def update_rally_checkfiles(self):
if not self.is_rally_enabled:
return
# Copy run_rally.sh to /usr/local/bin
rally_script = os.path.join(hookenv.charm_dir(), 'files',
'run_rally.py')
host.rsync(rally_script, self.scripts_dir, options=['--executability'])
ostestsfile = os.path.join('/home', self._rallyuser, 'ostests.txt')
render(source='ostests.txt.j2',
target=ostestsfile,
context=self._get_rally_checks_context(),
owner=self._rallyuser,
group=self._rallyuser)
proxy_settings = hookenv.env_proxy_settings()
if proxy_settings:
content = '\n'.join([
'{}={}'.format(proxy_var, proxy_var_val)
for proxy_var, proxy_var_val in proxy_settings.items()
])
else:
content = ''
context = {
'schedule': self.rally_cron_schedule,
'user': self._rallyuser,
'cmd': os.path.join(self.scripts_dir, 'run_rally.py'),
}
content += '\n#\n{schedule} {user} timeout -k 840s -s SIGTERM 780s {cmd}'.format(
**context)
with open(self.rally_cron_file, 'w') as fd:
fd.write('# Juju generated - DO NOT EDIT\n{}\n\n'.format(content))
def _get_key_by_keyid(keyid):
"""Get a key via HTTPS from the Ubuntu keyserver.
Different key ID formats are supported by SKS keyservers (the longer ones
are more secure, see "dead beef attack" and https://evil32.com/). Since
HTTPS is used, if SSLBump-like HTTPS proxies are in place, they will
impersonate keyserver.ubuntu.com and generate a certificate with
keyserver.ubuntu.com in the CN field or in SubjAltName fields of a
certificate. If such proxy behavior is expected it is necessary to add the
CA certificate chain containing the intermediate CA of the SSLBump proxy to
every machine that this code runs on via ca-certs cloud-init directive (via
cloudinit-userdata model-config) or via other means (such as through a
custom charm option). Also note that DNS resolution for the hostname in a
URL is done at a proxy server - not at the client side.
8-digit (32 bit) key ID
https://keyserver.ubuntu.com/pks/lookup?search=0x4652B4E6
16-digit (64 bit) key ID
https://keyserver.ubuntu.com/pks/lookup?search=0x6E85A86E4652B4E6
40-digit key ID:
https://keyserver.ubuntu.com/pks/lookup?search=0x35F77D63B5CEC106C577ED856E85A86E4652B4E6
:param keyid: An 8, 16 or 40 hex digit keyid to find a key for
:type keyid: (bytes, str)
:returns: A key material for the specified GPG key id
:rtype: (str, bytes)
:raises: subprocess.CalledProcessError
"""
# options=mr - machine-readable output (disables html wrappers)
keyserver_url = ('https://keyserver.ubuntu.com'
'/pks/lookup?op=get&options=mr&exact=on&search=0x{}')
curl_cmd = ['curl', keyserver_url.format(keyid)]
# use proxy server settings in order to retrieve the key
return subprocess.check_output(curl_cmd, env=env_proxy_settings(['https']))
def _format_curl_https_proxy_opt():
proxy_settings = env_proxy_settings(['https'])
https_proxy = None
if proxy_settings:
https_proxy = proxy_settings.get('https_proxy')
return '--proxy {}'.format(https_proxy) if https_proxy else ''
return ''
def _get_key_by_keyid(keyid):
"""Get a key via HTTPS from the Ubuntu keyserver.
Different key ID formats are supported by SKS keyservers (the longer ones
are more secure, see "dead beef attack" and https://evil32.com/). Since
HTTPS is used, if SSLBump-like HTTPS proxies are in place, they will
impersonate keyserver.ubuntu.com and generate a certificate with
keyserver.ubuntu.com in the CN field or in SubjAltName fields of a
certificate. If such proxy behavior is expected it is necessary to add the
CA certificate chain containing the intermediate CA of the SSLBump proxy to
every machine that this code runs on via ca-certs cloud-init directive (via
cloudinit-userdata model-config) or via other means (such as through a
custom charm option). Also note that DNS resolution for the hostname in a
URL is done at a proxy server - not at the client side.
8-digit (32 bit) key ID
https://keyserver.ubuntu.com/pks/lookup?search=0x4652B4E6
16-digit (64 bit) key ID
https://keyserver.ubuntu.com/pks/lookup?search=0x6E85A86E4652B4E6
40-digit key ID:
https://keyserver.ubuntu.com/pks/lookup?search=0x35F77D63B5CEC106C577ED856E85A86E4652B4E6
:param keyid: An 8, 16 or 40 hex digit keyid to find a key for
:type keyid: (bytes, str)
:returns: A key material for the specified GPG key id
:rtype: (str, bytes)
:raises: subprocess.CalledProcessError
"""
# options=mr - machine-readable output (disables html wrappers)
keyserver_url = ('https://keyserver.ubuntu.com'
'/pks/lookup?op=get&options=mr&exact=on&search=0x{}')
curl_cmd = ['curl', keyserver_url.format(keyid)]
# use proxy server settings in order to retrieve the key
return subprocess.check_output(curl_cmd,
env=env_proxy_settings(['https']))
def _format_curl_proxy_opt():
proxy_settings = env_proxy_settings(['http', 'https', 'no_proxy'])
result = ""
if 'https' in proxy_settings:
result += ' --proxy {}'.format(proxy_settings['https'])
if 'http' in proxy_settings:
result += ' --proxy {}'.format(proxy_settings['http'])
if 'noproxy' in proxy_settings:
result += ' --noproxy {}'.format(proxy_settings['no_proxy'])
return result
def _add_apt_repository(spec):
"""Add the spec using add_apt_repository
:param spec: the parameter to pass to add_apt_repository
:type spec: str
"""
if '{series}' in spec:
series = get_distrib_codename()
spec = spec.replace('{series}', series)
_run_with_retries(['add-apt-repository', '--yes', spec],
cmd_env=env_proxy_settings(['https', 'http']))
def proxy_env():
"""
Creates a context which temporarily modifies the proxy settings in os.environ.
"""
restore = {**os.environ} # Copy the current os.environ
juju_proxies = env_proxy_settings() or {}
os.environ.update(**juju_proxies) # Insert or Update the os.environ
yield os.environ
for key in juju_proxies:
del os.environ[key] # remove any keys which were added or updated
os.environ.update(**restore) # restore any original values
def set_http_proxy():
"""
Check if we have any values for
juju_http*_proxy and apply them.
"""
juju_environment = env_proxy_settings()
if juju_environment and not juju_environment.get('disable-juju-proxy'):
upper = ['HTTP_PROXY', 'HTTPS_PROXY', 'NO_PROXY']
lower = list(map(str.lower, upper))
keys = upper + lower
for key in keys:
from_juju = juju_environment.get(key, None)
if from_juju:
os.environ[key] = from_juju
def _add_apt_repository(spec):
"""Add the spec using add_apt_repository
:param spec: the parameter to pass to add_apt_repository
:type spec: str
"""
if '{series}' in spec:
series = get_distrib_codename()
spec = spec.replace('{series}', series)
# software-properties package for bionic properly reacts to proxy settings
# passed as environment variables (See lp:1433761). This is not the case
# LTS and non-LTS releases below bionic.
_run_with_retries(['add-apt-repository', '--yes', spec],
cmd_env=env_proxy_settings(['https']))
def _add_apt_repository(spec):
"""Add the spec using add_apt_repository
:param spec: the parameter to pass to add_apt_repository
:type spec: str
"""
if '{series}' in spec:
series = get_distrib_codename()
spec = spec.replace('{series}', series)
# software-properties package for bionic properly reacts to proxy settings
# passed as environment variables (See lp:1433761). This is not the case
# LTS and non-LTS releases below bionic.
_run_with_retries(['add-apt-repository', '--yes', spec],
cmd_env=env_proxy_settings(['https']))
def render_configuration_template(service=False):
"""
:param service: Boolean also render service file
:return: None
"""
opts = DockerOpts()
config = hookenv.config
environment_config = hookenv.env_proxy_settings()
modified_config = dict(config())
parsed_hosts = ""
if environment_config is not None:
hosts = []
for address in environment_config.get('NO_PROXY', "").split(","):
address = address.strip()
try:
net = ipaddress.ip_network(address)
ip_addresses = [str(ip) for ip in net.hosts()]
if ip_addresses == []:
hosts.append(address)
else:
hosts += ip_addresses
except ValueError:
hosts.append(address)
parsed_hosts = ",".join(hosts)
environment_config.update({
'NO_PROXY': parsed_hosts,
'no_proxy': parsed_hosts
})
for key in ['http_proxy', 'https_proxy', 'no_proxy']:
if not modified_config.get(key):
modified_config[key] = environment_config.get(key)
runtime = determine_apt_source()
render(
'docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'manual': config('docker-opts'),
'docker_runtime': runtime
})
if service:
render('docker.systemd', '/lib/systemd/system/docker.service',
modified_config)
write_daemon_json()
def _add_apt_repository(spec):
"""Add the spec using add_apt_repository
:param spec: the parameter to pass to add_apt_repository
:type spec: str
"""
series = get_distrib_codename()
if '{series}' in spec:
spec = spec.replace('{series}', series)
# software-properties package for bionic properly reacts to proxy settings
# set via apt.conf (see lp:1433761), however this is not the case for LTS
# and non-LTS releases before bionic.
if series in ('trusty', 'xenial'):
_run_with_retries(['add-apt-repository', '--yes', spec],
cmd_env=env_proxy_settings(['https', 'http']))
else:
_run_with_retries(['add-apt-repository', '--yes', spec])
def check_for_juju_https_proxy(config):
"""
If config values are defined take precedent.
LP: https://bugs.launchpad.net/charm-layer-docker/+bug/1831712
:param config: Dictionary
:return: Dictionary
"""
environment_config = env_proxy_settings()
charm_config = dict(config())
if environment_config is None or \
charm_config.get('disable-juju-proxy'):
return charm_config
no_proxy = get_hosts(environment_config)
environment_config.update({'NO_PROXY': no_proxy, 'no_proxy': no_proxy})
return merge_config(charm_config, environment_config)
