func (e *environ) Bootstrap(cons constraints.Value) error {
defer delay()
if err := e.checkBroken("Bootstrap"); err != nil {
return err
}
password := e.Config().AdminSecret()
if password == "" {
return fmt.Errorf("admin-secret is required for bootstrap")
}
if _, ok := e.Config().CACert(); !ok {
return fmt.Errorf("no CA certificate in environment configuration")
}
possibleTools, err := environs.FindBootstrapTools(e, cons)
if err != nil {
return err
}
log.Infof("environs/dummy: would pick tools from %s", possibleTools)
cfg, err := environs.BootstrapConfig(e.Config())
if err != nil {
return fmt.Errorf("cannot make bootstrap config: %v", err)
}
e.state.mu.Lock()
defer e.state.mu.Unlock()
if e.state.bootstrapped {
return fmt.Errorf("environment is already bootstrapped")
}
if e.ecfg().stateServer() {
// TODO(rog) factor out relevant code from cmd/jujud/bootstrap.go
// so that we can call it here.
info := stateInfo()
st, err := state.Initialize(info, cfg, state.DefaultDialOpts())
if err != nil {
panic(err)
}
if err := st.SetEnvironConstraints(cons); err != nil {
panic(err)
}
if err := st.SetAdminMongoPassword(utils.PasswordHash(password)); err != nil {
panic(err)
}
_, err = st.AddUser("admin", password)
if err != nil {
panic(err)
}
e.state.apiServer, err = apiserver.NewServer(st, "localhost:0", []byte(testing.ServerCert), []byte(testing.ServerKey))
if err != nil {
panic(err)
}
e.state.apiState = st
}
e.state.bootstrapped = true
e.state.ops <- OpBootstrap{Env: e.state.name, Constraints: cons}
return nil
}
func (s *loginSuite) TestBadLogin(c *C) {
// Start our own server so we can control when the first login
// happens. Otherwise in JujuConnSuite.SetUpTest api.Open is
// called with user-admin permissions automatically.
srv, err := apiserver.NewServer(
s.State,
"localhost:0",
[]byte(coretesting.ServerCert),
[]byte(coretesting.ServerKey),
)
c.Assert(err, IsNil)
defer func() {
err := srv.Stop()
c.Assert(err, IsNil)
}()
info := &api.Info{
Tag: "",
Password: "",
Addrs: []string{srv.Addr()},
CACert: []byte(coretesting.CACert),
}
for i, t := range badLoginTests {
c.Logf("test %d; entity %q; password %q", i, t.tag, t.password)
// Note that Open does not log in if the tag and password
// are empty. This allows us to test operations on the connection
// before calling Login, which we could not do if Open
// always logged in.
info.Tag = ""
info.Password = ""
func() {
st, err := api.Open(info, fastDialOpts)
c.Assert(err, IsNil)
defer st.Close()
_, err = st.Machiner().Machine("0")
c.Assert(err, ErrorMatches, `unknown object type "Machiner"`)
// Since these are user login tests, the nonce is empty.
err = st.Login(t.tag, t.password, "")
c.Assert(err, ErrorMatches, t.err)
c.Assert(params.ErrCode(err), Equals, t.code)
_, err = st.Machiner().Machine("0")
c.Assert(err, ErrorMatches, `unknown object type "Machiner"`)
}()
}
}
func (s *serverSuite) TestStop(c *C) {
// Start our own instance of the server so we have
// a handle on it to stop it.
srv, err := apiserver.NewServer(s.State, "localhost:0", []byte(coretesting.ServerCert), []byte(coretesting.ServerKey))
c.Assert(err, IsNil)
defer srv.Stop()
stm, err := s.State.AddMachine("series", state.JobHostUnits)
c.Assert(err, IsNil)
err = stm.SetProvisioned("foo", "fake_nonce", nil)
c.Assert(err, IsNil)
err = stm.SetPassword("password")
c.Assert(err, IsNil)
// Note we can't use openAs because we're not connecting to
// s.APIConn.
apiInfo := &api.Info{
Tag: stm.Tag(),
Password: "******",
Nonce: "fake_nonce",
Addrs: []string{srv.Addr()},
CACert: []byte(coretesting.CACert),
}
st, err := api.Open(apiInfo, fastDialOpts)
c.Assert(err, IsNil)
defer st.Close()
_, err = st.Machiner().Machine(stm.Tag())
c.Assert(err, IsNil)
err = srv.Stop()
c.Assert(err, IsNil)
_, err = st.Machiner().Machine(stm.Tag())
// The client has not necessarily seen the server shutdown yet,
// so there are two possible errors.
if err != rpc.ErrShutdown && err != io.ErrUnexpectedEOF {
c.Fatalf("unexpected error from request: %v", err)
}
// Check it can be stopped twice.
err = srv.Stop()
c.Assert(err, IsNil)
}
// StateJobs returns a worker running all the workers that require
// a *state.State connection.
func (a *MachineAgent) StateWorker() (worker.Worker, error) {
st, entity, err := openState(a.Conf.Conf, a)
if err != nil {
return nil, err
}
// If this fails, other bits will fail, so we just log the error, and
// let the other failures actually restart runners
if err := EnsureAPIInfo(a.Conf.Conf, st, entity); err != nil {
log.Warningf("failed to EnsureAPIInfo: %v", err)
}
reportOpenedState(st)
m := entity.(*state.Machine)
// TODO(rog) use more discriminating test for errors
// rather than taking everything down indiscriminately.
dataDir := a.Conf.DataDir
runner := worker.NewRunner(allFatal, moreImportant)
runner.StartWorker("upgrader", func() (worker.Worker, error) {
// TODO(rog) use id instead of *Machine (or introduce Clone method)
return NewUpgrader(st, m, dataDir), nil
})
// At this stage, since we don't embed lxc containers, just start an lxc
// provisioner task for non-lxc containers. Since we have only LXC
// containers and normal machines, this effectively means that we only
// have an LXC provisioner when we have a normally provisioned machine
// (through the environ-provisioner). With the upcoming advent of KVM
// containers, it is likely that we will want an LXC provisioner on a KVM
// machine, and once we get nested LXC containers, we can remove this
// check.
providerType := os.Getenv("JUJU_PROVIDER_TYPE")
if providerType != provider.Local && m.ContainerType() != instance.LXC {
workerName := fmt.Sprintf("%s-provisioner", provisioner.LXC)
runner.StartWorker(workerName, func() (worker.Worker, error) {
return provisioner.NewProvisioner(provisioner.LXC, st, a.MachineId, dataDir), nil
})
}
// Take advantage of special knowledge here in that we will only ever want
// the storage provider on one machine, and that is the "bootstrap" node.
if providerType == provider.Local && m.Id() == bootstrapMachineId {
runner.StartWorker("local-storage", func() (worker.Worker, error) {
return localstorage.NewWorker(), nil
})
}
for _, job := range m.Jobs() {
switch job {
case state.JobHostUnits:
runner.StartWorker("deployer", func() (worker.Worker, error) {
return newDeployer(st, m.Id(), dataDir), nil
})
case state.JobManageEnviron:
runner.StartWorker("environ-provisioner", func() (worker.Worker, error) {
return provisioner.NewProvisioner(provisioner.ENVIRON, st, a.MachineId, dataDir), nil
})
runner.StartWorker("firewaller", func() (worker.Worker, error) {
return firewaller.NewFirewaller(st), nil
})
case state.JobManageState:
runner.StartWorker("apiserver", func() (worker.Worker, error) {
// If the configuration does not have the required information,
// it is currently not a recoverable error, so we kill the whole
// agent, potentially enabling human intervention to fix
// the agent's configuration file. In the future, we may retrieve
// the state server certificate and key from the state, and
// this should then change.
if len(a.Conf.StateServerCert) == 0 || len(a.Conf.StateServerKey) == 0 {
return nil, &fatalError{"configuration does not have state server cert/key"}
}
return apiserver.NewServer(st, fmt.Sprintf(":%d", a.Conf.APIPort), a.Conf.StateServerCert, a.Conf.StateServerKey)
})
runner.StartWorker("cleaner", func() (worker.Worker, error) {
return cleaner.NewCleaner(st), nil
})
runner.StartWorker("resumer", func() (worker.Worker, error) {
// The action of resumer is so subtle that it is not tested,
// because we can't figure out how to do so without brutalising
// the transaction log.
return resumer.NewResumer(st), nil
})
default:
log.Warningf("ignoring unknown job %q", job)
}
}
return newCloseWorker(runner, st), nil
}