[00:41] SpamapS: hazmat: ^ ? [00:51] lifeless, no [00:51] thanks [00:53] lifeless, the charm/service unit does have a concrete lifecycle though which includes an install phase [00:54] and subordinate charms will allow installation into existing units.. [00:55] hazmat: concrete use case - I want to configure egress firewall rules both on the node and on the network gateway when the node is brought up as a juju node; that is arguably a cloud API, but no clouds I know of (today) support egress fw rules [00:58] lifeless, so two thoughts.. you can manage a firewall within a charm (although as far as local providers with network ns.. i'm not sure about the interaction).. i believe SpamapS had the memcache charm using fw rules to only allow access to related service units. [00:59] right, thats the reverse :) [00:59] this is egress rules, not ingress [00:59] allowing nodes to only start communications that they are meant to be able to. [00:59] ah [00:59] same principle applies though [01:00] in terms of modeling it with a relation, and manipulating the firewall by related units. [01:00] right, though for the on-node rules you need zk to supply its own needed ports. [01:00] unless you mode the zk connection as a relation? Seems a bit black-hole bootstrap to me though. [01:00] yeah.. you have to establish a default for the zk node access for juju to run [01:00] s/mode/model/ [01:00] but you can do that in the charm installation [01:00] install hook [01:01] hazmat: do we have multiple charms on one node yet ? [01:01] or will we have to hack all the charms we use ? [01:01] lifeless, not with isolation, but the subordinate work is testable now from a branch [01:02] hazmat: well, this is about *nodes* - so wouldn't isolation be a problem ? [01:02] true, although i'm curious about the interaction of lxc with firewall manipulation, if it properly only applies to the container network ns. [01:03] if you're creating N networks one per container then yes [01:04] you get a loopback network, bridged internally to the host + NAT rules for outbound stuff [01:04] lxc is leaky in lots of other ways though :) [01:04] indeed === Furao_ is now known as Furao [04:26] <_mup_> txzookeeper/managed-watch-and-ephemeral r48 committed by kapil.foss@gmail.com [04:26] <_mup_> expiration handler integrated with retry client === almaisan-away is now known as al-maisan === fenris is now known as Guest97336 [10:03] Yay I am a frankend0od === d0od_ is now known as d0od === TheMue_ is now known as TheMue === al-maisan is now known as almaisan-away [12:09] d0od: the new OMG charm should be ready today. Which should take care of all the issues we've seen over the past two days. [12:09] \o/ [12:09] Is the site on Smalls now? [12:09] no, it's still on larges [12:09] Ouch! [12:09] $_$ [12:09] won't be moved to smalls until the new charm is ready [12:10] Okay [12:10] Who do I owe money to so far, you or Jorge? [12:10] Talk to Jorge about that [12:11] Ok [12:50] Morning everybody [12:56] d0od: everything still loading "quickly" for you? [14:12] heya jcastro /me returns [14:12] imbrandon, meet marcoceppi [14:12] o/ imbrandon [14:12] * imbrandon waves [14:12] imbrandon, ok so we got him back up but in the charm [14:12] we want to "do it right" [14:12] so marco's pushing up his work [14:12] right on [14:13] and we're having some php/caching issues (marco will explain) [14:13] ok so marco is ... ? owner ? [14:13] so we'd figured you can have a look, and then do some ninja [14:13] ahh php cache issues are my thing :) [14:13] imbrandon: just a charmer [14:13] ahh cool ok :) [14:13] no, he's just another everyday hero. :) [14:13] imbrandon, the idea is to charm up the most slick way to run OMG [14:13] <-- is just a php bender [14:14] and then deploy it [14:14] and then point the elastic IP to the new stuff [14:14] jcastro: point the eip to the elb and have the elb to the charm [14:14] right ? [14:14] right now the site is running fine, but I made a mistake and deployed on xlarges, so the only real rush is my wallet. :) [14:14] we haven't done an elb yet. [14:15] in fact, we'll have to do this twice, once on my account to make sure it's sweet. [14:15] imbrandon: we were using APC + mod_php5 but a bug with the php5 cron and session+fuser was causing some weird child process issues. So I moved them to php-cgi and suPHP since that's what I use on my shared servers and know most intimately. However, suPHP and APC don't play nice. For this charm, suPHP is overkill + 1, fastcgi would be fine but that won't play well with APC either. So I just started [14:15] looking in to php-fpm then you arrived. Tag, you're it :) [14:15] downsizing should be ok, we up and down size boxen all day :) i think our "Drops" are at about 350 instances constantly :) [14:15] and then redeploy to joey's account when we're ready to hand it over to him [14:15] imbrandon, but the idea is to capture all the tweaks in the charm [14:16] jcastro: yup, we call those Drops , play on the drupal name, but they contain all the special sauce and can run on any number of instances [14:16] as one system [14:17] marcoceppi: definatly php-fpm with nginx , actually 2x nginx instances runing [14:17] on the same box [14:17] is the way to go [14:17] with APC , and memcached behind that, then finaly the DB [14:17] 2 nginx services running the same box bound to port 80? or two services, same box, different ports, with a proxy in front? [14:18] 2 ports, php-fpm on a unix socket, and then 8080 for nginx that talks to the php, then the nginx on 80 runinng a microcache AKA varnish killer [14:18] object caching would probably be overkill for this, it's the wp+plugin generation that's killing us, the db is happy as a clam [14:18] ahhh thats easy thats what te first one is for [14:19] and yea we can drop the memcache then [14:19] no worries there [14:19] *nod* [14:19] basicly the nginx on 80 will cache things for 800ms, none the wiser BUT [14:20] that means php will only be hit 1 request per second MAC [14:20] MAX, [14:20] no matter hoiw many visits you get [14:20] and no one knows if their content is 800ms old [14:20] nice? nice .... :) [14:21] imbrandon: I'm in [14:21] the current charm is a few bits behind, it's setup for suPHP at the moment [14:21] ok so this on a 11.10 install ? sorry but we dont use juju so i'm a little blimd to that aspect [14:22] no worries i can wrangle it if you want [14:22] setup of a clean nginx + php-fpm 5.3.10 + apc and other extenstions is the easy part [14:22] :) [14:23] btw you want igbinary in addition to apc [14:23] for binary searialization of sessions and apc data cache [14:23] imbrandon: charms are just bash scripts [14:23] but thats an easy "pecl i igbinary" [14:23] well, these are just bash scripts, charms can be coded in any language [14:24] (or in any language you want!) [14:24] marcoceppi: ahh ok, then i;m down, they are probably very similar to our drops [14:24] hey can we move to #juju-wordpress for now? [14:24] the drop scripts are in python and spin up down instances and control tons of things [14:24] sure [14:24] we can go into more detail there without flooding this channel [14:24] rock [14:38] ec2 is nice and snappy this time of day [14:38] marcoceppi imbrandon jcastro nice job on omgubuntu!! [14:40] m_3: <3 [14:45] imbrandon: note that pecl is vulnerable to man-in-the-middle attacks [14:52] marcoceppi: that php cron bug is fixed in precise btw [14:52] SpamapS: whew, good [14:54] Probably worth SRU to 11.10 [15:12] So, I'm trying to retroactively open a port, jumped in to debug hooks, ran open-port 8080/tcp [15:12] getting an error about juju_agent_socket [15:13] SpamapS, Just a quick ping to let you know that I've updated https://code.launchpad.net/~gmb/charm-tools/add-charm-helpers/+merge/96204 with tests; python-shell-toolbox is available in ppa:yellow/ppa, too. [15:21] how would I determine the "client-id" of an instance? === al-maisan is now known as almaisan-away [15:26] SpamapS, hazmat ^ [15:27] marcoceppi, you mean the instance id of the machine? or the zk 'client-id' for an agent? [15:27] not sure, whichever open-port is expecting: No JUJU_CLIENT_ID/--client_id option found [15:27] I imagine it's zk 'client-id' [15:27] ah.. that's the hook cli api.. [15:28] marcoceppi, so the first window of debug-hooks isn't actually a live environment.. live hook windows will pop in the session as hooks are executed [15:28] ah, and if all the hooks have been executed already? [15:29] marcoceppi, the hook windows have all the nesc. env variables set to use the hook cli api. [15:30] marcoceppi, its not live then.. there's no remote api context attached to the socket.. the value for the cli client id is 'constant' [15:31] Maybe I'm attaching to the wrong socket then. [15:31] rather, maybe I'm asking the wrong question. [15:32] Can you run commands like open-port without performing a charm upgrade? [15:32] marcoceppi, on a live instance outside of a hook, no. [15:33] damnit [15:33] ok [16:00] marcoceppi, one off cli script to open a port on service from the client.. http://paste.ubuntu.com/890841/ [16:01] Oh! this runs from the machine [16:01] marcoceppi, yeah. its run from the client not the env [16:04] example usage hazmat ? [16:05] marcoceppi, its got cli help.. python jport.py -h .. but an example python jport.py myblog 8080 [16:05] you can target individual units or the whole service [16:05] that's what I'm doing wrong, thanks [16:05] or spec udp via 631/udp [16:07] I didn't notice it was missing the hashbang, so ./oneoff wasn't quite working [16:15] is there an api for driving juju with python? [16:25] ninjix, its written in python as a library [16:25] but there is no supported public api from that library [16:26] hazmat: tnx [16:38] negronjl, lynxman, jamespage: all normal ~charmers are smoked today, any of you want to do a review of the incoming openerp charm? [16:38] jcastro: ahh ... I see .. .so we are your Plan B right ? :D [16:38] I'm looking for some documentation covering the workflow of juju's provisioning process when working with orchestra server. [16:38] jcastro: I can review .... .give me a bug # [16:40] https://bugs.launchpad.net/charms/+bug/912050 [16:41] Does juju try to completely reprovision instances via cobbler for each bootstrap? === koolhead17|away is now known as koolhead17 [16:42] https://bugs.launchpad.net/charms/+bug/956259 [16:42] znc is available too if someone wants to snag it [16:43] jcastro: negronjl jumped the shark before I could ;) [16:46] lynxman, znc bro! [16:47] jcastro: no prob hermano ;) [16:50] also I don't know if someone reviewed negronjl's gearman stuff yet [16:54] jcastro: the gearman stuff is not ready to be in the official store yet [16:54] ah ok [16:54] jcastro: Do you have a filter so I can see what needs to be reviewed ( as I get a chance, I can look them over ) [16:55] https://bugs.launchpad.net/charms/+bugs?field.tag=new-charm [16:55] https://bugs.launchpad.net/charms/+bugs?field.tag=new-charm [16:55] ninja'd [16:55] you want NEW and fix committed [16:55] negronjl, flip gearman to incomplete if it's not ready please [16:57] jcastro: changed it to in progress. [16:57] rock [17:01] gmb: *awesome* [17:13] what are the differences between orchestra-juju-available and orchestra-juju-acquired mgmt classes? [17:16] Question: When I try to deploy a service locally, I get "Invalid value for multicast_port: 34569". Does anyone know what causes this? [17:16] I'm fairly certain it was working last week, before a reboot. [17:19] ninjix: its all in the name. :) available means juju isn't using it but you want juju to use it if it needs a machine. acquired means juju has taken control. [17:20] jseutter: update all your charms (if you did a 'charm getall' just do 'charm getall /path/to/charms') [17:20] jseutter: a change landed about 2 weeks ago that is breaking on some older versions of charms. [17:20] SpamapS: got it. thanks [17:22] is Juju or Cobbler responsible for the machine start command? [17:22] ninjix: juju will tell cobbler to power off/on the machine after acquiring it. If you don't have power control, you'll have to manually reboot it. [17:23] SpamapS: so it is up Cobbler to have the correct power mgmt script setup [17:23] ninjix: the power control stuff in cobbler is a bit of black magic (no juju pun intended.. ;) .. so good luck. :) [17:23] :) [17:23] ninjix: we're using it in our test lab constantly. [17:24] looks like the suck in bash scripts from /etc/cobbler/power through Cheetah [17:31] SpamapS: is juju/providers/orchestra the place I should be looking for cobbler control commands? [17:32] ninjix: probably [17:32] ninjix: __init__.py should have a MachineProvider.start_machine() method that will lead you to where the actual code is [17:32] SpamapS: ahh... thank you [17:49] jamespage: ping [17:49] negronjl, hey [17:50] * jamespage reads scrollback [17:52] jamespage: bbcmicrocomputer tells me that you are interested in merging the tomcat6 and tomcat7 charms [17:52] jamespage: I can work that [17:52] negronjl, great - that would be fantastic [17:53] I last touched tomcat7 - I did some work on config management and managing in multicast environments [17:53] jamespage: I saw that. [17:53] jamespage: I'll add some config options to ask which tomcat to deploy and will default to 7. [17:54] negronjl, great - that would be nice [17:54] jamespage: I'll keep you posted [17:54] I think the only diff I could spot was the format of tomcat-users.xmk [17:55] jamespage: shouldn't be that difficult [17:55] nah [17:55] easy peasy [17:56] jamespage: cool. I'll keep you posted [17:56] ta [17:56] bbcmicrocomputer, are you looking at the hive charm? [17:56] jamespage: yeah [17:57] jamespage: I'm somewhat slow atm, but I'm getting there [17:57] bbcmicrocomputer, cool - I'll assign the bug to you so its clear [17:57] jamespage: ok [17:58] bbcmicrocomputer, bug 803531 [17:58] <_mup_> Bug #803531: Charm Needed: Hive < https://launchpad.net/bugs/803531 > [17:58] jcastro thinks its hot [17:58] jamespage: ok, cool [17:59] negronjl, do we still need a pig charm? I've added it as a config option to the new hbase and hadoop charms [17:59] jamespage: no, I don't think we do. [17:59] negronjl, OK - I'll close of the bug report then [17:59] jamespage: thx [18:00] jamespage, anything tagged "hot" is from the original list of "man this would be epic" list. [18:00] no pressure bbcmicrocomputer! [18:01] bbcmicrocomputer: no pressure... jcastro will just hound you every day about it :D [18:01] I am a loud and festive person [18:01] ha ha awesome [18:01] jcastro: you must be puertorrican ( loud ) :) [18:01] I'm just happy to see my name on my first bug [18:01] oh dude, you want more? [18:02] jcastro: ah... [18:02] bbcmicrocomputer: careful with what you ask xD [18:02] jamespage, since I have you here I have a fun request, how's your jetty? And do we have anything using it that serves pages? [18:03] jcastro, its OK - some of the hadoop stuff uses it - what are you looking todo? [18:03] embedded tho so non-obvious [18:08] jcastro, biab [18:08] jamespage, I think it'd be cute to have jetty with it's spdy module turned on serving something [18:08] but to browsers, not internal stuff nothing hits [18:24] robbiew, any updates on osx client? imbrandon's looking to charm but is on OSX [18:24] that guy went silent...so I don't see one coming for 12.04 [18:24] we'll have one for 12.10 [18:26] 12.04/12.10 shouldn't matter to OSX users ;) [18:26] They can just grab bzr and install from trunk. [18:27] * SpamapS wonders if Cobbler would run on OSX [18:29] So, juju deploy, then juju ssh that machine and I get a permission deined. [18:30] I have ssh keys defined in my environment.yaml, and I can juju ssh older machines provisioned [18:33] SpamapS hazmat any opinions :? [18:37] odd [18:38] marcoceppi, can you pastebin the console output from one of the newer machines [18:38] ec2-get-console-output that is [18:38] jcastro: ^^ You've got the AWS account [18:39] jcastro, can you login into the machines with juju ssh [18:39] ok that wants a -k [18:39] not the new ones [18:39] hazmat: neither of us can [18:40] jcastro: weird, I can ssh in to the one you just desployed [18:42] <_mup_> juju/relation-hook-commands-spec r7 committed by jim.baker@canonical.com [18:42] <_mup_> Updated to use new relation id format, added better examples, and worked on some clarification [18:43] jcastro, for one of the problematic instances, getting the output of ec2-get-console-output $instance_id AND ec2-describe-instance-attribute --user-data $instance_id should be helpful [18:43] ok so I don't know what to put after the -k for those commands [18:44] -K is the aws_secret_key [18:45] -C is the .pem cert [18:45] ah ok [18:45] but we don't use .pem certs [18:45] so not sure about that [18:45] i-97fc86f3 [18:45] <_mup_> juju/relation-info-command-spec r7 committed by jim.baker@canonical.com [18:45] <_mup_> Updated to use new relation id format and added back bug reference [18:45] that's a troublesome instance id [18:48] does juju put pems someplace? [18:48] I only have my AWS secret key [18:49] also, we could just redeploy a new environment right? [18:49] not sure, but more information. I just did a destroy-service for the stackmobile charm, got this: [18:49] 2012-03-19 14:48:19,365 ERROR no node [18:49] I wonder if I'm missing something on this computer [19:00] jcastro: forget pems :) [19:01] jcastro: I put my aws creds in shell files [19:01] yeah so, I have no idea how to use AWS without juju [19:01] awesome :) [19:01] the concept of using AWS without juju was never an option for me, I am the new new devop. :p [19:01] jcastro: access-key should be in EC2_ACCESS_KEY and secret-key in EC2_SECRET_KEY [19:02] (seriously using it via juju was my first introduction) [19:02] ok [19:02] jcastro: also, use euca-* instead of ec2-* .. they're written in python instead of java, so they start up about 2-3s faster. :) [19:04] SpamapS, and for EC2_URL? [19:05] jcastro: "https://ec2.amazonaws.com" [19:05] ok all set [19:06] ok so now what I need to do to get hazmat what he needs [19:07] jcastro: euca-get-console-output i-xxxxxx [19:08] * SpamapS goes to lunch [19:08] hazmat, http://paste.ubuntu.com/891103/ [19:09] hah man, what if it's that apt/ec2 mirror bug [19:09] * jcastro assumes it stopped at the Get: [19:09] jcastro, that's not the whole console output [19:10] i've run it a few times and that's all I get [19:13] jcastro: I'm about to deploy to a new machine [19:13] if you wnant to try against that one [19:13] jcastro: no it takes a few minutes [19:13] jcastro: its very lazy in updating [19:13] SpamapS: Thanks. I now get a different error: "Invalid value for force_https: False". Any ideas? [19:13] ok [19:13] jcastro: though I'd expect it to be up to date within 5 minutes [19:14] jseutter: more charms that are out of date. :-/ [19:14] hazmat: ^^ [19:14] hazmat: any news on that fix? [19:14] hazmat: I saw a merge proposal.. would it help if I review it? [19:14] SpamapS, definitely [19:14] jseutter: getall might not have worked. If you have a recent version of charm-tools, try 'charm update --fix path/to/charms [19:14] hazmat: ok, will do after lunch [19:16] SpamapS: nod. Trying update without the --fix as my client must be too old for it [19:16] jseutter: should be in the PPA [19:16] nope, no luck. [19:16] hmm actually looks like the PPA build isn't picking it up [19:17] ok got it hazmat http://paste.ubuntu.com/891125/ [19:18] jcastro: halted? [19:19] juju-machine-agent start/running, process 4432 [19:19] thats a normal start... hrm [19:19] Could it be something with my config? [19:19] If jcastro launches a service, I can ssh to it [19:19] If I deploy I can't and he can't [19:20] diff your environments.yaml [19:20] could be something out of sync there [19:20] like, perhaps, ssh-authorized-keys ;) [19:20] do they need to be exactly the same? or just the specific stanza? [19:20] I'd recommend them to be exactly the same at least for that one environment [19:20] hmm, but this was working fine [19:21] odd [19:21] jcastro: I am on a different machine now [19:21] also same juju versions? [19:21] was on laptop, now at work desktop in the office [19:21] aha! [19:21] want me to resend it? [19:21] jcastro: I copied it from my laptop [19:21] dpkg -l juju [19:21] FUUUUUUU [19:21] FUUUUUUU [19:23] http://cdn.memegenerator.net/instances/400x/16609403.jpg [19:23] hahaha [19:24] I had a slightly older version of juju, testing. [19:24] jcastro, can you pastebin ec2-describe-instance-attribute --user-data $instance_id [19:25] oh.. client drift [19:25] not sure if that was the problem, but it could be [19:25] http://cdn.memegenerator.net/instances/400x/16609550.jpg [19:25] <3 [19:25] DIDN'T FIX :( [19:26] jcastro: i-e34a0f87 is the lastest instance id with this issue [19:26] I'd be interested in seeing the userdata for a working and non-working instance too [19:26] does ec2-blah look for different EC2 creds than the variables I set? [19:26] * SpamapS is about to pass out from starvation [19:26] * SpamapS needs food.. BADLY [19:27] * SpamapS shot the food [19:30] no changes between stanzas [19:32] dang this is getting really annoying [19:39] <_mup_> juju/status-changes r482 committed by kapil.thangavelu@canonical.com [19:39] <_mup_> all unit/machine agent states reported in key 'agent-state' [19:41] marcoceppi, how about just relaunching a new environment? [19:41] jcastro: we'd have to destroy the current env, which would mean no more omgubuntu [19:41] wait huh? [19:42] you talking about destroy-environment? [19:42] no [19:42] just creating a new one [19:42] and just "juju -enewthing deploy blah" [19:42] we can do that right? [19:42] Oh, like we talked about last night? [19:42] nod [19:42] yeah, we can try that [19:44] ok so maybe create a new one, but have hazmat and spamaps in there too [19:44] <_mup_> juju/status-changes r483 committed by kapil.thangavelu@canonical.com [19:44] <_mup_> all unit/machine agent states reported in key 'agent-state' [19:46] oi.. a clone env command sounds like fun [19:46] hazmat: that would be sweet [19:46] actually, hazmat, anything bad that might happen if we change the control-bucket and re-bootstrap an already "bootstrapped" aws account? [19:47] marcoceppi, ever seen ghost busters.. don't cross the streams ;-) [19:47] marcoceppi, if you change the control-bucket your changing the identity for all intents and purposes [19:48] so..that's a don't go there? I mean, the crossed the streams and took out the marshmellow man. [19:48] that was a good thing :) [19:48] Alright, this bucket is TOAST. [19:48] currently juju does environment identity by env name + control bucket data, changing those effectively orphan an existing an environment [19:48] so, what I've done is copied the stanza and made omgthisisreal with a different control bucket [19:48] so the old stanza is still there [19:49] and switching to an existing one, that's already bootstrapped.. and then bootstrapping again, it should error at you that the env is already bootstrapped. [19:50] darn [19:50] jcastro: We can just launch smalls on my AWS instead [19:50] nbd [19:50] hazmat, right so my concern is the current setup has the live site [19:50] indeed [19:50] marcoceppi, wait one, let me ask about reimbursement [19:50] *shrug* k [19:51] you've done enough work for the past 3 days, $ is where I draw the line. :) [19:52] oh hey, would generating a new pair work? [19:53] like just generating a new pair of access creds for AWS? [19:55] <_mup_> juju/status-changes r483 committed by kapil.thangavelu@canonical.com [19:55] <_mup_> hyphenate unit agent error states [19:57] hazmat, would that work? [19:58] jcastro, ECONTEXT, you mean giving out an IAM/subaccount off AWS? [19:58] or you mean getting access to the instances that are running that are not shell accessible? [19:58] yeah, if I generate a new access and private key to marco [19:58] and he puts that in his environments.yaml, and then bootstraps [19:58] jcastro, yeah.. that's viable [19:58] he can do what he needs without colliding with the existing running thing? [20:01] jcastro, as long as its a separate env yes [20:01] time to pick up the kido from day care, bbiab [20:09] SpamapS: can juju ask cobbler to provision more available instances? [20:10] looking at the cobbler.py, I only see functions that use only what cobbler has provisioned [20:55] ninjix: not sure I fully understand the question. Cobbler is for provisioning servers.. [20:55] ninjix: it can treat VMs like servers.. but.. if you want to create new VM's, thats more koan's territory [21:00] SpamapS: i see. [21:01] * SpamapS reads backscroll with agony [21:01] marcoceppi: I think hazmat may have misunderstood your question [21:01] jcastro: ^^ [21:02] If you guys want to use the same AWS account, but with a new environment.. just create a new environment name, with a diffeent control bucket. That is all. [21:02] * hazmat back tracks [21:02] sweet [21:02] oh.. yeah.. totally [21:03] i thought it was switching a bootstrapped env bucket to another bootstrapped env bucket, thus losing the original in the process [21:03] Yeah I know [21:03] No they're just making a new env [21:05] I'd also recommend setting your default environment to the non-production one...so if you forget to use "-e", you don't hose the production deployment [21:05] * robbiew learned that the hard way...lol [21:06] YES [21:06] <_mup_> juju/juju-status-changes-spec r7 committed by jim.baker@canonical.com [21:06] <_mup_> Addressed review points, along with an expanded example [21:06] in fact, I was thinking the other day that production envs should be named impossible to type things like x848310f0f0assdf9a9sf-dont-delete-me [21:06] heh [21:07] SpamapS: and you have to enter it in reverse so no c/p [21:08] and the terminal has to be in Cyrillic to read it [21:08]