diff options
author | Håkon Hallingstad <hakon@oath.com> | 2018-11-12 09:53:35 +0100 |
---|---|---|
committer | Håkon Hallingstad <hakon@oath.com> | 2018-11-12 09:53:35 +0100 |
commit | b7374d95ad8ca1595ee36d0ca86b19fb1f329ad3 (patch) | |
tree | 245b2fc75082398dc1ec34fc0ed364a3fa1b06c0 /node-admin | |
parent | 97c58bac8ecc52b4fb1a0b3af82f557f8200878e (diff) |
Use username instead
Diffstat (limited to 'node-admin')
11 files changed, 41 insertions, 48 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 92d3ad14aa7..8c5104f0152 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -34,7 +34,6 @@ import java.net.URI; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.nio.file.StandardCopyOption; import java.security.KeyPair; import java.security.PrivateKey; import java.security.cert.X509Certificate; @@ -167,7 +166,7 @@ public class AthenzCredentialsMaintainer { false, csr); EntityBindingsMapper.writeSignedIdentityDocumentToFile(identityDocumentFile, signedIdentityDocument); - writePrivateKeyAndCertificate(context.vespaUserIdOnHost(), privateKeyFile, keyPair.getPrivate(), + writePrivateKeyAndCertificate(context.vespaUserOnHost(), privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); context.log(logger, "Instance successfully registered and credentials written to file"); } @@ -192,7 +191,7 @@ public class AthenzCredentialsMaintainer { identityDocument.providerUniqueId().asDottedString(), false, csr); - writePrivateKeyAndCertificate(context.vespaUserIdOnHost(), privateKeyFile, keyPair.getPrivate(), + writePrivateKeyAndCertificate(context.vespaUserOnHost(), privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); context.log(logger, "Instance successfully refreshed and credentials written to file"); } catch (ZtsClientException e) { @@ -209,28 +208,23 @@ public class AthenzCredentialsMaintainer { } - private static void writePrivateKeyAndCertificate(int vespaUserIdOnHost, + private static void writePrivateKeyAndCertificate(String vespaUserOnHost, Path privateKeyFile, PrivateKey privateKey, Path certificateFile, X509Certificate certificate) { - writeFile(privateKeyFile, vespaUserIdOnHost, KeyUtils.toPem(privateKey)); - writeFile(certificateFile, vespaUserIdOnHost, X509CertificateUtils.toPem(certificate)); + writeFile(privateKeyFile, vespaUserOnHost, KeyUtils.toPem(privateKey)); + writeFile(certificateFile, vespaUserOnHost, X509CertificateUtils.toPem(certificate)); } - private static void writeFile(Path path, int vespaUserIdOnHost, String utf8Content) { + private static void writeFile(Path path, String vespaUserOnHost, String utf8Content) { new UnixPath(path.toString() + ".tmp") - .createNewFile("---------") - .setOwnerId(vespaUserIdOnHost) - .setPermissions("r-----------") + .createNewFile("r--------") + .setOwner(vespaUserOnHost) .writeUtf8File(utf8Content) .atomicMove(path); } - private static Path toTempPath(Path file) { - return Paths.get(file.toAbsolutePath().toString() + ".tmp"); - } - private static X509Certificate readCertificateFromFile(Path certificateFile) throws IOException { String pemEncodedCertificate = new String(Files.readAllBytes(certificateFile)); return X509CertificateUtils.fromPem(pemEncodedCertificate); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java index 1f3e02433cb..4874eccb913 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContext.java @@ -27,7 +27,7 @@ public interface NodeAgentContext extends TaskContext { String vespaUser(); - int vespaUserIdOnHost(); + String vespaUserOnHost(); /** * This method is the inverse of {@link #pathInNodeFromPathOnHost(Path)}} diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java index 04edb033d75..fe0874f4121 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java @@ -34,12 +34,12 @@ public class NodeAgentContextImpl implements NodeAgentContext { private final Path pathToNodeRootOnHost; private final Path pathToVespaHome; private final String vespaUser; - private final int vespaUserIdOnHost; + private final String vespaUserIdOnHost; public NodeAgentContextImpl(String hostname, NodeType nodeType, AthenzService identity, DockerNetworking dockerNetworking, ZoneId zoneId, Path pathToContainerStorage, Path pathToVespaHome, - String vespaUser, int vespaUserIdOnHost) { + String vespaUser, String vespaUserIdOnHost) { this.hostName = HostName.from(Objects.requireNonNull(hostname)); this.containerName = ContainerName.fromHostname(hostname); this.nodeType = Objects.requireNonNull(nodeType); @@ -89,7 +89,7 @@ public class NodeAgentContextImpl implements NodeAgentContext { } @Override - public int vespaUserIdOnHost() { + public String vespaUserOnHost() { return vespaUserIdOnHost; } @@ -146,11 +146,10 @@ public class NodeAgentContextImpl implements NodeAgentContext { private Path pathToContainerStorage; private Path pathToVespaHome; private String vespaUser; - private Integer vespaUserIdOnHost; + private String vespaUserOnHost; - public Builder(String hostname, int vespaUserIdOnHost) { + public Builder(String hostname) { this.hostname = hostname; - this.vespaUserIdOnHost = vespaUserIdOnHost; } public Builder nodeType(NodeType nodeType) { @@ -188,6 +187,11 @@ public class NodeAgentContextImpl implements NodeAgentContext { return this; } + public Builder vespaUserOnHost(String vespaUserOnHost) { + this.vespaUserOnHost = vespaUserOnHost; + return this; + } + public Builder fileSystem(FileSystem fileSystem) { return pathToContainerStorage(fileSystem.getPath("/home/docker")); } @@ -202,7 +206,7 @@ public class NodeAgentContextImpl implements NodeAgentContext { Optional.ofNullable(pathToContainerStorage).orElseGet(() -> Paths.get("/home/docker")), Optional.ofNullable(pathToVespaHome).orElseGet(() -> Paths.get("/opt/vespa")), Optional.ofNullable(vespaUser).orElse("vespa"), - vespaUserIdOnHost); + Optional.ofNullable(vespaUserOnHost).orElse("container_vespa")); } } } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/UnixPath.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/UnixPath.java index 064354ddc9c..609ff22f2d2 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/UnixPath.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/file/UnixPath.java @@ -68,12 +68,12 @@ public class UnixPath { } public UnixPath writeUtf8File(String content, OpenOption... options) { - writeBytes(content.getBytes(StandardCharsets.UTF_8), options); - return this; + return writeBytes(content.getBytes(StandardCharsets.UTF_8), options); } - public void writeBytes(byte[] content, OpenOption... options) { + public UnixPath writeBytes(byte[] content, OpenOption... options) { uncheck(() -> Files.write(path, content, options)); + return this; } public String getPermissions() { @@ -90,37 +90,30 @@ public class UnixPath { return this; } - public int getOwnerId() { - return (Integer) uncheck(() -> Files.getAttribute(path, "unix:uid")); - } - - public UnixPath setOwnerId(int ownerId) { - uncheck(() -> Files.setAttribute(path, "unix:uid", ownerId)); - return this; - } - public String getOwner() { return getAttributes().owner(); } - public void setOwner(String owner) { + public UnixPath setOwner(String owner) { UserPrincipalLookupService service = path.getFileSystem().getUserPrincipalLookupService(); UserPrincipal principal = uncheck( () -> service.lookupPrincipalByName(owner), "While looking up user %s", owner); uncheck(() -> Files.setOwner(path, principal)); + return this; } public String getGroup() { return getAttributes().group(); } - public void setGroup(String group) { + public UnixPath setGroup(String group) { UserPrincipalLookupService service = path.getFileSystem().getUserPrincipalLookupService(); GroupPrincipal principal = uncheck( () -> service.lookupPrincipalByGroupName(group), "while looking up group %s", group); uncheck(() -> Files.getFileAttributeView(path, PosixFileAttributeView.class).setGroup(principal)); + return this; } public Instant getLastModifiedTime() { @@ -148,14 +141,16 @@ public class UnixPath { return this; } - public void createDirectory(String permissions) { + public UnixPath createDirectory(String permissions) { Set<PosixFilePermission> set = getPosixFilePermissionsFromString(permissions); FileAttribute<Set<PosixFilePermission>> attribute = PosixFilePermissions.asFileAttribute(set); uncheck(() -> Files.createDirectory(path, attribute)); + return this; } - public void createDirectory() { + public UnixPath createDirectory() { uncheck(() -> Files.createDirectory(path)); + return this; } public boolean isDirectory() { diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImplTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImplTest.java index fddfd2d875e..6e8cfce6c37 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImplTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImplTest.java @@ -46,7 +46,7 @@ public class DockerOperationsImplTest { @Test public void processResultFromNodeProgramWhenSuccess() { - final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld", 1000).build(); + final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld").build(); final ProcessResult actualResult = new ProcessResult(0, "output", "errors"); when(docker.executeInContainerAsUser(any(), any(), any(), any())) @@ -67,7 +67,7 @@ public class DockerOperationsImplTest { @Test(expected = RuntimeException.class) public void processResultFromNodeProgramWhenNonZeroExitCode() { - final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld", 1000).build(); + final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld").build(); final ProcessResult actualResult = new ProcessResult(3, "output", "errors"); when(docker.executeInContainerAsUser(any(), any(), any(), any())) diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerTester.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerTester.java index d2cc0c8fd7e..e22606104f1 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerTester.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerTester.java @@ -94,7 +94,7 @@ public class DockerTester implements AutoCloseable { MetricReceiverWrapper mr = new MetricReceiverWrapper(MetricReceiver.nullImplementation); Function<String, NodeAgent> nodeAgentFactory = (hostName) -> new NodeAgentImpl( - new NodeAgentContextImpl.Builder(hostName, 1000).fileSystem(fileSystem).build(), nodeRepository, + new NodeAgentContextImpl.Builder(hostName).fileSystem(fileSystem).build(), nodeRepository, orchestrator, dockerOperations, storageMaintainer, clock, INTERVAL, Optional.empty(), Optional.empty(), Optional.empty()); nodeAdmin = new NodeAdminImpl(nodeAgentFactory, Optional.empty(), mr, Clock.systemUTC()); nodeAdminStateUpdater = new NodeAdminStateUpdater(nodeRepository, orchestrator, diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/StorageMaintainerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/StorageMaintainerTest.java index 9e961ff03b4..cf5d29d70f1 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/StorageMaintainerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/StorageMaintainerTest.java @@ -152,7 +152,7 @@ public class StorageMaintainerTest { } private Path executeAs(NodeType nodeType) { - NodeAgentContext context = new NodeAgentContextImpl.Builder("host123-5.test.domain.tld", 1000) + NodeAgentContext context = new NodeAgentContextImpl.Builder("host123-5.test.domain.tld") .nodeType(nodeType) .fileSystem(TestFileSystem.create()) .zoneId(new ZoneId(SystemName.dev, Environment.prod, RegionName.from("us-north-1"))).build(); @@ -197,7 +197,7 @@ public class StorageMaintainerTest { public void testDiskUsed() throws IOException { StorageMaintainer storageMaintainer = new StorageMaintainer(terminal, docker, null, null); FileSystem fileSystem = TestFileSystem.create(); - NodeAgentContext context = new NodeAgentContextImpl.Builder("host-1.domain.tld", 1000).fileSystem(fileSystem).build(); + NodeAgentContext context = new NodeAgentContextImpl.Builder("host-1.domain.tld").fileSystem(fileSystem).build(); Files.createDirectories(context.pathOnHostFromPathInNode("/")); terminal.expectCommand("du -xsk /home/docker/host-1 2>&1", 0, "321\t/home/docker/host-1/"); @@ -265,7 +265,7 @@ public class StorageMaintainerTest { } private NodeAgentContext createNodeAgentContextAndContainerStorage(FileSystem fileSystem, String containerName) throws IOException { - NodeAgentContext context = new NodeAgentContextImpl.Builder(containerName + ".domain.tld", 1000) + NodeAgentContext context = new NodeAgentContextImpl.Builder(containerName + ".domain.tld") .fileSystem(fileSystem).build(); Path containerVespaHomeOnHost = context.pathOnHostFromPathInNode(context.pathInNodeUnderVespaHome("")); diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollectorTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollectorTest.java index d1e34befa38..d809d9cbf96 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollectorTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollectorTest.java @@ -27,7 +27,7 @@ public class CoreCollectorTest { private final String GDB_PATH = "/my/path/to/gdb"; private final DockerOperations docker = mock(DockerOperations.class); private final CoreCollector coreCollector = new CoreCollector(docker, Paths.get(GDB_PATH)); - private final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld", 1000).build(); + private final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld").build(); private final Path TEST_CORE_PATH = Paths.get("/tmp/core.1234"); private final Path TEST_BIN_PATH = Paths.get("/usr/bin/program"); diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java index ec294f1e118..8d599660ace 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java @@ -47,7 +47,7 @@ import static org.mockito.Mockito.when; public class CoredumpHandlerTest { private final FileSystem fileSystem = TestFileSystem.create(); private final Path donePath = fileSystem.getPath("/home/docker/dumps"); - private final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld", 1000) + private final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-123.domain.tld") .fileSystem(fileSystem).build(); private final Path crashPathInContainer = Paths.get("/var/crash"); private final Path doneCoredumpsPath = fileSystem.getPath("/home/docker/dumps"); diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImplTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImplTest.java index 60ac93c41d8..84f13ed299a 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImplTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImplTest.java @@ -12,7 +12,7 @@ import static org.junit.Assert.assertEquals; */ public class NodeAgentContextImplTest { private final FileSystem fileSystem = TestFileSystem.create(); - private final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-1.domain.tld", 1000) + private final NodeAgentContext context = new NodeAgentContextImpl.Builder("container-1.domain.tld") .fileSystem(fileSystem).build(); @Test diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java index af5c17ff34f..83ee9b57918 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentImplTest.java @@ -63,7 +63,7 @@ public class NodeAgentImplTest { private static final String vespaVersion = "1.2.3"; private final String hostName = "host1.test.yahoo.com"; - private final NodeAgentContext context = new NodeAgentContextImpl.Builder(hostName, 1000).build(); + private final NodeAgentContext context = new NodeAgentContextImpl.Builder(hostName).build(); private final DockerImage dockerImage = new DockerImage("dockerImage"); private final DockerOperations dockerOperations = mock(DockerOperations.class); private final NodeRepository nodeRepository = mock(NodeRepository.class); |