environs/cloudinit: use aria2 to download tools from API servers

axw · axw · commit 0c385db2b440 · 2014-08-28T15:14:12.000+08:00
Now that we are serving tools in the API server, we must consider
the availability of the API server at the time a machine is
provisioned. The aria2 package is an alternative to curl that
is capable of failing over to additional sources and optionally
downloading chunks in parallel.

Note: curl can be built with support for Metalink, which would
have been a more conservative option. Unfortunately the version
of curl packaged in Ubuntu does not have Metalink support enabled.
diff --git a/environs/cloudinit/cloudinit.go b/environs/cloudinit/cloudinit.go
@@ -192,7 +192,7 @@ func AddAptCommands(
 	// If we're not doing an update, adding these packages is
 	// meaningless.
 	if addUpdateScripts {
-		c.AddPackage("curl")
+		c.AddPackage("aria2")
 		c.AddPackage("cpu-checker")
 		// TODO(axw) 2014-07-02 #1277359
 		// Don't install bridge-utils in cloud-init;
diff --git a/environs/cloudinit/cloudinit_test.go b/environs/cloudinit/cloudinit_test.go
@@ -209,7 +209,7 @@ chown syslog:adm /var/log/juju
 bin='/var/lib/juju/tools/1\.2\.3-precise-amd64'
 mkdir -p \$bin
 echo 'Fetching tools.*
-curl -sSfw 'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s ' --retry 10 -o \$bin/tools\.tar\.gz 'http://foo\.com/tools/releases/juju1\.2\.3-precise-amd64\.tgz'
+aria2c --max-tries=10 --retry-wait=3 -d \$bin -o tools\.tar\.gz 'http://foo\.com/tools/releases/juju1\.2\.3-precise-amd64\.tgz'
 sha256sum \$bin/tools\.tar\.gz > \$bin/juju1\.2\.3-precise-amd64\.sha256
 grep '1234' \$bin/juju1\.2\.3-precise-amd64.sha256 \|\| \(echo "Tools checksum mismatch"; exit 1\)
 tar zxf \$bin/tools.tar.gz -C \$bin
@@ -262,7 +262,7 @@ rm \$bin/tools\.tar\.gz && rm \$bin/juju1\.2\.3-precise-amd64\.sha256
 		inexactMatch: true,
 		expectScripts: `
 bin='/var/lib/juju/tools/1\.2\.3-raring-amd64'
-curl -sSfw 'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s ' --retry 10 -o \$bin/tools\.tar\.gz 'http://foo\.com/tools/releases/juju1\.2\.3-raring-amd64\.tgz'
+aria2c --max-tries=10 --retry-wait=3 -d \$bin -o tools\.tar\.gz 'http://foo\.com/tools/releases/juju1\.2\.3-raring-amd64\.tgz'
 sha256sum \$bin/tools\.tar\.gz > \$bin/juju1\.2\.3-raring-amd64\.sha256
 grep '1234' \$bin/juju1\.2\.3-raring-amd64.sha256 \|\| \(echo "Tools checksum mismatch"; exit 1\)
 printf %s '{"version":"1\.2\.3-raring-amd64","url":"http://foo\.com/tools/releases/juju1\.2\.3-raring-amd64\.tgz","sha256":"1234","size":10}' > \$bin/downloaded-tools\.txt
@@ -315,7 +315,7 @@ chown syslog:adm /var/log/juju
 bin='/var/lib/juju/tools/1\.2\.3-quantal-amd64'
 mkdir -p \$bin
 echo 'Fetching tools.*
-curl -sSfw 'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s ' --retry 10 --insecure -o \$bin/tools\.tar\.gz 'https://state-addr\.testing\.invalid:54321/tools/1\.2\.3-quantal-amd64'
+aria2c --max-tries=10 --retry-wait=3 --check-certificate=false -d \$bin -o tools\.tar\.gz 'https://state-addr\.testing\.invalid:54321/tools/1\.2\.3-quantal-amd64'
 sha256sum \$bin/tools\.tar\.gz > \$bin/juju1\.2\.3-quantal-amd64\.sha256
 grep '1234' \$bin/juju1\.2\.3-quantal-amd64.sha256 \|\| \(echo "Tools checksum mismatch"; exit 1\)
 tar zxf \$bin/tools.tar.gz -C \$bin
@@ -404,7 +404,7 @@ start jujud-machine-2-lxc-1
 		},
 		inexactMatch: true,
 		expectScripts: `
-curl -sSfw 'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s ' --retry 10 --insecure -o \$bin/tools\.tar\.gz 'https://state-addr\.testing\.invalid:54321/tools/1\.2\.3-quantal-amd64'
+aria2c --max-tries=10 --retry-wait=3 --check-certificate=false -d \$bin -o tools\.tar\.gz 'https://state-addr\.testing\.invalid:54321/tools/1\.2\.3-quantal-amd64'
 `,
 	}, {
 		// empty contraints.
@@ -543,7 +543,7 @@ func (*cloudinitSuite) TestCloudInit(c *gc.C) {
 		if test.cfg.Config != nil {
 			checkEnvConfig(c, test.cfg.Config, configKeyValues, scripts)
 		}
-		checkPackage(c, configKeyValues, "curl", test.cfg.EnableOSRefreshUpdate)
+		checkPackage(c, configKeyValues, "aria2", test.cfg.EnableOSRefreshUpdate)
 
 		tag := names.NewMachineTag(test.cfg.MachineId).String()
 		acfg := getAgentConfig(c, tag, scripts)
diff --git a/environs/cloudinit/cloudinit_ubuntu.go b/environs/cloudinit/cloudinit_ubuntu.go
@@ -22,9 +22,10 @@ import (
 	"github.com/juju/juju/service/upstart"
 )
 
-const curlCommand = "curl -sSfw " +
-	"'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; " +
-	"size %{size_download} bytes; speed %{speed_download} bytes/s '"
+//const curlCommand = "curl -sSfw " +
+//	"'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; " +
+//	"size %{size_download} bytes; speed %{speed_download} bytes/s '"
+const aria2Command = "aria2c"
 
 type ubuntuConfigure struct {
 	mcfg     *MachineConfig
@@ -156,30 +157,29 @@ func (w *ubuntuConfigure) ConfigureJuju() error {
 		w.conf.AddBinaryFile(path.Join(w.mcfg.jujuTools(), "tools.tar.gz"), []byte(toolsData), 0644)
 	} else {
 		var copyCmd string
-		curlCommand := curlCommand + " --retry 10"
+		aria2Command := aria2Command + " --max-tries=10 --retry-wait=3"
 		if w.mcfg.Bootstrap {
 			if w.mcfg.DisableSSLHostnameVerification {
-				curlCommand += " --insecure"
+				aria2Command += " --check-certificate=false"
 			}
-			copyCmd = fmt.Sprintf("%s -o $bin/tools.tar.gz %s", curlCommand, shquote(w.mcfg.Tools.URL))
+			copyCmd = fmt.Sprintf("%s -d $bin -o tools.tar.gz %s", aria2Command, shquote(w.mcfg.Tools.URL))
 		} else {
-			// Our CA certificates are unusable by curl (invalid subject name),
-			// so we must use --insecure. It doesn't actually matter, because
-			// there is no sensitive information being transmitted and we verify
-			// the tools' hash.
-
-			// TODO(axw) multi-source download. For now we're
-			// just picking the first API server address.
-			apiHostAddrs := w.mcfg.apiHostAddrs()
-
-			// TODO(axw) encode env UUID in URL when EnvironTag
-			// is guaranteed to be available in APIInfo.
-			urlbase := fmt.Sprintf("https://%s", apiHostAddrs[0])
+			var urls []string
+			for _, addr := range w.mcfg.apiHostAddrs() {
+				// TODO(axw) encode env UUID in URL when EnvironTag
+				// is guaranteed to be available in APIInfo.
+				url := fmt.Sprintf("https://%s/tools/%s", addr, w.mcfg.Tools.Version)
+				urls = append(urls, shquote(url))
+			}
 
+			// Our certificates are unusable by aria2c (invalid subject name),
+			// so we must disable certificate validation. It doesn't actually
+			// matter, because there is no sensitive information being transmitted
+			// and we verify the tools' hash after.
 			copyCmd = fmt.Sprintf(
-				"%s --insecure -o $bin/tools.tar.gz %s",
-				curlCommand,
-				shquote(fmt.Sprintf("%s/tools/%s", urlbase, w.mcfg.Tools.Version)),
+				"%s --check-certificate=false -d $bin -o tools.tar.gz %s",
+				aria2Command,
+				strings.Join(urls, " "),
 			)
 		}
 		w.conf.AddRunCmd(cloudinit.LogProgressCmd("Fetching tools: %s", copyCmd))
diff --git a/provider/ec2/local_test.go b/provider/ec2/local_test.go
@@ -287,7 +287,7 @@ func (t *localServerSuite) TestBootstrapInstanceUserDataAndState(c *gc.C) {
 	userDataMap = nil
 	err = goyaml.Unmarshal(userData, &userDataMap)
 	c.Assert(err, gc.IsNil)
-	CheckPackage(c, userDataMap, "curl", true)
+	CheckPackage(c, userDataMap, "aria2", true)
 	CheckPackage(c, userDataMap, "mongodb-server", false)
 	CheckScripts(c, userDataMap, "jujud bootstrap-state", false)
 	CheckScripts(c, userDataMap, "/var/lib/juju/agents/machine-1/agent.conf", true)
diff --git a/state/apiserver/tools_test.go b/state/apiserver/tools_test.go
@@ -210,16 +210,28 @@ func (s *toolsSuite) TestUploadSeriesExpanded(c *gc.C) {
 	}
 }
 
-func (s *toolsSuite) TestDownload(c *gc.C) {
+func (s *toolsSuite) TestDownloadEnvUUIDPath(c *gc.C) {
 	environ, err := s.State.Environment()
 	c.Assert(err, gc.IsNil)
+	s.testDownload(c, environ.UUID())
+}
+
+func (s *toolsSuite) TestDownloadTopLevelPath(c *gc.C) {
+	s.testDownload(c, "")
+}
 
+func (s *toolsSuite) testDownload(c *gc.C, uuid string) {
 	stor := s.Environ.Storage()
 	envtesting.RemoveTools(c, stor)
 	tools := envtesting.AssertUploadFakeToolsVersions(c, stor, version.Current)[0]
 
-	data := s.testDownload(c, tools.Version, environ.UUID())
+	resp, err := s.downloadRequest(c, tools.Version, uuid)
+	c.Assert(err, gc.IsNil)
+	defer resp.Body.Close()
+	data, err := ioutil.ReadAll(resp.Body)
+	c.Assert(err, gc.IsNil)
 	c.Assert(data, gc.HasLen, int(tools.Size))
+
 	hash := sha256.New()
 	hash.Write(data)
 	c.Assert(fmt.Sprintf("%x", hash.Sum(nil)), gc.Equals, tools.SHA256)
@@ -231,16 +243,6 @@ func (s *toolsSuite) TestDownloadRejectsWrongEnvUUIDPath(c *gc.C) {
 	s.assertErrorResponse(c, resp, http.StatusNotFound, `unknown environment: "dead-beef-123456"`)
 }
 
-func (s *toolsSuite) TestDownloadRejectsTopLevelPath(c *gc.C) {
-	url := s.toolsURL(c, "")
-	url.Path = fmt.Sprintf("/tools/%s", version.Current)
-	resp, err := s.sendRequest(c, "", "", "GET", url.String(), "", nil)
-	if resp != nil && resp.Body != nil {
-		resp.Body.Close()
-	}
-	c.Assert(err, gc.NotNil)
-}
-
 func (s *toolsSuite) toolsURL(c *gc.C, query string) *url.URL {
 	uri := s.baseURL(c)
 	uri.Path += "/tools"
@@ -255,18 +257,13 @@ func (s *toolsSuite) toolsURI(c *gc.C, query string) string {
 	return s.toolsURL(c, query).String()
 }
 
-func (s *toolsSuite) testDownload(c *gc.C, version version.Binary, uuid string) []byte {
-	resp, err := s.downloadRequest(c, version, uuid)
-	c.Assert(err, gc.IsNil)
-	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
-	c.Assert(err, gc.IsNil)
-	return data
-}
-
 func (s *toolsSuite) downloadRequest(c *gc.C, version version.Binary, uuid string) (*http.Response, error) {
 	url := s.toolsURL(c, "")
-	url.Path = fmt.Sprintf("/environment/%s/tools/%s", uuid, version)
+	if uuid == "" {
+		url.Path = fmt.Sprintf("/tools/%s", version)
+	} else {
+		url.Path = fmt.Sprintf("/environment/%s/tools/%s", uuid, version)
+	}
 	return s.sendRequest(c, "", "", "GET", url.String(), "", nil)
 }
 
