Merge lp:~clint-fewbar/pyjuju/add-egress-zookeeper-protection into lp:pyjuju
- add-egress-zookeeper-protection
- Merge into trunk
Proposed by
Clint Byrum
Status: | Needs review |
---|---|
Proposed branch: | lp:~clint-fewbar/pyjuju/add-egress-zookeeper-protection |
Merge into: | lp:pyjuju |
Diff against target: |
1150 lines (+496/-461) 18 files modified
juju/lib/tests/data/test_prestart (+10/-0) juju/lib/tests/test_upstart.py (+14/-0) juju/lib/upstart.py (+6/-1) juju/providers/common/cloudinit.py (+43/-0) juju/providers/common/tests/data/cloud_init_bootstrap (+33/-52) juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers (+45/-52) juju/providers/common/tests/data/cloud_init_branch (+34/-29) juju/providers/common/tests/data/cloud_init_branch_trunk (+34/-29) juju/providers/common/tests/data/cloud_init_distro (+30/-27) juju/providers/common/tests/data/cloud_init_ppa (+30/-27) juju/providers/common/tests/data/cloud_init_proposed (+30/-27) juju/providers/ec2/tests/data/bootstrap_cloud_init (+33/-53) juju/providers/ec2/tests/data/launch_cloud_init (+29/-27) juju/providers/ec2/tests/data/launch_cloud_init_branch (+33/-29) juju/providers/ec2/tests/data/launch_cloud_init_ppa (+29/-27) juju/providers/orchestra/launch.py (+1/-1) juju/providers/orchestra/tests/data/bootstrap_user_data (+33/-53) juju/providers/orchestra/tests/data/launch_user_data (+29/-27) |
To merge this branch: | bzr merge lp:~clint-fewbar/pyjuju/add-egress-zookeeper-protection |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Juju Engineering | Pending | ||
Review via email: mp+125832@code.launchpad.net |
Commit message
Description of the change
protect zookeeper from non-root direct access
Adds pre-start capability to juju.lib.upstart. Also reformatted tests'
cloud-config data to be more readable.
To post a comment you must log in.
Revision history for this message
Kapil Thangavelu (hazmat) wrote : | # |
cool. i'll have to brush on my iptables syntax. does the impl here
support service restarts?
Unmerged revisions
- 588. By Clint Byrum
-
special case localhost because it is needed for client<->zookeeper communication
- 587. By Clint Byrum
-
fixing test data to match new pre-start
- 586. By Clint Byrum
-
fix pre-start
- 585. By Clint Byrum
-
remove debugging aids from tests
- 584. By Clint Byrum
-
fixing upstart tests
- 583. By Clint Byrum
-
fixing EC2 tests
- 582. By Clint Byrum
-
fix orchestra launch tests
- 581. By Clint Byrum
-
fixing bootstrap user data
- 580. By Clint Byrum
-
Add iptables rule as pre-start for machine agent to prevent non-root access to ZK
- 579. By Clint Byrum
-
add prestart to juju.lib.upstart
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === added file 'juju/lib/tests/data/test_prestart' | |||
2 | --- juju/lib/tests/data/test_prestart 1970-01-01 00:00:00 +0000 | |||
3 | +++ juju/lib/tests/data/test_prestart 2012-09-21 23:19:20 +0000 | |||
4 | @@ -0,0 +1,10 @@ | |||
5 | 1 | description "uninteresting service" | ||
6 | 2 | author "Juju Team <juju@lists.ubuntu.com>" | ||
7 | 3 | |||
8 | 4 | start on runlevel [2345] | ||
9 | 5 | stop on runlevel [!2345] | ||
10 | 6 | respawn | ||
11 | 7 | |||
12 | 8 | |||
13 | 9 | pre-start exec /bin/true | ||
14 | 10 | exec /bin/false >> /tmp/some-name.output 2>&1 | ||
15 | 0 | 11 | ||
16 | === modified file 'juju/lib/tests/test_upstart.py' | |||
17 | --- juju/lib/tests/test_upstart.py 2012-01-27 16:12:47 +0000 | |||
18 | +++ juju/lib/tests/test_upstart.py 2012-09-21 23:19:20 +0000 | |||
19 | @@ -183,6 +183,20 @@ | |||
20 | 183 | self.assert_conf("test_basic_install") | 183 | self.assert_conf("test_basic_install") |
21 | 184 | 184 | ||
22 | 185 | @inlineCallbacks | 185 | @inlineCallbacks |
23 | 186 | def test_prestart(self): | ||
24 | 187 | """Check a simple UpstartService writes expected conf file""" | ||
25 | 188 | e = yield self.assertFailure(self.service.install(), ServiceError) | ||
26 | 189 | self.assertEquals(str(e), "Cannot render .conf: no description set") | ||
27 | 190 | self.service.set_description("uninteresting service") | ||
28 | 191 | e = yield self.assertFailure(self.service.install(), ServiceError) | ||
29 | 192 | self.assertEquals(str(e), "Cannot render .conf: no command set") | ||
30 | 193 | self.service.set_command("/bin/false") | ||
31 | 194 | self.service.set_prestart("pre-start exec /bin/true") | ||
32 | 195 | yield self.service.install() | ||
33 | 196 | |||
34 | 197 | self.assert_conf("test_prestart") | ||
35 | 198 | |||
36 | 199 | @inlineCallbacks | ||
37 | 186 | def test_less_basic_install(self): | 200 | def test_less_basic_install(self): |
38 | 187 | """Check conf for a different UpstartService (which sets an env var)""" | 201 | """Check conf for a different UpstartService (which sets an env var)""" |
39 | 188 | self.service.set_description("pew pew pew blam") | 202 | self.service.set_description("pew pew pew blam") |
40 | 189 | 203 | ||
41 | === modified file 'juju/lib/upstart.py' | |||
42 | --- juju/lib/upstart.py 2012-08-03 10:55:21 +0000 | |||
43 | +++ juju/lib/upstart.py 2012-09-21 23:19:20 +0000 | |||
44 | @@ -19,7 +19,7 @@ | |||
45 | 19 | respawn | 19 | respawn |
46 | 20 | 20 | ||
47 | 21 | %s | 21 | %s |
49 | 22 | 22 | %s | |
50 | 23 | exec %s >> %s 2>&1 | 23 | exec %s >> %s 2>&1 |
51 | 24 | """ | 24 | """ |
52 | 25 | 25 | ||
53 | @@ -41,6 +41,7 @@ | |||
54 | 41 | self._use_sudo = use_sudo | 41 | self._use_sudo = use_sudo |
55 | 42 | self._output_path = None | 42 | self._output_path = None |
56 | 43 | self._description = None | 43 | self._description = None |
57 | 44 | self._prestart = '' | ||
58 | 44 | self._environ = {} | 45 | self._environ = {} |
59 | 45 | self._command = None | 46 | self._command = None |
60 | 46 | 47 | ||
61 | @@ -61,6 +62,9 @@ | |||
62 | 61 | def set_environ(self, environ): | 62 | def set_environ(self, environ): |
63 | 62 | self._environ = environ | 63 | self._environ = environ |
64 | 63 | 64 | ||
65 | 65 | def set_prestart(self, prestart): | ||
66 | 66 | self._prestart = prestart | ||
67 | 67 | |||
68 | 64 | def set_command(self, command): | 68 | def set_command(self, command): |
69 | 65 | self._command = command | 69 | self._command = command |
70 | 66 | 70 | ||
71 | @@ -83,6 +87,7 @@ | |||
72 | 83 | self._description, | 87 | self._description, |
73 | 84 | "\n".join('env %s="%s"' % kv | 88 | "\n".join('env %s="%s"' % kv |
74 | 85 | for kv in sorted(self._environ.items())), | 89 | for kv in sorted(self._environ.items())), |
75 | 90 | self._prestart, | ||
76 | 86 | self._command, | 91 | self._command, |
77 | 87 | self.output_path) | 92 | self.output_path) |
78 | 88 | 93 | ||
79 | 89 | 94 | ||
80 | === modified file 'juju/providers/common/cloudinit.py' | |||
81 | --- juju/providers/common/cloudinit.py 2012-09-10 03:20:20 +0000 | |||
82 | +++ juju/providers/common/cloudinit.py 2012-09-21 23:19:20 +0000 | |||
83 | @@ -14,6 +14,24 @@ | |||
84 | 14 | BRANCH = "branch" | 14 | BRANCH = "branch" |
85 | 15 | PROPOSED = "proposed" | 15 | PROPOSED = "proposed" |
86 | 16 | 16 | ||
87 | 17 | _MACHINE_AGENT_PRESTART = """ | ||
88 | 18 | pre-start script | ||
89 | 19 | # Protects ZooKeeper from access by non-root users. | ||
90 | 20 | %(deleteports)s | ||
91 | 21 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : | ||
92 | 22 | iptables -N juju-protect-zookeepers | ||
93 | 23 | %(insertports)s | ||
94 | 24 | %(hostlines)s | ||
95 | 25 | end script | ||
96 | 26 | """ | ||
97 | 27 | |||
98 | 28 | _MACHINE_AGENT_HOST_IPTABLES = """ iptables -A juju-protect-zookeepers -d %s -m owner \! --uid-owner 0 -j DROP""" | ||
99 | 29 | _MACHINE_AGENT_PORT_IPTABLES = """OUTPUT -p tcp --dport %s -j juju-protect-zookeepers""" | ||
100 | 30 | _MACHINE_AGENT_DPORT_IPTABLES = """ if iptables -C %s ; then | ||
101 | 31 | iptables -D %s | ||
102 | 32 | fi""" | ||
103 | 33 | _MACHINE_AGENT_IPORT_IPTABLES = ' iptables -I %s' | ||
104 | 34 | |||
105 | 17 | 35 | ||
106 | 18 | def _branch_install_scripts(branch): | 36 | def _branch_install_scripts(branch): |
107 | 19 | return [ | 37 | return [ |
108 | @@ -50,6 +68,31 @@ | |||
109 | 50 | service.set_description("Juju machine agent") | 68 | service.set_description("Juju machine agent") |
110 | 51 | service.set_environ( | 69 | service.set_environ( |
111 | 52 | {"JUJU_MACHINE_ID": machine_id, "JUJU_ZOOKEEPER": zookeeper_hosts}) | 70 | {"JUJU_MACHINE_ID": machine_id, "JUJU_ZOOKEEPER": zookeeper_hosts}) |
112 | 71 | |||
113 | 72 | zk_hosts_list = zookeeper_hosts.split(',') | ||
114 | 73 | zk_with_port = [ x.split(':') for x in zk_hosts_list ] | ||
115 | 74 | host_lines = [] | ||
116 | 75 | ports = set() | ||
117 | 76 | for zk in zk_with_port: | ||
118 | 77 | # Can't block localhost because of client<->zk tunnel. | ||
119 | 78 | if zk[0] == 'localhost': | ||
120 | 79 | continue | ||
121 | 80 | if len(zk) >= 2: | ||
122 | 81 | ports.add(zk[1]) | ||
123 | 82 | host_lines.append(_MACHINE_AGENT_HOST_IPTABLES % (zk[0])) | ||
124 | 83 | # Only add if there is at least one host to protect | ||
125 | 84 | if len(host_lines): | ||
126 | 85 | del_port_lines = [] | ||
127 | 86 | ins_port_lines = [] | ||
128 | 87 | for port in ports: | ||
129 | 88 | rule = _MACHINE_AGENT_PORT_IPTABLES % (port) | ||
130 | 89 | del_port_lines.append(_MACHINE_AGENT_DPORT_IPTABLES % (rule, rule)) | ||
131 | 90 | ins_port_lines.append(_MACHINE_AGENT_IPORT_IPTABLES % (rule)) | ||
132 | 91 | service.set_prestart(_MACHINE_AGENT_PRESTART % { | ||
133 | 92 | 'deleteports': "\n".join(del_port_lines), | ||
134 | 93 | 'insertports': "\n".join(ins_port_lines), | ||
135 | 94 | 'hostlines':"\n".join(host_lines)}) | ||
136 | 95 | |||
137 | 53 | service.set_command( | 96 | service.set_command( |
138 | 54 | "python -m juju.agents.machine --nodaemon " | 97 | "python -m juju.agents.machine --nodaemon " |
139 | 55 | "--logfile /var/log/juju/machine-agent.log " | 98 | "--logfile /var/log/juju/machine-agent.log " |
140 | 56 | 99 | ||
141 | === modified file 'juju/providers/common/tests/data/cloud_init_bootstrap' | |||
142 | --- juju/providers/common/tests/data/cloud_init_bootstrap 2012-08-23 16:14:42 +0000 | |||
143 | +++ juju/providers/common/tests/data/cloud_init_bootstrap 2012-09-21 23:19:20 +0000 | |||
144 | @@ -6,56 +6,37 @@ | |||
145 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
146 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
147 | 8 | default-jre-headless, zookeeper, zookeeperd, juju] | 8 | default-jre-headless, zookeeper, zookeeperd, juju] |
200 | 9 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 9 | runcmd: |
201 | 10 | --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= | 10 | - sudo mkdir -p /var/lib/juju |
202 | 11 | --provider-type=dummy', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/log/juju |
203 | 12 | 12 | - juju-admin initialize --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= --provider-type=dummy | |
204 | 13 | description "Juju machine agent" | 13 | - | |
205 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
206 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
207 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
208 | 17 | 17 | ||
209 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
210 | 19 | 19 | stop on runlevel [!2345] | |
211 | 20 | stop on runlevel [!2345] | 20 | respawn |
212 | 21 | 21 | ||
213 | 22 | respawn | 22 | env JUJU_MACHINE_ID="passport" |
214 | 23 | 23 | env JUJU_ZOOKEEPER="localhost:2181" | |
215 | 24 | 24 | ||
216 | 25 | env JUJU_MACHINE_ID="passport" | 25 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
217 | 26 | 26 | EOF | |
218 | 27 | env JUJU_ZOOKEEPER="localhost:2181" | 27 | - /sbin/start juju-machine-agent |
219 | 28 | 28 | - | | |
220 | 29 | 29 | cat >> /etc/init/juju-provision-agent.conf <<EOF | |
221 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | description "Juju provisioning agent" |
222 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | author "Juju Team <juju@lists.ubuntu.com>" |
223 | 32 | 2>&1 | 32 | |
224 | 33 | 33 | start on runlevel [2345] | |
225 | 34 | EOF | 34 | stop on runlevel [!2345] |
226 | 35 | 35 | respawn | |
227 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | |
228 | 37 | <<EOF | 37 | env JUJU_ZOOKEEPER="localhost:2181" |
229 | 38 | 38 | ||
230 | 39 | description "Juju provisioning agent" | 39 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 |
231 | 40 | 40 | EOF | |
232 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | 41 | - /sbin/start juju-provision-agent |
181 | 42 | |||
182 | 43 | |||
183 | 44 | start on runlevel [2345] | ||
184 | 45 | |||
185 | 46 | stop on runlevel [!2345] | ||
186 | 47 | |||
187 | 48 | respawn | ||
188 | 49 | |||
189 | 50 | |||
190 | 51 | env JUJU_ZOOKEEPER="localhost:2181" | ||
191 | 52 | |||
192 | 53 | |||
193 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
194 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
195 | 56 | 2>&1 | ||
196 | 57 | |||
197 | 58 | EOF | ||
198 | 59 | |||
199 | 60 | ', /sbin/start juju-provision-agent] | ||
233 | 61 | ssh_authorized_keys: [chubb] | 42 | ssh_authorized_keys: [chubb] |
234 | 62 | 43 | ||
235 | === modified file 'juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers' | |||
236 | --- juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers 2012-08-23 16:14:42 +0000 | |||
237 | +++ juju/providers/common/tests/data/cloud_init_bootstrap_zookeepers 2012-09-21 23:19:20 +0000 | |||
238 | @@ -6,56 +6,49 @@ | |||
239 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
240 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
241 | 8 | default-jre-headless, zookeeper, zookeeperd, juju] | 8 | default-jre-headless, zookeeper, zookeeperd, juju] |
294 | 9 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 9 | runcmd: |
295 | 10 | --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= | 10 | - sudo mkdir -p /var/lib/juju |
296 | 11 | --provider-type=dummy', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/log/juju |
297 | 12 | 12 | - juju-admin initialize --instance-id=token --admin-identity=admin:19vlzY4Vc3q4Ew5OsCwKYqrq1HI= --constraints-data=e2NwdTogJzIwJywgcHJvdmlkZXItdHlwZTogZHVtbXksIHVidW50dS1zZXJpZXM6IGFzdG9uaXNoaW5nfQo= --provider-type=dummy | |
298 | 13 | description "Juju machine agent" | 13 | - | |
299 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
300 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
301 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
302 | 17 | 17 | ||
303 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
304 | 19 | 19 | stop on runlevel [!2345] | |
305 | 20 | stop on runlevel [!2345] | 20 | respawn |
306 | 21 | 21 | ||
307 | 22 | respawn | 22 | env JUJU_MACHINE_ID="passport" |
308 | 23 | 23 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | |
309 | 24 | 24 | ||
310 | 25 | env JUJU_MACHINE_ID="passport" | 25 | pre-start script |
311 | 26 | 26 | # Protects ZooKeeper from access by non-root users. | |
312 | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | 27 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
313 | 28 | 28 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
314 | 29 | 29 | fi | |
315 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
316 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | iptables -N juju-protect-zookeepers |
317 | 32 | 2>&1 | 32 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
318 | 33 | 33 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
319 | 34 | EOF | 34 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
320 | 35 | 35 | end script | |
321 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | |
322 | 37 | <<EOF | 37 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
323 | 38 | 38 | EOF | |
324 | 39 | description "Juju provisioning agent" | 39 | - /sbin/start juju-machine-agent |
325 | 40 | 40 | - | | |
326 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | 41 | cat >> /etc/init/juju-provision-agent.conf <<EOF |
327 | 42 | 42 | description "Juju provisioning agent" | |
328 | 43 | 43 | author "Juju Team <juju@lists.ubuntu.com>" | |
329 | 44 | start on runlevel [2345] | 44 | |
330 | 45 | 45 | start on runlevel [2345] | |
331 | 46 | stop on runlevel [!2345] | 46 | stop on runlevel [!2345] |
332 | 47 | 47 | respawn | |
333 | 48 | respawn | 48 | |
334 | 49 | 49 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | |
335 | 50 | 50 | ||
336 | 51 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181,localhost:2181" | 51 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 |
337 | 52 | 52 | EOF | |
338 | 53 | 53 | - /sbin/start juju-provision-agent | |
287 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
288 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
289 | 56 | 2>&1 | ||
290 | 57 | |||
291 | 58 | EOF | ||
292 | 59 | |||
293 | 60 | ', /sbin/start juju-provision-agent] | ||
339 | 61 | ssh_authorized_keys: [chubb] | 54 | ssh_authorized_keys: [chubb] |
340 | 62 | 55 | ||
341 | === modified file 'juju/providers/common/tests/data/cloud_init_branch' | |||
342 | --- juju/providers/common/tests/data/cloud_init_branch 2012-08-23 16:14:42 +0000 | |||
343 | +++ juju/providers/common/tests/data/cloud_init_branch 2012-09-21 23:19:20 +0000 | |||
344 | @@ -7,33 +7,38 @@ | |||
345 | 7 | machine-id: passport} | 7 | machine-id: passport} |
346 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
347 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] |
377 | 10 | runcmd: [sudo apt-get install -y python-txzookeeper, sudo mkdir -p /usr/lib/juju, | 10 | runcmd: |
378 | 11 | 'cd /usr/lib/juju && sudo /usr/bin/bzr co lp:blah/juju/blah-blah juju', cd /usr/lib/juju/juju | 11 | - sudo apt-get install -y python-txzookeeper |
379 | 12 | && sudo python setup.py develop, sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, | 12 | - sudo mkdir -p /usr/lib/juju |
380 | 13 | 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 13 | - cd /usr/lib/juju && sudo /usr/bin/bzr co lp:blah/juju/blah-blah juju |
381 | 14 | 14 | - cd /usr/lib/juju/juju && sudo python setup.py develop | |
382 | 15 | description "Juju machine agent" | 15 | - sudo mkdir -p /var/lib/juju |
383 | 16 | 16 | - sudo mkdir -p /var/log/juju | |
384 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | 17 | - | |
385 | 18 | 18 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
386 | 19 | 19 | description "Juju machine agent" | |
387 | 20 | start on runlevel [2345] | 20 | author "Juju Team <juju@lists.ubuntu.com>" |
388 | 21 | 21 | ||
389 | 22 | stop on runlevel [!2345] | 22 | start on runlevel [2345] |
390 | 23 | 23 | stop on runlevel [!2345] | |
391 | 24 | respawn | 24 | respawn |
392 | 25 | 25 | ||
393 | 26 | 26 | env JUJU_MACHINE_ID="passport" | |
394 | 27 | env JUJU_MACHINE_ID="passport" | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" |
395 | 28 | 28 | ||
396 | 29 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 29 | pre-start script |
397 | 30 | 30 | # Protects ZooKeeper from access by non-root users. | |
398 | 31 | 31 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then | |
399 | 32 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 32 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
400 | 33 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 33 | fi |
401 | 34 | 2>&1 | 34 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
402 | 35 | 35 | iptables -N juju-protect-zookeepers | |
403 | 36 | EOF | 36 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
404 | 37 | 37 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
405 | 38 | ', /sbin/start juju-machine-agent] | 38 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
406 | 39 | end script | ||
407 | 40 | |||
408 | 41 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
409 | 42 | EOF | ||
410 | 43 | - /sbin/start juju-machine-agent | ||
411 | 39 | ssh_authorized_keys: [chubb] | 44 | ssh_authorized_keys: [chubb] |
412 | 40 | 45 | ||
413 | === modified file 'juju/providers/common/tests/data/cloud_init_branch_trunk' | |||
414 | --- juju/providers/common/tests/data/cloud_init_branch_trunk 2012-08-23 16:14:42 +0000 | |||
415 | +++ juju/providers/common/tests/data/cloud_init_branch_trunk 2012-09-21 23:19:20 +0000 | |||
416 | @@ -7,33 +7,38 @@ | |||
417 | 7 | machine-id: passport} | 7 | machine-id: passport} |
418 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
419 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] |
449 | 10 | runcmd: [sudo apt-get install -y python-txzookeeper, sudo mkdir -p /usr/lib/juju, | 10 | runcmd: |
450 | 11 | 'cd /usr/lib/juju && sudo /usr/bin/bzr co lp:juju juju', cd /usr/lib/juju/juju && | 11 | - sudo apt-get install -y python-txzookeeper |
451 | 12 | sudo python setup.py develop, sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, | 12 | - sudo mkdir -p /usr/lib/juju |
452 | 13 | 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 13 | - cd /usr/lib/juju && sudo /usr/bin/bzr co lp:juju juju |
453 | 14 | 14 | - cd /usr/lib/juju/juju && sudo python setup.py develop | |
454 | 15 | description "Juju machine agent" | 15 | - sudo mkdir -p /var/lib/juju |
455 | 16 | 16 | - sudo mkdir -p /var/log/juju | |
456 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | 17 | - | |
457 | 18 | 18 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
458 | 19 | 19 | description "Juju machine agent" | |
459 | 20 | start on runlevel [2345] | 20 | author "Juju Team <juju@lists.ubuntu.com>" |
460 | 21 | 21 | ||
461 | 22 | stop on runlevel [!2345] | 22 | start on runlevel [2345] |
462 | 23 | 23 | stop on runlevel [!2345] | |
463 | 24 | respawn | 24 | respawn |
464 | 25 | 25 | ||
465 | 26 | 26 | env JUJU_MACHINE_ID="passport" | |
466 | 27 | env JUJU_MACHINE_ID="passport" | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" |
467 | 28 | 28 | ||
468 | 29 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 29 | pre-start script |
469 | 30 | 30 | # Protects ZooKeeper from access by non-root users. | |
470 | 31 | 31 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then | |
471 | 32 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 32 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
472 | 33 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 33 | fi |
473 | 34 | 2>&1 | 34 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
474 | 35 | 35 | iptables -N juju-protect-zookeepers | |
475 | 36 | EOF | 36 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
476 | 37 | 37 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
477 | 38 | ', /sbin/start juju-machine-agent] | 38 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
478 | 39 | end script | ||
479 | 40 | |||
480 | 41 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
481 | 42 | EOF | ||
482 | 43 | - /sbin/start juju-machine-agent | ||
483 | 39 | ssh_authorized_keys: [chubb] | 44 | ssh_authorized_keys: [chubb] |
484 | 40 | 45 | ||
485 | === modified file 'juju/providers/common/tests/data/cloud_init_distro' | |||
486 | --- juju/providers/common/tests/data/cloud_init_distro 2012-08-23 16:14:42 +0000 | |||
487 | +++ juju/providers/common/tests/data/cloud_init_distro 2012-09-21 23:19:20 +0000 | |||
488 | @@ -6,31 +6,34 @@ | |||
489 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
490 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
491 | 8 | juju] | 8 | juju] |
519 | 9 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf | 9 | runcmd: |
520 | 10 | <<EOF | 10 | - sudo mkdir -p /var/lib/juju |
521 | 11 | 11 | - sudo mkdir -p /var/log/juju | |
522 | 12 | description "Juju machine agent" | 12 | - | |
523 | 13 | 13 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
524 | 14 | author "Juju Team <juju@lists.ubuntu.com>" | 14 | description "Juju machine agent" |
525 | 15 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | |
526 | 16 | 16 | ||
527 | 17 | start on runlevel [2345] | 17 | start on runlevel [2345] |
528 | 18 | 18 | stop on runlevel [!2345] | |
529 | 19 | stop on runlevel [!2345] | 19 | respawn |
530 | 20 | 20 | ||
531 | 21 | respawn | 21 | env JUJU_MACHINE_ID="passport" |
532 | 22 | 22 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | |
533 | 23 | 23 | ||
534 | 24 | env JUJU_MACHINE_ID="passport" | 24 | pre-start script |
535 | 25 | 25 | # Protects ZooKeeper from access by non-root users. | |
536 | 26 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 26 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
537 | 27 | 27 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
538 | 28 | 28 | fi | |
539 | 29 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 29 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
540 | 30 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 30 | iptables -N juju-protect-zookeepers |
541 | 31 | 2>&1 | 31 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
542 | 32 | 32 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
543 | 33 | EOF | 33 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
544 | 34 | 34 | end script | |
545 | 35 | ', /sbin/start juju-machine-agent] | 35 | |
546 | 36 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
547 | 37 | EOF | ||
548 | 38 | - /sbin/start juju-machine-agent | ||
549 | 36 | ssh_authorized_keys: [chubb] | 39 | ssh_authorized_keys: [chubb] |
550 | 37 | 40 | ||
551 | === modified file 'juju/providers/common/tests/data/cloud_init_ppa' | |||
552 | --- juju/providers/common/tests/data/cloud_init_ppa 2012-08-23 16:14:42 +0000 | |||
553 | +++ juju/providers/common/tests/data/cloud_init_ppa 2012-09-21 23:19:20 +0000 | |||
554 | @@ -8,31 +8,34 @@ | |||
555 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
556 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
557 | 10 | juju] | 10 | juju] |
585 | 11 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf | 11 | runcmd: |
586 | 12 | <<EOF | 12 | - sudo mkdir -p /var/lib/juju |
587 | 13 | 13 | - sudo mkdir -p /var/log/juju | |
588 | 14 | description "Juju machine agent" | 14 | - | |
589 | 15 | 15 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
590 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | 16 | description "Juju machine agent" |
591 | 17 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | |
592 | 18 | 18 | ||
593 | 19 | start on runlevel [2345] | 19 | start on runlevel [2345] |
594 | 20 | 20 | stop on runlevel [!2345] | |
595 | 21 | stop on runlevel [!2345] | 21 | respawn |
596 | 22 | 22 | ||
597 | 23 | respawn | 23 | env JUJU_MACHINE_ID="passport" |
598 | 24 | 24 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | |
599 | 25 | 25 | ||
600 | 26 | env JUJU_MACHINE_ID="passport" | 26 | pre-start script |
601 | 27 | 27 | # Protects ZooKeeper from access by non-root users. | |
602 | 28 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 28 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
603 | 29 | 29 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
604 | 30 | 30 | fi | |
605 | 31 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 31 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
606 | 32 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 32 | iptables -N juju-protect-zookeepers |
607 | 33 | 2>&1 | 33 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
608 | 34 | 34 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
609 | 35 | EOF | 35 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
610 | 36 | 36 | end script | |
611 | 37 | ', /sbin/start juju-machine-agent] | 37 | |
612 | 38 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
613 | 39 | EOF | ||
614 | 40 | - /sbin/start juju-machine-agent | ||
615 | 38 | ssh_authorized_keys: [chubb] | 41 | ssh_authorized_keys: [chubb] |
616 | 39 | 42 | ||
617 | === modified file 'juju/providers/common/tests/data/cloud_init_proposed' | |||
618 | --- juju/providers/common/tests/data/cloud_init_proposed 2012-08-23 16:14:42 +0000 | |||
619 | +++ juju/providers/common/tests/data/cloud_init_proposed 2012-09-21 23:19:20 +0000 | |||
620 | @@ -7,31 +7,34 @@ | |||
621 | 7 | machine-id: passport} | 7 | machine-id: passport} |
622 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
623 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
651 | 10 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 10 | runcmd: |
652 | 11 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/lib/juju |
653 | 12 | 12 | - sudo mkdir -p /var/log/juju | |
654 | 13 | description "Juju machine agent" | 13 | - | |
655 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
656 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
657 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
658 | 17 | 17 | ||
659 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
660 | 19 | 19 | stop on runlevel [!2345] | |
661 | 20 | stop on runlevel [!2345] | 20 | respawn |
662 | 21 | 21 | ||
663 | 22 | respawn | 22 | env JUJU_MACHINE_ID="passport" |
664 | 23 | 23 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | |
665 | 24 | 24 | ||
666 | 25 | env JUJU_MACHINE_ID="passport" | 25 | pre-start script |
667 | 26 | 26 | # Protects ZooKeeper from access by non-root users. | |
668 | 27 | env JUJU_ZOOKEEPER="cotswold:2181,longleat:2181" | 27 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
669 | 28 | 28 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
670 | 29 | 29 | fi | |
671 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
672 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | iptables -N juju-protect-zookeepers |
673 | 32 | 2>&1 | 32 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
674 | 33 | 33 | iptables -A juju-protect-zookeepers -d cotswold -m owner \! --uid-owner 0 -j DROP | |
675 | 34 | EOF | 34 | iptables -A juju-protect-zookeepers -d longleat -m owner \! --uid-owner 0 -j DROP |
676 | 35 | 35 | end script | |
677 | 36 | ', /sbin/start juju-machine-agent] | 36 | |
678 | 37 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
679 | 38 | EOF | ||
680 | 39 | - /sbin/start juju-machine-agent | ||
681 | 37 | ssh_authorized_keys: [chubb] | 40 | ssh_authorized_keys: [chubb] |
682 | 38 | 41 | ||
683 | === modified file 'juju/providers/ec2/tests/data/bootstrap_cloud_init' | |||
684 | --- juju/providers/ec2/tests/data/bootstrap_cloud_init 2012-08-23 16:14:42 +0000 | |||
685 | +++ juju/providers/ec2/tests/data/bootstrap_cloud_init 2012-09-21 23:19:20 +0000 | |||
686 | @@ -5,57 +5,37 @@ | |||
687 | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
688 | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
689 | 7 | default-jre-headless, zookeeper, zookeeperd, juju] | 7 | default-jre-headless, zookeeper, zookeeperd, juju] |
743 | 8 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 8 | runcmd: |
744 | 9 | --instance-id=$(curl http://169.254.169.254/1.0/meta-data/instance-id) --admin-identity=admin:JbJ6sDGV37EHzbG9FPvttk64cmg= | 9 | - sudo mkdir -p /var/lib/juju |
745 | 10 | --constraints-data=e2NwdTogbnVsbCwgaW5zdGFuY2UtdHlwZTogbTEuc21hbGwsIG1lbTogbnVsbCwgcHJvdmlkZXItdHlwZTogZWMyLCB1YnVudHUtc2VyaWVzOiBzcGxlbmRpZH0K | 10 | - sudo mkdir -p /var/log/juju |
746 | 11 | --provider-type=ec2', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - juju-admin initialize --instance-id=$(curl http://169.254.169.254/1.0/meta-data/instance-id) --admin-identity=admin:JbJ6sDGV37EHzbG9FPvttk64cmg= --constraints-data=e2NwdTogbnVsbCwgaW5zdGFuY2UtdHlwZTogbTEuc21hbGwsIG1lbTogbnVsbCwgcHJvdmlkZXItdHlwZTogZWMyLCB1YnVudHUtc2VyaWVzOiBzcGxlbmRpZH0K --provider-type=ec2 |
747 | 12 | 12 | - | | |
748 | 13 | description "Juju machine agent" | 13 | cat >> /etc/init/juju-machine-agent.conf <<EOF |
749 | 14 | 14 | description "Juju machine agent" | |
750 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | author "Juju Team <juju@lists.ubuntu.com>" |
751 | 16 | 16 | ||
752 | 17 | 17 | start on runlevel [2345] | |
753 | 18 | start on runlevel [2345] | 18 | stop on runlevel [!2345] |
754 | 19 | 19 | respawn | |
755 | 20 | stop on runlevel [!2345] | 20 | |
756 | 21 | 21 | env JUJU_MACHINE_ID="0" | |
757 | 22 | respawn | 22 | env JUJU_ZOOKEEPER="localhost:2181" |
758 | 23 | 23 | ||
759 | 24 | 24 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | |
760 | 25 | env JUJU_MACHINE_ID="0" | 25 | EOF |
761 | 26 | 26 | - /sbin/start juju-machine-agent | |
762 | 27 | env JUJU_ZOOKEEPER="localhost:2181" | 27 | - | |
763 | 28 | 28 | cat >> /etc/init/juju-provision-agent.conf <<EOF | |
764 | 29 | 29 | description "Juju provisioning agent" | |
765 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | author "Juju Team <juju@lists.ubuntu.com>" |
766 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | |
767 | 32 | 2>&1 | 32 | start on runlevel [2345] |
768 | 33 | 33 | stop on runlevel [!2345] | |
769 | 34 | EOF | 34 | respawn |
770 | 35 | 35 | ||
771 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | env JUJU_ZOOKEEPER="localhost:2181" |
772 | 37 | <<EOF | 37 | |
773 | 38 | 38 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 | |
774 | 39 | description "Juju provisioning agent" | 39 | EOF |
775 | 40 | 40 | - /sbin/start juju-provision-agent | |
723 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | ||
724 | 42 | |||
725 | 43 | |||
726 | 44 | start on runlevel [2345] | ||
727 | 45 | |||
728 | 46 | stop on runlevel [!2345] | ||
729 | 47 | |||
730 | 48 | respawn | ||
731 | 49 | |||
732 | 50 | |||
733 | 51 | env JUJU_ZOOKEEPER="localhost:2181" | ||
734 | 52 | |||
735 | 53 | |||
736 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
737 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
738 | 56 | 2>&1 | ||
739 | 57 | |||
740 | 58 | EOF | ||
741 | 59 | |||
742 | 60 | ', /sbin/start juju-provision-agent] | ||
776 | 61 | ssh_authorized_keys: [zebra] | 41 | ssh_authorized_keys: [zebra] |
777 | 62 | 42 | ||
778 | === modified file 'juju/providers/ec2/tests/data/launch_cloud_init' | |||
779 | --- juju/providers/ec2/tests/data/launch_cloud_init 2012-08-23 16:14:42 +0000 | |||
780 | +++ juju/providers/ec2/tests/data/launch_cloud_init 2012-09-21 23:19:20 +0000 | |||
781 | @@ -5,31 +5,33 @@ | |||
782 | 5 | machine-id: '1'} | 5 | machine-id: '1'} |
783 | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 6 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
784 | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 7 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
812 | 8 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 8 | runcmd: |
813 | 9 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 9 | - sudo mkdir -p /var/lib/juju |
814 | 10 | 10 | - sudo mkdir -p /var/log/juju | |
815 | 11 | description "Juju machine agent" | 11 | - | |
816 | 12 | 12 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
817 | 13 | author "Juju Team <juju@lists.ubuntu.com>" | 13 | description "Juju machine agent" |
818 | 14 | 14 | author "Juju Team <juju@lists.ubuntu.com>" | |
819 | 15 | 15 | ||
820 | 16 | start on runlevel [2345] | 16 | start on runlevel [2345] |
821 | 17 | 17 | stop on runlevel [!2345] | |
822 | 18 | stop on runlevel [!2345] | 18 | respawn |
823 | 19 | 19 | ||
824 | 20 | respawn | 20 | env JUJU_MACHINE_ID="1" |
825 | 21 | 21 | env JUJU_ZOOKEEPER="es.example.internal:2181" | |
826 | 22 | 22 | ||
827 | 23 | env JUJU_MACHINE_ID="1" | 23 | pre-start script |
828 | 24 | 24 | # Protects ZooKeeper from access by non-root users. | |
829 | 25 | env JUJU_ZOOKEEPER="es.example.internal:2181" | 25 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
830 | 26 | 26 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
831 | 27 | 27 | fi | |
832 | 28 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 28 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
833 | 29 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 29 | iptables -N juju-protect-zookeepers |
834 | 30 | 2>&1 | 30 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
835 | 31 | 31 | iptables -A juju-protect-zookeepers -d es.example.internal -m owner \! --uid-owner 0 -j DROP | |
836 | 32 | EOF | 32 | end script |
837 | 33 | 33 | ||
838 | 34 | ', /sbin/start juju-machine-agent] | 34 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
839 | 35 | EOF | ||
840 | 36 | - /sbin/start juju-machine-agent | ||
841 | 35 | ssh_authorized_keys: [zebra] | 37 | ssh_authorized_keys: [zebra] |
842 | 36 | 38 | ||
843 | === modified file 'juju/providers/ec2/tests/data/launch_cloud_init_branch' | |||
844 | --- juju/providers/ec2/tests/data/launch_cloud_init_branch 2012-08-23 16:14:42 +0000 | |||
845 | +++ juju/providers/ec2/tests/data/launch_cloud_init_branch 2012-09-21 23:19:20 +0000 | |||
846 | @@ -7,33 +7,37 @@ | |||
847 | 7 | machine-id: '1'} | 7 | machine-id: '1'} |
848 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
849 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper] |
879 | 10 | runcmd: [sudo apt-get install -y python-txzookeeper, sudo mkdir -p /usr/lib/juju, | 10 | runcmd: |
880 | 11 | 'cd /usr/lib/juju && sudo /usr/bin/bzr co lp:~wizard/juju-juicebar juju', cd /usr/lib/juju/juju | 11 | - sudo apt-get install -y python-txzookeeper |
881 | 12 | && sudo python setup.py develop, sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, | 12 | - sudo mkdir -p /usr/lib/juju |
882 | 13 | 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 13 | - cd /usr/lib/juju && sudo /usr/bin/bzr co lp:~wizard/juju-juicebar juju |
883 | 14 | 14 | - cd /usr/lib/juju/juju && sudo python setup.py develop | |
884 | 15 | description "Juju machine agent" | 15 | - sudo mkdir -p /var/lib/juju |
885 | 16 | 16 | - sudo mkdir -p /var/log/juju | |
886 | 17 | author "Juju Team <juju@lists.ubuntu.com>" | 17 | - | |
887 | 18 | 18 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
888 | 19 | 19 | description "Juju machine agent" | |
889 | 20 | start on runlevel [2345] | 20 | author "Juju Team <juju@lists.ubuntu.com>" |
890 | 21 | 21 | ||
891 | 22 | stop on runlevel [!2345] | 22 | start on runlevel [2345] |
892 | 23 | 23 | stop on runlevel [!2345] | |
893 | 24 | respawn | 24 | respawn |
894 | 25 | 25 | ||
895 | 26 | 26 | env JUJU_MACHINE_ID="1" | |
896 | 27 | env JUJU_MACHINE_ID="1" | 27 | env JUJU_ZOOKEEPER="es.example.internal:2181" |
897 | 28 | 28 | ||
898 | 29 | env JUJU_ZOOKEEPER="es.example.internal:2181" | 29 | pre-start script |
899 | 30 | 30 | # Protects ZooKeeper from access by non-root users. | |
900 | 31 | 31 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then | |
901 | 32 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 32 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
902 | 33 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 33 | fi |
903 | 34 | 2>&1 | 34 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
904 | 35 | 35 | iptables -N juju-protect-zookeepers | |
905 | 36 | EOF | 36 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
906 | 37 | 37 | iptables -A juju-protect-zookeepers -d es.example.internal -m owner \! --uid-owner 0 -j DROP | |
907 | 38 | ', /sbin/start juju-machine-agent] | 38 | end script |
908 | 39 | |||
909 | 40 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | ||
910 | 41 | EOF | ||
911 | 42 | - /sbin/start juju-machine-agent | ||
912 | 39 | ssh_authorized_keys: [zebra] | 43 | ssh_authorized_keys: [zebra] |
913 | 40 | 44 | ||
914 | === modified file 'juju/providers/ec2/tests/data/launch_cloud_init_ppa' | |||
915 | --- juju/providers/ec2/tests/data/launch_cloud_init_ppa 2012-08-23 16:14:42 +0000 | |||
916 | +++ juju/providers/ec2/tests/data/launch_cloud_init_ppa 2012-09-21 23:19:20 +0000 | |||
917 | @@ -7,31 +7,33 @@ | |||
918 | 7 | machine-id: '1'} | 7 | machine-id: '1'} |
919 | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 8 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
920 | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 9 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
948 | 10 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 10 | runcmd: |
949 | 11 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - sudo mkdir -p /var/lib/juju |
950 | 12 | 12 | - sudo mkdir -p /var/log/juju | |
951 | 13 | description "Juju machine agent" | 13 | - | |
952 | 14 | 14 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
953 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | description "Juju machine agent" |
954 | 16 | 16 | author "Juju Team <juju@lists.ubuntu.com>" | |
955 | 17 | 17 | ||
956 | 18 | start on runlevel [2345] | 18 | start on runlevel [2345] |
957 | 19 | 19 | stop on runlevel [!2345] | |
958 | 20 | stop on runlevel [!2345] | 20 | respawn |
959 | 21 | 21 | ||
960 | 22 | respawn | 22 | env JUJU_MACHINE_ID="1" |
961 | 23 | 23 | env JUJU_ZOOKEEPER="es.example.internal:2181" | |
962 | 24 | 24 | ||
963 | 25 | env JUJU_MACHINE_ID="1" | 25 | pre-start script |
964 | 26 | 26 | # Protects ZooKeeper from access by non-root users. | |
965 | 27 | env JUJU_ZOOKEEPER="es.example.internal:2181" | 27 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
966 | 28 | 28 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
967 | 29 | 29 | fi | |
968 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
969 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | iptables -N juju-protect-zookeepers |
970 | 32 | 2>&1 | 32 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
971 | 33 | 33 | iptables -A juju-protect-zookeepers -d es.example.internal -m owner \! --uid-owner 0 -j DROP | |
972 | 34 | EOF | 34 | end script |
973 | 35 | 35 | ||
974 | 36 | ', /sbin/start juju-machine-agent] | 36 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
975 | 37 | EOF | ||
976 | 38 | - /sbin/start juju-machine-agent | ||
977 | 37 | ssh_authorized_keys: [zebra] | 39 | ssh_authorized_keys: [zebra] |
978 | 38 | 40 | ||
979 | === modified file 'juju/providers/orchestra/launch.py' | |||
980 | --- juju/providers/orchestra/launch.py 2012-04-12 01:01:57 +0000 | |||
981 | +++ juju/providers/orchestra/launch.py 2012-09-21 23:19:20 +0000 | |||
982 | @@ -46,7 +46,7 @@ | |||
983 | 46 | info = yield cobbler.start_system( | 46 | info = yield cobbler.start_system( |
984 | 47 | instance_id, machine_id, series, cloud_init.render()) | 47 | instance_id, machine_id, series, cloud_init.render()) |
985 | 48 | returnValue([machine_from_dict(info)]) | 48 | returnValue([machine_from_dict(info)]) |
987 | 49 | except Exception: | 49 | except Exception, e: |
988 | 50 | log.exception( | 50 | log.exception( |
989 | 51 | "Failed to launch machine %s; attempting to revert.", | 51 | "Failed to launch machine %s; attempting to revert.", |
990 | 52 | instance_id) | 52 | instance_id) |
991 | 53 | 53 | ||
992 | === modified file 'juju/providers/orchestra/tests/data/bootstrap_user_data' | |||
993 | --- juju/providers/orchestra/tests/data/bootstrap_user_data 2012-08-23 16:14:42 +0000 | |||
994 | +++ juju/providers/orchestra/tests/data/bootstrap_user_data 2012-09-21 23:19:20 +0000 | |||
995 | @@ -5,57 +5,37 @@ | |||
996 | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
997 | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, |
998 | 7 | default-jre-headless, zookeeper, zookeeperd, juju] | 7 | default-jre-headless, zookeeper, zookeeperd, juju] |
1052 | 8 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p /var/log/juju, 'juju-admin initialize | 8 | runcmd: |
1053 | 9 | --instance-id=winston-uid --admin-identity=admin:qRBXC1ubEEUqRL6wcBhgmc9xkaY= | 9 | - sudo mkdir -p /var/lib/juju |
1054 | 10 | --constraints-data=e29yY2hlc3RyYS1jbGFzc2VzOiAnZm9vLGJhcicsIHByb3ZpZGVyLXR5cGU6IG9yY2hlc3RyYSwgdWJ1bnR1LXNlcmllczogYml6YXJyZX0K | 10 | - sudo mkdir -p /var/log/juju |
1055 | 11 | --provider-type=orchestra', 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 11 | - juju-admin initialize --instance-id=winston-uid --admin-identity=admin:qRBXC1ubEEUqRL6wcBhgmc9xkaY= --constraints-data=e29yY2hlc3RyYS1jbGFzc2VzOiAnZm9vLGJhcicsIHByb3ZpZGVyLXR5cGU6IG9yY2hlc3RyYSwgdWJ1bnR1LXNlcmllczogYml6YXJyZX0K --provider-type=orchestra |
1056 | 12 | 12 | - | | |
1057 | 13 | description "Juju machine agent" | 13 | cat >> /etc/init/juju-machine-agent.conf <<EOF |
1058 | 14 | 14 | description "Juju machine agent" | |
1059 | 15 | author "Juju Team <juju@lists.ubuntu.com>" | 15 | author "Juju Team <juju@lists.ubuntu.com>" |
1060 | 16 | 16 | ||
1061 | 17 | 17 | start on runlevel [2345] | |
1062 | 18 | start on runlevel [2345] | 18 | stop on runlevel [!2345] |
1063 | 19 | 19 | respawn | |
1064 | 20 | stop on runlevel [!2345] | 20 | |
1065 | 21 | 21 | env JUJU_MACHINE_ID="0" | |
1066 | 22 | respawn | 22 | env JUJU_ZOOKEEPER="localhost:2181" |
1067 | 23 | 23 | ||
1068 | 24 | 24 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 | |
1069 | 25 | env JUJU_MACHINE_ID="0" | 25 | EOF |
1070 | 26 | 26 | - /sbin/start juju-machine-agent | |
1071 | 27 | env JUJU_ZOOKEEPER="localhost:2181" | 27 | - | |
1072 | 28 | 28 | cat >> /etc/init/juju-provision-agent.conf <<EOF | |
1073 | 29 | 29 | description "Juju provisioning agent" | |
1074 | 30 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 30 | author "Juju Team <juju@lists.ubuntu.com>" |
1075 | 31 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 31 | |
1076 | 32 | 2>&1 | 32 | start on runlevel [2345] |
1077 | 33 | 33 | stop on runlevel [!2345] | |
1078 | 34 | EOF | 34 | respawn |
1079 | 35 | 35 | ||
1080 | 36 | ', /sbin/start juju-machine-agent, 'cat >> /etc/init/juju-provision-agent.conf | 36 | env JUJU_ZOOKEEPER="localhost:2181" |
1081 | 37 | <<EOF | 37 | |
1082 | 38 | 38 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output 2>&1 | |
1083 | 39 | description "Juju provisioning agent" | 39 | EOF |
1084 | 40 | 40 | - /sbin/start juju-provision-agent | |
1032 | 41 | author "Juju Team <juju@lists.ubuntu.com>" | ||
1033 | 42 | |||
1034 | 43 | |||
1035 | 44 | start on runlevel [2345] | ||
1036 | 45 | |||
1037 | 46 | stop on runlevel [!2345] | ||
1038 | 47 | |||
1039 | 48 | respawn | ||
1040 | 49 | |||
1041 | 50 | |||
1042 | 51 | env JUJU_ZOOKEEPER="localhost:2181" | ||
1043 | 52 | |||
1044 | 53 | |||
1045 | 54 | exec python -m juju.agents.provision --nodaemon --logfile /var/log/juju/provision-agent.log | ||
1046 | 55 | --session-file /var/run/juju/provision-agent.zksession >> /tmp/juju-provision-agent.output | ||
1047 | 56 | 2>&1 | ||
1048 | 57 | |||
1049 | 58 | EOF | ||
1050 | 59 | |||
1051 | 60 | ', /sbin/start juju-provision-agent] | ||
1085 | 61 | ssh_authorized_keys: [this-is-a-public-key] | 41 | ssh_authorized_keys: [this-is-a-public-key] |
1086 | 62 | 42 | ||
1087 | === modified file 'juju/providers/orchestra/tests/data/launch_user_data' | |||
1088 | --- juju/providers/orchestra/tests/data/launch_user_data 2012-08-23 16:14:42 +0000 | |||
1089 | +++ juju/providers/orchestra/tests/data/launch_user_data 2012-09-21 23:19:20 +0000 | |||
1090 | @@ -4,31 +4,33 @@ | |||
1091 | 4 | machine-id: '42'} | 4 | machine-id: '42'} |
1092 | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} | 5 | output: {all: '| tee -a /var/log/cloud-init-output.log'} |
1093 | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] | 6 | packages: [bzr, byobu, tmux, python-setuptools, python-twisted, python-txaws, python-zookeeper, juju] |
1121 | 7 | runcmd: [sudo mkdir -p /var/lib/juju, sudo mkdir -p | 7 | runcmd: |
1122 | 8 | /var/log/juju, 'cat >> /etc/init/juju-machine-agent.conf <<EOF | 8 | - sudo mkdir -p /var/lib/juju |
1123 | 9 | 9 | - sudo mkdir -p /var/log/juju | |
1124 | 10 | description "Juju machine agent" | 10 | - | |
1125 | 11 | 11 | cat >> /etc/init/juju-machine-agent.conf <<EOF | |
1126 | 12 | author "Juju Team <juju@lists.ubuntu.com>" | 12 | description "Juju machine agent" |
1127 | 13 | 13 | author "Juju Team <juju@lists.ubuntu.com>" | |
1128 | 14 | 14 | ||
1129 | 15 | start on runlevel [2345] | 15 | start on runlevel [2345] |
1130 | 16 | 16 | stop on runlevel [!2345] | |
1131 | 17 | stop on runlevel [!2345] | 17 | respawn |
1132 | 18 | 18 | ||
1133 | 19 | respawn | 19 | env JUJU_MACHINE_ID="42" |
1134 | 20 | 20 | env JUJU_ZOOKEEPER="jennifer:2181" | |
1135 | 21 | 21 | ||
1136 | 22 | env JUJU_MACHINE_ID="42" | 22 | pre-start script |
1137 | 23 | 23 | # Protects ZooKeeper from access by non-root users. | |
1138 | 24 | env JUJU_ZOOKEEPER="jennifer:2181" | 24 | if iptables -C OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers ; then |
1139 | 25 | 25 | iptables -D OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers | |
1140 | 26 | 26 | fi | |
1141 | 27 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log | 27 | iptables -F juju-protect-zookeepers && iptables -X juju-protect-zookeepers || : |
1142 | 28 | --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output | 28 | iptables -N juju-protect-zookeepers |
1143 | 29 | 2>&1 | 29 | iptables -I OUTPUT -p tcp --dport 2181 -j juju-protect-zookeepers |
1144 | 30 | 30 | iptables -A juju-protect-zookeepers -d jennifer -m owner \! --uid-owner 0 -j DROP | |
1145 | 31 | EOF | 31 | end script |
1146 | 32 | 32 | ||
1147 | 33 | ', /sbin/start juju-machine-agent] | 33 | exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1 |
1148 | 34 | EOF | ||
1149 | 35 | - /sbin/start juju-machine-agent | ||
1150 | 34 | ssh_authorized_keys: [this-is-a-public-key] | 36 | ssh_authorized_keys: [this-is-a-public-key] |
Reviewers: mp+125832_ code.launchpad. net,
Message:
Please take a look.
Description:
protect zookeeper from non-root direct access
Adds pre-start capability to juju.lib.upstart. Also reformatted tests'
cloud-config data to be more readable.
https:/ /code.launchpad .net/~clint- fewbar/ juju/add- egress- zookeeper- protection/ +merge/ 125832
(do not edit description out of merge proposal)
Please review this at https:/ /codereview. appspot. com/6549051/
Affected files: tests/data/ test_prestart tests/test_ upstart. py common/ cloudinit. py common/ tests/data/ cloud_init_ bootstrap common/ tests/data/ cloud_init_ bootstrap_ zookeepers common/ tests/data/ cloud_init_ branch common/ tests/data/ cloud_init_ branch_ trunk common/ tests/data/ cloud_init_ distro common/ tests/data/ cloud_init_ ppa common/ tests/data/ cloud_init_ proposed ec2/tests/ data/bootstrap_ cloud_init ec2/tests/ data/launch_ cloud_init ec2/tests/ data/launch_ cloud_init_ branch ec2/tests/ data/launch_ cloud_init_ ppa orchestra/ launch. py orchestra/ tests/data/ bootstrap_ user_data orchestra/ tests/data/ launch_ user_data
A [revision details]
A juju/lib/
M juju/lib/
M juju/lib/upstart.py
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/
M juju/providers/