juju-core

Code review comment for lp:~axwalk/juju-core/lp1300889-disable-mongo-keyfile

lp1300889-disable-mongo-keyfile
Merge into trunk

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2014-04-02:

Reviewers: mp+213786_code.launchpad.net,

Message:
Please take a look.

Description:
Disable --keyFile in mongo upstart config

We can't enable this yet, because shared-secret
isn't written until after Mongo is started. This
will change when EnsureMongoServer is landed.

(FWIW I did test this with local, and it worked.
I don't yet understand why - it shouldn't be any
different to cloud providers. I suspect there's
a race here with upstart restarting Mongo, and
the machine agnet writing the shared-secret.)

Fixes lp:1300889

https://code.launchpad.net/~axwalk/juju-core/lp1300889-disable-mongo-keyfile/+merge/213786

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/83270045/

Affected files (+8, -6 lines):
   A [revision details]
   M agent/mongo/mongo.go
   M environs/cloudinit/cloudinit_test.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20140402083906-5vacuo7ovpzyi5gj
+New revision: <email address hidden>

Index: agent/mongo/mongo.go
=== modified file 'agent/mongo/mongo.go'
--- agent/mongo/mongo.go 2014-04-01 09:34:43 +0000
+++ agent/mongo/mongo.go 2014-04-02 09:07:52 +0000
@@ -188,7 +188,7 @@
func MongoUpstartService(name, mongodExec, dataDir string, port int)
(*upstart.Conf, error) {

sslKeyFile := path.Join(dataDir, "server.pem")
- keyFile := path.Join(dataDir, SharedSecretFile)
+ //keyFile := path.Join(dataDir, SharedSecretFile)
svc := upstart.NewService(name)

   dbDir := path.Join(dataDir, "db")
@@ -210,11 +210,11 @@
     " --port " + fmt.Sprint(port) +
     " --noprealloc" +
     " --syslog" +
- " --smallfiles" +
- " --keyFile " + utils.ShQuote(keyFile),
+ " --smallfiles",
    // TODO(Nate): uncomment when we commit HA stuff
    // +
- // " --replSet juju",
+ // " --replSet juju" +
+ // " --keyFile " + utils.ShQuote(keyFile),
   }
   return conf, nil
  }

Index: environs/cloudinit/cloudinit_test.go
=== modified file 'environs/cloudinit/cloudinit_test.go'
--- environs/cloudinit/cloudinit_test.go 2014-04-01 08:19:52 +0000
+++ environs/cloudinit/cloudinit_test.go 2014-04-02 09:07:52 +0000
@@ -142,7 +142,7 @@
  dd bs=1M count=1 if=/dev/zero of=/var/lib/juju/db/journal/prealloc\.1
  dd bs=1M count=1 if=/dev/zero of=/var/lib/juju/db/journal/prealloc\.2
  echo 'Starting MongoDB server \(juju-db\)'.*
-cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/bin/mongod --auth --dbpath=/var/lib/juju/db --sslOnNormalPorts
--sslPEMKeyFile '/var/lib/juju/server\.pem' --sslPEMKeyPassword ignored
--bind_ip 0\.0\.0\.0 --port 37017 --noprealloc --syslog --smallfiles
--keyFile '/var/lib/juju/shared-secret'\\nEOF\\n
+cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/bin/mongod --auth --dbpath=/var/lib/juju/db --sslOnNormalPorts
--sslPEMKeyFile '/var/lib/juju/server\.pem' --sslPEMKeyPassword ignored
--bind_ip 0\.0\.0\.0 --port 37017 --noprealloc --syslog
--smallfiles\\nEOF\\n
  start juju-db
  mkdir -p '/var/lib/juju/agents/bootstrap'
  install -m 600 /dev/null '/var/lib/juju/agents/bootstrap/agent\.conf'
@@ -236,7 +236,7 @@
    inexactMatch: true,
    expectScripts: `
  echo 'Starting MongoDB server \(juju-db\)'.*
-cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/lib/juju/bin/mongod --auth --dbpath=/var/lib/juju/db
--sslOnNormalPorts --sslPEMKeyFile '/var/lib/juju/server\.pem'
--sslPEMKeyPassword ignored --bind_ip 0\.0\.0\.0 --port 37017 --noprealloc
--syslog --smallfiles --keyFile '/var/lib/juju/shared-secret'\\nEOF\\n
+cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec
/usr/lib/juju/bin/mongod --auth --dbpath=/var/lib/juju/db
--sslOnNormalPorts --sslPEMKeyFile '/var/lib/juju/server\.pem'
--sslPEMKeyPassword ignored --bind_ip 0\.0\.0\.0 --port 37017 --noprealloc
--syslog --smallfiles\\nEOF\\n
  `,
   }, {
    // non state server.

Reviewers: mp+213786_code.launchpad.net,

Message:
Please take a look.

Description:
Disable --keyFile in mongo upstart config

We can't enable this yet, because shared-secret
isn't written until after Mongo is started. This
will change when EnsureMongoServer is landed.

Fixes lp:1300889

https://code.launchpad.net/~axwalk/juju-core/lp1300889-disable-mongo-keyfile/+merge/213786

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/83270045/

Affected files (+8, -6 lines):
   A [revision details]
   M agent/mongo/mongo.go
   M environs/cloudinit/cloudinit_test.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details]	2012-01-01 00:00:00 +0000
+++ [revision details]	2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20140402083906-5vacuo7ovpzyi5gj
+New revision: andrew.wilkins@canonical.com-20140402090752-ydyr4228xmsm5nye

Index: agent/mongo/mongo.go
=== modified file 'agent/mongo/mongo.go'
--- agent/mongo/mongo.go	2014-04-01 09:34:43 +0000
+++ agent/mongo/mongo.go	2014-04-02 09:07:52 +0000
@@ -188,7 +188,7 @@
  func MongoUpstartService(name, mongodExec, dataDir string, port int)  
(*upstart.Conf, error) {

sslKeyFile := path.Join(dataDir, "server.pem")
-	keyFile := path.Join(dataDir, SharedSecretFile)
+	//keyFile := path.Join(dataDir, SharedSecretFile)
  	svc := upstart.NewService(name)

dbDir := path.Join(dataDir, "db")
@@ -210,11 +210,11 @@
  			" --port " + fmt.Sprint(port) +
  			" --noprealloc" +
  			" --syslog" +
-			" --smallfiles" +
-			" --keyFile " + utils.ShQuote(keyFile),
+			" --smallfiles",
  		// TODO(Nate): uncomment when we commit HA stuff
  		// +
-		//	" --replSet juju",
+		//	" --replSet juju" +
+		//	" --keyFile " + utils.ShQuote(keyFile),
  	}
  	return conf, nil
  }

Index: environs/cloudinit/cloudinit_test.go
=== modified file 'environs/cloudinit/cloudinit_test.go'
--- environs/cloudinit/cloudinit_test.go	2014-04-01 08:19:52 +0000
+++ environs/cloudinit/cloudinit_test.go	2014-04-02 09:07:52 +0000
@@ -142,7 +142,7 @@
  dd bs=1M count=1 if=/dev/zero of=/var/lib/juju/db/journal/prealloc\.1
  dd bs=1M count=1 if=/dev/zero of=/var/lib/juju/db/journal/prealloc\.2
  echo 'Starting MongoDB server \(juju-db\)'.*
-cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state  
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on  
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit  
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec  
/usr/bin/mongod --auth --dbpath=/var/lib/juju/db --sslOnNormalPorts  
--sslPEMKeyFile '/var/lib/juju/server\.pem' --sslPEMKeyPassword ignored  
--bind_ip 0\.0\.0\.0 --port 37017 --noprealloc --syslog --smallfiles  
--keyFile '/var/lib/juju/shared-secret'\\nEOF\\n
+cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state  
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on  
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit  
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec  
/usr/bin/mongod --auth --dbpath=/var/lib/juju/db --sslOnNormalPorts  
--sslPEMKeyFile '/var/lib/juju/server\.pem' --sslPEMKeyPassword ignored  
--bind_ip 0\.0\.0\.0 --port 37017 --noprealloc --syslog  
--smallfiles\\nEOF\\n
  start juju-db
  mkdir -p '/var/lib/juju/agents/bootstrap'
  install -m 600 /dev/null '/var/lib/juju/agents/bootstrap/agent\.conf'
@@ -236,7 +236,7 @@
  		inexactMatch: true,
  		expectScripts: `
  echo 'Starting MongoDB server \(juju-db\)'.*
-cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state  
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on  
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit  
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec  
/usr/lib/juju/bin/mongod --auth --dbpath=/var/lib/juju/db  
--sslOnNormalPorts --sslPEMKeyFile '/var/lib/juju/server\.pem'  
--sslPEMKeyPassword ignored --bind_ip 0\.0\.0\.0 --port 37017 --noprealloc  
--syslog --smallfiles --keyFile '/var/lib/juju/shared-secret'\\nEOF\\n
+cat >> /etc/init/juju-db\.conf << 'EOF'\\ndescription "juju state  
database"\\nauthor "Juju Team <juju@lists\.ubuntu\.com>"\\nstart on  
runlevel \[2345\]\\nstop on runlevel \[!2345\]\\nrespawn\\nnormal exit  
0\\n\\nlimit nofile 65000 65000\\nlimit nproc 20000 20000\\n\\nexec  
/usr/lib/juju/bin/mongod --auth --dbpath=/var/lib/juju/db  
--sslOnNormalPorts --sslPEMKeyFile '/var/lib/juju/server\.pem'  
--sslPEMKeyPassword ignored --bind_ip 0\.0\.0\.0 --port 37017 --noprealloc  
--syslog --smallfiles\\nEOF\\n
  `,
  	}, {
  		// non state server.

« Back to merge proposal