/srv/irclogs.ubuntu.com/2012/10/03/#juju-dev.txt

niemeyerdavecheney: Quite possibly.. config needs love00:14
davecheneyniemeyer: basically it looks like the config-get command is returning null to the hook00:17
davecheneynot the default value00:17
davecheneylooking at the tests in cmd/jujuc/server/config-get_test.go00:17
davecheneyit looks like that is the cause00:17
davecheneyie, none of the default options in the dummy charm are being reported by config-get00:17
niemeyerdavecheney: It's state that needs to change, both to support multiple charms and to integrate default handling00:17
niemeyerdavecheney: jujuc is merely reporting what it finds00:17
davecheneyriiiiiiiiiigh00:18
davecheneybut isn't that logic in the charm package ?00:18
* davecheney raises an issue00:18
niemeyerdavecheney: No, the charm package manages charm bundles, directories, etc, and reports the defaults in the charm itself correctly00:19
niemeyerdavecheney: But state needs to incorporate those details00:19
davecheneyright00:19
davecheneyis there an issue reported for this already ?00:19
davecheneyhttps://bugs.launchpad.net/juju-core/+bug/106053700:22
davecheney^ will close if it is a duplicate00:22
davecheneyniemeyer: sorry to keep asking about this00:26
davecheneybut are you sure this is a problem in the state package00:26
davecheneylooking at state/charm.go, it imports charm, an includes a *charm.Config in the document00:26
niemeyerdavecheney: Look at Service.Config00:27
davecheneyniemeyer: thank you00:27
niemeyerdavecheney: np00:27
davecheneyniemeyer: ah, right00:28
davecheneyit just returns a *state.ConfigNode with no consideration for any defaults provided by the charm00:28
davecheneyniemeyer: cmd/juju/get.go:end00:30
davecheneyif this logic is correct, should I move it into state ?00:30
niemeyerdavecheney: We should implement this together with the multi-config handling that we talked about in the sprint00:31
niemeyerdavecheney: Since this will mean we'll have the charm at hand, among other things00:31
davecheneyyou will have to refresh my memory00:32
davecheneyor, if others understand this better, i will move on to something else00:32
niemeyerdavecheney: There's some coverage of the problem in the list IIRC00:33
davecheneyok, will re-read the archive00:33
niemeyerdavecheney: I thought you had talked to William during the sprint about this as well00:34
davecheneyyes, but it is not ringing any bells00:34
davecheneypossibly i have a different name for the problem00:34
niemeyerdavecheney: Okay, there was some misscommunication then.. this is what I've been asking you about for the past couple of weeks whenever I ask "How is the config stuff going" :)00:35
davecheneydefinitly a misscommunication00:37
davecheneyi was working on the user side juju get00:37
niemeyerdavecheney: Cool, no worries00:37
niemeyerdavecheney: The basic idea, as you can dig in the archives for background, is that when we upgrade, the configuration has to be upgraded as well00:38
davecheneyright, yes, https://lists.ubuntu.com/archives/juju-dev/2012-September/000195.html00:38
niemeyerdavecheney: Because the new charm may have different options00:38
davecheneyincompatible charm upgrades00:38
niemeyerdavecheney: Then, we have an issue: what do we do during the upgrade00:39
niemeyerdavecheney: This isn't an atomic operation.. old charms cannot deal with new config00:40
niemeyerdavecheney: new charms cannot deal with old config00:40
niemeyerdavecheney: and they're both running00:40
niemeyerdavechen1y: Makes sense?01:40
davechen1yniemeyer: yes, i think i understand the problem01:42
davechen1ybut the solution looks compilcated01:42
niemeyerdavechen1y: Yeah, it requires some consideration indeed01:50
niemeyerdavechen1y: I suggest just leaving it aside for the moment then, and continuing the good progress01:50
davechen1yniemeyer: understood01:51
niemeyerdavechen1y: It'll probably require more synchronization than we'll have available in the next couple of weeks due to the timezone differences, so it seems to make more sense for you to focus on tasks you're comfortable with the approach and direction01:52
davechen1yyes, i agree01:53
davechen1yi don't want to tackle that01:53
davechen1yyou and william are in the best position to handle it01:53
niemeyerdavechen1y: Alright, time for some sleep.. have a good day there02:12
davecheney:13507:02
Arammoin.09:14
davecheneyrogpeppe: https://codereview.appspot.com/6598052/09:24
davecheneyLGTM09:24
davecheneyi've been using it all day, and no charms have barfed on it09:25
rogpeppedavecheney: cool, thanks. i wanted an extra look because i made some significant changes after your previous review09:25
rogpeppedavecheney: i was kinda hoping for a review from niemeyer, but i think i'll submit anyway09:25
rogpeppedavecheney: i'm not too happy about the difference between -u=foo and --u=foo but that's GNU flags for ya09:26
davecheneyrogpeppe: what is the difference between -u=foo and --u=foo ?09:29
davecheneymaybe i'm a bsd zealot, but -u=foo isn't a valid syntax09:29
rogpeppedavecheney: it is09:29
davecheneyalthough I realise that plan9/flag treat them as identical09:29
rogpeppedavecheney: -u associates the value "=foo" with the u flag09:29
davecheneyahhm yes09:29
rogpeppedavecheney: --u associates the value "foo"09:29
davecheneydont you also introduce things like09:30
davecheney-flag=509:30
davecheneywhich is -f -l -a -g=509:30
rogpeppedavecheney: yeah, that works09:30
davecheneyand also09:30
davecheney-uwang09:30
rogpeppedavecheney: that works too09:31
davecheneywhich could be -u -w -a -n -g, and also -u => wang09:31
davecheneythis shit is cazy09:31
rogpeppedavecheney: yeah, you can't tell without looking at the flag09:31
rogpeppedavecheney: it's a real pity that flag parsing is context-sensitive09:31
rogpeppedavecheney: (that's true for go's flag syntax too, of course)09:31
davecheneyrogpeppe: if you are happy with what exists now, then i'd +1 for comitting it now so I can hammer on folks to go get -u their installs09:32
davecheneywe're at the point that if you squint, the mysql gem is usable09:33
rogpeppedavecheney: FWIW plan 9's flag package didn't allow multi-letter flags at all...09:33
rogpeppedavecheney: cool!09:33
rogpeppedavecheney:  ok, will submit09:33
rogpeppedavecheney: gustavo can moan later if he wants09:33
Aramyeah, I very much disklike multi letter flags.09:33
rogpeppeAram: i'm not sure.09:34
rogpeppeAram: it depends how many flags you've got09:34
rogpeppeAram: i very much dislike unix-style commands that have many single-letter flags09:35
rogpeppeAram: of course, i've got used to ls by now :-)09:35
davecheneyrogpeppe: Aram it is what it is, whatever the charms expect, we have to support09:35
AramI dislike commands that have too many flags as well.09:35
rogpeppedavecheney: submitted09:35
davecheneybam!09:35
Aramdavecheney: of course.09:35
davecheneyAram: but i share your feelings09:36
davecheneypython commands tend to be very verbose in their input09:36
rogpeppedavecheney: did you get a t-shirt?09:37
davecheneyrogpeppe: i did indeed09:38
davecheneya lovely green one09:38
rogpeppedavecheney: me too. very tasteful.09:38
davecheneyi think you've seen niemeyer model it09:38
davecheneyw00t09:38
rogpeppedavecheney: ah, you're right. i thought i'd seen it before.09:39
davecheneycoming to a google io near you09:39
Aramwhere do you get these tshirts?09:40
davecheneyAram: i think adg sent them09:43
davecheneya long time ago, back in march from memory, they asked for a shipping address09:43
davecheneyunless this was an unrelated act of generosity09:43
Aramsend to whom? to an elite cabal? :)09:43
davecheneyAram: i don't know who was on the list, i'll find out09:44
Aramheh, Microsoft released the source of the Z3 theorem prover under a license that can be characterized as: "We couldn't figure out how to make money with it, but if you do, give it to me."09:46
davecheneyAram: rofl09:48
davecheneythe 'come in spinner' licence09:48
rogpeppeAram, fwereade: how important do you think it is that state.Initialize is idempotent?11:06
fwereaderogpeppe, I think it's important but my only strong motivation is an obscure sense of aesthetics11:06
rogpeppeAram, fwereade: 'cos the changes i'm making will mean that the second time you call it, it will give an error11:06
fwereaderogpeppe, that sounds fine too, at least it's explicit :)11:07
rogpeppefwereade: cool11:07
davecheneyrogpeppe: tell me more about this11:07
davecheneywe do have explicit tests that assert that this is ok11:07
davecheneyhowever I can't think of a real world case where this wouldn't be an error11:07
rogpeppedavecheney: we're going to run mongodb in auth mode11:07
rogpeppedavecheney: Initialize is responsible for setting up the first user (admin)11:07
davecheneyi think the 'it's ok to double init' logic was part of the 'wait for init' logic11:08
davecheneywhich probably makes little sense11:08
rogpeppedavecheney: subsequent connections will need to provide authorization11:08
davecheneyrogpeppe: right, so first in sets the key11:08
rogpeppedavecheney: so if you call Initialize twice, the second call won't have the correct authorization info, so it'll fail11:08
rogpeppedavecheney: yeah11:08
davecheneyafter that it's password or GTFO11:08
rogpeppedavecheney: yup11:08
davecheneyi think that is a reasonable restriction11:08
davecheney+111:08
rogpeppedavecheney: cool11:08
davecheneyurgh - i just ended up writing a test harness for ssh by hand11:09
davecheneyhttp://codereview.appspot.com/6601043/11:09
davecheneykind wish we had gocheck for go.crypto packages11:09
davecheney/s/ssh/sshd11:09
davecheneycertainly {SetUp,TearDown}Test11:10
rogpeppedavecheney: i don't really understand why sshtest is a package. it doesn't seem to export any symbols.11:13
davecheneyi want the func tests to be in another packaged11:14
davecheneybecause, honestly, they are going to fail more often11:14
davecheneybecause of various environmental issues11:14
rogpeppedavecheney: won't they be run exactly as often because people will always do test ./... ?11:15
davecheneyit's mainly for the builders11:16
davecheneyyou make a good point that it is uncommon to split tests across two packages11:16
rogpeppedavecheney: it seems odd to me, tbh11:17
davecheneyrogpeppe: noted11:17
rogpeppedavecheney: at the very least there should be a package comment that says "this package consists of tests only"11:18
rogpeppedavecheney: and i think there's no point in having non-test files. they're just confusing. i looked for a while to try to find what the package was about.11:19
davecheneyrogpeppe: good call11:19
davecheneyi will make that change11:19
Aramrogpeppe: I don't care if state.Initialize is idempotent. I wish it would be, but I wouldn'd mind if it is not.11:22
rogpeppeAram: i don't see any situation in which we want to call Initialize twice on the same mongo (apart from if we've reset everything in tests)11:23
niemeyerMorning all!12:55
fwereadeniemeyer, heyhey12:59
andrewsmedinaniemeyer: morning :D13:02
niemeyerfwereade, andrewsmedina: Heyas13:03
rogpeppeniemeyer: yo!13:07
rogpeppeniemeyer: new SetAdminPassword CL: https://codereview.appspot.com/6586070/13:08
niemeyerrogpeppe: Heya13:08
niemeyerrogpeppe: Sent a review13:22
rogpeppeniemeyer: thanks13:22
niemeyerrogpeppe: np13:23
rogpeppeniemeyer: s.State.Service won't work as a check because s.State now has admin perms. but i guess if i did the SetAdminPassword in a different connection, that might work.13:25
rogpeppeniemeyer: alternatively, perhaps i could produce a better error message from state.Open13:25
rogpeppeniemeyer: that depends on the mgo errors though13:25
niemeyerrogpeppe: We can just try to talk to the database then.. I think s.Session will not be authenticated13:27
rogpeppeniemeyer: yeah, that'll probably work.13:28
niemeyerrogpeppe: Otherwise, hmm13:28
niemeyerrogpeppe: It actually sounds like a good idea to have a sane user message in the open case13:28
niemeyerrogpeppe: Since that's really what people will see13:28
rogpeppeniemeyer: that's what i thought.13:29
rogpeppeniemeyer: it depends if there's a reproducible error code though13:29
niemeyerrogpeppe: We can do that without introducing new logic13:29
rogpeppeniemeyer: yeah, i'd look at the Code in the error returned from the same operation13:29
niemeyerrogpeppe: Cool.. I don't recall what the code is, but hopefully there is a well defined on13:30
niemeyere13:30
rogpeppeniemeyer: i'll have a look. this page is not great: http://www.mongodb.org/display/DOCS/Error+Codes13:30
niemeyerrogpeppe: Easiest is to simply enable mgo debugging while running that test13:32
niemeyerrogpeppe: Or just print out the error, realy13:32
niemeyerreally13:32
rogpeppeniemeyer: i was gonna print the error %#v13:32
rogpeppeniemeyer: done. https://codereview.appspot.com/658607013:44
niemeyerrogpepper: Sorry, forgot to ping back.. that's ready13:58
niemeyerHmm.. getting spam from the Corinthia hotel in Lisbon.. how unfortunate13:59
niemeyerAram: Watcher is so much better, thank you14:21
Aramniemeyer: thanks.14:21
Aramindeed it is14:21
AramI'm doing the SUW now14:21
Aramand SRW afterwards14:22
rogpeppeniemeyer: i think we might need two admin accounts14:42
rogpeppes/accounts/users/14:42
rogpeppeniemeyer: because there's a difficulty with our proposed method of sending the hash of the password - the remote side never gets to know the actual admin secret14:43
niemeyerrogpeppe: In a call, but will be with you in a moment14:44
rogpeppeniemeyer: np14:44
niemeyerrogpeppe: SO15:15
rogpeppeniemeyer: SO15:15
niemeyer:)15:15
rogpeppeniemeyer: i have a possible solution15:16
niemeyerrogpeppe: I suspect we can handle that nicely by setting the password on the first connection, as we vaguely alluded to yesterday15:16
rogpeppeniemeyer: once we've done that, how does the server side connect to the state?15:16
rogpeppeniemeyer: (it doesn't know the admin secret)15:16
niemeyerrogpeppe: And it shouldn't, I believe15:17
rogpeppeniemeyer: indeed15:17
rogpeppeniemeyer: so the question remains15:17
niemeyerrogpeppe: That's the case we covered before we went into the admin password15:17
rogpeppeniemeyer: to put it more clearly, perhaps: when the bootstrap machine reboots, what password does the PA use to reconnect to the state?15:19
niemeyerrogpeppe: The machine agent should use the machine password15:19
rogpeppeniemeyer: ah, ok, so nothing on the bootstrap machine needs access to admin privileges15:20
rogpeppeniemeyer: that makes sense.15:20
niemeyerrogpeppe: Yes, its password should give access to everything it needs15:21
rogpeppeniemeyer: so... how would you feel about jujud bootstrap-state being responsible for starting the initial machine agent?15:21
niemeyerrogpeppe: Of course, nowadays that's all mostly silly since passwords give access to the whole database, but once we front the API with a server, we'll be able to cut down privileges15:21
rogpeppeniemeyer: it's not *that* silly - the admin account does have more privileges than most15:22
niemeyerrogpeppe: I'd feel like that's unnecessary and redundant.. we have to handle the case of a machine getting its password anyway15:22
rogpeppeniemeyer: yes, but someone has to create the password for the new machine15:22
rogpeppeniemeyer: and i think that should probably be bootstrap-state15:23
niemeyerrogpeppe: Yes, that's a good task for bootstrap-state..15:23
niemeyerrogpeppe: After all, it creates the machine in the first place15:23
rogpeppeniemeyer: so if bootstrap-state is writing stuff specifically for the machine agent, it would seem reasonable for it to actually start the agent too15:24
rogpeppeniemeyer: so we haven't got too much action-at-a-distance going on15:24
niemeyerrogpeppe: Don't see the leap15:26
niemeyerrogpeppe: bootstrap-state has to create a machine and set its password, because it's bootstrapping15:26
niemeyerrogpeppe: Every single time a machine is started, we need to run the machine agent.. that's not special15:26
niemeyerrogpeppe: No reason to put special code inside the bootstrap-state command to do things that are common15:27
rogpeppeniemeyer: it has to do more than set its password - it has to write a file containing the machine agent's password to disk, i think15:27
niemeyerrogpeppe: I don't think so.. the machine agent itself can write its own file to disk15:27
rogpeppeniemeyer: how does the machine agent find out its own password?15:27
niemeyerrogpeppe: Like it generally would anyway15:27
niemeyerrogpeppe: How will it find its own password when we're creating a machine that is not the bootstrap machine?15:28
rogpeppeniemeyer: the PA writes a cloudinit that creates the file holding a random password15:29
niemeyerrogpeppe: Why are we creating a file?15:29
rogpeppeniemeyer: because want the MA to be able to restart and find its key again15:30
rogpeppeniemeyer: and we don't want the key in the upstart file15:30
niemeyerrogpeppe: The machine agent itself can create its own file15:30
niemeyerrogpeppe: Why not?15:30
rogpeppeniemeyer: i guess it's no harm. i was thinking that we didn't want to have the client create the initial MA key, but perhaps it's ok. we're actually only vulnerable if we run units on the bootstrap machine, which we can't do until the MA has changed its password and started work.15:33
niemeyerrogpeppe: Exactly15:33
rogpeppeniemeyer: so we pass the initial password as a flag to the MA, which is ignored if the key file already exists.15:33
niemeyerrogpeppe: and we need to hand off the password anyway in the general case, since otherwise the machine won15:34
niemeyer't be able to talk back15:34
niemeyerrogpeppe: Yeah, --initial-password15:34
niemeyerrogpeppe: So explicitly something that won't be around for long15:34
rogpeppeniemeyer: i'm thinking there's no point in doing the two-stage thing for unit agents, but what do you think?15:35
niemeyerrogpeppe: I think it wouldn't hurt to do the same mechanism, and may have relevant semantics in specific cases15:36
rogpeppeniemeyer: ok15:36
niemeyerrogpeppe: For example, it means the principal unit loses access to the subordinate unit after it's started15:36
rogpeppeniemeyer: interesting point, yes15:36
rogpeppeniemeyer: although i'm not sure you lose access to a connection if its password is changed.15:37
niemeyerrogpeppe: This aspect will only be relevant once we have a frontend API instead of direct connection to the database.. right now the passwords will be interchangeable15:39
rogpeppeniemeyer: here's a sketch of my understanding of this: http://paste.ubuntu.com/1258227/15:42
niemeyerrogpeppe: On bootstrap-state, I suppose we should set the admin password first thing15:43
niemeyerrogpeppe: What's pbkdf and what's the benefit of using it?15:44
rogpeppeniemeyer: http://go.pkgdoc.org/code.google.com/p/go.crypto/pbkdf215:46
niemeyerrogpeppe: 2) I think we only need one initial password to bootstrap-state and the machine agent15:46
rogpeppeniemeyer: i'm not sure that works15:46
rogpeppeniemeyer: the benefit of using pbkdf2 is that noone can crack the password even if they've got access to the cloudinit file15:47
rogpeppeniemeyer: ha, yeah, maybe you're right about needing only one password15:48
niemeyerrogpeppe: You mean it'll be more expensive to crack, okay15:50
rogpeppeniemeyer: yeah, like unfeasible expensive, i believe15:50
niemeyerrogpeppe: You're slowing down the cost count-times, specifically.. that's different from infeasible15:51
rogpeppeniemeyer: yeah. but if the cost count times are slowed down enough (imagine 1 second per test) it becomes infeasible for the indefinite future.15:52
rogpeppeniemeyer: well, ok 5 years :-)15:52
niemeyerrogpeppe: Cool, +115:53
rogpeppeniemeyer: cool15:53
rogpeppeniemeyer: this is my latest version of the sketch: http://paste.ubuntu.com/1258245/15:54
niemeyerrogpeppe: Let's embed the function instead of importing the package15:54
rogpeppeniemeyer: why not import the package? it's supported by the core Go team15:54
niemeyerrogpeppe: Because it means another external import and repository in exchange for 25 lines of code15:55
rogpeppeniemeyer: ok. how about launchpad.net/juju-core/go.crypto/pbkdf2 ?15:56
rogpeppeniemeyer: so the origin is obvious15:56
rogpeppeniemeyer: and we can easily import other packages from go.crypto as necessary15:56
niemeyerrogpeppe: juju-core/thirdparty/pbkdf2?15:57
niemeyerrogpeppe: If we start to depend on more stuff from go.crypto, that'd justify using the external package itself15:57
rogpeppeniemeyer: i'd prefer to keep go.crypto in the path (particular as pbkdf2 is such a non-obvious name)15:58
rogpeppeniemeyer: but i don't feel too strongly15:58
niemeyerrogpeppe: There's content inside it indicating its origin15:58
rogpeppeniemeyer: ok15:58
niemeyerrogpeppe: That also defines the pattern.. if have other similar needs, or depend on poorly maintained external packages, we just stick them in there15:59
niemeyerif we15:59
rogpeppeniemeyer: how about we put a comment at the top of the file // Original at code.google.com/p/go.crypto/pbkdf216:00
rogpeppe?16:00
niemeyerrogpeppe: +116:00
rogpeppeniemeyer: so, does my final version of the sketch LGTY?16:01
niemeyerrogpeppe: Sorry, haven't seen it..16:01
* niemeyer looks16:01
niemeyer<niemeyer> rogpeppe: On bootstrap-state, I suppose we should set the admin password first thing16:01
niemeyerrogpeppe: ?16:01
rogpeppeniemeyer: i think it's good to set the admin password as the last thing actually16:02
rogpeppeniemeyer: so that people can't connect until we've set up all the state we want to16:02
rogpeppeniemeyer: it gives us an atomic initialize again, without needing to try16:03
niemeyerrogpeppe: That's why I think we should set it first.. ?16:03
niemeyerrogpeppe: Ah, no, I see..16:03
niemeyerrogpeppe: Sounds good16:04
rogpeppeniemeyer: cool.16:04
rogpeppeniemeyer: anything else?16:04
niemeyerrogpeppe: Yeah, we'll need to retry on unauth, I suppose16:05
rogpeppeniemeyer: i don't think you can connect at all until SetAdminPassword is called16:06
niemeyerrogpeppe: Have you tested that?16:06
rogpeppeniemeyer: yeah, although not formally16:06
niemeyerrogpeppe: Formally!? :-)16:07
rogpeppeniemeyer: i didn't write a test for it16:07
niemeyerrogpeppe: Have you run mongo with auth and tried to connect?16:07
rogpeppeniemeyer: yes16:07
niemeyerrogpeppe: Okay16:07
niemeyerrogpeppe: What happens?16:07
rogpeppeniemeyer: i got connection refused forever16:07
rogpeppeniemeyer: well, for 10 minutes until the connect timed out16:08
rogpeppeniemeyer: i was wondering about the other way around actually: does mongodb connect fail immediately if it gets an unauth error?16:08
niemeyerrogpeppe: Interesting.. just did a trivial test and it connects fine..16:09
rogpeppeniemeyer: we don't want the first connection to take 10 minutes because it's constantly retrying after it's been told it's unauthorized16:09
rogpeppeniemeyer: from another machine?16:09
niemeyerrogpeppe: and it says it's unauthorized16:09
niemeyer        "$err" : "unauthorized db:test ns:test.test lock type:0 client:192.168.157.104",16:10
rogpeppeniemeyer: that *was* from a different machine, right?16:10
rogpeppeniemeyer: maybe my diagnosis of the failure before was wrong.16:10
niemeyerrogpeppe: If I connected to the local address, it would work, no?16:11
rogpeppeniemeyer: the auth access is based on your source address, i believe16:11
rogpeppeniemeyer: but, yeah, i'd expect it to fail if you connected to 192.168... rather than 127.116:12
niemeyerrogpeppe: It doesn't fail, and you get an unauthorized16:13
rogpeppeniemeyer: hmm, i wonder what was going on in my failed test then16:13
niemeyerrogpeppe: Were you testing on EC2?16:14
rogpeppeniemeyer: yes.16:14
rogpeppeniemeyer: i was just running the usual ec2 live tests16:14
niemeyerrogpeppe: Did you open the security group port?16:14
rogpeppeniemeyer: i removed the --auth flag from environs/cloudinit and the live tests worked fine16:15
niemeyerrogpeppe: Sorry, I don't see how that's related to the issue16:16
niemeyerrogpeppe: live tests work fine if you remove --auth, because they currently work fine.. (?)16:16
rogpeppeniemeyer: sure. but adding --auth made the tests hang for 10 minutes trying to connect16:17
rogpeppeniemeyer: it didn't fail immediately with an unauth error16:17
niemeyerrogpeppe: If you want to test the behavior of --auth, just fire a mongodb and try to connect to it.. inferring behavior because live tests broke anyhow isn't a good way to verify behavior16:17
rogpeppeniemeyer: true nuff16:18
rogpeppeniemeyer: i'll bootstrap an instance and play with it16:18
niemeyerrogpeppe: I can test this as easily as running mongod, and trying to connect to the machine ip16:19
niemeyerrogpeppe: (the machine ip, no 127.0.0.1)16:19
rogpeppeniemeyer: i've only got one machine :-)16:19
niemeyernot16:19
niemeyerrogpeppe: This test only needs a single machine16:19
rogpeppeniemeyer: actually it occurs to me that the external connection will be connecting from 127.1 to 127.1 anyway, because we're using ssh port forwarding16:20
niemeyerrogpeppe: Besides that, looks the scheme looks good16:25
niemeyerrogpeppe: Still wanna talk about the location for the password, but that's a trivial for later16:26
rogpeppeniemeyer: ok, cool16:26
niemeyerrogpeppe: Thanks for the write up.. nice to debate like this16:26
rogpeppeniemeyer: np. i needed it to get the pieces straight in my head.16:26
niemeyerI'm heading to lunch, biab16:27
* niemeyer respawns17:00
niemeyerAram: ping17:48
Aramniemeyer: pong17:49
niemeyerAram: Yo17:49
Aramhi17:49
niemeyerAram: Just sent one last round.. please let me know if it sounds reasonable17:50
Aramok, reading now17:50
niemeyerAram: Just sent a last note regarding the copying.. we don't need to touch the database as I suggested before17:51
rogpeppeniemeyer: the old SetPassword CL is back, with better tests. i have  confidence that it's really working now :-) https://codereview.appspot.com/658706017:51
rogpeppei'm off for the night. see y'all tomorrow!17:54
niemeyerrogpeppe: Thanks, and have a good evening!17:56
niemeyerrogpeppe: Awesome tests18:05
Aramniemeyer: changed the watcher.18:38
AramI'm off now18:38
niemeyerAram: Have a good evening18:38
Aramthanks18:39
Aramniemeyer: oops, I fucked up something18:41
niemeyerAram: Ah, Alive I suppose18:41
Aramyeah.18:41
Aramthat breaks two tests18:41
Aramhmm18:41
niemeyerAram: Yeah, the original was good18:41
AramI'll revert it18:42
niemeyerAram: LGTM with that reverted and assuming all the tests pass18:42
Aramthanks18:42
niemeyerAram: Thanks!18:42
niemeyerfwereade_: ping19:11
fssniemeyer: ping19:44
niemeyerfss: Yo19:45
fssniemeyer: I'm adding support for some IAM actions on goamz, would you be interested in merging it? :)19:46
niemeyerfss: Definitely19:47
fssniemeyer: cool. I will split the changes that I've already made and send them to you in parts19:50
niemeyerfss: Brilliant, thank you19:50
fwereade_niemeyer, pong20:03
niemeyerfwereade_: Heya20:09
fwereade_niemeyer, heyhey20:09
niemeyerfwereade_: Ended up just sending a note in the review so you can process at a better time20:09
fwereade_niemeyer, lovely, cheers, bit distracted tonight :)20:10
niemeyerfwereade_: Nice :)20:11
fwereade_OOPS: 102 passed, 2 FAILED, 3 FIXTURE-PANICKED, 26 MISSED20:39
fwereade_--- FAIL: TestPackage (22.84 seconds)20:39
fwereade_FAIL20:39
fwereade_FAILlaunchpad.net/juju-core/state22.885s20:39
fwereade_niemeyer, is this known? ^^20:39
fwereade_niemeyer, the first panic is "need to login"20:40
fwereade_niemeyer, that is on trunk, and matches what I get on my branch; my changes merge cleanly with whatever broke, AFAICT, so I don't think I'm making anything worse by submitting :)20:43
niemeyerfwereade_: Oh nos20:44
niemeyerfwereade_: Hold on20:44
fwereade_niemeyer, sorry, I think it has landed already20:45
fwereade_niemeyer, bad call? :(20:45
niemeyerfwereade_: It's just good to confirm what is actually breaking, and whether your own branch passes cleanly without the breakage20:47
niemeyerfwereade_: I'm investigating.. it's probably the admin password logic20:47
niemeyerI wonder how rogpeppe didn't get this20:47
fwereade_niemeyer, ah sorry -- ISTM that clean tests before merge + failures identical with trunk after merge = independent logic20:48
fwereade_niemeyer, but I bet I could construct a suitably fiendish counterexample20:48
niemeyerfwereade_: Just running tip with his changes reverted20:49
niemeyertests on top20:49
niemeyertip20:49
* fwereade_ frets, hopefully baselessly20:49
niemeyerfwereade_: Yeah, all good20:49
fwereade_niemeyer, cool20:49
niemeyerSo, let me see if I can fix so I don't have to revert20:49
niemeyerfwereade_: This may be a difference between our mongod version and rogpeppe's20:55
fwereade_niemeyer, ahh20:55
niemeyerNasty20:59
niemeyerI've heard there's some improvements coming around auth in 2.4.. I hope that's the case, because it's a seriously half-baked story ATM20:59
niemeyerfwereade_: Fixed.. proposing in a mom21:00
niemeyerfwereade_: https://codereview.appspot.com/660204821:06
* fwereade_ looks21:06
fwereade_niemeyer, LGTM21:07
niemeyerfwereade_: Thanks21:07
fwereade_niemeyer, np :)21:07
* niemeyer steps out to meet friends21:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!