Merge lp:~barryprice/charm-haproxy/charm-helpers-sync into lp:charm-haproxy
- charm-helpers-sync
- Merge into trunk
Proposed by
Barry Price
Status: | Superseded |
---|---|
Proposed branch: | lp:~barryprice/charm-haproxy/charm-helpers-sync |
Merge into: | lp:charm-haproxy |
Diff against target: |
2894 lines (+1735/-187) 29 files modified
.bzrignore (+1/-0) Makefile (+1/-1) hooks/charmhelpers/__init__.py (+65/-4) hooks/charmhelpers/contrib/charmsupport/nrpe.py (+32/-9) hooks/charmhelpers/core/hookenv.py (+450/-28) hooks/charmhelpers/core/host.py (+168/-11) hooks/charmhelpers/core/host_factory/centos.py (+16/-0) hooks/charmhelpers/core/host_factory/ubuntu.py (+57/-0) hooks/charmhelpers/core/kernel.py (+2/-2) hooks/charmhelpers/core/services/base.py (+18/-7) hooks/charmhelpers/core/strutils.py (+64/-5) hooks/charmhelpers/core/sysctl.py (+21/-10) hooks/charmhelpers/core/templating.py (+18/-9) hooks/charmhelpers/core/unitdata.py (+8/-1) hooks/charmhelpers/fetch/__init__.py (+19/-9) hooks/charmhelpers/fetch/archiveurl.py (+1/-1) hooks/charmhelpers/fetch/bzrurl.py (+2/-2) hooks/charmhelpers/fetch/centos.py (+1/-1) hooks/charmhelpers/fetch/giturl.py (+2/-2) hooks/charmhelpers/fetch/python/__init__.py (+13/-0) hooks/charmhelpers/fetch/python/debug.py (+54/-0) hooks/charmhelpers/fetch/python/packages.py (+154/-0) hooks/charmhelpers/fetch/python/rpdb.py (+56/-0) hooks/charmhelpers/fetch/python/version.py (+32/-0) hooks/charmhelpers/fetch/snap.py (+33/-5) hooks/charmhelpers/fetch/ubuntu.py (+426/-62) hooks/hooks.py (+8/-5) hooks/tests/test_config_changed_hooks.py (+5/-5) hooks/tests/test_helpers.py (+8/-8) |
To merge this branch: | bzr merge lp:~barryprice/charm-haproxy/charm-helpers-sync |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
haproxy-team | Pending | ||
Review via email: mp+364880@code.launchpad.net |
This proposal has been superseded by a proposal from 2019-03-21.
Commit message
charm-helpers sync
Description of the change
To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Unmerged revisions
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file '.bzrignore' |
2 | --- .bzrignore 2015-05-15 16:54:14 +0000 |
3 | +++ .bzrignore 2019-03-21 11:40:09 +0000 |
4 | @@ -8,3 +8,4 @@ |
5 | exec.d |
6 | build/charm-helpers |
7 | revision |
8 | +.venv |
9 | |
10 | === modified file 'Makefile' |
11 | --- Makefile 2019-03-19 10:48:26 +0000 |
12 | +++ Makefile 2019-03-21 11:40:09 +0000 |
13 | @@ -24,7 +24,7 @@ |
14 | |
15 | lint: .venv |
16 | @echo Checking for Python syntax... |
17 | - @python -m flake8 $(HOOKS_DIR) --ignore=E123 --exclude=$(HOOKS_DIR)/charmhelpers |
18 | + @python -m flake8 $(HOOKS_DIR) --extend-ignore=E123 --exclude=$(HOOKS_DIR)/charmhelpers |
19 | |
20 | sourcedeps: |
21 | @echo Updating source dependencies... |
22 | |
23 | === modified file 'hooks/charmhelpers/__init__.py' |
24 | --- hooks/charmhelpers/__init__.py 2017-03-21 15:08:36 +0000 |
25 | +++ hooks/charmhelpers/__init__.py 2019-03-21 11:40:09 +0000 |
26 | @@ -14,23 +14,84 @@ |
27 | |
28 | # Bootstrap charm-helpers, installing its dependencies if necessary using |
29 | # only standard libraries. |
30 | +from __future__ import print_function |
31 | +from __future__ import absolute_import |
32 | + |
33 | +import functools |
34 | +import inspect |
35 | import subprocess |
36 | import sys |
37 | |
38 | try: |
39 | - import six # flake8: noqa |
40 | + import six # NOQA:F401 |
41 | except ImportError: |
42 | if sys.version_info.major == 2: |
43 | subprocess.check_call(['apt-get', 'install', '-y', 'python-six']) |
44 | else: |
45 | subprocess.check_call(['apt-get', 'install', '-y', 'python3-six']) |
46 | - import six # flake8: noqa |
47 | + import six # NOQA:F401 |
48 | |
49 | try: |
50 | - import yaml # flake8: noqa |
51 | + import yaml # NOQA:F401 |
52 | except ImportError: |
53 | if sys.version_info.major == 2: |
54 | subprocess.check_call(['apt-get', 'install', '-y', 'python-yaml']) |
55 | else: |
56 | subprocess.check_call(['apt-get', 'install', '-y', 'python3-yaml']) |
57 | - import yaml # flake8: noqa |
58 | + import yaml # NOQA:F401 |
59 | + |
60 | + |
61 | +# Holds a list of mapping of mangled function names that have been deprecated |
62 | +# using the @deprecate decorator below. This is so that the warning is only |
63 | +# printed once for each usage of the function. |
64 | +__deprecated_functions = {} |
65 | + |
66 | + |
67 | +def deprecate(warning, date=None, log=None): |
68 | + """Add a deprecation warning the first time the function is used. |
69 | + The date, which is a string in semi-ISO8660 format indicate the year-month |
70 | + that the function is officially going to be removed. |
71 | + |
72 | + usage: |
73 | + |
74 | + @deprecate('use core/fetch/add_source() instead', '2017-04') |
75 | + def contributed_add_source_thing(...): |
76 | + ... |
77 | + |
78 | + And it then prints to the log ONCE that the function is deprecated. |
79 | + The reason for passing the logging function (log) is so that hookenv.log |
80 | + can be used for a charm if needed. |
81 | + |
82 | + :param warning: String to indicat where it has moved ot. |
83 | + :param date: optional sting, in YYYY-MM format to indicate when the |
84 | + function will definitely (probably) be removed. |
85 | + :param log: The log function to call to log. If not, logs to stdout |
86 | + """ |
87 | + def wrap(f): |
88 | + |
89 | + @functools.wraps(f) |
90 | + def wrapped_f(*args, **kwargs): |
91 | + try: |
92 | + module = inspect.getmodule(f) |
93 | + file = inspect.getsourcefile(f) |
94 | + lines = inspect.getsourcelines(f) |
95 | + f_name = "{}-{}-{}..{}-{}".format( |
96 | + module.__name__, file, lines[0], lines[-1], f.__name__) |
97 | + except (IOError, TypeError): |
98 | + # assume it was local, so just use the name of the function |
99 | + f_name = f.__name__ |
100 | + if f_name not in __deprecated_functions: |
101 | + __deprecated_functions[f_name] = True |
102 | + s = "DEPRECATION WARNING: Function {} is being removed".format( |
103 | + f.__name__) |
104 | + if date: |
105 | + s = "{} on/around {}".format(s, date) |
106 | + if warning: |
107 | + s = "{} : {}".format(s, warning) |
108 | + if log: |
109 | + log(s) |
110 | + else: |
111 | + print(s) |
112 | + return f(*args, **kwargs) |
113 | + return wrapped_f |
114 | + return wrap |
115 | |
116 | === modified file 'hooks/charmhelpers/contrib/charmsupport/nrpe.py' |
117 | --- hooks/charmhelpers/contrib/charmsupport/nrpe.py 2017-03-21 15:08:36 +0000 |
118 | +++ hooks/charmhelpers/contrib/charmsupport/nrpe.py 2019-03-21 11:40:09 +0000 |
119 | @@ -30,6 +30,7 @@ |
120 | |
121 | from charmhelpers.core.hookenv import ( |
122 | config, |
123 | + hook_name, |
124 | local_unit, |
125 | log, |
126 | relation_ids, |
127 | @@ -125,7 +126,7 @@ |
128 | |
129 | |
130 | class Check(object): |
131 | - shortname_re = '[A-Za-z0-9-_]+$' |
132 | + shortname_re = '[A-Za-z0-9-_.@]+$' |
133 | service_template = (""" |
134 | #--------------------------------------------------- |
135 | # This file is Juju managed |
136 | @@ -193,6 +194,13 @@ |
137 | nrpe_check_file = self._get_check_filename() |
138 | with open(nrpe_check_file, 'w') as nrpe_check_config: |
139 | nrpe_check_config.write("# check {}\n".format(self.shortname)) |
140 | + if nagios_servicegroups: |
141 | + nrpe_check_config.write( |
142 | + "# The following header was added automatically by juju\n") |
143 | + nrpe_check_config.write( |
144 | + "# Modifying it will affect nagios monitoring and alerting\n") |
145 | + nrpe_check_config.write( |
146 | + "# servicegroups: {}\n".format(nagios_servicegroups)) |
147 | nrpe_check_config.write("command[{}]={}\n".format( |
148 | self.command, self.check_cmd)) |
149 | |
150 | @@ -278,7 +286,7 @@ |
151 | try: |
152 | nagios_uid = pwd.getpwnam('nagios').pw_uid |
153 | nagios_gid = grp.getgrnam('nagios').gr_gid |
154 | - except: |
155 | + except Exception: |
156 | log("Nagios user not set up, nrpe checks not updated") |
157 | return |
158 | |
159 | @@ -295,7 +303,12 @@ |
160 | "command": nrpecheck.command, |
161 | } |
162 | |
163 | - service('restart', 'nagios-nrpe-server') |
164 | + # update-status hooks are configured to firing every 5 minutes by |
165 | + # default. When nagios-nrpe-server is restarted, the nagios server |
166 | + # reports checks failing causing unnecessary alerts. Let's not restart |
167 | + # on update-status hooks. |
168 | + if not hook_name() == 'update-status': |
169 | + service('restart', 'nagios-nrpe-server') |
170 | |
171 | monitor_ids = relation_ids("local-monitors") + \ |
172 | relation_ids("nrpe-external-master") |
173 | @@ -373,7 +386,7 @@ |
174 | checkpath = '%s/service-check-%s.txt' % (nrpe.homedir, svc) |
175 | croncmd = ( |
176 | '/usr/local/lib/nagios/plugins/check_exit_status.pl ' |
177 | - '-s /etc/init.d/%s status' % svc |
178 | + '-e -s /etc/init.d/%s status' % svc |
179 | ) |
180 | cron_file = '*/5 * * * * root %s > %s\n' % (croncmd, checkpath) |
181 | f = open(cronpath, 'w') |
182 | @@ -397,16 +410,26 @@ |
183 | os.chmod(checkpath, 0o644) |
184 | |
185 | |
186 | -def copy_nrpe_checks(): |
187 | +def copy_nrpe_checks(nrpe_files_dir=None): |
188 | """ |
189 | Copy the nrpe checks into place |
190 | |
191 | """ |
192 | NAGIOS_PLUGINS = '/usr/local/lib/nagios/plugins' |
193 | - nrpe_files_dir = os.path.join(os.getenv('CHARM_DIR'), 'hooks', |
194 | - 'charmhelpers', 'contrib', 'openstack', |
195 | - 'files') |
196 | - |
197 | + if nrpe_files_dir is None: |
198 | + # determine if "charmhelpers" is in CHARMDIR or CHARMDIR/hooks |
199 | + for segment in ['.', 'hooks']: |
200 | + nrpe_files_dir = os.path.abspath(os.path.join( |
201 | + os.getenv('CHARM_DIR'), |
202 | + segment, |
203 | + 'charmhelpers', |
204 | + 'contrib', |
205 | + 'openstack', |
206 | + 'files')) |
207 | + if os.path.isdir(nrpe_files_dir): |
208 | + break |
209 | + else: |
210 | + raise RuntimeError("Couldn't find charmhelpers directory") |
211 | if not os.path.exists(NAGIOS_PLUGINS): |
212 | os.makedirs(NAGIOS_PLUGINS) |
213 | for fname in glob.glob(os.path.join(nrpe_files_dir, "check_*")): |
214 | |
215 | === modified file 'hooks/charmhelpers/core/hookenv.py' |
216 | --- hooks/charmhelpers/core/hookenv.py 2017-03-02 15:18:31 +0000 |
217 | +++ hooks/charmhelpers/core/hookenv.py 2019-03-21 11:40:09 +0000 |
218 | @@ -22,10 +22,12 @@ |
219 | import copy |
220 | from distutils.version import LooseVersion |
221 | from functools import wraps |
222 | +from collections import namedtuple |
223 | import glob |
224 | import os |
225 | import json |
226 | import yaml |
227 | +import re |
228 | import subprocess |
229 | import sys |
230 | import errno |
231 | @@ -38,12 +40,20 @@ |
232 | else: |
233 | from collections import UserDict |
234 | |
235 | + |
236 | CRITICAL = "CRITICAL" |
237 | ERROR = "ERROR" |
238 | WARNING = "WARNING" |
239 | INFO = "INFO" |
240 | DEBUG = "DEBUG" |
241 | +TRACE = "TRACE" |
242 | MARKER = object() |
243 | +SH_MAX_ARG = 131071 |
244 | + |
245 | + |
246 | +RANGE_WARNING = ('Passing NO_PROXY string that includes a cidr. ' |
247 | + 'This may not be compatible with software you are ' |
248 | + 'running in your shell.') |
249 | |
250 | cache = {} |
251 | |
252 | @@ -64,7 +74,7 @@ |
253 | @wraps(func) |
254 | def wrapper(*args, **kwargs): |
255 | global cache |
256 | - key = str((func, args, kwargs)) |
257 | + key = json.dumps((func, args, kwargs), sort_keys=True, default=str) |
258 | try: |
259 | return cache[key] |
260 | except KeyError: |
261 | @@ -94,7 +104,7 @@ |
262 | command += ['-l', level] |
263 | if not isinstance(message, six.string_types): |
264 | message = repr(message) |
265 | - command += [message] |
266 | + command += [message[:SH_MAX_ARG]] |
267 | # Missing juju-log should not cause failures in unit tests |
268 | # Send log output to stderr |
269 | try: |
270 | @@ -197,9 +207,56 @@ |
271 | return os.environ.get('JUJU_REMOTE_UNIT', None) |
272 | |
273 | |
274 | +def application_name(): |
275 | + """ |
276 | + The name of the deployed application this unit belongs to. |
277 | + """ |
278 | + return local_unit().split('/')[0] |
279 | + |
280 | + |
281 | def service_name(): |
282 | - """The name service group this unit belongs to""" |
283 | - return local_unit().split('/')[0] |
284 | + """ |
285 | + .. deprecated:: 0.19.1 |
286 | + Alias for :func:`application_name`. |
287 | + """ |
288 | + return application_name() |
289 | + |
290 | + |
291 | +def model_name(): |
292 | + """ |
293 | + Name of the model that this unit is deployed in. |
294 | + """ |
295 | + return os.environ['JUJU_MODEL_NAME'] |
296 | + |
297 | + |
298 | +def model_uuid(): |
299 | + """ |
300 | + UUID of the model that this unit is deployed in. |
301 | + """ |
302 | + return os.environ['JUJU_MODEL_UUID'] |
303 | + |
304 | + |
305 | +def principal_unit(): |
306 | + """Returns the principal unit of this unit, otherwise None""" |
307 | + # Juju 2.2 and above provides JUJU_PRINCIPAL_UNIT |
308 | + principal_unit = os.environ.get('JUJU_PRINCIPAL_UNIT', None) |
309 | + # If it's empty, then this unit is the principal |
310 | + if principal_unit == '': |
311 | + return os.environ['JUJU_UNIT_NAME'] |
312 | + elif principal_unit is not None: |
313 | + return principal_unit |
314 | + # For Juju 2.1 and below, let's try work out the principle unit by |
315 | + # the various charms' metadata.yaml. |
316 | + for reltype in relation_types(): |
317 | + for rid in relation_ids(reltype): |
318 | + for unit in related_units(rid): |
319 | + md = _metadata_unit(unit) |
320 | + if not md: |
321 | + continue |
322 | + subordinate = md.pop('subordinate', None) |
323 | + if not subordinate: |
324 | + return unit |
325 | + return None |
326 | |
327 | |
328 | @cached |
329 | @@ -263,7 +320,7 @@ |
330 | self.implicit_save = True |
331 | self._prev_dict = None |
332 | self.path = os.path.join(charm_dir(), Config.CONFIG_FILE_NAME) |
333 | - if os.path.exists(self.path): |
334 | + if os.path.exists(self.path) and os.stat(self.path).st_size: |
335 | self.load_previous() |
336 | atexit(self._implicit_save) |
337 | |
338 | @@ -283,7 +340,11 @@ |
339 | """ |
340 | self.path = path or self.path |
341 | with open(self.path) as f: |
342 | - self._prev_dict = json.load(f) |
343 | + try: |
344 | + self._prev_dict = json.load(f) |
345 | + except ValueError as e: |
346 | + log('Unable to parse previous config data - {}'.format(str(e)), |
347 | + level=ERROR) |
348 | for k, v in copy.deepcopy(self._prev_dict).items(): |
349 | if k not in self: |
350 | self[k] = v |
351 | @@ -319,6 +380,7 @@ |
352 | |
353 | """ |
354 | with open(self.path, 'w') as f: |
355 | + os.fchmod(f.fileno(), 0o600) |
356 | json.dump(self, f) |
357 | |
358 | def _implicit_save(self): |
359 | @@ -326,22 +388,40 @@ |
360 | self.save() |
361 | |
362 | |
363 | -@cached |
364 | +_cache_config = None |
365 | + |
366 | + |
367 | def config(scope=None): |
368 | - """Juju charm configuration""" |
369 | - config_cmd_line = ['config-get'] |
370 | - if scope is not None: |
371 | - config_cmd_line.append(scope) |
372 | - else: |
373 | - config_cmd_line.append('--all') |
374 | - config_cmd_line.append('--format=json') |
375 | - try: |
376 | - config_data = json.loads( |
377 | - subprocess.check_output(config_cmd_line).decode('UTF-8')) |
378 | + """ |
379 | + Get the juju charm configuration (scope==None) or individual key, |
380 | + (scope=str). The returned value is a Python data structure loaded as |
381 | + JSON from the Juju config command. |
382 | + |
383 | + :param scope: If set, return the value for the specified key. |
384 | + :type scope: Optional[str] |
385 | + :returns: Either the whole config as a Config, or a key from it. |
386 | + :rtype: Any |
387 | + """ |
388 | + global _cache_config |
389 | + config_cmd_line = ['config-get', '--all', '--format=json'] |
390 | + try: |
391 | + # JSON Decode Exception for Python3.5+ |
392 | + exc_json = json.decoder.JSONDecodeError |
393 | + except AttributeError: |
394 | + # JSON Decode Exception for Python2.7 through Python3.4 |
395 | + exc_json = ValueError |
396 | + try: |
397 | + if _cache_config is None: |
398 | + config_data = json.loads( |
399 | + subprocess.check_output(config_cmd_line).decode('UTF-8')) |
400 | + _cache_config = Config(config_data) |
401 | if scope is not None: |
402 | - return config_data |
403 | - return Config(config_data) |
404 | - except ValueError: |
405 | + return _cache_config.get(scope) |
406 | + return _cache_config |
407 | + except (exc_json, UnicodeDecodeError) as e: |
408 | + log('Unable to parse output from config-get: config_cmd_line="{}" ' |
409 | + 'message="{}"' |
410 | + .format(config_cmd_line, str(e)), level=ERROR) |
411 | return None |
412 | |
413 | |
414 | @@ -435,6 +515,67 @@ |
415 | subprocess.check_output(units_cmd_line).decode('UTF-8')) or [] |
416 | |
417 | |
418 | +def expected_peer_units(): |
419 | + """Get a generator for units we expect to join peer relation based on |
420 | + goal-state. |
421 | + |
422 | + The local unit is excluded from the result to make it easy to gauge |
423 | + completion of all peers joining the relation with existing hook tools. |
424 | + |
425 | + Example usage: |
426 | + log('peer {} of {} joined peer relation' |
427 | + .format(len(related_units()), |
428 | + len(list(expected_peer_units())))) |
429 | + |
430 | + This function will raise NotImplementedError if used with juju versions |
431 | + without goal-state support. |
432 | + |
433 | + :returns: iterator |
434 | + :rtype: types.GeneratorType |
435 | + :raises: NotImplementedError |
436 | + """ |
437 | + if not has_juju_version("2.4.0"): |
438 | + # goal-state first appeared in 2.4.0. |
439 | + raise NotImplementedError("goal-state") |
440 | + _goal_state = goal_state() |
441 | + return (key for key in _goal_state['units'] |
442 | + if '/' in key and key != local_unit()) |
443 | + |
444 | + |
445 | +def expected_related_units(reltype=None): |
446 | + """Get a generator for units we expect to join relation based on |
447 | + goal-state. |
448 | + |
449 | + Note that you can not use this function for the peer relation, take a look |
450 | + at expected_peer_units() for that. |
451 | + |
452 | + This function will raise KeyError if you request information for a |
453 | + relation type for which juju goal-state does not have information. It will |
454 | + raise NotImplementedError if used with juju versions without goal-state |
455 | + support. |
456 | + |
457 | + Example usage: |
458 | + log('participant {} of {} joined relation {}' |
459 | + .format(len(related_units()), |
460 | + len(list(expected_related_units())), |
461 | + relation_type())) |
462 | + |
463 | + :param reltype: Relation type to list data for, default is to list data for |
464 | + the realtion type we are currently executing a hook for. |
465 | + :type reltype: str |
466 | + :returns: iterator |
467 | + :rtype: types.GeneratorType |
468 | + :raises: KeyError, NotImplementedError |
469 | + """ |
470 | + if not has_juju_version("2.4.4"): |
471 | + # goal-state existed in 2.4.0, but did not list individual units to |
472 | + # join a relation in 2.4.1 through 2.4.3. (LP: #1794739) |
473 | + raise NotImplementedError("goal-state relation unit count") |
474 | + reltype = reltype or relation_type() |
475 | + _goal_state = goal_state() |
476 | + return (key for key in _goal_state['relations'][reltype] if '/' in key) |
477 | + |
478 | + |
479 | @cached |
480 | def relation_for_unit(unit=None, rid=None): |
481 | """Get the json represenation of a unit's relation""" |
482 | @@ -478,6 +619,24 @@ |
483 | return yaml.safe_load(md) |
484 | |
485 | |
486 | +def _metadata_unit(unit): |
487 | + """Given the name of a unit (e.g. apache2/0), get the unit charm's |
488 | + metadata.yaml. Very similar to metadata() but allows us to inspect |
489 | + other units. Unit needs to be co-located, such as a subordinate or |
490 | + principal/primary. |
491 | + |
492 | + :returns: metadata.yaml as a python object. |
493 | + |
494 | + """ |
495 | + basedir = os.sep.join(charm_dir().split(os.sep)[:-2]) |
496 | + unitdir = 'unit-{}'.format(unit.replace(os.sep, '-')) |
497 | + joineddir = os.path.join(basedir, unitdir, 'charm', 'metadata.yaml') |
498 | + if not os.path.exists(joineddir): |
499 | + return None |
500 | + with open(joineddir) as md: |
501 | + return yaml.safe_load(md) |
502 | + |
503 | + |
504 | @cached |
505 | def relation_types(): |
506 | """Get a list of relation types supported by this charm""" |
507 | @@ -602,18 +761,31 @@ |
508 | return False |
509 | |
510 | |
511 | +def _port_op(op_name, port, protocol="TCP"): |
512 | + """Open or close a service network port""" |
513 | + _args = [op_name] |
514 | + icmp = protocol.upper() == "ICMP" |
515 | + if icmp: |
516 | + _args.append(protocol) |
517 | + else: |
518 | + _args.append('{}/{}'.format(port, protocol)) |
519 | + try: |
520 | + subprocess.check_call(_args) |
521 | + except subprocess.CalledProcessError: |
522 | + # Older Juju pre 2.3 doesn't support ICMP |
523 | + # so treat it as a no-op if it fails. |
524 | + if not icmp: |
525 | + raise |
526 | + |
527 | + |
528 | def open_port(port, protocol="TCP"): |
529 | """Open a service network port""" |
530 | - _args = ['open-port'] |
531 | - _args.append('{}/{}'.format(port, protocol)) |
532 | - subprocess.check_call(_args) |
533 | + _port_op('open-port', port, protocol) |
534 | |
535 | |
536 | def close_port(port, protocol="TCP"): |
537 | """Close a service network port""" |
538 | - _args = ['close-port'] |
539 | - _args.append('{}/{}'.format(port, protocol)) |
540 | - subprocess.check_call(_args) |
541 | + _port_op('close-port', port, protocol) |
542 | |
543 | |
544 | def open_ports(start, end, protocol="TCP"): |
545 | @@ -630,6 +802,17 @@ |
546 | subprocess.check_call(_args) |
547 | |
548 | |
549 | +def opened_ports(): |
550 | + """Get the opened ports |
551 | + |
552 | + *Note that this will only show ports opened in a previous hook* |
553 | + |
554 | + :returns: Opened ports as a list of strings: ``['8080/tcp', '8081-8083/tcp']`` |
555 | + """ |
556 | + _args = ['opened-ports', '--format=json'] |
557 | + return json.loads(subprocess.check_output(_args).decode('UTF-8')) |
558 | + |
559 | + |
560 | @cached |
561 | def unit_get(attribute): |
562 | """Get the unit ID for the remote unit""" |
563 | @@ -751,8 +934,15 @@ |
564 | return wrapper |
565 | |
566 | |
567 | +class NoNetworkBinding(Exception): |
568 | + pass |
569 | + |
570 | + |
571 | def charm_dir(): |
572 | """Return the root directory of the current charm""" |
573 | + d = os.environ.get('JUJU_CHARM_DIR') |
574 | + if d is not None: |
575 | + return d |
576 | return os.environ.get('CHARM_DIR') |
577 | |
578 | |
579 | @@ -874,6 +1064,14 @@ |
580 | |
581 | |
582 | @translate_exc(from_exc=OSError, to_exc=NotImplementedError) |
583 | +@cached |
584 | +def goal_state(): |
585 | + """Juju goal state values""" |
586 | + cmd = ['goal-state', '--format=json'] |
587 | + return json.loads(subprocess.check_output(cmd).decode('UTF-8')) |
588 | + |
589 | + |
590 | +@translate_exc(from_exc=OSError, to_exc=NotImplementedError) |
591 | def is_leader(): |
592 | """Does the current unit hold the juju leadership |
593 | |
594 | @@ -967,7 +1165,6 @@ |
595 | universal_newlines=True).strip() |
596 | |
597 | |
598 | -@cached |
599 | def has_juju_version(minimum_version): |
600 | """Return True if the Juju version is at least the provided version""" |
601 | return LooseVersion(juju_version()) >= LooseVersion(minimum_version) |
602 | @@ -1027,6 +1224,8 @@ |
603 | @translate_exc(from_exc=OSError, to_exc=NotImplementedError) |
604 | def network_get_primary_address(binding): |
605 | ''' |
606 | + Deprecated since Juju 2.3; use network_get() |
607 | + |
608 | Retrieve the primary network address for a named binding |
609 | |
610 | :param binding: string. The name of a relation of extra-binding |
611 | @@ -1034,7 +1233,41 @@ |
612 | :raise: NotImplementedError if run on Juju < 2.0 |
613 | ''' |
614 | cmd = ['network-get', '--primary-address', binding] |
615 | - return subprocess.check_output(cmd).decode('UTF-8').strip() |
616 | + try: |
617 | + response = subprocess.check_output( |
618 | + cmd, |
619 | + stderr=subprocess.STDOUT).decode('UTF-8').strip() |
620 | + except CalledProcessError as e: |
621 | + if 'no network config found for binding' in e.output.decode('UTF-8'): |
622 | + raise NoNetworkBinding("No network binding for {}" |
623 | + .format(binding)) |
624 | + else: |
625 | + raise |
626 | + return response |
627 | + |
628 | + |
629 | +def network_get(endpoint, relation_id=None): |
630 | + """ |
631 | + Retrieve the network details for a relation endpoint |
632 | + |
633 | + :param endpoint: string. The name of a relation endpoint |
634 | + :param relation_id: int. The ID of the relation for the current context. |
635 | + :return: dict. The loaded YAML output of the network-get query. |
636 | + :raise: NotImplementedError if request not supported by the Juju version. |
637 | + """ |
638 | + if not has_juju_version('2.2'): |
639 | + raise NotImplementedError(juju_version()) # earlier versions require --primary-address |
640 | + if relation_id and not has_juju_version('2.3'): |
641 | + raise NotImplementedError # 2.3 added the -r option |
642 | + |
643 | + cmd = ['network-get', endpoint, '--format', 'yaml'] |
644 | + if relation_id: |
645 | + cmd.append('-r') |
646 | + cmd.append(relation_id) |
647 | + response = subprocess.check_output( |
648 | + cmd, |
649 | + stderr=subprocess.STDOUT).decode('UTF-8').strip() |
650 | + return yaml.safe_load(response) |
651 | |
652 | |
653 | def add_metric(*args, **kwargs): |
654 | @@ -1066,3 +1299,192 @@ |
655 | """Get the meter status information, if running in the meter-status-changed |
656 | hook.""" |
657 | return os.environ.get('JUJU_METER_INFO') |
658 | + |
659 | + |
660 | +def iter_units_for_relation_name(relation_name): |
661 | + """Iterate through all units in a relation |
662 | + |
663 | + Generator that iterates through all the units in a relation and yields |
664 | + a named tuple with rid and unit field names. |
665 | + |
666 | + Usage: |
667 | + data = [(u.rid, u.unit) |
668 | + for u in iter_units_for_relation_name(relation_name)] |
669 | + |
670 | + :param relation_name: string relation name |
671 | + :yield: Named Tuple with rid and unit field names |
672 | + """ |
673 | + RelatedUnit = namedtuple('RelatedUnit', 'rid, unit') |
674 | + for rid in relation_ids(relation_name): |
675 | + for unit in related_units(rid): |
676 | + yield RelatedUnit(rid, unit) |
677 | + |
678 | + |
679 | +def ingress_address(rid=None, unit=None): |
680 | + """ |
681 | + Retrieve the ingress-address from a relation when available. |
682 | + Otherwise, return the private-address. |
683 | + |
684 | + When used on the consuming side of the relation (unit is a remote |
685 | + unit), the ingress-address is the IP address that this unit needs |
686 | + to use to reach the provided service on the remote unit. |
687 | + |
688 | + When used on the providing side of the relation (unit == local_unit()), |
689 | + the ingress-address is the IP address that is advertised to remote |
690 | + units on this relation. Remote units need to use this address to |
691 | + reach the local provided service on this unit. |
692 | + |
693 | + Note that charms may document some other method to use in |
694 | + preference to the ingress_address(), such as an address provided |
695 | + on a different relation attribute or a service discovery mechanism. |
696 | + This allows charms to redirect inbound connections to their peers |
697 | + or different applications such as load balancers. |
698 | + |
699 | + Usage: |
700 | + addresses = [ingress_address(rid=u.rid, unit=u.unit) |
701 | + for u in iter_units_for_relation_name(relation_name)] |
702 | + |
703 | + :param rid: string relation id |
704 | + :param unit: string unit name |
705 | + :side effect: calls relation_get |
706 | + :return: string IP address |
707 | + """ |
708 | + settings = relation_get(rid=rid, unit=unit) |
709 | + return (settings.get('ingress-address') or |
710 | + settings.get('private-address')) |
711 | + |
712 | + |
713 | +def egress_subnets(rid=None, unit=None): |
714 | + """ |
715 | + Retrieve the egress-subnets from a relation. |
716 | + |
717 | + This function is to be used on the providing side of the |
718 | + relation, and provides the ranges of addresses that client |
719 | + connections may come from. The result is uninteresting on |
720 | + the consuming side of a relation (unit == local_unit()). |
721 | + |
722 | + Returns a stable list of subnets in CIDR format. |
723 | + eg. ['192.168.1.0/24', '2001::F00F/128'] |
724 | + |
725 | + If egress-subnets is not available, falls back to using the published |
726 | + ingress-address, or finally private-address. |
727 | + |
728 | + :param rid: string relation id |
729 | + :param unit: string unit name |
730 | + :side effect: calls relation_get |
731 | + :return: list of subnets in CIDR format. eg. ['192.168.1.0/24', '2001::F00F/128'] |
732 | + """ |
733 | + def _to_range(addr): |
734 | + if re.search(r'^(?:\d{1,3}\.){3}\d{1,3}$', addr) is not None: |
735 | + addr += '/32' |
736 | + elif ':' in addr and '/' not in addr: # IPv6 |
737 | + addr += '/128' |
738 | + return addr |
739 | + |
740 | + settings = relation_get(rid=rid, unit=unit) |
741 | + if 'egress-subnets' in settings: |
742 | + return [n.strip() for n in settings['egress-subnets'].split(',') if n.strip()] |
743 | + if 'ingress-address' in settings: |
744 | + return [_to_range(settings['ingress-address'])] |
745 | + if 'private-address' in settings: |
746 | + return [_to_range(settings['private-address'])] |
747 | + return [] # Should never happen |
748 | + |
749 | + |
750 | +def unit_doomed(unit=None): |
751 | + """Determines if the unit is being removed from the model |
752 | + |
753 | + Requires Juju 2.4.1. |
754 | + |
755 | + :param unit: string unit name, defaults to local_unit |
756 | + :side effect: calls goal_state |
757 | + :side effect: calls local_unit |
758 | + :side effect: calls has_juju_version |
759 | + :return: True if the unit is being removed, already gone, or never existed |
760 | + """ |
761 | + if not has_juju_version("2.4.1"): |
762 | + # We cannot risk blindly returning False for 'we don't know', |
763 | + # because that could cause data loss; if call sites don't |
764 | + # need an accurate answer, they likely don't need this helper |
765 | + # at all. |
766 | + # goal-state existed in 2.4.0, but did not handle removals |
767 | + # correctly until 2.4.1. |
768 | + raise NotImplementedError("is_doomed") |
769 | + if unit is None: |
770 | + unit = local_unit() |
771 | + gs = goal_state() |
772 | + units = gs.get('units', {}) |
773 | + if unit not in units: |
774 | + return True |
775 | + # I don't think 'dead' units ever show up in the goal-state, but |
776 | + # check anyway in addition to 'dying'. |
777 | + return units[unit]['status'] in ('dying', 'dead') |
778 | + |
779 | + |
780 | +def env_proxy_settings(selected_settings=None): |
781 | + """Get proxy settings from process environment variables. |
782 | + |
783 | + Get charm proxy settings from environment variables that correspond to |
784 | + juju-http-proxy, juju-https-proxy and juju-no-proxy (available as of 2.4.2, |
785 | + see lp:1782236) in a format suitable for passing to an application that |
786 | + reacts to proxy settings passed as environment variables. Some applications |
787 | + support lowercase or uppercase notation (e.g. curl), some support only |
788 | + lowercase (e.g. wget), there are also subjectively rare cases of only |
789 | + uppercase notation support. no_proxy CIDR and wildcard support also varies |
790 | + between runtimes and applications as there is no enforced standard. |
791 | + |
792 | + Some applications may connect to multiple destinations and expose config |
793 | + options that would affect only proxy settings for a specific destination |
794 | + these should be handled in charms in an application-specific manner. |
795 | + |
796 | + :param selected_settings: format only a subset of possible settings |
797 | + :type selected_settings: list |
798 | + :rtype: Option(None, dict[str, str]) |
799 | + """ |
800 | + SUPPORTED_SETTINGS = { |
801 | + 'http': 'HTTP_PROXY', |
802 | + 'https': 'HTTPS_PROXY', |
803 | + 'no_proxy': 'NO_PROXY', |
804 | + 'ftp': 'FTP_PROXY' |
805 | + } |
806 | + if selected_settings is None: |
807 | + selected_settings = SUPPORTED_SETTINGS |
808 | + |
809 | + selected_vars = [v for k, v in SUPPORTED_SETTINGS.items() |
810 | + if k in selected_settings] |
811 | + proxy_settings = {} |
812 | + for var in selected_vars: |
813 | + var_val = os.getenv(var) |
814 | + if var_val: |
815 | + proxy_settings[var] = var_val |
816 | + proxy_settings[var.lower()] = var_val |
817 | + # Now handle juju-prefixed environment variables. The legacy vs new |
818 | + # environment variable usage is mutually exclusive |
819 | + charm_var_val = os.getenv('JUJU_CHARM_{}'.format(var)) |
820 | + if charm_var_val: |
821 | + proxy_settings[var] = charm_var_val |
822 | + proxy_settings[var.lower()] = charm_var_val |
823 | + if 'no_proxy' in proxy_settings: |
824 | + if _contains_range(proxy_settings['no_proxy']): |
825 | + log(RANGE_WARNING, level=WARNING) |
826 | + return proxy_settings if proxy_settings else None |
827 | + |
828 | + |
829 | +def _contains_range(addresses): |
830 | + """Check for cidr or wildcard domain in a string. |
831 | + |
832 | + Given a string comprising a comma seperated list of ip addresses |
833 | + and domain names, determine whether the string contains IP ranges |
834 | + or wildcard domains. |
835 | + |
836 | + :param addresses: comma seperated list of domains and ip addresses. |
837 | + :type addresses: str |
838 | + """ |
839 | + return ( |
840 | + # Test for cidr (e.g. 10.20.20.0/24) |
841 | + "/" in addresses or |
842 | + # Test for wildcard domains (*.foo.com or .foo.com) |
843 | + "*" in addresses or |
844 | + addresses.startswith(".") or |
845 | + ",." in addresses or |
846 | + " ." in addresses) |
847 | |
848 | === modified file 'hooks/charmhelpers/core/host.py' |
849 | --- hooks/charmhelpers/core/host.py 2017-03-21 15:08:36 +0000 |
850 | +++ hooks/charmhelpers/core/host.py 2019-03-21 11:40:09 +0000 |
851 | @@ -34,28 +34,33 @@ |
852 | |
853 | from contextlib import contextmanager |
854 | from collections import OrderedDict |
855 | -from .hookenv import log |
856 | +from .hookenv import log, INFO, DEBUG, local_unit, charm_name |
857 | from .fstab import Fstab |
858 | from charmhelpers.osplatform import get_platform |
859 | |
860 | __platform__ = get_platform() |
861 | if __platform__ == "ubuntu": |
862 | - from charmhelpers.core.host_factory.ubuntu import ( |
863 | + from charmhelpers.core.host_factory.ubuntu import ( # NOQA:F401 |
864 | service_available, |
865 | add_new_group, |
866 | lsb_release, |
867 | cmp_pkgrevno, |
868 | + CompareHostReleases, |
869 | + get_distrib_codename, |
870 | + arch |
871 | ) # flake8: noqa -- ignore F401 for this import |
872 | elif __platform__ == "centos": |
873 | - from charmhelpers.core.host_factory.centos import ( |
874 | + from charmhelpers.core.host_factory.centos import ( # NOQA:F401 |
875 | service_available, |
876 | add_new_group, |
877 | lsb_release, |
878 | cmp_pkgrevno, |
879 | + CompareHostReleases, |
880 | ) # flake8: noqa -- ignore F401 for this import |
881 | |
882 | UPDATEDB_PATH = '/etc/updatedb.conf' |
883 | |
884 | + |
885 | def service_start(service_name, **kwargs): |
886 | """Start a system service. |
887 | |
888 | @@ -190,6 +195,7 @@ |
889 | sysv_file = os.path.join(initd_dir, service_name) |
890 | if init_is_systemd(): |
891 | service('disable', service_name) |
892 | + service('mask', service_name) |
893 | elif os.path.exists(upstart_file): |
894 | override_path = os.path.join( |
895 | init_dir, '{}.override'.format(service_name)) |
896 | @@ -222,6 +228,7 @@ |
897 | upstart_file = os.path.join(init_dir, "{}.conf".format(service_name)) |
898 | sysv_file = os.path.join(initd_dir, service_name) |
899 | if init_is_systemd(): |
900 | + service('unmask', service_name) |
901 | service('enable', service_name) |
902 | elif os.path.exists(upstart_file): |
903 | override_path = os.path.join( |
904 | @@ -283,8 +290,8 @@ |
905 | for key, value in six.iteritems(kwargs): |
906 | parameter = '%s=%s' % (key, value) |
907 | cmd.append(parameter) |
908 | - output = subprocess.check_output(cmd, |
909 | - stderr=subprocess.STDOUT).decode('UTF-8') |
910 | + output = subprocess.check_output( |
911 | + cmd, stderr=subprocess.STDOUT).decode('UTF-8') |
912 | except subprocess.CalledProcessError: |
913 | return False |
914 | else: |
915 | @@ -437,6 +444,51 @@ |
916 | subprocess.check_call(cmd) |
917 | |
918 | |
919 | +def chage(username, lastday=None, expiredate=None, inactive=None, |
920 | + mindays=None, maxdays=None, root=None, warndays=None): |
921 | + """Change user password expiry information |
922 | + |
923 | + :param str username: User to update |
924 | + :param str lastday: Set when password was changed in YYYY-MM-DD format |
925 | + :param str expiredate: Set when user's account will no longer be |
926 | + accessible in YYYY-MM-DD format. |
927 | + -1 will remove an account expiration date. |
928 | + :param str inactive: Set the number of days of inactivity after a password |
929 | + has expired before the account is locked. |
930 | + -1 will remove an account's inactivity. |
931 | + :param str mindays: Set the minimum number of days between password |
932 | + changes to MIN_DAYS. |
933 | + 0 indicates the password can be changed anytime. |
934 | + :param str maxdays: Set the maximum number of days during which a |
935 | + password is valid. |
936 | + -1 as MAX_DAYS will remove checking maxdays |
937 | + :param str root: Apply changes in the CHROOT_DIR directory |
938 | + :param str warndays: Set the number of days of warning before a password |
939 | + change is required |
940 | + :raises subprocess.CalledProcessError: if call to chage fails |
941 | + """ |
942 | + cmd = ['chage'] |
943 | + if root: |
944 | + cmd.extend(['--root', root]) |
945 | + if lastday: |
946 | + cmd.extend(['--lastday', lastday]) |
947 | + if expiredate: |
948 | + cmd.extend(['--expiredate', expiredate]) |
949 | + if inactive: |
950 | + cmd.extend(['--inactive', inactive]) |
951 | + if mindays: |
952 | + cmd.extend(['--mindays', mindays]) |
953 | + if maxdays: |
954 | + cmd.extend(['--maxdays', maxdays]) |
955 | + if warndays: |
956 | + cmd.extend(['--warndays', warndays]) |
957 | + cmd.append(username) |
958 | + subprocess.check_call(cmd) |
959 | + |
960 | + |
961 | +remove_password_expiry = functools.partial(chage, expiredate='-1', inactive='-1', mindays='0', maxdays='-1') |
962 | + |
963 | + |
964 | def rsync(from_path, to_path, flags='-r', options=None, timeout=None): |
965 | """Replicate the contents of a path""" |
966 | options = options or ['--delete', '--executability'] |
967 | @@ -483,13 +535,45 @@ |
968 | |
969 | def write_file(path, content, owner='root', group='root', perms=0o444): |
970 | """Create or overwrite a file with the contents of a byte string.""" |
971 | - log("Writing file {} {}:{} {:o}".format(path, owner, group, perms)) |
972 | uid = pwd.getpwnam(owner).pw_uid |
973 | gid = grp.getgrnam(group).gr_gid |
974 | - with open(path, 'wb') as target: |
975 | - os.fchown(target.fileno(), uid, gid) |
976 | - os.fchmod(target.fileno(), perms) |
977 | - target.write(content) |
978 | + # lets see if we can grab the file and compare the context, to avoid doing |
979 | + # a write. |
980 | + existing_content = None |
981 | + existing_uid, existing_gid, existing_perms = None, None, None |
982 | + try: |
983 | + with open(path, 'rb') as target: |
984 | + existing_content = target.read() |
985 | + stat = os.stat(path) |
986 | + existing_uid, existing_gid, existing_perms = ( |
987 | + stat.st_uid, stat.st_gid, stat.st_mode |
988 | + ) |
989 | + except Exception: |
990 | + pass |
991 | + if content != existing_content: |
992 | + log("Writing file {} {}:{} {:o}".format(path, owner, group, perms), |
993 | + level=DEBUG) |
994 | + with open(path, 'wb') as target: |
995 | + os.fchown(target.fileno(), uid, gid) |
996 | + os.fchmod(target.fileno(), perms) |
997 | + if six.PY3 and isinstance(content, six.string_types): |
998 | + content = content.encode('UTF-8') |
999 | + target.write(content) |
1000 | + return |
1001 | + # the contents were the same, but we might still need to change the |
1002 | + # ownership or permissions. |
1003 | + if existing_uid != uid: |
1004 | + log("Changing uid on already existing content: {} -> {}" |
1005 | + .format(existing_uid, uid), level=DEBUG) |
1006 | + os.chown(path, uid, -1) |
1007 | + if existing_gid != gid: |
1008 | + log("Changing gid on already existing content: {} -> {}" |
1009 | + .format(existing_gid, gid), level=DEBUG) |
1010 | + os.chown(path, -1, gid) |
1011 | + if existing_perms != perms: |
1012 | + log("Changing permissions on existing content: {} -> {}" |
1013 | + .format(existing_perms, perms), level=DEBUG) |
1014 | + os.chmod(path, perms) |
1015 | |
1016 | |
1017 | def fstab_remove(mp): |
1018 | @@ -754,7 +838,7 @@ |
1019 | ip_output = subprocess.check_output(cmd).decode('UTF-8').split('\n') |
1020 | ip_output = (line.strip() for line in ip_output if line) |
1021 | |
1022 | - key = re.compile('^[0-9]+:\s+(.+):') |
1023 | + key = re.compile(r'^[0-9]+:\s+(.+):') |
1024 | for line in ip_output: |
1025 | matched = re.search(key, line) |
1026 | if matched: |
1027 | @@ -899,6 +983,20 @@ |
1028 | |
1029 | |
1030 | def add_to_updatedb_prunepath(path, updatedb_path=UPDATEDB_PATH): |
1031 | + """Adds the specified path to the mlocate's udpatedb.conf PRUNEPATH list. |
1032 | + |
1033 | + This method has no effect if the path specified by updatedb_path does not |
1034 | + exist or is not a file. |
1035 | + |
1036 | + @param path: string the path to add to the updatedb.conf PRUNEPATHS value |
1037 | + @param updatedb_path: the path the updatedb.conf file |
1038 | + """ |
1039 | + if not os.path.exists(updatedb_path) or os.path.isdir(updatedb_path): |
1040 | + # If the updatedb.conf file doesn't exist then don't attempt to update |
1041 | + # the file as the package providing mlocate may not be installed on |
1042 | + # the local system |
1043 | + return |
1044 | + |
1045 | with open(updatedb_path, 'r+') as f_id: |
1046 | updatedb_text = f_id.read() |
1047 | output = updatedb(updatedb_text, path) |
1048 | @@ -918,3 +1016,62 @@ |
1049 | lines[i] = 'PRUNEPATHS="{}"'.format(' '.join(paths)) |
1050 | output = "\n".join(lines) |
1051 | return output |
1052 | + |
1053 | + |
1054 | +def modulo_distribution(modulo=3, wait=30, non_zero_wait=False): |
1055 | + """ Modulo distribution |
1056 | + |
1057 | + This helper uses the unit number, a modulo value and a constant wait time |
1058 | + to produce a calculated wait time distribution. This is useful in large |
1059 | + scale deployments to distribute load during an expensive operation such as |
1060 | + service restarts. |
1061 | + |
1062 | + If you have 1000 nodes that need to restart 100 at a time 1 minute at a |
1063 | + time: |
1064 | + |
1065 | + time.wait(modulo_distribution(modulo=100, wait=60)) |
1066 | + restart() |
1067 | + |
1068 | + If you need restarts to happen serially set modulo to the exact number of |
1069 | + nodes and set a high constant wait time: |
1070 | + |
1071 | + time.wait(modulo_distribution(modulo=10, wait=120)) |
1072 | + restart() |
1073 | + |
1074 | + @param modulo: int The modulo number creates the group distribution |
1075 | + @param wait: int The constant time wait value |
1076 | + @param non_zero_wait: boolean Override unit % modulo == 0, |
1077 | + return modulo * wait. Used to avoid collisions with |
1078 | + leader nodes which are often given priority. |
1079 | + @return: int Calculated time to wait for unit operation |
1080 | + """ |
1081 | + unit_number = int(local_unit().split('/')[1]) |
1082 | + calculated_wait_time = (unit_number % modulo) * wait |
1083 | + if non_zero_wait and calculated_wait_time == 0: |
1084 | + return modulo * wait |
1085 | + else: |
1086 | + return calculated_wait_time |
1087 | + |
1088 | + |
1089 | +def install_ca_cert(ca_cert, name=None): |
1090 | + """ |
1091 | + Install the given cert as a trusted CA. |
1092 | + |
1093 | + The ``name`` is the stem of the filename where the cert is written, and if |
1094 | + not provided, it will default to ``juju-{charm_name}``. |
1095 | + |
1096 | + If the cert is empty or None, or is unchanged, nothing is done. |
1097 | + """ |
1098 | + if not ca_cert: |
1099 | + return |
1100 | + if not isinstance(ca_cert, bytes): |
1101 | + ca_cert = ca_cert.encode('utf8') |
1102 | + if not name: |
1103 | + name = 'juju-{}'.format(charm_name()) |
1104 | + cert_file = '/usr/local/share/ca-certificates/{}.crt'.format(name) |
1105 | + new_hash = hashlib.md5(ca_cert).hexdigest() |
1106 | + if file_hash(cert_file) == new_hash: |
1107 | + return |
1108 | + log("Installing new CA cert at: {}".format(cert_file), level=INFO) |
1109 | + write_file(cert_file, ca_cert) |
1110 | + subprocess.check_call(['update-ca-certificates', '--fresh']) |
1111 | |
1112 | === modified file 'hooks/charmhelpers/core/host_factory/centos.py' |
1113 | --- hooks/charmhelpers/core/host_factory/centos.py 2017-03-02 15:18:31 +0000 |
1114 | +++ hooks/charmhelpers/core/host_factory/centos.py 2019-03-21 11:40:09 +0000 |
1115 | @@ -2,6 +2,22 @@ |
1116 | import yum |
1117 | import os |
1118 | |
1119 | +from charmhelpers.core.strutils import BasicStringComparator |
1120 | + |
1121 | + |
1122 | +class CompareHostReleases(BasicStringComparator): |
1123 | + """Provide comparisons of Host releases. |
1124 | + |
1125 | + Use in the form of |
1126 | + |
1127 | + if CompareHostReleases(release) > 'trusty': |
1128 | + # do something with mitaka |
1129 | + """ |
1130 | + |
1131 | + def __init__(self, item): |
1132 | + raise NotImplementedError( |
1133 | + "CompareHostReleases() is not implemented for CentOS") |
1134 | + |
1135 | |
1136 | def service_available(service_name): |
1137 | # """Determine whether a system service is available.""" |
1138 | |
1139 | === modified file 'hooks/charmhelpers/core/host_factory/ubuntu.py' |
1140 | --- hooks/charmhelpers/core/host_factory/ubuntu.py 2017-03-02 15:18:31 +0000 |
1141 | +++ hooks/charmhelpers/core/host_factory/ubuntu.py 2019-03-21 11:40:09 +0000 |
1142 | @@ -1,5 +1,41 @@ |
1143 | import subprocess |
1144 | |
1145 | +from charmhelpers.core.hookenv import cached |
1146 | +from charmhelpers.core.strutils import BasicStringComparator |
1147 | + |
1148 | + |
1149 | +UBUNTU_RELEASES = ( |
1150 | + 'lucid', |
1151 | + 'maverick', |
1152 | + 'natty', |
1153 | + 'oneiric', |
1154 | + 'precise', |
1155 | + 'quantal', |
1156 | + 'raring', |
1157 | + 'saucy', |
1158 | + 'trusty', |
1159 | + 'utopic', |
1160 | + 'vivid', |
1161 | + 'wily', |
1162 | + 'xenial', |
1163 | + 'yakkety', |
1164 | + 'zesty', |
1165 | + 'artful', |
1166 | + 'bionic', |
1167 | + 'cosmic', |
1168 | +) |
1169 | + |
1170 | + |
1171 | +class CompareHostReleases(BasicStringComparator): |
1172 | + """Provide comparisons of Ubuntu releases. |
1173 | + |
1174 | + Use in the form of |
1175 | + |
1176 | + if CompareHostReleases(release) > 'trusty': |
1177 | + # do something with mitaka |
1178 | + """ |
1179 | + _list = UBUNTU_RELEASES |
1180 | + |
1181 | |
1182 | def service_available(service_name): |
1183 | """Determine whether a system service is available""" |
1184 | @@ -37,6 +73,14 @@ |
1185 | return d |
1186 | |
1187 | |
1188 | +def get_distrib_codename(): |
1189 | + """Return the codename of the distribution |
1190 | + :returns: The codename |
1191 | + :rtype: str |
1192 | + """ |
1193 | + return lsb_release()['DISTRIB_CODENAME'].lower() |
1194 | + |
1195 | + |
1196 | def cmp_pkgrevno(package, revno, pkgcache=None): |
1197 | """Compare supplied revno with the revno of the installed package. |
1198 | |
1199 | @@ -54,3 +98,16 @@ |
1200 | pkgcache = apt_cache() |
1201 | pkg = pkgcache[package] |
1202 | return apt_pkg.version_compare(pkg.current_ver.ver_str, revno) |
1203 | + |
1204 | + |
1205 | +@cached |
1206 | +def arch(): |
1207 | + """Return the package architecture as a string. |
1208 | + |
1209 | + :returns: the architecture |
1210 | + :rtype: str |
1211 | + :raises: subprocess.CalledProcessError if dpkg command fails |
1212 | + """ |
1213 | + return subprocess.check_output( |
1214 | + ['dpkg', '--print-architecture'] |
1215 | + ).rstrip().decode('UTF-8') |
1216 | |
1217 | === modified file 'hooks/charmhelpers/core/kernel.py' |
1218 | --- hooks/charmhelpers/core/kernel.py 2017-03-02 15:18:31 +0000 |
1219 | +++ hooks/charmhelpers/core/kernel.py 2019-03-21 11:40:09 +0000 |
1220 | @@ -26,12 +26,12 @@ |
1221 | |
1222 | __platform__ = get_platform() |
1223 | if __platform__ == "ubuntu": |
1224 | - from charmhelpers.core.kernel_factory.ubuntu import ( |
1225 | + from charmhelpers.core.kernel_factory.ubuntu import ( # NOQA:F401 |
1226 | persistent_modprobe, |
1227 | update_initramfs, |
1228 | ) # flake8: noqa -- ignore F401 for this import |
1229 | elif __platform__ == "centos": |
1230 | - from charmhelpers.core.kernel_factory.centos import ( |
1231 | + from charmhelpers.core.kernel_factory.centos import ( # NOQA:F401 |
1232 | persistent_modprobe, |
1233 | update_initramfs, |
1234 | ) # flake8: noqa -- ignore F401 for this import |
1235 | |
1236 | === modified file 'hooks/charmhelpers/core/services/base.py' |
1237 | --- hooks/charmhelpers/core/services/base.py 2017-03-02 15:18:31 +0000 |
1238 | +++ hooks/charmhelpers/core/services/base.py 2019-03-21 11:40:09 +0000 |
1239 | @@ -307,23 +307,34 @@ |
1240 | """ |
1241 | def __call__(self, manager, service_name, event_name): |
1242 | service = manager.get_service(service_name) |
1243 | - new_ports = service.get('ports', []) |
1244 | + # turn this generator into a list, |
1245 | + # as we'll be going over it multiple times |
1246 | + new_ports = list(service.get('ports', [])) |
1247 | port_file = os.path.join(hookenv.charm_dir(), '.{}.ports'.format(service_name)) |
1248 | if os.path.exists(port_file): |
1249 | with open(port_file) as fp: |
1250 | old_ports = fp.read().split(',') |
1251 | for old_port in old_ports: |
1252 | - if bool(old_port): |
1253 | - old_port = int(old_port) |
1254 | - if old_port not in new_ports: |
1255 | - hookenv.close_port(old_port) |
1256 | + if bool(old_port) and not self.ports_contains(old_port, new_ports): |
1257 | + hookenv.close_port(old_port) |
1258 | with open(port_file, 'w') as fp: |
1259 | fp.write(','.join(str(port) for port in new_ports)) |
1260 | for port in new_ports: |
1261 | + # A port is either a number or 'ICMP' |
1262 | + protocol = 'TCP' |
1263 | + if str(port).upper() == 'ICMP': |
1264 | + protocol = 'ICMP' |
1265 | if event_name == 'start': |
1266 | - hookenv.open_port(port) |
1267 | + hookenv.open_port(port, protocol) |
1268 | elif event_name == 'stop': |
1269 | - hookenv.close_port(port) |
1270 | + hookenv.close_port(port, protocol) |
1271 | + |
1272 | + def ports_contains(self, port, ports): |
1273 | + if not bool(port): |
1274 | + return False |
1275 | + if str(port).upper() != 'ICMP': |
1276 | + port = int(port) |
1277 | + return port in ports |
1278 | |
1279 | |
1280 | def service_stop(service_name): |
1281 | |
1282 | === modified file 'hooks/charmhelpers/core/strutils.py' |
1283 | --- hooks/charmhelpers/core/strutils.py 2017-03-02 15:18:31 +0000 |
1284 | +++ hooks/charmhelpers/core/strutils.py 2019-03-21 11:40:09 +0000 |
1285 | @@ -61,10 +61,69 @@ |
1286 | if isinstance(value, six.string_types): |
1287 | value = six.text_type(value) |
1288 | else: |
1289 | - msg = "Unable to interpret non-string value '%s' as boolean" % (value) |
1290 | + msg = "Unable to interpret non-string value '%s' as bytes" % (value) |
1291 | raise ValueError(msg) |
1292 | matches = re.match("([0-9]+)([a-zA-Z]+)", value) |
1293 | - if not matches: |
1294 | - msg = "Unable to interpret string value '%s' as bytes" % (value) |
1295 | - raise ValueError(msg) |
1296 | - return int(matches.group(1)) * (1024 ** BYTE_POWER[matches.group(2)]) |
1297 | + if matches: |
1298 | + size = int(matches.group(1)) * (1024 ** BYTE_POWER[matches.group(2)]) |
1299 | + else: |
1300 | + # Assume that value passed in is bytes |
1301 | + try: |
1302 | + size = int(value) |
1303 | + except ValueError: |
1304 | + msg = "Unable to interpret string value '%s' as bytes" % (value) |
1305 | + raise ValueError(msg) |
1306 | + return size |
1307 | + |
1308 | + |
1309 | +class BasicStringComparator(object): |
1310 | + """Provides a class that will compare strings from an iterator type object. |
1311 | + Used to provide > and < comparisons on strings that may not necessarily be |
1312 | + alphanumerically ordered. e.g. OpenStack or Ubuntu releases AFTER the |
1313 | + z-wrap. |
1314 | + """ |
1315 | + |
1316 | + _list = None |
1317 | + |
1318 | + def __init__(self, item): |
1319 | + if self._list is None: |
1320 | + raise Exception("Must define the _list in the class definition!") |
1321 | + try: |
1322 | + self.index = self._list.index(item) |
1323 | + except Exception: |
1324 | + raise KeyError("Item '{}' is not in list '{}'" |
1325 | + .format(item, self._list)) |
1326 | + |
1327 | + def __eq__(self, other): |
1328 | + assert isinstance(other, str) or isinstance(other, self.__class__) |
1329 | + return self.index == self._list.index(other) |
1330 | + |
1331 | + def __ne__(self, other): |
1332 | + return not self.__eq__(other) |
1333 | + |
1334 | + def __lt__(self, other): |
1335 | + assert isinstance(other, str) or isinstance(other, self.__class__) |
1336 | + return self.index < self._list.index(other) |
1337 | + |
1338 | + def __ge__(self, other): |
1339 | + return not self.__lt__(other) |
1340 | + |
1341 | + def __gt__(self, other): |
1342 | + assert isinstance(other, str) or isinstance(other, self.__class__) |
1343 | + return self.index > self._list.index(other) |
1344 | + |
1345 | + def __le__(self, other): |
1346 | + return not self.__gt__(other) |
1347 | + |
1348 | + def __str__(self): |
1349 | + """Always give back the item at the index so it can be used in |
1350 | + comparisons like: |
1351 | + |
1352 | + s_mitaka = CompareOpenStack('mitaka') |
1353 | + s_newton = CompareOpenstack('newton') |
1354 | + |
1355 | + assert s_newton > s_mitaka |
1356 | + |
1357 | + @returns: <string> |
1358 | + """ |
1359 | + return self._list[self.index] |
1360 | |
1361 | === modified file 'hooks/charmhelpers/core/sysctl.py' |
1362 | --- hooks/charmhelpers/core/sysctl.py 2017-03-02 15:18:31 +0000 |
1363 | +++ hooks/charmhelpers/core/sysctl.py 2019-03-21 11:40:09 +0000 |
1364 | @@ -28,27 +28,38 @@ |
1365 | __author__ = 'Jorge Niedbalski R. <jorge.niedbalski@canonical.com>' |
1366 | |
1367 | |
1368 | -def create(sysctl_dict, sysctl_file): |
1369 | +def create(sysctl_dict, sysctl_file, ignore=False): |
1370 | """Creates a sysctl.conf file from a YAML associative array |
1371 | |
1372 | - :param sysctl_dict: a YAML-formatted string of sysctl options eg "{ 'kernel.max_pid': 1337 }" |
1373 | + :param sysctl_dict: a dict or YAML-formatted string of sysctl |
1374 | + options eg "{ 'kernel.max_pid': 1337 }" |
1375 | :type sysctl_dict: str |
1376 | :param sysctl_file: path to the sysctl file to be saved |
1377 | :type sysctl_file: str or unicode |
1378 | + :param ignore: If True, ignore "unknown variable" errors. |
1379 | + :type ignore: bool |
1380 | :returns: None |
1381 | """ |
1382 | - try: |
1383 | - sysctl_dict_parsed = yaml.safe_load(sysctl_dict) |
1384 | - except yaml.YAMLError: |
1385 | - log("Error parsing YAML sysctl_dict: {}".format(sysctl_dict), |
1386 | - level=ERROR) |
1387 | - return |
1388 | + if type(sysctl_dict) is not dict: |
1389 | + try: |
1390 | + sysctl_dict_parsed = yaml.safe_load(sysctl_dict) |
1391 | + except yaml.YAMLError: |
1392 | + log("Error parsing YAML sysctl_dict: {}".format(sysctl_dict), |
1393 | + level=ERROR) |
1394 | + return |
1395 | + else: |
1396 | + sysctl_dict_parsed = sysctl_dict |
1397 | |
1398 | with open(sysctl_file, "w") as fd: |
1399 | for key, value in sysctl_dict_parsed.items(): |
1400 | fd.write("{}={}\n".format(key, value)) |
1401 | |
1402 | - log("Updating sysctl_file: %s values: %s" % (sysctl_file, sysctl_dict_parsed), |
1403 | + log("Updating sysctl_file: {} values: {}".format(sysctl_file, |
1404 | + sysctl_dict_parsed), |
1405 | level=DEBUG) |
1406 | |
1407 | - check_call(["sysctl", "-p", sysctl_file]) |
1408 | + call = ["sysctl", "-p", sysctl_file] |
1409 | + if ignore: |
1410 | + call.append("-e") |
1411 | + |
1412 | + check_call(call) |
1413 | |
1414 | === modified file 'hooks/charmhelpers/core/templating.py' |
1415 | --- hooks/charmhelpers/core/templating.py 2017-03-02 15:18:31 +0000 |
1416 | +++ hooks/charmhelpers/core/templating.py 2019-03-21 11:40:09 +0000 |
1417 | @@ -20,7 +20,8 @@ |
1418 | |
1419 | |
1420 | def render(source, target, context, owner='root', group='root', |
1421 | - perms=0o444, templates_dir=None, encoding='UTF-8', template_loader=None): |
1422 | + perms=0o444, templates_dir=None, encoding='UTF-8', |
1423 | + template_loader=None, config_template=None): |
1424 | """ |
1425 | Render a template. |
1426 | |
1427 | @@ -32,6 +33,9 @@ |
1428 | The context should be a dict containing the values to be replaced in the |
1429 | template. |
1430 | |
1431 | + config_template may be provided to render from a provided template instead |
1432 | + of loading from a file. |
1433 | + |
1434 | The `owner`, `group`, and `perms` options will be passed to `write_file`. |
1435 | |
1436 | If omitted, `templates_dir` defaults to the `templates` folder in the charm. |
1437 | @@ -65,14 +69,19 @@ |
1438 | if templates_dir is None: |
1439 | templates_dir = os.path.join(hookenv.charm_dir(), 'templates') |
1440 | template_env = Environment(loader=FileSystemLoader(templates_dir)) |
1441 | - try: |
1442 | - source = source |
1443 | - template = template_env.get_template(source) |
1444 | - except exceptions.TemplateNotFound as e: |
1445 | - hookenv.log('Could not load template %s from %s.' % |
1446 | - (source, templates_dir), |
1447 | - level=hookenv.ERROR) |
1448 | - raise e |
1449 | + |
1450 | + # load from a string if provided explicitly |
1451 | + if config_template is not None: |
1452 | + template = template_env.from_string(config_template) |
1453 | + else: |
1454 | + try: |
1455 | + source = source |
1456 | + template = template_env.get_template(source) |
1457 | + except exceptions.TemplateNotFound as e: |
1458 | + hookenv.log('Could not load template %s from %s.' % |
1459 | + (source, templates_dir), |
1460 | + level=hookenv.ERROR) |
1461 | + raise e |
1462 | content = template.render(context) |
1463 | if target is not None: |
1464 | target_dir = os.path.dirname(target) |
1465 | |
1466 | === modified file 'hooks/charmhelpers/core/unitdata.py' |
1467 | --- hooks/charmhelpers/core/unitdata.py 2017-03-02 15:18:31 +0000 |
1468 | +++ hooks/charmhelpers/core/unitdata.py 2019-03-21 11:40:09 +0000 |
1469 | @@ -166,6 +166,10 @@ |
1470 | |
1471 | To support dicts, lists, integer, floats, and booleans values |
1472 | are automatically json encoded/decoded. |
1473 | + |
1474 | + Note: to facilitate unit testing, ':memory:' can be passed as the |
1475 | + path parameter which causes sqlite3 to only build the db in memory. |
1476 | + This should only be used for testing purposes. |
1477 | """ |
1478 | def __init__(self, path=None): |
1479 | self.db_path = path |
1480 | @@ -175,6 +179,9 @@ |
1481 | else: |
1482 | self.db_path = os.path.join( |
1483 | os.environ.get('CHARM_DIR', ''), '.unit-state.db') |
1484 | + if self.db_path != ':memory:': |
1485 | + with open(self.db_path, 'a') as f: |
1486 | + os.fchmod(f.fileno(), 0o600) |
1487 | self.conn = sqlite3.connect('%s' % self.db_path) |
1488 | self.cursor = self.conn.cursor() |
1489 | self.revision = None |
1490 | @@ -358,7 +365,7 @@ |
1491 | try: |
1492 | yield self.revision |
1493 | self.revision = None |
1494 | - except: |
1495 | + except Exception: |
1496 | self.flush(False) |
1497 | self.revision = None |
1498 | raise |
1499 | |
1500 | === modified file 'hooks/charmhelpers/fetch/__init__.py' |
1501 | --- hooks/charmhelpers/fetch/__init__.py 2017-03-02 15:18:31 +0000 |
1502 | +++ hooks/charmhelpers/fetch/__init__.py 2019-03-21 11:40:09 +0000 |
1503 | @@ -48,6 +48,13 @@ |
1504 | pass |
1505 | |
1506 | |
1507 | +class GPGKeyError(Exception): |
1508 | + """Exception occurs when a GPG key cannot be fetched or used. The message |
1509 | + indicates what the problem is. |
1510 | + """ |
1511 | + pass |
1512 | + |
1513 | + |
1514 | class BaseFetchHandler(object): |
1515 | |
1516 | """Base class for FetchHandler implementations in fetch plugins""" |
1517 | @@ -77,21 +84,24 @@ |
1518 | fetch = importlib.import_module(module) |
1519 | |
1520 | filter_installed_packages = fetch.filter_installed_packages |
1521 | -install = fetch.install |
1522 | -upgrade = fetch.upgrade |
1523 | -update = fetch.update |
1524 | -purge = fetch.purge |
1525 | +filter_missing_packages = fetch.filter_missing_packages |
1526 | +install = fetch.apt_install |
1527 | +upgrade = fetch.apt_upgrade |
1528 | +update = _fetch_update = fetch.apt_update |
1529 | +purge = fetch.apt_purge |
1530 | add_source = fetch.add_source |
1531 | |
1532 | if __platform__ == "ubuntu": |
1533 | apt_cache = fetch.apt_cache |
1534 | - apt_install = fetch.install |
1535 | - apt_update = fetch.update |
1536 | - apt_upgrade = fetch.upgrade |
1537 | - apt_purge = fetch.purge |
1538 | + apt_install = fetch.apt_install |
1539 | + apt_update = fetch.apt_update |
1540 | + apt_upgrade = fetch.apt_upgrade |
1541 | + apt_purge = fetch.apt_purge |
1542 | + apt_autoremove = fetch.apt_autoremove |
1543 | apt_mark = fetch.apt_mark |
1544 | apt_hold = fetch.apt_hold |
1545 | apt_unhold = fetch.apt_unhold |
1546 | + import_key = fetch.import_key |
1547 | get_upstream_version = fetch.get_upstream_version |
1548 | elif __platform__ == "centos": |
1549 | yum_search = fetch.yum_search |
1550 | @@ -135,7 +145,7 @@ |
1551 | for source, key in zip(sources, keys): |
1552 | add_source(source, key) |
1553 | if update: |
1554 | - fetch.update(fatal=True) |
1555 | + _fetch_update(fatal=True) |
1556 | |
1557 | |
1558 | def install_remote(source, *args, **kwargs): |
1559 | |
1560 | === modified file 'hooks/charmhelpers/fetch/archiveurl.py' |
1561 | --- hooks/charmhelpers/fetch/archiveurl.py 2017-03-02 15:18:31 +0000 |
1562 | +++ hooks/charmhelpers/fetch/archiveurl.py 2019-03-21 11:40:09 +0000 |
1563 | @@ -89,7 +89,7 @@ |
1564 | :param str source: URL pointing to an archive file. |
1565 | :param str dest: Local path location to download archive file to. |
1566 | """ |
1567 | - # propogate all exceptions |
1568 | + # propagate all exceptions |
1569 | # URLError, OSError, etc |
1570 | proto, netloc, path, params, query, fragment = urlparse(source) |
1571 | if proto in ('http', 'https'): |
1572 | |
1573 | === modified file 'hooks/charmhelpers/fetch/bzrurl.py' |
1574 | --- hooks/charmhelpers/fetch/bzrurl.py 2017-03-02 15:18:31 +0000 |
1575 | +++ hooks/charmhelpers/fetch/bzrurl.py 2019-03-21 11:40:09 +0000 |
1576 | @@ -13,7 +13,7 @@ |
1577 | # limitations under the License. |
1578 | |
1579 | import os |
1580 | -from subprocess import check_call |
1581 | +from subprocess import STDOUT, check_output |
1582 | from charmhelpers.fetch import ( |
1583 | BaseFetchHandler, |
1584 | UnhandledSource, |
1585 | @@ -55,7 +55,7 @@ |
1586 | cmd = ['bzr', 'branch'] |
1587 | cmd += cmd_opts |
1588 | cmd += [source, dest] |
1589 | - check_call(cmd) |
1590 | + check_output(cmd, stderr=STDOUT) |
1591 | |
1592 | def install(self, source, dest=None, revno=None): |
1593 | url_parts = self.parse_url(source) |
1594 | |
1595 | === modified file 'hooks/charmhelpers/fetch/centos.py' |
1596 | --- hooks/charmhelpers/fetch/centos.py 2017-03-02 15:18:31 +0000 |
1597 | +++ hooks/charmhelpers/fetch/centos.py 2019-03-21 11:40:09 +0000 |
1598 | @@ -132,7 +132,7 @@ |
1599 | key_file.write(key) |
1600 | key_file.flush() |
1601 | key_file.seek(0) |
1602 | - subprocess.check_call(['rpm', '--import', key_file]) |
1603 | + subprocess.check_call(['rpm', '--import', key_file.name]) |
1604 | else: |
1605 | subprocess.check_call(['rpm', '--import', key]) |
1606 | |
1607 | |
1608 | === modified file 'hooks/charmhelpers/fetch/giturl.py' |
1609 | --- hooks/charmhelpers/fetch/giturl.py 2017-03-02 15:18:31 +0000 |
1610 | +++ hooks/charmhelpers/fetch/giturl.py 2019-03-21 11:40:09 +0000 |
1611 | @@ -13,7 +13,7 @@ |
1612 | # limitations under the License. |
1613 | |
1614 | import os |
1615 | -from subprocess import check_call, CalledProcessError |
1616 | +from subprocess import check_output, CalledProcessError, STDOUT |
1617 | from charmhelpers.fetch import ( |
1618 | BaseFetchHandler, |
1619 | UnhandledSource, |
1620 | @@ -50,7 +50,7 @@ |
1621 | cmd = ['git', 'clone', source, dest, '--branch', branch] |
1622 | if depth: |
1623 | cmd.extend(['--depth', depth]) |
1624 | - check_call(cmd) |
1625 | + check_output(cmd, stderr=STDOUT) |
1626 | |
1627 | def install(self, source, branch="master", dest=None, depth=None): |
1628 | url_parts = self.parse_url(source) |
1629 | |
1630 | === added directory 'hooks/charmhelpers/fetch/python' |
1631 | === added file 'hooks/charmhelpers/fetch/python/__init__.py' |
1632 | --- hooks/charmhelpers/fetch/python/__init__.py 1970-01-01 00:00:00 +0000 |
1633 | +++ hooks/charmhelpers/fetch/python/__init__.py 2019-03-21 11:40:09 +0000 |
1634 | @@ -0,0 +1,13 @@ |
1635 | +# Copyright 2014-2019 Canonical Limited. |
1636 | +# |
1637 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1638 | +# you may not use this file except in compliance with the License. |
1639 | +# You may obtain a copy of the License at |
1640 | +# |
1641 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1642 | +# |
1643 | +# Unless required by applicable law or agreed to in writing, software |
1644 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1645 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1646 | +# See the License for the specific language governing permissions and |
1647 | +# limitations under the License. |
1648 | |
1649 | === added file 'hooks/charmhelpers/fetch/python/debug.py' |
1650 | --- hooks/charmhelpers/fetch/python/debug.py 1970-01-01 00:00:00 +0000 |
1651 | +++ hooks/charmhelpers/fetch/python/debug.py 2019-03-21 11:40:09 +0000 |
1652 | @@ -0,0 +1,54 @@ |
1653 | +#!/usr/bin/env python |
1654 | +# coding: utf-8 |
1655 | + |
1656 | +# Copyright 2014-2015 Canonical Limited. |
1657 | +# |
1658 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1659 | +# you may not use this file except in compliance with the License. |
1660 | +# You may obtain a copy of the License at |
1661 | +# |
1662 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1663 | +# |
1664 | +# Unless required by applicable law or agreed to in writing, software |
1665 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1666 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1667 | +# See the License for the specific language governing permissions and |
1668 | +# limitations under the License. |
1669 | + |
1670 | +from __future__ import print_function |
1671 | + |
1672 | +import atexit |
1673 | +import sys |
1674 | + |
1675 | +from charmhelpers.fetch.python.rpdb import Rpdb |
1676 | +from charmhelpers.core.hookenv import ( |
1677 | + open_port, |
1678 | + close_port, |
1679 | + ERROR, |
1680 | + log |
1681 | +) |
1682 | + |
1683 | +__author__ = "Jorge Niedbalski <jorge.niedbalski@canonical.com>" |
1684 | + |
1685 | +DEFAULT_ADDR = "0.0.0.0" |
1686 | +DEFAULT_PORT = 4444 |
1687 | + |
1688 | + |
1689 | +def _error(message): |
1690 | + log(message, level=ERROR) |
1691 | + |
1692 | + |
1693 | +def set_trace(addr=DEFAULT_ADDR, port=DEFAULT_PORT): |
1694 | + """ |
1695 | + Set a trace point using the remote debugger |
1696 | + """ |
1697 | + atexit.register(close_port, port) |
1698 | + try: |
1699 | + log("Starting a remote python debugger session on %s:%s" % (addr, |
1700 | + port)) |
1701 | + open_port(port) |
1702 | + debugger = Rpdb(addr=addr, port=port) |
1703 | + debugger.set_trace(sys._getframe().f_back) |
1704 | + except Exception: |
1705 | + _error("Cannot start a remote debug session on %s:%s" % (addr, |
1706 | + port)) |
1707 | |
1708 | === added file 'hooks/charmhelpers/fetch/python/packages.py' |
1709 | --- hooks/charmhelpers/fetch/python/packages.py 1970-01-01 00:00:00 +0000 |
1710 | +++ hooks/charmhelpers/fetch/python/packages.py 2019-03-21 11:40:09 +0000 |
1711 | @@ -0,0 +1,154 @@ |
1712 | +#!/usr/bin/env python |
1713 | +# coding: utf-8 |
1714 | + |
1715 | +# Copyright 2014-2015 Canonical Limited. |
1716 | +# |
1717 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1718 | +# you may not use this file except in compliance with the License. |
1719 | +# You may obtain a copy of the License at |
1720 | +# |
1721 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1722 | +# |
1723 | +# Unless required by applicable law or agreed to in writing, software |
1724 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1725 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1726 | +# See the License for the specific language governing permissions and |
1727 | +# limitations under the License. |
1728 | + |
1729 | +import os |
1730 | +import six |
1731 | +import subprocess |
1732 | +import sys |
1733 | + |
1734 | +from charmhelpers.fetch import apt_install, apt_update |
1735 | +from charmhelpers.core.hookenv import charm_dir, log |
1736 | + |
1737 | +__author__ = "Jorge Niedbalski <jorge.niedbalski@canonical.com>" |
1738 | + |
1739 | + |
1740 | +def pip_execute(*args, **kwargs): |
1741 | + """Overriden pip_execute() to stop sys.path being changed. |
1742 | + |
1743 | + The act of importing main from the pip module seems to cause add wheels |
1744 | + from the /usr/share/python-wheels which are installed by various tools. |
1745 | + This function ensures that sys.path remains the same after the call is |
1746 | + executed. |
1747 | + """ |
1748 | + try: |
1749 | + _path = sys.path |
1750 | + try: |
1751 | + from pip import main as _pip_execute |
1752 | + except ImportError: |
1753 | + apt_update() |
1754 | + if six.PY2: |
1755 | + apt_install('python-pip') |
1756 | + else: |
1757 | + apt_install('python3-pip') |
1758 | + from pip import main as _pip_execute |
1759 | + _pip_execute(*args, **kwargs) |
1760 | + finally: |
1761 | + sys.path = _path |
1762 | + |
1763 | + |
1764 | +def parse_options(given, available): |
1765 | + """Given a set of options, check if available""" |
1766 | + for key, value in sorted(given.items()): |
1767 | + if not value: |
1768 | + continue |
1769 | + if key in available: |
1770 | + yield "--{0}={1}".format(key, value) |
1771 | + |
1772 | + |
1773 | +def pip_install_requirements(requirements, constraints=None, **options): |
1774 | + """Install a requirements file. |
1775 | + |
1776 | + :param constraints: Path to pip constraints file. |
1777 | + http://pip.readthedocs.org/en/stable/user_guide/#constraints-files |
1778 | + """ |
1779 | + command = ["install"] |
1780 | + |
1781 | + available_options = ('proxy', 'src', 'log', ) |
1782 | + for option in parse_options(options, available_options): |
1783 | + command.append(option) |
1784 | + |
1785 | + command.append("-r {0}".format(requirements)) |
1786 | + if constraints: |
1787 | + command.append("-c {0}".format(constraints)) |
1788 | + log("Installing from file: {} with constraints {} " |
1789 | + "and options: {}".format(requirements, constraints, command)) |
1790 | + else: |
1791 | + log("Installing from file: {} with options: {}".format(requirements, |
1792 | + command)) |
1793 | + pip_execute(command) |
1794 | + |
1795 | + |
1796 | +def pip_install(package, fatal=False, upgrade=False, venv=None, |
1797 | + constraints=None, **options): |
1798 | + """Install a python package""" |
1799 | + if venv: |
1800 | + venv_python = os.path.join(venv, 'bin/pip') |
1801 | + command = [venv_python, "install"] |
1802 | + else: |
1803 | + command = ["install"] |
1804 | + |
1805 | + available_options = ('proxy', 'src', 'log', 'index-url', ) |
1806 | + for option in parse_options(options, available_options): |
1807 | + command.append(option) |
1808 | + |
1809 | + if upgrade: |
1810 | + command.append('--upgrade') |
1811 | + |
1812 | + if constraints: |
1813 | + command.extend(['-c', constraints]) |
1814 | + |
1815 | + if isinstance(package, list): |
1816 | + command.extend(package) |
1817 | + else: |
1818 | + command.append(package) |
1819 | + |
1820 | + log("Installing {} package with options: {}".format(package, |
1821 | + command)) |
1822 | + if venv: |
1823 | + subprocess.check_call(command) |
1824 | + else: |
1825 | + pip_execute(command) |
1826 | + |
1827 | + |
1828 | +def pip_uninstall(package, **options): |
1829 | + """Uninstall a python package""" |
1830 | + command = ["uninstall", "-q", "-y"] |
1831 | + |
1832 | + available_options = ('proxy', 'log', ) |
1833 | + for option in parse_options(options, available_options): |
1834 | + command.append(option) |
1835 | + |
1836 | + if isinstance(package, list): |
1837 | + command.extend(package) |
1838 | + else: |
1839 | + command.append(package) |
1840 | + |
1841 | + log("Uninstalling {} package with options: {}".format(package, |
1842 | + command)) |
1843 | + pip_execute(command) |
1844 | + |
1845 | + |
1846 | +def pip_list(): |
1847 | + """Returns the list of current python installed packages |
1848 | + """ |
1849 | + return pip_execute(["list"]) |
1850 | + |
1851 | + |
1852 | +def pip_create_virtualenv(path=None): |
1853 | + """Create an isolated Python environment.""" |
1854 | + if six.PY2: |
1855 | + apt_install('python-virtualenv') |
1856 | + else: |
1857 | + apt_install('python3-virtualenv') |
1858 | + |
1859 | + if path: |
1860 | + venv_path = path |
1861 | + else: |
1862 | + venv_path = os.path.join(charm_dir(), 'venv') |
1863 | + |
1864 | + if not os.path.exists(venv_path): |
1865 | + subprocess.check_call(['virtualenv', venv_path]) |
1866 | |
1867 | === added file 'hooks/charmhelpers/fetch/python/rpdb.py' |
1868 | --- hooks/charmhelpers/fetch/python/rpdb.py 1970-01-01 00:00:00 +0000 |
1869 | +++ hooks/charmhelpers/fetch/python/rpdb.py 2019-03-21 11:40:09 +0000 |
1870 | @@ -0,0 +1,56 @@ |
1871 | +# Copyright 2014-2015 Canonical Limited. |
1872 | +# |
1873 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1874 | +# you may not use this file except in compliance with the License. |
1875 | +# You may obtain a copy of the License at |
1876 | +# |
1877 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1878 | +# |
1879 | +# Unless required by applicable law or agreed to in writing, software |
1880 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1881 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1882 | +# See the License for the specific language governing permissions and |
1883 | +# limitations under the License. |
1884 | + |
1885 | +"""Remote Python Debugger (pdb wrapper).""" |
1886 | + |
1887 | +import pdb |
1888 | +import socket |
1889 | +import sys |
1890 | + |
1891 | +__author__ = "Bertrand Janin <b@janin.com>" |
1892 | +__version__ = "0.1.3" |
1893 | + |
1894 | + |
1895 | +class Rpdb(pdb.Pdb): |
1896 | + |
1897 | + def __init__(self, addr="127.0.0.1", port=4444): |
1898 | + """Initialize the socket and initialize pdb.""" |
1899 | + |
1900 | + # Backup stdin and stdout before replacing them by the socket handle |
1901 | + self.old_stdout = sys.stdout |
1902 | + self.old_stdin = sys.stdin |
1903 | + |
1904 | + # Open a 'reusable' socket to let the webapp reload on the same port |
1905 | + self.skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
1906 | + self.skt.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True) |
1907 | + self.skt.bind((addr, port)) |
1908 | + self.skt.listen(1) |
1909 | + (clientsocket, address) = self.skt.accept() |
1910 | + handle = clientsocket.makefile('rw') |
1911 | + pdb.Pdb.__init__(self, completekey='tab', stdin=handle, stdout=handle) |
1912 | + sys.stdout = sys.stdin = handle |
1913 | + |
1914 | + def shutdown(self): |
1915 | + """Revert stdin and stdout, close the socket.""" |
1916 | + sys.stdout = self.old_stdout |
1917 | + sys.stdin = self.old_stdin |
1918 | + self.skt.close() |
1919 | + self.set_continue() |
1920 | + |
1921 | + def do_continue(self, arg): |
1922 | + """Stop all operation on ``continue``.""" |
1923 | + self.shutdown() |
1924 | + return 1 |
1925 | + |
1926 | + do_EOF = do_quit = do_exit = do_c = do_cont = do_continue |
1927 | |
1928 | === added file 'hooks/charmhelpers/fetch/python/version.py' |
1929 | --- hooks/charmhelpers/fetch/python/version.py 1970-01-01 00:00:00 +0000 |
1930 | +++ hooks/charmhelpers/fetch/python/version.py 2019-03-21 11:40:09 +0000 |
1931 | @@ -0,0 +1,32 @@ |
1932 | +#!/usr/bin/env python |
1933 | +# coding: utf-8 |
1934 | + |
1935 | +# Copyright 2014-2015 Canonical Limited. |
1936 | +# |
1937 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1938 | +# you may not use this file except in compliance with the License. |
1939 | +# You may obtain a copy of the License at |
1940 | +# |
1941 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1942 | +# |
1943 | +# Unless required by applicable law or agreed to in writing, software |
1944 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1945 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1946 | +# See the License for the specific language governing permissions and |
1947 | +# limitations under the License. |
1948 | + |
1949 | +import sys |
1950 | + |
1951 | +__author__ = "Jorge Niedbalski <jorge.niedbalski@canonical.com>" |
1952 | + |
1953 | + |
1954 | +def current_version(): |
1955 | + """Current system python version""" |
1956 | + return sys.version_info |
1957 | + |
1958 | + |
1959 | +def current_version_string(): |
1960 | + """Current system python version as string major.minor.micro""" |
1961 | + return "{0}.{1}.{2}".format(sys.version_info.major, |
1962 | + sys.version_info.minor, |
1963 | + sys.version_info.micro) |
1964 | |
1965 | === modified file 'hooks/charmhelpers/fetch/snap.py' |
1966 | --- hooks/charmhelpers/fetch/snap.py 2017-03-21 15:08:36 +0000 |
1967 | +++ hooks/charmhelpers/fetch/snap.py 2019-03-21 11:40:09 +0000 |
1968 | @@ -18,21 +18,33 @@ |
1969 | https://lists.ubuntu.com/archives/snapcraft/2016-September/001114.html |
1970 | """ |
1971 | import subprocess |
1972 | -from os import environ |
1973 | +import os |
1974 | from time import sleep |
1975 | from charmhelpers.core.hookenv import log |
1976 | |
1977 | __author__ = 'Joseph Borg <joseph.borg@canonical.com>' |
1978 | |
1979 | -SNAP_NO_LOCK = 1 # The return code for "couldn't acquire lock" in Snap (hopefully this will be improved). |
1980 | +# The return code for "couldn't acquire lock" in Snap |
1981 | +# (hopefully this will be improved). |
1982 | +SNAP_NO_LOCK = 1 |
1983 | SNAP_NO_LOCK_RETRY_DELAY = 10 # Wait X seconds between Snap lock checks. |
1984 | SNAP_NO_LOCK_RETRY_COUNT = 30 # Retry to acquire the lock X times. |
1985 | +SNAP_CHANNELS = [ |
1986 | + 'edge', |
1987 | + 'beta', |
1988 | + 'candidate', |
1989 | + 'stable', |
1990 | +] |
1991 | |
1992 | |
1993 | class CouldNotAcquireLockException(Exception): |
1994 | pass |
1995 | |
1996 | |
1997 | +class InvalidSnapChannel(Exception): |
1998 | + pass |
1999 | + |
2000 | + |
2001 | def _snap_exec(commands): |
2002 | """ |
2003 | Execute snap commands. |
2004 | @@ -47,13 +59,17 @@ |
2005 | |
2006 | while return_code is None or return_code == SNAP_NO_LOCK: |
2007 | try: |
2008 | - return_code = subprocess.check_call(['snap'] + commands, env=environ) |
2009 | + return_code = subprocess.check_call(['snap'] + commands, |
2010 | + env=os.environ) |
2011 | except subprocess.CalledProcessError as e: |
2012 | retry_count += + 1 |
2013 | if retry_count > SNAP_NO_LOCK_RETRY_COUNT: |
2014 | - raise CouldNotAcquireLockException('Could not aquire lock after %s attempts' % SNAP_NO_LOCK_RETRY_COUNT) |
2015 | + raise CouldNotAcquireLockException( |
2016 | + 'Could not aquire lock after {} attempts' |
2017 | + .format(SNAP_NO_LOCK_RETRY_COUNT)) |
2018 | return_code = e.returncode |
2019 | - log('Snap failed to acquire lock, trying again in %s seconds.' % SNAP_NO_LOCK_RETRY_DELAY, level='WARN') |
2020 | + log('Snap failed to acquire lock, trying again in {} seconds.' |
2021 | + .format(SNAP_NO_LOCK_RETRY_DELAY, level='WARN')) |
2022 | sleep(SNAP_NO_LOCK_RETRY_DELAY) |
2023 | |
2024 | return return_code |
2025 | @@ -120,3 +136,15 @@ |
2026 | |
2027 | log(message, level='INFO') |
2028 | return _snap_exec(['refresh'] + flags + packages) |
2029 | + |
2030 | + |
2031 | +def valid_snap_channel(channel): |
2032 | + """ Validate snap channel exists |
2033 | + |
2034 | + :raises InvalidSnapChannel: When channel does not exist |
2035 | + :return: Boolean |
2036 | + """ |
2037 | + if channel.lower() in SNAP_CHANNELS: |
2038 | + return True |
2039 | + else: |
2040 | + raise InvalidSnapChannel("Invalid Snap Channel: {}".format(channel)) |
2041 | |
2042 | === modified file 'hooks/charmhelpers/fetch/ubuntu.py' |
2043 | --- hooks/charmhelpers/fetch/ubuntu.py 2017-03-21 15:08:36 +0000 |
2044 | +++ hooks/charmhelpers/fetch/ubuntu.py 2019-03-21 11:40:09 +0000 |
2045 | @@ -12,29 +12,48 @@ |
2046 | # See the License for the specific language governing permissions and |
2047 | # limitations under the License. |
2048 | |
2049 | +from collections import OrderedDict |
2050 | import os |
2051 | +import platform |
2052 | +import re |
2053 | import six |
2054 | import time |
2055 | import subprocess |
2056 | |
2057 | -from tempfile import NamedTemporaryFile |
2058 | -from charmhelpers.core.host import ( |
2059 | - lsb_release |
2060 | +from charmhelpers.core.host import get_distrib_codename |
2061 | + |
2062 | +from charmhelpers.core.hookenv import ( |
2063 | + log, |
2064 | + DEBUG, |
2065 | + WARNING, |
2066 | + env_proxy_settings, |
2067 | ) |
2068 | -from charmhelpers.core.hookenv import log |
2069 | -from charmhelpers.fetch import SourceConfigError |
2070 | +from charmhelpers.fetch import SourceConfigError, GPGKeyError |
2071 | |
2072 | +PROPOSED_POCKET = ( |
2073 | + "# Proposed\n" |
2074 | + "deb http://archive.ubuntu.com/ubuntu {}-proposed main universe " |
2075 | + "multiverse restricted\n") |
2076 | +PROPOSED_PORTS_POCKET = ( |
2077 | + "# Proposed\n" |
2078 | + "deb http://ports.ubuntu.com/ubuntu-ports {}-proposed main universe " |
2079 | + "multiverse restricted\n") |
2080 | +# Only supports 64bit and ppc64 at the moment. |
2081 | +ARCH_TO_PROPOSED_POCKET = { |
2082 | + 'x86_64': PROPOSED_POCKET, |
2083 | + 'ppc64le': PROPOSED_PORTS_POCKET, |
2084 | + 'aarch64': PROPOSED_PORTS_POCKET, |
2085 | + 's390x': PROPOSED_PORTS_POCKET, |
2086 | +} |
2087 | +CLOUD_ARCHIVE_URL = "http://ubuntu-cloud.archive.canonical.com/ubuntu" |
2088 | +CLOUD_ARCHIVE_KEY_ID = '5EDB1B62EC4926EA' |
2089 | CLOUD_ARCHIVE = """# Ubuntu Cloud Archive |
2090 | deb http://ubuntu-cloud.archive.canonical.com/ubuntu {} main |
2091 | """ |
2092 | - |
2093 | -PROPOSED_POCKET = """# Proposed |
2094 | -deb http://archive.ubuntu.com/ubuntu {}-proposed main universe multiverse restricted |
2095 | -""" |
2096 | - |
2097 | CLOUD_ARCHIVE_POCKETS = { |
2098 | # Folsom |
2099 | 'folsom': 'precise-updates/folsom', |
2100 | + 'folsom/updates': 'precise-updates/folsom', |
2101 | 'precise-folsom': 'precise-updates/folsom', |
2102 | 'precise-folsom/updates': 'precise-updates/folsom', |
2103 | 'precise-updates/folsom': 'precise-updates/folsom', |
2104 | @@ -43,6 +62,7 @@ |
2105 | 'precise-proposed/folsom': 'precise-proposed/folsom', |
2106 | # Grizzly |
2107 | 'grizzly': 'precise-updates/grizzly', |
2108 | + 'grizzly/updates': 'precise-updates/grizzly', |
2109 | 'precise-grizzly': 'precise-updates/grizzly', |
2110 | 'precise-grizzly/updates': 'precise-updates/grizzly', |
2111 | 'precise-updates/grizzly': 'precise-updates/grizzly', |
2112 | @@ -51,6 +71,7 @@ |
2113 | 'precise-proposed/grizzly': 'precise-proposed/grizzly', |
2114 | # Havana |
2115 | 'havana': 'precise-updates/havana', |
2116 | + 'havana/updates': 'precise-updates/havana', |
2117 | 'precise-havana': 'precise-updates/havana', |
2118 | 'precise-havana/updates': 'precise-updates/havana', |
2119 | 'precise-updates/havana': 'precise-updates/havana', |
2120 | @@ -59,6 +80,7 @@ |
2121 | 'precise-proposed/havana': 'precise-proposed/havana', |
2122 | # Icehouse |
2123 | 'icehouse': 'precise-updates/icehouse', |
2124 | + 'icehouse/updates': 'precise-updates/icehouse', |
2125 | 'precise-icehouse': 'precise-updates/icehouse', |
2126 | 'precise-icehouse/updates': 'precise-updates/icehouse', |
2127 | 'precise-updates/icehouse': 'precise-updates/icehouse', |
2128 | @@ -67,6 +89,7 @@ |
2129 | 'precise-proposed/icehouse': 'precise-proposed/icehouse', |
2130 | # Juno |
2131 | 'juno': 'trusty-updates/juno', |
2132 | + 'juno/updates': 'trusty-updates/juno', |
2133 | 'trusty-juno': 'trusty-updates/juno', |
2134 | 'trusty-juno/updates': 'trusty-updates/juno', |
2135 | 'trusty-updates/juno': 'trusty-updates/juno', |
2136 | @@ -75,6 +98,7 @@ |
2137 | 'trusty-proposed/juno': 'trusty-proposed/juno', |
2138 | # Kilo |
2139 | 'kilo': 'trusty-updates/kilo', |
2140 | + 'kilo/updates': 'trusty-updates/kilo', |
2141 | 'trusty-kilo': 'trusty-updates/kilo', |
2142 | 'trusty-kilo/updates': 'trusty-updates/kilo', |
2143 | 'trusty-updates/kilo': 'trusty-updates/kilo', |
2144 | @@ -83,6 +107,7 @@ |
2145 | 'trusty-proposed/kilo': 'trusty-proposed/kilo', |
2146 | # Liberty |
2147 | 'liberty': 'trusty-updates/liberty', |
2148 | + 'liberty/updates': 'trusty-updates/liberty', |
2149 | 'trusty-liberty': 'trusty-updates/liberty', |
2150 | 'trusty-liberty/updates': 'trusty-updates/liberty', |
2151 | 'trusty-updates/liberty': 'trusty-updates/liberty', |
2152 | @@ -91,6 +116,7 @@ |
2153 | 'trusty-proposed/liberty': 'trusty-proposed/liberty', |
2154 | # Mitaka |
2155 | 'mitaka': 'trusty-updates/mitaka', |
2156 | + 'mitaka/updates': 'trusty-updates/mitaka', |
2157 | 'trusty-mitaka': 'trusty-updates/mitaka', |
2158 | 'trusty-mitaka/updates': 'trusty-updates/mitaka', |
2159 | 'trusty-updates/mitaka': 'trusty-updates/mitaka', |
2160 | @@ -99,6 +125,7 @@ |
2161 | 'trusty-proposed/mitaka': 'trusty-proposed/mitaka', |
2162 | # Newton |
2163 | 'newton': 'xenial-updates/newton', |
2164 | + 'newton/updates': 'xenial-updates/newton', |
2165 | 'xenial-newton': 'xenial-updates/newton', |
2166 | 'xenial-newton/updates': 'xenial-updates/newton', |
2167 | 'xenial-updates/newton': 'xenial-updates/newton', |
2168 | @@ -107,17 +134,51 @@ |
2169 | 'xenial-proposed/newton': 'xenial-proposed/newton', |
2170 | # Ocata |
2171 | 'ocata': 'xenial-updates/ocata', |
2172 | + 'ocata/updates': 'xenial-updates/ocata', |
2173 | 'xenial-ocata': 'xenial-updates/ocata', |
2174 | 'xenial-ocata/updates': 'xenial-updates/ocata', |
2175 | 'xenial-updates/ocata': 'xenial-updates/ocata', |
2176 | 'ocata/proposed': 'xenial-proposed/ocata', |
2177 | 'xenial-ocata/proposed': 'xenial-proposed/ocata', |
2178 | - 'xenial-ocata/newton': 'xenial-proposed/ocata', |
2179 | + 'xenial-proposed/ocata': 'xenial-proposed/ocata', |
2180 | + # Pike |
2181 | + 'pike': 'xenial-updates/pike', |
2182 | + 'xenial-pike': 'xenial-updates/pike', |
2183 | + 'xenial-pike/updates': 'xenial-updates/pike', |
2184 | + 'xenial-updates/pike': 'xenial-updates/pike', |
2185 | + 'pike/proposed': 'xenial-proposed/pike', |
2186 | + 'xenial-pike/proposed': 'xenial-proposed/pike', |
2187 | + 'xenial-proposed/pike': 'xenial-proposed/pike', |
2188 | + # Queens |
2189 | + 'queens': 'xenial-updates/queens', |
2190 | + 'xenial-queens': 'xenial-updates/queens', |
2191 | + 'xenial-queens/updates': 'xenial-updates/queens', |
2192 | + 'xenial-updates/queens': 'xenial-updates/queens', |
2193 | + 'queens/proposed': 'xenial-proposed/queens', |
2194 | + 'xenial-queens/proposed': 'xenial-proposed/queens', |
2195 | + 'xenial-proposed/queens': 'xenial-proposed/queens', |
2196 | + # Rocky |
2197 | + 'rocky': 'bionic-updates/rocky', |
2198 | + 'bionic-rocky': 'bionic-updates/rocky', |
2199 | + 'bionic-rocky/updates': 'bionic-updates/rocky', |
2200 | + 'bionic-updates/rocky': 'bionic-updates/rocky', |
2201 | + 'rocky/proposed': 'bionic-proposed/rocky', |
2202 | + 'bionic-rocky/proposed': 'bionic-proposed/rocky', |
2203 | + 'bionic-proposed/rocky': 'bionic-proposed/rocky', |
2204 | + # Stein |
2205 | + 'stein': 'bionic-updates/stein', |
2206 | + 'bionic-stein': 'bionic-updates/stein', |
2207 | + 'bionic-stein/updates': 'bionic-updates/stein', |
2208 | + 'bionic-updates/stein': 'bionic-updates/stein', |
2209 | + 'stein/proposed': 'bionic-proposed/stein', |
2210 | + 'bionic-stein/proposed': 'bionic-proposed/stein', |
2211 | + 'bionic-proposed/stein': 'bionic-proposed/stein', |
2212 | } |
2213 | |
2214 | + |
2215 | APT_NO_LOCK = 100 # The return code for "couldn't acquire lock" in APT. |
2216 | CMD_RETRY_DELAY = 10 # Wait 10 seconds between command retries. |
2217 | -CMD_RETRY_COUNT = 30 # Retry a failing fatal command X times. |
2218 | +CMD_RETRY_COUNT = 3 # Retry a failing fatal command X times. |
2219 | |
2220 | |
2221 | def filter_installed_packages(packages): |
2222 | @@ -135,6 +196,18 @@ |
2223 | return _pkgs |
2224 | |
2225 | |
2226 | +def filter_missing_packages(packages): |
2227 | + """Return a list of packages that are installed. |
2228 | + |
2229 | + :param packages: list of packages to evaluate. |
2230 | + :returns list: Packages that are installed. |
2231 | + """ |
2232 | + return list( |
2233 | + set(packages) - |
2234 | + set(filter_installed_packages(packages)) |
2235 | + ) |
2236 | + |
2237 | + |
2238 | def apt_cache(in_memory=True, progress=None): |
2239 | """Build and return an apt cache.""" |
2240 | from apt import apt_pkg |
2241 | @@ -145,7 +218,7 @@ |
2242 | return apt_pkg.Cache(progress) |
2243 | |
2244 | |
2245 | -def install(packages, options=None, fatal=False): |
2246 | +def apt_install(packages, options=None, fatal=False): |
2247 | """Install one or more packages.""" |
2248 | if options is None: |
2249 | options = ['--option=Dpkg::Options::=--force-confold'] |
2250 | @@ -162,7 +235,7 @@ |
2251 | _run_apt_command(cmd, fatal) |
2252 | |
2253 | |
2254 | -def upgrade(options=None, fatal=False, dist=False): |
2255 | +def apt_upgrade(options=None, fatal=False, dist=False): |
2256 | """Upgrade all packages.""" |
2257 | if options is None: |
2258 | options = ['--option=Dpkg::Options::=--force-confold'] |
2259 | @@ -177,13 +250,13 @@ |
2260 | _run_apt_command(cmd, fatal) |
2261 | |
2262 | |
2263 | -def update(fatal=False): |
2264 | +def apt_update(fatal=False): |
2265 | """Update local apt cache.""" |
2266 | cmd = ['apt-get', 'update'] |
2267 | _run_apt_command(cmd, fatal) |
2268 | |
2269 | |
2270 | -def purge(packages, fatal=False): |
2271 | +def apt_purge(packages, fatal=False): |
2272 | """Purge one or more packages.""" |
2273 | cmd = ['apt-get', '--assume-yes', 'purge'] |
2274 | if isinstance(packages, six.string_types): |
2275 | @@ -194,6 +267,14 @@ |
2276 | _run_apt_command(cmd, fatal) |
2277 | |
2278 | |
2279 | +def apt_autoremove(purge=True, fatal=False): |
2280 | + """Purge one or more packages.""" |
2281 | + cmd = ['apt-get', '--assume-yes', 'autoremove'] |
2282 | + if purge: |
2283 | + cmd.append('--purge') |
2284 | + _run_apt_command(cmd, fatal) |
2285 | + |
2286 | + |
2287 | def apt_mark(packages, mark, fatal=False): |
2288 | """Flag one or more packages using apt-mark.""" |
2289 | log("Marking {} as {}".format(packages, mark)) |
2290 | @@ -217,7 +298,159 @@ |
2291 | return apt_mark(packages, 'unhold', fatal=fatal) |
2292 | |
2293 | |
2294 | -def add_source(source, key=None): |
2295 | +def import_key(key): |
2296 | + """Import an ASCII Armor key. |
2297 | + |
2298 | + A Radix64 format keyid is also supported for backwards |
2299 | + compatibility. In this case Ubuntu keyserver will be |
2300 | + queried for a key via HTTPS by its keyid. This method |
2301 | + is less preferrable because https proxy servers may |
2302 | + require traffic decryption which is equivalent to a |
2303 | + man-in-the-middle attack (a proxy server impersonates |
2304 | + keyserver TLS certificates and has to be explicitly |
2305 | + trusted by the system). |
2306 | + |
2307 | + :param key: A GPG key in ASCII armor format, |
2308 | + including BEGIN and END markers or a keyid. |
2309 | + :type key: (bytes, str) |
2310 | + :raises: GPGKeyError if the key could not be imported |
2311 | + """ |
2312 | + key = key.strip() |
2313 | + if '-' in key or '\n' in key: |
2314 | + # Send everything not obviously a keyid to GPG to import, as |
2315 | + # we trust its validation better than our own. eg. handling |
2316 | + # comments before the key. |
2317 | + log("PGP key found (looks like ASCII Armor format)", level=DEBUG) |
2318 | + if ('-----BEGIN PGP PUBLIC KEY BLOCK-----' in key and |
2319 | + '-----END PGP PUBLIC KEY BLOCK-----' in key): |
2320 | + log("Writing provided PGP key in the binary format", level=DEBUG) |
2321 | + if six.PY3: |
2322 | + key_bytes = key.encode('utf-8') |
2323 | + else: |
2324 | + key_bytes = key |
2325 | + key_name = _get_keyid_by_gpg_key(key_bytes) |
2326 | + key_gpg = _dearmor_gpg_key(key_bytes) |
2327 | + _write_apt_gpg_keyfile(key_name=key_name, key_material=key_gpg) |
2328 | + else: |
2329 | + raise GPGKeyError("ASCII armor markers missing from GPG key") |
2330 | + else: |
2331 | + log("PGP key found (looks like Radix64 format)", level=WARNING) |
2332 | + log("SECURELY importing PGP key from keyserver; " |
2333 | + "full key not provided.", level=WARNING) |
2334 | + # as of bionic add-apt-repository uses curl with an HTTPS keyserver URL |
2335 | + # to retrieve GPG keys. `apt-key adv` command is deprecated as is |
2336 | + # apt-key in general as noted in its manpage. See lp:1433761 for more |
2337 | + # history. Instead, /etc/apt/trusted.gpg.d is used directly to drop |
2338 | + # gpg |
2339 | + key_asc = _get_key_by_keyid(key) |
2340 | + # write the key in GPG format so that apt-key list shows it |
2341 | + key_gpg = _dearmor_gpg_key(key_asc) |
2342 | + _write_apt_gpg_keyfile(key_name=key, key_material=key_gpg) |
2343 | + |
2344 | + |
2345 | +def _get_keyid_by_gpg_key(key_material): |
2346 | + """Get a GPG key fingerprint by GPG key material. |
2347 | + Gets a GPG key fingerprint (40-digit, 160-bit) by the ASCII armor-encoded |
2348 | + or binary GPG key material. Can be used, for example, to generate file |
2349 | + names for keys passed via charm options. |
2350 | + |
2351 | + :param key_material: ASCII armor-encoded or binary GPG key material |
2352 | + :type key_material: bytes |
2353 | + :raises: GPGKeyError if invalid key material has been provided |
2354 | + :returns: A GPG key fingerprint |
2355 | + :rtype: str |
2356 | + """ |
2357 | + # Use the same gpg command for both Xenial and Bionic |
2358 | + cmd = 'gpg --with-colons --with-fingerprint' |
2359 | + ps = subprocess.Popen(cmd.split(), |
2360 | + stdout=subprocess.PIPE, |
2361 | + stderr=subprocess.PIPE, |
2362 | + stdin=subprocess.PIPE) |
2363 | + out, err = ps.communicate(input=key_material) |
2364 | + if six.PY3: |
2365 | + out = out.decode('utf-8') |
2366 | + err = err.decode('utf-8') |
2367 | + if 'gpg: no valid OpenPGP data found.' in err: |
2368 | + raise GPGKeyError('Invalid GPG key material provided') |
2369 | + # from gnupg2 docs: fpr :: Fingerprint (fingerprint is in field 10) |
2370 | + return re.search(r"^fpr:{9}([0-9A-F]{40}):$", out, re.MULTILINE).group(1) |
2371 | + |
2372 | + |
2373 | +def _get_key_by_keyid(keyid): |
2374 | + """Get a key via HTTPS from the Ubuntu keyserver. |
2375 | + Different key ID formats are supported by SKS keyservers (the longer ones |
2376 | + are more secure, see "dead beef attack" and https://evil32.com/). Since |
2377 | + HTTPS is used, if SSLBump-like HTTPS proxies are in place, they will |
2378 | + impersonate keyserver.ubuntu.com and generate a certificate with |
2379 | + keyserver.ubuntu.com in the CN field or in SubjAltName fields of a |
2380 | + certificate. If such proxy behavior is expected it is necessary to add the |
2381 | + CA certificate chain containing the intermediate CA of the SSLBump proxy to |
2382 | + every machine that this code runs on via ca-certs cloud-init directive (via |
2383 | + cloudinit-userdata model-config) or via other means (such as through a |
2384 | + custom charm option). Also note that DNS resolution for the hostname in a |
2385 | + URL is done at a proxy server - not at the client side. |
2386 | + |
2387 | + 8-digit (32 bit) key ID |
2388 | + https://keyserver.ubuntu.com/pks/lookup?search=0x4652B4E6 |
2389 | + 16-digit (64 bit) key ID |
2390 | + https://keyserver.ubuntu.com/pks/lookup?search=0x6E85A86E4652B4E6 |
2391 | + 40-digit key ID: |
2392 | + https://keyserver.ubuntu.com/pks/lookup?search=0x35F77D63B5CEC106C577ED856E85A86E4652B4E6 |
2393 | + |
2394 | + :param keyid: An 8, 16 or 40 hex digit keyid to find a key for |
2395 | + :type keyid: (bytes, str) |
2396 | + :returns: A key material for the specified GPG key id |
2397 | + :rtype: (str, bytes) |
2398 | + :raises: subprocess.CalledProcessError |
2399 | + """ |
2400 | + # options=mr - machine-readable output (disables html wrappers) |
2401 | + keyserver_url = ('https://keyserver.ubuntu.com' |
2402 | + '/pks/lookup?op=get&options=mr&exact=on&search=0x{}') |
2403 | + curl_cmd = ['curl', keyserver_url.format(keyid)] |
2404 | + # use proxy server settings in order to retrieve the key |
2405 | + return subprocess.check_output(curl_cmd, |
2406 | + env=env_proxy_settings(['https'])) |
2407 | + |
2408 | + |
2409 | +def _dearmor_gpg_key(key_asc): |
2410 | + """Converts a GPG key in the ASCII armor format to the binary format. |
2411 | + |
2412 | + :param key_asc: A GPG key in ASCII armor format. |
2413 | + :type key_asc: (str, bytes) |
2414 | + :returns: A GPG key in binary format |
2415 | + :rtype: (str, bytes) |
2416 | + :raises: GPGKeyError |
2417 | + """ |
2418 | + ps = subprocess.Popen(['gpg', '--dearmor'], |
2419 | + stdout=subprocess.PIPE, |
2420 | + stderr=subprocess.PIPE, |
2421 | + stdin=subprocess.PIPE) |
2422 | + out, err = ps.communicate(input=key_asc) |
2423 | + # no need to decode output as it is binary (invalid utf-8), only error |
2424 | + if six.PY3: |
2425 | + err = err.decode('utf-8') |
2426 | + if 'gpg: no valid OpenPGP data found.' in err: |
2427 | + raise GPGKeyError('Invalid GPG key material. Check your network setup' |
2428 | + ' (MTU, routing, DNS) and/or proxy server settings' |
2429 | + ' as well as destination keyserver status.') |
2430 | + else: |
2431 | + return out |
2432 | + |
2433 | + |
2434 | +def _write_apt_gpg_keyfile(key_name, key_material): |
2435 | + """Writes GPG key material into a file at a provided path. |
2436 | + |
2437 | + :param key_name: A key name to use for a key file (could be a fingerprint) |
2438 | + :type key_name: str |
2439 | + :param key_material: A GPG key material (binary) |
2440 | + :type key_material: (str, bytes) |
2441 | + """ |
2442 | + with open('/etc/apt/trusted.gpg.d/{}.gpg'.format(key_name), |
2443 | + 'wb') as keyf: |
2444 | + keyf.write(key_material) |
2445 | + |
2446 | + |
2447 | +def add_source(source, key=None, fail_invalid=False): |
2448 | """Add a package source to this system. |
2449 | |
2450 | @param source: a URL or sources.list entry, as supported by |
2451 | @@ -233,6 +466,33 @@ |
2452 | such as 'cloud:icehouse' |
2453 | 'distro' may be used as a noop |
2454 | |
2455 | + Full list of source specifications supported by the function are: |
2456 | + |
2457 | + 'distro': A NOP; i.e. it has no effect. |
2458 | + 'proposed': the proposed deb spec [2] is wrtten to |
2459 | + /etc/apt/sources.list/proposed |
2460 | + 'distro-proposed': adds <version>-proposed to the debs [2] |
2461 | + 'ppa:<ppa-name>': add-apt-repository --yes <ppa_name> |
2462 | + 'deb <deb-spec>': add-apt-repository --yes deb <deb-spec> |
2463 | + 'http://....': add-apt-repository --yes http://... |
2464 | + 'cloud-archive:<spec>': add-apt-repository -yes cloud-archive:<spec> |
2465 | + 'cloud:<release>[-staging]': specify a Cloud Archive pocket <release> with |
2466 | + optional staging version. If staging is used then the staging PPA [2] |
2467 | + with be used. If staging is NOT used then the cloud archive [3] will be |
2468 | + added, and the 'ubuntu-cloud-keyring' package will be added for the |
2469 | + current distro. |
2470 | + |
2471 | + Otherwise the source is not recognised and this is logged to the juju log. |
2472 | + However, no error is raised, unless sys_error_on_exit is True. |
2473 | + |
2474 | + [1] deb http://ubuntu-cloud.archive.canonical.com/ubuntu {} main |
2475 | + where {} is replaced with the derived pocket name. |
2476 | + [2] deb http://archive.ubuntu.com/ubuntu {}-proposed \ |
2477 | + main universe multiverse restricted |
2478 | + where {} is replaced with the lsb_release codename (e.g. xenial) |
2479 | + [3] deb http://ubuntu-cloud.archive.canonical.com/ubuntu <pocket> |
2480 | + to /etc/apt/sources.list.d/cloud-archive-list |
2481 | + |
2482 | @param key: A key to be added to the system's APT keyring and used |
2483 | to verify the signatures on packages. Ideally, this should be an |
2484 | ASCII format GPG public key including the block headers. A GPG key |
2485 | @@ -240,51 +500,150 @@ |
2486 | available to retrieve the actual public key from a public keyserver |
2487 | placing your Juju environment at risk. ppa and cloud archive keys |
2488 | are securely added automtically, so sould not be provided. |
2489 | + |
2490 | + @param fail_invalid: (boolean) if True, then the function raises a |
2491 | + SourceConfigError is there is no matching installation source. |
2492 | + |
2493 | + @raises SourceConfigError() if for cloud:<pocket>, the <pocket> is not a |
2494 | + valid pocket in CLOUD_ARCHIVE_POCKETS |
2495 | """ |
2496 | + _mapping = OrderedDict([ |
2497 | + (r"^distro$", lambda: None), # This is a NOP |
2498 | + (r"^(?:proposed|distro-proposed)$", _add_proposed), |
2499 | + (r"^cloud-archive:(.*)$", _add_apt_repository), |
2500 | + (r"^((?:deb |http:|https:|ppa:).*)$", _add_apt_repository), |
2501 | + (r"^cloud:(.*)-(.*)\/staging$", _add_cloud_staging), |
2502 | + (r"^cloud:(.*)-(.*)$", _add_cloud_distro_check), |
2503 | + (r"^cloud:(.*)$", _add_cloud_pocket), |
2504 | + (r"^snap:.*-(.*)-(.*)$", _add_cloud_distro_check), |
2505 | + ]) |
2506 | if source is None: |
2507 | - log('Source is not present. Skipping') |
2508 | - return |
2509 | - |
2510 | - if (source.startswith('ppa:') or |
2511 | - source.startswith('http') or |
2512 | - source.startswith('deb ') or |
2513 | - source.startswith('cloud-archive:')): |
2514 | - cmd = ['add-apt-repository', '--yes', source] |
2515 | - _run_with_retries(cmd) |
2516 | - elif source.startswith('cloud:'): |
2517 | - install(filter_installed_packages(['ubuntu-cloud-keyring']), |
2518 | + source = '' |
2519 | + for r, fn in six.iteritems(_mapping): |
2520 | + m = re.match(r, source) |
2521 | + if m: |
2522 | + # call the assoicated function with the captured groups |
2523 | + # raises SourceConfigError on error. |
2524 | + fn(*m.groups()) |
2525 | + if key: |
2526 | + try: |
2527 | + import_key(key) |
2528 | + except GPGKeyError as e: |
2529 | + raise SourceConfigError(str(e)) |
2530 | + break |
2531 | + else: |
2532 | + # nothing matched. log an error and maybe sys.exit |
2533 | + err = "Unknown source: {!r}".format(source) |
2534 | + log(err) |
2535 | + if fail_invalid: |
2536 | + raise SourceConfigError(err) |
2537 | + |
2538 | + |
2539 | +def _add_proposed(): |
2540 | + """Add the PROPOSED_POCKET as /etc/apt/source.list.d/proposed.list |
2541 | + |
2542 | + Uses get_distrib_codename to determine the correct stanza for |
2543 | + the deb line. |
2544 | + |
2545 | + For intel architecutres PROPOSED_POCKET is used for the release, but for |
2546 | + other architectures PROPOSED_PORTS_POCKET is used for the release. |
2547 | + """ |
2548 | + release = get_distrib_codename() |
2549 | + arch = platform.machine() |
2550 | + if arch not in six.iterkeys(ARCH_TO_PROPOSED_POCKET): |
2551 | + raise SourceConfigError("Arch {} not supported for (distro-)proposed" |
2552 | + .format(arch)) |
2553 | + with open('/etc/apt/sources.list.d/proposed.list', 'w') as apt: |
2554 | + apt.write(ARCH_TO_PROPOSED_POCKET[arch].format(release)) |
2555 | + |
2556 | + |
2557 | +def _add_apt_repository(spec): |
2558 | + """Add the spec using add_apt_repository |
2559 | + |
2560 | + :param spec: the parameter to pass to add_apt_repository |
2561 | + :type spec: str |
2562 | + """ |
2563 | + if '{series}' in spec: |
2564 | + series = get_distrib_codename() |
2565 | + spec = spec.replace('{series}', series) |
2566 | + # software-properties package for bionic properly reacts to proxy settings |
2567 | + # passed as environment variables (See lp:1433761). This is not the case |
2568 | + # LTS and non-LTS releases below bionic. |
2569 | + _run_with_retries(['add-apt-repository', '--yes', spec], |
2570 | + cmd_env=env_proxy_settings(['https'])) |
2571 | + |
2572 | + |
2573 | +def _add_cloud_pocket(pocket): |
2574 | + """Add a cloud pocket as /etc/apt/sources.d/cloud-archive.list |
2575 | + |
2576 | + Note that this overwrites the existing file if there is one. |
2577 | + |
2578 | + This function also converts the simple pocket in to the actual pocket using |
2579 | + the CLOUD_ARCHIVE_POCKETS mapping. |
2580 | + |
2581 | + :param pocket: string representing the pocket to add a deb spec for. |
2582 | + :raises: SourceConfigError if the cloud pocket doesn't exist or the |
2583 | + requested release doesn't match the current distro version. |
2584 | + """ |
2585 | + apt_install(filter_installed_packages(['ubuntu-cloud-keyring']), |
2586 | fatal=True) |
2587 | - pocket = source.split(':')[-1] |
2588 | - if pocket not in CLOUD_ARCHIVE_POCKETS: |
2589 | - raise SourceConfigError( |
2590 | - 'Unsupported cloud: source option %s' % |
2591 | - pocket) |
2592 | - actual_pocket = CLOUD_ARCHIVE_POCKETS[pocket] |
2593 | - with open('/etc/apt/sources.list.d/cloud-archive.list', 'w') as apt: |
2594 | - apt.write(CLOUD_ARCHIVE.format(actual_pocket)) |
2595 | - elif source == 'proposed': |
2596 | - release = lsb_release()['DISTRIB_CODENAME'] |
2597 | - with open('/etc/apt/sources.list.d/proposed.list', 'w') as apt: |
2598 | - apt.write(PROPOSED_POCKET.format(release)) |
2599 | - elif source == 'distro': |
2600 | - pass |
2601 | - else: |
2602 | - log("Unknown source: {!r}".format(source)) |
2603 | - |
2604 | - if key: |
2605 | - if '-----BEGIN PGP PUBLIC KEY BLOCK-----' in key: |
2606 | - with NamedTemporaryFile('w+') as key_file: |
2607 | - key_file.write(key) |
2608 | - key_file.flush() |
2609 | - key_file.seek(0) |
2610 | - subprocess.check_call(['apt-key', 'add', '-'], stdin=key_file) |
2611 | - else: |
2612 | - # Note that hkp: is in no way a secure protocol. Using a |
2613 | - # GPG key id is pointless from a security POV unless you |
2614 | - # absolutely trust your network and DNS. |
2615 | - subprocess.check_call(['apt-key', 'adv', '--keyserver', |
2616 | - 'hkp://keyserver.ubuntu.com:80', '--recv', |
2617 | - key]) |
2618 | + if pocket not in CLOUD_ARCHIVE_POCKETS: |
2619 | + raise SourceConfigError( |
2620 | + 'Unsupported cloud: source option %s' % |
2621 | + pocket) |
2622 | + actual_pocket = CLOUD_ARCHIVE_POCKETS[pocket] |
2623 | + with open('/etc/apt/sources.list.d/cloud-archive.list', 'w') as apt: |
2624 | + apt.write(CLOUD_ARCHIVE.format(actual_pocket)) |
2625 | + |
2626 | + |
2627 | +def _add_cloud_staging(cloud_archive_release, openstack_release): |
2628 | + """Add the cloud staging repository which is in |
2629 | + ppa:ubuntu-cloud-archive/<openstack_release>-staging |
2630 | + |
2631 | + This function checks that the cloud_archive_release matches the current |
2632 | + codename for the distro that charm is being installed on. |
2633 | + |
2634 | + :param cloud_archive_release: string, codename for the release. |
2635 | + :param openstack_release: String, codename for the openstack release. |
2636 | + :raises: SourceConfigError if the cloud_archive_release doesn't match the |
2637 | + current version of the os. |
2638 | + """ |
2639 | + _verify_is_ubuntu_rel(cloud_archive_release, openstack_release) |
2640 | + ppa = 'ppa:ubuntu-cloud-archive/{}-staging'.format(openstack_release) |
2641 | + cmd = 'add-apt-repository -y {}'.format(ppa) |
2642 | + _run_with_retries(cmd.split(' ')) |
2643 | + |
2644 | + |
2645 | +def _add_cloud_distro_check(cloud_archive_release, openstack_release): |
2646 | + """Add the cloud pocket, but also check the cloud_archive_release against |
2647 | + the current distro, and use the openstack_release as the full lookup. |
2648 | + |
2649 | + This just calls _add_cloud_pocket() with the openstack_release as pocket |
2650 | + to get the correct cloud-archive.list for dpkg to work with. |
2651 | + |
2652 | + :param cloud_archive_release:String, codename for the distro release. |
2653 | + :param openstack_release: String, spec for the release to look up in the |
2654 | + CLOUD_ARCHIVE_POCKETS |
2655 | + :raises: SourceConfigError if this is the wrong distro, or the pocket spec |
2656 | + doesn't exist. |
2657 | + """ |
2658 | + _verify_is_ubuntu_rel(cloud_archive_release, openstack_release) |
2659 | + _add_cloud_pocket("{}-{}".format(cloud_archive_release, openstack_release)) |
2660 | + |
2661 | + |
2662 | +def _verify_is_ubuntu_rel(release, os_release): |
2663 | + """Verify that the release is in the same as the current ubuntu release. |
2664 | + |
2665 | + :param release: String, lowercase for the release. |
2666 | + :param os_release: String, the os_release being asked for |
2667 | + :raises: SourceConfigError if the release is not the same as the ubuntu |
2668 | + release. |
2669 | + """ |
2670 | + ubuntu_rel = get_distrib_codename() |
2671 | + if release != ubuntu_rel: |
2672 | + raise SourceConfigError( |
2673 | + 'Invalid Cloud Archive release specified: {}-{} on this Ubuntu' |
2674 | + 'version ({})'.format(release, os_release, ubuntu_rel)) |
2675 | |
2676 | |
2677 | def _run_with_retries(cmd, max_retries=CMD_RETRY_COUNT, retry_exitcodes=(1,), |
2678 | @@ -300,9 +659,12 @@ |
2679 | :param: cmd_env: dict: Environment variables to add to the command run. |
2680 | """ |
2681 | |
2682 | - env = os.environ.copy() |
2683 | + env = None |
2684 | + kwargs = {} |
2685 | if cmd_env: |
2686 | + env = os.environ.copy() |
2687 | env.update(cmd_env) |
2688 | + kwargs['env'] = env |
2689 | |
2690 | if not retry_message: |
2691 | retry_message = "Failed executing '{}'".format(" ".join(cmd)) |
2692 | @@ -314,7 +676,8 @@ |
2693 | retry_results = (None,) + retry_exitcodes |
2694 | while result in retry_results: |
2695 | try: |
2696 | - result = subprocess.check_call(cmd, env=env) |
2697 | + # result = subprocess.check_call(cmd, env=env) |
2698 | + result = subprocess.check_call(cmd, **kwargs) |
2699 | except subprocess.CalledProcessError as e: |
2700 | retry_count = retry_count + 1 |
2701 | if retry_count > max_retries: |
2702 | @@ -327,6 +690,7 @@ |
2703 | def _run_apt_command(cmd, fatal=False): |
2704 | """Run an apt command with optional retries. |
2705 | |
2706 | + :param: cmd: str: The apt command to run. |
2707 | :param: fatal: bool: Whether the command's output should be checked and |
2708 | retried. |
2709 | """ |
2710 | @@ -353,7 +717,7 @@ |
2711 | cache = apt_cache() |
2712 | try: |
2713 | pkg = cache[package] |
2714 | - except: |
2715 | + except Exception: |
2716 | # the package is unknown to the current apt cache. |
2717 | return None |
2718 | |
2719 | |
2720 | === modified file 'hooks/hooks.py' |
2721 | --- hooks/hooks.py 2019-03-21 10:59:11 +0000 |
2722 | +++ hooks/hooks.py 2019-03-21 11:40:09 +0000 |
2723 | @@ -218,7 +218,7 @@ |
2724 | haproxy_config = load_haproxy_config(haproxy_config_file) |
2725 | if haproxy_config is None: |
2726 | return None |
2727 | - m = re.search("stats auth\s+(\w+):(\w+)", haproxy_config) |
2728 | + m = re.search(r"stats auth\s+(\w+):(\w+)", haproxy_config) |
2729 | if m is not None: |
2730 | return m.group(2) |
2731 | else: |
2732 | @@ -246,7 +246,7 @@ |
2733 | if haproxy_config is None: |
2734 | return () |
2735 | listen_stanzas = re.findall( |
2736 | - "listen\s+([^\s]+)\s+([^:]+):(.*)", |
2737 | + r"listen\s+([^\s]+)\s+([^:]+):(.*)", |
2738 | haproxy_config) |
2739 | # Match bind stanzas like: |
2740 | # |
2741 | @@ -254,7 +254,7 @@ |
2742 | # bind 2001:db8::1:80 |
2743 | # bind 1.2.3.4:123 ssl crt /foo/bar |
2744 | bind_stanzas = re.findall( |
2745 | - "\s+bind\s+([a-fA-F0-9\.:\*]+):(\d+).*\n\s+default_backend\s+([^\s]+)", |
2746 | + r"\s+bind\s+([a-fA-F0-9\.:\*]+):(\d+).*\n\s+default_backend\s+([^\s]+)", |
2747 | haproxy_config, re.M) |
2748 | return (tuple(((service, addr, int(port)) |
2749 | for service, addr, port in listen_stanzas)) + |
2750 | @@ -454,7 +454,7 @@ |
2751 | monitoring_config.append("http-request deny unless allowed_cidr") |
2752 | monitoring_config.append("stats enable") |
2753 | monitoring_config.append("stats uri /") |
2754 | - monitoring_config.append("stats realm Haproxy\ Statistics") |
2755 | + monitoring_config.append("stats realm Haproxy\ Statistics") # noqa: W605 |
2756 | monitoring_config.append("stats auth %s:%s" % |
2757 | (config_data['monitoring_username'], |
2758 | monitoring_password)) |
2759 | @@ -1269,7 +1269,7 @@ |
2760 | # to turn it into a string for comparison |
2761 | component_addr = octet_parser(name.getComponent()) |
2762 | cert_addresses.add(str(component_addr)) |
2763 | - except: |
2764 | + except Exception: |
2765 | pass |
2766 | if cert_addresses != unit_addresses: |
2767 | log('subjAltName: Cert (%s) != Unit (%s), assuming stale' % ( |
2768 | @@ -1289,11 +1289,13 @@ |
2769 | """ |
2770 | try: |
2771 | import ipaddress |
2772 | + |
2773 | def ipaddress_parser(octet): |
2774 | return str(ipaddress.ip_address(str(octet))) |
2775 | return ipaddress_parser |
2776 | except ImportError: |
2777 | import ipaddr |
2778 | + |
2779 | def trusty_ipaddress_parser(octet): |
2780 | return str(ipaddr.IPAddress(ipaddr.Bytes(str(octet)))) |
2781 | return trusty_ipaddress_parser |
2782 | @@ -1405,6 +1407,7 @@ |
2783 | print("Unknown hook") |
2784 | sys.exit(1) |
2785 | |
2786 | + |
2787 | if __name__ == "__main__": |
2788 | hook_name = os.path.basename(sys.argv[0]) |
2789 | # Also support being invoked directly with hook as argument name. |
2790 | |
2791 | === modified file 'hooks/tests/test_config_changed_hooks.py' |
2792 | --- hooks/tests/test_config_changed_hooks.py 2019-03-21 10:08:36 +0000 |
2793 | +++ hooks/tests/test_config_changed_hooks.py 2019-03-21 11:40:09 +0000 |
2794 | @@ -46,7 +46,7 @@ |
2795 | self.addCleanup(mock_controller.stop) |
2796 | return mock |
2797 | |
2798 | - @patch('hooks.opened_ports', return_value=['443/tcp',]) |
2799 | + @patch('hooks.opened_ports', return_value=['443/tcp', ]) |
2800 | def test_config_changed_notify_website_changed_stanzas(self, opened_ports): |
2801 | self.service_haproxy.return_value = True |
2802 | self.get_listen_stanzas.side_effect = ( |
2803 | @@ -59,7 +59,7 @@ |
2804 | self.notify_website.assert_called_once_with() |
2805 | self.notify_peer.assert_called_once_with() |
2806 | |
2807 | - @patch('hooks.opened_ports', return_value=['443/tcp',]) |
2808 | + @patch('hooks.opened_ports', return_value=['443/tcp', ]) |
2809 | def test_config_changed_no_notify_website_not_changed(self, opened_ports): |
2810 | self.service_haproxy.return_value = True |
2811 | self.get_listen_stanzas.side_effect = ( |
2812 | @@ -71,7 +71,7 @@ |
2813 | self.notify_website.assert_not_called() |
2814 | self.notify_peer.assert_not_called() |
2815 | |
2816 | - @patch('hooks.opened_ports', return_value=['443/tcp',]) |
2817 | + @patch('hooks.opened_ports', return_value=['443/tcp', ]) |
2818 | def test_config_changed_no_notify_website_failed_check(self, opened_ports): |
2819 | self.service_haproxy.return_value = False |
2820 | self.get_listen_stanzas.side_effect = ( |
2821 | @@ -87,7 +87,7 @@ |
2822 | "HAProxy configuration check failed, exiting.") |
2823 | self.sys_exit.assert_called_once_with(1) |
2824 | |
2825 | - @patch('hooks.opened_ports', return_value=['443/tcp',]) |
2826 | + @patch('hooks.opened_ports', return_value=['443/tcp', ]) |
2827 | def test_config_changed_notify_reverseproxy(self, opened_ports): |
2828 | """ |
2829 | If the ssl_cert config value changes, the reverseproxy relations get |
2830 | @@ -103,7 +103,7 @@ |
2831 | _notify_reverseproxy.assert_called_once_with() |
2832 | service_restart.assert_called_once_with('rsyslog') |
2833 | |
2834 | - @patch('hooks.opened_ports', return_value=['443/tcp',]) |
2835 | + @patch('hooks.opened_ports', return_value=['443/tcp', ]) |
2836 | def test_config_changed_restart_rsyslog(self, opened_ports): |
2837 | """ |
2838 | If the gloabl_log or source config value changes, rsyslog is |
2839 | |
2840 | === modified file 'hooks/tests/test_helpers.py' |
2841 | --- hooks/tests/test_helpers.py 2017-10-09 17:38:17 +0000 |
2842 | +++ hooks/tests/test_helpers.py 2019-03-21 11:40:09 +0000 |
2843 | @@ -680,10 +680,10 @@ |
2844 | safe_load.return_value = [ |
2845 | { |
2846 | 'service_name': 'foo', |
2847 | - 'service_options': { |
2848 | + 'service_options': { # noqa: F601 |
2849 | 'foo-1': 123, |
2850 | }, |
2851 | - 'service_options': ['foo1', 'foo2'], |
2852 | + 'service_options': ['foo1', 'foo2'], # noqa: F601 |
2853 | 'server_options': ['baz1', 'baz2'], |
2854 | }, |
2855 | { |
2856 | @@ -724,10 +724,10 @@ |
2857 | safe_load.return_value = [ |
2858 | { |
2859 | 'service_name': 'foo', |
2860 | - 'service_options': { |
2861 | + 'service_options': { # noqa: F601 |
2862 | 'foo-1': 123, |
2863 | }, |
2864 | - 'service_options': ['foo1', 'foo2'], |
2865 | + 'service_options': ['foo1', 'foo2'], # noqa: F601 |
2866 | 'server_options': ['baz1', 'baz2'], |
2867 | }, |
2868 | { |
2869 | @@ -768,10 +768,10 @@ |
2870 | safe_load.return_value = [ |
2871 | { |
2872 | 'service_name': 'foo', |
2873 | - 'service_options': { |
2874 | + 'service_options': { # noqa: F601 |
2875 | 'foo-1': 123, |
2876 | }, |
2877 | - 'service_options': ['foo1', 'foo2'], |
2878 | + 'service_options': ['foo1', 'foo2'], # noqa: F601 |
2879 | 'server_options': 'baz1, baz2', |
2880 | }, |
2881 | { |
2882 | @@ -812,10 +812,10 @@ |
2883 | safe_load.return_value = [ |
2884 | { |
2885 | 'service_name': 'foo', |
2886 | - 'service_options': { |
2887 | + 'service_options': { # noqa: F601 |
2888 | 'foo-1': 123, |
2889 | }, |
2890 | - 'service_options': ['foo1', 'foo2'], |
2891 | + 'service_options': ['foo1', 'foo2'], # noqa: F601 |
2892 | 'server_options': 'baz1, baz2', |
2893 | }, |
2894 | { |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.