/srv/irclogs.ubuntu.com/2013/01/30/#juju-dev.txt

=== slank is now known as slank_away
jamwallyworld: /wave05:38
wallyworldg'day05:39
wallyworldjam: i've put up a couple of mp's - bootstrapping a real openstack works :-)05:42
jamwallyworld: sounds great05:42
wallyworldbut canonistack is responding now with a resource limit exceeded error, but it was working, o swear05:42
wallyworldi ran it against my user id for everything (public bucket etc), didn't try out shared tenant05:43
jamwallyworld: you could certainly have started to many instances, etc in a time frame.06:06
wallyworldyes, i did a lot of debugging/testing06:06
rogpeppemorning all!08:10
dimiternrogpeppe: morning08:12
TheMuerogpeppe, dimitern: morning08:12
dimiternTheMue: hiya08:12
rogpeppei'd appreciate some comments on https://codereview.appspot.com/6878052 if anyone fancies having a look08:14
TheMueAaaargh, heavy rain showers here. OK, much warmer than a week ago, but so wet.08:15
TheMueThankfully no need to step out.08:15
TheMuerogpeppe: *click* before continuing my OS X tests (build went w/o probs).08:15
* dimitern looking as well08:16
dimiternrogpeppe: done08:30
rogpeppedimitern: that was quick, thanks!08:30
dimiternrogpeppe: np08:30
dimiternwallyworld: ping08:43
jamrogpeppe: I'm trying to use 'lbox propose' but I'm still getting "local error: protocol version not supported".08:46
jamIs there any way to get more context in the error messages?08:46
rogpeppejam: lbox --verbose ?08:46
TheMuerogpeppe: You've got a review.08:48
rogpeppeTheMue: tyvm08:49
jamrogpeppe: it looks like it might be a username failure, but where are the cached auth details saved?08:49
TheMuerogpeppe: Missed to enter the LGTM, so after your answers I'll do it. ;)08:49
rogpeppejam: hmm, i've never looked, sorry08:49
rogpeppejam: i'd appreciate your comments on this CL too, if you have some time. https://codereview.appspot.com/687805208:50
jamrogpeppe: ... it is telling me that it successfully read from a file that doesn't exist....08:56
rogpeppejam: hmm.08:56
rogpeppejam: lbox is?08:56
jamrogpeppe: I hacked rietveld to tell me where it was loading the credentials, and it logs "Successfully loaded from $HOME/.goetveld_codereview.appspot.com" but there is no such file.08:57
rogpeppejam: weird. more printfs required, i think :-)08:57
rogpeppejam: i could have a look, but i'd only be duplicating your work, and i can't reproduce the problem...08:58
jamyeah, working on it08:59
jamlots of prints now08:59
jamrogpeppe: step 1: failed to read file, step 2: successfully read credentials... WTF?09:01
rogpeppelol09:01
jamrogpeppe: there is a func "filterNotFound()" which turns not-found errors into nil09:04
jamso it says it loaded when the credentials aren't actually there.09:04
rogpeppejam: so it's deliberate. perhaps this isn't the reason after all.09:05
jamrogpeppe: sure, but the log message saying it successfully loaded credentials is confusing09:05
jamAnd it isn't asking me to log in.09:05
jamIt did the very first time I ran it with -v09:05
rogpeppejam: indeed. and that seems odd.09:05
jamand now it just dies09:05
jamIt seems to get a 40109:05
jamand then... protocol not supported tends to happen.09:05
jambut I'm not able to get my creds into the system, because it doesn't get to the point of actually asking me to log in.09:06
rogpeppejam: if you run it with --debug, you'll see the traffic to and from the server too, which might help possibly09:06
jtvHi rogpeppe (and thanks for all your helpful comments by the  way!), hi jam.09:10
jamh09:10
jamhi jtv09:10
rogpeppejtv: hiya09:11
rogpeppejtv: on the go gotchas doc?09:11
jtvThe Cultural Learnings For Make Benefit.09:11
rogpeppejtv: a great title09:11
jtvJulian's.  Stroke of genius.09:11
rogpeppejtv: i think that at least some of it might be good to publish more widely09:12
jtvGood point.  I'll mention it in our standup call.09:12
jtvMeanwhile, another thing you gents may be able to help with:09:12
jtvwhen a juju provider needs to know things like the base URL it should talk to get its virtual machines etc., that all goes into the config and is parsed out by Provider.SetConfig(), right?09:13
rogpeppejtv: yup09:13
rogpeppejtv: or at least it should be derivable from the config09:14
jtvThanks.  And in general, is the config meant to be a single level deep, or nest structures, or be very very deep so the whole world can fit in if needed..?09:14
rogpeppejtv: generally it's a single level09:15
rogpeppejtv: i'm not sure if we allow deeper nesting - it might be useful at some point (i've considered a situation where we might want nested provider configs...)09:15
jtvFor gomaasapi we built a little object layer for dealing with dynamic JSON structures.  Not great, but it gets us past the static/dynamic problem.09:16
rogpeppejtv: have you seen juju's schema package?09:17
jamrogpeppe: well, eventually after running the command probably 50 times now, it finally asked for my password and I could get it entered. I still don't know what was wrong with the protocol, but it apparently blocked me actually logging in.09:17
jtvNo..?09:17
jamjtv: you can use a map[string]interface{} for dynamic structures, (I think)09:17
rogpeppejtv: it makes it easier to coerce dynamic JSON structures into a known form.09:18
jtvjam: yes we do use that, but our code hides the casting etc. underneath.09:20
jtvrogpeppe: that was part of our problem: we couldn't guarantee much about the known form.09:20
jamjtv: how dynamic is the actual structure? We went with more of a known structs which allows the json marshall/unmarshall to handle casting to types rather than writing a lot of functions09:21
jam(function calls)09:21
rogpeppejtv: that can be awkward09:21
rogpeppejtv: i'd be interested to see the range of forms you have to deal with.09:21
jam(the argument is that if you don't actually know the structure, you don't really know how to use it, do you?)09:21
jtvWell in our case we had the problem of a boundary of responsibilities between the code that uses the objects (and thus has to know /something/ about their structure) and the code that serves them up.09:22
rogpeppejam: yeah, but json structures can be alarmingly content-dependent sometimes09:22
jamjtv: you can pass in the expected structure (via interface{}) and have it get populated and returned09:23
jtvYes.  We had a few slightly different requirements though.  The one thing we know is that "MAAS objects" are JSON objects with a resource_uri entry.09:24
jtv(Although conversely of course, a JSON object with a resource_uri entry need not be a MAAS object)09:26
jtvWas a bit shocked to find that numbers can parse to float64 *or* int, depending.09:26
jamrogpeppe: should 'rpc' be in juju-core ? it feels like something that should be an external lib.09:29
jam(with all the dep issues that entails, maybe not worth it yet, I guess)09:29
rogpeppejam: quite possibly. i think i'm in favour of leaving it in juju for the time being, as it may become more juju-specific.09:29
rogpeppejam: we can easily factor it out later (and i'm in favour of doing that when it stabilises)09:30
rogpeppeTheMue: "09:31
rogpeppeJust to get it right, the coverage of the API is defined by the types and their09:31
rogpeppemethods here in the package, but those are using the generic way interact with09:31
rogpeppestate?09:31
rogpeppe"09:31
rogpeppeTheMue: i'm not sure i understand your question there09:31
TheMuerogpeppe: Just wanted to know if the type and methods the API exposed have to be defined in the API package like you've done it for Machine.InstanceId().09:33
rogpeppeTheMue: yes. that's how all our Go-implemented clients and agents will interact with the state09:34
TheMuerogpeppe: Fine.09:34
TheMuerogpeppe: So more control than exposing all public state types and methods.09:35
rogpeppeTheMue: yes09:35
TheMuerogpeppe: +109:35
TheMuerogpeppe: Like it.09:36
TheMuerogpeppe: Btw, our client runs fine on OS X. :D09:36
rogpeppeTheMue: of course, external clients will speak JSON directly to the API server.09:36
rogpeppeTheMue: cool.09:36
rogpeppeTheMue: you ran the live tests?09:37
TheMuerogpeppe: First step has been just to bootstrap. Next step are the live tests.09:37
rogpeppeTheMue: ah, you bootstrapped ok - that's good enough for me :-)09:37
TheMuerogpeppe: *lol*09:38
rogpeppeTheMue: and juju status worked ok, presumably?09:38
dimiternwe may have a problem with openstack bootstrap, it seems the user_data we're passing is limited to 65K base64 encoded string09:38
TheMuerogpeppe: Exactly09:38
dimiternand ours is slightly over 80K09:38
rogpeppedimitern: compressed?09:38
dimiternrogpeppe: no, it's just b64-ed09:39
rogpeppedimitern: that's huge, BTW. why is it so big?09:39
dimiternrogpeppe: I don't know but I intend to find out shortly09:39
rogpeppedimitern: ec2 sends the user data compressed, BTW09:39
rogpeppedimitern: i mean the ec2 provider sends...09:39
dimiternrogpeppe: nova does not support this, looking at the source09:40
rogpeppedimitern: the limit for ec2 user data is 16K and we fit in that alright. 80K is huge!09:40
dimiternrogpeppe: it's either improperly encoded or it's repeated or something09:41
rogpeppedimitern: does nova need to know about the compression? i thought it was a cloud-init thing.09:42
dimiternrogpeppe: not that I can see - compression is neither mentioned in the API/docs nor I can see it being handled at the nova source level09:43
rogpeppedimitern: https://help.ubuntu.com/community/CloudInit09:44
rogpeppedimitern: "content found to be gzip compressed will be uncompressed. The uncompressed data will then be used as if it were not compressed. "09:44
dimiternrogpeppe: that's what I have http://paste.ubuntu.com/1589183/09:45
dimiternrogpeppe: I see - so nova doesn't have to handle the decompression - cloud init will do that itself?09:46
rogpeppedimitern: yeah09:46
dimiternrogpeppe: so that paste looks not right? it should be gz-ed09:47
dimiternrogpeppe: which module should I use? compress/zlib?09:48
rogpeppedimitern: check out the code in the ec2 provider09:48
jamdimitern: zlib != gz, though they are similar09:48
rogpeppedimitern: there's already a convenience function to do it09:48
jam(both are DEFLATE, but gz has different headers)09:48
dimiternrogpeppe: can you point me where?09:48
rogpeppedimitern: (in trivial)09:48
jamnot to be confused with mgz, who has no headers :)09:49
dimitern:D09:49
rogpeppedimitern: in the userData function in ec2.go09:49
dimiternrogpeppe: ah, ok09:49
rogpeppedimitern: cdata := trivial.Gzip(data)09:49
mgzI have a head, though...09:50
dimiternrogpeppe: yeah, this is removed in OS when porting the ec2 stuff .. weird09:52
jammgz: sometimes at least. :)09:56
dimiternso, with the gzip part done, now it seems we need to set a public IP as well, otherwise you cannot connect to mongo, even with the sshebang VPN stuff for canonistack, and nova ssh machine-0 complains no public IPs are set10:02
dimiternand I cannot ssh directly, because the authorized keys expect my key pair to be on chinstrap as well10:05
dimiternand I cannot connect to the mongo on the bootstrap node at all - with either private canonistack IP or with an attached floating IP (public), even though I can see the secgroup allows port 3701710:20
dimiternshould I be able?10:21
jamdimitern: so is it trying to ssh to the machine, or is it trying to connect directly to mongo?10:24
jamif it is a direct connect to mongo, then you would need an ssh tunnel to it, or as you mention we need a public ip set for the machine.10:24
dimiternjam: directly on port 3701710:25
dimiternjam: I have a public IP set and through it it doesn't work (drops with conn refused, rather than blocking forever, when using a private IP)10:25
dimiternjam: and I cannot seem to find a way to ssh into the machine to see what's running there (public key auth fails - used several ways to connect - with the sshebang, directly with -i ~/.ssh/mykey, etc.)10:27
mgzyou can also just ssh to chinstrap, then use a 10. address from there to test things sometimes10:27
mgzit's likely the cloud-init was bugged though10:27
dimiternmgz: tried that as well - still pubkey auth failed10:27
mgzdimitern: what you need to do is look at the boottime console output10:27
dimiternmgz: how? juju bootstrap is doing all10:28
mgzwhich will tell you if injecting your public key failed somehow10:28
jamdimitern: I'm pretty sure you can use a different ssh key to chinstrap than you use to the actual bootstrap node, but it might involve a bit of ssh config magic.10:28
dimiternmgz: if I use lpsetup to launch a machine - it all works and at the end I'm in a ssh session10:28
mgzdimitern: eg by `euca-describe-instances` to get the i-000000 id form10:28
mgzthen `euca-get-console-outp... something like that, don't remember the form10:29
mgzanyway, pipe that to file and pastebin it10:29
mgznovaclient should actually expose the console output stuff now as well10:29
dimiternmgz: ahaa! 10x10:29
jammgz: nova list works for me10:30
jamit reports the ip address of the target machine10:30
dimiternmgz: http://paste.ubuntu.com/1589253/10:30
dimiternnova list works for me as well, but nova ssh says "no public address set", which is wrong - there is a fip set10:31
mgzjam: as in, what dimitern actually needs is the bootlog10:31
mgzthe eucatools list was just to get the other id form to use with the console output command10:31
jamdimitern: well, I don't use a public IP to ssh to10:31
dimiternmgz: that's troublesome - 2013-01-30 09:54:04,352 - __init__.py[WARNING]: Unhandled non-multipart (text/x-not-multipart) userdata: 'H4sIAAAJbogA/+y9+ZOq2rIn...'10:32
mgzdimitern: ^right, that10:32
jamdimitern: I use "nova list" which gives: in the last column "Networks" which has "canonistack:10.55.60.XX" and I just "ssh 10.55.60.XX"10:33
mgzI'm *so* glad I added that log line to cloud-init :)10:33
dimiternmgz: yay :)10:33
mgzyou appear to have done base64 then gzip?10:33
mgzit should be gzip then base6410:33
dimiternjam: using ssh 10.55.xx does not work either (pubkey auth error)10:33
jamdimitern: um, I'm able to get to: 10.55.60.24610:33
dimiternmgz: thought just that :) I'm looking10:34
jamwhich is the one listed in your log10:34
mgzonce you ungzip, the first bit of literal text must be #cloud-config10:34
dimiternjam: me too10:34
jamsorry, bad paste10:34
jamI get perm denied going to .24610:34
dimiternjam: exactly10:34
mgzjam: when cloud-init doesn't like the user data you pass (which includes the key to inject), you can't ssh to the machine in the normal way10:34
dimiternjam: used to work before - in fact for things lpsetup created it works ok10:35
jammgz: sure, I imagine the key to use is in the cloud-init, and if that isn't there, bad news bears :)10:35
jammgz: any way to get gzip to decompress even when the data isn't complete?10:36
mgzit's there, but can't read the user-data dimitern passed, because it comes out base64ed still10:36
mgzjam: not really.10:36
jammgz: http://www.urbanophile.com/arenn/coding/gzrt/gzrt.html :)10:36
jambut that might still be block-sized10:37
mgzwell, it can be done, but cloud-init has no facilities to do it10:37
mgzand you can't get to the box to fiddle yourself10:37
jammgz: oh, I just want to see the decompression of the base64 stuff, to see if it makes any sense.10:37
jamdimitern: btw, you might want to use pastebin.canonical.com for stuff that might contain things like private keys10:38
jamp.u.c is fully public10:38
mgzcloud-init dump is generally safe, but yeah10:39
dimiternjam: ah, ok, will do10:39
dimiternjam: luckily, because of the bug no keys were actually of importance there10:40
jammgz: well, the 24 base-64 bytes is not enough to get any data out of gz10:40
mgzyeah, is a gzip stream though10:42
jammgz: well gzip("#cloud-config").encode('base64") => H8sIAAAA... which is the same as  the paste bin. However I imagine that is the gzip header, and not the actual compressed contenct.10:42
jammgz: well, you can't take out arbitrary bytes in the middle, but if you get enough of the prefix, you should be able to get something out, I imagine.10:43
jamH4s10:43
mgzwell, we have the length10:44
jamdimitern: one option is to dump the content (log it) in the client, to see what it thinks it is sending. And you can at least check that the prefix matches.10:44
jammgz: the error message sounds like it wants multipart sections10:44
mgzah, not we don't10:44
mgzjam: I'm just checking with cloud-init, but I suspect over-endoing10:45
jammgz: but what dimitern posted before: http://paste.ubuntu.com/1589183/10:45
mgz*encoding10:45
dimiternjam, mgz: so I did bootstrap and logged, took the console log as well10:45
jammgz: I wonder if it was "base64(gzip(base64(content)))" or something like that10:45
dimiternit seems the client is sending b64(gzip(cloud_init)) and it's exactly as it is - correctly10:45
dimiternbut yeah - I did the gzip(header) -> base64 and it's H4S.. something, so indeed another b64 is happening10:47
jamdimitern: gzip("").encode('base64') == H4sIAAAA10:47
jamso that is just the "I'm a gzip stream" bit10:47
jamnot the "and the content looks like #cloud-init" stuff.10:48
dimiternit seems the data is not decoded on the other side10:50
jamdimitern: so I'm wondering about the base64 nature10:51
jammgz: is there a reasonable way to get the cloud-init content out of pyjuju?10:51
jamto compare?10:51
mgzyeah, but it's quite different10:52
mgzI don't think they even gzip it10:52
dimiternwhere's the cloud-init decoding the stuff?10:52
dimiternmgz: for ec2 rogpeppe said they gzip it, because the limit is 16K (in Os is 65K, ours uncompressed was 80K so bootstrap was failing with 500, and I added the gzip step as in ec2)10:53
jammgz: help.ubuntu.com indicates that we likely need to because of space limitations.10:53
jamdimitern: I wonder if it could even be a "#cloud-config" with "\r\n" or some sort of line-ending/whitespace issue.10:53
mgzyeah, it's not gziped.10:54
dimiternjam: the code to produce it is in userData() method in environ - cloudinit.Render()10:54
dimiternappend([]byte("#cloud-config\n"), data...)10:55
dimiternso it's \n and whatever's there10:55
mgzso, wrapping it in mime junk would probably work, though it should function like this too, just trying to understand the handler code in cloud-init again10:55
mgzthis... must be base64 over-encoding10:57
jammgz: well, "Content-Type: text/cloud-config"10:57
mgzwhat cloud-init is seeing is base64 encoded10:57
jamhttps://help.ubuntu.com/community/CloudInit10:57
dimiternmgz: exactly10:57
mgzgenerally, what you do is base64 to pass in json over the apu10:57
jamdoesn't say anything about base64 that I've found10:57
dimiternmgz: what's in the cloudinit is yaml10:58
mgzthen when you request the user-data from the metadata service, it's not base64 encoded10:58
mgzso, it's that stage, rather than anything gzip or cloud-config related10:58
mgzit never gets that far10:58
mgzdimitern: what's the branch with this code?10:58
mgzwe're just base64ing too many times10:58
dimiternmgz: cloud-init in juju-core - that's what I'm looking at10:59
dimiternmgz: openstack api requires user_data to be base64 encoded11:00
mgzdimitern: goose also base64s11:01
dimiternmgz: only goose does, juju-core doesn't touch the gzipped yaml11:02
rogpeppefwereade: https://codereview.appspot.com/6878052 :-)11:02
fwereaderogpeppe, cheers ;)11:02
mgzwow, cloudinit.verifyConfig is the stupidest function I've seen in a while11:04
dimiternmgz: but somehow the cloudinit doesn't expect base64-er userdata (with gzip inside)11:05
mgzit shouldn't come off the metadata service encoded11:05
mgzand doesn't11:05
dimiternhow is it taken from the metadata?11:05
mgzwe could reproduce more closely what juju-core is doing, and in a safe way where ssh will still work, with lpsetup11:06
jamdimitern: according to http://docs.openstack.org/trunk/openstack-compute/admin/content/user-data.html it is a web request11:06
mgzbut I'm pretty sure it's not openstack at fault11:06
jammgz: is it possible to manually make a metadata request to verify what the instance got?11:06
mgzyeah, curl the magic url11:06
mgzbut you need ssh to do that :)11:06
jammgz: what is the magic url?11:06
jamopenstack/date/user_data doesn't quite make sense11:06
jamor is the 169.254 actually the magic IP?11:07
mgzit is.11:07
rogpeppemgz: cloudinit.verifyConfig pretty closely from the pyjuju code.11:07
rogpeppes/pretty/came pretty/11:07
jammgz: so you have to do it from the instance? (it uses source address to determine what content to serve?)11:08
mgzyup.11:08
jammgz: booo11:08
dimiterni'm starting a node now with lpsetup to see what the metadata can be11:08
jamdimitern: interestingly, openstack's metadata is in yaml, but ec2's is in json11:09
dimiternjam: yeah, because juju-core uses yaml for both11:10
jamdimitern: *might* be a problem11:10
mgzdimitern: we can also hack around the ssh problem in juju-core11:10
mgzif you pass key_name=dimitern and have some keys installed11:11
mgzit won't matter if cloud-init gets borked data11:11
dimiternmgz: keys installed where?11:11
mgz`nova keypair-list`11:11
mgzI'll double check the exact param as well11:12
rogpeppejam: i didn't think that ec2 used json at all11:12
jammgz: from what I can find, pyjuju does not gzip the content.11:12
mgzjam: indeed, I said that ^up there :)11:13
jamrogpeppe: http://docs.openstack.org/trunk/openstack-compute/admin/content/metadata-service.html seems to indicate that if you get data from the metadata api in ec2 compat mode, it comes back as json11:13
rogpeppejam: we only need to gzip the content now because we're passing around big certificates and keys11:13
jamah, there is 'metadata' and 'metadata.json' perhaps11:13
jamrogpeppe: sure, but for sanity checking, I might recommend dimitern not gzip until we get something working in case the decode step isn't working.11:13
rogpeppejam: ah, i thought you were referring to goamz/ec2 or environs/ec2, neither of which use json AFAIK11:14
rogpeppejam: perhaps he could try a little standalone program11:14
jamrogpeppe: it is a bit unclear what the metadata service actually does, as I haven't studied the document and it goes back and forth between JSON and yaml.11:14
jamIt might depend on what specific URL is accessed.11:14
jamdimitern: so my immediate hack would be to take out gzip (either everywhere or just for openstack), and then take out the certs, just to see if the instance node comes up11:15
jamalso, if you push your code, we can probably try to reproduce your findings.11:15
mgzdimitern: okay, add the following param server dict in goose: 'key_name': $OS_USERNAME11:16
mgzthen make sure you have a key under that name (you should anyway)11:16
rogpeppedimitern: you could try reducing KeyBits in juju-core/cert to a small number, say 12811:16
mgzthen is you bootstrap with the borked cloudinit11:16
rogpeppedimitern: then the cloudinit will be significantly smaller11:16
mgzyou'll be able to ssh in anyway, and then curl down the exact data the metadata service has11:16
rogpeppedimitern: it would be interesting to see if it still failed then11:17
dimiternok, one by one :)11:18
dimiternrogpeppe: I'll try reducing the keybits first11:19
dimiternjam: not sure how to remove the keys, otherwise removing gzip causes a failure on bootstrap every time11:19
TheMuerogpeppe: live tests fail, looking for interesting tools: 1.9.8-unknown-amd64.11:21
rogpeppeTheMue: ah of course11:22
TheMuerogpeppe: not all fail, but 1911:22
rogpeppeTheMue: no ubuntu series on macos11:22
TheMuerogpeppe: yep, exactly11:22
rogpeppeTheMue: perhaps we can't expect live tests to pass under macos11:23
TheMuerogpeppe: seems so11:23
rogpeppeTheMue: unless we have an option to disable tools upload for the live tests, which might be a reasonable way to go11:24
niemeyerHello!11:25
mgzdimitern: http://paste.ubuntu.com/1589367/11:25
dimiternmgz: I'll try that11:25
TheMueniemeyer: Hiya11:26
dimiternotherwise, reducing the keybits to 128 reduced the cloudinit almost in half, but still 48K uncompressed, so removing gzip doesn't help unless I somehow strip the keys11:27
dimiternmgz: adding the key name didn't do the trick - still cannot connect with my key11:32
wallyworldmgz: dimitern: jam: standup?11:33
mgzmumble has decided it likes hanging...11:37
niemeyermgz: I'd be more surprised if Hangout decided it likes to mumble11:52
jamniemeyer: I hear mumbling all the time on hangouts :)11:54
niemeyerjam: :)11:55
dimiternmgz: did it work for you with key_name?12:06
rogpeppedimitern: why don't you try making a little standalone program that starts an instance using nova and uses a custom-created cloudinit (you could still use juju-core/cloudinit) ?12:14
rogpeppedimitern: then it'll be easier to check without all the juju baggage12:14
dimiternrogpeppe: i'm using lpsetup to start an instance with nova client and it's all ok12:17
dimiternrogpeppe: the problem is I cannot find any way to connect to the borked cloudinit instance12:17
rogpeppedimitern: in that case, try it with gzipped user data12:17
dimiternrogpeppe: without gzip bootstrap fails with 500 (too long)12:18
rogpeppedimitern: i mean try your standalone thingy with gzipped user data12:18
dimiternrogpeppe: can I somehow strip the ca certs from the cloud init?12:18
rogpeppedimitern: sure, just hack the cloudinit package, it's trivial12:18
dimiternrogpeppe: it's just marshaling into yaml the cfg12:18
rogpeppedimitern: make it so it doesn't use the same certs12:19
dimiternrogpeppe: i'm not even sure which keys are the biggest12:20
rogpeppedimitern: just zero 'em all out12:20
dimiternrogpeppe: which keys?12:21
rogpeppedimitern: something like this should do the job (untested): http://paste.ubuntu.com/1589462/12:22
dimiternrogpeppe: will state work with after this?12:23
rogpeppedimitern: no, but the instance will be started ok12:23
rogpeppedimitern: so you should be able to ssh to it12:23
dimiternrogpeppe: ok, I'll try it12:23
dimiternmgz: http://paste.ubuntu.com/1589468/12:25
mgzso, cuter magic on metadata service folsome(?) or later: http://169.254.169.254/openstack/2012-08-10/meta_data.json12:30
dimiternrogpeppe: when I set these to nil it says error: cannot start bootstrap instance: cannot make user data: invalid machine configuration: missing CA certificate12:31
rogpeppedimitern: did you use the snippet i suggested?12:32
mgzdimitern: so, this is double-base64 encoded12:34
rogpeppedimitern: are you base64 encoding inside environs/openstack ?12:35
mgzrogpeppe: yes.12:35
mgzwell, no12:35
mgzbut... it's happening *somewhere* :)12:35
rogpeppeha12:35
dimiternrogpeppe: only goose encodes to base6412:36
dimiternwait a minute - there are 2 cloudinits - in juju-core/ and in juju-core/environs/ - the provider uses the latter12:39
dimitern...which uses the former actually12:40
dimiternand there's this (line 151 in environs/cloudinit.go): " --env-config "+shquote(base64yaml(cfg.Config))+12:42
mgz...which is fine12:42
mgzdimitern: are you using Ian's RunServer-userData-fix branch?12:49
dimiternmgz: don't think so12:49
mgzbecause this looks like something daft like the go json code being helpful by base64ing byte[] behind the scenes, after it's already been done12:50
dimiternmgz: looks like if I remove the b64 encoding in runserver it works ok12:52
dimiternmgz: could be! yeah - []byte to "64"12:52
mgzright, so the right fix is... remove 4 lines...12:52
dimiternmgz: i did, but still not sure if it's right and we should fix something else instead12:53
mgzjam, dimitern: http://paste.ubuntu.com/1589539/12:55
dimiternyay! ssh now works!12:55
dimiternexactly12:55
dimiternI'm doing that in the CL then12:55
dimiterna separate one for goose12:55
mgzso, Ian's mp which switches the type to string likely works as well12:56
dimiternwhere's that branch?12:56
mgzdimitern: lp:~wallyworld/goose/RunServer-userData-fix12:57
mgzit is documented behaviour of the json go implementation though, so the use []byte and remove those lines versions is probably nicer12:58
dimiternmgz: from go docs: Array and slice values encode as JSON arrays, except that []byte encodes as a base64-encoded string, and a nil slice encodes as the null JSON object.12:58
dimitern:) yeah12:58
dimiternmgz: actually, without these 4 lines ian's branch is not needed12:59
mgzright. but Ian wasn't wrong when he said he'd got it working13:00
dimiternyes13:00
mgzwe then just ignored him, so it broke for us :)13:00
dimitern:) maybe I should NOT LGTM and provide that above reasons?13:00
dimiternif in addition he did the gzip thing, his change would work13:01
mgzwell, I think I'll put up a trivial branch that actually adds a test and removes those lines13:01
dimiterncool, if you can land it before mine it'll be perfect13:02
mgzthen we can reject the one that changes the RunServer interface, and update the enable openstack branch13:02
dimiternyes, I also need that change13:03
dimiternshouldn't mongo be running on the bootstrap node?13:10
dimiternrogpeppe: ^^ ?13:14
rogpeppedimitern: yes, mongo should run on the bootstrap node, but it won't if you didn't have the server cert and key13:15
dimiternI have this in /var/log/juju/machine-0.log: /bin/sh: 1: exec: /var/lib/juju/tools/machine-0/jujud: not found13:16
dimitern(repeated muliple times)13:16
dimiternrogpeppe: no, it's ok now - the userdata with all keys is passed ok and cloud init seems to work13:16
dimiternrogpeppe: I'd sshed into the machine and looking - no mongo though13:16
rogpeppedimitern: could you paste the cloud-init-output.log file from /var/log ?13:17
dimiternrogpeppe: https://pastebin.canonical.com/83392/13:19
rogpeppedimitern: the key is probably the "authorization failed" error13:20
dimiternrogpeppe: it seems the tools tgz is somehow broken?13:20
rogpeppedimitern: the url tools download is failing13:20
dimiternrogpeppe: yeah, looking at that13:20
rogpeppedimitern: when you're on the machine, try downloading that url in the same way13:20
dimiternok13:20
rogpeppedimitern: that is, try curl http://juju-dist.s3.amazonaws.com/tools/mongo-2.2.0-quantal-amd64.tgz or whatever13:21
dimiternrogpeppe: it gets a bunch of binary back13:21
rogpeppedimitern: hmm. try putting it into /tmp and run tar tzf on it13:22
rogpeppedimitern: to see if it actually *does* download ok13:22
dimiternrogpeppe: I got it with wget (41M), untarred in /tmp and it seems ok13:23
dimiternthe problem seems before that - tools is not extracted properly and jujud is missing13:24
rogpeppedimitern: strange. i'd add some echo statements in the cloudinit (including the args passed to wget); and maybe make it put the archive in a temp file before unarchiving it, so you can see what was fetched13:24
rogpeppei've got a call for lunch13:25
rogpeppedimitern: back shortly13:25
dimiternrogpeppe: I got it working - the problem was ACLs on the bucket - the machine was not able to get the tools13:41
rogpeppedimitern: cool13:42
dimiternrogpeppe: but mongo is still not running13:42
rogpeppedimitern: anything useful in the log?13:42
dimitern/var/lib/juju/tools/1.9.8-quantal-amd64/jujud: 1: /var/lib/juju/tools/1.9.8-quantal-amd64/jujud: Syntax error: "(" unexpected13:43
dimiternand trying to run root@machine-0:/var/lib/juju/tools/machine-0# ./jujud gives "-su: ./jujud: cannot execute binary file"13:47
dimiternrogpeppe: ^^13:48
rogpeppedimitern: what does "file /var/lib/juju/tools/machine-0/*" say?13:49
dimiternrogpeppe: the same line (first one) - multiple times13:50
rogpeppedimitern: which line?13:51
dimitern/var/lib/juju/tools/1.9.8-quantal-amd64/jujud: 1: /var/lib/juju/tools/1.9.8-quantal-amd64/jujud: Syntax error: "(" unexpected13:51
dimiternrogpeppe: and I still get "-su: /var/lib/juju/tools/machine-0/jujud: cannot execute binary file" when I try to run jujud in the tools dir13:54
rogpeppedimitern: surely you didn't get the above line when running the file command?13:54
dimiternrogpeppe: what file command? I did sudo su - before to get root13:55
rogpeppedimitern: the command i suggested you run: "file /var/lib/juju/tools/machine-0/*"13:55
dimiternrogpeppe: with sudo bash the error on ./jujud is a bit different: bash: ./jujud: cannot execute binary file13:56
dimiternrogpeppe: aah file13:56
dimiternjujud:              ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), stripped13:56
dimiternrogpeppe: how can I check what arch is running? 32/64?13:57
dimiternrogpeppe: ah, I did ldd `which bash` and it seems this is a 32bit machine, not 64 bit13:58
rogpeppe dimitern: uname -a13:58
rogpeppedimitern: that could possibly have something to do with it :-)13:58
rogpeppedimitern: i'm surprised you don't get a better error message though13:59
dimiternrogpeppe: uname -a does not mention 64 bit13:59
rogpeppedimitern: althugh i suppose it's the usual unix errno limitations13:59
dimiternrogpeppe: could be - so the tools are wrong.. or the image possibly13:59
rogpeppedimitern: the image is wrong13:59
rogpeppedimitern: we don't currently push 32 bit tools13:59
rogpeppedimitern: although... have you tried bootstrap --upload-tools ?14:00
dimiternrogpeppe: yes, nailed it then - I'll set the correct default image id14:00
dimiterndimitern: yes, that's how I do it - my machine is also 64bit14:00
dimiternso I should use "smoser-cloud-images/ubuntu-quantal-12.10-amd64-server-20121218" instead of "smoser-cloud-images/ubuntu-quantal-12.10-i386-server-20121017"14:03
mgzhaiup.14:08
dimiternnow with the correct image - eeeeverything works :) bootstrap, status, mongo, ssh - it's a charm14:09
dimiternstill cannot connect to the state from the private ip though14:10
mgzyou got a charm working too? :)14:11
mgzcharming!14:11
dimiternmgz: not yet :)14:12
mgzcharmation...14:12
dimiternactually, it doesn't work after connecting to state - it seems it's using AMI-like instance ids, rather than openstack ones14:12
mgzright, that's the bug I mentioned earlier14:13
mgzin the provider:14:13
mgzInstanceIdAccessor: "$(curl http://169.254.169.254/1.0/meta-data/instance-id)",14:13
mgzwrong.14:14
mgzcompare with the pyjuju code.14:14
mgzfor folsom, you have a shortcut (sort of, still have icky shell goop to deal with)14:14
mgzusing the other metadata service url I pasted ^up there14:14
mgzshell isn't great for parsing json :)14:15
mgzthough I'm sure smoser would manage it somehow14:15
dimiternmgz: so?14:15
mgzthe id is wrong14:15
dimiternyes I see that :)14:15
mgzwe're doing openstack things, we need the UUID, not the ec2-style14:15
dimiternbut is there a workaround to get the instance right14:15
mgzif you use the url^^ up there and parse the json, yes14:16
mgzor the old hack (which we should put off worrying about till later, now canonistack has been upgraded)14:17
mgzhttp://169.254.169.254/openstack/2012-08-10/meta_data.json14:17
dimiternI'm still confused - how does it get to use that ami-comp. id?14:18
dimiternit's not in the provider14:18
mgz...you want the long explaination?14:19
mgzso, the bootstrap node (or whatever we should be calling it these days) wants to know it's own id14:19
dimiternok..14:20
mgzwhen we create the user-data, which is the main way of doing customisation on a new instance14:20
mgzwe don't know the id yet, because we've not created the instance14:20
dimiternyes14:20
mgzso, instead what gets passed in is a snippet of shell, that when run during machine setup, resolves to the id14:21
mgzthis is icky14:21
dimiternyes, but it seems the only way to go14:21
mgzbut basically works, because you can get the info from the metadata service14:21
dimiternunless we change the metadata right after we have the id again14:21
mgzyou can't14:21
fwereademgz, dimitern: so long as the metadata service is working at that moment, anyway14:21
mgzyou could do something else, not involving the metadata service though14:22
dimiternfwereade: isn't the metadata svc external to the machine?14:22
fwereadedimitern: I have seen it fail14:22
mgzbecause it needed to work on essex, what pyjuju does for openstack14:22
mgzis stick the id of the bootstrap node in a well-known location on swift14:22
mgz(or nova-storage, for openstack_s3)14:22
=== slank_away is now known as slank
mgzthe machine could also, really, ask the api for the id itself14:23
fwereadedimitern: very rarely, and it may be rare enough that we don't care, but it would be nice to be more robust if there's an opportunityt14:23
mgzbut the way this stuff is layed out currently, that's not in the right order14:23
dimiternfwereade: no, the svc is working now14:24
mgzanyway, for folsom or later, you can get the openstack-style server uuid from the metadata service, from a different url that returns json with useful stuff14:24
dimiternmgz: so we should use some other metadata key to get the OS inst Id14:24
mgzright, which is the link I pasted14:24
dimiternmgz: but it'll not work for essex14:24
mgzindeed, but we don't care about that for now.14:25
dimiternmgz: ok then, I'll look into it14:25
mgzand it would be nicer to fix the mess of shell at the same time, later14:25
dimiternmgz: and that should happen in userData() ?14:26
mgzdimitern: this is violently horrible, but bascially all you need:14:28
mgz-               InstanceIdAccessor: "$(curl http://169.254.169.254/1.0/meta-data/instance-id)",14:28
mgz+               InstanceIdAccessor: "$(curl http://169.254.169.254/openstack/2012-08-10/meta_data.json|python -c \"import json,sys;print json.loads(sys.stdin.read())['uuid'])\"",14:28
=== slank is now known as slank_away
mgzfixing the model would be nice, but as a just-get-things-working step...14:29
* niemeyer => lunch14:33
dimiternmgz: it works with the fix!14:39
dimiternmgz, rogpeppe, jam: it's ready https://codereview.appspot.com/722305914:41
TheRealMuedimitern: You've got a review.14:48
dimiternTheRealMue: thanks14:48
mgzdouple14:48
dimiternalso this https://codereview.appspot.com/722906014:48
dimiternmgz: cheers14:49
=== TheRealMue is now known as TheMue
dimiternmgz: care to take a look again at the comments? https://codereview.appspot.com/7223059/15:02
dimiternTheMue: 10x15:05
mgzdimitern: what does %q do when you give it a bunch of binary junk?15:07
dimiternmgz: what %s does, quoted15:07
mgzprint the whole []byte contents in some form?15:07
mgzI'd lose that much at least, even if you keep the log statement for the length15:07
dimiternmgz: in string form, just like %s -> string([]byte) does15:08
mgzwe don't want the cloud-init stuff appearing in the logs in any form, as it contains certs and such like15:08
dimiternmgz: ok, I'll remove the %q there (it's printed with --debug anyway)15:08
dimiternmgz: it won't appear in any logs, just on the console, and anyway - the certs are encoded15:09
mgzmy first step when people have juju issues is ask them to run with as much logging as possible then pastebinit :)15:10
dimiternalso, we seem to need floating ip attached to be able to connect to the state/0 node, even with the sshebang stuff for canonistack, simple connections won't work unless tunneled15:11
mgzright, that's from rog's changes to how shizzle works, which I didn't really follow15:11
dimiternmgz: done that15:12
dimiternmgz: and how about the goose CL ? is it LGTM?15:12
mgz...I said land, but does need to go with the goose change...15:12
mgzand really that does need a test15:13
dimiternmgz: ok :)15:13
mgzwhich I did say I would write, but then got distracted with other things15:13
dimiternmgz: even without the goose change, juju won't break - at least until you try to bootstrap an OS env15:14
mgzand the tests pass?15:14
mgzor there aren't enabled bootstrap tests that care yet?15:15
dimiternmgz: the tests pass15:15
mgzin which case, go ahead and land15:15
dimiternmgz: he problem come after launching the machine15:15
mgz...and then work on a test that would actually have failed :D15:15
dimiternwhich the doubles do not do15:15
dimitern..really15:15
dimiternwhat should that test be? check the output of RunServerOpts serialization?15:16
mgzI mean on the juju-core side15:16
mgzthere are some more live ones we have skipped, that actually depend on a running bootstrap node, right?15:17
dimiternyes, some of them - these which require provisioner and state connection15:17
mgzand yeah, we don't have any testing a the right level for this in goose, which is painful, because pyjuju has a ton15:17
dimiternmgz: so should I land the goose CL then?15:18
mgzI'd suggest working on whatever remaining things are borked with them then, if nessersary put up a mp that auto-assigns a floating ip for the bootstrap node if that's a dependency15:18
dimiternmgz: that will be needed yes - the floating ip for node -15:19
mgzdimitern: I guess, and reject Ian's one that does the same thing15:19
dimiterns/node/machine-0/15:19
mgzI hate the fact our testing has worse coverage and isn't as robust as the (notably flakey) python juju testing, but we'll get there... I hope...15:19
dimiternI think he should reject it - I'm not sure I can15:19
dimitern:) yeah, we'll get there.. in 2 months at most :)15:20
mgzyou can antilgtm and note we've landed an alternative in the comment at least15:20
dimiternmgz: I did that15:21
dimiternrogpeppe: can you reject and delete this branch pls - I remember it was just a test.. lp:~rogpeppe/goose/client-using-identity15:23
TheMueso, have to step out for dinner. will be back later.16:38
rogpeppefwereade: i've updated the rpc CL taking account of your comments about Machine: https://codereview.appspot.com/687805218:29
rogpeppetime to stop for the day18:30
fwereaderogpeppe, sweet, tyvm, I will try to look at those when laura is settled... this is not imminent I'm afraid18:30
rogpeppefwereade: :-)18:30
fwereaderogpeppe, enjoy your evening :)18:30
rogpeppefwereade: and you.18:30
rogpeppeg'night all18:31
niemeyerrogpeppe: Night!18:35
niemeyerand I think I'm done with multipart uploads18:35

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!