search

kapilt / juju-digitalocean

JuDo - A juju provider for digital ocean using a client side plugin and manual provisioning.
111 stars 17 forks source link

Unable to add services because ubuntu user is not being added #38

Closed brookemckim closed 3 years ago

brookemckim commented 9 years ago

As part of the manual provider JuJu will ensure the ubuntu user exists on all machines added. This is triggered here https://github.com/juju/juju/blob/master/provider/manual/provider.go#L26 and you can see the script it adds here https://github.com/juju/juju/blob/8da94246468a4da71e62894f7a8a1bbbce112697/environs/manual/init.go#L177

Without the ubuntu user the services will fail to work because the bootstrap machine attempts to connect to the new machines via ssh ubuntu@[host]. I haven't been able to track down why that codepath isn't being run, but I assume it has to do with the fact the python-jujuclient is being used to RPC into the apiserver library.

Here is what the user-data script looks like to bootstrap new machines

#!/bin/bash
rm -f '/var/log/cloud-init-output.log'
dump_file() {
    code=$?
    if [ $code -ne 0 -a -e '/var/log/cloud-init-output.log' ]; then
        cat '/var/log/cloud-init-output.log' >&2
    fi
    exit $code
}
trap dump_file EXIT
#!/bin/bash
set -e
test -e /proc/self/fd/9 || exec 9>&2
(
test -e /proc/self/fd/9 || exec 9>&2
echo 'Logging to /var/log/cloud-init-output.log on remote host' >&9
export DEBIAN_FRONTEND=noninteractive

function package_manager_loop {
    local rc=
    while true; do
        if ($*); then
                return 0
        else
                rc=$?
        fi
        if [ $rc -eq 100 ]; then
                sleep 10s
                continue
        fi
        return $rc
    done
}

echo 'Running apt-get update' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet update
echo 'Installing package: curl' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install curl
echo 'Installing package: cpu-checker' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install cpu-checker
echo 'Installing package: bridge-utils' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install bridge-utils
echo 'Installing package: rsyslog-gnutls' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install rsyslog-gnutls
echo 'Installing package: cloud-utils' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install cloud-utils
echo 'Installing package: cloud-image-utils' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install cloud-image-utils
echo 'Installing package: tmux' >&9
package_manager_loop apt-get --option=Dpkg::Options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet install tmux
test -e /proc/self/fd/9 || exec 9>&2
([ ! -e /home/ubuntu/.profile ] || grep -q '.juju-proxy' /home/ubuntu/.profile) || printf '\n# Added by juju\n[ -f "$HOME/.juju-proxy" ] && . "$HOME/.juju-proxy"\n' >> /home/ubuntu/.profile
mkdir -p /var/lib/juju/locks
(id ubuntu &> /dev/null) && chown ubuntu:ubuntu /var/lib/juju/locks
mkdir -p /var/log/juju
chown syslog:adm /var/log/juju
bin='/var/lib/juju/tools/1.24.4-trusty-amd64'
mkdir -p $bin
echo 'Fetching tools: curl -sSfw '"'"'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s '"'"' --noproxy "*" --insecure -o $bin/tools.tar.gz <[https://45.55.206.245:17070/tools/1.24.4-trusty-amd64]>' >&9

for n in $(seq 5); do

    printf "Attempt $n to download tools from %s...\n" 'https://45.55.206.245:17070/tools/1.24.4-trusty-amd64'
    curl -sSfw 'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s ' --noproxy "*" --insecure -o $bin/tools.tar.gz 'https://45.55.206.245:17070/tools/1.24.4-trusty-amd64' && echo "Tools downloaded successfully." && break

    if [ $n -lt 5 ]; then
        echo "Download failed..... wait 15s"
    fi
    sleep 15
done
sha256sum $bin/tools.tar.gz > $bin/juju1.24.4-trusty-amd64.sha256
grep '121cebb5c8ab12761827431a0375f9a18ac0b77ee552f50ff8d6856a36d53907' $bin/juju1.24.4-trusty-amd64.sha256 || (echo "Tools checksum mismatch"; exit 1)
tar zxf $bin/tools.tar.gz -C $bin
printf %s '{"version":"1.24.4-trusty-amd64","url":"https://10.132.222.174:17070/environment/f5f99640-4ede-4d46-8432-aea864e1a2c3/tools/1.24.4-trusty-amd64","sha256":"121cebb5c8ab12761827431a0375f9a18ac0b77ee552f50ff8d6856a36d53907","size":16645207}' > $bin/downloaded-tools.txt
mkdir -p '/var/lib/juju/agents/machine-5'
cat > '/var/lib/juju/agents/machine-5/agent.conf' << 'EOF'
# format 1.18
tag: machine-5
datadir: /var/lib/juju
logdir: /var/log/juju
nonce: manual:a4cfeef6e5124445a172ca77302fa847
jobs:
- JobHostUnits
upgradedToVersion: 1.24.4
cacert: |
  -----BEGIN CERTIFICATE-----
  MIICaTCCAdSgAwIBAgIBADALBgkqhkiG9w0BAQUwSjENMAsGA1UEChMEanVqdTE5
  MDcGA1UEAwwwanVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmlyb25tZW50ICJkaWdp
  dGFsb2NlYW4iMB4XDTE1MDgwNzE4NTcwOFoXDTI1MDgxNDE4NTcwOFowSjENMAsG
  A1UEChMEanVqdTE5MDcGA1UEAwwwanVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmly
  b25tZW50ICJkaWdpdGFsb2NlYW4iMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
  gQDQRr6OvRXoH9XmIIRT8DKGhbBCZ8LZ0G7yFMA205sJezNJWO5+0923HbtTx1t7
  uHcHSIs9YE1F8OABJ978rs8jKElNC9c2HQZIjd5hULW3KCrnqopIxY8f0wDAF+q5
  O5Ui25QXuI3ou7w30ZBdmh2ystRgWXzpz1AHk4qiz1hU/wIDAQABo2MwYTAOBgNV
  HQ8BAf8EBAMCAKQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPSjnk4u8mHqf
  AiT9hQJtlAMPBrkwHwYDVR0jBBgwFoAUPSjnk4u8mHqfAiT9hQJtlAMPBrkwCwYJ
  KoZIhvcNAQEFA4GBAH/pAlU8HA9kEoPhY3WBw7cAL5WxFwHYnlxIahMVxLe1R6Ea
  AFeWHwea1o8EQMoP8+fGzS3bM+Vm04FqXvCNWGrwtybkopIwx/kNXb5Pg5BgPJp7
  8LLyDr80u1DS/bi7RcHXIPR+h0fERI1E9yAIdETcWCFk+2b9/h5fSABOOf0l
  -----END CERTIFICATE-----
stateaddresses:
- 127.0.0.1:37017
environment: environment-f5f99640-4ede-4d46-8432-aea864e1a2c3
apiaddresses:
- 45.55.206.245:17070
oldpassword: R1LF8w9IARi3wxizxS/IZ7hN
values:
  AGENT_SERVICE_NAME: jujud-machine-5
  CONTAINER_TYPE: ""
  PROVIDER_TYPE: manual
  SECURE_STATESERVER_CONNECTION: "true"

EOF
chmod 0600 '/var/lib/juju/agents/machine-5/agent.conf'
ln -s 1.24.4-trusty-amd64 '/var/lib/juju/tools/machine-5'
echo 'Starting Juju machine agent (jujud-machine-5)' >&9
cat > /etc/init/jujud-machine-5.conf << 'EOF'
description "juju agent for machine-5"
author "Juju Team <juju@lists.ubuntu.com>"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
normal exit 0

limit nofile 20000 20000

script

  # Ensure log files are properly protected
  touch /var/log/juju/machine-5.log
  chown syslog:syslog /var/log/juju/machine-5.log
  chmod 0600 /var/log/juju/machine-5.log

  exec '/var/lib/juju/tools/machine-5/jujud' machine --data-dir '/var/lib/juju' --machine-id 5 --debug >> /var/log/juju/machine-5.log 2>&1
end script
EOF

start jujud-machine-5
rm $bin/tools.tar.gz && rm $bin/juju1.24.4-trusty-amd64.sha256
) >> /var/log/cloud-init-output.log 2>&1

As you can see it does not include adding the ubuntu user.

kapilt commented 8 years ago

i'm a little confused on why ubuntu user wouldn't exist on the server given its standard in cloud images.

lazypower commented 7 years ago

DO doesn't use our standard cloud images. They are pressing their own ubuntu images on premise from what I know. So it stands to reason there's some differences here.