEnvironManager()
isMachineAgent := authorizer.AuthMachineAgent()
authEntityTag := authorizer.GetAuthTag()
return func(tag names.Tag) bool {
if isMachineAgent && tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
switch tag := tag.(type) {
case names.MachineTag:
parentId := state.ParentId(tag.Id())
if parentId == "" {
// All top-level machines are accessible by the
// environment manager.
return isEnvironManager
}
// All containers with the authenticated machine as a
// parent are accessible by it.
// TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is
// only equal to nil, but it suggests someone is passing an authorizer
// with a nil tag.
return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag
default:
return false
}
}, nil
}
env, err := st.Environment()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
return &ProvisionerAPI{
Remover: common.NewRemover(st, false, getAuthFunc),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
StatusGetter: common.NewStatusGetter(st, getAuthFunc),
DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
EnvironWatcher: common.NewEnvironWatcher(st, resources, authorizer),
EnvironMachinesWatcher: common.NewEnvironMachinesWatcher(st, resources, authorizer),
InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc),
ToolsFinder: common.NewToolsFinder(st, st, urlGetter),
st: st,
resources: resources,
authorizer: authorizer,
getAuthFunc: getAuthFunc,
}, nil
}
func (h *toolsUploadHandler) getServerRoot(r *http.Request, query url.Values, st *state.State) (string, error) {
uuid := query.Get(":envuuid")
if uuid == "" {
env, err := st.Environment()
if err != nil {
return "", err
}
uuid = env.UUID()
}
return fmt.Sprintf("https://%s/environment/%s", r.Host, uuid), nil
}
// DestroyEnvironment destroys all services and non-manager machine
// instances in the specified environment. This function assumes that all
// necessary authentication checks have been done.
func DestroyEnvironment(st *state.State, environTag names.EnvironTag) error {
var err error
if environTag != st.EnvironTag() {
if st, err = st.ForEnviron(environTag); err != nil {
return errors.Trace(err)
}
defer st.Close()
}
check := NewBlockChecker(st)
if err = check.DestroyAllowed(); err != nil {
return errors.Trace(err)
}
env, err := st.Environment()
if err != nil {
return errors.Trace(err)
}
if err = env.Destroy(); err != nil {
return errors.Trace(err)
}
machines, err := st.AllMachines()
if err != nil {
return errors.Trace(err)
}
err = sendMetrics(st)
if err != nil {
logger.Warningf("failed to send leftover metrics: %v", err)
}
// We must destroy instances server-side to support JES (Juju Environment
// Server), as there's no CLI to fall back on. In that case, we only ever
// destroy non-state machines; we leave destroying state servers in non-
// hosted environments to the CLI, as otherwise the API server may get cut
// off.
if err := destroyNonManagerMachines(st, machines); err != nil {
return errors.Trace(err)
}
// If this is not the state server environment, remove all documents from
// state associated with the environment.
if env.EnvironTag() != env.ServerTag() {
return errors.Trace(st.RemoveAllEnvironDocs())
}
// Return to the caller. If it's the CLI, it will finish up
// by calling the provider's Destroy method, which will
// destroy the state servers, any straggler instances, and
// other provider-specific resources.
return nil
}
// NewClient creates a new instance of the Client Facade.
func NewClient(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*Client, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
env, err := st.Environment()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
return &Client{api: &API{
state: st,
auth: authorizer,
resources: resources,
statusSetter: common.NewStatusSetter(st, common.AuthAlways()),
toolsFinder: common.NewToolsFinder(st, st, urlGetter),
}}, nil
}
// NewKeyManagerAPI creates a new server-side keyupdater API end point.
func NewKeyManagerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*KeyManagerAPI, error) {
// Only clients and environment managers can access the key manager service.
if !authorizer.AuthClient() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
env, err := st.Environment()
if err != nil {
return nil, errors.Trace(err)
}
// For gccgo interface comparisons, we need a Tag.
owner := names.Tag(env.Owner())
// TODO(wallyworld) - replace stub with real canRead function
// For now, only admins can read authorised ssh keys.
canRead := func(user string) bool {
// Are we a machine agent operating as the system identity?
if user == config.JujuSystemKey {
_, ismachinetag := authorizer.GetAuthTag().(names.MachineTag)
return ismachinetag
}
return authorizer.GetAuthTag() == owner
}
// TODO(wallyworld) - replace stub with real canWrite function
// For now, only admins can write authorised ssh keys for users.
// Machine agents can write the juju-system-key.
canWrite := func(user string) bool {
// Are we a machine agent writing the Juju system key.
if user == config.JujuSystemKey {
_, ismachinetag := authorizer.GetAuthTag().(names.MachineTag)
return ismachinetag
}
// No point looking to see if the user exists as we are not
// yet storing keys on the user.
return authorizer.GetAuthTag() == owner
}
return &KeyManagerAPI{
state: st,
resources: resources,
authorizer: authorizer,
canRead: canRead,
canWrite: canWrite,
check: common.NewBlockChecker(st),
}, nil
}
func (s *EnvironSuite) assertDyingEnvironTransitionDyingToDead(c *gc.C, st *state.State) {
env, err := st.Environment()
c.Assert(err, jc.ErrorIsNil)
// ProcessDyingEnviron is called by a worker after Destroy is called. To
// avoid a race, we jump the gun here and test immediately after the
// environement was set to dead.
defer state.SetAfterHooks(c, st, func() {
c.Assert(env.Refresh(), jc.ErrorIsNil)
c.Assert(env.Life(), gc.Equals, state.Dying)
c.Assert(st.ProcessDyingEnviron(), jc.ErrorIsNil)
c.Assert(env.Refresh(), jc.ErrorIsNil)
c.Assert(env.Life(), gc.Equals, state.Dead)
}).Check()
c.Assert(env.Destroy(), jc.ErrorIsNil)
}
// NewUpgraderAPI creates a new server-side UpgraderAPI facade.
func NewUpgraderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UpgraderAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanReadWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
env, err := st.Environment()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
return &UpgraderAPI{
ToolsGetter: common.NewToolsGetter(st, st, st, urlGetter, getCanReadWrite),
ToolsSetter: common.NewToolsSetter(st, getCanReadWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
func destroyEnvironment(c *gc.C, st *state.State) {
env, err := st.Environment()
c.Assert(err, jc.ErrorIsNil)
err = env.Destroy()
c.Assert(err, jc.ErrorIsNil)
}
// DeployService takes a charm and various parameters and deploys it.
func DeployService(st *state.State, args DeployServiceParams) (*state.Service, error) {
if args.NumUnits > 1 && len(args.Placement) == 0 && args.ToMachineSpec != "" {
return nil, fmt.Errorf("cannot use --num-units with --to")
}
settings, err := args.Charm.Config().ValidateSettings(args.ConfigSettings)
if err != nil {
return nil, err
}
if args.Charm.Meta().Subordinate {
if args.NumUnits != 0 || args.ToMachineSpec != "" {
return nil, fmt.Errorf("subordinate service must be deployed without units")
}
if !constraints.IsEmpty(&args.Constraints) {
return nil, fmt.Errorf("subordinate service must be deployed without constraints")
}
}
if args.ServiceOwner == "" {
env, err := st.Environment()
if err != nil {
return nil, errors.Trace(err)
}
args.ServiceOwner = env.Owner().String()
}
// TODO(fwereade): transactional State.AddService including settings, constraints
// (minimumUnitCount, initialMachineIds?).
if len(args.Networks) > 0 || args.Constraints.HaveNetworks() {
conf, err := st.EnvironConfig()
if err != nil {
return nil, err
}
env, err := environs.New(conf)
if err != nil {
return nil, err
}
if _, ok := environs.SupportsNetworking(env); !ok {
return nil, fmt.Errorf("cannot deploy with networks: not suppored by the environment")
}
}
service, err := st.AddService(
args.ServiceName,
args.ServiceOwner,
args.Charm,
args.Networks,
stateStorageConstraints(args.Storage),
)
if err != nil {
return nil, err
}
if len(settings) > 0 {
if err := service.UpdateConfigSettings(settings); err != nil {
return nil, err
}
}
if args.Charm.Meta().Subordinate {
return service, nil
}
if !constraints.IsEmpty(&args.Constraints) {
if err := service.SetConstraints(args.Constraints); err != nil {
return nil, err
}
}
if args.NumUnits > 0 {
var err error
// We either have a machine spec or a placement directive.
// Placement directives take precedence.
if len(args.Placement) > 0 || args.ToMachineSpec == "" {
_, err = AddUnitsWithPlacement(st, service, args.NumUnits, args.Placement)
} else {
_, err = AddUnits(st, service, args.NumUnits, args.ToMachineSpec)
}
if err != nil {
return nil, err
}
}
return service, nil
}
// InstanceConfig returns information from the environment config that
// is needed for machine cloud-init (for non-state servers only). It
// is exposed for testing purposes.
// TODO(rog) fix environs/manual tests so they do not need to call this, or move this elsewhere.
func InstanceConfig(st *state.State, machineId, nonce, dataDir string) (*instancecfg.InstanceConfig, error) {
environConfig, err := st.EnvironConfig()
if err != nil {
return nil, err
}
// Get the machine so we can get its series and arch.
// If the Arch is not set in hardware-characteristics,
// an error is returned.
machine, err := st.Machine(machineId)
if err != nil {
return nil, err
}
hc, err := machine.HardwareCharacteristics()
if err != nil {
return nil, err
}
if hc.Arch == nil {
return nil, fmt.Errorf("arch is not set for %q", machine.Tag())
}
// Find the appropriate tools information.
agentVersion, ok := environConfig.AgentVersion()
if !ok {
return nil, errors.New("no agent version set in environment configuration")
}
environment, err := st.Environment()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(environment.UUID(), st)
toolsFinder := common.NewToolsFinder(st, st, urlGetter)
findToolsResult, err := toolsFinder.FindTools(params.FindToolsParams{
Number: agentVersion,
MajorVersion: -1,
MinorVersion: -1,
Series: machine.Series(),
Arch: *hc.Arch,
})
if err != nil {
return nil, err
}
if findToolsResult.Error != nil {
return nil, findToolsResult.Error
}
tools := findToolsResult.List[0]
// Find the API endpoints.
env, err := environs.New(environConfig)
if err != nil {
return nil, err
}
apiInfo, err := environs.APIInfo(env)
if err != nil {
return nil, err
}
auth := authentication.NewAuthenticator(st.MongoConnectionInfo(), apiInfo)
mongoInfo, apiInfo, err := auth.SetupAuthentication(machine)
if err != nil {
return nil, err
}
// Find requested networks.
networks, err := machine.RequestedNetworks()
if err != nil {
return nil, err
}
// Figure out if secure connections are supported.
info, err := st.StateServingInfo()
if err != nil {
return nil, err
}
secureServerConnection := info.CAPrivateKey != ""
icfg, err := instancecfg.NewInstanceConfig(machineId, nonce, env.Config().ImageStream(), machine.Series(), "",
secureServerConnection, networks, mongoInfo, apiInfo,
)
if err != nil {
return nil, err
}
if dataDir != "" {
icfg.DataDir = dataDir
}
icfg.Tools = tools
err = instancecfg.FinishInstanceConfig(icfg, environConfig)
if err != nil {
return nil, err
}
return icfg, nil
}