Launchpad itself

Merge lp:~yellow/launchpad/lxcsetup into lp:launchpad

lxcsetup
Merge into devel

Proposed by Francesco Banconi on 2012-01-23

Status:	Merged
Approved by:	Francesco Banconi on 2012-01-30
Approved revision:	no longer in the source branch.
Merged at revision:	14733
Proposed branch:	lp:~yellow/launchpad/lxcsetup
Merge into:	lp:launchpad
Diff against target:	823 lines (+819/-0) 1 file modified utilities/setuplxc.py (+819/-0)
To merge this branch:	bzr merge lp:~yellow/launchpad/lxcsetup
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Benji York (community)	code		Approve on 2012-01-25
Graham Binns		2012-01-23	Pending
Review via email: mp+89660@code.launchpad.net

Description of the change

= Summary =

This branch adds a script that can be used to set up a Launchpad environment
inside a LXC, useful for testing Launchpad.

== Proposed fix ==

https://dev.launchpad.net/ParallelTests describes how LXC containers offer
a cheap way to run tests in parallel using ephemeral instances, obtaining the
required isolation to workaround the existing globals (shared work dirs,
hardcoded tcp ports, etc.). The `setuplxc.py` script creates a Launchpad
environment from scratch, ready to be used by ephemerals (e.g. in a buildbot
slave context).

== Pre-implementation notes ==

During development we realized that the same approach (with few changes)
should work to set up a Launchpad development environment.
The developer can just:

- run the script (passing his current local username as user), e.g.::

./setuplxc.py -u username -e <email address hidden> -n 'Firstname Lastname'
-c lp-devel -d /home/username/lp-deps /home/username/lp-branches/

- ssh into the container (in the example above: ssh lp-devel)
- cd ~/lp-branches/devel
- make schema
- make run
- start hacking

== Implementation details ==

utilities/setuplxc.py:
* the script is implemented in Python
* requires Python 2.7
* must be run as root
* help on required arguments: utilities/setuplxc.py -h

utilities/launchpad-database-setup
* refactored so that it can be run by root

== Tests ==

The script uses internal helper functions providing doctests. To run them::

python -m doctest -v utilities/setuplxc.py

A more extensive and complete testing approach would require to setup
a precise KVM.

== Demo and Q/A ==

To demo and Q/A this change, do the following:

* Install precise in a virtual machine (e.g. KVM)

* Copy the script inside the virtual machine, e.g. for kvm::

kvm -hda precise_HDA.img -boot c -m 2000 -redir tcp:2222::22 &
scp -P 2222 /utilities/setuplxc.py root@localhost:/tmp/

* Run the script, e.g.::

    ssh -p 2222 root@localhost
    cd /tmp/
    ./setuplxc [arguments]

== lint ==

= Launchpad lint =

Checking for conflicts and issues in changed files.

Linting changed files:
utilities/setuplxc.py

Revision history for this message

Benji York (benji) wrote on 2012-01-23:

Here's what I have this far:

lxc-create and lxc-start use the "-n" option to specify the instance
name, we might want to do the same.

It would be nice if the script used the current user info (login name)
if none are provided as arguments. Taking that a step further, bzr
whoami produces consistent, easily parsable results that could make
--email and --name optional as well.

...Later: oh! The user info is required because the script is expecting
to be run as root. I suppose the easiest thing would be to leave it
as-is, but it'd be really nice to not have to provide all of those
arguments. Perhaps the script can be re factored into two halves: the
first starts as the user in question, and the second part is run under
sudo (prompting the user for a password if nectary).

I'm a big fan of doctest, but it's LP policy to not introduce any new
(non-documentation) doctests, so the embedded doctests should be
translated into unittest-style tests.

Is it really necessary to skip the "sudo" (in launchpad-database-setup)
if already running as root? I would expect the sudo to be a noop in
that scenario. Similarly, "sudo -u postgres" should work equally well
for root as it does for non-root users.

We've mostly transitioned away from the %-style string construction and
switched to the new .format() string method so the script should avoid
constructing strings with %.

On line 210 of the diff: The summary line of a docstring should fit on a
single line.

The file_append function doesn't have to rewrite the entire file.
Instead the file can be opened in append mode and the new line appended.

Also, when appending a line to a file you should check to see if the
last line of the file doesn't have a trailing newline, otherwise you can
end up adding your string to the last line of the file instead of
appending an entirely new line.

Since this script requires Python 2.7, I would use the print function
instead of the print keyword (from __future__ import print_function).

On line 366 of the diff, the description of the --name argument leaves
off the "r" in "for" ("used fo bzr").

The parenthesis around the multi-line constructions of the "help"
arguments aren't necessary.

Requiring an SSH private key without passphrase gives me some security
shivers and may raise a few eyebrows.

Here's what I have this far:

lxc-create and lxc-start use the "-n" option to specify the instance
name, we might want to do the same.

It would be nice if the script used the current user info (login name)
if none are provided as arguments.  Taking that a step further, bzr
whoami produces consistent, easily parsable results that could make
--email and --name optional as well.

...Later: oh!  The user info is required because the script is expecting
to be run as root.  I suppose the easiest thing would be to leave it
as-is, but it'd be really nice to not have to provide all of those
arguments.  Perhaps the script can be re factored into two halves: the
first starts as the user in question, and the second part is run under
sudo (prompting the user for a password if nectary).

I'm a big fan of doctest, but it's LP policy to not introduce any new
(non-documentation) doctests, so the embedded doctests should be
translated into unittest-style tests.

Is it really necessary to skip the "sudo" (in launchpad-database-setup)
if already running as root?  I would expect the sudo to be a noop in
that scenario.  Similarly, "sudo -u postgres" should work equally well
for root as it does for non-root users.

We've mostly transitioned away from the %-style string construction and
switched to the new .format() string method so the script should avoid
constructing strings with %.

On line 210 of the diff: The summary line of a docstring should fit on a
single line.

The file_append function doesn't have to rewrite the entire file.
Instead the file can be opened in append mode and the new line appended.

Since this script requires Python 2.7, I would use the print function
instead of the print keyword (from __future__ import print_function).

On line 366 of the diff, the description of the --name argument leaves
off the "r" in "for" ("used fo bzr").

The parenthesis around the multi-line constructions of the "help"
arguments aren't necessary.

Requiring an SSH private key without passphrase gives me some security
shivers and may raise a few eyebrows.

Revision history for this message

Gary Poster (gary) wrote on 2012-01-23:

I'm a branch participant too, so I'll have a small reply. My thoughts, fwiw:

- very helpful review. I'm old-skool with %-based string interpolation, I guess. That came from me, I think. I'm fine with format.
- Given that this script is standalone, I thought that the doctests were fine when I saw them. Separating them from the script would be a shame IMO
- file_append wants to insert a line at the beginning IIRC, so rewriting makes sense. Maybe I don't RC.
- print function from future: eh. If Francesco wants IMO :-)
- requiring an SSH private key without passphrase is necessary for this to be doable mechanically, such as part of a juju install, AFAIK. If there's another approach, I'd be very interested in hearing of it.

Revision history for this message

Martin Pool (mbp) wrote on 2012-01-23:

I'm happy to see this, but it is a bit unfortunate how much code is
getting duplicated between ec2, rocketfuel-setup, and now this...
Perhaps it can later be split out to scripts that are used by all of
them.

Revision history for this message

Gary Poster (gary) wrote on 2012-01-23:

Martin, we do have a slack-time card to eliminate duplication between this and rocketfuel-setup.

That said, the problem with that task, and with similar work for ec2, is that IMO rocketfuel-setup and setuplxc should be standalone--someone should be able to get the file, without the Launchpad tree, and the script should be able to run. It doesn't have to be a file, but that's the easiest unit to work with for our use cases, particularly for setuplxc. I'd be tempted to have rocketfuel-setup depend on setuplxc rather than reverse, but that's painting a bikeshed.

An alternative approach would be to have a deb package that encompasses all three, so instead of "get this script and run it" you have "[install this PPA, ] install this package and run it." Our to-be-developed buildbot slave juju charm that wants to use setuplxc could have a configuration option to install PPAs and packages, in addition to or instead of accepting files to run. That sounds interesting to me, though it's out of scope for the current project. Could be a slack/20% time project though, maybe.

Revision history for this message

Benji York (benji) wrote on 2012-01-23:

Here's the rest of my review:

The places that have comments like "This requires Oneiric or later." or
"This script is run as root." could assert those preconditions and
generate errors if they are not met.

A question about file_insert and file_append: are the files being
modified long-lived? If we are using file_append on a file and the user
adds a new line to the end of the file then we will re-append another
copy of our line(s) to that file. Do those lines really have to be at
the very beginning and very end? Could we instead check to see if they
exist anywhere in the file and append/prepend only if they don't?

Writing the above made me realize that file_insert should probably be
named file_prepend since its behavior is the mirror of file_append and
doesn't insert the line at an arbitrary point.

Tiny suggestion: I think it would read better if you used

with ssh_connection(lxcname) as ssh:
...

instead of

with ssh(lxcname) as sshcall:
...

in initialize_lxc. The later "ssh(...)" calls would read better as
well.

We should have some error checking/reporting for all the commands we're
running (via SSH). Just something simple to stderr would help
tremendously for that inevitable time in the future when the script
fails for one reason or another.

What purpose does the time.sleep(5) in stop_lxc serve? Is it intended
as a deadline for the instance to stop cleanly? If so, it seems fine
(if a little short). We could increase it to account for the inevitable
slow shutdowns that will sometimes happen and add a probe in a loop to
see if the instance has actually stopped or not that can exit early if
the instance stops before the timeout value is reached (much as you do
in create_lxc).

On the other hand, since these are ephemeral instances, perhaps we don't
really care to let them shut down cleanly, in that case we could just
lxc-stop them without the poweroff.

Name of the Namespace class could be a bit more specific (line 584 of
the diff). Perhaps "Configuration".

Here's the rest of my review:

The places that have comments like "This requires Oneiric or later." or
"This script is run as root." could assert those preconditions and
generate errors if they are not met.

A question about file_insert and file_append: are the files being
modified long-lived?  If we are using file_append on a file and the user
adds a new line to the end of the file then we will re-append another
copy of our line(s) to that file.  Do those lines really have to be at
the very beginning and very end?  Could we instead check to see if they
exist anywhere in the file and append/prepend only if they don't?

Writing the above made me realize that file_insert should probably be
named file_prepend since its behavior is the mirror of file_append and
doesn't insert the line at an arbitrary point.

Tiny suggestion: I think it would read better if you used

with ssh_connection(lxcname) as ssh:
        ...
    
instead of

with ssh(lxcname) as sshcall:
        ...
    
in initialize_lxc.  The later "ssh(...)" calls would read better as
well.

We should have some error checking/reporting for all the commands we're
running (via SSH).  Just something simple to stderr would help
tremendously for that inevitable time in the future when the script
fails for one reason or another.

What purpose does the time.sleep(5) in stop_lxc serve?  Is it intended
as a deadline for the instance to stop cleanly?  If so, it seems fine
(if a little short).  We could increase it to account for the inevitable
slow shutdowns that will sometimes happen and add a probe in a loop to
see if the instance has actually stopped or not that can exit early if
the instance stops before the timeout value is reached (much as you do
in create_lxc).

On the other hand, since these are ephemeral instances, perhaps we don't
really care to let them shut down cleanly, in that case we could just
lxc-stop them without the poweroff.

Name of the Namespace class could be a bit more specific (line 584 of
the diff).  Perhaps "Configuration".

Revision history for this message

Francesco Banconi (frankban) wrote on 2012-01-24:

> A question about file_insert and file_append: are the files being
> modified long-lived? If we are using file_append on a file and the user
> adds a new line to the end of the file then we will re-append another
> copy of our line(s) to that file. Do those lines really have to be at
> the very beginning and very end? Could we instead check to see if they
> exist anywhere in the file and append/prepend only if they don't?

The check is already done. However, I can improve the way it is done: file_insert checks only for the first line of the file, it could do it for the entire file, remove the line if present, put the line on top.
The order of the lines is important, for example in resolv.conf we need to make sure that the lxc bridge nameserver is the first.
s/file_insert/file_prepend: +1

> What purpose does the time.sleep(5) in stop_lxc serve? Is it intended
> as a deadline for the instance to stop cleanly? If so, it seems fine
> (if a little short). We could increase it to account for the inevitable
> slow shutdowns that will sometimes happen and add a probe in a loop to
> see if the instance has actually stopped or not that can exit early if
> the instance stops before the timeout value is reached (much as you do
> in create_lxc).
>
> On the other hand, since these are ephemeral instances, perhaps we don't
> really care to let them shut down cleanly, in that case we could just
> lxc-stop them without the poweroff.

I agree on creating a loop that checks if the container is stopped for, say, 60 seconds.
The lxc will be used as a template for ephemerals, or as a Launchpad environment for developers, so, in my opinion, lxc-stop is not sufficient.

Many thanks Benji for your detailed review, working on it.

Revision history for this message

Benji York (benji) wrote on 2012-01-25:

The script looks great, don't let the wall of text below fool you. :)

All of the points below can be ignored if you so desire, except for the
last three paragraphs. All these things seemed important enough to
note, but not important enough to block on if you don't agree. The last
three paragraphs probably do need to be addressed though. I'm confident
you'll do that so I've approved the MP.

I lost my first draft of this, so I'm afraid this is more terse than I
would like.

Since this is a stand-alone script, we don't need to populate __all__.

The leading underscores in function names aren't needed (since we use
__all__ to document a module's exported names we don't have to ugly up
names that we don't want people to use).

We can use email.Utils.parseaddr instead of _parse_whoami.

I assume the "parser" argument for bzr_whois was intended as a
dependency injection point, but since it's not used it can be removed.

A small thing, but it seems to me that

    if not content.endswith('\n'):
        f.write('\n')
    f.write(line)

would be a bit easier to read than

f.write(line if content.endswith('\n') else '\n{}'.format(line))

Since "ssh" doesn't perform any cleanup actions (i.e., there is no code
after the yield), it could just be a regular function.

There are a few instances of code like this:

'Error running command: {}'.format(' '.join(sshcmd))

A slight simplification would be to use string concatenation instead:

'Error running command: ' + ' '.join(sshcmd)

I don't understand the meaning of "clean" in _clean_users,
_clean_userdata, and _clean_ssh_keys. Maybe it's an assertion that they
are clean, in that case I'd expect the functions to be named
"validate...", but they do more than validation, so that doesn't sounnd
right either. Maybe "set" would be the right word ("set_directories",
etc.).

You can use email.Utils.formataddr instead of string operations in
initialize_host to construct the user's whois string.

The os.system call in initialize_host will do the wrong thing if
checkout_dir contains a space (or quotation mark, etc.).
subprocess.call might be a better choice there.

If a function_args_map action raises an exception in main, the exception
is returned (not reraised) and the return value of main is passed to
sys.exit which expects an integer. That doesn't seem quite right.
Perhaps main should just return 1 if an exception occurs.

The dance to restart as root deserves a couple lines of commentary
explaining that if we weren't started as root then we gather up all the
info we need about the user and then restart as root. (I really like
this feature, by the way).

The script looks great, don't let the wall of text below fool you. :)

All of the points below can be ignored if you so desire, except for the
last three paragraphs.  All these things seemed important enough to
note, but not important enough to block on if you don't agree.  The last
three paragraphs probably do need to be addressed though.  I'm confident
you'll do that so I've approved the MP.

I lost my first draft of this, so I'm afraid this is more terse than I
would like.

Since this is a stand-alone script, we don't need to populate __all__.

The leading underscores in function names aren't needed (since we use
__all__ to document a module's exported names we don't have to ugly up
names that we don't want people to use).

We can use email.Utils.parseaddr instead of _parse_whoami.

I assume the "parser" argument for bzr_whois was intended as a
dependency injection point, but since it's not used it can be removed.

A small thing, but it seems to me that

if not content.endswith('\n'):
        f.write('\n')
    f.write(line)

would be a bit easier to read than

f.write(line if content.endswith('\n') else '\n{}'.format(line))

Since "ssh" doesn't perform any cleanup actions (i.e., there is no code
after the yield), it could just be a regular function.

There are a few instances of code like this:

'Error running command: {}'.format(' '.join(sshcmd))

A slight simplification would be to use string concatenation instead:

'Error running command: ' + ' '.join(sshcmd)

I don't understand the meaning of "clean" in _clean_users,
_clean_userdata, and _clean_ssh_keys.  Maybe it's an assertion that they
are clean, in that case I'd expect the functions to be named
"validate...", but they do more than validation, so that doesn't sounnd
right either.  Maybe "set" would be the right word ("set_directories",
etc.).

You can use email.Utils.formataddr instead of string operations in
initialize_host to construct the user's whois string.

The os.system call in initialize_host will do the wrong thing if
checkout_dir contains a space (or quotation mark, etc.).
subprocess.call might be a better choice there.

If a function_args_map action raises an exception in main, the exception
is returned (not reraised) and the return value of main is passed to
sys.exit which expects an integer.  That doesn't seem quite right.
Perhaps main should just return 1 if an exception occurs.

review: Approve (code)

Revision history for this message

Francesco Banconi (frankban) wrote on 2012-01-26:

> The script looks great, don't let the wall of text below fool you. :)

Hooray!
My thoughts on some of your observations:

> We can use email.Utils.parseaddr instead of _parse_whoami.

I agree, I didn't think about looking at the standard library :-(

> I assume the "parser" argument for bzr_whois was intended as a
> dependency injection point, but since it's not used it can be removed.

It is, see line 127 of the diff.

> Since "ssh" doesn't perform any cleanup actions (i.e., there is no code
> after the yield), it could just be a regular function.

Yes, my same doubt. I ended up using a context manager just to separate connection arguments from the real "call" argument, and to avoid repeating username and location on each ssh call.

> I don't understand the meaning of "clean" in _clean_users,
> _clean_userdata, and _clean_ssh_keys. Maybe it's an assertion that they
> are clean, in that case I'd expect the functions to be named
> "validate...", but they do more than validation, so that doesn't sounnd
> right either. Maybe "set" would be the right word ("set_directories",
> etc.).

Argh... naming things... I used "clean" as e verb, because after calling them we can assume the namespace to be "clean", usable. Maybe "handle_*" could be better?

> If a function_args_map action raises an exception in main, the exception
> is returned (not reraised) and the return value of main is passed to
> sys.exit which expects an integer. That doesn't seem quite right.

sys.exit expects other types too, and in that case it prints the string representation of the passed object to stderr and then exits with 1, that's what we want.

Thank you Benji for all your suggestions.

Revision history for this message

Benji York (benji) wrote on 2012-01-26:

> > I assume the "parser" argument for bzr_whois was intended as a
> > dependency injection point, but since it's not used it can be removed.
>
> It is, see line 127 of the diff.

I'm not seeing it, but I'll take your word for it. Oh! I think you
mean that the parameter is used, right I see that; I mean that the
*argument* is never used, i.e., no caller of bzr_whois ever passes an
argument for "parser", therefore it can be removed and its use in the
body of bzr_whois can be replaced with parseaddr.

> > Since "ssh" doesn't perform any cleanup actions (i.e., there is no code
> > after the yield), it could just be a regular function.
>
> Yes, my same doubt. I ended up using a context manager just to separate
> connection arguments from the real "call" argument, and to avoid repeating
> username and location on each ssh call.

The function can still return a callable so you get those same benefits.
The transformation would be to remove the decorator and change the yield
into a return. Then instead of doing a "with ssh(...) as foo" you'd do
a "foo = ssh(...)".

> > I don't understand the meaning of "clean" in _clean_users,
> > _clean_userdata, and _clean_ssh_keys. Maybe it's an assertion that they
> > are clean, in that case I'd expect the functions to be named
> > "validate...", but they do more than validation, so that doesn't sounnd
> > right either. Maybe "set" would be the right word ("set_directories",
> > etc.).
>
> Argh... naming things... I used "clean" as e verb, because after calling them
> we can assume the namespace to be "clean", usable. Maybe "handle_*" could be
> better?

"handle" is certainly reasonable.

> > If a function_args_map action raises an exception in main, the exception
> > is returned (not reraised) and the return value of main is passed to
> > sys.exit which expects an integer. That doesn't seem quite right.
>
> sys.exit expects other types too, and in that case it prints the string
> representation of the passed object to stderr and then exits with 1, that's
> what we want.

Well, I guess I learned something new today. :)

> > I assume the "parser" argument for bzr_whois was intended as a
> > dependency injection point, but since it's not used it can be removed.
> 
> It is, see line 127 of the diff.

I'm not seeing it, but I'll take your word for it.  Oh!  I think you
mean that the parameter is used, right I see that; I mean that the
*argument* is never used, i.e., no caller of bzr_whois ever passes an
argument for "parser", therefore it can be removed and its use in the
body of bzr_whois can be replaced with parseaddr.

> > Since "ssh" doesn't perform any cleanup actions (i.e., there is no code
> > after the yield), it could just be a regular function.
> 
> Yes, my same doubt. I ended up using a context manager just to separate
> connection arguments from the real "call" argument, and to avoid repeating
> username and location on each ssh call.

The function can still return a callable so you get those same benefits.
The transformation would be to remove the decorator and change the yield
into a return.  Then instead of doing a "with ssh(...) as foo" you'd do
a "foo = ssh(...)".

> > I don't understand the meaning of "clean" in _clean_users,
> > _clean_userdata, and _clean_ssh_keys.  Maybe it's an assertion that they
> > are clean, in that case I'd expect the functions to be named
> > "validate...", but they do more than validation, so that doesn't sounnd
> > right either.  Maybe "set" would be the right word ("set_directories",
> > etc.).
> 
> Argh... naming things... I used "clean" as e verb, because after calling them
> we can assume the namespace to be "clean", usable. Maybe "handle_*" could be
> better?

"handle" is certainly reasonable.

> > If a function_args_map action raises an exception in main, the exception
> > is returned (not reraised) and the return value of main is passed to
> > sys.exit which expects an integer.  That doesn't seem quite right.
> 
> sys.exit expects other types too, and in that case it prints the string
> representation of the passed object to stderr and then exits with 1, that's
> what we want.

Well, I guess I learned something new today. :)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

Yellow Squad

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === added file 'utilities/setuplxc.py'
 --- utilities/setuplxc.py	1970-01-01 00:00:00 +0000
 +++ utilities/setuplxc.py	2012-01-30 09:59:36 +0000
@@ -0,0 +1,819 @@
++#!/usr/bin/env python
++# Copyright 2012 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""Create an LXC test environment for Launchpad testing."""
++
++__metaclass__ = type
++__all__ = [
++    'ArgumentParser',
++    'cd',
++    'create_lxc',
++    'file_append',
++    'file_prepend',
++    'get_container_path',
++    'get_user_ids',
++    'initialize_host',
++    'initialize_lxc',
++    'SetupLXCError',
++    'ssh',
++    'SSHError',
++    'stop_lxc',
++    'su',
++    'user_exists',
++    'ValidationError',
++    ]
++
++# To run doctests: python -m doctest -v setuplxc.py
++
++from collections import namedtuple, OrderedDict
++from contextlib import contextmanager
++from email.Utils import parseaddr
++import argparse
++import os
++import pwd
++import shutil
++import subprocess
++import sys
++import time
++
++
++DEPENDENCIES_DIR = '~/dependencies'
++DHCP_FILE = '/etc/dhcp/dhclient.conf'
++HOST_PACKAGES = ['ssh', 'lxc', 'libvirt-bin', 'bzr', 'language-pack-en']
++HOSTS_FILE = '/etc/hosts'
++LP_APACHE_MODULES = 'proxy proxy_http rewrite ssl deflate headers'
++LP_APACHE_ROOTS = (
++    '/var/tmp/bazaar.launchpad.dev/static',
++    '/var/tmp/archive',
++    '/var/tmp/ppa',
++    )
++LP_CHECKOUT = 'devel'
++LP_DEB_DEPENDENCIES = (
++    'bzr launchpad-developer-dependencies apache2 '
++    'apache2-mpm-worker libapache2-mod-wsgi')
++LP_REPOSITORY = 'lp:launchpad'
++LP_SOURCE_DEPS = (
++    'http://bazaar.launchpad.net/~launchpad/lp-source-dependencies/trunk')
++LXC_CONFIG_TEMPLATE = '/etc/lxc/local.conf'
++LXC_GATEWAY = '10.0.3.1'
++LXC_GUEST_OS = 'lucid'
++LXC_HOSTS_CONTENT = (
++    ('127.0.0.88',
++        'launchpad.dev answers.launchpad.dev archive.launchpad.dev '
++        'api.launchpad.dev bazaar-internal.launchpad.dev beta.launchpad.dev '
++        'blueprints.launchpad.dev bugs.launchpad.dev code.launchpad.dev '
++        'feeds.launchpad.dev id.launchpad.dev keyserver.launchpad.dev '
++        'lists.launchpad.dev openid.launchpad.dev '
++        'ubuntu-openid.launchpad.dev ppa.launchpad.dev '
++        'private-ppa.launchpad.dev testopenid.dev translations.launchpad.dev '
++        'xmlrpc-private.launchpad.dev xmlrpc.launchpad.dev'),
++    ('127.0.0.99', 'bazaar.launchpad.dev'),
++    )
++LXC_NAME = 'lptests'
++LXC_OPTIONS = (
++    ('lxc.network.type', 'veth'),
++    ('lxc.network.link', 'lxcbr0'),
++    ('lxc.network.flags', 'up'),
++    )
++LXC_PATH = '/var/lib/lxc/'
++LXC_REPOS = (
++    'deb http://archive.ubuntu.com/ubuntu '
++    'lucid main universe multiverse',
++    'deb http://archive.ubuntu.com/ubuntu '
++    'lucid-updates main universe multiverse',
++    'deb http://archive.ubuntu.com/ubuntu '
++    'lucid-security main universe multiverse',
++    'deb http://ppa.launchpad.net/launchpad/ppa/ubuntu lucid main',
++    'deb http://ppa.launchpad.net/bzr/ppa/ubuntu lucid main',
++    )
++RESOLV_FILE = '/etc/resolv.conf'
++
++
++Env = namedtuple('Env', 'uid gid home')
++
++
++class SetupLXCError(Exception):
++    """Base exception for setuplxc."""
++
++
++class SSHError(SetupLXCError):
++    """Errors occurred during SSH connection."""
++
++
++class ValidationError(SetupLXCError):
++    """Argparse invalid arguments."""
++
++
++def bzr_whois(user):
++    """Return fullname and email of bzr `user`.
++
++    Return None if the given `user` does not have a bzr user id.
++    """
++    with su(user):
++        try:
++            whoami = subprocess.check_output(['bzr', 'whoami'])
++        except (subprocess.CalledProcessError, OSError):
++            return None
++    return parseaddr(whoami)
++
++
++@contextmanager
++def cd(directory):
++    """A context manager to temporary change current working dir, e.g.::
++
++        >>> import os
++        >>> os.chdir('/tmp')
++        >>> with cd('/bin'): print os.getcwd()
++        /bin
++        >>> os.getcwd()
++        '/tmp'
++    """
++    cwd = os.getcwd()
++    os.chdir(directory)
++    yield
++    os.chdir(cwd)
++
++
++def file_append(filename, line):
++    """Append given `line`, if not present, at the end of `filename`.
++
++    Usage example::
++
++        >>> import tempfile
++        >>> f = tempfile.NamedTemporaryFile('w', delete=False)
++        >>> f.write('line1\\n')
++        >>> f.close()
++        >>> file_append(f.name, 'new line\\n')
++        >>> open(f.name).read()
++        'line1\\nnew line\\n'
++
++    Nothing happens if the file already contains the given `line`::
++
++        >>> file_append(f.name, 'new line\\n')
++        >>> open(f.name).read()
++        'line1\\nnew line\\n'
++
++    A new line is automatically added before the given `line` if it is not
++    present at the end of current file content::
++
++        >>> import tempfile
++        >>> f = tempfile.NamedTemporaryFile('w', delete=False)
++        >>> f.write('line1')
++        >>> f.close()
++        >>> file_append(f.name, 'new line\\n')
++        >>> open(f.name).read()
++        'line1\\nnew line\\n'
++    """
++    with open(filename, 'a+') as f:
++        content = f.read()
++        if line not in content:
++            if content.endswith('\n'):
++                f.write(line)
++            else:
++                f.write('\n' + line)
++
++
++def file_prepend(filename, line):
++    """Insert given `line`, if not present, at the beginning of `filename`.
++
++    Usage example::
++
++        >>> import tempfile
++        >>> f = tempfile.NamedTemporaryFile('w', delete=False)
++        >>> f.write('line1\\n')
++        >>> f.close()
++        >>> file_prepend(f.name, 'line0\\n')
++        >>> open(f.name).read()
++        'line0\\nline1\\n'
++
++    If the file starts with the given `line`, nothing happens::
++
++        >>> file_prepend(f.name, 'line0\\n')
++        >>> open(f.name).read()
++        'line0\\nline1\\n'
++
++    If the file contains the given `line`, but not at the beginning,
++    the line is moved on top::
++
++        >>> file_prepend(f.name, 'line1\\n')
++        >>> open(f.name).read()
++        'line1\\nline0\\n'
++    """
++    with open(filename, 'r+') as f:
++        lines = f.readlines()
++        if lines[0] != line:
++            if line in lines:
++                lines.remove(line)
++            lines.insert(0, line)
++            f.seek(0)
++            f.writelines(lines)
++
++
++def get_container_path(lxcname, path='', base_path=LXC_PATH):
++    """Return the path of LXC container called `lxcname`.
++
++    If a `path` is given, return that path inside the container, e.g.::
++
++        >>> get_container_path('mycontainer')
++        '/var/lib/lxc/mycontainer/rootfs/'
++        >>> get_container_path('mycontainer', '/etc/apt/')
++        '/var/lib/lxc/mycontainer/rootfs/etc/apt/'
++        >>> get_container_path('mycontainer', 'home')
++        '/var/lib/lxc/mycontainer/rootfs/home'
++    """
++    return os.path.join(base_path, lxcname, 'rootfs', path.lstrip('/'))
++
++
++def get_user_ids(user):
++    """Return the uid and gid of given `user`, e.g.::
++
++        >>> get_user_ids('root')
++        (0, 0)
++    """
++    userdata = pwd.getpwnam(user)
++    return userdata.pw_uid, userdata.pw_gid
++
++
++def ssh(location, user=None, caller=subprocess.call):
++    """Return a callable that can be used to run ssh shell commands.
++
++    The ssh `location` and, optionally, `user` must be given.
++    If the user is None then the current user is used for the connection.
++
++    The callable internally uses the given `caller`::
++
++        >>> def caller(cmd):
++        ...     print cmd
++        >>> sshcall = ssh('example.com', 'myuser', caller=caller)
++        >>> root_sshcall = ssh('example.com', caller=caller)
++        >>> sshcall('ls -l') # doctest: +ELLIPSIS
++        ('ssh', '-t', ..., 'myuser@example.com', '--', 'ls -l')
++        >>> root_sshcall('ls -l') # doctest: +ELLIPSIS
++        ('ssh', '-t', ..., 'example.com', '--', 'ls -l')
++
++    If the ssh command exits with an error code, an `SSHError` is raised::
++
++        >>> ssh('loc', caller=lambda cmd: 1)('ls -l') # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        SSHError: ...
++    """
++    if user is not None:
++        location = '{}@{}'.format(user, location)
++
++    def _sshcall(cmd):
++        sshcmd = (
++            'ssh',
++            '-t',
++            '-o', 'StrictHostKeyChecking=no',
++            '-o', 'UserKnownHostsFile=/dev/null',
++            location,
++            '--', cmd,
++            )
++        if caller(sshcmd):
++            raise SSHError('Error running command: ' + ' '.join(sshcmd))
++
++    return _sshcall
++
++
++@contextmanager
++def su(user):
++    """A context manager to temporary run the script as a different user."""
++    uid, gid = get_user_ids(user)
++    os.setegid(gid)
++    os.seteuid(uid)
++    current_home = os.getenv('HOME')
++    home = os.path.join(os.path.sep, 'home', user)
++    os.environ['HOME'] = home
++    yield Env(uid, gid, home)
++    os.setegid(os.getgid())
++    os.seteuid(os.getuid())
++    os.environ['HOME'] = current_home
++
++
++def user_exists(username):
++    """Return True if given `username` exists, e.g.::
++
++        >>> user_exists('root')
++        True
++        >>> user_exists('_this_user_does_not_exist_')
++        False
++    """
++    try:
++        pwd.getpwnam(username)
++    except KeyError:
++        return False
++    return True
++
++
++class ArgumentParser(argparse.ArgumentParser):
++    """A customized parser for argparse."""
++
++    validators = ()
++
++    def get_args_from_namespace(self, namespace):
++        """Return a list of arguments taking values from `namespace`.
++
++        Having a parser defined as usual::
++
++            >>> parser = ArgumentParser()
++            >>> _ = parser.add_argument('--foo')
++            >>> _ = parser.add_argument('bar')
++            >>> namespace = parser.parse_args('--foo eggs spam'.split())
++
++        It is possible to recreate the argument list taking values from
++        a different namespace::
++
++            >>> namespace.foo = 'changed'
++            >>> parser.get_args_from_namespace(namespace)
++            ['--foo', 'changed', 'spam']
++        """
++        args = []
++        for action in self._actions:
++            dest = action.dest
++            option_strings = action.option_strings
++            value = getattr(namespace, dest, None)
++            if value:
++                if option_strings:
++                    args.append(option_strings[0])
++                args.append(value)
++        return args
++
++    def _validate(self, namespace):
++        for validator in self.validators:
++            try:
++                validator(namespace)
++            except ValidationError as err:
++                self.error(err.message)
++
++    def parse_args(self, *args, **kwargs):
++        """Override to add further arguments cleaning and validation.
++
++        `self.validators` can contain an iterable of objects that are called
++        once the arguments namespace is fully populated.
++        This allows cleaning and validating arguments that depend on
++        each other, or on the current environment.
++
++        Each validator is a callable object, takes the current namespace
++        and can raise ValidationError if the arguments are not valid::
++
++            >>> import sys
++            >>> stderr, sys.stderr = sys.stderr, sys.stdout
++            >>> def validator(namespace):
++            ...     raise ValidationError('nothing is going on')
++            >>> parser = ArgumentParser()
++            >>> parser.validators = [validator]
++            >>> parser.parse_args([])
++            Traceback (most recent call last):
++            SystemExit: 2
++            >>> sys.stderr = stderr
++        """
++        namespace = super(ArgumentParser, self).parse_args(*args, **kwargs)
++        self._validate(namespace)
++        return namespace
++
++
++def handle_users(namespace, euid=None):
++    """Handle user and lpuser arguments.
++
++    If lpuser is not provided by namespace, the user name is used::
++
++        >>> namespace = argparse.Namespace(user='myuser', lpuser=None)
++        >>> handle_users(namespace)
++        >>> namespace.lpuser
++        'myuser'
++
++    This validator populates namespace with `home_dir` and `run_as_root`
++    names::
++
++        >>> handle_users(namespace, euid=0)
++        >>> namespace.home_dir
++        '/home/myuser'
++        >>> namespace.run_as_root
++        True
++
++    The validation fails if the current user is root and no user is provided::
++
++        >>> namespace = argparse.Namespace(user=None)
++        >>> handle_users(namespace, euid=0) # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        ValidationError: argument user ...
++    """
++    if euid is None:
++        euid = os.geteuid()
++    if namespace.user is None:
++        if not euid:
++            raise ValidationError('argument user can not be omitted if '
++                                  'the script is run as root.')
++        namespace.user = pwd.getpwuid(euid).pw_name
++    if namespace.lpuser is None:
++        namespace.lpuser = namespace.user
++    namespace.home_dir = os.path.join(os.path.sep, 'home', namespace.user)
++    namespace.run_as_root = not euid
++
++
++def handle_userdata(namespace, whois=bzr_whois):
++    """Handle full_name and email arguments.
++
++    If they are not provided, this function tries to obtain them using
++    the given `whois` callable::
++
++        >>> namespace = argparse.Namespace(
++        ...     full_name=None, email=None, user='foo')
++        >>> email = 'email@example.com'
++        >>> handle_userdata(namespace, lambda user: (user, email))
++        >>> namespace.full_name == namespace.user
++        True
++        >>> namespace.email == email
++        True
++
++    The validation fails if full_name or email are not provided and
++    they can not be obtained using the `whois` callable::
++
++        >>> namespace = argparse.Namespace(
++        ...     full_name=None, email=None, user='foo')
++        >>> handle_userdata(namespace, lambda user: None) # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        ValidationError: arguments full-name ...
++
++    It does not make sense to provide only one argument::
++
++        >>> namespace = argparse.Namespace(full_name='Foo Bar', email=None)
++        >>> handle_userdata(namespace) # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        ValidationError: arguments full-name ...
++    """
++    args = (namespace.full_name, namespace.email)
++    if not all(args):
++        if any(args):
++            raise ValidationError(
++                'arguments full-name and email: '
++                'either none or both must be provided.')
++        userdata = whois(namespace.user)
++        if userdata is None:
++            raise ValidationError(
++                'arguments full-name and email are required: '
++                'bzr user id not found.')
++        namespace.full_name, namespace.email = userdata
++
++
++def handle_ssh_keys(namespace):
++    """Handle private and public ssh keys.
++
++    Keys contained in the namespace are escaped::
++
++        >>> private = r'PRIVATE\\nKEY'
++        >>> public = r'PUBLIC\\nKEY'
++        >>> namespace = argparse.Namespace(
++        ...     private_key=private, public_key=public)
++        >>> handle_ssh_keys(namespace)
++        >>> namespace.private_key == private.decode('string-escape')
++        True
++        >>> namespace.public_key == public.decode('string-escape')
++        True
++
++    The validation fails if keys are not provided and can not be found
++    in the current home directory::
++
++        >>> namespace = argparse.Namespace(
++        ...     private_key=private, public_key=None,
++        ...     home_dir='/tmp/__does_not_exists__')
++        >>> handle_ssh_keys(namespace) # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        ValidationError: argument public_key ...
++    """
++    for attr, filename in (
++        ('private_key', 'id_rsa'),
++        ('public_key', 'id_rsa.pub')):
++        value = getattr(namespace, attr)
++        if value:
++            setattr(namespace, attr, value.decode('string-escape'))
++        else:
++            path = os.path.join(namespace.home_dir, '.ssh', filename)
++            try:
++                value = open(path).read()
++            except IOError:
++                raise ValidationError(
++                    'argument {} is required if the system user does not '
++                    'exists with SSH key pair set up.'.format(attr))
++            setattr(namespace, attr, value)
++
++
++def handle_directories(namespace):
++    """Handle checkout and dependencies directories.
++
++    The ~ construction is automatically expanded::
++
++        >>> namespace = argparse.Namespace(
++        ...     directory='~/launchpad', dependencies_dir='~/launchpad/deps',
++        ...     home_dir='/home/foo')
++        >>> handle_directories(namespace)
++        >>> namespace.directory
++        '/home/foo/launchpad'
++        >>> namespace.dependencies_dir
++        '/home/foo/launchpad/deps'
++
++    The validation fails for directories not residing inside the home::
++
++        >>> namespace = argparse.Namespace(
++        ...     directory='/tmp/launchpad',
++        ...     dependencies_dir='~/launchpad/deps',
++        ...     home_dir='/home/foo')
++        >>> handle_directories(namespace) # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        ValidationError: argument directory ...
++
++    The validation fails if the directory contains spaces::
++
++        >>> namespace = argparse.Namespace(directory='my directory')
++        >>> handle_directories(namespace) # doctest: +ELLIPSIS
++        Traceback (most recent call last):
++        ValidationError: argument directory ...
++    """
++    if ' ' in namespace.directory:
++        raise ValidationError('argument directory can not contain spaces.')
++    for attr in ('directory', 'dependencies_dir'):
++        directory = getattr(
++            namespace, attr).replace('~', namespace.home_dir)
++        if not directory.startswith(namespace.home_dir + os.path.sep):
++            raise ValidationError(
++                'argument {} does not reside under the home '
++                'directory of the system user.'.format(attr))
++        setattr(namespace, attr, directory)
++
++
++parser = ArgumentParser(description=__doc__)
++parser.add_argument(
++    '-u', '--user',
++    help='The name of the system user to be created or updated. '
++         'The current user is used if this script is not run as root '
++         'and this argument is omitted.')
++parser.add_argument(
++    '-e', '--email',
++    help='The email of the user, used for bzr whoami. This argument can '
++         'be omitted if a bzr id exists for current user.')
++parser.add_argument(
++    '-f', '--full-name',
++    help='The full name of the user, used for bzr whoami. This argument can '
++         'be omitted if a bzr id exists for current user.')
++parser.add_argument(
++    '-l', '--lpuser',
++    help='The name of the Launchpad user that will be used to check out '
++         'dependencies.  If not provided, the system user name is used.')
++parser.add_argument(
++    '-v', '--private-key',
++    help='The SSH private key for the Launchpad user (without passphrase). '
++         'If the system user already exists with SSH key pair set up, '
++         'this argument can be omitted.')
++parser.add_argument(
++    '-b', '--public-key',
++    help='The SSH public key for the Launchpad user. '
++         'If the system user already exists with SSH key pair set up, '
++         'this argument can be omitted.')
++parser.add_argument(
++    '-a', '--actions', nargs='+',
++    choices=('initialize_host', 'create_lxc', 'initialize_lxc', 'stop_lxc'),
++    help='Only for debugging. Call one or more internal functions.')
++parser.add_argument(
++    '-n', '--lxc-name', default=LXC_NAME,
++    metavar='LXC_NAME (default={})'.format(LXC_NAME),
++    help='The LXC container name.')
++parser.add_argument(
++    '-d', '--dependencies-dir', default=DEPENDENCIES_DIR,
++    metavar='DEPENDENCIES_DIR (default={})'.format(DEPENDENCIES_DIR),
++    help='The directory of the Launchpad dependencies to be created. '
++         'The directory must reside under the home directory of the '
++         'given user (see -u argument).')
++parser.add_argument(
++    'directory',
++    help='The directory of the Launchpad repository to be created. '
++         'The directory must reside under the home directory of the '
++         'given user (see -u argument).')
++parser.validators = (
++    handle_users,
++    handle_userdata,
++    handle_ssh_keys,
++    handle_directories,
++    )
++
++
++def initialize_host(
++    user, fullname, email, lpuser, private_key, public_key,
++    dependencies_dir, directory):
++    """Initialize host machine."""
++    # Install necessary deb packages.  This requires Oneiric or later.
++    subprocess.call(['apt-get', 'update'])
++    subprocess.call(['apt-get', '-y', 'install'] + HOST_PACKAGES)
++    # Create the user (if he does not exist).
++    if not user_exists(user):
++        subprocess.call(['useradd', '-m', '-s', '/bin/bash', '-U', user])
++    # Generate root ssh keys if they do not exist.
++    if not os.path.exists('/root/.ssh/id_rsa.pub'):
++        subprocess.call([
++            'ssh-keygen', '-q', '-t', 'rsa', '-N', '',
++            '-f', '/root/.ssh/id_rsa'])
++    with su(user) as env:
++        # Set up the user's ssh directory.  The ssh key must be associated
++        # with the lpuser's Launchpad account.
++        ssh_dir = os.path.join(env.home, '.ssh')
++        if not os.path.exists(ssh_dir):
++            os.makedirs(ssh_dir)
++        priv_file = os.path.join(ssh_dir, 'id_rsa')
++        pub_file = os.path.join(ssh_dir, 'id_rsa.pub')
++        auth_file = os.path.join(ssh_dir, 'authorized_keys')
++        known_hosts = os.path.join(ssh_dir, 'known_hosts')
++        known_host_content = subprocess.check_output([
++            'ssh-keyscan', '-t', 'rsa', 'bazaar.launchpad.net'])
++        for filename, contents, mode in [
++            (priv_file, private_key, 'w'),
++            (pub_file, public_key, 'w'),
++            (auth_file, public_key, 'a'),
++            (known_hosts, known_host_content, 'a'),
++            ]:
++            with open(filename, mode) as f:
++                f.write('{}\n'.format(contents))
++            os.chmod(filename, 0644)
++        os.chmod(priv_file, 0600)
++        # Set up bzr and Launchpad authentication.
++        subprocess.call([
++            'bzr', 'whoami', '"{} <{}>"'.format(fullname, email)])
++        subprocess.call(['bzr', 'lp-login', lpuser])
++        # Set up the repository.
++        if not os.path.exists(directory):
++            os.makedirs(directory)
++        subprocess.call(['bzr', 'init-repo', directory])
++        checkout_dir = os.path.join(directory, LP_CHECKOUT)
++    # bzr branch does not work well with seteuid.
++    subprocess.call([
++        'su', '-', user, '-c',
++        'bzr branch {} "{}"'.format(LP_REPOSITORY, checkout_dir)])
++    with su(user) as env:
++        # Set up source dependencies.
++        for subdir in ('eggs', 'yui', 'sourcecode'):
++            os.makedirs(os.path.join(dependencies_dir, subdir))
++        with cd(dependencies_dir):
++            subprocess.call([
++                'bzr', 'co', '--lightweight',
++                LP_SOURCE_DEPS, 'download-cache'])
++
++
++def create_lxc(user, lxcname):
++    """Create the LXC container that will be used for ephemeral instances."""
++    # Update resolv file in order to get the ability to ssh into the LXC
++    # container using its name.
++    file_prepend(RESOLV_FILE, 'nameserver {}\n'.format(LXC_GATEWAY))
++    file_append(
++        DHCP_FILE, 'prepend domain-name-servers {};\n'.format(LXC_GATEWAY))
++    # Container configuration template.
++    content = ''.join('{}={}\n'.format(*i) for i in LXC_OPTIONS)
++    with open(LXC_CONFIG_TEMPLATE, 'w') as f:
++        f.write(content)
++    # Creating container.
++    exit_code = subprocess.call([
++        'lxc-create',
++        '-t', 'ubuntu',
++        '-n', lxcname,
++        '-f', LXC_CONFIG_TEMPLATE,
++        '--',
++        '-r {} -a i386 -b {}'.format(LXC_GUEST_OS, user),
++        ])
++    if exit_code:
++        raise SetupLXCError('Unable to create the LXC container.')
++    subprocess.call(['lxc-start', '-n', lxcname, '-d'])
++    # Set up root ssh key.
++    user_authorized_keys = os.path.join(
++        os.path.sep, 'home', user, '.ssh/authorized_keys')
++    with open(user_authorized_keys, 'a') as f:
++        f.write(open('/root/.ssh/id_rsa.pub').read())
++    dst = get_container_path(lxcname, '/root/.ssh/')
++    if not os.path.exists(dst):
++        os.makedirs(dst)
++    shutil.copy(user_authorized_keys, dst)
++    # SSH into the container.
++    sshcall = ssh(lxcname, user)
++    trials = 60
++    while True:
++        trials -= 1
++        try:
++            sshcall('true')
++        except SSHError:
++            if not trials:
++                raise
++            time.sleep(1)
++        else:
++            break
++
++
++def initialize_lxc(user, dependencies_dir, directory, lxcname):
++    """Set up the Launchpad development environment inside the LXC container.
++    """
++    root_sshcall = ssh(lxcname)
++    sshcall = ssh(lxcname, user)
++    # APT repository update.
++    sources = get_container_path(lxcname, '/etc/apt/sources.list')
++    with open(sources, 'w') as f:
++        f.write('\n'.join(LXC_REPOS))
++    # XXX frankban 2012-01-13 - Bug 892892: upgrading mountall in LXC
++    # containers currently does not work.
++    root_sshcall("echo 'mountall hold' | dpkg --set-selections")
++    # Upgrading packages.
++    root_sshcall(
++        'apt-get update && '
++        'DEBIAN_FRONTEND=noninteractive '
++        'apt-get -y --allow-unauthenticated install language-pack-en')
++    root_sshcall(
++        'DEBIAN_FRONTEND=noninteractive apt-get -y '
++        '--allow-unauthenticated install {}'.format(LP_DEB_DEPENDENCIES))
++    # User configuration.
++    root_sshcall('adduser {} sudo'.format(user))
++    pygetgid = 'import pwd; print pwd.getpwnam("{}").pw_gid'.format(user)
++    gid = "`python -c '{}'`".format(pygetgid)
++    root_sshcall('addgroup --gid {} {}'.format(gid, user))
++    # Set up Launchpad dependencies.
++    checkout_dir = os.path.join(directory, LP_CHECKOUT)
++    sshcall(
++        'cd {} && utilities/update-sourcecode "{}/sourcecode"'.format(
++        checkout_dir, dependencies_dir))
++    sshcall(
++        'cd {} && utilities/link-external-sourcecode "{}"'.format(
++        checkout_dir, dependencies_dir))
++    # Create Apache document roots, to avoid warnings.
++    sshcall(' && '.join('mkdir -p {}'.format(i) for i in LP_APACHE_ROOTS))
++    # Set up Apache modules.
++    for module in LP_APACHE_MODULES.split():
++        root_sshcall('a2enmod {}'.format(module))
++    # Launchpad database setup.
++    root_sshcall(
++        'cd {} && utilities/launchpad-database-setup {}'.format(
++        checkout_dir, user))
++    sshcall('cd {} && make'.format(checkout_dir))
++    # Set up container hosts file.
++    lines = ['{}\t{}'.format(ip, names) for ip, names in LXC_HOSTS_CONTENT]
++    lxc_hosts_file = get_container_path(lxcname, HOSTS_FILE)
++    file_append(lxc_hosts_file, '\n'.join(lines))
++    # Make and install launchpad.
++    root_sshcall('cd {} && make install'.format(checkout_dir))
++
++
++def stop_lxc(lxcname):
++    """Stop the lxc instance named `lxcname`."""
++    ssh(lxcname)('poweroff')
++    timeout = 30
++    while timeout:
++        try:
++            output = subprocess.check_output([
++                'lxc-info', '-n', lxcname], stderr=subprocess.STDOUT)
++        except subprocess.CalledProcessError:
++            pass
++        else:
++            if 'STOPPED' in output:
++                break
++        timeout -= 1
++        time.sleep(1)
++    else:
++        subprocess.call(['lxc-stop', '-n', lxcname])
++
++
++def main(
++    user, fullname, email, lpuser, private_key, public_key, actions,
++    lxc_name, dependencies_dir, directory):
++    function_args_map = OrderedDict((
++        ('initialize_host', (user, fullname, email, lpuser, private_key,
++                             public_key, dependencies_dir, directory)),
++        ('create_lxc', (user, lxc_name)),
++        ('initialize_lxc', (user, dependencies_dir, directory, lxc_name)),
++        ('stop_lxc', (lxc_name,)),
++        ))
++    if actions is None:
++        actions = function_args_map.keys()
++    scope = globals()
++    for action in actions:
++        try:
++            scope[action](*function_args_map[action])
++        except SetupLXCError as err:
++            return err
++
++
++if __name__ == '__main__':
++    args = parser.parse_args()
++    if args.run_as_root:
++        exit_code = main(
++            args.user,
++            args.full_name,
++            args.email,
++            args.lpuser,
++            args.private_key,
++            args.public_key,
++            args.actions,
++            args.lxc_name,
++            args.dependencies_dir,
++            args.directory,
++            )
++    else:
++        # If the script is run as normal user, restart it as root using
++        # all the collected arguments. Note that this step requires user
++        # interaction: running this script as root is still required
++        # for non-interactive setup of the Launchpad environment.
++        exit_code = subprocess.call(
++            ['sudo', sys.argv[0]] + parser.get_args_from_namespace(args))
++    sys.exit(exit_code)

Launchpad itself

Merge lp:~yellow/launchpad/lxcsetup into lp:launchpad

Commit message

Description of the change

Preview Diff

Subscribers