juju-core

Merge lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into lp:~go-bot/juju-core/trunk

  1. lp1273933-local-disallow-hostunits-machine-0
  2. Merge into trunk
Proposed by Andrew Wilkins
Status: Merged
Approved by: Andrew Wilkins
Approved revision: no longer in the source branch.
Merged at revision: 2305
Proposed branch: lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0
Merge into: lp:~go-bot/juju-core/trunk
Diff against target: 211 lines (+82/-17)
7 files modified
agent/agent.go (+1/-0)
agent/bootstrap.go (+16/-0)
agent/bootstrap_test.go (+16/-0)
cmd/jujud/bootstrap.go (+9/-13)
cmd/jujud/bootstrap_test.go (+24/-1)
provider/local/environ.go (+9/-3)
provider/local/environ_test.go (+7/-0)
To merge this branch: bzr merge lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0
Reviewer Review Type Date Requested Status
Juju Engineering Pending
Review via email: mp+204829@code.launchpad.net

Commit message

Make bootstrap machine jobs configurable

This addresses a long-standing TODO in
cmd/jujud to making bootstrap machine
jobs configurable. If agent.BootstrapJobs
is present in the agent configuration
key/value map, it will be used instead
of the defaults (the existing hard-coded
values).

The local provider is updated to set
agent.BootstrapJobs to be {JobManageEnviron}.

Fixes lp:1273933

https://codereview.appspot.com/60310044/

Description of the change

Make bootstrap machine jobs configurable

This addresses a long-standing TODO in
cmd/jujud to making bootstrap machine
jobs configurable. If agent.BootstrapJobs
is present in the agent configuration
key/value map, it will be used instead
of the defaults (the existing hard-coded
values).

The local provider is updated to set
agent.BootstrapJobs to be {JobManageEnviron}.

Fixes lp:1273933

https://codereview.appspot.com/60310044/

To post a comment you must log in.
Revision history for this message
Andrew Wilkins (axwalk) wrote :

Reviewers: mp+204829_code.launchpad.net,

Message:
Please take a look.

Description:
Make bootstrap machine jobs configurable

This addresses a long-standing TODO in
cmd/jujud to making bootstrap machine
jobs configurable. If agent.BootstrapJobs
is present in the agent configuration
key/value map, it will be used instead
of the defaults (the existing hard-coded
values).

The local provider is updated to set
agent.BootstrapJobs to be {JobManageEnviron}.

Fixes lp:1273933

https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/60310044/

Affected files (+84, -17 lines):
   A [revision details]
   M agent/agent.go
   M agent/bootstrap.go
   M agent/bootstrap_test.go
   M cmd/jujud/bootstrap.go
   M cmd/jujud/bootstrap_test.go
   M provider/local/environ.go
   M provider/local/environ_test.go

Revision history for this message
Ian Booth (wallyworld) wrote :

LGTM

https://codereview.appspot.com/60310044/

Revision history for this message
Roger Peppe (rogpeppe) wrote :

I just noticed this in the code. It seems somewhat odd that this
is in the string attributes, rather than getting a field for itself.

Could you perhaps elucidate on the reasons why this is
the right approach?

On 10 February 2014 05:48, Ian Booth <email address hidden> wrote:
> LGTM
>
> https://codereview.appspot.com/60310044/
>
> --
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> Your team juju hackers is requested to review the proposed merge of lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into lp:juju-core.

Revision history for this message
Andrew Wilkins (axwalk) wrote :

On Wed, Feb 19, 2014 at 9:18 PM, Roger Peppe <email address hidden>wrote:

> I just noticed this in the code. It seems somewhat odd that this
> is in the string attributes, rather than getting a field for itself.
>
> Could you perhaps elucidate on the reasons why this is
> the right approach?

My rationale was: this is only used for the bootstrap agent, so making it a
field that is then common to all agents only confusing.
It would be better if we had agent-type specific config structures.

On 10 February 2014 05:48, Ian Booth <email address hidden> wrote:
> > LGTM
> >
> > https://codereview.appspot.com/60310044/
> >
> > --
> >
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> > Your team juju hackers is requested to review the proposed merge of
> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into
> lp:juju-core.
>
> --
>
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> You are the owner of
> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0.
>

Revision history for this message
Roger Peppe (rogpeppe) wrote :

Ok, that's useful to know, even if I don't entirely
agree with the rationale (I think it's ok to have optional
fields, and marshalling json inside yaml seems kind
of wrong).

For the record, we actually have a need for this field
for all agents, so I think we might promote it to a
first-class field and call it Jobs rather than BootstrapJobs.

On 19 February 2014 14:03, Andrew Wilkins <email address hidden> wrote:
> On Wed, Feb 19, 2014 at 9:18 PM, Roger Peppe <email address hidden>wrote:
>
>> I just noticed this in the code. It seems somewhat odd that this
>> is in the string attributes, rather than getting a field for itself.
>>
>> Could you perhaps elucidate on the reasons why this is
>> the right approach?
>
>
> My rationale was: this is only used for the bootstrap agent, so making it a
> field that is then common to all agents only confusing.
> It would be better if we had agent-type specific config structures.
>
> On 10 February 2014 05:48, Ian Booth <email address hidden> wrote:
>> > LGTM
>> >
>> > https://codereview.appspot.com/60310044/
>> >
>> > --
>> >
>> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
>> > Your team juju hackers is requested to review the proposed merge of
>> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into
>> lp:juju-core.
>>
>> --
>>
>> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
>> You are the owner of
>> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0.
>>
>
> --
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> Your team juju hackers is requested to review the proposed merge of lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into lp:juju-core.

Revision history for this message
Andrew Wilkins (axwalk) wrote :

On Wed, Feb 19, 2014 at 11:24 PM, Roger Peppe <email address hidden>wrote:

> Ok, that's useful to know, even if I don't entirely
> agree with the rationale (I think it's ok to have optional
> fields, and marshalling json inside yaml seems kind
> of wrong).
>
> For the record, we actually have a need for this field
> for all agents, so I think we might promote it to a
> first-class field and call it Jobs rather than BootstrapJobs.

Cool. I will see if I can squeeze it in before 1.18 so we don't have yet
another backwards compatibility issue.

> On 19 February 2014 14:03, Andrew Wilkins <email address hidden>
> wrote:
> > On Wed, Feb 19, 2014 at 9:18 PM, Roger Peppe <<email address hidden>
> >wrote:
> >
> >> I just noticed this in the code. It seems somewhat odd that this
> >> is in the string attributes, rather than getting a field for itself.
> >>
> >> Could you perhaps elucidate on the reasons why this is
> >> the right approach?
> >
> >
> > My rationale was: this is only used for the bootstrap agent, so making
> it a
> > field that is then common to all agents only confusing.
> > It would be better if we had agent-type specific config structures.
> >
> > On 10 February 2014 05:48, Ian Booth <email address hidden> wrote:
> >> > LGTM
> >> >
> >> > https://codereview.appspot.com/60310044/
> >> >
> >> > --
> >> >
> >>
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> >> > Your team juju hackers is requested to review the proposed merge of
> >> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into
> >> lp:juju-core.
> >>
> >> --
> >>
> >>
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> >> You are the owner of
> >> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0.
> >>
> >
> > --
> >
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> > Your team juju hackers is requested to review the proposed merge of
> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0 into
> lp:juju-core.
>
> --
>
> https://code.launchpad.net/~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0/+merge/204829
> You are the owner of
> lp:~axwalk/juju-core/lp1273933-local-disallow-hostunits-machine-0.
>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'agent/agent.go'
2--- agent/agent.go 2014-02-04 19:31:25 +0000
3+++ agent/agent.go 2014-02-05 08:05:31 +0000
4@@ -31,6 +31,7 @@
5 AgentServiceName = "AGENT_SERVICE_NAME"
6 MongoServiceName = "MONGO_SERVICE_NAME"
7 RsyslogConfPath = "RSYSLOG_CONF_PATH"
8+ BootstrapJobs = "BOOTSTRAP_JOBS"
9 )
10
11 // The Config interface is the sole way that the agent gets access to the
12
13=== modified file 'agent/bootstrap.go'
14--- agent/bootstrap.go 2014-01-23 20:30:35 +0000
15+++ agent/bootstrap.go 2014-02-05 08:05:31 +0000
16@@ -4,6 +4,7 @@
17 package agent
18
19 import (
20+ "encoding/json"
21 "fmt"
22
23 "launchpad.net/juju-core/constraints"
24@@ -31,6 +32,21 @@
25 InitializeState(envCfg *config.Config, machineCfg BootstrapMachineConfig, timeout state.DialOpts) (*state.State, *state.Machine, error)
26 }
27
28+// MarshalBootstrapJobs may be used to marshal a set of
29+// machine jobs for the bootstrap agent, to be added
30+// into the agent configuration.
31+func MarshalBootstrapJobs(jobs ...state.MachineJob) (string, error) {
32+ b, err := json.Marshal(jobs)
33+ return string(b), err
34+}
35+
36+// UnmarshalBootstrapJobs unmarshals a set of machine
37+// jobs marshalled with MarshalBootstrapJobs.
38+func UnmarshalBootstrapJobs(s string) (jobs []state.MachineJob, err error) {
39+ err = json.Unmarshal([]byte(s), &jobs)
40+ return jobs, err
41+}
42+
43 // BootstrapMachineConfig holds configuration information
44 // to attach to the bootstrap machine.
45 type BootstrapMachineConfig struct {
46
47=== modified file 'agent/bootstrap_test.go'
48--- agent/bootstrap_test.go 2013-12-13 19:15:26 +0000
49+++ agent/bootstrap_test.go 2014-02-05 08:05:31 +0000
50@@ -162,3 +162,19 @@
51 _, err = st.Machine("0")
52 c.Assert(err, gc.IsNil)
53 }
54+
55+func (s *bootstrapSuite) TestMarshalUnmarshalBootstrapJobs(c *gc.C) {
56+ jobs := [][]state.MachineJob{
57+ {},
58+ {state.JobHostUnits},
59+ {state.JobManageEnviron},
60+ {state.JobHostUnits, state.JobManageEnviron},
61+ }
62+ for _, jobs := range jobs {
63+ marshalled, err := agent.MarshalBootstrapJobs(jobs...)
64+ c.Assert(err, gc.IsNil)
65+ unmarshalled, err := agent.UnmarshalBootstrapJobs(marshalled)
66+ c.Assert(err, gc.IsNil)
67+ c.Assert(unmarshalled, gc.DeepEquals, jobs)
68+ }
69+}
70
71=== modified file 'cmd/jujud/bootstrap.go'
72--- cmd/jujud/bootstrap.go 2014-01-22 19:28:08 +0000
73+++ cmd/jujud/bootstrap.go 2014-02-05 08:05:31 +0000
74@@ -74,23 +74,19 @@
75 if err != nil {
76 return err
77 }
78- // TODO(fwereade): we need to be able to customize machine jobs,
79- // not just hardcode these values; in particular, JobHostUnits
80- // on a machine, like this one, that is running JobManageEnviron
81- // (not to mention the actual state server itself...) will allow
82- // a malicious or compromised unit to trivially access to the
83- // user's environment credentials. However, given that this point
84- // is currently moot (see Upgrader in this package), the pseudo-
85- // local provider mode (in which everything is deployed with
86- // `--to 0`) offers enough value to enough people that
87- // JobHostUnits is currently always enabled. This will one day
88- // have to change, but it's strictly less important than fixing
89- // Upgrader, and it's a capability we'll always want to have
90- // available for the aforementioned use case.
91+ // agent.BootstrapJobs is an optional field in the agent
92+ // config, and was introduced after 1.17.2. We default to
93+ // allowing units on machine-0 if missing.
94 jobs := []state.MachineJob{
95 state.JobManageEnviron,
96 state.JobHostUnits,
97 }
98+ if bootstrapJobs := c.Conf.config.Value(agent.BootstrapJobs); bootstrapJobs != "" {
99+ jobs, err = agent.UnmarshalBootstrapJobs(bootstrapJobs)
100+ if err != nil {
101+ return err
102+ }
103+ }
104 var characteristics instance.HardwareCharacteristics
105 if len(bsState.Characteristics) > 0 {
106 characteristics = bsState.Characteristics[0]
107
108=== modified file 'cmd/jujud/bootstrap_test.go'
109--- cmd/jujud/bootstrap_test.go 2014-01-22 19:28:08 +0000
110+++ cmd/jujud/bootstrap_test.go 2014-02-05 08:05:31 +0000
111@@ -164,7 +164,7 @@
112 return &v
113 }
114
115-func (s *BootstrapSuite) TestMachinerWorkers(c *gc.C) {
116+func (s *BootstrapSuite) TestDefaultMachineJobs(c *gc.C) {
117 _, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig)
118 c.Assert(err, gc.IsNil)
119 err = cmd.Run(nil)
120@@ -184,6 +184,29 @@
121 })
122 }
123
124+func (s *BootstrapSuite) TestConfiguredMachineJobs(c *gc.C) {
125+ agentConf, cmd, err := s.initBootstrapCommand(c, "--env-config", testConfig)
126+ c.Assert(err, gc.IsNil)
127+ bootstrapJobs, err := agent.MarshalBootstrapJobs(state.JobManageEnviron)
128+ c.Assert(err, gc.IsNil)
129+ agentConf.SetValue(agent.BootstrapJobs, bootstrapJobs)
130+ err = agentConf.Write()
131+ c.Assert(err, gc.IsNil)
132+ err = cmd.Run(nil)
133+ c.Assert(err, gc.IsNil)
134+
135+ st, err := state.Open(&state.Info{
136+ Addrs: []string{testing.MgoServer.Addr()},
137+ CACert: []byte(testing.CACert),
138+ Password: testPasswordHash(),
139+ }, state.DefaultDialOpts())
140+ c.Assert(err, gc.IsNil)
141+ defer st.Close()
142+ m, err := st.Machine("0")
143+ c.Assert(err, gc.IsNil)
144+ c.Assert(m.Jobs(), gc.DeepEquals, []state.MachineJob{state.JobManageEnviron})
145+}
146+
147 func testOpenState(c *gc.C, info *state.Info, expectErrType error) {
148 st, err := state.Open(info, state.DefaultDialOpts())
149 if st != nil {
150
151=== modified file 'provider/local/environ.go'
152--- provider/local/environ.go 2014-02-04 19:12:08 +0000
153+++ provider/local/environ.go 2014-02-05 08:05:31 +0000
154@@ -127,6 +127,11 @@
155 return err
156 }
157
158+ bootstrapJobs, err := agent.MarshalBootstrapJobs(state.JobManageEnviron)
159+ if err != nil {
160+ return err
161+ }
162+
163 mcfg := environs.NewBootstrapMachineConfig(stateFileURL, privateKey)
164 mcfg.Tools = selectedTools[0]
165 mcfg.DataDir = env.config.rootDir()
166@@ -137,9 +142,10 @@
167 mcfg.MachineAgentServiceName = env.machineAgentServiceName()
168 mcfg.MongoServiceName = env.mongoServiceName()
169 mcfg.AgentEnvironment = map[string]string{
170- agent.Namespace: env.config.namespace(),
171- agent.StorageDir: env.config.storageDir(),
172- agent.StorageAddr: env.config.storageAddr(),
173+ agent.Namespace: env.config.namespace(),
174+ agent.StorageDir: env.config.storageDir(),
175+ agent.StorageAddr: env.config.storageAddr(),
176+ agent.BootstrapJobs: bootstrapJobs,
177 }
178 if err := environs.FinishMachineConfig(mcfg, env.Config(), cons); err != nil {
179 return err
180
181=== modified file 'provider/local/environ_test.go'
182--- provider/local/environ_test.go 2014-01-23 22:10:46 +0000
183+++ provider/local/environ_test.go 2014-02-05 08:05:31 +0000
184@@ -11,6 +11,7 @@
185
186 gc "launchpad.net/gocheck"
187
188+ "launchpad.net/juju-core/agent"
189 coreCloudinit "launchpad.net/juju-core/cloudinit"
190 "launchpad.net/juju-core/constraints"
191 "launchpad.net/juju-core/environs"
192@@ -21,6 +22,7 @@
193 "launchpad.net/juju-core/environs/tools"
194 "launchpad.net/juju-core/instance"
195 "launchpad.net/juju-core/provider/local"
196+ "launchpad.net/juju-core/state"
197 coretesting "launchpad.net/juju-core/testing"
198 jc "launchpad.net/juju-core/testing/checkers"
199 )
200@@ -146,6 +148,11 @@
201 c.Assert(cloudcfg.AptUpdate(), jc.IsFalse)
202 c.Assert(cloudcfg.AptUpgrade(), jc.IsFalse)
203 c.Assert(cloudcfg.Packages(), gc.HasLen, 0)
204+ c.Assert(mcfg.AgentEnvironment, gc.Not(gc.IsNil))
205+ // local does not allow machine-0 to host units
206+ bootstrapJobs, err := agent.UnmarshalBootstrapJobs(mcfg.AgentEnvironment[agent.BootstrapJobs])
207+ c.Assert(err, gc.IsNil)
208+ c.Assert(bootstrapJobs, gc.DeepEquals, []state.MachineJob{state.JobManageEnviron})
209 return nil
210 })
211 testConfig := minimalConfig(c)

Subscribers

People subscribed via source and target branches

to status/vote changes: