Juju Lint

Merge ~marcusboden/juju-lint:bug/1999263 into juju-lint:master

  1. Git
  2. lp:~marcusboden/juju-lint
  3. bug/1999263
  4. Merge into master
Proposed by Marcus Boden
Status: Superseded
Proposed branch: ~marcusboden/juju-lint:bug/1999263
Merge into: juju-lint:master
Diff against target: 13 lines (+2/-0)
1 file modified
contrib/includes/openstack.yaml (+2/-0)
Reviewer Review Type Date Requested Status
Gabriel Cocenza Needs Information
Erhan Sunar (community) Approve
🤖 prod-jenkaas-bootstack continuous-integration Approve
BootStack Reviewers Pending
Review via email: mp+436110@code.launchpad.net

This proposal has been superseded by a proposal from 2023-02-01.

Commit message

Added check for nova-compute ephemeral devices config

This alerts if the nova-compute config option "ephemeral-device" is set
to /dev/sdX or /dev/vgX, to prevent ephemeral devices on landing on a
root drive.

Closes-Bug: #1999263

Description of the change

I tested the change on ps5 (ephemeral-device is set to /dev/disk/..., so it passed without error) and did some local test with only a nova-compute charm:
https://pastebin.canonical.com/p/N6qPQ8KxCG/

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote :

PASSED: Continuous integration, rev:d974ec7f398904747589e0fa1a3e6b96b5a406a9
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/59/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/2060/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/1935/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/59//rebuild

review: Approve (continuous-integration)
Revision history for this message
Erhan Sunar (esunar) :
review: Approve
Revision history for this message
Gabriel Cocenza (gabrielcocenza) wrote :

Hi Marcus.
Thanks for the patch. The change LGTM, but I think it would be beneficial to have a unit test checking this regex. You can take a look at the unit test code[0] to get some inspiration. Moreover, I think that a "custom-message[1]" would be beneficial for users understand the problem. A message like: "dev/sdX or/dev/vgX should not be used as ephemeral-devices because it can encrypt the root drive"

Thanks

[0]https://git.launchpad.net/juju-lint/tree/tests/unit/test_jujulint.py#n1009
[1] https://git.launchpad.net/juju-lint/tree/contrib/includes/openstack.yaml#n30

review: Needs Information

Unmerged commits

d974ec7... by Marcus Boden

Added check for nova-compute ephemeral devices config

This alerts if the nova-compute config option "ephemeral-device" is set
to /dev/sdX or /dev/vgX, to prevent ephemeral devices on landing on a
root drive.

Closes-Bug: #1999263

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/contrib/includes/openstack.yaml b/contrib/includes/openstack.yaml
2index 5814fac..df898c5 100644
3--- a/contrib/includes/openstack.yaml
4+++ b/contrib/includes/openstack.yaml
5@@ -29,6 +29,8 @@ openstack config base: &openstack-config-base
6 log-level: warning
7 custom-message:
8 Default 4 workers is too low for production clouds.
9+ ephemeral-device:
10+ search: "^((?!/dev/vg|/dev/sd).)*$"
11 rabbitmq-server:
12 cluster-partition-handling:
13 eq: "pause_minority"

Subscribers

People subscribed via source and target branches