Merge lp:~cprov/charms/trusty/adt-cloud-worker/uci-nova into lp:~canonical-ci-engineering/charms/trusty/adt-cloud-worker/trunk

Proposed by Celso Providelo on 2015-03-12
Status: Merged
Approved by: Celso Providelo on 2015-03-12
Approved revision: 12
Merged at revision: 12
Proposed branch: lp:~cprov/charms/trusty/adt-cloud-worker/uci-nova
Merge into: lp:~canonical-ci-engineering/charms/trusty/adt-cloud-worker/trunk
Diff against target: 119 lines (+7/-85)
2 files modified
hooks/actions.py (+6/-84)
hooks/services.py (+1/-1)
To merge this branch: bzr merge lp:~cprov/charms/trusty/adt-cloud-worker/uci-nova
Reviewer Review Type Date Requested Status
Paul Larson 2015-03-12 Approve on 2015-03-12
Review via email: mp+252769@code.launchpad.net

Commit message

Install 'uci-nova' ssh-setup on the default autopkgtest location so it can be used by workers.

Description of the change

Install 'uci-nova' ssh-setup on the default autopkgtest location so it can be used by workers.

To post a comment you must log in.
Ubuntu CI Bot (uci-bot) wrote :

Voting does not meet specified criteria. Required: Approve >= 1. Got: 1 Pending.

Paul Larson (pwlars) wrote :

Looks great to me, this simplifies things.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/actions.py'
2--- hooks/actions.py 2015-03-11 00:38:18 +0000
3+++ hooks/actions.py 2015-03-12 16:00:51 +0000
4@@ -1,7 +1,6 @@
5 import base64
6-import ConfigParser as configparser
7 import os
8-import socket
9+import shutil
10 import subprocess
11
12 from charmhelpers import fetch
13@@ -44,88 +43,11 @@
14 f.write(config_content)
15
16
17-def reset_nova(service_name):
18- hookenv.log('Attempting to reset nova key-pairs ...')
19- pubkey_path = os.path.expanduser('~/.ssh/id_rsa.pub')
20- if os.path.exists(pubkey_path):
21- hookenv.log('SSH key already exists, nothing to do ...')
22- return
23-
24- hookenv.log('Generating a new SSH key ...')
25- seckey_path = pubkey_path[:-4]
26- cmd = 'ssh-keygen -f %s -q -N ""' % seckey_path
27- subprocess.check_call(cmd, shell=True)
28-
29- config_path = os.path.join(SERVICE_DIR, '.adt-service.conf')
30- hookenv.log('Using current app configuration from: %s' % config_path)
31- config = configparser.ConfigParser()
32- config.read(config_path)
33- for k, v in config.items('nova'):
34- if not k.startswith('os_'):
35- continue
36- os.environ[k.upper()] = str(v)
37-
38- worker_secgroup = socket.gethostname().replace('-machine', '')
39- hookenv.log('Resetting keypair "%s" ...' % worker_secgroup)
40- try:
41- cmd = 'nova keypair-delete %s' % worker_secgroup
42- subprocess.check_call(cmd, shell=True)
43- except subprocess.CalledProcessError:
44- # It may not exist.
45- pass
46- cmd = 'nova keypair-add --pub-key %s %s' % (pubkey_path, worker_secgroup)
47- subprocess.check_call(cmd, shell=True)
48-
49- # Ensure there is a "restrictive" security group named after the
50- # worker hostname (e.g.: 'juju-bootstack-1-testbed').
51- testbed_secgroup = '%s-testbed' % worker_secgroup
52-
53- try:
54- subprocess.check_call(
55- ['neutron', 'security-group-delete', testbed_secgroup])
56- except subprocess.CalledProcessError:
57- # It may not exist.
58- pass
59-
60- subprocess.check_call(
61- ['neutron', 'security-group-create', testbed_secgroup,
62- '--description', '"%s worker testbeds"' % (worker_secgroup)])
63-
64- # Drop default rules allowing all egress traffic IPv[4,6].
65- permissive_rule_ids = subprocess.check_output(
66- 'neutron security-group-rule-list --format csv '
67- '-c id -c security_group --quote none '
68- '| grep %s | cut -d\',\' -f1' % testbed_secgroup,
69- shell=True).splitlines()
70- for rule_id in permissive_rule_ids:
71- subprocess.check_call(
72- ['neutron', 'security-group-rule-delete', rule_id])
73-
74- allow_rules = (
75- # SSH (tcp:22) ingress connections from the worker (adt).
76- {'direction': 'ingress', 'protocol': 'tcp',
77- 'port-range-min': '22', 'port-range-max': '22',
78- 'remote-group-id': worker_secgroup},
79-
80- # APT (nova.clouds.archive.ubuntu.com, security.ubuntu.com) &
81- # NTP (ntp.ubuntu.com).
82- {'direction': 'egress', 'remote-ip-prefix': '91.189.88.0/21'},
83-
84- # Cloud DNS.
85- {'direction': 'egress', 'remote-ip-prefix': '8.8.8.8'},
86-
87- # XXX cprov 2015-03-10: Check with mpitti if the network restriction
88- # is valid or we are raising the bar too high for tests.
89- # Blanket rule allowing all ipv4 egress traffic, because the above
90- # are not enough to boot.
91- {'direction': 'egress', 'ethertype': 'ipv4'},
92- )
93-
94- for rule in allow_rules:
95- cmd_args = ['neutron', 'security-group-rule-create']
96- [cmd_args.extend(['--%s' % (k), v]) for k,v in rule.iteritems()]
97- cmd_args.append(testbed_secgroup)
98- subprocess.check_call(cmd_args)
99+def install_adt_uci_nova(service_name):
100+ hookenv.log('Attempting to install "uci-nova" autopkgtest ssh-setup ...')
101+ shutil.copy2(
102+ os.path.join(hookenv.charm_dir(), 'files', 'uci-nova'),
103+ '/usr/share/autopkgtest/ssh-setup/')
104
105
106 def install_python_packages(service_name):
107
108=== modified file 'hooks/services.py'
109--- hooks/services.py 2015-03-10 19:30:51 +0000
110+++ hooks/services.py 2015-03-12 16:00:51 +0000
111@@ -18,7 +18,7 @@
112 actions.get_cloud_worker_from_tarball,
113 actions.install_python_packages,
114 actions.get_config_file,
115- actions.reset_nova,
116+ actions.install_adt_uci_nova,
117 helpers.render_template(
118 source='upstart.conf',
119 target='/etc/init/adt-cloud-worker.conf'),

Subscribers

People subscribed via source and target branches