Juju Charms Collection
nova-compute package

Merge lp:~alexlist/charms/trusty/nova-compute/nonstandard-authkeys-path into lp:~openstack-charmers-archive/charms/trusty/nova-compute/next

  1. Trusty Tahr (14.04)
  2. nonstandard-authkeys-path
  3. Merge into next
Proposed by Alexander List
Status: Merged
Merged at revision: 89
Proposed branch: lp:~alexlist/charms/trusty/nova-compute/nonstandard-authkeys-path
Merge into: lp:~openstack-charmers-archive/charms/trusty/nova-compute/next
Diff against target: 115 lines (+38/-7)
5 files modified
config.yaml (+9/-0)
hooks/nova_compute_hooks.py (+2/-0)
hooks/nova_compute_utils.py (+12/-7)
unit_tests/test_nova_compute_hooks.py (+9/-0)
unit_tests/test_nova_compute_utils.py (+6/-0)
To merge this branch: bzr merge lp:~alexlist/charms/trusty/nova-compute/nonstandard-authkeys-path
Reviewer Review Type Date Requested Status
Liam Young Pending
Review via email: mp+243159@code.launchpad.net

This proposal supersedes a proposal from 2014-11-28.

Description of the change

Allow configuring nonstandard authorized_keys path, including unit test, take two

To post a comment you must log in.
Revision history for this message
Liam Young (gnuoy) wrote : Posted in a previous version of this proposal

This looks good to me but please add a unit test(s) to test the new feature

review: Needs Fixing
Revision history for this message
James Page (james-page) wrote : Posted in a previous version of this proposal

Please set back to 'Needs review' once unit tests added.

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

UOSCI bot says:
charm_lint_check #1255 nova-compute-next for alexlist mp243152
    LINT FAIL: lint-test failed

LINT Results (max last 5 lines):
INFO:root:command: make -f Makefile lint
ERROR:root:Make target returned non-zero.
  hooks/nova_compute_utils.py:408:1: E302 expected 2 blank lines, found 1
  unit_tests/test_nova_compute_hooks.py:333:25: E225 missing whitespace around operator
  make: *** [lint] Error 1

Full lint test output: http://paste.ubuntu.com/9282789/
Build: http://10.98.191.181:8080/job/charm_lint_check/1255/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

UOSCI bot says:
charm_unit_test #1089 nova-compute-next for alexlist mp243152
    UNIT OK: passed

UNIT Results (max last 5 lines):
  nova_compute_hooks 134 13 90% 79, 99-100, 127, 193, 251, 256-257, 263, 267-270
  nova_compute_utils 230 106 54% 161-217, 225, 230-233, 268-270, 277, 281-284, 292-300, 304, 313-322, 335-354, 410-431, 448-458, 472-473, 478-479
  TOTAL 570 189 67%
  Ran 59 tests in 3.143s
  OK (SKIP=5)

Full unit test output: http://paste.ubuntu.com/9282790/
Build: http://10.98.191.181:8080/job/charm_unit_test/1089/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

UOSCI bot says:
charm_amulet_test #558 nova-compute-next for alexlist mp243152
    AMULET OK: passed

AMULET Results (max last 5 lines):
  juju-test.conductor.15-basic-trusty-icehouse RESULT :
  juju-test.conductor DEBUG : Tearing down osci-sv07 juju environment
  juju-test.conductor DEBUG : Calling "juju destroy-environment -y osci-sv07"
  WARNING cannot delete security group "juju-osci-sv07-0". Used by another environment?
  juju-test INFO : Results: 3 passed, 0 failed, 0 errored

Full amulet test output: http://paste.ubuntu.com/9283017/
Build: http://10.98.191.181:8080/job/charm_amulet_test/558/

Revision history for this message
Liam Young (gnuoy) wrote : Posted in a previous version of this proposal

Approve

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2014-11-25 15:10:52 +0000
3+++ config.yaml 2014-11-28 14:25:51 +0000
4@@ -77,6 +77,15 @@
5 description: |
6 TCP authentication scheme for libvirt live migration. Available options
7 include ssh.
8+ authorized-keys-path:
9+ default: '{homedir}/.ssh/authorized_keys'
10+ type: string
11+ description: |
12+ Only used when migration-auth-type is set to ssh.
13+ Full path to authorized_keys file, can be useful for systems with non default
14+ AuthorizedKeysFile location. It will be formatted using the following variables:
15+ homedir - user's home directory
16+ username - username
17 # needed if using flatmanager
18 bridge-interface:
19 default: br100
20
21=== modified file 'hooks/nova_compute_hooks.py'
22--- hooks/nova_compute_hooks.py 2014-09-30 07:40:06 +0000
23+++ hooks/nova_compute_hooks.py 2014-11-28 14:25:51 +0000
24@@ -86,10 +86,12 @@
25 # Check-in with nova-c-c and register new ssh key, if it has just been
26 # generated.
27 initialize_ssh_keys()
28+ import_authorized_keys()
29
30 if config('enable-resize') is True:
31 enable_shell(user='nova')
32 initialize_ssh_keys(user='nova')
33+ import_authorized_keys(user='nova', prefix='nova')
34 else:
35 disable_shell(user='nova')
36
37
38=== modified file 'hooks/nova_compute_utils.py'
39--- hooks/nova_compute_utils.py 2014-10-02 12:57:11 +0000
40+++ hooks/nova_compute_utils.py 2014-11-28 14:25:51 +0000
41@@ -355,8 +355,9 @@
42
43
44 def import_authorized_keys(user='root', prefix=None):
45- """Import SSH authorized_keys + known_hosts from a cloud-compute relation
46- and store in user's $HOME/.ssh.
47+ """Import SSH authorized_keys + known_hosts from a cloud-compute relation.
48+ Store known_hosts in user's $HOME/.ssh and authorized_keys in a path
49+ specified using authorized-keys-path config option.
50 """
51 known_hosts = []
52 authorized_keys = []
53@@ -390,16 +391,20 @@
54 # be allowed ?
55 if not len(known_hosts) or not len(authorized_keys):
56 return
57- dest = os.path.join(pwd.getpwnam(user).pw_dir, '.ssh')
58- log('Saving new known_hosts and authorized_keys file to: %s.' % dest)
59- with open(os.path.join(dest, 'known_hosts'), 'wb') as _hosts:
60+ homedir = pwd.getpwnam(user).pw_dir
61+ dest_auth_keys = config('authorized-keys-path').format(
62+ homedir=homedir, username=user)
63+ dest_known_hosts = os.path.join(homedir, '.ssh/known_hosts')
64+ log('Saving new known_hosts file to %s and authorized_keys file to: %s.' %
65+ (dest_known_hosts, dest_auth_keys))
66+
67+ with open(dest_known_hosts, 'wb') as _hosts:
68 for index in range(0, int(known_hosts_index)):
69 _hosts.write('{}\n'.format(known_hosts[index]))
70- with open(os.path.join(dest, 'authorized_keys'), 'wb') as _keys:
71+ with open(dest_auth_keys, 'wb') as _keys:
72 for index in range(0, int(authorized_keys_index)):
73 _keys.write('{}\n'.format(authorized_keys[index]))
74
75-
76 def do_openstack_upgrade():
77 # NOTE(jamespage) horrible hack to make utils forget a cached value
78 import charmhelpers.contrib.openstack.utils as utils
79
80=== modified file 'unit_tests/test_nova_compute_hooks.py'
81--- unit_tests/test_nova_compute_hooks.py 2014-06-24 13:44:41 +0000
82+++ unit_tests/test_nova_compute_hooks.py 2014-11-28 14:25:51 +0000
83@@ -329,6 +329,15 @@
84 call(user='nova', prefix='nova'),
85 ])
86
87+ def test_compute_changed_nonstandard_authorized_keys_path(self):
88+ self.migration_enabled.return_value = False
89+ self.test_config.set('enable-resize', True)
90+ hooks.compute_changed()
91+ self.import_authorized_keys.assert_called_with(
92+ user='nova',
93+ prefix='nova',
94+ )
95+
96 def test_ceph_joined(self):
97 hooks.ceph_joined()
98 self.apt_install.assert_called_with(['ceph-common'], fatal=True)
99
100=== modified file 'unit_tests/test_nova_compute_utils.py'
101--- unit_tests/test_nova_compute_utils.py 2014-11-28 10:20:05 +0000
102+++ unit_tests/test_nova_compute_utils.py 2014-11-28 14:25:51 +0000
103@@ -248,6 +248,12 @@
104 def test_import_authorized_keys_prefix(self):
105 self._test_import_authorized_keys_base(prefix='bar')
106
107+ def test_import_authorized_keys_authkeypath(self):
108+ nonstandard_path = '/etc/ssh/user-authorized-keys/{username}'
109+ self.test_config.set('authorized-keys-path', nonstandard_path)
110+ self._test_import_authorized_keys_base(
111+ auth_key_path='/etc/ssh/user-authorized-keys/foo')
112+
113 @patch('subprocess.check_call')
114 def test_import_keystone_cert_missing_data(self, check_call):
115 self.relation_get.return_value = None

Subscribers

People subscribed via source and target branches