func (s *flagWinSuite) TestParsing(c *gc.C) {
s.k.SetStringValue("JUJU_TESTING_FEATURE", "MAGIC, test, space ")
featureflag.SetFlagsFromRegistry(regKey, "JUJU_TESTING_FEATURE")
c.Assert(featureflag.All(), jc.SameContents, []string{"magic", "space", "test"})
c.Assert(featureflag.AsEnvironmentValue(), gc.Equals, "magic,space,test")
c.Assert(featureflag.String(), gc.Equals, `"magic", "space", "test"`)
}
// FeatureFlags returns a map that can be merged with os.Environ.
func FeatureFlags() map[string]string {
result := make(map[string]string)
if envVar := featureflag.AsEnvironmentValue(); envVar != "" {
result[JujuFeatureFlagEnvKey] = envVar
}
return result
}
func (s *flagSuite) TestEmpty(c *gc.C) {
s.PatchEnvironment("JUJU_TESTING_FEATURE", "")
featureflag.SetFlagsFromEnvironment("JUJU_TESTING_FEATURE")
c.Assert(featureflag.All(), gc.HasLen, 0)
c.Assert(featureflag.AsEnvironmentValue(), gc.Equals, "")
c.Assert(featureflag.String(), gc.Equals, "")
}
func (s *flagWinSuite) TestEmpty(c *gc.C) {
s.k.SetStringValue("JUJU_TESTING_FEATURE", "")
featureflag.SetFlagsFromRegistry(regKey, "JUJU_TESTING_FEATURE")
c.Assert(featureflag.All(), gc.HasLen, 0)
c.Assert(featureflag.AsEnvironmentValue(), gc.Equals, "")
c.Assert(featureflag.String(), gc.Equals, "")
}
func (w *windowsConfigure) ConfigureJuju() error {
if err := w.icfg.VerifyConfig(); err != nil {
return errors.Trace(err)
}
toolsJson, err := json.Marshal(w.icfg.Tools)
if err != nil {
return errors.Annotate(err, "while serializing the tools")
}
const python = `${env:ProgramFiles(x86)}\Cloudbase Solutions\Cloudbase-Init\Python27\python.exe`
renderer := w.conf.ShellRenderer()
w.conf.AddScripts(
fmt.Sprintf(`$binDir="%s"`, renderer.FromSlash(w.icfg.JujuTools())),
`$tmpBinDir=$binDir.Replace('\', '\\')`,
fmt.Sprintf(`mkdir '%s'`, renderer.FromSlash(w.icfg.LogDir)),
`mkdir $binDir`,
`$WebClient = New-Object System.Net.WebClient`,
`[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}`,
fmt.Sprintf(`ExecRetry { $WebClient.DownloadFile('%s', "$binDir\tools.tar.gz") }`, w.icfg.Tools.URL),
`$dToolsHash = (Get-FileHash -Algorithm SHA256 "$binDir\tools.tar.gz").hash`,
fmt.Sprintf(`$dToolsHash > "$binDir\juju%s.sha256"`,
w.icfg.Tools.Version),
fmt.Sprintf(`if ($dToolsHash.ToLower() -ne "%s"){ Throw "Tools checksum mismatch"}`,
w.icfg.Tools.SHA256),
fmt.Sprintf(`& "%s" -c "import tarfile;archive = tarfile.open('$tmpBinDir\\tools.tar.gz');archive.extractall(path='$tmpBinDir')"`, python),
`rm "$binDir\tools.tar*"`,
fmt.Sprintf(`Set-Content $binDir\downloaded-tools.txt '%s'`, string(toolsJson)),
// Create a registry key for storing juju related information
fmt.Sprintf(`New-Item -Path '%s'`, osenv.JujuRegistryKey),
fmt.Sprintf(`$acl = Get-Acl -Path '%s'`, osenv.JujuRegistryKey),
// Reset the ACL's on it and add administrator access only.
`$acl.SetAccessRuleProtection($true, $false)`,
`$perm = "BUILTIN\Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"`,
`$rule = New-Object System.Security.AccessControl.RegistryAccessRule $perm`,
`$acl.SetAccessRule($rule)`,
fmt.Sprintf(`Set-Acl -Path '%s' -AclObject $acl`, osenv.JujuRegistryKey),
// Create a JUJU_DEV_FEATURE_FLAGS entry which may or may not be empty.
fmt.Sprintf(`New-ItemProperty -Path '%s' -Name '%s'`,
osenv.JujuRegistryKey,
osenv.JujuFeatureFlagEnvKey),
fmt.Sprintf(`Set-ItemProperty -Path '%s' -Name '%s' -Value '%s'`,
osenv.JujuRegistryKey,
osenv.JujuFeatureFlagEnvKey,
featureflag.AsEnvironmentValue()),
)
if w.icfg.Bootstrap == true {
// Bootstrap machine not supported on windows
return errors.Errorf("bootstrapping is not supported on windows")
}
machineTag := names.NewMachineTag(w.icfg.MachineId)
_, err = w.addAgentInfo(machineTag)
if err != nil {
return errors.Trace(err)
}
return w.addMachineAgentToBoot()
}
// CreateJujuRegistryKey is going to create a juju registry key and set
// permissions on it such that it's only accessible to administrators
// It is exported because it is used in an upgrade step
func CreateJujuRegistryKeyCmds() []string {
aclCmds := setACLs(osenv.JujuRegistryKey, registryEntry)
regCmds := []string{
// Create a registry key for storing juju related information
fmt.Sprintf(`New-Item -Path '%s'`, osenv.JujuRegistryKey),
// Create a JUJU_DEV_FEATURE_FLAGS entry which may or may not be empty.
fmt.Sprintf(`New-ItemProperty -Path '%s' -Name '%s'`,
osenv.JujuRegistryKey,
osenv.JujuFeatureFlagEnvKey),
fmt.Sprintf(`Set-ItemProperty -Path '%s' -Name '%s' -Value '%s'`,
osenv.JujuRegistryKey,
osenv.JujuFeatureFlagEnvKey,
featureflag.AsEnvironmentValue()),
}
return append(regCmds[:1], append(aclCmds, regCmds[1:]...)...)
}
func (w *unixConfigure) configureBootstrap() error {
// Add the Juju GUI to the bootstrap node.
cleanup, err := w.setUpGUI()
if err != nil {
return errors.Annotate(err, "cannot set up Juju GUI")
}
if cleanup != nil {
defer cleanup()
}
bootstrapParamsFile := path.Join(w.icfg.DataDir, "bootstrap-params")
bootstrapParams, err := w.icfg.Bootstrap.StateInitializationParams.Marshal()
if err != nil {
return errors.Annotate(err, "marshalling bootstrap params")
}
w.conf.AddRunTextFile(bootstrapParamsFile, string(bootstrapParams), 0600)
loggingOption := "--show-log"
if loggo.GetLogger("").LogLevel() == loggo.DEBUG {
// If the bootstrap command was requested with --debug, then the root
// logger will be set to DEBUG. If it is, then we use --debug here too.
loggingOption = "--debug"
}
featureFlags := featureflag.AsEnvironmentValue()
if featureFlags != "" {
featureFlags = fmt.Sprintf("%s=%s ", osenv.JujuFeatureFlagEnvKey, featureFlags)
}
bootstrapAgentArgs := []string{
featureFlags + w.icfg.JujuTools() + "/jujud",
"bootstrap-state",
"--timeout", w.icfg.Bootstrap.Timeout.String(),
"--data-dir", shquote(w.icfg.DataDir),
loggingOption,
shquote(bootstrapParamsFile),
}
w.conf.AddRunCmd(cloudinit.LogProgressCmd("Installing Juju machine agent"))
w.conf.AddScripts(strings.Join(bootstrapAgentArgs, " "))
return nil
}
// CreateJujuRegistryKey is going to create a juju registry key and set
// permissions on it such that it's only accessible to administrators
// It is exported because it is used in an upgrade step
func CreateJujuRegistryKeyCmds() []string {
return []string{
// Create a registry key for storing juju related information
fmt.Sprintf(`New-Item -Path '%s'`, osenv.JujuRegistryKey),
fmt.Sprintf(`$acl = Get-Acl -Path '%s'`, osenv.JujuRegistryKey),
// Reset the ACL's on it and add administrator access only.
`$acl.SetAccessRuleProtection($true, $false)`,
`$perm = "BUILTIN\Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"`,
`$rule = New-Object System.Security.AccessControl.RegistryAccessRule $perm`,
`$acl.SetAccessRule($rule)`,
fmt.Sprintf(`Set-Acl -Path '%s' -AclObject $acl`, osenv.JujuRegistryKey),
// Create a JUJU_DEV_FEATURE_FLAGS entry which may or may not be empty.
fmt.Sprintf(`New-ItemProperty -Path '%s' -Name '%s'`,
osenv.JujuRegistryKey,
osenv.JujuFeatureFlagEnvKey),
fmt.Sprintf(`Set-ItemProperty -Path '%s' -Name '%s' -Value '%s'`,
osenv.JujuRegistryKey,
osenv.JujuFeatureFlagEnvKey,
featureflag.AsEnvironmentValue()),
}
}
// ConfigureJuju updates the provided cloudinit.Config with configuration
// to initialise a Juju machine agent.
func (w *unixConfigure) ConfigureJuju() error {
if err := w.icfg.VerifyConfig(); err != nil {
return err
}
// Initialise progress reporting. We need to do separately for runcmd
// and (possibly, below) for bootcmd, as they may be run in different
// shell sessions.
initProgressCmd := cloudinit.InitProgressCmd()
w.conf.AddRunCmd(initProgressCmd)
// If we're doing synchronous bootstrap or manual provisioning, then
// ConfigureBasic won't have been invoked; thus, the output log won't
// have been set. We don't want to show the log to the user, so simply
// append to the log file rather than teeing.
if stdout, _ := w.conf.Output(cloudinit.OutAll); stdout == "" {
w.conf.SetOutput(cloudinit.OutAll, ">> "+w.icfg.CloudInitOutputLog, "")
w.conf.AddBootCmd(initProgressCmd)
w.conf.AddBootCmd(cloudinit.LogProgressCmd("Logging to %s on remote host", w.icfg.CloudInitOutputLog))
}
w.conf.AddPackageCommands(
w.icfg.AptProxySettings,
w.icfg.AptMirror,
w.icfg.EnableOSRefreshUpdate,
w.icfg.EnableOSUpgrade,
)
// Write out the normal proxy settings so that the settings are
// sourced by bash, and ssh through that.
w.conf.AddScripts(
// We look to see if the proxy line is there already as
// the manual provider may have had it already. The ubuntu
// user may not exist.
`([ ! -e /home/ubuntu/.profile ] || grep -q '.juju-proxy' /home/ubuntu/.profile) || ` +
`printf '\n# Added by juju\n[ -f "$HOME/.juju-proxy" ] && . "$HOME/.juju-proxy"\n' >> /home/ubuntu/.profile`)
if (w.icfg.ProxySettings != proxy.Settings{}) {
exportedProxyEnv := w.icfg.ProxySettings.AsScriptEnvironment()
w.conf.AddScripts(strings.Split(exportedProxyEnv, "\n")...)
w.conf.AddScripts(
fmt.Sprintf(
`(id ubuntu &> /dev/null) && (printf '%%s\n' %s > /home/ubuntu/.juju-proxy && chown ubuntu:ubuntu /home/ubuntu/.juju-proxy)`,
shquote(w.icfg.ProxySettings.AsScriptEnvironment())))
}
if w.icfg.PublicImageSigningKey != "" {
keyFile := filepath.Join(agent.DefaultPaths.ConfDir, simplestreams.SimplestreamsPublicKeyFile)
w.conf.AddRunTextFile(keyFile, w.icfg.PublicImageSigningKey, 0644)
}
// Make the lock dir and change the ownership of the lock dir itself to
// ubuntu:ubuntu from root:root so the juju-run command run as the ubuntu
// user is able to get access to the hook execution lock (like the uniter
// itself does.)
lockDir := path.Join(w.icfg.DataDir, "locks")
w.conf.AddScripts(
fmt.Sprintf("mkdir -p %s", lockDir),
// We only try to change ownership if there is an ubuntu user defined.
fmt.Sprintf("(id ubuntu &> /dev/null) && chown ubuntu:ubuntu %s", lockDir),
fmt.Sprintf("mkdir -p %s", w.icfg.LogDir),
w.setDataDirPermissions(),
)
// Make a directory for the tools to live in.
w.conf.AddScripts(
"bin="+shquote(w.icfg.JujuTools()),
"mkdir -p $bin",
)
// Fetch the tools and unarchive them into it.
if err := w.addDownloadToolsCmds(); err != nil {
return errors.Trace(err)
}
// Don't remove tools tarball until after bootstrap agent
// runs, so it has a chance to add it to its catalogue.
defer w.conf.AddRunCmd(
fmt.Sprintf("rm $bin/tools.tar.gz && rm $bin/juju%s.sha256", w.icfg.AgentVersion()),
)
// We add the machine agent's configuration info
// before running bootstrap-state so that bootstrap-state
// has a chance to rerwrite it to change the password.
// It would be cleaner to change bootstrap-state to
// be responsible for starting the machine agent itself,
// but this would not be backwardly compatible.
machineTag := names.NewMachineTag(w.icfg.MachineId)
_, err := w.addAgentInfo(machineTag)
if err != nil {
return errors.Trace(err)
}
// Add the cloud archive cloud-tools pocket to apt sources
// for series that need it. This gives us up-to-date LXC,
// MongoDB, and other infrastructure.
// This is only done on ubuntu.
if w.conf.SystemUpdate() && w.conf.RequiresCloudArchiveCloudTools() {
w.conf.AddCloudArchiveCloudTools()
}
if w.icfg.Bootstrap {
// Add the Juju GUI to the bootstrap node.
cleanup, err := w.setUpGUI()
if err != nil {
return errors.Annotate(err, "cannot set up Juju GUI")
}
if cleanup != nil {
defer cleanup()
}
var metadataDir string
if len(w.icfg.CustomImageMetadata) > 0 {
metadataDir = path.Join(w.icfg.DataDir, "simplestreams")
index, products, err := imagemetadata.MarshalImageMetadataJSON(w.icfg.CustomImageMetadata, nil, time.Now())
if err != nil {
return err
}
indexFile := path.Join(metadataDir, imagemetadata.IndexStoragePath())
productFile := path.Join(metadataDir, imagemetadata.ProductMetadataStoragePath())
w.conf.AddRunTextFile(indexFile, string(index), 0644)
w.conf.AddRunTextFile(productFile, string(products), 0644)
metadataDir = " --image-metadata " + shquote(metadataDir)
}
bootstrapCons := w.icfg.Constraints.String()
if bootstrapCons != "" {
bootstrapCons = " --bootstrap-constraints " + shquote(bootstrapCons)
}
modelCons := w.icfg.ModelConstraints.String()
if modelCons != "" {
modelCons = " --constraints " + shquote(modelCons)
}
var hardware string
if w.icfg.HardwareCharacteristics != nil {
if hardware = w.icfg.HardwareCharacteristics.String(); hardware != "" {
hardware = " --hardware " + shquote(hardware)
}
}
w.conf.AddRunCmd(cloudinit.LogProgressCmd("Bootstrapping Juju machine agent"))
loggingOption := " --show-log"
// If the bootstrap command was requsted with --debug, then the root
// logger will be set to DEBUG. If it is, then we use --debug here too.
if loggo.GetLogger("").LogLevel() == loggo.DEBUG {
loggingOption = " --debug"
}
featureFlags := featureflag.AsEnvironmentValue()
if featureFlags != "" {
featureFlags = fmt.Sprintf("%s=%s ", osenv.JujuFeatureFlagEnvKey, featureFlags)
}
w.conf.AddScripts(
// The bootstrapping is always run with debug on.
featureFlags + w.icfg.JujuTools() + "/jujud bootstrap-state" +
" --data-dir " + shquote(w.icfg.DataDir) +
" --model-config " + shquote(base64yaml(w.icfg.Config.AllAttrs())) +
" --hosted-model-config " + shquote(base64yaml(w.icfg.HostedModelConfig)) +
" --instance-id " + shquote(string(w.icfg.InstanceId)) +
hardware +
bootstrapCons +
modelCons +
metadataDir +
loggingOption,
)
}
return w.addMachineAgentToBoot()
}