https://codereview.appspot.com/43730044/diff/1/provider/common/bootstrap.go#newcode95
provider/common/bootstrap.go:95: return "", fmt.Errorf("failed to create
system key: %v", err)
On 2013/12/19 22:16:11, thumper wrote:
> On 2013/12/19 01:50:05, axw wrote:
> > I'm told the errors should be worded like "creating system key", so
it ends up
> > as
> > error: creating system key: <thing>
> >
> > (I've traditionally done it the same way as you have here, mind.)
> I'd say that this is dumb.
I agree with both of you here. I think it's good if the error message
still makes sense even when the subsidiary error after the colon is
removed.
On the other hand, if there *is* a good reason for using different keys
for different purposes, perhaps we should consider using different keys
for serving the API server and for the mongo server.
https:/ /codereview. appspot. com/43730044/ diff/1/ provider/ common/ bootstrap. go common/ bootstrap. go (right):
File provider/
https:/ /codereview. appspot. com/43730044/ diff/1/ provider/ common/ bootstrap. go#newcode95 common/ bootstrap. go:95: return "", fmt.Errorf("failed to create
provider/
system key: %v", err)
On 2013/12/19 22:16:11, thumper wrote:
> On 2013/12/19 01:50:05, axw wrote:
> > I'm told the errors should be worded like "creating system key", so
it ends up
> > as
> > error: creating system key: <thing>
> >
> > (I've traditionally done it the same way as you have here, mind.)
> I'd say that this is dumb.
I agree with both of you here. I think it's good if the error message
still makes sense even when the subsidiary error after the colon is
removed.
https:/ /codereview. appspot. com/43730044/ diff/20001/ doc/system- ssh-key. txt ssh-key. txt (right):
File doc/system-
https:/ /codereview. appspot. com/43730044/ diff/20001/ doc/system- ssh-key. txt#newcode10 ssh-key. txt:10: Juju already creates a private key to connect
doc/system-
to the mongo database. It was an
Strictly speaking it creates a private key for *serving* the mongo
database and the API server.
https:/ /codereview. appspot. com/43730044/ diff/20001/ doc/system- ssh-key. txt#newcode12 ssh-key. txt:12: different purposes just seems like a more
doc/system-
robust idea.
I'd like a less hand-wavy justification than this.
Every extra secret lying around is another potential system
vulnerability.
On the other hand, if there *is* a good reason for using different keys
for different purposes, perhaps we should consider using different keys
for serving the API server and for the mongo server.
https:/ /codereview. appspot. com/43730044/ diff/20001/ environs/ ssh/systemident ity.go ssh/systemident ity.go (right):
File environs/
https:/ /codereview. appspot. com/43730044/ diff/20001/ environs/ ssh/systemident ity.go# newcode18 ssh/systemident ity.go: 18: func WriteSystemIden tity(filename
environs/
string, privateKey string) error {
We're creating an entire new package for a single constant and a
function that's semantically almost identical to ioutil.WriteFile?
Please let's just define SystemIdentityF ilename in environs/cloudinit
and call WriteFile directly inside provider/local, the only caller.
https:/ /codereview. appspot. com/43730044/ diff/20001/ environs/ ssh/systemident ity.go# newcode21 ssh/systemident ity.go: 21: logger. Errorf( "failed writing system
environs/
identity: %v", err)
If we've got an error return, please return the more informative error
rather than logging it. The error should be logged later at a higher
level.
https:/ /codereview. appspot. com/43730044/