Code review comment for lp:~axwalk/juju-core/lp1300889-disable-mongo-keyfile

Revision history for this message
Andrew Wilkins (axwalk) wrote :

Reviewers: mp+213786_code.launchpad.net,

Message:
Please take a look.

Description:
Disable --keyFile in mongo upstart config

We can't enable this yet, because shared-secret
isn't written until after Mongo is started. This
will change when EnsureMongoServer is landed.

(FWIW I did test this with local, and it worked.
I don't yet understand why - it shouldn't be any
different to cloud providers. I suspect there's
a race here with upstart restarting Mongo, and
the machine agnet writing the shared-secret.)

Fixes lp:1300889

https://code.launchpad.net/~axwalk/juju-core/lp1300889-disable-mongo-keyfile/+merge/213786

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/83270045/

Affected files (+8, -6 lines):
   A [revision details]
   M agent/mongo/mongo.go
   M environs/cloudinit/cloudinit_test.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20140402083906-5vacuo7ovpzyi5gj
+New revision: <email address hidden>

Index: agent/mongo/mongo.go
=== modified file 'agent/mongo/mongo.go'
--- agent/mongo/mongo.go 2014-04-01 09:34:43 +0000
+++ agent/mongo/mongo.go 2014-04-02 09:07:52 +0000
@@ -188,7 +188,7 @@
  func MongoUpstartService(name, mongodExec, dataDir string, port int)
(*upstart.Conf, error) {

   sslKeyFile := path.Join(dataDir, "server.pem")
- keyFile := path.Join(dataDir, SharedSecretFile)
+ //keyFile := path.Join(dataDir, SharedSecretFile)
   svc := upstart.NewService(name)

   dbDir := path.Join(dataDir, "db")
@@ -210,11 +210,11 @@
     " --port " + fmt.Sprint(port) +
     " --noprealloc" +
     " --syslog" +
- " --smallfiles" +
- " --keyFile " + utils.ShQuote(keyFile),
+ " --smallfiles",
    // TODO(Nate): uncomment when we commit HA stuff
    // +
- // " --replSet juju",
+ // " --replSet juju" +
+ // " --keyFile " + utils.ShQuote(keyFile),
   }
   return conf, nil
  }

Index: environs/cloudinit/cloudinit_test.go
=== modified file 'environs/cloudinit/cloudinit_test.go'
--- environs/cloudinit/cloudinit_test.go 2014-04-01 08:19:52 +0000
+++ environs/cloudinit/cloudinit_test.go 2014-04-02 09:07:52 +0000
@@ -142,7 +142,7 @@
  dd bs=1M count=1 if=/dev/zero of=/var/lib/juju/db/journal/prealloc\.1
  dd bs=1M count=1 if=/dev/zero of=/var/lib/juju/db/journal/prealloc\.2
  echo 'Starting MongoDB server \(juju-db\)'.*
-cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/bin/mongod --auth --dbpath=/var/lib/juju/db --sslOnNormalPorts
--sslPEMKeyFile '/var/lib/juju/server\.pem' --sslPEMKeyPassword ignored
--bind_ip 0\.0\.0\.0 --port 37017 --noprealloc --syslog --smallfiles
--keyFile '/var/lib/juju/shared-secret'\\nEOF\\n
+cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/bin/mongod --auth --dbpath=/var/lib/juju/db --sslOnNormalPorts
--sslPEMKeyFile '/var/lib/juju/server\.pem' --sslPEMKeyPassword ignored
--bind_ip 0\.0\.0\.0 --port 37017 --noprealloc --syslog
--smallfiles\\nEOF\\n
  start juju-db
  mkdir -p '/var/lib/juju/agents/bootstrap'
  install -m 600 /dev/null '/var/lib/juju/agents/bootstrap/agent\.conf'
@@ -236,7 +236,7 @@
    inexactMatch: true,
    expectScripts: `
  echo 'Starting MongoDB server \(juju-db\)'.*
-cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/lib/juju/bin/mongod --auth --dbpath=/var/lib/juju/db
--sslOnNormalPorts --sslPEMKeyFile '/var/lib/juju/server\.pem'
--sslPEMKeyPassword ignored --bind_ip 0\.0\.0\.0 --port 37017 --noprealloc
--syslog --smallfiles --keyFile '/var/lib/juju/shared-secret'\\nEOF\\n
+cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/lib/juju/bin/mongod --auth --dbpath=/var/lib/juju/db
--sslOnNormalPorts --sslPEMKeyFile '/var/lib/juju/server\.pem'
--sslPEMKeyPassword ignored --bind_ip 0\.0\.0\.0 --port 37017 --noprealloc
--syslog --smallfiles\\nEOF\\n
  `,
   }, {
    // non state server.

« Back to merge proposal