=== Makyo is now known as Makyo|out
=== frankban_ is now known as frankban
=== gary_poster|away is now known as gary_poster
gary_postermorning all.  bcsaller and Makyo|out, I'd like to hear about the status of bug 1099921 sometime today.  no rush though.13:37
_mup_Bug #1099921: Dragging services fails intermittently <juju-gui:Triaged> < https://launchpad.net/bugs/1099921 >13:37
bachi bcsaller13:58
bcsallerbac: hi14:12
gary_posterbac, benji is prototyping "Test needed for work-around on building relations."  Is that the thing you said you had done as an aside?14:26
bacgary_poster: yeah14:27
benjiI'll... put the card back then, and assign it to you, bac14:27
gary_postersorry benji.  that was a product of bac being sick, I think14:27
gary_posterand out of that loop14:27
gary_posterbenji, I suck, but I think that one should wait for goodspud to be around14:35
gary_posterbenji, call in 2?14:36
benjigary_poster: sure14:36
* benji suspects gary_poster is traveling close to the speed of light.14:45
gary_poster:-P sorry14:45
Makyo|outCompiz bugging out, in for real in a moment.15:01
* teknico will be back in half an hour, please start the call without waiting for him, he'll be there shortly15:01
gary_posterbac bcsaller benji frankban hazmat Makyo teknico call in 215:29
gary_postermake that 115:29
gary_posterbac hazmat starting15:31
hazmatnetwork problems.. trying15:33
teknicobenji, deRailing people sounds like a pretty cool thing to do, as long as you Djangoize them at the same time :-)15:57
MakyoIs there another PS sprint along with UDS in April/May?15:57
benjithat sounds like a good name for a blog run by a former Rails guy trying to convert people to Django15:57
gary_posterMakyo, yes, that is my expectation16:31
gary_posterMakyo, Oakland this year, if you didn't see16:32
Makyogary_poster, cool, thanks.16:32
Makyogary_poster, Yeah, I saw.  Oakland, at the Bella Sky Convention Center, Denmark, last I checked :)16:32
bcsalleron a hunch I tested it and I think CSS transitions are working again, the incremental redraw stuff seems to have fixed that. 16:40
bcsallersomeone else would have to verify, I think its running to quickly on chrome, but I *think* its working. I don't see any bad visual artifacts now16:41
* gary_poster runs to lunch for a bit16:52
gary_posterhazmat we do have bug 1104098 on the board as the only single high bug.  I think that is what you are talking about for "enable serving up gui and websocket on same port."  I guess we could treat the bug as the more long term solution that would work for pyjuju and gojuju, like what Francesco investigated...16:57
_mup_Bug #1104098: secure GUI on Firefox with self-signed cert requires second, hidden cert acceptance <juju-gui:Triaged> < https://launchpad.net/bugs/1104098 >16:57
hazmatgary_poster, it is the same, though the branch in review doesn't do the charm work to enable usage of that. i'm more comfortable given that we're released/announced if we can get an interim fix in. the long term solution also needs vetting on ssl inbound <- proxy -> ssl outbound .. currently francesco suggest ssl needs to be disabled on outbound which invalidates that solution17:00
gary_posterssl outbound from juju you mean17:00
gary_posterinvalidates it because of go only?17:00
hazmatgary_poster, ssl outbound to juju from the proxy17:00
hazmatgary_poster, yes17:00
hazmatgary_poster, but only because we control the endpoint in the gui on pyjuju17:01
hazmatif the endpoint we're part of the state server, in pyjuju the same issue applies17:01
hazmati'm hopeful further experimentation with haproxy can resolve..17:01
gary_posterhazmat, if not, do you feel that it would be a reasonable argument to have a non-exposable Juju API-only port17:02
gary_posterin go17:02
hazmatbut again i'd like to get a fix in place given that we've started directing users to the gui.. that can be haproxy, but then we need to priortize assessing the haproxy as a long term solution17:02
gary_posterhaproxy can be part of the go bits17:03
gary_postergo work17:03
gary_posterand when we do that17:03
gary_posterwe can switch to using that everywhere17:03
gary_posterimprov on charm ("staging" mode) will still be broken for Firefox with the current fix, right hazmat?17:04
gary_posteras broken as it is now I mean17:04
hazmatgary_poster, i'm not comfortable with the non exposed port not using ssl, there are non tenant network isolation scenarios with maas/hardware that would effectively allow for attacks.. in cloud environments its reasonable okay though they'd have to guard against std password attacks etc on the port17:04
hazmatgary_poster, no this should fix that to, improv will grown a cli option to point to gui-dir17:04
hazmatgary_poster, i mean thats one option.. at the moment improv has no cli config..17:05
gary_posterack hazmat makes sense17:05
hazmater.. by cloud envs i mean ec2 non vpc, most other clouds do net tenant isolation17:06
gary_posterok, *now* I'm going to lunch :-P17:06
hazmatgary_poster, :-)17:06
frankbanhazmat, gary_poster : I did some more investigation: it seems to be possible to forward encrypted data on outgoing connections (api agent). this can solve the problem of having an insecure connection to localhost. 17:27
hazmatfrankban, awesome17:27
hazmatwell its not localhost in the general case  but that's cool17:28
frankbanhazmat: in the long term, will we need to use different certs for browser -> haproxy and haproxy -> gojuju?17:28
hazmatfrankban, probably17:28
hazmatfrankban, almost definitely17:28
hazmatgojuju shouldn't be sharing its private api server cert with a service in the env17:29
bacbenji: could you look at my branch in review in order to de-red the lanes?  it simply adds the test we discussed17:42
benjibac: sure17:42
benjibac: Looks good.  I added a couple of comments.17:45
bacbenji: oops.  :)17:47
frankbanhazmat: it seems to work also using two certs! https://ec2-184-73-51-76.compute-1.amazonaws.com/17:54
MakyoRunning into EMFILES with node watching files in make devel.  Helped to increase /proc/sys/fs/inotify/max_user_instances a little (though I suspect I've probably got other problems), in case that helps anyone else.17:56
hazmatfrankban, excellent, that's the preferred solution then17:56
frankbanhazmat: cool, however, does that link work for you (firefox)?17:59
hazmatfrankban, what's the password?18:00
frankbanhazmat: if you see the login screen, then it works18:01
hazmatfrankban, i do, cool18:02
frankbanhazmat: new configuration: http://pastebin.ubuntu.com/1586550/  adding this link to the card18:03
hazmatfrankban, do you mind if i reassign the card to you then18:04
hazmatwe don't need the static serving in rapi afaics with this18:04
frankbanhazmat: i mean bug 110409818:05
_mup_Bug #1104098: secure GUI on Firefox with self-signed cert requires second, hidden cert acceptance <juju-gui:Triaged> < https://launchpad.net/bugs/1104098 >18:05
hazmatah cool18:05
frankbanhazmat: I think we need further discussion on the path to follow, we still have haproxy unreleased.18:06
hazmatfrankban, good point.. okay i'll continue on with the rapi serving static. with the intent that this is the future18:07
hazmatthe beauty of charms is that its not a big deal, alhtough agreed a src dev-base/compile env is not ideal18:08
frankbanhazmat: yes, we could also add our nginx build to some ppa, maybe better18:09
gary_poster+1 on PPA frankban, and awesome!  (worked for me on FF too)18:18
frankbangary_poster: cool, EOD, have a nice evening18:24
gary_posteryou too frankban 18:24
gary_posterbac, gave you second review18:56
gary_poster(land as is or with trivial changes()18:56
gary_posterbenji I approved sauce labs email to juju-gui fwiw so you can verify that account if you want19:24
benjigary_poster: thanks19:25
gary_posterguihelp, what do you see in https://launchpad.net/~juju-gui/+mailing-list-subscribers 19:56
gary_posterjust yourself, or a group of us?19:56
hazmatgary_poster, i just see you19:56
hazmatgary_poster, we're not using that19:57
MakyoJust you.19:57
hazmatgary_poster, we're using mailman directly on lists.ubuntu.com19:57
gary_posterright thanks hazmat19:57
hazmatie. the channel title19:57
hazmatelse it wouldn't really be a public list19:57
hazmatspeaking of public lists.. that's where the saucelabs invite went out to19:58
hazmatnot sure that it matters, but we should update the contact info for that perhaps19:59
gary_posterbenji ^^19:59
benjihazmat: I am prototyping using them for our browser tests, what would you like the contact address to be set to?20:00
hazmatbenji, private list since its a private resource20:00
hazmatjuju-gui-peeps would do the trix20:01
benjimaking it so20:04
* bac preemptive dog walk. bbiab.20:10
benjigary_poster: if you have a second I would like to discuss the current and future of my saucelabs.com card20:43
gary_posterbenji on call.  will ping soon20:43
gary_posterbenji, I'm in juju-ui for you whenever you are ready.21:06
bacMakyo: review done.21:49
MakyoThanks, bac21:49
* Makyo -> dogwalk22:05

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!