func (joyentProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
newEcfg, err := validateConfig(cfg, old)
if err != nil {
return nil, fmt.Errorf("invalid Joyent provider config: %v", err)
}
return cfg.Apply(newEcfg.attrs)
}
func (p manualProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
envConfig, err := p.validate(cfg, old)
if err != nil {
return nil, err
}
return cfg.Apply(envConfig.attrs)
}
// prepare is the internal version of Prepare - it prepares the
// environment but does not open it.
func (p *environProvider) prepare(cfg *config.Config) (*config.Config, error) {
ecfg, err := p.newConfig(cfg)
if err != nil {
return nil, err
}
p.mu.Lock()
defer p.mu.Unlock()
name := cfg.Name()
if ecfg.stateId() != noStateId {
return cfg, nil
}
// The environment has not been prepared,
// so create it and set its state identifier accordingly.
if ecfg.stateServer() && len(p.state) != 0 {
for _, old := range p.state {
panic(fmt.Errorf("cannot share a state between two dummy environs; old %q; new %q", old.name, name))
}
}
state := newState(name, p.ops, p.statePolicy)
p.maxStateId++
state.id = p.maxStateId
p.state[state.id] = state
// Add the state id to the configuration we use to
// in the returned environment.
return cfg.Apply(map[string]interface{}{
"state-id": fmt.Sprint(state.id),
})
}
func (maasEnvironProvider) Open(cfg *config.Config) (environs.Environ, error) {
logger.Debugf("opening environment %q.", cfg.Name())
env, err := NewEnviron(cfg)
if err != nil {
return nil, err
}
return env, nil
}
func base64yaml(m *config.Config) string {
data, err := goyaml.Marshal(m.AllAttrs())
if err != nil {
// can't happen, these values have been validated a number of times
panic(err)
}
return base64.StdEncoding.EncodeToString(data)
}
// ensureAdminSecret returns a config with a non-empty admin-secret.
func ensureAdminSecret(cfg *config.Config) (*config.Config, error) {
if cfg.AdminSecret() != "" {
return cfg, nil
}
return cfg.Apply(map[string]interface{}{
"admin-secret": randomKey(),
})
}
// checkEnvironConfig returns an error if the config is definitely invalid.
func checkEnvironConfig(cfg *config.Config) error {
if cfg.AdminSecret() != "" {
return fmt.Errorf("admin-secret should never be written to the state")
}
if _, ok := cfg.AgentVersion(); !ok {
return fmt.Errorf("agent-version must always be set in state")
}
return nil
}
// updatePackageProxy updates the package proxy settings from the
// environment.
func (u *Uniter) updatePackageProxy(cfg *config.Config) {
u.proxyMutex.Lock()
defer u.proxyMutex.Unlock()
newSettings := cfg.ProxySettings()
if u.proxy != newSettings {
u.proxy = newSettings
logger.Debugf("Updated proxy settings: %#v", u.proxy)
// Update the environment values used by the process.
u.proxy.SetEnvironmentValues()
}
}
// Prepare is specified in the EnvironProvider interface.
func (prov azureEnvironProvider) Prepare(ctx environs.BootstrapContext, cfg *config.Config) (environs.Environ, error) {
// Set availability-sets-enabled to true
// by default, unless the user set a value.
if _, ok := cfg.AllAttrs()["availability-sets-enabled"]; !ok {
var err error
cfg, err = cfg.Apply(map[string]interface{}{"availability-sets-enabled": true})
if err != nil {
return nil, err
}
}
return prov.Open(cfg)
}
// Open is specified in the EnvironProvider interface.
func (prov azureEnvironProvider) Open(cfg *config.Config) (environs.Environ, error) {
logger.Debugf("opening environment %q.", cfg.Name())
// We can't return NewEnviron(cfg) directly here because otherwise,
// when err is not nil, we end up with a non-nil returned environ and
// this breaks the loop in cmd/jujud/upgrade.go:run() (see
// http://golang.org/doc/faq#nil_error for the gory details).
environ, err := NewEnviron(cfg)
if err != nil {
return nil, err
}
return environ, nil
}
// getStateInfo puts together the state.Info and api.Info for the given
// config, with the given state-server host names.
// The given config absolutely must have a CACert.
func getStateInfo(config *config.Config, hostnames []string) (*state.Info, *api.Info) {
cert, hasCert := config.CACert()
if !hasCert {
panic(errors.New("getStateInfo: config has no CACert"))
}
return &state.Info{
Addrs: composeAddresses(hostnames, config.StatePort()),
CACert: cert,
}, &api.Info{
Addrs: composeAddresses(hostnames, config.APIPort()),
CACert: cert,
}
}
// SeriesToUpload returns the supplied series with duplicates removed if
// non-empty; otherwise it returns a default list of series we should
// probably upload, based on cfg.
func SeriesToUpload(cfg *config.Config, series []string) []string {
unique := set.NewStrings(series...)
if unique.IsEmpty() {
unique.Add(version.Current.Series)
for _, toolsSeries := range toolsLtsSeries {
unique.Add(toolsSeries)
}
if series, ok := cfg.DefaultSeries(); ok {
unique.Add(series)
}
}
return unique.Values()
}
func prepareConfig(cfg *config.Config) (*config.Config, error) {
// Turn an incomplete config into a valid one, if possible.
attrs := cfg.UnknownAttrs()
if _, ok := attrs["control-dir"]; !ok {
uuid, err := utils.NewUUID()
if err != nil {
return nil, err
}
attrs["control-dir"] = fmt.Sprintf("%x", uuid.Raw())
}
return cfg.Apply(attrs)
}
// BootstrapConfig returns a copy of the supplied configuration with the
// admin-secret and ca-private-key attributes removed. If the resulting
// config is not suitable for bootstrapping an environment, an error is
// returned.
func BootstrapConfig(cfg *config.Config) (*config.Config, error) {
m := cfg.AllAttrs()
// We never want to push admin-secret or the root CA private key to the cloud.
delete(m, "admin-secret")
delete(m, "ca-private-key")
cfg, err := config.New(config.NoDefaults, m)
if err != nil {
return nil, err
}
if _, ok := cfg.AgentVersion(); !ok {
return nil, fmt.Errorf("environment configuration has no agent-version")
}
return cfg, nil
}
// validate calls the state's assigned policy, if non-nil, to obtain
// a ConfigValidator, and calls Validate if a non-nil ConfigValidator is
// returned.
func (st *State) validate(cfg, old *config.Config) (valid *config.Config, err error) {
if st.policy == nil {
return cfg, nil
}
configValidator, err := st.policy.ConfigValidator(cfg.Type())
if errors.IsNotImplemented(err) {
return cfg, nil
} else if err != nil {
return nil, err
}
if configValidator == nil {
return nil, fmt.Errorf("policy returned nil configValidator without an error")
}
return configValidator.Validate(cfg, old)
}
// Initialize sets up an initial empty state and returns it.
// This needs to be performed only once for a given environment.
// It returns unauthorizedError if access is unauthorized.
func Initialize(info *Info, cfg *config.Config, opts DialOpts, policy Policy) (rst *State, err error) {
st, err := Open(info, opts, policy)
if err != nil {
return nil, err
}
defer func() {
if err != nil {
st.Close()
}
}()
// A valid environment is used as a signal that the
// state has already been initalized. If this is the case
// do nothing.
if _, err := st.Environment(); err == nil {
return st, nil
} else if !errors.IsNotFound(err) {
return nil, err
}
logger.Infof("initializing environment")
if err := checkEnvironConfig(cfg); err != nil {
return nil, err
}
uuid, err := utils.NewUUID()
if err != nil {
return nil, fmt.Errorf("environment UUID cannot be created: %v", err)
}
ops := []txn.Op{
createConstraintsOp(st, environGlobalKey, constraints.Value{}),
createSettingsOp(st, environGlobalKey, cfg.AllAttrs()),
createEnvironmentOp(st, cfg.Name(), uuid.String()),
{
C: st.stateServers.Name,
Id: environGlobalKey,
Insert: &stateServersDoc{},
}, {
C: st.stateServers.Name,
Id: apiHostPortsKey,
Insert: &apiHostPortsDoc{},
},
}
if err := st.runTransaction(ops); err == txn.ErrAborted {
// The config was created in the meantime.
return st, nil
} else if err != nil {
return nil, err
}
return st, nil
}
func rebootstrap(cfg *config.Config, ctx *cmd.Context, cons constraints.Value) (environs.Environ, error) {
progress("re-bootstrapping environment")
// Turn on safe mode so that the newly bootstrapped instance
// will not destroy all the instances it does not know about.
cfg, err := cfg.Apply(map[string]interface{}{
"provisioner-safe-mode": true,
})
if err != nil {
return nil, fmt.Errorf("cannot enable provisioner-safe-mode: %v", err)
}
env, err := environs.New(cfg)
if err != nil {
return nil, err
}
state, err := bootstrap.LoadState(env.Storage())
if err != nil {
return nil, fmt.Errorf("cannot retrieve environment storage; perhaps the environment was not bootstrapped: %v", err)
}
if len(state.StateInstances) == 0 {
return nil, fmt.Errorf("no instances found on bootstrap state; perhaps the environment was not bootstrapped")
}
if len(state.StateInstances) > 1 {
return nil, fmt.Errorf("restore does not support HA juju configurations yet")
}
inst, err := env.Instances(state.StateInstances)
if err == nil {
return nil, fmt.Errorf("old bootstrap instance %q still seems to exist; will not replace", inst)
}
if err != environs.ErrNoInstances {
return nil, fmt.Errorf("cannot detect whether old instance is still running: %v", err)
}
// Remove the storage so that we can bootstrap without the provider complaining.
if err := env.Storage().Remove(bootstrap.StateFile); err != nil {
return nil, fmt.Errorf("cannot remove %q from storage: %v", bootstrap.StateFile, err)
}
// TODO If we fail beyond here, then we won't have a state file and
// we won't be able to re-run this script because it fails without it.
// We could either try to recreate the file if we fail (which is itself
// error-prone) or we could provide a --no-check flag to make
// it go ahead anyway without the check.
args := environs.BootstrapParams{Constraints: cons}
if err := bootstrap.Bootstrap(ctx, env, args); err != nil {
return nil, fmt.Errorf("cannot bootstrap new instance: %v", err)
}
return env, nil
}
// New returns a new environment based on the provided configuration.
func New(config *config.Config) (Environ, error) {
p, err := Provider(config.Type())
if err != nil {
return nil, err
}
return p.Open(config)
}
func (st *State) buildAndValidateEnvironConfig(updateAttrs map[string]interface{}, removeAttrs []string, oldConfig *config.Config) (validCfg *config.Config, err error) {
newConfig, err := oldConfig.Apply(updateAttrs)
if err != nil {
return nil, err
}
if len(removeAttrs) != 0 {
newConfig, err = newConfig.Remove(removeAttrs)
if err != nil {
return nil, err
}
}
if err := checkEnvironConfig(newConfig); err != nil {
return nil, err
}
return st.validate(newConfig, oldConfig)
}
func (p maasEnvironProvider) Prepare(ctx environs.BootstrapContext, cfg *config.Config) (environs.Environ, error) {
attrs := cfg.UnknownAttrs()
oldName, found := attrs["maas-agent-name"]
if found && oldName != "" {
return nil, errAgentNameAlreadySet
}
uuid, err := utils.NewUUID()
if err != nil {
return nil, err
}
attrs["maas-agent-name"] = uuid.String()
cfg, err = cfg.Apply(attrs)
if err != nil {
return nil, err
}
return p.Open(cfg)
}
// newEnviron create a new Joyent environ instance from config.
func newEnviron(cfg *config.Config) (*joyentEnviron, error) {
env := new(joyentEnviron)
if err := env.SetConfig(cfg); err != nil {
return nil, err
}
env.name = cfg.Name()
var err error
env.storage, err = newStorage(env.ecfg, "")
if err != nil {
return nil, err
}
env.compute, err = newCompute(env.ecfg)
if err != nil {
return nil, err
}
return env, nil
}
func (p *environProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
// Check for valid changes for the base config values.
if err := config.Validate(cfg, old); err != nil {
return nil, err
}
validated, err := cfg.ValidateUnknownAttrs(configFields, configDefaults)
if err != nil {
return nil, err
}
if idStr, ok := validated["state-id"].(string); ok {
if _, err := strconv.Atoi(idStr); err != nil {
return nil, fmt.Errorf("invalid state-id %q", idStr)
}
}
// Apply the coerced unknown values back into the config.
return cfg.Apply(validated)
}
// check that any --env-config $base64 is valid and matches t.cfg.Config
func checkEnvConfig(c *gc.C, cfg *config.Config, x map[interface{}]interface{}, scripts []string) {
re := regexp.MustCompile(`--env-config '([^']+)'`)
found := false
for _, s := range scripts {
m := re.FindStringSubmatch(s)
if m == nil {
continue
}
found = true
buf, err := base64.StdEncoding.DecodeString(m[1])
c.Assert(err, gc.IsNil)
var actual map[string]interface{}
err = goyaml.Unmarshal(buf, &actual)
c.Assert(err, gc.IsNil)
c.Assert(cfg.AllAttrs(), jc.DeepEquals, actual)
}
c.Assert(found, gc.Equals, true)
}
// proxySSH returns true iff both c.proxy and
// the proxy-ssh environment configuration
// are true.
func (c *SSHCommon) proxySSH() (bool, error) {
if !c.proxy {
return false, nil
}
if _, err := c.ensureAPIClient(); err != nil {
return false, err
}
var cfg *config.Config
attrs, err := c.apiClient.EnvironmentGet()
if err == nil {
cfg, err = config.New(config.NoDefaults, attrs)
}
if err != nil {
return false, err
}
logger.Debugf("proxy-ssh is %v", cfg.ProxySSH())
return cfg.ProxySSH(), nil
}
// initVersions collects state relevant to an upgrade decision. The returned
// agent and client versions, and the list of currently available tools, will
// always be accurate; the chosen version, and the flag indicating development
// mode, may remain blank until uploadTools or validate is called.
func (c *UpgradeJujuCommand) initVersions(client *api.Client, cfg *config.Config) (*upgradeContext, error) {
agent, ok := cfg.AgentVersion()
if !ok {
// Can't happen. In theory.
return nil, fmt.Errorf("incomplete environment configuration")
}
if c.Version == agent {
return nil, errUpToDate
}
clientVersion := version.Current.Number
findResult, err := client.FindTools(clientVersion.Major, -1, "", "")
var availableTools coretools.List
if params.IsCodeNotImplemented(err) {
availableTools, err = findTools1dot17(cfg)
} else {
availableTools = findResult.List
}
if err != nil {
return nil, err
}
err = findResult.Error
if findResult.Error != nil {
if !params.IsCodeNotFound(err) {
return nil, err
}
if !c.UploadTools {
// No tools found and we shouldn't upload any, so if we are not asking for a
// major upgrade, pretend there is no more recent version available.
if c.Version == version.Zero && agent.Major == clientVersion.Major {
return nil, errUpToDate
}
return nil, err
}
}
return &upgradeContext{
agent: agent,
client: clientVersion,
chosen: c.Version,
tools: availableTools,
apiClient: client,
config: cfg,
}, nil
}
// Prepare prepares a new environment based on the provided configuration.
// If the environment is already prepared, it behaves like New.
func Prepare(cfg *config.Config, ctx BootstrapContext, store configstore.Storage) (Environ, error) {
p, err := Provider(cfg.Type())
if err != nil {
return nil, err
}
info, err := store.CreateInfo(cfg.Name())
if err == configstore.ErrEnvironInfoAlreadyExists {
logger.Infof("environment info already exists; using New not Prepare")
info, err := store.ReadInfo(cfg.Name())
if err != nil {
return nil, fmt.Errorf("error reading environment info %q: %v", cfg.Name(), err)
}
if !info.Initialized() {
return nil, fmt.Errorf("found uninitialized environment info for %q; environment preparation probably in progress or interrupted", cfg.Name())
}
if len(info.BootstrapConfig()) == 0 {
return nil, fmt.Errorf("found environment info but no bootstrap config")
}
cfg, err = config.New(config.NoDefaults, info.BootstrapConfig())
if err != nil {
return nil, fmt.Errorf("cannot parse bootstrap config: %v", err)
}
return New(cfg)
}
if err != nil {
return nil, fmt.Errorf("cannot create new info for environment %q: %v", cfg.Name(), err)
}
env, err := prepare(ctx, cfg, info, p)
if err != nil {
if err := info.Destroy(); err != nil {
logger.Warningf("cannot destroy newly created environment info: %v", err)
}
return nil, err
}
info.SetBootstrapConfig(env.Config().AllAttrs())
if err := info.Write(); err != nil {
return nil, fmt.Errorf("cannot create environment info %q: %v", env.Config().Name(), err)
}
return env, nil
}
func (p manualProvider) Prepare(ctx environs.BootstrapContext, cfg *config.Config) (environs.Environ, error) {
if _, ok := cfg.UnknownAttrs()["storage-auth-key"]; !ok {
uuid, err := utils.NewUUID()
if err != nil {
return nil, err
}
cfg, err = cfg.Apply(map[string]interface{}{
"storage-auth-key": uuid.String(),
})
if err != nil {
return nil, err
}
}
if use, ok := cfg.UnknownAttrs()["use-sshstorage"].(bool); ok && !use {
return nil, fmt.Errorf("use-sshstorage must not be specified")
}
envConfig, err := p.validate(cfg, nil)
if err != nil {
return nil, err
}
if err := ensureBootstrapUbuntuUser(ctx, envConfig); err != nil {
return nil, err
}
return p.open(envConfig)
}
func (p manualProvider) validate(cfg, old *config.Config) (*environConfig, error) {
// Check for valid changes for the base config values.
if err := config.Validate(cfg, old); err != nil {
return nil, err
}
validated, err := cfg.ValidateUnknownAttrs(configFields, configDefaults)
if err != nil {
return nil, err
}
envConfig := newEnvironConfig(cfg, validated)
if envConfig.bootstrapHost() == "" {
return nil, errNoBootstrapHost
}
// Check various immutable attributes.
if old != nil {
oldEnvConfig, err := p.validate(old, nil)
if err != nil {
return nil, err
}
for _, key := range [...]string{
"bootstrap-user",
"bootstrap-host",
"storage-listen-ip",
} {
if err = checkImmutableString(envConfig, oldEnvConfig, key); err != nil {
return nil, err
}
}
oldPort, newPort := oldEnvConfig.storagePort(), envConfig.storagePort()
if oldPort != newPort {
return nil, fmt.Errorf("cannot change storage-port from %q to %q", oldPort, newPort)
}
oldUseSSHStorage, newUseSSHStorage := oldEnvConfig.useSSHStorage(), envConfig.useSSHStorage()
if oldUseSSHStorage != newUseSSHStorage && newUseSSHStorage == true {
return nil, fmt.Errorf("cannot change use-sshstorage from %v to %v", oldUseSSHStorage, newUseSSHStorage)
}
}
return envConfig, nil
}
// resolveCharmURL returns a resolved charm URL, given a charm location string.
// If the series is not resolved, the environment default-series is used, or if
// not set, the series is resolved with the state server.
func resolveCharmURL(url string, client *api.Client, conf *config.Config) (*charm.URL, error) {
ref, series, err := charm.ParseReference(url)
if err != nil {
return nil, err
}
// If series is not set, use configured default series
if series == "" {
if defaultSeries, ok := conf.DefaultSeries(); ok {
series = defaultSeries
}
}
// Otherwise, look up the best supported series for this charm
if series == "" {
if ref.Schema == "local" {
possibleUrl := &charm.URL{Reference: ref, Series: "precise"}
logger.Errorf(`The series is not specified in the environment (default-series) or with the charm. Did you mean:
%s`, possibleUrl.String())
return nil, fmt.Errorf("cannot resolve series for charm: %q", ref)
}
return client.ResolveCharm(ref)
}
return &charm.URL{Reference: ref, Series: series}, nil
}
// ensureCertificate generates a new CA certificate and
// attaches it to the given environment configuration,
// unless the configuration already has one.
func ensureCertificate(cfg *config.Config) (*config.Config, error) {
_, hasCACert := cfg.CACert()
_, hasCAKey := cfg.CAPrivateKey()
if hasCACert && hasCAKey {
return cfg, nil
}
if hasCACert && !hasCAKey {
return nil, fmt.Errorf("environment configuration with a certificate but no CA private key")
}
caCert, caKey, err := cert.NewCA(cfg.Name(), time.Now().UTC().AddDate(10, 0, 0))
if err != nil {
return nil, err
}
return cfg.Apply(map[string]interface{}{
"ca-cert": string(caCert),
"ca-private-key": string(caKey),
})
}
