Merge into 1.14 : security-group-group-id-1226996 : Code : juju-core

Reviewer	Review Type	Date Requested	Status
Juju Engineering		2013-09-18	Pending
Review via email: mp+186321@code.staging.launchpad.net

Revision history for this message

John A Meinel (jameinel) wrote on 2013-09-18:

#

Reviewers: mp+186321_code.launchpad.net,

Message:
Please take a look.

Description:
provider/openstack: bug #1226996 SecurityGroup

We intended to allow access to any port for any instance in the
default security group. However, we didn't specify a CIDR and we
didn't reference the Source Group Id. Which meant we actually were
exposing *all* ports to *all* machines.

I do have some tests that the security group we get back from
EnsureGroup has the right bits set. I was hoping for a slightly better
cross-provider test that actually runs a service on a random port and
ensures that we are unable to actually connect to that port.

However, I think this is a nice small fix for 1.14 which is worthy of
landing.

https://code.launchpad.net/~jameinel/juju-core/security-group-group-id-1226996/+merge/186321

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/13562045/

Affected files (+71, -0 lines):
   A [revision details]
   M provider/openstack/export_test.go
   M provider/openstack/live_test.go
   M provider/openstack/provider.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20130917234003-54re4ia2qmlq7xt3
+New revision: <email address hidden>

Index: provider/openstack/export_test.go
=== modified file 'provider/openstack/export_test.go'
--- provider/openstack/export_test.go 2013-08-21 01:31:34 +0000
+++ provider/openstack/export_test.go 2013-09-18 10:25:42 +0000
@@ -9,6 +9,7 @@
"strings"
"text/template"

+ "launchpad.net/goose/errors"
   "launchpad.net/goose/identity"
   "launchpad.net/goose/nova"
   "launchpad.net/goose/swift"
@@ -235,6 +236,25 @@
   WritablePublicStorage(e).Remove(productMetadatafile)
  }

+// DiscardSecurityGroup cleans up a security group, it is not an error to
+// delete something that doesn't exist.
+func DiscardSecurityGroup(e environs.Environ, name string) error {
+ env := e.(*environ)
+ novaClient := env.nova()
+ group, err := novaClient.SecurityGroupByName(name)
+ if err != nil {
+ if errors.IsNotFound(err) {
+ // Group already deleted, done
+ return nil
+ }
+ }
+ err = novaClient.DeleteSecurityGroup(group.Id)
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
  func FindInstanceSpec(e environs.Environ, series, arch, cons string) (spec
*instances.InstanceSpec, err error) {
   env := e.(*environ)
   spec, err = findInstanceSpec(env, &instances.InstanceConstraint{

Index: provider/openstack/live_test.go
=== modified file 'provider/openstack/live_test.go'
--- provider/openstack/live_test.go 2013-08-21 18:38:22 +0000
+++ provider/openstack/live_test.go 2013-09-18 10:25:42 +0000
@@ -7,9 +7,12 @@
   "crypto/rand"
   "fmt"
   "io"
+
   gc "launchpad.net/gocheck"
   "launchpad.net/goose/client"
   "launchpad.net/goose/identity"
+ "launchpad.net/goose/nova"
+
   "launchpad.net/juju-core/environs"
   "launchpad.net/juju-core/environs/jujutest"
   envtesting "launchpad.net/juju-core/environs/testing"
@@ -127,3 +130,42 @@
   t.LiveTests.TearDownTest(c)
   t.LoggingSuite.TearDownTest...

Reviewers: mp+186321_code.launchpad.net,

Message:
Please take a look.

Description:
provider/openstack: bug #1226996 SecurityGroup

We intended to allow access to any port for any instance in the
default security group. However, we didn't specify a CIDR and we
didn't reference the Source Group Id. Which meant we actually were
exposing *all* ports to *all* machines.

I do have some tests that the security group we get back from
EnsureGroup has the right bits set. I was hoping for a slightly better
cross-provider test that actually runs a service on a random port and
ensures that we are unable to actually connect to that port.

However, I think this is a nice small fix for 1.14 which is worthy of
landing.

https://code.launchpad.net/~jameinel/juju-core/security-group-group-id-1226996/+merge/186321

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/13562045/

Affected files (+71, -0 lines):
   A [revision details]
   M provider/openstack/export_test.go
   M provider/openstack/live_test.go
   M provider/openstack/provider.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details]	2012-01-01 00:00:00 +0000
+++ [revision details]	2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20130917234003-54re4ia2qmlq7xt3
+New revision: john@arbash-meinel.com-20130918102542-ni3qhjq8tpnaj6yl

Index: provider/openstack/export_test.go
=== modified file 'provider/openstack/export_test.go'
--- provider/openstack/export_test.go	2013-08-21 01:31:34 +0000
+++ provider/openstack/export_test.go	2013-09-18 10:25:42 +0000
@@ -9,6 +9,7 @@
  	"strings"
  	"text/template"

+	"launchpad.net/goose/errors"
  	"launchpad.net/goose/identity"
  	"launchpad.net/goose/nova"
  	"launchpad.net/goose/swift"
@@ -235,6 +236,25 @@
  	WritablePublicStorage(e).Remove(productMetadatafile)
  }

+// DiscardSecurityGroup cleans up a security group, it is not an error to
+// delete something that doesn't exist.
+func DiscardSecurityGroup(e environs.Environ, name string) error {
+	env := e.(*environ)
+	novaClient := env.nova()
+	group, err := novaClient.SecurityGroupByName(name)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			// Group already deleted, done
+			return nil
+		}
+	}
+	err = novaClient.DeleteSecurityGroup(group.Id)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
  func FindInstanceSpec(e environs.Environ, series, arch, cons string) (spec  
*instances.InstanceSpec, err error) {
  	env := e.(*environ)
  	spec, err = findInstanceSpec(env, &instances.InstanceConstraint{

Index: provider/openstack/live_test.go
=== modified file 'provider/openstack/live_test.go'
--- provider/openstack/live_test.go	2013-08-21 18:38:22 +0000
+++ provider/openstack/live_test.go	2013-09-18 10:25:42 +0000
@@ -7,9 +7,12 @@
  	"crypto/rand"
  	"fmt"
  	"io"
+
  	gc "launchpad.net/gocheck"
  	"launchpad.net/goose/client"
  	"launchpad.net/goose/identity"
+	"launchpad.net/goose/nova"
+
  	"launchpad.net/juju-core/environs"
  	"launchpad.net/juju-core/environs/jujutest"
  	envtesting "launchpad.net/juju-core/environs/testing"
@@ -127,3 +130,42 @@
  	t.LiveTests.TearDownTest(c)
  	t.LoggingSuite.TearDownTest(c)
  }
+
+func (t *LiveTests) TestEnsureGroupSetsGroupId(c *gc.C) {
+	rules := []nova.RuleInfo{
+		{ // First group explicitly asks for all services
+			IPProtocol: "tcp",
+			FromPort:   22,
+			ToPort:     22,
+			Cidr:       "0.0.0.0/0",
+		},
+		{ // Second group should only allow access from within the group
+			IPProtocol: "tcp",
+			FromPort:   1,
+			ToPort:     65535,
+		},
+	}
+	groupName := "juju-test-group-" + randomName()
+	// Make sure things are clean before we start
+	cleanup := func() {
+		c.Check(openstack.DiscardSecurityGroup(t.Env, groupName), gc.IsNil)
+	}
+	cleanup()
+	group, err := openstack.EnsureGroup(t.Env, groupName, rules)
+	c.Assert(err, gc.IsNil)
+	// Cleanup when we are done
+	defer cleanup()
+	c.Check(group.Rules, gc.HasLen, 2)
+	c.Check(*group.Rules[0].IPProtocol, gc.Equals, "tcp")
+	c.Check(*group.Rules[0].FromPort, gc.Equals, 22)
+	c.Check(*group.Rules[0].ToPort, gc.Equals, 22)
+	c.Check(group.Rules[0].IPRange["cidr"], gc.Equals, "0.0.0.0/0")
+	c.Check(group.Rules[0].Group.Name, gc.Equals, "")
+	c.Check(group.Rules[0].Group.TenantId, gc.Equals, "")
+	c.Check(*group.Rules[1].IPProtocol, gc.Equals, "tcp")
+	c.Check(*group.Rules[1].FromPort, gc.Equals, 1)
+	c.Check(*group.Rules[1].ToPort, gc.Equals, 65535)
+	c.Check(group.Rules[1].IPRange, gc.HasLen, 0)
+	c.Check(group.Rules[1].Group.Name, gc.Equals, groupName)
+	c.Check(group.Rules[1].Group.TenantId, gc.Equals, group.TenantId)
+}

Index: provider/openstack/provider.go
=== modified file 'provider/openstack/provider.go'
--- provider/openstack/provider.go	2013-09-11 06:27:05 +0000
+++ provider/openstack/provider.go	2013-09-18 09:25:21 +0000
@@ -1046,6 +1046,13 @@
  	group.Rules = make([]nova.SecurityGroupRule, len(rules))
  	for i, rule := range rules {
  		rule.ParentGroupId = group.Id
+		if rule.Cidr == "" {
+			// http://pad.lv/1226996 Rules that don't have a CIDR
+			// are meant to apply only to this group. If you don't
+			// supply CIDR or GroupId then openstack assumes you
+			// mean CIDR=0.0.0.0/0
+			rule.GroupId = &group.Id
+		}
  		groupRule, err := novaClient.CreateSecurityGroupRule(rule)
  		if err != nil && !gooseerrors.IsDuplicateValue(err) {
  			return zeroGroup, err

Revision history for this message

John A Meinel (jameinel) wrote on 2013-09-18:

#

This might actually break the openstack live tests. I'm trying to go between trunk and this branch to figure out what is going on. I *think* in the live tests we actually start the server on a random port (as though we were launching it locally).

In "-gocheck.vv" here I see:

"dialing wss://15.185.89.136:177777/"

Which, AIUI isn't actually exposed by default. If I look at the secgroup, I see that we *do* expose 19034 which is where Mongo is running, but we *aren't* exposing the API port.

So this might break some juju commands (juju get) which want to connect direct to the API. It seems we are missing a test that the API port is by default exposed to the world after bootstrap.

Revision history for this message

John A Meinel (jameinel) wrote on 2013-09-18:

#

So I won't land this as is, but I'm still interested in getting feedback if it is a sane direction.

Revision history for this message

John A Meinel (jameinel) wrote on 2013-09-19:

#

Please take a look.

https://codereview.appspot.com/13562045/

Revision history for this message

John A Meinel (jameinel) wrote on 2013-09-19:

#

On 2013/09/19 10:53:03, jameinel wrote:
> Please take a look.

This should now properly bootstrap on Openstack. I'm still testing and
https://bugs.launchpad.net/bugs/1227533 got a bit in the way of manual
testing, but these security groups should be sane.

https://codereview.appspot.com/13562045/

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2013-09-19:

#

LGTM with some minor suggestions below.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go
File provider/openstack/export_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go#newcode241
provider/openstack/export_test.go:241: func DiscardSecurityGroup(e
environs.Environ, name string) error {
This is more involved logic than I'd usually expect to see in
export_test.go.
Perhaps define as discardSecurityGroup inside the implementation
and "var DiscardSecurityGroup = discardSecurityGroup" here?

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go
File provider/openstack/live_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go#newcode188
provider/openstack/live_test.go:188: defer cleanup()
again?

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go
File provider/openstack/provider.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go#newcode964
provider/openstack/provider.go:964: return e.ensureGroup(groupName,
why not use e.jujuGroupName as before?

https://codereview.appspot.com/13562045/

Revision history for this message

William Reade (fwereade) wrote on 2013-09-19:

#

LGTM

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go
File provider/openstack/export_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go#newcode241
provider/openstack/export_test.go:241: func DiscardSecurityGroup(e
environs.Environ, name string) error {
On 2013/09/19 13:00:21, rog wrote:
> This is more involved logic than I'd usually expect to see in
export_test.go.
> Perhaps define as discardSecurityGroup inside the implementation
> and "var DiscardSecurityGroup = discardSecurityGroup" here?

I think it's reasonable, though -- if it's useful for testing, but not
"real" functionality it's perfectly proper to put it here rather than
clutter up the package when built not as a test.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go
File provider/openstack/live_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go#newcode194
provider/openstack/live_test.go:194: // client-via-API we can disable
the State port as well.)
aside: this is exactly what the firewaller does, and is another reason
to keep self-hosted juju in mind.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go
File provider/openstack/provider.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go#newcode1006
provider/openstack/provider.go:1006: // other instances that might be
running on the same OpenStack account.
This does assume no two people will share both an account and an env
name; this has bitten people in practice, IIRC. Maybe worth pointing
that out explicitly here?

https://codereview.appspot.com/13562045/

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2013-09-19:

#

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go
File provider/openstack/export_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go#newcode241
provider/openstack/export_test.go:241: func DiscardSecurityGroup(e
environs.Environ, name string) error {
On 2013/09/19 13:09:11, fwereade wrote:
> On 2013/09/19 13:00:21, rog wrote:
> > This is more involved logic than I'd usually expect to see in
export_test.go.
> > Perhaps define as discardSecurityGroup inside the implementation
> > and "var DiscardSecurityGroup = discardSecurityGroup" here?

> I think it's reasonable, though -- if it's useful for testing, but not
"real"
> functionality it's perfectly proper to put it here rather than clutter
up the
> package when built not as a test.

As an alternative, how about exporting only that functionality that
needs to be exported.

func NovaClient(e environs.Environ) *nova.Client {
return e.(*environ).nova()
}

Then we can move DiscardSecurityGroup near the place it's used.

https://codereview.appspot.com/13562045/

Revision history for this message

John A Meinel (jameinel) wrote on 2013-09-19:

#

Please take a look.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go
File provider/openstack/export_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go#newcode241
provider/openstack/export_test.go:241: func DiscardSecurityGroup(e
environs.Environ, name string) error {
On 2013/09/19 13:00:21, rog wrote:
> This is more involved logic than I'd usually expect to see in
export_test.go.
> Perhaps define as discardSecurityGroup inside the implementation
> and "var DiscardSecurityGroup = discardSecurityGroup" here?

Well, it is deleting security groups which is something we *don't* ever
do in live code. So I'm hesitant to put something in there just to
expose it for tests.

If we fix bugs like: https://bugs.launchpad.net/bugs/1227574 then I
think it is reasonable to share the implementation.

So I could move it, but I'd rather wait until we are actually going to
be calling it from there.

both provider/ec2/export_test.go and provider/openstack/export_test.go
have a fair amount of test-specific logic in them, so it doesn't seem
unprecedented. state/export_test.go also has AddCustomCharm with lots of
logic. It even has a private helper function for two of the other
exported functions. :)

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go
File provider/openstack/live_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go#newcode188
provider/openstack/live_test.go:188: defer cleanup()
On 2013/09/19 13:00:21, rog wrote:
> again?

no, the third time should be removed :)

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go
File provider/openstack/provider.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go#newcode964
provider/openstack/provider.go:964: return e.ensureGroup(groupName,
On 2013/09/19 13:00:21, rog wrote:
> why not use e.jujuGroupName as before?

for testability. jujuGroupName isn't exposed, but I can expose just this
function and then pass whatever name I want from the test suite.

It means I can test setting security groups in a "live" fashion without
having to actually start a machine.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go#newcode1006
provider/openstack/provider.go:1006: // other instances that might be
running on the same OpenStack account.
On 2013/09/19 13:09:11, fwereade wrote:
> This does assume no two people will share both an account and an env
name; this
> has bitten people in practice, IIRC. Maybe worth pointing that out
explicitly
> here?

This is just looking like a move because of how the diff was generated,
but I can try to update this per your request.

https://codereview.appspot.com/13562045/

Please take a look.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go
File provider/openstack/export_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/export_test.go#newcode241
provider/openstack/export_test.go:241: func DiscardSecurityGroup(e
environs.Environ, name string) error {
On 2013/09/19 13:00:21, rog wrote:
> This is more involved logic than I'd usually expect to see in
export_test.go.
> Perhaps define as discardSecurityGroup inside the implementation
> and "var DiscardSecurityGroup = discardSecurityGroup" here?

Well, it is deleting security groups which is something we *don't* ever
do in live code. So I'm hesitant to put something in there just to
expose it for tests.

If we fix bugs like: https://bugs.launchpad.net/bugs/1227574 then I
think it is reasonable to share the implementation.

So I could move it, but I'd rather wait until we are actually going to
be calling it from there.

both provider/ec2/export_test.go and provider/openstack/export_test.go
have a fair amount of test-specific logic in them, so it doesn't seem
unprecedented. state/export_test.go also has AddCustomCharm with lots of
logic. It even has a private helper function for two of the other
exported functions. :)

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go
File provider/openstack/live_test.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/live_test.go#newcode188
provider/openstack/live_test.go:188: defer cleanup()
On 2013/09/19 13:00:21, rog wrote:
> again?

no, the third time should be removed :)

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go
File provider/openstack/provider.go (right):

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go#newcode964
provider/openstack/provider.go:964: return e.ensureGroup(groupName,
On 2013/09/19 13:00:21, rog wrote:
> why not use e.jujuGroupName as before?

for testability. jujuGroupName isn't exposed, but I can expose just this
function and then pass whatever name I want from the test suite.

It means I can test setting security groups in a "live" fashion without
having to actually start a machine.

https://codereview.appspot.com/13562045/diff/4001/provider/openstack/provider.go#newcode1006
provider/openstack/provider.go:1006: // other instances that might be
running on the same OpenStack account.
On 2013/09/19 13:09:11, fwereade wrote:
> This does assume no two people will share both an account and an env
name; this
> has bitten people in practice, IIRC. Maybe worth pointing that out
explicitly
> here?

This is just looking like a move because of how the diff was generated,
but I can try to update this per your request.

https://codereview.appspot.com/13562045/

Revision history for this message

Go Bot (go-bot) wrote on 2013-09-19:

#

Download full text (18.6 KiB)

The attempt to merge lp:~jameinel/juju-core/security-group-group-id-1226996 into lp:juju-core/1.14 failed. Below is the output from the failed tests.

ok launchpad.net/juju-core/agent 0.773s
ok launchpad.net/juju-core/agent/tools 0.228s
ok launchpad.net/juju-core/bzr 7.378s
ok launchpad.net/juju-core/cert 1.948s
ok launchpad.net/juju-core/charm 0.929s
? launchpad.net/juju-core/charm/hooks [no test files]
ok launchpad.net/juju-core/cloudinit 0.021s
ok launchpad.net/juju-core/cmd 0.247s
? launchpad.net/juju-core/cmd/builddb [no test files]
? launchpad.net/juju-core/cmd/charmd [no test files]
? launchpad.net/juju-core/cmd/charmload [no test files]
ok launchpad.net/juju-core/cmd/juju 117.015s

----------------------------------------------------------------------
FAIL: machine_test.go:377: MachineSuite.TestManageStateServesAPI

[LOG] 20.92653 INFO juju environs/testing: uploading FAKE tools 1.14.1-precise-amd64
[LOG] 20.94392 INFO juju.environs.boostrap bootstrapping environment "dummyenv"
[LOG] 20.94395 INFO juju.environs.tools reading tools with major version 1
[LOG] 20.94397 INFO juju.environs.tools filtering tools by version: 1.14.1
[LOG] 20.94398 INFO juju.environs.tools filtering tools by series: precise
[LOG] 20.94400 DEBUG juju.environs.tools reading v1.* tools
[LOG] 20.94401 INFO juju.environs.tools falling back to public bucket
[LOG] 20.94402 DEBUG juju.environs.tools reading v1.* tools
[LOG] 20.94405 DEBUG juju.environs.tools found 1.14.1-precise-amd64
[LOG] 20.94409 INFO juju environs/dummy: would pick tools from 1.14.1-precise-amd64
[LOG] 20.96770 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity ""
[LOG] 20.97791 INFO juju.state connection established
[LOG] 20.99485 INFO juju.state initializing environment
[LOG] 21.01528 INFO juju state/api: listening on "127.0.0.1:40611"
[LOG] 21.03274 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity ""
[LOG] 21.03661 INFO juju.state connection established
[LOG] 21.05528 INFO juju juju: authorization error while connecting to state server; retrying
[LOG] 21.05539 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity ""
[LOG] 21.06091 INFO juju.state connection established
[LOG] 21.09123 INFO juju state/api: dialing "wss://127.0.0.1:40611/"
[LOG] 21.09442 INFO juju state/api: connection established
[LOG] 21.09456 DEBUG juju rpc/jsoncodec: <- {"RequestId":1,"Type":"Admin","Request":"Login","Params":{"AuthTag":"user-admin","Password":"dummy-secret","Nonce":""}}
[LOG] 21.09492 DEBUG juju rpc/jsoncodec: -> {"RequestId":1,"Response":{}}
[LOG] 21.09516 INFO juju.container.lxc lxcObjectFactory replaced with mock lxc factory
[LOG] 21.09628 DEBUG juju rpc/jsoncodec: <- {"RequestId":2,"Type":"Pinger","Request":"Ping","Params":{}}
[LOG] 21.09638 DEBUG juju rpc/jsoncodec: -> {"RequestId":2,"Response":{}}
[LOG] 21.16556 INFO juju machine agent machine-0 start
[LOG] 21.17998 INFO juju Starting StateWorker for machine-0
[LOG] 21.18003 INFO juju worker: start "state"
[LOG] 21.18006 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity "machine-0"
[LOG] 21.18031 INFO juju worker: start "api"
[...

The attempt to merge lp:~jameinel/juju-core/security-group-group-id-1226996 into lp:juju-core/1.14 failed. Below is the output from the failed tests.

ok  	launchpad.net/juju-core/agent	0.773s
ok  	launchpad.net/juju-core/agent/tools	0.228s
ok  	launchpad.net/juju-core/bzr	7.378s
ok  	launchpad.net/juju-core/cert	1.948s
ok  	launchpad.net/juju-core/charm	0.929s
?   	launchpad.net/juju-core/charm/hooks	[no test files]
ok  	launchpad.net/juju-core/cloudinit	0.021s
ok  	launchpad.net/juju-core/cmd	0.247s
?   	launchpad.net/juju-core/cmd/builddb	[no test files]
?   	launchpad.net/juju-core/cmd/charmd	[no test files]
?   	launchpad.net/juju-core/cmd/charmload	[no test files]
ok  	launchpad.net/juju-core/cmd/juju	117.015s

----------------------------------------------------------------------
FAIL: machine_test.go:377: MachineSuite.TestManageStateServesAPI

[LOG] 20.92653 INFO juju environs/testing: uploading FAKE tools 1.14.1-precise-amd64
[LOG] 20.94392 INFO juju.environs.boostrap bootstrapping environment "dummyenv"
[LOG] 20.94395 INFO juju.environs.tools reading tools with major version 1
[LOG] 20.94397 INFO juju.environs.tools filtering tools by version: 1.14.1
[LOG] 20.94398 INFO juju.environs.tools filtering tools by series: precise
[LOG] 20.94400 DEBUG juju.environs.tools reading v1.* tools
[LOG] 20.94401 INFO juju.environs.tools falling back to public bucket
[LOG] 20.94402 DEBUG juju.environs.tools reading v1.* tools
[LOG] 20.94405 DEBUG juju.environs.tools found 1.14.1-precise-amd64
[LOG] 20.94409 INFO juju environs/dummy: would pick tools from 1.14.1-precise-amd64
[LOG] 20.96770 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity ""
[LOG] 20.97791 INFO juju.state connection established
[LOG] 20.99485 INFO juju.state initializing environment
[LOG] 21.01528 INFO juju state/api: listening on "127.0.0.1:40611"
[LOG] 21.03274 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity ""
[LOG] 21.03661 INFO juju.state connection established
[LOG] 21.05528 INFO juju juju: authorization error while connecting to state server; retrying
[LOG] 21.05539 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity ""
[LOG] 21.06091 INFO juju.state connection established
[LOG] 21.09123 INFO juju state/api: dialing "wss://127.0.0.1:40611/"
[LOG] 21.09442 INFO juju state/api: connection established
[LOG] 21.09456 DEBUG juju rpc/jsoncodec: <- {"RequestId":1,"Type":"Admin","Request":"Login","Params":{"AuthTag":"user-admin","Password":"dummy-secret","Nonce":""}}
[LOG] 21.09492 DEBUG juju rpc/jsoncodec: -> {"RequestId":1,"Response":{}}
[LOG] 21.09516 INFO juju.container.lxc lxcObjectFactory replaced with mock lxc factory
[LOG] 21.09628 DEBUG juju rpc/jsoncodec: <- {"RequestId":2,"Type":"Pinger","Request":"Ping","Params":{}}
[LOG] 21.09638 DEBUG juju rpc/jsoncodec: -> {"RequestId":2,"Response":{}}
[LOG] 21.16556 INFO juju machine agent machine-0 start
[LOG] 21.17998 INFO juju Starting StateWorker for machine-0
[LOG] 21.18003 INFO juju worker: start "state"
[LOG] 21.18006 INFO juju.state opening state; mongo addresses: ["localhost:49608"]; entity "machine-0"
[LOG] 21.18031 INFO juju worker: start "api"
[LOG] 21.18055 INFO juju state/api: dialing "wss://localhost:59402/"
[LOG] 21.18116 ERROR juju state/api: websocket.Dial wss://localhost:59402/: dial tcp 127.0.0.1:59402: connection refused
[LOG] 21.18125 ERROR juju worker: exited "api": websocket.Dial wss://localhost:59402/: dial tcp 127.0.0.1:59402: connection refused
[LOG] 21.18126 INFO juju worker: restarting "api" in 50ms
[LOG] 21.18331 INFO juju.state connection established
[LOG] 21.20733 INFO juju state/api: dialing "wss://localhost:59402/"
[LOG] 21.20776 INFO juju worker: start "lxc-provisioner"
[LOG] 21.20782 INFO juju worker: start "apiserver"
[LOG] 21.20793 INFO juju state/api: listening on "[::]:59402"
[LOG] 21.23189 INFO juju worker: start "cleaner"
[LOG] 21.23222 INFO juju worker: start "resumer"
[LOG] 21.23242 INFO juju worker: start "minunitsworker"
[LOG] 21.23262 ERROR juju state/api: websocket.Dial wss://localhost:59402/: dial tcp 127.0.0.1:59402: connection refused
[LOG] 21.23265 INFO juju worker: start "api"
[LOG] 21.23287 INFO juju state/api: dialing "wss://localhost:59402/"
[LOG] 21.23703 INFO juju state/api: connection established
[LOG] 21.23716 DEBUG juju rpc/jsoncodec: <- {"RequestId":1,"Type":"Admin","Request":"Login","Params":{"AuthTag":"machine-0","Password":"machine-password","Nonce":"user-admin:bootstrap"}}
[LOG] 21.23873 INFO juju.provisioner Starting up provisioner task 0
[LOG] 21.24026 DEBUG juju rpc/jsoncodec: -> {"RequestId":1,"Response":{}}
[LOG] 21.25449 DEBUG juju rpc/jsoncodec: <- {"RequestId":2,"Type":"Agent","Request":"GetEntities","Params":{"Entities":[{"Tag":"machine-0"}]}}
[LOG] 21.25458 DEBUG juju rpc/jsoncodec: <- {"RequestId":3,"Type":"Pinger","Request":"Ping","Params":{}}
[LOG] 21.25498 DEBUG juju rpc/jsoncodec: -> {"RequestId":3,"Response":{}}
[LOG] 21.25517 DEBUG juju rpc/jsoncodec: -> {"RequestId":2,"Response":{"Entities":[{"Life":"alive","Jobs":["JobManageState"],"Error":null}]}}
[LOG] 21.25536 DEBUG juju rpc/jsoncodec: <- {"RequestId":4,"Type":"Agent","Request":"SetPasswords","Params":{"Changes":[{"Tag":"machine-0","Password":"VyJXiZf68ImvN6AXbWpJw1sX"}]}}
[LOG] 21.25880 INFO juju state/api: dialing "wss://localhost:59402/"
[LOG] 21.25932 DEBUG juju rpc/jsoncodec: -> {"RequestId":4,"Response":{"Results":[{"Error":null}]}}
[LOG] 21.25951 INFO juju worker: start "machiner"
[LOG] 21.25959 INFO juju worker: start "upgrader"
[LOG] 21.26041 DEBUG juju rpc/jsoncodec: <- {"RequestId":5,"Type":"Machiner","Request":"Life","Params":{"Entities":[{"Tag":"machine-0"}]}}
[LOG] 21.26050 DEBUG juju rpc/jsoncodec: <- {"RequestId":6,"Type":"Upgrader","Request":"SetTools","Params":{"AgentTools":[{"Tag":"machine-0","Tools":{"Version":"1.14.1-precise-amd64","URL":"http://127.0.0.1:35090/dummyenv/private/tools/juju-1.14.1-precise-amd64.tgz"}}]}}
[LOG] 21.26298 DEBUG juju rpc/jsoncodec: -> {"RequestId":5,"Response":{"Results":[{"Life":"alive","Error":null}]}}
[LOG] 21.26389 DEBUG juju rpc/jsoncodec: <- {"RequestId":7,"Type":"Machiner","Request":"SetStatus","Params":{"Entities":[{"Tag":"machine-0","Status":"started","Info":""}],"Machines":null}}
[LOG] 21.26415 INFO juju state/api: connection established
[LOG] 21.26489 DEBUG juju rpc/jsoncodec: <- {"RequestId":1,"Type":"Admin","Request":"Login","Params":{"AuthTag":"machine-0","Password":"machine-password","Nonce":"user-admin:bootstrap"}}
[LOG] 21.26583 DEBUG juju rpc/jsoncodec: -> {"RequestId":1,"Error":"invalid entity name or password","ErrorCode":"unauthorized access","Response":{}}
machine_test.go:385:
    s.assertJobWithState(c, state.JobManageState, func(conf agent.Config, agentState *state.State) {
        st, _, err := conf.OpenAPI(fastDialOpts)
        c.Assert(err, gc.IsNil)
        defer st.Close()
        m, err := st.Machiner().Machine(conf.Tag())
        c.Assert(err, gc.IsNil)
        c.Assert(m.Life(), gc.Equals, params.Alive)
    })
machine_test.go:380:
    c.Assert(err, gc.IsNil)
... value *params.Error = &params.Error{"unauthorized access", "invalid entity name or password"} ("invalid entity name or password")

[LOG] 21.27166 DEBUG juju worker: killing runner 0xc2007fb540
[LOG] 21.27174 INFO juju worker: runner is dying
[LOG] 21.27175 DEBUG juju worker: killing "state"
[LOG] 21.27176 DEBUG juju worker: killing runner 0xc2005096c0
[LOG] 21.27177 DEBUG juju worker: killing "api"
[LOG] 21.27178 DEBUG juju worker: killing runner 0xc2007f7480
[LOG] 21.27179 INFO juju worker: runner is dying
[LOG] 21.27180 DEBUG juju worker: killing "lxc-provisioner"
[LOG] 21.27182 DEBUG juju worker: killing "apiserver"
[LOG] 21.27183 DEBUG juju worker: killing "cleaner"
[LOG] 21.27184 DEBUG juju worker: killing "resumer"
[LOG] 21.27185 DEBUG juju worker: killing "minunitsworker"
[LOG] 21.27186 INFO juju worker: runner is dying
[LOG] 21.27187 DEBUG juju worker: killing "machiner"
[LOG] 21.27188 DEBUG juju worker: killing "upgrader"
[LOG] 21.27200 INFO juju.provisioner Shutting down provisioner task 0
[LOG] 21.27206 DEBUG juju rpc/jsoncodec: <- error: read tcp 127.0.0.1:48413: use of closed network connection (closing true)
[LOG] 21.27545 DEBUG juju rpc/jsoncodec: -> {"RequestId":6,"Response":{"Results":[{"Error":null}]}}
[LOG] 21.27614 DEBUG juju rpc/jsoncodec: <- {"RequestId":8,"Type":"Upgrader","Request":"WatchAPIVersion","Params":{"Entities":[{"Tag":"machine-0"}]}}
[LOG] 21.27619 DEBUG juju rpc/jsoncodec: -> {"RequestId":8,"Error":"connection is shut down","Response":{}}
[LOG] 21.27685 DEBUG juju rpc/jsoncodec: <- {"RequestId":9,"Type":"Pinger","Request":"Ping","Params":{}}
[LOG] 21.27689 DEBUG juju rpc/jsoncodec: -> {"RequestId":9,"Error":"connection is shut down","Response":{}}
[LOG] 21.27749 INFO juju error pinging *api.State: connection is shut down
[LOG] 21.27750 ERROR juju worker: fatal "upgrader": connection is shut down
[LOG] 21.27892 DEBUG juju rpc/jsoncodec: -> {"RequestId":7,"Response":{"Results":[{"Error":null}]}}
[LOG] 21.27902 DEBUG juju rpc/jsoncodec: <- error: read tcp 127.0.0.1:48412: use of closed network connection (closing true)
[LOG] 21.27946 INFO juju.worker.machiner "machine-0" started
[LOG] 21.27949 INFO juju error pinging *api.State: connection is shut down
[LOG] 21.27950 ERROR juju worker: fatal "machiner": connection is shut down
[LOG] 21.27957 ERROR juju worker: exited "api": connection is shut down
[LOG] 21.27962 INFO juju.container.lxc lxcObjectFactory replaced with &{}
[LOG] 21.28019 INFO juju environs/dummy: reset environment
[LOG] 21.28030 DEBUG juju rpc/jsoncodec: <- error: read tcp 127.0.0.1:53169: use of closed network connection (closing true)
[jujuc whatever]
[remote]
[/path/to/remote]
[remote --help]
[unknown]
[remote --error borken]
[remote --unknown]
[remote unwanted]
OOPS: 33 passed, 3 skipped, 1 FAILED
--- FAIL: TestPackage (37.67 seconds)
FAIL
FAIL	launchpad.net/juju-core/cmd/jujud	37.961s
ok  	launchpad.net/juju-core/cmd/plugins/juju-metadata	1.234s
ok  	launchpad.net/juju-core/constraints	0.027s
ok  	launchpad.net/juju-core/container/lxc	0.345s
?   	launchpad.net/juju-core/container/lxc/mock	[no test files]
ok  	launchpad.net/juju-core/downloader	5.300s
ok  	launchpad.net/juju-core/environs	1.214s
ok  	launchpad.net/juju-core/environs/bootstrap	0.349s
ok  	launchpad.net/juju-core/environs/cloudinit	0.534s
ok  	launchpad.net/juju-core/environs/config	0.839s
ok  	launchpad.net/juju-core/environs/imagemetadata	0.353s
ok  	launchpad.net/juju-core/environs/instances	0.262s
ok  	launchpad.net/juju-core/environs/jujutest	0.234s
ok  	launchpad.net/juju-core/environs/localstorage	0.308s
ok  	launchpad.net/juju-core/environs/manual	1.003s
ok  	launchpad.net/juju-core/environs/simplestreams	0.225s
?   	launchpad.net/juju-core/environs/simplestreams/testing	[no test files]
ok  	launchpad.net/juju-core/environs/sync	0.243s
ok  	launchpad.net/juju-core/environs/testing	0.011s
ok  	launchpad.net/juju-core/environs/tools	23.898s
?   	launchpad.net/juju-core/errors	[no test files]
ok  	launchpad.net/juju-core/instance	0.020s
ok  	launchpad.net/juju-core/juju	14.816s
ok  	launchpad.net/juju-core/juju/osenv	0.210s
?   	launchpad.net/juju-core/juju/testing	[no test files]
ok  	launchpad.net/juju-core/log	0.020s
ok  	launchpad.net/juju-core/log/syslog	0.034s
ok  	launchpad.net/juju-core/names	0.018s
ok  	launchpad.net/juju-core/provider	0.260s
?   	launchpad.net/juju-core/provider/all	[no test files]
ok  	launchpad.net/juju-core/provider/azure	4.521s
ok  	launchpad.net/juju-core/provider/dummy	18.027s
ok  	launchpad.net/juju-core/provider/ec2	4.441s
ok  	launchpad.net/juju-core/provider/local	1.274s
?   	launchpad.net/juju-core/provider/local/storage	[no test files]
ok  	launchpad.net/juju-core/provider/maas	2.085s
ok  	launchpad.net/juju-core/provider/openstack	4.236s
ok  	launchpad.net/juju-core/rpc	0.252s
ok  	launchpad.net/juju-core/rpc/jsoncodec	0.243s
ok  	launchpad.net/juju-core/schema	0.032s
ok  	launchpad.net/juju-core/state	70.176s
ok  	launchpad.net/juju-core/state/api	1.379s
ok  	launchpad.net/juju-core/state/api/agent	1.792s
?   	launchpad.net/juju-core/state/api/common	[no test files]
ok  	launchpad.net/juju-core/state/api/deployer	5.206s
ok  	launchpad.net/juju-core/state/api/machiner	2.609s
ok  	launchpad.net/juju-core/state/api/params	0.032s
ok  	launchpad.net/juju-core/state/api/uniter	2.763s
ok  	launchpad.net/juju-core/state/api/upgrader	3.450s
ok  	launchpad.net/juju-core/state/api/watcher	2.953s
ok  	launchpad.net/juju-core/state/apiserver	2.826s
ok  	launchpad.net/juju-core/state/apiserver/agent	2.627s
ok  	launchpad.net/juju-core/state/apiserver/client	17.773s
ok  	launchpad.net/juju-core/state/apiserver/common	0.241s
ok  	launchpad.net/juju-core/state/apiserver/deployer	3.976s
ok  	launchpad.net/juju-core/state/apiserver/machine	3.425s
?   	launchpad.net/juju-core/state/apiserver/testing	[no test files]
ok  	launchpad.net/juju-core/state/apiserver/uniter	14.658s
ok  	launchpad.net/juju-core/state/apiserver/upgrader	5.085s
ok  	launchpad.net/juju-core/state/multiwatcher	0.904s
ok  	launchpad.net/juju-core/state/presence	6.716s
ok  	launchpad.net/juju-core/state/statecmd	0.012s
?   	launchpad.net/juju-core/state/testing	[no test files]
ok  	launchpad.net/juju-core/state/watcher	6.296s
ok  	launchpad.net/juju-core/store	19.039s
ok  	launchpad.net/juju-core/testing	1.339s
ok  	launchpad.net/juju-core/testing/checkers	0.017s
ok  	launchpad.net/juju-core/thirdparty/pbkdf2	0.133s
ok  	launchpad.net/juju-core/tools	0.019s
ok  	launchpad.net/juju-core/upstart	1.029s
ok  	launchpad.net/juju-core/utils	0.955s
ok  	launchpad.net/juju-core/utils/fslock	1.121s
ok  	launchpad.net/juju-core/utils/parallel	0.422s
ok  	launchpad.net/juju-core/utils/set	0.017s
ok  	launchpad.net/juju-core/version	0.071s
ok  	launchpad.net/juju-core/worker	1.672s
ok  	launchpad.net/juju-core/worker/cleaner	1.175s
ok  	launchpad.net/juju-core/worker/deployer	3.412s
ok  	launchpad.net/juju-core/worker/firewaller	10.685s
ok  	launchpad.net/juju-core/worker/machiner	2.501s
ok  	launchpad.net/juju-core/worker/minunitsworker	1.283s
ok  	launchpad.net/juju-core/worker/provisioner	7.924s

----------------------------------------------------------------------
PANIC: resumer_test.go:0: ResumerSuite.SetUpTest

[LOG] 17.80367 INFO juju mongod: note: noprealloc may hurt performance in many applications
[LOG] 17.80383 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] MongoDB starting : pid=30396 port=56827 dbpath=/tmp/test-mgo960848490 64-bit host=juju-gobot-machine-3
[LOG] 17.80395 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] db version v2.2.0, pdfile version 4.5
[LOG] 17.80405 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] git version: f5e83eae9cfbec7fb7a071321928f00d1b0c5207
[LOG] 17.80408 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] build info: Linux ip-10-64-55-48 3.2.0-31-virtual #50-Ubuntu SMP Fri Sep 7 16:36:36 UTC 2012 x86_64 BOOST_LIB_VERSION=1_49
[LOG] 17.80423 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] options: { auth: true, bind_ip: "localhost", dbpath: "/tmp/test-mgo960848490", nojournal: true, noprealloc: true, nounixsocket: true, nssize: 1, port: 56827, smallfiles: true, sslOnNormalPorts: true, sslPEMKeyFile: "/tmp/test-mgo960848490/server.pem", sslPEMKeyPassword: "<password>" }
[LOG] 17.80426 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] Unable to check for journal files due to: boost::filesystem::basic_directory_iterator constructor: No such file or directory: "/tmp/test-mgo960848490/journal"
[LOG] 17.80429 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] ERROR: listen(): bind() failed errno:98 Address already in use for socket: 127.0.0.1:56827
[LOG] 17.80431 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] ERROR:   addr already in use
[LOG] 17.80433 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] now exiting
[LOG] 17.80498 INFO juju mongod: Thu Sep 19 15:20:38 dbexit: 
[LOG] 17.80499 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] shutdown: going to close listening sockets...
[LOG] 17.80505 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] shutdown: going to flush diaglog...
[LOG] 17.80505 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] shutdown: going to close sockets...
[LOG] 17.80506 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] shutdown: waiting for fs preallocator...
[LOG] 17.80510 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] shutdown: closing all files...
[LOG] 17.80512 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] closeAllFiles() finished
[LOG] 17.80512 INFO juju mongod: Thu Sep 19 15:20:38 [initandlisten] shutdown: removing fs lock...
[LOG] 17.80514 INFO juju mongod: Thu Sep 19 15:20:38 dbexit: really exiting now
... Panic: no reachable servers (PC=0x414121)

/usr/lib/go/src/pkg/runtime/panic.c:229
  in panic
/home/tarmac/trees-1.14/src/launchpad.net/juju-core/testing/mgo.go:227
  in MgoDial
/home/tarmac/trees-1.14/src/launchpad.net/juju-core/testing/mgo.go:234
  in MgoSuite.SetUpTest
/home/tarmac/trees-1.14/src/launchpad.net/juju-core/juju/testing/conn.go:136
  in JujuConnSuite.SetUpTest

----------------------------------------------------------------------
PANIC: resumer_test.go:0: ResumerSuite.TearDownTest

... Panic: runtime error: invalid memory address or nil pointer dereference (PC=0x414121)

/usr/lib/go/src/pkg/runtime/panic.c:229
  in panic
/usr/lib/go/src/pkg/runtime/panic.c:487
  in panicstring
/usr/lib/go/src/pkg/runtime/os_linux.c:236
  in sigpanic
/home/tarmac/trees-1.14/src/launchpad.net/juju-core/state/state.go:1056
  in State.SetAdminMongoPassword
/home/tarmac/trees-1.14/src/launchpad.net/juju-core/juju/testing/conn.go:260
  in JujuConnSuite.tearDownConn
/home/tarmac/trees-1.14/src/launchpad.net/juju-core/juju/testing/conn.go:141
  in JujuConnSuite.TearDownTest

----------------------------------------------------------------------
PANIC: resumer_test.go:34: ResumerSuite.TestResumerCalls

... Panic: Fixture has panicked (see related PANIC)
OOPS: 0 passed, 2 FIXTURE-PANICKED, 2 MISSED
--- FAIL: TestPackage (6.04 seconds)
FAIL
FAIL	launchpad.net/juju-core/worker/resumer	6.281s
ok  	launchpad.net/juju-core/worker/uniter	129.605s
ok  	launchpad.net/juju-core/worker/uniter/charm	3.113s
ok  	launchpad.net/juju-core/worker/uniter/debug	1.149s
ok  	launchpad.net/juju-core/worker/uniter/hook	0.015s
ok  	launchpad.net/juju-core/worker/uniter/jujuc	0.460s
ok  	launchpad.net/juju-core/worker/uniter/relation	1.361s
ok  	launchpad.net/juju-core/worker/upgrader	2.566s

warning: building out-of-date packages:
	launchpad.net/goamz/ec2/ec2test
	launchpad.net/goamz/s3/s3test
	launchpad.net/goose/testservices/hook
	launchpad.net/goose/testservices/identityservice
	launchpad.net/goose/testservices
	launchpad.net/goose/testservices/novaservice
	launchpad.net/goose/testservices/swiftservice
	launchpad.net/goose/testservices/openstackservice
	launchpad.net/lpad
installing these packages with 'go test -i ./...' will speed future tests.

juju-core

Merge lp://staging/~jameinel/juju-core/security-group-group-id-1226996 into lp://staging/juju-core/1.14

Commit message

Description of the change

Preview Diff

Subscribers