Canonical Livepatch Charm

Merge ~barryprice/charm-canonical-livepatch/+git/canonical-livepatch-charm:master into ~livepatch-charmers/charm-canonical-livepatch:master

  1. Git
  2. lp:~barryprice/charm-canonical-livepatch/+git/canonical-livepatch-charm
  3. master
  4. Merge into master
Proposed by Barry Price
Status: Merged
Approved by: Barry Price
Approved revision: d756423732711b3d34d5ac4eb4717652d2466869
Merged at revision: d70cd8dadb3d78b4bc01559dd8cc1f0f788c2ec0
Proposed branch: ~barryprice/charm-canonical-livepatch/+git/canonical-livepatch-charm:master
Merge into: ~livepatch-charmers/charm-canonical-livepatch:master
Diff against target: 155 lines (+44/-21)
4 files modified
Makefile (+2/-2)
dev/null (+0/-0)
files/check_canonical-livepatch.py (+2/-2)
reactive/canonical_livepatch.py (+40/-17)
Reviewer Review Type Date Requested Status
Stuart Bishop (community) Approve
Review via email: mp+355912@code.launchpad.net

Commit message

Write our actual live status for the nagios check, instead of an empty file (which the latest check script would see as an error)

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Stuart Bishop (stub) wrote :

Yup. Comments inline, but its a matter of taste.

review: Approve
Revision history for this message
Stuart Bishop (stub) wrote :

Yup. Comments inline.

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Merge proposal is approved, but source revision has changed, setting status to needs review.

Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision d70cd8dadb3d78b4bc01559dd8cc1f0f788c2ec0

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/Makefile b/Makefile
2index e8168bf..d608afb 100644
3--- a/Makefile
4+++ b/Makefile
5@@ -12,7 +12,7 @@ clean:
6 .PHONY: testdeps
7 testdeps:
8 @sudo apt-get update
9- @sudo apt-get install -y make flake8 python3-flake8 python3-pip python-pip snapd
10+ @sudo apt-get install -y make flake8 python3-flake8 python3-pip python-pip snapd libffi-dev
11 @which juju >/dev/null || (sudo snap install juju --classic)
12 @which charm >/dev/null || (sudo snap install charm)
13 @which bundletester >/dev/null || (pip2 install bundletester juju-deployer)
14@@ -20,7 +20,7 @@ testdeps:
15
16 .PHONY: lint
17 lint:
18- @flake8 --max-complexity=16 --max-line-length=120 && echo OK
19+ @flake8 --max-complexity=16 --max-line-length=120 --exclude=lib/* && echo OK
20
21 .PHONY: charmbuild
22 charmbuild:
23diff --git a/files/canonical-livepatch-status.txt b/files/canonical-livepatch-status.txt
24deleted file mode 100644
25index e69de29..0000000
26--- a/files/canonical-livepatch-status.txt
27+++ /dev/null
28diff --git a/files/check_canonical-livepatch.py b/files/check_canonical-livepatch.py
29index f578f93..a40936a 100755
30--- a/files/check_canonical-livepatch.py
31+++ b/files/check_canonical-livepatch.py
32@@ -26,7 +26,7 @@ def load_status():
33 with open(livepatch_output_path, 'r') as canonical_livepatch_log:
34 livepatch_status = canonical_livepatch_log.read()
35
36- return livepatch_status
37+ return livepatch_status.strip()
38
39
40 def check_serious_errors():
41@@ -95,7 +95,7 @@ def check_check_state(check_state):
42
43 def check_patch_state(patch_state):
44 """Check for issues with patchState, including unexpected output"""
45- if patch_state in ['applied', 'nothing-to-apply']:
46+ if patch_state in ['applied', 'applying', 'nothing-to-apply']:
47 pass
48 elif patch_state == 'unapplied':
49 return 'Livepatch has not applied the downloaded patches.'
50diff --git a/reactive/canonical_livepatch.py b/reactive/canonical_livepatch.py
51index 03c1903..e8ba806 100644
52--- a/reactive/canonical_livepatch.py
53+++ b/reactive/canonical_livepatch.py
54@@ -5,7 +5,7 @@ from charmhelpers.core.host import write_file, is_container
55 from charmhelpers.core import hookenv
56 from charmhelpers.contrib.charmsupport import nrpe
57 from distutils.version import LooseVersion
58-from os import environ, path, uname
59+from os import environ, mkdir, path, uname
60 from subprocess import check_call, check_output, CalledProcessError
61 from time import sleep
62 from yaml import safe_load
63@@ -53,26 +53,46 @@ def unit_update(status=None, message=None):
64 hookenv.status_set('active', 'Running kernel {}, patchState: {}'.format(*patch_details))
65
66
67-def get_patch_details():
68- kernel = patch_state = 'unknown'
69-
70+def get_livepatch_status():
71 cmd = ['/snap/bin/canonical-livepatch', 'status']
72+ livepatch_status = ''
73 try:
74- livepatch_state = check_output(cmd, universal_newlines=True)
75- except CalledProcessError as e:
76- hookenv.log('Unable to get status: {}'.format(str(e)), hookenv.ERROR)
77- return kernel, patch_state
78+ livepatch_status = check_output(cmd, universal_newlines=True)
79+ except CalledProcessError:
80+ # If the service hasn't been enabled yet, we'll get a process error - this is fine
81+ pass
82+ return livepatch_status
83+
84+
85+def write_status_to_disk():
86+ # In a race with nrpe, create /var/lib/nagios if nrpe didn't do it yet
87+ if not path.exists('/var/lib/nagios'):
88+ mkdir('/var/lib/nagios')
89+
90+ current_status = get_livepatch_status()
91+ perms = 0o644
92+ write_file(
93+ path='/var/lib/nagios/canonical-livepatch-status.txt',
94+ content=current_status,
95+ owner='root',
96+ perms=perms,
97+ )
98+
99+
100+def get_patch_details():
101+ kernel = 'unknown'
102+ raw_status = get_livepatch_status()
103
104 # status will usually pass YAML (but not always!)
105 try:
106- status_yaml = safe_load(livepatch_state)
107+ status = safe_load(raw_status)
108 except Exception:
109 hookenv.log('Unable to parse status yaml', hookenv.ERROR)
110- return kernel, patch_state
111+ return kernel, raw_status
112
113 # even if we got YAML, be paranoid
114 try:
115- for k in status_yaml['status']:
116+ for k in status['status']:
117 if k['running'] is True:
118 kernel = k['kernel']
119 patch_state = k['livepatch']['patchState']
120@@ -122,6 +142,11 @@ def activate_livepatch():
121 unit_update()
122 else:
123 hookenv.log('Unable to activate canonical-livepatch as no key has been set', hookenv.ERROR)
124+ cmd = ['/snap/bin/canonical-livepatch', 'disable']
125+ try:
126+ check_output(cmd, universal_newlines=True)
127+ except CalledProcessError as e:
128+ hookenv.log('Unable to deactivate: {}'.format(str(e)), hookenv.ERROR)
129 clear_flag('canonical-livepatch.active')
130 unit_update('blocked', 'Service disabled, please set livepatch_key to activate')
131
132@@ -216,6 +241,7 @@ def init_key():
133 def update_key():
134 # handle regular config-changed hooks for the livepatch key
135 activate_livepatch()
136+ write_status_to_disk()
137
138
139 @when('snap.installed.canonical-livepatch', 'config.changed.snap_channel')
140@@ -247,12 +273,9 @@ def configure_nagios(nagios):
141 'files/check_canonical-livepatch.py',
142 '/usr/lib/nagios/plugins/check_canonical-livepatch.py',
143 )
144- # don't overwrite an existing status file
145- if not path.exists('/var/lib/nagios/canonical-livepatch-status.txt'):
146- file_to_units(
147- 'files/canonical-livepatch-status.txt',
148- '/var/lib/nagios/canonical-livepatch-status.txt',
149- )
150+
151+ # write current status to disk to satisfy the nagios check
152+ write_status_to_disk()
153
154 # remove check from previous release with poorly formed name
155 nrpe_setup.remove_check(

Subscribers

People subscribed via source and target branches