You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by aledsage <gi...@git.apache.org> on 2015/04/15 07:02:12 UTC
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
GitHub user aledsage opened a pull request:
https://github.com/apache/incubator-brooklyn/pull/598
Adds CreateUserPolicy
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/incubator-brooklyn feature/CreateUserPolicy
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-brooklyn/pull/598.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #598
----
commit 8839b36829e69fae519d955ec9855ba42f285e6c
Author: Aled Sage <al...@gmail.com>
Date: 2015-04-14T19:48:53Z
Adds CreateUserPolicy
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#discussion_r28394230
--- Diff: locations/jclouds/src/main/java/brooklyn/policy/vmcustomization/CreateUserPolicy.java ---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.policy.vmcustomization;
+
+import java.util.List;
+
+import org.jclouds.compute.config.AdminAccessConfiguration;
+import org.jclouds.scriptbuilder.functions.InitAdminAccess;
+import org.jclouds.scriptbuilder.statements.login.AdminAccess;
+import org.jclouds.scriptbuilder.statements.ssh.SshdConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import brooklyn.config.ConfigKey;
+import brooklyn.entity.Entity;
+import brooklyn.entity.basic.AbstractEntity;
+import brooklyn.entity.basic.ConfigKeys;
+import brooklyn.entity.basic.EntityInternal;
+import brooklyn.entity.basic.EntityLocal;
+import brooklyn.event.AttributeSensor;
+import brooklyn.event.SensorEvent;
+import brooklyn.event.SensorEventListener;
+import brooklyn.event.basic.Sensors;
+import brooklyn.location.Location;
+import brooklyn.location.basic.SshMachineLocation;
+import brooklyn.policy.basic.AbstractPolicy;
+import brooklyn.util.flags.SetFromFlag;
+import brooklyn.util.internal.ssh.SshTool;
+import brooklyn.util.text.Identifiers;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+
+/**
+ * When attached to an entity, this will monitor for when an {@link SshMachineLocation} is added to that entity
+ * (e.g. when a VM has been provisioned for it).
+ *
+ * The policy will then (asynchronously) add a new user to the VM, with a randomly generated password.
+ * The ssh details will be set as a sensor on the entity.
+ *
+ * If this is used, it is strongly encouraged to tell users to change the password on first login.
+ *
+ * A preferred mechanism would be for an external key-management tool to generate ssh key-pairs for
+ * the user, and for the public key to be passed to Brooklyn. However, there is not a customer
+ * requirement for that yet, so focusing on the password-approach.
+ */
+public class CreateUserPolicy extends AbstractPolicy implements SensorEventListener<Location> {
+
+ private static final Logger LOG = LoggerFactory.getLogger(CreateUserPolicy.class);
+
+ @SetFromFlag("user")
+ public static final ConfigKey<String> VM_USERNAME = ConfigKeys.newStringConfigKey("createuser.vm.user.name");
+
+ @SetFromFlag("grantSudo")
+ public static final ConfigKey<Boolean> GRANT_SUDO = ConfigKeys.newBooleanConfigKey(
--- End diff --
Default of grantSudo=false here, so not sure we want to share with `JcloudsLocationConfig`'s (also description there says "Irrelevant if dontCreateUser is true", so wouldn't make sense in this context.
This policy is not tied to VMs/clouds (it just piggie backs off the `AdminAccess` class in jclouds), so I think it would be confusing for it to reference a key in `CloudLocationConfig`.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-brooklyn/pull/598
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#discussion_r28393735
--- Diff: locations/jclouds/src/main/java/brooklyn/policy/vmcustomization/CreateUserPolicy.java ---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.policy.vmcustomization;
+
+import java.util.List;
+
+import org.jclouds.compute.config.AdminAccessConfiguration;
+import org.jclouds.scriptbuilder.functions.InitAdminAccess;
+import org.jclouds.scriptbuilder.statements.login.AdminAccess;
+import org.jclouds.scriptbuilder.statements.ssh.SshdConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import brooklyn.config.ConfigKey;
+import brooklyn.entity.Entity;
+import brooklyn.entity.basic.AbstractEntity;
+import brooklyn.entity.basic.ConfigKeys;
+import brooklyn.entity.basic.EntityInternal;
+import brooklyn.entity.basic.EntityLocal;
+import brooklyn.event.AttributeSensor;
+import brooklyn.event.SensorEvent;
+import brooklyn.event.SensorEventListener;
+import brooklyn.event.basic.Sensors;
+import brooklyn.location.Location;
+import brooklyn.location.basic.SshMachineLocation;
+import brooklyn.policy.basic.AbstractPolicy;
+import brooklyn.util.flags.SetFromFlag;
+import brooklyn.util.internal.ssh.SshTool;
+import brooklyn.util.text.Identifiers;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+
+/**
+ * When attached to an entity, this will monitor for when an {@link SshMachineLocation} is added to that entity
+ * (e.g. when a VM has been provisioned for it).
+ *
+ * The policy will then (asynchronously) add a new user to the VM, with a randomly generated password.
+ * The ssh details will be set as a sensor on the entity.
+ *
+ * If this is used, it is strongly encouraged to tell users to change the password on first login.
+ *
+ * A preferred mechanism would be for an external key-management tool to generate ssh key-pairs for
+ * the user, and for the public key to be passed to Brooklyn. However, there is not a customer
+ * requirement for that yet, so focusing on the password-approach.
+ */
+public class CreateUserPolicy extends AbstractPolicy implements SensorEventListener<Location> {
+
+ private static final Logger LOG = LoggerFactory.getLogger(CreateUserPolicy.class);
+
+ @SetFromFlag("user")
+ public static final ConfigKey<String> VM_USERNAME = ConfigKeys.newStringConfigKey("createuser.vm.user.name");
+
+ @SetFromFlag("grantSudo")
+ public static final ConfigKey<Boolean> GRANT_SUDO = ConfigKeys.newBooleanConfigKey(
+ "createuser.vm.user.grantSudo",
+ "Whether to give the new user sudo rights",
+ false);
+
+ public static final AttributeSensor<String> VM_USER_CREDENTIALS = Sensors.newStringSensor("createuser.vm.user.credentials");
--- End diff --
aha it's the password, and for now nothing is configurable and keys not supported, though those are an obvious functionality to add in the future. suggest those as TODO items?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#discussion_r28393658
--- Diff: locations/jclouds/src/main/java/brooklyn/policy/vmcustomization/CreateUserPolicy.java ---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.policy.vmcustomization;
+
+import java.util.List;
+
+import org.jclouds.compute.config.AdminAccessConfiguration;
+import org.jclouds.scriptbuilder.functions.InitAdminAccess;
+import org.jclouds.scriptbuilder.statements.login.AdminAccess;
+import org.jclouds.scriptbuilder.statements.ssh.SshdConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import brooklyn.config.ConfigKey;
+import brooklyn.entity.Entity;
+import brooklyn.entity.basic.AbstractEntity;
+import brooklyn.entity.basic.ConfigKeys;
+import brooklyn.entity.basic.EntityInternal;
+import brooklyn.entity.basic.EntityLocal;
+import brooklyn.event.AttributeSensor;
+import brooklyn.event.SensorEvent;
+import brooklyn.event.SensorEventListener;
+import brooklyn.event.basic.Sensors;
+import brooklyn.location.Location;
+import brooklyn.location.basic.SshMachineLocation;
+import brooklyn.policy.basic.AbstractPolicy;
+import brooklyn.util.flags.SetFromFlag;
+import brooklyn.util.internal.ssh.SshTool;
+import brooklyn.util.text.Identifiers;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+
+/**
+ * When attached to an entity, this will monitor for when an {@link SshMachineLocation} is added to that entity
+ * (e.g. when a VM has been provisioned for it).
+ *
+ * The policy will then (asynchronously) add a new user to the VM, with a randomly generated password.
+ * The ssh details will be set as a sensor on the entity.
+ *
+ * If this is used, it is strongly encouraged to tell users to change the password on first login.
+ *
+ * A preferred mechanism would be for an external key-management tool to generate ssh key-pairs for
+ * the user, and for the public key to be passed to Brooklyn. However, there is not a customer
+ * requirement for that yet, so focusing on the password-approach.
+ */
+public class CreateUserPolicy extends AbstractPolicy implements SensorEventListener<Location> {
+
+ private static final Logger LOG = LoggerFactory.getLogger(CreateUserPolicy.class);
+
+ @SetFromFlag("user")
+ public static final ConfigKey<String> VM_USERNAME = ConfigKeys.newStringConfigKey("createuser.vm.user.name");
+
+ @SetFromFlag("grantSudo")
+ public static final ConfigKey<Boolean> GRANT_SUDO = ConfigKeys.newBooleanConfigKey(
--- End diff --
we already have `JcloudsLocationConfig.GRANT_USER_SUDO` -- any nice way to share a key? promote to `CloudLocationConfig` ?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#issuecomment-93207729
`createuser.vm.user.name` is a four-segment config key. it's got a flag so not an impediment. more wondering, as a general trend, should these configs be qualified, or should we just call them `user`. in the scope of this policy it's totally unambiguous what it means.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#issuecomment-93200912
Thanks @ahgittin
For the 4-segment thing, that's for the attribute rather than the config key. The config is just a simple user. The single attribute keeps everything together, because this is a different user from that mentioned in the `Attributes.SSH_ADDRESS` (the latter refers to the user setup for the `SshMachineLocation`).
AdminAccess re-use: agreed; will add comment about it. And will add other descriptions.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#issuecomment-93191484
looks good. minor comments in the text but nothing significant -- happy to merge it as is (package rename probably the most significant.)
so higher level thoughts:
* is there a good reason to have elaborate 4-segment config keys here? or could we just share `USER` (`user`) and `PASSWORD` and `GRANT_USER_SUDO` from `JcloudsLocationConfig`?
* feels like in time we could share `AdminAccess` setup with what `JcloudsLocation` does -- maybe worth a comment to this effect, but more work than it's worth to do now i think
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#discussion_r28393615
--- Diff: locations/jclouds/src/main/java/brooklyn/policy/vmcustomization/CreateUserPolicy.java ---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.policy.vmcustomization;
--- End diff --
`brooklyn.policy.os` ?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: Adds CreateUserPolicy
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/598#discussion_r28393689
--- Diff: locations/jclouds/src/main/java/brooklyn/policy/vmcustomization/CreateUserPolicy.java ---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.policy.vmcustomization;
+
+import java.util.List;
+
+import org.jclouds.compute.config.AdminAccessConfiguration;
+import org.jclouds.scriptbuilder.functions.InitAdminAccess;
+import org.jclouds.scriptbuilder.statements.login.AdminAccess;
+import org.jclouds.scriptbuilder.statements.ssh.SshdConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import brooklyn.config.ConfigKey;
+import brooklyn.entity.Entity;
+import brooklyn.entity.basic.AbstractEntity;
+import brooklyn.entity.basic.ConfigKeys;
+import brooklyn.entity.basic.EntityInternal;
+import brooklyn.entity.basic.EntityLocal;
+import brooklyn.event.AttributeSensor;
+import brooklyn.event.SensorEvent;
+import brooklyn.event.SensorEventListener;
+import brooklyn.event.basic.Sensors;
+import brooklyn.location.Location;
+import brooklyn.location.basic.SshMachineLocation;
+import brooklyn.policy.basic.AbstractPolicy;
+import brooklyn.util.flags.SetFromFlag;
+import brooklyn.util.internal.ssh.SshTool;
+import brooklyn.util.text.Identifiers;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+
+/**
+ * When attached to an entity, this will monitor for when an {@link SshMachineLocation} is added to that entity
+ * (e.g. when a VM has been provisioned for it).
+ *
+ * The policy will then (asynchronously) add a new user to the VM, with a randomly generated password.
+ * The ssh details will be set as a sensor on the entity.
+ *
+ * If this is used, it is strongly encouraged to tell users to change the password on first login.
+ *
+ * A preferred mechanism would be for an external key-management tool to generate ssh key-pairs for
+ * the user, and for the public key to be passed to Brooklyn. However, there is not a customer
+ * requirement for that yet, so focusing on the password-approach.
+ */
+public class CreateUserPolicy extends AbstractPolicy implements SensorEventListener<Location> {
+
+ private static final Logger LOG = LoggerFactory.getLogger(CreateUserPolicy.class);
+
+ @SetFromFlag("user")
+ public static final ConfigKey<String> VM_USERNAME = ConfigKeys.newStringConfigKey("createuser.vm.user.name");
+
+ @SetFromFlag("grantSudo")
+ public static final ConfigKey<Boolean> GRANT_SUDO = ConfigKeys.newBooleanConfigKey(
+ "createuser.vm.user.grantSudo",
+ "Whether to give the new user sudo rights",
+ false);
+
+ public static final AttributeSensor<String> VM_USER_CREDENTIALS = Sensors.newStringSensor("createuser.vm.user.credentials");
--- End diff --
is this a password or a private key or something else? add a description.
should this be configurable as well?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---