func (s *BootstrapSuite) TestInitialPassword(c *C) {
machineConf, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig)
c.Assert(err, IsNil)
err = cmd.Run(nil)
c.Assert(err, IsNil)
// Check that we cannot now connect to the state without a
// password.
info := &state.Info{
Addrs: []string{testing.MgoAddr},
CACert: []byte(testing.CACert),
}
testOpenState(c, info, errors.Unauthorizedf(""))
// Check we can log in to mongo as admin.
info.Tag, info.Password = "", testPasswordHash()
st, err := state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
// Reset password so the tests can continue to use the same server.
defer st.Close()
defer st.SetAdminMongoPassword("")
// Check that the admin user has been given an appropriate
// password
u, err := st.User("admin")
c.Assert(err, IsNil)
c.Assert(u.PasswordValid(testPassword), Equals, true)
// Check that the machine configuration has been given a new
// password and that we can connect to mongo as that machine
// and that the in-mongo password also verifies correctly.
machineConf1, err := agent.ReadConf(machineConf.DataDir, "machine-0")
c.Assert(err, IsNil)
c.Assert(machineConf1.OldPassword, Equals, "")
c.Assert(machineConf1.APIInfo.Password, Not(Equals), "")
c.Assert(machineConf1.StateInfo.Password, Equals, machineConf1.APIInfo.Password)
// Check that no other information has been lost.
machineConf.OldPassword = ""
machineConf.APIInfo.Password = machineConf1.APIInfo.Password
machineConf.StateInfo.Password = machineConf1.StateInfo.Password
c.Assert(machineConf1, DeepEquals, machineConf)
info.Tag, info.Password = "******", machineConf1.StateInfo.Password
st, err = state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
defer st.Close()
m, err := st.Machine("0")
c.Assert(err, IsNil)
c.Assert(m.PasswordValid(machineConf1.StateInfo.Password), Equals, true)
}
func (s *BootstrapSuite) TestSetConstraints(c *C) {
tcons := constraints.Value{Mem: uint64p(2048), CpuCores: uint64p(2)}
_, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig, "--constraints", tcons.String())
c.Assert(err, IsNil)
err = cmd.Run(nil)
c.Assert(err, IsNil)
st, err := state.Open(&state.Info{
Addrs: []string{testing.MgoAddr},
CACert: []byte(testing.CACert),
Password: testPasswordHash(),
}, state.DefaultDialOpts())
c.Assert(err, IsNil)
defer st.Close()
cons, err := st.EnvironConstraints()
c.Assert(err, IsNil)
c.Assert(cons, DeepEquals, tcons)
machines, err := st.AllMachines()
c.Assert(err, IsNil)
c.Assert(machines, HasLen, 1)
cons, err = machines[0].Constraints()
c.Assert(err, IsNil)
c.Assert(cons, DeepEquals, tcons)
}
// OpenState tries to open the state using the given Conf.
func (c *Conf) OpenState() (*state.State, error) {
info := *c.StateInfo
if info.Password != "" {
st, err := state.Open(&info, state.DefaultDialOpts())
if err == nil {
return st, nil
}
// TODO(rog) remove this fallback behaviour when
// all initial connections are via the API.
if !errors.IsUnauthorizedError(err) {
return nil, err
}
}
info.Password = c.OldPassword
return state.Open(&info, state.DefaultDialOpts())
}
func (s *BootstrapSuite) TestInitializeEnvironment(c *C) {
_, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig)
c.Assert(err, IsNil)
err = cmd.Run(nil)
c.Assert(err, IsNil)
st, err := state.Open(&state.Info{
Addrs: []string{testing.MgoAddr},
CACert: []byte(testing.CACert),
Password: testPasswordHash(),
}, state.DefaultDialOpts())
c.Assert(err, IsNil)
defer st.Close()
machines, err := st.AllMachines()
c.Assert(err, IsNil)
c.Assert(machines, HasLen, 1)
instid, err := machines[0].InstanceId()
c.Assert(err, IsNil)
c.Assert(instid, Equals, instance.Id("dummy.instance.id"))
cons, err := st.EnvironConstraints()
c.Assert(err, IsNil)
c.Assert(cons, DeepEquals, constraints.Value{})
}
func (cs *NewConnSuite) TestConnWithPassword(c *C) {
env, err := environs.NewFromAttrs(map[string]interface{}{
"name": "erewhemos",
"type": "dummy",
"state-server": true,
"authorized-keys": "i-am-a-key",
"secret": "squirrel",
"admin-secret": "nutkin",
"ca-cert": coretesting.CACert,
"ca-private-key": coretesting.CAKey,
})
c.Assert(err, IsNil)
err = environs.Bootstrap(env, constraints.Value{})
c.Assert(err, IsNil)
// Check that Bootstrap has correctly used a hash
// of the admin password.
info, _, err := env.StateInfo()
c.Assert(err, IsNil)
info.Password = utils.PasswordHash("nutkin")
st, err := state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
st.Close()
// Check that we can connect with the original environment.
conn, err := juju.NewConn(env)
c.Assert(err, IsNil)
conn.Close()
// Check that the password has now been changed to the original
// admin password.
info.Password = "******"
st1, err := state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
st1.Close()
// Check that we can still connect with the original
// environment.
conn, err = juju.NewConn(env)
c.Assert(err, IsNil)
defer conn.Close()
// Reset the admin password so the state db can be reused.
err = conn.State.SetAdminMongoPassword("")
c.Assert(err, IsNil)
}
func (e *environ) Bootstrap(cons constraints.Value) error {
defer delay()
if err := e.checkBroken("Bootstrap"); err != nil {
return err
}
password := e.Config().AdminSecret()
if password == "" {
return fmt.Errorf("admin-secret is required for bootstrap")
}
if _, ok := e.Config().CACert(); !ok {
return fmt.Errorf("no CA certificate in environment configuration")
}
possibleTools, err := environs.FindBootstrapTools(e, cons)
if err != nil {
return err
}
log.Infof("environs/dummy: would pick tools from %s", possibleTools)
cfg, err := environs.BootstrapConfig(e.Config())
if err != nil {
return fmt.Errorf("cannot make bootstrap config: %v", err)
}
e.state.mu.Lock()
defer e.state.mu.Unlock()
if e.state.bootstrapped {
return fmt.Errorf("environment is already bootstrapped")
}
if e.ecfg().stateServer() {
// TODO(rog) factor out relevant code from cmd/jujud/bootstrap.go
// so that we can call it here.
info := stateInfo()
st, err := state.Initialize(info, cfg, state.DefaultDialOpts())
if err != nil {
panic(err)
}
if err := st.SetEnvironConstraints(cons); err != nil {
panic(err)
}
if err := st.SetAdminMongoPassword(utils.PasswordHash(password)); err != nil {
panic(err)
}
_, err = st.AddUser("admin", password)
if err != nil {
panic(err)
}
e.state.apiServer, err = apiserver.NewServer(st, "localhost:0", []byte(testing.ServerCert), []byte(testing.ServerKey))
if err != nil {
panic(err)
}
e.state.apiState = st
}
e.state.bootstrapped = true
e.state.ops <- OpBootstrap{Env: e.state.name, Constraints: cons}
return nil
}
// Run initializes state for an environment.
func (c *BootstrapCommand) Run(_ *cmd.Context) error {
if err := c.Conf.read("bootstrap"); err != nil {
return err
}
cfg, err := config.New(c.EnvConfig)
if err != nil {
return err
}
// There is no entity that's created at init time.
c.Conf.StateInfo.Tag = ""
st, err := state.Initialize(c.Conf.StateInfo, cfg, state.DefaultDialOpts())
if err != nil {
return err
}
defer st.Close()
if err := environs.BootstrapUsers(st, cfg, c.Conf.OldPassword); err != nil {
return err
}
// TODO(fwereade): we need to be able to customize machine jobs,
// not just hardcode these values; in particular, JobHostUnits
// on a machine, like this one, that is running JobManageEnviron
// (not to mention the actual state server itself...) will allow
// a malicious or compromised unit to trivially access to the
// user's environment credentials. However, given that this point
// is currently moot (see Upgrader in this package), the pseudo-
// local provider mode (in which everything is deployed with
// `--to 0`) offers enough value to enough people that
// JobHostUnits is currently always enabled. This will one day
// have to change, but it's strictly less important than fixing
// Upgrader, and it's a capability we'll always want to have
// available for the aforementioned use case.
jobs := []state.MachineJob{
state.JobManageEnviron, state.JobManageState, state.JobHostUnits,
}
data, err := ioutil.ReadFile(providerStateURLFile)
if err != nil {
return fmt.Errorf("cannot read provider-state-url file: %v", err)
}
stateInfoURL := strings.Split(string(data), "\n")[0]
bsState, err := environs.LoadStateFromURL(stateInfoURL)
if err != nil {
return fmt.Errorf("cannot load state from URL %q (read from %q): %v", stateInfoURL, providerStateURLFile, err)
}
instId := bsState.StateInstances[0]
var characteristics instance.HardwareCharacteristics
if len(bsState.Characteristics) > 0 {
characteristics = bsState.Characteristics[0]
}
return environs.ConfigureBootstrapMachine(st, c.Constraints, c.Conf.DataDir, jobs, instance.Id(instId), characteristics)
}
func testOpenState(c *C, info *state.Info, expectErrType error) {
st, err := state.Open(info, state.DefaultDialOpts())
if st != nil {
st.Close()
}
if expectErrType != nil {
c.Assert(err, FitsTypeOf, expectErrType)
} else {
c.Assert(err, IsNil)
}
}
func (s *CommonProvisionerSuite) checkStartInstanceCustom(c *C, m *state.Machine, secret string, cons constraints.Value) (inst instance.Instance) {
s.State.StartSync()
for {
select {
case o := <-s.op:
switch o := o.(type) {
case dummy.OpStartInstance:
inst = o.Instance
s.waitInstanceId(c, m, inst.Id())
// Check the instance was started with the expected params.
c.Assert(o.MachineId, Equals, m.Id())
nonceParts := strings.SplitN(o.MachineNonce, ":", 2)
c.Assert(nonceParts, HasLen, 2)
c.Assert(nonceParts[0], Equals, state.MachineTag("0"))
c.Assert(nonceParts[1], checkers.Satisfies, utils.IsValidUUIDString)
c.Assert(o.Secret, Equals, secret)
c.Assert(o.Constraints, DeepEquals, cons)
// Check we can connect to the state with
// the machine's entity name and password.
info := s.StateInfo(c)
info.Tag = m.Tag()
c.Assert(o.Info.Password, Not(HasLen), 0)
info.Password = o.Info.Password
c.Assert(o.Info, DeepEquals, info)
// Check we can connect to the state with
// the machine's entity name and password.
st, err := state.Open(o.Info, state.DefaultDialOpts())
c.Assert(err, IsNil)
// All provisioned machines in this test suite have their hardware characteristics
// attributes set to the same values as the constraints due to the dummy environment being used.
hc, err := m.HardwareCharacteristics()
c.Assert(err, IsNil)
c.Assert(*hc, DeepEquals, instance.HardwareCharacteristics{
Arch: cons.Arch,
Mem: cons.Mem,
CpuCores: cons.CpuCores,
CpuPower: cons.CpuPower,
})
st.Close()
return
default:
c.Logf("ignoring unexpected operation %#v", o)
}
case <-time.After(2 * time.Second):
c.Fatalf("provisioner did not start an instance")
return
}
}
return
}
// NewConn returns a new Conn that uses the
// given environment. The environment must have already
// been bootstrapped.
func NewConn(environ environs.Environ) (*Conn, error) {
info, _, err := environ.StateInfo()
if err != nil {
return nil, err
}
password := environ.Config().AdminSecret()
if password == "" {
return nil, fmt.Errorf("cannot connect without admin-secret")
}
err = environs.CheckEnvironment(environ)
if err != nil {
return nil, err
}
info.Password = password
opts := state.DefaultDialOpts()
st, err := state.Open(info, opts)
if errors.IsUnauthorizedError(err) {
log.Noticef("juju: authorization error while connecting to state server; retrying")
// We can't connect with the administrator password,;
// perhaps this was the first connection and the
// password has not been changed yet.
info.Password = utils.PasswordHash(password)
// We try for a while because we might succeed in
// connecting to mongo before the state has been
// initialized and the initial password set.
for a := redialStrategy.Start(); a.Next(); {
st, err = state.Open(info, opts)
if !errors.IsUnauthorizedError(err) {
break
}
}
if err != nil {
return nil, err
}
if err := st.SetAdminMongoPassword(password); err != nil {
return nil, err
}
} else if err != nil {
return nil, err
}
conn := &Conn{
Environ: environ,
State: st,
}
if err := conn.updateSecrets(); err != nil {
conn.Close()
return nil, fmt.Errorf("unable to push secrets: %v", err)
}
return conn, nil
}
func (s *BootstrapSuite) TestMachinerWorkers(c *C) {
_, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig)
c.Assert(err, IsNil)
err = cmd.Run(nil)
c.Assert(err, IsNil)
st, err := state.Open(&state.Info{
Addrs: []string{testing.MgoAddr},
CACert: []byte(testing.CACert),
Password: testPasswordHash(),
}, state.DefaultDialOpts())
c.Assert(err, IsNil)
defer st.Close()
m, err := st.Machine("0")
c.Assert(err, IsNil)
c.Assert(m.Jobs(), DeepEquals, []state.MachineJob{
state.JobManageEnviron, state.JobManageState, state.JobHostUnits,
})
}
func (s *ProvisionerSuite) checkStartInstanceCustom(c *C, m *state.Machine, secret string, cons constraints.Value) {
s.State.StartSync()
for {
select {
case o := <-s.op:
switch o := o.(type) {
case dummy.OpStartInstance:
s.waitInstanceId(c, m, o.Instance.Id())
// Check the instance was started with the expected params.
c.Assert(o.MachineId, Equals, m.Id())
nonceParts := strings.SplitN(o.MachineNonce, ":", 2)
c.Assert(nonceParts, HasLen, 2)
c.Assert(nonceParts[0], Equals, state.MachineTag("0"))
c.Assert(utils.IsValidUUIDString(nonceParts[1]), Equals, true)
c.Assert(o.Secret, Equals, secret)
c.Assert(o.Constraints, DeepEquals, cons)
// Check we can connect to the state with
// the machine's entity name and password.
info := s.StateInfo(c)
info.Tag = m.Tag()
c.Assert(o.Info.Password, Not(HasLen), 0)
info.Password = o.Info.Password
c.Assert(o.Info, DeepEquals, info)
// Check we can connect to the state with
// the machine's entity name and password.
st, err := state.Open(o.Info, state.DefaultDialOpts())
c.Assert(err, IsNil)
st.Close()
return
default:
c.Logf("ignoring unexpected operation %#v", o)
}
case <-time.After(2 * time.Second):
c.Fatalf("provisioner did not start an instance")
return
}
}
}
func (cs *NewConnSuite) TestConnStateSecretsSideEffect(c *C) {
attrs := map[string]interface{}{
"name": "erewhemos",
"type": "dummy",
"state-server": true,
"authorized-keys": "i-am-a-key",
"secret": "pork",
"admin-secret": "side-effect secret",
"ca-cert": coretesting.CACert,
"ca-private-key": coretesting.CAKey,
}
env, err := environs.NewFromAttrs(attrs)
c.Assert(err, IsNil)
err = environs.Bootstrap(env, constraints.Value{})
c.Assert(err, IsNil)
info, _, err := env.StateInfo()
c.Assert(err, IsNil)
info.Password = utils.PasswordHash("side-effect secret")
st, err := state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
// Verify we have no secret in the environ config
cfg, err := st.EnvironConfig()
c.Assert(err, IsNil)
c.Assert(cfg.UnknownAttrs()["secret"], IsNil)
// Make a new Conn, which will push the secrets.
conn, err := juju.NewConn(env)
c.Assert(err, IsNil)
defer conn.Close()
cfg, err = conn.State.EnvironConfig()
c.Assert(err, IsNil)
c.Assert(cfg.UnknownAttrs()["secret"], Equals, "pork")
// Reset the admin password so the state db can be reused.
err = conn.State.SetAdminMongoPassword("")
c.Assert(err, IsNil)
}