davecheneyhey hey05:46
davecheneythe good news, juju can now bootstrap from quantal to precise05:46
davecheneythe bad news, do-release-upgrade on my precise system totally hosed it :(05:46
fwereadedavecheney, heyhey07:07
davecheneyfwereade: hey07:08
fwereadedavecheney, reviewed one, with unhelpful whining about tests, I'm afraid07:09
davecheneyit is a non trivial amount of work to add 409 response behavior to s3test07:09
davecheneyi'll man up and do it07:09
fwereadedavecheney, on the other, trying to figure out what the deal is with the arch change in cloudinit_test07:10
fwereadedavecheney, thanks very much :)07:11
fwereadedavecheney, I expect it makes sense somehow, but I just cannot figure out where that i386 came from07:11
davecheneyfwereade: i386 is just to double check that cloudinit isn't amd64 only07:14
fwereadedavecheney, I just can't see what change caused it to use i386 where once it used amd6407:15
davecheneyfwereade: i can remove the i386 thing if it is confusing07:15
davecheneyit isn't testing anything important07:15
fwereadedavecheney, sorry, I have just come to realise I am being stupid07:16
fwereadedavecheney, so that one basically LGTM -- but the description should be fixed if it is now actually intended for submission ;)07:17
davecheneyfwereade: cool07:18
davecheneythat is the one i really care about07:18
davecheneyas i upgraded to quantal today (twice)07:19
fwereadedavecheney, ah, cool07:21
fwereadedavecheney, you have an LGTM with one nitpick07:21
rogpeppefwereade: hiya07:47
fwereaderogpeppe, heyhey08:09
rogpeppeTheMue: hi08:39
TheMuerogpeppe: hiya08:40
rogpeppefwereade: what's our current position on watchers returning updates for any changes, not just lifecycle? (i'm looking at MachinePrincipalUnitsWatcher here)08:40
rogpeppefwereade: it seems a bit silly that when we're told about a unit changing, we fetch its unit doc twice. ISTM that hardly any logic in the client (worker/machiner) would have to change, and we could get rid of a big chink of logic in the watcher08:43
TheMuerogpeppe: I like the idea of getting notified on any change, but I then like to get the watched entitiy (not only the id) and a useful information what has changed (e.g. the lifecycle state)08:45
fwereaderogpeppe, I am still undecided tbh08:46
rogpeppeTheMue: from what i see of the clients, they don't make that much use of that info.08:46
fwereaderogpeppe, the trouble is that different use cases are different and I think that both behaviours are wanted in different places08:47
TheMuerogpeppe: The old added/removed separation has been more helpful than today iterating over ids, retrieve the state and compare it.08:47
rogpeppefwereade: if we're just sending ids, then i think it makes sense that the client is responsible for doing the refresh and doing the diffs itself08:47
rogpeppeTheMue: i agree, but since we've moved away from that, i think it makes sense to take advantage of that08:48
fwereaderogpeppe, this is true, up to a point -- let me read some code a mo08:48
rogpeppeTheMue: there's no need for both the watcher *and* the client to be independently fetching the doc08:48
TheMuerogpeppe: That's true08:48
fwereaderogpeppe, I consider it to be a good thing, though, that the ServiceRelationsWatcher filters out irrelevant changes and only tells me about life changes08:50
rogpeppefwereade: how much would your logic need to change if it told you about other changes too?08:50
fwereaderogpeppe, it could be more efficient -- it only needs to grab 2 fields to do the comparison -- but I think we need to consider the HTTP API here08:50
rogpeppefwereade: after all, you need to fetch the doc to find out exactly *what* has changed08:51
fwereaderogpeppe, I think it *is* worth getting the document twice, because once the watcher is implemented behind the API, right next to the state, it is cheap for it to get a document08:51
fwereaderogpeppe, and by doing so it can send fewer updates to remote clients on the other side of the API08:52
fwereaderogpeppe, and those clients, for whom getting a document is expensive, don't have to repeatedly get and inspect the documents to do their own filtering08:52
fwereaderogpeppe, sane?08:53
rogpeppefwereade: hmm08:53
rogpeppefwereade: that's a reasonable point08:55
rogpeppefwereade: o08:57
rogpeppefwereade: darn, i thought we could get rid of large chunks of code08:57
fwereaderogpeppe, annoying, innit ;)09:04
* rogpeppe grumbles09:05
fwereaderogpeppe, TheMue: so, given that, I think the answer really is annoyingly situational09:05
fwereaderogpeppe, TheMue: for the firewaller, it's perfect to get life and ports changes only09:05
fwereaderogpeppe, service relations we want life only09:06
fwereaderogpeppe, TheMue: again, for the (?)deployer and/or machiner, life changes only09:06
rogpeppefwereade: i'm happy with that now.09:07
fwereaderogpeppe, cool, sorry :)09:07
=== mcclurmc_away is now known as mcclurmc
TheMueAram: hi10:32
rogpeppeAram: you've got a couple of reviews10:41
rogpeppeAram, fwereade: what's the story regarding https://codereview.appspot.com/6811091 vs https://codereview.appspot.com/6820112 ?10:41
rogpeppelooks like there are quite a few conflicts there10:42
Aramrogpeppe: unfortunate duplication of effort10:42
rogpeppeAram: well, yours does more, as it uses WatchUnits rather than WatchPrincipalUnits. maybe fwereade's should go in first.10:44
rogpeppehmm, looks like my gmail account has been hacked11:06
TheMuerogpeppe: Yesterday there also has been a strange twitter message by you.11:07
rogpeppeTheMue: yeah, that was hacked too. seems a bit strange - they both had different passwords11:07
rogpeppeTheMue: although, to be fair, both passwords were terribly weak11:07
TheMuerogpeppe: OK, so maybe just brute force.11:08
rogpeppeTheMue: i think so11:08
TheMuerogpeppe: I like the xkcd, where long curious sentences are better than "P4ssw0rd". ;)11:09
rogpeppeTheMue: yeah, that's the approach i'm using11:09
rogpeppeTheMue: with a couple of weird chars thrown in for good measure11:10
TheMuerogpeppe: I've changed it and now have stupid sentences.11:10
TheMuerogpeppe: But today I had to set one with 8 to 15 chars and no specia characters. Why those constraints? *sigh*11:12
rogpeppeTheMue: yeah, that's outrageous. don't they know that you can run sha1 in javascript? :-)11:12
TheMuerogpeppe: Yep ;)11:13
rogpeppeinteresting to see the spam machine in action11:24
rogpeppenone of the sent messages addressed more than 5 recipients11:24
rogpeppeand they all sent a different link11:25
TheMuerogpeppe: Yeah, they do their best to not being catched by spamassassin or postgrey.11:27
rogpeppethey got as far as "j" in my address book11:29
rogpeppe65 spam messages sent in total11:30
=== dimitern is now known as dimitern_lunch
rogpeppefwereade: ping12:38
Aramrogpeppe: I want acme integration with codereview.12:44
rogpeppeAram: how would you want it to work?12:45
Aramrogpeppe: somewhat like mail.12:46
Aramin fact even using that with the email you get now from codereview is almost usable, aparte from the fact that you can't reply.12:46
rogpeppeAram: do you still use acme mail?12:47
rogpeppeAram: i used it for years actually, but the lack of threading finally got to me12:47
rogpeppeAram: and the benefits aren't so great if you're not running under plan 912:48
fwereaderogpeppe, deferred pong12:48
fwereaderogpeppe, I have to pop out for a while and will be somewhat spottily around this afternoon and evening12:48
Aramacme mail is not so useful at this point anymore, but I think for specialized things, an acme mail thing would be useful.12:48
fwereaderogpeppe, I will grab you this pm though12:48
rogpeppefwereade: ok. sometime i'd like a chat about some new attributes in config12:48
rogpeppefwereade: but i think i've decided on a reasonable approach actually12:49
fwereaderogpeppe, cool -- I look forward to seeing it :)12:49
rogpeppefwereade: have fun12:49
rogpeppeAram: go for it; i'd like to see what you come up with.12:50
=== dimitern_lunch is now known as dimitern
=== flaviamissi is now known as flaviamissi_
=== TheMue_ is now known as TheMue
=== flaviamissi_ is now known as flaviamissi
rogpeppefwereade: i'll just run the config stuff by you to check for crackfullness, if that's ok15:13
fwereaderogpeppe, sgtm15:13
rogpeppefwereade: so, we want to be able to specify a root CA when bootstrapping and when connecting to an environment15:14
fwereaderogpeppe, ok15:14
rogpeppefwereade: when bootstrapping we'll need the private key too, so we can sign a new key/cert pair and hand it off to the first instance15:15
rogpeppefwereade: so my thought is to add three new attributes to config15:15
rogpeppefwereade: root-cert-path, root-cert and root-private-key15:15
rogpeppefwereade: root-cert-path acts a little like authorized-keys-path15:15
rogpeppefwereade: that is, if it's set, the cert/key pair is read from that file; otherwise if root-cert isn't set in config, we'll try to read from ~/.juju/rootcert.pem15:16
fwereaderogpeppe, yep, that makes sense15:17
rogpeppefwereade: we verify that the cert parses and that, if given, the key matches the cert.15:17
rogpeppefwereade: which prevents going a long way down the road with a bogus cert/key pair15:18
fwereaderogpeppe, ok, yep15:18
rogpeppefwereade: i think that's it, for the time being15:18
rogpeppefwereade: i'm just doing the tests15:19
rogpeppefwereade: it's a pity that it's yet one more step to getting a juju up and running15:19
rogpeppefwereade: i wonder if we might have a juju helper that prompts for the necessary information and does everything else necessary (e.g. generating the key, generating an admin secret, etc) and writes an environments.yaml file.15:20
fwereaderogpeppe, just one of many, really, we'll get there :)15:21
fwereaderogpeppe, yeah, new-user experience would be very much helped by that15:21
rogpeppefwereade: juju new-environment ?15:22
rogpeppefwereade: i'm not sure that we can rewrite environments.yaml losslessly though, sadly15:22
fwereaderogpeppe, I'm pretty sure we can't15:22
rogpeppefwereade: me too. +1 to json :-)15:23
rogpeppefwereade: actually, maybe it could just spit out an environments.yaml to stdout15:23
rogpeppefwereade: anyway, that's way down the line.15:23
rogpeppefwereade: if all that SGTY, i'll carry on15:23
fwereaderogpeppe, I *think* it does15:24
fwereaderogpeppe, I am not sure how to handle changing the root cert15:24
fwereaderogpeppe, or in general how to (or whether we should) change any of those new fields15:24
fwereaderogpeppe, (I guess root-cert-path is not really a setting, at least, just a sort of input filter)15:25
rogpeppefwereade: yeah, changing the root cert is hard15:25
rogpeppefwereade: and what about certificate revocation15:25
fwereaderogpeppe, quite so15:26
fwereaderogpeppe, I guess it would be worth trying to think a little way through those questions to ensure we're not closing any future doors, even if we don't support anything like that at this stage15:27
rogpeppefwereade: tbh, i think that both with changing the root cert and revocation, what we're building now is a necessary prerequisite. we are always going to need to pass at least one certificate into the cloud.15:30
fwereaderogpeppe, that does sound solid to me15:31
rogpeppefwereade: revocation, i think happens automatically, as long as clients are checking revocation lists appropriately.15:31
rogpeppefwereade: changing the root cert we'd probably do by leveraging the existing root cert to produce another cert. you'd probably do it by using a level of indirection and revoking the original certificate but not the original *root* certificate (he says, hand-waving wildly)15:33
fwereaderogpeppe, I think that's outside the realm of things I can claim to have a reasoned opinion on ;)15:35
fwereaderogpeppe, incidentally, I was wondering something related... ISTM that the user is already adequately identified with the authorized key, and I'm suddenly unsure what we get out of admin-secret... what am I missing?15:52
Aramrogpeppe: significantly refined version https://codereview.appspot.com/6820112/ , when you have time15:53
rogpeppefwereade: that may well be true in the future. for the time being, i don't know of a way to get mongodb do client authentication15:54
fwereaderogpeppe, ok, cool, so it's purely for admin auth with mongo?15:55
rogpeppefwereade: yes, i *think* so15:55
rogpeppeAram: looking15:56
Aramrogpeppe: also https://codereview.appspot.com/6814108/16:50
rogpeppeAram: sorry, i got some way through, then realised i really wanted to propose my CL by the end of the day...16:51
Aramrogpeppe: don't worry, I'm only pinging you, I don't expect reviews right away.16:51
rogpeppeAram: that's find. just letting you know in case you expected one after my "looking"16:52
rogpeppefwereade: ping18:03
fwereaderogpeppe, pong18:03
rogpeppefwereade: i've just realised, i think, that i'm slightly askew in my assumptions18:03
fwereaderogpeppe, oh yes?18:03
=== mcclurmc is now known as mcclurmc_away
rogpeppefwereade: i've been assuming that it's mandatory to have a root certificate18:04
rogpeppefwereade: but actually, i think we perhaps want the capability to connect to a server without checking18:04
fwereaderogpeppe, expand please18:04
fwereaderogpeppe, naively it seems like a good idea18:04
rogpeppefwereade: well, say we have a juju environment but we've lost the root cert key18:05
rogpeppefwereade: the checking that juju does is, i think, something that should be a choice (the default choice)18:05
rogpeppefwereade: 'cos otherwise we can't connect18:05
rogpeppefwereade: a bit like the way ssh automatically adds a key if you ask for it18:06
fwereaderogpeppe, I kinda favour just advising people that "keys are important; don't lose them"18:06
rogpeppefwereade: i was just wondering if i really want the root cert to be mandatory in config18:07
rogpeppefwereade: (i've just spent the last while putting it everywhere...)18:07
fwereaderogpeppe, ha, yeah, it is usually at such junctures that I start to question things18:08
fwereaderogpeppe, hmm18:08
fwereaderogpeppe, honestly I don;t know what is really meant by "everywhere" so it is hard for me to follow intuitively18:08
rogpeppefwereade: i got to environs/ec2, and realised that it uses your actual authorized keys, so i'm wondering whether we want to the same approach for root cert, or if we should generate one on the fly18:09
rogpeppefwereade: everywhere we've got a set of attributes for a config18:09
rogpeppefwereade: pretty much everywhere we've got an authorized-keys attribute now18:09
rogpeppefwereade: i'm thinking that it might be fine just to hard-code a root cert for testing.18:10
rogpeppefwereade: there's another thing which is a source of discomfort currently18:11
rogpeppefwereade: which is that the cert and key are specified in a single file, but they get two attributes in the config.18:12
fwereaderogpeppe, yeah, that definitely seems wrong18:12
fwereaderogpeppe, except hmm18:12
fwereaderogpeppe, maybe not18:13
rogpeppefwereade: there are +s and -s18:13
fwereaderogpeppe, but, yeah, it doesn't sit quite right18:13
rogpeppefwereade: i was trying to avoid having *two* more path attributes in the config.18:13
fwereaderogpeppe, hmm, just a mo18:13
rogpeppefwereade: but perhaps that makes more sense in fact; keep them separate at all times.18:14
fwereaderogpeppe, if that is as convenient that sgtm18:14
rogpeppefwereade: it's not convenient at the moment - i'd have to rewrite some code and lots of tests :-)18:15
fwereaderogpeppe, ha, indeed18:15
rogpeppefwereade: but on balance, i think it's probably a better approach18:16
rogpeppefwereade: bugger18:16
* fwereade sympathises18:16
fwereaderogpeppe, a strawmanny thought18:20
* rogpeppe gets out the wooden axe18:21
fwereaderogpeppe, how would it be if the administrator who created the environment were to have keys and certificates automatically generated and stored in ~/.juju/environments/<name>?18:22
fwereaderogpeppe, they could of course be overridden by config settings18:22
rogpeppefwereade: i think that's a reasonable thought, and i've thought about something similar myself18:23
rogpeppefwereade: but i think it's orthogonal to what i'm doing currently18:23
rogpeppefwereade: which enables that, trivially18:24
fwereaderogpeppe, agreed... maybe a suggestion for the lists, see if it draws popular support, if it does it should indeed be easy to build on top18:24
rogpeppefwereade: yeah. actually, i don't think there needs to be a key per environment18:25
rogpeppefwereade: i think one root key for all environments is just fine18:25
rogpeppefwereade: so the command line tool could generate ~/.juju/rootcert.pem if it doesn't already exist18:26
fwereaderogpeppe, I dunno, I think one per environment is saner in a multi-admin situation18:27
fwereaderogpeppe, but I don't feel very strongly about it, haven't really thought it through18:27
rogpeppefwereade: if you want one per environment, that's easy to do. but a single name space also makes sense, i think.18:27
rogpeppefwereade: it means there's only one public key to distribute, for one18:28
fwereaderogpeppe, yeah, also sounds reasonable :)18:28
rogpepperight, i can't launch into changing all this now; time to stop for the night, i think.18:30
rogpeppea pint beckons18:30
rogpeppefwereade: have a great weekend, see ya monday18:31
rogpeppenight all18:31
fwereaderogpeppe, have fun :)18:31
=== mcclurmc_away is now known as mcclurmc

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!