container provisioner may choose bad tools
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
Low
|
Andrew Wilkins |
Bug Description
The container_
We should use version.Current explicitly, and directly request all matching tools for that version with the series specified on the new machine. This matches the algorithm in the environ provisioner -- but we cannot use the current implementation, because the environ provisioner directly requests the tools from the environ, and the container provisioner doesn't have access to that (because we don't want to expose the environ creds to every agent).
*so*... we basically need to:
1) add a provisioner API that accepts a version.Number (which will be version.Current, as discovered on the provisioner) and a series (and perhaps an optional arch, in case one is set in the constraints?), and returns all possible versions.
2) drop the tools part of the container-artifacts initialisation entirely, and drop the Tools method -- and probably the HasTools interface too
3) drop the branching in container_task's possibleTools implementation, and just always call that API.
To do this *right*, we should also start storing a tools catalogue in state -- and always store all referenced tools directly in the environment -- so we don't need to keep on hitting simplestreams any time anyone asks.
I'm marking this low priority, because even though it *sucks*, the actual consequences are relatively minor -- it'll impact a single container that can be force-destroyed and recreated, and that will happen only rarely.
Changed in juju-core: | |
status: | In Progress → Fix Committed |
milestone: | none → 1.21-alpha1 |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
Will fix this as part of cataloguing/storing tools in state.