MAAS

Merge ~ack/maas:1988759-vmhost-deploy into maas:master

  1. Git
  2. lp:~ack/maas
  3. 1988759-vmhost-deploy
  4. Merge into master
Proposed by Alberto Donato
Status: Merged
Approved by: Alberto Donato
Approved revision: 9667f89bc33d9b4b0b91fee1cae8f05405ec0136
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~ack/maas:1988759-vmhost-deploy
Merge into: maas:master
Diff against target: 88 lines (+10/-8)
4 files modified
src/metadataserver/api_twisted.py (+2/-1)
src/metadataserver/tests/test_vendor_data.py (+1/-1)
src/metadataserver/vendor_data.py (+3/-2)
src/provisioningserver/drivers/pod/lxd.py (+4/-4)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Adam Collard (community) Approve
Review via email: mp+431574@code.launchpad.net

Commit message

LP:1988759 don't restrict LXD credentials to the maas project on LXD deploy

This causes MAAS not to be able to read storage volumes and networks from LXD

To post a comment you must log in.
Revision history for this message
Adam Collard (adam-collard) :
review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1988759-vmhost-deploy lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 9667f89bc33d9b4b0b91fee1cae8f05405ec0136

review: Approve
Revision history for this message
Thomas Parrott (tomparrott) wrote :

stgraber has advised that this will fail for anyone who manually adds the MAAS cert and won't allow it access to all projects (like LXD does for its CI).

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/metadataserver/api_twisted.py b/src/metadataserver/api_twisted.py
2index bf84b70..070e0c1 100644
3--- a/src/metadataserver/api_twisted.py
4+++ b/src/metadataserver/api_twisted.py
5@@ -185,13 +185,14 @@ POD_CREATION_ERROR = (
6
7
8 def _create_vmhost_for_deployment(node):
9+ node = node.as_node() # ensure a Node instance is passed
10 secret_manager = SecretManager()
11 deploy_secrets = secret_manager.get_composite_secret(
12 "deploy-metadata",
13 obj=node,
14 default={},
15 )
16- secret_manager.delete_secret("deploy-metadata", obj=node.as_node())
17+ secret_manager.delete_secret("deploy-metadata", obj=node)
18
19 # ensure only specified VM host types are registered
20 if not node.register_vmhost:
21diff --git a/src/metadataserver/tests/test_vendor_data.py b/src/metadataserver/tests/test_vendor_data.py
22index ba3519e..c682bcb 100644
23--- a/src/metadataserver/tests/test_vendor_data.py
24+++ b/src/metadataserver/tests/test_vendor_data.py
25@@ -441,7 +441,7 @@ class TestGenerateKVMPodConfiguration(MAASServerTestCase):
26 "lxd init --auto --network-address=[::]",
27 "lxc project create maas",
28 "sh -c 'lxc project edit maas </root/maas-project.yaml'",
29- "lxc config trust add /root/lxd.crt --restricted --projects maas",
30+ "lxc config trust add /root/lxd.crt",
31 "rm /root/lxd.crt /root/maas-project.yaml",
32 ],
33 ),
34diff --git a/src/metadataserver/vendor_data.py b/src/metadataserver/vendor_data.py
35index 8d992fa..f32b54c 100644
36--- a/src/metadataserver/vendor_data.py
37+++ b/src/metadataserver/vendor_data.py
38@@ -229,7 +229,7 @@ def generate_kvm_pod_configuration(node):
39 "lxd init --auto --network-address=[::]",
40 f"lxc project create {maas_project}",
41 f"sh -c 'lxc project edit {maas_project} <{project_conf_file}'",
42- f"lxc config trust add {cert_file} --restricted --projects {maas_project}",
43+ f"lxc config trust add {cert_file}",
44 f"rm {cert_file} {project_conf_file}",
45 ]
46
47@@ -293,12 +293,13 @@ def generate_kvm_pod_configuration(node):
48 ]
49
50 secret_manager = SecretManager()
51+ node = node.as_node()
52 if deploy_secrets:
53 secret_manager.set_composite_secret(
54 "deploy-metadata", deploy_secrets, obj=node
55 )
56 else:
57- secret_manager.delete_secret("deploy-metadata", obj=node.as_node())
58+ secret_manager.delete_secret("deploy-metadata", obj=node)
59
60 if arch == "ppc64el":
61 rc_script = dedent(
62diff --git a/src/provisioningserver/drivers/pod/lxd.py b/src/provisioningserver/drivers/pod/lxd.py
63index 3244747..05b6575 100644
64--- a/src/provisioningserver/drivers/pod/lxd.py
65+++ b/src/provisioningserver/drivers/pod/lxd.py
66@@ -875,7 +875,7 @@ class LXDPodDriver(PodDriver):
67 try:
68 client.authenticate(password)
69 except LXDAPIException as e:
70- raise Error(f"Password authentication failed: {e}")
71+ raise Error(f"Password authentication failed: {e}") from e
72 return client
73
74 try:
75@@ -898,10 +898,10 @@ class LXDPodDriver(PodDriver):
76 raise Error(
77 "Certificate is not trusted and no password was given"
78 )
79- except ClientConnectionFailed:
80+ except ClientConnectionFailed as e:
81 raise LXDPodError(
82- f"Pod {pod_id}: Failed to connect to the LXD REST API."
83- )
84+ f"Pod {pod_id}: Failed to connect to the LXD REST API: {e}"
85+ ) from e
86 else:
87 yield client
88 finally:

Subscribers

People subscribed via source and target branches