Merge lp:~clint-fewbar/pyjuju/add-egress-zookeeper-protection into lp:pyjuju
- add-egress-zookeeper-protection
- Merge into trunk
Proposed by
Clint Byrum
| Status: | Needs review |
|---|---|
| Proposed branch: | lp:~clint-fewbar/pyjuju/add-egress-zookeeper-protection |
| Merge into: | lp:pyjuju |
| Diff against target: |
1150 lines (+496/-461) 18 files modified
juju/lib/tests/data/test_prestart (+10/-0) juju/lib/tests/test_upstart.py (+14/-0) juju/lib/upstart.py (+6/-1) juju/providers/common/cloudinit.py (+43/-0) juju/providers/common/tests/data/cloud_init_bootstrap (+33/-52) juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers (+45/-52) juju/providers/common/tests/data/cloud_init_branch (+34/-29) juju/providers/common/tests/data/cloud_init_branch_trunk (+34/-29) juju/providers/common/tests/data/cloud_init_distro (+30/-27) juju/providers/common/tests/data/cloud_init_ppa (+30/-27) juju/providers/common/tests/data/cloud_init_proposed (+30/-27) juju/providers/ec2/tests/data/bootstrap_cloud_init (+33/-53) juju/providers/ec2/tests/data/launch_cloud_init (+29/-27) juju/providers/ec2/tests/data/launch_cloud_init_branch (+33/-29) juju/providers/ec2/tests/data/launch_cloud_init_ppa (+29/-27) juju/providers/orchestra/launch.py (+1/-1) juju/providers/orchestra/tests/data/bootstrap_user_data (+33/-53) juju/providers/orchestra/tests/data/launch_user_data (+29/-27) |
| To merge this branch: | bzr merge lp:~clint-fewbar/pyjuju/add-egress-zookeeper-protection |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Juju Engineering | Pending | ||
|
Review via email:
|
|||
Commit message
Description of the change
protect zookeeper from non-root direct access
Adds pre-start capability to juju.lib.upstart. Also reformatted tests'
cloud-config data to be more readable.
To post a comment you must log in.
Revision history for this message
| Kapil Thangavelu (hazmat) wrote : | # |
cool. i'll have to brush on my iptables syntax. does the impl here
support service restarts?
Unmerged revisions
- 588. By Clint Byrum
-
special case localhost because it is needed for client<->zookeeper communication
- 587. By Clint Byrum
-
fixing test data to match new pre-start
- 586. By Clint Byrum
-
fix pre-start
- 585. By Clint Byrum
-
remove debugging aids from tests
- 584. By Clint Byrum
-
fixing upstart tests
- 583. By Clint Byrum
-
fixing EC2 tests
- 582. By Clint Byrum
-
fix orchestra launch tests
- 581. By Clint Byrum
-
fixing bootstrap user data
- 580. By Clint Byrum
-
Add iptables rule as pre-start for machine agent to prevent non-root access to ZK
- 579. By Clint Byrum
-
add prestart to juju.lib.upstart
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === added file 'juju/lib/tests/data/test_prestart' | |||
| 2 | --- juju/lib/tests/data/test_prestart 1970-01-01 00:00:00 +0000 | |||
| 3 | +++ juju/lib/tests/data/test_prestart 2012-09-21 23:19:20 +0000 | |||
| 4 | @@ -0,0 +1,10 @@ | |||
| 5 | 1 | description "uninteresting service" | ||
| 6 | 2 | author "Juju Team <juju@lists.ubuntu.com>" | ||
| 7 | 3 | |||
| 8 | 4 | start on runlevel [2345] | ||
| 9 | 5 | stop on runlevel [!2345] | ||
| 10 | 6 | respawn | ||
| 11 | 7 | |||
| 12 | 8 | |||
| 13 | 9 | pre-start exec /bin/true | ||
| 14 | 10 | exec /bin/false >> /tmp/some-name.output 2>&1 | ||
| 15 | 0 | 11 | ||
| 16 | === modified file 'juju/lib/tests/test_upstart.py' | |||
| 17 | --- juju/lib/tests/test_upstart.py 2012-01-27 16:12:47 +0000 | |||
| 18 | +++ juju/lib/tests/test_upstart.py 2012-09-21 23:19:20 +0000 | |||
| 19 | @@ -183,6 +183,20 @@ | |||
| 20 | 183 | self.assert_conf("test_basic_install") | 183 | self.assert_conf("test_basic_install") |
| 21 | 184 | 184 | ||
| 22 | 185 | @inlineCallbacks | 185 | @inlineCallbacks |
| 23 | 186 | def test_prestart(self): | ||
| 24 | 187 | """Check a simple UpstartService writes expected conf file""" | ||
| 25 | 188 | e = yield self.assertFailure(self.service.install(), ServiceError) | ||
| 26 | 189 | self.assertEquals(str(e), "Cannot render .conf: no description set") | ||
| 27 | 190 | self.service.set_description("uninteresting service") | ||
| 28 | 191 | e = yield self.assertFailure(self.service.install(), ServiceError) | ||
| 29 | 192 | self.assertEquals(str(e), "Cannot render .conf: no command set") | ||
| 30 | 193 | self.service.set_command("/bin/false") | ||
| 31 | 194 | self.service.set_prestart("pre-start exec /bin/true") | ||
| 32 | 195 | yield self.service.install() | ||
| 33 | 196 | |||
| 34 | 197 | self.assert_conf("test_prestart") | ||
| 35 | 198 | |||
| 36 | 199 | @inlineCallbacks | ||
| 37 | 186 | def test_less_basic_install(self): | 200 | def test_less_basic_install(self): |
| 38 | 187 | """Check conf for a different UpstartService (which sets an env var)""" | 201 | """Check conf for a different UpstartService (which sets an env var)""" |
| 39 | 188 | self.service.set_description("pew pew pew blam") | 202 | self.service.set_description("pew pew pew blam") |
| 40 | 189 | 203 | ||
| 41 | === modified file 'juju/lib/upstart.py' | |||
| 42 | --- juju/lib/upstart.py 2012-08-03 10:55:21 +0000 | |||
| 43 | +++ juju/lib/upstart.py 2012-09-21 23:19:20 +0000 | |||
| 44 | @@ -19,7 +19,7 @@ | |||
| 45 | 19 | respawn | 19 | respawn |
| 46 | 20 | 20 | ||
| 47 | 21 | %s | 21 | %s |
| 49 | 22 | 22 | %s | |
| 50 | 23 | exec %s >> %s 2>&1 | 23 | exec %s >> %s 2>&1 |
| 51 | 24 | """ | 24 | """ |
| 52 | 25 | 25 | ||
| 53 | @@ -41,6 +41,7 @@ | |||
| 54 | 41 | self._use_sudo = use_sudo | 41 | self._use_sudo = use_sudo |
| 55 | 42 | self._output_path = None | 42 | self._output_path = None |
| 56 | 43 | self._description = None | 43 | self._description = None |
| 57 | 44 | self._prestart = '' | ||
| 58 | 44 | self._environ = {} | 45 | self._environ = {} |
| 59 | 45 | self._command = None | 46 | self._command = None |
| 60 | 46 | 47 | ||
| 61 | @@ -61,6 +62,9 @@ | |||
| 62 | 61 | def set_environ(self, environ): | 62 | def set_environ(self, environ): |
| 63 | 62 | self._environ = environ | 63 | self._environ = environ |
| 64 | 63 | 64 | ||
| 65 | 65 | def set_prestart(self, prestart): | ||
| 66 | 66 | self._prestart = prestart | ||
| 67 | 67 | |||
| 68 | 64 | def set_command(self, command): | 68 | def set_command(self, command): |
| 69 | 65 | self._command = command | 69 | self._command = command |
| 70 | 66 | 70 | ||
| 71 | @@ -83,6 +87,7 @@ | |||
| 72 | 83 | self._description, | 87 | self._description, |
| 73 | 84 | "\n".join('env %s="%s"' % kv | 88 | "\n".join('env %s="%s"' % kv |
| 74 | 85 | for kv in sorted(self._environ.items())), | 89 | for kv in sorted(self._environ.items())), |
| 75 | 90 | self._prestart, | ||
| 76 | 86 | self._command, | 91 | self._command, |
| 77 | 87 | self.output_path) | 92 | self.output_path) |
| 78 | 88 | 93 | ||
| 79 | 89 | 94 | ||
| 80 | === modified file 'juju/providers/common/cloudinit.py' | |||
| 81 | --- juju/providers/common/cloudinit.py 2012-09-10 03:20:20 +0000 | |||
| 82 | +++ juju/providers/common/cloudinit.py 2012-09-21 23:19:20 +0000 | |||
| 83 | @@ -14,6 +14,24 @@ | |||
| 84 | 14 | BRANCH = "branch" | 14 | BRANCH = "branch" |
| 85 | 15 | PROPOSED = "proposed" | 15 | PROPOSED = "proposed" |
| 86 | 16 | 16 | ||
| 87 | 17 | _MACHINE_AGENT_PRESTART = """ | ||
| 88 | 18 | pre-start script | ||
| 89 | 19 | # Protects ZooKeeper from access by non-root users. | ||
| 90 | 20 | %(deleteports)s | ||
| 91 | 21 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : | ||
| 92 | 22 | iptables -N juju-protect-zookeepers | ||
| 93 | 23 | %(insertports)s | ||
| 94 | 24 | %(hostlines)s | ||
| 95 | 25 | end script | ||
| 96 | 26 | """ | ||
| 97 | 27 | |||
| 98 | 28 | _MACHINE_AGENT_HOST_IPTABLES = """ iptables -A juju-protect-zookeepers -d %s -m owner \! --uid-owner 0 -j DROP""" | ||
| 99 | 29 | _MACHINE_AGENT_PORT_IPTABLES = """OUTPUT -p tcp --dport %s -j juju-protect-zookeepers""" | ||
| 100 | 30 | _MACHINE_AGENT_DPORT_IPTABLES = """ if iptables -C %s ; then | ||
| 101 | 31 | iptables -D %s | ||
| 102 | 32 | fi""" | ||
| 103 | 33 | _MACHINE_AGENT_IPORT_IPTABLES = ' iptables -I %s' | ||
| 104 | 34 | |||
| 105 | 17 | 35 | ||
| 106 | 18 | def _branch_install_scripts(branch): | 36 | def _branch_install_scripts(branch): |
| 107 | 19 | return [ | 37 | return [ |
| 108 | @@ -50,6 +68,31 @@ | |||
| 109 | 50 | service.set_description("Juju machine agent") | 68 | service.set_description("Juju machine agent") |
| 110 | 51 | service.set_environ( | 69 | service.set_environ( |
| 111 | 52 | {"JUJU_MACHINE_ID": machine_id, "JUJU_ZOOKEEPER": zookeeper_hosts}) | 70 | {"JUJU_MACHINE_ID": machine_id, "JUJU_ZOOKEEPER": zookeeper_hosts}) |
| 112 | 71 | |||
| 113 | 72 | zk_hosts_list = zookeeper_hosts.split(',') | ||
| 114 | 73 | zk_with_port = [ x.split(':') for x in zk_hosts_list ] | ||
| 115 | 74 | host_lines = [] | ||
| 116 | 75 | ports = set() | ||
| 117 | 76 | for zk in zk_with_port: | ||
| 118 | 77 | # Can't block localhost because of client<->zk tunnel. | ||
| 119 | 78 | if zk[0] == 'localhost': | ||
| 120 | 79 | continue | ||
| 121 | 80 | if len(zk) >= 2: | ||
| 122 | 81 | ports.add(zk[1]) | ||
| 123 | 82 | host_lines.append(_MACHINE_AGENT_HOST_IPTABLES % (zk[0])) | ||
| 124 | 83 | # Only add if there is at least one host to protect | ||
| 125 | 84 | if len(host_lines): | ||
| 126 | 85 | del_port_lines = [] | ||
| 127 | 86 | ins_port_lines = [] | ||
| 128 | 87 | for port in ports: | ||
| 129 | 88 | rule = _MACHINE_AGENT_PORT_IPTABLES % (port) | ||
| 130 | 89 | del_port_lines.append(_MACHINE_AGENT_DPORT_IPTABLES % (rule, rule)) | ||
| 131 | 90 | ins_port_lines.append(_MACHINE_AGENT_IPORT_IPTABLES % (rule)) | ||
| 132 | 91 | service.set_prestart(_MACHINE_AGENT_PRESTART % { | ||
| 133 | 92 | 'deleteports': "\n".join(del_port_lines), | ||
| 134 | 93 | 'insertports': "\n".join(ins_port_lines), | ||
| 135 | 94 | 'hostlines':"\n".join(host_lines)}) | ||
| 136 | 95 | |||
| 137 | 53 | service.set_command( | 96 | service.set_command( |
| 138 | 54 | "python -m juju.agents.machine --nodaemon " | 97 | "python -m juju.agents.machine --nodaemon " |
| 139 | 55 | "--logfile /var/log/juju/machine-agent.log " | 98 | "--logfile /var/log/juju/machine-agent.log " |
| 140 | 56 | 99 | ||
| 141 | === modified file 'juju/providers/common/tests/data/cloud_init_bootstrap' | |||
| 142 | --- juju/providers/common/tests/data/cloud_init_bootstrap 2012-08-23 16:14:42 +0000 | |||
| 143 | +++ juju/providers/common/tests/data/cloud_init_bootstrap 2012-09-21 23:19:20 +0000 | |||
| 144 | @@ -6,56 +6,37 @@ | |||
| 145 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 146 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
| 147 | 8 | default-jre-headless, zookeeper, zookeeperd, juju] | 8 | default-jre-headless, zookeeper, zookeeperd, juju] |
| 200 | 9 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 9 | runcmd: |
| 201 | 10 | --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= | 10 | - sudo mkdir -p /var/lib/juju |
| 202 | 11 | --provider-type=dummy', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/log/juju |
| 203 | 12 | 12 | - juju-admin initialize --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= --provider-type=dummy | |
| 204 | 13 | description "Juju machine agent" | 13 | - | |
| 205 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 206 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
| 207 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 208 | 17 | 17 | ||
| 209 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
| 210 | 19 | 19 | stop on runlevel [!2345] | |
| 211 | 20 | stop on runlevel [!2345] | 20 | respawn |
| 212 | 21 | 21 | ||
| 213 | 22 | respawn | 22 | env JUJU_MACHINE_ID="passport" |
| 214 | 23 | 23 | env JUJU_ZOOKEEPER="localhost:2181" | |
| 215 | 24 | 24 | ||
| 216 | 25 | env JUJU_MACHINE_ID="passport" | 25 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
| 217 | 26 | 26 | EOF | |
| 218 | 27 | env JUJU_ZOOKEEPER="localhost:2181" | 27 | - /sbin/start juju-machine-agent |
| 219 | 28 | 28 | - | | |
| 220 | 29 | 29 | cat >> /etc/init/juju-provision-agent.conf <<EOF | |
| 221 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | description "Juju provisioning agent" |
| 222 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | author "Juju Team <juju@lists.ubuntu.com>" |
| 223 | 32 | 2>&1 | 32 | |
| 224 | 33 | 33 | start on runlevel [2345] | |
| 225 | 34 | EOF | 34 | stop on runlevel [!2345] |
| 226 | 35 | 35 | respawn | |
| 227 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | |
| 228 | 37 | <<EOF | 37 | env JUJU_ZOOKEEPER="localhost:2181" |
| 229 | 38 | 38 | ||
| 230 | 39 | description "Juju provisioning agent" | 39 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 |
| 231 | 40 | 40 | EOF | |
| 232 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | 41 | - /sbin/start juju-provision-agent |
| 181 | 42 | |||
| 182 | 43 | |||
| 183 | 44 | start on runlevel [2345] | ||
| 184 | 45 | |||
| 185 | 46 | stop on runlevel [!2345] | ||
| 186 | 47 | |||
| 187 | 48 | respawn | ||
| 188 | 49 | |||
| 189 | 50 | |||
| 190 | 51 | env JUJU_ZOOKEEPER="localhost:2181" | ||
| 191 | 52 | |||
| 192 | 53 | |||
| 193 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
| 194 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
| 195 | 56 | 2>&1 | ||
| 196 | 57 | |||
| 197 | 58 | EOF | ||
| 198 | 59 | |||
| 199 | 60 | ', /sbin/start juju-provision-agent] | ||
| 233 | 61 | ssh_authorized_keys: [chubb] | 42 | ssh_authorized_keys: [chubb] |
| 234 | 62 | 43 | ||
| 235 | === modified file 'juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers' | |||
| 236 | --- juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers 2012-08-23 16:14:42 +0000 | |||
| 237 | +++ juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers 2012-09-21 23:19:20 +0000 | |||
| 238 | @@ -6,56 +6,49 @@ | |||
| 239 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 240 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
| 241 | 8 | default-jre-headless, zookeeper, zookeeperd, juju] | 8 | default-jre-headless, zookeeper, zookeeperd, juju] |
| 294 | 9 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 9 | runcmd: |
| 295 | 10 | --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= | 10 | - sudo mkdir -p /var/lib/juju |
| 296 | 11 | --provider-type=dummy', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/log/juju |
| 297 | 12 | 12 | - juju-admin initialize --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= --provider-type=dummy | |
| 298 | 13 | description "Juju machine agent" | 13 | - | |
| 299 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 300 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
| 301 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 302 | 17 | 17 | ||
| 303 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
| 304 | 19 | 19 | stop on runlevel [!2345] | |
| 305 | 20 | stop on runlevel [!2345] | 20 | respawn |
| 306 | 21 | 21 | ||
| 307 | 22 | respawn | 22 | env JUJU_MACHINE_ID="passport" |
| 308 | 23 | 23 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | |
| 309 | 24 | 24 | ||
| 310 | 25 | env JUJU_MACHINE_ID="passport" | 25 | pre-start script |
| 311 | 26 | 26 | # Protects ZooKeeper from access by non-root users. | |
| 312 | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | 27 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 313 | 28 | 28 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 314 | 29 | 29 | fi | |
| 315 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 316 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | iptables -N juju-protect-zookeepers |
| 317 | 32 | 2>&1 | 32 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 318 | 33 | 33 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
| 319 | 34 | EOF | 34 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
| 320 | 35 | 35 | end script | |
| 321 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | |
| 322 | 37 | <<EOF | 37 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
| 323 | 38 | 38 | EOF | |
| 324 | 39 | description "Juju provisioning agent" | 39 | - /sbin/start juju-machine-agent |
| 325 | 40 | 40 | - | | |
| 326 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | 41 | cat >> /etc/init/juju-provision-agent.conf <<EOF |
| 327 | 42 | 42 | description "Juju provisioning agent" | |
| 328 | 43 | 43 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 329 | 44 | start on runlevel [2345] | 44 | |
| 330 | 45 | 45 | start on runlevel [2345] | |
| 331 | 46 | stop on runlevel [!2345] | 46 | stop on runlevel [!2345] |
| 332 | 47 | 47 | respawn | |
| 333 | 48 | respawn | 48 | |
| 334 | 49 | 49 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | |
| 335 | 50 | 50 | ||
| 336 | 51 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | 51 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 |
| 337 | 52 | 52 | EOF | |
| 338 | 53 | 53 | - /sbin/start juju-provision-agent | |
| 287 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
| 288 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
| 289 | 56 | 2>&1 | ||
| 290 | 57 | |||
| 291 | 58 | EOF | ||
| 292 | 59 | |||
| 293 | 60 | ', /sbin/start juju-provision-agent] | ||
| 339 | 61 | ssh_authorized_keys: [chubb] | 54 | ssh_authorized_keys: [chubb] |
| 340 | 62 | 55 | ||
| 341 | === modified file 'juju/providers/common/tests/data/cloud_init_branch' | |||
| 342 | --- juju/providers/common/tests/data/cloud_init_branch 2012-08-23 16:14:42 +0000 | |||
| 343 | +++ juju/providers/common/tests/data/cloud_init_branch 2012-09-21 23:19:20 +0000 | |||
| 344 | @@ -7,33 +7,38 @@ | |||
| 345 | 7 | machine-id: passport} | 7 | machine-id: passport} |
| 346 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 347 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] |
| 377 | 10 | runcmd: [sudo apt-get install -y python-txzookeeper, sudo mkdir -p /usr/lib/juju, | 10 | runcmd: |
| 378 | 11 | 'cd /usr/lib/juju && sudo /usr/bin/bzr co lp:blah/juju/blah-blah juju', cd /usr/lib/juju/juju | 11 | - sudo apt-get install -y python-txzookeeper |
| 379 | 12 | && sudo python setup.py develop, sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, | 12 | - sudo mkdir -p /usr/lib/juju |
| 380 | 13 | 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 13 | - cd /usr/lib/juju && sudo /usr/bin/bzr co lp:blah/juju/blah-blah juju |
| 381 | 14 | 14 | - cd /usr/lib/juju/juju && sudo python setup.py develop | |
| 382 | 15 | description "Juju machine agent" | 15 | - sudo mkdir -p /var/lib/juju |
| 383 | 16 | 16 | - sudo mkdir -p /var/log/juju | |
| 384 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | 17 | - | |
| 385 | 18 | 18 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 386 | 19 | 19 | description "Juju machine agent" | |
| 387 | 20 | start on runlevel [2345] | 20 | author "Juju Team <juju@lists.ubuntu.com>" |
| 388 | 21 | 21 | ||
| 389 | 22 | stop on runlevel [!2345] | 22 | start on runlevel [2345] |
| 390 | 23 | 23 | stop on runlevel [!2345] | |
| 391 | 24 | respawn | 24 | respawn |
| 392 | 25 | 25 | ||
| 393 | 26 | 26 | env JUJU_MACHINE_ID="passport" | |
| 394 | 27 | env JUJU_MACHINE_ID="passport" | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" |
| 395 | 28 | 28 | ||
| 396 | 29 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 29 | pre-start script |
| 397 | 30 | 30 | # Protects ZooKeeper from access by non-root users. | |
| 398 | 31 | 31 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then | |
| 399 | 32 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 32 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 400 | 33 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 33 | fi |
| 401 | 34 | 2>&1 | 34 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 402 | 35 | 35 | iptables -N juju-protect-zookeepers | |
| 403 | 36 | EOF | 36 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 404 | 37 | 37 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
| 405 | 38 | ', /sbin/start juju-machine-agent] | 38 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
| 406 | 39 | end script | ||
| 407 | 40 | |||
| 408 | 41 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
| 409 | 42 | EOF | ||
| 410 | 43 | - /sbin/start juju-machine-agent | ||
| 411 | 39 | ssh_authorized_keys: [chubb] | 44 | ssh_authorized_keys: [chubb] |
| 412 | 40 | 45 | ||
| 413 | === modified file 'juju/providers/common/tests/data/cloud_init_branch_trunk' | |||
| 414 | --- juju/providers/common/tests/data/cloud_init_branch_trunk 2012-08-23 16:14:42 +0000 | |||
| 415 | +++ juju/providers/common/tests/data/cloud_init_branch_trunk 2012-09-21 23:19:20 +0000 | |||
| 416 | @@ -7,33 +7,38 @@ | |||
| 417 | 7 | machine-id: passport} | 7 | machine-id: passport} |
| 418 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 419 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] |
| 449 | 10 | runcmd: [sudo apt-get install -y python-txzookeeper, sudo mkdir -p /usr/lib/juju, | 10 | runcmd: |
| 450 | 11 | 'cd /usr/lib/juju && sudo /usr/bin/bzr co lp:juju juju', cd /usr/lib/juju/juju && | 11 | - sudo apt-get install -y python-txzookeeper |
| 451 | 12 | sudo python setup.py develop, sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, | 12 | - sudo mkdir -p /usr/lib/juju |
| 452 | 13 | 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 13 | - cd /usr/lib/juju && sudo /usr/bin/bzr co lp:juju juju |
| 453 | 14 | 14 | - cd /usr/lib/juju/juju && sudo python setup.py develop | |
| 454 | 15 | description "Juju machine agent" | 15 | - sudo mkdir -p /var/lib/juju |
| 455 | 16 | 16 | - sudo mkdir -p /var/log/juju | |
| 456 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | 17 | - | |
| 457 | 18 | 18 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 458 | 19 | 19 | description "Juju machine agent" | |
| 459 | 20 | start on runlevel [2345] | 20 | author "Juju Team <juju@lists.ubuntu.com>" |
| 460 | 21 | 21 | ||
| 461 | 22 | stop on runlevel [!2345] | 22 | start on runlevel [2345] |
| 462 | 23 | 23 | stop on runlevel [!2345] | |
| 463 | 24 | respawn | 24 | respawn |
| 464 | 25 | 25 | ||
| 465 | 26 | 26 | env JUJU_MACHINE_ID="passport" | |
| 466 | 27 | env JUJU_MACHINE_ID="passport" | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" |
| 467 | 28 | 28 | ||
| 468 | 29 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 29 | pre-start script |
| 469 | 30 | 30 | # Protects ZooKeeper from access by non-root users. | |
| 470 | 31 | 31 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then | |
| 471 | 32 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 32 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 472 | 33 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 33 | fi |
| 473 | 34 | 2>&1 | 34 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 474 | 35 | 35 | iptables -N juju-protect-zookeepers | |
| 475 | 36 | EOF | 36 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 476 | 37 | 37 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
| 477 | 38 | ', /sbin/start juju-machine-agent] | 38 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
| 478 | 39 | end script | ||
| 479 | 40 | |||
| 480 | 41 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
| 481 | 42 | EOF | ||
| 482 | 43 | - /sbin/start juju-machine-agent | ||
| 483 | 39 | ssh_authorized_keys: [chubb] | 44 | ssh_authorized_keys: [chubb] |
| 484 | 40 | 45 | ||
| 485 | === modified file 'juju/providers/common/tests/data/cloud_init_distro' | |||
| 486 | --- juju/providers/common/tests/data/cloud_init_distro 2012-08-23 16:14:42 +0000 | |||
| 487 | +++ juju/providers/common/tests/data/cloud_init_distro 2012-09-21 23:19:20 +0000 | |||
| 488 | @@ -6,31 +6,34 @@ | |||
| 489 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 490 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
| 491 | 8 | juju] | 8 | juju] |
| 519 | 9 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf | 9 | runcmd: |
| 520 | 10 | <<EOF | 10 | - sudo mkdir -p /var/lib/juju |
| 521 | 11 | 11 | - sudo mkdir -p /var/log/juju | |
| 522 | 12 | description "Juju machine agent" | 12 | - | |
| 523 | 13 | 13 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 524 | 14 | author "Juju Team <juju@lists.ubuntu.com>" | 14 | description "Juju machine agent" |
| 525 | 15 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 526 | 16 | 16 | ||
| 527 | 17 | start on runlevel [2345] | 17 | start on runlevel [2345] |
| 528 | 18 | 18 | stop on runlevel [!2345] | |
| 529 | 19 | stop on runlevel [!2345] | 19 | respawn |
| 530 | 20 | 20 | ||
| 531 | 21 | respawn | 21 | env JUJU_MACHINE_ID="passport" |
| 532 | 22 | 22 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | |
| 533 | 23 | 23 | ||
| 534 | 24 | env JUJU_MACHINE_ID="passport" | 24 | pre-start script |
| 535 | 25 | 25 | # Protects ZooKeeper from access by non-root users. | |
| 536 | 26 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 26 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 537 | 27 | 27 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 538 | 28 | 28 | fi | |
| 539 | 29 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 29 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 540 | 30 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 30 | iptables -N juju-protect-zookeepers |
| 541 | 31 | 2>&1 | 31 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 542 | 32 | 32 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
| 543 | 33 | EOF | 33 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
| 544 | 34 | 34 | end script | |
| 545 | 35 | ', /sbin/start juju-machine-agent] | 35 | |
| 546 | 36 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
| 547 | 37 | EOF | ||
| 548 | 38 | - /sbin/start juju-machine-agent | ||
| 549 | 36 | ssh_authorized_keys: [chubb] | 39 | ssh_authorized_keys: [chubb] |
| 550 | 37 | 40 | ||
| 551 | === modified file 'juju/providers/common/tests/data/cloud_init_ppa' | |||
| 552 | --- juju/providers/common/tests/data/cloud_init_ppa 2012-08-23 16:14:42 +0000 | |||
| 553 | +++ juju/providers/common/tests/data/cloud_init_ppa 2012-09-21 23:19:20 +0000 | |||
| 554 | @@ -8,31 +8,34 @@ | |||
| 555 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 556 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
| 557 | 10 | juju] | 10 | juju] |
| 585 | 11 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf | 11 | runcmd: |
| 586 | 12 | <<EOF | 12 | - sudo mkdir -p /var/lib/juju |
| 587 | 13 | 13 | - sudo mkdir -p /var/log/juju | |
| 588 | 14 | description "Juju machine agent" | 14 | - | |
| 589 | 15 | 15 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 590 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | 16 | description "Juju machine agent" |
| 591 | 17 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 592 | 18 | 18 | ||
| 593 | 19 | start on runlevel [2345] | 19 | start on runlevel [2345] |
| 594 | 20 | 20 | stop on runlevel [!2345] | |
| 595 | 21 | stop on runlevel [!2345] | 21 | respawn |
| 596 | 22 | 22 | ||
| 597 | 23 | respawn | 23 | env JUJU_MACHINE_ID="passport" |
| 598 | 24 | 24 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | |
| 599 | 25 | 25 | ||
| 600 | 26 | env JUJU_MACHINE_ID="passport" | 26 | pre-start script |
| 601 | 27 | 27 | # Protects ZooKeeper from access by non-root users. | |
| 602 | 28 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 28 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 603 | 29 | 29 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 604 | 30 | 30 | fi | |
| 605 | 31 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 31 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 606 | 32 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 32 | iptables -N juju-protect-zookeepers |
| 607 | 33 | 2>&1 | 33 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 608 | 34 | 34 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
| 609 | 35 | EOF | 35 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
| 610 | 36 | 36 | end script | |
| 611 | 37 | ', /sbin/start juju-machine-agent] | 37 | |
| 612 | 38 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
| 613 | 39 | EOF | ||
| 614 | 40 | - /sbin/start juju-machine-agent | ||
| 615 | 38 | ssh_authorized_keys: [chubb] | 41 | ssh_authorized_keys: [chubb] |
| 616 | 39 | 42 | ||
| 617 | === modified file 'juju/providers/common/tests/data/cloud_init_proposed' | |||
| 618 | --- juju/providers/common/tests/data/cloud_init_proposed 2012-08-23 16:14:42 +0000 | |||
| 619 | +++ juju/providers/common/tests/data/cloud_init_proposed 2012-09-21 23:19:20 +0000 | |||
| 620 | @@ -7,31 +7,34 @@ | |||
| 621 | 7 | machine-id: passport} | 7 | machine-id: passport} |
| 622 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 623 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
| 651 | 10 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 10 | runcmd: |
| 652 | 11 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/lib/juju |
| 653 | 12 | 12 | - sudo mkdir -p /var/log/juju | |
| 654 | 13 | description "Juju machine agent" | 13 | - | |
| 655 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 656 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
| 657 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 658 | 17 | 17 | ||
| 659 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
| 660 | 19 | 19 | stop on runlevel [!2345] | |
| 661 | 20 | stop on runlevel [!2345] | 20 | respawn |
| 662 | 21 | 21 | ||
| 663 | 22 | respawn | 22 | env JUJU_MACHINE_ID="passport" |
| 664 | 23 | 23 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | |
| 665 | 24 | 24 | ||
| 666 | 25 | env JUJU_MACHINE_ID="passport" | 25 | pre-start script |
| 667 | 26 | 26 | # Protects ZooKeeper from access by non-root users. | |
| 668 | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 27 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 669 | 28 | 28 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 670 | 29 | 29 | fi | |
| 671 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 672 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | iptables -N juju-protect-zookeepers |
| 673 | 32 | 2>&1 | 32 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 674 | 33 | 33 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
| 675 | 34 | EOF | 34 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
| 676 | 35 | 35 | end script | |
| 677 | 36 | ', /sbin/start juju-machine-agent] | 36 | |
| 678 | 37 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
| 679 | 38 | EOF | ||
| 680 | 39 | - /sbin/start juju-machine-agent | ||
| 681 | 37 | ssh_authorized_keys: [chubb] | 40 | ssh_authorized_keys: [chubb] |
| 682 | 38 | 41 | ||
| 683 | === modified file 'juju/providers/ec2/tests/data/bootstrap_cloud_init' | |||
| 684 | --- juju/providers/ec2/tests/data/bootstrap_cloud_init 2012-08-23 16:14:42 +0000 | |||
| 685 | +++ juju/providers/ec2/tests/data/bootstrap_cloud_init 2012-09-21 23:19:20 +0000 | |||
| 686 | @@ -5,57 +5,37 @@ | |||
| 687 | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 688 | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
| 689 | 7 | default-jre-headless, zookeeper, zookeeperd, juju] | 7 | default-jre-headless, zookeeper, zookeeperd, juju] |
| 743 | 8 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 8 | runcmd: |
| 744 | 9 | --instance-id=$(curl http://169.254.169.254/1.0/meta-data/instance-id) --admin-identity=admin:JbJ6sDGV37EHzbG9FPvttk64cmg= | 9 | - sudo mkdir -p /var/lib/juju |
| 745 | 10 | --constraints-data=e2NwdTogbnVsbCwgaW5zdGFuY2UtdHlwZTogbTEuc21hbGwsIG1lbTogbnVsbCwgcHJvdmlkZXItdHlwZTogZWMyLCB1YnVudHUtc2VyaWVzOiBzcGxlbmRpZH0K | 10 | - sudo mkdir -p /var/log/juju |
| 746 | 11 | --provider-type=ec2', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - juju-admin initialize --instance-id=$(curl http://169.254.169.254/1.0/meta-data/instance-id) --admin-identity=admin:JbJ6sDGV37EHzbG9FPvttk64cmg= --constraints-data=e2NwdTogbnVsbCwgaW5zdGFuY2UtdHlwZTogbTEuc21hbGwsIG1lbTogbnVsbCwgcHJvdmlkZXItdHlwZTogZWMyLCB1YnVudHUtc2VyaWVzOiBzcGxlbmRpZH0K --provider-type=ec2 |
| 747 | 12 | 12 | - | | |
| 748 | 13 | description "Juju machine agent" | 13 | cat >> /etc/init/juju-machine-agent.conf <<EOF |
| 749 | 14 | 14 | description "Juju machine agent" | |
| 750 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | author "Juju Team <juju@lists.ubuntu.com>" |
| 751 | 16 | 16 | ||
| 752 | 17 | 17 | start on runlevel [2345] | |
| 753 | 18 | start on runlevel [2345] | 18 | stop on runlevel [!2345] |
| 754 | 19 | 19 | respawn | |
| 755 | 20 | stop on runlevel [!2345] | 20 | |
| 756 | 21 | 21 | env JUJU_MACHINE_ID="0" | |
| 757 | 22 | respawn | 22 | env JUJU_ZOOKEEPER="localhost:2181" |
| 758 | 23 | 23 | ||
| 759 | 24 | 24 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | |
| 760 | 25 | env JUJU_MACHINE_ID="0" | 25 | EOF |
| 761 | 26 | 26 | - /sbin/start juju-machine-agent | |
| 762 | 27 | env JUJU_ZOOKEEPER="localhost:2181" | 27 | - | |
| 763 | 28 | 28 | cat >> /etc/init/juju-provision-agent.conf <<EOF | |
| 764 | 29 | 29 | description "Juju provisioning agent" | |
| 765 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | author "Juju Team <juju@lists.ubuntu.com>" |
| 766 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | |
| 767 | 32 | 2>&1 | 32 | start on runlevel [2345] |
| 768 | 33 | 33 | stop on runlevel [!2345] | |
| 769 | 34 | EOF | 34 | respawn |
| 770 | 35 | 35 | ||
| 771 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | env JUJU_ZOOKEEPER="localhost:2181" |
| 772 | 37 | <<EOF | 37 | |
| 773 | 38 | 38 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 | |
| 774 | 39 | description "Juju provisioning agent" | 39 | EOF |
| 775 | 40 | 40 | - /sbin/start juju-provision-agent | |
| 723 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | ||
| 724 | 42 | |||
| 725 | 43 | |||
| 726 | 44 | start on runlevel [2345] | ||
| 727 | 45 | |||
| 728 | 46 | stop on runlevel [!2345] | ||
| 729 | 47 | |||
| 730 | 48 | respawn | ||
| 731 | 49 | |||
| 732 | 50 | |||
| 733 | 51 | env JUJU_ZOOKEEPER="localhost:2181" | ||
| 734 | 52 | |||
| 735 | 53 | |||
| 736 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
| 737 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
| 738 | 56 | 2>&1 | ||
| 739 | 57 | |||
| 740 | 58 | EOF | ||
| 741 | 59 | |||
| 742 | 60 | ', /sbin/start juju-provision-agent] | ||
| 776 | 61 | ssh_authorized_keys: [zebra] | 41 | ssh_authorized_keys: [zebra] |
| 777 | 62 | 42 | ||
| 778 | === modified file 'juju/providers/ec2/tests/data/launch_cloud_init' | |||
| 779 | --- juju/providers/ec2/tests/data/launch_cloud_init 2012-08-23 16:14:42 +0000 | |||
| 780 | +++ juju/providers/ec2/tests/data/launch_cloud_init 2012-09-21 23:19:20 +0000 | |||
| 781 | @@ -5,31 +5,33 @@ | |||
| 782 | 5 | machine-id: '1'} | 5 | machine-id: '1'} |
| 783 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 784 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
| 812 | 8 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 8 | runcmd: |
| 813 | 9 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 9 | - sudo mkdir -p /var/lib/juju |
| 814 | 10 | 10 | - sudo mkdir -p /var/log/juju | |
| 815 | 11 | description "Juju machine agent" | 11 | - | |
| 816 | 12 | 12 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 817 | 13 | author "Juju Team <juju@lists.ubuntu.com>" | 13 | description "Juju machine agent" |
| 818 | 14 | 14 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 819 | 15 | 15 | ||
| 820 | 16 | start on runlevel [2345] | 16 | start on runlevel [2345] |
| 821 | 17 | 17 | stop on runlevel [!2345] | |
| 822 | 18 | stop on runlevel [!2345] | 18 | respawn |
| 823 | 19 | 19 | ||
| 824 | 20 | respawn | 20 | env JUJU_MACHINE_ID="1" |
| 825 | 21 | 21 | env JUJU_ZOOKEEPER="es.example.internal:2181" | |
| 826 | 22 | 22 | ||
| 827 | 23 | env JUJU_MACHINE_ID="1" | 23 | pre-start script |
| 828 | 24 | 24 | # Protects ZooKeeper from access by non-root users. | |
| 829 | 25 | env JUJU_ZOOKEEPER="es.example.internal:2181" | 25 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 830 | 26 | 26 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 831 | 27 | 27 | fi | |
| 832 | 28 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 28 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 833 | 29 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 29 | iptables -N juju-protect-zookeepers |
| 834 | 30 | 2>&1 | 30 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 835 | 31 | 31 | iptables -A juju-protect-zookeepers -d es.example.internal -m owner \! --uid-owner 0 -j DROP | |
| 836 | 32 | EOF | 32 | end script |
| 837 | 33 | 33 | ||
| 838 | 34 | ', /sbin/start juju-machine-agent] | 34 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
| 839 | 35 | EOF | ||
| 840 | 36 | - /sbin/start juju-machine-agent | ||
| 841 | 35 | ssh_authorized_keys: [zebra] | 37 | ssh_authorized_keys: [zebra] |
| 842 | 36 | 38 | ||
| 843 | === modified file 'juju/providers/ec2/tests/data/launch_cloud_init_branch' | |||
| 844 | --- juju/providers/ec2/tests/data/launch_cloud_init_branch 2012-08-23 16:14:42 +0000 | |||
| 845 | +++ juju/providers/ec2/tests/data/launch_cloud_init_branch 2012-09-21 23:19:20 +0000 | |||
| 846 | @@ -7,33 +7,37 @@ | |||
| 847 | 7 | machine-id: '1'} | 7 | machine-id: '1'} |
| 848 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 849 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] |
| 879 | 10 | runcmd: [sudo apt-get install -y python-txzookeeper, sudo mkdir -p /usr/lib/juju, | 10 | runcmd: |
| 880 | 11 | 'cd /usr/lib/juju && sudo /usr/bin/bzr co lp:~wizard/juju-juicebar juju', cd /usr/lib/juju/juju | 11 | - sudo apt-get install -y python-txzookeeper |
| 881 | 12 | && sudo python setup.py develop, sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, | 12 | - sudo mkdir -p /usr/lib/juju |
| 882 | 13 | 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 13 | - cd /usr/lib/juju && sudo /usr/bin/bzr co lp:~wizard/juju-juicebar juju |
| 883 | 14 | 14 | - cd /usr/lib/juju/juju && sudo python setup.py develop | |
| 884 | 15 | description "Juju machine agent" | 15 | - sudo mkdir -p /var/lib/juju |
| 885 | 16 | 16 | - sudo mkdir -p /var/log/juju | |
| 886 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | 17 | - | |
| 887 | 18 | 18 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 888 | 19 | 19 | description "Juju machine agent" | |
| 889 | 20 | start on runlevel [2345] | 20 | author "Juju Team <juju@lists.ubuntu.com>" |
| 890 | 21 | 21 | ||
| 891 | 22 | stop on runlevel [!2345] | 22 | start on runlevel [2345] |
| 892 | 23 | 23 | stop on runlevel [!2345] | |
| 893 | 24 | respawn | 24 | respawn |
| 894 | 25 | 25 | ||
| 895 | 26 | 26 | env JUJU_MACHINE_ID="1" | |
| 896 | 27 | env JUJU_MACHINE_ID="1" | 27 | env JUJU_ZOOKEEPER="es.example.internal:2181" |
| 897 | 28 | 28 | ||
| 898 | 29 | env JUJU_ZOOKEEPER="es.example.internal:2181" | 29 | pre-start script |
| 899 | 30 | 30 | # Protects ZooKeeper from access by non-root users. | |
| 900 | 31 | 31 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then | |
| 901 | 32 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 32 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 902 | 33 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 33 | fi |
| 903 | 34 | 2>&1 | 34 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 904 | 35 | 35 | iptables -N juju-protect-zookeepers | |
| 905 | 36 | EOF | 36 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 906 | 37 | 37 | iptables -A juju-protect-zookeepers -d es.example.internal -m owner \! --uid-owner 0 -j DROP | |
| 907 | 38 | ', /sbin/start juju-machine-agent] | 38 | end script |
| 908 | 39 | |||
| 909 | 40 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
| 910 | 41 | EOF | ||
| 911 | 42 | - /sbin/start juju-machine-agent | ||
| 912 | 39 | ssh_authorized_keys: [zebra] | 43 | ssh_authorized_keys: [zebra] |
| 913 | 40 | 44 | ||
| 914 | === modified file 'juju/providers/ec2/tests/data/launch_cloud_init_ppa' | |||
| 915 | --- juju/providers/ec2/tests/data/launch_cloud_init_ppa 2012-08-23 16:14:42 +0000 | |||
| 916 | +++ juju/providers/ec2/tests/data/launch_cloud_init_ppa 2012-09-21 23:19:20 +0000 | |||
| 917 | @@ -7,31 +7,33 @@ | |||
| 918 | 7 | machine-id: '1'} | 7 | machine-id: '1'} |
| 919 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 920 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
| 948 | 10 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 10 | runcmd: |
| 949 | 11 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/lib/juju |
| 950 | 12 | 12 | - sudo mkdir -p /var/log/juju | |
| 951 | 13 | description "Juju machine agent" | 13 | - | |
| 952 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 953 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
| 954 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 955 | 17 | 17 | ||
| 956 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
| 957 | 19 | 19 | stop on runlevel [!2345] | |
| 958 | 20 | stop on runlevel [!2345] | 20 | respawn |
| 959 | 21 | 21 | ||
| 960 | 22 | respawn | 22 | env JUJU_MACHINE_ID="1" |
| 961 | 23 | 23 | env JUJU_ZOOKEEPER="es.example.internal:2181" | |
| 962 | 24 | 24 | ||
| 963 | 25 | env JUJU_MACHINE_ID="1" | 25 | pre-start script |
| 964 | 26 | 26 | # Protects ZooKeeper from access by non-root users. | |
| 965 | 27 | env JUJU_ZOOKEEPER="es.example.internal:2181" | 27 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 966 | 28 | 28 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 967 | 29 | 29 | fi | |
| 968 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 969 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | iptables -N juju-protect-zookeepers |
| 970 | 32 | 2>&1 | 32 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 971 | 33 | 33 | iptables -A juju-protect-zookeepers -d es.example.internal -m owner \! --uid-owner 0 -j DROP | |
| 972 | 34 | EOF | 34 | end script |
| 973 | 35 | 35 | ||
| 974 | 36 | ', /sbin/start juju-machine-agent] | 36 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
| 975 | 37 | EOF | ||
| 976 | 38 | - /sbin/start juju-machine-agent | ||
| 977 | 37 | ssh_authorized_keys: [zebra] | 39 | ssh_authorized_keys: [zebra] |
| 978 | 38 | 40 | ||
| 979 | === modified file 'juju/providers/orchestra/launch.py' | |||
| 980 | --- juju/providers/orchestra/launch.py 2012-04-12 01:01:57 +0000 | |||
| 981 | +++ juju/providers/orchestra/launch.py 2012-09-21 23:19:20 +0000 | |||
| 982 | @@ -46,7 +46,7 @@ | |||
| 983 | 46 | info = yield cobbler.start_system( | 46 | info = yield cobbler.start_system( |
| 984 | 47 | instance_id, machine_id, series, cloud_init.render()) | 47 | instance_id, machine_id, series, cloud_init.render()) |
| 985 | 48 | returnValue([machine_from_dict(info)]) | 48 | returnValue([machine_from_dict(info)]) |
| 987 | 49 | except Exception: | 49 | except Exception, e: |
| 988 | 50 | log.exception( | 50 | log.exception( |
| 989 | 51 | "Failed to launch machine %s; attempting to revert.", | 51 | "Failed to launch machine %s; attempting to revert.", |
| 990 | 52 | instance_id) | 52 | instance_id) |
| 991 | 53 | 53 | ||
| 992 | === modified file 'juju/providers/orchestra/tests/data/bootstrap_user_data' | |||
| 993 | --- juju/providers/orchestra/tests/data/bootstrap_user_data 2012-08-23 16:14:42 +0000 | |||
| 994 | +++ juju/providers/orchestra/tests/data/bootstrap_user_data 2012-09-21 23:19:20 +0000 | |||
| 995 | @@ -5,57 +5,37 @@ | |||
| 996 | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 997 | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
| 998 | 7 | default-jre-headless, zookeeper, zookeeperd, juju] | 7 | default-jre-headless, zookeeper, zookeeperd, juju] |
| 1052 | 8 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 8 | runcmd: |
| 1053 | 9 | --instance-id=winston-uid --admin-identity=admin:qRBXC1ubEEUqRL6wcBhgmc9xkaY= | 9 | - sudo mkdir -p /var/lib/juju |
| 1054 | 10 | --constraints-data=e29yY2hlc3RyYS1jbGFzc2VzOiAnZm9vLGJhcicsIHByb3ZpZGVyLXR5cGU6IG9yY2hlc3RyYSwgdWJ1bnR1LXNlcmllczogYml6YXJyZX0K | 10 | - sudo mkdir -p /var/log/juju |
| 1055 | 11 | --provider-type=orchestra', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - juju-admin initialize --instance-id=winston-uid --admin-identity=admin:qRBXC1ubEEUqRL6wcBhgmc9xkaY= --constraints-data=e29yY2hlc3RyYS1jbGFzc2VzOiAnZm9vLGJhcicsIHByb3ZpZGVyLXR5cGU6IG9yY2hlc3RyYSwgdWJ1bnR1LXNlcmllczogYml6YXJyZX0K --provider-type=orchestra |
| 1056 | 12 | 12 | - | | |
| 1057 | 13 | description "Juju machine agent" | 13 | cat >> /etc/init/juju-machine-agent.conf <<EOF |
| 1058 | 14 | 14 | description "Juju machine agent" | |
| 1059 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | author "Juju Team <juju@lists.ubuntu.com>" |
| 1060 | 16 | 16 | ||
| 1061 | 17 | 17 | start on runlevel [2345] | |
| 1062 | 18 | start on runlevel [2345] | 18 | stop on runlevel [!2345] |
| 1063 | 19 | 19 | respawn | |
| 1064 | 20 | stop on runlevel [!2345] | 20 | |
| 1065 | 21 | 21 | env JUJU_MACHINE_ID="0" | |
| 1066 | 22 | respawn | 22 | env JUJU_ZOOKEEPER="localhost:2181" |
| 1067 | 23 | 23 | ||
| 1068 | 24 | 24 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | |
| 1069 | 25 | env JUJU_MACHINE_ID="0" | 25 | EOF |
| 1070 | 26 | 26 | - /sbin/start juju-machine-agent | |
| 1071 | 27 | env JUJU_ZOOKEEPER="localhost:2181" | 27 | - | |
| 1072 | 28 | 28 | cat >> /etc/init/juju-provision-agent.conf <<EOF | |
| 1073 | 29 | 29 | description "Juju provisioning agent" | |
| 1074 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | author "Juju Team <juju@lists.ubuntu.com>" |
| 1075 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | |
| 1076 | 32 | 2>&1 | 32 | start on runlevel [2345] |
| 1077 | 33 | 33 | stop on runlevel [!2345] | |
| 1078 | 34 | EOF | 34 | respawn |
| 1079 | 35 | 35 | ||
| 1080 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | env JUJU_ZOOKEEPER="localhost:2181" |
| 1081 | 37 | <<EOF | 37 | |
| 1082 | 38 | 38 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 | |
| 1083 | 39 | description "Juju provisioning agent" | 39 | EOF |
| 1084 | 40 | 40 | - /sbin/start juju-provision-agent | |
| 1032 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | ||
| 1033 | 42 | |||
| 1034 | 43 | |||
| 1035 | 44 | start on runlevel [2345] | ||
| 1036 | 45 | |||
| 1037 | 46 | stop on runlevel [!2345] | ||
| 1038 | 47 | |||
| 1039 | 48 | respawn | ||
| 1040 | 49 | |||
| 1041 | 50 | |||
| 1042 | 51 | env JUJU_ZOOKEEPER="localhost:2181" | ||
| 1043 | 52 | |||
| 1044 | 53 | |||
| 1045 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
| 1046 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
| 1047 | 56 | 2>&1 | ||
| 1048 | 57 | |||
| 1049 | 58 | EOF | ||
| 1050 | 59 | |||
| 1051 | 60 | ', /sbin/start juju-provision-agent] | ||
| 1085 | 61 | ssh_authorized_keys: [this-is-a-public-key] | 41 | ssh_authorized_keys: [this-is-a-public-key] |
| 1086 | 62 | 42 | ||
| 1087 | === modified file 'juju/providers/orchestra/tests/data/launch_user_data' | |||
| 1088 | --- juju/providers/orchestra/tests/data/launch_user_data 2012-08-23 16:14:42 +0000 | |||
| 1089 | +++ juju/providers/orchestra/tests/data/launch_user_data 2012-09-21 23:19:20 +0000 | |||
| 1090 | @@ -4,31 +4,33 @@ | |||
| 1091 | 4 | machine-id: '42'} | 4 | machine-id: '42'} |
| 1092 | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
| 1093 | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
| 1121 | 7 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 7 | runcmd: |
| 1122 | 8 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 8 | - sudo mkdir -p /var/lib/juju |
| 1123 | 9 | 9 | - sudo mkdir -p /var/log/juju | |
| 1124 | 10 | description "Juju machine agent" | 10 | - | |
| 1125 | 11 | 11 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
| 1126 | 12 | author "Juju Team <juju@lists.ubuntu.com>" | 12 | description "Juju machine agent" |
| 1127 | 13 | 13 | author "Juju Team <juju@lists.ubuntu.com>" | |
| 1128 | 14 | 14 | ||
| 1129 | 15 | start on runlevel [2345] | 15 | start on runlevel [2345] |
| 1130 | 16 | 16 | stop on runlevel [!2345] | |
| 1131 | 17 | stop on runlevel [!2345] | 17 | respawn |
| 1132 | 18 | 18 | ||
| 1133 | 19 | respawn | 19 | env JUJU_MACHINE_ID="42" |
| 1134 | 20 | 20 | env JUJU_ZOOKEEPER="jennifer:2181" | |
| 1135 | 21 | 21 | ||
| 1136 | 22 | env JUJU_MACHINE_ID="42" | 22 | pre-start script |
| 1137 | 23 | 23 | # Protects ZooKeeper from access by non-root users. | |
| 1138 | 24 | env JUJU_ZOOKEEPER="jennifer:2181" | 24 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
| 1139 | 25 | 25 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
| 1140 | 26 | 26 | fi | |
| 1141 | 27 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 27 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
| 1142 | 28 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 28 | iptables -N juju-protect-zookeepers |
| 1143 | 29 | 2>&1 | 29 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
| 1144 | 30 | 30 | iptables -A juju-protect-zookeepers -d jennifer -m owner \! --uid-owner 0 -j DROP | |
| 1145 | 31 | EOF | 31 | end script |
| 1146 | 32 | 32 | ||
| 1147 | 33 | ', /sbin/start juju-machine-agent] | 33 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
| 1148 | 34 | EOF | ||
| 1149 | 35 | - /sbin/start juju-machine-agent | ||
| 1150 | 34 | ssh_authorized_keys: [this-is-a-public-key] | 36 | ssh_authorized_keys: [this-is-a-public-key] |
Reviewers: mp+125832_
Message:
Please take a look.
Description:
protect zookeeper from non-root direct access
Adds pre-start capability to juju.lib.upstart. Also reformatted tests'
cloud-config data to be more readable.
https:/
(do not edit description out of merge proposal)
Please review this at https:/
Affected files:
A [revision details]
A juju/lib/
M juju/lib/
M juju/lib/upstart.py
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/