Juju Charms Collection
adt-cloud-worker package

Merge lp:~cprov/charms/trusty/adt-cloud-worker/uci-nova into lp:~canonical-ci-engineering/charms/trusty/adt-cloud-worker/trunk

  1. Trusty Tahr (14.04)
  2. uci-nova
  3. Merge into trunk
Proposed by Celso Providelo
Status: Merged
Approved by: Celso Providelo
Approved revision: 12
Merged at revision: 12
Proposed branch: lp:~cprov/charms/trusty/adt-cloud-worker/uci-nova
Merge into: lp:~canonical-ci-engineering/charms/trusty/adt-cloud-worker/trunk
Diff against target: 119 lines (+7/-85)
2 files modified
hooks/actions.py (+6/-84)
hooks/services.py (+1/-1)
To merge this branch: bzr merge lp:~cprov/charms/trusty/adt-cloud-worker/uci-nova
Reviewer Review Type Date Requested Status
Paul Larson Approve
Review via email: mp+252769@code.launchpad.net

Commit message

Install 'uci-nova' ssh-setup on the default autopkgtest location so it can be used by workers.

Description of the change

Install 'uci-nova' ssh-setup on the default autopkgtest location so it can be used by workers.

To post a comment you must log in.
Revision history for this message
Ubuntu CI Bot (uci-bot) wrote :

Voting does not meet specified criteria. Required: Approve >= 1. Got: 1 Pending.

Revision history for this message
Paul Larson (pwlars) wrote :

Looks great to me, this simplifies things.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/actions.py'
--- hooks/actions.py 2015-03-11 00:38:18 +0000
+++ hooks/actions.py 2015-03-12 16:00:51 +0000
@@ -1,7 +1,6 @@
1import base641import base64
2import ConfigParser as configparser
3import os2import os
4import socket3import shutil
5import subprocess4import subprocess
65
7from charmhelpers import fetch6from charmhelpers import fetch
@@ -44,88 +43,11 @@
44 f.write(config_content)43 f.write(config_content)
4544
4645
47def reset_nova(service_name):46def install_adt_uci_nova(service_name):
48 hookenv.log('Attempting to reset nova key-pairs ...')47 hookenv.log('Attempting to install "uci-nova" autopkgtest ssh-setup ...')
49 pubkey_path = os.path.expanduser('~/.ssh/id_rsa.pub')48 shutil.copy2(
50 if os.path.exists(pubkey_path):49 os.path.join(hookenv.charm_dir(), 'files', 'uci-nova'),
51 hookenv.log('SSH key already exists, nothing to do ...')50 '/usr/share/autopkgtest/ssh-setup/')
52 return
53
54 hookenv.log('Generating a new SSH key ...')
55 seckey_path = pubkey_path[:-4]
56 cmd = 'ssh-keygen -f %s -q -N ""' % seckey_path
57 subprocess.check_call(cmd, shell=True)
58
59 config_path = os.path.join(SERVICE_DIR, '.adt-service.conf')
60 hookenv.log('Using current app configuration from: %s' % config_path)
61 config = configparser.ConfigParser()
62 config.read(config_path)
63 for k, v in config.items('nova'):
64 if not k.startswith('os_'):
65 continue
66 os.environ[k.upper()] = str(v)
67
68 worker_secgroup = socket.gethostname().replace('-machine', '')
69 hookenv.log('Resetting keypair "%s" ...' % worker_secgroup)
70 try:
71 cmd = 'nova keypair-delete %s' % worker_secgroup
72 subprocess.check_call(cmd, shell=True)
73 except subprocess.CalledProcessError:
74 # It may not exist.
75 pass
76 cmd = 'nova keypair-add --pub-key %s %s' % (pubkey_path, worker_secgroup)
77 subprocess.check_call(cmd, shell=True)
78
79 # Ensure there is a "restrictive" security group named after the
80 # worker hostname (e.g.: 'juju-bootstack-1-testbed').
81 testbed_secgroup = '%s-testbed' % worker_secgroup
82
83 try:
84 subprocess.check_call(
85 ['neutron', 'security-group-delete', testbed_secgroup])
86 except subprocess.CalledProcessError:
87 # It may not exist.
88 pass
89
90 subprocess.check_call(
91 ['neutron', 'security-group-create', testbed_secgroup,
92 '--description', '"%s worker testbeds"' % (worker_secgroup)])
93
94 # Drop default rules allowing all egress traffic IPv[4,6].
95 permissive_rule_ids = subprocess.check_output(
96 'neutron security-group-rule-list --format csv '
97 '-c id -c security_group --quote none '
98 '| grep %s | cut -d\',\' -f1' % testbed_secgroup,
99 shell=True).splitlines()
100 for rule_id in permissive_rule_ids:
101 subprocess.check_call(
102 ['neutron', 'security-group-rule-delete', rule_id])
103
104 allow_rules = (
105 # SSH (tcp:22) ingress connections from the worker (adt).
106 {'direction': 'ingress', 'protocol': 'tcp',
107 'port-range-min': '22', 'port-range-max': '22',
108 'remote-group-id': worker_secgroup},
109
110 # APT (nova.clouds.archive.ubuntu.com, security.ubuntu.com) &
111 # NTP (ntp.ubuntu.com).
112 {'direction': 'egress', 'remote-ip-prefix': '91.189.88.0/21'},
113
114 # Cloud DNS.
115 {'direction': 'egress', 'remote-ip-prefix': '8.8.8.8'},
116
117 # XXX cprov 2015-03-10: Check with mpitti if the network restriction
118 # is valid or we are raising the bar too high for tests.
119 # Blanket rule allowing all ipv4 egress traffic, because the above
120 # are not enough to boot.
121 {'direction': 'egress', 'ethertype': 'ipv4'},
122 )
123
124 for rule in allow_rules:
125 cmd_args = ['neutron', 'security-group-rule-create']
126 [cmd_args.extend(['--%s' % (k), v]) for k,v in rule.iteritems()]
127 cmd_args.append(testbed_secgroup)
128 subprocess.check_call(cmd_args)
12951
13052
131def install_python_packages(service_name):53def install_python_packages(service_name):
13254
=== modified file 'hooks/services.py'
--- hooks/services.py 2015-03-10 19:30:51 +0000
+++ hooks/services.py 2015-03-12 16:00:51 +0000
@@ -18,7 +18,7 @@
18 actions.get_cloud_worker_from_tarball,18 actions.get_cloud_worker_from_tarball,
19 actions.install_python_packages,19 actions.install_python_packages,
20 actions.get_config_file,20 actions.get_config_file,
21 actions.reset_nova,21 actions.install_adt_uci_nova,
22 helpers.render_template(22 helpers.render_template(
23 source='upstart.conf',23 source='upstart.conf',
24 target='/etc/init/adt-cloud-worker.conf'),24 target='/etc/init/adt-cloud-worker.conf'),

Subscribers

People subscribed via source and target branches