juju-core

Merge lp://staging/~rogpeppe/juju-core/151-cloudinit-root-cert into lp://staging/~juju/juju-core/trunk

  1. 151-cloudinit-root-cert
  2. Merge into trunk
Proposed by Roger Peppe
Status: Work in progress
Proposed branch: lp://staging/~rogpeppe/juju-core/151-cloudinit-root-cert
Merge into: lp://staging/~juju/juju-core/trunk
Diff against target: 124 lines (+40/-2)
3 files modified
environs/cloudinit/cloudinit.go (+15/-1)
environs/cloudinit/cloudinit_test.go (+24/-0)
environs/ec2/ec2.go (+1/-1)
To merge this branch: bzr merge lp://staging/~rogpeppe/juju-core/151-cloudinit-root-cert
Reviewer Review Type Date Requested Status
The Go Language Gophers Pending
Review via email: mp+134498@code.staging.launchpad.net

Description of the change

environs/cloudinit: add RootCertPEM

Instances need to know the root CA certificate
so that they can verify the server they're talking to.

https://codereview.appspot.com/6854054/

To post a comment you must log in.
Revision history for this message
Roger Peppe (rogpeppe) wrote :
Download full text (5.2 KiB)

Reviewers: mp+134498_code.launchpad.net,

Message:
Please take a look.

Description:
environs/cloudinit: add RootCertPEM

Instances need to know the root CA certificate
so that they can verify the server they're talking to.

https://code.launchpad.net/~rogpeppe/juju-core/151-cloudinit-root-cert/+merge/134498

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/6854054/

Affected files:
   A [revision details]
   M environs/cloudinit/cloudinit.go
   M environs/cloudinit/cloudinit_test.go
   M environs/ec2/ec2.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: <email address hidden>
+New revision: <email address hidden>

Index: environs/cloudinit/cloudinit.go
=== modified file 'environs/cloudinit/cloudinit.go'
--- environs/cloudinit/cloudinit.go 2012-11-14 14:09:56 +0000
+++ environs/cloudinit/cloudinit.go 2012-11-15 16:11:30 +0000
@@ -29,6 +29,10 @@
   // or MongoDB instance.
   StateServer bool

+ // RootCertPEM holds the x509 certificate of the root CA
+ // that signed the state server certificate, in PEM format.
+ RootCertPEM []byte
+
   // StateServerPEM holds the state server certificate and private
   // key in PEM format; it is required when StateServer is set,
   // and ignored otherwise.
@@ -85,7 +89,10 @@
   return base64.StdEncoding.EncodeToString(data)
  }

-const serverPEMPath = "/var/lib/juju/server.pem"
+const (
+ serverPEMPath = "/var/lib/juju/server.pem"
+ rootCertPEMPath = "/var/lib/juju/root.pem"
+)

  func New(cfg *MachineConfig) (*cloudinit.Config, error) {
   if err := verifyConfig(cfg); err != nil {
@@ -115,6 +122,10 @@
    debugFlag = " --debug"
   }

+ addScripts(c,
+ fmt.Sprintf("echo %s > %s", shquote(string(cfg.RootCertPEM)),
rootCertPEMPath),
+ )
+
   if cfg.StateServer {
    addScripts(c,
     fmt.Sprintf("echo %s > %s",
@@ -280,6 +291,9 @@
   if cfg.StateInfo == nil {
    return fmt.Errorf("missing state info")
   }
+ if len(cfg.RootCertPEM) == 0 {
+ return fmt.Errorf("missing root CA certificate PEM")
+ }
   if cfg.StateServer {
    if cfg.InstanceIdAccessor == "" {
     return fmt.Errorf("missing instance id accessor")

Index: environs/cloudinit/cloudinit_test.go
=== modified file 'environs/cloudinit/cloudinit_test.go'
--- environs/cloudinit/cloudinit_test.go 2012-11-14 14:09:56 +0000
+++ environs/cloudinit/cloudinit_test.go 2012-11-15 16:11:30 +0000
@@ -44,6 +44,7 @@
    Tools: newSimpleTools("1.2.3-linux-amd64"),
    StateServer: true,
    StateServerPEM: serverPEM,
+ RootCertPEM: rootCertPEM,
    StateInfo: &state.Info{
     Password: "arble",
    },
@@ -56,6 +57,7 @@
    AuthorizedKeys: "sshkey1",
    DataDir: "/var/lib/juju",
    StateServer: false,
+ RootCertPEM: rootCertPEM,
    Tools: newSimpleTools("1.2.3-linux-amd64"),
    StateInfo: &state.Info{
     Addrs: []string{"state-addr.example.com"},
@@ -260,6 +262,13 @@
   {"missing state server PEM", func(cfg *cloudinit.MachineCo...

Read more...

Reply
Revision history for this message
Roger Peppe (rogpeppe) wrote :

On 2012/11/15 16:42:33, TheMue wrote:
> LGTM

i've put this back to WIP as i don't think it's right.

https://codereview.appspot.com/6854054/

Reply

Unmerged revisions

724. By Roger Peppe

gofmt

723. By Roger Peppe

environs/ec2: add fake root cert to MachineConfig

722. By Roger Peppe

environs/cloudinit: add RootCertPEM field

721. By Roger Peppe

cmd/juju: reenable bootstrap tests.

Looks like I forgot to add a call to gocheck.Suite
in revision 669. Oops.

R=niemeyer
CC=
https://codereview.appspot.com/6848052

720. By Roger Peppe

environs: add a certificate argument to Bootstrap

R=dfc, niemeyer, TheMue
CC=
https://codereview.appspot.com/6819115

719. By Roger Peppe

environs/cloudinit: add cert/private key

First stage in enabling TLS.

R=dfc, TheMue, niemeyer
CC=
https://codereview.appspot.com/6811095

718. By Dave Cheney

Add README

R=fwereade, aram
CC=
https://codereview.appspot.com/6816114

717. By Dave Cheney

Add CONTRIBUTING

R=fwereade, niemeyer, aram
CC=
https://codereview.appspot.com/6817113

716. By William Reade

uniter_test: snappier waitUniterDead

waitUniterDead was on occasion waiting almost the full 5 seconds before the
uniter happened to notice it was ready to die. We now repeatedly sync state
while waiting, in order to ensure timely detection of state changes on the
uniter side. On this machine, this change speeds up the uniter suite by
roughly 20%.

R=
CC=
https://codereview.appspot.com/6815089

715. By Roger Peppe

environs/jujutest: further refinement

We change to use attributes rather than config.Config.
This enables us to have configuration values drawn from an environment
set up for the test, for instance from a faked-up home directory.

R=fwereade, TheMue
CC=
https://codereview.appspot.com/6851043

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches