func (fix *SimpleToolsFixture) checkUnitInstalled(c *C, name, password string) {
tag := state.UnitTag(name)
uconfPath, _, toolsDir, syslogConfPath := fix.paths(tag)
uconfData, err := ioutil.ReadFile(uconfPath)
c.Assert(err, IsNil)
uconf := string(uconfData)
var execLine string
for _, line := range strings.Split(uconf, "\n") {
if strings.HasPrefix(line, "exec ") {
execLine = line
break
}
}
if execLine == "" {
c.Fatalf("no command found in %s:\n%s", uconfPath, uconf)
}
logPath := filepath.Join(fix.logDir, tag+".log")
jujudPath := filepath.Join(toolsDir, "jujud")
for _, pat := range []string{
"^exec " + jujudPath + " unit ",
" --unit-name " + name + " ",
" >> " + logPath + " 2>&1$",
} {
match, err := regexp.MatchString(pat, execLine)
c.Assert(err, IsNil)
if !match {
c.Fatalf("failed to match:\n%s\nin:\n%s", pat, execLine)
}
}
conf, err := agent.ReadConf(fix.dataDir, tag)
c.Assert(err, IsNil)
c.Assert(conf, DeepEquals, &agent.Conf{
DataDir: fix.dataDir,
OldPassword: password,
StateInfo: &state.Info{
Addrs: []string{"s1:123", "s2:123"},
CACert: []byte("test-cert"),
Tag: tag,
},
APIInfo: &api.Info{
Addrs: []string{"a1:123", "a2:123"},
CACert: []byte("test-cert"),
Tag: tag,
},
})
jujudData, err := ioutil.ReadFile(jujudPath)
c.Assert(err, IsNil)
c.Assert(string(jujudData), Equals, fakeJujud)
syslogConfData, err := ioutil.ReadFile(syslogConfPath)
c.Assert(err, IsNil)
parts := strings.SplitN(name, "/", 2)
unitTag := fmt.Sprintf("unit-%s-%s", parts[0], parts[1])
expectedSyslogConfReplaced := fmt.Sprintf(expectedSyslogConf, unitTag, unitTag, unitTag, unitTag)
c.Assert(string(syslogConfData), Equals, expectedSyslogConfReplaced)
}
func refreshConfig(c *agent.Conf) error {
nc, err := agent.ReadConf(c.DataDir, c.StateInfo.Tag)
if err != nil {
return err
}
*c = *nc
return nil
}
func (s *BootstrapSuite) TestInitialPassword(c *C) {
machineConf, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig)
c.Assert(err, IsNil)
err = cmd.Run(nil)
c.Assert(err, IsNil)
// Check that we cannot now connect to the state without a
// password.
info := &state.Info{
Addrs: []string{testing.MgoAddr},
CACert: []byte(testing.CACert),
}
testOpenState(c, info, errors.Unauthorizedf(""))
// Check we can log in to mongo as admin.
info.Tag, info.Password = "", testPasswordHash()
st, err := state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
// Reset password so the tests can continue to use the same server.
defer st.Close()
defer st.SetAdminMongoPassword("")
// Check that the admin user has been given an appropriate
// password
u, err := st.User("admin")
c.Assert(err, IsNil)
c.Assert(u.PasswordValid(testPassword), Equals, true)
// Check that the machine configuration has been given a new
// password and that we can connect to mongo as that machine
// and that the in-mongo password also verifies correctly.
machineConf1, err := agent.ReadConf(machineConf.DataDir, "machine-0")
c.Assert(err, IsNil)
c.Assert(machineConf1.OldPassword, Equals, "")
c.Assert(machineConf1.APIInfo.Password, Not(Equals), "")
c.Assert(machineConf1.StateInfo.Password, Equals, machineConf1.APIInfo.Password)
// Check that no other information has been lost.
machineConf.OldPassword = ""
machineConf.APIInfo.Password = machineConf1.APIInfo.Password
machineConf.StateInfo.Password = machineConf1.StateInfo.Password
c.Assert(machineConf1, DeepEquals, machineConf)
info.Tag, info.Password = "******", machineConf1.StateInfo.Password
st, err = state.Open(info, state.DefaultDialOpts())
c.Assert(err, IsNil)
defer st.Close()
m, err := st.Machine("0")
c.Assert(err, IsNil)
c.Assert(m.PasswordValid(machineConf1.StateInfo.Password), Equals, true)
}
// ConfigureBootstrapMachine adds the initial machine into state. As a part
// of this process the environmental constraints are saved as constraints used
// when bootstrapping are considered constraints for the entire environment.
func ConfigureBootstrapMachine(
st *state.State,
cons constraints.Value,
datadir string,
jobs []state.MachineJob,
instId instance.Id,
characteristics instance.HardwareCharacteristics,
) error {
logger.Debugf("setting environment constraints")
if err := st.SetEnvironConstraints(cons); err != nil {
return err
}
logger.Debugf("create bootstrap machine in state")
m, err := st.InjectMachine(version.Current.Series, cons, instId, characteristics, jobs...)
if err != nil {
return err
}
// Read the machine agent's password and change it to
// a new password (other agents will change their password
// via the API connection).
logger.Debugf("create new random password for machine %v", m.Id())
mconf, err := agent.ReadConf(datadir, m.Tag())
if err != nil {
return err
}
newPassword, err := utils.RandomPassword()
if err != nil {
return err
}
mconf.StateInfo.Password = newPassword
mconf.APIInfo.Password = newPassword
mconf.OldPassword = ""
if err := mconf.Write(); err != nil {
return err
}
if err := m.SetMongoPassword(newPassword); err != nil {
return err
}
if err := m.SetPassword(newPassword); err != nil {
return err
}
return nil
}
func (s *agentSuite) testOpenAPIState(c *C, ent entity, agentCmd Agent) {
conf, err := agent.ReadConf(s.DataDir(), ent.Tag())
c.Assert(err, IsNil)
// Check that it starts initially and changes the password
err = ent.SetPassword("initial")
c.Assert(err, IsNil)
conf.OldPassword = "******"
conf.APIInfo.Password = ""
conf.StateInfo.Password = ""
err = conf.Write()
c.Assert(err, IsNil)
assertOpen := func(conf *agent.Conf) {
st, gotEnt, err := openAPIState(conf, agentCmd)
c.Assert(err, IsNil)
c.Assert(st, NotNil)
st.Close()
c.Assert(gotEnt.(*machineagent.Machine).Tag(), Equals, ent.Tag())
}
assertOpen(conf)
// Check that the initial password is no longer valid.
err = ent.Refresh()
c.Assert(err, IsNil)
c.Assert(ent.PasswordValid("initial"), Equals, false)
// Check that the passwords in the configuration are correct.
c.Assert(ent.PasswordValid(conf.APIInfo.Password), Equals, true)
c.Assert(conf.StateInfo.Password, Equals, conf.APIInfo.Password)
c.Assert(conf.OldPassword, Equals, "initial")
// Read the configuration and check the same
c.Assert(refreshConfig(conf), IsNil)
c.Assert(ent.PasswordValid(conf.APIInfo.Password), Equals, true)
c.Assert(conf.StateInfo.Password, Equals, conf.APIInfo.Password)
c.Assert(conf.OldPassword, Equals, "initial")
// Read the configuration and check that we can connect with it.
c.Assert(refreshConfig(conf), IsNil)
// Check we can open the API with the new configuration.
assertOpen(conf)
newPassword := conf.StateInfo.Password
// Change the password in the configuration and check
// that it falls back to using the initial password
c.Assert(refreshConfig(conf), IsNil)
conf.APIInfo.Password = "******"
conf.OldPassword = newPassword
c.Assert(conf.Write(), IsNil)
assertOpen(conf)
// Check that it's changed the password again...
c.Assert(conf.APIInfo.Password, Not(Equals), "spurious")
c.Assert(conf.APIInfo.Password, Not(Equals), newPassword)
// ... and that we can still open the state with the new configuration.
assertOpen(conf)
}
func (suite) TestConfReadWriteCheck(c *C) {
d := c.MkDir()
dataDir := filepath.Join(d, "data")
for i, test := range confTests {
c.Logf("test %d; %s", i, test.about)
conf := test.conf
conf.DataDir = dataDir
err := conf.Check()
if test.checkErr != "" {
c.Assert(err, ErrorMatches, test.checkErr)
c.Assert(conf.Write(), ErrorMatches, test.checkErr)
cmds, err := conf.WriteCommands()
c.Assert(cmds, IsNil)
c.Assert(err, ErrorMatches, test.checkErr)
continue
}
c.Assert(err, IsNil)
err = os.Mkdir(dataDir, 0777)
c.Assert(err, IsNil)
err = conf.Write()
c.Assert(err, IsNil)
info, err := os.Stat(conf.File("agent.conf"))
c.Assert(err, IsNil)
c.Assert(info.Mode()&os.ModePerm, Equals, os.FileMode(0600))
// Move the configuration file to a different directory
// to check that the entity name gets set correctly when
// reading.
newDir := filepath.Join(dataDir, "agents", "another")
err = os.Mkdir(newDir, 0777)
c.Assert(err, IsNil)
err = os.Rename(conf.File("agent.conf"), filepath.Join(newDir, "agent.conf"))
c.Assert(err, IsNil)
rconf, err := agent.ReadConf(dataDir, "another")
c.Assert(err, IsNil)
c.Assert(rconf.StateInfo.Tag, Equals, "another")
if rconf.StateInfo != nil {
rconf.StateInfo.Tag = conf.Tag()
}
if rconf.APIInfo != nil {
rconf.APIInfo.Tag = conf.Tag()
}
c.Assert(rconf, DeepEquals, &conf)
err = os.RemoveAll(dataDir)
c.Assert(err, IsNil)
// Try the equivalent shell commands.
cmds, err := conf.WriteCommands()
c.Assert(err, IsNil)
for _, cmd := range cmds {
out, err := exec.Command("sh", "-c", cmd).CombinedOutput()
c.Assert(err, IsNil, Commentf("command %q; output %q", cmd, out))
}
info, err = os.Stat(conf.File("agent.conf"))
c.Assert(err, IsNil)
c.Assert(info.Mode()&os.ModePerm, Equals, os.FileMode(0600))
rconf, err = agent.ReadConf(dataDir, conf.StateInfo.Tag)
c.Assert(err, IsNil)
c.Assert(rconf, DeepEquals, &conf)
err = os.RemoveAll(dataDir)
c.Assert(err, IsNil)
}
}
func (c *AgentConf) read(tag string) error {
var err error
c.Conf, err = agent.ReadConf(c.dataDir, tag)
return err
}