/srv/irclogs.ubuntu.com/2012/03/07/#juju.txt

=== andrewsmedina_ is now known as andrewsmedina
_mup_	juju/enhanced-relation-spec r20 committed by jim.baker@canonical.com	05:13
_mup_	Address review points	05:13
_mup_	juju/enhanced-relation-spec r21 committed by jim.baker@canonical.com	05:29
_mup_	Remove enhance, important, and flexible word usage	05:29
_mup_	juju/enhanced-relation-spec r22 committed by jim.baker@canonical.com	05:41
_mup_	Clarify relation-info command	05:41
_mup_	juju/force-upgrade r461 committed by kapil.thangavelu@canonical.com	05:59
_mup_	unit agent forced upgrade support	05:59
_mup_	juju/force-upgrade r462 committed by kapil.thangavelu@canonical.com	06:20
_mup_	dont execute upgrade hooks on a forced upgrade	06:20
dylanvee	Hi all, just discovered juju and I think it's really cool. Out of curiosity, could you run juju with a local provider (lxc containers) in production?	07:58
dylanvee	i.e. use the local provider feature but expose the services to the world instead of for development.	07:59
hazmat	dylanvee, its not the intended usage, but sure you could, you'd have to bridge the networking by hand though	08:00
dylanvee	hazmat: Cool. In that sense it seems like a really nice layer on top of lxc, which is what I was looking for	08:01
hazmat	dylanvee, cool, some people use it as a nice layer on top of ec2 ;-)	08:01
dylanvee	hazmat: You could do juju within juju, use it to provision ec2 instances which contain many lxc instances :)	08:02
dylanvee	hazmat: fantastic project though, glad I came across it!	08:02
hazmat	dylanvee, indeed some of the charm testing does just that	08:02
hazmat	er. automated testing that is	08:03
dylanvee	kind of like https://github.com/Atalanta/cucumber-chef	08:03
=== almaisan-away is now known as al-maisan
_mup_	juju/increase-session-timeout r449 committed by kapil.thangavelu@canonical.com	08:38
_mup_	merge trunk	08:38
=== al-maisan is now known as almaisan-away
=== Leseb_ is now known as Leseb
=== almaisan-away is now known as al-maisan
=== marrusl_ is now known as marrusl
jcastro	SpamapS: you going to this? http://charmschoolsv.eventbrite.com/	15:53
jcastro	SAY YES.	15:53
negronjl	jcastro: can you give me the details of the webinar to see if I can check it out as well ?	16:19
SpamapS	jcastro: I am if we can get the travel approved	16:19
negronjl	jcastro: it would be a good idea so i can learn how the masters do the charm school :)	16:19
_mup_	juju/refactor-machine-agent r460 committed by jim.baker@canonical.com	17:10
_mup_	Merged trunk	17:10
_mup_	juju/robust-test-removed-service-unit r460 committed by jim.baker@canonical.com	17:12
_mup_	Merged upstream	17:12
=== al-maisan is now known as almaisan-away
_mup_	Bug #949292 was filed: Redeploying a charm with symbolic links fails <juju:New> < https://launchpad.net/bugs/949292 >	19:03
_mup_	juju/trunk r471 committed by kapil.thangavelu@canonical.com	21:12
_mup_	merge add-maas-provider. New juju machine provider for MaaS [a=allenap,julian-edwards][r=jimbaker,hazmat][f=939552]	21:12
_mup_	juju/upgrade-sym-link r469 committed by kapil.thangavelu@canonical.com	21:15
_mup_	use unqualified relative as well	21:15
_mup_	juju/trunk r472 committed by kapil.thangavelu@canonical.com	21:17
_mup_	merge upgrade-sym-link, remove previous symlink targets before extracting new ones [r=bcsaller][f=941873]	21:17
_mup_	juju/trunk r473 committed by kapil.thangavelu@canonical.com	21:19
_mup_	merge bool-and-validate-defaults. New boolean service config option, service defaults are validated during charm parse [r=bcsaller,jimbaker][f=885551]	21:19
_mup_	juju/deploy-upgrade r459 committed by kapil.thangavelu@canonical.com	21:26
_mup_	remove some debug cruft	21:26
marcoceppi	Sweet, booleans!	21:34
SpamapS	marcoceppi: blimey, NERD ALERT	22:03
dylanvee	How is the stability of juju on 11.10? Ready for production use?	23:38
dylanvee	I noticed in the docs that it might not be, but I wanted to see if that's since changed.	23:39
SpamapS	11.10? No	23:39
SpamapS	dylanvee: the version in 11.10 has a lot of problems. We haven't been able to update it because there is no way to test proposed updates.	23:39
dylanvee	SpamapS: What about older releases?	23:39
SpamapS	dylanvee: the version in precise is much better.. though I still recommend that people use the PPA version for the best results.	23:39
SpamapS	dylanvee: juju did not exist prior to 11.10	23:39
dylanvee	SpamapS: Ah yes, ok.	23:40
SpamapS	well, it existed when 11.04 was released, but not in a very useful form. :)	23:40
SpamapS	dylanvee: only recently the PPA version has gained some nice features, like being able to restart the agents. :)	23:40
dylanvee	SpamapS: I see, thanks :)	23:40
dylanvee	Also, from reading the docs it looks like when an ec2 instance is provisioned lxc containers are used within that to start units, is that correct?	23:41
dylanvee	Previously I had thought that lxc was only for the local mode	23:41
dylanvee	But now I'm interested because I'd like to enforce lxc resource usage limits on my charms	23:41
SpamapS	dylanvee: no thats not done	23:45
SpamapS	dylanvee: there's a thought that we might do that in the future, but right now the complexity of the network configuration would be rather high.	23:45
SpamapS	dylanvee: lxc works inside LXC (In theory) sor you should be able to use LXC freely.	23:46
dylanvee	SpamapS: you mean for the local provider mode?	23:46
SpamapS	dylanvee: though.. with it being the cloud and all.. perhaps just choosing the right instance size is a better option?	23:46
SpamapS	dylanvee: you could use lxc containers in a charm. it shouldn't be a problem.	23:46
dylanvee	SpamapS: My goal is to have kind of an elastic fleet of lxc containers that can run untrusted user code. Juju seems like a possible fit for that	23:47
SpamapS	dylanvee: lxc is no better than chroot for containing untrusted code	23:48
dylanvee	SpamapS: it adds a lot more isolation, no? http://en.wikipedia.org/wiki/Operating_system-level_virtualization#Implementations	23:48
SpamapS	dylanvee: there's a goal to get it better than chroot using a combination of better namespace restrictions on some things, and apparmor. But its not there yet.	23:48
SpamapS	dylanvee: a little bit more isolation, yes. But ultimately, its still vulnerable to most of the same jail breaks as chroot.	23:49
dylanvee	SpamapS: Oh, that's disappointing…I know lxc + chroot are the basis for what Heroku is doing	23:49
SpamapS	dylanvee: they also don't allow the flexibility that juju does.. because they can't if they're going to keep using LXC	23:51
SpamapS	http://www.suse.com/documentation/sles11/singlehtml/lxc_quickstart/lxc_quickstart.html	23:52
SpamapS	"LXC is not secure"	23:52
SpamapS	http://berrange.com/posts/2011/09/27/getting-started-with-lxc-using-libvirt/	23:52
SpamapS	"What you’re gaining here is not security, but a rather way to manage resource utilization of everything spawned from that initial process."	23:52
dylanvee	SpacemapS: Well, to put a finer point on it I wanna host a bunch of ssh accounts that won't stomp all over the machine	23:52
SpamapS	dylanvee: give them all a t1.micro then.	23:53
SpamapS	dylanvee: if you don't trust the user.. you can't trust containers to keep them from abusing the system.	23:53
SpamapS	dylanvee: note that nested KVM is coming. :)	23:53
dylanvee	SpacemapS: I'm definitely considering that, hopefully Amazon is pretty liberal with requests to have more than 20 ec2 instances	23:54
dylanvee	SpacemapS: ooh, i'll have to look into that :)	23:54
SpamapS	So as soon as there is an openstack cloud provider using KVM on precise.. you'll be able to run nested KVM vms inside their instances.	23:54
SpamapS	dylanvee: SpamapS, not SpacemepS	23:54
dylanvee	SpamapS: Sorry haha. Well thank you, I must go but I appreciate your help! :)	23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!